Restrict nova migration ssh tunnel

Specify the allowed networks for migration ssh tunneling.

bp tripleo-cold-migration

Change-Id: Iab022bdfb655e3c52fecebf416e75c9e981072ab
Depends-on: Idb56acd1e1ecb5a5fd4d942969be428cc9cbe293
(cherry picked from commit 3d8af2fcf8)
(cherry picked from commit 558f8e53ad)
This commit is contained in:
Oliver Walsh 2017-04-19 14:51:02 +01:00
parent c7e1f28200
commit dc505cec78
2 changed files with 6 additions and 0 deletions

View File

@ -44,6 +44,7 @@ parameters:
HeatApiCfnNetwork: internal_api
HeatApiCloudwatchNetwork: internal_api
NovaApiNetwork: internal_api
NovaColdMigrationNetwork: ctlplane
NovaMetadataNetwork: internal_api
NovaVncProxyNetwork: internal_api
NovaLibvirtNetwork: internal_api

View File

@ -115,6 +115,11 @@ outputs:
nova::compute::libvirt::migration_support: false
tripleo::profile::base::nova::manage_migration: true
tripleo::profile::base::nova::migration_ssh_key: {get_param: MigrationSshKey}
tripleo::profile::base::nova::migration_ssh_localaddrs:
- "%{hiera('cold_migration_ssh_inbound_addr')}"
- "%{hiera('live_migration_ssh_inbound_addr')}"
live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]}
tripleo::profile::base::nova::nova_compute_enabled: true
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}