Adds tls_priority parameter to nova::compute::libvirt

Override the compile time default TLS priority string. The default is usually "NORMAL" unless overridden at build time. Only set this if it is desired for libvirt to deviate from the global default settings. Change-Id: I221d48ba720e8ad820050fb5f735cd20d75f2f7a Related-Bug: #1840447 (cherry picked from commit 7f9c58f86c)
2019-08-16 14:56:45 +02:00 · 2019-08-16 14:56:45 +02:00 · b28b01a01f
parent 749e4fbb25
commit b28b01a01f
3 changed files with 25 additions and 0 deletions
--- a/manifests/compute/libvirt.pp
+++ b/manifests/compute/libvirt.pp
@ -180,6 +180,13 @@
 #   https://libvirt.org/logging.html
 #   Defaults to undef
 #
+# [*tls_priority*]
+#   (optional) Override the compile time default TLS priority string. The
+#   default is usually "NORMAL" unless overridden at build time.
+#   Only set this if it is desired for libvirt to deviate from
+#   the global default settings.
+#   Defaults to undef
+#
 class nova::compute::libvirt (
  $ensure_package                             = 'present',
  $libvirt_virt_type                          = 'kvm',
@ -214,6 +221,7 @@ class nova::compute::libvirt (
  $num_pcie_ports                             = $::os_service_default,
  $mem_stats_period_seconds                   = $::os_service_default,
  $log_filters                                = undef,
+  $tls_priority                               = undef,
 ) inherits nova::params {

  include ::nova::deps
@ -256,6 +264,12 @@ class nova::compute::libvirt (
    }
  }

+  if $tls_priority {
+    libvirtd_config {
+      'tls_priority': value => "\"${tls_priority}\"";
+    }
+  }
+
  unless $rx_queue_size == $::os_service_default or $rx_queue_size in [256, 512, 1024] {
    fail("Invalid rx_queue_size parameter: ${rx_queue_size}")
  }
--- a/releasenotes/notes/libvirtd_tls_priority-1e66515aa1da7977.yaml
+++ b/releasenotes/notes/libvirtd_tls_priority-1e66515aa1da7977.yaml
@ -0,0 +1,8 @@
+---
+features:
+  - |
+    Add tls_priority parameter to nova::compute::libvirt class
+    to override the compile time default TLS priority string. The
+    default is usually "NORMAL" unless overridden at build time.
+    Only set this if it is desired for libvirt to deviate from
+    the global default settings.
--- a/spec/classes/nova_compute_libvirt_spec.rb
+++ b/spec/classes/nova_compute_libvirt_spec.rb
@ -69,6 +69,7 @@ describe 'nova::compute::libvirt' do
      it { is_expected.to contain_nova_config('libvirt/num_pcie_ports').with_ensure('<SERVICE DEFAULT>')}
      it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value('<SERVICE DEFAULT>')}
      it { is_expected.to contain_libvirtd_config('log_filters').with_ensure('absent')}
+      it { is_expected.to contain_libvirtd_config('tls_priority').with_ensure('absent')}
    end

    describe 'with params' do
@ -100,6 +101,7 @@ describe 'nova::compute::libvirt' do
          :num_pcie_ports                             => 16,
          :mem_stats_period_seconds                   => 20,
          :log_filters                                => '1:qemu',
+          :tls_priority                               => 'NORMAL:-VERS-SSL3.0',
        }
      end

@ -130,6 +132,7 @@ describe 'nova::compute::libvirt' do
      it { is_expected.to contain_nova_config('libvirt/num_pcie_ports').with_value(16)}
      it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value(20)}
      it { is_expected.to contain_libvirtd_config('log_filters').with_value("\"#{params[:log_filters]}\"")}
+      it { is_expected.to contain_libvirtd_config('tls_priority').with_value("\"#{params[:tls_priority]}\"")}
      it {
        is_expected.to contain_service('libvirt').with(
          :name     => 'custom_service',