Modify libvirtd container command line when TLS is enabled

Libvirtd needs the --listen arg to enable the TLS socket.

Change-Id: I535165f0a2634728045491b2a37a56b1891b13fe
Resolves-Bug: #1694958

diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index 9779d67..df0051f 100644 (file)
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -44,6 +44,26 @@ parameters:
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+  UseTLSTransportForLiveMigration:
+    type: boolean
+    default: true
+    description: If set to true and if EnableInternalTLS is enabled, it will
+                 set the libvirt URI's transport to tls and configure the
+                 relevant keys for libvirt.
+
+conditions:
+
+  use_tls_for_live_migration:
+    and:
+    - equals:
+      - {get_param: EnableInternalTLS}
+      - true
+    - equals:
+      - {get_param: UseTLSTransportForLiveMigration}
+      - true
 
 resources:
 
@@ -85,7 +105,11 @@ outputs:
           - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
       kolla_config:
         /var/lib/kolla/config_files/nova-libvirt.json:
-          command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
+          command:
+            if:
+              - use_tls_for_live_migration
+              - /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf
+              - /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
           permissions:
             - path: /var/log/nova
               owner: nova:nova