summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOliver Walsh <owalsh@redhat.com>2017-03-28 16:15:08 +0100
committerOliver Walsh <owalsh@redhat.com>2017-04-15 16:53:40 +0100
commit0271a63e52b961eab0da2f5c6a61811a7a1498f7 (patch)
tree58a07896ebf32056c7ca34ac1c5a10b42f718a32
parent7d3552a105ad5aa62cad0998c11df5ec6bd06ed6 (diff)
Add migration SSH tunneling support
This enables nova cold migration. This also switches to SSH as the default transport for live-migration. The tripleo-common mistral action that generates passwords supplies the MigrationSshKey parameter that enables this. The TCP transport is no longer used for live-migration and the firewall port has been closed. Change-Id: I4e55a987c93673796525988a2e4cc264a6b5c24f Depends-On: I367757cbe8757d11943af7e41af620f9ce919a06 Depends-On: I9e7a1862911312ad942233ac8fc828f4e1be1dcf Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec
-rw-r--r--puppet/services/nova-compute.yaml8
-rw-r--r--puppet/services/nova-libvirt.yaml1
-rw-r--r--releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml14
3 files changed, 22 insertions, 1 deletions
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index d208bede..9057c71e 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -79,6 +79,13 @@ parameters:
type: string
description: Nova Compute upgrade level
default: auto
+ MigrationSshKey:
+ type: json
+ description: >
+ SSH key for migration.
+ Expects a dictionary with keys 'public_key' and 'private_key'.
+ Values should be identical to SSH public/private key files.
+ default: {}
resources:
NovaBase:
@@ -107,6 +114,7 @@ outputs:
# we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
tripleo::profile::base::nova::manage_migration: true
+ tripleo::profile::base::nova::migration_ssh_key: {get_param: MigrationSshKey}
tripleo::profile::base::nova::nova_compute_enabled: true
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index faf1ae48..b297424e 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -66,7 +66,6 @@ outputs:
tripleo.nova_libvirt.firewall_rules:
'200 nova_libvirt':
dport:
- - 16509
- 16514
- '49152-49215'
- '5900-5999'
diff --git a/releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml b/releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml
new file mode 100644
index 00000000..45ca9fe5
--- /dev/null
+++ b/releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml
@@ -0,0 +1,14 @@
+---
+features:
+ - |
+ Add support for cold migration over ssh.
+
+ This enables nova cold migration.
+
+ This also switches to SSH as the default transport for live-migration.
+ The tripleo-common mistral action that generates passwords supplies the
+ MigrationSshKey parameter that enables this.
+deprecations:
+ - |
+ The TCP transport is no longer used for live-migration and the firewall
+ port has been closed.