Chef Cookbook - common OpenStack configuration
Switch branches/tags
Nothing to show
Pull request Compare This branch is 307 commits behind openstack:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


This cookbook provides common setup recipes, helper methods and attributes that describe an OpenStack deployment as part of the OpenStack reference deployment Chef for OpenStack.


  • Chef 0.10.0 or higher required (for Chef environment use).


The following cookbooks are dependencies:

  • apt
  • database


Please see the extensive inline documentation in attributes/default.rb for descriptions of all the settable attributes for this cookbook.

Note that all attributes are in the default["openstack"] "namespace"



Installs/Configures common recipes

"run_list": [


Installs/Configures common logging

"run_list": [


Iterates over the contents of the node['openstack']['endpoints'] hash and finds any occurrence of bind_interface to set the IP address (node['openstack']['endpoints']['identity']['bind_interface'] = 'eth0' for example, overriding node['openstack']['endpoints']['identity']['host']). If bind_interface isn't set, the value of host is not modified.

"run_list": [


Iterates over the contents of the node['openstack']['sysctl'] hash and writes the entries to /etc/sysctl.d/60-openstack.conf.

"run_list": [


This cookbook exposes a set of default library routines:

  • endpoint -- Used to return a ::URI object representing the named OpenStack endpoint
  • endpoints -- Useful for operating on all OpenStack endpoints
  • db -- Returns a Hash of information about a named OpenStack database
  • db_uri -- Returns the SQLAlchemy RFC-1738 DB URI (see: for a named OpenStack database
  • db_create_with_user -- Creates a database and database user for a named OpenStack database
  • secret -- Returns the value of an encrypted data bag for a named OpenStack secret key and key-section
  • get_password -- Ease-of-use helper that returns the decrypted password for a named database, service or keystone user.


The following are code examples showing the above library routines in action. Remember when using the library routines exposed by this library to include the Openstack routines in your recipe's ::Chef::Recipe namespace, like so:

class ::Chef::Recipe
  include ::Openstack

Example of using the endpoint routine:

nova_api_ep = endpoint "compute-api""Using Openstack Compute API endpoint at #{nova_api_ep.to_s}")

# Note that endpoint URIs may contain variable interpolation markers such
# as `%(tenant_id)s`, so you may need to decode them. Do so like this:

require "uri"

puts ::URI.decode nova_api_ap.to_s

Example of using the get_password and db_uri routine:

db_pass = get_password "db" "cinder"
db_user = node["cinder"]["db"]["user"]
sql_connection = db_uri "volume", db_user, db_pass

template "/etc/cinder/cinder.conf" do
  source "cinder.conf.erb"
  owner  node["cinder"]["user"]
  group  node["cinder"]["group"]
  mode   00644
    "sql_connection" => sql_connection

URI Operations

Use the Openstack::uri_from_hash routine to helpfully return a ::URI::Generic object for a hash that contains any of the following keys:

  • host
  • uri
  • port
  • path
  • scheme

If the uri key is in the hash, that will be used as the URI, otherwise the URI will be constructed from the various parts of the hash corresponding to the keys above.

# Suppose node hash contains the following subhash in the :identity_service key:
# {
#   :host => '',
#   :port => 5000,
#   :scheme => 'https'
# }
uri = ::Openstack::uri_from_hash(node[:identity_service])
# uri.to_s would == ""

The routine will return nil if neither a uri or host key exists in the supplied hash.

Using the library without prefixing with ::Openstack

Don't like prefixing calls to the library's routines with ::Openstack? Do this:

class ::Chef::Recipe
  include ::Openstack

in your recipe.


Please refer to the for instructions for testing the cookbook.

License and Author

Author Jay Pipes (
Author John Dewey (
Author Matt Ray (
Author Craig Tracey (
Author Sean Gallagher (
Author Ionut Artarisi (
Author Chen Zhiwei (
Copyright Copyright (c) 2012-2013, AT&T Services, Inc.
Copyright Copyright (c) 2013, Opscode, Inc.
Copyright Copyright (c) 2013, Craig Tracey
Copyright Copyright (c) 2013, SUSE Linux GmbH
Copyright Copyright (c) 2013-2014, IBM, Corp.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.