Add parameters for vTPM feature

Add a single new parameter, NovaEnableVTPM, which will configure vTPM support by setting nova's '[libvirt] swtpm_enabled' config option. We do not yet expose nova's '[libvirt] swtpm_user' and '[libvirt] swtpm_group' options since the Fedora RPM specfile, upon which CentOS' and RHEL's specfiles are based, uses the standard user and group [1]. [1] https://src.fedoraproject.org/rpms/swtpm/blob/master/f/swtpm.spec Change-Id: If90979c4b1bda279eca6dba46e3f53ab402b04c3 Depends-On: https://review.opendev.org/752904 Depends-On: https://review.opendev.org/753586 Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2020-09-18 17:14:39 +01:00 · 2020-09-18 17:14:39 +01:00 · 7ea7c259c4
commit 7ea7c259c4
parent 0ab032550d
2 changed files with 15 additions and 0 deletions
--- a/deployment/nova/nova-compute-container-puppet.yaml
+++ b/deployment/nova/nova-compute-container-puppet.yaml
@ -382,6 +382,14 @@ parameters:
    default: 0.0
    tags:
      - role_specific
+  NovaEnableVTPM:
+    type: boolean
+    description: >
+      Whether to enable support for enumlated Trusted Platform Module (TPM)
+      devices.
+    default: false
+    tags:
+      - role_specific
  NovaMaxDiskDevicesToAttach:
    type: number
    description: >
@ -543,6 +551,7 @@ resources:
              nova::compute::libvirt::pmem_namespaces: NovaPMEMMappings
              nova_pmem_namespaces: NovaPMEMNamespaces
              nova::compute::libvirt::remove_unused_original_minimum_age_seconds: NovaImageCacheTTL
+              nova::compute::libvirt::swtpm_enabled: NovaEnableVTPM
              nova::compute::vgpu::vgpu_types_device_addresses_mapping: NovaVGPUTypesDeviceAddressesMapping
            - values: {get_param: [RoleParameters]}
          - values:
@ -615,6 +624,7 @@ resources:
              NovaCPUAllocationRatio: {get_param: NovaCPUAllocationRatio}
              NovaRAMAllocationRatio: {get_param: NovaRAMAllocationRatio}
              NovaDiskAllocationRatio: {get_param: NovaDiskAllocationRatio}
+              NovaEnableVTPM: {get_param: NovaEnableVTPM}
              NovaMaxDiskDevicesToAttach: {get_param: NovaMaxDiskDevicesToAttach}
              NovaPMEMMappings: {get_param: NovaPMEMMappings}
              NovaPMEMNamespaces: {get_param: NovaPMEMNamespaces}
--- a/releasenotes/notes/nova-enable_vtpm-b24db74522c8a2eb.yaml
+++ b/releasenotes/notes/nova-enable_vtpm-b24db74522c8a2eb.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+    A new parameter, ``NovaEnableVTPM``, can be used to enable vTPM support in
+    Nova.