Bug 1305630 - live migrations from 5 to 6 are failing with selinux disabled
live migrations from 5 to 6 are failing with selinux disabled
Status: CLOSED NOTABUG
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova (Show other bugs)
5.0 (RHEL 6)
All Linux
unspecified Severity high
: ---
: 8.0 (Liberty)
Assigned To: Eoghan Glynn
nlevinki
: Unconfirmed, ZStream
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-08 14:02 EST by Jack Waterworth
Modified: 2016-03-01 08:13 EST (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-02-12 10:32:20 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jack Waterworth 2016-02-08 14:02:03 EST
Description of problem:
live migrations from 5 to 6 are failing with selinux disabled

Version-Release number of selected component (if applicable):

source compute: rhel 6.5
libvirt-0.10.2-54.el6.x86_64
libvirt-client-0.10.2-54.el6.x86_64
libvirt-python-0.10.2-54.el6.x86_64

target compute: rhel 7.1
libvirt-1.2.8-16.el7.x86_64
libvirt-client-1.2.8-16.el7.x86_64
libvirt-python-1.2.8-7.el7.x86_64


How reproducible:
every time


Steps to Reproduce:
1. Disable selinux on source
2. Attempt to live migrate instance

Actual results:
live migration fails with error

2016-02-04 08:34:52.766 27698 ERROR nova.virt.libvirt.driver [-] [instance: 044f3270-b614-49ce-b8d0-21c39b47fea0] Live Migration failure: unsupported configuration: Unable to find security driver for label none

Expected results:
migration should not fail

Additional info:

problematic instance: 044f3270-b614-49ce-b8d0-21c39b47fea0

-----------------------
2016-02-04 07:41:52.195 27698 WARNING nova.virt.libvirt.driver [-] [instance: 044f3270-b614-49ce-b8d0-21c39b47fea0] An error occurred trying to live migrate. Falling back to legacy live migrate flow. Error: unsupported configuration: Unable to find security driver for label none
2016-02-04 07:41:52.196 27698 WARNING nova.virt.libvirt.driver [-] Your libvirt version does not support the VIR_DOMAIN_XML_MIGRATABLE flag, and the  graphics (VNC and/or SPICE) listen addresses on the destination node do not match the addresses on the source node. Since the source node has listen addresses set to either the catch-all address (0.0.0.0 or ::) or the local address (127.0.0.1 or ::1), the live migration will succeed, but the VM will continue to listen on the current addresses.
2016-02-04 07:41:52.339 27698 ERROR nova.virt.libvirt.driver [-] [instance: 044f3270-b614-49ce-b8d0-21c39b47fea0] Live Migration failure: unsupported configuration: Unable to find security driver for label none
-----------------------
2016-02-04 08:34:52.645 27698 WARNING nova.virt.libvirt.driver [-] [instance: 044f3270-b614-49ce-b8d0-21c39b47fea0] An error occurred trying to live migrate. Falling back to legacy live migrate flow. Error: unsupported configuration: Unable to find security driver for label none
2016-02-04 08:34:52.646 27698 WARNING nova.virt.libvirt.driver [-] Your libvirt version does not support the VIR_DOMAIN_XML_MIGRATABLE flag, and the  graphics (VNC and/or SPICE) listen addresses on the destination node do not match the addresses on the source node. Since the source node has listen addresses set to either the catch-all address (0.0.0.0 or ::) or the local address (127.0.0.1 or ::1), the live migration will succeed, but the VM will continue to listen on the current addresses.
2016-02-04 08:34:52.766 27698 ERROR nova.virt.libvirt.driver [-] [instance: 044f3270-b614-49ce-b8d0-21c39b47fea0] Live Migration failure: unsupported configuration: Unable to find security driver for label none
-----------------------

additionally, this appears to be a known issue with RHEV, but i am uncertain if the same applies to openstack:

    Virtual machine fails to start or migrate on Red Hat Enterprise Virtualization
    https://access.redhat.com/solutions/650773
Comment 2 Jack Waterworth 2016-02-08 14:02:54 EST
i should clarify that selinux is DISABLE on the source, but PERMISSIVE on the target.

Note You need to log in before you can comment on or make changes to this bug.