Hi,
I am trying to migrate a guest domain from one node to another. I've
tried several options of the virsh migrate command, but in vain. It
seems to be a networking issue. I wanted to make sure that my setup is
correct and that I am not missing anything.
I've issued the below command on the source node (n0):
[user@n0 ~]$ virsh --connect qemu:///system migrate --verbose
Fedora-17-x86_64-1 qemu+ssh://n1/system
error: unable to connect to server at 'n1:49156': No route to host
I was wondering if you have any ideas on how to fix this issue.
My current setup/configuration:
1. virsh version : 0.10.2
2. The user has all the necessary access control setup. I've referenced
http://libvirt.org/auth.html
I am able to locally and remotely connect to both the nodes. I am also
able to start, stop and perform other actions on guest domains on local
and remote nodes, e.g.,
/* access destination node */
[user@n0 ~]$ virsh --connect qemu+ssh://n1/system list --all
Id Name State
----------------------------------------------------
/* access local node */
[user@n0 ~]$ virsh --connect qemu:///system list --all
Id Name State
----------------------------------------------------
2 Fedora-17-x86_64-1 running
- Fedora-18-x86_64-DVD shut off
3. ssh keys are configured for password less access to both the nodes
4. I've opened ports 49152-49215 on the destination node i.e., n1.
please see below.
[user@n1 images]$ sudo iptables -L
[sudo] password for user:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
ACCEPT tcp -- anywhere anywhere tcp
dpts:49152:49215
ACCEPT tcp -- anywhere anywhere tcp
spts:49152:49215
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 state
RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
5. I've restarted the libvirtd after updating the iptables. I don't
think that is necessary, but did it anyway.
I was wondering if I am missing something. Any help is greatly appreciated.
Thanks,
--Hari