Add migration SSH tunneling support

This enables nova cold migration.

This also switches to SSH as the default transport for live-migration.
The tripleo-common mistral action that generates passwords supplies the
MigrationSshKey parameter that enables this.
The TCP transport is no longer used for live-migration and the firewall
port has been closed.

Change-Id: I4e55a987c93673796525988a2e4cc264a6b5c24f
Depends-On: I367757cbe8757d11943af7e41af620f9ce919a06
Depends-On: I9e7a1862911312ad942233ac8fc828f4e1be1dcf
Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec
(cherry picked from commit 0271a63e52)
(cherry picked from commit 1eeedbc095)
This commit is contained in:
Oliver Walsh 2017-03-28 16:15:08 +01:00
parent f178f5ae28
commit c7e1f28200
3 changed files with 22 additions and 1 deletions

View File

@ -75,6 +75,13 @@ parameters:
default:
tag: openstack.nova.compute
path: /var/log/nova/nova-compute.log
MigrationSshKey:
type: json
description: >
SSH key for migration.
Expects a dictionary with keys 'public_key' and 'private_key'.
Values should be identical to SSH public/private key files.
default: {}
resources:
NovaBase:
@ -107,6 +114,7 @@ outputs:
# we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
tripleo::profile::base::nova::manage_migration: true
tripleo::profile::base::nova::migration_ssh_key: {get_param: MigrationSshKey}
tripleo::profile::base::nova::nova_compute_enabled: true
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}

View File

@ -57,7 +57,6 @@ outputs:
tripleo.nova_libvirt.firewall_rules:
'200 nova_libvirt':
dport:
- 16509
- 16514
- '49152-49215'
- '5900-5999'

View File

@ -0,0 +1,14 @@
---
features:
- |
Add support for cold migration over ssh.
This enables nova cold migration.
This also switches to SSH as the default transport for live-migration.
The tripleo-common mistral action that generates passwords supplies the
MigrationSshKey parameter that enables this.
deprecations:
- |
The TCP transport is no longer used for live-migration and the firewall
port has been closed.