Puppet Class: nova
- Inherits:
- nova::params
- Defined in:
- manifests/init.pp
Overview
Class: nova
This class is used to specify configuration parameters that are common across all nova services.
Parameters:
- ensure_package
-
(optional) The state of nova packages Defaults to ‘present’
- nova_cluster_id
-
(optional) Deprecated. This parameter does nothing and will be removed. Defaults to ‘localcluster’
- sql_connection
-
(optional) Deprecated. Use database_connection instead. Defaults to false
- sql_idle_timeout
-
(optional) Deprecated. Use database_idle_timeout instead Defaults to false
- database_connection
-
(optional) Connection url to connect to nova database. Defaults to false
- slave_connection
-
(optional) Connection url to connect to nova slave database (read-only). Defaults to false
- database_idle_timeout
-
(optional) Timeout before idle db connections are reaped. Defaults to 3600
- rpc_backend
-
(optional) The rpc backend implementation to use, can be:
rabbit (for rabbitmq) qpid (for qpid) zmq (for zeromq)Defaults to ‘rabbit’
- image_service
-
(optional) Service used to search for and retrieve images. Defaults to ‘nova.image.local.LocalImageService’
- glance_api_servers
-
(optional) List of addresses for api servers. Defaults to ‘localhost:9292’
- memcached_servers
-
(optional) Use memcached instead of in-process cache. Supply a list of memcached server IP’s:Memcached Port. Defaults to false
- rabbit_host
-
(optional) Location of rabbitmq installation. Defaults to ‘localhost’
- rabbit_hosts
-
(optional) List of clustered rabbit servers. Defaults to false
- rabbit_port
-
(optional) Port for rabbitmq instance. Defaults to ‘5672’
- rabbit_password
-
(optional) Password used to connect to rabbitmq. Defaults to ‘guest’
- rabbit_userid
-
(optional) User used to connect to rabbitmq. Defaults to ‘guest’
- rabbit_virtual_host
-
(optional) The RabbitMQ virtual host. Defaults to ‘/’
- rabbit_use_ssl
-
(optional) Connect over SSL for RabbitMQ Defaults to false
- kombu_ssl_ca_certs
-
(optional) SSL certification authority file (valid only if SSL enabled). Defaults to undef
- kombu_ssl_certfile
-
(optional) SSL cert file (valid only if SSL enabled). Defaults to undef
- kombu_ssl_keyfile
-
(optional) SSL key file (valid only if SSL enabled). Defaults to undef
- kombu_ssl_version
-
(optional) SSL version to use (valid only if SSL enabled). Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some distributions. Defaults to ‘TLSv1’
- amqp_durable_queues
-
(optional) Define queues as “durable” to rabbitmq. Defaults to false
- qpid_hostname
-
(optional) Location of qpid server Defaults to ‘localhost’
- qpid_port
-
(optional) Port for qpid server Defaults to ‘5672’
- qpid_username
-
(optional) Username to use when connecting to qpid Defaults to ‘guest’
- qpid_password
-
(optional) Password to use when connecting to qpid Defaults to ‘guest’
- qpid_heartbeat
-
(optional) Seconds between connection keepalive heartbeats Defaults to 60
- qpid_protocol
-
(optional) Transport to use, either ‘tcp’ or ‘ssl” Defaults to ’tcp’
- qpid_sasl_mechanisms
-
(optional) Enable one or more SASL mechanisms Defaults to false
- qpid_tcp_nodelay
-
(optional) Disable Nagle algorithm Defaults to true
- service_down_time
-
(optional) Maximum time since last check-in for up service. Defaults to 60
- logdir
-
(optional) Deprecated. Use log_dir instead. Defaults to false
- log_dir
-
(optional) Directory where logs should be stored. If set to boolean false, it will not log to any directory. Defaults to ‘/var/log/nova’
- state_path
-
(optional) Directory for storing state. Defaults to ‘/var/lib/nova’
- lock_path
-
(optional) Directory for lock files. On RHEL will be ‘/var/lib/nova/tmp’ and on Debian ‘/var/lock/nova’ Defaults to $::nova::params::lock_path
- verbose
-
(optional) Set log output to verbose output. Defaults to false
- periodic_interval
-
(optional) Seconds between running periodic tasks. Defaults to ‘60’
- report_interval
-
(optional) Interval at which nodes report to data store.
Defaults to '10' - monitoring_notifications
-
(optional) Whether or not to send system usage data notifications out on the message queue. Only valid for stable/essex. Defaults to false
- use_syslog
-
(optional) Use syslog for logging Defaults to false
- log_facility
-
(optional) Syslog facility to receive log lines. Defaults to ‘LOG_USER’
- use_ssl
-
(optional) Enable SSL on the API server Defaults to false, not set
- enabled_ssl_apis
-
(optional) List of APIs to SSL enable Defaults to [] Possible values : ‘ec2’, ‘osapi_compute’, ‘metadata’
- cert_file
-
(optinal) Certificate file to use when starting API server securely Defaults to false, not set
- key_file
-
(optional) Private key file to use when starting API server securely Defaults to false, not set
- ca_file
-
(optional) CA certificate file to use to verify connecting clients Defaults to false, not set_
- nova_user_id
-
(optional) Create the nova user with the specified gid. Changing to a new uid after specifying a different uid previously, or using this option after the nova account already exists will break the ownership of all files/dirs owned by nova. It is strongly encouraged not to use this option and instead create user before nova class or for network shares create netgroup into which you’ll put nova on all the nodes. If undef no user will be created and user creation will standardly happen in nova-common package. Defaults to undef.
- nova_group_id
-
(optional) Create the nova user with the specified gid. Changing to a new uid after specifying a different uid previously, or using this option after the nova account already exists will break the ownership of all files/dirs owned by nova. It is strongly encouraged not to use this option and instead create group before nova class or for network shares create netgroup into which you’ll put nova on all the nodes. If undef no user or group will be created and creation will happen in nova-common package. Defaults to undef.
- nova_public_key
-
(optional) Install public key in .ssh/authorized_keys for the ‘nova’ user. Expects a hash of the form { type => ‘key-type’, key => ‘key-data’ } where ‘key-type’ is one of (ssh-rsa, ssh-dsa, ssh-ecdsa) and ‘key-data’ is the actual key data (e.g, ‘AAAA…’).
- nova_private_key
-
(optional) Install private key into .ssh/id_rsa (or appropriate equivalent for key type). Expects a hash of the form { type => ‘key-type’, key => ‘key-data’ }, where ‘key-type’ is one of (ssh-rsa, ssh-dsa, ssh-ecdsa) and ‘key-data’ is the contents of the private key file.
- nova_shell
-
(optional) Set shell for ‘nova’ user to the specified value. Defaults to ‘/bin/false’.
- mysql_module
-
(optional) Deprecated. Does nothing.
- notification_driver
-
(optional) Driver or drivers to handle sending notifications. Value can be a string or a list. Defaults to []
- notification_topics
-
(optional) AMQP topic used for OpenStack notifications Defaults to ‘notifications’
- notify_api_faults
-
(optional) If set, send api.fault notifications on caught exceptions in the API service Defaults to false
- notify_on_state_change
-
(optional) If set, send compute.instance.update notifications on instance state changes. Valid values are None for no notifications, “vm_state” for notifications on VM state changes, or “vm_and_task_state” for notifications on VM and task state changes. Defaults to undef
- os_region_name
-
(optional) Sets the os_region_name flag. For environments with more than one endpoint per service, this is required to make things such as cinder volume attach work. If you don’t set this and you have multiple endpoints, you will get AmbiguousEndpoint exceptions in the nova API service. Defaults to undef
273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 |
# File 'manifests/init.pp', line 273
class nova(
$ensure_package = 'present',
$database_connection = false,
$slave_connection = false,
$database_idle_timeout = 3600,
$rpc_backend = 'rabbit',
$image_service = 'nova.image.glance.GlanceImageService',
# these glance params should be optional
# this should probably just be configured as a glance client
$glance_api_servers = 'localhost:9292',
$memcached_servers = false,
$rabbit_host = 'localhost',
$rabbit_hosts = false,
$rabbit_password = 'guest',
$rabbit_port = '5672',
$rabbit_userid = 'guest',
$rabbit_virtual_host = '/',
$rabbit_use_ssl = false,
$rabbit_ha_queues = undef,
$kombu_ssl_ca_certs = undef,
$kombu_ssl_certfile = undef,
$kombu_ssl_keyfile = undef,
$kombu_ssl_version = 'TLSv1',
$amqp_durable_queues = false,
$qpid_hostname = 'localhost',
$qpid_port = '5672',
$qpid_username = 'guest',
$qpid_password = 'guest',
$qpid_sasl_mechanisms = false,
$qpid_heartbeat = 60,
$qpid_protocol = 'tcp',
$qpid_tcp_nodelay = true,
$auth_strategy = 'keystone',
$service_down_time = 60,
$log_dir = '/var/log/nova',
$state_path = '/var/lib/nova',
$lock_path = $::nova::params::lock_path,
$verbose = false,
$debug = false,
$periodic_interval = '60',
$report_interval = '10',
$rootwrap_config = '/etc/nova/rootwrap.conf',
$use_ssl = false,
$enabled_ssl_apis = ['ec2', 'metadata', 'osapi_compute'],
$ca_file = false,
$cert_file = false,
$key_file = false,
$nova_user_id = undef,
$nova_group_id = undef,
$nova_public_key = undef,
$nova_private_key = undef,
$nova_shell = '/bin/false',
# deprecated in folsom
#$root_helper = $::nova::params::root_helper,
$monitoring_notifications = false,
$use_syslog = false,
$log_facility = 'LOG_USER',
$install_utilities = true,
$notification_driver = [],
$notification_topics = 'notifications',
$notify_api_faults = false,
$notify_on_state_change = undef,
# DEPRECATED PARAMETERS
$mysql_module = undef,
# this is how to query all resources from our clutser
$nova_cluster_id = undef,
$sql_connection = false,
$sql_idle_timeout = false,
$logdir = false,
$os_region_name = undef,
) inherits nova::params {
# maintain backward compatibility
include nova::db
if $mysql_module {
warning('The mysql_module parameter is deprecated. The latest 2.x mysql module will be used.')
}
if $nova_cluster_id {
warning('The nova_cluster_id parameter is deprecated and has no effect.')
}
validate_array($enabled_ssl_apis)
if empty($enabled_ssl_apis) and $use_ssl {
warning('enabled_ssl_apis is empty but use_ssl is set to true')
}
if $use_ssl {
if !$cert_file {
fail('The cert_file parameter is required when use_ssl is set to true')
}
if !$key_file {
fail('The key_file parameter is required when use_ssl is set to true')
}
}
if $kombu_ssl_ca_certs and !$rabbit_use_ssl {
fail('The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true')
}
if $kombu_ssl_certfile and !$rabbit_use_ssl {
fail('The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true')
}
if $kombu_ssl_keyfile and !$rabbit_use_ssl {
fail('The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true')
}
if ($kombu_ssl_certfile and !$kombu_ssl_keyfile) or ($kombu_ssl_keyfile and !$kombu_ssl_certfile) {
fail('The kombu_ssl_certfile and kombu_ssl_keyfile parameters must be used together')
}
if $nova_group_id {
warning('The nova_group_id will be deprecated, please create group manually')
group { 'nova':
ensure => present,
system => true,
gid => $nova_group_id,
before => Package['nova-common'],
}
}
if $nova_user_id {
warning('The nova_user_id will be deprecated, please create user manually')
user { 'nova':
ensure => present,
system => true,
groups => 'nova',
home => '/var/lib/nova',
managehome => false,
shell => $nova_shell,
uid => $nova_user_id,
gid => $nova_group_id,
before => Package['nova-common'],
require => Group['nova'],
}
}
if $nova_public_key or $nova_private_key {
file { '/var/lib/nova/.ssh':
ensure => directory,
mode => '0700',
owner => 'nova',
group => 'nova',
require => Package['nova-common'],
}
if $nova_public_key {
if ! $nova_public_key[key] or ! $nova_public_key['type'] {
fail('You must provide both a key type and key data.')
}
ssh_authorized_key { 'nova-migration-public-key':
ensure => present,
key => $nova_public_key[key],
type => $nova_public_key['type'],
user => 'nova',
require => File['/var/lib/nova/.ssh'],
}
}
if $nova_private_key {
if ! $nova_private_key[key] or ! $nova_private_key['type'] {
fail('You must provide both a key type and key data.')
}
$nova_private_key_file = $nova_private_key['type'] ? {
'ssh-rsa' => '/var/lib/nova/.ssh/id_rsa',
'ssh-dsa' => '/var/lib/nova/.ssh/id_dsa',
'ssh-ecdsa' => '/var/lib/nova/.ssh/id_ecdsa',
default => undef
}
if ! $nova_private_key_file {
fail("Unable to determine name of private key file. Type specified was '${nova_private_key['type']}' but should be one of: ssh-rsa, ssh-dsa, ssh-ecdsa.")
}
file { $nova_private_key_file:
content => $nova_private_key[key],
mode => '0600',
owner => 'nova',
group => 'nova',
require => [ File['/var/lib/nova/.ssh'], Package['nova-common'] ],
}
}
}
# all nova_config resources should be applied
# after the nova common package
# before the file resource for nova.conf is managed
# and before the post config resource
Package['nova-common'] -> Nova_config<| |> -> File['/etc/nova/nova.conf']
Nova_config<| |> ~> Exec['post-nova_config']
# TODO - see if these packages can be removed
# they should be handled as package deps by the OS
package { 'python':
ensure => present,
}
package { 'python-greenlet':
ensure => present,
require => Package['python'],
}
if $install_utilities {
class { 'nova::utilities': }
}
# this anchor is used to simplify the graph between nova components by
# allowing a resource to serve as a point where the configuration of nova begins
anchor { 'nova-start': }
package { 'python-nova':
ensure => $ensure_package,
require => Package['python-greenlet'],
tag => ['openstack', 'nova'],
}
package { 'nova-common':
ensure => $ensure_package,
name => $::nova::params::common_package_name,
require => [Package['python-nova'], Anchor['nova-start']],
tag => ['openstack', 'nova'],
}
file { '/etc/nova/nova.conf':
mode => '0640',
owner => 'nova',
group => 'nova',
require => Package['nova-common'],
}
# used by debian/ubuntu in nova::network_bridge to refresh
# interfaces based on /etc/network/interfaces
exec { 'networking-refresh':
command => '/sbin/ifdown -a ; /sbin/ifup -a',
refreshonly => true,
}
nova_config { 'DEFAULT/image_service': value => $image_service }
if $image_service == 'nova.image.glance.GlanceImageService' {
if $glance_api_servers {
nova_config { 'glance/api_servers': value => $glance_api_servers }
}
}
nova_config { 'DEFAULT/auth_strategy': value => $auth_strategy }
if $memcached_servers {
nova_config { 'DEFAULT/memcached_servers': value => join($memcached_servers, ',') }
} else {
nova_config { 'DEFAULT/memcached_servers': ensure => absent }
}
# we keep "nova.openstack.common.rpc.impl_kombu" for backward compatibility
# but since Icehouse, "rabbit" is enough.
if $rpc_backend == 'nova.openstack.common.rpc.impl_kombu' or $rpc_backend == 'rabbit' {
# I may want to support exporting and collecting these
nova_config {
'DEFAULT/rabbit_password': value => $rabbit_password, secret => true;
'DEFAULT/rabbit_userid': value => $rabbit_userid;
'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host;
'DEFAULT/rabbit_use_ssl': value => $rabbit_use_ssl;
'DEFAULT/amqp_durable_queues': value => $amqp_durable_queues;
}
if $rabbit_use_ssl {
if $kombu_ssl_ca_certs {
nova_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs; }
} else {
nova_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent; }
}
if $kombu_ssl_certfile or $kombu_ssl_keyfile {
nova_config {
'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile;
'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile;
}
} else {
nova_config {
'DEFAULT/kombu_ssl_certfile': ensure => absent;
'DEFAULT/kombu_ssl_keyfile': ensure => absent;
}
}
if $kombu_ssl_version {
nova_config { 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version; }
} else {
nova_config { 'DEFAULT/kombu_ssl_version': ensure => absent; }
}
} else {
nova_config {
'DEFAULT/kombu_ssl_ca_certs': ensure => absent;
'DEFAULT/kombu_ssl_certfile': ensure => absent;
'DEFAULT/kombu_ssl_keyfile': ensure => absent;
'DEFAULT/kombu_ssl_version': ensure => absent;
}
}
if $rabbit_hosts {
nova_config { 'DEFAULT/rabbit_hosts': value => join($rabbit_hosts, ',') }
} else {
nova_config { 'DEFAULT/rabbit_host': value => $rabbit_host }
nova_config { 'DEFAULT/rabbit_port': value => $rabbit_port }
nova_config { 'DEFAULT/rabbit_hosts': value => "${rabbit_host}:${rabbit_port}" }
}
if $rabbit_ha_queues == undef {
if $rabbit_hosts {
nova_config { 'DEFAULT/rabbit_ha_queues': value => true }
} else {
nova_config { 'DEFAULT/rabbit_ha_queues': value => false }
}
} else {
nova_config { 'DEFAULT/rabbit_ha_queues': value => $rabbit_ha_queues }
}
}
# we keep "nova.openstack.common.rpc.impl_qpid" for backward compatibility
# but since Icehouse, "qpid" is enough.
if $rpc_backend == 'nova.openstack.common.rpc.impl_qpid' or $rpc_backend == 'qpid' {
nova_config {
'DEFAULT/qpid_hostname': value => $qpid_hostname;
'DEFAULT/qpid_port': value => $qpid_port;
'DEFAULT/qpid_username': value => $qpid_username;
'DEFAULT/qpid_password': value => $qpid_password, secret => true;
'DEFAULT/qpid_heartbeat': value => $qpid_heartbeat;
'DEFAULT/qpid_protocol': value => $qpid_protocol;
'DEFAULT/qpid_tcp_nodelay': value => $qpid_tcp_nodelay;
}
if is_array($qpid_sasl_mechanisms) {
nova_config {
'DEFAULT/qpid_sasl_mechanisms': value => join($qpid_sasl_mechanisms, ' ');
}
}
elsif $qpid_sasl_mechanisms {
nova_config {
'DEFAULT/qpid_sasl_mechanisms': value => $qpid_sasl_mechanisms;
}
}
else {
nova_config {
'DEFAULT/qpid_sasl_mechanisms': ensure => absent;
}
}
}
# SSL Options
if $use_ssl {
nova_config {
'DEFAULT/enabled_ssl_apis' : value => join($enabled_ssl_apis, ',');
'DEFAULT/ssl_cert_file' : value => $cert_file;
'DEFAULT/ssl_key_file' : value => $key_file;
}
if $ca_file {
nova_config { 'DEFAULT/ssl_ca_file' :
value => $ca_file,
}
} else {
nova_config { 'DEFAULT/ssl_ca_file' :
ensure => absent,
}
}
} else {
nova_config {
'DEFAULT/enabled_ssl_apis' : ensure => absent;
'DEFAULT/ssl_cert_file' : ensure => absent;
'DEFAULT/ssl_key_file' : ensure => absent;
'DEFAULT/ssl_ca_file' : ensure => absent;
}
}
if $logdir {
warning('The logdir parameter is deprecated, use log_dir instead.')
$log_dir_real = $logdir
} else {
$log_dir_real = $log_dir
}
if $log_dir_real {
file { $log_dir_real:
ensure => directory,
mode => '0750',
owner => 'nova',
group => $::nova::params::nova_log_group,
require => Package['nova-common'],
}
nova_config { 'DEFAULT/log_dir': value => $log_dir_real;}
} else {
nova_config { 'DEFAULT/log_dir': ensure => absent;}
}
if $monitoring_notifications {
warning('The monitoring_notifications parameter is deprecated, use notification_driver instead.')
$notification_driver_real = 'nova.openstack.common.notifier.rpc_notifier'
} else {
$notification_driver_real = is_string($notification_driver) ? {
true => $notification_driver,
default => join($notification_driver, ',')
}
}
nova_config {
'DEFAULT/verbose': value => $verbose;
'DEFAULT/debug': value => $debug;
'DEFAULT/rpc_backend': value => $rpc_backend;
'DEFAULT/notification_driver': value => $notification_driver_real;
'DEFAULT/notification_topics': value => $notification_topics;
'DEFAULT/notify_api_faults': value => $notify_api_faults;
# Following may need to be broken out to different nova services
'DEFAULT/state_path': value => $state_path;
'DEFAULT/lock_path': value => $lock_path;
'DEFAULT/service_down_time': value => $service_down_time;
'DEFAULT/rootwrap_config': value => $rootwrap_config;
'DEFAULT/report_interval': value => $report_interval;
}
if $notify_on_state_change and $notify_on_state_change in ['vm_state', 'vm_and_task_state'] {
nova_config {
'DEFAULT/notify_on_state_change': value => $notify_on_state_change;
}
} else {
nova_config { 'DEFAULT/notify_on_state_change': ensure => absent; }
}
# Syslog configuration
if $use_syslog {
nova_config {
'DEFAULT/use_syslog': value => true;
'DEFAULT/syslog_log_facility': value => $log_facility;
}
} else {
nova_config {
'DEFAULT/use_syslog': value => false;
}
}
if $os_region_name {
nova_config {
'DEFAULT/os_region_name': value => $os_region_name;
}
}
else {
nova_config {
'DEFAULT/os_region_name': ensure => absent;
}
}
exec { 'post-nova_config':
command => '/bin/echo "Nova config has changed"',
refreshonly => true,
}
}
|