Disable tunneled mode when use_tls_for_live_migration

With recent version of libvirt, nova-compute don't come up correct when tls-everywhere (use_tls_for_live_migration) is set. The enable_live_migration_tunnelled condition did not consider tls-livemigration and got disabled. Nova-compute fails to start with: 2021-05-12 12:49:09.278 7 ERROR oslo_service.service nova.exception.Invalid: Setting both 'live_migration_tunnelled' and 'live_migration_with_native_tls' at the same time is invalid. If you have the relevant libvirt and QEMU versions, and TLS configured in your environment, pick 'live_migration_with_native_tls'._ This change enhance the enable_live_migration_tunnelled condition to not configure tunnelled mode when use_tls_for_live_migration is true. Conflicts: - deployment/nova/nova-compute-container-puppet.yaml NOTE(dvd): - 91837d4fa7 Add new parameters to configure nova-compute direct rbd image download - addcee106e Add ability to configure glance multiple cinder stores Closes-Bug: #1928554 Related-bug: https://bugzilla.redhat.com/show_bug.cgi?id=1959808 Change-Id: I1a6f5d3a98d185415b772fa6a94d6f4329dc59a0 (cherry picked from commit 3a472cbbe8) (cherry picked from commit 4b1da5cd5b)
2021-05-12 19:45:22 +02:00 · 2021-05-12 19:45:22 +02:00 · 86de3c3501
parent 1311f8a521
commit 86de3c3501
2 changed files with 25 additions and 13 deletions
--- a/deployment/nova/nova-compute-container-puppet.yaml
+++ b/deployment/nova/nova-compute-container-puppet.yaml
@ -540,6 +540,15 @@ parameters:
    default: 0
    tags:
      - role_specific
+  EnableInternalTLS:
+    type: boolean
+    default: false
+  UseTLSTransportForLiveMigration:
+    type: boolean
+    default: true
+    description: If set to true and if EnableInternalTLS is enabled, it will
+                 set the libvirt URI's transport to tls and configure the
+                 relevant keys for libvirt.

  # DEPRECATED: the following options are deprecated and are currently maintained
  # for backwards compatibility. They will be removed in future release.
@ -740,16 +749,23 @@ resources:
 conditions:
  enable_instance_ha: {equals: [{get_param: EnableInstanceHA}, true]}

+  use_tls_for_live_migration:
+    and:
+      - {get_param: EnableInternalTLS}
+      - {get_param: UseTLSTransportForLiveMigration}
+
  enable_live_migration_tunnelled:
-    or:
-      - and:
-        - equals: [{get_param: NovaNfsEnabled}, true]
-        - equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, '']
-      - equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, true]
-      - equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, true]
-      - and:
-        - equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, '']
-        - equals: [{get_param: NovaEnableRbdBackend}, true]
+    and:
+      - or:
+          - and:
+            - {get_param: NovaNfsEnabled}
+            - equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, '']
+          - equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, true]
+          - equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, true]
+          - and:
+            - equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, '']
+            - {get_param: NovaEnableRbdBackend}
+      - not: use_tls_for_live_migration

  libvirt_file_backed_memory_enabled:
    not:
--- a/deployment/nova/nova-libvirt-container-puppet.yaml
+++ b/deployment/nova/nova-libvirt-container-puppet.yaml
@ -273,12 +273,8 @@ conditions:

  use_tls_for_live_migration:
    and:
-    - equals:
      - {get_param: EnableInternalTLS}
-      - true
-    - equals:
      - {get_param: UseTLSTransportForLiveMigration}
-      - true

  libvirt_specific_ca_unset:
    equals: