From 5ae3fab74381403cc76525ba3ff63a60836c17c1 Mon Sep 17 00:00:00 2001 From: Alan Bishop Date: Fri, 28 Jul 2017 10:30:27 -0400 Subject: Fix legacy nova/cinder encryption key manager configuration Recent changes in Nova [0] and Cinder [1] result in Barbican being selected as the default encryption key manager, even when TripleO is not deploying Barbican. This change ensures the legacy key manager is enabled when no key manager (such as Barbican) has been specified. This restores the previous behavior, where the legacy key manager was enabled by default. [0] https://review.openstack.org/484501 [1] https://review.openstack.org/485322 Closes-Bug: #1706389 Change-Id: Idc92f7a77cde757538eaac51c4ad8dc397f9c3d3 --- spec/classes/tripleo_profile_base_cinder_api_spec.rb | 14 ++++++++++++-- spec/classes/tripleo_profile_base_nova_compute_spec.rb | 14 ++++++++++++-- spec/fixtures/hieradata/step4.yaml | 3 ++- 3 files changed, 26 insertions(+), 5 deletions(-) (limited to 'spec') diff --git a/spec/classes/tripleo_profile_base_cinder_api_spec.rb b/spec/classes/tripleo_profile_base_cinder_api_spec.rb index 03e2fd0..b9a9854 100644 --- a/spec/classes/tripleo_profile_base_cinder_api_spec.rb +++ b/spec/classes/tripleo_profile_base_cinder_api_spec.rb @@ -18,6 +18,10 @@ require 'spec_helper' describe 'tripleo::profile::base::cinder::api' do shared_examples_for 'tripleo::profile::base::cinder::api' do + before :each do + facts.merge!({ :step => params[:step] }) + end + let(:pre_condition) do "class { '::tripleo::profile::base::cinder': step => #{params[:step]}, oslomsg_rpc_hosts => ['127.0.0.1'] }" end @@ -40,7 +44,10 @@ describe 'tripleo::profile::base::cinder::api' do } } it 'should trigger complete configuration' do - is_expected.to contain_class('cinder::api') + is_expected.to contain_class('cinder::api').with( + # Verify legacy key manager is enabled when none is set in hiera. + :keymgr_api_class => 'cinder.keymgr.conf_key_mgr.ConfKeyManager', + ) is_expected.to contain_class('cinder::ceilometer') end end @@ -63,7 +70,10 @@ describe 'tripleo::profile::base::cinder::api' do } } it 'should trigger complete configuration' do - is_expected.to contain_class('cinder::api') + is_expected.to contain_class('cinder::api').with( + # Verify proper key manager is enabled when value is set in hiera. + :keymgr_api_class => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager', + ) is_expected.to contain_class('cinder::ceilometer') end end diff --git a/spec/classes/tripleo_profile_base_nova_compute_spec.rb b/spec/classes/tripleo_profile_base_nova_compute_spec.rb index b3959c4..22881ac 100644 --- a/spec/classes/tripleo_profile_base_nova_compute_spec.rb +++ b/spec/classes/tripleo_profile_base_nova_compute_spec.rb @@ -18,12 +18,19 @@ require 'spec_helper' describe 'tripleo::profile::base::nova::compute' do shared_examples_for 'tripleo::profile::base::nova::compute' do + before :each do + facts.merge!({ :step => params[:step] }) + end context 'with step less than 5' do let(:params) { { :step => 1, } } it { - is_expected.to contain_class('tripleo::profile::base::nova::compute') + is_expected.to contain_class('tripleo::profile::base::nova::compute').with( + # Verify legacy key manager is enabled when none is set in hiera. + :keymgr_api_class => 'nova.keymgr.conf_key_mgr.ConfKeyManager', + ) + is_expected.to_not contain_class('tripleo::profile::base::nova') is_expected.to_not contain_class('nova::compute') is_expected.to_not contain_class('nova::network::neutron') @@ -50,7 +57,10 @@ eos let(:params) { { :step => 4, } } it { - is_expected.to contain_class('tripleo::profile::base::nova::compute') + is_expected.to contain_class('tripleo::profile::base::nova::compute').with( + # Verify proper key manager is enabled when value is set in hiera. + :keymgr_api_class => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager', + ) is_expected.to contain_class('tripleo::profile::base::nova') is_expected.to contain_class('tripleo::profile::base::nova') is_expected.to contain_class('nova::compute') diff --git a/spec/fixtures/hieradata/step4.yaml b/spec/fixtures/hieradata/step4.yaml index 0b53225..fd24beb 100644 --- a/spec/fixtures/hieradata/step4.yaml +++ b/spec/fixtures/hieradata/step4.yaml @@ -1,9 +1,10 @@ --- step: 4 +cinder::api::keymgr_api_class: 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager' +nova::compute::keymgr_api_class: 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager' # items needed for tripleo::profile::base::cinder::volume tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: '127.0.0.1' tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: - '127.0.0.1' cinder::backend::eqlx::eqlx_chap_login: 'user' cinder::backend::eqlx::eqlx_chap_password: 'user' - -- cgit 1.2.3-korg