Add migration SSH tunneling support

This enables nova cold migration. This also switches to SSH as the default transport for live-migration. The tripleo-common mistral action that generates passwords supplies the MigrationSshKey parameter that enables this. The TCP transport is no longer used for live-migration and the firewall port has been closed. Change-Id: I4e55a987c93673796525988a2e4cc264a6b5c24f Depends-On: I367757cbe8757d11943af7e41af620f9ce919a06 Depends-On: I9e7a1862911312ad942233ac8fc828f4e1be1dcf Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec
2017-03-28 16:15:08 +01:00 · 2017-03-28 16:15:08 +01:00 · 0271a63e52
parent 7d3552a105
commit 0271a63e52
3 changed files with 22 additions and 1 deletions
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@ -79,6 +79,13 @@ parameters:
    type: string
    description: Nova Compute upgrade level
    default: auto
+  MigrationSshKey:
+    type: json
+    description: >
+      SSH key for migration.
+      Expects a dictionary with keys 'public_key' and 'private_key'.
+      Values should be identical to SSH public/private key files.
+    default: {}

 resources:
  NovaBase:
@ -107,6 +114,7 @@ outputs:
            # we manage migration in nova common puppet profile
            nova::compute::libvirt::migration_support: false
            tripleo::profile::base::nova::manage_migration: true
+            tripleo::profile::base::nova::migration_ssh_key: {get_param: MigrationSshKey}
            tripleo::profile::base::nova::nova_compute_enabled: true
            nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
            nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@ -66,7 +66,6 @@ outputs:
            tripleo.nova_libvirt.firewall_rules:
              '200 nova_libvirt':
                dport:
-                  - 16509
                  - 16514
                  - '49152-49215'
                  - '5900-5999'
--- a/releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml
+++ b/releasenotes/notes/migration_over_ssh-003e2a92f5f5374d.yaml
@ -0,0 +1,14 @@
+---
+features:
+  - |
+    Add support for cold migration over ssh.
+
+    This enables nova cold migration.
+
+    This also switches to SSH as the default transport for live-migration.
+    The tripleo-common mistral action that generates passwords supplies the
+    MigrationSshKey parameter that enables this.
+deprecations:
+  - |
+    The TCP transport is no longer used for live-migration and the firewall
+    port has been closed.