[stable/2023.1] [CLOUDOPS-563] Enable Emulated-TPM (#2097)
This is an automated cherry-pick of #2089
/assign larainema
diff --git a/images/nova/Dockerfile b/images/nova/Dockerfile
index bd5641c..5f64afe 100644
--- a/images/nova/Dockerfile
+++ b/images/nova/Dockerfile
@@ -28,7 +28,7 @@
RUN <<EOF bash -xe
apt-get update -qq
apt-get install -qq -y --no-install-recommends \
- ceph-common genisoimage iproute2 libosinfo-bin lsscsi ndctl nvme-cli openssh-client ovmf python3-libvirt python3-rados python3-rbd qemu-efi-aarch64 qemu-block-extra qemu-utils sysfsutils udev util-linux
+ ceph-common genisoimage iproute2 libosinfo-bin lsscsi ndctl nvme-cli openssh-client ovmf python3-libvirt python3-rados python3-rbd qemu-efi-aarch64 qemu-block-extra qemu-utils sysfsutils udev util-linux swtpm swtpm-tools libtpms0
apt-get clean
rm -rf /var/lib/apt/lists/*
EOF
diff --git a/roles/nova/vars/main.yml b/roles/nova/vars/main.yml
index ca4d3e0..b9fb880 100644
--- a/roles/nova/vars/main.yml
+++ b/roles/nova/vars/main.yml
@@ -101,6 +101,9 @@
# TODO(mnaser): We should enable this once we figure out how to "inject"
# the certificates into the existing "qemu-kvm" processes.
# live_migration_with_native_tls: true
+ swtpm_enabled: true
+ swtpm_user: swtpm
+ swtpm_group: swtpm
neutron:
metadata_proxy_shared_secret: "{{ openstack_helm_endpoints['compute_metadata']['secret'] }}"
oslo_messaging_notifications: