Bug 1623159

Summary: Live Migration over SSH Failing due to target on non-default port
Product: Red Hat OpenStack Reporter: awaugama
Component: openstack-tripleo-heat-templatesAssignee: Ollie Walsh <owalsh>
Status: CLOSED ERRATA QA Contact: Alexander Chuzhoy <sasha>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 14.0 (Rocky)CC: jhakimra, jjelen, jschluet, mburns, owalsh, slinaber
Target Milestone: betaKeywords: Triaged
Target Release: 14.0 (Rocky)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-9.0.0-0.20180831204458.17bb71e.0rc1.0rc1.el7ost Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-01-11 11:51:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1600184    

Description awaugama 2018-08-28 15:26:02 UTC 
Description of problem: When a target compute node isn't using the default port, ssh requires a known_hosts entry that isn't present with the latest tripleo deployment of OpenStack


Version-Release number of selected component (if applicable):

openstack-tripleo-common.noarch  9.2.1-0.20180803214330.el7ost


How reproducible: Everytime


Steps to Reproduce:
1. Create an instance with shared storage
2. Attempt to live migrate the instance

Actual results:

The instance live migrates to the other compute node

Expected results:

Live migration fails

Additional info: 
From the upstream bug:

It appears the behaviour of ssh client has changed. Previously a port was not required in /etc/ssh/ssh_known_hosts when running on a non-default port, now it is:

[root@compute-1 heat-admin]# ssh compute-0.localdomain
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

[root@compute-1 heat-admin]# ssh -p 2022 compute-0.localdomain
The authenticity of host '[compute-0.localdomain]:2022 ([172.17.1.19]:2022)' can't be established.
ECDSA key fingerprint is SHA256:1kTWyAQTD3K1vGsiQQitfRChSk1drrtewcZ82VhGx1c.
ECDSA key fingerprint is MD5:61:53:4a:e2:69:a6:b9:8b:70:39:8f:a6:a2:20:18:bd.
Are you sure you want to continue connecting (yes/no)? ^C
Comment 8 Joe H. Rahme 2018-10-03 12:26:20 UTC 
Live migration works out of the box as of puddle 2018.09.27.1
Comment 16 errata-xmlrpc 2019-01-11 11:51:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:0045