openstack/puppet-nova
Code Issues Proposed changes

Enable configuration of ca_file and crl_file for nova live migration

Browse Source 
These options are for libvirt's configuration file; and allow us to use
custom paths for these parameters, instead of relying on the default
ones.

Related-Bug: #1821139
Change-Id: I208bb53c2a270d770d114116fde3f062c0d66985
This commit is contained in:
Juan Antonio Osorio Robles 2019-03-21 10:11:40 +02:00 committed by Emilien Macchi
parent 6196f0f932
commit ae9fc454e2
3 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
manifests/migration/libvirt.pp
View File

@ -77,6 +77,18 @@
# See https://libvirt.org/guide/html/Application_Development_Guide-Architecture-Remote_URIs.html # See https://libvirt.org/guide/html/Application_Development_Guide-Architecture-Remote_URIs.html
# Defaults to {} # Defaults to {}
# #
# [*ca_file*]
# (optional) Specifies the CA certificate that the TLS transport will use.
# Note that this is only used if the TLS transport is enabled via the
# "transport" option.
# Defaults to undef
#
# [*crl_file*]
# (optional) Specifies the CRL file that the TLS transport will use.
# Note that this is only used if the TLS transport is enabled via the
# "transport" option.
# Defaults to undef
#
class nova::migration::libvirt( class nova::migration::libvirt(
$transport = undef, $transport = undef,
$auth = 'none', $auth = 'none',
@ -91,6 +103,8 @@ class nova::migration::libvirt(
$client_user = undef, $client_user = undef,
$client_port = undef, $client_port = undef,
$client_extraparams = {}, $client_extraparams = {},
$ca_file = undef,
$crl_file = undef,
){ ){
include ::nova::deps include ::nova::deps
@ -195,6 +209,16 @@ class nova::migration::libvirt(
libvirtd_config { libvirtd_config {
'auth_tls': value => "\"${auth}\""; 'auth_tls': value => "\"${auth}\"";
} }
if $ca_file {
libvirtd_config {
'ca_file': value => "\"${ca_file}\"";
}
}
if $crl_file {
libvirtd_config {
'crl_file': value => "\"${crl_file}\"";
}
}
} elsif $transport_real == 'tcp' { } elsif $transport_real == 'tcp' {
libvirtd_config { libvirtd_config {
'auth_tcp': value => "\"${auth}\""; 'auth_tcp': value => "\"${auth}\"";

8
releasenotes/notes/libvirt-ca-file-crl-file-c6672aa3d12382cb.yaml Normal file
View File

@ -0,0 +1,8 @@
---
features:
- |
The ca_file is now configurable for the TLS transport in nova's live
migration options for libvirt.
- |
The crl_file is now configurable for the TLS transport in nova's live
migration options for libvirt.

12
spec/classes/nova_migration_libvirt_spec.rb
View File

@ -139,6 +139,18 @@ describe 'nova::migration::libvirt' do
it { is_expected.not_to contain_libvirtd_config('auth_tcp') } it { is_expected.not_to contain_libvirtd_config('auth_tcp') }
end end
context 'with certificates set and tls enabled' do
let :params do
{
:transport => 'tls',
:ca_file => '/ca',
:crl_file => '/crl',
}
end
it { is_expected.to contain_libvirtd_config('ca_file').with_value("\"/ca\"") }
it { is_expected.to contain_libvirtd_config('crl_file').with_value("\"/crl\"") }
end
context 'with auth set to an invalid setting' do context 'with auth set to an invalid setting' do
let :params do let :params do
{ {