diff options
author | Emilien Macchi <emilien@redhat.com> | 2017-01-31 13:20:51 -0500 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-02-06 17:10:19 +0000 |
commit | 6556123395c14f21de31e844426e541c141ffaaa (patch) | |
tree | bc85d04f18e3fff1bf0fe41b88c534f1a51604ca | |
parent | 2b11f29824719f961d35c66617f3ee654cf9f0f3 (diff) |
nova/libvirt: switch vnc server binding
On compute nodes, instead of binding vnc server on 0.0.0.0, use the IP
address provided by libvirt's t-h-t profile (hiera).
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: Ie377c09734e9f6170daa519aed69c53fc67c366b
Change-Id: If6b116b238a52144aad5e76c9edc7df6aa15313c
Closes-Bug: #1660099
-rw-r--r-- | manifests/profile/base/nova/compute/libvirt.pp | 13 | ||||
-rw-r--r-- | releasenotes/notes/vncserver_listen-4417377cac38464c.yaml | 7 |
2 files changed, 8 insertions, 12 deletions
diff --git a/manifests/profile/base/nova/compute/libvirt.pp b/manifests/profile/base/nova/compute/libvirt.pp index 6767f6b..cc9beb6 100644 --- a/manifests/profile/base/nova/compute/libvirt.pp +++ b/manifests/profile/base/nova/compute/libvirt.pp @@ -40,24 +40,13 @@ class tripleo::profile::base::nova::compute::libvirt ( } } - # TODO(emilien): Some work needs to be done in puppet-nova to separate nova-compute config - # when running libvirt and libvirt itself, so we allow micro-services deployments. - if str2bool(hiera('nova::use_ipv6', false)) { - $vncserver_listen = '::0' - } else { - $vncserver_listen = '0.0.0.0' - } - if $rbd_ephemeral_storage { class { '::nova::compute::libvirt': libvirt_disk_cachemodes => ['network=writeback'], libvirt_hw_disk_discard => 'unmap', - vncserver_listen => $vncserver_listen, } } else { - class { '::nova::compute::libvirt' : - vncserver_listen => $vncserver_listen, - } + include ::nova::compute::libvirt } include ::nova::compute::libvirt::qemu diff --git a/releasenotes/notes/vncserver_listen-4417377cac38464c.yaml b/releasenotes/notes/vncserver_listen-4417377cac38464c.yaml new file mode 100644 index 0000000..0c0f8ea --- /dev/null +++ b/releasenotes/notes/vncserver_listen-4417377cac38464c.yaml @@ -0,0 +1,7 @@ +--- +features: + - Configure VNC server to be binded on internal network interface on compute nodes. + This value comes from tripleo-heat-templates and is configured by default to use + an IP address from the internal API network. + We use the ServiceNetMap in tripleo-heat-templates to compute the IP address, and we won't + configure 0.0.0.0 anymore as it used to open the binding to any network, which is unsecure. |