Bug 1464504
Summary: | Live migration is not configured completely during an OSP9 update | |||
---|---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Ollie Walsh <owalsh> | |
Component: | python-tripleoclient | Assignee: | Ollie Walsh <owalsh> | |
Status: | CLOSED ERRATA | QA Contact: | Marius Cornea <mcornea> | |
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | 9.0 (Mitaka) | CC: | augol, beth.white, bschmaus, ccollett, hbrock, jjoyce, jslagle, lbezdick, mandreou, mbultel, mburns, mschuppe, owalsh, rhel-osp-director-maint | |
Target Milestone: | zstream | Keywords: | Triaged, ZStream | |
Target Release: | 9.0 (Mitaka) | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | python-tripleoclient-2.0.0-15.el7ost | Doc Type: | Bug Fix | |
Doc Text: |
Previously, when updating from OSP9 GA to the latest packages that contain the fixes for CVE-2017-2637, an ssh key pair was not added to the generated passwords. As a result, live-migration was disabled.
With this update, the required ssh key-pair is now automatically generated during a minor update to packages containing the fix for CVE-2017-2637.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1539769 1539770 (view as bug list) | Environment: | ||
Last Closed: | 2018-03-15 12:46:39 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1466878, 1466879, 1501470, 1501471, 1501472, 1501473 | |||
Bug Blocks: | 1539769, 1539770 |
Description
Ollie Walsh
2017-06-23 15:19:55 UTC
It's just necessary to run openstack overcloud deploy .... after an update. This will add the ssh key to the generated passwords and update the config. I don't like the idea of having to run the deploy. On OSP10 it's ok because --update-plan-only. (In reply to Lukas Bezdicka from comment #2) > I don't like the idea of having to run the deploy. On OSP10 it's ok because > --update-plan-only. It's just a workaround, the fix is to generate update the passwords file when updating. Any update as to when we will see an errata release? After minor update from GA to latest I was able to successfully live migrate an instance: [stack@undercloud-0 ~]$ nova list +--------------------------------------+---------------------+--------+------------+-------------+---------------------------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+---------------------+--------+------------+-------------+---------------------------------------+ | 120a5be0-f314-4455-87bf-cf5fe7637957 | instance_cd08d69bc7 | ACTIVE | - | Running | internal_net=192.168.0.13, 10.0.0.211 | +--------------------------------------+---------------------+--------+------------+-------------+---------------------------------------+ [stack@undercloud-0 ~]$ openstack server list +--------------------------------------+---------------------+--------+---------------------------------------+ | ID | Name | Status | Networks | +--------------------------------------+---------------------+--------+---------------------------------------+ | 120a5be0-f314-4455-87bf-cf5fe7637957 | instance_cd08d69bc7 | ACTIVE | internal_net=192.168.0.13, 10.0.0.211 | +--------------------------------------+---------------------+--------+---------------------------------------+ [stack@undercloud-0 ~]$ openstack server show instance_cd08d69bc7 +--------------------------------------+----------------------------------------------------------+ | Field | Value | +--------------------------------------+----------------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-SRV-ATTR:host | compute-1.localdomain | | OS-EXT-SRV-ATTR:hypervisor_hostname | compute-1.localdomain | | OS-EXT-SRV-ATTR:instance_name | instance-00000002 | | OS-EXT-STS:power_state | 1 | | OS-EXT-STS:task_state | None | | OS-EXT-STS:vm_state | active | | OS-SRV-USG:launched_at | 2018-03-05T21:47:06.000000 | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | internal_net=192.168.0.13, 10.0.0.211 | | config_drive | | | created | 2018-03-05T21:46:54Z | | flavor | v1-1G-5G (b6860967-a16b-43f0-8d2e-da65446ce746) | | hostId | ec03236f986daa355ba92006b34bbabce6b8ccc052b1c6f1738dbb1d | | id | 120a5be0-f314-4455-87bf-cf5fe7637957 | | image | upgrade_workload (bf17d818-9782-4c1e-937d-857afe1fcf73) | | key_name | userkey | | name | instance_cd08d69bc7 | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | project_id | e5f39940704541d5b92615ef898191d9 | | properties | | | security_groups | [{u'name': u'allow-icmp-ssh'}] | | status | ACTIVE | | updated | 2018-03-05T21:47:06Z | | user_id | f04d2ca0282648ab9419658b907c8957 | +--------------------------------------+----------------------------------------------------------+ [stack@undercloud-0 ~]$ nova live-migration instance_cd08d69bc7 compute-0.localdomain [stack@undercloud-0 ~]$ openstack server show instance_cd08d69bc7 +--------------------------------------+----------------------------------------------------------+ | Field | Value | +--------------------------------------+----------------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-SRV-ATTR:host | compute-0.localdomain | | OS-EXT-SRV-ATTR:hypervisor_hostname | compute-0.localdomain | | OS-EXT-SRV-ATTR:instance_name | instance-00000002 | | OS-EXT-STS:power_state | 1 | | OS-EXT-STS:task_state | None | | OS-EXT-STS:vm_state | active | | OS-SRV-USG:launched_at | 2018-03-05T21:47:06.000000 | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | internal_net=192.168.0.13, 10.0.0.211 | | config_drive | | | created | 2018-03-05T21:46:54Z | | flavor | v1-1G-5G (b6860967-a16b-43f0-8d2e-da65446ce746) | | hostId | e61a7edd4315ccfdc6c29eaf3466e85c850704dfa3be48ce77d95bcb | | id | 120a5be0-f314-4455-87bf-cf5fe7637957 | | image | upgrade_workload (bf17d818-9782-4c1e-937d-857afe1fcf73) | | key_name | userkey | | name | instance_cd08d69bc7 | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | project_id | e5f39940704541d5b92615ef898191d9 | | properties | | | security_groups | [{u'name': u'allow-icmp-ssh'}] | | status | ACTIVE | | updated | 2018-03-06T02:51:05Z | | user_id | f04d2ca0282648ab9419658b907c8957 | +--------------------------------------+----------------------------------------------------------+ [root@compute-0 nova]# grep live_migration /etc/nova/nova.conf | grep -v ^# live_migration_uri=qemu+ssh://nova_migration@%s/system?keyfile=/etc/nova/migration/identity live_migration_tunnelled=True [root@compute-1 ~]# grep live_migration /etc/nova/nova.conf | grep -v ^# live_migration_uri=qemu+ssh://nova_migration@%s/system?keyfile=/etc/nova/migration/identity live_migration_tunnelled=True Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0541 |