Puppet Class: openstack::nova::compute::service

Defined in:
modules/openstack/manifests/nova/compute/service.pp

Overview

The 'nova compute' service does the actual VM management

within nova.

wiki.openstack.org/wiki/Nova

Parameters:

  • version (Any)
  • libvirt_type (Any)
  • certname (Any)
  • ca_target (Any)


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# File 'modules/openstack/manifests/nova/compute/service.pp', line 4

class openstack::nova::compute::service(
    $version,
    $libvirt_type,
    $certname,
    $ca_target,
    ){

    # trusty: libvirtd:x:117:nova
    # jessie: libvirt:x:121:nova
    # stretch: libvirt:x:121:nova
    $libvirt_unix_sock_group = $::facts['lsbdistcodename'] ? {
        'trusty'  => 'libvirtd',
        'jessie'  => 'libvirt',
        'stretch' => 'libvirt',
    }

    class { "openstack::nova::compute::service::${version}::${::lsbdistcodename}":
        libvirt_type            => $libvirt_type,
        certname                => $certname,
        ca_target               => $ca_target,
        libvirt_unix_sock_group => $libvirt_unix_sock_group,
    }

    require openstack::nova::compute::audit
    include openstack::nova::compute::kmod

    # use exec to set the shell to not shadow the manage
    # the user for the package which causes Puppet
    # to see the user as a dependency anywhere the
    # nova user is used to ensure good permission
    exec {'set_shell_for_nova':
        command   => '/usr/sbin/usermod -c "shell set for online operations" -s /bin/bash nova',
        unless    => '/bin/grep "nova:" /etc/passwd | /bin/grep ":\/bin\/bash"',
        logoutput => true,
        require   => Package['nova-compute'],
    }

    ssh::userkey { 'nova':
        content => secret('ssh/nova/nova.pub'),
        require => Exec['set_shell_for_nova'],
    }

    file { '/var/lib/nova/.ssh':
        ensure  => 'directory',
        owner   => 'nova',
        group   => 'nova',
        mode    => '0700',
        require => Package['nova-compute'],
    }

    file { '/var/lib/nova/.ssh/id_rsa':
        owner     => 'nova',
        group     => 'nova',
        mode      => '0600',
        content   => secret('ssh/nova/nova.key'),
        require   => File['/var/lib/nova/.ssh'],
        show_diff => false,
    }

    file { '/var/lib/nova/.ssh/id_rsa.pub':
        owner   => 'nova',
        group   => 'nova',
        mode    => '0600',
        content => secret('ssh/nova/nova.pub'),
        require => File['/var/lib/nova/.ssh'],
    }

    sslcert::certificate { $certname: }

    file { "/var/lib/nova/${certname}.key":
        owner     => 'nova',
        group     => $libvirt_unix_sock_group,
        mode      => '0440',
        content   => secret("ssl/${certname}.key"),
        require   => Package['nova-compute'],
        show_diff => false,
    }

    file { '/var/lib/nova/clientkey.pem':
        ensure => link,
        target => "/var/lib/nova/${certname}.key",
    }

    file { '/var/lib/nova/clientcert.pem':
        ensure  => link,
        target  => "/etc/ssl/localcerts/${certname}.crt",
        require => Sslcert::Certificate[$certname],
    }

    file { '/var/lib/nova/cacert.pem':
        ensure  => link,
        target  => $ca_target,
        require => Sslcert::Certificate[$certname],
    }

    service { 'nova-compute':
        ensure    => 'running',
        subscribe => [
                      File['/etc/nova/nova.conf'],
                      File['/etc/nova/nova-compute.conf'],
            ],
        require   => Package['nova-compute'],
    }

    # Guest management on host startup/reboot
    if os_version('debian >= stretch') {

        file { '/etc/default/libvirt-guests':
            owner  => 'root',
            group  => 'root',
            mode   => '0444',
            source => 'puppet:///modules/openstack/nova/libvirt/libvirt-guests',
        }

        service { 'libvirt-guests':
            ensure => 'running',
            enable => true,
        }
    }

}