Migrate glance/verify_glance_signatures to more common place

Since the trusted_image_certificates was added to nova[1], not only
nova-compute but also nova-api uses this parameter.
This change migrates the puppet parameter from nova::compute class
to more common nova::glance class, so that the parameter can be set
at nova-api as well.

[1] 8c7ca368b190f0fd3c097531e2cf52fe4dc20c69

Change-Id: I8c7cf5269cda8b6a8e0a22dbb326454d923fb412
This commit is contained in:
Takashi Kajinami 2021-01-26 08:31:42 +09:00
parent 118800197a
commit 01a829b963
5 changed files with 53 additions and 33 deletions

View File

@ -197,10 +197,6 @@
# Example of valid value: castellan.key_manager.barbican_key_manager.BarbicanKeyManager
# Defaults to 'nova.keymgr.conf_key_mgr.ConfKeyManager'.
#
# [*verify_glance_signatures*]
# (optional) Whether to verify image signatures. (boolean value)
# Defaults to $::os_service_default
#
# [*reserved_huge_pages*]
# (optional) Number of huge memory pages to reserved per NUMA host cell.
# Defaults to $::os_service_default
@ -311,6 +307,10 @@
# [ { "vendor_id" => "1234","product_id" => "5678" },
# { "vendor_id" => "4321","product_id" => "8765", "physical_network" => "default" } ]
#
# [*verify_glance_signatures*]
# (optional) Whether to verify image signatures. (boolean value)
# Defaults to undef
#
class nova::compute (
$enabled = true,
$manage_service = true,
@ -351,7 +351,6 @@ class nova::compute (
$sync_power_state_interval = $::os_service_default,
$consecutive_build_service_disable_threshold = $::os_service_default,
$keymgr_backend = 'nova.keymgr.conf_key_mgr.ConfKeyManager',
$verify_glance_signatures = $::os_service_default,
$reserved_huge_pages = $::os_service_default,
$neutron_physnets_numa_nodes_mapping = {},
$neutron_tunnel_numa_nodes = [],
@ -372,6 +371,7 @@ class nova::compute (
$vcpu_pin_set = undef,
$allow_resize_to_same_host = undef,
$pci_passthrough = undef,
$verify_glance_signatures = undef,
) {
include nova::deps
@ -416,6 +416,14 @@ class nova::compute (
Use the same parameter in nova::api class.')
}
if $verify_glance_signatures != undef {
# NOTE(tkajinam): If nova::glance is defined first and the deployment doesn't use hieradata
# it doesn't pick up this value correctly and unset the parameter.
# However we'd avoid hard failure here and just leave warning.
warning('verify_glance_signatures is deprecated. Use the same parameter in nova::glance')
}
include nova::glance
if empty($vcpu_pin_set) {
$vcpu_pin_set_real = undef
} else {
@ -601,7 +609,6 @@ Use the same parameter in nova::api class.')
nova_config {
'DEFAULT/config_drive_format': value => $config_drive_format;
'glance/verify_glance_signatures': value => $verify_glance_signatures;
}
}

View File

@ -16,6 +16,10 @@
# (optional) Number of retries in glance operation
# Defaults to $::os_service_default
#
# [*verify_glance_signatures*]
# (optional) Whether to verify image signatures. (boolean value)
# Defaults to $::os_service_default
#
# [*enable_rbd_download*]
# (optional) Enable download of Glance images directly via RBD
# Defaults to $::os_service_default
@ -40,29 +44,32 @@
# Defaults to $::os_service_default
#
class nova::glance (
$endpoint_override = $::os_service_default,
$valid_interfaces = $::os_service_default,
$num_retries = $::os_service_default,
$enable_rbd_download = $::os_service_default,
$rbd_user = $::os_service_default,
$rbd_connect_timeout = $::os_service_default,
$rbd_pool = $::os_service_default,
$rbd_ceph_conf = $::os_service_default,
$endpoint_override = $::os_service_default,
$valid_interfaces = $::os_service_default,
$num_retries = $::os_service_default,
$verify_glance_signatures = $::os_service_default,
$enable_rbd_download = $::os_service_default,
$rbd_user = $::os_service_default,
$rbd_connect_timeout = $::os_service_default,
$rbd_pool = $::os_service_default,
$rbd_ceph_conf = $::os_service_default,
) {
include nova::deps
$endpoint_override_real = pick($::nova::glance_endpoint_override, $endpoint_override)
$num_retries_real = pick($::nova::glance_num_retries, $num_retries)
$verify_glance_signatures_real = pick($::nova::compute::verify_glance_signatures, $verify_glance_signatures)
nova_config {
'glance/endpoint_override': value => $endpoint_override_real;
'glance/valid_interfaces': value => join(any2array($valid_interfaces), ',');
'glance/num_retries': value => $num_retries_real;
'glance/enable_rbd_download': value => $enable_rbd_download;
'glance/rbd_user': value => $rbd_user;
'glance/rbd_connect_timeout': value => $rbd_connect_timeout;
'glance/rbd_pool': value => $rbd_pool;
'glance/rbd_ceph_conf': value => $rbd_ceph_conf;
'glance/endpoint_override': value => $endpoint_override_real;
'glance/valid_interfaces': value => join(any2array($valid_interfaces), ',');
'glance/num_retries': value => $num_retries_real;
'glance/verify_glance_signatures': value => $verify_glance_signatures_real;
'glance/enable_rbd_download': value => $enable_rbd_download;
'glance/rbd_user': value => $rbd_user;
'glance/rbd_connect_timeout': value => $rbd_connect_timeout;
'glance/rbd_pool': value => $rbd_pool;
'glance/rbd_ceph_conf': value => $rbd_ceph_conf;
}
}

View File

@ -0,0 +1,6 @@
---
deprecations:
- |
The ``nova::compute::verify_glance_signatures`` parameter has been
deprecated in favor of the new ``nova::glance::verify_glance_signatures``
parameter.

View File

@ -56,7 +56,6 @@ describe 'nova::compute' do
it { is_expected.to contain_nova_config('DEFAULT/resize_confirm_window').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_nova_config('DEFAULT/shutdown_timeout').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_nova_config('glance/verify_glance_signatures').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_nova_config('DEFAULT/max_concurrent_builds').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_nova_config('DEFAULT/max_concurrent_live_migrations').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_nova_config('DEFAULT/sync_power_state_pool_size').with_value('<SERVICE DEFAULT>') }
@ -122,7 +121,6 @@ describe 'nova::compute' do
:max_concurrent_live_migrations => '4',
:sync_power_state_pool_size => '10',
:sync_power_state_interval => '0',
:verify_glance_signatures => true,
:consecutive_build_service_disable_threshold => '9',
:live_migration_wait_for_vif_plug => true,
:max_disk_devices_to_attach => 20,
@ -190,7 +188,6 @@ describe 'nova::compute' do
it { is_expected.to contain_nova_config('DEFAULT/max_concurrent_live_migrations').with_value('4') }
it { is_expected.to contain_nova_config('DEFAULT/sync_power_state_pool_size').with_value('10') }
it { is_expected.to contain_nova_config('DEFAULT/sync_power_state_interval').with_value('0') }
it { is_expected.to contain_nova_config('glance/verify_glance_signatures').with_value(true) }
it { is_expected.to contain_nova_config('compute/consecutive_build_service_disable_threshold').with_value('9') }
it { is_expected.to contain_nova_config('compute/live_migration_wait_for_vif_plug').with_value(true) }
it { is_expected.to contain_nova_config('compute/max_disk_devices_to_attach').with_value(20) }

View File

@ -12,6 +12,7 @@ describe 'nova::glance' do
is_expected.to contain_nova_config('glance/endpoint_override').with_value('<SERVICE DEFAULT>')
is_expected.to contain_nova_config('glance/valid_interfaces').with_value('<SERVICE DEFAULT>')
is_expected.to contain_nova_config('glance/num_retries').with_value('<SERVICE DEFAULT>')
is_expected.to contain_nova_config('glance/verify_glance_signatures').with_value('<SERVICE DEFAULT>')
is_expected.to contain_nova_config('glance/enable_rbd_download').with_value('<SERVICE DEFAULT>')
is_expected.to contain_nova_config('glance/rbd_user').with_value('<SERVICE DEFAULT>')
is_expected.to contain_nova_config('glance/rbd_connect_timeout').with_value('<SERVICE DEFAULT>')
@ -23,14 +24,15 @@ describe 'nova::glance' do
context 'with specific parameters' do
let :params do
{
:endpoint_override => 'http://localhost:9292',
:valid_interfaces => 'internal',
:num_retries => 3,
:enable_rbd_download => true,
:rbd_user => 'nova',
:rbd_connect_timeout => 5,
:rbd_pool => 'images',
:rbd_ceph_conf => '/etc/ceph/ceph.conf',
:endpoint_override => 'http://localhost:9292',
:valid_interfaces => 'internal',
:num_retries => 3,
:verify_glance_signatures => false,
:enable_rbd_download => true,
:rbd_user => 'nova',
:rbd_connect_timeout => 5,
:rbd_pool => 'images',
:rbd_ceph_conf => '/etc/ceph/ceph.conf',
}
end
@ -38,6 +40,7 @@ describe 'nova::glance' do
is_expected.to contain_nova_config('glance/endpoint_override').with_value('http://localhost:9292')
is_expected.to contain_nova_config('glance/valid_interfaces').with_value('internal')
is_expected.to contain_nova_config('glance/num_retries').with_value(3)
is_expected.to contain_nova_config('glance/verify_glance_signatures').with_value(false)
is_expected.to contain_nova_config('glance/enable_rbd_download').with_value(true)
is_expected.to contain_nova_config('glance/rbd_user').with_value('nova')
is_expected.to contain_nova_config('glance/rbd_connect_timeout').with_value(5)