Adds tls_priority parameter to nova::compute::libvirt

Override the compile time default TLS priority string. The
default is usually "NORMAL" unless overridden at build time.
Only set this if it is desired for libvirt to deviate from
the global default settings.

Change-Id: I221d48ba720e8ad820050fb5f735cd20d75f2f7a
Related-Bug: #1840447
(cherry picked from commit 7f9c58f86c)
(cherry picked from commit b28b01a01f)

manifests/compute/libvirt.pp

@@ -169,6 +169,13 @@
 #   https://libvirt.org/logging.html
 #   Defaults to undef
 #
+# [*tls_priority*]
+#   (optional) Override the compile time default TLS priority string. The
+#   default is usually "NORMAL" unless overridden at build time.
+#   Only set this if it is desired for libvirt to deviate from
+#   the global default settings.
+#   Defaults to undef
+#
 class nova::compute::libvirt (
   $ensure_package                             = 'present',
   $libvirt_virt_type                          = 'kvm',
@@ -201,6 +208,7 @@ class nova::compute::libvirt (
   $nfs_mount_options                          = $::os_service_default,
   $mem_stats_period_seconds                   = $::os_service_default,
   $log_filters                                = undef,
+  $tls_priority                               = undef,
 ) inherits nova::params {
 
   include ::nova::deps
@@ -243,6 +251,12 @@ class nova::compute::libvirt (
     }
   }
 
+  if $tls_priority {
+    libvirtd_config {
+      'tls_priority': value => "\"${tls_priority}\"";
+    }
+  }
+
   unless $rx_queue_size == $::os_service_default or $rx_queue_size in [256, 512, 1024] {
     fail("Invalid rx_queue_size parameter: ${rx_queue_size}")
   }

releasenotes/notes/libvirtd_tls_priority-1e66515aa1da7977.yaml

@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    Add tls_priority parameter to nova::compute::libvirt class
+    to override the compile time default TLS priority string. The
+    default is usually "NORMAL" unless overridden at build time.
+    Only set this if it is desired for libvirt to deviate from
+    the global default settings.

spec/classes/nova_compute_libvirt_spec.rb

@@ -68,6 +68,7 @@ describe 'nova::compute::libvirt' do
       it { is_expected.to contain_nova_config('libvirt/nfs_mount_options').with_ensure('<SERVICE DEFAULT>')}
       it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value('<SERVICE DEFAULT>')}
       it { is_expected.to contain_libvirtd_config('log_filters').with_ensure('absent')}
+      it { is_expected.to contain_libvirtd_config('tls_priority').with_ensure('absent')}
     end
 
     describe 'with params' do
@@ -98,6 +99,7 @@ describe 'nova::compute::libvirt' do
           :nfs_mount_options                          => 'rw,intr,nolock',
           :mem_stats_period_seconds                   => 20,
           :log_filters                                => '1:qemu',
+          :tls_priority                               => 'NORMAL:-VERS-SSL3.0',
         }
       end
 
@@ -127,6 +129,7 @@ describe 'nova::compute::libvirt' do
       it { is_expected.to contain_nova_config('libvirt/nfs_mount_options').with_value('rw,intr,nolock')}
       it { is_expected.to contain_nova_config('libvirt/mem_stats_period_seconds').with_value(20)}
       it { is_expected.to contain_libvirtd_config('log_filters').with_value("\"#{params[:log_filters]}\"")}
+      it { is_expected.to contain_libvirtd_config('tls_priority').with_value("\"#{params[:tls_priority]}\"")}
       it {
         is_expected.to contain_service('libvirt').with(
           :name     => 'custom_service',