Add support for nova live/cold-migration with containers

Updates hieradata for changes in https://review.openstack.org/471950. Creates a new service - NovaMigrationTarget. On baremetal this just configures live/cold-migration. On docker is includes a container running a second sshd services on an alternative port. Configures /var/lib/nova/.ssh/config and mounts in nova-compute and libvirtd containers. Change-Id: Ic4b810ff71085b73ccd08c66a3739f94e6c0c427 Implements: blueprint tripleo-cold-migration Depends-On: I6c04cebd1cf066c79c5b4335011733d32ac208dc Depends-On: I063a84a8e6da64ae3b09125cfa42e48df69adc12
author: Oliver Walsh <owalsh@redhat.com> 2017-06-08 00:17:53 +0100
committer: Oliver Walsh <owalsh@redhat.com> 2017-07-23 02:26:55 +0100
commit: 4a7f3398f115a4eaab6993b0aad9c16fa7f55afa (patch)
tree: b028d396c6cb80c85181c001c1680c265abc5530 /puppet/services
parent: fdd4352375c24c189d028f34cc66b3b1f2d474ee (diff)
3 files changed, 84 insertions, 12 deletions
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index d0f8fda2..a12bfd0f 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -104,7 +104,13 @@ parameters:
       SSH key for migration.
       Expects a dictionary with keys 'public_key' and 'private_key'.
       Values should be identical to SSH public/private key files.
-    default: {}
+    default:
+      public_key: ''
+      private_key: ''
+  MigrationSshPort:
+    default: 22
+    description: Target port for migration over ssh
+    type: number
 
 resources:
   NovaBase:
@@ -159,14 +165,9 @@ outputs:
                         NovaPCIPassthrough: {get_param: NovaPCIPassthrough}
             # we manage migration in nova common puppet profile
             nova::compute::libvirt::migration_support: false
-            tripleo::profile::base::nova::manage_migration: true
-            tripleo::profile::base::nova::migration_ssh_key: {get_param: MigrationSshKey}
-            tripleo::profile::base::nova::migration_ssh_localaddrs:
-              - "%{hiera('cold_migration_ssh_inbound_addr')}"
-              - "%{hiera('live_migration_ssh_inbound_addr')}"
-            live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
-            cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]}
-            tripleo::profile::base::nova::nova_compute_enabled: true
+            tripleo::profile::base::nova::migration::client::nova_compute_enabled: true
+            tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]}
+            tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort}
             nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
             nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
             tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend}
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index 1c2958e3..e2ae7260 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -84,6 +84,19 @@ parameters:
                  the InternalTLSCAFile parameter) is not desired. The current
                  default reflects TripleO's default CA, which is FreeIPA.
                  It will only be used if internal TLS is enabled.
+  MigrationSshKey:
+    type: json
+    description: >
+      SSH key for migration.
+      Expects a dictionary with keys 'public_key' and 'private_key'.
+      Values should be identical to SSH public/private key files.
+    default:
+      public_key: ''
+      private_key: ''
+  MigrationSshPort:
+    default: 22
+    description: Target port for migration over ssh
+    type: number
 
 conditions:
 
@@ -125,11 +138,12 @@ outputs:
           - nova::compute::libvirt::manage_libvirt_services: false
           # we manage migration in nova common puppet profile
             nova::compute::libvirt::migration_support: false
-            tripleo::profile::base::nova::manage_migration: true
-            tripleo::profile::base::nova::libvirt_enabled: true
             nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
             nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
             nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID}
+            tripleo::profile::base::nova::migration::client::libvirt_enabled: true
+            tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]}
+            tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort}
             nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
             nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
             nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents}
@@ -150,7 +164,7 @@ outputs:
               - use_tls_for_live_migration
               -
                 generate_service_certificates: true
-                tripleo::profile::base::nova::libvirt_tls: true
+                tripleo::profile::base::nova::migration::client::libvirt_tls: true
                 nova::migration::libvirt::live_migration_inbound_addr:
                   str_replace:
                     template:
diff --git a/puppet/services/nova-migration-target.yaml b/puppet/services/nova-migration-target.yaml
new file mode 100644
index 00000000..128abc2c
--- /dev/null
+++ b/puppet/services/nova-migration-target.yaml
@@ -0,0 +1,57 @@
+heat_template_version: ocata
+
+description: >
+  OpenStack Nova migration target configured with Puppet
+
+parameters:
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  MigrationSshKey:
+    type: json
+    description: >
+      SSH key for migration.
+      Expects a dictionary with keys 'public_key' and 'private_key'.
+      Values should be identical to SSH public/private key files.
+    default:
+      public_key: ''
+      private_key: ''
+
+outputs:
+  role_data:
+    description: Role data for the Nova migration target service.
+    value:
+      service_name: nova_migration_target
+      config_settings:
+        tripleo::profile::base::nova::migration::target::ssh_authorized_keys:
+          - {get_param: [ MigrationSshKey, public_key ]}
+        tripleo::profile::base::nova::migration::target::ssh_localaddrs:
+          - "%{hiera('cold_migration_ssh_inbound_addr')}"
+          - "%{hiera('live_migration_ssh_inbound_addr')}"
+        live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
+        cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]}
+      step_config: |
+        include tripleo::profile::base::nova::migration::target
author	Oliver Walsh <owalsh@redhat.com>	2017-06-08 00:17:53 +0100
committer	Oliver Walsh <owalsh@redhat.com>	2017-07-23 02:26:55 +0100
commit	4a7f3398f115a4eaab6993b0aad9c16fa7f55afa (patch)
tree	b028d396c6cb80c85181c001c1680c265abc5530 /puppet/services
parent	fdd4352375c24c189d028f34cc66b3b1f2d474ee (diff)