 b90f72d1fc
			
		
	
	b90f72d1fc
	
	
	
		
			
			nova::api::default_floating_pool has been deprecated, Please use nova::network::neutron::default_floating_pool instead. Change-Id: Ife09171b84e0536b22784875ca4d0d69d16fb7fb Closes-Bug: #1696888
		
			
				
	
	
		
			566 lines
		
	
	
		
			23 KiB
		
	
	
	
		
			Puppet
		
	
	
	
	
	
			
		
		
	
	
			566 lines
		
	
	
		
			23 KiB
		
	
	
	
		
			Puppet
		
	
	
	
	
	
| # == Class: nova::api
 | |
| #
 | |
| # Setup and configure the Nova API endpoint
 | |
| #
 | |
| # === Parameters
 | |
| #
 | |
| # [*enabled*]
 | |
| #   (optional) Whether the nova api service will be run
 | |
| #   Defaults to true
 | |
| #
 | |
| # [*api_paste_config*]
 | |
| #   (optional) File name for the paste.deploy config for nova-api
 | |
| #   Defaults to 'api-paste.ini'
 | |
| #
 | |
| # [*manage_service*]
 | |
| #   (optional) Whether to start/stop the service
 | |
| #   Defaults to true
 | |
| #
 | |
| # [*ensure_package*]
 | |
| #   (optional) Whether the nova api package will be installed
 | |
| #   Defaults to 'present'
 | |
| #
 | |
| # [*api_bind_address*]
 | |
| #   (optional) IP address for nova-api server to listen
 | |
| #   Defaults to '0.0.0.0'
 | |
| #
 | |
| # [*metadata_listen*]
 | |
| #   (optional) IP address  for metadata server to listen
 | |
| #   Defaults to '0.0.0.0'
 | |
| #
 | |
| # [*metadata_listen_port*]
 | |
| #   (optional) The port on which the metadata API will listen.
 | |
| #   Defaults to 8775
 | |
| #
 | |
| # [*enabled_apis*]
 | |
| #   (optional) A list of apis to enable
 | |
| #   Defaults to ['osapi_compute', 'metadata']
 | |
| #
 | |
| # [*use_forwarded_for*]
 | |
| #   (optional) Treat X-Forwarded-For as the canonical remote address. Only
 | |
| #   enable this if you have a sanitizing proxy.
 | |
| #   Defaults to false
 | |
| #
 | |
| # [*osapi_compute_workers*]
 | |
| #   (optional) Number of workers for OpenStack API service
 | |
| #   Defaults to $::os_workers
 | |
| #
 | |
| # [*osapi_compute_listen_port*]
 | |
| #   (optional) The port on which the OpenStack API will listen.
 | |
| #   Defaults to port 8774
 | |
| #
 | |
| # [*metadata_workers*]
 | |
| #   (optional) Number of workers for metadata service
 | |
| #   Defaults to $::os_workers
 | |
| #
 | |
| # [*instance_name_template*]
 | |
| #   (optional) Template string to be used to generate instance names
 | |
| #   Defaults to undef
 | |
| #
 | |
| # [*sync_db*]
 | |
| #   (optional) Run nova-manage db sync on api nodes after installing the package.
 | |
| #   Defaults to true
 | |
| #
 | |
| # [*sync_db_api*]
 | |
| #   (optional) Run nova-manage api_db sync on api nodes after installing the package.
 | |
| #   Defaults to true
 | |
| #
 | |
| # [*db_online_data_migrations*]
 | |
| #   (optional) Run nova-manage db online_data_migrations on api nodes after
 | |
| #   installing the package - required on upgrade.
 | |
| #   Defaults to false.
 | |
| #
 | |
| # [*neutron_metadata_proxy_shared_secret*]
 | |
| #   (optional) Shared secret to validate proxies Neutron metadata requests
 | |
| #   Defaults to undef
 | |
| #
 | |
| # [*pci_alias*]
 | |
| #   (optional) Pci passthrough for controller:
 | |
| #   Defaults to undef
 | |
| #   Example
 | |
| #   "[ {'vendor_id':'1234', 'product_id':'5678', 'name':'default'}, {...} ]"
 | |
| #
 | |
| # [*ratelimits*]
 | |
| #   (optional) A string that is a semicolon-separated list of 5-tuples.
 | |
| #   See http://docs.openstack.org/trunk/config-reference/content/configuring-compute-API.html
 | |
| #   Example: '(POST, "*", .*, 10, MINUTE);(POST, "*/servers", ^/servers, 50, DAY);(PUT, "*", .*, 10, MINUTE)'
 | |
| #   Defaults to undef
 | |
| #
 | |
| # [*ratelimits_factory*]
 | |
| #   (optional) The rate limiting factory to use
 | |
| #   Defaults to 'nova.api.openstack.compute.limits:RateLimitingMiddleware.factory'
 | |
| #
 | |
| # [*enable_proxy_headers_parsing*]
 | |
| #   (optional) This determines if the HTTPProxyToWSGI
 | |
| #   middleware should parse the proxy headers or not.(boolean value)
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| # [*validate*]
 | |
| #   (optional) Whether to validate the service is working after any service refreshes
 | |
| #   Defaults to false
 | |
| #
 | |
| # [*fping_path*]
 | |
| #   (optional) Full path to fping.
 | |
| #   Defaults to '/usr/sbin/fping'
 | |
| #
 | |
| # [*validation_options*]
 | |
| #   (optional) Service validation options
 | |
| #   Should be a hash of options defined in openstacklib::service_validation
 | |
| #   If empty, defaults values are taken from openstacklib function.
 | |
| #   Default command list nova flavors.
 | |
| #   Require validate set at True.
 | |
| #   Example:
 | |
| #   nova::api::validation_options:
 | |
| #     nova-api:
 | |
| #       command: check_nova.py
 | |
| #       path: /usr/bin:/bin:/usr/sbin:/sbin
 | |
| #       provider: shell
 | |
| #       tries: 5
 | |
| #       try_sleep: 10
 | |
| #   Defaults to {}
 | |
| #
 | |
| # [*service_name*]
 | |
| #   (optional) Name of the service that will be providing the
 | |
| #   server functionality of nova-api.
 | |
| #   If the value is 'httpd', this means nova-api will be a web
 | |
| #   service, and you must use another class to configure that
 | |
| #   web service. For example, use class { 'nova::wsgi::apache'...}
 | |
| #   to make nova be a web app using apache mod_wsgi.
 | |
| #   Defaults to '$::nova::params::api_service_name'
 | |
| #
 | |
| # [*metadata_cache_expiration*]
 | |
| #   (optional) This option is the time (in seconds) to cache metadata.
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| # [*vendordata_jsonfile_path*]
 | |
| #   (optional) Represent the path to the data file.
 | |
| #   Cloud providers may store custom data in vendor data file that will then be
 | |
| #   available to the instances via the metadata service, and to the rendering of
 | |
| #   config-drive. The default class for this, JsonFileVendorData, loads this
 | |
| #   information from a JSON file, whose path is configured by this option
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| # [*vendordata_providers*]
 | |
| #   (optional) vendordata providers are how deployers can provide metadata via
 | |
| #   configdrive and metadata that is specific to their deployment. There are
 | |
| #   currently two supported providers: StaticJSON and DynamicJSON.
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| # [*vendordata_dynamic_targets*]
 | |
| #   (optional) A list of targets for the dynamic vendordata provider. These
 | |
| #   targets are of the form <name>@<url>.
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| # [*vendordata_dynamic_connect_timeout*]
 | |
| #   (optional) Maximum wait time for an external REST service to connect.
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| # [*vendordata_dynamic_read_timeout*]
 | |
| #   (optional) Maximum wait time for an external REST service to return data
 | |
| #   once connected.
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| # [*vendordata_dynamic_failure_fatal*]
 | |
| #   (optional) Should failures to fetch dynamic vendordata be fatal to
 | |
| #   instance boot?
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| # [*max_limit*]
 | |
| #   (optional) This option is limit the maximum number of items in a single response.
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| # [*compute_link_prefix*]
 | |
| #   (optional) This string is prepended to the normal URL that is returned in links
 | |
| #   to the OpenStack Compute API.
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| # [*glance_link_prefix*]
 | |
| #   (optional) This string is prepended to the normal URL that is returned in links
 | |
| #   to Glance resources.
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| # [*hide_server_address_states*]
 | |
| #   (optional) This option is a list of all instance states for which network address
 | |
| #   information should not be returned from the API.
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| # [*allow_instance_snapshots*]
 | |
| #   (optional) Operators can turn off the ability for a user to take snapshots of their
 | |
| #   instances by setting this option to False
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| # [*enable_network_quota*]
 | |
| #   (optional) This option is used to enable or disable quota checking for tenant networks
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| # [*enable_instance_password*]
 | |
| #   (optional) Enables returning of the instance password by the relevant server API calls
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| # [*password_length*]
 | |
| #   (optional) Length of generated instance admin passwords (integer value)
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| # [*install_cinder_client*]
 | |
| #   (optional) Whether the cinder::client class should be used to install the cinder client.
 | |
| #   Defaults to true
 | |
| #
 | |
| #  [*allow_resize_to_same_host*]
 | |
| #   (optional) Allow destination machine to match source for resize. Note that this
 | |
| #   is also settable in the compute class. In some sitautions you need it set here
 | |
| #   and in others you need it set there.
 | |
| #   Defaults to false
 | |
| #
 | |
| #  [*vendordata_dynamic_auth_auth_type*]
 | |
| #   (optional) Authentication type to load for vendordata dynamic plugins.
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| #  [*vendordata_dynamic_auth_auth_url*]
 | |
| #   (optional) URL to use for authenticating.
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| #  [*vendordata_dynamic_auth_os_region_name*]
 | |
| #   (optional) Region name for the vendordata dynamic plugin credentials.
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| #  [*vendordata_dynamic_auth_password*]
 | |
| #   (optional) Password for the vendordata dynamic plugin credentials.
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| #  [*vendordata_dynamic_auth_project_domain_name*]
 | |
| #   (optional) Project domain name for the vendordata dynamic plugin
 | |
| #    credentials.
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| #  [*vendordata_dynamic_auth_project_name*]
 | |
| #   (optional) Project name for the vendordata dynamic plugin credentials.
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| #  [*vendordata_dynamic_auth_user_domain_name*]
 | |
| #   (optional) User domain name for the vendordata dynamic plugin credentials.
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| #  [*vendordata_dynamic_auth_username*]
 | |
| #   (optional) User name for the vendordata dynamic plugin credentials.
 | |
| #   Defaults to $::os_service_default
 | |
| #
 | |
| # DEPRECATED
 | |
| #
 | |
| # [*conductor_workers*]
 | |
| #   (optional) DEPRECATED. Use workers parameter of nova::conductor
 | |
| #   Class instead.
 | |
| #   Defaults to undef
 | |
| #
 | |
| # [*osapi_max_limit*]
 | |
| #   (optional) This option is limit the maximum number of items in a single response.
 | |
| #   Defaults to undef
 | |
| #
 | |
| # [*osapi_compute_link_prefix*]
 | |
| #   (optional) This string is prepended to the normal URL that is returned in links
 | |
| #   to the OpenStack Compute API.
 | |
| #   Defaults to undef
 | |
| #
 | |
| # [*osapi_glance_link_prefix*]
 | |
| #   (optional) This string is prepended to the normal URL that is returned in links
 | |
| #   to Glance resources.
 | |
| #   Defaults to undef
 | |
| #
 | |
| # [*osapi_hide_server_address_states*]
 | |
| #   (optional) This option is a list of all instance states for which network address
 | |
| #   information should not be returned from the API.
 | |
| #   Defaults to undef
 | |
| #
 | |
| # [*default_floating_pool*]
 | |
| #   (optional) Default pool for floating IPs
 | |
| #   Defaults to undef
 | |
| #
 | |
| class nova::api(
 | |
|   $enabled                                     = true,
 | |
|   $manage_service                              = true,
 | |
|   $api_paste_config                            = 'api-paste.ini',
 | |
|   $ensure_package                              = 'present',
 | |
|   $api_bind_address                            = '0.0.0.0',
 | |
|   $osapi_compute_listen_port                   = 8774,
 | |
|   $metadata_listen                             = '0.0.0.0',
 | |
|   $metadata_listen_port                        = 8775,
 | |
|   $enabled_apis                                = ['osapi_compute', 'metadata'],
 | |
|   $use_forwarded_for                           = false,
 | |
|   $osapi_compute_workers                       = $::os_workers,
 | |
|   $metadata_workers                            = $::os_workers,
 | |
|   $sync_db                                     = true,
 | |
|   $sync_db_api                                 = true,
 | |
|   $db_online_data_migrations                   = false,
 | |
|   $neutron_metadata_proxy_shared_secret        = undef,
 | |
|   $pci_alias                                   = undef,
 | |
|   $ratelimits                                  = undef,
 | |
|   $ratelimits_factory                          =
 | |
|     'nova.api.openstack.compute.limits:RateLimitingMiddleware.factory',
 | |
|   $validate                                    = false,
 | |
|   $validation_options                          = {},
 | |
|   $instance_name_template                      = undef,
 | |
|   $fping_path                                  = '/usr/sbin/fping',
 | |
|   $service_name                                = $::nova::params::api_service_name,
 | |
|   $enable_proxy_headers_parsing                = $::os_service_default,
 | |
|   $metadata_cache_expiration                   = $::os_service_default,
 | |
|   $vendordata_jsonfile_path                    = $::os_service_default,
 | |
|   $vendordata_providers                        = $::os_service_default,
 | |
|   $vendordata_dynamic_targets                  = $::os_service_default,
 | |
|   $vendordata_dynamic_connect_timeout          = $::os_service_default,
 | |
|   $vendordata_dynamic_read_timeout             = $::os_service_default,
 | |
|   $vendordata_dynamic_failure_fatal            = $::os_service_default,
 | |
|   $max_limit                                   = $::os_service_default,
 | |
|   $compute_link_prefix                         = $::os_service_default,
 | |
|   $glance_link_prefix                          = $::os_service_default,
 | |
|   $hide_server_address_states                  = $::os_service_default,
 | |
|   $allow_instance_snapshots                    = $::os_service_default,
 | |
|   $enable_network_quota                        = $::os_service_default,
 | |
|   $enable_instance_password                    = $::os_service_default,
 | |
|   $password_length                             = $::os_service_default,
 | |
|   $install_cinder_client                       = true,
 | |
|   $allow_resize_to_same_host                   = false,
 | |
|   $vendordata_dynamic_auth_auth_type           = $::os_service_default,
 | |
|   $vendordata_dynamic_auth_auth_url            = $::os_service_default,
 | |
|   $vendordata_dynamic_auth_os_region_name      = $::os_service_default,
 | |
|   $vendordata_dynamic_auth_password            = $::os_service_default,
 | |
|   $vendordata_dynamic_auth_project_domain_name = $::os_service_default,
 | |
|   $vendordata_dynamic_auth_project_name        = $::os_service_default,
 | |
|   $vendordata_dynamic_auth_user_domain_name    = $::os_service_default,
 | |
|   $vendordata_dynamic_auth_username            = $::os_service_default,
 | |
|   # DEPRECATED PARAMETER
 | |
|   $conductor_workers                           = undef,
 | |
|   $osapi_max_limit                             = undef,
 | |
|   $osapi_compute_link_prefix                   = undef,
 | |
|   $osapi_glance_link_prefix                    = undef,
 | |
|   $osapi_hide_server_address_states            = undef,
 | |
|   $default_floating_pool                       = undef,
 | |
| ) inherits nova::params {
 | |
| 
 | |
|   include ::nova::deps
 | |
|   include ::nova::db
 | |
|   include ::nova::policy
 | |
|   include ::nova::keystone::authtoken
 | |
| 
 | |
|   if $install_cinder_client {
 | |
|     include ::cinder::client
 | |
|     Class['cinder::client'] ~> Nova::Generic_service['api']
 | |
|   }
 | |
| 
 | |
|   if $conductor_workers {
 | |
|     warning('The conductor_workers parameter is deprecated and has no effect. Use workers parameter of nova::conductor class instead.')
 | |
|   }
 | |
| 
 | |
|   if $instance_name_template {
 | |
|     nova_config {
 | |
|       'DEFAULT/instance_name_template': value => $instance_name_template;
 | |
|     }
 | |
|   } else {
 | |
|     nova_config{
 | |
|       'DEFAULT/instance_name_template': ensure => absent;
 | |
|     }
 | |
|   }
 | |
| 
 | |
|   if $default_floating_pool {
 | |
|     warning('The default_floating_pool parameter is deprecated. Please use nova::network::neutron::default_floating_pool instead.')
 | |
|   }
 | |
| 
 | |
|   if $osapi_max_limit {
 | |
|     warning('The osapi_max_limit parameter is deprecated. Please use max_limit instead')
 | |
|     $max_limit_real = $osapi_max_limit
 | |
|   } else {
 | |
|     $max_limit_real = $max_limit
 | |
|   }
 | |
| 
 | |
|   if $osapi_compute_link_prefix {
 | |
|     warning('The osapi_compute_link_prefix parameter is deprecated. Please use compute_link_prefix instead')
 | |
|     $compute_link_prefix_real = $osapi_compute_link_prefix
 | |
|   } else {
 | |
|     $compute_link_prefix_real = $compute_link_prefix
 | |
|   }
 | |
| 
 | |
|   if $osapi_glance_link_prefix {
 | |
|     warning('The osapi_glance_link_prefix parameter is deprecated. Please use glance_link_prefix instead')
 | |
|     $glance_link_prefix_real = $osapi_glance_link_prefix
 | |
|   } else {
 | |
|     $glance_link_prefix_real = $glance_link_prefix
 | |
|   }
 | |
| 
 | |
|   if $osapi_hide_server_address_states {
 | |
|     warning('The osapi_hide_server_address_states parameter is deprecated. Please use hide_server_address_states instead')
 | |
|     $hide_server_address_states_real = $osapi_hide_server_address_states
 | |
|   } else {
 | |
|     $hide_server_address_states_real = $hide_server_address_states
 | |
|   }
 | |
| 
 | |
|   if !is_service_default($vendordata_providers) and !empty($vendordata_providers){
 | |
|     validate_array($vendordata_providers)
 | |
|     $vendordata_providers_real = join($vendordata_providers, ',')
 | |
|   } else {
 | |
|     $vendordata_providers_real = $::os_service_default
 | |
|   }
 | |
| 
 | |
|   if !is_service_default($vendordata_dynamic_targets) and !empty($vendordata_dynamic_targets){
 | |
|     validate_array($vendordata_dynamic_targets)
 | |
|     $vendordata_dynamic_targets_real = join($vendordata_dynamic_targets, ',')
 | |
|   } else {
 | |
|     $vendordata_dynamic_targets_real = $::os_service_default
 | |
|   }
 | |
| 
 | |
|   # metadata can't be run in wsgi so we have to enable it in eventlet anyway.
 | |
|   if ('metadata' in $enabled_apis and $service_name == 'httpd') {
 | |
|     $enable_metadata = true
 | |
|   } else {
 | |
|     $enable_metadata = false
 | |
|   }
 | |
| 
 | |
|   # sanitize service_name and prepare DEFAULT/enabled_apis parameter
 | |
|   if $service_name == $::nova::params::api_service_name {
 | |
|     # if running evenlet, we use the original puppet parameter
 | |
|     # so people can enable custom service names and we keep backward compatibility.
 | |
|     $enabled_apis_real = $enabled_apis
 | |
|     $service_enabled   = $enabled
 | |
|   } elsif $service_name == 'httpd' {
 | |
|     # when running wsgi, we want to enable metadata in eventlet if part of enabled_apis
 | |
|     if $enable_metadata {
 | |
|       $enabled_apis_real = ['metadata']
 | |
|       $service_enabled   = $enabled
 | |
|     } else {
 | |
|       # otherwise, set it to empty list
 | |
|       $enabled_apis_real = []
 | |
|       # if running wsgi for compute, and metadata disabled
 | |
|       # we don't need to enable nova-api service.
 | |
|       $service_enabled   = false
 | |
|     }
 | |
|     policy_rcd { 'nova-api':
 | |
|       ensure   => present,
 | |
|       set_code => '101',
 | |
|       before   => Package['nova-api'],
 | |
|     }
 | |
|     # make sure we start apache before nova-api to avoid binding issues
 | |
|     Service[$service_name] -> Service['nova-api']
 | |
|   } else {
 | |
|     fail("Invalid service_name. Either nova-api/openstack-nova-api for running \
 | |
| as a standalone service, or httpd for being run by a httpd server")
 | |
|   }
 | |
| 
 | |
|   nova::generic_service { 'api':
 | |
|     enabled        => $service_enabled,
 | |
|     manage_service => $manage_service,
 | |
|     ensure_package => $ensure_package,
 | |
|     package_name   => $::nova::params::api_package_name,
 | |
|     service_name   => $::nova::params::api_service_name,
 | |
|   }
 | |
| 
 | |
|   nova_config {
 | |
|     'wsgi/api_paste_config':                       value => $api_paste_config;
 | |
|     'DEFAULT/enabled_apis':                        value => join($enabled_apis_real, ',');
 | |
|     'DEFAULT/osapi_compute_listen':                value => $api_bind_address;
 | |
|     'DEFAULT/metadata_listen':                     value => $metadata_listen;
 | |
|     'DEFAULT/metadata_listen_port':                value => $metadata_listen_port;
 | |
|     'DEFAULT/osapi_compute_listen_port':           value => $osapi_compute_listen_port;
 | |
|     'DEFAULT/osapi_volume_listen':                 value => $api_bind_address;
 | |
|     'DEFAULT/osapi_compute_workers':               value => $osapi_compute_workers;
 | |
|     'DEFAULT/metadata_workers':                    value => $metadata_workers;
 | |
|     'DEFAULT/enable_network_quota':                value => $enable_network_quota;
 | |
|     'DEFAULT/password_length':                     value => $password_length;
 | |
|     'api/metadata_cache_expiration':               value => $metadata_cache_expiration;
 | |
|     'api/use_forwarded_for':                       value => $use_forwarded_for;
 | |
|     'api/fping_path':                              value => $fping_path;
 | |
|     'api/vendordata_jsonfile_path':                value => $vendordata_jsonfile_path;
 | |
|     'api/vendordata_providers':                    value => $vendordata_providers_real;
 | |
|     'api/vendordata_dynamic_targets':              value => $vendordata_dynamic_targets_real;
 | |
|     'api/vendordata_dynamic_connect_timeout':      value => $vendordata_dynamic_connect_timeout;
 | |
|     'api/vendordata_dynamic_read_timeout':         value => $vendordata_dynamic_read_timeout;
 | |
|     'api/vendordata_dynamic_failure_fatal':        value => $vendordata_dynamic_failure_fatal;
 | |
|     'api/max_limit':                               value => $max_limit_real;
 | |
|     'api/compute_link_prefix':                     value => $compute_link_prefix_real;
 | |
|     'api/glance_link_prefix':                      value => $glance_link_prefix_real;
 | |
|     'api/hide_server_address_states':              value => $hide_server_address_states_real;
 | |
|     'api/allow_instance_snapshots':                value => $allow_instance_snapshots;
 | |
|     'api/enable_instance_password':                value => $enable_instance_password;
 | |
|     'vendordata_dynamic_auth/auth_type':           value => $vendordata_dynamic_auth_auth_type;
 | |
|     'vendordata_dynamic_auth/auth_url':            value => $vendordata_dynamic_auth_auth_url;
 | |
|     'vendordata_dynamic_auth/os_region_name':      value => $vendordata_dynamic_auth_os_region_name;
 | |
|     'vendordata_dynamic_auth/password':            value => $vendordata_dynamic_auth_password, secret => true;
 | |
|     'vendordata_dynamic_auth/project_domain_name': value => $vendordata_dynamic_auth_project_domain_name;
 | |
|     'vendordata_dynamic_auth/project_name':        value => $vendordata_dynamic_auth_project_name;
 | |
|     'vendordata_dynamic_auth/user_domain_name':    value => $vendordata_dynamic_auth_user_domain_name;
 | |
|     'vendordata_dynamic_auth/username':            value => $vendordata_dynamic_auth_username;
 | |
|   }
 | |
| 
 | |
|   oslo::middleware {'nova_config':
 | |
|     enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
 | |
|   }
 | |
| 
 | |
|   if ($neutron_metadata_proxy_shared_secret){
 | |
|     nova_config {
 | |
|       'neutron/service_metadata_proxy': value => true;
 | |
|       'neutron/metadata_proxy_shared_secret':
 | |
|         value => $neutron_metadata_proxy_shared_secret, secret => true;
 | |
|     }
 | |
|   } else {
 | |
|     nova_config {
 | |
|       'neutron/service_metadata_proxy':       value  => false;
 | |
|       'neutron/metadata_proxy_shared_secret': ensure => absent;
 | |
|     }
 | |
|   }
 | |
| 
 | |
|   if ($ratelimits != undef) {
 | |
|     nova_paste_api_ini {
 | |
|       'filter:ratelimit/paste.filter_factory': value => $ratelimits_factory;
 | |
|       'filter:ratelimit/limits':               value => $ratelimits;
 | |
|     }
 | |
|   }
 | |
| 
 | |
|   # Added arg and if statement prevents this from being run
 | |
|   # where db is not active i.e. the compute
 | |
|   if $sync_db {
 | |
|     include ::nova::db::sync
 | |
|   }
 | |
|   if $sync_db_api {
 | |
|     include ::nova::db::sync_api
 | |
|   }
 | |
|   if $db_online_data_migrations {
 | |
|     include ::nova::db::online_data_migrations
 | |
|   }
 | |
| 
 | |
|   # Remove auth configuration from api-paste.ini
 | |
|   nova_paste_api_ini {
 | |
|     'filter:authtoken/auth_uri':          ensure => absent;
 | |
|     'filter:authtoken/auth_host':         ensure => absent;
 | |
|     'filter:authtoken/auth_port':         ensure => absent;
 | |
|     'filter:authtoken/auth_protocol':     ensure => absent;
 | |
|     'filter:authtoken/admin_tenant_name': ensure => absent;
 | |
|     'filter:authtoken/admin_user':        ensure => absent;
 | |
|     'filter:authtoken/admin_password':    ensure => absent;
 | |
|     'filter:authtoken/auth_admin_prefix': ensure => absent;
 | |
|   }
 | |
| 
 | |
|   if $pci_alias {
 | |
|     nova_config {
 | |
|       'pci/pci_alias': value => join(any2array(check_array_of_hash($pci_alias)), ',');
 | |
|     }
 | |
|   }
 | |
| 
 | |
|   if $validate {
 | |
|     #Shrinking the variables names in favor of not
 | |
|     #having more than 140 chars per line
 | |
|     #Admin user real
 | |
|     $aur = $::nova::keystone::authtoken::username
 | |
|     #Admin password real
 | |
|     $apr = $::nova::keystone::authtoken::password
 | |
|     #Admin tenant name real
 | |
|     $atnr = $::nova::keystone::authtoken::project_name
 | |
|     #Keystone Auth URI
 | |
|     $kau = $::nova::keystone::authtoken::auth_uri
 | |
|     $defaults = {
 | |
|       'nova-api' => {
 | |
|         'command'  => "nova --os-auth-url ${kau} --os-project-name ${atnr} --os-username ${aur} --os-password ${apr} flavor-list",
 | |
|       }
 | |
|     }
 | |
|     $validation_options_hash = merge ($defaults, $validation_options)
 | |
|     create_resources('openstacklib::service_validation', $validation_options_hash, {'subscribe' => 'Service[nova-api]'})
 | |
|   }
 | |
| 
 | |
|   ensure_resource('nova_config', 'DEFAULT/allow_resize_to_same_host', { value => $allow_resize_to_same_host })
 | |
| }
 |