+++ This bug was initially created as a clone of Bug #1464504 +++ Description of problem: When updating from OSP9 GA to the latest packages that contain the fixes for CVE-2017-2637, an ssh key pair is not be added to the generated passwords. As a result live-migration is disabled. Version-Release number of selected component (if applicable): python-tripleoclient-2.0.0-14.el7ost.noarch How reproducible: Always Steps to Reproduce: 1. Deploy OSP9 GA 2. Update to the latest packages Actual results: Live migration over SSH is not configured. Expected results: Live migration over SSH is configured. Additional info: Live migration should be re-enabled when once a key has been added and the stack is updated. --- Additional comment from Ollie Walsh on 2017-06-23 18:24:33 IST --- It's just necessary to run openstack overcloud deploy .... after an update. This will add the ssh key to the generated passwords and update the config. --- Additional comment from Lukas Bezdicka on 2017-06-23 19:31:39 IST --- I don't like the idea of having to run the deploy. On OSP10 it's ok because --update-plan-only. --- Additional comment from Ollie Walsh on 2017-06-23 19:35:09 IST --- (In reply to Lukas Bezdicka from comment #2) > I don't like the idea of having to run the deploy. On OSP10 it's ok because > --update-plan-only. It's just a workaround, the fix is to generate update the passwords file when updating.
After minor update from GA to latest I was able to successfully live migrate an instance: [stack@undercloud-0 ~]$ openstack server list +--------------------------------------+---------------------+--------+---------------------------------------+ | ID | Name | Status | Networks | +--------------------------------------+---------------------+--------+---------------------------------------+ | e1b1a870-9d08-4507-96e4-d9a7266927e4 | instance_93a4534f61 | ACTIVE | internal_net=192.168.0.13, 10.0.0.211 | +--------------------------------------+---------------------+--------+---------------------------------------+ [stack@undercloud-0 ~]$ openstack server show instance_93a4534f61 +--------------------------------------+----------------------------------------------------------+ | Field | Value | +--------------------------------------+----------------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-SRV-ATTR:host | compute-1.localdomain | | OS-EXT-SRV-ATTR:hypervisor_hostname | compute-1.localdomain | | OS-EXT-SRV-ATTR:instance_name | instance-00000003 | | OS-EXT-STS:power_state | 1 | | OS-EXT-STS:task_state | None | | OS-EXT-STS:vm_state | active | | OS-SRV-USG:launched_at | 2018-03-13T21:07:29.000000 | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | internal_net=192.168.0.13, 10.0.0.211 | | config_drive | | | created | 2018-03-13T21:07:19Z | | flavor | v1-1G-5G (1e22ef7c-e7a8-43f9-99a4-c372086aed06) | | hostId | c614d4550fa4b803dff912d5025b64797909d022722c85c664dfba14 | | id | e1b1a870-9d08-4507-96e4-d9a7266927e4 | | image | upgrade_workload (58ff7e40-029e-447e-a9e3-ccb452249d28) | | key_name | userkey | | name | instance_93a4534f61 | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | project_id | 29c9ee42a19e45ecb9c1fce17fa9f1eb | | properties | | | security_groups | [{u'name': u'allow-icmp-ssh'}] | | status | ACTIVE | | updated | 2018-03-13T21:07:30Z | | user_id | e107b882324748ce96e059dac27deb05 | +--------------------------------------+----------------------------------------------------------+ [stack@undercloud-0 ~]$ nova live-migration instance_93a4534f61 compute-0.localdomain [stack@undercloud-0 ~]$ openstack server show instance_93a4534f61 +--------------------------------------+----------------------------------------------------------+ | Field | Value | +--------------------------------------+----------------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-SRV-ATTR:host | compute-0.localdomain | | OS-EXT-SRV-ATTR:hypervisor_hostname | compute-0.localdomain | | OS-EXT-SRV-ATTR:instance_name | instance-00000003 | | OS-EXT-STS:power_state | 1 | | OS-EXT-STS:task_state | None | | OS-EXT-STS:vm_state | active | | OS-SRV-USG:launched_at | 2018-03-13T21:07:29.000000 | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | internal_net=192.168.0.13, 10.0.0.211 | | config_drive | | | created | 2018-03-13T21:07:19Z | | flavor | v1-1G-5G (1e22ef7c-e7a8-43f9-99a4-c372086aed06) | | hostId | 803c66f68845a204e2b123b81b7bca2e7dd9b2320c72c7e3d1793029 | | id | e1b1a870-9d08-4507-96e4-d9a7266927e4 | | image | upgrade_workload (58ff7e40-029e-447e-a9e3-ccb452249d28) | | key_name | userkey | | name | instance_93a4534f61 | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | project_id | 29c9ee42a19e45ecb9c1fce17fa9f1eb | | properties | | | security_groups | [{u'name': u'allow-icmp-ssh'}] | | status | ACTIVE | | updated | 2018-03-14T01:07:50Z | | user_id | e107b882324748ce96e059dac27deb05 | +--------------------------------------+----------------------------------------------------------+ [root@compute-0 ~]# grep live_migration /etc/nova/nova.conf | grep -v ^# live_migration_uri=qemu+ssh://nova_migration@%s/system?keyfile=/etc/nova/migration/identity live_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED [root@compute-0 ~]# exit [root@compute-1 ~]# grep live_migration /etc/nova/nova.conf | grep -v ^# live_migration_uri=qemu+ssh://nova_migration@%s/system?keyfile=/etc/nova/migration/identity live_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0543