From f16a588ad8d6a6b2753ef1f72943f17afe2aa4ed Mon Sep 17 00:00:00 2001
From: Martin Schuppert <mschuppert@redhat.com>
Date: Fri, 16 Aug 2019 15:52:20 +0200
Subject: [PATCH] Add LibvirtTLSPriority to set libvirtd tls_priority

Adds LibvirtTLSPriority parameter to override the compile time
default TLS priority string.
Default: 'NORMAL:-VERS-SSL3.0:-VERS-TLS-ALL:+VERS-TLS1.2'

Conflicts:
      deployment/nova/nova-libvirt-container-puppet.yaml

Removed the conflict, as this file is not present in Queens
release and corresponding changes are done in
puppet/services/nova-libvirt.yaml file.

Change-Id: Id05c5e88be2d9f90642ed5159cb2db03c997f83a
Closes-Bug: #1840447
(cherry picked from commit 56ccd717d48aca2d3138c1f4416baa72d3655216)
(cherry picked from commit 393f43a664b16fe284b54c75320a2c7f09d18579)
(cherry picked from commit 9a31aafd33da991a9ea5d8b1cc70f6151ce06255)
---
 puppet/services/nova-libvirt.yaml                           | 6 ++++++
 .../notes/nova_libvirtd_tls_priority-d0129f804d7ca847.yaml  | 5 +++++
 2 files changed, 11 insertions(+)
 create mode 100644 releasenotes/notes/nova_libvirtd_tls_priority-d0129f804d7ca847.yaml

diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index 339b1381bd..dc34bc5370 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -136,6 +136,11 @@ parameters:
                  https://libvirt.org/logging.html .
     type: string
     default: '1:libvirt 1:qemu 1:conf 1:security 3:event 3:json 3:file 3:object 1:util'
+  LibvirtTLSPriority:
+    description: >
+      Override the compile time default TLS priority string.
+    type: string
+    default: 'NORMAL:-VERS-SSL3.0:-VERS-TLS-ALL:+VERS-TLS1.2'
 
 conditions:
 
@@ -240,6 +245,7 @@ outputs:
                 generate_service_certificates: true
                 tripleo::profile::base::nova::migration::client::libvirt_tls: true
                 tripleo::profile::base::nova::libvirt::tls_password: {get_param: [LibvirtTLSPassword]}
+                nova::compute::libvirt::tls_priority: {get_param: LibvirtTLSPriority}
                 nova::migration::libvirt::listen_address:
                   str_replace:
                      template:
diff --git a/releasenotes/notes/nova_libvirtd_tls_priority-d0129f804d7ca847.yaml b/releasenotes/notes/nova_libvirtd_tls_priority-d0129f804d7ca847.yaml
new file mode 100644
index 0000000000..de76d139d2
--- /dev/null
+++ b/releasenotes/notes/nova_libvirtd_tls_priority-d0129f804d7ca847.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Adds LibvirtTLSPriority parameter to override the compile time default TLS
+    priority string. Default: 'NORMAL:-VERS-SSL3.0:-VERS-TLS-ALL:+VERS-TLS1.2'