3 # This class is used to specify configuration parameters that are common
4 # across all nova services.
9 # (optional) The state of nova packages
10 # Defaults to 'present'
13 # (optional) Deprecated. This parameter does nothing and will be removed.
14 # Defaults to 'localcluster'
17 # (optional) Deprecated. Use database_connection instead.
20 # [*sql_idle_timeout*]
21 # (optional) Deprecated. Use database_idle_timeout instead
24 # [*database_connection*]
25 # (optional) Connection url to connect to nova database.
28 # [*slave_connection*]
29 # (optional) Connection url to connect to nova slave database (read-only).
32 # [*database_idle_timeout*]
33 # (optional) Timeout before idle db connections are reaped.
37 # (optional) The rpc backend implementation to use, can be:
38 # rabbit (for rabbitmq)
41 # Defaults to 'rabbit'
44 # (optional) Service used to search for and retrieve images.
45 # Defaults to 'nova.image.local.LocalImageService'
47 # [*glance_api_servers*]
48 # (optional) List of addresses for api servers.
49 # Defaults to 'localhost:9292'
51 # [*memcached_servers*]
52 # (optional) Use memcached instead of in-process cache. Supply a list of memcached server IP's:Memcached Port.
56 # (optional) Location of rabbitmq installation.
57 # Defaults to 'localhost'
60 # (optional) List of clustered rabbit servers.
64 # (optional) Port for rabbitmq instance.
68 # (optional) Password used to connect to rabbitmq.
72 # (optional) User used to connect to rabbitmq.
75 # [*rabbit_virtual_host*]
76 # (optional) The RabbitMQ virtual host.
80 # (optional) Connect over SSL for RabbitMQ
83 # [*kombu_ssl_ca_certs*]
84 # (optional) SSL certification authority file (valid only if SSL enabled).
87 # [*kombu_ssl_certfile*]
88 # (optional) SSL cert file (valid only if SSL enabled).
91 # [*kombu_ssl_keyfile*]
92 # (optional) SSL key file (valid only if SSL enabled).
95 # [*kombu_ssl_version*]
96 # (optional) SSL version to use (valid only if SSL enabled).
97 # Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
98 # available on some distributions.
101 # [*amqp_durable_queues*]
102 # (optional) Define queues as "durable" to rabbitmq.
106 # (optional) Location of qpid server
107 # Defaults to 'localhost'
110 # (optional) Port for qpid server
114 # (optional) Username to use when connecting to qpid
115 # Defaults to 'guest'
118 # (optional) Password to use when connecting to qpid
119 # Defaults to 'guest'
122 # (optional) Seconds between connection keepalive heartbeats
126 # (optional) Transport to use, either 'tcp' or 'ssl''
129 # [*qpid_sasl_mechanisms*]
130 # (optional) Enable one or more SASL mechanisms
133 # [*qpid_tcp_nodelay*]
134 # (optional) Disable Nagle algorithm
137 # [*service_down_time*]
138 # (optional) Maximum time since last check-in for up service.
142 # (optional) Deprecated. Use log_dir instead.
146 # (optional) Directory where logs should be stored.
147 # If set to boolean false, it will not log to any directory.
148 # Defaults to '/var/log/nova'
151 # (optional) Directory for storing state.
152 # Defaults to '/var/lib/nova'
155 # (optional) Directory for lock files.
156 # On RHEL will be '/var/lib/nova/tmp' and on Debian '/var/lock/nova'
157 # Defaults to $::nova::params::lock_path
160 # (optional) Set log output to verbose output.
163 # [*periodic_interval*]
164 # (optional) Seconds between running periodic tasks.
167 # [*report_interval*]
168 # (optional) Interval at which nodes report to data store.
171 # [*monitoring_notifications*]
172 # (optional) Whether or not to send system usage data notifications out on the message queue. Only valid for stable/essex.
176 # (optional) Use syslog for logging
180 # (optional) Syslog facility to receive log lines.
181 # Defaults to 'LOG_USER'
184 # (optional) Enable SSL on the API server
185 # Defaults to false, not set
187 # [*enabled_ssl_apis*]
188 # (optional) List of APIs to SSL enable
190 # Possible values : 'ec2', 'osapi_compute', 'metadata'
193 # (optinal) Certificate file to use when starting API server securely
194 # Defaults to false, not set
197 # (optional) Private key file to use when starting API server securely
198 # Defaults to false, not set
201 # (optional) CA certificate file to use to verify connecting clients
202 # Defaults to false, not set_
205 # (optional) Create the nova user with the specified gid.
206 # Changing to a new uid after specifying a different uid previously,
207 # or using this option after the nova account already exists will break
208 # the ownership of all files/dirs owned by nova. It is strongly encouraged
209 # not to use this option and instead create user before nova class or
210 # for network shares create netgroup into which you'll put nova on all the
211 # nodes. If undef no user will be created and user creation will standardly
212 # happen in nova-common package.
216 # (optional) Create the nova user with the specified gid.
217 # Changing to a new uid after specifying a different uid previously,
218 # or using this option after the nova account already exists will break
219 # the ownership of all files/dirs owned by nova. It is strongly encouraged
220 # not to use this option and instead create group before nova class or for
221 # network shares create netgroup into which you'll put nova on all the
222 # nodes. If undef no user or group will be created and creation will
223 # happen in nova-common package.
226 # [*nova_public_key*]
227 # (optional) Install public key in .ssh/authorized_keys for the 'nova' user.
228 # Expects a hash of the form { type => 'key-type', key => 'key-data' } where
229 # 'key-type' is one of (ssh-rsa, ssh-dsa, ssh-ecdsa) and 'key-data' is the
230 # actual key data (e.g, 'AAAA...').
232 # [*nova_private_key*]
233 # (optional) Install private key into .ssh/id_rsa (or appropriate equivalent
234 # for key type). Expects a hash of the form { type => 'key-type', key =>
235 # 'key-data' }, where 'key-type' is one of (ssh-rsa, ssh-dsa, ssh-ecdsa) and
236 # 'key-data' is the contents of the private key file.
239 # (optional) Set shell for 'nova' user to the specified value.
240 # Defaults to '/bin/false'.
243 # (optional) Deprecated. Does nothing.
245 # [*notification_driver*]
246 # (optional) Driver or drivers to handle sending notifications.
247 # Value can be a string or a list.
250 # [*notification_topics*]
251 # (optional) AMQP topic used for OpenStack notifications
252 # Defaults to 'notifications'
254 # [*notify_api_faults*]
255 # (optional) If set, send api.fault notifications on caught
256 # exceptions in the API service
259 # [*notify_on_state_change*]
260 # (optional) If set, send compute.instance.update notifications
261 # on instance state changes. Valid values are None for no notifications,
262 # "vm_state" for notifications on VM state changes, or "vm_and_task_state"
263 # for notifications on VM and task state changes.
267 # (optional) Sets the os_region_name flag. For environments with
268 # more than one endpoint per service, this is required to make
269 # things such as cinder volume attach work. If you don't set this
270 # and you have multiple endpoints, you will get AmbiguousEndpoint
271 # exceptions in the nova API service.
274 $ensure_package = 'present',
275 $database_connection = false,
276 $slave_connection = false,
277 $database_idle_timeout = 3600,
278 $rpc_backend = 'rabbit',
279 $image_service = 'nova.image.glance.GlanceImageService',
280 # these glance params should be optional
281 # this should probably just be configured as a glance client
282 $glance_api_servers = 'localhost:9292',
283 $memcached_servers = false,
284 $rabbit_host = 'localhost',
285 $rabbit_hosts = false,
286 $rabbit_password = 'guest',
287 $rabbit_port = '5672',
288 $rabbit_userid = 'guest',
289 $rabbit_virtual_host = '/',
290 $rabbit_use_ssl = false,
291 $rabbit_ha_queues = undef,
292 $kombu_ssl_ca_certs = undef,
293 $kombu_ssl_certfile = undef,
294 $kombu_ssl_keyfile = undef,
295 $kombu_ssl_version = 'TLSv1',
296 $amqp_durable_queues = false,
297 $qpid_hostname = 'localhost',
299 $qpid_username = 'guest',
300 $qpid_password = 'guest',
301 $qpid_sasl_mechanisms = false,
302 $qpid_heartbeat = 60,
303 $qpid_protocol = 'tcp',
304 $qpid_tcp_nodelay = true,
305 $auth_strategy = 'keystone',
306 $service_down_time = 60,
307 $log_dir = '/var/log/nova',
308 $state_path = '/var/lib/nova',
309 $lock_path = $::nova::params::lock_path,
312 $periodic_interval = '60',
313 $report_interval = '10',
314 $rootwrap_config = '/etc/nova/rootwrap.conf',
316 $enabled_ssl_apis = ['ec2', 'metadata', 'osapi_compute'],
320 $nova_user_id = undef,
321 $nova_group_id = undef,
322 $nova_public_key = undef,
323 $nova_private_key = undef,
324 $nova_shell = '/bin/false',
325 # deprecated in folsom
326 #$root_helper = $::nova::params::root_helper,
327 $monitoring_notifications = false,
329 $log_facility = 'LOG_USER',
330 $install_utilities = true,
331 $notification_driver = [],
332 $notification_topics = 'notifications',
333 $notify_api_faults = false,
334 $notify_on_state_change = undef,
335 # DEPRECATED PARAMETERS
336 $mysql_module = undef,
337 # this is how to query all resources from our clutser
338 $nova_cluster_id = undef,
339 $sql_connection = false,
340 $sql_idle_timeout = false,
342 $os_region_name = undef,
343 ) inherits nova::params {
345 # maintain backward compatibility
349 warning('The mysql_module parameter is deprecated. The latest 2.x mysql module will be used.')
352 if $nova_cluster_id {
353 warning('The nova_cluster_id parameter is deprecated and has no effect.')
356 validate_array($enabled_ssl_apis)
357 if empty($enabled_ssl_apis) and $use_ssl {
358 warning('enabled_ssl_apis is empty but use_ssl is set to true')
363 fail('The cert_file parameter is required when use_ssl is set to true')
366 fail('The key_file parameter is required when use_ssl is set to true')
370 if $kombu_ssl_ca_certs and !$rabbit_use_ssl {
371 fail('The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true')
373 if $kombu_ssl_certfile and !$rabbit_use_ssl {
374 fail('The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true')
376 if $kombu_ssl_keyfile and !$rabbit_use_ssl {
377 fail('The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true')
379 if ($kombu_ssl_certfile and !$kombu_ssl_keyfile) or ($kombu_ssl_keyfile and !$kombu_ssl_certfile) {
380 fail('The kombu_ssl_certfile and kombu_ssl_keyfile parameters must be used together')
384 warning('The nova_group_id will be deprecated, please create group manually')
388 gid => $nova_group_id,
389 before => Package['nova-common'],
393 warning('The nova_user_id will be deprecated, please create user manually')
398 home => '/var/lib/nova',
400 shell => $nova_shell,
401 uid => $nova_user_id,
402 gid => $nova_group_id,
403 before => Package['nova-common'],
404 require => Group['nova'],
408 if $nova_public_key or $nova_private_key {
409 file { '/var/lib/nova/.ssh':
414 require => Package['nova-common'],
417 if $nova_public_key {
418 if ! $nova_public_key[key] or ! $nova_public_key['type'] {
419 fail('You must provide both a key type and key data.')
422 ssh_authorized_key { 'nova-migration-public-key':
424 key => $nova_public_key[key],
425 type => $nova_public_key['type'],
427 require => File['/var/lib/nova/.ssh'],
431 if $nova_private_key {
432 if ! $nova_private_key[key] or ! $nova_private_key['type'] {
433 fail('You must provide both a key type and key data.')
436 $nova_private_key_file = $nova_private_key['type'] ? {
437 'ssh-rsa' => '/var/lib/nova/.ssh/id_rsa',
438 'ssh-dsa' => '/var/lib/nova/.ssh/id_dsa',
439 'ssh-ecdsa' => '/var/lib/nova/.ssh/id_ecdsa',
443 if ! $nova_private_key_file {
444 fail("Unable to determine name of private key file. Type specified was '${nova_private_key['type']}' but should be one of: ssh-rsa, ssh-dsa, ssh-ecdsa.")
447 file { $nova_private_key_file:
448 content => $nova_private_key[key],
452 require => [ File['/var/lib/nova/.ssh'], Package['nova-common'] ],
458 # all nova_config resources should be applied
459 # after the nova common package
460 # before the file resource for nova.conf is managed
461 # and before the post config resource
462 Package['nova-common'] -> Nova_config<| |> -> File['/etc/nova/nova.conf']
463 Nova_config<| |> ~> Exec['post-nova_config']
465 # TODO - see if these packages can be removed
466 # they should be handled as package deps by the OS
470 package { 'python-greenlet':
472 require => Package['python'],
475 if $install_utilities {
476 class { 'nova::utilities': }
479 # this anchor is used to simplify the graph between nova components by
480 # allowing a resource to serve as a point where the configuration of nova begins
481 anchor { 'nova-start': }
483 package { 'python-nova':
484 ensure => $ensure_package,
485 require => Package['python-greenlet'],
486 tag => ['openstack', 'nova'],
489 package { 'nova-common':
490 ensure => $ensure_package,
491 name => $::nova::params::common_package_name,
492 require => [Package['python-nova'], Anchor['nova-start']],
493 tag => ['openstack', 'nova'],
496 file { '/etc/nova/nova.conf':
500 require => Package['nova-common'],
503 # used by debian/ubuntu in nova::network_bridge to refresh
504 # interfaces based on /etc/network/interfaces
505 exec { 'networking-refresh':
506 command => '/sbin/ifdown -a ; /sbin/ifup -a',
510 nova_config { 'DEFAULT/image_service': value => $image_service }
512 if $image_service == 'nova.image.glance.GlanceImageService' {
513 if $glance_api_servers {
514 nova_config { 'glance/api_servers': value => $glance_api_servers }
518 nova_config { 'DEFAULT/auth_strategy': value => $auth_strategy }
520 if $memcached_servers {
521 nova_config { 'DEFAULT/memcached_servers': value => join($memcached_servers, ',') }
523 nova_config { 'DEFAULT/memcached_servers': ensure => absent }
526 # we keep "nova.openstack.common.rpc.impl_kombu" for backward compatibility
527 # but since Icehouse, "rabbit" is enough.
528 if $rpc_backend == 'nova.openstack.common.rpc.impl_kombu' or $rpc_backend == 'rabbit' {
529 # I may want to support exporting and collecting these
531 'DEFAULT/rabbit_password': value => $rabbit_password, secret => true;
532 'DEFAULT/rabbit_userid': value => $rabbit_userid;
533 'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host;
534 'DEFAULT/rabbit_use_ssl': value => $rabbit_use_ssl;
535 'DEFAULT/amqp_durable_queues': value => $amqp_durable_queues;
540 if $kombu_ssl_ca_certs {
541 nova_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs; }
543 nova_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent; }
546 if $kombu_ssl_certfile or $kombu_ssl_keyfile {
548 'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile;
549 'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile;
553 'DEFAULT/kombu_ssl_certfile': ensure => absent;
554 'DEFAULT/kombu_ssl_keyfile': ensure => absent;
558 if $kombu_ssl_version {
559 nova_config { 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version; }
561 nova_config { 'DEFAULT/kombu_ssl_version': ensure => absent; }
566 'DEFAULT/kombu_ssl_ca_certs': ensure => absent;
567 'DEFAULT/kombu_ssl_certfile': ensure => absent;
568 'DEFAULT/kombu_ssl_keyfile': ensure => absent;
569 'DEFAULT/kombu_ssl_version': ensure => absent;
574 nova_config { 'DEFAULT/rabbit_hosts': value => join($rabbit_hosts, ',') }
576 nova_config { 'DEFAULT/rabbit_host': value => $rabbit_host }
577 nova_config { 'DEFAULT/rabbit_port': value => $rabbit_port }
578 nova_config { 'DEFAULT/rabbit_hosts': value => "${rabbit_host}:${rabbit_port}" }
580 if $rabbit_ha_queues == undef {
582 nova_config { 'DEFAULT/rabbit_ha_queues': value => true }
584 nova_config { 'DEFAULT/rabbit_ha_queues': value => false }
587 nova_config { 'DEFAULT/rabbit_ha_queues': value => $rabbit_ha_queues }
591 # we keep "nova.openstack.common.rpc.impl_qpid" for backward compatibility
592 # but since Icehouse, "qpid" is enough.
593 if $rpc_backend == 'nova.openstack.common.rpc.impl_qpid' or $rpc_backend == 'qpid' {
595 'DEFAULT/qpid_hostname': value => $qpid_hostname;
596 'DEFAULT/qpid_port': value => $qpid_port;
597 'DEFAULT/qpid_username': value => $qpid_username;
598 'DEFAULT/qpid_password': value => $qpid_password, secret => true;
599 'DEFAULT/qpid_heartbeat': value => $qpid_heartbeat;
600 'DEFAULT/qpid_protocol': value => $qpid_protocol;
601 'DEFAULT/qpid_tcp_nodelay': value => $qpid_tcp_nodelay;
603 if is_array($qpid_sasl_mechanisms) {
605 'DEFAULT/qpid_sasl_mechanisms': value => join($qpid_sasl_mechanisms, ' ');
608 elsif $qpid_sasl_mechanisms {
610 'DEFAULT/qpid_sasl_mechanisms': value => $qpid_sasl_mechanisms;
615 'DEFAULT/qpid_sasl_mechanisms': ensure => absent;
623 'DEFAULT/enabled_ssl_apis' : value => join($enabled_ssl_apis, ',');
624 'DEFAULT/ssl_cert_file' : value => $cert_file;
625 'DEFAULT/ssl_key_file' : value => $key_file;
628 nova_config { 'DEFAULT/ssl_ca_file' :
632 nova_config { 'DEFAULT/ssl_ca_file' :
638 'DEFAULT/enabled_ssl_apis' : ensure => absent;
639 'DEFAULT/ssl_cert_file' : ensure => absent;
640 'DEFAULT/ssl_key_file' : ensure => absent;
641 'DEFAULT/ssl_ca_file' : ensure => absent;
646 warning('The logdir parameter is deprecated, use log_dir instead.')
647 $log_dir_real = $logdir
649 $log_dir_real = $log_dir
653 file { $log_dir_real:
657 group => $::nova::params::nova_log_group,
658 require => Package['nova-common'],
660 nova_config { 'DEFAULT/log_dir': value => $log_dir_real;}
662 nova_config { 'DEFAULT/log_dir': ensure => absent;}
665 if $monitoring_notifications {
666 warning('The monitoring_notifications parameter is deprecated, use notification_driver instead.')
667 $notification_driver_real = 'nova.openstack.common.notifier.rpc_notifier'
669 $notification_driver_real = is_string($notification_driver) ? {
670 true => $notification_driver,
671 default => join($notification_driver, ',')
676 'DEFAULT/verbose': value => $verbose;
677 'DEFAULT/debug': value => $debug;
678 'DEFAULT/rpc_backend': value => $rpc_backend;
679 'DEFAULT/notification_driver': value => $notification_driver_real;
680 'DEFAULT/notification_topics': value => $notification_topics;
681 'DEFAULT/notify_api_faults': value => $notify_api_faults;
682 # Following may need to be broken out to different nova services
683 'DEFAULT/state_path': value => $state_path;
684 'DEFAULT/lock_path': value => $lock_path;
685 'DEFAULT/service_down_time': value => $service_down_time;
686 'DEFAULT/rootwrap_config': value => $rootwrap_config;
687 'DEFAULT/report_interval': value => $report_interval;
690 if $notify_on_state_change and $notify_on_state_change in ['vm_state', 'vm_and_task_state'] {
692 'DEFAULT/notify_on_state_change': value => $notify_on_state_change;
695 nova_config { 'DEFAULT/notify_on_state_change': ensure => absent; }
698 # Syslog configuration
701 'DEFAULT/use_syslog': value => true;
702 'DEFAULT/syslog_log_facility': value => $log_facility;
706 'DEFAULT/use_syslog': value => false;
712 'DEFAULT/os_region_name': value => $os_region_name;
717 'DEFAULT/os_region_name': ensure => absent;
721 exec { 'post-nova_config':
722 command => '/bin/echo "Nova config has changed"',