From 20a1208b2027677f4de0a4bc1baa61605ec6a4df Mon Sep 17 00:00:00 2001 From: okozachenko Date: Tue, 15 Sep 2020 23:34:15 +0300 Subject: [PATCH] Use unix socket to connect libvirt in nova The motivation is to remove 127.0.0.1 in connection_uri and so can allow live migration in libvirtd. Plus, realize tls on libvirt to secure. Now /run is already mounted so it should work Depends-On: https://review.opendev.org/752263 Change-Id: I911abb8b1ee1e300d02a373e083a404574cc3fea --- nova/Chart.yaml | 2 +- nova/values.yaml | 2 +- releasenotes/notes/nova.yaml | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/nova/Chart.yaml b/nova/Chart.yaml index 6f7892d2c4..97e5c7be30 100644 --- a/nova/Chart.yaml +++ b/nova/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Nova name: nova -version: 0.1.10 +version: 0.1.11 home: https://docs.openstack.org/nova/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png sources: diff --git a/nova/values.yaml b/nova/values.yaml index d22da5f886..692d38155f 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -1725,7 +1725,7 @@ conf: auth_type: password send_service_user_token: false libvirt: - connection_uri: "qemu+tcp://127.0.0.1/system" + connection_uri: "qemu+unix:///system?socket=/run/libvirt/libvirt-sock" images_type: qcow2 images_rbd_pool: vms images_rbd_ceph_conf: /etc/ceph/ceph.conf diff --git a/releasenotes/notes/nova.yaml b/releasenotes/notes/nova.yaml index 3102fcca34..7e3bc0dad0 100644 --- a/releasenotes/notes/nova.yaml +++ b/releasenotes/notes/nova.yaml @@ -11,3 +11,4 @@ nova: - 0.1.8 Change Issuer to ClusterIssuer - 0.1.9 Revert "Change Issuer to ClusterIssuer" - 0.1.10 Use HostToContainer mount propagation + - 0.1.11 Secure libvirt connection from using 127.0.0.1 to use unix socket