diff options
| author |   Michael Polenchuk <mpolenchuk@mirantis.com> | 2018-08-21 11:32:49 +0400 |
|---|---|---|
| committer | Michael Polenchuk <mpolenchuk@mirantis.com> | 2018-08-21 11:36:11 +0400 |
| commit | ffa4498b48cd2a07e9d3ed4ae13ce12bd2e2d231 (patch) | |
| tree | b5c895f5a0646dbd93ed58836ecddf21400189e8 | |
| parent | 7ad4626d7687bdae85e95467d2f1f3962d63d415 (diff) | |
Turn off glance signatures verification
Change-Id: I61ee8e19e783437dce7a9ddd666cd60e9d22a2e1
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
4 files changed, 4 insertions, 37 deletions
diff --git a/mcp/patches/0016-Disable-glance-signature-verification.patch b/mcp/patches/0016-Disable-glance-signature-verification.patch deleted file mode 100644 index 55f641800..000000000 --- a/mcp/patches/0016-Disable-glance-signature-verification.patch +++ /dev/null @@ -1,36 +0,0 @@ -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -: Copyright (c) 2018 Mirantis Inc., Enea AB and others. -: -: All rights reserved. This program and the accompanying materials -: are made available under the terms of the Apache License, Version 2.0 -: which accompanies this distribution, and is available at -: http://www.apache.org/licenses/LICENSE-2.0 -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -From: Delia Popescu <delia.popescu@enea.com> -Date: Mon, 6 Aug 2018 17:09:14 +0300 -Subject: [PATCH] Disable glance signature verification - -Disable glance signature verification if barbican -integration is enabled on compute nodes - -Signed-off-by: Delia Popescu <delia.popescu@enea.com> ---- - nova/files/queens/nova-compute.conf.Debian | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/nova/files/queens/nova-compute.conf.Debian b/nova/files/queens/nova-compute.conf.Debian -index d471a264..47a4e890 100644 ---- a/nova/files/queens/nova-compute.conf.Debian -+++ b/nova/files/queens/nova-compute.conf.Debian -@@ -5447,9 +5447,9 @@ api_servers = {{ compute.image.get('protocol', 'http') }}://{{ compute.image.hos - # below depend on this option being enabled. - # (boolean value) - {%- if compute.get('barbican', {}).get('enabled', False) %} --verify_glance_signatures=true -+#verify_glance_signatures=true - {%- else %} --#verify_glance_signatures=false -+verify_glance_signatures=false - {%- endif %} - - # DEPRECATED: diff --git a/mcp/patches/patches.list b/mcp/patches/patches.list index 2f9107156..baa15d79d 100644 --- a/mcp/patches/patches.list +++ b/mcp/patches/patches.list @@ -10,4 +10,3 @@ /usr/share/salt-formulas/env: 0010-maas-region-allow-timeout-override.patch /usr/share/salt-formulas/env: 0011-system.repo-Debian-Add-keyserver-proxy-support.patch /usr/share/salt-formulas/env: 0015-Set-ovs-bridges-as-L3-interfaces.patch -/usr/share/salt-formulas/env: 0016-Disable-glance-signature-verification.patch diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml index 76573c0ea..9caea0d0f 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml @@ -80,3 +80,5 @@ parameters: preallocate_images: space barbican: enabled: ${_param:barbican_integration_enabled} + image: + verify_glance_signatures: false diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute.yml b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute.yml index 5c9c16d6b..0409974ba 100644 --- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute.yml +++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute.yml @@ -37,6 +37,8 @@ parameters: password: ${_param:keystone_neutron_password} barbican: enabled: ${_param:barbican_integration_enabled} + image: + verify_glance_signatures: false neutron: compute: notification: true |