openstack
/
charm-nova-compute
Code Issues Proposed changes

Added config option 'inject-password' 

This config option is to enable admin
 password injection at instance boot time
 * Added unit test to verify the config
   is correctly set and nova.config is
   updated.
 * Updated all of the templates that have
   inject-password set
 * Moved inject_* options out of
   {if libvirt_images_type and rbd_pool}
   block as they are irrelevant.

Closes-Bug: #1755696
Change-Id: Ie766a14bfa6b16337aa957bf7adf2d869462f9d7
This commit is contained in:
Linda Guo 2020-12-07 13:06:25 +11:00
parent 835d4b167a
commit d58faab1e9
15 changed files with 95 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
config.yaml
View File

@ -78,6 +78,13 @@ options:
uml, lxc, qemu.
NOTE: Changing virtualisation flavor after deployment is not supported.
inject-password:
type: boolean
default: False
description: |
Enable or disable admin password injection at boot time on hypervisors
that use the libvirt back end (such as KVM, QEMU, and LXC). The random
password appears in the output of the openstack server create command.
disk-cachemodes:
type: string
default:

5
hooks/nova_compute_context.py
View File

@ -313,6 +313,11 @@ class NovaComputeLibvirtContext(context.OSContextGenerator):
ctxt['libvirt_images_type'] = config('libvirt-image-backend')
ctxt['force_raw_images'] = config('force-raw-images')
ctxt['inject_password'] = config('inject-password')
# if allow the injection of an admin password it depends
# on value greater or equal to -1 for inject_partition
# -2 means disable the injection of data
ctxt['inject_partition'] = -1 if config('inject-password') else -2
return ctxt

6
templates/icehouse/nova.conf
View File

@ -152,6 +152,9 @@ server_proxyclient_address = {{ console_listen_addr }}
{% endif -%}
[libvirt]
inject_key = false
inject_password = {{ inject_password }}
inject_partition = {{ inject_partition }}
{% if cpu_mode -%}
cpu_mode = {{ cpu_mode }}
{% endif -%}
@ -164,9 +167,6 @@ images_type = {{ libvirt_images_type }}
{% if libvirt_images_type and rbd_pool -%}
images_rbd_pool = {{ rbd_pool }}
images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }}
inject_password = false
inject_key = false
inject_partition = -2
{% endif -%}
rbd_user = {{ rbd_user }}
rbd_secret_uuid = {{ rbd_secret_uuid }}

6
templates/juno/nova.conf
View File

@ -144,6 +144,9 @@ server_proxyclient_address = {{ console_listen_addr }}
{% endif -%}
[libvirt]
inject_key = false
inject_password = {{ inject_password }}
inject_partition = {{ inject_partition }}
{% if cpu_mode -%}
cpu_mode = {{ cpu_mode }}
{% endif -%}
@ -156,9 +159,6 @@ images_type = {{ libvirt_images_type }}
{% if libvirt_images_type and rbd_pool -%}
images_rbd_pool = {{ rbd_pool }}
images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }}
inject_password = false
inject_key = false
inject_partition = -2
{% endif -%}
rbd_user = {{ rbd_user }}
rbd_secret_uuid = {{ rbd_secret_uuid }}

6
templates/kilo/nova.conf
View File

@ -165,6 +165,9 @@ server_proxyclient_address = {{ console_listen_addr }}
{% endif %}
[libvirt]
inject_key = false
inject_password = {{ inject_password }}
inject_partition = {{ inject_partition }}
{% if cpu_mode -%}
cpu_mode = {{ cpu_mode }}
{% endif -%}
@ -177,9 +180,6 @@ images_type = {{ libvirt_images_type }}
{% if libvirt_images_type and rbd_pool -%}
images_rbd_pool = {{ rbd_pool }}
images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }}
inject_password = false
inject_key = false
inject_partition = -2
{% endif -%}
rbd_user = {{ rbd_user }}
rbd_secret_uuid = {{ rbd_secret_uuid }}

6
templates/liberty/nova.conf
View File

@ -169,6 +169,9 @@ server_proxyclient_address = {{ console_listen_addr }}
{% endif -%}
[libvirt]
inject_key = false
inject_password = {{ inject_password }}
inject_partition = {{ inject_partition }}
{% if cpu_mode -%}
cpu_mode = {{ cpu_mode }}
{% endif -%}
@ -181,9 +184,6 @@ images_type = {{ libvirt_images_type }}
{% if libvirt_images_type and rbd_pool -%}
images_rbd_pool = {{ rbd_pool }}
images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }}
inject_password = false
inject_key = false
inject_partition = -2
{% endif -%}
rbd_user = {{ rbd_user }}
rbd_secret_uuid = {{ rbd_secret_uuid }}

6
templates/mitaka/nova.conf
View File

@ -185,6 +185,9 @@ server_proxyclient_address = {{ console_listen_addr }}
{% endif -%}
[libvirt]
inject_key = false
inject_password = {{ inject_password }}
inject_partition = {{ inject_partition }}
{% if cpu_mode -%}
cpu_mode = {{ cpu_mode }}
{% endif -%}
@ -197,9 +200,6 @@ images_type = {{ libvirt_images_type }}
{% if libvirt_images_type and rbd_pool -%}
images_rbd_pool = {{ rbd_pool }}
images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }}
inject_password = false
inject_key = false
inject_partition = -2
{% endif -%}
rbd_user = {{ rbd_user }}
rbd_secret_uuid = {{ rbd_secret_uuid }}

6
templates/newton/nova.conf
View File

@ -190,6 +190,9 @@ server_proxyclient_address = {{ console_listen_addr }}
{% endif -%}
[libvirt]
inject_key = false
inject_password = {{ inject_password }}
inject_partition = {{ inject_partition }}
{% if cpu_mode -%}
cpu_mode = {{ cpu_mode }}
{% endif -%}
@ -202,9 +205,6 @@ images_type = {{ libvirt_images_type }}
{% if libvirt_images_type and rbd_pool -%}
images_rbd_pool = {{ rbd_pool }}
images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }}
inject_password = false
inject_key = false
inject_partition = -2
{% endif -%}
rbd_user = {{ rbd_user }}
rbd_secret_uuid = {{ rbd_secret_uuid }}

6
templates/ocata/nova.conf
View File

@ -193,6 +193,9 @@ server_proxyclient_address = {{ console_listen_addr }}
{% endif -%}
[libvirt]
inject_key = false
inject_password = {{ inject_password }}
inject_partition = {{ inject_partition }}
{% if cpu_mode -%}
cpu_mode = {{ cpu_mode }}
{% endif -%}
@ -208,9 +211,6 @@ images_type = {{ libvirt_images_type }}
{% if libvirt_images_type and rbd_pool -%}
images_rbd_pool = {{ rbd_pool }}
images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }}
inject_password = false
inject_key = false
inject_partition = -2
{% endif -%}
rbd_user = {{ rbd_user }}
rbd_secret_uuid = {{ rbd_secret_uuid }}

6
templates/pike/nova.conf
View File

@ -192,6 +192,9 @@ server_proxyclient_address = {{ console_listen_addr }}
{% endif -%}
[libvirt]
inject_key = false
inject_password = {{ inject_password }}
inject_partition = {{ inject_partition }}
{% if cpu_mode -%}
cpu_mode = {{ cpu_mode }}
{% endif -%}
@ -207,9 +210,6 @@ images_type = {{ libvirt_images_type }}
{% if libvirt_images_type and rbd_pool -%}
images_rbd_pool = {{ rbd_pool }}
images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }}
inject_password = false
inject_key = false
inject_partition = -2
{% endif -%}
rbd_user = {{ rbd_user }}
rbd_secret_uuid = {{ rbd_secret_uuid }}

6
templates/queens/nova.conf
View File

@ -210,6 +210,9 @@ server_proxyclient_address = {{ console_listen_addr }}
{% endif -%}
[libvirt]
inject_key = false
inject_password = {{ inject_password }}
inject_partition = {{ inject_partition }}
{% if cpu_mode -%}
cpu_mode = {{ cpu_mode }}
{% endif -%}
@ -225,9 +228,6 @@ images_type = {{ libvirt_images_type }}
{% if libvirt_images_type and rbd_pool -%}
images_rbd_pool = {{ rbd_pool }}
images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }}
inject_password = false
inject_key = false
inject_partition = -2
{% endif -%}
rbd_user = {{ rbd_user }}
rbd_secret_uuid = {{ rbd_secret_uuid }}

6
templates/rocky/nova.conf
View File

@ -213,6 +213,9 @@ server_proxyclient_address = {{ console_listen_addr }}
{% endif -%}
[libvirt]
inject_key = false
inject_password = {{ inject_password }}
inject_partition = {{ inject_partition }}
{% if cpu_mode -%}
cpu_mode = {{ cpu_mode }}
{% endif -%}
@ -228,9 +231,6 @@ images_type = {{ libvirt_images_type }}
{% if libvirt_images_type and rbd_pool -%}
images_rbd_pool = {{ rbd_pool }}
images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }}
inject_password = false
inject_key = false
inject_partition = -2
{% endif -%}
rbd_user = {{ rbd_user }}
rbd_secret_uuid = {{ rbd_secret_uuid }}

6
templates/stein/nova.conf
View File

@ -217,6 +217,9 @@ server_proxyclient_address = {{ console_listen_addr }}
{% endif -%}
[libvirt]
inject_key = false
inject_password = {{ inject_password }}
inject_partition = {{ inject_partition }}
{% if cpu_mode -%}
cpu_mode = {{ cpu_mode }}
{% endif -%}
@ -232,9 +235,6 @@ images_type = {{ libvirt_images_type }}
{% if libvirt_images_type and rbd_pool -%}
images_rbd_pool = {{ rbd_pool }}
images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }}
inject_password = false
inject_key = false
inject_partition = -2
{% endif -%}
rbd_user = {{ rbd_user }}
rbd_secret_uuid = {{ rbd_secret_uuid }}

6
templates/train/nova.conf
View File

@ -224,6 +224,9 @@ server_proxyclient_address = {{ console_listen_addr }}
{% endif -%}
[libvirt]
inject_key = false
inject_password = {{ inject_password }}
inject_partition = {{ inject_partition }}
{% if cpu_mode -%}
cpu_mode = {{ cpu_mode }}
{% endif -%}
@ -239,9 +242,6 @@ images_type = {{ libvirt_images_type }}
{% if libvirt_images_type and rbd_pool -%}
images_rbd_pool = {{ rbd_pool }}
images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }}
inject_password = false
inject_key = false
inject_partition = -2
{% endif -%}
rbd_user = {{ rbd_user }}
rbd_secret_uuid = {{ rbd_secret_uuid }}

47
unit_tests/test_nova_compute_contexts.py
View File

@ -313,6 +313,29 @@ class NovaComputeContextTests(CharmTestCase):
'listen_tls': 0,
'host_uuid': self.host_uuid,
'force_raw_images': True,
'inject_password': False,
'inject_partition': -2,
'default_ephemeral_format': 'ext4',
'reserved_host_memory': 512}, libvirt())
def test_libvirt_context_inject_password(self):
self.lsb_release.return_value = {'DISTRIB_CODENAME': 'zesty'}
self.os_release.return_value = 'ocata'
self.kv.return_value = FakeUnitdata(**{'host_uuid': self.host_uuid})
self.test_config.set('inject-password', True)
libvirt = context.NovaComputeLibvirtContext()
self.assertEqual(
{'libvirtd_opts': '',
'libvirt_user': 'libvirt',
'arch': platform.machine(),
'ksm': 'AUTO',
'kvm_hugepages': 0,
'listen_tls': 0,
'host_uuid': self.host_uuid,
'force_raw_images': True,
'inject_password': True,
'inject_partition': -1,
'default_ephemeral_format': 'ext4',
'reserved_host_memory': 512}, libvirt())
@ -332,6 +355,8 @@ class NovaComputeContextTests(CharmTestCase):
'listen_tls': 0,
'host_uuid': self.host_uuid,
'force_raw_images': True,
'inject_password': False,
'inject_partition': -2,
'default_ephemeral_format': 'ext4',
'reserved_host_memory': 512,
'reserved_huge_pages': ['node:0,size:2048,count:6']}, libvirt())
@ -354,6 +379,8 @@ class NovaComputeContextTests(CharmTestCase):
'listen_tls': 0,
'host_uuid': self.host_uuid,
'force_raw_images': True,
'inject_password': False,
'inject_partition': -2,
'default_ephemeral_format': 'ext4',
'reserved_host_memory': 512,
'reserved_huge_pages': ['node:0,size:2048,count:6',
@ -374,6 +401,8 @@ class NovaComputeContextTests(CharmTestCase):
'listen_tls': 0,
'host_uuid': self.host_uuid,
'force_raw_images': True,
'inject_password': False,
'inject_partition': -2,
'default_ephemeral_format': 'ext4',
'reserved_host_memory': 512}, libvirt())
@ -400,6 +429,8 @@ class NovaComputeContextTests(CharmTestCase):
'live_migration_permit_post_copy': False,
'default_ephemeral_format': 'ext4',
'force_raw_images': True,
'inject_password': False,
'inject_partition': -2,
'reserved_host_memory': 512}, libvirt())
def test_libvirt_context_without_migration_network(self):
@ -459,6 +490,8 @@ class NovaComputeContextTests(CharmTestCase):
'live_migration_permit_auto_converge': True,
'live_migration_permit_post_copy': False,
'force_raw_images': True,
'inject_password': False,
'inject_partition': -2,
'default_ephemeral_format': 'ext4',
'reserved_host_memory': 512}, libvirt())
@ -486,6 +519,8 @@ class NovaComputeContextTests(CharmTestCase):
'live_migration_permit_post_copy': True,
'default_ephemeral_format': 'ext4',
'force_raw_images': True,
'inject_password': False,
'inject_partition': -2,
'reserved_host_memory': 512}, libvirt())
def test_libvirt_disk_cachemodes(self):
@ -504,6 +539,8 @@ class NovaComputeContextTests(CharmTestCase):
'listen_tls': 0,
'host_uuid': self.host_uuid,
'force_raw_images': True,
'inject_password': False,
'inject_partition': -2,
'default_ephemeral_format': 'ext4',
'reserved_host_memory': 512}, libvirt())
@ -524,6 +561,8 @@ class NovaComputeContextTests(CharmTestCase):
'listen_tls': 0,
'host_uuid': self.host_uuid,
'force_raw_images': True,
'inject_password': False,
'inject_partition': -2,
'default_ephemeral_format': 'ext4',
'reserved_host_memory': 512}, libvirt())
@ -543,6 +582,8 @@ class NovaComputeContextTests(CharmTestCase):
'listen_tls': 0,
'host_uuid': self.host_uuid,
'force_raw_images': False,
'inject_password': False,
'inject_partition': -2,
'default_ephemeral_format': 'ext4',
'reserved_host_memory': 512}, libvirt())
@ -652,6 +693,8 @@ class NovaComputeContextTests(CharmTestCase):
'reserved_host_memory': 1024,
'vcpu_pin_set': None,
'force_raw_images': True,
'inject_password': False,
'inject_partition': -2,
'pci_passthrough_whitelist': 'mypcidevices',
'virtio_net_tx_queue_size': 512,
'virtio_net_rx_queue_size': 1024,
@ -676,6 +719,8 @@ class NovaComputeContextTests(CharmTestCase):
'reserved_host_memory': 512,
'vcpu_pin_set': '^0^2',
'force_raw_images': True,
'inject_password': False,
'inject_partition': -2,
'default_ephemeral_format': 'ext4'}, libvirt())
def test_ksm_configs(self):
@ -860,6 +905,8 @@ class SerialConsoleContextTests(CharmTestCase):
'listen_tls': 0,
'host_uuid': self.host_uuid,
'force_raw_images': True,
'inject_password': False,
'inject_partition': -2,
'default_ephemeral_format': 'ext4',
'reserved_host_memory': 512}, libvirt())