Puppet Class: ec2api::metadata

Inherits:
ec2api::params
Defined in:
manifests/metadata.pp

Overview

Class: ec2api::metadata

Manage the EC2 API Metadata service and its configuration

Parameters

Metadata

nova_metadata_ip

IP address used by Nova metadata server Default: $::os_service_default

nova_metadata_port

TCP Port used by Nova metadata server Default: $::os_service_default

nova_metadata_protocol

Protocol to access nova metadata, http or https Default: $::os_service_default

nova_metadata_insecure

Allow to perform insecure SSL (https) requests to nova metadata Default: $::os_service_default

auth_ca_cert

Certificate Authority public key (CA cert) file for ssl Default: $::os_service_default

nova_client_cert

Client certificate for nova metadata api server Default: $::os_service_default

nova_client_priv_key

Private key of client certificate Default: $::os_service_default

metadata_proxy_shared_secret

Shared secret to sign instance-id request Default: $::os_service_default

cache_expiration

The time (in seconds) to cache metadata Default: $::os_service_default

Service

metadata_listen

The IP address on which the metadata API will listen. Default: $::os_service_default

metadata_listen_port

The port on which the metadata API will listen. Default: $::os_service_default

metadata_use_ssl

Enable ssl connections or not for EC2 API Metadata. Default: $::os_service_default

metadata_workers

Number of workers for metadata service. The default will be the number of CPUs available. Default: $::os_workers

Manage Service

manage_service

Should the METADATA service actually be managed by Puppet? Default: true

service_name

The real system name of the Metadata service. Default: $::ec2api::params::metadata_service_name

enabled

Should the service be enabled and started (true) of disabled and stopped (false). Default: true

Parameters:

  • nova_metadata_ip (Any) (defaults to: $::os_service_default)
  • nova_metadata_port (Any) (defaults to: $::os_service_default)
  • nova_metadata_protocol (Any) (defaults to: $::os_service_default)
  • nova_metadata_insecure (Any) (defaults to: $::os_service_default)
  • auth_ca_cert (Any) (defaults to: $::os_service_default)
  • nova_client_cert (Any) (defaults to: $::os_service_default)
  • nova_client_priv_key (Any) (defaults to: $::os_service_default)
  • metadata_proxy_shared_secret (Any) (defaults to: $::os_service_default)
  • cache_expiration (Any) (defaults to: $::os_service_default)
  • metadata_listen (Any) (defaults to: $::os_service_default)
  • metadata_listen_port (Any) (defaults to: $::os_service_default)
  • metadata_use_ssl (Any) (defaults to: $::os_service_default)
  • metadata_workers (Any) (defaults to: $::os_workers)
  • manage_service (Any) (defaults to: true)
  • service_name (Any) (defaults to: $::ec2api::params::metadata_service_name)
  • enabled (Any) (defaults to: true) 


78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
 
# File 'manifests/metadata.pp', line 78

class ec2api::metadata (
  # Metadata
  $nova_metadata_ip             = $::os_service_default,
  $nova_metadata_port           = $::os_service_default,
  $nova_metadata_protocol       = $::os_service_default,
  $nova_metadata_insecure       = $::os_service_default,
  $auth_ca_cert                 = $::os_service_default,
  $nova_client_cert             = $::os_service_default,
  $nova_client_priv_key         = $::os_service_default,
  $metadata_proxy_shared_secret = $::os_service_default,
  $cache_expiration             = $::os_service_default,
  # Service
  $metadata_listen              = $::os_service_default,
  $metadata_listen_port         = $::os_service_default,
  $metadata_use_ssl             = $::os_service_default,
  $metadata_workers             = $::os_workers,
  # Manage service
  $manage_service               = true,
  $service_name                 = $::ec2api::params::metadata_service_name,
  $enabled                      = true,
) inherits ec2api::params {

  include ec2api::deps

  validate_legacy(Boolean, 'validate_bool', $manage_service)
  validate_legacy(String, 'validate_string', $service_name)
  validate_legacy(Boolean, 'validate_bool', $enabled)

  ec2api_config {
    'metadata/nova_metadata_ip':             value => $nova_metadata_ip;
    'metadata/nova_metadata_port':           value => $nova_metadata_port;
    'metadata/nova_metadata_protocol':       value => $nova_metadata_protocol;
    'metadata/nova_metadata_insecure':       value => $nova_metadata_insecure;
    'metadata/auth_ca_cert':                 value => $auth_ca_cert;
    'metadata/nova_client_cert':             value => $nova_client_cert;
    'metadata/nova_client_priv_key':         value => $nova_client_priv_key;
    'metadata/metadata_proxy_shared_secret': value => $metadata_proxy_shared_secret, secret => true;
    'metadata/cache_expiration':             value => $cache_expiration;
    'DEFAULT/metadata_listen':               value => $metadata_listen;
    'DEFAULT/metadata_listen_port':          value => $metadata_listen_port;
    'DEFAULT/metadata_use_ssl':              value => $metadata_use_ssl;
    'DEFAULT/metadata_workers':              value => $metadata_workers;
  }

  if $manage_service {
    if $enabled {
      $service_ensure = 'running'
    } else {
      $service_ensure = 'stopped'
    }

    service { 'openstack-ec2-metadata-service' :
      ensure     => $service_ensure,
      name       => $service_name,
      enable     => $enabled,
      hasstatus  => true,
      hasrestart => true,
      tag        => 'ec2api-service',
    }
  }

}