Add support for nova live/cold-migration with containers

Updates hieradata for changes in https://review.openstack.org/471950.
Creates a new service - NovaMigrationTarget. On baremetal this just configures
live/cold-migration. On docker is includes a container running a second sshd
services on an alternative port.
Configures /var/lib/nova/.ssh/config and mounts in nova-compute and libvirtd
containers.

Change-Id: Ic4b810ff71085b73ccd08c66a3739f94e6c0c427
Implements: blueprint tripleo-cold-migration
Depends-On: I6c04cebd1cf066c79c5b4335011733d32ac208dc
Depends-On: I063a84a8e6da64ae3b09125cfa42e48df69adc12

ci/environments/multinode-3nodes.yaml

@@ -55,6 +55,7 @@
     - OS::TripleO::Services::TripleoFirewall
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::NovaMigrationTarget
     - OS::TripleO::Services::MySQLClient
     - OS::TripleO::Services::Sshd
 

ci/environments/multinode-containers.yaml

@@ -16,6 +16,7 @@ resource_registry:
   # Some infra instances don't pass the ping test but are otherwise working.
   # Since the OVB jobs also test this functionality we can shut it off here.
   OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
+  OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
 
 parameter_defaults:
   ControllerServices:
@@ -59,6 +60,7 @@ parameter_defaults:
     - OS::TripleO::Services::TripleoPackages
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::NovaMigrationTarget
     - OS::TripleO::Services::Sshd
   ControllerExtraConfig:
     nova::compute::libvirt::services::libvirt_virt_type: qemu

ci/environments/multinode.yaml

@@ -57,6 +57,7 @@ parameter_defaults:
     - OS::TripleO::Services::NovaLibvirt
     - OS::TripleO::Services::Horizon
     - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::NovaMigrationTarget
     - OS::TripleO::Services::Sshd
   ControllerExtraConfig:
     nova::compute::libvirt::services::libvirt_virt_type: qemu

ci/environments/multinode_major_upgrade.yaml

@@ -54,6 +54,7 @@ parameter_defaults:
     - OS::TripleO::Services::NovaScheduler
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::NovaMigrationTarget
     - OS::TripleO::Services::Pacemaker
     - OS::TripleO::Services::Horizon
     - OS::TripleO::Services::Sshd

ci/environments/scenario001-multinode-containers.yaml

@@ -26,6 +26,7 @@ resource_registry:
   # Some infra instances don't pass the ping test but are otherwise working.
   # Since the OVB jobs also test this functionality we can shut it off here.
   OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
+  OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
 
 parameter_defaults:
   ControllerServices:
@@ -62,6 +63,7 @@ parameter_defaults:
     - OS::TripleO::Services::Timezone
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::NovaMigrationTarget
     - OS::TripleO::Services::MongoDb
     - OS::TripleO::Services::Redis
     - OS::TripleO::Services::AodhApi

ci/environments/scenario001-multinode.yaml

@@ -60,6 +60,7 @@ parameter_defaults:
     - OS::TripleO::Services::Timezone
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::NovaMigrationTarget
     - OS::TripleO::Services::MongoDb
     - OS::TripleO::Services::Redis
     - OS::TripleO::Services::AodhApi

ci/environments/scenario002-multinode-containers.yaml

@@ -19,6 +19,7 @@ resource_registry:
   # Some infra instances don't pass the ping test but are otherwise working.
   # Since the OVB jobs also test this functionality we can shut it off here.
   OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
+  OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
 
 parameter_defaults:
   ControllerServices:
@@ -53,6 +54,7 @@ parameter_defaults:
     - OS::TripleO::Services::Timezone
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::NovaMigrationTarget
     - OS::TripleO::Services::CinderApi
     - OS::TripleO::Services::CinderBackup
     - OS::TripleO::Services::CinderScheduler

ci/environments/scenario002-multinode.yaml

@@ -52,6 +52,7 @@ parameter_defaults:
     - OS::TripleO::Services::Timezone
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::NovaMigrationTarget
     - OS::TripleO::Services::CinderApi
     - OS::TripleO::Services::CinderBackup
     - OS::TripleO::Services::CinderScheduler

ci/environments/scenario003-multinode-containers.yaml

@@ -20,6 +20,7 @@ resource_registry:
   # Some infra instances don't pass the ping test but are otherwise working.
   # Since the OVB jobs also test this functionality we can shut it off here.
   OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
+  OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
 
 parameter_defaults:
   ControllerServices:

ci/environments/scenario003-multinode.yaml

@@ -50,6 +50,7 @@ parameter_defaults:
     - OS::TripleO::Services::Snmp
     - OS::TripleO::Services::Timezone
     - OS::TripleO::Services::NovaCompute
+    - OS::TripleO::Services::NovaMigrationTarget
     - OS::TripleO::Services::NovaLibvirt
     - OS::TripleO::Services::SaharaApi
     - OS::TripleO::Services::SaharaEngine

ci/environments/scenario004-multinode-containers.yaml

@@ -30,6 +30,7 @@ resource_registry:
   # Some infra instances don't pass the ping test but are otherwise working.
   # Since the OVB jobs also test this functionality we can shut it off here.
   OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
+  OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
 
 
 parameter_defaults:
@@ -74,6 +75,7 @@ parameter_defaults:
     - OS::TripleO::Services::Timezone
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::NovaMigrationTarget
     - OS::TripleO::Services::TripleoPackages
     - OS::TripleO::Services::TripleoFirewall
     - OS::TripleO::Services::Sshd

ci/environments/scenario004-multinode.yaml

@@ -74,6 +74,7 @@ parameter_defaults:
     - OS::TripleO::Services::Timezone
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::NovaMigrationTarget
     - OS::TripleO::Services::TripleoPackages
     - OS::TripleO::Services::TripleoFirewall
     - OS::TripleO::Services::Sshd

deployed-server/deployed-server-roles-data.yaml

@@ -118,6 +118,7 @@
     - OS::TripleO::Services::Snmp
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::NovaMigrationTarget
     - OS::TripleO::Services::Kernel
     - OS::TripleO::Services::ComputeNeutronCorePlugin
     - OS::TripleO::Services::ComputeNeutronOvsAgent

docker/docker-puppet.py

@@ -215,7 +215,7 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
 
         # Disables archiving
         if [ -z "$NO_ARCHIVE" ]; then
-            archivedirs=("/etc" "/root" "/opt" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www" "/var/spool/cron")
+            archivedirs=("/etc" "/root" "/opt" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www" "/var/spool/cron" "/var/lib/nova/.ssh")
             rsync_srcs=""
             for d in "${archivedirs[@]}"; do
                 if [ -d "$d" ]; then

docker/services/nova-compute.yaml

@@ -36,6 +36,11 @@ parameters:
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
+  DockerNovaMigrationSshdPort:
+    default: 2022
+    description: Port that dockerized nova migration target sshd service
+                 binds to.
+    type: number
 
 resources:
 
@@ -51,6 +56,7 @@ resources:
       DefaultPasswords: {get_param: DefaultPasswords}
       RoleName: {get_param: RoleName}
       RoleParameters: {get_param: RoleParameters}
+      MigrationSshPort: {get_param: DockerNovaMigrationSshdPort}
 
 outputs:
   role_data:
@@ -58,14 +64,7 @@ outputs:
     value:
       service_name: {get_attr: [NovaComputeBase, role_data, service_name]}
       config_settings:
-        map_merge:
+        get_attr: [NovaComputeBase, role_data, config_settings]
-          - get_attr: [NovaComputeBase, role_data, config_settings]
-          # FIXME: we need to disable migration for now as the
-          # hieradata is common for all services, and this means nova
-          # and nova_placement puppet runs also try to configure
-          # libvirt, and they fail. We can remove this override when
-          # we have hieradata separation between containers.
-          - tripleo::profile::base::nova::manage_migration: false
       step_config: &step_config
         get_attr: [NovaComputeBase, role_data, step_config]
       puppet_config:

docker/services/nova-libvirt.yaml

@@ -51,6 +51,12 @@ parameters:
     description: If set to true and if EnableInternalTLS is enabled, it will
                  set the libvirt URI's transport to tls and configure the
                  relevant keys for libvirt.
+  DockerNovaMigrationSshdPort:
+    default: 2022
+    description: Port that dockerized nova migration target sshd service
+                 binds to.
+    type: number
+
 
 conditions:
 
@@ -77,6 +83,7 @@ resources:
       DefaultPasswords: {get_param: DefaultPasswords}
       RoleName: {get_param: RoleName}
       RoleParameters: {get_param: RoleParameters}
+      MigrationSshPort: {get_param: DockerNovaMigrationSshdPort}
 
 outputs:
   role_data:
@@ -84,14 +91,7 @@ outputs:
     value:
       service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]}
       config_settings:
-        map_merge:
+        get_attr: [NovaLibvirtBase, role_data, config_settings]
-          - get_attr: [NovaLibvirtBase, role_data, config_settings]
-          # FIXME: we need to disable migration for now as the
-          # hieradata is common for all services, and this means nova
-          # and nova_placement puppet runs also try to configure
-          # libvirt, and they fail. We can remove this override when
-          # we have hieradata separation between containers.
-          - tripleo::profile::base::nova::manage_migration: false
       step_config: &step_config
         get_attr: [NovaLibvirtBase, role_data, step_config]
       puppet_config:

docker/services/nova-migration-target.yaml

@@ -0,0 +1,124 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized Nova Migration Target service
+
+parameters:
+  DockerNovaComputeImage:
+    description: image
+    type: string
+  DockerNovaLibvirtConfigImage:
+    description: The container image to use for the nova_libvirt config_volume
+    type: string
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  DockerNovaMigrationSshdPort:
+    default: 2022
+    description: Port that dockerized nova migration target sshd service
+                 binds to.
+    type: number
+
+resources:
+
+  ContainersCommon:
+    type: ./containers-common.yaml
+
+  SshdBase:
+    type: ../../puppet/services/sshd.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+  NovaMigrationTargetBase:
+    type: ../../puppet/services/nova-migration-target.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the Nova Migration Target service.
+    value:
+      service_name: nova_migration_target
+      config_settings:
+        map_merge:
+          - get_attr: [SshdBase, role_data, config_settings]
+          - get_attr: [NovaMigrationTargetBase, role_data, config_settings]
+          - tripleo.nova_migration_target.firewall_rules:
+              '113 nova_migration_target':
+                dport:
+                  - {get_param: DockerNovaMigrationSshdPort}
+      step_config: &step_config
+        list_join:
+          - "\n"
+          - - get_attr: [SshdBase, role_data, step_config]
+            - get_attr: [NovaMigrationTargetBase, role_data, step_config]
+      puppet_config:
+        config_volume: nova_libvirt
+        step_config: *step_config
+        config_image: {get_param: DockerNovaLibvirtConfigImage}
+      kolla_config:
+        /var/lib/kolla/config_files/nova-migration-target.json:
+          command:
+            str_replace:
+              template: "/usr/sbin/sshd -D -p SSHDPORT"
+              params:
+                SSHDPORT: {get_param: DockerNovaMigrationSshdPort}
+          config_files:
+            - source: "/var/lib/kolla/config_files/src/*"
+              dest: "/"
+              merge: true
+              preserve_properties: true
+            - source: /host-ssh/ssh_host_*_key
+              dest: /etc/ssh/
+              owner: "root"
+              perm: "0600"
+      docker_config:
+        step_4:
+          nova_migration_target:
+            image: {get_param: DockerNovaComputeImage}
+            net: host
+            privileged: true
+            user: root
+            restart: always
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/nova-migration-target.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
+                  - /etc/ssh/:/host-ssh/:ro
+                  - /run:/run
+                  - /var/lib/nova:/var/lib/nova
+            environment:
+             - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS

environments/contrail/roles_data_contrail.yaml

@@ -125,6 +125,7 @@
     - OS::TripleO::Services::Sshd
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::NovaMigrationTarget
     - OS::TripleO::Services::Kernel
     - OS::TripleO::Services::ComputeNeutronCorePlugin
     - OS::TripleO::Services::ComputeNeutronOvsAgent

environments/docker-services-tls-everywhere.yaml

@@ -21,6 +21,7 @@ resource_registry:
   OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml
   OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
   OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
+  OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml
   OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
   OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
   OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml

environments/docker.yaml

@@ -22,6 +22,7 @@ resource_registry:
   OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml
   OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml
   OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml
+  OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml
   OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml
   OS::TripleO::Services::NovaVncProxy: ../docker/services/nova-vnc-proxy.yaml
   OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml

environments/hyperconverged-ceph.yaml

@@ -16,6 +16,7 @@ parameter_defaults:
     - OS::TripleO::Services::Securetty
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::NovaMigrationTarget
     - OS::TripleO::Services::Kernel
     - OS::TripleO::Services::ComputeNeutronCorePlugin
     - OS::TripleO::Services::ComputeNeutronOvsAgent

overcloud-resource-registry-puppet.j2.yaml

@@ -186,6 +186,7 @@ resource_registry:
   OS::TripleO::Services::NovaVncProxy: puppet/services/nova-vnc-proxy.yaml
   OS::TripleO::Services::NovaCompute: puppet/services/nova-compute.yaml
   OS::TripleO::Services::NovaLibvirt: puppet/services/nova-libvirt.yaml
+  OS::TripleO::Services::NovaMigrationTarget: puppet/services/nova-migration-target.yaml
   OS::TripleO::Services::Ntp: puppet/services/time/ntp.yaml
   OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml
   OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None

puppet/services/nova-compute.yaml

@@ -104,7 +104,13 @@ parameters:
       SSH key for migration.
       Expects a dictionary with keys 'public_key' and 'private_key'.
       Values should be identical to SSH public/private key files.
-    default: {}
+    default:
+      public_key: ''
+      private_key: ''
+  MigrationSshPort:
+    default: 22
+    description: Target port for migration over ssh
+    type: number
 
 resources:
   NovaBase:
@@ -159,14 +165,9 @@ outputs:
                         NovaPCIPassthrough: {get_param: NovaPCIPassthrough}
             # we manage migration in nova common puppet profile
             nova::compute::libvirt::migration_support: false
-            tripleo::profile::base::nova::manage_migration: true
+            tripleo::profile::base::nova::migration::client::nova_compute_enabled: true
-            tripleo::profile::base::nova::migration_ssh_key: {get_param: MigrationSshKey}
+            tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]}
-            tripleo::profile::base::nova::migration_ssh_localaddrs:
+            tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort}
-              - "%{hiera('cold_migration_ssh_inbound_addr')}"
-              - "%{hiera('live_migration_ssh_inbound_addr')}"
-            live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
-            cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]}
-            tripleo::profile::base::nova::nova_compute_enabled: true
             nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
             nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
             tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend}

puppet/services/nova-libvirt.yaml

@@ -84,6 +84,19 @@ parameters:
                  the InternalTLSCAFile parameter) is not desired. The current
                  default reflects TripleO's default CA, which is FreeIPA.
                  It will only be used if internal TLS is enabled.
+  MigrationSshKey:
+    type: json
+    description: >
+      SSH key for migration.
+      Expects a dictionary with keys 'public_key' and 'private_key'.
+      Values should be identical to SSH public/private key files.
+    default:
+      public_key: ''
+      private_key: ''
+  MigrationSshPort:
+    default: 22
+    description: Target port for migration over ssh
+    type: number
 
 conditions:
 
@@ -125,11 +138,12 @@ outputs:
           - nova::compute::libvirt::manage_libvirt_services: false
           # we manage migration in nova common puppet profile
             nova::compute::libvirt::migration_support: false
-            tripleo::profile::base::nova::manage_migration: true
-            tripleo::profile::base::nova::libvirt_enabled: true
             nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
             nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
             nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID}
+            tripleo::profile::base::nova::migration::client::libvirt_enabled: true
+            tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]}
+            tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort}
             nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
             nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
             nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents}
@@ -150,7 +164,7 @@ outputs:
               - use_tls_for_live_migration
               -
                 generate_service_certificates: true
-                tripleo::profile::base::nova::libvirt_tls: true
+                tripleo::profile::base::nova::migration::client::libvirt_tls: true
                 nova::migration::libvirt::live_migration_inbound_addr:
                   str_replace:
                     template:

puppet/services/nova-migration-target.yaml

@@ -0,0 +1,57 @@
+heat_template_version: ocata
+
+description: >
+  OpenStack Nova migration target configured with Puppet
+
+parameters:
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  MigrationSshKey:
+    type: json
+    description: >
+      SSH key for migration.
+      Expects a dictionary with keys 'public_key' and 'private_key'.
+      Values should be identical to SSH public/private key files.
+    default:
+      public_key: ''
+      private_key: ''
+
+outputs:
+  role_data:
+    description: Role data for the Nova migration target service.
+    value:
+      service_name: nova_migration_target
+      config_settings:
+        tripleo::profile::base::nova::migration::target::ssh_authorized_keys:
+          - {get_param: [ MigrationSshKey, public_key ]}
+        tripleo::profile::base::nova::migration::target::ssh_localaddrs:
+          - "%{hiera('cold_migration_ssh_inbound_addr')}"
+          - "%{hiera('live_migration_ssh_inbound_addr')}"
+        live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
+        cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]}
+      step_config: |
+        include tripleo::profile::base::nova::migration::target

roles/Compute.yaml

@@ -33,6 +33,7 @@
     - OS::TripleO::Services::NeutronVppAgent
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::NovaMigrationTarget
     - OS::TripleO::Services::Ntp
     - OS::TripleO::Services::OpenDaylightOvs
     - OS::TripleO::Services::Securetty

roles/ComputeHCI.yaml

@@ -33,6 +33,7 @@
     - OS::TripleO::Services::NeutronVppAgent
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::NovaMigrationTarget
     - OS::TripleO::Services::Ntp
     - OS::TripleO::Services::OpenDaylightOvs
     - OS::TripleO::Services::Securetty

roles/README.rst

@@ -157,6 +157,7 @@ Example
    * OS::TripleO::Services::NeutronVppAgent
    * OS::TripleO::Services::NovaCompute
    * OS::TripleO::Services::NovaLibvirt
+   * OS::TripleO::Services::NovaMigrationTarget
    * OS::TripleO::Services::Ntp
    * OS::TripleO::Services::OpenDaylightOvs
    * OS::TripleO::Services::Securetty

roles_data.yaml

@@ -165,6 +165,7 @@
     - OS::TripleO::Services::NeutronVppAgent
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::NovaMigrationTarget
     - OS::TripleO::Services::Ntp
     - OS::TripleO::Services::OpenDaylightOvs
     - OS::TripleO::Services::Securetty