openstack
/
puppet-tripleo
Code Issues Proposed changes
puppet-tripleo/manifests/profile/base/nova/libvirt.pp

134 lines
4.1 KiB
Puppet
Raw Blame History

# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::nova::libvirt
#
# Libvirt profile for tripleo. It will deploy Libvirt service and configure it.
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
# [*libvirtd_config*]
# (Optional) Overrides for libvirtd config options
# Defaults to {}
#
# [*tls_password*]
# (Optional) SASL Password for libvirtd TLS connections
# Defaults to '' (disabled)
#
class tripleo::profile::base::nova::libvirt (
$step = Integer(hiera('step')),
$libvirtd_config = {},
$tls_password = '',
) {
include ::tripleo::profile::base::nova::compute_libvirt_shared
if $step >= 4 {
include ::tripleo::profile::base::nova
include ::tripleo::profile::base::nova::migration::client
include ::nova::compute::libvirt::services
$libvirtd_config_default = {
unix_sock_group => {value => '"libvirt"'},
auth_unix_ro => {value => '"none"'},
auth_unix_rw => {value => '"none"'},
unix_sock_ro_perms => {value => '"0777"'},
unix_sock_rw_perms => {value => '"0770"'}
}
class { '::nova::compute::libvirt::config':
libvirtd_config => merge($libvirtd_config_default, $libvirtd_config)
}
# This removal of files in /etc/libvirt/qemu should not happen inside containers
# Avoids LP#1819482
if ! ($::uuid == 'docker' or $::deployment_type == 'containers') {
file { ['/etc/libvirt/qemu/networks/autostart/default.xml',
'/etc/libvirt/qemu/networks/default.xml']:
ensure => absent,
require => Package['libvirt'],
before => Service['libvirt'],
}
}
# in case libvirt has been already running before the Puppet run, make
# sure the default network is destroyed
exec { 'libvirt-default-net-destroy':
command => '/usr/bin/virsh net-destroy default',
onlyif => '/usr/bin/virsh net-info default | /bin/grep -i "^active:\s*yes"',
require => Package['libvirt'],
before => Service['libvirt'],
}
include ::nova::compute::libvirt::qemu
include ::nova::migration::qemu
$libvirt_sasl_conf = "
mech_list: scram-sha-1
sasldb_path: /etc/libvirt/passwd.db
"
package { 'cyrus-sasl-scram':
ensure => present
}
->file { '/etc/sasl2/libvirt.conf':
content => $libvirt_sasl_conf,
mode => '0644',
owner => 'root',
group => 'root',
require => Package['libvirt'],
notify => Service['libvirt'],
}
if !empty($tls_password) {
$libvirt_sasl_command = "echo \"\${TLS_PASSWORD}\" | saslpasswd2 -p -a libvirt -u overcloud migration"
$libvirt_auth_ensure = present
$libvirt_auth_conf = "
[credentials-overcloud]
authname=migration@overcloud
password=${tls_password}
[auth-libvirt-default]
credentials=overcloud
"
}
else {
$libvirt_sasl_command = 'saslpasswd2 -d -a libvirt -u overcloud migration'
$libvirt_auth_ensure = absent
$libvirt_auth_conf = ''
}
exec{ 'set libvirt sasl credentials':
environment => ["TLS_PASSWORD=${tls_password}"],
command => $libvirt_sasl_command,
path => ['/sbin', '/usr/sbin', '/bin', '/usr/bin'],
require => File['/etc/sasl2/libvirt.conf'],
tag => ['libvirt_tls_password']
}
file { '/etc/libvirt/auth.conf':
ensure => $libvirt_auth_ensure,
content => $libvirt_auth_conf,
mode => '0600',
owner => 'root',
group => 'root',
notify => Service['libvirt']
}
}
}
View Git Blame Copy Permalink