Adds tls_priority parameter to nova::compute::libvirt

Override the compile time default TLS priority string. The
default is usually "NORMAL" unless overridden at build time.
Only set this if it is desired for libvirt to deviate from
the global default settings.

Change-Id: I221d48ba720e8ad820050fb5f735cd20d75f2f7a
Related-Bug: #1840447
This commit is contained in:
Martin Schuppert 2019-08-16 14:56:45 +02:00
parent 0b0bd40065
commit 7f9c58f86c
3 changed files with 25 additions and 0 deletions

View File

@ -180,6 +180,13 @@
# https://libvirt.org/logging.html # https://libvirt.org/logging.html
# Defaults to undef # Defaults to undef
# #
# [*tls_priority*]
# (optional) Override the compile time default TLS priority string. The
# default is usually "NORMAL" unless overridden at build time.
# Only set this if it is desired for libvirt to deviate from
# the global default settings.
# Defaults to undef
#
class nova::compute::libvirt ( class nova::compute::libvirt (
$ensure_package = 'present', $ensure_package = 'present',
$libvirt_virt_type = 'kvm', $libvirt_virt_type = 'kvm',
@ -214,6 +221,7 @@ class nova::compute::libvirt (
$num_pcie_ports = $::os_service_default, $num_pcie_ports = $::os_service_default,
$mem_stats_period_seconds = $::os_service_default, $mem_stats_period_seconds = $::os_service_default,
$log_filters = undef, $log_filters = undef,
$tls_priority = undef,
) inherits nova::params { ) inherits nova::params {
include ::nova::deps include ::nova::deps
@ -256,6 +264,12 @@ class nova::compute::libvirt (
} }
} }
if $tls_priority {
libvirtd_config {
'tls_priority': value => "\"${tls_priority}\"";
}
}
unless $rx_queue_size == $::os_service_default or $rx_queue_size in [256, 512, 1024] { unless $rx_queue_size == $::os_service_default or $rx_queue_size in [256, 512, 1024] {
fail("Invalid rx_queue_size parameter: ${rx_queue_size}") fail("Invalid rx_queue_size parameter: ${rx_queue_size}")
} }

View File

@ -0,0 +1,8 @@
---
features:
- |
Add tls_priority parameter to nova::compute::libvirt class
to override the compile time default TLS priority string. The
default is usually "NORMAL" unless overridden at build time.
Only set this if it is desired for libvirt to deviate from
the global default settings.

View File

@ -69,6 +69,7 @@ describe 'nova::compute::libvirt' do
it { is_expected.to contain_nova_config('libvirt/num_pcie_ports').with_ensure('<SERVICE DEFAULT>')} it { is_expected.to contain_nova_config('libvirt/num_pcie_ports').with_ensure('<SERVICE DEFAULT>')}
it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value('<SERVICE DEFAULT>')} it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value('<SERVICE DEFAULT>')}
it { is_expected.to contain_libvirtd_config('log_filters').with_ensure('absent')} it { is_expected.to contain_libvirtd_config('log_filters').with_ensure('absent')}
it { is_expected.to contain_libvirtd_config('tls_priority').with_ensure('absent')}
end end
describe 'with params' do describe 'with params' do
@ -100,6 +101,7 @@ describe 'nova::compute::libvirt' do
:num_pcie_ports => 16, :num_pcie_ports => 16,
:mem_stats_period_seconds => 20, :mem_stats_period_seconds => 20,
:log_filters => '1:qemu', :log_filters => '1:qemu',
:tls_priority => 'NORMAL:-VERS-SSL3.0',
} }
end end
@ -130,6 +132,7 @@ describe 'nova::compute::libvirt' do
it { is_expected.to contain_nova_config('libvirt/num_pcie_ports').with_value(16)} it { is_expected.to contain_nova_config('libvirt/num_pcie_ports').with_value(16)}
it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value(20)} it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value(20)}
it { is_expected.to contain_libvirtd_config('log_filters').with_value("\"#{params[:log_filters]}\"")} it { is_expected.to contain_libvirtd_config('log_filters').with_value("\"#{params[:log_filters]}\"")}
it { is_expected.to contain_libvirtd_config('tls_priority').with_value("\"#{params[:tls_priority]}\"")}
it { it {
is_expected.to contain_service('libvirt').with( is_expected.to contain_service('libvirt').with(
:name => 'custom_service', :name => 'custom_service',