Enable configuration of ca_file and crl_file for nova live migration

These options are for libvirt's configuration file; and allow us to use custom paths for these parameters, instead of relying on the default ones. Related-Bug: #1821139 Change-Id: I208bb53c2a270d770d114116fde3f062c0d66985
2019-03-21 10:11:40 +02:00 · 2019-03-21 10:11:40 +02:00 · ae9fc454e2
commit ae9fc454e2
parent 6196f0f932
3 changed files with 44 additions and 0 deletions
--- a/manifests/migration/libvirt.pp
+++ b/manifests/migration/libvirt.pp
@ -77,6 +77,18 @@
 #   See https://libvirt.org/guide/html/Application_Development_Guide-Architecture-Remote_URIs.html
 #   Defaults to {}
 #
+# [*ca_file*]
+#   (optional) Specifies the CA certificate that the TLS transport will use.
+#   Note that this is only used if the TLS transport is enabled via the
+#   "transport" option.
+#   Defaults to undef
+#
+# [*crl_file*]
+#   (optional) Specifies the CRL file that the TLS transport will use.
+#   Note that this is only used if the TLS transport is enabled via the
+#   "transport" option.
+#   Defaults to undef
+#
 class nova::migration::libvirt(
  $transport                         = undef,
  $auth                              = 'none',
@ -91,6 +103,8 @@ class nova::migration::libvirt(
  $client_user                       = undef,
  $client_port                       = undef,
  $client_extraparams                = {},
+  $ca_file                           = undef,
+  $crl_file                          = undef,
 ){

  include ::nova::deps
@ -195,6 +209,16 @@ class nova::migration::libvirt(
      libvirtd_config {
        'auth_tls': value => "\"${auth}\"";
      }
+      if $ca_file {
+        libvirtd_config {
+          'ca_file': value => "\"${ca_file}\"";
+        }
+      }
+      if $crl_file {
+        libvirtd_config {
+          'crl_file': value => "\"${crl_file}\"";
+        }
+      }
    } elsif $transport_real == 'tcp' {
      libvirtd_config {
        'auth_tcp': value => "\"${auth}\"";
--- a/releasenotes/notes/libvirt-ca-file-crl-file-c6672aa3d12382cb.yaml
+++ b/releasenotes/notes/libvirt-ca-file-crl-file-c6672aa3d12382cb.yaml
@ -0,0 +1,8 @@
+---
+features:
+  - |
+    The ca_file is now configurable for the TLS transport in nova's live
+    migration options for libvirt.
+  - |
+    The crl_file is now configurable for the TLS transport in nova's live
+    migration options for libvirt.
--- a/spec/classes/nova_migration_libvirt_spec.rb
+++ b/spec/classes/nova_migration_libvirt_spec.rb
@ -139,6 +139,18 @@ describe 'nova::migration::libvirt' do
      it { is_expected.not_to contain_libvirtd_config('auth_tcp') }
    end

+    context 'with certificates set and tls enabled' do
+      let :params do
+        {
+          :transport => 'tls',
+          :ca_file   => '/ca',
+          :crl_file  => '/crl',
+        }
+      end
+      it { is_expected.to contain_libvirtd_config('ca_file').with_value("\"/ca\"") }
+      it { is_expected.to contain_libvirtd_config('crl_file').with_value("\"/crl\"") }
+    end
+
    context 'with auth set to an invalid setting' do
      let :params do
        {