Fix live-migration with libvirt >= 6.8.0

libvirt 6.8.0 introduces virt-ssh-helper which prepends the libvirt ssh command with a "which virt-ssh-helper". libvirt used to first check for `nc` (netcat). But these two libvirt commits[1][2] have now changed it to first look for `virt-ssh-helper`, if it not available, then fall back to `nc`. The nova-migration-wrapper doesn't accept this command and denies the connection. Until nova-migration-wrapper is changed to allow the usage of virt-ssh-helper, this change force to use "netcat" (`nc`) by appending to the migration URI: "&proxy=netcat" [1] https://libvirt.org/git/?p=libvirt.git;a=commit;h=f8ec7c842d (rpc: use new virt-ssh-helper binary for remote tunnelling, 2020-07-08) [2] https://libvirt.org/git/?p=libvirt.git;a=commit;h=7d959c302d (rpc: Fix virt-ssh-helper detection, 2020-10-27) Closes-Bug: 1918250 Related: https://bugzilla.redhat.com/show_bug.cgi?id=1926602 Change-Id: I3db9cd42aa63379ed6332ee77f67d1dfe4be8504 Co-Authored-By: David Vallee Delisle <dvd@redhat.com> (cherry picked from commit 04a97f92e4) (cherry picked from commit bf5a4a9849) (cherry picked from commit 960dbfe986)
2021-03-08 18:45:24 +01:00 · 2021-03-08 18:45:24 +01:00 · c765a81ea4
commit c765a81ea4
parent 8d5bb4b894
2 changed files with 19 additions and 1 deletions
--- a/manifests/profile/base/nova/migration/client.pp
+++ b/manifests/profile/base/nova/migration/client.pp
@ -70,7 +70,10 @@ class tripleo::profile::base::nova::migration::client (
        configure_libvirt  => $libvirt_enabled,
        configure_nova     => $nova_compute_enabled,
        client_user        => 'nova_migration',
-        client_extraparams => {'keyfile' => '/etc/nova/migration/identity'},
+        client_extraparams => {
+          'keyfile' => '/etc/nova/migration/identity',
+          'proxy'   => 'netcat',
+        },
        client_port        => $ssh_port
      }
    }
--- a/releasenotes/notes/nova_compute_live_migration_force_nc-f903a09955164ad9.yaml
+++ b/releasenotes/notes/nova_compute_live_migration_force_nc-f903a09955164ad9.yaml
@ -0,0 +1,15 @@
+---
+fixes:
+  - |
+    libvirt 6.8.0 introduces virt-ssh-helper which prepends the libvirt
+    ssh command with a "which virt-ssh-helper". libvirt used to first
+    check for `nc` (netcat). But these two libvirt commits[1][2] have now
+    changed it to first look for `virt-ssh-helper`, if it not available,
+    then fall back to `nc`. This trips up the 'nova-migration-wrapper' as
+    it does not support virt-ssh-helper atm.
+    Until this is implemented, this change force to use "netcat" (`nc`) by
+    appending to the migration URI: "&proxy=netcat"
+    [1] https://libvirt.org/git/?p=libvirt.git;a=commit;h=f8ec7c842d (rpc:
+    use new virt-ssh-helper binary for remote tunnelling, 2020-07-08)
+    [2] https://libvirt.org/git/?p=libvirt.git;a=commit;h=7d959c302d (rpc:
+    Fix virt-ssh-helper detection, 2020-10-27)