Do not install swtpm by default

Nova disables vTPM support by default and users have to set the [libvirt] swtpm_enabled option to enable it. So the package installation should be optional. Note: The parameter was introduced during this cycle[1] so we can safely change the default value. [1] e8a14766c84bf0eaea1c11b24a23452e0a574581 Change-Id: I2e1791dcc64a844691a380686e695efeaaa0e343
2024-02-09 15:01:47 +09:00 · 2024-02-09 15:01:47 +09:00 · 8ea98a08e7
commit 8ea98a08e7
parent 332fb89413
3 changed files with 58 additions and 16 deletions
--- a/manifests/compute/libvirt/services.pp
+++ b/manifests/compute/libvirt/services.pp
@ -55,7 +55,7 @@
 #
 # [*manage_swtpm*]
 #   (optional) install the swtpm package.
-#   Defaults to true
+#   Defaults to false
 #
 class nova::compute::libvirt::services (
  $ensure_package           = 'present',
@ -70,7 +70,7 @@ class nova::compute::libvirt::services (
  $virtproxy_service_name   = $::nova::params::virtproxy_socket_name,
  $virtstorage_service_name = $::nova::params::virtstorage_socket_name,
  Boolean $manage_ovmf      = true,
-  Boolean $manage_swtpm     = true,
+  Boolean $manage_swtpm     = false,
 ) inherits nova::params {

  include nova::deps
--- a/releasenotes/notes/swtpm-7d012dfed4c5320a.yaml
+++ b/releasenotes/notes/swtpm-7d012dfed4c5320a.yaml
@ -1,6 +1,6 @@
 ---
 features:
  - |
-    The ``nova::compute::libvirt::services`` class now installs the ``swtpm``
-    package by default. To disable the package installation, use
-    the ``manage_swtpm`` parameter.
+    The new ``manage_swtpm`` parameter has been added to
+    the ``nova::compute::libvirt::services`` class. Set this parameter to
+    ``true`` to install swtpm package.
--- a/spec/classes/nova_compute_libvirt_services_spec.rb
+++ b/spec/classes/nova_compute_libvirt_services_spec.rb
@ -5,11 +5,34 @@ describe 'nova::compute::libvirt::services' do
  shared_examples_for 'nova compute libvirt services' do

    context 'with default parameters' do
-      it 'deploys libvirt packages and services' do
-        is_expected.to contain_package('ovmf')
-        is_expected.to contain_package('swtpm')
-        is_expected.to contain_package('libvirt')
-        is_expected.to contain_service('libvirt')
+      it 'deploys libvirt service' do
+        is_expected.to contain_package('libvirt').with(
+          :ensure => 'present',
+          :name   => platform_params[:libvirt_package_name],
+          :tag    => ['openstack', 'nova-support-package'],
+        )
+        is_expected.to contain_service('libvirt').with(
+          :ensure => 'running',
+          :enable => true,
+          :name   => platform_params[:libvirt_service_name],
+          :tag    => ['libvirt-service', 'libvirt-qemu-service'],
+        )
+      end
+
+      it 'installs ovmf' do
+        is_expected.to contain_package('ovmf').with(
+          :ensure => 'present',
+          :name   => platform_params[:ovmf_package_name],
+          :tag    => ['openstack', 'nova-support-package'],
+        )
+      end
+
+      it 'installs swtpm' do
+        is_expected.to_not contain_package('swtpm').with(
+          :ensure => 'present',
+          :name   => platform_params[:swtpm_package_name],
+          :tag    => ['openstack', 'nova-support-package'],
+        )
      end
    end

@ -17,13 +40,12 @@ describe 'nova::compute::libvirt::services' do
      let :params do
        {
          :libvirt_service_name => false,
-          :modular_libvirt      => false,
          :manage_ovmf          => false,
-          :manage_swtpm         => false,
+          :manage_swtpm         => true,
        }
      end

-      it 'disable libvirt service' do
+      it 'skips installing libvirt' do
        is_expected.not_to contain_package('libvirt')
        is_expected.not_to contain_service('libvirt')
      end
@ -32,8 +54,8 @@ describe 'nova::compute::libvirt::services' do
        is_expected.not_to contain_package('ovmf')
      end

-      it 'skips installing swtpm' do
-        is_expected.not_to contain_package('swtpm')
+      it 'skips installs swtpm' do
+        is_expected.to contain_package('swtpm')
      end
    end
  end
@ -66,9 +88,29 @@ describe 'nova::compute::libvirt::services' do
    :supported_os   => OSDefaults.get_supported_os
  }).each do |os,facts|
    context "on #{os}" do
-      let (:facts) do
+      let :facts do
        facts.merge!(OSDefaults.get_facts())
      end
+
+      let :platform_params do
+        case facts[:os]['family']
+        when 'Debian'
+          {
+            :libvirt_package_name => 'libvirt-daemon-system',
+            :libvirt_service_name => 'libvirtd',
+            :ovmf_package_name    => 'ovmf',
+            :swtpm_package_name   => 'swtpm'
+          }
+        when 'RedHat'
+          {
+            :libvirt_package_name => 'libvirt-daemon-kvm',
+            :libvirt_service_name => 'libvirtd',
+            :ovmf_package_name    => 'edk2-ovmf',
+            :swtpm_package_name   => 'swtpm'
+          }
+        end
+      end
+
      it_configures 'nova compute libvirt services'
      if facts['osfamily'] == 'RedHat'
        it_configures 'nova compute libvirt services with modular libvirt'