313139aeaa
This adds defined anchor points for external modules to hook into the software install, config and service dependency chain. This allows external modules to manage software installation (virtualenv, containers, etc) and service management (pacemaker) without needing rely on resources that may change or be renamed. Change-Id: Id42ab0d5ff332f169e2843a78c53694836d638fd
134 lines
4.2 KiB
Puppet
134 lines
4.2 KiB
Puppet
# == Class: ec2api::metadata
|
|
#
|
|
# Manage the EC2 API Metadata service and its configuration
|
|
#
|
|
# === Parameters
|
|
#
|
|
# ==== Metadata
|
|
#
|
|
# [*nova_metadata_ip*]
|
|
# IP address used by Nova metadata server
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*nova_metadata_port*]
|
|
# TCP Port used by Nova metadata server
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*nova_metadata_protocol*]
|
|
# Protocol to access nova metadata, http or https
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*nova_metadata_insecure*]
|
|
# Allow to perform insecure SSL (https) requests to nova metadata
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*auth_ca_cert*]
|
|
# Certificate Authority public key (CA cert) file for ssl
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*nova_client_cert*]
|
|
# Client certificate for nova metadata api server
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*nova_client_priv_key*]
|
|
# Private key of client certificate
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*metadata_proxy_shared_secret*]
|
|
# Shared secret to sign instance-id request
|
|
# Default: $::os_service_default
|
|
#
|
|
# ==== Service
|
|
#
|
|
# [*metadata_listen*]
|
|
# The IP address on which the metadata API will listen.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*metadata_listen_port*]
|
|
# The port on which the metadata API will listen.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*metadata_use_ssl*]
|
|
# Enable ssl connections or not for EC2 API Metadata.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*metadata_workers*]
|
|
# Number of workers for metadata service.
|
|
# The default will be the number of CPUs available.
|
|
# Default: $::os_workers
|
|
#
|
|
# ==== Manage Service
|
|
#
|
|
# [*manage_service*]
|
|
# Should the METADATA service actually be managed by Puppet?
|
|
# Default: true
|
|
#
|
|
# [*service_name*]
|
|
# The real system name of the Metadata service.
|
|
# Default: $::ec2api::params::metadata_service_name
|
|
#
|
|
# [*enabled*]
|
|
# Should the service be enabled and started (true) of disabled and stopped (false).
|
|
# Default: true
|
|
#
|
|
class ec2api::metadata (
|
|
# Metadata
|
|
$nova_metadata_ip = $::os_service_default,
|
|
$nova_metadata_port = $::os_service_default,
|
|
$nova_metadata_protocol = $::os_service_default,
|
|
$nova_metadata_insecure = $::os_service_default,
|
|
$auth_ca_cert = $::os_service_default,
|
|
$nova_client_cert = $::os_service_default,
|
|
$nova_client_priv_key = $::os_service_default,
|
|
$metadata_proxy_shared_secret = $::os_service_default,
|
|
# Service
|
|
$metadata_listen = $::os_service_default,
|
|
$metadata_listen_port = $::os_service_default,
|
|
$metadata_use_ssl = $::os_service_default,
|
|
$metadata_workers = $::os_workers,
|
|
# Manage service
|
|
$manage_service = true,
|
|
$service_name = $::ec2api::params::metadata_service_name,
|
|
$enabled = true,
|
|
) inherits ::ec2api::params {
|
|
|
|
include ::ec2api::deps
|
|
|
|
validate_bool($manage_service)
|
|
validate_string($service_name)
|
|
validate_bool($enabled)
|
|
|
|
ec2api_config {
|
|
'metadata/nova_metadata_ip': value => $nova_metadata_ip;
|
|
'metadata/nova_metadata_port': value => $nova_metadata_port;
|
|
'metadata/nova_metadata_protocol': value => $nova_metadata_protocol;
|
|
'metadata/nova_metadata_insecure': value => $nova_metadata_insecure;
|
|
'metadata/auth_ca_cert': value => $auth_ca_cert;
|
|
'metadata/nova_client_cert': value => $nova_client_cert;
|
|
'metadata/nova_client_priv_key': value => $nova_client_priv_key;
|
|
'metadata/metadata_proxy_shared_secret': value => $metadata_proxy_shared_secret;
|
|
'DEFAULT/metadata_listen': value => $metadata_listen;
|
|
'DEFAULT/metadata_listen_port': value => $metadata_listen_port;
|
|
'DEFAULT/metadata_use_ssl': value => $metadata_use_ssl;
|
|
'DEFAULT/metadata_workers': value => $metadata_workers;
|
|
}
|
|
|
|
if $manage_service {
|
|
if $enabled {
|
|
$service_ensure = 'running'
|
|
} else {
|
|
$service_ensure = 'stopped'
|
|
}
|
|
}
|
|
|
|
service { 'openstack-ec2-metadata-service' :
|
|
ensure => $service_ensure,
|
|
name => $service_name,
|
|
enable => $enabled,
|
|
hasstatus => true,
|
|
hasrestart => true,
|
|
tag => 'ec2api-service',
|
|
}
|
|
|
|
}
|