Add VNC SSL options
The options ssl_only, cert, and key in the DEFAULT section in nova.conf is mainly (and only?) used to configure SSL and certificates for VNC. However since they are in the DEFAULT section and are generic for Nova my opinion is that they should be in nova::init. For information about these options see [1] and [2]. They are not deprecated so should be no issues adding them in. [1] https://docs.openstack.org/nova/queens/admin/remote-console-access.html [2] https://github.com/openstack/nova/blob/master/nova/conf/novnc.py Change-Id: Ice51fe175bdc1cb14fa49cf53d1f38e9728bbb60
This commit is contained in:
parent
d80e6ed5c0
commit
9c6b39b93a
|
@ -261,7 +261,7 @@
|
|||
#
|
||||
# [*ca_file*]
|
||||
# (optional) CA certificate file to use to verify connecting clients
|
||||
# Defaults to false, not set_
|
||||
# Defaults to false, not set
|
||||
#
|
||||
# [*nova_public_key*]
|
||||
# (optional) Install public key in .ssh/authorized_keys for the 'nova' user.
|
||||
|
@ -275,6 +275,18 @@
|
|||
# 'key-data' }, where 'key-type' is one of (ssh-rsa, ssh-dsa, ssh-ecdsa) and
|
||||
# 'key-data' is the contents of the private key file.
|
||||
#
|
||||
# [*ssl_only*]
|
||||
# (optional) Disallow non-encrypted connections.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*cert*]
|
||||
# (optional) Path to SSL certificate file.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*key*]
|
||||
# (optional) SSL key file (if separate from cert).
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*notification_transport_url*]
|
||||
# (optional) A URL representing the messaging driver to use for notifications
|
||||
# and its full configuration. Transport URLs take the form:
|
||||
|
@ -492,6 +504,9 @@ class nova(
|
|||
$key_file = false,
|
||||
$nova_public_key = undef,
|
||||
$nova_private_key = undef,
|
||||
$ssl_only = false,
|
||||
$cert = $::os_service_default,
|
||||
$key = $::os_service_default,
|
||||
$notification_transport_url = $::os_service_default,
|
||||
$notification_driver = $::os_service_default,
|
||||
$notification_topics = $::os_service_default,
|
||||
|
@ -639,6 +654,9 @@ but should be one of: ssh-rsa, ssh-dsa, ssh-ecdsa.")
|
|||
}
|
||||
|
||||
nova_config {
|
||||
'DEFAULT/ssl_only': value => $ssl_only;
|
||||
'DEFAULT/cert': value => $cert;
|
||||
'DEFAULT/key': value => $key;
|
||||
'DEFAULT/my_ip': value => $my_ip;
|
||||
'api/auth_strategy': value => $auth_strategy;
|
||||
'DEFAULT/image_service': value => $image_service;
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Added parameters nova::ssl_only, nova::cert, nova::key to manage
|
||||
SSL options for VNC.
|
|
@ -62,6 +62,9 @@ describe 'nova' do
|
|||
is_expected.to contain_nova_config('DEFAULT/cpu_allocation_ratio').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('DEFAULT/ram_allocation_ratio').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('DEFAULT/disk_allocation_ratio').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('DEFAULT/ssl_only').with_value(false)
|
||||
is_expected.to contain_nova_config('DEFAULT/cert').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('DEFAULT/key').with_value('<SERVICE DEFAULT>')
|
||||
end
|
||||
|
||||
it 'configures block_device_allocate params' do
|
||||
|
@ -107,6 +110,9 @@ describe 'nova' do
|
|||
:block_device_allocate_retries => '60',
|
||||
:block_device_allocate_retries_interval => '3',
|
||||
:my_ip => '192.0.2.1',
|
||||
:ssl_only => true,
|
||||
:cert => '/etc/ssl/private/snakeoil.pem',
|
||||
:key => '/etc/ssl/certs/snakeoil.pem',
|
||||
}
|
||||
end
|
||||
|
||||
|
@ -172,6 +178,9 @@ describe 'nova' do
|
|||
is_expected.to contain_nova_config('DEFAULT/report_interval').with_value('60')
|
||||
is_expected.to contain_nova_config('os_vif_linux_bridge/use_ipv6').with_value('true')
|
||||
is_expected.to contain_nova_config('cinder/os_region_name').with_value('MyRegion')
|
||||
is_expected.to contain_nova_config('DEFAULT/ssl_only').with_value(true)
|
||||
is_expected.to contain_nova_config('DEFAULT/cert').with_value('/etc/ssl/private/snakeoil.pem')
|
||||
is_expected.to contain_nova_config('DEFAULT/key').with_value('/etc/ssl/certs/snakeoil.pem')
|
||||
end
|
||||
|
||||
context 'with multiple notification_driver' do
|
||||
|
|
Loading…
Reference in New Issue