Browse Source

Adds tls_priority parameter to nova::compute::libvirt

Override the compile time default TLS priority string. The
default is usually "NORMAL" unless overridden at build time.
Only set this if it is desired for libvirt to deviate from
the global default settings.

Conflicts:
      manifests/compute/libvirt.pp

Change-Id: I221d48ba720e8ad820050fb5f735cd20d75f2f7a
Related-Bug: #1840447
(cherry picked from commit 7f9c58f86c)
(cherry picked from commit b28b01a01f)
(cherry picked from commit ef1499a4c6)
tags/12.5.0
Martin Schuppert 1 month ago
parent
commit
4120d79e13

+ 14
- 0
manifests/compute/libvirt.pp View File

@@ -159,6 +159,13 @@
159 159
 #   https://libvirt.org/logging.html
160 160
 #   Defaults to undef
161 161
 #
162
+# [*tls_priority*]
163
+#   (optional) Override the compile time default TLS priority string. The
164
+#   default is usually "NORMAL" unless overridden at build time.
165
+#   Only set this if it is desired for libvirt to deviate from
166
+#   the global default settings.
167
+#   Defaults to undef
168
+#
162 169
 class nova::compute::libvirt (
163 170
   $ensure_package                             = 'present',
164 171
   $libvirt_virt_type                          = 'kvm',
@@ -189,6 +196,7 @@ class nova::compute::libvirt (
189 196
   $nfs_mount_options                          = $::os_service_default,
190 197
   $mem_stats_period_seconds                   = $::os_service_default,
191 198
   $log_filters                                = undef,
199
+  $tls_priority                               = undef,
192 200
 ) inherits nova::params {
193 201
 
194 202
   include ::nova::deps
@@ -231,6 +239,12 @@ class nova::compute::libvirt (
231 239
     }
232 240
   }
233 241
 
242
+  if $tls_priority {
243
+    libvirtd_config {
244
+      'tls_priority': value => "\"${tls_priority}\"";
245
+    }
246
+  }
247
+
234 248
   # manage_libvirt_services is here for backward compatibility to support
235 249
   # deployments that do not include nova::compute::libvirt::services
236 250
   #

+ 8
- 0
releasenotes/notes/libvirtd_tls_priority-1e66515aa1da7977.yaml View File

@@ -0,0 +1,8 @@
1
+---
2
+features:
3
+  - |
4
+    Add tls_priority parameter to nova::compute::libvirt class
5
+    to override the compile time default TLS priority string. The
6
+    default is usually "NORMAL" unless overridden at build time.
7
+    Only set this if it is desired for libvirt to deviate from
8
+    the global default settings.

+ 3
- 0
spec/classes/nova_compute_libvirt_spec.rb View File

@@ -64,6 +64,7 @@ describe 'nova::compute::libvirt' do
64 64
       it { is_expected.to contain_nova_config('libvirt/nfs_mount_options').with_ensure('<SERVICE DEFAULT>')}
65 65
       it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value('<SERVICE DEFAULT>')}
66 66
       it { is_expected.to contain_libvirtd_config('log_filters').with_ensure('absent')}
67
+      it { is_expected.to contain_libvirtd_config('tls_priority').with_ensure('absent')}
67 68
     end
68 69
 
69 70
     describe 'with params' do
@@ -92,6 +93,7 @@ describe 'nova::compute::libvirt' do
92 93
           :nfs_mount_options                          => 'rw,intr,nolock',
93 94
           :mem_stats_period_seconds                   => 20,
94 95
           :log_filters                                => '1:qemu',
96
+          :tls_priority                               => 'NORMAL:-VERS-SSL3.0',
95 97
         }
96 98
       end
97 99
 
@@ -119,6 +121,7 @@ describe 'nova::compute::libvirt' do
119 121
       it { is_expected.to contain_nova_config('libvirt/nfs_mount_options').with_value('rw,intr,nolock')}
120 122
       it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value(20)}
121 123
       it { is_expected.to contain_libvirtd_config('log_filters').with_value("\"#{params[:log_filters]}\"")}
124
+      it { is_expected.to contain_libvirtd_config('tls_priority').with_value("\"#{params[:tls_priority]}\"")}
122 125
       it {
123 126
         is_expected.to contain_service('libvirt').with(
124 127
           :name     => 'custom_service',

Loading…
Cancel
Save