libvirt>=8.2,<10.3 implies only Noble is affected in regard to active
releases.
** Summary changed:
- libvirt fails to live-migrate instances with non-shjared storage, tls and
live migrations
+ libvirt fails to live-migrate instances with non-shared storage, tls and live
migrations
** Also affects: libvirt (Ubuntu Noble)
Importance: Undecided
Status: New
** Changed in: libvirt (Ubuntu)
Status: In Progress => Fix Released
** Changed in: libvirt (Ubuntu Noble)
Status: New => Triaged
** Description changed:
[ Impact ]
Live migration of instances with shared storage and enabled parallel
migrations fails on libvirt>=8.2,<10.3 with:
- libvirt.libvirtError: internal error: unable to execute QEMU command
+ libvirt.libvirtError: internal error: unable to execute QEMU command
'blockdev-add': Certificate does not match the hostname
The regression has been introduced in 8.2 by this commit:
https://github.com/libvirt/libvirt/commit/e8fa09d66bcb95a3f23fe5957dd203f1f341f4b5
The fix for this issue was proposed and released in libvirt 10.3:
https://github.com/libvirt/libvirt/commit/5d48c5d215071526383b8fc50d81ecde62e4111b
-
[ Test Plan ]
- 1. Configure TLS for Libvirt and QEMU
+ 1. Configure TLS for Libvirt and QEMU
1.1 In quemu.conf set `default_tls_x509_verify = 1`
1.2 In libvirt.conf set listen_tls = 1
1.3 Generate certificates, chain, make cert trusted
2. Have a VM with a local (non-shared) storage
3. Attempt to live migrate a domain between hypervisors running Ubuntu 24.04,
with VIR_MIGRATE_TLS and VIR_MIGRATE_PARALLEL flags, where
VIR_MIGRATE_PARAM_PARALLEL_CONNECTIONS > 1
Alternatively, this can be reproduced with OpenStack Nova, by attempting
live migration of domain with local storage, where
[libvirt]/live_migration_parallel_connections is > 1
-
[ Where problems could occur ]
- Proposed for backporting patch is pretty much minimal, and should not
- affect any other functionality, as it is addressing the specific issue
- in topic.
-
+ Proposed for backporting patch is pretty much minimal, and should not affect
any other functionality, as it is addressing the specific issue in topic. But
if so
+ the functional change is limited to only migation and that only with TLS.
Which
+ is a very narrow path and should be easy to identify as regression if it
happens.
[ Other Info ]
The patch has been successfully tested and applied in multiple OpenStack
deployments on Ubuntu 24.04.
Live migrations has been fixed, no regressions were spotted.
Only Ubuntu 24.04 is affected at the moment, because 22.10, 23.04,
23.10, which had affected libvirt versions have reached their End of
Life.
With that 24.10 already had libvirt 10.5 available, which was not
affected.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2133183
Title:
libvirt fails to live-migrate instances with non-shared storage, tls
and live migrations
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/2133183/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
