Browse Source

Allow fixed_key to be configurable in cookbook

The fixed_key attribute should be added in cookbook for volume
encryption

Change-Id: I83f697fde32bf1ccaaa3187936c664c61b1e7af9
Closes-Bug: 1467797
XiaoPei Liu 3 years ago
parent
commit
5140ba531d
4 changed files with 42 additions and 0 deletions
  1. 4
    0
      README.md
  2. 6
    0
      attributes/default.rb
  3. 14
    0
      spec/cinder_common_spec.rb
  4. 18
    0
      templates/default/cinder.conf.erb

+ 4
- 0
README.md View File

@@ -232,6 +232,10 @@ The following attributes are defined in attributes/default.rb of the common cook
232 232
 * `openstack['block-storage']['backup']['swift']['retry_backoff']` - The backoff time in seconds between Swift retries.
233 233
 * `openstack['block-storage']['backup']['swift']['enable_progress_timer']` - Enable or Disable the timer to send the periodic progress notifications to Ceilometer when backing up the volume to the Swift backend storage.
234 234
 
235
+### Keymgr configuration attributes ###
236
+* `openstack['block-storage']['keymgr']['api_class']` - The key manager api class to use.
237
+* `openstack['block-storage']['keymgr']['fixed_key']` - The fixed key returned by key manager, specified in hex (string value).
238
+
235 239
 If the value of the 'bind_interface' attribute is non-nil, then the block-storage service will be bound to the first IP address on that interface.  If the value of the 'bind_interface' attribute is nil, then the block-storage service will be bound to the IP address specified in the host attribute.
236 240
 
237 241
 Testing

+ 6
- 0
attributes/default.rb View File

@@ -334,6 +334,12 @@ default['openstack']['block-storage']['enable_v1_api'] = 'False'
334 334
 # Whether to enable cinder v2 api or not
335 335
 default['openstack']['block-storage']['enable_v2_api'] = 'True'
336 336
 
337
+# The full class name of the key manager api class
338
+default['openstack']['block-storage']['keymgr']['api_class'] = 'cinder.keymgr.conf_key_mgr.ConfKeyManager'
339
+
340
+# Fixed key returned by key manager, specified in hex
341
+default['openstack']['block-storage']['keymgr']['fixed_key'] = nil
342
+
337 343
 case platform_family
338 344
 when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
339 345
   # operating system user and group names

+ 14
- 0
spec/cinder_common_spec.rb View File

@@ -232,6 +232,20 @@ describe 'openstack-block-storage::cinder-common' do
232 232
           expect(chef_run).not_to render_config_file(file.name).with_section_content('DEFAULT', /^host=/)
233 233
         end
234 234
 
235
+        it 'has keymgr api_class attribute default set' do
236
+          expect(chef_run).to render_config_file(file.name).with_section_content('keymgr', /^api_class=cinder.keymgr.conf_key_mgr.ConfKeyManager$/)
237
+        end
238
+
239
+        it 'does not have keymgr attribute fixed_key set by default' do
240
+          expect(chef_run).not_to render_file(file.name).with_content(/^fixed_key=$/)
241
+        end
242
+
243
+        it 'allow override for keymgr attribute fixed_key' do
244
+          chef_run.node.set['openstack']['block-storage']['keymgr']['fixed_key'] = '1111111111111111111111111111111111111111111111111111111111111111'
245
+          expect(chef_run).to render_config_file(file.name)\
246
+            .with_section_content('keymgr', /^fixed_key=1111111111111111111111111111111111111111111111111111111111111111$/)
247
+        end
248
+
235 249
         context 'netapp driver' do
236 250
           # FIXME(galstrom21): this block needs to check all of the default
237 251
           #   netapp_* configuration options

+ 18
- 0
templates/default/cinder.conf.erb View File

@@ -1031,6 +1031,24 @@ connection=<%= @sql_connection %>
1031 1031
 ####          100=Everything
1032 1032
 
1033 1033
 
1034
+[keymgr]
1035
+
1036
+#
1037
+# Options defined in cinder.keymgr
1038
+#
1039
+
1040
+# The full class name of the key manager API class (string value)
1041
+api_class=<%= node['openstack']['block-storage']['keymgr']['api_class'] %>
1042
+
1043
+#
1044
+# Options defined in cinder.keymgr.conf_key_mgr
1045
+#
1046
+
1047
+# Fixed key returned by key manager, specified in hex (string value)
1048
+<% if node["openstack"]["block-storage"]["keymgr"]["fixed_key"] -%>
1049
+fixed_key=<%= node["openstack"]["block-storage"]["keymgr"]["fixed_key"] %>
1050
+<% end -%>
1051
+
1034 1052
 [keystone_authtoken]
1035 1053
 
1036 1054
 #

Loading…
Cancel
Save