default: openstack
type: string
CephClientKey:
- description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClusterFSID:
default: true
description: If set to true and if EnableInternalTLS is enabled, it will
set the libvirt URI's transport to tls and configure the
- relevant keys for libvirt.
+ relevant keys for libvirt. NOTE. this is currently being
+ ignored and TLS for libvirtd is always disabled for now.
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
the InternalTLSCAFile parameter) is not desired. The current
default reflects TripleO's default CA, which is FreeIPA.
It will only be used if internal TLS is enabled.
+ MigrationSshKey:
+ type: json
+ description: >
+ SSH key for migration.
+ Expects a dictionary with keys 'public_key' and 'private_key'.
+ Values should be identical to SSH public/private key files.
+ default:
+ public_key: ''
+ private_key: ''
+ MigrationSshPort:
+ default: 2022
+ description: Target port for migration over ssh
+ type: number
conditions:
- use_tls_for_live_migration:
- and:
- - equals:
- - {get_param: EnableInternalTLS}
- - true
- - equals:
- - {get_param: UseTLSTransportForLiveMigration}
- - true
+ use_tls_for_live_migration: false
+ # and:
+ # - equals:
+ # - {get_param: EnableInternalTLS}
+ # - true
+ # - equals:
+ # - {get_param: UseTLSTransportForLiveMigration}
+ # - true
libvirt_specific_ca_unset:
equals:
- nova::compute::libvirt::manage_libvirt_services: false
# we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
- tripleo::profile::base::nova::manage_migration: true
- tripleo::profile::base::nova::libvirt_enabled: true
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+ nova::compute::rbd::rbd_keyring:
+ list_join:
+ - '.'
+ - - 'client'
+ - {get_param: CephClientUserName}
nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID}
+ tripleo::profile::base::nova::migration::client::libvirt_enabled: true
+ tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]}
+ tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort}
nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents}
dport:
- 16514
- '49152-49215'
- - '5900-5999'
+ - '5900-6923'
-
if:
- use_tls_for_live_migration
-
generate_service_certificates: true
- tripleo::profile::base::nova::libvirt_tls: true
+ tripleo::profile::base::nova::migration::client::libvirt_tls: true
+ nova::migration::libvirt::listen_address:
+ get_param: [ServiceNetMap, NovaLibvirtNetwork]
nova::migration::libvirt::live_migration_inbound_addr:
str_replace:
template: