puppet-nova/manifests/metadata.pp
Martin Schuppert 6686406bce Split off metadata vendordata plugin in own class
A recent change making nova-metadata-api work with wsgi [1] moved
the vendordata plugin parameters to the nova::metadata manifest.
While this is conceptually correct as nova-metadata is the one that
should be using this parameters. In practice the parameters are also
used in compute drivers (in the ironic driver, for instance), thats
why we should split them to be able to deploy nova-metadata-api
separate from nova-compute.

[1] https://review.openstack.org/#/c/582621/

Change-Id: Ic3654c79d8cf275f0c58d57a4b66e2598450a7ed
Related-Bug: 1799352
2018-10-29 08:27:09 +01:00

160 lines
6.1 KiB
Puppet

# == Class: nova::metadata
#
# Setup and configure the Nova metadata API endpoint for wsgi
#
# === Parameters
#
# [*enabled_apis*]
# (optional) A list of apis to enable
# Defaults to ['metadata'] in case of wsgi
#
# [*neutron_metadata_proxy_shared_secret*]
# (optional) Shared secret to validate proxies Neutron metadata requests
# Defaults to undef
#
# [*enable_proxy_headers_parsing*]
# (optional) This determines if the HTTPProxyToWSGI
# middleware should parse the proxy headers or not.(boolean value)
# Defaults to $::os_service_default
#
# [*metadata_cache_expiration*]
# (optional) This option is the time (in seconds) to cache metadata.
# Defaults to $::os_service_default
#
# DEPRECATED
#
# [*vendordata_jsonfile_path*]
# (optional) Represent the path to the data file.
# Cloud providers may store custom data in vendor data file that will then be
# available to the instances via the metadata service, and to the rendering of
# config-drive. The default class for this, JsonFileVendorData, loads this
# information from a JSON file, whose path is configured by this option
# Defaults to undef.
#
# [*vendordata_providers*]
# (optional) vendordata providers are how deployers can provide metadata via
# configdrive and metadata that is specific to their deployment. There are
# currently two supported providers: StaticJSON and DynamicJSON.
# Defaults to undef.
#
# [*vendordata_dynamic_targets*]
# (optional) A list of targets for the dynamic vendordata provider. These
# targets are of the form <name>@<url>.
# Defaults to undef.
#
# [*vendordata_dynamic_connect_timeout*]
# (optional) Maximum wait time for an external REST service to connect.
# Defaults to undef.
#
# [*vendordata_dynamic_read_timeout*]
# (optional) Maximum wait time for an external REST service to return data
# once connected.
# Defaults to undef.
#
# [*vendordata_dynamic_failure_fatal*]
# (optional) Should failures to fetch dynamic vendordata be fatal to
# instance boot?
# Defaults to undef.
#
# [*vendordata_dynamic_auth_auth_type*]
# (optional) Authentication type to load for vendordata dynamic plugins.
# Defaults to undef.
#
# [*vendordata_dynamic_auth_auth_url*]
# (optional) URL to use for authenticating.
# Defaults to undef.
#
# [*vendordata_dynamic_auth_os_region_name*]
# (optional) Region name for the vendordata dynamic plugin credentials.
# Defaults to undef.
#
# [*vendordata_dynamic_auth_password*]
# (optional) Password for the vendordata dynamic plugin credentials.
# Defaults to undef.
#
# [*vendordata_dynamic_auth_project_domain_name*]
# (optional) Project domain name for the vendordata dynamic plugin
# credentials.
# Defaults to undef.
#
# [*vendordata_dynamic_auth_project_name*]
# (optional) Project name for the vendordata dynamic plugin credentials.
# Defaults to undef.
#
# [*vendordata_dynamic_auth_user_domain_name*]
# (optional) User domain name for the vendordata dynamic plugin credentials.
# Defaults to undef.
#
# [*vendordata_dynamic_auth_username*]
# (optional) User name for the vendordata dynamic plugin credentials.
# Defaults to undef.
#
class nova::metadata(
$enabled_apis = 'metadata',
$neutron_metadata_proxy_shared_secret = undef,
$enable_proxy_headers_parsing = $::os_service_default,
$metadata_cache_expiration = $::os_service_default,
# DEPRECATED PARAMETERS
$vendordata_jsonfile_path = undef,
$vendordata_providers = undef,
$vendordata_dynamic_targets = undef,
$vendordata_dynamic_connect_timeout = undef,
$vendordata_dynamic_read_timeout = undef,
$vendordata_dynamic_failure_fatal = undef,
$vendordata_dynamic_auth_auth_type = undef,
$vendordata_dynamic_auth_auth_url = undef,
$vendordata_dynamic_auth_os_region_name = undef,
$vendordata_dynamic_auth_password = undef,
$vendordata_dynamic_auth_project_domain_name = undef,
$vendordata_dynamic_auth_project_name = undef,
$vendordata_dynamic_auth_user_domain_name = undef,
$vendordata_dynamic_auth_username = undef,
) inherits nova::params {
include ::nova::deps
include ::nova::db
include ::nova::keystone::authtoken
if (length(delete_undef_values([$vendordata_jsonfile_path,
$vendordata_providers,
$vendordata_dynamic_targets,
$vendordata_dynamic_connect_timeout,
$vendordata_dynamic_read_timeout,
$vendordata_dynamic_failure_fatal,
$vendordata_dynamic_auth_auth_type,
$vendordata_dynamic_auth_auth_url,
$vendordata_dynamic_auth_os_region_name,
$vendordata_dynamic_auth_password,
$vendordata_dynamic_auth_project_domain_name,
$vendordata_dynamic_auth_project_name,
$vendordata_dynamic_auth_user_domain_name,
$vendordata_dynamic_auth_username])) > 0) {
warning('Vendordata parameters are deprecated in nova::metadata, nova::vendordata should be used instead.')
}
class { '::nova::vendordata':
vendordata_caller => 'metadata',
}
nova_config {
'DEFAULT/enabled_apis': value => $enabled_apis;
'api/metadata_cache_expiration': value => $metadata_cache_expiration;
}
oslo::middleware {'nova_config':
enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
}
if ($neutron_metadata_proxy_shared_secret){
nova_config {
'neutron/service_metadata_proxy': value => true;
'neutron/metadata_proxy_shared_secret':
value => $neutron_metadata_proxy_shared_secret, secret => true;
}
} else {
nova_config {
'neutron/service_metadata_proxy': value => false;
'neutron/metadata_proxy_shared_secret': ensure => absent;
}
}
}