1 # == Class: cinder::api
3 # Setup and configure the cinder API endpoint
7 # [*keystone_password*]
8 # The password to use for authentication (keystone)
10 # [*keystone_enabled*]
11 # (optional) Use keystone for authentification
15 # (optional) The tenant of the auth user
16 # Defaults to services
19 # (optional) The name of the auth user
22 # [*keystone_auth_host*]
23 # (optional) The keystone host
24 # Defaults to localhost
26 # [*keystone_auth_port*]
27 # (optional) The keystone auth port
30 # [*keystone_auth_protocol*]
31 # (optional) The protocol used to access the auth host
35 # (optional) Some operations require cinder to make API requests
36 # to Nova. This sets the keystone region to be used for these
37 # requests. For example, boot-from-volume.
40 # [*keystone_auth_admin_prefix*]
41 # (optional) The admin_prefix used to admin endpoint of the auth host
42 # This allow admin auth URIs like http://auth_host:35357/keystone.
43 # (where '/keystone' is the admin prefix)
44 # Defaults to false for empty. If defined, should be a string with a
45 # leading '/' and no trailing '/'.
48 # (optional) The cinder api port
52 # (optional) Number of cinder-api workers
53 # Defaults to $::processorcount
56 # (optional) The state of the package
60 # (optional) The cinder api bind address
64 # (optional) The state of the service
68 # (optional) Whether to start/stop the service
72 # (optional) The state of the service
73 # Defaults to undef. If undefined the default ratelimiting values are used.
75 # [*ratelimits_factory*]
76 # (optional) Factory to use for ratelimiting
77 # Defaults to 'cinder.api.v1.limits:RateLimitingMiddleware.factory'
79 # [*default_volume_type*]
80 # (optional) default volume type to use.
81 # This should contain the name of the default volume type to use.
82 # If not configured, it produces an error when creating a volume
83 # without specifying a type.
84 # Defaults to 'false'.
87 # (optional) Whether to validate the service is working after any service refreshes
90 # [*validation_options*]
91 # (optional) Service validation options
92 # Should be a hash of options defined in openstacklib::service_validation
93 # If empty, defaults values are taken from openstacklib function.
94 # Default command list volumes.
95 # Require validate set at True.
97 # glance::api::validation_options:
99 # command: check_cinder-api.py
100 # path: /usr/bin:/bin:/usr/sbin:/sbin
108 $keystone_enabled = true,
109 $keystone_tenant = 'services',
110 $keystone_user = 'cinder',
111 $keystone_auth_host = 'localhost',
112 $keystone_auth_port = '35357',
113 $keystone_auth_protocol = 'http',
114 $keystone_auth_admin_prefix = false,
115 $keystone_auth_uri = false,
116 $os_region_name = undef,
117 $service_port = '5000',
118 $service_workers = $::processorcount,
119 $package_ensure = 'present',
120 $bind_host = '0.0.0.0',
122 $manage_service = true,
124 $default_volume_type = false,
125 $ratelimits_factory =
126 'cinder.api.v1.limits:RateLimitingMiddleware.factory',
128 $validation_options = {},
131 include cinder::params
132 include cinder::policy
134 Cinder_config<||> ~> Service['cinder-api']
135 Cinder_api_paste_ini<||> ~> Service['cinder-api']
136 Class['cinder::policy'] ~> Service['cinder-api']
138 if $::cinder::params::api_package {
139 Package['cinder-api'] -> Class['cinder::policy']
140 Package['cinder-api'] -> Cinder_config<||>
141 Package['cinder-api'] -> Cinder_api_paste_ini<||>
142 Package['cinder-api'] -> Service['cinder-api']
143 package { 'cinder-api':
144 ensure => $package_ensure,
145 name => $::cinder::params::api_package,
151 Cinder_config<||> ~> Exec['cinder-manage db_sync']
153 exec { 'cinder-manage db_sync':
154 command => $::cinder::params::db_sync_command,
158 logoutput => 'on_failure',
159 require => Package['cinder'],
170 service { 'cinder-api':
172 name => $::cinder::params::api_service,
175 require => Package['cinder'],
179 'DEFAULT/osapi_volume_listen': value => $bind_host;
180 'DEFAULT/osapi_volume_workers': value => $service_workers;
185 'DEFAULT/os_region_name': value => $os_region_name;
189 if $keystone_auth_uri {
190 $auth_uri = $keystone_auth_uri
192 $auth_uri = "${keystone_auth_protocol}://${keystone_auth_host}:${service_port}/"
194 cinder_api_paste_ini { 'filter:authtoken/auth_uri': value => $auth_uri; }
196 if $keystone_enabled {
198 'DEFAULT/auth_strategy': value => 'keystone' ;
200 cinder_api_paste_ini {
201 'filter:authtoken/service_protocol': value => $keystone_auth_protocol;
202 'filter:authtoken/service_host': value => $keystone_auth_host;
203 'filter:authtoken/service_port': value => $service_port;
204 'filter:authtoken/auth_protocol': value => $keystone_auth_protocol;
205 'filter:authtoken/auth_host': value => $keystone_auth_host;
206 'filter:authtoken/auth_port': value => $keystone_auth_port;
207 'filter:authtoken/admin_tenant_name': value => $keystone_tenant;
208 'filter:authtoken/admin_user': value => $keystone_user;
209 'filter:authtoken/admin_password': value => $keystone_password, secret => true;
212 if ($ratelimits != undef) {
213 cinder_api_paste_ini {
214 'filter:ratelimit/paste.filter_factory': value => $ratelimits_factory;
215 'filter:ratelimit/limits': value => $ratelimits;
219 if $keystone_auth_admin_prefix {
220 validate_re($keystone_auth_admin_prefix, '^(/.+[^/])?$')
221 cinder_api_paste_ini {
222 'filter:authtoken/auth_admin_prefix': value => $keystone_auth_admin_prefix;
225 cinder_api_paste_ini {
226 'filter:authtoken/auth_admin_prefix': ensure => absent;
231 if $default_volume_type {
233 'DEFAULT/default_volume_type': value => $default_volume_type;
237 'DEFAULT/default_volume_type': ensure => absent;
244 'command' => "cinder --os-auth-url ${auth_uri} --os-tenant-name ${keystone_tenant} --os-username ${keystone_user} --os-password ${keystone_password} list",
247 $validation_options_hash = merge ($defaults, $validation_options)
248 create_resources('openstacklib::service_validation', $validation_options_hash, {'subscribe' => 'Service[cinder-api]'})