134 lines
4.2 KiB
Puppet
134 lines
4.2 KiB
Puppet
# == Class: ec2api::metadata
|
|
#
|
|
# Manage the EC2 API Metadata service and its configuration
|
|
#
|
|
# === Parameters
|
|
#
|
|
# ==== Metadata
|
|
#
|
|
# [*nova_metadata_ip*]
|
|
# IP address used by Nova metadata server
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*nova_metadata_port*]
|
|
# TCP Port used by Nova metadata server
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*nova_metadata_protocol*]
|
|
# Protocol to access nova metadata, http or https
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*nova_metadata_insecure*]
|
|
# Allow to perform insecure SSL (https) requests to nova metadata
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*auth_ca_cert*]
|
|
# Certificate Authority public key (CA cert) file for ssl
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*nova_client_cert*]
|
|
# Client certificate for nova metadata api server
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*nova_client_priv_key*]
|
|
# Private key of client certificate
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*metadata_proxy_shared_secret*]
|
|
# Shared secret to sign instance-id request
|
|
# Default: $::os_service_default
|
|
#
|
|
# ==== Service
|
|
#
|
|
# [*metadata_listen*]
|
|
# The IP address on which the metadata API will listen.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*metadata_listen_port*]
|
|
# The port on which the metadata API will listen.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*metadata_use_ssl*]
|
|
# Enable ssl connections or not for EC2 API Metadata.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*metadata_workers*]
|
|
# Number of workers for metadata service.
|
|
# The default will be the number of CPUs available.
|
|
# Default: $::os_workers
|
|
#
|
|
# ==== Manage Service
|
|
#
|
|
# [*manage_service*]
|
|
# Should the METADATA service actually be managed by Puppet?
|
|
# Default: true
|
|
#
|
|
# [*service_name*]
|
|
# The real system name of the Metadata service.
|
|
# Default: $::ec2api::params::metadata_service_name
|
|
#
|
|
# [*enabled*]
|
|
# Should the service be enabled and started (true) of disabled and stopped (false).
|
|
# Default: true
|
|
#
|
|
class ec2api::metadata (
|
|
# Metadata
|
|
$nova_metadata_ip = $::os_service_default,
|
|
$nova_metadata_port = $::os_service_default,
|
|
$nova_metadata_protocol = $::os_service_default,
|
|
$nova_metadata_insecure = $::os_service_default,
|
|
$auth_ca_cert = $::os_service_default,
|
|
$nova_client_cert = $::os_service_default,
|
|
$nova_client_priv_key = $::os_service_default,
|
|
$metadata_proxy_shared_secret = $::os_service_default,
|
|
# Service
|
|
$metadata_listen = $::os_service_default,
|
|
$metadata_listen_port = $::os_service_default,
|
|
$metadata_use_ssl = $::os_service_default,
|
|
$metadata_workers = $::os_workers,
|
|
# Manage service
|
|
$manage_service = true,
|
|
$service_name = $::ec2api::params::metadata_service_name,
|
|
$enabled = true,
|
|
) inherits ::ec2api::params {
|
|
|
|
include ::ec2api::deps
|
|
|
|
validate_bool($manage_service)
|
|
validate_string($service_name)
|
|
validate_bool($enabled)
|
|
|
|
ec2api_config {
|
|
'metadata/nova_metadata_ip': value => $nova_metadata_ip;
|
|
'metadata/nova_metadata_port': value => $nova_metadata_port;
|
|
'metadata/nova_metadata_protocol': value => $nova_metadata_protocol;
|
|
'metadata/nova_metadata_insecure': value => $nova_metadata_insecure;
|
|
'metadata/auth_ca_cert': value => $auth_ca_cert;
|
|
'metadata/nova_client_cert': value => $nova_client_cert;
|
|
'metadata/nova_client_priv_key': value => $nova_client_priv_key;
|
|
'metadata/metadata_proxy_shared_secret': value => $metadata_proxy_shared_secret, secret => true;
|
|
'DEFAULT/metadata_listen': value => $metadata_listen;
|
|
'DEFAULT/metadata_listen_port': value => $metadata_listen_port;
|
|
'DEFAULT/metadata_use_ssl': value => $metadata_use_ssl;
|
|
'DEFAULT/metadata_workers': value => $metadata_workers;
|
|
}
|
|
|
|
if $manage_service {
|
|
if $enabled {
|
|
$service_ensure = 'running'
|
|
} else {
|
|
$service_ensure = 'stopped'
|
|
}
|
|
}
|
|
|
|
service { 'openstack-ec2-metadata-service' :
|
|
ensure => $service_ensure,
|
|
name => $service_name,
|
|
enable => $enabled,
|
|
hasstatus => true,
|
|
hasrestart => true,
|
|
tag => 'ec2api-service',
|
|
}
|
|
|
|
}
|