Description of problem: When updating from OSP9 GA to the latest packages that contain the fixes for CVE-2017-2637, an ssh key pair is not be added to the generated passwords. As a result live-migration is disabled. Version-Release number of selected component (if applicable): python-tripleoclient-2.0.0-14.el7ost.noarch How reproducible: Always Steps to Reproduce: 1. Deploy OSP9 GA 2. Update to the latest packages Actual results: Live migration over SSH is not configured. Expected results: Live migration over SSH is configured. Additional info: Live migration should be re-enabled when once a key has been added and the stack is updated.
It's just necessary to run openstack overcloud deploy .... after an update. This will add the ssh key to the generated passwords and update the config.
I don't like the idea of having to run the deploy. On OSP10 it's ok because --update-plan-only.
(In reply to Lukas Bezdicka from comment #2) > I don't like the idea of having to run the deploy. On OSP10 it's ok because > --update-plan-only. It's just a workaround, the fix is to generate update the passwords file when updating.
Any update as to when we will see an errata release?
After minor update from GA to latest I was able to successfully live migrate an instance: [stack@undercloud-0 ~]$ nova list +--------------------------------------+---------------------+--------+------------+-------------+---------------------------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+---------------------+--------+------------+-------------+---------------------------------------+ | 120a5be0-f314-4455-87bf-cf5fe7637957 | instance_cd08d69bc7 | ACTIVE | - | Running | internal_net=192.168.0.13, 10.0.0.211 | +--------------------------------------+---------------------+--------+------------+-------------+---------------------------------------+ [stack@undercloud-0 ~]$ openstack server list +--------------------------------------+---------------------+--------+---------------------------------------+ | ID | Name | Status | Networks | +--------------------------------------+---------------------+--------+---------------------------------------+ | 120a5be0-f314-4455-87bf-cf5fe7637957 | instance_cd08d69bc7 | ACTIVE | internal_net=192.168.0.13, 10.0.0.211 | +--------------------------------------+---------------------+--------+---------------------------------------+ [stack@undercloud-0 ~]$ openstack server show instance_cd08d69bc7 +--------------------------------------+----------------------------------------------------------+ | Field | Value | +--------------------------------------+----------------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-SRV-ATTR:host | compute-1.localdomain | | OS-EXT-SRV-ATTR:hypervisor_hostname | compute-1.localdomain | | OS-EXT-SRV-ATTR:instance_name | instance-00000002 | | OS-EXT-STS:power_state | 1 | | OS-EXT-STS:task_state | None | | OS-EXT-STS:vm_state | active | | OS-SRV-USG:launched_at | 2018-03-05T21:47:06.000000 | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | internal_net=192.168.0.13, 10.0.0.211 | | config_drive | | | created | 2018-03-05T21:46:54Z | | flavor | v1-1G-5G (b6860967-a16b-43f0-8d2e-da65446ce746) | | hostId | ec03236f986daa355ba92006b34bbabce6b8ccc052b1c6f1738dbb1d | | id | 120a5be0-f314-4455-87bf-cf5fe7637957 | | image | upgrade_workload (bf17d818-9782-4c1e-937d-857afe1fcf73) | | key_name | userkey | | name | instance_cd08d69bc7 | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | project_id | e5f39940704541d5b92615ef898191d9 | | properties | | | security_groups | [{u'name': u'allow-icmp-ssh'}] | | status | ACTIVE | | updated | 2018-03-05T21:47:06Z | | user_id | f04d2ca0282648ab9419658b907c8957 | +--------------------------------------+----------------------------------------------------------+ [stack@undercloud-0 ~]$ nova live-migration instance_cd08d69bc7 compute-0.localdomain [stack@undercloud-0 ~]$ openstack server show instance_cd08d69bc7 +--------------------------------------+----------------------------------------------------------+ | Field | Value | +--------------------------------------+----------------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-SRV-ATTR:host | compute-0.localdomain | | OS-EXT-SRV-ATTR:hypervisor_hostname | compute-0.localdomain | | OS-EXT-SRV-ATTR:instance_name | instance-00000002 | | OS-EXT-STS:power_state | 1 | | OS-EXT-STS:task_state | None | | OS-EXT-STS:vm_state | active | | OS-SRV-USG:launched_at | 2018-03-05T21:47:06.000000 | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | internal_net=192.168.0.13, 10.0.0.211 | | config_drive | | | created | 2018-03-05T21:46:54Z | | flavor | v1-1G-5G (b6860967-a16b-43f0-8d2e-da65446ce746) | | hostId | e61a7edd4315ccfdc6c29eaf3466e85c850704dfa3be48ce77d95bcb | | id | 120a5be0-f314-4455-87bf-cf5fe7637957 | | image | upgrade_workload (bf17d818-9782-4c1e-937d-857afe1fcf73) | | key_name | userkey | | name | instance_cd08d69bc7 | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | project_id | e5f39940704541d5b92615ef898191d9 | | properties | | | security_groups | [{u'name': u'allow-icmp-ssh'}] | | status | ACTIVE | | updated | 2018-03-06T02:51:05Z | | user_id | f04d2ca0282648ab9419658b907c8957 | +--------------------------------------+----------------------------------------------------------+ [root@compute-0 nova]# grep live_migration /etc/nova/nova.conf | grep -v ^# live_migration_uri=qemu+ssh://nova_migration@%s/system?keyfile=/etc/nova/migration/identity live_migration_tunnelled=True [root@compute-1 ~]# grep live_migration /etc/nova/nova.conf | grep -v ^# live_migration_uri=qemu+ssh://nova_migration@%s/system?keyfile=/etc/nova/migration/identity live_migration_tunnelled=True
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0541