diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index f7f2510ea3..120cafc02b 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -75,6 +75,13 @@ parameters: default: tag: openstack.nova.compute path: /var/log/nova/nova-compute.log + MigrationSshKey: + type: json + description: > + SSH key for migration. + Expects a dictionary with keys 'public_key' and 'private_key'. + Values should be identical to SSH public/private key files. + default: {} resources: NovaBase: @@ -107,6 +114,7 @@ outputs: # we manage migration in nova common puppet profile nova::compute::libvirt::migration_support: false tripleo::profile::base::nova::manage_migration: true + tripleo::profile::base::nova::migration_ssh_key: {get_param: MigrationSshKey} tripleo::profile::base::nova::nova_compute_enabled: true nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index bffd1629f3..b77498088c 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -57,7 +57,6 @@ outputs: tripleo.nova_libvirt.firewall_rules: '200 nova_libvirt': dport: - - 16509 - 16514 - '49152-49215' - '5900-5999' diff --git a/releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml b/releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml new file mode 100644 index 0000000000..45ca9fe588 --- /dev/null +++ b/releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml @@ -0,0 +1,14 @@ +--- +features: + - | + Add support for cold migration over ssh. + + This enables nova cold migration. + + This also switches to SSH as the default transport for live-migration. + The tripleo-common mistral action that generates passwords supplies the + MigrationSshKey parameter that enables this. +deprecations: + - | + The TCP transport is no longer used for live-migration and the firewall + port has been closed.