vncserver_listen => $vncserver_listen,
}
-# TUNNELLED mode provides a security enhancement when using shared storage but is not
-# supported when not using shared storage.
-# See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12
-if $rbd_ephemeral_storage {
- $block_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED, VIR_MIGRATE_NON_SHARED_INC'
- $live_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED'
-} else {
- $block_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_NON_SHARED_INC'
- $live_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE'
-}
-
nova_config {
'DEFAULT/my_ip': value => $ipaddress;
'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver';
'DEFAULT/host': value => $fqdn;
- # In future versions of Nova, the live/block migration flags will be deprecated [1].
- # Tunnelling (encryption) will be handled via a single _new_ Nova
- # config attribute 'live_migration_tunnelled'[2], thus
- # avoiding users to have to supply libvirt flags.
+ # TUNNELLED mode provides a security enhancement when using shared storage but is not
+ # supported when not using shared storage.
+ # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12
# In future versions of QEMU (2.6, mostly), Dan's native encryption
# work will obsolete the need to use TUNNELLED transport mode.
- # [1] https://review.openstack.org/#/c/263436/
- # [2] https://review.openstack.org/#/c/263434/
- 'libvirt/block_migration_flag': value => $block_migration_flag;
- 'libvirt/live_migration_flag': value => $live_migration_flag;
+ 'libvirt/live_migration_tunnelled': value => $rbd_ephemeral_storage;
}
if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
# require => Class['contrail::vrouter'],
#}
}
+elsif hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' {
+ # forward all ipv4 traffic
+ # this is required for the vms to pass through the gateways public interface
+ sysctl::value { 'net.ipv4.ip_forward': value => '1' }
+
+ # ifc_ctl_pp needs to be invoked by root as part of the vif.py when a VM is powered on
+ file { '/etc/sudoers.d/ifc_ctl_sudoers':
+ ensure => file,
+ owner => root,
+ group => root,
+ mode => '0440',
+ content => "nova ALL=(root) NOPASSWD: /opt/pg/bin/ifc_ctl_pp *\n",
+ }
+}
else {
+ # NOTE: this code won't live in puppet-neutron until Neutron OVS agent
+ # can be gracefully restarted. See https://review.openstack.org/#/c/297211
+ # In the meantime, it's safe to restart the agent on each change in neutron.conf,
+ # because Puppet changes are supposed to be done during bootstrap and upgrades.
+ # Some resource managed by Neutron_config (like messaging and logging options) require
+ # a restart of OVS agent. This code does it.
+ # In Newton, OVS agent will be able to be restarted gracefully so we'll drop the code
+ # from here and fix it in puppet-neutron.
+ Neutron_config<||> ~> Service['neutron-ovs-agent-service']
+
include ::neutron::plugins::ml2
include ::neutron::agents::ml2::ovs