Bug 1221776

Summary:	nova migrate fails with ssh command failure
Product:	Red Hat OpenStack	Reporter:	Sean Toner <stoner>
Component:	rhosp-director	Assignee:	Sven Anderson <svanders>
Status:	CLOSED DUPLICATE	QA Contact:	Shai Revivo <srevivo>
Severity:	high	Docs Contact:
Priority:	urgent
Version:	7.0 (Kilo)	CC:	berrange, dasmith, eglynn, emacchi, hbrock, jcoufal, jdonohue, jprovazn, jschluet, jslagle, kchamart, mbooth, mburns, mkrcmari, myllynen, pablo.iranzo, racedoro, rhel-osp-director-maint, sbauza, sclewis, sferdjao, sgordon, srevivo, vromanso
Target Milestone:	ga	Keywords:	Triaged
Target Release:	10.0 (Newton)
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:
Clones:	1240356 (view as bug list)		Environment:
Last Closed:	2016-11-14 20:47:32 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	1156010, 1198809, 1241501, 1243520, 1258302

Description Sean Toner 2015-05-14 19:36:13 UTC

Description of problem:
=======================

While attempting to do a nova migrate command, nova hit this error:

==> /var/log/nova/nova-compute.log <==
2015-05-14 15:04:00.908 31772 INFO nova.compute.manager [req-bb21bdc3-5d12-4c39-a2dd-b4a546b2b0cb 3875ca0280ec42e8aae09532749cfa7c d959e9d532c341179a8f037af0aef7aa - - -] [instance: ef5f72e4-2617-43c6-8243-60bd4999c55e] Setting instance back to ACTIVE after: Instance rollback performed due to: Resize error: not able to execute ssh command: Unexpected error while running command.
Command: ssh 10.8.29.230 mkdir -p /var/lib/nova/instances/ef5f72e4-2617-43c6-8243-60bd4999c55e
Exit code: 255
Stdout: u''
Stderr: u'Host key verification failed.\r\n'
2015-05-14 15:04:01.018 31772 INFO nova.scheduler.client.report [req-bb21bdc3-5d12-4c39-a2dd-b4a546b2b0cb 3875ca0280ec42e8aae09532749cfa7c d959e9d532c341179a8f037af0aef7aa - - -] Compute_service record updated for ('rhel71-7-1.lab.eng.rdu2.redhat.com', 'rhel71-7-1.lab.eng.rdu2.redhat.com')
2015-05-14 15:04:01.194 31772 INFO nova.scheduler.client.report [req-bb21bdc3-5d12-4c39-a2dd-b4a546b2b0cb 3875ca0280ec42e8aae09532749cfa7c d959e9d532c341179a8f037af0aef7aa - - -] Compute_service record updated for ('rhel71-7-1.lab.eng.rdu2.redhat.com', 'rhel71-7-1.lab.eng.rdu2.redhat.com')
2015-05-14 15:04:01.195 31772 ERROR oslo_messaging.rpc.dispatcher [req-bb21bdc3-5d12-4c39-a2dd-b4a546b2b0cb 3875ca0280ec42e8aae09532749cfa7c d959e9d532c341179a8f037af0aef7aa - - -] Exception during message handling: Resize error: not able to execute ssh command: Unexpected error while running command.
Command: ssh 10.8.29.230 mkdir -p /var/lib/nova/instances/ef5f72e4-2617-43c6-8243-60bd4999c55e
Exit code: 255
Stdout: u''
Stderr: u'Host key verification failed.\r\n'
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher Traceback (most recent call last):
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/oslo_messaging/rpc/dispatcher.py", line 142, in _dispatch_and_reply
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     executor_callback))
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/oslo_messaging/rpc/dispatcher.py", line 186, in _dispatch
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     executor_callback)
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/oslo_messaging/rpc/dispatcher.py", line 130, in _do_dispatch
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     result = func(ctxt, **new_args)
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 6748, in resize_instance
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     clean_shutdown=clean_shutdown)
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/exception.py", line 88, in wrapped
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     payload)
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/oslo_utils/excutils.py", line 85, in __exit__
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     six.reraise(self.type_, self.value, self.tb)
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/exception.py", line 71, in wrapped
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     return f(self, context, *args, **kw)
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 327, in decorated_function
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     LOG.warning(msg, e, instance_uuid=instance_uuid)
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/oslo_utils/excutils.py", line 85, in __exit__
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     six.reraise(self.type_, self.value, self.tb)
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 298, in decorated_function
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     return function(self, context, *args, **kwargs)
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 377, in decorated_function
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     return function(self, context, *args, **kwargs)
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 286, in decorated_function
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     migration.instance_uuid, exc_info=True)
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/oslo_utils/excutils.py", line 85, in __exit__
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     six.reraise(self.type_, self.value, self.tb)
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 269, in decorated_function
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     return function(self, context, *args, **kwargs)
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 355, in decorated_function
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     kwargs['instance'], e, sys.exc_info())
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/oslo_utils/excutils.py", line 85, in __exit__
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     six.reraise(self.type_, self.value, self.tb)
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 343, in decorated_function
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     return function(self, context, *args, **kwargs)
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 4012, in resize_instance
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     self.instance_events.clear_events_for_instance(instance)
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     self.gen.throw(type, value, traceback)
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 6382, in _error_out_instance_on_exception
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher     raise error.inner_exception
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher ResizeError: Resize error: not able to execute ssh command: Unexpected error while running command.
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher Command: ssh 10.8.29.230 mkdir -p /var/lib/nova/instances/ef5f72e4-2617-43c6-8243-60bd4999c55e
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher Exit code: 255
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher Stdout: u''
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher Stderr: u'Host key verification failed.\r\n'
2015-05-14 15:04:01.195 31772 TRACE oslo_messaging.rpc.dispatcher 



Version-Release number of selected component (if applicable):
=============================================================

[root@rhel71-7-1 ~(keystone_admin)]# rpm -qa | grep nova
openstack-nova-conductor-2015.1.0-3.el7ost.noarch
openstack-nova-common-2015.1.0-3.el7ost.noarch
openstack-nova-cert-2015.1.0-3.el7ost.noarch
python-novaclient-2.23.0-1.el7ost.noarch
openstack-nova-compute-2015.1.0-3.el7ost.noarch
openstack-nova-novncproxy-2015.1.0-3.el7ost.noarch
openstack-nova-api-2015.1.0-3.el7ost.noarch
openstack-nova-console-2015.1.0-3.el7ost.noarch
openstack-nova-scheduler-2015.1.0-3.el7ost.noarch
python-nova-2015.1.0-3.el7ost.noarch


How reproducible:
=================

Always


Steps to Reproduce:
1. nova boot --flavor 1 --image cirros simple
2. nova migrate instance-id


Actual results:
===============

The ssh error indicated above


Expected results:
=================



Additional info:
================

I tried running the failing command as the nova user

[root@rhel71-7-1 ~(keystone_admin)]# runuser -u nova ssh 10.8.29.230 mkdir -p /var/lib/nova/instances/ef5f72e4-2617-43c6-8243-60bd4999c55e
The authenticity of host '10.8.29.230 (10.8.29.230)' can't be established.
ECDSA key fingerprint is 21:d1:b4:50:dc:56:b0:0a:25:bb:3e:44:d9:f4:bc:e8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.8.29.230' (ECDSA) to the list of known hosts.
This account is currently not available.
and listed above as the nova user:


However, running this command as root is successful.

Comment 3 Matthew Booth 2015-06-23 13:56:50 UTC

Looks to me like the target host key isn't in /etc/ssh/ssh_known_hosts.

Unfortunately there are a couple of actions which require compute hosts to be able to ssh directly between each other, and this is one of them. This requires host keys to be propagated to ssh_known_hosts on all nova computes which might have to communicate, so safest to do all of them. It also requires ssh keys to have been configured correctly in /var/lib/nova/.ssh on all hosts.

Packstack will do this at installation time for all hosts it installs. However, it obviously can't do it for hosts installed subsequently. My guess is that this host has been installed later, and its keys haven't been propagated. You'll need to do it outside the control of packstack.

Comment 5 Jon Schlueter 2015-06-24 17:04:06 UTC

from comment 3 above it almost sounds if this bug is a design flaw and not a bug per say.  But it does bring up a good point as to the expectation of what should "nova migrate <instance id>" be capable of doing and maybe better error handling when it can't do it due to permissions, so that it's obvious what to do to make it work for the operator.

Comment 6 Lon Hohberger 2015-06-26 13:36:07 UTC

I agree that the error message is poor, but I don't necessarily think it's a design issue (that level of error handling is typical).

When you do a libvirt migration using ssh, each host must be able to talk to the other without keys or passwords needing to be exchanged.  Each compute host would need a key generated, then the public keys copied to every other compute host.

Nova can't really orchestrate this sort of thing - maybe the director or packstack can.

Deploying N compute nodes is part of the director workflow.

Adding a new compute node to the openstack deployment is certainly something the director would handle (and would need more key distribution once complete!), so I'm moving this to the director.

Comment 7 Jan Provaznik 2015-06-26 17:43:12 UTC

Proper SSH user configuration is not automated for now in RDO director, the process of setting up SSH on compute nodes will be part of documentation, doc patch is here:
https://review.gerrithub.io/#/c/236817/

Comment 8 Mike Burns 2015-07-07 00:52:27 UTC

Per PM, moving this to A1.  Cloned bug 1240356 created on Docs team to make sure this is documented.

Comment 11 Mike Burns 2015-08-28 16:43:05 UTC

*** Bug 1156000 has been marked as a duplicate of this bug. ***

Comment 12 Emilien Macchi 2015-08-31 11:24:27 UTC

There is two steps to allow SSH compute migration:

* Generate a dedicated keypair for Nova Compute service, probably not with Puppet but in TripleO tools (during bootstrap).
* Configure Puppet (puppet-nova: ::nova SSH parameters) with the content of the keys, on compute manifests.

puppet-nova will prepare /var/lib/nova/.ssh directories with the keys and configure libvirt migration automatically. After that, you will be able to migrate instances.

Comment 15 Hugh Brock 2016-02-03 17:32:21 UTC

Emilien, agree, we should fix this. Can you reassign appropriately? Thanks.

Comment 17 Stephen Gordon 2016-11-14 20:47:32 UTC


*** This bug has been marked as a duplicate of bug 1267598 ***

Comment 18 awaugama 2017-09-07 19:05:55 UTC

Dup -- QE will decide about automating the original