** Description changed: - Environment - =========== - Affected OS: Ubuntu 24.04 (Noble Numbat) - Libvirt version: 10.0 + [ Impact ] + Live migration of instances with shared storage and enabled parallel + migrations fails on libvirt>=8.2,<10.3 with: - Description - =========== + libvirt.libvirtError: internal error: unable to execute QEMU command + 'blockdev-add': Certificate does not match the hostname - Right now libvirt/qemu have a superset of issues related to live - migrations, which makes navigating around them almost impossible (gnutls - realted bug in QEMU, which crashes loaded domains when TLS is used: - https://gitlab.com/qemu-project/qemu/-/issues/1937). - - While using parallel migrations were effective workaround, as this creates multiple counter and significantly increases throughput, their usage on Libvirt 10.0 is not possible anymore due to a bug in Libvirt itself, which was introduced in 8.2 by this commit: + The regression has been introduced in 8.2 by this commit: https://github.com/libvirt/libvirt/commit/e8fa09d66bcb95a3f23fe5957dd203f1f341f4b5 The fix for this issue was proposed and released in libvirt 10.3: https://github.com/libvirt/libvirt/commit/5d48c5d215071526383b8fc50d81ecde62e4111b - How to reproduce - ================ + [ Test Plan ] - 1. Use TLS for migrating memory and QEMU as a virt layer. - 2. Use parallel migrations - 3. Have a domain with a local (non-shared) storage - 4. Attempt to live migrate a domain between hypervisors running Ubuntu 24.04 and shipped libvirt/qemu + 1. Configure TLS for Libvirt and QEMU + 1.1 In quemu.conf set `default_tls_x509_verify = 1` + 1.2 In libvirt.conf set listen_tls = 1 + 1.3 Generate certificates, chain, make cert trusted + 2. Have a VM with a local (non-shared) storage + 3. Attempt to live migrate a domain between hypervisors running Ubuntu 24.04, with VIR_MIGRATE_TLS and VIR_MIGRATE_PARALLEL flags, where VIR_MIGRATE_PARAM_PARALLEL_CONNECTIONS > 1 - Actual result - ============= - - Migration fails with `libvirt.libvirtError: internal error: unable to - execute QEMU command 'blockdev-add': Certificate does not match the - hostname` - - Expected result - =============== - - Migration sucessfully passes + Alternatively, this can be reproduced with OpenStack Nova, by attempting + live migration of domain with local storage, where + [libvirt]/live_migration_parallel_connections is > 1 - Proposed solution - ================= + [ Where problems could occur ] - Backport fix - https://github.com/libvirt/libvirt/commit/5d48c5d215071526383b8fc50d81ecde62e4111b - to the pkg/ubuntu/noble + Proposed for backporting patch is pretty much minimal, and should not + affect any other functionality, as it is addressing the specific issue + in topic. + + + [ Other Info ] + + The patch has been successfully tested and applied in multiple OpenStack deployments on Ubuntu 24.04. + Live migrations has been fixed, no regressions were spotted. + + Only Ubuntu 24.04 is affected at the moment, because 22.10, 23.04, + 23.10, which had affected libvirt versions have reached their End of + Life. + + With that 24.10 already had libvirt 10.5 available, which was not + affected.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2133183 Title: libvirt fails to live-migrate instances with non-shjared storage, tls and live migrations To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/2133183/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
