Merge "libvirt: Deprecate live_migration_tunnelled"

Author: Zuul

nova/conf/libvirt.py

@@ -285,6 +285,15 @@
 """),
     cfg.BoolOpt('live_migration_tunnelled',
                 default=False,
+                deprecated_for_removal=True,
+                deprecated_since='23.0.0',
+                deprecated_reason="""
+The "tunnelled live migration" has two inherent limitations: it cannot
+handle live migration of disks in a non-shared storage setup; and it has
+a huge performance cost.  Both these problems are solved by
+``live_migration_with_native_tls`` (requires a pre-configured TLS
+environment), which is the recommended approach for securing all live
+migration streams.""",
                 help="""
 Enable tunnelled migration.
 

releasenotes/notes/deprecate-tunnelled-live-migration-81c06a04627724ec.yaml

@@ -0,0 +1,16 @@
+---
+deprecations:
+  - |
+    The ``[libvirt]live_migration_tunnelled`` option is deprecated as of
+    Wallaby (23.0.0) release.
+
+    The "tunnelled live migration" has two inherent limitations: (a) it
+    cannot handle live migration of disks in a non-shared storage setup,
+    and (b) it has a huge performance overhead and latency, because it
+    burns more CPU and memory during live migration.
+
+    Both these problems are addressed by the QEMU-native support in Nova
+    -- this is the recommended approach for securing all live migration
+    streams (guest RAM, device state, and disks).  Assuming TLS
+    environment is setup, this can be enabled by setting the config
+    attribiute ``[libvirt]live_migration_with_native_tls``.