summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOliver Walsh <owalsh@redhat.com>2017-06-08 00:55:41 +0100
committerOliver Walsh <owalsh@redhat.com>2017-06-08 00:55:41 +0100
commite825cda0f9895ae976fda686c800cce069bb925c (patch)
tree1ecd98438cf7403c3011cbe1561afbb5e83f1508
parent26fc6f24a41319f3883a29e1748afb74071e1b86 (diff)
Modify libvirtd container command line when TLS is enabled
Libvirtd needs the --listen arg to enable the TLS socket. Change-Id: I535165f0a2634728045491b2a37a56b1891b13fe Resolves-Bug: #1694958
-rw-r--r--docker/services/nova-libvirt.yaml26
1 files changed, 25 insertions, 1 deletions
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index 9779d676..df0051f2 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -44,6 +44,26 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ UseTLSTransportForLiveMigration:
+ type: boolean
+ default: true
+ description: If set to true and if EnableInternalTLS is enabled, it will
+ set the libvirt URI's transport to tls and configure the
+ relevant keys for libvirt.
+
+conditions:
+
+ use_tls_for_live_migration:
+ and:
+ - equals:
+ - {get_param: EnableInternalTLS}
+ - true
+ - equals:
+ - {get_param: UseTLSTransportForLiveMigration}
+ - true
resources:
@@ -85,7 +105,11 @@ outputs:
- [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
kolla_config:
/var/lib/kolla/config_files/nova-libvirt.json:
- command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
+ command:
+ if:
+ - use_tls_for_live_migration
+ - /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf
+ - /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
permissions:
- path: /var/log/nova
owner: nova:nova