--- /dev/null
+# == Class: nova
+#
+# This class is used to specify configuration parameters that are common
+# across all nova services.
+#
+# === Parameters:
+#
+# [*ensure_package*]
+# (optional) The state of nova packages
+# Defaults to 'present'
+#
+# [*nova_cluster_id*]
+# (optional) Deprecated. This parameter does nothing and will be removed.
+# Defaults to 'localcluster'
+#
+# [*sql_connection*]
+# (optional) Deprecated. Use database_connection instead.
+# Defaults to false
+#
+# [*sql_idle_timeout*]
+# (optional) Deprecated. Use database_idle_timeout instead
+# Defaults to false
+#
+# [*database_connection*]
+# (optional) Connection url to connect to nova database.
+# Defaults to false
+#
+# [*slave_connection*]
+# (optional) Connection url to connect to nova slave database (read-only).
+# Defaults to false
+#
+# [*database_idle_timeout*]
+# (optional) Timeout before idle db connections are reaped.
+# Defaults to 3600
+#
+# [*rpc_backend*]
+# (optional) The rpc backend implementation to use, can be:
+# rabbit (for rabbitmq)
+# qpid (for qpid)
+# zmq (for zeromq)
+# Defaults to 'rabbit'
+#
+# [*image_service*]
+# (optional) Service used to search for and retrieve images.
+# Defaults to 'nova.image.local.LocalImageService'
+#
+# [*glance_api_servers*]
+# (optional) List of addresses for api servers.
+# Defaults to 'localhost:9292'
+#
+# [*memcached_servers*]
+# (optional) Use memcached instead of in-process cache. Supply a list of memcached server IP's:Memcached Port.
+# Defaults to false
+#
+# [*rabbit_host*]
+# (optional) Location of rabbitmq installation.
+# Defaults to 'localhost'
+#
+# [*rabbit_hosts*]
+# (optional) List of clustered rabbit servers.
+# Defaults to false
+#
+# [*rabbit_port*]
+# (optional) Port for rabbitmq instance.
+# Defaults to '5672'
+#
+# [*rabbit_password*]
+# (optional) Password used to connect to rabbitmq.
+# Defaults to 'guest'
+#
+# [*rabbit_userid*]
+# (optional) User used to connect to rabbitmq.
+# Defaults to 'guest'
+#
+# [*rabbit_virtual_host*]
+# (optional) The RabbitMQ virtual host.
+# Defaults to '/'
+#
+# [*rabbit_use_ssl*]
+# (optional) Connect over SSL for RabbitMQ
+# Defaults to false
+#
+# [*kombu_ssl_ca_certs*]
+# (optional) SSL certification authority file (valid only if SSL enabled).
+# Defaults to undef
+#
+# [*kombu_ssl_certfile*]
+# (optional) SSL cert file (valid only if SSL enabled).
+# Defaults to undef
+#
+# [*kombu_ssl_keyfile*]
+# (optional) SSL key file (valid only if SSL enabled).
+# Defaults to undef
+#
+# [*kombu_ssl_version*]
+# (optional) SSL version to use (valid only if SSL enabled).
+# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
+# available on some distributions.
+# Defaults to 'TLSv1'
+#
+# [*amqp_durable_queues*]
+# (optional) Define queues as "durable" to rabbitmq.
+# Defaults to false
+#
+# [*qpid_hostname*]
+# (optional) Location of qpid server
+# Defaults to 'localhost'
+#
+# [*qpid_port*]
+# (optional) Port for qpid server
+# Defaults to '5672'
+#
+# [*qpid_username*]
+# (optional) Username to use when connecting to qpid
+# Defaults to 'guest'
+#
+# [*qpid_password*]
+# (optional) Password to use when connecting to qpid
+# Defaults to 'guest'
+#
+# [*qpid_heartbeat*]
+# (optional) Seconds between connection keepalive heartbeats
+# Defaults to 60
+#
+# [*qpid_protocol*]
+# (optional) Transport to use, either 'tcp' or 'ssl''
+# Defaults to 'tcp'
+#
+# [*qpid_sasl_mechanisms*]
+# (optional) Enable one or more SASL mechanisms
+# Defaults to false
+#
+# [*qpid_tcp_nodelay*]
+# (optional) Disable Nagle algorithm
+# Defaults to true
+#
+# [*service_down_time*]
+# (optional) Maximum time since last check-in for up service.
+# Defaults to 60
+#
+# [*logdir*]
+# (optional) Deprecated. Use log_dir instead.
+# Defaults to false
+#
+# [*log_dir*]
+# (optional) Directory where logs should be stored.
+# If set to boolean false, it will not log to any directory.
+# Defaults to '/var/log/nova'
+#
+# [*state_path*]
+# (optional) Directory for storing state.
+# Defaults to '/var/lib/nova'
+#
+# [*lock_path*]
+# (optional) Directory for lock files.
+# On RHEL will be '/var/lib/nova/tmp' and on Debian '/var/lock/nova'
+# Defaults to $::nova::params::lock_path
+#
+# [*verbose*]
+# (optional) Set log output to verbose output.
+# Defaults to false
+#
+# [*periodic_interval*]
+# (optional) Seconds between running periodic tasks.
+# Defaults to '60'
+#
+# [*report_interval*]
+# (optional) Interval at which nodes report to data store.
+# Defaults to '10'
+#
+# [*monitoring_notifications*]
+# (optional) Whether or not to send system usage data notifications out on the message queue. Only valid for stable/essex.
+# Defaults to false
+#
+# [*use_syslog*]
+# (optional) Use syslog for logging
+# Defaults to false
+#
+# [*log_facility*]
+# (optional) Syslog facility to receive log lines.
+# Defaults to 'LOG_USER'
+#
+# [*use_ssl*]
+# (optional) Enable SSL on the API server
+# Defaults to false, not set
+#
+# [*enabled_ssl_apis*]
+# (optional) List of APIs to SSL enable
+# Defaults to []
+# Possible values : 'ec2', 'osapi_compute', 'metadata'
+#
+# [*cert_file*]
+# (optinal) Certificate file to use when starting API server securely
+# Defaults to false, not set
+#
+# [*key_file*]
+# (optional) Private key file to use when starting API server securely
+# Defaults to false, not set
+#
+# [*ca_file*]
+# (optional) CA certificate file to use to verify connecting clients
+# Defaults to false, not set_
+#
+# [*nova_user_id*]
+# (optional) Create the nova user with the specified gid.
+# Changing to a new uid after specifying a different uid previously,
+# or using this option after the nova account already exists will break
+# the ownership of all files/dirs owned by nova. It is strongly encouraged
+# not to use this option and instead create user before nova class or
+# for network shares create netgroup into which you'll put nova on all the
+# nodes. If undef no user will be created and user creation will standardly
+# happen in nova-common package.
+# Defaults to undef.
+#
+# [*nova_group_id*]
+# (optional) Create the nova user with the specified gid.
+# Changing to a new uid after specifying a different uid previously,
+# or using this option after the nova account already exists will break
+# the ownership of all files/dirs owned by nova. It is strongly encouraged
+# not to use this option and instead create group before nova class or for
+# network shares create netgroup into which you'll put nova on all the
+# nodes. If undef no user or group will be created and creation will
+# happen in nova-common package.
+# Defaults to undef.
+#
+# [*nova_public_key*]
+# (optional) Install public key in .ssh/authorized_keys for the 'nova' user.
+# Expects a hash of the form { type => 'key-type', key => 'key-data' } where
+# 'key-type' is one of (ssh-rsa, ssh-dsa, ssh-ecdsa) and 'key-data' is the
+# actual key data (e.g, 'AAAA...').
+#
+# [*nova_private_key*]
+# (optional) Install private key into .ssh/id_rsa (or appropriate equivalent
+# for key type). Expects a hash of the form { type => 'key-type', key =>
+# 'key-data' }, where 'key-type' is one of (ssh-rsa, ssh-dsa, ssh-ecdsa) and
+# 'key-data' is the contents of the private key file.
+#
+# [*nova_shell*]
+# (optional) Set shell for 'nova' user to the specified value.
+# Defaults to '/bin/false'.
+#
+# [*mysql_module*]
+# (optional) Deprecated. Does nothing.
+#
+# [*notification_driver*]
+# (optional) Driver or drivers to handle sending notifications.
+# Value can be a string or a list.
+# Defaults to []
+#
+# [*notification_topics*]
+# (optional) AMQP topic used for OpenStack notifications
+# Defaults to 'notifications'
+#
+# [*notify_api_faults*]
+# (optional) If set, send api.fault notifications on caught
+# exceptions in the API service
+# Defaults to false
+#
+# [*notify_on_state_change*]
+# (optional) If set, send compute.instance.update notifications
+# on instance state changes. Valid values are None for no notifications,
+# "vm_state" for notifications on VM state changes, or "vm_and_task_state"
+# for notifications on VM and task state changes.
+# Defaults to undef
+#
+# [*os_region_name*]
+# (optional) Sets the os_region_name flag. For environments with
+# more than one endpoint per service, this is required to make
+# things such as cinder volume attach work. If you don't set this
+# and you have multiple endpoints, you will get AmbiguousEndpoint
+# exceptions in the nova API service.
+# Defaults to undef
+class nova(
+ $ensure_package = 'present',
+ $database_connection = false,
+ $slave_connection = false,
+ $database_idle_timeout = 3600,
+ $rpc_backend = 'rabbit',
+ $image_service = 'nova.image.glance.GlanceImageService',
+ # these glance params should be optional
+ # this should probably just be configured as a glance client
+ $glance_api_servers = 'localhost:9292',
+ $memcached_servers = false,
+ $rabbit_host = 'localhost',
+ $rabbit_hosts = false,
+ $rabbit_password = 'guest',
+ $rabbit_port = '5672',
+ $rabbit_userid = 'guest',
+ $rabbit_virtual_host = '/',
+ $rabbit_use_ssl = false,
+ $rabbit_ha_queues = undef,
+ $kombu_ssl_ca_certs = undef,
+ $kombu_ssl_certfile = undef,
+ $kombu_ssl_keyfile = undef,
+ $kombu_ssl_version = 'TLSv1',
+ $amqp_durable_queues = false,
+ $qpid_hostname = 'localhost',
+ $qpid_port = '5672',
+ $qpid_username = 'guest',
+ $qpid_password = 'guest',
+ $qpid_sasl_mechanisms = false,
+ $qpid_heartbeat = 60,
+ $qpid_protocol = 'tcp',
+ $qpid_tcp_nodelay = true,
+ $auth_strategy = 'keystone',
+ $service_down_time = 60,
+ $log_dir = '/var/log/nova',
+ $state_path = '/var/lib/nova',
+ $lock_path = $::nova::params::lock_path,
+ $verbose = false,
+ $debug = false,
+ $periodic_interval = '60',
+ $report_interval = '10',
+ $rootwrap_config = '/etc/nova/rootwrap.conf',
+ $use_ssl = false,
+ $enabled_ssl_apis = ['ec2', 'metadata', 'osapi_compute'],
+ $ca_file = false,
+ $cert_file = false,
+ $key_file = false,
+ $nova_user_id = undef,
+ $nova_group_id = undef,
+ $nova_public_key = undef,
+ $nova_private_key = undef,
+ $nova_shell = '/bin/false',
+ # deprecated in folsom
+ #$root_helper = $::nova::params::root_helper,
+ $monitoring_notifications = false,
+ $use_syslog = false,
+ $log_facility = 'LOG_USER',
+ $install_utilities = true,
+ $notification_driver = [],
+ $notification_topics = 'notifications',
+ $notify_api_faults = false,
+ $notify_on_state_change = undef,
+ # DEPRECATED PARAMETERS
+ $mysql_module = undef,
+ # this is how to query all resources from our clutser
+ $nova_cluster_id = undef,
+ $sql_connection = false,
+ $sql_idle_timeout = false,
+ $logdir = false,
+ $os_region_name = undef,
+) inherits nova::params {
+
+ # maintain backward compatibility
+ include nova::db
+
+ if $mysql_module {
+ warning('The mysql_module parameter is deprecated. The latest 2.x mysql module will be used.')
+ }
+
+ if $nova_cluster_id {
+ warning('The nova_cluster_id parameter is deprecated and has no effect.')
+ }
+
+ validate_array($enabled_ssl_apis)
+ if empty($enabled_ssl_apis) and $use_ssl {
+ warning('enabled_ssl_apis is empty but use_ssl is set to true')
+ }
+
+ if $use_ssl {
+ if !$cert_file {
+ fail('The cert_file parameter is required when use_ssl is set to true')
+ }
+ if !$key_file {
+ fail('The key_file parameter is required when use_ssl is set to true')
+ }
+ }
+
+ if $kombu_ssl_ca_certs and !$rabbit_use_ssl {
+ fail('The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true')
+ }
+ if $kombu_ssl_certfile and !$rabbit_use_ssl {
+ fail('The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true')
+ }
+ if $kombu_ssl_keyfile and !$rabbit_use_ssl {
+ fail('The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true')
+ }
+ if ($kombu_ssl_certfile and !$kombu_ssl_keyfile) or ($kombu_ssl_keyfile and !$kombu_ssl_certfile) {
+ fail('The kombu_ssl_certfile and kombu_ssl_keyfile parameters must be used together')
+ }
+
+ if $nova_group_id {
+ warning('The nova_group_id will be deprecated, please create group manually')
+ group { 'nova':
+ ensure => present,
+ system => true,
+ gid => $nova_group_id,
+ before => Package['nova-common'],
+ }
+ }
+ if $nova_user_id {
+ warning('The nova_user_id will be deprecated, please create user manually')
+ user { 'nova':
+ ensure => present,
+ system => true,
+ groups => 'nova',
+ home => '/var/lib/nova',
+ managehome => false,
+ shell => $nova_shell,
+ uid => $nova_user_id,
+ gid => $nova_group_id,
+ before => Package['nova-common'],
+ require => Group['nova'],
+ }
+ }
+
+ if $nova_public_key or $nova_private_key {
+ file { '/var/lib/nova/.ssh':
+ ensure => directory,
+ mode => '0700',
+ owner => 'nova',
+ group => 'nova',
+ require => Package['nova-common'],
+ }
+
+ if $nova_public_key {
+ if ! $nova_public_key[key] or ! $nova_public_key['type'] {
+ fail('You must provide both a key type and key data.')
+ }
+
+ ssh_authorized_key { 'nova-migration-public-key':
+ ensure => present,
+ key => $nova_public_key[key],
+ type => $nova_public_key['type'],
+ user => 'nova',
+ require => File['/var/lib/nova/.ssh'],
+ }
+ }
+
+ if $nova_private_key {
+ if ! $nova_private_key[key] or ! $nova_private_key['type'] {
+ fail('You must provide both a key type and key data.')
+ }
+
+ $nova_private_key_file = $nova_private_key['type'] ? {
+ 'ssh-rsa' => '/var/lib/nova/.ssh/id_rsa',
+ 'ssh-dsa' => '/var/lib/nova/.ssh/id_dsa',
+ 'ssh-ecdsa' => '/var/lib/nova/.ssh/id_ecdsa',
+ default => undef
+ }
+
+ if ! $nova_private_key_file {
+ fail("Unable to determine name of private key file. Type specified was '${nova_private_key['type']}' but should be one of: ssh-rsa, ssh-dsa, ssh-ecdsa.")
+ }
+
+ file { $nova_private_key_file:
+ content => $nova_private_key[key],
+ mode => '0600',
+ owner => 'nova',
+ group => 'nova',
+ require => [ File['/var/lib/nova/.ssh'], Package['nova-common'] ],
+ }
+ }
+ }
+
+
+ # all nova_config resources should be applied
+ # after the nova common package
+ # before the file resource for nova.conf is managed
+ # and before the post config resource
+ Package['nova-common'] -> Nova_config<| |> -> File['/etc/nova/nova.conf']
+ Nova_config<| |> ~> Exec['post-nova_config']
+
+ # TODO - see if these packages can be removed
+ # they should be handled as package deps by the OS
+ package { 'python':
+ ensure => present,
+ }
+ package { 'python-greenlet':
+ ensure => present,
+ require => Package['python'],
+ }
+
+ if $install_utilities {
+ class { 'nova::utilities': }
+ }
+
+ # this anchor is used to simplify the graph between nova components by
+ # allowing a resource to serve as a point where the configuration of nova begins
+ anchor { 'nova-start': }
+
+ package { 'python-nova':
+ ensure => $ensure_package,
+ require => Package['python-greenlet'],
+ tag => ['openstack', 'nova'],
+ }
+
+ package { 'nova-common':
+ ensure => $ensure_package,
+ name => $::nova::params::common_package_name,
+ require => [Package['python-nova'], Anchor['nova-start']],
+ tag => ['openstack', 'nova'],
+ }
+
+ file { '/etc/nova/nova.conf':
+ mode => '0640',
+ owner => 'nova',
+ group => 'nova',
+ require => Package['nova-common'],
+ }
+
+ # used by debian/ubuntu in nova::network_bridge to refresh
+ # interfaces based on /etc/network/interfaces
+ exec { 'networking-refresh':
+ command => '/sbin/ifdown -a ; /sbin/ifup -a',
+ refreshonly => true,
+ }
+
+ nova_config { 'DEFAULT/image_service': value => $image_service }
+
+ if $image_service == 'nova.image.glance.GlanceImageService' {
+ if $glance_api_servers {
+ nova_config { 'glance/api_servers': value => $glance_api_servers }
+ }
+ }
+
+ nova_config { 'DEFAULT/auth_strategy': value => $auth_strategy }
+
+ if $memcached_servers {
+ nova_config { 'DEFAULT/memcached_servers': value => join($memcached_servers, ',') }
+ } else {
+ nova_config { 'DEFAULT/memcached_servers': ensure => absent }
+ }
+
+ # we keep "nova.openstack.common.rpc.impl_kombu" for backward compatibility
+ # but since Icehouse, "rabbit" is enough.
+ if $rpc_backend == 'nova.openstack.common.rpc.impl_kombu' or $rpc_backend == 'rabbit' {
+ # I may want to support exporting and collecting these
+ nova_config {
+ 'DEFAULT/rabbit_password': value => $rabbit_password, secret => true;
+ 'DEFAULT/rabbit_userid': value => $rabbit_userid;
+ 'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host;
+ 'DEFAULT/rabbit_use_ssl': value => $rabbit_use_ssl;
+ 'DEFAULT/amqp_durable_queues': value => $amqp_durable_queues;
+ }
+
+ if $rabbit_use_ssl {
+
+ if $kombu_ssl_ca_certs {
+ nova_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs; }
+ } else {
+ nova_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent; }
+ }
+
+ if $kombu_ssl_certfile or $kombu_ssl_keyfile {
+ nova_config {
+ 'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile;
+ 'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile;
+ }
+ } else {
+ nova_config {
+ 'DEFAULT/kombu_ssl_certfile': ensure => absent;
+ 'DEFAULT/kombu_ssl_keyfile': ensure => absent;
+ }
+ }
+
+ if $kombu_ssl_version {
+ nova_config { 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version; }
+ } else {
+ nova_config { 'DEFAULT/kombu_ssl_version': ensure => absent; }
+ }
+
+ } else {
+ nova_config {
+ 'DEFAULT/kombu_ssl_ca_certs': ensure => absent;
+ 'DEFAULT/kombu_ssl_certfile': ensure => absent;
+ 'DEFAULT/kombu_ssl_keyfile': ensure => absent;
+ 'DEFAULT/kombu_ssl_version': ensure => absent;
+ }
+ }
+
+ if $rabbit_hosts {
+ nova_config { 'DEFAULT/rabbit_hosts': value => join($rabbit_hosts, ',') }
+ } else {
+ nova_config { 'DEFAULT/rabbit_host': value => $rabbit_host }
+ nova_config { 'DEFAULT/rabbit_port': value => $rabbit_port }
+ nova_config { 'DEFAULT/rabbit_hosts': value => "${rabbit_host}:${rabbit_port}" }
+ }
+ if $rabbit_ha_queues == undef {
+ if $rabbit_hosts {
+ nova_config { 'DEFAULT/rabbit_ha_queues': value => true }
+ } else {
+ nova_config { 'DEFAULT/rabbit_ha_queues': value => false }
+ }
+ } else {
+ nova_config { 'DEFAULT/rabbit_ha_queues': value => $rabbit_ha_queues }
+ }
+ }
+
+ # we keep "nova.openstack.common.rpc.impl_qpid" for backward compatibility
+ # but since Icehouse, "qpid" is enough.
+ if $rpc_backend == 'nova.openstack.common.rpc.impl_qpid' or $rpc_backend == 'qpid' {
+ nova_config {
+ 'DEFAULT/qpid_hostname': value => $qpid_hostname;
+ 'DEFAULT/qpid_port': value => $qpid_port;
+ 'DEFAULT/qpid_username': value => $qpid_username;
+ 'DEFAULT/qpid_password': value => $qpid_password, secret => true;
+ 'DEFAULT/qpid_heartbeat': value => $qpid_heartbeat;
+ 'DEFAULT/qpid_protocol': value => $qpid_protocol;
+ 'DEFAULT/qpid_tcp_nodelay': value => $qpid_tcp_nodelay;
+ }
+ if is_array($qpid_sasl_mechanisms) {
+ nova_config {
+ 'DEFAULT/qpid_sasl_mechanisms': value => join($qpid_sasl_mechanisms, ' ');
+ }
+ }
+ elsif $qpid_sasl_mechanisms {
+ nova_config {
+ 'DEFAULT/qpid_sasl_mechanisms': value => $qpid_sasl_mechanisms;
+ }
+ }
+ else {
+ nova_config {
+ 'DEFAULT/qpid_sasl_mechanisms': ensure => absent;
+ }
+ }
+ }
+
+ # SSL Options
+ if $use_ssl {
+ nova_config {
+ 'DEFAULT/enabled_ssl_apis' : value => join($enabled_ssl_apis, ',');
+ 'DEFAULT/ssl_cert_file' : value => $cert_file;
+ 'DEFAULT/ssl_key_file' : value => $key_file;
+ }
+ if $ca_file {
+ nova_config { 'DEFAULT/ssl_ca_file' :
+ value => $ca_file,
+ }
+ } else {
+ nova_config { 'DEFAULT/ssl_ca_file' :
+ ensure => absent,
+ }
+ }
+ } else {
+ nova_config {
+ 'DEFAULT/enabled_ssl_apis' : ensure => absent;
+ 'DEFAULT/ssl_cert_file' : ensure => absent;
+ 'DEFAULT/ssl_key_file' : ensure => absent;
+ 'DEFAULT/ssl_ca_file' : ensure => absent;
+ }
+ }
+
+ if $logdir {
+ warning('The logdir parameter is deprecated, use log_dir instead.')
+ $log_dir_real = $logdir
+ } else {
+ $log_dir_real = $log_dir
+ }
+
+ if $log_dir_real {
+ file { $log_dir_real:
+ ensure => directory,
+ mode => '0750',
+ owner => 'nova',
+ group => $::nova::params::nova_log_group,
+ require => Package['nova-common'],
+ }
+ nova_config { 'DEFAULT/log_dir': value => $log_dir_real;}
+ } else {
+ nova_config { 'DEFAULT/log_dir': ensure => absent;}
+ }
+
+ if $monitoring_notifications {
+ warning('The monitoring_notifications parameter is deprecated, use notification_driver instead.')
+ $notification_driver_real = 'nova.openstack.common.notifier.rpc_notifier'
+ } else {
+ $notification_driver_real = is_string($notification_driver) ? {
+ true => $notification_driver,
+ default => join($notification_driver, ',')
+ }
+ }
+
+ nova_config {
+ 'DEFAULT/verbose': value => $verbose;
+ 'DEFAULT/debug': value => $debug;
+ 'DEFAULT/rpc_backend': value => $rpc_backend;
+ 'DEFAULT/notification_driver': value => $notification_driver_real;
+ 'DEFAULT/notification_topics': value => $notification_topics;
+ 'DEFAULT/notify_api_faults': value => $notify_api_faults;
+ # Following may need to be broken out to different nova services
+ 'DEFAULT/state_path': value => $state_path;
+ 'DEFAULT/lock_path': value => $lock_path;
+ 'DEFAULT/service_down_time': value => $service_down_time;
+ 'DEFAULT/rootwrap_config': value => $rootwrap_config;
+ 'DEFAULT/report_interval': value => $report_interval;
+ }
+
+ if $notify_on_state_change and $notify_on_state_change in ['vm_state', 'vm_and_task_state'] {
+ nova_config {
+ 'DEFAULT/notify_on_state_change': value => $notify_on_state_change;
+ }
+ } else {
+ nova_config { 'DEFAULT/notify_on_state_change': ensure => absent; }
+ }
+
+ # Syslog configuration
+ if $use_syslog {
+ nova_config {
+ 'DEFAULT/use_syslog': value => true;
+ 'DEFAULT/syslog_log_facility': value => $log_facility;
+ }
+ } else {
+ nova_config {
+ 'DEFAULT/use_syslog': value => false;
+ }
+ }
+
+ if $os_region_name {
+ nova_config {
+ 'DEFAULT/os_region_name': value => $os_region_name;
+ }
+ }
+ else {
+ nova_config {
+ 'DEFAULT/os_region_name': ensure => absent;
+ }
+ }
+
+ exec { 'post-nova_config':
+ command => '/bin/echo "Nova config has changed"',
+ refreshonly => true,
+ }
+
+}