[libvirt-users] [RESOLVED] Re: P2P live migration with non-shared storage: fails to connect to remote libvirt URI qemu+ssh
Kashyap Chamarthy
kchamart at redhat.com
Fri Apr 3 19:17:33 UTC 2015
On Fri, Apr 03, 2015 at 12:27:07PM +0200, Kashyap Chamarthy wrote:
> On Fri, Apr 03, 2015 at 10:13:38AM +0200, Kashyap Chamarthy wrote:
> > On Fri, Apr 03, 2015 at 10:08:21AM +0200, Kashyap Chamarthy wrote:
> > > Migration without --p2p works just fine, ie. the below works:
> > >
> > >
> > > $ virsh migrate --verbose --copy-storage-all \
> > > --live cvm1 qemu+ssh://kashyapc@devstack3/system
> > > Migration: [100 %]
Problem found:
I was running the `ssh-agent` with a passphrase for the SSH key. This
will work in the managed direct migration case as above (because the
client handles process controls most of it). . .
> >
> > [. . .]
> >
> > >
> > > (2) Perform peer to peer live migration (as root):
> > >
> > > $ virsh migrate --verbose --p2p --copy-storage-all \
> > > --live cvm1 qemu+ssh://kashyapc@devstack3/system
. . .but _not_ in P2P case, because the libvirt daemon on the source
_does not_ have access to the `ssh-agent` (so while I _can_ SSH into the
dest host as 'root' w/o password, libvirt daemon cannot! So ensure that
SSH key has no pass-phrase (only in trusted networks for testing only!)
or setup X.509 certificates.
When Jirka asked me on IRC that if I was able to SSH as root to the
destination host, I was able to, but didn't think of the `ssh-agent`
holding the private key _with_ passphrase!
> Hmm, reading the flow for peer2peer here:
>
> https://libvirt.org/migration.html#flowpeer2peer
>
> which says:
>
> "Note that the source libvirtd uses its own credentials (typically root)
> to connect to the destination, rather than the credentials used by the
> client to connect to the source; if these differ, it is common to run
> into a situation where a client can connect to the destination directly
> but the source cannot make the connection to set up the peer-to-peer
> migration."
Also thanks to Lars Kellogg-Stedman (OpenStack dev) who reminded me of
the the question "does your libvirtd have access to the ssh-agent" and
also for noticing I didn't refresh the storage pool on the destination
host while doing multiple migration tests. Speak of messy test
environments. . .
Sorry for the noise. At-least I'm now clear on a couple of migration
techniques that libvirt offers. :-)
Have a nice weekend!
--
/kashyap
More information about the libvirt-users
mailing list