libvirt: Support native TLS for migration and disks over NBD
https://review.openstack.org/625216 introduces a new setting which needs set to true if native TLS for migration and disks over NBD is being used. Change-Id: I347881cf4822583179c0c042c42fa1e33dbcedd2 Related-Bug: 1793093
This commit is contained in:
parent
bf3d8bd91e
commit
7cb9e0fc20
|
@ -34,6 +34,16 @@
|
|||
# the availability of native encryption support in the hypervisor.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*live_migration_with_native_tls*]
|
||||
# (optional) This option will allow both migration stream (guest RAM plus
|
||||
# device state) *and* disk stream to be transported over native TLS, i.e.
|
||||
# TLS support built into QEMU.
|
||||
# Prerequisite: TLS environment is configured correctly on all relevant
|
||||
# Compute nodes. This means, Certificate Authority (CA), server, client
|
||||
# certificates, their corresponding keys, and their file permisssions are
|
||||
# in place, and are validated.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*live_migration_completion_timeout*]
|
||||
# (optional) Time to wait, in seconds, for migration to successfully complete
|
||||
# transferring data before aborting the operation. Value is per GiB of guest
|
||||
|
@ -73,6 +83,7 @@ class nova::migration::libvirt(
|
|||
$listen_address = undef,
|
||||
$live_migration_inbound_addr = $::os_service_default,
|
||||
$live_migration_tunnelled = $::os_service_default,
|
||||
$live_migration_with_native_tls = $::os_service_default,
|
||||
$live_migration_completion_timeout = $::os_service_default,
|
||||
$override_uuid = false,
|
||||
$configure_libvirt = true,
|
||||
|
@ -134,6 +145,7 @@ class nova::migration::libvirt(
|
|||
nova_config {
|
||||
'libvirt/live_migration_uri': value => $live_migration_uri;
|
||||
'libvirt/live_migration_tunnelled': value => $live_migration_tunnelled;
|
||||
'libvirt/live_migration_with_native_tls': value => $live_migration_with_native_tls;
|
||||
'libvirt/live_migration_completion_timeout': value => $live_migration_completion_timeout;
|
||||
'libvirt/live_migration_inbound_addr': value => $live_migration_inbound_addr;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
https://review.openstack.org/625216 introduces a new setting which needs
|
||||
set to true if native TLS for migration and disks over NBD is being used.
|
|
@ -47,6 +47,7 @@ describe 'nova::migration::libvirt' do
|
|||
it { is_expected.not_to contain_libvirtd_config('auth_tls') }
|
||||
it { is_expected.to contain_libvirtd_config('auth_tcp').with_value("\"none\"") }
|
||||
it { is_expected.to contain_nova_config('libvirt/live_migration_tunnelled').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_nova_config('libvirt/live_migration_with_native_tls').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_nova_config('libvirt/live_migration_completion_timeout').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+tcp://%s/system') }
|
||||
it { is_expected.to contain_nova_config('libvirt/live_migration_inbound_addr').with_value('<SERVICE DEFAULT>')}
|
||||
|
@ -97,6 +98,15 @@ describe 'nova::migration::libvirt' do
|
|||
it { is_expected.to contain_nova_config('libvirt/live_migration_inbound_addr').with_value('host1.example.com')}
|
||||
end
|
||||
|
||||
context 'with live_migration_with_native_tls flags set' do
|
||||
let :params do
|
||||
{
|
||||
:live_migration_with_native_tls => true,
|
||||
}
|
||||
end
|
||||
it { is_expected.to contain_nova_config('libvirt/live_migration_with_native_tls').with(:value => true) }
|
||||
end
|
||||
|
||||
context 'with migration flags set' do
|
||||
let :params do
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue