vnc: Support new ssl options
Add support for the dedicated options to configure ssl for novnc proxy service. Note that release note is not added because the vnc class was added during this cycle. Depends-on: https://review.opendev.org/943678 Change-Id: Ia96c2a927bf6aa2c2a7749789b492f066e187380
This commit is contained in:
Takashi Kajinami
@@ -56,6 +56,22 @@
|
|||||||
# whether active console sessions have expired and need to be closed.
|
# whether active console sessions have expired and need to be closed.
|
||||||
# Defaults to $facts['os_service_default']
|
# Defaults to $facts['os_service_default']
|
||||||
#
|
#
|
||||||
|
# [*ssl_cert_file*]
|
||||||
|
# (optional) Certificate file to use when starting the server securely.
|
||||||
|
# Defaults to $facts['os_service_default']
|
||||||
|
#
|
||||||
|
# [*ssl_key_file*]
|
||||||
|
# (optional) Private key file to use when starting the server securely.
|
||||||
|
# Defaults to $facts['os_service_default']
|
||||||
|
#
|
||||||
|
# [*ssl_minimum_version*]
|
||||||
|
# (optional) The minimum SSL version to use.
|
||||||
|
# Defaults to $facts['os_service_default']
|
||||||
|
#
|
||||||
|
# [*ssl_ciphers*]
|
||||||
|
# (optional) List of available ciphers.
|
||||||
|
# Defaults to $facts['os_service_default']
|
||||||
|
#
|
||||||
class ironic::vnc(
|
class ironic::vnc(
|
||||||
$package_ensure = present,
|
$package_ensure = present,
|
||||||
Boolean $enabled = true,
|
Boolean $enabled = true,
|
||||||
@@ -69,6 +85,10 @@ class ironic::vnc(
|
|||||||
$novnc_auth_schemes = $facts['os_service_default'],
|
$novnc_auth_schemes = $facts['os_service_default'],
|
||||||
$token_timeout = $facts['os_service_default'],
|
$token_timeout = $facts['os_service_default'],
|
||||||
$expire_console_session_interval = $facts['os_service_default'],
|
$expire_console_session_interval = $facts['os_service_default'],
|
||||||
|
$ssl_cert_file = $facts['os_service_default'],
|
||||||
|
$ssl_key_file = $facts['os_service_default'],
|
||||||
|
$ssl_minimum_version = $facts['os_service_default'],
|
||||||
|
$ssl_ciphers = $facts['os_service_default'],
|
||||||
) inherits ironic::params {
|
) inherits ironic::params {
|
||||||
|
|
||||||
include ironic::deps
|
include ironic::deps
|
||||||
@@ -84,6 +104,10 @@ class ironic::vnc(
|
|||||||
'vnc/novnc_auth_schemes': value => join(any2array($novnc_auth_schemes), ',');
|
'vnc/novnc_auth_schemes': value => join(any2array($novnc_auth_schemes), ',');
|
||||||
'vnc/token_timeout': value => $token_timeout;
|
'vnc/token_timeout': value => $token_timeout;
|
||||||
'vnc/expire_console_session_interval': value => $expire_console_session_interval;
|
'vnc/expire_console_session_interval': value => $expire_console_session_interval;
|
||||||
|
'vnc/ssl_cert_file': value => $ssl_cert_file;
|
||||||
|
'vnc/ssl_key_file': value => $ssl_key_file;
|
||||||
|
'vnc/ssl_minimum_version': value => $ssl_minimum_version;
|
||||||
|
'vnc/ssl_ciphers': value => join(any2array($ssl_ciphers), ':');
|
||||||
}
|
}
|
||||||
|
|
||||||
if $::ironic::params::novncproxy_package {
|
if $::ironic::params::novncproxy_package {
|
||||||
|
|||||||
@@ -39,6 +39,10 @@ describe 'ironic::vnc' do
|
|||||||
is_expected.to contain_ironic_config('vnc/novnc_auth_schemes').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_ironic_config('vnc/novnc_auth_schemes').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_ironic_config('vnc/token_timeout').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_ironic_config('vnc/token_timeout').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_ironic_config('vnc/expire_console_session_interval').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_ironic_config('vnc/expire_console_session_interval').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_ironic_config('vnc/ssl_cert_file').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_ironic_config('vnc/ssl_key_file').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_ironic_config('vnc/ssl_minimum_version').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_ironic_config('vnc/ssl_ciphers').with_value('<SERVICE DEFAULT>')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@@ -55,6 +59,12 @@ describe 'ironic::vnc' do
|
|||||||
:novnc_auth_schemes => 'none',
|
:novnc_auth_schemes => 'none',
|
||||||
:token_timeout => 600,
|
:token_timeout => 600,
|
||||||
:expire_console_session_interval => 120,
|
:expire_console_session_interval => 120,
|
||||||
|
:ssl_cert_file => 'CERTFILE',
|
||||||
|
:ssl_key_file => 'KEYFILE',
|
||||||
|
:ssl_minimum_version => 'TLSv1',
|
||||||
|
:ssl_ciphers => [
|
||||||
|
'TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256'
|
||||||
|
],
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
@@ -90,6 +100,12 @@ describe 'ironic::vnc' do
|
|||||||
is_expected.to contain_ironic_config('vnc/novnc_auth_schemes').with_value('none')
|
is_expected.to contain_ironic_config('vnc/novnc_auth_schemes').with_value('none')
|
||||||
is_expected.to contain_ironic_config('vnc/token_timeout').with_value(600)
|
is_expected.to contain_ironic_config('vnc/token_timeout').with_value(600)
|
||||||
is_expected.to contain_ironic_config('vnc/expire_console_session_interval').with_value(120)
|
is_expected.to contain_ironic_config('vnc/expire_console_session_interval').with_value(120)
|
||||||
|
is_expected.to contain_ironic_config('vnc/ssl_cert_file').with_value('CERTFILE')
|
||||||
|
is_expected.to contain_ironic_config('vnc/ssl_key_file').with_value('KEYFILE')
|
||||||
|
is_expected.to contain_ironic_config('vnc/ssl_minimum_version').with_value('TLSv1')
|
||||||
|
is_expected.to contain_ironic_config('vnc/ssl_ciphers').with_value(
|
||||||
|
'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256'
|
||||||
|
)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
Reference in New Issue
Block a user