237 lines
10 KiB
Puppet
237 lines
10 KiB
Puppet
# == Class: heat::engine
|
|
#
|
|
# Installs & configure the heat engine service
|
|
#
|
|
# === Parameters
|
|
# [*auth_encryption_key*]
|
|
# (required) Encryption key used for authentication info in database
|
|
# Must be either 16, 24, or 32 bytes long.
|
|
#
|
|
# [*package_ensure*]
|
|
# (Optional) Ensure state for package.
|
|
# Defaults to 'present'
|
|
#
|
|
# [*enabled*]
|
|
# (optional) Should the service be enabled.
|
|
# Defaults to 'true'
|
|
#
|
|
# [*manage_service*]
|
|
# (optional) Whether the service should be managed by Puppet.
|
|
# Defaults to true.
|
|
#
|
|
# [*heat_stack_user_role*]
|
|
# (optional) Keystone role for heat template-defined users.
|
|
# This setting does not actually create the role. If you change
|
|
# this to a different value you should also set
|
|
# heat::keystone::auth::heat_stack_user_role if you want the
|
|
# correct role created.
|
|
# Defaults to $::os_service_default.
|
|
#
|
|
# [*heat_metadata_server_url*]
|
|
# (optional) URL of the Heat metadata server
|
|
# Defaults to $::os_service_default.
|
|
#
|
|
# [*heat_waitcondition_server_url*]
|
|
# (optional) URL of the Heat waitcondition server
|
|
# Defaults to $::os_service_default.
|
|
#
|
|
# [*engine_life_check_timeout*]
|
|
# (optional) RPC timeout (in seconds) for the engine liveness check that is
|
|
# used for stack locking
|
|
# Defaults to $::os_service_default.
|
|
#
|
|
# [*deferred_auth_method*]
|
|
# (optional) Select deferred auth method.
|
|
# Can be "password" or "trusts".
|
|
# Defaults to $::os_service_default.
|
|
#
|
|
# [*default_software_config_transport*]
|
|
# (optional) Template default for how the server should receive the metadata
|
|
# required for software configuration. POLL_SERVER_CFN will allow calls to the
|
|
# cfn API action DescribeStackResource authenticated with the provided keypair
|
|
# (requires enabled heat-api-cfn). POLL_SERVER_HEAT will allow calls to the
|
|
# Heat API resource-show using the provided keystone credentials (requires
|
|
# keystone v3 API, and configured stack_user_* config options). POLL_TEMP_URL
|
|
# will create and populate a Swift TempURL with metadata for polling (requires
|
|
# object-store endpoint which supports TempURL). (string value)
|
|
# Allowed values: POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL
|
|
# Defaults to $::os_service_default.
|
|
#
|
|
# [*default_deployment_signal_transport*]
|
|
# (optional) Template default for how the server should signal to heat with
|
|
# the deployment output values. CFN_SIGNAL will allow an HTTP POST to a CFN
|
|
# keypair signed URL (requires enabled heat-api-cfn). TEMP_URL_SIGNAL will
|
|
# create a Swift TempURL to be signaled via HTTP PUT (requires object-store
|
|
# TempURL). HEAT_SIGNAL will allow calls to the Heat API resource-signal using
|
|
# endpoint which supports the provided keystone credentials (string value)
|
|
# Allowed values: CFN_SIGNAL, TEMP_URL_SIGNAL, HEAT_SIGNAL
|
|
# Defaults to $::os_service_default.
|
|
#
|
|
# [*default_user_data_format*]
|
|
# (optional) Template default for how the user_data should be
|
|
# formatted for the server. For HEAT_CFNTOOLS, the
|
|
# user_data is bundled as part of the heat-cfntools
|
|
# cloud-init boot configuration data. For RAW the
|
|
# user_data is passed to Nova unmodified. For
|
|
# SOFTWARE_CONFIG user_data is bundled as part of the
|
|
# software config data, and metadata is derived from any
|
|
# associated SoftwareDeployment resources.
|
|
# Allowed values: HEAT_CFNTOOLS, RAW, SOFTWARE_CONFIG
|
|
# Defaults to $::os_service_default.
|
|
|
|
# [*trusts_delegated_roles*]
|
|
# (optional) Array of trustor roles to be delegated to heat.
|
|
# This value is also used by heat::keystone::auth if it is set to
|
|
# configure the keystone roles.
|
|
# Defaults to $::os_service_default.
|
|
#
|
|
# [*instance_connection_is_secure*]
|
|
# (Optional) Instance connection to CFN/CW API via https.
|
|
# Defaults to $::os_service_default
|
|
#
|
|
# [*instance_connection_https_validate_certificates*]
|
|
# (Optional) Instance connection to CFN/CW API validate certs if SSL is used.
|
|
# Defaults to $::os_service_default
|
|
#
|
|
# [*max_resources_per_stack*]
|
|
# (Optional) Maximum resources allowed per top-level stack.
|
|
# Defaults to $::os_service_default
|
|
#
|
|
# [*num_engine_workers*]
|
|
# (Optional) The number of workers to spawn.
|
|
# Defaults to $::os_workers_heat_engine
|
|
#
|
|
# [*convergence_engine*]
|
|
# (Optional) Enables engine with convergence architecture.
|
|
# Defaults to $::os_service_default.
|
|
#
|
|
# [*reauthentication_auth_method*]
|
|
# (Optional) Re-authentication method on token expiry.
|
|
# Defaults to $::os_service_default.
|
|
#
|
|
# [*environment_dir*]
|
|
# (Optional) The directory to search for environment files.
|
|
# Defaults to $::os_service_default
|
|
#
|
|
# [*template_dir*]
|
|
# (Optional) The directory to search for template files.
|
|
# Defaults to $::os_service_default
|
|
#
|
|
# [*max_nested_stack_depth*]
|
|
# (Optional) Maximum depth allowed when using nested stacks.
|
|
# Defaults to $::os_service_default
|
|
#
|
|
# [*plugin_dirs*]
|
|
# (Optional) List of directories to search for plug-ins.
|
|
# Defaults to $::os_service_default
|
|
#
|
|
# DEPRECATED PARAMETERS
|
|
#
|
|
# [*heat_watch_server_url*]
|
|
# (optional) URL of the Heat cloudwatch server
|
|
# Defaults to undef.
|
|
|
|
class heat::engine (
|
|
$auth_encryption_key,
|
|
$package_ensure = 'present',
|
|
$manage_service = true,
|
|
$enabled = true,
|
|
$heat_stack_user_role = $::os_service_default,
|
|
$heat_metadata_server_url = $::os_service_default,
|
|
$heat_waitcondition_server_url = $::os_service_default,
|
|
$engine_life_check_timeout = $::os_service_default,
|
|
$deferred_auth_method = $::os_service_default,
|
|
$default_software_config_transport = $::os_service_default,
|
|
$default_deployment_signal_transport = $::os_service_default,
|
|
$default_user_data_format = $::os_service_default,
|
|
$trusts_delegated_roles = $::os_service_default,
|
|
$instance_connection_is_secure = $::os_service_default,
|
|
$instance_connection_https_validate_certificates = $::os_service_default,
|
|
$max_resources_per_stack = $::os_service_default,
|
|
$num_engine_workers = $::os_workers_heat_engine,
|
|
$convergence_engine = $::os_service_default,
|
|
$reauthentication_auth_method = $::os_service_default,
|
|
$environment_dir = $::os_service_default,
|
|
$template_dir = $::os_service_default,
|
|
$max_nested_stack_depth = $::os_service_default,
|
|
$plugin_dirs = $::os_service_default,
|
|
# DEPRECATED PARAMETERS
|
|
$heat_watch_server_url = undef,
|
|
) {
|
|
|
|
include ::heat::deps
|
|
|
|
if $heat_watch_server_url {
|
|
warning('heat_watch_server_url has no effect and will be removed in a future release.')
|
|
}
|
|
|
|
# Validate Heat Engine AES key
|
|
# must be either 16, 24, or 32 bytes long
|
|
# https://bugs.launchpad.net/heat/+bug/1415887
|
|
$allowed_sizes = ['16','24','32']
|
|
$param_size = size($auth_encryption_key)
|
|
if ! (member($allowed_sizes, "${param_size}")) { # lint:ignore:only_variable_string
|
|
fail("${param_size} is not a correct size for auth_encryption_key parameter, it must be either 16, 24, 32 bytes long.")
|
|
}
|
|
|
|
include ::heat
|
|
include ::heat::params
|
|
|
|
# plugin_dirs value follows these rules:
|
|
# - default is $::os_service_default so Puppet won't try to configure it.
|
|
# - if set, array validation will be done for not empty and then configure the parameter.
|
|
# - Otherwise, fallback to default.
|
|
if !is_service_default($plugin_dirs) and !empty($plugin_dirs) {
|
|
validate_array($plugin_dirs)
|
|
$plugin_dirs_real = join($plugin_dirs, ',')
|
|
} else {
|
|
$plugin_dirs_real = $::os_service_default
|
|
}
|
|
|
|
package { 'heat-engine':
|
|
ensure => $package_ensure,
|
|
name => $::heat::params::engine_package_name,
|
|
tag => ['openstack', 'heat-package'],
|
|
}
|
|
|
|
if $manage_service {
|
|
if $enabled {
|
|
$service_ensure = 'running'
|
|
} else {
|
|
$service_ensure = 'stopped'
|
|
}
|
|
}
|
|
|
|
service { 'heat-engine':
|
|
ensure => $service_ensure,
|
|
name => $::heat::params::engine_service_name,
|
|
enable => $enabled,
|
|
hasstatus => true,
|
|
hasrestart => true,
|
|
tag => 'heat-service',
|
|
}
|
|
|
|
heat_config {
|
|
'DEFAULT/auth_encryption_key': value => $auth_encryption_key, secret => true;
|
|
'DEFAULT/heat_stack_user_role': value => $heat_stack_user_role;
|
|
'DEFAULT/heat_metadata_server_url': value => $heat_metadata_server_url;
|
|
'DEFAULT/heat_waitcondition_server_url': value => $heat_waitcondition_server_url;
|
|
'DEFAULT/engine_life_check_timeout': value => $engine_life_check_timeout;
|
|
'DEFAULT/default_software_config_transport': value => $default_software_config_transport;
|
|
'DEFAULT/default_deployment_signal_transport': value => $default_deployment_signal_transport;
|
|
'DEFAULT/default_user_data_format': value => $default_user_data_format;
|
|
'DEFAULT/trusts_delegated_roles': value => $trusts_delegated_roles;
|
|
'DEFAULT/deferred_auth_method': value => $deferred_auth_method;
|
|
'DEFAULT/max_resources_per_stack': value => $max_resources_per_stack;
|
|
'DEFAULT/instance_connection_https_validate_certificates': value => $instance_connection_https_validate_certificates;
|
|
'DEFAULT/instance_connection_is_secure': value => $instance_connection_is_secure;
|
|
'DEFAULT/num_engine_workers': value => $num_engine_workers;
|
|
'DEFAULT/convergence_engine': value => $convergence_engine;
|
|
'DEFAULT/reauthentication_auth_method': value => $reauthentication_auth_method;
|
|
'DEFAULT/environment_dir': value => $environment_dir;
|
|
'DEFAULT/template_dir': value => $template_dir;
|
|
'DEFAULT/max_nested_stack_depth': value => $max_nested_stack_depth;
|
|
'DEFAULT/plugin_dirs': value => $plugin_dirs_real;
|
|
}
|
|
}
|