Add necessary parameters for encrypted volumes support

If barbican is set, it will configure cinder and nova-compute with the necessary parameters to enable encrypted volumes to be created if requested. Change-Id: Id13811cf8e090706c590ffff46c237ff8131efd9
2016-11-16 10:20:46 +02:00 · 2016-11-16 10:20:46 +02:00 · 583e052df6
commit 583e052df6
parent 80187a2e19
1 changed files with 14 additions and 0 deletions
--- a/puppet/services/barbican-api.yaml
+++ b/puppet/services/barbican-api.yaml
@ -128,3 +128,17 @@ outputs:
          barbican::keystone::auth::password: {get_param: BarbicanPassword}
          barbican::keystone::auth::region: {get_param: KeystoneRegion}
          barbican::keystone::auth::tenant: 'service'
+        nova_compute:
+          nova::compute::keymgr_api_class: >
+            castellan.key_manager.barbican_key_manager.BarbicanKeyManager
+          nova::compute::barbican_endpoint:
+            get_param: [EndpointMap, BarbicanInternal, uri]
+          nova::compute::barbican_auth_endpoint:
+            get_param: [EndpointMap, KeystoneV3Internal, uri]
+        cinder_api:
+          cinder::api::keymgr_api_class: >
+            castellan.key_manager.barbican_key_manager.BarbicanKeyManager
+          cinder::api::keymgr_encryption_api_url:
+            get_param: [EndpointMap, BarbicanInternal, uri]
+          cinder::api::keymgr_encryption_auth_url:
+            get_param: [EndpointMap, KeystoneV3Internal, uri]