From 628c27ce9e693902c5cabedc7f254f2a1229a195 Mon Sep 17 00:00:00 2001 From: John Garbutt Date: Fri, 27 Mar 2020 17:37:51 +0000 Subject: [PATCH] Fix live migration to use migration int. address In kolla ansible we typically configure services to communicate via IP addresses rather than hostnames. One accidental exception to this was live migration, which used the hostname of the destination even when not required (i.e. TLS not being used for libvirt). To make such hostnames work, k-a adds entries to /etc/hosts in the bootstrap-servers command. Alternatively users may provide DNS. One problem with using /etc/hosts is that, if a new compute host is added to the cloud, or an IP address is changed, that will not be reflected in the /etc/hosts file of other hosts. This would cause live migration to the new host from an old host to fail, as the name cannot be resolved. The workaround for this was to update the /etc/hosts file (perhaps via bootstrap-servers) on all hosts after adding new compute hosts. Then the nova_libvirt container had to be restarted to pick up the change. Similarly, if user has overridden the migration_interface, the used hostname could point to a wrong address on which libvirt would not listen. This change adds the live_migration_inbound_addr option to nova.conf. If TLS is not in use for libvirt, this will be set to the IP address of the host on the migration network. If TLS is enabled for libvirt, live_migration_inbound_addr will be set to migration_hostname, since certificates will typically reference the hostname rather than the host's IP. With libvirt TLS enabled, DNS is recommended to avoid the /etc/hosts issue which is likely the case in production deployments. Change-Id: I0201b46a9fbab21433a9f53685131aeb461543a8 Closes-Bug: #1729566 --- .../nova-cell/templates/nova.conf.d/libvirt.conf.j2 | 6 ++++-- .../notes/bug-1729566-8b77402fd8236962.yaml | 13 +++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 releasenotes/notes/bug-1729566-8b77402fd8236962.yaml diff --git a/ansible/roles/nova-cell/templates/nova.conf.d/libvirt.conf.j2 b/ansible/roles/nova-cell/templates/nova.conf.d/libvirt.conf.j2 index e72ceb2745..10dda3fa4e 100644 --- a/ansible/roles/nova-cell/templates/nova.conf.d/libvirt.conf.j2 +++ b/ansible/roles/nova-cell/templates/nova.conf.d/libvirt.conf.j2 @@ -1,9 +1,11 @@ [libvirt] {% if libvirt_tls | bool %} -connection_uri = "qemu+tls://{{ migration_hostname }}/system" -live_migration_uri = "qemu+tls://%s/system" +connection_uri = "qemu+tls://{{ migration_hostname | put_address_in_context('url') }}/system" +live_migration_scheme = "tls" +live_migration_inbound_addr = "{{ migration_hostname }}" {% else %} connection_uri = "qemu+tcp://{{ migration_interface_address | put_address_in_context('url') }}/system" +live_migration_inbound_addr = "{{ migration_interface_address }}" {% endif %} {% if nova_backend == "rbd" %} images_type = rbd diff --git a/releasenotes/notes/bug-1729566-8b77402fd8236962.yaml b/releasenotes/notes/bug-1729566-8b77402fd8236962.yaml new file mode 100644 index 0000000000..7ce1f10bb0 --- /dev/null +++ b/releasenotes/notes/bug-1729566-8b77402fd8236962.yaml @@ -0,0 +1,13 @@ +--- +fixes: + - | + Fixes an issue with Nova live migration not using + ``migration_interface_address`` even when TLS was not used. + When migrating an instance to a newly added compute host, if addressing + depended on ``/etc/hosts`` and it had not been updated on the + source compute host to include the new compute host, live migration would + fail. This did not affect DNS-based name resolution. + Analogically, Nova live migration would fail if the address in + DNS/``/etc/hosts`` was not the same as ``migration_interface_address`` + due to user customization. + `LP#1729566 `__