openstack/puppet-ironic
Code Issues Proposed changes

vnc: Support new ssl options

Browse Source 
Add support for the dedicated options to configure ssl for novnc proxy
service.

Note that release note is not added because the vnc class was added
during this cycle.

Depends-on: https://review.opendev.org/943678
Change-Id: Ia96c2a927bf6aa2c2a7749789b492f066e187380
This commit is contained in:
Takashi Kajinami
2025-03-11 20:38:03 +09:00
parent 540b89df44
commit c1f72b157a
2 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
manifests/vnc.pp
View File

@@ -56,6 +56,22 @@
# whether active console sessions have expired and need to be closed.
# Defaults to $facts['os_service_default']
#
# [*ssl_cert_file*]
# (optional) Certificate file to use when starting the server securely.
# Defaults to $facts['os_service_default']
#
# [*ssl_key_file*]
# (optional) Private key file to use when starting the server securely.
# Defaults to $facts['os_service_default']
#
# [*ssl_minimum_version*]
# (optional) The minimum SSL version to use.
# Defaults to $facts['os_service_default']
#
# [*ssl_ciphers*]
# (optional) List of available ciphers.
# Defaults to $facts['os_service_default']
#
class ironic::vnc(
$package_ensure = present,
Boolean $enabled = true,
@@ -69,6 +85,10 @@ class ironic::vnc(
$novnc_auth_schemes = $facts['os_service_default'],
$token_timeout = $facts['os_service_default'],
$expire_console_session_interval = $facts['os_service_default'],
$ssl_cert_file = $facts['os_service_default'],
$ssl_key_file = $facts['os_service_default'],
$ssl_minimum_version = $facts['os_service_default'],
$ssl_ciphers = $facts['os_service_default'],
) inherits ironic::params {
include ironic::deps
@@ -84,6 +104,10 @@ class ironic::vnc(
'vnc/novnc_auth_schemes': value => join(any2array($novnc_auth_schemes), ',');
'vnc/token_timeout': value => $token_timeout;
'vnc/expire_console_session_interval': value => $expire_console_session_interval;
'vnc/ssl_cert_file': value => $ssl_cert_file;
'vnc/ssl_key_file': value => $ssl_key_file;
'vnc/ssl_minimum_version': value => $ssl_minimum_version;
'vnc/ssl_ciphers': value => join(any2array($ssl_ciphers), ':');
}
if $::ironic::params::novncproxy_package {

16
spec/classes/ironic_vnc_spec.rb
View File

@@ -39,6 +39,10 @@ describe 'ironic::vnc' do
is_expected.to contain_ironic_config('vnc/novnc_auth_schemes').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('vnc/token_timeout').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('vnc/expire_console_session_interval').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('vnc/ssl_cert_file').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('vnc/ssl_key_file').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('vnc/ssl_minimum_version').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('vnc/ssl_ciphers').with_value('<SERVICE DEFAULT>')
end
end
@@ -55,6 +59,12 @@ describe 'ironic::vnc' do
:novnc_auth_schemes => 'none',
:token_timeout => 600,
:expire_console_session_interval => 120,
:ssl_cert_file => 'CERTFILE',
:ssl_key_file => 'KEYFILE',
:ssl_minimum_version => 'TLSv1',
:ssl_ciphers => [
'TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256'
],
}
end
@@ -90,6 +100,12 @@ describe 'ironic::vnc' do
is_expected.to contain_ironic_config('vnc/novnc_auth_schemes').with_value('none')
is_expected.to contain_ironic_config('vnc/token_timeout').with_value(600)
is_expected.to contain_ironic_config('vnc/expire_console_session_interval').with_value(120)
is_expected.to contain_ironic_config('vnc/ssl_cert_file').with_value('CERTFILE')
is_expected.to contain_ironic_config('vnc/ssl_key_file').with_value('KEYFILE')
is_expected.to contain_ironic_config('vnc/ssl_minimum_version').with_value('TLSv1')
is_expected.to contain_ironic_config('vnc/ssl_ciphers').with_value(
'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256'
)
end
end
end