Document error with VDIs live migration #417
Conversation
| ### Cause | ||
|
|
||
| The upgrade from 8.2 to 8.3 can cause an issue where `/etc/stunnel/xapi-pool-ca-bundle.pem` can be empty. | ||
| You can check this with `du /etc/stunnel/xapi-pool-ca-bundle.pem` on the host. |
There was a problem hiding this comment.
We also see, for example on the Lucas's ticket, that the file is missing. So maybe for clarity add this probability.
There was a problem hiding this comment.
And also, what the expected output is when it's empty. Not everyone knows what du does.
There was a problem hiding this comment.
Personnally I'd do a simple ls -l and then explain how to recognize the problem from there.
|
|
||
| ### Cause | ||
|
|
||
| Upgrading from 8.2 to 8.3 can cause an issue where `/etc/stunnel/xapi-pool-ca-bundle.pem` can be empty or missing |
There was a problem hiding this comment.
The second 'can' is redundant:
| Upgrading from 8.2 to 8.3 can cause an issue where `/etc/stunnel/xapi-pool-ca-bundle.pem` can be empty or missing | |
| Upgrading from 8.2 to 8.3 can cause an issue where `/etc/stunnel/xapi-pool-ca-bundle.pem` is be empty or missing |
There was a problem hiding this comment.
Do we know what causes this issue during upgrade?
|
|
||
| Upgrading from 8.2 to 8.3 can cause an issue where `/etc/stunnel/xapi-pool-ca-bundle.pem` can be empty or missing | ||
| You can check this with `du /etc/stunnel/xapi-pool-ca-bundle.pem` on the host. | ||
| It will cause problems with live migrating VDI between SRs (even if the VM remains on the same host) where the migration fails with: |
There was a problem hiding this comment.
| It will cause problems with live migrating VDI between SRs (even if the VM remains on the same host) where the migration fails with: | |
| It will cause issues when live-migrating VDIs between SRs (even if the VM remains on the same host). The migration fails with: |
|
|
||
| ### Solution | ||
|
|
||
| To fix, this, run this command to create the file: |
There was a problem hiding this comment.
| To fix, this, run this command to create the file: | |
| To fix this, create the file with the following command: |
| xe host-refresh-server-certificate host=<host name> | ||
| ``` | ||
| This will create the correct file on the host. | ||
| You can run this command to execute it on all the host of the pool: |
There was a problem hiding this comment.
| You can run this command to execute it on all the host of the pool: | |
| To create the file on all the hosts of the pool, run this command: |
| xe host-list --minimal | tr "," "\n" | xargs -I _ xe host-param-get uuid=_ param-name=name-label | xargs -I _ xe host-refresh-server-certificate host=_ | ||
| ``` | ||
|
|
||
| To know more about certificates in XAPI, you can read in the [XAPI doc](https://xapi-project.github.io/new-docs/design/pool-certificates/index.html) |
There was a problem hiding this comment.
| To know more about certificates in XAPI, you can read in the [XAPI doc](https://xapi-project.github.io/new-docs/design/pool-certificates/index.html) | |
| To know more about certificates in XAPI, check out the [XAPI documentation](https://xapi-project.github.io/new-docs/design/pool-certificates/index.html). |
| This will create the correct file on the host. | ||
| You can run this command to execute it on all the host of the pool: | ||
| ``` | ||
| xe host-list --minimal | tr "," "\n" | xargs -I _ xe host-param-get uuid=_ param-name=name-label | xargs -I _ xe host-refresh-server-certificate host=_ |
There was a problem hiding this comment.
We don't want to make users get into the habit of running commands that they don't understand. Someday, they'll get compromised this way. So let's explain the command to them.
Also, I think it's too complicated. I just tried to run xe host-refresh-server-certificate host=80c8a6d4-d8fd-48d3-a801-f97c650ca302 on my host and it worked. The auto-completion might need fixing in this case (CC @last-genius)
There was a problem hiding this comment.
Do you mean the fact that auto-completion suggests the same option twice here?
OPTIONAL: host= REQUIRED: host=
There was a problem hiding this comment.
@last-genius No, I mean the fact that it doesn't offer to autocomplete with the Host UUID, but does accept it as a value. I might be wrong though.
An issue with upgrade from 8.2 to 8.3 can cause an issue with a stunnel pool certificate being empty. It end up creating an error during VDI live migration that can be hard to understand and the solution is to recreate the file using a XAPI command documented in the commit. Signed-off-by: Damien Thenot <[email protected]>
Nambrok
force-pushed
the
dtt-cert-regen
branch
from
44d2b69 to
1cd3ee5
Compare
An issue with upgrade from 8.2 to 8.3 can cause an issue with a stunnel pool certificate being empty. It end up creating an error during VDI live migration that can be hard to understand and the solution is to recreate the file using a XAPI command documented in the commit.