Re: [libvirt-users] nova-compute, libvirt and authentication
On 07/01/2013 01:27 PM, Maciej GaĆkiewicz wrote:
Hello
I have a question about live migration when libvirt requires sasl
authentication. I have managed to configure remote access for user nova
with sasl enabled (credentials stored in auth.conf -
https://review.openstack.org/#/c/12706/). It looks like live migration do
not use these credentials at all. What is more it thinks that sasl is not
not configured:
I'd say this is a problem with sasl, nothing else. "No mechanism found"
may mean that libraries for configured mechanism aren't found or unknown
mechanism is being requested. I doubt that access to those libraries
would be a permisison problem, but you might be missing some
cyrus-sasl-* package. What distro are you running on and what
sasl-related packages do you have installed?
2013-07-01 09:49:09.317+0000: 17997: error :
virNetSASLSessionClientStart:484 : authentication failed: Failed to start
SASL negotiation: -4 (SASL(-4): no mechanism available: No worthy mechs
found)
2013-07-01 09:49:09.317+0000: 17997: error : doPeer2PeerMigrate:2527 :
operation failed: Failed to connect to remote libvirt URI
qemu+tcp://n12c1/system
I execute migration like this:
nova live-migration c923af69-4cb3-46dd-8bd2-871812d7d223 n12c1
Nova.conf:
live_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE
Could you please let me know whether nova/libvirt support p2p live
migration with sasl and if so point out what might be misconfigured?
Disabling sasl solves all my problems but I have to configure some
authentication.
I would really appreciate your help.
regards
_______________________________________________
libvirt-users mailing list
libvirt-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users