openstack/puppet-openstack-integration
Code Issues Proposed changes
9cc1fbf36e
puppet-openstack-integration/manifests/nova.pp
Alex Schultz b93ecf8bff Align stars to fix ci 
1) Pin fast_gettext
The fast_gettext gem 1.2.0 and greater require ruby 2.1 which we don't
have.

2) Pass a generic cpu to qemu instead of trying to pass host-model

We don't need to pass any CPU extensions in the gate, given the
context where we don't use KVM or (proper) nested virtualization.
Truthfully, this also becomes required as there are upcoming changes
in qemu-kvm 2.6.0 which breaks us when trying to pass extensions
while using qemu.

Worth noting that devstack has been setting 'none' [1] as well.

[1]: 1c442eebc8/lib/nova_plugins/hypervisor-libvirt (L42)

Change-Id: I881bd712266ae63b0ac9074ec18bd6a41b946c3a
2016-12-13 14:48:52 -07:00

162 lines
6.0 KiB
Puppet
Raw Blame History

# Configure the Nova service
#
# [*libvirt_rbd*]
# (optional) Boolean to configure or not Nova
# to use Libvirt RBD backend.
# Defaults to false.
#
# [*libvirt_virt_type*]
# (optional) Libvirt domain type. Options are: kvm, lxc, qemu, uml, xen
# Defaults to 'qemu'
#
# [*libvirt_cpu_mode*]
# (optional) The libvirt CPU mode to configure.
# Possible values include custom, host-model, none, host-passthrough.
# Defaults to 'none'
#
# [*volume_encryption*]
# (optional) Boolean to configure or not volume encryption
# Defaults to false.
#
class openstack_integration::nova (
$libvirt_rbd = false,
$libvirt_virt_type = 'qemu',
$libvirt_cpu_mode = 'none',
$volume_encryption = false,
) {
include ::openstack_integration::config
include ::openstack_integration::params
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'nova':
notify => Service['httpd'],
require => Package['nova-common'],
}
Exec['update-ca-certificates'] ~> Service['httpd']
}
rabbitmq_user { 'nova':
admin => true,
password => 'an_even_bigger_secret',
provider => 'rabbitmqctl',
require => Class['::rabbitmq'],
}
rabbitmq_user_permissions { 'nova@/':
configure_permission => '.*',
write_permission => '.*',
read_permission => '.*',
provider => 'rabbitmqctl',
require => Class['::rabbitmq'],
}
Rabbitmq_user_permissions['nova@/'] -> Service<| tag == 'nova-service' |>
class { '::nova::db::mysql':
password => 'nova',
}
class { '::nova::db::mysql_api':
password => 'nova',
}
class { '::nova::keystone::auth':
public_url => "${::openstack_integration::config::base_url}:8774/v2.1",
internal_url => "${::openstack_integration::config::base_url}:8774/v2.1",
admin_url => "${::openstack_integration::config::base_url}:8774/v2.1",
password => 'a_big_secret',
}
class { '::nova::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
auth_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
}
class { '::nova':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'username' => 'nova',
'password' => 'an_even_bigger_secret',
}),
database_connection => 'mysql+pymysql://nova:nova@127.0.0.1/nova?charset=utf8',
api_database_connection => 'mysql+pymysql://nova_api:nova@127.0.0.1/nova_api?charset=utf8',
rabbit_use_ssl => $::openstack_integration::config::ssl,
use_ipv6 => $::openstack_integration::config::ipv6,
glance_api_servers => "${::openstack_integration::config::base_url}:9292",
debug => true,
notification_driver => 'messagingv2',
notify_on_state_change => 'vm_and_task_state',
}
class { '::nova::api':
api_bind_address => $::openstack_integration::config::host,
neutron_metadata_proxy_shared_secret => 'a_big_secret',
metadata_workers => 2,
default_floating_pool => 'public',
sync_db_api => true,
service_name => 'httpd',
}
include ::apache
class { '::nova::wsgi::apache':
bind_host => $::openstack_integration::config::ip_for_url,
ssl_key => "/etc/nova/ssl/private/${::fqdn}.pem",
ssl_cert => $::openstack_integration::params::cert_path,
ssl => $::openstack_integration::config::ssl,
workers => '2',
}
class { '::nova::client': }
class { '::nova::conductor': }
class { '::nova::consoleauth': }
class { '::nova::cron::archive_deleted_rows': }
if $volume_encryption {
$keymgr_api_class = 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager'
$keymgr_auth_endpoint = "${::openstack_integration::config::keystone_auth_uri}/v3"
$barbican_endpoint = "${::openstack_integration::config::base_url}:9311"
} else {
$keymgr_api_class = undef
$keymgr_auth_endpoint = undef
$barbican_endpoint = undef
}
class { '::nova::compute':
vnc_enabled => true,
instance_usage_audit => true,
instance_usage_audit_period => 'hour',
keymgr_api_class => $keymgr_api_class,
barbican_auth_endpoint => $keymgr_auth_endpoint,
barbican_endpoint => $barbican_endpoint,
}
class { '::nova::compute::libvirt':
libvirt_virt_type => $libvirt_virt_type,
libvirt_cpu_mode => $libvirt_cpu_mode,
migration_support => true,
vncserver_listen => '0.0.0.0',
# TODO: enable it again when puppet 4.5 will be idempotent
# https://tickets.puppetlabs.com/browse/PUP-6370
virtlock_service_name => false,
virtlog_service_name => false,
}
if $libvirt_rbd {
class { '::nova::compute::rbd':
libvirt_rbd_user => 'openstack',
libvirt_rbd_secret_uuid => '7200aea0-2ddd-4a32-aa2a-d49f66ab554c',
libvirt_rbd_secret_key => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==',
libvirt_images_rbd_pool => 'nova',
rbd_keyring => 'client.openstack',
# ceph packaging is already managed by puppet-ceph
manage_ceph_client => false,
}
# make sure ceph pool exists before running nova-compute
Exec['create-nova'] -> Service['nova-compute']
}
class { '::nova::scheduler': }
class { '::nova::scheduler::filter': }
class { '::nova::vncproxy': }
class { '::nova::network::neutron':
neutron_auth_url => "${::openstack_integration::config::keystone_admin_uri}/v3",
neutron_url => "${::openstack_integration::config::base_url}:9696",
neutron_password => 'a_big_secret',
}
}
View Git Blame Copy Permalink