Chef Cookbook - common OpenStack configuration
Go to file
Ionuț Arțăriși 80cd4b6e46 add a Rakefile to structure test runs
Having a Rakefile will allow us to change the actual test commands on
our side rather than relying on changes to the openstack-infra
repository. This should make it a lot faster to change things, but also
easier to test since the jenkins jobs are actually run in this
repository, not the openstack-infra one.

This commit defines the jobs we previously had defined in Jenkins and
uses 'high-level' naming consistently (i.e. lint, style vs. foodcritic,

There is also a :clean task to help with deleting the files generated by
the other jobs.

Also changed foodcritic to run on the source cookbook rather than the
one installed by berks, see

Change-Id: I3951f7bf3b474f1b7aab46c16d91a9b431a787bf
blueprint: rakefile
2014-09-29 13:44:38 +02:00
attributes Attribute variables for internal identity endpoint 2014-08-27 10:53:53 +10:00
libraries Add database charset during create 2014-08-20 00:26:24 +00:00
recipes ability to set location for openrc file 2014-07-22 14:12:40 -05:00
spec Add database charset during create 2014-08-20 00:26:24 +00:00
templates/default Allow logging.conf to be configured via attributes 2014-07-23 12:27:44 -05:00
.gitignore add a Rakefile to structure test runs 2014-09-29 13:44:38 +02:00
.gitreview Adds requisite .gitreview file for Gerrit reviews 2013-05-14 16:35:46 -04:00
.rubocop.yml add a Rakefile to structure test runs 2014-09-29 13:44:38 +02:00
Berksfile Updated berkshelf to 3.1.5 2014-08-15 17:31:47 +02:00 Attribute variables for internal identity endpoint 2014-08-27 10:53:53 +10:00
Gemfile add a Rakefile to structure test runs 2014-09-29 13:44:38 +02:00
LICENSE Initial commit 2012-11-07 20:52:47 -05:00 Allow logging.conf to be configured via attributes 2014-07-23 12:27:44 -05:00
Rakefile add a Rakefile to structure test runs 2014-09-29 13:44:38 +02:00 add a Rakefile to structure test runs 2014-09-29 13:44:38 +02:00
metadata.rb Attribute variables for internal identity endpoint 2014-08-27 10:53:53 +10:00


This cookbook provides common setup recipes, helper methods and attributes that describe an OpenStack deployment as part of the OpenStack reference deployment Chef for OpenStack.


  • Chef 0.10.0 or higher required (for Chef environment use).


The following cookbooks are dependencies:

  • apt
  • database


Please see the extensive inline documentation in attributes/*.rb for descriptions of all the settable attributes for this cookbook.

Note that all attributes are in the default["openstack"] "namespace"

  • openstack['api']['auth']['version'] - Select v2.0 or v3.0. Default v2.0. The default auth API version used by other components to interact with identity service.


Support multiple network types. Default network type is "nova" with the other option supported being "neutron". The attribute is in the default["openstack"]["compute"]["network"]["service_type"].



Install the common python openstack client package


Installs/Configures common recipes

"run_list": [


Installs/Configures common logging

"run_list": [


Iterates over the contents of the node['openstack']['endpoints'] hash and finds any occurrence of bind_interface to set the IP address (node['openstack']['endpoints']['identity']['bind_interface'] = 'eth0' for example, overriding node['openstack']['endpoints']['identity']['host']). If bind_interface isn't set, the value of host is not modified.

"run_list": [


Creates an /root/openrc file. This requires the identity attributes for admin_user and admin_tenant_name, or for the identity_service_chef_role to be used on the identity server node.


Iterates over the contents of the node['openstack']['sysctl'] hash and writes the entries to /etc/sysctl.d/60-openstack.conf.

"run_list": [

Data Bags

This cookbook containes Libraries to work with passwords and secrets in databags. Databags can be unencrypted ( for dev ) or encrypted ( for prod ).

Documentation for Attributes for selecting databag format can be found in the attributes section of this cookbook.

Documentation for format of these Databags can be found in the Openstack Chef Repo repository.


This cookbook exposes a set of default library routines:

  • cli -- Used to call openstack CLIs
  • endpoint -- Used to return a ::URI object representing the named OpenStack endpoint
  • endpoints -- Useful for operating on all OpenStack endpoints
  • db -- Returns a Hash of information about a named OpenStack database
  • db_uri -- Returns the SQLAlchemy RFC-1738 DB URI (see: for a named OpenStack database
  • db_create_with_user -- Creates a database and database user for a named OpenStack database
  • secret -- Returns the value of an encrypted data bag for a named OpenStack secret key and key-section
  • get_password -- Ease-of-use helper that returns the decrypted password for a named database, service or keystone user.


The following are code examples showing the above library routines in action. Remember when using the library routines exposed by this library to include the Openstack routines in your recipe's ::Chef::Recipe namespace, like so:

class ::Chef::Recipe
  include ::Openstack

Example of using the endpoint routine:

nova_api_ep = endpoint "compute-api""Using Openstack Compute API endpoint at #{nova_api_ep.to_s}")

# Note that endpoint URIs may contain variable interpolation markers such
# as `%(tenant_id)s`, so you may need to decode them. Do so like this:

require "uri"

puts ::URI.decode nova_api_ap.to_s

Example of using the get_password and db_uri routine:

db_pass = get_password "db" "cinder"
db_user = node["cinder"]["db"]["user"]
sql_connection = db_uri "volume", db_user, db_pass

template "/etc/cinder/cinder.conf" do
  source "cinder.conf.erb"
  owner  node["cinder"]["user"]
  group  node["cinder"]["group"]
  mode   00644
    "sql_connection" => sql_connection

URI Operations

Use the Openstack::uri_from_hash routine to helpfully return a ::URI::Generic object for a hash that contains any of the following keys:

  • host
  • uri
  • port
  • path
  • scheme

If the uri key is in the hash, that will be used as the URI, otherwise the URI will be constructed from the various parts of the hash corresponding to the keys above.

# Suppose node hash contains the following subhash in the :identity_service key:
# {
#   :host => '',
#   :port => 5000,
#   :scheme => 'https'
# }
uri = ::Openstack::uri_from_hash(node[:identity_service])
# uri.to_s would == ""

The routine will return nil if neither a uri or host key exists in the supplied hash.

Using the library without prefixing with ::Openstack

Don't like prefixing calls to the library's routines with ::Openstack? Do this:

class ::Chef::Recipe
  include ::Openstack

in your recipe.


Please refer to the for instructions for testing the cookbook.


Berks will resolve version requirements and dependencies on first run and store these in Berksfile.lock. If new cookbooks become available you can run berks update to update the references in Berksfile.lock. Berksfile.lock will be included in stable branches to provide a known good set of dependencies. Berksfile.lock will not be included in development branches to encourage development against the latest cookbooks.

License and Author

Author Jay Pipes (
Author John Dewey (
Author Matt Ray (
Author Craig Tracey (
Author Sean Gallagher (
Author Ionut Artarisi (
Author Chen Zhiwei (
Author Brett Campbell (
Author Mark Vanderwiel (
Copyright Copyright (c) 2012-2013, AT&T Services, Inc.
Copyright Copyright (c) 2013, Opscode, Inc.
Copyright Copyright (c) 2013, Craig Tracey
Copyright Copyright (c) 2013-2014, SUSE Linux GmbH
Copyright Copyright (c) 2013-2014, IBM, Corp.
Copyright Copyright (c) 2013-2014, Rackspace US, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.