1. devstack
  2. Commit 1d378dcf6d3699d99838050cc804c64a1862ba8f
Browse code

Remove n-novnc service requirement for TLS configuration

When configuring TLS between the console proxy (where the n-novnc
service runs) and the compute host, some configuration for QEMU needs
to be done on the compute host. The existing code for this requires the
n-novnc service to be running, which it is in a single node all-in-one
deployment. However, when running in a multinode deployment, the
n-novnc service runs only on the controller and not on the subnode.
Yet, we need to configure QEMU on the subnode compute host as well.

This removes the n-novnc service requirement to enable TLS QEMU
configuration to occur on a compute subnode in a multinode deployment.

Closes-Bug: #1849418

Change-Id: I8b6970e91ad7f52ff489cb9f776ca216d8f86aa4

melanie witt authored on 2019/10/23 13:20:23
Showing 1 changed files
lib/nova_plugins/functions-libvirt
History View file @ 1d378dc
... ... 
@@ -150,21 +150,19 @@ EOF
150 150 
     fi
151 151
152 152 
     if is_nova_console_proxy_compute_tls_enabled ; then
153 
-        if is_service_enabled n-novnc ; then
154 
-            echo "vnc_tls = 1" | sudo tee -a $QEMU_CONF
155 
-            echo "vnc_tls_x509_verify = 1" | sudo tee -a $QEMU_CONF
156 
-
157 
-            sudo mkdir -p /etc/pki/libvirt-vnc
158 
-            deploy_int_CA /etc/pki/libvirt-vnc/ca-cert.pem
159 
-            deploy_int_cert /etc/pki/libvirt-vnc/server-cert.pem /etc/pki/libvirt-vnc/server-key.pem
160 
-            # OpenSSL 1.1.0 generates the key file with permissions: 600, by
161 
-            # default and the deploy_int* methods use 'sudo cp' to copy the
162 
-            # files, making them owned by root:root.
163 
-            # Change ownership of everything under /etc/pki/libvirt-vnc to
164 
-            # libvirt-qemu:libvirt-qemu so that libvirt-qemu can read the key
165 
-            # file.
166 
-            sudo chown -R libvirt-qemu:libvirt-qemu /etc/pki/libvirt-vnc
167 
-        fi
153 
+        echo "vnc_tls = 1" | sudo tee -a $QEMU_CONF
154 
+        echo "vnc_tls_x509_verify = 1" | sudo tee -a $QEMU_CONF
155 
+
156 
+        sudo mkdir -p /etc/pki/libvirt-vnc
157 
+        deploy_int_CA /etc/pki/libvirt-vnc/ca-cert.pem
158 
+        deploy_int_cert /etc/pki/libvirt-vnc/server-cert.pem /etc/pki/libvirt-vnc/server-key.pem
159 
+        # OpenSSL 1.1.0 generates the key file with permissions: 600, by
160 
+        # default and the deploy_int* methods use 'sudo cp' to copy the
161 
+        # files, making them owned by root:root.
162 
+        # Change ownership of everything under /etc/pki/libvirt-vnc to
163 
+        # libvirt-qemu:libvirt-qemu so that libvirt-qemu can read the key
164 
+        # file.
165 
+        sudo chown -R libvirt-qemu:libvirt-qemu /etc/pki/libvirt-vnc
168 166 
     fi
169 167
170 168 
     # Service needs to be started on redhat/fedora -- do a restart for