diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-08-24 17:56:50 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-08-24 17:56:50 +0000 |
commit | adff7d36f9bfdea36a4983b7b6018d128e4fd47c (patch) | |
tree | bc8e84c160c065a06367957116dccc03975c0b22 /docker | |
parent | 20b20156242045513c65acd15badb923f0232ac5 (diff) | |
parent | 2696eadaa0f2453b118d3012d8a5494842eb791a (diff) |
Merge "Docker: Enable TLS in the internal network for libvirt"
Diffstat (limited to 'docker')
-rw-r--r-- | docker/services/nova-libvirt.yaml | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 47414083..8f151cfe 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -113,7 +113,10 @@ outputs: value: service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]} config_settings: - get_attr: [NovaLibvirtBase, role_data, config_settings] + map_merge: + - get_attr: [NovaLibvirtBase, role_data, config_settings] + - tripleo::profile::base::certmonger_user::libvirt_postsave_cmd: "true" # TODO: restart the libvirt container here + step_config: &step_config list_join: - "\n" @@ -201,6 +204,16 @@ outputs: - /var/lib/libvirt:/var/lib/libvirt - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro - /var/log/containers/nova:/var/log/nova + - + if: + - use_tls_for_live_migration + - + - /etc/ipa/ca.crt:/etc/pki/CA/cacert.pem:ro + - /etc/pki/libvirt/servercert.pem:/etc/pki/libvirt/servercert.pem:ro + - /etc/pki/libvirt/private/serverkey.pem:/etc/pki/libvirt/private/serverkey.pem:ro + - /etc/pki/libvirt/clientcert.pem:/etc/pki/libvirt/clientcert.pem:ro + - /etc/pki/libvirt/private/clientkey.pem:/etc/pki/libvirt/private/clientkey.pem:ro + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS step_4: @@ -256,6 +269,8 @@ outputs: - libvirtd.service - virtlogd.socket when: libvirt_installed.rc == 0 + metadata_settings: + get_attr: [NovaLibvirtBase, role_data, metadata_settings] upgrade_tasks: - name: Stop and disable libvirtd service tags: step2 |