diff --git a/manifests/compute.pp b/manifests/compute.pp index c7208bd38..a80f56495 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -197,10 +197,6 @@ # Example of valid value: castellan.key_manager.barbican_key_manager.BarbicanKeyManager # Defaults to 'nova.keymgr.conf_key_mgr.ConfKeyManager'. # -# [*verify_glance_signatures*] -# (optional) Whether to verify image signatures. (boolean value) -# Defaults to $::os_service_default -# # [*reserved_huge_pages*] # (optional) Number of huge memory pages to reserved per NUMA host cell. # Defaults to $::os_service_default @@ -311,6 +307,10 @@ # [ { "vendor_id" => "1234","product_id" => "5678" }, # { "vendor_id" => "4321","product_id" => "8765", "physical_network" => "default" } ] # +# [*verify_glance_signatures*] +# (optional) Whether to verify image signatures. (boolean value) +# Defaults to undef +# class nova::compute ( $enabled = true, $manage_service = true, @@ -351,7 +351,6 @@ class nova::compute ( $sync_power_state_interval = $::os_service_default, $consecutive_build_service_disable_threshold = $::os_service_default, $keymgr_backend = 'nova.keymgr.conf_key_mgr.ConfKeyManager', - $verify_glance_signatures = $::os_service_default, $reserved_huge_pages = $::os_service_default, $neutron_physnets_numa_nodes_mapping = {}, $neutron_tunnel_numa_nodes = [], @@ -372,6 +371,7 @@ class nova::compute ( $vcpu_pin_set = undef, $allow_resize_to_same_host = undef, $pci_passthrough = undef, + $verify_glance_signatures = undef, ) { include nova::deps @@ -416,6 +416,14 @@ class nova::compute ( Use the same parameter in nova::api class.') } + if $verify_glance_signatures != undef { + # NOTE(tkajinam): If nova::glance is defined first and the deployment doesn't use hieradata + # it doesn't pick up this value correctly and unset the parameter. + # However we'd avoid hard failure here and just leave warning. + warning('verify_glance_signatures is deprecated. Use the same parameter in nova::glance') + } + include nova::glance + if empty($vcpu_pin_set) { $vcpu_pin_set_real = undef } else { @@ -601,7 +609,6 @@ Use the same parameter in nova::api class.') nova_config { 'DEFAULT/config_drive_format': value => $config_drive_format; - 'glance/verify_glance_signatures': value => $verify_glance_signatures; } } diff --git a/manifests/glance.pp b/manifests/glance.pp index 56e6d1edb..5a2fc5be7 100644 --- a/manifests/glance.pp +++ b/manifests/glance.pp @@ -16,6 +16,10 @@ # (optional) Number of retries in glance operation # Defaults to $::os_service_default # +# [*verify_glance_signatures*] +# (optional) Whether to verify image signatures. (boolean value) +# Defaults to $::os_service_default +# # [*enable_rbd_download*] # (optional) Enable download of Glance images directly via RBD # Defaults to $::os_service_default @@ -40,29 +44,32 @@ # Defaults to $::os_service_default # class nova::glance ( - $endpoint_override = $::os_service_default, - $valid_interfaces = $::os_service_default, - $num_retries = $::os_service_default, - $enable_rbd_download = $::os_service_default, - $rbd_user = $::os_service_default, - $rbd_connect_timeout = $::os_service_default, - $rbd_pool = $::os_service_default, - $rbd_ceph_conf = $::os_service_default, + $endpoint_override = $::os_service_default, + $valid_interfaces = $::os_service_default, + $num_retries = $::os_service_default, + $verify_glance_signatures = $::os_service_default, + $enable_rbd_download = $::os_service_default, + $rbd_user = $::os_service_default, + $rbd_connect_timeout = $::os_service_default, + $rbd_pool = $::os_service_default, + $rbd_ceph_conf = $::os_service_default, ) { include nova::deps $endpoint_override_real = pick($::nova::glance_endpoint_override, $endpoint_override) $num_retries_real = pick($::nova::glance_num_retries, $num_retries) + $verify_glance_signatures_real = pick($::nova::compute::verify_glance_signatures, $verify_glance_signatures) nova_config { - 'glance/endpoint_override': value => $endpoint_override_real; - 'glance/valid_interfaces': value => join(any2array($valid_interfaces), ','); - 'glance/num_retries': value => $num_retries_real; - 'glance/enable_rbd_download': value => $enable_rbd_download; - 'glance/rbd_user': value => $rbd_user; - 'glance/rbd_connect_timeout': value => $rbd_connect_timeout; - 'glance/rbd_pool': value => $rbd_pool; - 'glance/rbd_ceph_conf': value => $rbd_ceph_conf; + 'glance/endpoint_override': value => $endpoint_override_real; + 'glance/valid_interfaces': value => join(any2array($valid_interfaces), ','); + 'glance/num_retries': value => $num_retries_real; + 'glance/verify_glance_signatures': value => $verify_glance_signatures_real; + 'glance/enable_rbd_download': value => $enable_rbd_download; + 'glance/rbd_user': value => $rbd_user; + 'glance/rbd_connect_timeout': value => $rbd_connect_timeout; + 'glance/rbd_pool': value => $rbd_pool; + 'glance/rbd_ceph_conf': value => $rbd_ceph_conf; } } diff --git a/releasenotes/notes/migrate-verify_glance_signatures-3fbef6e4f0d7f49f.yaml b/releasenotes/notes/migrate-verify_glance_signatures-3fbef6e4f0d7f49f.yaml new file mode 100644 index 000000000..7f4d2ca72 --- /dev/null +++ b/releasenotes/notes/migrate-verify_glance_signatures-3fbef6e4f0d7f49f.yaml @@ -0,0 +1,6 @@ +--- +deprecations: + - | + The ``nova::compute::verify_glance_signatures`` parameter has been + deprecated in favor of the new ``nova::glance::verify_glance_signatures`` + parameter. diff --git a/spec/classes/nova_compute_spec.rb b/spec/classes/nova_compute_spec.rb index 6fe85590d..b18dacb30 100644 --- a/spec/classes/nova_compute_spec.rb +++ b/spec/classes/nova_compute_spec.rb @@ -56,7 +56,6 @@ describe 'nova::compute' do it { is_expected.to contain_nova_config('DEFAULT/resize_confirm_window').with_value('') } it { is_expected.to contain_nova_config('DEFAULT/shutdown_timeout').with_value('') } it { is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with_value('') } - it { is_expected.to contain_nova_config('glance/verify_glance_signatures').with_value('') } it { is_expected.to contain_nova_config('DEFAULT/max_concurrent_builds').with_value('') } it { is_expected.to contain_nova_config('DEFAULT/max_concurrent_live_migrations').with_value('') } it { is_expected.to contain_nova_config('DEFAULT/sync_power_state_pool_size').with_value('') } @@ -122,7 +121,6 @@ describe 'nova::compute' do :max_concurrent_live_migrations => '4', :sync_power_state_pool_size => '10', :sync_power_state_interval => '0', - :verify_glance_signatures => true, :consecutive_build_service_disable_threshold => '9', :live_migration_wait_for_vif_plug => true, :max_disk_devices_to_attach => 20, @@ -190,7 +188,6 @@ describe 'nova::compute' do it { is_expected.to contain_nova_config('DEFAULT/max_concurrent_live_migrations').with_value('4') } it { is_expected.to contain_nova_config('DEFAULT/sync_power_state_pool_size').with_value('10') } it { is_expected.to contain_nova_config('DEFAULT/sync_power_state_interval').with_value('0') } - it { is_expected.to contain_nova_config('glance/verify_glance_signatures').with_value(true) } it { is_expected.to contain_nova_config('compute/consecutive_build_service_disable_threshold').with_value('9') } it { is_expected.to contain_nova_config('compute/live_migration_wait_for_vif_plug').with_value(true) } it { is_expected.to contain_nova_config('compute/max_disk_devices_to_attach').with_value(20) } diff --git a/spec/classes/nova_glance_spec.rb b/spec/classes/nova_glance_spec.rb index 861534c65..08d04690e 100644 --- a/spec/classes/nova_glance_spec.rb +++ b/spec/classes/nova_glance_spec.rb @@ -12,6 +12,7 @@ describe 'nova::glance' do is_expected.to contain_nova_config('glance/endpoint_override').with_value('') is_expected.to contain_nova_config('glance/valid_interfaces').with_value('') is_expected.to contain_nova_config('glance/num_retries').with_value('') + is_expected.to contain_nova_config('glance/verify_glance_signatures').with_value('') is_expected.to contain_nova_config('glance/enable_rbd_download').with_value('') is_expected.to contain_nova_config('glance/rbd_user').with_value('') is_expected.to contain_nova_config('glance/rbd_connect_timeout').with_value('') @@ -23,14 +24,15 @@ describe 'nova::glance' do context 'with specific parameters' do let :params do { - :endpoint_override => 'http://localhost:9292', - :valid_interfaces => 'internal', - :num_retries => 3, - :enable_rbd_download => true, - :rbd_user => 'nova', - :rbd_connect_timeout => 5, - :rbd_pool => 'images', - :rbd_ceph_conf => '/etc/ceph/ceph.conf', + :endpoint_override => 'http://localhost:9292', + :valid_interfaces => 'internal', + :num_retries => 3, + :verify_glance_signatures => false, + :enable_rbd_download => true, + :rbd_user => 'nova', + :rbd_connect_timeout => 5, + :rbd_pool => 'images', + :rbd_ceph_conf => '/etc/ceph/ceph.conf', } end @@ -38,6 +40,7 @@ describe 'nova::glance' do is_expected.to contain_nova_config('glance/endpoint_override').with_value('http://localhost:9292') is_expected.to contain_nova_config('glance/valid_interfaces').with_value('internal') is_expected.to contain_nova_config('glance/num_retries').with_value(3) + is_expected.to contain_nova_config('glance/verify_glance_signatures').with_value(false) is_expected.to contain_nova_config('glance/enable_rbd_download').with_value(true) is_expected.to contain_nova_config('glance/rbd_user').with_value('nova') is_expected.to contain_nova_config('glance/rbd_connect_timeout').with_value(5)