From d1c21c6cd100120b9fd68cde6776b3caa007bd62 Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Mon, 30 May 2016 15:15:54 -0400
Subject: compute: use new param for live_migration_tunnelled

Use the new interface in puppet-nova to configure this parameter.

Depends-On: I3498076b292e9dff88b9ad9d5c65c99a2a98cd7f
Change-Id: Id9f253e942f6373f77acc9239d79f62103b39904
---
 puppet/compute.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'puppet/compute.yaml')

diff --git a/puppet/compute.yaml b/puppet/compute.yaml
index ee00a890..da3df8b7 100644
--- a/puppet/compute.yaml
+++ b/puppet/compute.yaml
@@ -531,6 +531,12 @@ resources:
                 nova_api_host: {get_input: nova_api_host}
                 nova::compute::vncproxy_host: {get_input: nova_public_ip}
                 nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend}
+                # TUNNELLED mode provides a security enhancement when using shared storage but is not
+                # supported when not using shared storage.
+                # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12
+                # In future versions of QEMU (2.6, mostly), Dan's native encryption
+                # work will obsolete the need to use TUNNELLED transport mode.
+                nova::migration::live_migration_tunnelled: {get_input: nova_enable_rbd_backend}
                 rbd_persistent_storage: {get_input: cinder_enable_rbd_backend}
                 nova_password: {get_input: nova_password}
                 nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu}
-- 
cgit 1.2.3-korg