Bug 624062

Summary: Tunnelled migration doesn't work in RHEL 6.0 without increasing security risk
Product: Red Hat Enterprise Linux 6 Reporter: Justin Clift <jclift>
Component: libvirtAssignee: Chris Lalancette <clalance>
Status: CLOSED CURRENTRELEASE QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: urgent    
Version: 6.0CC: berrange, eblake, kwade, mjenner, syeghiay, veillard, xen-maint, yoyzhang
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-0.8.1-25.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 630625 (view as bug list) Environment:
Last Closed: 2010-11-10 21:05:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Justin Clift 2010-08-13 14:43:08 UTC 
Description of problem:

Due a bug in the location of a socket file with libvirt, tunnelled migration to move a virtual machine from one host server to another doesn't work in RHEL 6.0.

There *is* a workaround, of changing the process ownership of QEMU from the default qemu:qemu:, to root:root, however this introduces potential security risk.

Chris Lalancette has created (very simple) working patches upstream, which allow tunnelled migration to work properly out of the box.  (No change to root:root ownership needed)


Version-Release number of selected component (if applicable):

libvirt 0.8.1-24 and earlier


How reproducible:

Every time.


Steps to Reproduce:
1. Using a standard installation of RHEL 6.0 running libvirt, attempt to migrate a virtual machine from one host server to another:

  # virsh migrate --live vm1 qemu+ssh://host2/system --p2p --tunnelled --desturi tcp:host2

Migration will fail every time.

  
Actual results:

Migration fails.


Expected results:

The guest virtual machine will migrate to the new host server without incident.


Additional info:
Comment 1 Daniel Veillard 2010-08-13 14:50:53 UTC 
Two patches are posted upstream for it

https://www.redhat.com/archives/libvir-list/2010-August/msg00215.html
and
https://www.redhat.com/archives/libvir-list/2010-August/msg00218.html

Daniel
Comment 2 Daniel Veillard 2010-08-15 16:44:33 UTC 
libvirt-0.8.1-25.el6 has been built in RHEL-6-candidate with the fixes,

Daniel
Comment 3 Justin Clift 2010-08-17 16:28:01 UTC 
Tested tunnelled migration in libvirt-0.8.1-25.el6 with qemu:qemu owned QEMU.  It worked fine for me.
Comment 6 releng-rhel@redhat.com 2010-11-10 21:05:40 UTC 
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.