ichavero pushed to openstack-puppet-modules (f22). "Updated patches from f22-patches"
notifications at fedoraproject.org
notifications at fedoraproject.org
Tue Mar 31 20:58:12 UTC 2015
>From 7651bc1b54c07a21fdb151c1fe8974c0d4a4ad7f Mon Sep 17 00:00:00 2001
From: Ivan Chavero <ichavero at redhat.com>
Date: Tue, 31 Mar 2015 13:47:49 -0700
Subject: Updated patches from f22-patches
diff --git a/0019-move-setting-of-novncproxy_base_url-into-nova-class.patch b/0019-move-setting-of-novncproxy_base_url-into-nova-class.patch
deleted file mode 100644
index 3677f6c..0000000
--- a/0019-move-setting-of-novncproxy_base_url-into-nova-class.patch
+++ /dev/null
@@ -1,179 +0,0 @@
-From b1f5224d78efb771feb2f3f1661edd507f79f451 Mon Sep 17 00:00:00 2001
-From: Lars Kellogg-Stedman <lars at redhat.com>
-Date: Fri, 27 Mar 2015 22:44:57 -0400
-Subject: [PATCH] move setting of novncproxy_base_url into nova class
-
-The fixes introduced in order to resolve
-https://bugs.launchpad.net/nova/+bug/1409142 (CVE-2015-0259) make
-novncproxy_base_url relevant on hosts running the nova-novncproxy
-service, whereas previously it was only used by nova-compute to
-construct VNC console urls.
-
-This change moves the setting of the novncproxy_base_url option out of
-compute.pp and into init.pp so that it can be set correctly on any hosts
-running nova services.
-
-This change has been validated in both single- and multi-node packstack
-installs (using https://review.openstack.org/#/c/168547/).
-
-Resolves: rhbz#1204482
-Closes-bug: 1436969
-Change-Id: I7af4cf8257f2bdbc7d3cc57930fd6371571db531
-
-Conflicts:
- nova/manifests/compute.pp
- nova/manifests/init.pp
----
- nova/manifests/compute.pp | 66 ++++++++++++++---------------------------------
- nova/manifests/init.pp | 33 ++++++++++++++++++++++++
- 2 files changed, 53 insertions(+), 46 deletions(-)
-
-diff --git a/nova/manifests/compute.pp b/nova/manifests/compute.pp
-index d4eb0f6..1084f09 100644
---- a/nova/manifests/compute.pp
-+++ b/nova/manifests/compute.pp
-@@ -24,22 +24,6 @@
- # (optional) The IP address of the server running the VNC proxy client
- # Defaults to '127.0.0.1'
- #
--# [*vncproxy_host*]
--# (optional) The host of the VNC proxy server
--# Defaults to false
--#
--# [*vncproxy_protocol*]
--# (optional) The protocol to communicate with the VNC proxy server
--# Defaults to 'http'
--#
--# [*vncproxy_port*]
--# (optional) The port to communicate with the VNC proxy server
--# Defaults to '6080'
--#
--# [*vncproxy_path*]
--# (optional) The path at the end of the uri for communication with the VNC proxy server
--# Defaults to './vnc_auto.html'
--#
- # [*vnc_keymap*]
- # (optional) The keymap to use with VNC (ls -alh /usr/share/qemu/keymaps to list available keymaps)
- # Defaults to 'en-us'
-@@ -91,26 +75,26 @@
- # { 'vendor_id':'4321','product_id':'8765','physical_network':'default' } ] "
- #
- class nova::compute (
-- $enabled = false,
-- $manage_service = true,
-- $ensure_package = 'present',
-- $vnc_enabled = true,
-- $vncserver_proxyclient_address = '127.0.0.1',
-- $vncproxy_host = false,
-- $vncproxy_protocol = 'http',
-- $vncproxy_port = '6080',
-- $vncproxy_path = '/vnc_auto.html',
-- $vnc_keymap = 'en-us',
-- $force_config_drive = false,
-- $virtio_nic = false,
-- $neutron_enabled = true,
-- $network_device_mtu = undef,
-- $instance_usage_audit = false,
-- $instance_usage_audit_period = 'month',
-- $force_raw_images = true,
-- $reserved_host_memory = '512',
-- $compute_manager = 'nova.compute.manager.ComputeManager',
-- $pci_passthrough = undef,
-+ $enabled = false,
-+ $manage_service = true,
-+ $ensure_package = 'present',
-+ $vnc_enabled = true,
-+ $vncserver_proxyclient_address = '127.0.0.1',
-+ $vnc_keymap = 'en-us',
-+ $force_config_drive = false,
-+ $virtio_nic = false,
-+ $neutron_enabled = true,
-+ $network_device_mtu = undef,
-+ $instance_usage_audit = false,
-+ $instance_usage_audit_period = 'month',
-+ $force_raw_images = true,
-+ $reserved_host_memory = '512',
-+ $compute_manager = 'nova.compute.manager.ComputeManager',
-+ $default_availability_zone = 'nova',
-+ $default_schedule_zone = undef,
-+ $internal_service_availability_zone = 'internal',
-+ $heal_instance_info_cache_interval = '60',
-+ $pci_passthrough = undef,
- ) {
-
- include nova::params
-@@ -120,16 +104,6 @@ class nova::compute (
- 'DEFAULT/compute_manager': value => $compute_manager;
- }
-
-- if ($vnc_enabled) {
-- if ($vncproxy_host) {
-- $vncproxy_base_url = "${vncproxy_protocol}://${vncproxy_host}:${vncproxy_port}${vncproxy_path}"
-- # config for vnc proxy
-- nova_config {
-- 'DEFAULT/novncproxy_base_url': value => $vncproxy_base_url;
-- }
-- }
-- }
--
- nova_config {
- 'DEFAULT/vnc_enabled': value => $vnc_enabled;
- 'DEFAULT/vncserver_proxyclient_address': value => $vncserver_proxyclient_address;
-diff --git a/nova/manifests/init.pp b/nova/manifests/init.pp
-index 40c8c79..f9c31b4 100644
---- a/nova/manifests/init.pp
-+++ b/nova/manifests/init.pp
-@@ -265,6 +265,23 @@
- # and you have multiple endpoints, you will get AmbiguousEndpoint
- # exceptions in the nova API service.
- # Defaults to undef
-+#
-+# [*vncproxy_host*]
-+# (optional) The host of the VNC proxy server
-+# Defaults to false
-+#
-+# [*vncproxy_protocol*]
-+# (optional) The protocol to communicate with the VNC proxy server
-+# Defaults to 'http'
-+#
-+# [*vncproxy_port*]
-+# (optional) The port to communicate with the VNC proxy server
-+# Defaults to '6080'
-+#
-+# [*vncproxy_path*]
-+# (optional) The path at the end of the uri for communication with the VNC proxy server
-+# Defaults to './vnc_auto.html'
-+#
- class nova(
- $ensure_package = 'present',
- $database_connection = false,
-@@ -326,6 +343,10 @@ class nova(
- $notification_topics = 'notifications',
- $notify_api_faults = false,
- $notify_on_state_change = undef,
-+ $vncproxy_host = false,
-+ $vncproxy_protocol = 'http',
-+ $vncproxy_port = '6080',
-+ $vncproxy_path = '/vnc_auto.html',
- # DEPRECATED PARAMETERS
- $mysql_module = undef,
- # this is how to query all resources from our clutser
-@@ -708,6 +729,18 @@ class nova(
- }
- }
-
-+ # This is here rather than in compute.pp because of the fixes introduced
-+ # for https://bugs.launchpad.net/nova/+bug/1409142, which require
-+ # novncproxy_base_url to be set on hosts run nova-novncproxy as well as
-+ # hosts running nova-compute.
-+ if ($vncproxy_host) {
-+ $vncproxy_base_url = "${vncproxy_protocol}://${vncproxy_host}:${vncproxy_port}${vncproxy_path}"
-+ # config for vnc proxy
-+ nova_config {
-+ 'DEFAULT/novncproxy_base_url': value => $vncproxy_base_url;
-+ }
-+ }
-+
- exec { 'post-nova_config':
- command => '/bin/echo "Nova config has changed"',
- refreshonly => true,
diff --git a/0019-move-setting-of-novncproxy_base_url.patch b/0019-move-setting-of-novncproxy_base_url.patch
new file mode 100644
index 0000000..bf186d3
--- /dev/null
+++ b/0019-move-setting-of-novncproxy_base_url.patch
@@ -0,0 +1,175 @@
+From c4cdd9c101ce4947bf0a97955335c4f1dc9183b2 Mon Sep 17 00:00:00 2001
+From: Lars Kellogg-Stedman <lars at redhat.com>
+Date: Fri, 27 Mar 2015 22:44:57 -0400
+Subject: [PATCH] move setting of novncproxy_base_url
+
+The fixes introduced in order to resolve
+https://bugs.launchpad.net/nova/+bug/1409142 (CVE-2015-0259) make
+novncproxy_base_url relevant on hosts running the nova-novncproxy
+service, whereas previously it was only used by nova-compute to
+construct VNC console urls.
+
+This change moves the setting of the novncproxy_base_url option out of
+compute.pp and into nova::vncproxy_common, where it can be used both
+by compute.pp and vncproxy.pp.
+
+Change-Id: I7af4cf8257f2bdbc7d3cc57930fd6371571db531
+
+Conflicts:
+ nova/spec/classes/nova_vnc_proxy_spec.rb
+---
+ manifests/vncproxy/common.pp | 54 ++++++++++++++++++++++++++++++++
+ nova/manifests/compute.pp | 10 ++----
+ nova/manifests/vncproxy.pp | 25 ++++++++++-----
+ nova/spec/classes/nova_vnc_proxy_spec.rb | 1 +
+ 4 files changed, 75 insertions(+), 15 deletions(-)
+ create mode 100644 manifests/vncproxy/common.pp
+
+diff --git a/manifests/vncproxy/common.pp b/manifests/vncproxy/common.pp
+new file mode 100644
+index 0000000..15b4633
+--- /dev/null
++++ b/manifests/vncproxy/common.pp
+@@ -0,0 +1,54 @@
++# == Class: nova::vncproxy::common
++#
++# [*vncproxy_host*]
++# (optional) The host of the VNC proxy server
++# Defaults to false
++#
++# [*vncproxy_protocol*]
++# (optional) The protocol to communicate with the VNC proxy server
++# Defaults to 'http'
++#
++# [*vncproxy_port*]
++# (optional) The port to communicate with the VNC proxy server
++# Defaults to '6080'
++#
++# [*vncproxy_path*]
++# (optional) The path at the end of the uri for communication with the VNC proxy server
++# Defaults to '/vnc_auto.html'
++#
++class nova::vncproxy::common (
++ $vncproxy_host = undef,
++ $vncproxy_protocol = undef,
++ $vncproxy_port = undef,
++ $vncproxy_path = undef,
++) {
++
++ $vncproxy_host_real = pick(
++ $vncproxy_host,
++ $::nova::compute::vncproxy_host,
++ $::nova::vncproxy::host,
++ false)
++ $vncproxy_protocol_real = pick(
++ $vncproxy_protocol,
++ $::nova::compute::vncproxy_protocol,
++ $::nova::vncproxy::vncproxy_protocol,
++ 'http')
++ $vncproxy_port_real = pick(
++ $vncproxy_port,
++ $::nova::compute::vncproxy_port,
++ $::nova::vncproxy::port,
++ 6080)
++ $vncproxy_path_real = pick(
++ $vncproxy_path,
++ $::nova::compute::vncproxy_path,
++ $::nova::vncproxy::vncproxy_path,
++ '/vnc_auto.html')
++
++ if ($vncproxy_host_real) {
++ $vncproxy_base_url = "${vncproxy_protocol_real}://${vncproxy_host_real}:${vncproxy_port_real}${vncproxy_path_real}"
++ # config for vnc proxy
++ nova_config {
++ 'DEFAULT/novncproxy_base_url': value => $vncproxy_base_url;
++ }
++ }
++}
+diff --git a/nova/manifests/compute.pp b/nova/manifests/compute.pp
+index d4eb0f6..6694032 100644
+--- a/nova/manifests/compute.pp
++++ b/nova/manifests/compute.pp
+@@ -38,7 +38,7 @@
+ #
+ # [*vncproxy_path*]
+ # (optional) The path at the end of the uri for communication with the VNC proxy server
+-# Defaults to './vnc_auto.html'
++# Defaults to '/vnc_auto.html'
+ #
+ # [*vnc_keymap*]
+ # (optional) The keymap to use with VNC (ls -alh /usr/share/qemu/keymaps to list available keymaps)
+@@ -121,13 +121,7 @@ class nova::compute (
+ }
+
+ if ($vnc_enabled) {
+- if ($vncproxy_host) {
+- $vncproxy_base_url = "${vncproxy_protocol}://${vncproxy_host}:${vncproxy_port}${vncproxy_path}"
+- # config for vnc proxy
+- nova_config {
+- 'DEFAULT/novncproxy_base_url': value => $vncproxy_base_url;
+- }
+- }
++ include ::nova::vncproxy::common
+ }
+
+ nova_config {
+diff --git a/nova/manifests/vncproxy.pp b/nova/manifests/vncproxy.pp
+index b131aac..f2ae993 100644
+--- a/nova/manifests/vncproxy.pp
++++ b/nova/manifests/vncproxy.pp
+@@ -24,18 +24,27 @@
+ # (optional) The state of the nova-novncproxy package
+ # Defaults to 'present'
+ #
++# [*vncproxy_protocol*]
++# (optional) The protocol to communicate with the VNC proxy server
++# Defaults to 'http'
++#
++# [*vncproxy_path*]
++# (optional) The path at the end of the uri for communication with the VNC
++# proxy server
++# Defaults to '/vnc_auto.html'
++#
+ class nova::vncproxy(
+- $enabled = false,
+- $manage_service = true,
+- $host = '0.0.0.0',
+- $port = '6080',
+- $ensure_package = 'present'
++ $enabled = false,
++ $manage_service = true,
++ $vncproxy_protocol = 'http',
++ $host = '0.0.0.0',
++ $port = '6080',
++ $vncproxy_path = '/vnc_auto.html',
++ $ensure_package = 'present'
+ ) {
+
+ include nova::params
+
+- # TODO make this work on Fedora
+-
+ # See http://nova.openstack.org/runnova/vncconsole.html for more details.
+
+ nova_config {
+@@ -43,6 +52,8 @@ class nova::vncproxy(
+ 'DEFAULT/novncproxy_port': value => $port;
+ }
+
++ include ::nova::vncproxy::common
++
+ if ! defined(Package['python-numpy']) {
+ package { 'python-numpy':
+ ensure => present,
+diff --git a/nova/spec/classes/nova_vnc_proxy_spec.rb b/nova/spec/classes/nova_vnc_proxy_spec.rb
+index b96415b..0b12686 100644
+--- a/nova/spec/classes/nova_vnc_proxy_spec.rb
++++ b/nova/spec/classes/nova_vnc_proxy_spec.rb
+@@ -22,6 +22,7 @@ describe 'nova::vncproxy' do
+
+ it { should contain_nova_config('DEFAULT/novncproxy_host').with(:value => '0.0.0.0') }
+ it { should contain_nova_config('DEFAULT/novncproxy_port').with(:value => '6080') }
++ it { should contain_nova_config('DEFAULT/novncproxy_base_url').with(:value => 'http://0.0.0.0:6080/vnc_auto.html') }
+
+ it { should contain_package('nova-vncproxy').with(
+ :name => 'nova-novncproxy',
diff --git a/openstack-puppet-modules.spec b/openstack-puppet-modules.spec
index 1110f79..a9da817 100644
--- a/openstack-puppet-modules.spec
+++ b/openstack-puppet-modules.spec
@@ -27,7 +27,7 @@ Patch0015: 0015-Adding-portdb-and-fastpath_flood-to-n1kv.conf.patch
Patch0016: 0016-Changing-the-default-value-of-fastpath_flood-to-enab.patch
Patch0017: 0017-Make-cisco-plugin-symlink-coherent.patch
Patch0018: 0018-Add-serialproxy-configuration.patch
-Patch0019: 0019-move-setting-of-novncproxy_base_url-into-nova-class.patch
+Patch0019: 0019-move-setting-of-novncproxy_base_url.patch
BuildArch: noarch
Requires: rubygem-json
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/openstack-puppet-modules.git/commit/?h=f22&id=7651bc1b54c07a21fdb151c1fe8974c0d4a4ad7f
More information about the scm-commits
mailing list