From 9e4f7c16a536633b7bd394c857216bfb4bb9c0df Mon Sep 17 00:00:00 2001
From: Lukas Bezdicka <lbezdick@redhat.com>
Date: Mon, 16 Jun 2014 14:17:18 +0200
Subject: [PATCH] Fix libvirt livemigration

Ensure qemu migration ports are open on nova_computes and ensure
that nova passes no_verify to libvirt as we don't have reasonable
way to fill known_hosts file at puppet run.

Change-Id: I484df7402032f71141b2dea356d841fcfe296e13
Closes-Bug: rhbz#1100356
---
 packstack/plugins/nova_300.py              | 11 +++++++++++
 packstack/puppet/templates/nova_compute.pp |  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/packstack/plugins/nova_300.py b/packstack/plugins/nova_300.py
index dd4a569d6..8f7d39974 100644
--- a/packstack/plugins/nova_300.py
+++ b/packstack/plugins/nova_300.py
@@ -458,6 +458,17 @@ def create_compute_manifest(config, messages):
     for host in compute_hosts:
         config["CONFIG_NOVA_COMPUTE_HOST"] = host
         manifestdata = getManifestTemplate("nova_compute.pp")
+
+        for c_host in compute_hosts:
+            config['FIREWALL_SERVICE_NAME'] = "nova qemu migration"
+            config['FIREWALL_PORTS'] = "'49152-49215'"
+            config['FIREWALL_CHAIN'] = "INPUT"
+            config['FIREWALL_PROTOCOL'] = 'tcp'
+            config['FIREWALL_ALLOWED'] = "'%s'" % c_host
+            config['FIREWALL_SERVICE_ID'] = ("nova_qemu_migration_%s_%s"
+                                                 % (host, c_host))
+            manifestdata += getManifestTemplate("firewall.pp")
+
         if config['CONFIG_VMWARE_BACKEND'] == 'y':
             manifestdata += getManifestTemplate("nova_compute_vmware.pp")
         else:
diff --git a/packstack/puppet/templates/nova_compute.pp b/packstack/puppet/templates/nova_compute.pp
index b8b9798e0..7efe8d80b 100644
--- a/packstack/puppet/templates/nova_compute.pp
+++ b/packstack/puppet/templates/nova_compute.pp
@@ -21,7 +21,7 @@ file { '/etc/nova/ssh/nova_migration_key':
 
 nova_config{
     "DEFAULT/volume_api_class": value   => "nova.volume.cinder.API";
-    "libvirt/live_migration_uri": value => "qemu+ssh://nova@%%s/system?keyfile=/etc/nova/ssh/nova_migration_key";
+    "libvirt/live_migration_uri": value => "qemu+ssh://nova@%%s/system?no_verify=1&keyfile=/etc/nova/ssh/nova_migration_key";
 }
 
 class {"nova::compute":