From dcbc394948fa120753826e0e69c6d40909e51c3c Mon Sep 17 00:00:00 2001 From: Paulo Matias Date: Wed, 18 May 2016 15:17:08 -0300 Subject: [PATCH] Turn SSH auth into the default for live migration Currently, non-encrypted SASL-authenticated communication (qemu+tcp protocol) is the default for connecting to libvirtd in remote compute nodes during live migration. This commit changes the scheme to encrypted SSH-authenticated communication, which is readily usable since the role already distributes SSH keypairs between the nodes. Change-Id: Ia6d2c99872e192ab308fc6d0195b609c95f55ff5 Closes-Bug: #1580276 --- .../live-migration-default-set-to-ssh-6add1dbdeea43509.yaml | 5 +++++ templates/nova.conf.j2 | 1 + 2 files changed, 6 insertions(+) create mode 100644 releasenotes/notes/live-migration-default-set-to-ssh-6add1dbdeea43509.yaml diff --git a/releasenotes/notes/live-migration-default-set-to-ssh-6add1dbdeea43509.yaml b/releasenotes/notes/live-migration-default-set-to-ssh-6add1dbdeea43509.yaml new file mode 100644 index 00000000..80969693 --- /dev/null +++ b/releasenotes/notes/live-migration-default-set-to-ssh-6add1dbdeea43509.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - Adding a new nova.conf entry, live_migration_uri. This entry will default + to a ``qemu-ssh://`` uri, which uses the ssh keys that have already been + distributed between all of the compute hosts. diff --git a/templates/nova.conf.j2 b/templates/nova.conf.j2 index 0d7e6b64..2a4cd581 100644 --- a/templates/nova.conf.j2 +++ b/templates/nova.conf.j2 @@ -274,5 +274,6 @@ images_rbd_pool = {{ nova_libvirt_images_rbd_pool }} images_rbd_ceph_conf = /etc/ceph/ceph.conf {% endif %} live_migration_flag = "{{ nova_libvirt_live_migration_flag }}" +live_migration_uri = "qemu+ssh://nova@%s/system?no_verify=1&keyfile={{ nova_system_home_folder }}/.ssh/id_rsa" hw_disk_discard = {{ nova_libvirt_hw_disk_discard }} disk_cachemodes = {{ nova_libvirt_disk_cachemodes }}