Browse Source

Adds tls_priority parameter to nova::compute::libvirt

Override the compile time default TLS priority string. The
default is usually "NORMAL" unless overridden at build time.
Only set this if it is desired for libvirt to deviate from
the global default settings.

Change-Id: I221d48ba720e8ad820050fb5f735cd20d75f2f7a
Related-Bug: #1840447
(cherry picked from commit 7f9c58f86c)
changes/99/677999/1
Martin Schuppert 1 month ago
parent
commit
b28b01a01f

+ 14
- 0
manifests/compute/libvirt.pp View File

@@ -180,6 +180,13 @@
180 180
 #   https://libvirt.org/logging.html
181 181
 #   Defaults to undef
182 182
 #
183
+# [*tls_priority*]
184
+#   (optional) Override the compile time default TLS priority string. The
185
+#   default is usually "NORMAL" unless overridden at build time.
186
+#   Only set this if it is desired for libvirt to deviate from
187
+#   the global default settings.
188
+#   Defaults to undef
189
+#
183 190
 class nova::compute::libvirt (
184 191
   $ensure_package                             = 'present',
185 192
   $libvirt_virt_type                          = 'kvm',
@@ -214,6 +221,7 @@ class nova::compute::libvirt (
214 221
   $num_pcie_ports                             = $::os_service_default,
215 222
   $mem_stats_period_seconds                   = $::os_service_default,
216 223
   $log_filters                                = undef,
224
+  $tls_priority                               = undef,
217 225
 ) inherits nova::params {
218 226
 
219 227
   include ::nova::deps
@@ -256,6 +264,12 @@ class nova::compute::libvirt (
256 264
     }
257 265
   }
258 266
 
267
+  if $tls_priority {
268
+    libvirtd_config {
269
+      'tls_priority': value => "\"${tls_priority}\"";
270
+    }
271
+  }
272
+
259 273
   unless $rx_queue_size == $::os_service_default or $rx_queue_size in [256, 512, 1024] {
260 274
     fail("Invalid rx_queue_size parameter: ${rx_queue_size}")
261 275
   }

+ 8
- 0
releasenotes/notes/libvirtd_tls_priority-1e66515aa1da7977.yaml View File

@@ -0,0 +1,8 @@
1
+---
2
+features:
3
+  - |
4
+    Add tls_priority parameter to nova::compute::libvirt class
5
+    to override the compile time default TLS priority string. The
6
+    default is usually "NORMAL" unless overridden at build time.
7
+    Only set this if it is desired for libvirt to deviate from
8
+    the global default settings.

+ 3
- 0
spec/classes/nova_compute_libvirt_spec.rb View File

@@ -69,6 +69,7 @@ describe 'nova::compute::libvirt' do
69 69
       it { is_expected.to contain_nova_config('libvirt/num_pcie_ports').with_ensure('<SERVICE DEFAULT>')}
70 70
       it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value('<SERVICE DEFAULT>')}
71 71
       it { is_expected.to contain_libvirtd_config('log_filters').with_ensure('absent')}
72
+      it { is_expected.to contain_libvirtd_config('tls_priority').with_ensure('absent')}
72 73
     end
73 74
 
74 75
     describe 'with params' do
@@ -100,6 +101,7 @@ describe 'nova::compute::libvirt' do
100 101
           :num_pcie_ports                             => 16,
101 102
           :mem_stats_period_seconds                   => 20,
102 103
           :log_filters                                => '1:qemu',
104
+          :tls_priority                               => 'NORMAL:-VERS-SSL3.0',
103 105
         }
104 106
       end
105 107
 
@@ -130,6 +132,7 @@ describe 'nova::compute::libvirt' do
130 132
       it { is_expected.to contain_nova_config('libvirt/num_pcie_ports').with_value(16)}
131 133
       it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value(20)}
132 134
       it { is_expected.to contain_libvirtd_config('log_filters').with_value("\"#{params[:log_filters]}\"")}
135
+      it { is_expected.to contain_libvirtd_config('tls_priority').with_value("\"#{params[:tls_priority]}\"")}
133 136
       it {
134 137
         is_expected.to contain_service('libvirt').with(
135 138
           :name     => 'custom_service',

Loading…
Cancel
Save