Add an option to choose the hash ring algorithm
MD5 is not available in FIPS mode, we need a way to use something else. Change-Id: Ie6e09ac66028cbe18717a7ea7a4c23730e3cb642
This commit is contained in:
Dmitry Tantsur
parent
3c47122f36
commit
9189b4bb26
@ -69,7 +69,8 @@ class HashRingManager(object):
|
|||||||
|
|
||||||
for driver_name, hosts in d2c.items():
|
for driver_name, hosts in d2c.items():
|
||||||
rings[driver_name] = hashring.HashRing(
|
rings[driver_name] = hashring.HashRing(
|
||||||
hosts, partitions=2 ** CONF.hash_partition_exponent)
|
hosts, partitions=2 ** CONF.hash_partition_exponent,
|
||||||
|
hash_function=CONF.hash_ring_algorithm)
|
||||||
|
|
||||||
return rings
|
return rings
|
||||||
|
|
||||||
|
|||||||
@ -17,6 +17,7 @@
|
|||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
import hashlib
|
||||||
import os
|
import os
|
||||||
import socket
|
import socket
|
||||||
import tempfile
|
import tempfile
|
||||||
@ -183,6 +184,15 @@ hash_opts = [
|
|||||||
help=_('Time (in seconds) after which the hash ring is '
|
help=_('Time (in seconds) after which the hash ring is '
|
||||||
'considered outdated and is refreshed on the next '
|
'considered outdated and is refreshed on the next '
|
||||||
'access.')),
|
'access.')),
|
||||||
|
cfg.StrOpt('hash_ring_algorithm',
|
||||||
|
default='md5',
|
||||||
|
advanced=True,
|
||||||
|
choices=hashlib.algorithms_guaranteed,
|
||||||
|
help=_('Hash function to use when building the hash ring. '
|
||||||
|
'If running on a FIPS system, do not use md5. '
|
||||||
|
'WARNING: all ironic services in a cluster MUST use '
|
||||||
|
'the same algorithm at all times. Changing the '
|
||||||
|
'algorithm requires an offline update.')),
|
||||||
]
|
]
|
||||||
|
|
||||||
image_opts = [
|
image_opts = [
|
||||||
|
|||||||
@ -135,7 +135,7 @@ testrepository==0.0.20
|
|||||||
testresources==2.0.0
|
testresources==2.0.0
|
||||||
testscenarios==0.4
|
testscenarios==0.4
|
||||||
testtools==2.2.0
|
testtools==2.2.0
|
||||||
tooz==1.58.0
|
tooz==2.7.0
|
||||||
traceback2==1.4.0
|
traceback2==1.4.0
|
||||||
unittest2==1.1.0
|
unittest2==1.1.0
|
||||||
vine==1.3.0
|
vine==1.3.0
|
||||||
|
|||||||
7
releasenotes/notes/hash-ring-algo-4337c18117b33070.yaml
Normal file
7
releasenotes/notes/hash-ring-algo-4337c18117b33070.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Provides a new option ``[DEFAULT]hash_ring_algorithm`` that specifies
|
||||||
|
which cryptographic algorithm to use when building the hash ring. Set
|
||||||
|
to something other than ``md5`` when using ironic on a system in FIPS
|
||||||
|
mode.
|
||||||
@ -43,5 +43,5 @@ oslo.versionedobjects>=1.31.2 # Apache-2.0
|
|||||||
jsonschema>=3.2.0 # MIT
|
jsonschema>=3.2.0 # MIT
|
||||||
psutil>=3.2.2 # BSD
|
psutil>=3.2.2 # BSD
|
||||||
futurist>=1.2.0 # Apache-2.0
|
futurist>=1.2.0 # Apache-2.0
|
||||||
tooz>=1.58.0 # Apache-2.0
|
tooz>=2.7.0 # Apache-2.0
|
||||||
openstacksdk>=0.37.0 # Apache-2.0
|
openstacksdk>=0.37.0 # Apache-2.0
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user