Nova Cold Migration uses control plane network network and fails with Permission Denied error in Red Hat OpenStack Platform
Issue
Nova Cold Migration uses control plane network network and fails with Permission Denied error in Red Hat OpenStack Platform.
2017-12-24 15:27:36.626 311327 ERROR oslo_messaging.rpc.server ResizeError: Resize error: not able to execute ssh command: Unexpected error while running command.
2017-12-24 15:27:36.626 311327 ERROR oslo_messaging.rpc.server Command: ssh -o BatchMode=yes 192.0.2.12 mkdir -p /var/lib/nova/instances/ea6787b1-92aa-40d5-8f3d-f1df2c8361bb
2017-12-24 15:27:36.626 311327 ERROR oslo_messaging.rpc.server Exit code: 255
2017-12-24 15:27:36.626 311327 ERROR oslo_messaging.rpc.server Stdout: u''
2017-12-24 15:27:36.626 311327 ERROR oslo_messaging.rpc.server Stderr: u'Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n'
On the destination host, one can see that SSH connections for migration are only allowed via the internal_api
network:
[root@overcloud-compute-0 ~]# cat /etc/ssh/sshd_config | tail -n 8
Match LocalAddress 172.16.2.5,172.16.2.5 User nova_migration
AllowTcpForwarding no
AuthorizedKeysFile /etc/nova/migration/authorized_keys
ForceCommand /bin/nova-migration-wrapper
PasswordAuthentication no
X11Forwarding no
Match LocalAddress !172.16.2.5,!172.16.2.5
DenyUsers nova_migration
Environment
Red Hat OpenStack Platform 7 - 11
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.