[Pacemaker] How to live migrate the kvm vm

Dan Frincu df.cluster at gmail.com
Tue Dec 13 04:17:57 EST 2011 

Hi,

On Tue, Dec 13, 2011 at 11:13 AM, Qiu Zhigang <qiuzhigang at fronware.com> wrote:
> Hi,
>
>> -----Original Message-----
>> From: Dan Frincu [mailto:df.cluster at gmail.com]
>> Sent: Tuesday, December 13, 2011 4:43 PM
>> To: The Pacemaker cluster resource manager
>> Subject: Re: [Pacemaker] How to live migrate the kvm vm
>>
>> Hi,
>>
>> On Tue, Dec 13, 2011 at 6:11 AM, Qiu Zhigang <qiuzhigang at fronware.com>
>> wrote:
>> > Hi,
>> >
>> > Thank you, you are right, I correct the 'allow-migrate="true"', but now I found
>> another problem when migrate, migrate failed.
>> > The following is the log.
>> >
>> > Dec 13 12:10:03 h10_151 kernel: type=1400 audit(1323749403.251:623):
>> > avc:  denied  { search } for  pid=27201 comm="virsh" name="libvirt"
>> > dev=dm-0 ino=2098071 scontext=unconfined_u:system_r:corosync_t:s0
>> > tcontext=system_u:object_r:virt_var_run_t:s0 tclass=dir Dec 13
>> > 12:10:04 h10_151 kernel: type=1400 audit(1323749404.067:624): avc:
>> > denied  { search } for  pid=27218 comm="VirtualDomain" name=""
>> > dev=0:1c ino=13825028 scontext=unconfined_u:system_r:corosync_t:s0
>> > tcontext=system_u:object_r:nfs_t:s0 tclass=dir Dec 13 12:10:04 h10_151
>> > kernel: type=1400 audit(1323749404.252:625): avc:  denied  { read }
>> > for  pid=27242 comm="virsh" name="random" dev=devtmpfs ino=3585
>> > scontext=unconfined_u:system_r:corosync_t:s0
>> > tcontext=system_u:object_r:random_device_t:s0 tclass=chr_file
>>
>> You need to take a look at the SELinux context.
>>
>> Regards,
>> Dan
>>
>
> I'm not familiar with SElinux context, but I have disabled selinux .
>
> [root at h10_151 ~]# cat /etc/sysconfig/selinux
>
> # This file controls the state of SELinux on the system.
> # SELINUX= can take one of these three values:
> #     enforcing - SELinux security policy is enforced.
> #     permissive - SELinux prints warnings instead of enforcing.
> #     disabled - No SELinux policy is loaded.
> SELINUX=disable
> # SELINUXTYPE= can take one of these two values:
> #     targeted - Targeted processes are protected,
> #     mls - Multi Level Security protection.
> SELINUXTYPE=targeted
>
> How can I solve this issue, or any other information you need to help me ?

Try getenforce on both nodes, it should return Disabled. If it doesn't
you need to check that SELinux is disabled on both nodes and then
reboot the nodes.

HTH,
Dan

>
>
> Best Regards,
>
>> >
>> > [root at h10_145 ~]# crm
>> > crm(live)# status
>> > ============
>> > Last updated: Tue Dec 13 12:09:06 2011
>> > Stack: openais
>> > Current DC: h10_145 - partition with quorum
>> > Version: 1.1.2-f059ec7ced7a86f18e5490b67ebf4a0b963bccfe
>> > 2 Nodes configured, 2 expected votes
>> > 2 Resources configured.
>> > ============
>> >
>> > Online: [ h10_151 h10_145 ]
>> >
>> >  test2  (ocf::heartbeat:VirtualDomain): Started h10_151 (unmanaged)
>> > FAILED
>> >  test1  (ocf::heartbeat:VirtualDomain): Started h10_145 (unmanaged)
>> > FAILED
>> >
>> > Failed actions:
>> >    test1_stop_0 (node=h10_145, call=19, rc=1, status=complete):
>> > unknown error
>> >    test2_stop_0 (node=h10_151, call=14, rc=1, status=complete):
>> > unknown error
>> >
>> > Best Regards,
>> >
>> >> -----Original Message-----
>> >> From: Arnold Krille [mailto:arnold at arnoldarts.de]
>> >> Sent: Monday, December 12, 2011 7:52 PM
>> >> To: The Pacemaker cluster resource manager
>> >> Subject: Re: [Pacemaker] How to live migrate the kvm vm
>> >>
>> >> Hi,
>> >>
>> >> On Monday 12 December 2011 11:22:51 邱志刚 wrote:
>> >> > I have 2-node cluster of pacemaker,I want to migrate the kvm vm
>> >> > with command "migrate", but I found the vm isn't migrated, actually
>> >> > it is shutdown and then start on other node. I checked the log and
>> >> > found the vm is stopped but not migrated.
>> >>
>> >> > How could I live migrate the vm ? The configuration :
>> >> > crm(live)configure# show
>> >> > primitive test1 ocf:heartbeat:VirtualDomain \
>> >> >     params config="/etc/libvirt/qemu/test1.xml"
>> >> > hypervisor="qemu:///system" \
>> >> >     meta allow-migrate="ture" priority="100" target-role="Started"
>> >> > is-managed="true" \
>> >> >     op start interval="0" timeout="120s" \
>> >> >     op stop interval="0" timeout="120s" \
>> >> >     op monitor interval="10s" timeout="30s" depth="0" \
>> >> >     op migrate_from interval="0" timeout="120s" \
>> >> >     op migrate_to interval="0" timeout="120"
>> >>
>> >> I hope that "ture" is only a typo when writing the email. Otherwise
>> >> its probably the reason why your machine stop-start instead of a nice
>> migration.
>> >> Try with 'allow-migrate="true"' and see if that helps.
>> >>
>> >> Have fun,
>> >>
>> >> Arnold
>> >
>> >
>> > _______________________________________________
>> > Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
>> > http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>> >
>> > Project Home: http://www.clusterlabs.org Getting started:
>> > http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
>> > Bugs: http://bugs.clusterlabs.org
>>
>>
>>
>> --
>> Dan Frincu
>> CCNA, RHCE
>>
>> _______________________________________________
>> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
>> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>>
>> Project Home: http://www.clusterlabs.org Getting started:
>> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
>> Bugs: http://bugs.clusterlabs.org
>
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org



-- 
Dan Frincu
CCNA, RHCE

More information about the Pacemaker mailing list