openstack/puppet-cinder
Code Issues Proposed changes
Files
b1464bb83b03fbfc95d017ddb3e564f1df0fda2c
puppet-cinder/manifests/api.pp
Takashi Kajinami a54de2bb6f Refactor api service management 
Drop validation of service name which is not implemented for
the other daemons, to simplify handling of the provided service name.

This allows us to more easily offload the service name definition to
hiera data in the near future.

Change-Id: Icb6c0c8db190c383fd55e32dd7c71d1f7c7c46a7
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
2025-09-26 22:13:05 +00:00

236 lines
8.0 KiB
Puppet
Raw Blame History

# == Class: cinder::api
#
# Setup and configure the cinder API endpoint
#
# === Parameters
#
# [*service_workers*]
# (optional) Number of cinder-api workers
# Defaults to $facts['os_workers']
#
# [*package_ensure*]
# (optional) The state of the package
# Defaults to present
#
# [*bind_host*]
# (optional) The cinder api bind address
# Defaults to $facts['os_service_default']
#
# [*enabled*]
# (optional) The state of the service (boolean value)
# Defaults to true
#
# [*manage_service*]
# (optional) Whether to start/stop the service (boolean value)
# Defaults to true
#
# [*ratelimits*]
# (optional) The state of the service
# Defaults to $facts['os_service_default'].
#
# [*ratelimits_factory*]
# (optional) Factory to use for ratelimiting
# Defaults to 'cinder.api.v2.limits:RateLimitingMiddleware.factory'
#
# [*default_volume_type*]
# (optional) default volume type to use.
# This should contain the name of the default volume type to use.
# If not configured, it produces an error when creating a volume
# without specifying a type.
# Defaults to $facts['os_service_default'].
#
# [*sync_db*]
# (Optional) Run db sync on the node.
# Defaults to true
#
# [*public_endpoint*]
# (Optional) Public url to use for versions endpoint.
# Defaults to $facts['os_service_default']
#
# [*osapi_volume_base_url*]
# (Optional) Base URL that will be presented to users in links to the OpenStack Volume API.
# Defaults to $facts['os_service_default']
#
# [*osapi_max_limit*]
# (Optional) The maximum number of items that a collection resource
# returns in a single response (integer value)
# Defaults to $facts['os_service_default']
#
# [*service_name*]
# (optional) Name of the service that will be providing the
# server functionality of cinder-api.
# If the value is 'httpd', this means cinder-api will be a web
# service, and you must use another class to configure that
# web service. For example, use class { 'cinder::wsgi::apache'...}
# to make cinder-api be a web app using apache mod_wsgi.
# Defaults to '$cinder::params::api_service'
#
# [*enable_proxy_headers_parsing*]
# (optional) This determines if the HTTPProxyToWSGI
# middleware should parse the proxy headers or not.(boolean value)
# Defaults to $facts['os_service_default']
#
# [*max_request_body_size*]
# (Optional) Set max request body size
# Defaults to $facts['os_service_default'].
#
# [*use_ssl*]
# (optional) Enable SSL on the API server
# Defaults to false
#
# [*cert_file*]
# (optional) Certificate file to use when starting API server securely
# Defaults to $facts['os_service_default']
#
# [*key_file*]
# (optional) Private key file to use when starting API server securely
# Defaults to $facts['os_service_default']
#
# [*ca_file*]
# (optional) CA certificate file to use to verify connecting clients
# Defaults to $facts['os_service_default']
#
# [*auth_strategy*]
# (optional) Type of authentication to be used.
# Defaults to 'keystone'
#
# [*osapi_volume_listen_port*]
# (optional) What port the API listens on. If this value is modified
# the catalog URLs in the keystone::auth class will also need to be changed
# to match.
# Defaults to $facts['os_service_default']
#
# [*use_forwarded_for*]
# (optional) Treat X-Forwarded-For as the canonical remote address. Only
# enable this if you have a sanitizing proxy.
# Defaults to $facts['os_service_default']
#
class cinder::api (
$service_workers = $facts['os_workers'],
Stdlib::Ensure::Package $package_ensure = 'present',
$bind_host = $facts['os_service_default'],
Boolean $enabled = true,
Boolean $manage_service = true,
$ratelimits = $facts['os_service_default'],
$default_volume_type = $facts['os_service_default'],
$ratelimits_factory = 'cinder.api.v2.limits:RateLimitingMiddleware.factory',
Boolean $sync_db = true,
$public_endpoint = $facts['os_service_default'],
$osapi_volume_base_url = $facts['os_service_default'],
$osapi_max_limit = $facts['os_service_default'],
$service_name = $cinder::params::api_service,
$enable_proxy_headers_parsing = $facts['os_service_default'],
$max_request_body_size = $facts['os_service_default'],
Boolean $use_ssl = false,
$cert_file = $facts['os_service_default'],
$key_file = $facts['os_service_default'],
$ca_file = $facts['os_service_default'],
$auth_strategy = 'keystone',
$osapi_volume_listen_port = $facts['os_service_default'],
$use_forwarded_for = $facts['os_service_default'],
) inherits cinder::params {
include cinder::deps
include cinder::params
include cinder::policy
if $use_ssl {
if is_service_default($cert_file) {
fail('The cert_file parameter is required when use_ssl is set to true')
}
if is_service_default($key_file) {
fail('The key_file parameter is required when use_ssl is set to true')
}
}
if $cinder::params::api_package {
package { 'cinder-api':
ensure => $package_ensure,
name => $cinder::params::api_package,
tag => ['openstack', 'cinder-package'],
}
}
if $sync_db {
include cinder::db::sync
}
if $manage_service {
case $service_name {
'httpd': {
Service <| title == 'httpd' |> { tag +> 'cinder-service' }
service { 'cinder-api':
ensure => 'stopped',
name => $cinder::params::api_service,
enable => false,
tag => ['cinder-service'],
}
# we need to make sure cinder-api/eventlet is stopped before trying to start apache
Service['cinder-api'] -> Service['httpd']
# On any api-paste.ini config change, we must restart Cinder API.
Cinder_api_paste_ini<||> ~> Service['httpd']
}
default: {
$service_ensure = $enabled ? {
true => 'running',
default => 'stopped',
}
service { 'cinder-api':
ensure => $service_ensure,
name => $service_name,
enable => $enabled,
hasstatus => true,
tag => 'cinder-service',
}
# On any api-paste.ini config change, we must restart Cinder API.
Cinder_api_paste_ini<||> ~> Service['cinder-api']
# On any uwsgi config change, we must restart Cinder API.
Cinder_api_uwsgi_config<||> ~> Service['cinder-api']
}
}
}
cinder_config {
'DEFAULT/osapi_volume_listen': value => $bind_host;
'DEFAULT/osapi_volume_workers': value => $service_workers;
'DEFAULT/default_volume_type': value => $default_volume_type;
'DEFAULT/public_endpoint': value => $public_endpoint;
'DEFAULT/osapi_volume_base_URL': value => $osapi_volume_base_url;
'DEFAULT/osapi_max_limit': value => $osapi_max_limit;
'DEFAULT/osapi_volume_listen_port': value => $osapi_volume_listen_port;
'DEFAULT/auth_strategy': value => $auth_strategy;
'DEFAULT/use_forwarded_for': value => $use_forwarded_for;
}
oslo::middleware { 'cinder_config':
enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
max_request_body_size => $max_request_body_size,
}
if $auth_strategy == 'keystone' {
include cinder::keystone::authtoken
}
# SSL Options
if $use_ssl {
oslo::service::ssl { 'cinder_config':
cert_file => $cert_file,
key_file => $key_file,
ca_file => $ca_file,
}
} else {
oslo::service::ssl { 'cinder_config': }
}
if (!is_service_default($ratelimits)) {
cinder_api_paste_ini {
'filter:ratelimit/paste.filter_factory': value => $ratelimits_factory;
'filter:ratelimit/limits': value => $ratelimits;
}
}
}
View Git Blame Copy Permalink