Bug 1464504
| Summary: | Live migration is not configured completely during an OSP9 update | |||
|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Ollie Walsh <owalsh> | |
| Component: | python-tripleoclient | Assignee: | Ollie Walsh <owalsh> | |
| Status: | CLOSED ERRATA | QA Contact: | Marius Cornea <mcornea> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 9.0 (Mitaka) | CC: | augol, beth.white, bschmaus, ccollett, hbrock, jjoyce, jslagle, lbezdick, mandreou, mbultel, mburns, mschuppe, owalsh, rhel-osp-director-maint | |
| Target Milestone: | zstream | Keywords: | Triaged, ZStream | |
| Target Release: | 9.0 (Mitaka) | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | python-tripleoclient-2.0.0-15.el7ost | Doc Type: | Bug Fix | |
| Doc Text: |
Previously, when updating from OSP9 GA to the latest packages that contain the fixes for CVE-2017-2637, an ssh key pair was not added to the generated passwords. As a result, live-migration was disabled.
With this update, the required ssh key-pair is now automatically generated during a minor update to packages containing the fix for CVE-2017-2637.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 1539769 1539770 (view as bug list) | Environment: | ||
| Last Closed: | 2018-03-15 12:46:39 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1466878, 1466879, 1501470, 1501471, 1501472, 1501473 | |||
| Bug Blocks: | 1539769, 1539770 | |||
|
Description
Ollie Walsh
2017-06-23 15:19:55 UTC
It's just necessary to run openstack overcloud deploy .... after an update. This will add the ssh key to the generated passwords and update the config. I don't like the idea of having to run the deploy. On OSP10 it's ok because --update-plan-only. (In reply to Lukas Bezdicka from comment #2) > I don't like the idea of having to run the deploy. On OSP10 it's ok because > --update-plan-only. It's just a workaround, the fix is to generate update the passwords file when updating. Any update as to when we will see an errata release? After minor update from GA to latest I was able to successfully live migrate an instance:
[stack@undercloud-0 ~]$ nova list
+--------------------------------------+---------------------+--------+------------+-------------+---------------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+---------------------+--------+------------+-------------+---------------------------------------+
| 120a5be0-f314-4455-87bf-cf5fe7637957 | instance_cd08d69bc7 | ACTIVE | - | Running | internal_net=192.168.0.13, 10.0.0.211 |
+--------------------------------------+---------------------+--------+------------+-------------+---------------------------------------+
[stack@undercloud-0 ~]$ openstack server list
+--------------------------------------+---------------------+--------+---------------------------------------+
| ID | Name | Status | Networks |
+--------------------------------------+---------------------+--------+---------------------------------------+
| 120a5be0-f314-4455-87bf-cf5fe7637957 | instance_cd08d69bc7 | ACTIVE | internal_net=192.168.0.13, 10.0.0.211 |
+--------------------------------------+---------------------+--------+---------------------------------------+
[stack@undercloud-0 ~]$ openstack server show instance_cd08d69bc7
+--------------------------------------+----------------------------------------------------------+
| Field | Value |
+--------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-SRV-ATTR:host | compute-1.localdomain |
| OS-EXT-SRV-ATTR:hypervisor_hostname | compute-1.localdomain |
| OS-EXT-SRV-ATTR:instance_name | instance-00000002 |
| OS-EXT-STS:power_state | 1 |
| OS-EXT-STS:task_state | None |
| OS-EXT-STS:vm_state | active |
| OS-SRV-USG:launched_at | 2018-03-05T21:47:06.000000 |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | internal_net=192.168.0.13, 10.0.0.211 |
| config_drive | |
| created | 2018-03-05T21:46:54Z |
| flavor | v1-1G-5G (b6860967-a16b-43f0-8d2e-da65446ce746) |
| hostId | ec03236f986daa355ba92006b34bbabce6b8ccc052b1c6f1738dbb1d |
| id | 120a5be0-f314-4455-87bf-cf5fe7637957 |
| image | upgrade_workload (bf17d818-9782-4c1e-937d-857afe1fcf73) |
| key_name | userkey |
| name | instance_cd08d69bc7 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | e5f39940704541d5b92615ef898191d9 |
| properties | |
| security_groups | [{u'name': u'allow-icmp-ssh'}] |
| status | ACTIVE |
| updated | 2018-03-05T21:47:06Z |
| user_id | f04d2ca0282648ab9419658b907c8957 |
+--------------------------------------+----------------------------------------------------------+
[stack@undercloud-0 ~]$ nova live-migration instance_cd08d69bc7 compute-0.localdomain
[stack@undercloud-0 ~]$ openstack server show instance_cd08d69bc7
+--------------------------------------+----------------------------------------------------------+
| Field | Value |
+--------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-SRV-ATTR:host | compute-0.localdomain |
| OS-EXT-SRV-ATTR:hypervisor_hostname | compute-0.localdomain |
| OS-EXT-SRV-ATTR:instance_name | instance-00000002 |
| OS-EXT-STS:power_state | 1 |
| OS-EXT-STS:task_state | None |
| OS-EXT-STS:vm_state | active |
| OS-SRV-USG:launched_at | 2018-03-05T21:47:06.000000 |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | internal_net=192.168.0.13, 10.0.0.211 |
| config_drive | |
| created | 2018-03-05T21:46:54Z |
| flavor | v1-1G-5G (b6860967-a16b-43f0-8d2e-da65446ce746) |
| hostId | e61a7edd4315ccfdc6c29eaf3466e85c850704dfa3be48ce77d95bcb |
| id | 120a5be0-f314-4455-87bf-cf5fe7637957 |
| image | upgrade_workload (bf17d818-9782-4c1e-937d-857afe1fcf73) |
| key_name | userkey |
| name | instance_cd08d69bc7 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | e5f39940704541d5b92615ef898191d9 |
| properties | |
| security_groups | [{u'name': u'allow-icmp-ssh'}] |
| status | ACTIVE |
| updated | 2018-03-06T02:51:05Z |
| user_id | f04d2ca0282648ab9419658b907c8957 |
+--------------------------------------+----------------------------------------------------------+
[root@compute-0 nova]# grep live_migration /etc/nova/nova.conf | grep -v ^#
live_migration_uri=qemu+ssh://nova_migration@%s/system?keyfile=/etc/nova/migration/identity
live_migration_tunnelled=True
[root@compute-1 ~]# grep live_migration /etc/nova/nova.conf | grep -v ^#
live_migration_uri=qemu+ssh://nova_migration@%s/system?keyfile=/etc/nova/migration/identity
live_migration_tunnelled=True
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0541 |