Revert "Add support for native TLS encryption on NBD for disk migration"

This reverts commit 0c54e9becb362c24e4e322ab75b885fbb6691e4e.

Change-Id: I8f9ce3310f98dd38f1b6fff1bae507fe2b756620
Closes-Bug: #1797035
This commit is contained in:
Quique Llorente 2018-10-10 09:20:59 +02:00
parent aa2893d7e0
commit 23c25dc11b
3 changed files with 8 additions and 55 deletions

View File

@ -33,10 +33,6 @@
# NOTE: big files will be stored here # NOTE: big files will be stored here
# Defaults to undef. # Defaults to undef.
# #
# [*nbd_tls*]
# (optional) Enables TLS for nbd connections.
# Defaults to false.
#
class nova::compute::libvirt::qemu( class nova::compute::libvirt::qemu(
$configure_qemu = false, $configure_qemu = false,
$group = undef, $group = undef,
@ -44,8 +40,7 @@ class nova::compute::libvirt::qemu(
$max_processes = 4096, $max_processes = 4096,
$vnc_tls = false, $vnc_tls = false,
$vnc_tls_verify = true, $vnc_tls_verify = true,
$memory_backing_dir = undef, $memory_backing_dir = undef
$nbd_tls = false
){ ){
include ::nova::deps include ::nova::deps
@ -68,18 +63,11 @@ class nova::compute::libvirt::qemu(
$vnc_tls_verify_value = 0 $vnc_tls_verify_value = 0
} }
if $nbd_tls {
$nbd_tls_value = 1
} else {
$nbd_tls_value = 0
}
$augues_changes_default = [ $augues_changes_default = [
"set max_files ${max_files}", "set max_files ${max_files}",
"set max_processes ${max_processes}", "set max_processes ${max_processes}",
"set vnc_tls ${vnc_tls_value}", "set vnc_tls ${vnc_tls_value}",
"set vnc_tls_x509_verify ${vnc_tls_verify_value}", "set vnc_tls_x509_verify ${vnc_tls_verify_value}"
"set nbd_tls ${nbd_tls_value}"
] ]
if $group and !empty($group) { if $group and !empty($group) {
$augues_group_changes = ["set group ${group}"] $augues_group_changes = ["set group ${group}"]
@ -107,8 +95,7 @@ class nova::compute::libvirt::qemu(
'rm group', 'rm group',
'rm vnc_tls', 'rm vnc_tls',
'rm vnc_tls_x509_verify', 'rm vnc_tls_x509_verify',
'rm memory_backing_dir', 'rm memory_backing_dir'
'rm nbd_tls'
], ],
tag => 'qemu-conf-augeas', tag => 'qemu-conf-augeas',
} }

View File

@ -1,11 +0,0 @@
---
features:
- |
Add support for native TLS encryption on NBD for disk migration
The NBD protocol previously runs in clear text, offering no security
protection for the data transferred, unless it is tunnelled over some
external transport like SSH. Such tunnelling is inefficient and
inconvenient to manage. Support for TLS to the NBD clients & servers
provided by QEMU was added. This adds support to configure ndb related
qemu.conf parameters.

View File

@ -18,7 +18,7 @@ describe 'nova::compute::libvirt::qemu' do
end end
it { is_expected.to contain_augeas('qemu-conf-limits').with({ it { is_expected.to contain_augeas('qemu-conf-limits').with({
:context => '/files/etc/libvirt/qemu.conf', :context => '/files/etc/libvirt/qemu.conf',
:changes => [ "rm max_files", "rm max_processes", "rm group", "rm vnc_tls", "rm vnc_tls_x509_verify", "rm memory_backing_dir", "rm nbd_tls" ], :changes => [ "rm max_files", "rm max_processes", "rm group", "rm vnc_tls", "rm vnc_tls_x509_verify", "rm memory_backing_dir" ],
}).that_notifies('Service[libvirt]') } }).that_notifies('Service[libvirt]') }
end end
@ -30,7 +30,7 @@ describe 'nova::compute::libvirt::qemu' do
end end
it { is_expected.to contain_augeas('qemu-conf-limits').with({ it { is_expected.to contain_augeas('qemu-conf-limits').with({
:context => '/files/etc/libvirt/qemu.conf', :context => '/files/etc/libvirt/qemu.conf',
:changes => [ "set max_files 1024", "set max_processes 4096", "set vnc_tls 0", "set vnc_tls_x509_verify 0", "set nbd_tls 0" ], :changes => [ "set max_files 1024", "set max_processes 4096", "set vnc_tls 0", "set vnc_tls_x509_verify 0" ],
:tag => 'qemu-conf-augeas', :tag => 'qemu-conf-augeas',
}).that_notifies('Service[libvirt]') } }).that_notifies('Service[libvirt]') }
end end
@ -45,7 +45,7 @@ describe 'nova::compute::libvirt::qemu' do
end end
it { is_expected.to contain_augeas('qemu-conf-limits').with({ it { is_expected.to contain_augeas('qemu-conf-limits').with({
:context => '/files/etc/libvirt/qemu.conf', :context => '/files/etc/libvirt/qemu.conf',
:changes => [ "set max_files 32768", "set max_processes 131072", "set vnc_tls 0", "set vnc_tls_x509_verify 0", "set nbd_tls 0" ], :changes => [ "set max_files 32768", "set max_processes 131072", "set vnc_tls 0", "set vnc_tls_x509_verify 0" ],
:tag => 'qemu-conf-augeas', :tag => 'qemu-conf-augeas',
}).that_notifies('Service[libvirt]') } }).that_notifies('Service[libvirt]') }
end end
@ -67,7 +67,6 @@ describe 'nova::compute::libvirt::qemu' do
"set max_processes 131072", "set max_processes 131072",
"set vnc_tls 0", "set vnc_tls 0",
"set vnc_tls_x509_verify 0", "set vnc_tls_x509_verify 0",
"set nbd_tls 0",
"set group openvswitch", "set group openvswitch",
"set memory_backing_dir /tmp" "set memory_backing_dir /tmp"
], ],
@ -88,8 +87,7 @@ describe 'nova::compute::libvirt::qemu' do
"set max_files 1024", "set max_files 1024",
"set max_processes 4096", "set max_processes 4096",
"set vnc_tls 1", "set vnc_tls 1",
"set vnc_tls_x509_verify 1", "set vnc_tls_x509_verify 1"
"set nbd_tls 0"
], ],
:tag => 'qemu-conf-augeas', :tag => 'qemu-conf-augeas',
}).that_notifies('Service[libvirt]') } }).that_notifies('Service[libvirt]') }
@ -109,28 +107,7 @@ describe 'nova::compute::libvirt::qemu' do
"set max_files 1024", "set max_files 1024",
"set max_processes 4096", "set max_processes 4096",
"set vnc_tls 1", "set vnc_tls 1",
"set vnc_tls_x509_verify 0", "set vnc_tls_x509_verify 0"
"set nbd_tls 0"
],
:tag => 'qemu-conf-augeas',
}).that_notifies('Service[libvirt]') }
end
context 'when configuring qemu with nbd_tls' do
let :params do
{
:configure_qemu => true,
:nbd_tls => true
}
end
it { is_expected.to contain_augeas('qemu-conf-limits').with({
:context => '/files/etc/libvirt/qemu.conf',
:changes => [
"set max_files 1024",
"set max_processes 4096",
"set vnc_tls 0",
"set vnc_tls_x509_verify 0",
"set nbd_tls 1"
], ],
:tag => 'qemu-conf-augeas', :tag => 'qemu-conf-augeas',
}).that_notifies('Service[libvirt]') } }).that_notifies('Service[libvirt]') }