Merge "Disable tunneled mode when use_tls_for_live_migration" into stable/train

2021-05-22 07:52:36 +00:00 · 2021-05-22 07:52:36 +00:00 · dd33cd965d
parent bc6374170d af8576222f
commit dd33cd965d
2 changed files with 25 additions and 13 deletions
--- a/deployment/nova/nova-compute-container-puppet.yaml
+++ b/deployment/nova/nova-compute-container-puppet.yaml
@ -493,6 +493,15 @@ parameters:
    default: 0
    tags:
      - role_specific
+  EnableInternalTLS:
+    type: boolean
+    default: false
+  UseTLSTransportForLiveMigration:
+    type: boolean
+    default: true
+    description: If set to true and if EnableInternalTLS is enabled, it will
+                 set the libvirt URI's transport to tls and configure the
+                 relevant keys for libvirt.

  # DEPRECATED: the following options are deprecated and are currently maintained
  # for backwards compatibility. They will be removed in future release.
@ -687,16 +696,23 @@ conditions:
  insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]}
  enable_instance_ha: {equals: [{get_param: EnableInstanceHA}, true]}

+  use_tls_for_live_migration:
+    and:
+      - {get_param: EnableInternalTLS}
+      - {get_param: UseTLSTransportForLiveMigration}
+
  enable_live_migration_tunnelled:
-    or:
+    and:
+      - or:
          - and:
-        - equals: [{get_param: NovaNfsEnabled}, true]
+            - {get_param: NovaNfsEnabled}
            - equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, '']
          - equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, true]
          - equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, true]
          - and:
            - equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, '']
-        - equals: [{get_param: NovaEnableRbdBackend}, true]
+            - {get_param: NovaEnableRbdBackend}
+      - not: use_tls_for_live_migration

  libvirt_file_backed_memory_enabled:
    not:
--- a/deployment/nova/nova-libvirt-container-puppet.yaml
+++ b/deployment/nova/nova-libvirt-container-puppet.yaml
@ -279,12 +279,8 @@ conditions:

  use_tls_for_live_migration:
    and:
-    - equals:
      - {get_param: EnableInternalTLS}
-      - true
-    - equals:
      - {get_param: UseTLSTransportForLiveMigration}
-      - true

  libvirt_specific_ca_unset:
    equals: