[CLOUDOPS-563] Enable Emulated-TPM (#2089)

update the nova image include emulated-tpm packages update the nova compute conf to enable emulated-tpm
vexxhost · Nov 6, 2024 · 2d802ca · 2d802ca
1 parent f0e5466
commit 2d802ca
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/images/nova/Dockerfile b/images/nova/Dockerfile
@@ -30,7 +30,7 @@ ADD https://github.com/novnc/noVNC.git#v1.4.0 /usr/share/novnc
 RUN <<EOF bash -xe
 apt-get update -qq
 apt-get install -qq -y --no-install-recommends \
-    ceph-common genisoimage iproute2 libosinfo-bin lsscsi ndctl nvme-cli openssh-client ovmf python3-libvirt python3-rados python3-rbd qemu-efi-aarch64 qemu-block-extra qemu-utils sysfsutils udev util-linux
+    ceph-common genisoimage iproute2 libosinfo-bin lsscsi ndctl nvme-cli openssh-client ovmf python3-libvirt python3-rados python3-rbd qemu-efi-aarch64 qemu-block-extra qemu-utils sysfsutils udev util-linux swtpm swtpm-tools libtpms0
 apt-get clean
 rm -rf /var/lib/apt/lists/*
 EOF

diff --git a/roles/nova/vars/main.yml b/roles/nova/vars/main.yml
@@ -101,6 +101,9 @@ _nova_helm_values:
         # TODO(mnaser): We should enable this once we figure out how to "inject"
         #               the certificates into the existing "qemu-kvm" processes.
         # live_migration_with_native_tls: true
+        swtpm_enabled: true
+        swtpm_user: swtpm
+        swtpm_group: swtpm
       neutron:
         metadata_proxy_shared_secret: "{{ openstack_helm_endpoints['compute_metadata']['secret'] }}"
       oslo_messaging_notifications: