Add notes on live migration configuration
Live migration will not currently work with a multi-node DevStack environment due to the libvirtd process running as root and the compute process trying to use the stack user's SSH keys with the default live migration URI. The multi-node documentation is updated to outline how to configure the SSH keys between the source and destination stack and root users so that live migration will work as expected. Co-Authored-By: Taylor Peoples <tpeoples@us.ibm.com> Change-Id: Ifed7e95cd5ba43a05a4099a3664cbefde3e0a749 Closes-Bug: #1487262
This commit is contained in:
Zhenzan Zhou
Taylor Peoples
parent
ffb96b85d3
commit
e1f87963b1
@ -373,3 +373,43 @@ If you forgot to set the root password you can do this:
|
|||||||
::
|
::
|
||||||
|
|
||||||
mysqladmin -u root -pnova password 'supersecret'
|
mysqladmin -u root -pnova password 'supersecret'
|
||||||
|
|
||||||
|
Live Migration
|
||||||
|
--------------
|
||||||
|
|
||||||
|
In order for live migration to work with the default live migration URI::
|
||||||
|
|
||||||
|
[libvirt]
|
||||||
|
live_migration_uri = qemu+ssh://stack@%s/system
|
||||||
|
|
||||||
|
SSH keys need to be exchanged between each compute node:
|
||||||
|
|
||||||
|
1. The SOURCE root user's public RSA key (likely in /root/.ssh/id_rsa.pub)
|
||||||
|
needs to be in the DESTINATION stack user's authorized_keys file
|
||||||
|
(~stack/.ssh/authorized_keys). This can be accomplished by manually
|
||||||
|
copying the contents from the file on the SOURCE to the DESTINATION. If
|
||||||
|
you have a password configured for the stack user, then you can use the
|
||||||
|
following command to accomplish the same thing::
|
||||||
|
|
||||||
|
ssh-copy-id -i /root/.ssh/id_rsa.pub stack@DESTINATION
|
||||||
|
|
||||||
|
2. The DESTINATION host's public ECDSA key (/etc/ssh/ssh_host_ecdsa_key.pub)
|
||||||
|
needs to be in the SOURCE root user's known_hosts file
|
||||||
|
(/root/.ssh/known_hosts). This can be accomplished by running the
|
||||||
|
following on the SOURCE machine (hostname must be used)::
|
||||||
|
|
||||||
|
ssh-keyscan -H DEST_HOSTNAME | sudo tee -a /root/.ssh/known_hosts
|
||||||
|
|
||||||
|
In essence, this means that every compute node's root user's public RSA key
|
||||||
|
must exist in every other compute node's stack user's authorized_keys file and
|
||||||
|
every compute node's public ECDSA key needs to be in every other compute
|
||||||
|
node's root user's known_hosts file. Please note that if the root or stack
|
||||||
|
user does not have a SSH key, one can be generated using::
|
||||||
|
|
||||||
|
ssh-keygen -t rsa
|
||||||
|
|
||||||
|
The above steps are necessary because libvirtd runs as root when the
|
||||||
|
live_migration_uri uses the "qemu:///system" family of URIs. For more
|
||||||
|
information, see the `libvirt documentation`_.
|
||||||
|
|
||||||
|
.. _libvirt documentation: https://libvirt.org/drvqemu.html#securitydriver
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user