351 lines
12 KiB
Puppet
351 lines
12 KiB
Puppet
# == Class: ec2api::api
|
|
#
|
|
# EC2 API class to configure the API service via puppet.
|
|
#
|
|
# === Parameters
|
|
#
|
|
# All options are optional unless specified otherwise.
|
|
# All options defaults to $::os_service_default and
|
|
# the default values from the service are used.
|
|
#
|
|
# === API
|
|
#
|
|
# [*keystone_ec2_tokens_url*]
|
|
# URL to authenticate token from ec2 request.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*ec2_timestamp_expiry*]
|
|
# Time in seconds before ec2 timestamp expires.
|
|
# Default: $::os_service_default
|
|
#
|
|
# === Service
|
|
#
|
|
# [*ec2api_listen*]
|
|
# The IP address on which the EC2 API will listen.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*ec2api_listen_port*]
|
|
# The port on which the EC2 API will listen.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*ec2api_use_ssl*]
|
|
# Enable ssl connections or not for EC2 API.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*ec2api_workers*]
|
|
# Number of workers for EC2 API service.
|
|
# The default will be equal to the number of CPUs available.
|
|
# Default: $::os_workers
|
|
#
|
|
# [*service_down_time*]
|
|
# Maximum time since last check-in for up service.
|
|
# Default: $::os_service_default
|
|
#
|
|
# === WSGI
|
|
#
|
|
# [*api_paste_config*]
|
|
# File name for the paste.deploy config for ec2api.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*ssl_cert_file*]
|
|
# SSL certificate of API server.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*ssl_key_file*]
|
|
# SSL private key of API server.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*tcp_keepidle*]
|
|
# Sets the value of TCP_KEEPIDLE in seconds for each
|
|
# server socket. Not supported on OS X.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*wsgi_default_pool_size*]
|
|
# Size of the pool of greenthreads used by wsgi.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*max_header_line*]
|
|
# Maximum line size of message headers to be accepted.
|
|
# max_header_line may need to be increased when using
|
|
# large tokens (typically those generated by the
|
|
# Keystone v3 API with big service catalogs).
|
|
# Default: $::os_service_default
|
|
#
|
|
# === API clients
|
|
#
|
|
# [*ssl_insecure*]
|
|
# Verify HTTPS connections.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*ssl_ca_file*]
|
|
# VCA certificate file to use to verify connecting clients.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*nova_service_type*]
|
|
# Service type of Compute API, registered in Keystone
|
|
# catalog. Should be v2.1 with microversion support.
|
|
# If it is obsolete v2, a lot of useful EC2 compliant
|
|
# instance properties will be unavailable.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*cinder_service_type*]
|
|
# Service type of Volume API, registered in Keystone catalog.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*admin_user*]
|
|
# Admin user to access specific cloud resourses.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*admin_password*]
|
|
# Admin password.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*admin_tenant_name*]
|
|
# Admin tenant name.
|
|
# Default: $::os_service_default
|
|
#
|
|
# === Auth
|
|
#
|
|
# [*api_rate_limit*]
|
|
# Whether to use per-user rate limiting for the API.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*use_forwarded_for*]
|
|
# Treat X-Forwarded-For as the canonical remote address.
|
|
# Only enable this if you have a sanitizing proxy.
|
|
# Default: $::os_service_default
|
|
#
|
|
# === ec2utils
|
|
#
|
|
# [*external_network*]
|
|
# Name of the external network, which is used to connect VPCs to
|
|
# Internet and to allocate Elastic IPs.
|
|
# Default: $::os_service_default
|
|
#
|
|
# === Availability zone
|
|
#
|
|
# [*internal_service_availability_zone*]
|
|
# The availability_zone to show internal services under.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*my_ip*]
|
|
# IP address of this host.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*ec2_host*]
|
|
# The IP address of the EC2 API server.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*ec2_port*]
|
|
# The port of the EC2 API server.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*ec2_scheme*]
|
|
# The protocol to use when connecting to the EC2 API server (http, https).
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*ec2_path*]
|
|
# The path prefix used to call the ec2 API server.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*region_list*]
|
|
# List of region=fqdn pairs separated by commas.
|
|
# Default: $::os_service_default
|
|
#
|
|
# === DHCP options
|
|
#
|
|
# [*network_device_mtu*]
|
|
# MTU size to set by DHCP for instances.
|
|
# Corresponds with the network_device_mtu in ec2api.conf.
|
|
# Default: $::os_service_default
|
|
#
|
|
# === Common
|
|
#
|
|
# [*full_vpc_support*]
|
|
# True if server supports Neutron for full VPC access.
|
|
# Default: $::os_service_default
|
|
#
|
|
# === Instance
|
|
#
|
|
# [*ec2_private_dns_show_ip*]
|
|
# Return the IP address as private dns hostname in describe instances
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*default_flavor*]
|
|
# A flavor to use as a default instance type
|
|
# Default: $::os_service_default
|
|
#
|
|
# === DB
|
|
#
|
|
# [*use_tpool*]
|
|
# Enable the experimental use of thread pooling for
|
|
# all DB API calls
|
|
# Default: $::os_service_default
|
|
#
|
|
# === Exception
|
|
#
|
|
# [*fatal_exception_format_errors*]
|
|
# Make exception message format errors fatal.
|
|
# Default: $::os_service_default
|
|
#
|
|
# === Paths
|
|
#
|
|
# [*tempdir*]
|
|
# Explicitly specify the temporary working directory.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*pybasedir*]
|
|
# Directory where the ec2api python module is installed.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*bindir*]
|
|
# Directory where ec2api binaries are installed.
|
|
# Default: $::os_service_default
|
|
#
|
|
# [*state_path*]
|
|
# Top-level directory for maintaining ec2api's state.
|
|
# Default: $::os_service_default
|
|
#
|
|
# === Manage service
|
|
#
|
|
# [*manage_service*]
|
|
# Should the API service actually be managed by Puppet?
|
|
# Default: true
|
|
#
|
|
# [*service_name*]
|
|
# The real system name of the API service.
|
|
# Default: $::ec2api::params::api_service_name
|
|
#
|
|
# [*enabled*]
|
|
# Should the service be enabled and started (true) of disabled and stopped (false).
|
|
# Default: true
|
|
#
|
|
class ec2api::api (
|
|
# API
|
|
$keystone_ec2_tokens_url = $::os_service_default,
|
|
$ec2_timestamp_expiry = $::os_service_default,
|
|
# Service
|
|
$ec2api_listen = $::os_service_default,
|
|
$ec2api_listen_port = $::os_service_default,
|
|
$ec2api_use_ssl = $::os_service_default,
|
|
$ec2api_workers = $::os_workers,
|
|
$service_down_time = $::os_service_default,
|
|
# WSGI
|
|
$api_paste_config = $::os_service_default,
|
|
$ssl_cert_file = $::os_service_default,
|
|
$ssl_key_file = $::os_service_default,
|
|
$tcp_keepidle = $::os_service_default,
|
|
$wsgi_default_pool_size = $::os_service_default,
|
|
$max_header_line = $::os_service_default,
|
|
# API clients
|
|
$ssl_insecure = $::os_service_default,
|
|
$ssl_ca_file = $::os_service_default,
|
|
$nova_service_type = $::os_service_default,
|
|
$cinder_service_type = $::os_service_default,
|
|
$admin_user = $::os_service_default,
|
|
$admin_password = $::os_service_default,
|
|
$admin_tenant_name = $::os_service_default,
|
|
# auth
|
|
$api_rate_limit = $::os_service_default,
|
|
$use_forwarded_for = $::os_service_default,
|
|
# ec2utils
|
|
$external_network = $::os_service_default,
|
|
# Availability zone
|
|
$internal_service_availability_zone = $::os_service_default,
|
|
$my_ip = $::os_service_default,
|
|
$ec2_host = $::os_service_default,
|
|
$ec2_port = $::os_service_default,
|
|
$ec2_scheme = $::os_service_default,
|
|
$ec2_path = $::os_service_default,
|
|
$region_list = $::os_service_default,
|
|
# DHCP options
|
|
$network_device_mtu = $::os_service_default,
|
|
# Common
|
|
$full_vpc_support = $::os_service_default,
|
|
# Instance
|
|
$ec2_private_dns_show_ip = $::os_service_default,
|
|
$default_flavor = $::os_service_default,
|
|
# DB
|
|
$use_tpool = $::os_service_default,
|
|
# Exception
|
|
$fatal_exception_format_errors = $::os_service_default,
|
|
# Paths
|
|
$tempdir = $::os_service_default,
|
|
$pybasedir = $::os_service_default,
|
|
$bindir = $::os_service_default,
|
|
$state_path = $::os_service_default,
|
|
# Manage service
|
|
$manage_service = true,
|
|
$service_name = $::ec2api::params::api_service_name,
|
|
$enabled = true,
|
|
) inherits ec2api::params {
|
|
|
|
include ec2api::deps
|
|
|
|
validate_legacy(Boolean, 'validate_bool', $manage_service)
|
|
validate_legacy(String, 'validate_string', $service_name)
|
|
validate_legacy(Boolean, 'validate_bool', $enabled)
|
|
|
|
ec2api_config {
|
|
'DEFAULT/keystone_ec2_tokens_url': value => $keystone_ec2_tokens_url;
|
|
'DEFAULT/ec2_timestamp_expiry': value => $ec2_timestamp_expiry;
|
|
'DEFAULT/ec2api_listen': value => $ec2api_listen;
|
|
'DEFAULT/ec2api_listen_port': value => $ec2api_listen_port;
|
|
'DEFAULT/ec2api_use_ssl': value => $ec2api_use_ssl;
|
|
'DEFAULT/ec2api_workers': value => $ec2api_workers;
|
|
'DEFAULT/service_down_time': value => $service_down_time;
|
|
'DEFAULT/api_paste_config': value => $api_paste_config;
|
|
'DEFAULT/ssl_cert_file': value => $ssl_cert_file;
|
|
'DEFAULT/ssl_key_file': value => $ssl_key_file;
|
|
'DEFAULT/tcp_keepidle': value => $tcp_keepidle;
|
|
'DEFAULT/wsgi_default_pool_size': value => $wsgi_default_pool_size;
|
|
'DEFAULT/max_header_line': value => $max_header_line;
|
|
'DEFAULT/ssl_insecure': value => $ssl_insecure;
|
|
'DEFAULT/ssl_ca_file': value => $ssl_ca_file;
|
|
'DEFAULT/nova_service_type': value => $nova_service_type;
|
|
'DEFAULT/cinder_service_type': value => $cinder_service_type;
|
|
'DEFAULT/admin_user': value => $admin_user;
|
|
'DEFAULT/admin_password': value => $admin_password, secret => true;
|
|
'DEFAULT/admin_tenant_name': value => $admin_tenant_name;
|
|
'DEFAULT/api_rate_limit': value => $api_rate_limit;
|
|
'DEFAULT/use_forwarded_for': value => $use_forwarded_for;
|
|
'DEFAULT/external_network': value => $external_network;
|
|
'DEFAULT/internal_service_availability_zone': value => $internal_service_availability_zone;
|
|
'DEFAULT/my_ip': value => $my_ip;
|
|
'DEFAULT/ec2_host': value => $ec2_host;
|
|
'DEFAULT/ec2_port': value => $ec2_port;
|
|
'DEFAULT/ec2_scheme': value => $ec2_scheme;
|
|
'DEFAULT/ec2_path': value => $ec2_path;
|
|
'DEFAULT/region_list': value => $region_list;
|
|
'DEFAULT/network_device_mtu': value => $network_device_mtu;
|
|
'DEFAULT/full_vpc_support': value => $full_vpc_support;
|
|
'DEFAULT/ec2_private_dns_show_ip': value => $ec2_private_dns_show_ip;
|
|
'DEFAULT/default_flavor': value => $default_flavor;
|
|
'DEFAULT/use_tpool': value => $use_tpool;
|
|
'DEFAULT/fatal_exception_format_errors': value => $fatal_exception_format_errors;
|
|
'DEFAULT/tempdir': value => $tempdir;
|
|
'DEFAULT/pybasedir': value => $pybasedir;
|
|
'DEFAULT/bindir': value => $bindir;
|
|
'DEFAULT/state_path': value => $state_path;
|
|
}
|
|
|
|
|
|
if $manage_service {
|
|
if $enabled {
|
|
$service_ensure = 'running'
|
|
} else {
|
|
$service_ensure = 'stopped'
|
|
}
|
|
|
|
service { 'openstack-ec2-api-service' :
|
|
ensure => $service_ensure,
|
|
name => $service_name,
|
|
enable => $enabled,
|
|
hasstatus => true,
|
|
hasrestart => true,
|
|
tag => 'ec2api-service',
|
|
}
|
|
}
|
|
|
|
}
|