Turn SSH auth into the default for live migration

Currently, non-encrypted SASL-authenticated communication (qemu+tcp
protocol) is the default for connecting to libvirtd in remote compute
nodes during live migration. This commit changes the scheme to encrypted
SSH-authenticated communication, which is readily usable since the role
already distributes SSH keypairs between the nodes.

Change-Id: Ia6d2c99872e192ab308fc6d0195b609c95f55ff5
Closes-Bug: #1580276
This commit is contained in:
Paulo Matias 2016-05-18 15:17:08 -03:00 committed by Justin Shepherd
parent b6371a2009
commit dcbc394948
2 changed files with 6 additions and 0 deletions

View File

@ -0,0 +1,5 @@
---
upgrade:
- Adding a new nova.conf entry, live_migration_uri. This entry will default
to a ``qemu-ssh://`` uri, which uses the ssh keys that have already been
distributed between all of the compute hosts.

View File

@ -274,5 +274,6 @@ images_rbd_pool = {{ nova_libvirt_images_rbd_pool }}
images_rbd_ceph_conf = /etc/ceph/ceph.conf images_rbd_ceph_conf = /etc/ceph/ceph.conf
{% endif %} {% endif %}
live_migration_flag = "{{ nova_libvirt_live_migration_flag }}" live_migration_flag = "{{ nova_libvirt_live_migration_flag }}"
live_migration_uri = "qemu+ssh://nova@%s/system?no_verify=1&keyfile={{ nova_system_home_folder }}/.ssh/id_rsa"
hw_disk_discard = {{ nova_libvirt_hw_disk_discard }} hw_disk_discard = {{ nova_libvirt_hw_disk_discard }}
disk_cachemodes = {{ nova_libvirt_disk_cachemodes }} disk_cachemodes = {{ nova_libvirt_disk_cachemodes }}