From 4120d79e132e853a9ee5ace9f78319bc3ee450c4 Mon Sep 17 00:00:00 2001
From: Martin Schuppert <mschuppert@redhat.com>
Date: Fri, 16 Aug 2019 14:56:45 +0200
Subject: [PATCH] Adds tls_priority parameter to nova::compute::libvirt

Override the compile time default TLS priority string. The
default is usually "NORMAL" unless overridden at build time.
Only set this if it is desired for libvirt to deviate from
the global default settings.

Conflicts:
      manifests/compute/libvirt.pp

Change-Id: I221d48ba720e8ad820050fb5f735cd20d75f2f7a
Related-Bug: #1840447
(cherry picked from commit 7f9c58f86cb4c7505fa04f0ad7e723ada09034ba)
(cherry picked from commit b28b01a01f940af2356d348cf66d2dcdfa8ef25a)
(cherry picked from commit ef1499a4c6e7fe986bbf84158a7abfc2169613fc)
---
 manifests/compute/libvirt.pp                       | 14 ++++++++++++++
 .../libvirtd_tls_priority-1e66515aa1da7977.yaml    |  8 ++++++++
 spec/classes/nova_compute_libvirt_spec.rb          |  3 +++
 3 files changed, 25 insertions(+)
 create mode 100644 releasenotes/notes/libvirtd_tls_priority-1e66515aa1da7977.yaml

diff --git a/manifests/compute/libvirt.pp b/manifests/compute/libvirt.pp
index 061d12ed8..a76cfa122 100644
--- a/manifests/compute/libvirt.pp
+++ b/manifests/compute/libvirt.pp
@@ -159,6 +159,13 @@
 #   https://libvirt.org/logging.html
 #   Defaults to undef
 #
+# [*tls_priority*]
+#   (optional) Override the compile time default TLS priority string. The
+#   default is usually "NORMAL" unless overridden at build time.
+#   Only set this if it is desired for libvirt to deviate from
+#   the global default settings.
+#   Defaults to undef
+#
 class nova::compute::libvirt (
   $ensure_package                             = 'present',
   $libvirt_virt_type                          = 'kvm',
@@ -189,6 +196,7 @@ class nova::compute::libvirt (
   $nfs_mount_options                          = $::os_service_default,
   $mem_stats_period_seconds                   = $::os_service_default,
   $log_filters                                = undef,
+  $tls_priority                               = undef,
 ) inherits nova::params {
 
   include ::nova::deps
@@ -231,6 +239,12 @@ class nova::compute::libvirt (
     }
   }
 
+  if $tls_priority {
+    libvirtd_config {
+      'tls_priority': value => "\"${tls_priority}\"";
+    }
+  }
+
   # manage_libvirt_services is here for backward compatibility to support
   # deployments that do not include nova::compute::libvirt::services
   #
diff --git a/releasenotes/notes/libvirtd_tls_priority-1e66515aa1da7977.yaml b/releasenotes/notes/libvirtd_tls_priority-1e66515aa1da7977.yaml
new file mode 100644
index 000000000..4c05686bf
--- /dev/null
+++ b/releasenotes/notes/libvirtd_tls_priority-1e66515aa1da7977.yaml
@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    Add tls_priority parameter to nova::compute::libvirt class
+    to override the compile time default TLS priority string. The
+    default is usually "NORMAL" unless overridden at build time.
+    Only set this if it is desired for libvirt to deviate from
+    the global default settings.
diff --git a/spec/classes/nova_compute_libvirt_spec.rb b/spec/classes/nova_compute_libvirt_spec.rb
index 6875e209a..e7f57eb1e 100644
--- a/spec/classes/nova_compute_libvirt_spec.rb
+++ b/spec/classes/nova_compute_libvirt_spec.rb
@@ -64,6 +64,7 @@ describe 'nova::compute::libvirt' do
       it { is_expected.to contain_nova_config('libvirt/nfs_mount_options').with_ensure('<SERVICE DEFAULT>')}
       it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value('<SERVICE DEFAULT>')}
       it { is_expected.to contain_libvirtd_config('log_filters').with_ensure('absent')}
+      it { is_expected.to contain_libvirtd_config('tls_priority').with_ensure('absent')}
     end
 
     describe 'with params' do
@@ -92,6 +93,7 @@ describe 'nova::compute::libvirt' do
           :nfs_mount_options                          => 'rw,intr,nolock',
           :mem_stats_period_seconds                   => 20,
           :log_filters                                => '1:qemu',
+          :tls_priority                               => 'NORMAL:-VERS-SSL3.0',
         }
       end
 
@@ -119,6 +121,7 @@ describe 'nova::compute::libvirt' do
       it { is_expected.to contain_nova_config('libvirt/nfs_mount_options').with_value('rw,intr,nolock')}
       it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value(20)}
       it { is_expected.to contain_libvirtd_config('log_filters').with_value("\"#{params[:log_filters]}\"")}
+      it { is_expected.to contain_libvirtd_config('tls_priority').with_value("\"#{params[:tls_priority]}\"")}
       it {
         is_expected.to contain_service('libvirt').with(
           :name     => 'custom_service',