Add attributes for ssl_only, cert and key

Add some basic attributes for vnc support. Change-Id: I7ddb7854e0ce2ea1890d82958d4575407be06c01 Closes-bug: #1370592
2014-09-17 11:24:20 -05:00 · 2014-09-17 11:24:20 -05:00 · c8c7a6e561
parent 1462c1f52f
commit c8c7a6e561
5 changed files with 26 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -11,6 +11,8 @@ This file is used to list changes made in each version of cookbook-openstack-com
 * Update nova.conf mode from 644 to 640
 * Add support vnc_keymap from attribute ( default: en-us )

+* Add vnc attributes for ssl_only, cert and key
+
 ## 9.3.1
 * Move auth configuration from api-paste.ini to nova.conf
 * fix fauxhai version for suse and redhat
--- a/README.md
+++ b/README.md
@ -113,6 +113,9 @@ Openstack Compute attributes are in the attribute namespace ["openstack"]["compu
 * `openstack['compute']['use_cow_images'] = Whether to use cow images
 * `openstack['compute']['vif_plugging_is_fatal'] = Fail instance boot if vif plugging fails
 * `openstack['compute']['vif_plugging_timeout'] = Number of seconds to wait for neutron vif plugging events to arrive before continuing or failing
+* `openstack['compute']['ssl_only'] = Disallow non-encrypted connections
+* `openstack['compute']['cert'] = SSL certificate file
+* `openstack['compute']['key'] = SSL key file (if separate from cert)
 * `openstack["compute"]["compute"]["api"]["protocol"]` - Protocol used for the OS API
 * `openstack["compute"]["compute"]["api"]["port"]` - Port on which OS API runs
 * `openstack["compute"]["compute"]["api"]["version"]` - Version of the OS API used
--- a/attributes/default.rb
+++ b/attributes/default.rb
@ -42,6 +42,15 @@ default['openstack']['compute']['identity_service_chef_role'] = 'os-identity'
 # The dnsmasq config file path
 default['openstack']['compute']['dnsmasq_config_file'] = ''

+# Disallow non-encrypted connections
+default['openstack']['compute']['ssl_only'] = false
+
+# SSL certificate file
+default['openstack']['compute']['cert'] = 'self.pem'
+
+# SSL key file (if separate from cert)
+default['openstack']['compute']['key'] = ''
+
 # Common rpc definitions
 default['openstack']['compute']['rpc_thread_pool_size'] = 64
 default['openstack']['compute']['rpc_conn_pool_size'] = 30
--- a/spec/nova-common_spec.rb
+++ b/spec/nova-common_spec.rb
@ -91,6 +91,14 @@ describe 'openstack-compute::nova-common' do
        end
      end

+      it 'has default ssl options set' do
+        %W(ssl_only=false
+           cert=self.pem
+           key=).each do |line|
+          expect(chef_run).to render_file(file.name).with_content(/^#{line}$/)
+        end
+      end
+
      it 'has default quota options set' do
        [/^quota_driver=nova.quota.DbQuotaDriver$/,
         /^quota_security_groups=50$/,
--- a/templates/default/nova.conf.erb
+++ b/templates/default/nova.conf.erb
@ -18,6 +18,10 @@ instance_name_template=<%= node["openstack"]["compute"]["instance_name_template"
 network_allocate_retries=<%= node['openstack']['compute']['network_allocate_retries'] %>
 lock_path=<%= node["openstack"]["compute"]["lock_path"] %>

+ssl_only=<%= node['openstack']['compute']['ssl_only'] %>
+cert=<%= node['openstack']['compute']['cert'] %>
+key=<%= node['openstack']['compute']['key'] %>
+
 # Command prefix to use for running commands as root (default: sudo)
 rootwrap_config=/etc/nova/rootwrap.conf