Disable tunneled mode when use_tls_for_live_migration
With recent version of libvirt, nova-compute don't come up
correct when tls-everywhere (use_tls_for_live_migration)
is set. The enable_live_migration_tunnelled condition
did not consider tls-livemigration and got disabled.
Nova-compute fails to start with:
2021-05-12 12:49:09.278 7 ERROR oslo_service.service nova.exception.Invalid: Setting both 'live_migration_tunnelled' and 'live_migration_with_native_tls' at the same time is invalid. If you have the relevant libvirt and QEMU versions, and TLS configured in your environment, pick 'live_migration_with_native_tls'._
This change enhance the enable_live_migration_tunnelled
condition to not configure tunnelled mode when
use_tls_for_live_migration is true.
Closes-Bug: #1928554
Related-bug: https://bugzilla.redhat.com/show_bug.cgi?id=1959808
Change-Id: I1a6f5d3a98d185415b772fa6a94d6f4329dc59a0
(cherry picked from commit 3a472cbbe8
)
This commit is contained in:
parent
eb7a60089c
commit
4b1da5cd5b
|
@ -763,7 +763,15 @@ parameters:
|
||||||
default: {}
|
default: {}
|
||||||
tags:
|
tags:
|
||||||
- role_specific
|
- role_specific
|
||||||
|
EnableInternalTLS:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
UseTLSTransportForLiveMigration:
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
|
description: If set to true and if EnableInternalTLS is enabled, it will
|
||||||
|
set the libvirt URI's transport to tls and configure the
|
||||||
|
relevant keys for libvirt.
|
||||||
|
|
||||||
# DEPRECATED: the following options are deprecated and are currently maintained
|
# DEPRECATED: the following options are deprecated and are currently maintained
|
||||||
# for backwards compatibility. They will be removed in future release.
|
# for backwards compatibility. They will be removed in future release.
|
||||||
|
@ -991,17 +999,23 @@ conditions:
|
||||||
- not: {equals: [{get_param: NovaComputeStartupDelay}, 0]}
|
- not: {equals: [{get_param: NovaComputeStartupDelay}, 0]}
|
||||||
- not: enable_instance_ha
|
- not: enable_instance_ha
|
||||||
|
|
||||||
|
use_tls_for_live_migration:
|
||||||
|
and:
|
||||||
|
- {get_param: EnableInternalTLS}
|
||||||
|
- {get_param: UseTLSTransportForLiveMigration}
|
||||||
|
|
||||||
enable_live_migration_tunnelled:
|
enable_live_migration_tunnelled:
|
||||||
or:
|
and:
|
||||||
- and:
|
- or:
|
||||||
- equals: [{get_param: NovaNfsEnabled}, true]
|
- and:
|
||||||
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, '']
|
- {get_param: NovaNfsEnabled}
|
||||||
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, true]
|
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, '']
|
||||||
- equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, true]
|
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, true]
|
||||||
- and:
|
- equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, true]
|
||||||
- equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, '']
|
- and:
|
||||||
- equals: [{get_param: NovaEnableRbdBackend}, true]
|
- equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, '']
|
||||||
|
- {get_param: NovaEnableRbdBackend}
|
||||||
|
- not: use_tls_for_live_migration
|
||||||
|
|
||||||
libvirt_file_backed_memory_enabled:
|
libvirt_file_backed_memory_enabled:
|
||||||
not:
|
not:
|
||||||
|
|
|
@ -286,12 +286,8 @@ conditions:
|
||||||
|
|
||||||
use_tls_for_live_migration:
|
use_tls_for_live_migration:
|
||||||
and:
|
and:
|
||||||
- equals:
|
|
||||||
- {get_param: EnableInternalTLS}
|
- {get_param: EnableInternalTLS}
|
||||||
- true
|
|
||||||
- equals:
|
|
||||||
- {get_param: UseTLSTransportForLiveMigration}
|
- {get_param: UseTLSTransportForLiveMigration}
|
||||||
- true
|
|
||||||
|
|
||||||
libvirt_specific_ca_unset:
|
libvirt_specific_ca_unset:
|
||||||
equals:
|
equals:
|
||||||
|
|
Loading…
Reference in New Issue