Install swtpm package

The swtpm package is required to support TPM emulation[1]. [1] https://docs.openstack.org/nova/latest/admin/emulated-tpm.html Change-Id: I79f094ac6e5e3a6ecdc5b70f32fb63756395adf3
2023-11-01 13:01:21 +09:00 · 2023-11-01 13:01:21 +09:00 · e8a14766c8
parent 4d604ff4a9
commit e8a14766c8
4 changed files with 27 additions and 0 deletions
--- a/manifests/compute/libvirt/services.pp
+++ b/manifests/compute/libvirt/services.pp
@ -53,6 +53,10 @@
 #   (optional) install the OVMF package.
 #   Defaults to true
 #
+# [*manage_swtpm*]
+#   (optional) install the swtpm package.
+#   Defaults to true
+#
 class nova::compute::libvirt::services (
  $ensure_package           = 'present',
  $libvirt_service_name     = $::nova::params::libvirt_service_name,
@ -66,6 +70,7 @@ class nova::compute::libvirt::services (
  $virtproxy_service_name   = $::nova::params::virtproxy_socket_name,
  $virtstorage_service_name = $::nova::params::virtstorage_socket_name,
  Boolean $manage_ovmf      = true,
+  Boolean $manage_swtpm     = true,
 ) inherits nova::params {

  include nova::deps
@ -85,6 +90,14 @@ class nova::compute::libvirt::services (
    Package['ovmf'] ~> Service<| title == 'nova-compute'|>
  }

+  if $manage_swtpm {
+    package { 'swtpm':
+      ensure => $ensure_package,
+      name   => $::nova::params::swtpm_package_name,
+      tag    => ['openstack', 'nova-support-package'],
+    }
+  }
+
  if $libvirt_service_name {
    # libvirt-nwfilter
    if $facts['os']['family'] == 'RedHat' {
--- a/manifests/params.pp
+++ b/manifests/params.pp
@ -37,6 +37,7 @@ class nova::params {
      $mkisofs_package_name              = 'xorriso'
      $mkisofs_cmd                       = 'mkisofs'
      $ovmf_package_name                 = 'edk2-ovmf'
+      $swtpm_package_name                = 'swtpm'
      # service names
      $api_service_name                  = 'openstack-nova-api'
      $api_metadata_service_name         = undef
@ -87,6 +88,7 @@ class nova::params {
      $mkisofs_package_name              = 'genisoimage'
      $mkisofs_cmd                       = false
      $ovmf_package_name                 = 'ovmf'
+      $swtpm_package_name                = 'swtpm'
      # service names
      $api_service_name                  = 'nova-api'
      $compute_service_name              = 'nova-compute'
--- a/releasenotes/notes/swtpm-7d012dfed4c5320a.yaml
+++ b/releasenotes/notes/swtpm-7d012dfed4c5320a.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    The ``nova::compute::libvirt::services`` class now installs the ``swtpm``
+    package by default. To disable the package installation, use
+    the ``manage_swtpm`` parameter.
--- a/spec/classes/nova_compute_libvirt_services_spec.rb
+++ b/spec/classes/nova_compute_libvirt_services_spec.rb
@ -7,6 +7,7 @@ describe 'nova::compute::libvirt::services' do
    context 'with default parameters' do
      it 'deploys libvirt packages and services' do
        is_expected.to contain_package('ovmf')
+        is_expected.to contain_package('swtpm')
        is_expected.to contain_package('libvirt')
        is_expected.to contain_service('libvirt')
      end
@ -18,6 +19,7 @@ describe 'nova::compute::libvirt::services' do
          :libvirt_service_name => false,
          :modular_libvirt      => false,
          :manage_ovmf          => false,
+          :manage_swtpm         => false,
        }
      end

@ -29,6 +31,10 @@ describe 'nova::compute::libvirt::services' do
      it 'skips installing ovmf' do
        is_expected.not_to contain_package('ovmf')
      end
+
+      it 'skips installing swtpm' do
+        is_expected.not_to contain_package('swtpm')
+      end
    end
  end