1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
# File 'modules/profile/manifests/openstack/base/nova/api/service.pp', line 1
class profile::openstack::base::nova::api::service(
$version = lookup('profile::openstack::base::version'),
String $region = lookup('profile::openstack::base::region'),
Stdlib::Port $api_bind_port = lookup('profile::openstack::base::nova::osapi_compute_listen_port'),
Stdlib::Port $metadata_bind_port = lookup('profile::openstack::base::nova::metadata_listen_port'),
String $dhcp_domain = lookup('profile::openstack::base::nova::dhcp_domain',
{default_value => 'example.com'}),
Integer $compute_workers = lookup('profile::openstack::base::nova::compute_workers'),
Array[Stdlib::Host] $haproxy_nodes = lookup('profile::openstack::base::haproxy_nodes'),
) {
ferm::service { 'nova-api-backend':
proto => 'tcp',
port => $api_bind_port,
srange => "@resolve((${haproxy_nodes.join(' ')}))",
}
class {'::openstack::nova::api::service':
version => $version,
active => true,
api_bind_port => $api_bind_port,
metadata_bind_port => $metadata_bind_port,
dhcp_domain => $dhcp_domain,
compute_workers => $compute_workers,
}
contain '::openstack::nova::api::service'
$nova_hosts_ranges = $::network::constants::cloud_nova_hosts_ranges[$region]
# Allow neutron hosts to access the metadata service
# TODO: check if this is used by neutron only (as the comment above claims), and if so,
# update this firewall rule to only permit traffic from the neutron hosts
ferm::service { 'nova-metadata-nova-hosts':
proto => 'tcp',
port => '8775',
srange => "(${nova_hosts_ranges.join(' ')})",
}
}
|