summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-08-14 23:01:54 +0000
committerGerrit Code Review <review@openstack.org>2017-08-14 23:01:54 +0000
commitadf6802f91986e33e9d6c5e710aca01db674dc40 (patch)
tree4a5c8f0b7529e09ec66113b865bd7a052493d984
parent8505a2dc0edeb4da8c02d68c7229c36800392cca (diff)
parent5ae3fab74381403cc76525ba3ff63a60836c17c1 (diff)
Merge "Fix legacy nova/cinder encryption key manager configuration"
-rw-r--r--manifests/profile/base/cinder/api.pp11
-rw-r--r--manifests/profile/base/nova/compute.pp11
-rw-r--r--spec/classes/tripleo_profile_base_cinder_api_spec.rb14
-rw-r--r--spec/classes/tripleo_profile_base_nova_compute_spec.rb14
-rw-r--r--spec/fixtures/hieradata/step4.yaml3
5 files changed, 46 insertions, 7 deletions
diff --git a/manifests/profile/base/cinder/api.pp b/manifests/profile/base/cinder/api.pp
index 54880ad..892e4ed 100644
--- a/manifests/profile/base/cinder/api.pp
+++ b/manifests/profile/base/cinder/api.pp
@@ -43,6 +43,12 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
+# [*keymgr_api_class*]
+# (Optional) The encryption key manager API class. The default value
+# ensures Cinder's legacy key manager is enabled when no hiera value is
+# specified.
+# Defaults to hiera('cinder::api::keymgr_api_class', 'cinder.keymgr.conf_key_mgr.ConfKeyManager')
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@@ -53,6 +59,7 @@ class tripleo::profile::base::cinder::api (
$certificates_specs = hiera('apache_certificates_specs', {}),
$cinder_api_network = hiera('cinder_api_network', undef),
$enable_internal_tls = hiera('enable_internal_tls', false),
+ $keymgr_api_class = hiera('cinder::api::keymgr_api_class', 'cinder.keymgr.conf_key_mgr.ConfKeyManager'),
$step = Integer(hiera('step')),
) {
if $::hostname == downcase($bootstrap_node) {
@@ -75,7 +82,9 @@ class tripleo::profile::base::cinder::api (
}
if $step >= 4 or ($step >= 3 and $sync_db) {
- include ::cinder::api
+ class { '::cinder::api':
+ keymgr_api_class => $keymgr_api_class,
+ }
include ::apache::mod::ssl
class { '::cinder::wsgi::apache':
ssl_cert => $tls_certfile,
diff --git a/manifests/profile/base/nova/compute.pp b/manifests/profile/base/nova/compute.pp
index 3eae880..a9a1f94 100644
--- a/manifests/profile/base/nova/compute.pp
+++ b/manifests/profile/base/nova/compute.pp
@@ -27,9 +27,16 @@
# (Optional) Whether or not Cinder is backed by NFS.
# Defaults to hiera('cinder_enable_nfs_backend', false)
#
+# [*keymgr_api_class*]
+# (Optional) The encryption key manager API class. The default value
+# ensures Nova's legacy key manager is enabled when no hiera value is
+# specified.
+# Defaults to hiera('nova::compute::keymgr_api_class', 'nova.keymgr.conf_key_mgr.ConfKeyManager')
+#
class tripleo::profile::base::nova::compute (
$step = Integer(hiera('step')),
$cinder_nfs_backend = hiera('cinder_enable_nfs_backend', false),
+ $keymgr_api_class = hiera('nova::compute::keymgr_api_class', 'nova.keymgr.conf_key_mgr.ConfKeyManager'),
) {
if $step >= 4 {
@@ -37,7 +44,9 @@ class tripleo::profile::base::nova::compute (
include ::tripleo::profile::base::nova
# deploy basic bits for nova-compute
- include ::nova::compute
+ class { '::nova::compute':
+ keymgr_api_class => $keymgr_api_class,
+ }
# If Service['nova-conductor'] is in catalog, make sure we start it
# before nova-compute.
Service<| title == 'nova-conductor' |> -> Service['nova-compute']
diff --git a/spec/classes/tripleo_profile_base_cinder_api_spec.rb b/spec/classes/tripleo_profile_base_cinder_api_spec.rb
index 03e2fd0..b9a9854 100644
--- a/spec/classes/tripleo_profile_base_cinder_api_spec.rb
+++ b/spec/classes/tripleo_profile_base_cinder_api_spec.rb
@@ -18,6 +18,10 @@ require 'spec_helper'
describe 'tripleo::profile::base::cinder::api' do
shared_examples_for 'tripleo::profile::base::cinder::api' do
+ before :each do
+ facts.merge!({ :step => params[:step] })
+ end
+
let(:pre_condition) do
"class { '::tripleo::profile::base::cinder': step => #{params[:step]}, oslomsg_rpc_hosts => ['127.0.0.1'] }"
end
@@ -40,7 +44,10 @@ describe 'tripleo::profile::base::cinder::api' do
} }
it 'should trigger complete configuration' do
- is_expected.to contain_class('cinder::api')
+ is_expected.to contain_class('cinder::api').with(
+ # Verify legacy key manager is enabled when none is set in hiera.
+ :keymgr_api_class => 'cinder.keymgr.conf_key_mgr.ConfKeyManager',
+ )
is_expected.to contain_class('cinder::ceilometer')
end
end
@@ -63,7 +70,10 @@ describe 'tripleo::profile::base::cinder::api' do
} }
it 'should trigger complete configuration' do
- is_expected.to contain_class('cinder::api')
+ is_expected.to contain_class('cinder::api').with(
+ # Verify proper key manager is enabled when value is set in hiera.
+ :keymgr_api_class => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
+ )
is_expected.to contain_class('cinder::ceilometer')
end
end
diff --git a/spec/classes/tripleo_profile_base_nova_compute_spec.rb b/spec/classes/tripleo_profile_base_nova_compute_spec.rb
index b3959c4..22881ac 100644
--- a/spec/classes/tripleo_profile_base_nova_compute_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_compute_spec.rb
@@ -18,12 +18,19 @@ require 'spec_helper'
describe 'tripleo::profile::base::nova::compute' do
shared_examples_for 'tripleo::profile::base::nova::compute' do
+ before :each do
+ facts.merge!({ :step => params[:step] })
+ end
context 'with step less than 5' do
let(:params) { { :step => 1, } }
it {
- is_expected.to contain_class('tripleo::profile::base::nova::compute')
+ is_expected.to contain_class('tripleo::profile::base::nova::compute').with(
+ # Verify legacy key manager is enabled when none is set in hiera.
+ :keymgr_api_class => 'nova.keymgr.conf_key_mgr.ConfKeyManager',
+ )
+
is_expected.to_not contain_class('tripleo::profile::base::nova')
is_expected.to_not contain_class('nova::compute')
is_expected.to_not contain_class('nova::network::neutron')
@@ -50,7 +57,10 @@ eos
let(:params) { { :step => 4, } }
it {
- is_expected.to contain_class('tripleo::profile::base::nova::compute')
+ is_expected.to contain_class('tripleo::profile::base::nova::compute').with(
+ # Verify proper key manager is enabled when value is set in hiera.
+ :keymgr_api_class => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
+ )
is_expected.to contain_class('tripleo::profile::base::nova')
is_expected.to contain_class('tripleo::profile::base::nova')
is_expected.to contain_class('nova::compute')
diff --git a/spec/fixtures/hieradata/step4.yaml b/spec/fixtures/hieradata/step4.yaml
index 0b53225..fd24beb 100644
--- a/spec/fixtures/hieradata/step4.yaml
+++ b/spec/fixtures/hieradata/step4.yaml
@@ -1,9 +1,10 @@
---
step: 4
+cinder::api::keymgr_api_class: 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager'
+nova::compute::keymgr_api_class: 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager'
# items needed for tripleo::profile::base::cinder::volume
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: '127.0.0.1'
tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers:
- '127.0.0.1'
cinder::backend::eqlx::eqlx_chap_login: 'user'
cinder::backend::eqlx::eqlx_chap_password: 'user'
-