def create_vncproxy_manifest(config, messages):
if config["CONFIG_HORIZON_SSL"] == 'y':
if config["CONFIG_VNC_SSL_CERT"]:
ssl_cert_file = config["CONFIG_VNC_SSL_CERT"]
ssl_key_file = config["CONFIG_VNC_SSL_KEY"]
if not os.path.exists(ssl_cert_file):
raise exceptions.ParamValidationError(
"The file %s doesn't exist" % ssl_cert_file)
if not os.path.exists(ssl_key_file):
raise exceptions.ParamValidationError(
"The file %s doesn't exist" % ssl_key_file)
final_cert = open(ssl_cert_file, 'rt').read()
final_key = open(ssl_key_file, 'rt').read()
deliver_ssl_file(final_cert, ssl_cert_file, config['CONFIG_CONTROLLER_HOST'])
deliver_ssl_file(final_key, ssl_key_file, config['CONFIG_CONTROLLER_HOST'])
else:
config["CONFIG_VNC_SSL_CERT"] = '/etc/pki/tls/certs/ssl_vnc.crt'
config["CONFIG_VNC_SSL_KEY"] = '/etc/pki/tls/private/ssl_vnc.key'
ssl_key_file = config["CONFIG_VNC_SSL_KEY"]
ssl_cert_file = config["CONFIG_VNC_SSL_CERT"]
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'vnc'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
def check_cinder_vg(config, messages):
cinders_volume = config["CONFIG_CINDER_VOLUME_NAME"]
# Do we have a cinder-volumes vg?
have_cinders_volume = False
server = utils.ScriptRunner(config['CONFIG_STORAGE_HOST'])
server.append('vgdisplay %s' % cinders_volume)
try:
server.execute()
have_cinders_volume = True
except exceptions.ScriptRuntimeError:
pass
if config["CONFIG_CINDER_VOLUMES_CREATE"] == "n":
if not have_cinders_volume:
raise exceptions.MissingRequirements("The cinder server should "
"contain a volume group")
match = re.match(r'^(?P<size>\d+)G$',
config['CONFIG_CINDER_VOLUMES_SIZE'].strip())
if not match:
msg = 'Invalid Cinder volumes VG size.'
raise exceptions.ParamValidationError(msg)
cinders_volume_size = int(match.group('size')) * 1024
cinders_reserve = int(cinders_volume_size * 0.03)
cinders_volume_size = cinders_volume_size + cinders_reserve
config['CONFIG_CINDER_VOLUMES_SIZE'] = '%sM' % cinders_volume_size
def create_manifest(config, messages):
config["CONFIG_HORIZON_SECRET_KEY"] = uuid.uuid4().hex
horizon_host = config['CONFIG_CONTROLLER_HOST']
manifestfile = "%s_horizon.pp" % horizon_host
proto = "http"
config["CONFIG_HORIZON_PORT"] = "'80'"
sslmanifestdata = ''
if config["CONFIG_HORIZON_SSL"] == 'y':
config["CONFIG_HORIZON_PORT"] = "'443'"
proto = "https"
sslmanifestdata += getManifestTemplate("https.pp")
# Are we using the users cert/key files
if config["CONFIG_SSL_CERT"]:
ssl_cert = config["CONFIG_SSL_CERT"]
ssl_key = config["CONFIG_SSL_KEY"]
if not os.path.exists(ssl_cert):
raise exceptions.ParamValidationError(
"The file %s doesn't exist" % ssl_cert)
if ssl_key and not os.path.exists(ssl_key):
raise exceptions.ParamValidationError(
"The file %s doesn't exist" % ssl_key)
resources = config.setdefault('RESOURCES', {})
host_resources = resources.setdefault(horizon_host, [])
host_resources.append((ssl_cert, 'ssl_ps_server.crt'))
if ssl_key:
host_resources.append(ssl_key, 'ssl_ps_server.key')
else:
messages.append(
"%sNOTE%s : A certificate was generated to be used for ssl, "
"You should change the ssl certificate configured in "
"/etc/httpd/conf.d/ssl.conf on %s to use a CA signed cert." %
(utils.COLORS['red'], utils.COLORS['nocolor'], horizon_host))
manifestdata = getManifestTemplate("horizon.pp")
manifestdata += sslmanifestdata
appendManifestFile(manifestfile, manifestdata)
msg = ("To access the OpenStack Dashboard browse to %s://%s/dashboard .\n"
"Please, find your login credentials stored in the keystonerc_admin"
" in your home directory." %
(proto, config['CONFIG_CONTROLLER_HOST']))
messages.append(msg)
def createmanifest(config):
controller.CONF["CONFIG_HORIZON_SECRET_KEY"] = uuid.uuid4().hex
horizon_host = controller.CONF['CONFIG_HORIZON_HOST']
manifestfile = "%s_horizon.pp" % horizon_host
proto = "http"
controller.CONF["CONFIG_HORIZON_PORT"] = "'80'"
sslmanifestdata = ''
if controller.CONF["CONFIG_HORIZON_SSL"] == 'y':
controller.CONF["CONFIG_HORIZON_PORT"] = "'443'"
proto = "https"
sslmanifestdata += getManifestTemplate("https.pp")
# Are we using the users cert/key files
if controller.CONF["CONFIG_SSL_CERT"]:
ssl_cert = controller.CONF["CONFIG_SSL_CERT"]
ssl_key = controller.CONF["CONFIG_SSL_KEY"]
if not os.path.exists(ssl_cert):
raise exceptions.ParamValidationError(
"The file %s doesn't exist" % ssl_cert)
if ssl_key and not os.path.exists(ssl_key):
raise exceptions.ParamValidationError(
"The file %s doesn't exist" % ssl_key)
controller.addResource(horizon_host, ssl_cert, 'ssl_ps_server.crt')
if ssl_key:
controller.addResource(
horizon_host, ssl_key, 'ssl_ps_server.key'
)
else:
controller.MESSAGES.append(
"%sNOTE%s : A certificate was generated to be used for ssl, "
"You should change the ssl certificate configured in "
"/etc/httpd/conf.d/ssl.conf on %s to use a CA signed cert."
% (basedefs.RED, basedefs.NO_COLOR, horizon_host))
manifestdata = getManifestTemplate("horizon.pp")
manifestdata += sslmanifestdata
appendManifestFile(manifestfile, manifestdata)
msg = "To use the console, browse to %s://%s/dashboard" % \
(proto, controller.CONF['CONFIG_HORIZON_HOST'])
controller.MESSAGES.append(msg)
def check_cinder_vg(config, messages):
cinders_volume = 'cinder-volumes'
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']
if config["CONFIG_CINDER_VOLUMES_CREATE"] != "y":
if not have_cinders_volume:
raise exceptions.MissingRequirements("The cinder server should "
"contain a cinder-volumes "
"volume group")
match = re.match('^(?P<size>\d+)G$',
config['CONFIG_CINDER_VOLUMES_SIZE'].strip())
if not match:
msg = 'Invalid Cinder volumes VG size.'
raise exceptions.ParamValidationError(msg)
cinders_volume_size = int(match.group('size')) * 1024
cinders_reserve = int(cinders_volume_size * 0.03)
cinders_volume_size = cinders_volume_size + cinders_reserve
config['CONFIG_CINDER_VOLUMES_SIZE'] = 'sM' % cinders_volume_size
def check_cinder_vg(config, messages):
cinders_volume = 'cinder-volumes'
# Do we have a cinder-volumes vg?
have_cinders_volume = False
server = utils.ScriptRunner(config['CONFIG_CONTROLLER_HOST'])
server.append('vgdisplay %s' % cinders_volume)
try:
server.execute()
have_cinders_volume = True
except exceptions.ScriptRuntimeError:
pass
# Configure system LVM settings (snapshot_autoextend)
server = utils.ScriptRunner(config['CONFIG_CONTROLLER_HOST'])
server.append('sed -i -r "s/^ *snapshot_autoextend_threshold +=.*/'
' snapshot_autoextend_threshold = 80/" '
'/etc/lvm/lvm.conf')
server.append('sed -i -r "s/^ *snapshot_autoextend_percent +=.*/'
' snapshot_autoextend_percent = 20/" '
'/etc/lvm/lvm.conf')
try:
server.execute()
except exceptions.ScriptRuntimeError:
logging.info("Warning: Unable to set system LVM settings.")
if config["CONFIG_CINDER_VOLUMES_CREATE"] != "y":
if not have_cinders_volume:
raise exceptions.MissingRequirements("The cinder server should "
"contain a cinder-volumes "
"volume group")
else:
if have_cinders_volume:
messages.append(output_messages.INFO_CINDER_VOLUMES_EXISTS)
return
server = utils.ScriptRunner(config['CONFIG_CONTROLLER_HOST'])
server.append('systemctl')
try:
server.execute()
rst_cmd = 'systemctl restart openstack-cinder-volume.service'
except exceptions.ScriptRuntimeError:
rst_cmd = 'service openstack-cinder-volume restart'
server.clear()
logging.info("A new cinder volumes group will be created")
cinders_volume_path = '/var/lib/cinder'
server.append('mkdir -p %s' % cinders_volume_path)
logging.debug("Volume's path: %s" % cinders_volume_path)
match = re.match('^(?P<size>\d+)G$',
config['CONFIG_CINDER_VOLUMES_SIZE'].strip())
if not match:
msg = 'Invalid Cinder volumes VG size.'
raise exceptions.ParamValidationError(msg)
cinders_volume_size = int(match.group('size')) * 1024
cinders_reserve = int(cinders_volume_size * 0.03)
cinders_volume_size = cinders_volume_size + cinders_reserve
cinders_volume_path = os.path.join(cinders_volume_path, cinders_volume)
server.append('dd if=/dev/zero of=%s bs=1 count=0 seek=%sM' %
(cinders_volume_path, cinders_volume_size))
server.append('LOFI=$(losetup --show -f %s)' % cinders_volume_path)
server.append('pvcreate $LOFI')
server.append('vgcreate %s $LOFI' % cinders_volume)
# Add the loop device on boot
server.append(
'grep %(volume)s /etc/rc.d/rc.local || '
'echo "losetup -f %(path)s && '
'vgchange -a y %(volume)s && '
'%(restart_cmd)s" '
'>> /etc/rc.d/rc.local' % {
'volume': cinders_volume,
'restart_cmd': rst_cmd,
'path': cinders_volume_path
})
server.append('grep "#!" /etc/rc.d/rc.local || '
'sed -i \'1i#!/bin/sh\' /etc/rc.d/rc.local')
server.append('chmod +x /etc/rc.d/rc.local')
# Let's make sure it exists
server.append('vgdisplay %s' % cinders_volume)
try:
server.execute()
except exceptions.ScriptRuntimeError:
# Release loop device if cinder's volume creation
# fails.
try:
logging.debug("Release loop device, volume creation failed")
server = utils.ScriptRunner(config['CONFIG_CONTROLLER_HOST'])
server.append('losetup -d $(losetup -j %s | cut -d : -f 1)' %
cinders_volume_path)
server.execute()
except:
pass
raise exceptions.MissingRequirements("Cinder's volume group '%s' "
"could not be created" %
cinders_volume)
def create_compute_manifest(config, messages):
global compute_hosts, network_hosts
if config["CONFIG_HORIZON_SSL"] == 'y':
config["CONFIG_VNCPROXY_PROTOCOL"] = "https"
else:
config["CONFIG_VNCPROXY_PROTOCOL"] = "http"
config["CONFIG_NOVA_ALLOW_RESIZE_TO_SAME"] = len(compute_hosts) == 1
ssh_keys_details = {}
for host in compute_hosts:
try:
hostname, aliases, addrs = socket.gethostbyaddr(host)
except socket.herror:
hostname, aliases, addrs = (host, [], [])
for hostkey in config['HOST_KEYS_%s' % host].split('\n'):
hostkey = hostkey.strip()
if not hostkey:
continue
_, host_key_type, host_key_data = hostkey.split()
key = "%s.%s" % (host_key_type, hostname)
ssh_keys_details.setdefault(key, {})
ssh_keys_details[key]['ensure'] = 'present'
ssh_keys_details[key]['host_aliases'] = [hostname] + aliases + addrs
ssh_keys_details[key]['key'] = host_key_data
ssh_keys_details[key]['type'] = host_key_type
config['SSH_KEYS'] = ssh_keys_details
if config['CONFIG_VMWARE_BACKEND'] == 'y':
vcenters = [i.strip() for i in
config['CONFIG_VCENTER_CLUSTER_NAMES'].split(',')
if i.strip()]
if not vcenters:
raise exceptions.ParamValidationError(
"Please specify at least one VMware vCenter cluster in"
" CONFIG_VCENTER_CLUSTER_NAMES"
)
if len(vcenters) != len(compute_hosts):
if len(vcenters) > 1:
raise exceptions.ParamValidationError(
"Number of vmware clusters %s is not same"
" as number of nova computes %s", (vcenters, compute_hosts)
)
else:
vcenters = len(compute_hosts) * [vcenters[0]]
vmware_clusters = dict(zip(compute_hosts, vcenters))
config['CONFIG_VCENTER_CLUSTERS'] = vmware_clusters
for host in compute_hosts:
fw_details = dict()
cf_fw_qemu_mig_key = ("FIREWALL_NOVA_QEMU_MIG_RULES_%s" %
host.replace('.', '_'))
for c_host in compute_hosts:
key = "nova_qemu_migration_%s_%s" % (host, c_host)
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % c_host
fw_details[key]['service_name'] = "nova qemu migration"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['16509', '49152-49215']
fw_details[key]['proto'] = "tcp"
config[cf_fw_qemu_mig_key] = fw_details
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_ceilometer.crt'
)
ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_ceilometer.key'
)
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'ceilometer'
generate_ssl_cert(config, host, service, ssl_key_file,
ssl_cert_file)
fw_details = dict()
key = "nova_compute"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
fw_details[key]['service_name'] = "nova compute"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5900-5999']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details
def create_manifest(config, messages):
horizon_host = config['CONFIG_CONTROLLER_HOST']
manifestfile = "%s_horizon.pp" % horizon_host
proto = "http"
config["CONFIG_HORIZON_PORT"] = 80
sslmanifestdata = ''
if config["CONFIG_HORIZON_SSL"] == 'y':
config["CONFIG_HORIZON_PORT"] = 443
proto = "https"
# Are we using the users cert/key files
if config["CONFIG_HORIZON_SSL_CERT"]:
ssl_cert_file = config["CONFIG_HORIZON_SSL_CERT"]
ssl_key_file = config["CONFIG_HORIZON_SSL_KEY"]
ssl_chain_file = config["CONFIG_HORIZON_SSL_CACERT"]
if not os.path.exists(ssl_cert_file):
raise exceptions.ParamValidationError(
"The file %s doesn't exist" % ssl_cert_file)
if not os.path.exists(ssl_key_file):
raise exceptions.ParamValidationError(
"The file %s doesn't exist" % ssl_key_file)
if not os.path.exists(ssl_chain_file):
raise exceptions.ParamValidationError(
"The file %s doesn't exist" % ssl_chain_file)
final_cert = open(ssl_cert_file, 'rt').read()
final_key = open(ssl_key_file, 'rt').read()
final_cacert = open(ssl_chain_file, 'rt').read()
host = config['CONFIG_CONTROLLER_HOST']
deliver_ssl_file(final_cacert, ssl_chain_file, host)
deliver_ssl_file(final_cert, ssl_cert_file, host)
deliver_ssl_file(final_key, ssl_key_file, host)
else:
ssl_cert_file = config["CONFIG_HORIZON_SSL_CERT"] = (
'/etc/pki/tls/certs/ssl_dashboard.crt')
ssl_key_file = config["CONFIG_HORIZON_SSL_KEY"] = (
'/etc/pki/tls/private/ssl_dashboard.key')
cacert = config['CONFIG_SSL_CACERT']
config["CONFIG_HORIZON_SSL_CACERT"] = cacert
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'dashboard'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
messages.append(
"%sNOTE%s : A certificate was generated to be used for ssl, "
"You should change the ssl certificate configured in "
"/etc/httpd/conf.d/ssl.conf on %s to use a CA signed cert." %
(utils.COLORS['red'], utils.COLORS['nocolor'], horizon_host))
config["CONFIG_HORIZON_NEUTRON_LB"] = False
config["CONFIG_HORIZON_NEUTRON_FW"] = False
config["CONFIG_HORIZON_NEUTRON_VPN"] = False
if config['CONFIG_NEUTRON_INSTALL'] == 'y':
if config["CONFIG_LBAAS_INSTALL"] == 'y':
config["CONFIG_HORIZON_NEUTRON_LB"] = True
if config["CONFIG_NEUTRON_FWAAS"] == 'y':
config["CONFIG_HORIZON_NEUTRON_FW"] = True
if config["CONFIG_NEUTRON_VPNAAS"] == 'y':
config["CONFIG_HORIZON_NEUTRON_VPN"] = True
manifestdata = getManifestTemplate("horizon")
appendManifestFile(manifestfile, manifestdata)
msg = ("To access the OpenStack Dashboard browse to %s://%s/dashboard .\n"
"Please, find your login credentials stored in the keystonerc_admin"
" in your home directory." %
(proto, config['CONFIG_CONTROLLER_HOST']))
messages.append(msg)
def create_compute_manifest(config, messages):
global compute_hosts, network_hosts
if config["CONFIG_HORIZON_SSL"] == 'y':
config["CONFIG_VNCPROXY_PROTOCOL"] = "https"
else:
config["CONFIG_VNCPROXY_PROTOCOL"] = "http"
migrate_protocol = config['CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL']
if migrate_protocol == 'ssh':
config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
'qemu+ssh://nova@%s/system?no_verify=1&'
'keyfile=/etc/nova/ssh/nova_migration_key')
else:
config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
'qemu+tcp://nova@%s/system')
ssh_hostkeys = ''
ssh_keys_details = {}
for host in compute_hosts:
try:
hostname, aliases, addrs = socket.gethostbyaddr(host)
except socket.herror:
hostname, aliases, addrs = (host, [], [])
for hostkey in config['HOST_KEYS_%s' % host].split('\n'):
hostkey = hostkey.strip()
if not hostkey:
continue
_, host_key_type, host_key_data = hostkey.split()
key = "%s.%s" % (host_key_type, hostname)
ssh_keys_details.setdefault(key, {})
ssh_keys_details[key]['ensure'] = 'present'
ssh_keys_details[key]['host_aliases'] = aliases + addrs
ssh_keys_details[key]['key'] = host_key_data
ssh_keys_details[key]['type'] = host_key_type
config['SSH_KEYS'] = ssh_keys_details
ssh_hostkeys += getManifestTemplate("sshkey")
if config['CONFIG_VMWARE_BACKEND'] == 'y':
vcenters = [
i.strip()
for i in config['CONFIG_VCENTER_CLUSTER_NAMES'].split(',')
if i.strip()
]
if not vcenters:
raise exceptions.ParamValidationError(
"Please specify at least one VMware vCenter cluster in"
" CONFIG_VCENTER_CLUSTER_NAMES")
if len(vcenters) != len(compute_hosts):
if len(vcenters) > 1:
raise exceptions.ParamValidationError(
"Number of vmware clusters %s is not same"
" as number of nova computes %s",
(vcenters, compute_hosts))
else:
vcenters = len(compute_hosts) * [vcenters[0]]
vmware_clusters = dict(zip(compute_hosts, vcenters))
for host in compute_hosts:
if config['CONFIG_IRONIC_INSTALL'] == 'y':
cm = 'ironic.nova.compute.manager.ClusteredComputeManager'
config['CONFIG_NOVA_COMPUTE_MANAGER'] = cm
manifestdata = getManifestTemplate("nova_compute")
fw_details = dict()
cf_fw_qemu_mig_key = "FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host
for c_host in compute_hosts:
key = "nova_qemu_migration_%s_%s" % (host, c_host)
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % c_host
fw_details[key]['service_name'] = "nova qemu migration"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['16509', '49152-49215']
fw_details[key]['proto'] = "tcp"
config[cf_fw_qemu_mig_key] = fw_details
manifestdata += createFirewallResources(cf_fw_qemu_mig_key)
if config['CONFIG_VMWARE_BACKEND'] == 'y':
manifestdata += ("\n$nova_vcenter_cluster_name = '%s'\n" %
vmware_clusters[host])
manifestdata += getManifestTemplate("nova_compute_vmware.pp")
elif config['CONFIG_IRONIC_INSTALL'] == 'y':
manifestdata += getManifestTemplate("nova_compute_ironic.pp")
else:
manifestdata += getManifestTemplate("nova_compute_libvirt.pp")
if (config['CONFIG_VMWARE_BACKEND'] != 'y'
and config['CONFIG_CINDER_INSTALL'] == 'y'
and 'gluster' in config['CONFIG_CINDER_BACKEND']):
manifestdata += getManifestTemplate("nova_gluster")
if (config['CONFIG_VMWARE_BACKEND'] != 'y'
and config['CONFIG_CINDER_INSTALL'] == 'y'
and 'nfs' in config['CONFIG_CINDER_BACKEND']):
manifestdata += getManifestTemplate("nova_nfs")
manifestfile = "%s_nova.pp" % host
if config['CONFIG_NEUTRON_INSTALL'] != 'y':
if host not in network_hosts:
manifestdata += getManifestTemplate('nova_compute_flat')
key = 'CONFIG_NOVA_COMPUTE_PRIVIF'
if not config[key].strip():
config[key] = dummy_interface(host)
if config['CONFIG_USE_SUBNETS'] == 'y':
netface = common.cidr_to_ifname(config[key], host, config)
else:
netface = config[key]
check_ifcfg(host, netface)
try:
bring_up_ifcfg(host, netface)
except exceptions.ScriptRuntimeError as ex:
# just warn user to do it by himself
messages.append(str(ex))
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_ceilometer.crt')
ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_ceilometer.key')
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'ceilometer'
generate_ssl_cert(config, host, service, ssl_key_file,
ssl_cert_file)
mq_template = get_mq(config, "nova_ceilometer")
manifestdata += getManifestTemplate(mq_template)
manifestdata += getManifestTemplate("nova_ceilometer")
fw_details = dict()
key = "nova_compute"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
fw_details[key]['service_name'] = "nova compute"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5900-5999']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details
manifestdata += "\n" + createFirewallResources(
'FIREWALL_NOVA_COMPUTE_RULES')
manifestdata += "\n" + ssh_hostkeys
appendManifestFile(manifestfile, manifestdata)
