summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorXiaoPei Liu <liuxpei@cn.ibm.com>2015-06-24 11:28:28 +0800
committerXiaoPei Liu <liuxpei@cn.ibm.com>2015-06-26 11:17:25 +0800
commit5140ba531dcb0368b141813aa6cc88ead5de6387 (patch)
treebd7b15a49011da922143c87ff679279440f9a497
parent7386afb7c063cefdbd455b6dea9844516932a667 (diff)
Allow fixed_key to be configurable in cookbook
The fixed_key attribute should be added in cookbook for volume encryption Change-Id: I83f697fde32bf1ccaaa3187936c664c61b1e7af9 Closes-Bug: 1467797
Notes
Notes (review): Verified+2: Jenkins Code-Review+2: Ma Wen Cheng <wenchma@cn.ibm.com> Workflow+1: JJ Asghar <jj@getchef.com> Submitted-by: Jenkins Submitted-at: Fri, 26 Jun 2015 05:39:51 +0000 Reviewed-on: https://review.openstack.org/194924 Project: openstack/cookbook-openstack-block-storage Branch: refs/heads/master
-rw-r--r--README.md4
-rw-r--r--attributes/default.rb6
-rw-r--r--spec/cinder_common_spec.rb14
-rw-r--r--templates/default/cinder.conf.erb18
4 files changed, 42 insertions, 0 deletions
diff --git a/README.md b/README.md
index 9dd4338..9149668 100644
--- a/README.md
+++ b/README.md
@@ -232,6 +232,10 @@ The following attributes are defined in attributes/default.rb of the common cook
232* `openstack['block-storage']['backup']['swift']['retry_backoff']` - The backoff time in seconds between Swift retries. 232* `openstack['block-storage']['backup']['swift']['retry_backoff']` - The backoff time in seconds between Swift retries.
233* `openstack['block-storage']['backup']['swift']['enable_progress_timer']` - Enable or Disable the timer to send the periodic progress notifications to Ceilometer when backing up the volume to the Swift backend storage. 233* `openstack['block-storage']['backup']['swift']['enable_progress_timer']` - Enable or Disable the timer to send the periodic progress notifications to Ceilometer when backing up the volume to the Swift backend storage.
234 234
235### Keymgr configuration attributes ###
236* `openstack['block-storage']['keymgr']['api_class']` - The key manager api class to use.
237* `openstack['block-storage']['keymgr']['fixed_key']` - The fixed key returned by key manager, specified in hex (string value).
238
235If the value of the 'bind_interface' attribute is non-nil, then the block-storage service will be bound to the first IP address on that interface. If the value of the 'bind_interface' attribute is nil, then the block-storage service will be bound to the IP address specified in the host attribute. 239If the value of the 'bind_interface' attribute is non-nil, then the block-storage service will be bound to the first IP address on that interface. If the value of the 'bind_interface' attribute is nil, then the block-storage service will be bound to the IP address specified in the host attribute.
236 240
237Testing 241Testing
diff --git a/attributes/default.rb b/attributes/default.rb
index cb449c5..714b1c2 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -334,6 +334,12 @@ default['openstack']['block-storage']['enable_v1_api'] = 'False'
334# Whether to enable cinder v2 api or not 334# Whether to enable cinder v2 api or not
335default['openstack']['block-storage']['enable_v2_api'] = 'True' 335default['openstack']['block-storage']['enable_v2_api'] = 'True'
336 336
337# The full class name of the key manager api class
338default['openstack']['block-storage']['keymgr']['api_class'] = 'cinder.keymgr.conf_key_mgr.ConfKeyManager'
339
340# Fixed key returned by key manager, specified in hex
341default['openstack']['block-storage']['keymgr']['fixed_key'] = nil
342
337case platform_family 343case platform_family
338when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this 344when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
339 # operating system user and group names 345 # operating system user and group names
diff --git a/spec/cinder_common_spec.rb b/spec/cinder_common_spec.rb
index 73b4179..08b6025 100644
--- a/spec/cinder_common_spec.rb
+++ b/spec/cinder_common_spec.rb
@@ -232,6 +232,20 @@ describe 'openstack-block-storage::cinder-common' do
232 expect(chef_run).not_to render_config_file(file.name).with_section_content('DEFAULT', /^host=/) 232 expect(chef_run).not_to render_config_file(file.name).with_section_content('DEFAULT', /^host=/)
233 end 233 end
234 234
235 it 'has keymgr api_class attribute default set' do
236 expect(chef_run).to render_config_file(file.name).with_section_content('keymgr', /^api_class=cinder.keymgr.conf_key_mgr.ConfKeyManager$/)
237 end
238
239 it 'does not have keymgr attribute fixed_key set by default' do
240 expect(chef_run).not_to render_file(file.name).with_content(/^fixed_key=$/)
241 end
242
243 it 'allow override for keymgr attribute fixed_key' do
244 chef_run.node.set['openstack']['block-storage']['keymgr']['fixed_key'] = '1111111111111111111111111111111111111111111111111111111111111111'
245 expect(chef_run).to render_config_file(file.name)\
246 .with_section_content('keymgr', /^fixed_key=1111111111111111111111111111111111111111111111111111111111111111$/)
247 end
248
235 context 'netapp driver' do 249 context 'netapp driver' do
236 # FIXME(galstrom21): this block needs to check all of the default 250 # FIXME(galstrom21): this block needs to check all of the default
237 # netapp_* configuration options 251 # netapp_* configuration options
diff --git a/templates/default/cinder.conf.erb b/templates/default/cinder.conf.erb
index 14ec824..26847e2 100644
--- a/templates/default/cinder.conf.erb
+++ b/templates/default/cinder.conf.erb
@@ -1031,6 +1031,24 @@ connection=<%= @sql_connection %>
1031#### 100=Everything 1031#### 100=Everything
1032 1032
1033 1033
1034[keymgr]
1035
1036#
1037# Options defined in cinder.keymgr
1038#
1039
1040# The full class name of the key manager API class (string value)
1041api_class=<%= node['openstack']['block-storage']['keymgr']['api_class'] %>
1042
1043#
1044# Options defined in cinder.keymgr.conf_key_mgr
1045#
1046
1047# Fixed key returned by key manager, specified in hex (string value)
1048<% if node["openstack"]["block-storage"]["keymgr"]["fixed_key"] -%>
1049fixed_key=<%= node["openstack"]["block-storage"]["keymgr"]["fixed_key"] %>
1050<% end -%>
1051
1034[keystone_authtoken] 1052[keystone_authtoken]
1035 1053
1036# 1054#