aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEmilien Macchi <emilien@redhat.com>2017-01-31 13:20:51 -0500
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-02-06 17:10:19 +0000
commit6556123395c14f21de31e844426e541c141ffaaa (patch)
treebc85d04f18e3fff1bf0fe41b88c534f1a51604ca
parent2b11f29824719f961d35c66617f3ee654cf9f0f3 (diff)
nova/libvirt: switch vnc server binding
On compute nodes, instead of binding vnc server on 0.0.0.0, use the IP address provided by libvirt's t-h-t profile (hiera). Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: Ie377c09734e9f6170daa519aed69c53fc67c366b Change-Id: If6b116b238a52144aad5e76c9edc7df6aa15313c Closes-Bug: #1660099
-rw-r--r--manifests/profile/base/nova/compute/libvirt.pp13
-rw-r--r--releasenotes/notes/vncserver_listen-4417377cac38464c.yaml7
2 files changed, 8 insertions, 12 deletions
diff --git a/manifests/profile/base/nova/compute/libvirt.pp b/manifests/profile/base/nova/compute/libvirt.pp
index 6767f6b..cc9beb6 100644
--- a/manifests/profile/base/nova/compute/libvirt.pp
+++ b/manifests/profile/base/nova/compute/libvirt.pp
@@ -40,24 +40,13 @@ class tripleo::profile::base::nova::compute::libvirt (
}
}
- # TODO(emilien): Some work needs to be done in puppet-nova to separate nova-compute config
- # when running libvirt and libvirt itself, so we allow micro-services deployments.
- if str2bool(hiera('nova::use_ipv6', false)) {
- $vncserver_listen = '::0'
- } else {
- $vncserver_listen = '0.0.0.0'
- }
-
if $rbd_ephemeral_storage {
class { '::nova::compute::libvirt':
libvirt_disk_cachemodes => ['network=writeback'],
libvirt_hw_disk_discard => 'unmap',
- vncserver_listen => $vncserver_listen,
}
} else {
- class { '::nova::compute::libvirt' :
- vncserver_listen => $vncserver_listen,
- }
+ include ::nova::compute::libvirt
}
include ::nova::compute::libvirt::qemu
diff --git a/releasenotes/notes/vncserver_listen-4417377cac38464c.yaml b/releasenotes/notes/vncserver_listen-4417377cac38464c.yaml
new file mode 100644
index 0000000..0c0f8ea
--- /dev/null
+++ b/releasenotes/notes/vncserver_listen-4417377cac38464c.yaml
@@ -0,0 +1,7 @@
+---
+features:
+ - Configure VNC server to be binded on internal network interface on compute nodes.
+ This value comes from tripleo-heat-templates and is configured by default to use
+ an IP address from the internal API network.
+ We use the ServiceNetMap in tripleo-heat-templates to compute the IP address, and we won't
+ configure 0.0.0.0 anymore as it used to open the binding to any network, which is unsecure.