1 # == Class: glance::registry
3 # Installs and configures glance-registry
7 # [*keystone_password*]
8 # (required) The keystone password for administrative user
11 # (optional) Ensure state for package. Defaults to 'present'. On RedHat
12 # platforms this setting is ignored and the setting from the glance class is
13 # used because there is only one glance package.
16 # (optional) Enable verbose logs (true|false). Defaults to false.
19 # (optional) Enable debug logs (true|false). Defaults to false.
22 # (optional) The address of the host to bind to. Defaults to '0.0.0.0'.
25 # (optional) The port the server should bind to. Defaults to '9191'.
28 # (optional) Log file for glance-registry.
29 # If set to boolean false, it will not log to any file.
30 # Defaults to '/var/log/glance/registry.log'.
33 # (optional) directory to which glance logs are sent.
34 # If set to boolean false, it will not log to any directory.
35 # Defaults to '/var/log/glance'
37 # [*sql_idle_timeout*]
38 # (optional) Deprecated. Use database_idle_timeout instead
42 # (optional) Deprecated. Use database_connection instead.
45 # [*database_connection*]
46 # (optional) Connection url to connect to nova database.
47 # Defaults to 'sqlite:///var/lib/glance/glance.sqlite'
49 # [*database_idle_timeout*]
50 # (optional) Timeout before idle db connections are reaped.
54 # (optional) Authentication type. Defaults to 'keystone'.
57 # (optional) Address of the admin authentication endpoint.
58 # Defaults to '127.0.0.1'.
61 # (optional) Port of the admin authentication endpoint. Defaults to '35357'.
63 # [*auth_admin_prefix*]
64 # (optional) path part of the auth url.
65 # This allow admin auth URIs like http://auth_host:35357/keystone/admin.
66 # (where '/keystone/admin' is auth_admin_prefix)
67 # Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'.
70 # (optional) Protocol to communicate with the admin authentication endpoint.
71 # Defaults to 'http'. Should be 'http' or 'https'.
74 # (optional) Complete public Identity API endpoint.
77 # (optional) administrative tenant name to connect to keystone.
78 # Defaults to 'services'.
81 # (optional) administrative user name to connect to keystone.
82 # Defaults to 'glance'.
85 # (optional) Use syslog for logging.
89 # (optional) Syslog facility to receive log lines.
90 # Defaults to LOG_USER.
93 # (optional) If Puppet should manage service startup / shutdown.
97 # (optional) Should the service be enabled.
101 # (optional) Whether to create only the specified config values in
102 # the glance registry config file.
106 # (optinal) Certificate file to use when starting registry server securely
107 # Defaults to false, not set
110 # (optional) Private key file to use when starting registry server securely
111 # Defaults to false, not set
114 # (optional) CA certificate file to use to verify connecting clients
115 # Defaults to false, not set
118 # (Optional) Run db sync on the node.
122 # (optional) Deprecated. Does nothing.
124 class glance::registry(
126 $package_ensure = 'present',
129 $bind_host = '0.0.0.0',
131 $log_file = '/var/log/glance/registry.log',
132 $log_dir = '/var/log/glance',
133 $database_connection = 'sqlite:///var/lib/glance/glance.sqlite',
134 $database_idle_timeout = 3600,
135 $auth_type = 'keystone',
136 $auth_host = '127.0.0.1',
137 $auth_port = '35357',
138 $auth_admin_prefix = false,
140 $auth_protocol = 'http',
141 $keystone_tenant = 'services',
142 $keystone_user = 'glance',
143 $pipeline = 'keystone',
145 $log_facility = 'LOG_USER',
146 $manage_service = true,
148 $purge_config = false,
153 # DEPRECATED PARAMETERS
154 $mysql_module = undef,
155 $sql_idle_timeout = false,
156 $sql_connection = false,
159 require keystone::python
162 warning('The mysql_module parameter is deprecated. The latest 2.x mysql module will be used.')
165 if ( $glance::params::api_package_name != $glance::params::registry_package_name ) {
166 ensure_packages( [$glance::params::registry_package_name],
168 ensure => $package_ensure,
169 tag => ['openstack'],
174 Package[$glance::params::registry_package_name] -> File['/etc/glance/']
175 Package[$glance::params::registry_package_name] -> Glance_registry_config<||>
177 Glance_registry_config<||> ~> Exec<| title == 'glance-manage db_sync' |>
178 Glance_registry_config<||> ~> Service['glance-registry']
185 notify => Service['glance-registry'],
186 require => Class['glance']
190 warning('The sql_connection parameter is deprecated, use database_connection instead.')
191 $database_connection_real = $sql_connection
193 $database_connection_real = $database_connection
196 if $sql_idle_timeout {
197 warning('The sql_idle_timeout parameter is deprecated, use database_idle_timeout instead.')
198 $database_idle_timeout_real = $sql_idle_timeout
200 $database_idle_timeout_real = $database_idle_timeout
203 if $database_connection_real {
204 if($database_connection_real =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) {
205 require 'mysql::bindings'
206 require 'mysql::bindings::python'
207 } elsif($database_connection_real =~ /postgresql:\/\/\S+:\S+@\S+\/\S+/) {
209 } elsif($database_connection_real =~ /sqlite:\/\//) {
212 fail("Invalid db connection ${database_connection_real}")
214 glance_registry_config {
215 'database/connection': value => $database_connection_real, secret => true;
216 'database/idle_timeout': value => $database_idle_timeout_real;
220 glance_registry_config {
221 'DEFAULT/verbose': value => $verbose;
222 'DEFAULT/debug': value => $debug;
223 'DEFAULT/bind_host': value => $bind_host;
224 'DEFAULT/bind_port': value => $bind_port;
228 glance_registry_config { 'keystone_authtoken/auth_uri': value => $auth_uri; }
230 glance_registry_config { 'keystone_authtoken/auth_uri': value => "${auth_protocol}://${auth_host}:5000/"; }
234 glance_registry_config {
235 'keystone_authtoken/auth_host': value => $auth_host;
236 'keystone_authtoken/auth_port': value => $auth_port;
237 'keystone_authtoken/auth_protocol': value => $auth_protocol;
240 if $auth_admin_prefix {
241 validate_re($auth_admin_prefix, '^(/.+[^/])?$')
242 glance_registry_config {
243 'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix;
246 glance_registry_config {
247 'keystone_authtoken/auth_admin_prefix': ensure => absent;
251 # Set the pipeline, it is allowed to be blank
253 validate_re($pipeline, '^(\w+([+]\w+)*)*$')
254 glance_registry_config {
255 'paste_deploy/flavor':
260 glance_registry_config { 'paste_deploy/flavor': ensure => absent }
264 if $auth_type == 'keystone' {
265 glance_registry_config {
266 'keystone_authtoken/admin_tenant_name': value => $keystone_tenant;
267 'keystone_authtoken/admin_user' : value => $keystone_user;
268 'keystone_authtoken/admin_password' : value => $keystone_password, secret => true;
274 glance_registry_config {
275 'DEFAULT/cert_file' : value => $cert_file;
278 glance_registry_config {
279 'DEFAULT/cert_file': ensure => absent;
283 glance_registry_config {
284 'DEFAULT/key_file' : value => $key_file;
287 glance_registry_config {
288 'DEFAULT/key_file': ensure => absent;
292 glance_registry_config {
293 'DEFAULT/ca_file' : value => $ca_file;
296 glance_registry_config {
297 'DEFAULT/ca_file': ensure => absent;
303 glance_registry_config {
304 'DEFAULT/log_file': value => $log_file;
307 glance_registry_config {
308 'DEFAULT/log_file': ensure => absent;
313 glance_registry_config {
314 'DEFAULT/log_dir': value => $log_dir;
317 glance_registry_config {
318 'DEFAULT/log_dir': ensure => absent;
324 glance_registry_config {
325 'DEFAULT/use_syslog': value => true;
326 'DEFAULT/syslog_log_facility': value => $log_facility;
329 glance_registry_config {
330 'DEFAULT/use_syslog': value => false;
334 resources { 'glance_registry_config':
335 purge => $purge_config
338 file { ['/etc/glance/glance-registry.conf',
339 '/etc/glance/glance-registry-paste.ini']:
346 Exec['glance-manage db_sync'] ~> Service['glance-registry']
348 exec { 'glance-manage db_sync':
349 command => $::glance::params::db_sync_command,
353 logoutput => on_failure,
354 subscribe => [Package[$glance::params::registry_package_name], File['/etc/glance/glance-registry.conf']],
357 $service_ensure = 'running'
359 $service_ensure = 'stopped'
363 service { 'glance-registry':
364 ensure => $service_ensure,
365 name => $::glance::params::registry_service_name,
369 subscribe => File['/etc/glance/glance-registry.conf'],
370 require => Class['glance']