Live migraion is failing in tls-everywhere scenario for existing instances with UseTLSTransportForNbd: True
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Martin Schuppert |
Bug Description
live migration in tls-everywhere scenario fails with:
2020-09-17 15:44:09.067 8 ERROR nova.virt.
2020-09-17 15:44:09.338 8 ERROR nova.virt.
The issue is that the certificates for the tls nbd block migration get created during the update.
They did not exist in the libvirtd container when the existing instances were created. During
libvirt container create the certificates get merged into the container directory tree using the
kolla_config mechanism. They are not a direct bind mount from the host. Therefor the qemu
processes of the existing instances don't have that information and the nbd setup process
fails with the seen error, which we can also confirm when strace a qemu process of an instance
created before the update during a live migrate:
116406 stat("/
116406 sendmsg(25, {msg_name=NULL, msg_namelen=0, msg_iov=
The immediate solution is to run an overcloud deploy and specify not to use TLS transport for
nbd, which configures the same configuration as before the minor update:
parameter_defaults:
UseTLSTrans
For a transition to use UseTLSTransport
following transition path:
1) create the required nbd certificates also with "UseTLSTranspor
mounts for the cert directories instead of merging them into the directory tree on container
create. This would also have the benefit that there is no action required when the nbd certs
change.
2) all instances need to be migrated once that qemu process runs with an environment which has
all the certificate information
3) enable "UseTLSTranspor
After that all instances have the required information to do live migration with
"UseTLSTranspor
Changed in tripleo: | |
assignee: | nobody → Martin Schuppert (mschuppert) |
status: | New → In Progress |
Changed in tripleo: | |
milestone: | wallaby-rc1 → xena-1 |
Changed in tripleo: | |
milestone: | xena-1 → xena-2 |
Changed in tripleo: | |
milestone: | xena-2 → xena-3 |
Changed in tripleo: | |
status: | In Progress → Fix Released |
Related fix proposed to branch: master /review. opendev. org/759232
Review: https:/