Allow fixed_key to be configurable in cookbook

The fixed_key attribute should be added in cookbook for volume
encryption

Change-Id: I83f697fde32bf1ccaaa3187936c664c61b1e7af9
Closes-Bug: 1467797
This commit is contained in:
XiaoPei Liu 2015-06-24 11:28:28 +08:00
parent 7386afb7c0
commit 5140ba531d
4 changed files with 42 additions and 0 deletions

View File

@ -232,6 +232,10 @@ The following attributes are defined in attributes/default.rb of the common cook
* `openstack['block-storage']['backup']['swift']['retry_backoff']` - The backoff time in seconds between Swift retries.
* `openstack['block-storage']['backup']['swift']['enable_progress_timer']` - Enable or Disable the timer to send the periodic progress notifications to Ceilometer when backing up the volume to the Swift backend storage.
### Keymgr configuration attributes ###
* `openstack['block-storage']['keymgr']['api_class']` - The key manager api class to use.
* `openstack['block-storage']['keymgr']['fixed_key']` - The fixed key returned by key manager, specified in hex (string value).
If the value of the 'bind_interface' attribute is non-nil, then the block-storage service will be bound to the first IP address on that interface. If the value of the 'bind_interface' attribute is nil, then the block-storage service will be bound to the IP address specified in the host attribute.
Testing

View File

@ -334,6 +334,12 @@ default['openstack']['block-storage']['enable_v1_api'] = 'False'
# Whether to enable cinder v2 api or not
default['openstack']['block-storage']['enable_v2_api'] = 'True'
# The full class name of the key manager api class
default['openstack']['block-storage']['keymgr']['api_class'] = 'cinder.keymgr.conf_key_mgr.ConfKeyManager'
# Fixed key returned by key manager, specified in hex
default['openstack']['block-storage']['keymgr']['fixed_key'] = nil
case platform_family
when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
# operating system user and group names

View File

@ -232,6 +232,20 @@ describe 'openstack-block-storage::cinder-common' do
expect(chef_run).not_to render_config_file(file.name).with_section_content('DEFAULT', /^host=/)
end
it 'has keymgr api_class attribute default set' do
expect(chef_run).to render_config_file(file.name).with_section_content('keymgr', /^api_class=cinder.keymgr.conf_key_mgr.ConfKeyManager$/)
end
it 'does not have keymgr attribute fixed_key set by default' do
expect(chef_run).not_to render_file(file.name).with_content(/^fixed_key=$/)
end
it 'allow override for keymgr attribute fixed_key' do
chef_run.node.set['openstack']['block-storage']['keymgr']['fixed_key'] = '1111111111111111111111111111111111111111111111111111111111111111'
expect(chef_run).to render_config_file(file.name)\
.with_section_content('keymgr', /^fixed_key=1111111111111111111111111111111111111111111111111111111111111111$/)
end
context 'netapp driver' do
# FIXME(galstrom21): this block needs to check all of the default
# netapp_* configuration options

View File

@ -1031,6 +1031,24 @@ connection=<%= @sql_connection %>
#### 100=Everything
[keymgr]
#
# Options defined in cinder.keymgr
#
# The full class name of the key manager API class (string value)
api_class=<%= node['openstack']['block-storage']['keymgr']['api_class'] %>
#
# Options defined in cinder.keymgr.conf_key_mgr
#
# Fixed key returned by key manager, specified in hex (string value)
<% if node["openstack"]["block-storage"]["keymgr"]["fixed_key"] -%>
fixed_key=<%= node["openstack"]["block-storage"]["keymgr"]["fixed_key"] %>
<% end -%>
[keystone_authtoken]
#