Ask Your Question

Live migrations over ssh fail from nova but work from virsh [closed]

asked 2015-03-09 15:59:29 -0500

rlrevell gravatar image

updated 2015-03-10 06:45:43 -0500

bishoy gravatar image

This works perfectly in both directions:

nova@compute-1:~$ virsh migrate --live instance-00000025 qemu+ssh://nova@compute-2/system

nova@compute-2:~$ virsh migrate --live instance-00000025 qemu+ssh://nova@compute-1/system

nova.conf contains:

live_migration_uri = qemu+ssh://nova@%s/system

However migration fails when run from nova:

2015-03-09 16:45:34.605 27561 ERROR nova.virt.libvirt.driver [-] [instance: 76003e69-fcb1-4e62-962e-be4c1257344d] Live Migration failure: operation failed: Failed to connect to remote libvirt URI qemu+ssh://nova@compute-2/system: Cannot recv data: Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).: Connection reset by peer

But public key authentication between compute-1 and compute-2 is clearly working...

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by rlrevell
close date 2015-03-10 10:40:27.908986


Hey I'm getting the same error too :/ , I'm getting the same error when i do virsh migrate , how did you manage to get virsh migrate working ? i mean what configuration did you do to make virsh migrate work ? :)

Neetz gravatar imageNeetz ( 2015-03-10 02:39:19 -0500 )edit

Per my other comment, this only ever worked because nova had previously created bridge devices in its failed live migration attempt.

rlrevell gravatar imagerlrevell ( 2015-03-10 08:00:19 -0500 )edit

3 answers

Sort by ยป oldest newest most voted

answered 2015-03-10 08:39:03 -0500

rlrevell gravatar image

updated 2015-03-10 10:40:03 -0500

I have solved the issue.

To migrate from compute-1 to compute-2, ssh equivalency from root@compute-1 to nova@compute-2 must be configured, as the migration request is passed on compute-1 from nova to virsh to the libvirtd socket. libvirtd (running as root) then ssh'es to nova@compute-2 and runs a netcat command to do the migration.

edit flag offensive delete link more


OK, I figured this part out - the only reason the manual virsh migrate ever worked is because I had previously tried nova live-migration which created the proper bridge device.

rlrevell gravatar imagerlrevell ( 2015-03-10 09:44:30 -0500 )edit

answered 2015-03-10 02:41:32 -0500

Neetz gravatar image

Please make sure that the host and destination folders have the same permissions and ownership(nova). Enable the nova user to be be a login user as it's not enough to just save the keys in both destination and source.

edit flag offensive delete link more

answered 2015-03-10 06:47:21 -0500

bishoy gravatar image

Related question, Check the answer you will find some parameters that you should have been taken care off

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-03-09 15:59:29 -0500

Seen: 2,083 times

Last updated: Mar 10 '15