diff --git a/config.yaml b/config.yaml index c59f0a73..af0defeb 100644 --- a/config.yaml +++ b/config.yaml @@ -78,6 +78,13 @@ options: uml, lxc, qemu. NOTE: Changing virtualisation flavor after deployment is not supported. + inject-password: + type: boolean + default: False + description: | + Enable or disable admin password injection at boot time on hypervisors + that use the libvirt back end (such as KVM, QEMU, and LXC). The random + password appears in the output of the openstack server create command. disk-cachemodes: type: string default: diff --git a/hooks/nova_compute_context.py b/hooks/nova_compute_context.py index a15cc94b..881ce6da 100644 --- a/hooks/nova_compute_context.py +++ b/hooks/nova_compute_context.py @@ -313,6 +313,11 @@ class NovaComputeLibvirtContext(context.OSContextGenerator): ctxt['libvirt_images_type'] = config('libvirt-image-backend') ctxt['force_raw_images'] = config('force-raw-images') + ctxt['inject_password'] = config('inject-password') + # if allow the injection of an admin password it depends + # on value greater or equal to -1 for inject_partition + # -2 means disable the injection of data + ctxt['inject_partition'] = -1 if config('inject-password') else -2 return ctxt diff --git a/templates/icehouse/nova.conf b/templates/icehouse/nova.conf index b923c0f1..8c1d0635 100644 --- a/templates/icehouse/nova.conf +++ b/templates/icehouse/nova.conf @@ -152,6 +152,9 @@ server_proxyclient_address = {{ console_listen_addr }} {% endif -%} [libvirt] +inject_key = false +inject_password = {{ inject_password }} +inject_partition = {{ inject_partition }} {% if cpu_mode -%} cpu_mode = {{ cpu_mode }} {% endif -%} @@ -164,9 +167,6 @@ images_type = {{ libvirt_images_type }} {% if libvirt_images_type and rbd_pool -%} images_rbd_pool = {{ rbd_pool }} images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }} -inject_password = false -inject_key = false -inject_partition = -2 {% endif -%} rbd_user = {{ rbd_user }} rbd_secret_uuid = {{ rbd_secret_uuid }} diff --git a/templates/juno/nova.conf b/templates/juno/nova.conf index 4a27df63..5e0c6bf4 100644 --- a/templates/juno/nova.conf +++ b/templates/juno/nova.conf @@ -144,6 +144,9 @@ server_proxyclient_address = {{ console_listen_addr }} {% endif -%} [libvirt] +inject_key = false +inject_password = {{ inject_password }} +inject_partition = {{ inject_partition }} {% if cpu_mode -%} cpu_mode = {{ cpu_mode }} {% endif -%} @@ -156,9 +159,6 @@ images_type = {{ libvirt_images_type }} {% if libvirt_images_type and rbd_pool -%} images_rbd_pool = {{ rbd_pool }} images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }} -inject_password = false -inject_key = false -inject_partition = -2 {% endif -%} rbd_user = {{ rbd_user }} rbd_secret_uuid = {{ rbd_secret_uuid }} diff --git a/templates/kilo/nova.conf b/templates/kilo/nova.conf index 9224eddc..30691a89 100644 --- a/templates/kilo/nova.conf +++ b/templates/kilo/nova.conf @@ -165,6 +165,9 @@ server_proxyclient_address = {{ console_listen_addr }} {% endif %} [libvirt] +inject_key = false +inject_password = {{ inject_password }} +inject_partition = {{ inject_partition }} {% if cpu_mode -%} cpu_mode = {{ cpu_mode }} {% endif -%} @@ -177,9 +180,6 @@ images_type = {{ libvirt_images_type }} {% if libvirt_images_type and rbd_pool -%} images_rbd_pool = {{ rbd_pool }} images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }} -inject_password = false -inject_key = false -inject_partition = -2 {% endif -%} rbd_user = {{ rbd_user }} rbd_secret_uuid = {{ rbd_secret_uuid }} diff --git a/templates/liberty/nova.conf b/templates/liberty/nova.conf index b90c1357..672e72ef 100644 --- a/templates/liberty/nova.conf +++ b/templates/liberty/nova.conf @@ -169,6 +169,9 @@ server_proxyclient_address = {{ console_listen_addr }} {% endif -%} [libvirt] +inject_key = false +inject_password = {{ inject_password }} +inject_partition = {{ inject_partition }} {% if cpu_mode -%} cpu_mode = {{ cpu_mode }} {% endif -%} @@ -181,9 +184,6 @@ images_type = {{ libvirt_images_type }} {% if libvirt_images_type and rbd_pool -%} images_rbd_pool = {{ rbd_pool }} images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }} -inject_password = false -inject_key = false -inject_partition = -2 {% endif -%} rbd_user = {{ rbd_user }} rbd_secret_uuid = {{ rbd_secret_uuid }} diff --git a/templates/mitaka/nova.conf b/templates/mitaka/nova.conf index 592167cf..42396e25 100644 --- a/templates/mitaka/nova.conf +++ b/templates/mitaka/nova.conf @@ -185,6 +185,9 @@ server_proxyclient_address = {{ console_listen_addr }} {% endif -%} [libvirt] +inject_key = false +inject_password = {{ inject_password }} +inject_partition = {{ inject_partition }} {% if cpu_mode -%} cpu_mode = {{ cpu_mode }} {% endif -%} @@ -197,9 +200,6 @@ images_type = {{ libvirt_images_type }} {% if libvirt_images_type and rbd_pool -%} images_rbd_pool = {{ rbd_pool }} images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }} -inject_password = false -inject_key = false -inject_partition = -2 {% endif -%} rbd_user = {{ rbd_user }} rbd_secret_uuid = {{ rbd_secret_uuid }} diff --git a/templates/newton/nova.conf b/templates/newton/nova.conf index c99fadfc..6311d9cd 100644 --- a/templates/newton/nova.conf +++ b/templates/newton/nova.conf @@ -190,6 +190,9 @@ server_proxyclient_address = {{ console_listen_addr }} {% endif -%} [libvirt] +inject_key = false +inject_password = {{ inject_password }} +inject_partition = {{ inject_partition }} {% if cpu_mode -%} cpu_mode = {{ cpu_mode }} {% endif -%} @@ -202,9 +205,6 @@ images_type = {{ libvirt_images_type }} {% if libvirt_images_type and rbd_pool -%} images_rbd_pool = {{ rbd_pool }} images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }} -inject_password = false -inject_key = false -inject_partition = -2 {% endif -%} rbd_user = {{ rbd_user }} rbd_secret_uuid = {{ rbd_secret_uuid }} diff --git a/templates/ocata/nova.conf b/templates/ocata/nova.conf index ad8883c0..f3375a2f 100644 --- a/templates/ocata/nova.conf +++ b/templates/ocata/nova.conf @@ -193,6 +193,9 @@ server_proxyclient_address = {{ console_listen_addr }} {% endif -%} [libvirt] +inject_key = false +inject_password = {{ inject_password }} +inject_partition = {{ inject_partition }} {% if cpu_mode -%} cpu_mode = {{ cpu_mode }} {% endif -%} @@ -208,9 +211,6 @@ images_type = {{ libvirt_images_type }} {% if libvirt_images_type and rbd_pool -%} images_rbd_pool = {{ rbd_pool }} images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }} -inject_password = false -inject_key = false -inject_partition = -2 {% endif -%} rbd_user = {{ rbd_user }} rbd_secret_uuid = {{ rbd_secret_uuid }} diff --git a/templates/pike/nova.conf b/templates/pike/nova.conf index 92d07b0e..d9d5bd3c 100644 --- a/templates/pike/nova.conf +++ b/templates/pike/nova.conf @@ -192,6 +192,9 @@ server_proxyclient_address = {{ console_listen_addr }} {% endif -%} [libvirt] +inject_key = false +inject_password = {{ inject_password }} +inject_partition = {{ inject_partition }} {% if cpu_mode -%} cpu_mode = {{ cpu_mode }} {% endif -%} @@ -207,9 +210,6 @@ images_type = {{ libvirt_images_type }} {% if libvirt_images_type and rbd_pool -%} images_rbd_pool = {{ rbd_pool }} images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }} -inject_password = false -inject_key = false -inject_partition = -2 {% endif -%} rbd_user = {{ rbd_user }} rbd_secret_uuid = {{ rbd_secret_uuid }} diff --git a/templates/queens/nova.conf b/templates/queens/nova.conf index 3db1125c..54e58666 100644 --- a/templates/queens/nova.conf +++ b/templates/queens/nova.conf @@ -210,6 +210,9 @@ server_proxyclient_address = {{ console_listen_addr }} {% endif -%} [libvirt] +inject_key = false +inject_password = {{ inject_password }} +inject_partition = {{ inject_partition }} {% if cpu_mode -%} cpu_mode = {{ cpu_mode }} {% endif -%} @@ -225,9 +228,6 @@ images_type = {{ libvirt_images_type }} {% if libvirt_images_type and rbd_pool -%} images_rbd_pool = {{ rbd_pool }} images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }} -inject_password = false -inject_key = false -inject_partition = -2 {% endif -%} rbd_user = {{ rbd_user }} rbd_secret_uuid = {{ rbd_secret_uuid }} diff --git a/templates/rocky/nova.conf b/templates/rocky/nova.conf index 0831af93..47bcf83e 100644 --- a/templates/rocky/nova.conf +++ b/templates/rocky/nova.conf @@ -213,6 +213,9 @@ server_proxyclient_address = {{ console_listen_addr }} {% endif -%} [libvirt] +inject_key = false +inject_password = {{ inject_password }} +inject_partition = {{ inject_partition }} {% if cpu_mode -%} cpu_mode = {{ cpu_mode }} {% endif -%} @@ -228,9 +231,6 @@ images_type = {{ libvirt_images_type }} {% if libvirt_images_type and rbd_pool -%} images_rbd_pool = {{ rbd_pool }} images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }} -inject_password = false -inject_key = false -inject_partition = -2 {% endif -%} rbd_user = {{ rbd_user }} rbd_secret_uuid = {{ rbd_secret_uuid }} diff --git a/templates/stein/nova.conf b/templates/stein/nova.conf index 69737f33..7ab78f2f 100644 --- a/templates/stein/nova.conf +++ b/templates/stein/nova.conf @@ -217,6 +217,9 @@ server_proxyclient_address = {{ console_listen_addr }} {% endif -%} [libvirt] +inject_key = false +inject_password = {{ inject_password }} +inject_partition = {{ inject_partition }} {% if cpu_mode -%} cpu_mode = {{ cpu_mode }} {% endif -%} @@ -232,9 +235,6 @@ images_type = {{ libvirt_images_type }} {% if libvirt_images_type and rbd_pool -%} images_rbd_pool = {{ rbd_pool }} images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }} -inject_password = false -inject_key = false -inject_partition = -2 {% endif -%} rbd_user = {{ rbd_user }} rbd_secret_uuid = {{ rbd_secret_uuid }} diff --git a/templates/train/nova.conf b/templates/train/nova.conf index 8e5852f7..d508b96d 100644 --- a/templates/train/nova.conf +++ b/templates/train/nova.conf @@ -224,6 +224,9 @@ server_proxyclient_address = {{ console_listen_addr }} {% endif -%} [libvirt] +inject_key = false +inject_password = {{ inject_password }} +inject_partition = {{ inject_partition }} {% if cpu_mode -%} cpu_mode = {{ cpu_mode }} {% endif -%} @@ -239,9 +242,6 @@ images_type = {{ libvirt_images_type }} {% if libvirt_images_type and rbd_pool -%} images_rbd_pool = {{ rbd_pool }} images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }} -inject_password = false -inject_key = false -inject_partition = -2 {% endif -%} rbd_user = {{ rbd_user }} rbd_secret_uuid = {{ rbd_secret_uuid }} diff --git a/unit_tests/test_nova_compute_contexts.py b/unit_tests/test_nova_compute_contexts.py index e3d4921d..d332a38a 100644 --- a/unit_tests/test_nova_compute_contexts.py +++ b/unit_tests/test_nova_compute_contexts.py @@ -313,6 +313,29 @@ class NovaComputeContextTests(CharmTestCase): 'listen_tls': 0, 'host_uuid': self.host_uuid, 'force_raw_images': True, + 'inject_password': False, + 'inject_partition': -2, + 'default_ephemeral_format': 'ext4', + 'reserved_host_memory': 512}, libvirt()) + + def test_libvirt_context_inject_password(self): + self.lsb_release.return_value = {'DISTRIB_CODENAME': 'zesty'} + self.os_release.return_value = 'ocata' + self.kv.return_value = FakeUnitdata(**{'host_uuid': self.host_uuid}) + self.test_config.set('inject-password', True) + libvirt = context.NovaComputeLibvirtContext() + + self.assertEqual( + {'libvirtd_opts': '', + 'libvirt_user': 'libvirt', + 'arch': platform.machine(), + 'ksm': 'AUTO', + 'kvm_hugepages': 0, + 'listen_tls': 0, + 'host_uuid': self.host_uuid, + 'force_raw_images': True, + 'inject_password': True, + 'inject_partition': -1, 'default_ephemeral_format': 'ext4', 'reserved_host_memory': 512}, libvirt()) @@ -332,6 +355,8 @@ class NovaComputeContextTests(CharmTestCase): 'listen_tls': 0, 'host_uuid': self.host_uuid, 'force_raw_images': True, + 'inject_password': False, + 'inject_partition': -2, 'default_ephemeral_format': 'ext4', 'reserved_host_memory': 512, 'reserved_huge_pages': ['node:0,size:2048,count:6']}, libvirt()) @@ -354,6 +379,8 @@ class NovaComputeContextTests(CharmTestCase): 'listen_tls': 0, 'host_uuid': self.host_uuid, 'force_raw_images': True, + 'inject_password': False, + 'inject_partition': -2, 'default_ephemeral_format': 'ext4', 'reserved_host_memory': 512, 'reserved_huge_pages': ['node:0,size:2048,count:6', @@ -374,6 +401,8 @@ class NovaComputeContextTests(CharmTestCase): 'listen_tls': 0, 'host_uuid': self.host_uuid, 'force_raw_images': True, + 'inject_password': False, + 'inject_partition': -2, 'default_ephemeral_format': 'ext4', 'reserved_host_memory': 512}, libvirt()) @@ -400,6 +429,8 @@ class NovaComputeContextTests(CharmTestCase): 'live_migration_permit_post_copy': False, 'default_ephemeral_format': 'ext4', 'force_raw_images': True, + 'inject_password': False, + 'inject_partition': -2, 'reserved_host_memory': 512}, libvirt()) def test_libvirt_context_without_migration_network(self): @@ -459,6 +490,8 @@ class NovaComputeContextTests(CharmTestCase): 'live_migration_permit_auto_converge': True, 'live_migration_permit_post_copy': False, 'force_raw_images': True, + 'inject_password': False, + 'inject_partition': -2, 'default_ephemeral_format': 'ext4', 'reserved_host_memory': 512}, libvirt()) @@ -486,6 +519,8 @@ class NovaComputeContextTests(CharmTestCase): 'live_migration_permit_post_copy': True, 'default_ephemeral_format': 'ext4', 'force_raw_images': True, + 'inject_password': False, + 'inject_partition': -2, 'reserved_host_memory': 512}, libvirt()) def test_libvirt_disk_cachemodes(self): @@ -504,6 +539,8 @@ class NovaComputeContextTests(CharmTestCase): 'listen_tls': 0, 'host_uuid': self.host_uuid, 'force_raw_images': True, + 'inject_password': False, + 'inject_partition': -2, 'default_ephemeral_format': 'ext4', 'reserved_host_memory': 512}, libvirt()) @@ -524,6 +561,8 @@ class NovaComputeContextTests(CharmTestCase): 'listen_tls': 0, 'host_uuid': self.host_uuid, 'force_raw_images': True, + 'inject_password': False, + 'inject_partition': -2, 'default_ephemeral_format': 'ext4', 'reserved_host_memory': 512}, libvirt()) @@ -543,6 +582,8 @@ class NovaComputeContextTests(CharmTestCase): 'listen_tls': 0, 'host_uuid': self.host_uuid, 'force_raw_images': False, + 'inject_password': False, + 'inject_partition': -2, 'default_ephemeral_format': 'ext4', 'reserved_host_memory': 512}, libvirt()) @@ -652,6 +693,8 @@ class NovaComputeContextTests(CharmTestCase): 'reserved_host_memory': 1024, 'vcpu_pin_set': None, 'force_raw_images': True, + 'inject_password': False, + 'inject_partition': -2, 'pci_passthrough_whitelist': 'mypcidevices', 'virtio_net_tx_queue_size': 512, 'virtio_net_rx_queue_size': 1024, @@ -676,6 +719,8 @@ class NovaComputeContextTests(CharmTestCase): 'reserved_host_memory': 512, 'vcpu_pin_set': '^0^2', 'force_raw_images': True, + 'inject_password': False, + 'inject_partition': -2, 'default_ephemeral_format': 'ext4'}, libvirt()) def test_ksm_configs(self): @@ -860,6 +905,8 @@ class SerialConsoleContextTests(CharmTestCase): 'listen_tls': 0, 'host_uuid': self.host_uuid, 'force_raw_images': True, + 'inject_password': False, + 'inject_partition': -2, 'default_ephemeral_format': 'ext4', 'reserved_host_memory': 512}, libvirt())