puppet-nova

is it still true that vncserver_listen must be set to 0.0.0.0 for live migration to work?

Bug #1660099 reported by Daniel RJ Rooke on 2017-01-29

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	puppet-nova	Fix Released	High	Emilien Macchi
	tripleo	Fix Released	High	Juan Antonio Osorio Robles	tripleo ocata-rc1 "ocata-rc1"

Bug Description

On a redhat osp9 (liberty) openstack deployment, we have routable mgmt ips in the compute nodes. Setting vncserver_listen allows unproxied access to vnc consoles. We would like to set to the internal api network, but found this code in puppet-nova/spec/classes/nova_compute_libvirt_spec.rb

raise_error(Puppet::Error, /For migration support to work, you MUST set vncserver_listen to '0.0.0.0' or '::0'/) }

Is this true anymore? I was able to set vncserver_listen to the internalapi ip on two compute hosts and could still live migrate between the two. The vnc listen address was updated during the migration process to the ip for the destination compute host.

Could this be an outdated assumption?

Tags:

Emilien Macchi (emilienm) on 2017-01-30

Changed in puppet-nova:
status:	New → Triaged
importance:	Undecided → High
assignee:	nobody → Emilien Macchi (emilienm)
assignee:	Emilien Macchi (emilienm) → nobody

Revision history for this message

Daniel Berrange (berrange) wrote on 2017-01-30:

> raise_error(Puppet::Error, /For migration support to work, you MUST set vncserver_listen to '0.0.0.0' or '::0'/) }

This message is very outdated. The restriction was fixed in nova years ago with

commit ea7da5152cdca7ba674e2137c3899909995e2287
Author: Solly Ross <email address hidden>
Date: Tue Feb 4 14:27:51 2014 -0500

Change listen address on libvirt live-migration

    Previously, in order for libvirt live migration to work,
    the graphics listen addresses (VNC and/or Spice) had to be
    set on both machines to be 0.0.0.0 or ::. This was because libvirt
    would try to rebind to the source address on the destination
    machine, but would fail due to the source machine already having
    that address (this would not happen for 0.0.0.0 or ::, however).

    Now, a modified copy of the instance's XML is passed to libvirt's
    migrate function, such that the listen addresses are that of the
    destination machine. The addresses are stashed in the pre-migration
    data by the destination pre-migration method.

    Note that this functionality will only work on versions of libvirt
    with the VIR_DOMAIN_XML_MIGRATABLE flag. If the flag is not detected
    (anything vanilla libvirt less than 1.0.0), the live migration code
    will fall back to the old method.

Fixes: bug #1279563

Change-Id: I6c9500283027193179c11d18ad4242e165a9ad6e

OpenStack Infra (hudson-openstack) on 2017-01-30

Changed in puppet-nova:
assignee:	nobody → Emilien Macchi (emilienm)
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-30: Fix proposed to puppet-nova (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/426898

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-30: Fix proposed to puppet-nova (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/426899

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-30: Fix merged to puppet-nova (master)

Reviewed: https://review.openstack.org/426812
Committed: https://git.openstack.org/cgit/openstack/puppet-nova/commit/?id=14129857431f78d5c25dbd71b5682c9cd789ae1a
Submitter: Jenkins
Branch: master

commit 14129857431f78d5c25dbd71b5682c9cd789ae1a
Author: Emilien Macchi <email address hidden>
Date: Mon Jan 30 10:33:21 2017 -0500

libvirt: allow any binding for vncserver_listen

This change in Nova:
https://review.openstack.org/#/c/73428/

... means that we no longer need to restrict vncserver_listen parameter
to be configured on a certain binding.

Remove this restriction so deployments can set the compute IP instead of
0.0.0.0.

Closes-Bug: #1660099
Change-Id: I3fa050f94f9c95221bb71e16c70ad9128f8684dc

Changed in puppet-nova:
status:	In Progress → Fix Released

Revision history for this message

Daniel RJ Rooke (rjrooke) wrote on 2017-01-30:

There's a related section in different project: puppet-tripleo/.../libvirt.pp

# TODO(emilien): Some work needs to be done in puppet-nova to separate nova-compute config
    # when running libvirt and libvirt itself, so we allow micro-services deployments.
    if str2bool(hiera('nova::use_ipv6', false)) {
      $vncserver_listen = '::0'
    } else {
      $vncserver_listen = '0.0.0.0'
}

should I open an additional bug on that project?

thx

Revision history for this message

Emilien Macchi (emilienm) wrote on 2017-01-30:

Yes please open a bug to tripleo project.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-31: Fix merged to puppet-nova (stable/newton)

Reviewed: https://review.openstack.org/426898
Committed: https://git.openstack.org/cgit/openstack/puppet-nova/commit/?id=3d31b1a1049b3639ce4b828414df0debae3bf9a8
Submitter: Jenkins
Branch: stable/newton

commit 3d31b1a1049b3639ce4b828414df0debae3bf9a8
Author: Emilien Macchi <email address hidden>
Date: Mon Jan 30 10:33:21 2017 -0500

libvirt: allow any binding for vncserver_listen

This change in Nova:
https://review.openstack.org/#/c/73428/

... means that we no longer need to restrict vncserver_listen parameter
to be configured on a certain binding.

Remove this restriction so deployments can set the compute IP instead of
0.0.0.0.

    Closes-Bug: #1660099
    Change-Id: I3fa050f94f9c95221bb71e16c70ad9128f8684dc
    (cherry picked from commit 14129857431f78d5c25dbd71b5682c9cd789ae1a)

tags:

added: in-stable-newton

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-31: Fix merged to puppet-nova (stable/mitaka)

Reviewed: https://review.openstack.org/426899
Committed: https://git.openstack.org/cgit/openstack/puppet-nova/commit/?id=52c14a97b73a9f7c4a6d1475f12dbbcc77581d8a
Submitter: Jenkins
Branch: stable/mitaka

commit 52c14a97b73a9f7c4a6d1475f12dbbcc77581d8a
Author: Emilien Macchi <email address hidden>
Date: Mon Jan 30 10:33:21 2017 -0500

libvirt: allow any binding for vncserver_listen

This change in Nova:
https://review.openstack.org/#/c/73428/

... means that we no longer need to restrict vncserver_listen parameter
to be configured on a certain binding.

Remove this restriction so deployments can set the compute IP instead of
0.0.0.0.

    Closes-Bug: #1660099
    Change-Id: I3fa050f94f9c95221bb71e16c70ad9128f8684dc
    (cherry picked from commit 14129857431f78d5c25dbd71b5682c9cd789ae1a)

tags:

added: in-stable-mitaka

Emilien Macchi (emilienm) on 2017-01-31

Changed in tripleo:
importance:	Undecided → High
status:	New → Triaged
assignee:	nobody → Emilien Macchi (emilienm)
milestone:	none → ocata-rc1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-31: Fix proposed to puppet-tripleo (master)

Fix proposed to branch: master
Review: https://review.openstack.org/427339

Changed in tripleo:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-01: Related fix proposed to tripleo-heat-templates (master)

#10

Related fix proposed to branch: master
Review: https://review.openstack.org/427908

OpenStack Infra (hudson-openstack) on 2017-02-01

Changed in tripleo:
assignee:	Emilien Macchi (emilienm) → Juan Antonio Osorio Robles (juan-osorio-robles)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-03: Related fix merged to tripleo-heat-templates (master)

#11

Reviewed: https://review.openstack.org/427908
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=064f7d6b444d909636c2fc0f97fa4215d96381f2
Submitter: Jenkins
Branch: master

commit 064f7d6b444d909636c2fc0f97fa4215d96381f2
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Wed Feb 1 22:35:42 2017 +0200

Configure VNC Server listen address through t-h-t

This adds an entry for libvirt (which is used by the VNC server) on
which we can tell it via t-h-t on which IP address to listen on.

Change-Id: Ie377c09734e9f6170daa519aed69c53fc67c366b
Related-Bug: #1660099

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-06: Fix merged to puppet-tripleo (master)

#12

Reviewed: https://review.openstack.org/427339
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=6556123395c14f21de31e844426e541c141ffaaa
Submitter: Jenkins
Branch: master

commit 6556123395c14f21de31e844426e541c141ffaaa
Author: Emilien Macchi <email address hidden>
Date: Tue Jan 31 13:20:51 2017 -0500

nova/libvirt: switch vnc server binding

On compute nodes, instead of binding vnc server on 0.0.0.0, use the IP
address provided by libvirt's t-h-t profile (hiera).

    Co-Authored-By: Juan Antonio Osorio Robles <email address hidden>
    Depends-On: Ie377c09734e9f6170daa519aed69c53fc67c366b
    Change-Id: If6b116b238a52144aad5e76c9edc7df6aa15313c
    Closes-Bug: #1660099

Changed in tripleo:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-08: Fix included in openstack/puppet-nova 10.3.0

#13

This issue was fixed in the openstack/puppet-nova 10.3.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-16: Fix included in openstack/puppet-tripleo 6.2.0

#14

This issue was fixed in the openstack/puppet-tripleo 6.2.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-06: Fix proposed to puppet-tripleo (stable/newton)

#15

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/442092

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-06: Related fix proposed to tripleo-heat-templates (stable/newton)

#16

Related fix proposed to branch: stable/newton
Review: https://review.openstack.org/442093

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-07: Related fix merged to tripleo-heat-templates (stable/newton)

#17

Reviewed: https://review.openstack.org/442093
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=b020a128426d47a72dec3a88c54093f43752f571
Submitter: Jenkins
Branch: stable/newton

commit b020a128426d47a72dec3a88c54093f43752f571
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Wed Feb 1 22:35:42 2017 +0200

Configure VNC Server listen address through t-h-t

This adds an entry for libvirt (which is used by the VNC server) on
which we can tell it via t-h-t on which IP address to listen on.

    (cherry picked from commit 064f7d6b444d909636c2fc0f97fa4215d96381f2)
    Change-Id: Ie377c09734e9f6170daa519aed69c53fc67c366b
    Related-Bug: #1660099

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-07: Fix merged to puppet-tripleo (stable/newton)

#18

Reviewed: https://review.openstack.org/442092
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=1639496b0c002b1cf513351f9f1955b6d26d98ea
Submitter: Jenkins
Branch: stable/newton

commit 1639496b0c002b1cf513351f9f1955b6d26d98ea
Author: Emilien Macchi <email address hidden>
Date: Tue Jan 31 13:20:51 2017 -0500

nova/libvirt: switch vnc server binding

On compute nodes, instead of binding vnc server on 0.0.0.0, use the IP
address provided by libvirt's t-h-t profile (hiera).

    Co-Authored-By: Juan Antonio Osorio Robles <email address hidden>
    Depends-On: Ie377c09734e9f6170daa519aed69c53fc67c366b
    Closes-Bug: #1660099
    (cherry picked from commit 6556123395c14f21de31e844426e541c141ffaaa)
    Change-Id: If6b116b238a52144aad5e76c9edc7df6aa15313c