Nova Cold Migration uses control plane network network and fails with Permission Denied error in Red Hat OpenStack Platform

Solution In Progress - Updated -

Issue

Nova Cold Migration uses control plane network network and fails with Permission Denied error in Red Hat OpenStack Platform.

2017-12-24 15:27:36.626 311327 ERROR oslo_messaging.rpc.server ResizeError: Resize error: not able to execute ssh command: Unexpected error while running command.
2017-12-24 15:27:36.626 311327 ERROR oslo_messaging.rpc.server Command: ssh -o BatchMode=yes 192.0.2.12 mkdir -p /var/lib/nova/instances/ea6787b1-92aa-40d5-8f3d-f1df2c8361bb
2017-12-24 15:27:36.626 311327 ERROR oslo_messaging.rpc.server Exit code: 255
2017-12-24 15:27:36.626 311327 ERROR oslo_messaging.rpc.server Stdout: u''
2017-12-24 15:27:36.626 311327 ERROR oslo_messaging.rpc.server Stderr: u'Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n'

On the destination host, one can see that SSH connections for migration are only allowed via the internal_api network:

[root@overcloud-compute-0 ~]# cat /etc/ssh/sshd_config  | tail -n 8
Match LocalAddress 172.16.2.5,172.16.2.5 User nova_migration
    AllowTcpForwarding no
    AuthorizedKeysFile /etc/nova/migration/authorized_keys
    ForceCommand /bin/nova-migration-wrapper
    PasswordAuthentication no
    X11Forwarding no
Match LocalAddress !172.16.2.5,!172.16.2.5
    DenyUsers nova_migration

Environment

Red Hat OpenStack Platform 7 - 11

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content