Browse Source

Adds tls_priority parameter to nova::compute::libvirt

Override the compile time default TLS priority string. The
default is usually "NORMAL" unless overridden at build time.
Only set this if it is desired for libvirt to deviate from
the global default settings.

Change-Id: I221d48ba720e8ad820050fb5f735cd20d75f2f7a
Related-Bug: #1840447
(cherry picked from commit 7f9c58f86c)
(cherry picked from commit b28b01a01f)
changes/90/678990/1
Martin Schuppert 1 month ago
parent
commit
ef1499a4c6

+ 14
- 0
manifests/compute/libvirt.pp View File

@@ -169,6 +169,13 @@
169 169
 #   https://libvirt.org/logging.html
170 170
 #   Defaults to undef
171 171
 #
172
+# [*tls_priority*]
173
+#   (optional) Override the compile time default TLS priority string. The
174
+#   default is usually "NORMAL" unless overridden at build time.
175
+#   Only set this if it is desired for libvirt to deviate from
176
+#   the global default settings.
177
+#   Defaults to undef
178
+#
172 179
 class nova::compute::libvirt (
173 180
   $ensure_package                             = 'present',
174 181
   $libvirt_virt_type                          = 'kvm',
@@ -201,6 +208,7 @@ class nova::compute::libvirt (
201 208
   $nfs_mount_options                          = $::os_service_default,
202 209
   $mem_stats_period_seconds                   = $::os_service_default,
203 210
   $log_filters                                = undef,
211
+  $tls_priority                               = undef,
204 212
 ) inherits nova::params {
205 213
 
206 214
   include ::nova::deps
@@ -243,6 +251,12 @@ class nova::compute::libvirt (
243 251
     }
244 252
   }
245 253
 
254
+  if $tls_priority {
255
+    libvirtd_config {
256
+      'tls_priority': value => "\"${tls_priority}\"";
257
+    }
258
+  }
259
+
246 260
   unless $rx_queue_size == $::os_service_default or $rx_queue_size in [256, 512, 1024] {
247 261
     fail("Invalid rx_queue_size parameter: ${rx_queue_size}")
248 262
   }

+ 8
- 0
releasenotes/notes/libvirtd_tls_priority-1e66515aa1da7977.yaml View File

@@ -0,0 +1,8 @@
1
+---
2
+features:
3
+  - |
4
+    Add tls_priority parameter to nova::compute::libvirt class
5
+    to override the compile time default TLS priority string. The
6
+    default is usually "NORMAL" unless overridden at build time.
7
+    Only set this if it is desired for libvirt to deviate from
8
+    the global default settings.

+ 3
- 0
spec/classes/nova_compute_libvirt_spec.rb View File

@@ -68,6 +68,7 @@ describe 'nova::compute::libvirt' do
68 68
       it { is_expected.to contain_nova_config('libvirt/nfs_mount_options').with_ensure('<SERVICE DEFAULT>')}
69 69
       it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value('<SERVICE DEFAULT>')}
70 70
       it { is_expected.to contain_libvirtd_config('log_filters').with_ensure('absent')}
71
+      it { is_expected.to contain_libvirtd_config('tls_priority').with_ensure('absent')}
71 72
     end
72 73
 
73 74
     describe 'with params' do
@@ -98,6 +99,7 @@ describe 'nova::compute::libvirt' do
98 99
           :nfs_mount_options                          => 'rw,intr,nolock',
99 100
           :mem_stats_period_seconds                   => 20,
100 101
           :log_filters                                => '1:qemu',
102
+          :tls_priority                               => 'NORMAL:-VERS-SSL3.0',
101 103
         }
102 104
       end
103 105
 
@@ -127,6 +129,7 @@ describe 'nova::compute::libvirt' do
127 129
       it { is_expected.to contain_nova_config('libvirt/nfs_mount_options').with_value('rw,intr,nolock')}
128 130
       it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value(20)}
129 131
       it { is_expected.to contain_libvirtd_config('log_filters').with_value("\"#{params[:log_filters]}\"")}
132
+      it { is_expected.to contain_libvirtd_config('tls_priority').with_value("\"#{params[:tls_priority]}\"")}
130 133
       it {
131 134
         is_expected.to contain_service('libvirt').with(
132 135
           :name     => 'custom_service',

Loading…
Cancel
Save