If you have multiple nodes in your Openstack Icehouse cloud, you can perform migrations of instances between compute nodes. This is done via both the command line and through the web interface (Horizon module) when you are logged in as the administrator.
But as I soon discovered, out of the box it does not work without some linux user configuration changes first.
Migrations are scheduled by the Nova service and it uses the “Nova” user account to attempt to ssh to the compute node you want to migrate to (or what it wants to migrate to). The problem is the Nova account is disabled in /etc/passwd by default.
So step 1 is to use vipw and edit the /etc/passwd file and change the Nova user account from /bin/false to /bin/bash
The next issue is the Nova user has no password, as the service is not interactive, it needs passwordless access to the compute nodes. To enable this create a .ssh directory in the Nova user’s home directory, its specified in the /etc/passwd file entry for nova, mine looks like this:
next you need to generate rsa keys for each node and assign those to every other node, so as the root user on every host:
- #su – nova
- $pwd (should be in /var/lib/nova)
- mkdir .ssh
- chmod 700 .ssh
- cd .ssh
- run ssh-keygen – press “enter” for each prompt
- create an authorized_keys file and copy the id_rsa.pub from each host into each others authorized_keys file. So 3 hosts equals 3 entries.
- chmod 600 authorized_keys – make sure the authorized_keys file is read/write by nova only
- Log into each host from every other host, if prompted to accept a key, do so!
- log out of each newly logged in host
- now log back into each host and you should drop directly to a bash shell prompt on the target host.
Once the login accounts are sorted you should (as the admin user) be able to perform migrations from host to host. Live Migrations may be an issue if you have different CPU revisions.
An additional post on Openstack -> OpenStack – Trials and Tribulation
Keywords and Phrases
- Migration not working in openStack?
- OpenStack Live Migration fails.
- Nova user not setup.