From 1da46d9c8f548dbbc387d1cb3585e3758c3d697b Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Sun, 22 May 2022 21:46:34 +0900
Subject: [PATCH] Restrict networks used by nova migration target

Currently the sshd service for nova migration target listens to all
networks and the match block is used to restrict the networks allowed
for the nova_migration user.

This was required when the host sshd service was used, but now the nova
migration target service is independent from the host sshd and we can
just restrict the networks used by the services.

Depends-on: https://review.opendev.org/842858
Change-Id: I506b157c0de7232181a2a9c22bcf632fa67a8d0d
---
 deployment/nova/nova-migration-target-container-puppet.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deployment/nova/nova-migration-target-container-puppet.yaml b/deployment/nova/nova-migration-target-container-puppet.yaml
index 54dee067fd..a914494ea2 100644
--- a/deployment/nova/nova-migration-target-container-puppet.yaml
+++ b/deployment/nova/nova-migration-target-container-puppet.yaml
@@ -110,7 +110,7 @@ outputs:
       config_settings:
         tripleo::profile::base::nova::migration::target::ssh_authorized_keys:
           - {get_param: [ MigrationSshKey, public_key ]}
-        tripleo::profile::base::nova::migration::target::ssh_localaddrs:
+        tripleo::profile::base::sshd::listen:
           - str_replace:
               template:
                 "%{lookup('$NETWORK')}"