diff --git a/example-puppet.py b/example-puppet.py index 7af2dd82..71153156 100644 --- a/example-puppet.py +++ b/example-puppet.py @@ -345,6 +345,15 @@ def deploy(): 'ssh_key': 'ssh_key', 'ssh_user': 'ssh_user'}) + # NOVA API + nova_api_puppet = vr.create('nova_api_puppet', 'resources/nova_api_puppet', {})[0] + signals.connect(node1, nova_api_puppet) + signals.connect(nova_puppet, nova_api_puppet, { + 'keystone_tenant': 'admin_tenant_name', + 'keystone_user': 'admin_user', + 'keystone_host': 'auth_host', + 'keystone_port': 'auth_port'}) + # signals.connect(keystone_puppet, nova_network_puppet, {'ip': 'keystone_host', 'port': 'keystone_port'}) # signals.connect(keystone_puppet, nova_keystone_service_endpoint, {'ip': 'keystone_host', 'admin_port': 'keystone_port', 'admin_token': 'admin_token'}) # signals.connect(rabbitmq_service1, nova_network_puppet, {'ip': 'rabbitmq_host', 'port': 'rabbitmq_port'}) @@ -471,6 +480,7 @@ def deploy(): actions.resource_action(nova_keystone_role, 'run') actions.resource_action(nova_puppet, 'run') actions.resource_action(nova_keystone_service_endpoint, 'run') + actions.resource_action(nova_api_puppet, 'run') actions.resource_action(glance_db, 'run') actions.resource_action(glance_db_user, 'run') @@ -500,6 +510,7 @@ def undeploy(): 'nova_db', 'nova_db_user', 'nova_keystone_service_endpoint', + 'nova_api_puppet', 'nova_puppet', 'cinder_volume_puppet', 'cinder_scheduler_puppet', diff --git a/resources/nova_api_puppet/README.md b/resources/nova_api_puppet/README.md new file mode 100644 index 00000000..9fc2bb88 --- /dev/null +++ b/resources/nova_api_puppet/README.md @@ -0,0 +1,141 @@ +# Nova API resource for puppet handler + +Setup and configure the Nova API service + +# Parameters + +source https://github.com/openstack/puppet-nova_api/blob/5.1.0/manifests/api.pp + + ``admin_password`` + (required) The password to set for the nova admin user in keystone + + ``ensure_package`` + (optional) Whether the nova api package will be installed + Defaults to 'present' + + ``auth_strategy`` + (DEPRECATED) Does nothing and will be removed in Icehouse + Defaults to false + + ``auth_host`` + (optional) The IP of the server running keystone + Defaults to '127.0.0.1' + + ``auth_port`` + (optional) The port to use when authenticating against Keystone + Defaults to 35357 + + ``auth_protocol`` + (optional) The protocol to use when authenticating against Keystone + Defaults to 'http' + + ``auth_uri`` + (optional) The uri of a Keystone service to authenticate against + Defaults to false + + ``auth_admin_prefix`` + (optional) Prefix to prepend at the beginning of the keystone path + Defaults to false + + ``auth_version`` + (optional) API version of the admin Identity API endpoint + for example, use 'v3.0' for the keystone version 3.0 api + Defaults to false + + ``admin_tenant_name`` + (optional) The name of the tenant to create in keystone for use by the nova services + Defaults to 'services' + + ``admin_user`` + (optional) The name of the user to create in keystone for use by the nova services + Defaults to 'nova' + + ``api_bind_address`` + (optional) IP address for nova-api server to listen + Defaults to '0.0.0.0' + + ``metadata_listen`` + (optional) IP address for metadata server to listen + Defaults to '0.0.0.0' + + ``enabled_apis`` + (optional) A comma separated list of apis to enable + Defaults to 'ec2,osapi_compute,metadata' + + ``keystone_ec2_url`` + (optional) The keystone url where nova should send requests for ec2tokens + Defaults to false + + ``volume_api_class`` + (optional) The name of the class that nova will use to access volumes. Cinder is the only option. + Defaults to 'nova.volume.cinder.API' + + ``use_forwarded_for`` + (optional) Treat X-Forwarded-For as the canonical remote address. Only + enable this if you have a sanitizing proxy. + Defaults to false + + ``osapi_compute_workers`` + (optional) Number of workers for OpenStack API service + Defaults to $::processorcount + + ``ec2_workers`` + (optional) Number of workers for EC2 service + Defaults to $::processorcount + + ``metadata_workers`` + (optional) Number of workers for metadata service + Defaults to $::processorcount + + ``conductor_workers`` + (optional) DEPRECATED. Use workers parameter of nova::conductor + Class instead. + Defaults to undef + + ``sync_db`` + (optional) Run nova-manage db sync on api nodes after installing the package. + Defaults to true + + ``neutron_metadata_proxy_shared_secret`` + (optional) Shared secret to validate proxies Neutron metadata requests + Defaults to undef + + ``pci_alias`` + (optional) Pci passthrough for controller: + Defaults to undef + Example + "[ {'vendor_id':'1234', 'product_id':'5678', 'name':'default'}, {...} ]" + + ``ratelimits`` + (optional) A string that is a semicolon-separated list of 5-tuples. + See http://docs.openstack.org/trunk/config-reference/content/configuring-compute-API.html + Example: '(POST, "*", .*, 10, MINUTE);(POST, "*/servers", ^/servers, 50, DAY);(PUT, "*", .*, 10, MINUTE)' + Defaults to undef + + ``ratelimits_factory`` + (optional) The rate limiting factory to use + Defaults to 'nova.api.openstack.compute.limits:RateLimitingMiddleware.factory' + + ``osapi_v3`` + (optional) Enable or not Nova API v3 + Defaults to false + + ``validate`` + (optional) Whether to validate the service is working after any service refreshes + Defaults to false + + ``validation_options`` + (optional) Service validation options + Should be a hash of options defined in openstacklib::service_validation + If empty, defaults values are taken from openstacklib function. + Default command list nova flavors. + Require validate set at True. + Example: + nova::api::validation_options: + nova-api: + command: check_nova.py + path: /usr/bin:/bin:/usr/sbin:/sbin + provider: shell + tries: 5 + try_sleep: 10 + Defaults to {} diff --git a/resources/nova_api_puppet/actions/remove.pp b/resources/nova_api_puppet/actions/remove.pp new file mode 100644 index 00000000..bfd69841 --- /dev/null +++ b/resources/nova_api_puppet/actions/remove.pp @@ -0,0 +1,4 @@ +class { 'nova::api': + ensure_package => 'absent', + enabled => false, +} diff --git a/resources/nova_api_puppet/actions/run.pp b/resources/nova_api_puppet/actions/run.pp new file mode 100644 index 00000000..9bca5595 --- /dev/null +++ b/resources/nova_api_puppet/actions/run.pp @@ -0,0 +1,65 @@ +$resource = hiera($::resource_name) + +$ensure_package = $resource['input']['ensure_package']['value'] +$auth_strategy = $resource['input']['auth_strategy']['value'] +$auth_host = $resource['input']['auth_host']['value'] +$auth_port = $resource['input']['auth_port']['value'] +$auth_protocol = $resource['input']['auth_protocol']['value'] +$auth_uri = $resource['input']['auth_uri']['value'] +$auth_admin_prefix = $resource['input']['auth_admin_prefix']['value'] +$auth_version = $resource['input']['auth_version']['value'] +$admin_tenant_name = $resource['input']['admin_tenant_name']['value'] +$admin_user = $resource['input']['admin_user']['value'] +$api_bind_address = $resource['input']['api_bind_address']['value'] +$metadata_listen = $resource['input']['metadata_listen']['value'] +$enabled_apis = $resource['input']['enabled_apis']['value'] +$keystone_ec2_url = $resource['input']['keystone_ec2_url']['value'] +$volume_api_class = $resource['input']['volume_api_class']['value'] +$use_forwarded_for = $resource['input']['use_forwarded_for']['value'] +$osapi_compute_workers = $resource['input']['osapi_compute_workers']['value'] +$ec2_workers = $resource['input']['ec2_workers']['value'] +$metadata_workers = $resource['input']['metadata_workers']['value'] +$sync_db = $resource['input']['sync_db']['value'] +$neutron_metadata_proxy_shared_secret = $resource['input']['neutron_metadata_proxy_shared_secret']['value'] +$osapi_v3 = $resource['input']['osapi_v3']['value'] +$pci_alias = $resource['input']['pci_alias']['value'] +$ratelimits = $resource['input']['ratelimits']['value'] +$ratelimits_factory = $resource['input']['ratelimits_factory']['value'] +$validate = $resource['input']['validate']['value'] +$validation_options = $resource['input']['validation_options']['value'] +$workers = $resource['input']['workers']['value'] +$conductor_workers = $resource['input']['conductor_workers']['value'] + +class { 'nova_api': + enabled => true, + manage_service => true, + ensure_package => $ensure_package, + auth_strategy => $auth_strategy, + auth_host => $auth_host, + auth_port => $auth_port, + auth_protocol => $auth_protocol, + auth_uri => $auth_uri, + auth_admin_prefix => $auth_admin_prefix, + auth_version => $auth_version, + admin_tenant_name => $admin_tenant_name, + admin_user => $admin_user, + api_bind_address => $api_bind_address, + metadata_listen => $metadata_listen, + enabled_apis => $enabled_apis, + keystone_ec2_url => $keystone_ec2_url, + volume_api_class => $volume_api_class, + use_forwarded_for => $use_forwarded_for, + osapi_compute_workers => $osapi_compute_workers, + ec2_workers => $ec2_workers, + metadata_workers => $metadata_workers, + sync_db => $sync_db, + neutron_metadata_proxy_shared_secret => $neutron_metadata_proxy_shared_secret, + osapi_v3 => $osapi_v3, + pci_alias => $pci_alias, + ratelimits => $ratelimits, + ratelimits_factory => $ratelimits_factory, + validate => $validate, + validation_options => $validation_options, + workers => $workers, + conductor_workers => $conductor_workers, +} diff --git a/resources/nova_api_puppet/meta.yaml b/resources/nova_api_puppet/meta.yaml new file mode 100644 index 00000000..e969765c --- /dev/null +++ b/resources/nova_api_puppet/meta.yaml @@ -0,0 +1,108 @@ +id: nova_api +handler: puppet +puppet_module: nova +version: 1.0.0 +input: + ensure_package: + schema: str + value: 'present' + auth_strategy: + schema: str + value: '' + auth_host: + schema: str + value: '127.0.0.1' + auth_port: + schema: int + value: 35357 + auth_protocol: + schema: str + value: 'http' + auth_uri: + schema: str + value: '' + auth_admin_prefix: + schema: str + value: '' + auth_version: + schema: str + value: '' + admin_tenant_name: + schema: str + value: 'services' + admin_user: + schema: str + value: 'nova' + api_bind_address: + schema: str + value: '0.0.0.0' + metadata_listen: + schema: str + value: '0.0.0.0' + enabled_apis: + schema: str + value: 'ec2,osapi_compute,metadata' + keystone_ec2_url: + schema: str + value: '' + volume_api_class: + schema: str + value: 'nova.volume.cinder.API' + use_forwarded_for: + schema: str + value: '' + osapi_compute_workers: + schema: inst + value: 1 + ec2_workers: + schema: int + value: 1 + metadata_workers: + schema: int + value: 1 + sync_db: + schema: bool + value: true + neutron_metadata_proxy_shared_secret: + schema: str + value: '' + osapi_v3: + schema: bool + value: false + pci_alias: + schema: str + value: '' + ratelimits: + schema: str + value: '' + ratelimits_factory: + schema: str + value: 'nova.api.openstack.compute.limits:RateLimitingMiddleware.factory' + validate: + schema: bool + value: false + validation_options: + schema: {} + value: {} + workers: + schema: str + value: '' + conductor_workers: + schema: str + value: '' + + git: + schema: {repository: str!, branch: str!} + value: {repository: 'https://github.com/openstack/puppet-nova', branch: '5.1.0'} + + ip: + schema: str! + value: + ssh_key: + schema: str! + value: + ssh_user: + schema: str! + value: + +tags: [resource/nova_api_service, resources/nova_api, resources/nova] diff --git a/resources/nova_puppet/README.md b/resources/nova_puppet/README.md index 57dc11f3..76b594e3 100644 --- a/resources/nova_puppet/README.md +++ b/resources/nova_puppet/README.md @@ -1,4 +1,4 @@ -# Cinder resource for puppet handler +# Nova resource for puppet handler Controlls a live cycle of the nova entities, like the main puppet class, auth, DB, AMQP, packages,