From 6781c181347553e02a001aff3960ac9ede035978 Mon Sep 17 00:00:00 2001
From: Clint Byrum <clint@fewbar.com>
Date: Thu, 8 Feb 2018 16:19:58 -0800
Subject: [PATCH] Allow disabling nova-ssh

This service is only required if you want to support cold migration.
In some instances that is not a needed feature, and avoiding having
another key to manage is an advantage.

Co-Authored-By: Adam Harwell <flux.adam@gmail.com>

Change-Id: I0a55a91673d9178933f134832df4bd849ddf5af4
---
 ansible/group_vars/all.yml                                  | 1 +
 ansible/roles/nova/defaults/main.yml                        | 2 +-
 etc/kolla/globals.yml                                       | 1 +
 .../notes/allow-disabling-nova-ssh-51028805f163e5a2.yaml    | 6 ++++++
 4 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/allow-disabling-nova-ssh-51028805f163e5a2.yaml

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index c8a53d85e7..4ef0de1d05 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -490,6 +490,7 @@ enable_neutron_segments: "no"
 enable_neutron_sfc: "no"
 enable_neutron_infoblox_ipam_agent: "no"
 enable_nova_serialconsole_proxy: "no"
+enable_nova_ssh: "yes"
 enable_octavia: "no"
 enable_opendaylight: "no"
 enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' | bool }}"
diff --git a/ansible/roles/nova/defaults/main.yml b/ansible/roles/nova/defaults/main.yml
index 92a8625238..757779338f 100644
--- a/ansible/roles/nova/defaults/main.yml
+++ b/ansible/roles/nova/defaults/main.yml
@@ -26,7 +26,7 @@ nova_services:
     container_name: "nova_ssh"
     group: "compute"
     image: "{{ nova_ssh_image_full }}"
-    enabled: True
+    enabled: "{{ enable_nova_ssh | bool }}"
     volumes:
       - "{{ node_config_directory }}/nova-ssh/:{{ container_config_directory }}/:ro"
       - "/etc/localtime:/etc/localtime:ro"
diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml
index 33b2c2f63e..a6aab72aa7 100644
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@@ -247,6 +247,7 @@ kolla_internal_vip_address: "10.10.10.254"
 #enable_neutron_sfc: "no"
 #enable_nova_fake: "no"
 #enable_nova_serialconsole_proxy: "no"
+#enable_nova_ssh: "yes"
 #enable_octavia: "no"
 #enable_opendaylight: "no"
 #enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' }}"
diff --git a/releasenotes/notes/allow-disabling-nova-ssh-51028805f163e5a2.yaml b/releasenotes/notes/allow-disabling-nova-ssh-51028805f163e5a2.yaml
new file mode 100644
index 0000000000..f535787214
--- /dev/null
+++ b/releasenotes/notes/allow-disabling-nova-ssh-51028805f163e5a2.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Add a configuration option `enable_nova_ssh` to allow disabling the
+    service. This is useful when an operator is not supporting cold-migration
+    and does not want to manage additional SSH keys.