Revert "Add support for native TLS encryption on NBD for disk migration"

This reverts commit 0c54e9becb. Change-Id: I8f9ce3310f98dd38f1b6fff1bae507fe2b756620 Closes-Bug: #1797035
2018-10-10 09:20:59 +02:00 · 2018-10-10 09:20:59 +02:00 · 23c25dc11b
commit 23c25dc11b
parent aa2893d7e0
3 changed files with 8 additions and 55 deletions
--- a/manifests/compute/libvirt/qemu.pp
+++ b/manifests/compute/libvirt/qemu.pp
@ -33,10 +33,6 @@
 #   NOTE: big files will be stored here
 #   Defaults to undef.
 #
 # [*nbd_tls*]
 #   (optional) Enables TLS for nbd connections.
 #   Defaults to false.
 #
 class nova::compute::libvirt::qemu(
  $configure_qemu     = false,
  $group              = undef,
@ -44,8 +40,7 @@ class nova::compute::libvirt::qemu(
  $max_processes      = 4096,
  $vnc_tls            = false,
  $vnc_tls_verify     = true,
-  $memory_backing_dir = undef,
+  $memory_backing_dir = undef
  $nbd_tls            = false
 ){
  include ::nova::deps
@ -68,18 +63,11 @@ class nova::compute::libvirt::qemu(
      $vnc_tls_verify_value = 0
    }
    if $nbd_tls {
      $nbd_tls_value = 1
    } else {
      $nbd_tls_value = 0
    }
    $augues_changes_default = [
      "set max_files ${max_files}",
      "set max_processes ${max_processes}",
      "set vnc_tls ${vnc_tls_value}",
-      "set vnc_tls_x509_verify ${vnc_tls_verify_value}",
+      "set vnc_tls_x509_verify ${vnc_tls_verify_value}"
      "set nbd_tls ${nbd_tls_value}"
    ]
    if $group and !empty($group) {
      $augues_group_changes = ["set group ${group}"]
@ -107,8 +95,7 @@ class nova::compute::libvirt::qemu(
        'rm group',
        'rm vnc_tls',
        'rm vnc_tls_x509_verify',
-        'rm memory_backing_dir',
+        'rm memory_backing_dir'
        'rm nbd_tls'
      ],
      tag     => 'qemu-conf-augeas',
    }
--- a/releasenotes/notes/add_qemu_nbd_parameters-f8b975e695d6efd9.yaml
+++ b/releasenotes/notes/add_qemu_nbd_parameters-f8b975e695d6efd9.yaml
@ -1,11 +0,0 @@
 ---
 features:
  - |
    Add support for native TLS encryption on NBD for disk migration
    The NBD protocol previously runs in clear text, offering no security
    protection for the data transferred, unless it is tunnelled over some
    external transport like SSH. Such tunnelling is inefficient and
    inconvenient to manage. Support for TLS to the NBD clients & servers
    provided by QEMU was added. This adds support to configure ndb related
    qemu.conf parameters.
--- a/spec/classes/nova_compute_libvirt_qemu_spec.rb
+++ b/spec/classes/nova_compute_libvirt_qemu_spec.rb
@ -18,7 +18,7 @@ describe 'nova::compute::libvirt::qemu' do
      end
      it { is_expected.to contain_augeas('qemu-conf-limits').with({
        :context => '/files/etc/libvirt/qemu.conf',
-        :changes => [ "rm max_files", "rm max_processes", "rm group", "rm vnc_tls", "rm vnc_tls_x509_verify", "rm memory_backing_dir", "rm nbd_tls" ],
+        :changes => [ "rm max_files", "rm max_processes", "rm group", "rm vnc_tls", "rm vnc_tls_x509_verify", "rm memory_backing_dir" ],
      }).that_notifies('Service[libvirt]') }
    end
@ -30,7 +30,7 @@ describe 'nova::compute::libvirt::qemu' do
      end
      it { is_expected.to contain_augeas('qemu-conf-limits').with({
        :context => '/files/etc/libvirt/qemu.conf',
-        :changes => [ "set max_files 1024", "set max_processes 4096", "set vnc_tls 0", "set vnc_tls_x509_verify 0", "set nbd_tls 0" ],
+        :changes => [ "set max_files 1024", "set max_processes 4096", "set vnc_tls 0", "set vnc_tls_x509_verify 0" ],
        :tag     => 'qemu-conf-augeas',
      }).that_notifies('Service[libvirt]') }
    end
@ -45,7 +45,7 @@ describe 'nova::compute::libvirt::qemu' do
      end
      it { is_expected.to contain_augeas('qemu-conf-limits').with({
        :context => '/files/etc/libvirt/qemu.conf',
-        :changes => [ "set max_files 32768", "set max_processes 131072", "set vnc_tls 0", "set vnc_tls_x509_verify 0", "set nbd_tls 0" ],
+        :changes => [ "set max_files 32768", "set max_processes 131072", "set vnc_tls 0", "set vnc_tls_x509_verify 0" ],
        :tag     => 'qemu-conf-augeas',
      }).that_notifies('Service[libvirt]') }
    end
@ -67,7 +67,6 @@ describe 'nova::compute::libvirt::qemu' do
            "set max_processes 131072",
            "set vnc_tls 0",
            "set vnc_tls_x509_verify 0",
            "set nbd_tls 0",
            "set group openvswitch",
            "set memory_backing_dir /tmp"
        ],
@ -88,8 +87,7 @@ describe 'nova::compute::libvirt::qemu' do
            "set max_files 1024",
            "set max_processes 4096",
            "set vnc_tls 1",
-            "set vnc_tls_x509_verify 1",
+            "set vnc_tls_x509_verify 1"
            "set nbd_tls 0"
        ],
        :tag     => 'qemu-conf-augeas',
      }).that_notifies('Service[libvirt]') }
@ -109,28 +107,7 @@ describe 'nova::compute::libvirt::qemu' do
            "set max_files 1024",
            "set max_processes 4096",
            "set vnc_tls 1",
-            "set vnc_tls_x509_verify 0",
+            "set vnc_tls_x509_verify 0"
            "set nbd_tls 0"
        ],
        :tag     => 'qemu-conf-augeas',
      }).that_notifies('Service[libvirt]') }
    end
    context 'when configuring qemu with nbd_tls' do
      let :params do
        {
          :configure_qemu => true,
          :nbd_tls => true
        }
      end
      it { is_expected.to contain_augeas('qemu-conf-limits').with({
        :context => '/files/etc/libvirt/qemu.conf',
        :changes => [
            "set max_files 1024",
            "set max_processes 4096",
            "set vnc_tls 0",
            "set vnc_tls_x509_verify 0",
            "set nbd_tls 1"
        ],
        :tag     => 'qemu-conf-augeas',
      }).that_notifies('Service[libvirt]') }