Turn SSH auth into the default for live migration

Currently, non-encrypted SASL-authenticated communication (qemu+tcp protocol) is the default for connecting to libvirtd in remote compute nodes during live migration. This commit changes the scheme to encrypted SSH-authenticated communication, which is readily usable since the role already distributes SSH keypairs between the nodes. Change-Id: Ia6d2c99872e192ab308fc6d0195b609c95f55ff5 Closes-Bug: #1580276
2016-05-18 15:17:08 -03:00 · 2016-05-18 15:17:08 -03:00 · dcbc394948
commit dcbc394948
parent b6371a2009
2 changed files with 6 additions and 0 deletions
--- a/releasenotes/notes/live-migration-default-set-to-ssh-6add1dbdeea43509.yaml
+++ b/releasenotes/notes/live-migration-default-set-to-ssh-6add1dbdeea43509.yaml
@ -0,0 +1,5 @@
+---
+upgrade:
+  - Adding a new nova.conf entry, live_migration_uri. This entry will default
+    to a ``qemu-ssh://`` uri, which uses the ssh keys that have already been
+    distributed between all of the compute hosts.
--- a/templates/nova.conf.j2
+++ b/templates/nova.conf.j2
@ -274,5 +274,6 @@ images_rbd_pool = {{ nova_libvirt_images_rbd_pool }}
 images_rbd_ceph_conf = /etc/ceph/ceph.conf
 {% endif %}
 live_migration_flag = "{{ nova_libvirt_live_migration_flag }}"
+live_migration_uri = "qemu+ssh://nova@%s/system?no_verify=1&keyfile={{ nova_system_home_folder }}/.ssh/id_rsa"
 hw_disk_discard = {{ nova_libvirt_hw_disk_discard }}
 disk_cachemodes = {{ nova_libvirt_disk_cachemodes }}