aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Polenchuk <mpolenchuk@mirantis.com>2018-08-21 11:32:49 +0400
committerMichael Polenchuk <mpolenchuk@mirantis.com>2018-08-21 11:36:11 +0400
commitffa4498b48cd2a07e9d3ed4ae13ce12bd2e2d231 (patch)
treeb5c895f5a0646dbd93ed58836ecddf21400189e8
parent7ad4626d7687bdae85e95467d2f1f3962d63d415 (diff)
Turn off glance signatures verification
Change-Id: I61ee8e19e783437dce7a9ddd666cd60e9d22a2e1 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
-rw-r--r--mcp/patches/0016-Disable-glance-signature-verification.patch36
-rw-r--r--mcp/patches/patches.list1
-rw-r--r--mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml2
-rw-r--r--mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute.yml2
4 files changed, 4 insertions, 37 deletions
diff --git a/mcp/patches/0016-Disable-glance-signature-verification.patch b/mcp/patches/0016-Disable-glance-signature-verification.patch
deleted file mode 100644
index 55f641800..000000000
--- a/mcp/patches/0016-Disable-glance-signature-verification.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-: Copyright (c) 2018 Mirantis Inc., Enea AB and others.
-:
-: All rights reserved. This program and the accompanying materials
-: are made available under the terms of the Apache License, Version 2.0
-: which accompanies this distribution, and is available at
-: http://www.apache.org/licenses/LICENSE-2.0
-::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-From: Delia Popescu <delia.popescu@enea.com>
-Date: Mon, 6 Aug 2018 17:09:14 +0300
-Subject: [PATCH] Disable glance signature verification
-
-Disable glance signature verification if barbican
-integration is enabled on compute nodes
-
-Signed-off-by: Delia Popescu <delia.popescu@enea.com>
----
- nova/files/queens/nova-compute.conf.Debian | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/nova/files/queens/nova-compute.conf.Debian b/nova/files/queens/nova-compute.conf.Debian
-index d471a264..47a4e890 100644
---- a/nova/files/queens/nova-compute.conf.Debian
-+++ b/nova/files/queens/nova-compute.conf.Debian
-@@ -5447,9 +5447,9 @@ api_servers = {{ compute.image.get('protocol', 'http') }}://{{ compute.image.hos
- # below depend on this option being enabled.
- # (boolean value)
- {%- if compute.get('barbican', {}).get('enabled', False) %}
--verify_glance_signatures=true
-+#verify_glance_signatures=true
- {%- else %}
--#verify_glance_signatures=false
-+verify_glance_signatures=false
- {%- endif %}
-
- # DEPRECATED:
diff --git a/mcp/patches/patches.list b/mcp/patches/patches.list
index 2f9107156..baa15d79d 100644
--- a/mcp/patches/patches.list
+++ b/mcp/patches/patches.list
@@ -10,4 +10,3 @@
/usr/share/salt-formulas/env: 0010-maas-region-allow-timeout-override.patch
/usr/share/salt-formulas/env: 0011-system.repo-Debian-Add-keyserver-proxy-support.patch
/usr/share/salt-formulas/env: 0015-Set-ovs-bridges-as-L3-interfaces.patch
-/usr/share/salt-formulas/env: 0016-Disable-glance-signature-verification.patch
diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml
index 76573c0ea..9caea0d0f 100644
--- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml
+++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml
@@ -80,3 +80,5 @@ parameters:
preallocate_images: space
barbican:
enabled: ${_param:barbican_integration_enabled}
+ image:
+ verify_glance_signatures: false
diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute.yml b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute.yml
index 5c9c16d6b..0409974ba 100644
--- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute.yml
+++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute.yml
@@ -37,6 +37,8 @@ parameters:
password: ${_param:keystone_neutron_password}
barbican:
enabled: ${_param:barbican_integration_enabled}
+ image:
+ verify_glance_signatures: false
neutron:
compute:
notification: true