Merge "Add LibvirtTLSPriority to set libvirtd tls_priority" into stable/rocky

2019-08-28 16:54:03 +00:00 · 2019-08-28 16:54:03 +00:00 · e89a6b7f99
parent 377beb051d 9a31aafd33
commit e89a6b7f99
2 changed files with 11 additions and 0 deletions
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@ -136,6 +136,11 @@ parameters:
                 https://libvirt.org/logging.html .
    type: string
    default: '1:libvirt 1:qemu 1:conf 1:security 3:event 3:json 3:file 3:object 1:util'
+  LibvirtTLSPriority:
+    description: >
+      Override the compile time default TLS priority string.
+    type: string
+    default: 'NORMAL:-VERS-SSL3.0:-VERS-TLS-ALL:+VERS-TLS1.2'

 conditions:

@ -240,6 +245,7 @@ outputs:
                generate_service_certificates: true
                tripleo::profile::base::nova::migration::client::libvirt_tls: true
                tripleo::profile::base::nova::libvirt::tls_password: {get_param: [LibvirtTLSPassword]}
+                nova::compute::libvirt::tls_priority: {get_param: LibvirtTLSPriority}
                nova::migration::libvirt::listen_address:
                  str_replace:
                     template:
--- a/releasenotes/notes/nova_libvirtd_tls_priority-d0129f804d7ca847.yaml
+++ b/releasenotes/notes/nova_libvirtd_tls_priority-d0129f804d7ca847.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Adds LibvirtTLSPriority parameter to override the compile time default TLS
+    priority string. Default: 'NORMAL:-VERS-SSL3.0:-VERS-TLS-ALL:+VERS-TLS1.2'