Adding tls support for libvirt
The patchs adds TLS support in case of it is enabled for
nova compute process.
Change-Id: Ie14de155befc2f042f5425c22c4913a2b0f1913c
Related-PROD: PROD-23583
diff --git a/README.rst b/README.rst
index 0ca4467..4c1d819 100644
--- a/README.rst
+++ b/README.rst
@@ -188,6 +188,10 @@
tenant: service
user: ceilometer
password: pwd
+ libvirt:
+ ssl:
+ enabled: true
+ libvirt_uri: qemu+tls://
message_queue:
engine: rabbitmq
host: 127.0.0.1
diff --git a/ceilometer/agent.sls b/ceilometer/agent.sls
index 3e39b3e..72bbfad 100644
--- a/ceilometer/agent.sls
+++ b/ceilometer/agent.sls
@@ -15,6 +15,16 @@
- require:
- pkg: ceilometer_agent_packages
+{%- if agent.get('libvirt',{}).get('ssl',{}).get('enabled', False) == True and salt['group.info']('nova') %}
+add_ceilometer_to_nova_group:
+ user.present:
+ - name: ceilometer
+ - groups:
+ - nova
+ - require:
+ - pkg: ceilometer_agent_packages
+{%- endif %}
+
{% for service_name in agent.services %}
{{ service_name }}_default:
file.managed:
diff --git a/ceilometer/files/pike/ceilometer-agent.conf.Debian b/ceilometer/files/pike/ceilometer-agent.conf.Debian
index 2a7def9..4224ccc 100644
--- a/ceilometer/files/pike/ceilometer-agent.conf.Debian
+++ b/ceilometer/files/pike/ceilometer-agent.conf.Debian
@@ -20,6 +20,14 @@
transport_url = rabbit://{{ agent.message_queue.user }}:{{ agent.message_queue.password }}@{{ agent.message_queue.host }}:{{ rabbit_port }}/{{ agent.message_queue.virtual_host }}
{%- endif %}
+{%- if agent.get('libvirt',{}).get('ssl',{}).get('enabled', False) == True %}
+{%- set libvirt_uri = 'qemu+tls://' ~ grains.get('fqdn') ~ '/system' %}
+{%- endif %}
+
+{%- if libvirt_uri is defined or agent.get('libvirt',{}).libvirt_uri is defined %}
+libvirt_uri = {{ agent.get('libvirt',{}).get('libvirt_uri', libvirt_uri) }}
+{%- endif %}
+
[compute]
instance_discovery_method = {{ agent.get('discovery_method', 'libvirt_metadata') }}
diff --git a/ceilometer/files/queens/ceilometer-agent.conf.Debian b/ceilometer/files/queens/ceilometer-agent.conf.Debian
index 8d26346..2282a76 100644
--- a/ceilometer/files/queens/ceilometer-agent.conf.Debian
+++ b/ceilometer/files/queens/ceilometer-agent.conf.Debian
@@ -36,6 +36,13 @@
# Override the default libvirt URI (which is dependent on libvirt_type).
# (string value)
#libvirt_uri =
+{%- if agent.get('libvirt',{}).get('ssl',{}).get('enabled', False) == True %}
+{%- set libvirt_uri = 'qemu+tls://' ~ grains.get('fqdn') ~ '/system' %}
+{%- endif %}
+
+{%- if libvirt_uri is defined or agent.get('libvirt',{}).libvirt_uri is defined %}
+libvirt_uri = {{ agent.get('libvirt',{}).get('libvirt_uri', libvirt_uri) }}
+{%- endif %}
# Swift reseller prefix. Must be on par with reseller_prefix in proxy-
# agent.conf. (string value)
diff --git a/tests/pillar/agent_cluster.sls b/tests/pillar/agent_cluster.sls
index 75d87ab..1ba1dfb 100644
--- a/tests/pillar/agent_cluster.sls
+++ b/tests/pillar/agent_cluster.sls
@@ -12,6 +12,10 @@
- "*"
interval: 100
debug: true
+ libvirt:
+ ssl:
+ enabled: true
+ libvirt_uri: qemu://
region: RegionOne
enabled: true
version: liberty
diff --git a/tests/pillar/agent_single.sls b/tests/pillar/agent_single.sls
index 300e747..2b99238 100644
--- a/tests/pillar/agent_single.sls
+++ b/tests/pillar/agent_single.sls
@@ -8,6 +8,10 @@
publisher:
default:
enabled: true
+ libvirt:
+ ssl:
+ enabled: true
+ libvirt_uri: qemu://
identity:
engine: keystone
host: 127.0.0.1