Bug 1122457
Summary: | Live Migration failure: operation failed: Failed to connect to remote libvirt URI | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Gabriel Szasz <gszasz> |
Component: | openstack-nova | Assignee: | Russell Bryant <rbryant> |
Status: | CLOSED ERRATA | QA Contact: | Gabriel Szasz <gszasz> |
Severity: | high | Docs Contact: | |
Priority: | urgent | ||
Version: | 5.0 (RHEL 6) | CC: | gdubreui, gszasz, ichavero, mlopes, ndipanov, rhallise, sclewis, sgordon, yeylon |
Target Milestone: | rc | ||
Target Release: | 5.0 (RHEL 6) | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | openstack-packstack-2014.1.1-0.37.dev1238.el7ost | Doc Type: | Bug Fix |
Doc Text: |
Previously, the Packstack installer default for live migration was through QEMU's SSH protocol. However, as the Compute (nova) user account was setup with a nologin shell, the SSH connection would fail and result in the libvirt error "operation failed: Failed to connect to remote libvirt URI".
Consequently, instances were not successfully live migrated.
With this update, instances are instead live migrated using QEMU's TCP protocol, and as a result, live migration is expected to complete successfully.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2014-09-02 18:22:11 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Attachments: |
Description
Gabriel Szasz
2014-07-23 10:07:41 UTC
Created attachment 920186 [details]
/var/log/nova/compute.log on the source node
Created attachment 920187 [details]
/var/log/nova/compute.log on the target node
Created attachment 920189 [details]
/var/log/audit/audit.log on source compute node
Created attachment 920190 [details]
/var/log/audit/audit.log on target compute node
Workaround: ----------- 1. Run following command on both compute nodes: # setenforce 0 2. Change login shell for 'nova' user to '/bin/bash': # cp /etc/passwd /etc/passwd~ # sed 's/\(^nova.*\)\/sbin\/nologin/\1\/bin\/bash/' /etc/passwd~ > /etc/passwd Tested several times - it really seems that qemu+ssh connection does not work when 'nova' user login shell is being set to /sbin/nologin. This issue is a regression for the latest puddle. This issue seems similar to https://bugzilla.redhat.com/show_bug.cgi?id=1117524. Could you try openstack-packstack-2014.1.1-0.36.dev1220.el7ost and see if you run into this again? I see some AVCs in the logs. I'll add to newest builds. allow sshd_t nova_var_lib_t:dir { search getattr }; allow sshd_t nova_var_lib_t:file read_file_perms; openstack-selinux-0.1.5-1.el6ost.src.rpm Should take care of your AVCs Can you please retest? Please see BZ#1117524 for issue update. Backport is now available for Icehouse. Tested on RHEL6, Packstack Icehouse branch with related patches merged: Migrated instances without shared storage and using qemu+tcp Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1126.html |