Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-32880

live-migration with NBD TLS fails with "Certificate does not match the hostname "

XMLWordPrintable

    • libvirt-10.3.0-1.el9
    • None
    • None
    • ZStream
    • rhel-sst-virtualization
    • ssg_virtualization
    • 16
    • 3
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat OpenStack Services on OpenShift (formerly Red Hat OpenStack Platform)
    • None
    • Approved Blocker
    • x86_64
    • 10.3.0
    • None

      OpenStack nova/libvirt live migration with NBD TLS is failing with "Certificate does not match the hostname ".

      libvirtd logs attached for src and dest. tls-hostname="" getting set in migration params apprear to be the culprit.

      It only seems to affect post-copy so I've disabled this for now to avoid the issue.

      Src and dest are identical except for hostname/certs:

      [root@edpm-compute-1 log]# cat /etc/redhat-release 
CentOS Stream release 9

      [root@edpm-compute-1 log]# rpm -qa | grep libvirt
libvirt-libs-10.0.0-4.el9.x86_64
libvirt-client-10.0.0-4.el9.x86_64
libvirt-daemon-common-10.0.0-4.el9.x86_64
libvirt-daemon-driver-storage-core-10.0.0-4.el9.x86_64
libvirt-daemon-driver-network-10.0.0-4.el9.x86_64
libvirt-daemon-driver-nwfilter-10.0.0-4.el9.x86_64
libvirt-daemon-lock-10.0.0-4.el9.x86_64
libvirt-daemon-log-10.0.0-4.el9.x86_64
libvirt-daemon-plugin-lockd-10.0.0-4.el9.x86_64
libvirt-daemon-config-nwfilter-10.0.0-4.el9.x86_64
libvirt-daemon-config-network-10.0.0-4.el9.x86_64
libvirt-daemon-driver-storage-disk-10.0.0-4.el9.x86_64
libvirt-daemon-driver-storage-iscsi-10.0.0-4.el9.x86_64
libvirt-daemon-driver-storage-logical-10.0.0-4.el9.x86_64
libvirt-daemon-driver-storage-mpath-10.0.0-4.el9.x86_64
libvirt-daemon-driver-storage-rbd-10.0.0-4.el9.x86_64
libvirt-daemon-driver-storage-scsi-10.0.0-4.el9.x86_64
libvirt-daemon-driver-storage-10.0.0-4.el9.x86_64
libvirt-daemon-driver-interface-10.0.0-4.el9.x86_64
libvirt-daemon-driver-nodedev-10.0.0-4.el9.x86_64
libvirt-daemon-driver-secret-10.0.0-4.el9.x86_64
libvirt-daemon-proxy-10.0.0-4.el9.x86_64
libvirt-daemon-10.0.0-4.el9.x86_64
python3-libvirt-10.0.0-1.el9.x86_64
libvirt-client-qemu-10.0.0-4.el9.x86_64
libvirt-daemon-driver-qemu-10.0.0-4.el9.x86_64
libvirt-10.0.0-4.el9.x86_64

      [root@edpm-compute-1 log]# rpm -qa | grep qemu
qemu-guest-agent-8.2.0-11.el9.x86_64
qemu-img-8.2.0-11.el9.x86_64
libvirt-client-qemu-10.0.0-4.el9.x86_64
libvirt-daemon-driver-qemu-10.0.0-4.el9.x86_64
qemu-kvm-tools-8.2.0-11.el9.x86_64
qemu-kvm-docs-8.2.0-11.el9.x86_64
ipxe-roms-qemu-20200823-9.git4bd064de.el9.noarch
qemu-kvm-common-8.2.0-11.el9.x86_64
qemu-kvm-device-display-virtio-gpu-8.2.0-11.el9.x86_64
qemu-kvm-ui-opengl-8.2.0-11.el9.x86_64
qemu-kvm-ui-egl-headless-8.2.0-11.el9.x86_64
qemu-kvm-device-display-virtio-gpu-pci-8.2.0-11.el9.x86_64
qemu-kvm-block-blkio-8.2.0-11.el9.x86_64
qemu-kvm-block-rbd-8.2.0-11.el9.x86_64
qemu-kvm-device-display-virtio-vga-8.2.0-11.el9.x86_64
qemu-kvm-device-usb-host-8.2.0-11.el9.x86_64
qemu-kvm-device-usb-redirect-8.2.0-11.el9.x86_64
qemu-kvm-audio-pa-8.2.0-11.el9.x86_64
qemu-kvm-core-8.2.0-11.el9.x86_64
qemu-pr-helper-8.2.0-11.el9.x86_64
qemu-kvm-8.2.0-11.el9.x86_64

      And if it's relevant:

      [root@edpm-compute-1 log]# podman inspect nova_compute | grep ImageName
          "ImageName": "quay.io/podified-antelope-centos9/openstack-nova-compute@sha256:93732b570854dd4f92c96960bdb851ad0904730d8e94bcf14b70d3ca8986334b",

        1. libvirtd.dest.log
          700 kB
        2. libvirtd.src.log
          1.89 MB

              pkrempa@redhat.com Peter Krempa
              rhn-engineering-owalsh Oliver Walsh
              Peter Krempa Peter Krempa
              Luyao Huang Luyao Huang
              Votes:
              0 Vote for this issue
              Watchers:
              17 Start watching this issue

                Created:
                Updated:
                Resolved: