diff options
Diffstat (limited to 'manifests/profile/base/nova/migration/proxy.pp')
-rw-r--r-- | manifests/profile/base/nova/migration/proxy.pp | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/manifests/profile/base/nova/migration/proxy.pp b/manifests/profile/base/nova/migration/proxy.pp new file mode 100644 index 0000000..318a1f8 --- /dev/null +++ b/manifests/profile/base/nova/migration/proxy.pp @@ -0,0 +1,78 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::nova::migration::proxy +# +# Nova migration proxy profile for tripleo. +# Used to proxy connections from baremetal sshd to dockerized sshd on a +# different port during rolling upgrades. +# +# === Parameters +# +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') +# +# [*ssh_private_key*] +# (Optional) SSH private_key for migration SSH tunnel. +# Defaults to '' +# +# [*target_host*] +# (Optional) SSH hostname to proxy. +# Defaults to hiera('fqdn_internal_api', '127.0.0.1') +# +# [*target_port*] +# (Optional) SSH port to proxy. +# Defaults to 22 + +class tripleo::profile::base::nova::migration::proxy ( + $step = Integer(hiera('step')), + $ssh_private_key = '', + $target_host = hiera('fqdn_internal_api', '127.0.0.1'), + $target_port = 22 +) { + + include ::tripleo::profile::base::nova::migration + + if $step >= 4 { + if !empty($ssh_private_key) { + class { '::tripleo::profile::base::nova::migration::target': + step => $step, + wrapper_command => "/bin/ssh \ +-p ${target_port} \ +-i /etc/nova/migration/proxy_identity \ +-o BatchMode=yes \ +-o UserKnownHostsFile=/dev/null \ +nova_migration@${target_host} \ +\$SSH_ORIGINAL_COMMAND" + } + + $migration_identity = $ssh_private_key + $migration_identity_ensure = 'present' + } + else { + $migration_identity = '' + $migration_identity_ensure = 'absent' + } + + file { '/etc/nova/migration/proxy_identity': + ensure => $migration_identity_ensure, + content => $migration_identity, + mode => '0600', + owner => 'nova_migration', + group => 'nova_migration', + require => Package['openstack-nova-migration'] + } + } +} |