diff --git a/manifests/neutron.pp b/manifests/neutron.pp index bfa7e2c34..25ac717b0 100644 --- a/manifests/neutron.pp +++ b/manifests/neutron.pp @@ -141,10 +141,23 @@ class openstack_integration::neutron ( mechanism_drivers => $driver, firewall_driver => $firewall_driver, } + if $::openstack_integration::config::ssl { + $metadata_protocol = 'https' + $nova_client_cert = $::openstack_integration::params::cert_path + $nova_client_priv_key = "/etc/neutron/ssl/private/${::fqdn}.pem" + } else { + $metadata_protocol = $::os_service_default + $nova_client_cert = $::os_service_default + $nova_client_priv_key = $::os_service_default + } class { '::neutron::agents::metadata': - debug => true, - shared_secret => 'a_big_secret', - metadata_workers => 2, + debug => true, + shared_secret => 'a_big_secret', + metadata_workers => 2, + metadata_protocol => $metadata_protocol, + metadata_insecure => true, + nova_client_cert => $nova_client_cert, + nova_client_priv_key => $nova_client_priv_key, } class { '::neutron::agents::lbaas': interface_driver => $driver, diff --git a/manifests/nova.pp b/manifests/nova.pp index 873de3386..3f42cc58b 100644 --- a/manifests/nova.pp +++ b/manifests/nova.pp @@ -30,9 +30,13 @@ class openstack_integration::nova ( if $::openstack_integration::config::ssl { openstack_integration::ssl_key { 'nova': - notify => Service['httpd'], + notify => [ + Service['nova-api'], + Service['httpd'], + ], require => Package['nova-common'], } + Exec['update-ca-certificates'] ~> Service['nova-api'] Exec['update-ca-certificates'] ~> Service['httpd'] } @@ -103,22 +107,18 @@ class openstack_integration::nova ( debug => true, notification_driver => 'messagingv2', notify_on_state_change => 'vm_and_task_state', + use_ssl => $::openstack_integration::config::ssl, + key_file => "/etc/nova/ssl/private/${::fqdn}.pem", + cert_file => $::openstack_integration::params::cert_path, } class { '::nova::api': api_bind_address => $::openstack_integration::config::host, neutron_metadata_proxy_shared_secret => 'a_big_secret', metadata_workers => 2, + osapi_compute_workers => 2, default_floating_pool => 'public', sync_db_api => true, - service_name => 'httpd', - } - include ::apache - class { '::nova::wsgi::apache_api': - bind_host => $::openstack_integration::config::ip_for_url, - ssl_key => "/etc/nova/ssl/private/${::fqdn}.pem", - ssl_cert => $::openstack_integration::params::cert_path, - ssl => $::openstack_integration::config::ssl, - workers => '2', + } if $::osfamily == 'RedHat' { class { '::nova::wsgi::apache_placement': diff --git a/manifests/provision.pp b/manifests/provision.pp index d95a7eb35..d35377154 100644 --- a/manifests/provision.pp +++ b/manifests/provision.pp @@ -18,7 +18,8 @@ class openstack_integration::provision { disk => '0', vcpus => '1', } - Keystone_user_role['admin@openstack'] -> Nova_flavor<||> + Keystone_user_role <||>-> Nova_flavor<||> + Keystone_endpoint <||>-> Nova_flavor<||> neutron_network { 'public': tenant_name => 'openstack', @@ -26,7 +27,8 @@ class openstack_integration::provision { provider_physical_network => 'external', provider_network_type => 'flat', } - Keystone_user_role['admin@openstack'] -> Neutron_network<||> + Keystone_user_role <||>-> Neutron_network<||> + Keystone_endpoint <||>-> Neutron_network<||> neutron_subnet { 'public-subnet': cidr => '172.24.5.0/24', @@ -52,5 +54,6 @@ class openstack_integration::provision { is_public => 'yes', source => '/tmp/openstack/tempest/cirros-0.3.4-x86_64-disk.img' } - Keystone_user_role['admin@openstack'] -> Glance_image<||> + Keystone_user_role <||>-> Glance_image<||> + Keystone_endpoint <||>-> Glance_image<||> }