Support nova non-live migration

Ensure that each compute node is configured with ssh key authentication so that the nova compute service can use ssh to move/resize disks to other nodes. Change-Id: Ifbefdcbcf865cb2be988e133f19a13a5e010512d Closes-Bug: #1660981
2017-02-02 13:13:49 +04:00 · 2017-02-02 13:13:49 +04:00 · 8fb8e7f7df
parent 7f22b7f433
commit 8fb8e7f7df
3 changed files with 35 additions and 2 deletions
--- a/deployment/puppet/openstack_tasks/manifests/roles/compute.pp
+++ b/deployment/puppet/openstack_tasks/manifests/roles/compute.pp
@ -498,6 +498,28 @@ class openstack_tasks::roles::compute {

  ensure_packages([$scp_package, $multipath_tools_package])

-  # vim: set ts=2 sw=2 et :
+  # Configure ssh key authentication between compute nodes
+  # (required for non-live/cold migration)
+  $ssh_key_path = '/var/lib/astute/nova'
+
+  install_ssh_keys { 'nova_ssh_key_for_migration':
+    ensure           => present,
+    user             => 'nova',
+    private_key_path => "${ssh_key_path}/nova",
+    public_key_path  => "${ssh_key_path}/nova.pub",
+  } ->
+  file { '/var/lib/nova/.ssh/config':
+    ensure  => present,
+    owner   => 'nova',
+    group   => 'nova',
+    mode    => '0600',
+    content => "Host *\n  StrictHostKeyChecking no\n",
+  }
+
+  user { 'nova':
+    ensure  => present,
+    shell   => '/bin/rbash',
+    require => Package['nova-common'],
+  }

 }
--- a/deployment/puppet/osnailyfacter/modular/astute/tasks.yaml
+++ b/deployment/puppet/osnailyfacter/modular/astute/tasks.yaml
@ -213,6 +213,10 @@
        role: master
  parameters:
    files:
+      - src: /var/lib/fuel/keys/{CLUSTER_ID}/nova/nova.pub
+        dst: /var/lib/astute/nova/nova.pub
+      - src: /var/lib/fuel/keys/{CLUSTER_ID}/nova/nova
+        dst: /var/lib/astute/nova/nova
      - src: /var/lib/fuel/keys/{CLUSTER_ID}/mysql/mysql.pub
        dst: /var/lib/astute/mysql/mysql.pub
      - src: /var/lib/fuel/keys/{CLUSTER_ID}/mysql/mysql
@ -233,7 +237,7 @@
  requires: [pre_deployment_start]
  required_for: [copy_keys]
  parameters:
-    cmd: sh /etc/puppet/modules/osnailyfacter/modular/astute/generate_keys.sh -p /var/lib/fuel/keys/ -i {CLUSTER_ID} -o 'mongodb' -s 'mysql' -f '0 1'
+    cmd: sh /etc/puppet/modules/osnailyfacter/modular/astute/generate_keys.sh -p /var/lib/fuel/keys/ -i {CLUSTER_ID} -o 'mongodb' -s 'nova mysql' -f '0 1'
    timeout: 180

 - id: generate_haproxy_keys
--- a/tests/noop/spec/hosts/roles/compute_spec.rb
+++ b/tests/noop/spec/hosts/roles/compute_spec.rb
@ -483,6 +483,13 @@ describe manifest do

    it 'should contain migration basics' do
      should contain_class('nova::client')
+      should contain_install_ssh_keys('nova_ssh_key_for_migration')
+      should contain_file('/var/lib/nova/.ssh/config')
+      should contain_user('nova').with(
+        'ensure'  => 'present',
+        'shell'   => '/bin/rbash',
+        'require' => 'Package[nova-common]'
+      )
    end

    it 'should contain cpufrequtils' do