aboutsummaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-08-24 17:56:50 +0000
committerGerrit Code Review <review@openstack.org>2017-08-24 17:56:50 +0000
commitadff7d36f9bfdea36a4983b7b6018d128e4fd47c (patch)
treebc8e84c160c065a06367957116dccc03975c0b22 /docker
parent20b20156242045513c65acd15badb923f0232ac5 (diff)
parent2696eadaa0f2453b118d3012d8a5494842eb791a (diff)
Merge "Docker: Enable TLS in the internal network for libvirt"
Diffstat (limited to 'docker')
-rw-r--r--docker/services/nova-libvirt.yaml17
1 files changed, 16 insertions, 1 deletions
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index 4741408..8f151cf 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -113,7 +113,10 @@ outputs:
value:
service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]}
config_settings:
- get_attr: [NovaLibvirtBase, role_data, config_settings]
+ map_merge:
+ - get_attr: [NovaLibvirtBase, role_data, config_settings]
+ - tripleo::profile::base::certmonger_user::libvirt_postsave_cmd: "true" # TODO: restart the libvirt container here
+
step_config: &step_config
list_join:
- "\n"
@@ -201,6 +204,16 @@ outputs:
- /var/lib/libvirt:/var/lib/libvirt
- /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
- /var/log/containers/nova:/var/log/nova
+ -
+ if:
+ - use_tls_for_live_migration
+ -
+ - /etc/ipa/ca.crt:/etc/pki/CA/cacert.pem:ro
+ - /etc/pki/libvirt/servercert.pem:/etc/pki/libvirt/servercert.pem:ro
+ - /etc/pki/libvirt/private/serverkey.pem:/etc/pki/libvirt/private/serverkey.pem:ro
+ - /etc/pki/libvirt/clientcert.pem:/etc/pki/libvirt/clientcert.pem:ro
+ - /etc/pki/libvirt/private/clientkey.pem:/etc/pki/libvirt/private/clientkey.pem:ro
+ - null
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_4:
@@ -256,6 +269,8 @@ outputs:
- libvirtd.service
- virtlogd.socket
when: libvirt_installed.rc == 0
+ metadata_settings:
+ get_attr: [NovaLibvirtBase, role_data, metadata_settings]
upgrade_tasks:
- name: Stop and disable libvirtd service
tags: step2