Fix key_manager in nova config for Queens
keymgr_api_class is now deprecated in favor of keymgr_backend, with full backward compatibility for users. keymgr_backend is set to nova.keymgr.conf_key_mgr.ConfKeyManager by default and configure key_manager/backend instead of key_manager/api_class. Change-Id: I7f4136ad32d70fe8a00e9147077224f9c4779b03 Related-Bug: #1725298
This commit is contained in:
parent
ddcd911464
commit
2a977455b7
|
@ -115,11 +115,6 @@
|
|||
# resume their state each time the compute node boots or restarts.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*keymgr_api_class*]
|
||||
# (optional) Key Manager service.
|
||||
# Example of valid value: castellan.key_manager.barbican_key_manager.BarbicanKeyManager
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*barbican_auth_endpoint*]
|
||||
# (optional) Keystone v3 API URL.
|
||||
# Example: http://localhost:5000/v3
|
||||
|
@ -142,6 +137,18 @@
|
|||
# will disable itself.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*keymgr_backend*]
|
||||
# (optional) Key Manager service class.
|
||||
# Example of valid value: castellan.key_manager.barbican_key_manager.BarbicanKeyManager
|
||||
# Defaults to 'nova.keymgr.conf_key_mgr.ConfKeyManager'.
|
||||
#
|
||||
# DEPRECATED PARAMETERS
|
||||
#
|
||||
# [*keymgr_api_class*]
|
||||
# (optional) Key Manager service.
|
||||
# Example of valid value: castellan.key_manager.barbican_key_manager.BarbicanKeyManager
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
class nova::compute (
|
||||
$enabled = true,
|
||||
$manage_service = true,
|
||||
|
@ -167,12 +174,14 @@ class nova::compute (
|
|||
$resize_confirm_window = $::os_service_default,
|
||||
$vcpu_pin_set = $::os_service_default,
|
||||
$resume_guests_state_on_host_boot = $::os_service_default,
|
||||
$keymgr_api_class = $::os_service_default,
|
||||
$barbican_auth_endpoint = $::os_service_default,
|
||||
$barbican_endpoint = $::os_service_default,
|
||||
$barbican_api_version = $::os_service_default,
|
||||
$max_concurrent_live_migrations = $::os_service_default,
|
||||
$consecutive_build_service_disable_threshold = $::os_service_default,
|
||||
$keymgr_backend = 'nova.keymgr.conf_key_mgr.ConfKeyManager',
|
||||
# DEPRECATED PARAMETERS
|
||||
$keymgr_api_class = undef,
|
||||
) {
|
||||
|
||||
include ::nova::deps
|
||||
|
@ -182,8 +191,15 @@ class nova::compute (
|
|||
|
||||
include ::nova::pci
|
||||
|
||||
if $keymgr_api_class {
|
||||
warning('The keymgr_api_class parameter is deprecated, use keymgr_backend')
|
||||
$keymgr_backend_real = $keymgr_api_class
|
||||
} else {
|
||||
$keymgr_backend_real = $keymgr_backend
|
||||
}
|
||||
|
||||
# cryptsetup is required when Barbican is encrypting volumes
|
||||
if $keymgr_api_class =~ /barbican/ {
|
||||
if $keymgr_backend_real =~ /barbican/ {
|
||||
ensure_packages('cryptsetup', {
|
||||
ensure => present,
|
||||
tag => 'openstack',
|
||||
|
@ -198,7 +214,7 @@ class nova::compute (
|
|||
'DEFAULT/resize_confirm_window': value => $resize_confirm_window;
|
||||
'DEFAULT/vcpu_pin_set': value => $vcpu_pin_set_real;
|
||||
'DEFAULT/resume_guests_state_on_host_boot': value => $resume_guests_state_on_host_boot;
|
||||
'key_manager/api_class': value => $keymgr_api_class;
|
||||
'key_manager/backend': value => $keymgr_backend_real;
|
||||
'barbican/auth_endpoint': value => $barbican_auth_endpoint;
|
||||
'barbican/barbican_endpoint': value => $barbican_endpoint;
|
||||
'barbican/barbican_api_version': value => $barbican_api_version;
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
deprecations:
|
||||
- |
|
||||
keymgr_api_class is now deprecated in favor of keymgr_backend, with
|
||||
full backward compatibility for users.
|
||||
keymgr_backend is set to nova.keymgr.conf_key_mgr.ConfKeyManager
|
||||
by default and configures key_manager/backend instead of
|
||||
key_manager/api_class.
|
|
@ -29,7 +29,7 @@ describe 'nova::compute' do
|
|||
it { is_expected.to contain_nova_config('DEFAULT/vcpu_pin_set').with(:value => '<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to_not contain_nova_config('vnc/novncproxy_base_url') }
|
||||
it { is_expected.to contain_nova_config('key_manager/api_class').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_nova_config('key_manager/backend').with_value('nova.keymgr.conf_key_mgr.ConfKeyManager') }
|
||||
it { is_expected.to contain_nova_config('barbican/barbican_endpoint').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_nova_config('barbican/barbican_api_version').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_nova_config('barbican/auth_endpoint').with_value('<SERVICE DEFAULT>') }
|
||||
|
@ -74,7 +74,7 @@ describe 'nova::compute' do
|
|||
:resize_confirm_window => '3',
|
||||
:vcpu_pin_set => ['4-12','^8','15'],
|
||||
:resume_guests_state_on_host_boot => true,
|
||||
:keymgr_api_class => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
|
||||
:keymgr_backend => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
|
||||
:barbican_endpoint => 'http://localhost',
|
||||
:barbican_api_version => 'v1',
|
||||
:barbican_auth_endpoint => 'http://127.0.0.1:5000/v3',
|
||||
|
@ -103,7 +103,7 @@ describe 'nova::compute' do
|
|||
end
|
||||
|
||||
it 'configures barbican service' do
|
||||
is_expected.to contain_nova_config('key_manager/api_class').with_value('castellan.key_manager.barbican_key_manager.BarbicanKeyManager')
|
||||
is_expected.to contain_nova_config('key_manager/backend').with_value('castellan.key_manager.barbican_key_manager.BarbicanKeyManager')
|
||||
is_expected.to contain_nova_config('barbican/barbican_endpoint').with_value('http://localhost')
|
||||
is_expected.to contain_nova_config('barbican/barbican_api_version').with_value('v1')
|
||||
is_expected.to contain_nova_config('barbican/auth_endpoint').with_value('http://127.0.0.1:5000/v3')
|
||||
|
@ -141,6 +141,18 @@ describe 'nova::compute' do
|
|||
end
|
||||
end
|
||||
|
||||
context 'with barbican deprecated parameters' do
|
||||
let :params do
|
||||
{
|
||||
:keymgr_api_class => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
|
||||
}
|
||||
end
|
||||
it 'should set keymgr parameter' do
|
||||
is_expected.to contain_nova_config('key_manager/backend').with_value('castellan.key_manager.barbican_key_manager.BarbicanKeyManager')
|
||||
is_expected.to contain_package('cryptsetup').with( :ensure => 'present' )
|
||||
end
|
||||
end
|
||||
|
||||
context 'when vcpu_pin_set and pci params are empty' do
|
||||
let :params do
|
||||
{ :vcpu_pin_set => ""}
|
||||
|
|
Loading…
Reference in New Issue