openstack/puppet-neutron
Code Issues Proposed changes
ccac02b917
puppet-neutron/manifests/server.pp
Cody Herriges ccac02b917 Make tests pass on Puppet 4.x 
This commit makes the following changes, mostly to specs to get them
  passing on Puppet 4.x: removes redefinition of $name because it is now
  a reserved word and redundant in Puppet 3.x, cleans up the use of
  Puppet's old behavior of implicitly converting String to Integers
  since Puppet 4.x is pretty strictly typed, sets facts required for
  doing flow control and comparison, fixes implicit use of empty string
  that is assumed to be the same as false by updating tests that inject
  empty string into params to represent a value not being provide by a
  user to false instead.

Closes-bug: #1447620
Change-Id: Ibb651f26f33549dbe564dc88167b8f578a03fd77
2015-06-16 09:57:29 -07:00

511 lines
18 KiB
Puppet
Raw Blame History

# == Class: neutron::server
#
# Setup and configure the neutron API endpoint
#
# === Parameters
#
# [*package_ensure*]
# (optional) The state of the package
# Defaults to present
#
# [*enabled*]
# (optional) The state of the service
# Defaults to true
#
# [*manage_service*]
# (optional) Whether to start/stop the service
# Defaults to true
#
# [*service_name*]
# (optional) The name of the neutron-server service
# Defaults to 'neutron-server'
#
# [*log_file*]
# REMOVED: Use log_file of neutron class instead.
#
# [*log_dir*]
# REMOVED: Use log_dir of neutron class instead.
#
# [*auth_password*]
# (optional) The password to use for authentication (keystone)
# Defaults to false. Set a value unless you are using noauth
#
# [*auth_type*]
# (optional) What auth system to use
# Defaults to 'keystone'. Can other be 'noauth'
#
# [*auth_host*]
# (optional) DEPRECATED. The keystone host
# Defaults to localhost.
#
# [*auth_protocol*]
# (optional) DEPRECATED. The protocol used to access the auth host
# Defaults to http.
#
# [*auth_port*]
# (optional) DEPRECATED. The keystone auth port
# Defaults to 35357.
#
# [*auth_admin_prefix*]
# (optional) The admin_prefix used to admin endpoint of the auth host
# This allow admin auth URIs like http://auth_host:35357/keystone.
# (where '/keystone' is the admin prefix)
# Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'.
#
# [*auth_tenant*]
# (optional) The tenant of the auth user
# Defaults to services
#
# [*auth_user*]
# (optional) The name of the auth user
# Defaults to neutron
#
# [*auth_uri*]
# (optional) Complete public Identity API endpoint.
# Defaults to: false
#
# [*identity_uri*]
# (optional) Complete admin Identity API endpoint.
# Defaults to: false
#
# [*database_connection*]
# (optional) Connection url for the neutron database.
# (Defaults to 'sqlite:////var/lib/neutron/ovs.sqlite')
#
# [*sql_connection*]
# DEPRECATED: Use database_connection instead.
#
# [*connection*]
# DEPRECATED: Use database_connection instead.
#
# [*database_max_retries*]
# (optional) Maximum database connection retries during startup.
# (Defaults to 10)
#
# [*sql_max_retries*]
# DEPRECATED: Use database_max_retries instead.
#
# [*max_retries*]
# DEPRECATED: Use database_max_retries instead.
#
# [*database_idle_timeout*]
# (optional) Timeout before idle database connections are reaped.
# Deprecates sql_idle_timeout
# (Defaults to 3600)
#
# [*sql_idle_timeout*]
# DEPRECATED: Use database_idle_timeout instead.
#
# [*idle_timeout*]
# DEPRECATED: Use database_idle_timeout instead.
#
# [*database_retry_interval*]
# (optional) Interval between retries of opening a database connection.
# (Defaults to 10)
#
# [*sql_reconnect_interval*]
# DEPRECATED: Use database_retry_interval instead.
#
# [*retry_interval*]
# DEPRECATED: Use database_retry_interval instead.
#
# [*database_min_pool_size*]
# (optional) Minimum number of SQL connections to keep open in a pool.
# Defaults to: 1
#
# [*database_max_pool_size*]
# (optional) Maximum number of SQL connections to keep open in a pool.
# Defaults to: 10
#
# [*database_max_overflow*]
# (optional) If set, use this value for max_overflow with sqlalchemy.
# Defaults to: 20
#
# [*sync_db*]
# (optional) Run neutron-db-manage on api nodes after installing the package.
# Defaults to false
#
# [*api_workers*]
# (optional) Number of separate worker processes to spawn.
# The default, count of machine's processors, runs the worker thread in the
# current process.
# Greater than 0 launches that number of child processes as workers.
# The parent process manages them.
# Defaults to: $::processorcount
#
# [*rpc_workers*]
# (optional) Number of separate RPC worker processes to spawn.
# The default, count of machine's processors, runs the worker thread in the
# current process.
# Greater than 0 launches that number of child processes as workers.
# The parent process manages them.
# Defaults to: $::processorcount
#
# [*agent_down_time*]
# (optional) Seconds to regard the agent as down; should be at least twice
# report_interval, to be sure the agent is down for good.
# agent_down_time is a config for neutron-server, set by class neutron::server
# report_interval is a config for neutron agents, set by class neutron
# Defaults to: 75
#
# [*state_path*]
# (optional) Deprecated. Use state_path parameter on base neutron class instead.
#
# [*lock_path*]
# (optional) Deprecated. Use lock_path parameter on base neutron class instead.
#
# [*router_scheduler_driver*]
# (optional) Driver to use for scheduling router to a default L3 agent. Could be:
# neutron.scheduler.l3_agent_scheduler.ChanceScheduler to schedule a router in a random way
# neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler to allocate on an L3 agent with the least number of routers bound.
# Defaults to: neutron.scheduler.l3_agent_scheduler.ChanceScheduler
#
# [*mysql_module*]
# (optional) Deprecated. Does nothing.
#
# [*router_distributed*]
# (optional) Setting the "router_distributed" flag to "True" will default to the creation
# of distributed tenant routers.
# Also can be the type of the router on the create request (admin-only attribute).
# Defaults to false
#
# [*allow_automatic_l3agent_failover*]
# (optional) Allow automatic rescheduling of routers from dead L3 agents with
# admin_state_up set to True to alive agents.
# Defaults to false
#
# [*l3_ha*]
# (optional) Enable high availability for virtual routers.
# Defaults to false
#
# [*max_l3_agents_per_router*]
# (optional) Maximum number of l3 agents which a HA router will be scheduled on. If set to '0', a router will be scheduled on every agent.
# Defaults to '3'
#
# [*min_l3_agents_per_router*]
# (optional) Minimum number of l3 agents which a HA router will be scheduled on.
# Defaults to '2'
#
# [*l3_ha_net_cidr*]
# (optional) CIDR of the administrative network if HA mode is enabled.
# Defaults to '169.254.192.0/18'
#
class neutron::server (
$package_ensure = 'present',
$enabled = true,
$manage_service = true,
$service_name = $::neutron::params::server_service,
$auth_password = false,
$auth_type = 'keystone',
$auth_tenant = 'services',
$auth_user = 'neutron',
$auth_uri = false,
$identity_uri = false,
$database_connection = 'sqlite:////var/lib/neutron/ovs.sqlite',
$database_max_retries = 10,
$database_idle_timeout = 3600,
$database_retry_interval = 10,
$database_min_pool_size = 1,
$database_max_pool_size = 10,
$database_max_overflow = 20,
$sync_db = false,
$api_workers = $::processorcount,
$rpc_workers = $::processorcount,
$agent_down_time = '75',
$router_scheduler_driver = 'neutron.scheduler.l3_agent_scheduler.ChanceScheduler',
$router_distributed = false,
$allow_automatic_l3agent_failover = false,
$l3_ha = false,
$max_l3_agents_per_router = 3,
$min_l3_agents_per_router = 2,
$l3_ha_net_cidr = '169.254.192.0/18',
# DEPRECATED PARAMETERS
$auth_host = 'localhost',
$auth_port = '35357',
$auth_protocol = 'http',
$auth_admin_prefix = false,
$mysql_module = undef,
$log_dir = undef,
$log_file = undef,
$report_interval = undef,
$state_path = undef,
$lock_path = undef,
) {
include ::neutron::params
include ::neutron::policy
require keystone::python
Nova_admin_tenant_id_setter<||> ~> Service['neutron-server']
Neutron_config<||> ~> Service['neutron-server']
Neutron_api_config<||> ~> Service['neutron-server']
Class['neutron::policy'] ~> Service['neutron-server']
if $l3_ha {
if $min_l3_agents_per_router <= $max_l3_agents_per_router or $max_l3_agents_per_router == 0 {
neutron_config {
'DEFAULT/l3_ha': value => true;
'DEFAULT/max_l3_agents_per_router': value => $max_l3_agents_per_router;
'DEFAULT/min_l3_agents_per_router': value => $min_l3_agents_per_router;
'DEFAULT/l3_ha_net_cidr': value => $l3_ha_net_cidr;
}
} else {
fail('min_l3_agents_per_router should be less than or equal to max_l3_agents_per_router.')
}
} else {
neutron_config {
'DEFAULT/l3_ha': value => false;
}
}
if $mysql_module {
warning('The mysql_module parameter is deprecated. The latest 2.x mysql module will be used.')
}
validate_re($database_connection, '(sqlite|mysql|postgresql):\/\/(\S+:\S+@\S+\/\S+)?')
case $database_connection {
/mysql:\/\/\S+:\S+@\S+\/\S+/: {
require 'mysql::bindings'
require 'mysql::bindings::python'
}
/postgresql:\/\/\S+:\S+@\S+\/\S+/: {
$backend_package = 'python-psycopg2'
}
/sqlite:\/\//: {
$backend_package = 'python-pysqlite2'
}
default: {
fail("Invalid database_connection parameter: ${database_connection}")
}
}
if $sync_db {
if ($::neutron::params::server_package) {
# Debian platforms
Package<| title == 'neutron-server' |> ~> Exec['neutron-db-sync']
} else {
# RH platforms
Package<| title == 'neutron' |> ~> Exec['neutron-db-sync']
}
exec { 'neutron-db-sync':
command => 'neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head',
path => '/usr/bin',
before => Service['neutron-server'],
subscribe => Neutron_config['database/connection'],
refreshonly => true
}
Neutron_config<||> ~> Exec['neutron-db-sync']
}
neutron_config {
'DEFAULT/api_workers': value => $api_workers;
'DEFAULT/rpc_workers': value => $rpc_workers;
'DEFAULT/agent_down_time': value => $agent_down_time;
'DEFAULT/router_scheduler_driver': value => $router_scheduler_driver;
'DEFAULT/router_distributed': value => $router_distributed;
'DEFAULT/allow_automatic_l3agent_failover': value => $allow_automatic_l3agent_failover;
'database/connection': value => $database_connection, secret => true;
'database/idle_timeout': value => $database_idle_timeout;
'database/retry_interval': value => $database_retry_interval;
'database/max_retries': value => $database_max_retries;
'database/min_pool_size': value => $database_min_pool_size;
'database/max_pool_size': value => $database_max_pool_size;
'database/max_overflow': value => $database_max_overflow;
}
if $state_path {
# If we got state_path here, display deprecation warning and override the value from
# the base class. This preserves the behavior of before state_path was deprecated.
warning('The state_path parameter is deprecated. Use the state_path parameter on the base neutron class instead.')
Neutron_config <| title == 'DEFAULT/state_path' |> {
value => $state_path,
}
}
if $lock_path {
# If we got lock_path here, display deprecation warning and override the value from
# the base class. This preserves the behavior of before lock_path was deprecated.
warning('The lock_path parameter is deprecated. Use the lock_path parameter on the base neutron class instead.')
Neutron_config <| title == 'DEFAULT/lock_path' |> {
value => $lock_path,
}
}
if ($::neutron::params::server_package) {
Package['neutron-server'] -> Neutron_api_config<||>
Package['neutron-server'] -> Neutron_config<||>
Package['neutron-server'] -> Service['neutron-server']
Package['neutron-server'] -> Class['neutron::policy']
package { 'neutron-server':
ensure => $package_ensure,
name => $::neutron::params::server_package,
tag => 'openstack',
}
} else {
# Some platforms (RedHat) does not provide a neutron-server package.
# The neutron api config file is provided by the neutron package.
Package['neutron'] -> Class['neutron::policy']
Package['neutron'] -> Neutron_api_config<||>
}
if ($auth_type == 'keystone') {
if ($auth_password == false) {
fail('$auth_password must be set when using keystone authentication.')
} else {
neutron_config {
'keystone_authtoken/admin_tenant_name': value => $auth_tenant;
'keystone_authtoken/admin_user': value => $auth_user;
'keystone_authtoken/admin_password': value => $auth_password, secret => true;
}
neutron_api_config {
'filter:authtoken/admin_tenant_name': value => $auth_tenant;
'filter:authtoken/admin_user': value => $auth_user;
'filter:authtoken/admin_password': value => $auth_password, secret => true;
}
# if both auth_uri and identity_uri are set we skip these deprecated settings entirely
if !$auth_uri or !$identity_uri {
if $auth_admin_prefix {
warning('The auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.')
validate_re($auth_admin_prefix, '^(/.+[^/])?$')
neutron_config {
'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix;
}
neutron_api_config {
'filter:authtoken/auth_admin_prefix': value => $auth_admin_prefix;
}
} else {
neutron_config {
'keystone_authtoken/auth_admin_prefix': ensure => absent;
}
neutron_api_config {
'filter:authtoken/auth_admin_prefix': ensure => absent;
}
}
if $auth_host {
warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.')
neutron_config {
'keystone_authtoken/auth_host': value => $auth_host;
}
neutron_api_config {
'filter:authtoken/auth_host': value => $auth_host;
}
} else{
neutron_config {
'keystone_authtoken/auth_host': ensure => absent;
}
neutron_api_config {
'filter:authtoken/auth_host': ensure => absent;
}
}
if $auth_port {
warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.')
neutron_config {
'keystone_authtoken/auth_port': value => $auth_port;
}
neutron_api_config {
'filter:authtoken/auth_port': value => $auth_port;
}
} else{
neutron_config {
'keystone_authtoken/auth_port': ensure => absent;
}
neutron_api_config {
'filter:authtoken/auth_port': ensure => absent;
}
}
if $auth_protocol {
warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.')
neutron_config {
'keystone_authtoken/auth_protocol': value => $auth_protocol;
}
neutron_api_config {
'filter:authtoken/auth_protocol': value => $auth_protocol;
}
} else{
neutron_config {
'keystone_authtoken/auth_protocol': ensure => absent;
}
neutron_api_config {
'filter:authtoken/auth_protocol': ensure => absent;
}
}
} else {
neutron_config {
'keystone_authtoken/auth_admin_prefix': ensure => absent;
'keystone_authtoken/auth_host': ensure => absent;
'keystone_authtoken/auth_port': ensure => absent;
'keystone_authtoken/auth_protocol': ensure => absent;
}
neutron_api_config {
'filter:authtoken/auth_admin_prefix': ensure => absent;
'filter:authtoken/auth_host': ensure => absent;
'filter:authtoken/auth_port': ensure => absent;
'filter:authtoken/auth_protocol': ensure => absent;
}
}
if $auth_uri {
$auth_uri_real = $auth_uri
} elsif $auth_host and $auth_protocol and $auth_port {
$auth_uri_real = "${auth_protocol}://${auth_host}:5000/"
}
neutron_config {
'keystone_authtoken/auth_uri': value => $auth_uri_real;
}
neutron_api_config {
'filter:authtoken/auth_uri': value => $auth_uri_real;
}
if $identity_uri {
neutron_config {
'keystone_authtoken/identity_uri': value => $identity_uri;
}
neutron_api_config {
'filter:authtoken/identity_uri': value => $identity_uri;
}
} else {
neutron_config {
'keystone_authtoken/identity_uri': ensure => absent;
}
neutron_api_config {
'filter:authtoken/identity_uri': ensure => absent;
}
}
}
}
if $manage_service {
if $enabled {
$service_ensure = 'running'
} else {
$service_ensure = 'stopped'
}
}
service { 'neutron-server':
ensure => $service_ensure,
name => $service_name,
enable => $enabled,
hasstatus => true,
hasrestart => true,
require => Class['neutron'],
}
}
View Git Blame Copy Permalink