openstack/tripleo-heat-templates
Code Issues Proposed changes
4bdaa20405
tripleo-heat-templates/releasenotes/notes/libvirtd_use_bind_mounts_for_certs-64cb88f78538a64b.yaml
Martin Schuppert e07e571ba2 Use bind mounts for tls certificates 
Certificates get merged into the containers using kolla_config
mechanism. If a certificate changes, or e.g. UseTLSTransportForNbd
gets disabled and enabled at a later point the containers running
the qemu process miss the required certificates and live migration
fails.
This change moves to use bind mount for the certificates and in
case of UseTLSTransportForNbd ans creates the required certificates even
if UseTLSTransportForNbd is set to False. With this UseTLSTransportForNbd
can be enabled/disabled as the required bind mounts/certificates
are already present.

Related-Bug: #1900986
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1888951

Depends-On: I9538b7e579d4921b14f6ef5eec0300e7e50628d4

Change-Id: I7f583d18e558b95922a66eb539cc91de74409c96
2020-11-02 09:09:50 +01:00

14 lines
624 B
YAML
Raw Blame History

---
fixes:
- |
Certificates get merged into the containers using kolla_config
mechanism. If a certificate changes, or e.g. UseTLSTransportForNbd
gets disabled and enabled at a later point the containers running
the qemu process miss the required certificates and live migration
fails.
This change moves to use bind mount for the certificates and in
case of UseTLSTransportForNbd ans creates the required certificates even
if UseTLSTransportForNbd is set to False. With this UseTLSTransportForNbd
can be enabled/disabled as the required bind mounts/certificates
are already present.
View Git Blame Copy Permalink