diff --git a/manifests/compute/consoleproxy.pp b/manifests/compute/consoleproxy.pp index 30cda4db..b1ff40a7 100644 --- a/manifests/compute/consoleproxy.pp +++ b/manifests/compute/consoleproxy.pp @@ -23,6 +23,14 @@ # (optional) Hostname or IP to bind Nova spicehtmlproxy service. # Defaults to '127.0.0.1' # +# [*console*] +# (optional) Nova's console type (spice or novnc) +# Defaults to 'spice' +# +# [*novnc_port*] +# (optional) TCP port to bind Nova novnc service. +# Defaults to '6080' +# # [*spice_port*] # (optional) TCP port to bind Nova spicehtmlproxy service. # Defaults to '6082' @@ -34,29 +42,46 @@ # class cloud::compute::consoleproxy( $api_eth = '127.0.0.1', + $console = 'spice', + $novnc_port = '6080', $spice_port = '6082', $firewall_settings = {}, ){ include 'cloud::compute' - class { 'nova::spicehtml5proxy': + case $console { + 'spice': { + $port = $spice_port + $proxy = 'spicehtml5proxy' + } + 'novnc': { + $port = $novnc_port + $proxy = 'vncproxy' + } + default: { + fail("Unsupported console type ${console}") + } + } + + class { "nova::${proxy}": enabled => true, - host => $api_eth + host => $api_eth, + port => $port } if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow spice access': - port => $spice_port, + cloud::firewall::rule{ "100 allow ${console} access": + port => $port, extras => $firewall_settings, } } - @@haproxy::balancermember{"${::fqdn}-compute_spice": - listening_service => 'spice_cluster', + @@haproxy::balancermember{"${::fqdn}-compute_${console}": + listening_service => "${console}_cluster", server_names => $::hostname, ipaddresses => $api_eth, - ports => $spice_port, + ports => $port, options => 'check inter 2000 rise 2 fall 5' } } diff --git a/manifests/compute/hypervisor.pp b/manifests/compute/hypervisor.pp index d37c4d7c..4b2a1ba3 100644 --- a/manifests/compute/hypervisor.pp +++ b/manifests/compute/hypervisor.pp @@ -48,6 +48,14 @@ # you must provide the entire ssh privatekey in this parameter. # Defaults to undef # +# [*console*] +# (optional) Nova's console type (spice or novnc) +# Defaults to 'spice' +# +# [*novnc_port*] +# (optional) TCP port to connect to Nova vncproxy service. +# Defaults to '6080' +# # [*spice_port*] # (optional) TCP port to connect to Nova spicehtmlproxy service. # Defaults to '6082' @@ -106,12 +114,12 @@ # Need to be a valid shell path. # Defaults to false # -# [*ks_spice_public_proto*] -# (optional) Protocol used to connect to Spice service. +# [*ks_console_public_proto*] +# (optional) Protocol used to connect to console service. # Defaults to false (use nova_public_proto) # -# [*ks_spice_public_host*] -# (optional) Hostname or IP used to connect to Spice service. +# [*ks_console_public_host*] +# (optional) Hostname or IP used to connect to console service. # Defaults to false (use nova_public_host) # # [*firewall_settings*] @@ -126,7 +134,11 @@ class cloud::compute::hypervisor( $ks_nova_public_host = '127.0.0.1', $nova_ssh_private_key = undef, $nova_ssh_public_key = undef, - $spice_port = 6082, + $console = 'spice', + $novnc_port = '6080', + $spice_port = '6082', + $ks_console_public_proto = 'http', + $ks_console_public_host = '127.0.0.1', $cinder_rbd_user = 'cinder', $nova_rbd_pool = 'vms', $nova_rbd_secret_uuid = undef, @@ -140,8 +152,6 @@ class cloud::compute::hypervisor( $nfs_device = false, $nfs_options = 'defaults', $filesystem_store_datadir = '/var/lib/nova/instances', - $ks_spice_public_proto = 'http', - $ks_spice_public_host = '127.0.0.1', ) inherits cloud::params { include 'cloud::compute' @@ -226,21 +236,39 @@ Host * }) } - class { 'nova::compute': - enabled => true, - vnc_enabled => false, - #TODO(EmilienM) Bug #1259545 currently WIP: - virtio_nic => false, - neutron_enabled => true - } + case $console { + 'spice': { + class { 'nova::compute': + enabled => true, + vnc_enabled => false, + virtio_nic => false, + neutron_enabled => true + } - class { 'nova::compute::spice': - server_listen => '0.0.0.0', - server_proxyclient_address => $server_proxyclient_address, - proxy_host => $ks_spice_public_host, - proxy_protocol => $ks_spice_public_proto, - proxy_port => $spice_port + class { 'nova::compute::spice': + server_listen => '0.0.0.0', + server_proxyclient_address => $server_proxyclient_address, + proxy_host => $ks_console_public_host, + proxy_protocol => $ks_console_public_proto, + proxy_port => $spice_port + } + } + 'novnc': { + class { 'nova::compute': + enabled => true, + vnc_enabled => true, + vncserver_proxyclient_address => $server_proxyclient_address, + vncproxy_host => $ks_console_public_host, + vncproxy_protocol => $ks_console_public_proto, + vncproxy_port => $novnc_port, + virtio_nic => false, + neutron_enabled => true + } + } + default: { + fail("upported console type ${console}") + } } if $::osfamily == 'RedHat' { diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index 01a73137..8cbf2f67 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -155,6 +155,13 @@ # If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. # If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. # If set to false, no binding will be configure. +# Defaults to true +# +# [*novnc*] +# (optional) Enable or not novnc binding. +# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. +# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. +# If set to false, no binding will be configure. # Defaults to false # # [*metadata_api*] @@ -277,6 +284,11 @@ # service configuration block. # Defaults to [] # +# [*novnc_bind_options*] +# (optional) A hash of options that are inserted into the HAproxy listening +# service configuration block. +# Defaults to [] +# # [*horizon_bind_options*] # (optional) A hash of options that are inserted into the HAproxy listening # service configuration block. @@ -369,6 +381,10 @@ # (optional) TCP port to connect to Nova spicehtmlproxy service. # Defaults to '6082' # +# [*novnc_port*] +# (optional) TCP port to connect to Nova vncproxy service. +# Defaults to '6080' +# # [*rabbitmq_port*] # (optional) Port of RabbitMQ service. # Defaults to '5672' @@ -420,6 +436,7 @@ class cloud::loadbalancer( $horizon_ssl = false, $rabbitmq = false, $spice = true, + $novnc = false, $haproxy_auth = 'admin:changeme', $keepalived_state = 'BACKUP', $keepalived_priority = '50', @@ -446,6 +463,7 @@ class cloud::loadbalancer( $trove_bind_options = [], $swift_bind_options = [], $spice_bind_options = [], + $novnc_bind_options = [], $horizon_bind_options = [], $horizon_ssl_bind_options = [], $rabbitmq_bind_options = [], @@ -469,6 +487,7 @@ class cloud::loadbalancer( $horizon_port = 80, $horizon_ssl_port = 443, $spice_port = 6082, + $novnc_port = 6080, $vip_public_ip = ['127.0.0.1'], $vip_internal_ip = false, $vip_monitor_ip = false, @@ -620,6 +639,19 @@ class cloud::loadbalancer( bind_options => $spice_bind_options, firewall_settings => $firewall_settings, } + cloud::loadbalancer::binding { 'novnc_cluster': + ip => $novnc, + port => $novnc_port, + options => { + 'mode' => 'tcp', + 'option' => ['tcpka', 'tcplog', 'forwardfor'], + 'balance' => 'source', + 'timeout server' => '120m', + 'timeout client' => '120m', + }, + bind_options => $novnc_bind_options, + firewall_settings => $firewall_settings, + } cloud::loadbalancer::binding { 'rabbitmq_cluster': ip => $rabbitmq, port => $rabbitmq_port, diff --git a/spec/classes/cloud_compute_consoleproxy_spec.rb b/spec/classes/cloud_compute_consoleproxy_spec.rb index ae2ddab1..323dd138 100644 --- a/spec/classes/cloud_compute_consoleproxy_spec.rb +++ b/spec/classes/cloud_compute_consoleproxy_spec.rb @@ -90,10 +90,26 @@ describe 'cloud::compute::consoleproxy' do it 'configure nova-spicehtml5proxy' do is_expected.to contain_class('nova::spicehtml5proxy').with( :enabled => true, - :host => '10.0.0.1' + :host => '10.0.0.1', + :port => '6082' ) end + context 'with novnc console' do + before :each do + params.merge!( + :console => 'novnc', + :novnc_port => '6080' ) + end + it 'configure nova-vncproxy' do + is_expected.to contain_class('nova::vncproxy').with( + :enabled => true, + :host => '10.0.0.1', + :port => '6080' + ) + end + end + context 'with default firewall enabled' do let :pre_condition do "class { 'cloud': manage_firewall => true }" diff --git a/spec/classes/cloud_compute_hypervisor_spec.rb b/spec/classes/cloud_compute_hypervisor_spec.rb index f13e3191..9cd4e89e 100644 --- a/spec/classes/cloud_compute_hypervisor_spec.rb +++ b/spec/classes/cloud_compute_hypervisor_spec.rb @@ -71,8 +71,8 @@ describe 'cloud::compute::hypervisor' do :nova_ssh_private_key => 'secrete', :nova_ssh_public_key => 'public', :ks_nova_public_proto => 'http', - :ks_spice_public_proto => 'https', - :ks_spice_public_host => '10.0.0.2', + :ks_console_public_proto => 'https', + :ks_console_public_host => '10.0.0.2', :vm_rbd => false, :volume_rbd => false, :nova_shell => false, @@ -235,6 +235,26 @@ describe 'cloud::compute::hypervisor' do is_expected.to contain_nova_config('libvirt/block_migration_flag').with('value' => 'VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_NON_SHARED_INC') end + context 'witch novnc console' do + before :each do + params.merge!( + :console => 'novnc', + :novnc_port => '6080' ) + end + it 'configure nova-compute' do + is_expected.to contain_class('nova::compute').with( + :enabled => true, + :vnc_enabled => true, + :vncserver_proxyclient_address => '7.0.0.1', + :vncproxy_host => '10.0.0.2', + :vncproxy_protocol => 'https', + :vncproxy_port => '6080', + :virtio_nic => false, + :neutron_enabled => true + ) + end + end + context 'with dbus on Ubuntu' do let :facts do { :osfamily => 'Debian', diff --git a/spec/classes/cloud_loadbalancer_spec.rb b/spec/classes/cloud_loadbalancer_spec.rb index e8b2edc4..b957ddae 100644 --- a/spec/classes/cloud_loadbalancer_spec.rb +++ b/spec/classes/cloud_loadbalancer_spec.rb @@ -273,6 +273,26 @@ describe 'cloud::loadbalancer' do )} end + context 'configure Openstack Nova with novnc' do + before do + params.merge!( + :spice => false, + :novnc => true, + :novnc_port => 6080 ) + end + it { is_expected.to contain_haproxy__listen('novnc_cluster').with( + :ipaddress => [params[:vip_public_ip]], + :ports => '6080', + :options => { + 'mode' => 'tcp', + 'balance' => 'source', + 'option' => ['tcpka', 'tcplog', 'forwardfor'], + 'timeout server' => '120m', + 'timeout client' => '120m' + } + )} + end + context 'configure OpenStack binding on both public and internal networks' do before do params.merge!(