From 6781c181347553e02a001aff3960ac9ede035978 Mon Sep 17 00:00:00 2001 From: Clint Byrum Date: Thu, 8 Feb 2018 16:19:58 -0800 Subject: [PATCH] Allow disabling nova-ssh This service is only required if you want to support cold migration. In some instances that is not a needed feature, and avoiding having another key to manage is an advantage. Co-Authored-By: Adam Harwell Change-Id: I0a55a91673d9178933f134832df4bd849ddf5af4 --- ansible/group_vars/all.yml | 1 + ansible/roles/nova/defaults/main.yml | 2 +- etc/kolla/globals.yml | 1 + .../notes/allow-disabling-nova-ssh-51028805f163e5a2.yaml | 6 ++++++ 4 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/allow-disabling-nova-ssh-51028805f163e5a2.yaml diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index c8a53d85e7..4ef0de1d05 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -490,6 +490,7 @@ enable_neutron_segments: "no" enable_neutron_sfc: "no" enable_neutron_infoblox_ipam_agent: "no" enable_nova_serialconsole_proxy: "no" +enable_nova_ssh: "yes" enable_octavia: "no" enable_opendaylight: "no" enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' | bool }}" diff --git a/ansible/roles/nova/defaults/main.yml b/ansible/roles/nova/defaults/main.yml index 92a8625238..757779338f 100644 --- a/ansible/roles/nova/defaults/main.yml +++ b/ansible/roles/nova/defaults/main.yml @@ -26,7 +26,7 @@ nova_services: container_name: "nova_ssh" group: "compute" image: "{{ nova_ssh_image_full }}" - enabled: True + enabled: "{{ enable_nova_ssh | bool }}" volumes: - "{{ node_config_directory }}/nova-ssh/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index 33b2c2f63e..a6aab72aa7 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -247,6 +247,7 @@ kolla_internal_vip_address: "10.10.10.254" #enable_neutron_sfc: "no" #enable_nova_fake: "no" #enable_nova_serialconsole_proxy: "no" +#enable_nova_ssh: "yes" #enable_octavia: "no" #enable_opendaylight: "no" #enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' }}" diff --git a/releasenotes/notes/allow-disabling-nova-ssh-51028805f163e5a2.yaml b/releasenotes/notes/allow-disabling-nova-ssh-51028805f163e5a2.yaml new file mode 100644 index 0000000000..f535787214 --- /dev/null +++ b/releasenotes/notes/allow-disabling-nova-ssh-51028805f163e5a2.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Add a configuration option `enable_nova_ssh` to allow disabling the + service. This is useful when an operator is not supporting cold-migration + and does not want to manage additional SSH keys.