From e8a14766c84bf0eaea1c11b24a23452e0a574581 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Wed, 1 Nov 2023 13:01:21 +0900 Subject: [PATCH] Install swtpm package The swtpm package is required to support TPM emulation[1]. [1] https://docs.openstack.org/nova/latest/admin/emulated-tpm.html Change-Id: I79f094ac6e5e3a6ecdc5b70f32fb63756395adf3 --- manifests/compute/libvirt/services.pp | 13 +++++++++++++ manifests/params.pp | 2 ++ releasenotes/notes/swtpm-7d012dfed4c5320a.yaml | 6 ++++++ spec/classes/nova_compute_libvirt_services_spec.rb | 6 ++++++ 4 files changed, 27 insertions(+) create mode 100644 releasenotes/notes/swtpm-7d012dfed4c5320a.yaml diff --git a/manifests/compute/libvirt/services.pp b/manifests/compute/libvirt/services.pp index a294ebf74..7bb84021f 100644 --- a/manifests/compute/libvirt/services.pp +++ b/manifests/compute/libvirt/services.pp @@ -53,6 +53,10 @@ # (optional) install the OVMF package. # Defaults to true # +# [*manage_swtpm*] +# (optional) install the swtpm package. +# Defaults to true +# class nova::compute::libvirt::services ( $ensure_package = 'present', $libvirt_service_name = $::nova::params::libvirt_service_name, @@ -66,6 +70,7 @@ class nova::compute::libvirt::services ( $virtproxy_service_name = $::nova::params::virtproxy_socket_name, $virtstorage_service_name = $::nova::params::virtstorage_socket_name, Boolean $manage_ovmf = true, + Boolean $manage_swtpm = true, ) inherits nova::params { include nova::deps @@ -85,6 +90,14 @@ class nova::compute::libvirt::services ( Package['ovmf'] ~> Service<| title == 'nova-compute'|> } + if $manage_swtpm { + package { 'swtpm': + ensure => $ensure_package, + name => $::nova::params::swtpm_package_name, + tag => ['openstack', 'nova-support-package'], + } + } + if $libvirt_service_name { # libvirt-nwfilter if $facts['os']['family'] == 'RedHat' { diff --git a/manifests/params.pp b/manifests/params.pp index 7a84d9cae..de3745f3e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -37,6 +37,7 @@ class nova::params { $mkisofs_package_name = 'xorriso' $mkisofs_cmd = 'mkisofs' $ovmf_package_name = 'edk2-ovmf' + $swtpm_package_name = 'swtpm' # service names $api_service_name = 'openstack-nova-api' $api_metadata_service_name = undef @@ -87,6 +88,7 @@ class nova::params { $mkisofs_package_name = 'genisoimage' $mkisofs_cmd = false $ovmf_package_name = 'ovmf' + $swtpm_package_name = 'swtpm' # service names $api_service_name = 'nova-api' $compute_service_name = 'nova-compute' diff --git a/releasenotes/notes/swtpm-7d012dfed4c5320a.yaml b/releasenotes/notes/swtpm-7d012dfed4c5320a.yaml new file mode 100644 index 000000000..06fa995a8 --- /dev/null +++ b/releasenotes/notes/swtpm-7d012dfed4c5320a.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + The ``nova::compute::libvirt::services`` class now installs the ``swtpm`` + package by default. To disable the package installation, use + the ``manage_swtpm`` parameter. diff --git a/spec/classes/nova_compute_libvirt_services_spec.rb b/spec/classes/nova_compute_libvirt_services_spec.rb index 26810cb7b..58669f6b1 100644 --- a/spec/classes/nova_compute_libvirt_services_spec.rb +++ b/spec/classes/nova_compute_libvirt_services_spec.rb @@ -7,6 +7,7 @@ describe 'nova::compute::libvirt::services' do context 'with default parameters' do it 'deploys libvirt packages and services' do is_expected.to contain_package('ovmf') + is_expected.to contain_package('swtpm') is_expected.to contain_package('libvirt') is_expected.to contain_service('libvirt') end @@ -18,6 +19,7 @@ describe 'nova::compute::libvirt::services' do :libvirt_service_name => false, :modular_libvirt => false, :manage_ovmf => false, + :manage_swtpm => false, } end @@ -29,6 +31,10 @@ describe 'nova::compute::libvirt::services' do it 'skips installing ovmf' do is_expected.not_to contain_package('ovmf') end + + it 'skips installing swtpm' do + is_expected.not_to contain_package('swtpm') + end end end