aboutsummaryrefslogtreecommitdiffstats
path: root/manifests
diff options
context:
space:
mode:
authorOliver Walsh <owalsh@redhat.com>2017-03-28 16:02:18 +0100
committerOliver Walsh <owalsh@redhat.com>2017-04-21 01:02:04 +0000
commit4e398a76dea38c0593b4965d4ec75ab1836d2369 (patch)
treef1473618f61e51d4fc2734581c7338036e35f019 /manifests
parentef4a1da270f92aaf0c4fdb06fadaaec932149d49 (diff)
Configure migration SSH tunnel
This patch configures SSH tunneling for nova cold-migration and reuses the tunnel for libvirt live-migration unless TLS has been enabled. Change-Id: I367757cbe8757d11943af7e41af620f9ce919a06 Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec (cherry picked from commit ccbcd11276c7bc3ffc8f013d9a5b2d3944bf76cf)
Diffstat (limited to 'manifests')
-rw-r--r--manifests/profile/base/nova.pp87
1 files changed, 68 insertions, 19 deletions
diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp
index cb34521..b4330a9 100644
--- a/manifests/profile/base/nova.pp
+++ b/manifests/profile/base/nova.pp
@@ -62,6 +62,15 @@
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
+# [*migration_ssh_key*]
+# (Optional) SSH key pair for migration SSH tunnel.
+# Expects a hash with keys 'private_key' and 'public_key'.
+# Defaults to {}
+#
+# [*libvirt_tls*]
+# (Optional) Whether or not libvird TLS service is enabled.
+# Defaults to false
+
class tripleo::profile::base::nova (
$bootstrap_node = hiera('bootstrap_nodeid', undef),
$libvirt_enabled = false,
@@ -74,6 +83,8 @@ class tripleo::profile::base::nova (
$messaging_use_ssl = hiera('nova::rabbit_use_ssl', '0'),
$nova_compute_enabled = false,
$step = hiera('step'),
+ $migration_ssh_key = {},
+ $libvirt_tls = false
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -89,18 +100,6 @@ class tripleo::profile::base::nova (
if $step >= 4 or ($step >= 3 and $sync_db) {
$messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($messaging_use_ssl)))
- # TODO(ccamacho): remove sprintf once we properly type the port, needs
- # to be a string for the os_transport_url function.
- class { '::nova' :
- default_transport_url => os_transport_url({
- 'transport' => $messaging_driver,
- 'hosts' => $messaging_hosts,
- 'port' => sprintf('%s', $messaging_port),
- 'username' => $messaging_username,
- 'password' => $messaging_password,
- 'ssl' => $messaging_use_ssl_real,
- }),
- }
include ::nova::config
class { '::nova::cache':
enabled => true,
@@ -108,15 +107,65 @@ class tripleo::profile::base::nova (
memcache_servers => $memcache_servers,
}
include ::nova::placement
- }
- if $step >= 4 {
- if $manage_migration {
- class { '::nova::migration::libvirt':
- configure_libvirt => $libvirt_enabled,
- configure_nova => $nova_compute_enabled,
+ if $step >= 4 and $manage_migration {
+
+ # Libvirt setup (live-migration)
+ if $libvirt_tls {
+ class { '::nova::migration::libvirt':
+ transport => 'tls',
+ configure_libvirt => $libvirt_enabled,
+ configure_nova => $nova_compute_enabled,
+ }
+ } else {
+ # Reuse the cold-migration SSH tunnel when TLS is not enabled
+ class { '::nova::migration::libvirt':
+ transport => 'ssh',
+ configure_libvirt => $libvirt_enabled,
+ configure_nova => $nova_compute_enabled,
+ client_user => 'nova',
+ client_extraparams => {'keyfile' => '/var/lib/nova/.ssh/id_rsa'}
+ }
}
+
+ if $migration_ssh_key != {} {
+ # Nova SSH tunnel setup (cold-migration)
+
+ #TODO: Remove me when https://review.rdoproject.org/r/#/c/4008 lands
+ user { 'nova':
+ ensure => present,
+ shell => '/bin/bash',
+ }
+
+ $private_key_parts = split($migration_ssh_key['public_key'], ' ')
+ $nova_public_key = {
+ 'type' => $private_key_parts[0],
+ key => $private_key_parts[1]
+ }
+ $nova_private_key = {
+ 'type' => $private_key_parts[0],
+ key => $migration_ssh_key['private_key']
+ }
+ } else {
+ $nova_public_key = undef
+ $nova_private_key = undef
+ }
+ } else {
+ $nova_public_key = undef
+ $nova_private_key = undef
}
- }
+ class { '::nova' :
+ default_transport_url => os_transport_url({
+ 'transport' => $messaging_driver,
+ 'hosts' => $messaging_hosts,
+ 'port' => sprintf('%s', $messaging_port),
+ 'username' => $messaging_username,
+ 'password' => $messaging_password,
+ 'ssl' => $messaging_use_ssl_real,
+ }),
+ nova_public_key => $nova_public_key,
+ nova_private_key => $nova_private_key,
+ }
+ }
}