To enable cold migration, need to update nova charts in openstack-helm
and helm-toolkit chart in openstack-helm-infra. These changes build
on existing upstream components which attempt to add a second container
to the nova-compute pod which creates a sshd process listening on port
8022.
Nova chart changes include:
- Fix bug in ssh-config mapping so config file is generated properly in
/root/.ssh/config in nova-compute container.
- Move private key from sshd container to nova-compute container.
- Map private and public ssh keys to new configmap-ssh which will
default to acceptable file permissions (400) for ssh. Keys will be
provided in overrides.
- Add additional config to /etc/ssh/sshd_config to allow passwordless
root logins over appropriate subnet passed in from overrides. This
is the same as what is done in nova puppet currently.
- Remove chmods from sshd bash script as they are failing. Function is
replaced by configmap-ssh.
To enable cold migration in nova helm chart, we need to allow multiple
containers within the same daemonset pod. This requires a patch to
the helm-toolkit _daemonset_overrides template to remove upstream
restriction. This issue is tracked upstream by storyboard 2003876.
These changes should be upstreamed but may require further refinement.
Story: 2003909
Task: 28927
Change-Id: Id789ba051cec019e8b7564c713cf1b5296ecf9f6
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
6e74844f72