Allow fixed_key to be configurable in cookbook
The fixed_key attribute should be added in cookbook for volume encryption Change-Id: I83f697fde32bf1ccaaa3187936c664c61b1e7af9 Closes-Bug: 1467797
This commit is contained in:
parent
7386afb7c0
commit
5140ba531d
@ -232,6 +232,10 @@ The following attributes are defined in attributes/default.rb of the common cook
|
|||||||
* `openstack['block-storage']['backup']['swift']['retry_backoff']` - The backoff time in seconds between Swift retries.
|
* `openstack['block-storage']['backup']['swift']['retry_backoff']` - The backoff time in seconds between Swift retries.
|
||||||
* `openstack['block-storage']['backup']['swift']['enable_progress_timer']` - Enable or Disable the timer to send the periodic progress notifications to Ceilometer when backing up the volume to the Swift backend storage.
|
* `openstack['block-storage']['backup']['swift']['enable_progress_timer']` - Enable or Disable the timer to send the periodic progress notifications to Ceilometer when backing up the volume to the Swift backend storage.
|
||||||
|
|
||||||
|
### Keymgr configuration attributes ###
|
||||||
|
* `openstack['block-storage']['keymgr']['api_class']` - The key manager api class to use.
|
||||||
|
* `openstack['block-storage']['keymgr']['fixed_key']` - The fixed key returned by key manager, specified in hex (string value).
|
||||||
|
|
||||||
If the value of the 'bind_interface' attribute is non-nil, then the block-storage service will be bound to the first IP address on that interface. If the value of the 'bind_interface' attribute is nil, then the block-storage service will be bound to the IP address specified in the host attribute.
|
If the value of the 'bind_interface' attribute is non-nil, then the block-storage service will be bound to the first IP address on that interface. If the value of the 'bind_interface' attribute is nil, then the block-storage service will be bound to the IP address specified in the host attribute.
|
||||||
|
|
||||||
Testing
|
Testing
|
||||||
|
@ -334,6 +334,12 @@ default['openstack']['block-storage']['enable_v1_api'] = 'False'
|
|||||||
# Whether to enable cinder v2 api or not
|
# Whether to enable cinder v2 api or not
|
||||||
default['openstack']['block-storage']['enable_v2_api'] = 'True'
|
default['openstack']['block-storage']['enable_v2_api'] = 'True'
|
||||||
|
|
||||||
|
# The full class name of the key manager api class
|
||||||
|
default['openstack']['block-storage']['keymgr']['api_class'] = 'cinder.keymgr.conf_key_mgr.ConfKeyManager'
|
||||||
|
|
||||||
|
# Fixed key returned by key manager, specified in hex
|
||||||
|
default['openstack']['block-storage']['keymgr']['fixed_key'] = nil
|
||||||
|
|
||||||
case platform_family
|
case platform_family
|
||||||
when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
|
when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
|
||||||
# operating system user and group names
|
# operating system user and group names
|
||||||
|
@ -232,6 +232,20 @@ describe 'openstack-block-storage::cinder-common' do
|
|||||||
expect(chef_run).not_to render_config_file(file.name).with_section_content('DEFAULT', /^host=/)
|
expect(chef_run).not_to render_config_file(file.name).with_section_content('DEFAULT', /^host=/)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'has keymgr api_class attribute default set' do
|
||||||
|
expect(chef_run).to render_config_file(file.name).with_section_content('keymgr', /^api_class=cinder.keymgr.conf_key_mgr.ConfKeyManager$/)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does not have keymgr attribute fixed_key set by default' do
|
||||||
|
expect(chef_run).not_to render_file(file.name).with_content(/^fixed_key=$/)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'allow override for keymgr attribute fixed_key' do
|
||||||
|
chef_run.node.set['openstack']['block-storage']['keymgr']['fixed_key'] = '1111111111111111111111111111111111111111111111111111111111111111'
|
||||||
|
expect(chef_run).to render_config_file(file.name)\
|
||||||
|
.with_section_content('keymgr', /^fixed_key=1111111111111111111111111111111111111111111111111111111111111111$/)
|
||||||
|
end
|
||||||
|
|
||||||
context 'netapp driver' do
|
context 'netapp driver' do
|
||||||
# FIXME(galstrom21): this block needs to check all of the default
|
# FIXME(galstrom21): this block needs to check all of the default
|
||||||
# netapp_* configuration options
|
# netapp_* configuration options
|
||||||
|
@ -1031,6 +1031,24 @@ connection=<%= @sql_connection %>
|
|||||||
#### 100=Everything
|
#### 100=Everything
|
||||||
|
|
||||||
|
|
||||||
|
[keymgr]
|
||||||
|
|
||||||
|
#
|
||||||
|
# Options defined in cinder.keymgr
|
||||||
|
#
|
||||||
|
|
||||||
|
# The full class name of the key manager API class (string value)
|
||||||
|
api_class=<%= node['openstack']['block-storage']['keymgr']['api_class'] %>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Options defined in cinder.keymgr.conf_key_mgr
|
||||||
|
#
|
||||||
|
|
||||||
|
# Fixed key returned by key manager, specified in hex (string value)
|
||||||
|
<% if node["openstack"]["block-storage"]["keymgr"]["fixed_key"] -%>
|
||||||
|
fixed_key=<%= node["openstack"]["block-storage"]["keymgr"]["fixed_key"] %>
|
||||||
|
<% end -%>
|
||||||
|
|
||||||
[keystone_authtoken]
|
[keystone_authtoken]
|
||||||
|
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user