Disable tunnelled migration

Tunnelled migration is not compatible with post_copy as pointed by the related BZ. It was disabled up until we fixed the puppet namespace in I845bc3c533e55dd5398d6a74ee48762cfd32b8a9 Closes-bug: 1930599 Related: https://bugzilla.redhat.com/show_bug.cgi?id=1967130 Change-Id: Ia1a03cf798436b5f9865b527a8c742d13bbff180 (cherry picked from commit dbb4f619a5)
2021-06-02 11:16:48 -04:00 · 2021-06-02 11:16:48 -04:00 · 0efd6f0679
commit 0efd6f0679
parent 462724d3ff
1 changed files with 2 additions and 26 deletions
--- a/deployment/nova/nova-compute-container-puppet.yaml
+++ b/deployment/nova/nova-compute-container-puppet.yaml
@ -1004,19 +1004,6 @@ conditions:
      - {get_param: EnableInternalTLS}
      - {get_param: UseTLSTransportForLiveMigration}

-  enable_live_migration_tunnelled:
-    and:
-      - or:
-          - and:
-            - {get_param: NovaNfsEnabled}
-            - equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, '']
-          - equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, true]
-          - equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, true]
-          - and:
-            - equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, '']
-            - {get_param: NovaEnableRbdBackend}
-      - not: use_tls_for_live_migration
-
  libvirt_file_backed_memory_enabled:
    not:
      or:
@ -1155,19 +1142,8 @@ outputs:
                  - live_migration_optimization_set
                  - true
                  - false
-
-            # TUNNELLED mode provides a security improvement for migration, but
-            # can't be used in combination with block migration. So we only enable it
-            # when shared storage is available (Ceph RDB is currently the only option).
-            # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12
-            # In future versions of QEMU (2.6, mostly), danpb's native
-            # encryption work will obsolete the need to use TUNNELLED transport
-            # mode.
-            nova::migration::libvirt::live_migration_tunnelled:
-              if:
-              - enable_live_migration_tunnelled
-              - true
-              - false
+            # TUNNELLED mode is not compatible with post_copy.
+            nova::migration::libvirt::live_migration_tunnelled: false
            # NOTE: bind IP is found in hiera replacing the network name with the
            # local node IP for the given network; replacement examples
            # (eg. for internal_api):