From 2aab6971ba06b4dcaeb1b2928943f7dc03b133dd Mon Sep 17 00:00:00 2001
From: Oliver Walsh <owalsh@redhat.com>
Date: Thu, 16 Nov 2017 01:27:03 +0000
Subject: [PATCH] Re-enable libvirt TLS with SCRAM SHA-1 auth

Depends-On: Ic9335829fe39eaf4e76385f651a77b293793571a
Depends-On: I137040560b3c40fedff6feffb40125b1d1451cb6
Change-Id: I3c2a7921426bcd99d6340a913787edfb9bbd8bbd
Closes-bug: 1732479
---
 docker/services/nova-libvirt.yaml | 18 +++++++++---------
 puppet/services/nova-libvirt.yaml | 21 +++++++++++++--------
 2 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index 96fdda49b5..c617e33cdc 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -71,14 +71,14 @@ parameters:
 
 conditions:
 
-  use_tls_for_live_migration: false
-  # and:
-  # - equals:
-  #   - {get_param: EnableInternalTLS}
-  #   - true
-  # - equals:
-  #   - {get_param: UseTLSTransportForLiveMigration}
-  #   - true
+  use_tls_for_live_migration:
+    and:
+    - equals:
+      - {get_param: EnableInternalTLS}
+      - true
+    - equals:
+      - {get_param: UseTLSTransportForLiveMigration}
+      - true
 
   need_libvirt_secret:
     or:
@@ -125,7 +125,7 @@ outputs:
       logging_groups: {get_attr: [NovaLibvirtBase, role_data, logging_groups]}
       puppet_config:
         config_volume: nova_libvirt
-        puppet_tags: libvirtd_config,nova_config,file
+        puppet_tags: libvirtd_config,nova_config,file,libvirt_tls_password
         step_config:
           list_join:
             - "\n"
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index 38608bf498..125241eec6 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -98,17 +98,21 @@ parameters:
     default: 2022
     description: Target port for migration over ssh
     type: number
+  LibvirtTLSPassword:
+    description: The password for the libvirt service when TLS is enabled
+    type: string
+    hidden: true
 
 conditions:
 
-  use_tls_for_live_migration: false
-  # and:
-  # - equals:
-  #   - {get_param: EnableInternalTLS}
-  #   - true
-  # - equals:
-  #   - {get_param: UseTLSTransportForLiveMigration}
-  #   - true
+  use_tls_for_live_migration:
+    and:
+    - equals:
+      - {get_param: EnableInternalTLS}
+      - true
+    - equals:
+      - {get_param: UseTLSTransportForLiveMigration}
+      - true
 
   libvirt_specific_ca_unset:
     equals:
@@ -171,6 +175,7 @@ outputs:
               -
                 generate_service_certificates: true
                 tripleo::profile::base::nova::migration::client::libvirt_tls: true
+                tripleo::profile::base::nova::libvirt::tls_password: {get_param: [LibvirtTLSPassword]}
                 nova::migration::libvirt::listen_address:
                   get_param: [ServiceNetMap, NovaLibvirtNetwork]
                 nova::migration::libvirt::live_migration_inbound_addr: