Remove n-novnc service requirement for TLS configuration
When configuring TLS between the console proxy (where the n-novnc
service runs) and the compute host, some configuration for QEMU needs
to be done on the compute host. The existing code for this requires the
n-novnc service to be running, which it is in a single node all-in-one
deployment. However, when running in a multinode deployment, the
n-novnc service runs only on the controller and not on the subnode.
Yet, we need to configure QEMU on the subnode compute host as well.
This removes the n-novnc service requirement to enable TLS QEMU
configuration to occur on a compute subnode in a multinode deployment.
Closes-Bug: #1849418
Change-Id: I8b6970e91ad7f52ff489cb9f776ca216d8f86aa4
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 4639869..914ee7b 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -150,21 +150,19 @@
fi
if is_nova_console_proxy_compute_tls_enabled ; then
- if is_service_enabled n-novnc ; then
- echo "vnc_tls = 1" | sudo tee -a $QEMU_CONF
- echo "vnc_tls_x509_verify = 1" | sudo tee -a $QEMU_CONF
+ echo "vnc_tls = 1" | sudo tee -a $QEMU_CONF
+ echo "vnc_tls_x509_verify = 1" | sudo tee -a $QEMU_CONF
- sudo mkdir -p /etc/pki/libvirt-vnc
- deploy_int_CA /etc/pki/libvirt-vnc/ca-cert.pem
- deploy_int_cert /etc/pki/libvirt-vnc/server-cert.pem /etc/pki/libvirt-vnc/server-key.pem
- # OpenSSL 1.1.0 generates the key file with permissions: 600, by
- # default and the deploy_int* methods use 'sudo cp' to copy the
- # files, making them owned by root:root.
- # Change ownership of everything under /etc/pki/libvirt-vnc to
- # libvirt-qemu:libvirt-qemu so that libvirt-qemu can read the key
- # file.
- sudo chown -R libvirt-qemu:libvirt-qemu /etc/pki/libvirt-vnc
- fi
+ sudo mkdir -p /etc/pki/libvirt-vnc
+ deploy_int_CA /etc/pki/libvirt-vnc/ca-cert.pem
+ deploy_int_cert /etc/pki/libvirt-vnc/server-cert.pem /etc/pki/libvirt-vnc/server-key.pem
+ # OpenSSL 1.1.0 generates the key file with permissions: 600, by
+ # default and the deploy_int* methods use 'sudo cp' to copy the
+ # files, making them owned by root:root.
+ # Change ownership of everything under /etc/pki/libvirt-vnc to
+ # libvirt-qemu:libvirt-qemu so that libvirt-qemu can read the key
+ # file.
+ sudo chown -R libvirt-qemu:libvirt-qemu /etc/pki/libvirt-vnc
fi
# Service needs to be started on redhat/fedora -- do a restart for