26fbc01f53
In Debian, SPICE is the default. Unfortunately, puppet-openstack fails to set [spice]/enabled = false when VNC is selected, and therefore, both VNC and SPICE ends up being enabled in nova.conf. Also, Debian has a unique package nova-consoleproxy handling SPICE, VNC and the XenVNC console, with /etc/default/nova-consoleproxy being used to select what daemon to start. As puppet-openstack doesn't set it before starting the VNC console service, it stays with spicehtml5 as default value, and therefore, nova-novncproxy cannot start. This patch fixes both issues. Change-Id: Ia40805f27e8833fa01576432ae792e1becedd729
144 lines
4.1 KiB
Puppet
144 lines
4.1 KiB
Puppet
# == Class: nova::vncproxy
|
|
#
|
|
# Configures nova vnc proxy
|
|
#
|
|
# === Parameters:
|
|
#
|
|
# [*enabled*]
|
|
# (optional) Whether to run the vncproxy service
|
|
# Defaults to true
|
|
#
|
|
# [*manage_service*]
|
|
# (optional) Whether to start/stop the service
|
|
# Defaults to true
|
|
#
|
|
# [*host*]
|
|
# (optional) Host on which to listen for incoming requests
|
|
# Defaults to '0.0.0.0'
|
|
#
|
|
# [*port*]
|
|
# (optional) Port on which to listen for incoming requests
|
|
# Defaults to '6080'
|
|
#
|
|
# [*ensure_package*]
|
|
# (optional) The state of the nova-novncproxy package
|
|
# Defaults to 'present'
|
|
#
|
|
# [*vncproxy_protocol*]
|
|
# (optional) The protocol to communicate with the VNC proxy server
|
|
# Defaults to 'http'
|
|
#
|
|
# [*vncproxy_path*]
|
|
# (optional) The path at the end of the uri for communication with the VNC
|
|
# proxy server
|
|
# Defaults to '/vnc_auto.html'
|
|
#
|
|
# [*allow_noauth*]
|
|
# (optional) Whether connections to unauthenticated/unencrypted VNC servers
|
|
# are permitted.
|
|
# Defaults to true
|
|
#
|
|
# [*allow_vencrypt*]
|
|
# (optional) Whether connections to VNC servers supporting vencrypt are
|
|
# permitted.
|
|
# Defaults to false
|
|
#
|
|
# [*vencrypt_key*]
|
|
# (optional) path to the private key to use when connecting to VNC servers
|
|
# supporting vencrypt
|
|
# Required when allow_vencrypt is true.
|
|
# Defaults to undef
|
|
#
|
|
# [*vencrypt_cert*]
|
|
# (optional) path to the certifiate to use when connecting to VNC servers
|
|
# supporting vencrypt
|
|
# Required when allow_vencrypt is true.
|
|
# Defaults to undef
|
|
#
|
|
# [*vencrypt_ca*]
|
|
# (optional) path to the certificate authority cert to use when connecting
|
|
# to VNC servers that supporting vencrypt
|
|
# Required when allow_vencrypt is true.
|
|
# Defaults to undef
|
|
#
|
|
class nova::vncproxy(
|
|
$enabled = true,
|
|
$manage_service = true,
|
|
$vncproxy_protocol = 'http',
|
|
$host = '0.0.0.0',
|
|
$port = '6080',
|
|
$vncproxy_path = '/vnc_auto.html',
|
|
$ensure_package = 'present',
|
|
$allow_noauth = true,
|
|
$allow_vencrypt = false,
|
|
$vencrypt_key = undef,
|
|
$vencrypt_cert = undef,
|
|
$vencrypt_ca = undef,
|
|
) {
|
|
|
|
include ::nova::deps
|
|
include ::nova::params
|
|
|
|
if (!$allow_noauth and !$allow_vencrypt) {
|
|
fail('Either allow_noauth or allow_vencrypt must be true')
|
|
}
|
|
|
|
if $allow_vencrypt {
|
|
|
|
if (!$vencrypt_ca or !$vencrypt_cert or !$vencrypt_key) {
|
|
fail('vencrypt_ca/cert/key params are required when allow_vencrypt is true')
|
|
}
|
|
nova_config {
|
|
'vnc/vencrypt_ca_certs': value => $vencrypt_ca;
|
|
'vnc/vencrypt_client_cert': value => $vencrypt_cert;
|
|
'vnc/vencrypt_client_key': value => $vencrypt_key;
|
|
}
|
|
|
|
if $allow_noauth {
|
|
$auth_schemes = 'vencrypt,none'
|
|
} else {
|
|
$auth_schemes = 'vencrypt'
|
|
}
|
|
} else {
|
|
$auth_schemes = 'none'
|
|
}
|
|
|
|
# Nodes running novncproxy do *not* need (and in fact, don't care)
|
|
# about [vnc]/enable to be set. This setting is for compute nodes,
|
|
# where we must select VNC or SPICE so that it can be passed on to
|
|
# libvirt which passes it as parameter when starting VMs with KVM.
|
|
# Therefore, this setting is set within compute.pp only.
|
|
nova_config {
|
|
'vnc/novncproxy_host': value => $host;
|
|
'vnc/novncproxy_port': value => $port;
|
|
'vnc/auth_schemes': value => $auth_schemes;
|
|
}
|
|
|
|
# The Debian package needs some scheduling:
|
|
# 1/ Install the packagin
|
|
# 2/ Fix /etc/default/nova-consoleproxy
|
|
# 3/ Start the service
|
|
# Other OS don't need this scheduling and can use
|
|
# the standard nova::generic_service
|
|
if $::os_package_type == 'debian' {
|
|
if $enabled {
|
|
file_line { '/etc/default/nova-consoleproxy:NOVA_CONSOLE_PROXY_TYPE':
|
|
path => '/etc/default/nova-consoleproxy',
|
|
match => '^NOVA_CONSOLE_PROXY_TYPE=(.*)$',
|
|
line => 'NOVA_CONSOLE_PROXY_TYPE=novnc',
|
|
tag => 'nova-consoleproxy',
|
|
require => Anchor['nova::config::begin'],
|
|
notify => Anchor['nova::config::end'],
|
|
}
|
|
}
|
|
}
|
|
nova::generic_service { 'vncproxy':
|
|
enabled => $enabled,
|
|
manage_service => $manage_service,
|
|
package_name => $::nova::params::vncproxy_package_name,
|
|
service_name => $::nova::params::vncproxy_service_name,
|
|
ensure_package => $ensure_package,
|
|
}
|
|
|
|
}
|