From c765a81ea4ed420bbde9bcfe335683a3f0cdfd46 Mon Sep 17 00:00:00 2001 From: Martin Schuppert Date: Mon, 8 Mar 2021 18:45:24 +0100 Subject: [PATCH] Fix live-migration with libvirt >= 6.8.0 libvirt 6.8.0 introduces virt-ssh-helper which prepends the libvirt ssh command with a "which virt-ssh-helper". libvirt used to first check for `nc` (netcat). But these two libvirt commits[1][2] have now changed it to first look for `virt-ssh-helper`, if it not available, then fall back to `nc`. The nova-migration-wrapper doesn't accept this command and denies the connection. Until nova-migration-wrapper is changed to allow the usage of virt-ssh-helper, this change force to use "netcat" (`nc`) by appending to the migration URI: "&proxy=netcat" [1] https://libvirt.org/git/?p=libvirt.git;a=commit;h=f8ec7c842d (rpc: use new virt-ssh-helper binary for remote tunnelling, 2020-07-08) [2] https://libvirt.org/git/?p=libvirt.git;a=commit;h=7d959c302d (rpc: Fix virt-ssh-helper detection, 2020-10-27) Closes-Bug: 1918250 Related: https://bugzilla.redhat.com/show_bug.cgi?id=1926602 Change-Id: I3db9cd42aa63379ed6332ee77f67d1dfe4be8504 Co-Authored-By: David Vallee Delisle (cherry picked from commit 04a97f92e4d944ce51492011584e2ec1126042a1) (cherry picked from commit bf5a4a9849d7cb067d36ca57fd8538faed016715) (cherry picked from commit 960dbfe986b06a9b390b4adac1fca57c8badb3e7) --- manifests/profile/base/nova/migration/client.pp | 5 ++++- ..._live_migration_force_nc-f903a09955164ad9.yaml | 15 +++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/nova_compute_live_migration_force_nc-f903a09955164ad9.yaml diff --git a/manifests/profile/base/nova/migration/client.pp b/manifests/profile/base/nova/migration/client.pp index cc9b93230..66a7ec0bd 100644 --- a/manifests/profile/base/nova/migration/client.pp +++ b/manifests/profile/base/nova/migration/client.pp @@ -70,7 +70,10 @@ class tripleo::profile::base::nova::migration::client ( configure_libvirt => $libvirt_enabled, configure_nova => $nova_compute_enabled, client_user => 'nova_migration', - client_extraparams => {'keyfile' => '/etc/nova/migration/identity'}, + client_extraparams => { + 'keyfile' => '/etc/nova/migration/identity', + 'proxy' => 'netcat', + }, client_port => $ssh_port } } diff --git a/releasenotes/notes/nova_compute_live_migration_force_nc-f903a09955164ad9.yaml b/releasenotes/notes/nova_compute_live_migration_force_nc-f903a09955164ad9.yaml new file mode 100644 index 000000000..553f21728 --- /dev/null +++ b/releasenotes/notes/nova_compute_live_migration_force_nc-f903a09955164ad9.yaml @@ -0,0 +1,15 @@ +--- +fixes: + - | + libvirt 6.8.0 introduces virt-ssh-helper which prepends the libvirt + ssh command with a "which virt-ssh-helper". libvirt used to first + check for `nc` (netcat). But these two libvirt commits[1][2] have now + changed it to first look for `virt-ssh-helper`, if it not available, + then fall back to `nc`. This trips up the 'nova-migration-wrapper' as + it does not support virt-ssh-helper atm. + Until this is implemented, this change force to use "netcat" (`nc`) by + appending to the migration URI: "&proxy=netcat" + [1] https://libvirt.org/git/?p=libvirt.git;a=commit;h=f8ec7c842d (rpc: + use new virt-ssh-helper binary for remote tunnelling, 2020-07-08) + [2] https://libvirt.org/git/?p=libvirt.git;a=commit;h=7d959c302d (rpc: + Fix virt-ssh-helper detection, 2020-10-27)