Puppet Class: nova::vncproxy

Defined in:
manifests/vncproxy.pp

Overview

Class: nova::vncproxy

Configures nova vnc proxy

Parameters:

enabled

(optional) Whether to run the vncproxy service Defaults to true

manage_service

(optional) Whether to start/stop the service Defaults to true

host

(optional) Host on which to listen for incoming requests Defaults to ‘0.0.0.0’

port

(optional) Port on which to listen for incoming requests Defaults to ‘6080’

ensure_package

(optional) The state of the nova-novncproxy package Defaults to ‘present’

vncproxy_protocol

(optional) The protocol to communicate with the VNC proxy server Defaults to ‘http’

vncproxy_path

(optional) The path at the end of the uri for communication with the VNC proxy server Defaults to ‘/vnc_auto.html’

allow_noauth

(optional) Whether connections to unauthenticated/unencrypted VNC servers are permitted. Defaults to true

allow_vencrypt

(optional) Whether connections to VNC servers supporting vencrypt are permitted. Defaults to false

vencrypt_key

(optional) path to the private key to use when connecting to VNC servers supporting vencrypt Required when allow_vencrypt is true. Defaults to undef

vencrypt_cert

(optional) path to the certificate to use when connecting to VNC servers supporting vencrypt Required when allow_vencrypt is true. Defaults to undef

vencrypt_ca

(optional) path to the certificate authority cert to use when connecting to VNC servers that supporting vencrypt Required when allow_vencrypt is true. Defaults to undef

Parameters:

  • enabled (Any) (defaults to: true)
  • manage_service (Any) (defaults to: true)
  • vncproxy_protocol (Any) (defaults to: 'http')
  • host (Any) (defaults to: '0.0.0.0')
  • port (Any) (defaults to: '6080')
  • vncproxy_path (Any) (defaults to: '/vnc_auto.html')
  • ensure_package (Any) (defaults to: 'present')
  • allow_noauth (Any) (defaults to: true)
  • allow_vencrypt (Any) (defaults to: false)
  • vencrypt_key (Any) (defaults to: undef)
  • vencrypt_cert (Any) (defaults to: undef)
  • vencrypt_ca (Any) (defaults to: undef) 


64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
 
# File 'manifests/vncproxy.pp', line 64

class nova::vncproxy(
  $enabled           = true,
  $manage_service    = true,
  $vncproxy_protocol = 'http',
  $host              = '0.0.0.0',
  $port              = '6080',
  $vncproxy_path     = '/vnc_auto.html',
  $ensure_package    = 'present',
  $allow_noauth      = true,
  $allow_vencrypt    = false,
  $vencrypt_key      = undef,
  $vencrypt_cert     = undef,
  $vencrypt_ca       = undef,
) {

  include nova::deps
  include nova::params

  if (!$allow_noauth and !$allow_vencrypt) {
    fail('Either allow_noauth or allow_vencrypt must be true')
  }

  if $allow_vencrypt {

    if (!$vencrypt_ca or !$vencrypt_cert or !$vencrypt_key) {
      fail('vencrypt_ca/cert/key params are required when allow_vencrypt is true')
    }
    nova_config {
      'vnc/vencrypt_ca_certs':    value => $vencrypt_ca;
      'vnc/vencrypt_client_cert': value => $vencrypt_cert;
      'vnc/vencrypt_client_key':  value => $vencrypt_key;
    }

    if $allow_noauth {
      $auth_schemes = 'vencrypt,none'
    } else {
      $auth_schemes = 'vencrypt'
    }
  } else {
    nova_config {
      'vnc/vencrypt_ca_certs':    ensure => absent;
      'vnc/vencrypt_client_cert': ensure => absent;
      'vnc/vencrypt_client_key':  ensure => absent;
    }

    $auth_schemes = 'none'
  }

  # Nodes running novncproxy do *not* need (and in fact, don't care)
  # about [vnc]/enable to be set. This setting is for compute nodes,
  # where we must select VNC or SPICE so that it can be passed on to
  # libvirt which passes it as parameter when starting VMs with KVM.
  # Therefore, this setting is set within compute.pp only.
  nova_config {
    'vnc/novncproxy_host': value => $host;
    'vnc/novncproxy_port': value => $port;
    'vnc/auth_schemes':    value => $auth_schemes;
  }

  # The Debian package needs some scheduling:
  # 1/ Install the packagin
  # 2/ Fix /etc/default/nova-consoleproxy
  # 3/ Start the service
  # Other OS don't need this scheduling and can use
  # the standard nova::generic_service
  if $::operatingsystem == 'Debian' {
    if $enabled {
      file_line { '/etc/default/nova-consoleproxy:NOVA_CONSOLE_PROXY_TYPE':
        path    => '/etc/default/nova-consoleproxy',
        match   => '^NOVA_CONSOLE_PROXY_TYPE=(.*)$',
        line    => 'NOVA_CONSOLE_PROXY_TYPE=novnc',
        tag     => 'nova-consoleproxy',
        require => Anchor['nova::config::begin'],
        notify  => Anchor['nova::config::end'],
      }
    }
  }
  nova::generic_service { 'vncproxy':
    enabled        => $enabled,
    manage_service => $manage_service,
    package_name   => $::nova::params::vncproxy_package_name,
    service_name   => $::nova::params::vncproxy_service_name,
    ensure_package => $ensure_package,
  }

}