openstack/tripleo-heat-templates
Code Issues Proposed changes

Merge "Re-enable libvirt TLS with SCRAM SHA-1 auth"

Browse Source
This commit is contained in:
Zuul 2017-11-23 07:24:42 +00:00 committed by Gerrit Code Review
commit def7c3851b
2 changed files with 22 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
docker/services/nova-libvirt.yaml
View File

@ -74,14 +74,14 @@ parameters:
conditions: conditions:
use_tls_for_live_migration: false use_tls_for_live_migration:
# and: and:
# - equals: - equals:
# - {get_param: EnableInternalTLS} - {get_param: EnableInternalTLS}
# - true - true
# - equals: - equals:
# - {get_param: UseTLSTransportForLiveMigration} - {get_param: UseTLSTransportForLiveMigration}
# - true - true
need_libvirt_secret: need_libvirt_secret:
or: or:
@ -128,7 +128,7 @@ outputs:
logging_groups: {get_attr: [NovaLibvirtBase, role_data, logging_groups]} logging_groups: {get_attr: [NovaLibvirtBase, role_data, logging_groups]}
puppet_config: puppet_config:
config_volume: nova_libvirt config_volume: nova_libvirt
puppet_tags: libvirtd_config,nova_config,file puppet_tags: libvirtd_config,nova_config,file,libvirt_tls_password
step_config: step_config:
list_join: list_join:
- "\n" - "\n"

21
puppet/services/nova-libvirt.yaml
View File

@ -98,17 +98,21 @@ parameters:
default: 2022 default: 2022
description: Target port for migration over ssh description: Target port for migration over ssh
type: number type: number
LibvirtTLSPassword:
description: The password for the libvirt service when TLS is enabled
type: string
hidden: true
conditions: conditions:
use_tls_for_live_migration: false use_tls_for_live_migration:
# and: and:
# - equals: - equals:
# - {get_param: EnableInternalTLS} - {get_param: EnableInternalTLS}
# - true - true
# - equals: - equals:
# - {get_param: UseTLSTransportForLiveMigration} - {get_param: UseTLSTransportForLiveMigration}
# - true - true
libvirt_specific_ca_unset: libvirt_specific_ca_unset:
equals: equals:
@ -171,6 +175,7 @@ outputs:
- -
generate_service_certificates: true generate_service_certificates: true
tripleo::profile::base::nova::migration::client::libvirt_tls: true tripleo::profile::base::nova::migration::client::libvirt_tls: true
tripleo::profile::base::nova::libvirt::tls_password: {get_param: [LibvirtTLSPassword]}
nova::migration::libvirt::listen_address: nova::migration::libvirt::listen_address:
get_param: [ServiceNetMap, NovaLibvirtNetwork] get_param: [ServiceNetMap, NovaLibvirtNetwork]
nova::migration::libvirt::live_migration_inbound_addr: nova::migration::libvirt::live_migration_inbound_addr: