From 7a3c226a013574a93d719e1125ec7f1bc07db9df Mon Sep 17 00:00:00 2001
From: Stephen Finucane <stephenfin@redhat.com>
Date: Thu, 24 Sep 2020 09:11:28 +0100
Subject: [PATCH] Add `swtpm_enabled`, 'swtpm_user', 'swtpm_group' parameters

Add the necessary parameters required to enable emulated TPM support for
guests in Nova.

Change-Id: If896caa9fda3fabec3792adc54e29638d9ce801e
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
---
 manifests/compute/libvirt.pp                  | 20 +++++++++++++++++++
 .../notes/libvirt-swtpm-4306f35771b7d253.yaml | 10 ++++++++++
 spec/classes/nova_compute_libvirt_spec.rb     | 11 +++++++++-
 3 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/libvirt-swtpm-4306f35771b7d253.yaml

diff --git a/manifests/compute/libvirt.pp b/manifests/compute/libvirt.pp
index b91414a15..43837f35f 100644
--- a/manifests/compute/libvirt.pp
+++ b/manifests/compute/libvirt.pp
@@ -196,6 +196,20 @@
 #   CUSTOM_PMEM_NAMESPACE_$LABEL.
 #   Defaults to $::os_service_default
 #
+# [*swtpm_enabled*]
+#   (optional) Enable emulated Trusted Platform Module (TPM) for guests.
+#   Defaults to $::os_service_default
+#
+# [*swtpm_user*]
+#   (optional) Configure the user that the swtpm binary, used for emulated
+#   Trusted Platform Module (TPM) functionality, runs as.
+#   Defaults to $::os_service_default
+#
+# [*swtpm_group*]
+#   (optional) Configure the group that the swtpm binary, used for emulated
+#   Trusted Platform Module (TPM) functionality, runs as.
+#   Defaults to $::os_service_default
+#
 # DEPRECATED PARAMETERS
 #
 # [*libvirt_virt_type*]
@@ -300,6 +314,9 @@ class nova::compute::libvirt (
   $log_filters                                = undef,
   $tls_priority                               = undef,
   $pmem_namespaces                            = $::os_service_default,
+  $swtpm_enabled                              = $::os_service_default,
+  $swtpm_user                                 = $::os_service_default,
+  $swtpm_group                                = $::os_service_default,
   # DEPRECATED PARAMETERS
   $libvirt_virt_type                          = undef,
   $libvirt_cpu_mode                           = undef,
@@ -512,6 +529,9 @@ in a future release. Use the enabled_perf_events parameter instead')
     'libvirt/num_pcie_ports':           value => $num_pcie_ports;
     'libvirt/mem_stats_period_seconds': value => $mem_stats_period_seconds;
     'libvirt/pmem_namespaces':          value => $pmem_namespaces;
+    'libvirt/swtpm_enabled':            value => $swtpm_enabled;
+    'libvirt/swtpm_user'   :            value => $swtpm_user;
+    'libvirt/swtpm_group':              value => $swtpm_group;
   }
 
   if $libvirt_cpu_model != undef {
diff --git a/releasenotes/notes/libvirt-swtpm-4306f35771b7d253.yaml b/releasenotes/notes/libvirt-swtpm-4306f35771b7d253.yaml
new file mode 100644
index 000000000..703fec455
--- /dev/null
+++ b/releasenotes/notes/libvirt-swtpm-4306f35771b7d253.yaml
@@ -0,0 +1,10 @@
+---
+features:
+  - |
+    The following parameters have been added to the ``nova::compute::libvirt``
+    class. These parameters can be used to configure the corresponding
+    parameters in nova, to set up emulated TPM support.
+
+    - ``swtpm_enabled``
+    - ``swtpm_user``
+    - ``swtpm_group``
diff --git a/spec/classes/nova_compute_libvirt_spec.rb b/spec/classes/nova_compute_libvirt_spec.rb
index 9e161513b..b4e146f89 100644
--- a/spec/classes/nova_compute_libvirt_spec.rb
+++ b/spec/classes/nova_compute_libvirt_spec.rb
@@ -68,6 +68,9 @@ describe 'nova::compute::libvirt' do
       it { is_expected.to contain_nova_config('libvirt/num_pcie_ports').with_value('<SERVICE DEFAULT>')}
       it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value('<SERVICE DEFAULT>')}
       it { is_expected.to contain_nova_config('libvirt/pmem_namespaces').with_value('<SERVICE DEFAULT>')}
+      it { is_expected.to contain_nova_config('libvirt/swtpm_enabled').with_value('<SERVICE DEFAULT>')}
+      it { is_expected.to contain_nova_config('libvirt/swtpm_user').with_value('<SERVICE DEFAULT>')}
+      it { is_expected.to contain_nova_config('libvirt/swtpm_group').with_value('<SERVICE DEFAULT>')}
       it { is_expected.to contain_libvirtd_config('log_outputs').with_ensure('absent')}
       it { is_expected.to contain_libvirtd_config('log_filters').with_ensure('absent')}
       it { is_expected.to contain_libvirtd_config('tls_priority').with_ensure('absent')}
@@ -103,7 +106,10 @@ describe 'nova::compute::libvirt' do
           :mem_stats_period_seconds                   => 20,
           :log_filters                                => '1:qemu',
           :tls_priority                               => 'NORMAL:-VERS-SSL3.0',
-          :pmem_namespaces                            => '128G:ns0|ns1|ns2|ns3'
+          :pmem_namespaces                            => '128G:ns0|ns1|ns2|ns3',
+          :swtpm_enabled                              => true,
+          :swtpm_user                                 => 'libvirt',
+          :swtpm_group                                => 'libvirt'
         }
       end
 
@@ -135,6 +141,9 @@ describe 'nova::compute::libvirt' do
       it { is_expected.to contain_nova_config('libvirt/num_pcie_ports').with_value(16)}
       it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value(20)}
       it { is_expected.to contain_nova_config('libvirt/pmem_namespaces').with_value("128G:ns0|ns1|ns2|ns3")}
+      it { is_expected.to contain_nova_config('libvirt/swtpm_enabled').with_value(true)}
+      it { is_expected.to contain_nova_config('libvirt/swtpm_user').with_value('libvirt')}
+      it { is_expected.to contain_nova_config('libvirt/swtpm_group').with_value('libvirt')}
       it { is_expected.to contain_libvirtd_config('log_filters').with_value("\"#{params[:log_filters]}\"")}
       it { is_expected.to contain_libvirtd_config('tls_priority').with_value("\"#{params[:tls_priority]}\"")}
       it {