+++ This bug was initially created as a clone of Bug #1416994 +++ Description of problem: tripleo templates have hard-coded vncserver_listen value this behavior causes vnc to listen on all ports on compute servers, including the routable ip, allowing connections from anybody. We would like to set this like: vncserver_proxyclient_address to the internapi network /usr/share/openstack-tripleo-heat-templates/puppet/manifests/overcloud_compute.pp if str2bool(hiera('nova::use_ipv6', false)) { $vncserver_listen = '::0' } else { $vncserver_listen = '0.0.0.0' } class { '::nova::compute::libvirt' : vncserver_listen => $vncserver_listen, } It's not possible to override this value with yaml parameters Version-Release number of selected component (if applicable): How reproducible: Alaways Steps to Reproduce: 1. Install openstack-tripleo-heat-templates 2. Look at the code 3. Actual results: Cannot override Expected results: Would like to override Additional info: --- Additional comment from Emilien Macchi on 2017-01-27 16:17:53 EST --- David, this is not a bug but a feature. If you want Live Migration to work, the vncserver_listen must be 0.0.0.0. Otherwise, your VM console won't be available anymore when you migrate your VM to another compute. You can find some documentation here that confirms what I just wrote: http://docs.openstack.org/admin-guide/compute-remote-console-access.html I'm closing the bug. --- Additional comment from David Hill on 2017-01-29 12:59:11 EST --- Emilien, We've tested this with the customer and manually changing the VNC listening adress to the IP of the compute node does't seem to affect anything. Are we sure this is not outdated? --- Additional comment from Emilien Macchi on 2017-01-30 13:44:26 EST --- Indeed, it's a bug. Apologize. --- Additional comment from Jason Guiditta on 2017-03-06 08:38:49 EST --- As there was no puppet-nova for mitaka, moving to opm --- Additional comment from Jason Guiditta on 2017-03-13 11:04:03 EDT --- Needs puppet-tripleo backport, puppet-nova done
This bugzilla has been removed from the release and needs to be reviewed and Triaged for another Target Release.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:1504
@Alex, thanks for the confirmation, let's see if Nilesh still have the problem with the z3 update.