Migrate glance/verify_glance_signatures to more common place
Since the trusted_image_certificates was added to nova[1], not only nova-compute but also nova-api uses this parameter. This change migrates the puppet parameter from nova::compute class to more common nova::glance class, so that the parameter can be set at nova-api as well. [1] 8c7ca368b190f0fd3c097531e2cf52fe4dc20c69 Change-Id: I8c7cf5269cda8b6a8e0a22dbb326454d923fb412
This commit is contained in:
parent
118800197a
commit
01a829b963
manifests
releasenotes/notes
spec/classes
@ -197,10 +197,6 @@
|
||||
# Example of valid value: castellan.key_manager.barbican_key_manager.BarbicanKeyManager
|
||||
# Defaults to 'nova.keymgr.conf_key_mgr.ConfKeyManager'.
|
||||
#
|
||||
# [*verify_glance_signatures*]
|
||||
# (optional) Whether to verify image signatures. (boolean value)
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*reserved_huge_pages*]
|
||||
# (optional) Number of huge memory pages to reserved per NUMA host cell.
|
||||
# Defaults to $::os_service_default
|
||||
@ -311,6 +307,10 @@
|
||||
# [ { "vendor_id" => "1234","product_id" => "5678" },
|
||||
# { "vendor_id" => "4321","product_id" => "8765", "physical_network" => "default" } ]
|
||||
#
|
||||
# [*verify_glance_signatures*]
|
||||
# (optional) Whether to verify image signatures. (boolean value)
|
||||
# Defaults to undef
|
||||
#
|
||||
class nova::compute (
|
||||
$enabled = true,
|
||||
$manage_service = true,
|
||||
@ -351,7 +351,6 @@ class nova::compute (
|
||||
$sync_power_state_interval = $::os_service_default,
|
||||
$consecutive_build_service_disable_threshold = $::os_service_default,
|
||||
$keymgr_backend = 'nova.keymgr.conf_key_mgr.ConfKeyManager',
|
||||
$verify_glance_signatures = $::os_service_default,
|
||||
$reserved_huge_pages = $::os_service_default,
|
||||
$neutron_physnets_numa_nodes_mapping = {},
|
||||
$neutron_tunnel_numa_nodes = [],
|
||||
@ -372,6 +371,7 @@ class nova::compute (
|
||||
$vcpu_pin_set = undef,
|
||||
$allow_resize_to_same_host = undef,
|
||||
$pci_passthrough = undef,
|
||||
$verify_glance_signatures = undef,
|
||||
) {
|
||||
|
||||
include nova::deps
|
||||
@ -416,6 +416,14 @@ class nova::compute (
|
||||
Use the same parameter in nova::api class.')
|
||||
}
|
||||
|
||||
if $verify_glance_signatures != undef {
|
||||
# NOTE(tkajinam): If nova::glance is defined first and the deployment doesn't use hieradata
|
||||
# it doesn't pick up this value correctly and unset the parameter.
|
||||
# However we'd avoid hard failure here and just leave warning.
|
||||
warning('verify_glance_signatures is deprecated. Use the same parameter in nova::glance')
|
||||
}
|
||||
include nova::glance
|
||||
|
||||
if empty($vcpu_pin_set) {
|
||||
$vcpu_pin_set_real = undef
|
||||
} else {
|
||||
@ -601,7 +609,6 @@ Use the same parameter in nova::api class.')
|
||||
|
||||
nova_config {
|
||||
'DEFAULT/config_drive_format': value => $config_drive_format;
|
||||
'glance/verify_glance_signatures': value => $verify_glance_signatures;
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -16,6 +16,10 @@
|
||||
# (optional) Number of retries in glance operation
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*verify_glance_signatures*]
|
||||
# (optional) Whether to verify image signatures. (boolean value)
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*enable_rbd_download*]
|
||||
# (optional) Enable download of Glance images directly via RBD
|
||||
# Defaults to $::os_service_default
|
||||
@ -40,29 +44,32 @@
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
class nova::glance (
|
||||
$endpoint_override = $::os_service_default,
|
||||
$valid_interfaces = $::os_service_default,
|
||||
$num_retries = $::os_service_default,
|
||||
$enable_rbd_download = $::os_service_default,
|
||||
$rbd_user = $::os_service_default,
|
||||
$rbd_connect_timeout = $::os_service_default,
|
||||
$rbd_pool = $::os_service_default,
|
||||
$rbd_ceph_conf = $::os_service_default,
|
||||
$endpoint_override = $::os_service_default,
|
||||
$valid_interfaces = $::os_service_default,
|
||||
$num_retries = $::os_service_default,
|
||||
$verify_glance_signatures = $::os_service_default,
|
||||
$enable_rbd_download = $::os_service_default,
|
||||
$rbd_user = $::os_service_default,
|
||||
$rbd_connect_timeout = $::os_service_default,
|
||||
$rbd_pool = $::os_service_default,
|
||||
$rbd_ceph_conf = $::os_service_default,
|
||||
) {
|
||||
|
||||
include nova::deps
|
||||
|
||||
$endpoint_override_real = pick($::nova::glance_endpoint_override, $endpoint_override)
|
||||
$num_retries_real = pick($::nova::glance_num_retries, $num_retries)
|
||||
$verify_glance_signatures_real = pick($::nova::compute::verify_glance_signatures, $verify_glance_signatures)
|
||||
|
||||
nova_config {
|
||||
'glance/endpoint_override': value => $endpoint_override_real;
|
||||
'glance/valid_interfaces': value => join(any2array($valid_interfaces), ',');
|
||||
'glance/num_retries': value => $num_retries_real;
|
||||
'glance/enable_rbd_download': value => $enable_rbd_download;
|
||||
'glance/rbd_user': value => $rbd_user;
|
||||
'glance/rbd_connect_timeout': value => $rbd_connect_timeout;
|
||||
'glance/rbd_pool': value => $rbd_pool;
|
||||
'glance/rbd_ceph_conf': value => $rbd_ceph_conf;
|
||||
'glance/endpoint_override': value => $endpoint_override_real;
|
||||
'glance/valid_interfaces': value => join(any2array($valid_interfaces), ',');
|
||||
'glance/num_retries': value => $num_retries_real;
|
||||
'glance/verify_glance_signatures': value => $verify_glance_signatures_real;
|
||||
'glance/enable_rbd_download': value => $enable_rbd_download;
|
||||
'glance/rbd_user': value => $rbd_user;
|
||||
'glance/rbd_connect_timeout': value => $rbd_connect_timeout;
|
||||
'glance/rbd_pool': value => $rbd_pool;
|
||||
'glance/rbd_ceph_conf': value => $rbd_ceph_conf;
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
deprecations:
|
||||
- |
|
||||
The ``nova::compute::verify_glance_signatures`` parameter has been
|
||||
deprecated in favor of the new ``nova::glance::verify_glance_signatures``
|
||||
parameter.
|
@ -56,7 +56,6 @@ describe 'nova::compute' do
|
||||
it { is_expected.to contain_nova_config('DEFAULT/resize_confirm_window').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_nova_config('DEFAULT/shutdown_timeout').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_nova_config('glance/verify_glance_signatures').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_nova_config('DEFAULT/max_concurrent_builds').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_nova_config('DEFAULT/max_concurrent_live_migrations').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_nova_config('DEFAULT/sync_power_state_pool_size').with_value('<SERVICE DEFAULT>') }
|
||||
@ -122,7 +121,6 @@ describe 'nova::compute' do
|
||||
:max_concurrent_live_migrations => '4',
|
||||
:sync_power_state_pool_size => '10',
|
||||
:sync_power_state_interval => '0',
|
||||
:verify_glance_signatures => true,
|
||||
:consecutive_build_service_disable_threshold => '9',
|
||||
:live_migration_wait_for_vif_plug => true,
|
||||
:max_disk_devices_to_attach => 20,
|
||||
@ -190,7 +188,6 @@ describe 'nova::compute' do
|
||||
it { is_expected.to contain_nova_config('DEFAULT/max_concurrent_live_migrations').with_value('4') }
|
||||
it { is_expected.to contain_nova_config('DEFAULT/sync_power_state_pool_size').with_value('10') }
|
||||
it { is_expected.to contain_nova_config('DEFAULT/sync_power_state_interval').with_value('0') }
|
||||
it { is_expected.to contain_nova_config('glance/verify_glance_signatures').with_value(true) }
|
||||
it { is_expected.to contain_nova_config('compute/consecutive_build_service_disable_threshold').with_value('9') }
|
||||
it { is_expected.to contain_nova_config('compute/live_migration_wait_for_vif_plug').with_value(true) }
|
||||
it { is_expected.to contain_nova_config('compute/max_disk_devices_to_attach').with_value(20) }
|
||||
|
@ -12,6 +12,7 @@ describe 'nova::glance' do
|
||||
is_expected.to contain_nova_config('glance/endpoint_override').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('glance/valid_interfaces').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('glance/num_retries').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('glance/verify_glance_signatures').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('glance/enable_rbd_download').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('glance/rbd_user').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('glance/rbd_connect_timeout').with_value('<SERVICE DEFAULT>')
|
||||
@ -23,14 +24,15 @@ describe 'nova::glance' do
|
||||
context 'with specific parameters' do
|
||||
let :params do
|
||||
{
|
||||
:endpoint_override => 'http://localhost:9292',
|
||||
:valid_interfaces => 'internal',
|
||||
:num_retries => 3,
|
||||
:enable_rbd_download => true,
|
||||
:rbd_user => 'nova',
|
||||
:rbd_connect_timeout => 5,
|
||||
:rbd_pool => 'images',
|
||||
:rbd_ceph_conf => '/etc/ceph/ceph.conf',
|
||||
:endpoint_override => 'http://localhost:9292',
|
||||
:valid_interfaces => 'internal',
|
||||
:num_retries => 3,
|
||||
:verify_glance_signatures => false,
|
||||
:enable_rbd_download => true,
|
||||
:rbd_user => 'nova',
|
||||
:rbd_connect_timeout => 5,
|
||||
:rbd_pool => 'images',
|
||||
:rbd_ceph_conf => '/etc/ceph/ceph.conf',
|
||||
}
|
||||
end
|
||||
|
||||
@ -38,6 +40,7 @@ describe 'nova::glance' do
|
||||
is_expected.to contain_nova_config('glance/endpoint_override').with_value('http://localhost:9292')
|
||||
is_expected.to contain_nova_config('glance/valid_interfaces').with_value('internal')
|
||||
is_expected.to contain_nova_config('glance/num_retries').with_value(3)
|
||||
is_expected.to contain_nova_config('glance/verify_glance_signatures').with_value(false)
|
||||
is_expected.to contain_nova_config('glance/enable_rbd_download').with_value(true)
|
||||
is_expected.to contain_nova_config('glance/rbd_user').with_value('nova')
|
||||
is_expected.to contain_nova_config('glance/rbd_connect_timeout').with_value(5)
|
||||
|
Loading…
Reference in New Issue
Block a user