Live migrations over ssh fail from nova but work from virsh [closed]

asked 2015-03-09 15:59:29 -0500

updated 2015-03-10 06:45:43 -0500

This works perfectly in both directions:

nova@compute-1:~$ virsh migrate --live instance-00000025 qemu+ssh://nova@compute-2/system

nova@compute-2:~$ virsh migrate --live instance-00000025 qemu+ssh://nova@compute-1/system

nova.conf contains:

live_migration_uri = qemu+ssh://nova@%s/system

However migration fails when run from nova:

2015-03-09 16:45:34.605 27561 ERROR nova.virt.libvirt.driver [-] [instance: 76003e69-fcb1-4e62-962e-be4c1257344d] Live Migration failure: operation failed: Failed to connect to remote libvirt URI qemu+ssh://nova@compute-2/system: Cannot recv data: Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).: Connection reset by peer

But public key authentication between compute-1 and compute-2 is clearly working...

Hey I'm getting the same error too :/ , I'm getting the same error when i do virsh migrate , how did you manage to get virsh migrate working ? i mean what configuration did you do to make virsh migrate work ? :)

Per my other comment, this only ever worked because nova had previously created bridge devices in its failed live migration attempt.

3 answers

answered 2015-03-10 08:39:03 -0500

updated 2015-03-10 10:40:03 -0500

I have solved the issue.

To migrate from compute-1 to compute-2, ssh equivalency from root@compute-1 to nova@compute-2 must be configured, as the migration request is passed on compute-1 from nova to virsh to the libvirtd socket. libvirtd (running as root) then ssh'es to nova@compute-2 and runs a netcat command to do the migration.

OK, I figured this part out - the only reason the manual virsh migrate ever worked is because I had previously tried nova live-migration which created the proper bridge device.

answered 2015-03-10 02:41:32 -0500

Please make sure that the host and destination folders have the same permissions and ownership(nova). Enable the nova user to be be a login user as it's not enough to just save the keys in both destination and source.

answered 2015-03-10 06:47:21 -0500

Related question, Check the answer you will find some parameters that you should have been taken care off

