Add ability to set verify_glance_signatures independently
This change allows to define compute.glance.verify_glance_signatures
independently of whether barbican is enabled or not.
Closes-issue: https://mirantis.jira.com/browse/PROD-22003
Change-Id: Ie4f8f72d2aeeba997106708555ee53fb9b535d5e
diff --git a/nova/files/pike/nova-compute.conf.Debian b/nova/files/pike/nova-compute.conf.Debian
index d6589ec..d3aa8db 100644
--- a/nova/files/pike/nova-compute.conf.Debian
+++ b/nova/files/pike/nova-compute.conf.Debian
@@ -5136,7 +5136,9 @@
# * The options in the `key_manager` group, as the key_manager is used
# for the signature validation.
# (boolean value)
-{%- if compute.get('barbican', {}).get('enabled', False) %}
+{%- if compute.get('image', {}).verify_glance_signatures is defined %}
+verify_glance_signatures={{ compute.image.verify_glance_signatures }}
+{%- elif compute.get('barbican', {}).get('enabled', False) %}
verify_glance_signatures=true
{%- else %}
#verify_glance_signatures=false
diff --git a/nova/files/queens/nova-compute.conf.Debian b/nova/files/queens/nova-compute.conf.Debian
index d471a26..b2168a1 100644
--- a/nova/files/queens/nova-compute.conf.Debian
+++ b/nova/files/queens/nova-compute.conf.Debian
@@ -5446,7 +5446,9 @@
# default_trusted_certificate_ids
# below depend on this option being enabled.
# (boolean value)
-{%- if compute.get('barbican', {}).get('enabled', False) %}
+{%- if compute.get('image', {}).verify_glance_signatures is defined %}
+verify_glance_signatures={{ compute.image.verify_glance_signatures }}
+{%- elif compute.get('barbican', {}).get('enabled', False) %}
verify_glance_signatures=true
{%- else %}
#verify_glance_signatures=false