Enable Swift encryption for the containerized undercloud
This adds a new parameter to undercloud.conf for the containerized case. It determines whether or not we should enable Swift Object encryption. If we do enable it, it will add the Barbican service and configure encryption for Swift. Depends-On: I9c5e07a2eb764168670d5de7bdeb4b6362f9bfb5 Change-Id: I7826cc00023e2d24865d752d4c9bbb3cc4c8614f
This commit is contained in:
parent
026601229b
commit
12443e7381
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The option `enable_swift_encryption` was added to the containerized
|
||||||
|
undercloud configuration options (undercloud.conf). If enabled, it will
|
||||||
|
deploy Barbican, which will be used to enable Swift Object encryption.
|
@ -35,8 +35,8 @@ class TestUndercloudInstall(TestPluginV1):
|
|||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestUndercloudInstall, self).setUp()
|
super(TestUndercloudInstall, self).setUp()
|
||||||
|
|
||||||
conf = self.useFixture(oslo_fixture.Config(cfg.CONF))
|
self.conf = self.useFixture(oslo_fixture.Config(cfg.CONF))
|
||||||
conf.config(container_images_file='/home/stack/foo.yaml')
|
self.conf.config(container_images_file='/home/stack/foo.yaml')
|
||||||
# Get the command object to test
|
# Get the command object to test
|
||||||
app_args = mock.Mock()
|
app_args = mock.Mock()
|
||||||
app_args.verbose_level = 1
|
app_args.verbose_level = 1
|
||||||
@ -148,6 +148,57 @@ class TestUndercloudInstall(TestPluginV1):
|
|||||||
'undercloud.yaml', '-e', '/tmp/undercloud_parameters.yaml',
|
'undercloud.yaml', '-e', '/tmp/undercloud_parameters.yaml',
|
||||||
mock.ANY, '--debug'])
|
mock.ANY, '--debug'])
|
||||||
|
|
||||||
|
@mock.patch('subprocess.check_call', autospec=True)
|
||||||
|
def test_undercloud_install_with_swift_encryption(self, mock_subprocess):
|
||||||
|
arglist = ['--use-heat', '--no-validations']
|
||||||
|
verifylist = []
|
||||||
|
self.conf.set_default('enable_swift_encryption', True)
|
||||||
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
|
||||||
|
# DisplayCommandBase.take_action() returns two tuples
|
||||||
|
self.cmd.take_action(parsed_args)
|
||||||
|
|
||||||
|
mock_subprocess.assert_called_with(
|
||||||
|
['sudo', 'openstack', 'undercloud',
|
||||||
|
'deploy', '--local-domain=localdomain',
|
||||||
|
'--local-ip=192.168.24.1/24',
|
||||||
|
'--templates=/usr/share/openstack-tripleo-heat-templates/',
|
||||||
|
'--heat-native', '-e', '/home/stack/foo.yaml', '-e',
|
||||||
|
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||||
|
'services/ironic.yaml',
|
||||||
|
'-e',
|
||||||
|
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||||
|
'services/ironic-inspector.yaml', '-e',
|
||||||
|
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||||
|
'services/mistral.yaml', '-e',
|
||||||
|
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||||
|
'services/zaqar.yaml', '-e',
|
||||||
|
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||||
|
'services/tripleo-ui.yaml', '-e',
|
||||||
|
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||||
|
'services/barbican.yaml', '-e',
|
||||||
|
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||||
|
'barbican-backend-simple-crypto.yaml', '-e',
|
||||||
|
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||||
|
'public-tls-undercloud.yaml',
|
||||||
|
'--public-virtual-ip', '192.168.24.2',
|
||||||
|
'--control-virtual-ip', '192.168.24.3', '-e',
|
||||||
|
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||||
|
'tls-endpoints-public-ip.yaml', '-e',
|
||||||
|
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||||
|
'use-dns-for-vips.yaml', '-e',
|
||||||
|
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||||
|
'services/undercloud-haproxy.yaml', '-e',
|
||||||
|
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||||
|
'services/undercloud-keepalived.yaml', '-e',
|
||||||
|
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||||
|
'docker.yaml', '-e',
|
||||||
|
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||||
|
'config-download-environment.yaml', '-e',
|
||||||
|
'/usr/share/openstack-tripleo-heat-templates/environments/'
|
||||||
|
'undercloud.yaml', '-e', '/tmp/undercloud_parameters.yaml',
|
||||||
|
mock.ANY])
|
||||||
|
|
||||||
|
|
||||||
class TestUndercloudUpgrade(TestPluginV1):
|
class TestUndercloudUpgrade(TestPluginV1):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
|
@ -395,6 +395,9 @@ _opts = [
|
|||||||
cfg.BoolOpt('enable_routed_networks',
|
cfg.BoolOpt('enable_routed_networks',
|
||||||
default=False,
|
default=False,
|
||||||
help=('Enable support for routed ctlplane networks.')),
|
help=('Enable support for routed ctlplane networks.')),
|
||||||
|
cfg.BoolOpt('enable_swift_encryption',
|
||||||
|
default=False,
|
||||||
|
help=('Whether to enable Swift encryption at-rest or not.')),
|
||||||
]
|
]
|
||||||
|
|
||||||
# Routed subnets
|
# Routed subnets
|
||||||
@ -724,6 +727,17 @@ def prepare_undercloud_deploy(upgrade=False, no_validations=False,
|
|||||||
tht_templates,
|
tht_templates,
|
||||||
"environments/services/undercloud-cinder.yaml")]
|
"environments/services/undercloud-cinder.yaml")]
|
||||||
|
|
||||||
|
if CONF.get('enable_swift_encryption'):
|
||||||
|
deploy_args += [
|
||||||
|
'-e', os.path.join(tht_templates,
|
||||||
|
"environments/services/barbican.yaml"),
|
||||||
|
'-e', os.path.join(
|
||||||
|
tht_templates,
|
||||||
|
"environments/barbican-backend-simple-crypto.yaml")
|
||||||
|
]
|
||||||
|
env_data['BarbicanSimpleCryptoGlobalDefault'] = True
|
||||||
|
env_data['SwiftEncryptionEnabled'] = True
|
||||||
|
|
||||||
if CONF.get('generate_service_certificate'):
|
if CONF.get('generate_service_certificate'):
|
||||||
deploy_args += ['-e', os.path.join(
|
deploy_args += ['-e', os.path.join(
|
||||||
tht_templates,
|
tht_templates,
|
||||||
|
Loading…
Reference in New Issue
Block a user