summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOliver Walsh <owalsh@redhat.com>2017-04-19 14:51:02 +0100
committerOliver Walsh <owalsh@redhat.com>2017-06-06 21:38:09 +0100
commitdc505cec78fbbb0a21c3503860737a7f65cec31b (patch)
tree2b6e3468be0ab44af02b14cb60a611e057d29d61
parentc7e1f282000789a0f4ac787455ce1379f1c9d918 (diff)
Restrict nova migration ssh tunnel
Specify the allowed networks for migration ssh tunneling. bp tripleo-cold-migration Change-Id: Iab022bdfb655e3c52fecebf416e75c9e981072ab Depends-on: Idb56acd1e1ecb5a5fd4d942969be428cc9cbe293 (cherry picked from commit 3d8af2fcf8e2d41600fa10584120a8117e7ef40c) (cherry picked from commit 558f8e53ad1e394c468a1ed429139d6eae6e928c)
Notes
Notes (review): Code-Review+2: Alex Schultz <aschultz@redhat.com> Workflow+1: Emilien Macchi <emilien@redhat.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Wed, 07 Jun 2017 19:04:09 +0000 Reviewed-on: https://review.openstack.org/471435 Project: openstack/tripleo-heat-templates Branch: refs/heads/stable/newton
-rw-r--r--network/service_net_map.j2.yaml1
-rw-r--r--puppet/services/nova-compute.yaml5
2 files changed, 6 insertions, 0 deletions
diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml
index ed06843..7a0cc59 100644
--- a/network/service_net_map.j2.yaml
+++ b/network/service_net_map.j2.yaml
@@ -44,6 +44,7 @@ parameters:
44 HeatApiCfnNetwork: internal_api 44 HeatApiCfnNetwork: internal_api
45 HeatApiCloudwatchNetwork: internal_api 45 HeatApiCloudwatchNetwork: internal_api
46 NovaApiNetwork: internal_api 46 NovaApiNetwork: internal_api
47 NovaColdMigrationNetwork: ctlplane
47 NovaMetadataNetwork: internal_api 48 NovaMetadataNetwork: internal_api
48 NovaVncProxyNetwork: internal_api 49 NovaVncProxyNetwork: internal_api
49 NovaLibvirtNetwork: internal_api 50 NovaLibvirtNetwork: internal_api
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index 120cafc..5a62206 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -115,6 +115,11 @@ outputs:
115 nova::compute::libvirt::migration_support: false 115 nova::compute::libvirt::migration_support: false
116 tripleo::profile::base::nova::manage_migration: true 116 tripleo::profile::base::nova::manage_migration: true
117 tripleo::profile::base::nova::migration_ssh_key: {get_param: MigrationSshKey} 117 tripleo::profile::base::nova::migration_ssh_key: {get_param: MigrationSshKey}
118 tripleo::profile::base::nova::migration_ssh_localaddrs:
119 - "%{hiera('cold_migration_ssh_inbound_addr')}"
120 - "%{hiera('live_migration_ssh_inbound_addr')}"
121 live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
122 cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]}
118 tripleo::profile::base::nova::nova_compute_enabled: true 123 tripleo::profile::base::nova::nova_compute_enabled: true
119 nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} 124 nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
120 nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} 125 nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}