Nova live migration fails with “Migration pre-check error: CPU doesn’t have compatibility.”

This week I’m hosting a hands-on OpenStack training for some clients. The ability to perform Live migrations of running instances between hosts is one of the things they want to see and I had setup the environment to support this.

Live migrations had been working fine for over a week when it finally decided to throw errors this morning.

The error on the command line when trying to do a live migration:

ERROR (BadRequest): Migration pre-check error: CPU doesn't have compatibility.
internal error: Unknown CPU model Haswell-noTSX
Refer to (HTTP 400) (Request-ID: req-227fd8fb-eba4-4f40-b707-bb31569ed14f)

Normally this would happen if the hosts running nova-compute had different CPU types, but in this case they are all identical (Dell C6320 nodes).

Checked the CPU map in /usr/share/libvirt/cpu_map.xml and the CPU is listed.

    <model name='Haswell'>
      <model name='Haswell-noTSX'/>
      <feature name='hle'/>
      <feature name='rtm'/>

Since the CPU’s are the same on all nodes it’s obviously the lookup of that CPU type that fails. So, I tried to disable the check by editing /usr/lib/python2.7/site-packages/nova/virt/libvirt/ This resulted in the error disappearing but my instances staying put on whatever host they were originally running on. Not much better.

Finally I started modifying the /etc/nova/nova.conf files on both the controller node and the nova-compute nodes. The changes that fixed it were as follows:

Old setting:

New setting:

Old setting:

New setting:

I also have the following settings which may or may not matter in this case:


After restarting nova on both the controller and all three compute nodes, live migrations are working fine again. Not sure why they stopped in the first place, but at least this seems to have done the job.

Checking instances for each node:

[root@c6320-n1 ~(keystone_admin)]# 
[root@c6320-n1 ~(keystone_admin)]# for i in {2..4}; do nova hypervisor-servers c6320-n$i; done
| ID                                   | Name              | Hypervisor ID | Hypervisor Hostname |
| aaac652f-65d9-49e4-aea2-603fc2db26c3 | instance-0000009c | 1             | c6320-n2            |
| ID | Name | Hypervisor ID | Hypervisor Hostname |
| ID | Name | Hypervisor ID | Hypervisor Hostname |

Performing the migration:
[root@c6320-n1 ~(keystone_admin)]# nova live-migration aaac652f-65d9-49e4-aea2-603fc2db26c3 c6320-n4

Verifying that the instance has moved from node2 to node4:

[root@c6320-n1 ~(keystone_admin)]# for i in {2..4}; do nova hypervisor-servers c6320-n$i; done
| ID | Name | Hypervisor ID | Hypervisor Hostname |
| ID | Name | Hypervisor ID | Hypervisor Hostname |
| ID                                   | Name              | Hypervisor ID | Hypervisor Hostname |
| aaac652f-65d9-49e4-aea2-603fc2db26c3 | instance-0000009c | 3             | c6320-n4            |

The keystone CLI is deprecated in favor of python-openstackclient.

UPDATE: It turns out that installing the new client can cause issues with Keystone. I found this out the hard way yesterday when it failed during a demo, preventing authentication from the command line. After a few hours troubleshooting it turns out Apache (httpd.service) and Keystone (openstack-keystone.service) were clashing. I was unable to fix this regardless of updating each of these services config files to separate them out. Finally guessed it might be the last package I installed that was the cause. After removing python-openstackclient and rebooting the controller node the issue was fixed.

Original post
In OpenStack Kilo the Depreciation message for the Keystone CLI will be displayed whenever using invoking the keystone command. “DeprecationWarning: The keystone CLI is deprecated in favor of python-openstackclient. For a Python library, continue using python-keystoneclient.

To move to the new python-openstackclient, simply install it. On RHEL7.1:
yum install -y python-openstackclient.noarch

After that it will be available as the command “openstack”. It can be invoked in interactive mode just by typing “openstack” or directly from the command line to get information. For example, to list users:
Old Keystone CLI: “keystone user-list
New Openstack CLI: “openstack user list

To be more similar to the output of the old command issue “openstack user list --long” to get the extra fields.

You may also want to update the script “openstack-status” so it uses the new client. To do so, please:
1. Edit /usr/bin/openstack-status with your favorite editor
2. Replace the old command with the new one (around line 227) like so:

#keystone user-list
openstack user list --long

The new CLI can do a lot more of course. For a full list of commands please refer to the below (executed with “openstack” + command):

aggregate add host      ip fixed remove               server rescue
aggregate create        ip floating add               server resize
aggregate delete        ip floating create            server resume
aggregate list          ip floating delete            server set
aggregate remove host   ip floating list              server show
aggregate set           ip floating pool list         server ssh
aggregate show          ip floating remove            server suspend
availability zone list  keypair create                server unlock
backup create           keypair delete                server unpause
backup delete           keypair list                  server unrescue
backup list             keypair show                  server unset
backup restore          limits show                   service create
backup show             module list                   service delete
catalog list            network create                service list
catalog show            network delete                service show
command list            network list                  snapshot create
complete                network set                   snapshot delete
compute agent create    network show                  snapshot list
compute agent delete    object create                 snapshot set
compute agent list      object delete                 snapshot show
compute agent set       object list                   snapshot unset
compute service list    object save                   token issue
compute service set     object show                   token revoke
console log show        project create                usage list
console url show        project delete                usage show
container create        project list                  user create
container delete        project set                   user delete
container list          project show                  user list
container save          project usage list            user role list
container show          quota set                     user set
ec2 credentials create  quota show                    user show
ec2 credentials delete  role add                      volume create
ec2 credentials list    role create                   volume delete
ec2 credentials show    role delete                   volume list
endpoint create         role list                     volume set
endpoint delete         role remove                   volume show
endpoint list           role show                     volume type create
endpoint show           security group create         volume type delete
extension list          security group delete         volume type list
flavor create           security group list           volume type set
flavor delete           security group rule create    volume type unset
flavor list             security group rule delete    volume unset
flavor set              security group rule list
flavor show             security group set
flavor unset            security group show
help                    server add security group
host list               server add volume
host show               server create
hypervisor list         server delete
hypervisor show         server image create
hypervisor stats show   server list
image create            server lock
image delete            server migrate
image list              server pause
image save              server reboot
image set               server rebuild
image show              server remove security group
ip fixed add            server remove volume

RHEL / Red Hat – Package does not match intended download.

Currently installing a few C6320 servers with RHEL7.1 to create an OpenStack demo cluster. Since all servers need almost identical setups I wrote some Expect scripts but unfortunately didn’t put the script runtime timeout high enough. This resulted in the connection to one of the servers being interrupted in the middle of a “yum update -y”.

When trying to run the update again it failed with: “[Errno -1] Package does not match intended download. Suggestion: run yum –enablerepo=rhel-7-server-rpms clean metadata” “Trying other mirror.”

Unfortunately, running the suggested “clean metadata” didn’t fix the problem. Instead, the fix turned out to be a simple “yum clean all” 🙂

Add / Remove port groups and VLANs using the ESXi command line

Useful commands for modifying port groups and VLAN settings on ESXi. Can be used in scripts of course to do additions / removals / changes in bulk.

List vSwitches:
esxcli network vswitch standard list

List port groups
esxcli network vswitch standard portgroup list

Add port group named “VLAN-900” to vSwitch0
esxcfg-vswitch --add-pg=VLAN-900 vSwitch0

Assign VLAN 900 to port group “VLAN-900”
esxcfg-vswitch -v 900 -p VLAN-900 vSwitch0

Delete port group TEST from vSwitch0
esxcfg-vswitch --del-pg=TEST vSwitch0

Restore XenServer VM snapshots from the CLI / command line

Taking a snapshot from the command line is trivial. Restoring the snapshot is not. From the XenCenter GUI application it’s easy of course, but sometimes you need to automate things. In this case I have an environment for testing which needs to be reverted to the same state after each test.

Each VM has only a single snapshot. Matching the snapshot UUID with the UUID of the virtual machine isn’t easy, but can be done by extracting the parameter called “children” from the snapshot.

To list the snapshots with their respective VM UUID’s, I use the following (i and j variables for snapshot UUID and VM UUID respectively):

[root@XenServer42 ~]# for i in `xe snapshot-list  | grep uuid | awk '{print$5}'`; do export j=$(xe snapshot-param-get uuid=$i  param-name=children); echo "VM UUID: $j - Snapshot UUID: $i"; done
VM UUID: 9211f2a2-4624-4254-543f-b6a99cce7760 - Snapshot UUID: 89ed788c-987e-75ad-9d72-84b2d06486de
VM UUID: 92bbf92c-57df-a6c3-fab2-366573ea3f29 - Snapshot UUID: 23da7e91-19d6-07d3-5fb3-818b834d6883
VM UUID: 3dd5209b-77cc-923a-d0da-4fb7aa013498 - Snapshot UUID: c91e63c6-6fd7-e49e-1a80-6215fecdda10
VM UUID: 29a28e86-dd60-0727-487c-12743b833a6b - Snapshot UUID: 4d21112b-b92d-4b1e-16c2-d1bcfb2d1a0b
VM UUID: 6bc1fd07-cfa7-6b00-dc90-dfe2f228db9c - Snapshot UUID: 44abca3c-eadc-c74f-2095-9c6198681305
VM UUID: c4348bab-cf34-217c-85be-3661a0e5cb60 - Snapshot UUID: af1859ae-675b-6a3d-f688-a0af65baba13

To restore the snapshots:
for i in `xe snapshot-list  | grep uuid | awk '{print$5}'`; do export j=$(xe snapshot-param-get uuid=$i  param-name=children); xe snapshot-revert uuid=$j snapshot-uuid=$i; done

NOTE: This works if there’s only ONE snapshot per VM and you want to restore them all. Otherwise more complex scripting is required to filter out the ones you need. It’s more than enough for our test systems though.

Some basic XenServer VM management from the CLI / command line

List some VMs we care about:
xe vm-list | grep na | grep -v Xen | awk '{print $4}' | sort -n

Take snapshot of the VMs
for i in `xe vm-list | grep na | grep -v Xen | awk '{print $4}' | sort -n`; do echo "Snapshotting $i"; xe vm-snapshot new-name-label="BASE vGPU IMAGE" vm=$i; done

Start the VMs
for i in `xe vm-list | grep na | grep -v Xen | awk '{print $4}' | sort -n`; do echo $i; xe vm-start vm=$i; done

Stop the VMs
for i in `xe vm-list | grep na | grep -v Xen | awk '{print $4}' | sort -n`; do echo $i; xe vm-shutdown vm=$i; done

Shutdown – Take snapshot – Start sequence:
On one line:
for i in `xe vm-list | grep na | grep -v Xen | awk '{print $4}' | sort -n`; do xe vm-shutdown vm=$i; echo "Snapshotting $i"; xe vm-snapshot new-name-label="BASE vGPU IMAGE" vm=$i; xe vm-start vm=$i; done

For use in a short shell script (prettier formatting):


for i in `xe vm-list | grep na | grep -v Xen | awk '{print $4}' | sort -n`
    xe vm-shutdown vm=$i
    echo "Snapshotting $i"
    xe vm-snapshot new-name-label="BASE vGPU IMAGE" vm=$i
    xe vm-start vm=$i

Import VMs from directory:
for i in *.bkp; do xe vm-import filename=$i sr-uuid=`pvscan | grep Local | awk '{print $4}' | sed 's/-/ /' | awk '{print $2}'` preserve=true; done

Export VMs to current directory:
for i in `xe vm-list | grep na | grep -v Xen | awk '{print $4}' | sort -n`;do echo $i; xe vm-export filename=$i.bkp vm=$i; done

Error when installing the vSphere6.0 appliance: The file D:\vcsa-setup.html is not in a folder shared with the host and cannot be opened by the host.

When trying to launch the vSphere6.0 appliance installer I just got the following “The file D:\vcsa-setup.html is not in a folder shared with the host and cannot be opened by the host.”

vcsa-setup.html error

After having tried and received the same error after copying the ISO locally, emptying the contents into a folder, mounting it via vCenter5.5 to my VM, etc I simply dragged and dropped the file onto Firefox. That was it – it works.

Funny how these simple things can end up wasting time …