[libvirt-users] nova-compute, libvirt and authentication
Martin Kletzander
mkletzan at redhat.com
Tue Jul 2 07:58:36 UTC 2013
On 07/01/2013 01:27 PM, Maciej Gałkiewicz wrote:
> Hello
>
> I have a question about live migration when libvirt requires sasl
> authentication. I have managed to configure remote access for user nova
> with sasl enabled (credentials stored in auth.conf -
> https://review.openstack.org/#/c/12706/). It looks like live migration do
> not use these credentials at all. What is more it thinks that sasl is not
> not configured:
>
I'd say this is a problem with sasl, nothing else. "No mechanism found"
may mean that libraries for configured mechanism aren't found or unknown
mechanism is being requested. I doubt that access to those libraries
would be a permisison problem, but you might be missing some
cyrus-sasl-* package. What distro are you running on and what
sasl-related packages do you have installed?
> 2013-07-01 09:49:09.317+0000: 17997: error :
> virNetSASLSessionClientStart:484 : authentication failed: Failed to start
> SASL negotiation: -4 (SASL(-4): no mechanism available: No worthy mechs
> found)
> 2013-07-01 09:49:09.317+0000: 17997: error : doPeer2PeerMigrate:2527 :
> operation failed: Failed to connect to remote libvirt URI
> qemu+tcp://n12c1/system
>
> I execute migration like this:
> nova live-migration c923af69-4cb3-46dd-8bd2-871812d7d223 n12c1
>
> Nova.conf:
> live_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE
>
> Could you please let me know whether nova/libvirt support p2p live
> migration with sasl and if so point out what might be misconfigured?
> Disabling sasl solves all my problems but I have to configure some
> authentication.
>
> I would really appreciate your help.
>
> regards
>
>
>
> _______________________________________________
> libvirt-users mailing list
> libvirt-users at redhat.com
> https://www.redhat.com/mailman/listinfo/libvirt-users
>
More information about the libvirt-users
mailing list