6e26715894
This was replaced with deployment_type a while back so uuid is now a proper value based on the system id. See https://review.opendev.org/#/c/607647/ Change-Id: Ica2f39e6bee697002984d0f28298338edf55ac4b
134 lines
4.1 KiB
Puppet
134 lines
4.1 KiB
Puppet
# Copyright 2016 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# == Class: tripleo::profile::base::nova::libvirt
|
|
#
|
|
# Libvirt profile for tripleo. It will deploy Libvirt service and configure it.
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*step*]
|
|
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
# for more details.
|
|
# Defaults to hiera('step')
|
|
#
|
|
# [*libvirtd_config*]
|
|
# (Optional) Overrides for libvirtd config options
|
|
# Defaults to {}
|
|
#
|
|
# [*tls_password*]
|
|
# (Optional) SASL Password for libvirtd TLS connections
|
|
# Defaults to '' (disabled)
|
|
#
|
|
class tripleo::profile::base::nova::libvirt (
|
|
$step = Integer(hiera('step')),
|
|
$libvirtd_config = {},
|
|
$tls_password = '',
|
|
) {
|
|
include ::tripleo::profile::base::nova::compute_libvirt_shared
|
|
|
|
if $step >= 4 {
|
|
include ::tripleo::profile::base::nova
|
|
include ::tripleo::profile::base::nova::migration::client
|
|
include ::nova::compute::libvirt::services
|
|
|
|
$libvirtd_config_default = {
|
|
unix_sock_group => {value => '"libvirt"'},
|
|
auth_unix_ro => {value => '"none"'},
|
|
auth_unix_rw => {value => '"none"'},
|
|
unix_sock_ro_perms => {value => '"0777"'},
|
|
unix_sock_rw_perms => {value => '"0770"'}
|
|
}
|
|
|
|
class { '::nova::compute::libvirt::config':
|
|
libvirtd_config => merge($libvirtd_config_default, $libvirtd_config)
|
|
}
|
|
|
|
# This removal of files in /etc/libvirt/qemu should not happen inside containers
|
|
# Avoids LP#1819482
|
|
if $::deployment_type != 'containers' {
|
|
file { ['/etc/libvirt/qemu/networks/autostart/default.xml',
|
|
'/etc/libvirt/qemu/networks/default.xml']:
|
|
ensure => absent,
|
|
require => Package['libvirt'],
|
|
before => Service['libvirt'],
|
|
}
|
|
}
|
|
|
|
# in case libvirt has been already running before the Puppet run, make
|
|
# sure the default network is destroyed
|
|
exec { 'libvirt-default-net-destroy':
|
|
command => '/usr/bin/virsh net-destroy default',
|
|
onlyif => '/usr/bin/virsh net-info default | /bin/grep -i "^active:\s*yes"',
|
|
require => Package['libvirt'],
|
|
before => Service['libvirt'],
|
|
}
|
|
|
|
include ::nova::compute::libvirt::qemu
|
|
include ::nova::migration::qemu
|
|
|
|
$libvirt_sasl_conf = "
|
|
mech_list: scram-sha-1
|
|
sasldb_path: /etc/libvirt/passwd.db
|
|
"
|
|
|
|
package { 'cyrus-sasl-scram':
|
|
ensure => present
|
|
}
|
|
->file { '/etc/sasl2/libvirt.conf':
|
|
content => $libvirt_sasl_conf,
|
|
mode => '0644',
|
|
owner => 'root',
|
|
group => 'root',
|
|
require => Package['libvirt'],
|
|
notify => Service['libvirt'],
|
|
}
|
|
|
|
if !empty($tls_password) {
|
|
$libvirt_sasl_command = "echo \"\${TLS_PASSWORD}\" | saslpasswd2 -p -a libvirt -u overcloud migration"
|
|
$libvirt_auth_ensure = present
|
|
$libvirt_auth_conf = "
|
|
[credentials-overcloud]
|
|
authname=migration@overcloud
|
|
password=${tls_password}
|
|
|
|
[auth-libvirt-default]
|
|
credentials=overcloud
|
|
"
|
|
}
|
|
else {
|
|
$libvirt_sasl_command = 'saslpasswd2 -d -a libvirt -u overcloud migration'
|
|
$libvirt_auth_ensure = absent
|
|
$libvirt_auth_conf = ''
|
|
}
|
|
|
|
exec{ 'set libvirt sasl credentials':
|
|
environment => ["TLS_PASSWORD=${tls_password}"],
|
|
command => $libvirt_sasl_command,
|
|
path => ['/sbin', '/usr/sbin', '/bin', '/usr/bin'],
|
|
require => File['/etc/sasl2/libvirt.conf'],
|
|
tag => ['libvirt_tls_password']
|
|
}
|
|
|
|
file { '/etc/libvirt/auth.conf':
|
|
ensure => $libvirt_auth_ensure,
|
|
content => $libvirt_auth_conf,
|
|
mode => '0600',
|
|
owner => 'root',
|
|
group => 'root',
|
|
notify => Service['libvirt']
|
|
}
|
|
}
|
|
}
|