-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
rhel-9.6
-
No
-
Low
-
rhel-sst-virtualization
-
ssg_virtualization
-
300
-
QE ack
-
False
-
-
None
-
Red Hat Enterprise Linux
-
None
-
None
-
Yes
-
-
Unspecified
-
Unspecified
-
None
What were you trying to do that didn't work?
TLS Migration failed: TLS handshake failed: The TLS connection was non-properly terminated
Please provide the package NVR for which bug is seen:
hosts info: kernel-5.14.0-553.el9.x86_64 && qemu-kvm-9.1.0-11.el9.x86_64
guest info: kernel-5.14.0-427.13.1.el9_4.x86_64
How reproducible:
When the test environment is new, do TLS encryption migration via exec, will reproduce this issue 100%;
But if run again, this case will pass.
Steps to reproduce
1.
2025-01-27-02:53:24: ======= Step 5. Set tls creds and start migration =======
2025-01-27-02:53:24: ----- 5.1 set tls-creds on tls server end -----
2025-01-27-02:53:24: Host(10.72.136.98) Sending qmp command : {"execute": "migrate-set-parameters", "arguments": {"tls-creds": "tls0"}, "id": "PX93Idip"}
2025-01-27-02:53:24: Host(10.72.136.98) Responding qmp command: {"return": {}, "id": "PX93Idip"}
2025-01-27-02:53:24: Host(10.72.136.98) Sending qmp command : {"execute": "query-migrate-parameters", "id": "jTvjPIyW"}
2025-01-27-02:53:24: Host(10.72.136.98) Responding qmp command: {"return": {"cpu-throttle-tailslow": false, "xbzrle-cache-size": 67108864, "cpu-throttle-initial": 20, "announce-max": 550, "direct-io": false, "avail-switchover-bandwidth": 0, "zero-page-detection": "multifd", "multifd-channels": 2, "mode": "normal", "multifd-zstd-level": 1, "announce-initial": 50, "downtime-limit": 300, "tls-authz": "", "vcpu-dirty-limit": 1, "multifd-compression": "none", "announce-rounds": 5, "announce-step": 100, "tls-creds": "tls0", "x-vcpu-dirty-limit-period": 1000, "multifd-zlib-level": 1, "max-cpu-throttle": 99, "max-postcopy-bandwidth": 0, "tls-hostname": "", "throttle-trigger-threshold": 50, "max-bandwidth": 134217728, "x-checkpoint-delay": 20000, "cpu-throttle-increment": 10}, "id": "jTvjPIyW"}
2025-01-27-02:53:24: The value of tls-creds is right
2025-01-27-02:53:24: ----- 5.2 set incoming on tls server end -----
2025-01-27-02:53:24: Host(10.72.136.98) Sending qmp command : {"execute": "migrate-incoming", "arguments": {"uri": "exec:socat TCP4-LISTEN:4000 -"}, "id": "OrsTD6lY"}
2025-01-27-02:53:24: Host(10.72.136.98) Responding qmp command: {"return": {}, "id": "OrsTD6lY"}
2025-01-27-02:53:24: ----- 5.3 set tls-creds and tls-hostname on tls client end -----
2025-01-27-02:53:24: Host(10.72.136.88) Sending qmp command : {"execute": "migrate-set-parameters", "arguments": {"tls-creds": "tls0"}, "id": "zm24ubdV"}
2025-01-27-02:53:24: Host(10.72.136.88) Responding qmp command: {"return": {}, "id": "zm24ubdV"}
2025-01-27-02:53:24: Host(10.72.136.88) Sending qmp command : {"execute": "query-migrate-parameters", "id": "n69c5XKl"}
2025-01-27-02:53:24: Host(10.72.136.88) Responding qmp command: {"return": {"cpu-throttle-tailslow": false, "xbzrle-cache-size": 67108864, "cpu-throttle-initial": 20, "announce-max": 550, "direct-io": false, "avail-switchover-bandwidth": 0, "zero-page-detection": "multifd", "multifd-channels": 2, "mode": "normal", "multifd-zstd-level": 1, "announce-initial": 50, "downtime-limit": 300, "tls-authz": "", "vcpu-dirty-limit": 1, "multifd-compression": "none", "announce-rounds": 5, "announce-step": 100, "tls-creds": "tls0", "x-vcpu-dirty-limit-period": 1000, "multifd-zlib-level": 1, "max-cpu-throttle": 99, "max-postcopy-bandwidth": 0, "tls-hostname": "", "throttle-trigger-threshold": 50, "max-bandwidth": 134217728, "x-checkpoint-delay": 20000, "cpu-throttle-increment": 10}, "id": "n69c5XKl"}
2025-01-27-02:53:24: The value of tls-creds is right
2025-01-27-02:53:24: Host(10.72.136.88) Sending qmp command : {"execute": "migrate-set-parameters", "arguments": {"tls-hostname": "dell-per7525-26"}, "id": "xLuzN4KF"}
2025-01-27-02:53:24: Host(10.72.136.88) Responding qmp command: {"return": {}, "id": "xLuzN4KF"}
2025-01-27-02:53:24: Host(10.72.136.88) Sending qmp command : {"execute": "query-migrate-parameters", "id": "ldvjUuL0"}
2025-01-27-02:53:24: Host(10.72.136.88) Responding qmp command: {"return": {"cpu-throttle-tailslow": false, "xbzrle-cache-size": 67108864, "cpu-throttle-initial": 20, "announce-max": 550, "direct-io": false, "avail-switchover-bandwidth": 0, "zero-page-detection": "multifd", "multifd-channels": 2, "mode": "normal", "multifd-zstd-level": 1, "announce-initial": 50, "downtime-limit": 300, "tls-authz": "", "vcpu-dirty-limit": 1, "multifd-compression": "none", "announce-rounds": 5, "announce-step": 100, "tls-creds": "tls0", "x-vcpu-dirty-limit-period": 1000, "multifd-zlib-level": 1, "max-cpu-throttle": 99, "max-postcopy-bandwidth": 0, "tls-hostname": "dell-per7525-26", "throttle-trigger-threshold": 50, "max-bandwidth": 134217728, "x-checkpoint-delay": 20000, "cpu-throttle-increment": 10}, "id": "ldvjUuL0"}
2025-01-27-02:53:24: The value of tls-hostname is right
2025-01-27-02:53:24: ----- 5.4 do migration on tls client end -----
2025-01-27-02:53:24: Host(10.72.136.88) Sending qmp command : {"execute": "migrate", "arguments": {"uri": "exec:socat - TCP4:dell-per7525-26:4000"}, "id": "BqqrKNZU"}
2025-01-27-02:53:24: Host(10.72.136.88) Responding qmp command: {"return": {}, "id": "BqqrKNZU"}
2025-01-27-02:53:24: Host(10.72.136.88) Sending qmp command : {"execute": "query-migrate", "id": "lVh3HDJT"}
2025-01-27-02:53:24: Host(10.72.136.88) Responding qmp command: {"return": {"status": "failed", "error-desc": "TLS handshake failed: The TLS connection was non-properly terminated."}, "id": "lVh3HDJT"}
see test log for details:
http://fileshare.hosts.qa.psi.pek2.redhat.com/pub/logs/xiaohli/x86_64/rhel960/OpteronG5toMilan/rhel940/VIRT_85846_x86_q35_blockdev-2025-01-27-02:32:25/VIRT_85872-2025-01-27-02:51:27_logs/short_debug.log
Expected results
TLS Migration via exec passes.
Actual results
TLS Migration via exec failed
