Add nova-placement-api service and cell_v2 setup

This patch adds Nova requirements for Ocata:
* Nova Placement API running as uwsgi with Nginx.
* cell_v2 setup for cell0 and cell1
* All required settings for these services with sane defaults

It fixes up some ordering for DB operations:
* online_db_migrations should only happen after a full upgrade.
* Cell setup needs to happen after api_db sync but before db sync.
* Discover_hosts for cell_v2 needs to happen after compute is restarted

This adds functionality to allow uwsgi apps in the init scripts:
* Allowing the "--log" line to be adjusted.
* Setting the condition value so that only enabled services are deployed
* Fixes a bug for program_override which mean this value was never being
used.

Depends-On: I082f37bb3ce61a900e06a58f21c7882f83671355
Change-Id: I282d25988377d18257b708859f89a7ae4260ac07

defaults/main.yml

@@ -86,6 +86,17 @@ nova_api_db_max_overflow: 10
 nova_api_db_max_pool_size: 120
 nova_api_db_pool_timeout: 30
 
+## DB Placement
+nova_placement_galera_user: nova_placement
+nova_placement_galera_database: nova_placement
+nova_placement_db_max_overflow: 10
+nova_placement_db_max_pool_size: 120
+nova_placement_db_pool_timeout: 30
+
+## DB Cells
+nova_cell0_database: "nova_cell0"
+nova_cell1_name: "cell1"
+
 ## RabbitMQ info
 
 ## Configuration for RPC communications
@@ -229,6 +240,42 @@ nova_metadata_port: 8775
 nova_enable_instance_password: True
 nova_force_config_drive: False
 
+## Nova placement
+nova_placement_service_enabled: True
+nova_placement_service_user_domain_id: Default
+nova_placement_service_project_domain_id: Default
+nova_placement_service_in_ldap: "{{ nova_service_in_ldap }}"
+nova_placement_service_username: placement
+nova_placement_service_name: placement
+nova_placement_service_role_name: "{{ nova_service_role_name }}"
+nova_placement_service_type: placement
+nova_placement_service_project_name: "{{ nova_service_project_name }}"
+nova_placement_service_region: "{{ nova_service_region }}"
+nova_placement_service_description: "Openstack Placement Service"
+nova_placement_service_port: 8780
+nova_placement_service_proto: "{{ nova_service_proto }}"
+nova_placement_ssl: false
+nova_placement_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(nova_placement_service_proto) }}"
+nova_placement_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(nova_placement_service_proto) }}"
+nova_placement_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(nova_placement_service_proto) }}"
+# TODO(andymccr): A bug in nova forces the compute host to connect to publicURL
+# Pending this patch merging: https://review.openstack.org/#/c/426163/
+nova_placement_service_publicuri: "{{ nova_placement_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ nova_placement_service_port }}"
+nova_placement_service_publicurl: "{{ nova_placement_service_publicuri }}/placement"
+nova_placement_service_adminuri: "{{ nova_placement_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ nova_placement_service_port }}"
+nova_placement_service_adminurl: "{{ nova_placement_service_adminuri }}/placement"
+nova_placement_service_internaluri: "{{ nova_placement_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ nova_placement_service_port }}"
+nova_placement_service_internalurl: "{{ nova_placement_service_internaluri }}/placement"
+
+## Nova placement nginx & uwsgi settings
+nova_placement_nginx_access_log_format_combined: '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'
+nova_placement_nginx_access_log_format_extras: '$request_time $upstream_response_time'
+nova_placement_nginx_extra_conf:
+  - keepalive_timeout   70;
+nova_placement_uwsgi_socket_port: 8781
+nova_placement_uwsgi_http_port: 8782
+nova_wsgi_threads: 1
+nova_wsgi_processes: "{{ (ansible_processor_vcpus | int > 0) | ternary (ansible_processor_vcpus, 1) * 2}}"
 
 ## Nova libvirt
 nova_libvirt_inject_key: False
@@ -393,6 +440,12 @@ nova_services:
     group: nova_console
     service_name: nova-spicehtml5proxy
     condition: "{{ nova_console_type == 'spice' }}"
+  nova-placement-api:
+    group: nova_api_placement
+    service_name: nova-placement-api
+    condition: "{{ nova_placement_service_enabled | bool }}"
+    log_string: "--logto "
+    program_override: "{{ nova_bin }}/uwsgi --ini /etc/uwsgi/nova-placement-uwsgi.ini"
 
 
 nova_novnc_pip_packages:
@@ -421,6 +474,9 @@ nova_pip_packages:
   - keystonemiddleware
   - nova
 
+nova_placement_pip_packages:
+  - uWSGI
+
 nova_compute_lxd_pip_packages:
   - pylxd
   - nova-lxd
@@ -444,6 +500,7 @@ nova_nova_conf_overrides: {}
 nova_rootwrap_conf_overrides: {}
 nova_api_paste_ini_overrides: {}
 nova_policy_overrides: {}
+nova_placement_uwsgi_ini_overrides: {}
 
 nova_compute_powervm_pip_packages:
   - nova-powervm

handlers/main.yml

@@ -26,3 +26,13 @@
   when:
     - inventory_hostname in groups[item.value.group]
     - "{{ item.value.condition | default(true) }}"
+
+- name: Restart Nginx
+  systemd:
+    name: nginx
+    state: restarted
+  register: nova_nginx_restart
+  until: nova_nginx_restart | success
+  retries: 5
+  delay: 2
+  when: inventory_hostname in groups['nova_api_placement']

releasenotes/notes/nova-placement-api-07ce03fdceb95c6d.yaml

@@ -0,0 +1,12 @@
+---
+features:
+  - The ``nova-placement`` service is now configured
+    by default. ``nova_placement_service_enabled``
+    can be set to ``False`` to disable the
+    ``nova-placement`` service.
+  - The ``nova-placement`` api service will run as
+    its own ansible group ``nova_api_placement``.
+  - Nova cell_v2 support has been added. The default
+    cell is ``cell1`` which can be overridden by the
+    ``nova_cell1_name``. Support for multiple cells
+    is not yet available.

tasks/main.yml

@@ -51,12 +51,12 @@
   tags:
     - nova-config
 
-- include: nova_init_common.yml
+- include: nova_db_setup.yml
+  when: inventory_hostname == groups['nova_api_os_compute'][0]
   tags:
     - nova-config
 
-- include: nova_db_setup.yml
-  when: inventory_hostname == groups['nova_api_os_compute'][0]
+- include: nova_init_common.yml
   tags:
     - nova-config
 
@@ -65,6 +65,13 @@
   tags:
     - nova-config
 
+- include: nova_placement.yml
+  when:
+    - nova_placement_service_enabled | bool
+    - inventory_hostname in groups['nova_api_placement']
+  tags:
+    - nova-placement
+
 - include: nova_compute.yml
   when: inventory_hostname in groups['nova_compute']
   tags:
@@ -72,3 +79,8 @@
 
 - name: Flush handlers
   meta: flush_handlers
+
+- include: nova_db_post_setup.yml
+  when: inventory_hostname == groups['nova_api_os_compute'][0]
+  tags:
+    - nova-config

tasks/nova_db_post_setup.yml

@@ -0,0 +1,35 @@
+---
+# Copyright 2017, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This needs to be done after Compute hosts are added.
+- name: Perform a cell_v2 discover
+  command: "{{ nova_bin }}/nova-manage cell_v2 discover_hosts"
+  become: yes
+  become_user: "{{ nova_system_user_name }}"
+  changed_when: false
+  tags:
+    - nova-db-setup
+    - nova-setup
+    - nova-command-bin
+
+- name: Perform Nova online data migrations
+  command: "{{ nova_bin }}/nova-manage --config-file /etc/nova/nova.conf db online_data_migrations"
+  become: yes
+  become_user: "{{ nova_system_user_name }}"
+  changed_when: false
+  tags:
+    - nova-db-setup
+    - nova-setup
+    - nova-command-bin

tasks/nova_db_setup.yml

@@ -13,18 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-- name: Perform a Nova DB sync
-  command: "{{ nova_bin }}/nova-manage db sync"
-  become: yes
-  become_user: "{{ nova_system_user_name }}"
-  changed_when: false
-  tags:
-    - nova-db-setup
-    - nova-setup
-    - nova-command-bin
-
 - name: Perform a Nova API DB sync
-  command: "{{ nova_bin }}/nova-manage api_db sync"
+  command: "{{ nova_bin }}/nova-manage --config-file /etc/nova/nova.conf api_db sync"
   become: yes
   become_user: "{{ nova_system_user_name }}"
   changed_when: false
@@ -33,8 +23,28 @@
     - nova-setup
     - nova-command-bin
 
-- name: Perform Nova online data migrations
-  command: "{{ nova_bin }}/nova-manage db online_data_migrations"
+- name: Perform cell_v2 map cell0
+  command: "{{ nova_bin }}/nova-manage cell_v2 map_cell0 --database_connection mysql+pymysql://{{ nova_api_galera_user }}:{{ nova_api_container_mysql_password }}@{{ nova_api_galera_address }}/{{ nova_cell0_database }}?charset=utf8"
+  become: yes
+  become_user: "{{ nova_system_user_name }}"
+  changed_when: false
+  tags:
+    - nova-db-setup
+    - nova-setup
+    - nova-command-bin
+
+- name: Perform cell_v2 initial cell setup
+  command: "{{ nova_bin }}/nova-manage cell_v2 create_cell --name {{ nova_cell1_name }} --database_connection mysql+pymysql://{{ nova_galera_user }}:{{ nova_container_mysql_password }}@{{ nova_galera_address }}/{{ nova_galera_database }}?charset=utf8 --transport-url rabbit://{% for host in nova_rabbitmq_servers.split(',') %}{{ nova_rabbitmq_userid }}:{{ nova_rabbitmq_password }}@{{ host }}:{{ nova_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ nova_rabbitmq_vhost }}{% endif %}{% endfor %}"
+  become: yes
+  become_user: "{{ nova_system_user_name }}"
+  changed_when: false
+  tags:
+    - nova-db-setup
+    - nova-setup
+    - nova-command-bin
+
+- name: Perform a Nova DB sync
+  command: "{{ nova_bin }}/nova-manage --config-file /etc/nova/nova.conf db sync"
   become: yes
   become_user: "{{ nova_system_user_name }}"
   changed_when: false

tasks/nova_init_common.yml

@@ -23,6 +23,8 @@
    enabled: "yes"
    state: "started"
   with_dict: "{{ nova_services }}"
-  when: inventory_hostname in groups[item.value.group]
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - "{{ item.value.condition | default(true) }}"
   notify:
     - Restart nova services

tasks/nova_init_systemd.yml

@@ -21,7 +21,9 @@
     group: "{{ nova_system_group_name }}"
     mode: "02755"
   with_dict: "{{ nova_services }}"
-  when: inventory_hostname in groups[item.value.group]
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - "{{ item.value.condition | default(true) }}"
 
 - name: Create TEMP lock dir
   file:
@@ -31,7 +33,9 @@
     group: "{{ nova_system_group_name }}"
     mode: "02755"
   with_dict: "{{ nova_services }}"
-  when: inventory_hostname in groups[item.value.group]
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - "{{ item.value.condition | default(true) }}"
 
 # TODO(mgariepy):
 # Remove this in Pike as it only needed to handle upgrades
@@ -41,7 +45,9 @@
     path: "/etc/tmpfiles.d/{{ item.value.service_name }}.conf"
     state: absent
   with_dict: "{{ nova_services }}"
-  when: inventory_hostname in groups[item.value.group]
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - "{{ item.value.condition | default(true) }}"
 
 - name: Create tmpfiles.d entry
   template:
@@ -51,7 +57,9 @@
     owner: "root"
     group: "root"
   with_dict: "{{ nova_services }}"
-  when: inventory_hostname in groups[item.value.group]
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - "{{ item.value.condition | default(true) }}"
 
 - name: Place the systemd init script
   template:
@@ -61,6 +69,8 @@
     owner: "root"
     group: "root"
   with_dict: "{{ nova_services }}"
-  when: inventory_hostname in groups[item.value.group]
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - "{{ item.value.condition | default(true) }}"
   notify:
     - Restart nova services

tasks/nova_placement.yml

@@ -0,0 +1,58 @@
+---
+# Copyright 2014, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Install distro packages for Nginx
+  package:
+    name: "{{ item }}"
+    state: "{{ nova_package_state }}"
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items: "{{ nova_nginx_distro_packages }}"
+  tags:
+    - nova-install
+
+- name: Install pip packages
+  pip:
+    name: "{{ nova_placement_pip_packages }}"
+    state: "{{ nova_pip_package_state }}"
+    virtualenv: "{{ nova_bin | dirname }}"
+    virtualenv_site_packages: "no"
+    extra_args: >-
+      {{ nova_developer_mode | ternary('--constraint /opt/developer-pip-constraints.txt', '') }}
+      {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
+      {{ pip_install_options | default('') }}
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  when: nova_get_venv | failed or nova_get_venv | skipped
+  notify: Restart nova services
+  tags:
+    - nova-pip-packages
+    - nova-install
+
+- include: nova_placement_nginx.yml
+  tags:
+    - nova-config
+
+- include: nova_placement_uwsgi.yml
+  tags:
+    - nova-config
+
+- include: nova_placement_service_setup.yml
+  tags:
+    - nova-config

tasks/nova_placement_nginx.yml

@@ -0,0 +1,56 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Add nginx user to nova group for log writing
+  user:
+    name: "{{ nova_nginx_user_name }}"
+    groups: nova
+    append: yes
+  notify:
+    - Restart Nginx
+  tags:
+    - nova-install
+
+- name: Disable default configuration
+  file:
+    path: /etc/nginx/sites-enabled/default
+    state: absent
+  notify:
+    - Restart Nginx
+
+- name: Configure custom nginx log format
+  lineinfile:
+    insertbefore: access_log
+    dest: "/etc/nginx/nginx.conf"
+    line: "log_format custom '{{ nova_placement_nginx_access_log_format_combined }} {{ nova_placement_nginx_access_log_format_extras }}';"
+  notify:
+    - Restart Nginx
+
+# Configure app
+- name: Configure virtual hosts
+  template:
+    src: nova-placement-nginx.conf.j2
+    dest: "/etc/nginx/{{ nova_nginx_conf_path }}/nova_placement_api.conf"
+  notify:
+    - Restart Nginx
+
+- name: Link to enable virtual hosts
+  file:
+    src: "/etc/nginx/sites-available/nova_placement_api.conf"
+    path: "/etc/nginx/sites-enabled/nova_placement_api.conf"
+    state: link
+  when: ansible_os_family == "Debian"
+  notify:
+    - Restart Nginx

tasks/nova_placement_service_setup.yml

@@ -0,0 +1,103 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Create a service
+- name: Ensure nova placement service
+  keystone:
+    command: "ensure_service"
+    endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
+    service_name: "{{ nova_placement_service_name }}"
+    service_type: "{{ nova_placement_service_type }}"
+    description: "{{ nova_placement_service_description }}"
+    insecure: "{{ keystone_service_adminuri_insecure }}"
+  register: add_service
+  until: add_service|success
+  retries: 5
+  delay: 2
+  tags:
+    - nova-api-setup
+    - nova-service-add
+
+# Create an admin user
+- name: Ensure nova placement user
+  keystone:
+    command: "ensure_user"
+    endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
+    user_name: "{{ nova_placement_service_username }}"
+    tenant_name: "{{ nova_placement_service_project_name }}"
+    password: "{{ nova_placement_service_password }}"
+    insecure: "{{ keystone_service_adminuri_insecure }}"
+  register: add_service
+  when: not nova_placement_service_in_ldap | bool
+  until: add_service|success
+  retries: 5
+  delay: 10
+  tags:
+    - nova-api-setup
+    - nova-service-add
+
+# Add a role to the user
+- name: Ensure nova user to admin role
+  keystone:
+    command: "ensure_user_role"
+    endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
+    user_name: "{{ nova_placement_service_username }}"
+    tenant_name: "{{ nova_placement_service_project_name }}"
+    role_name: "{{ nova_placement_service_role_name }}"
+    insecure: "{{ keystone_service_adminuri_insecure }}"
+  register: add_service
+  when: not nova_placement_service_in_ldap | bool
+  until: add_service|success
+  retries: 5
+  delay: 10
+  tags:
+    - nova-api-setup
+    - nova-service-add
+
+# Create an endpoint
+- name: Ensure nova endpoint
+  keystone:
+    command: "ensure_endpoint"
+    endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
+    region_name: "{{ nova_placement_service_region }}"
+    service_name: "{{ nova_placement_service_name }}"
+    service_type: "{{ nova_placement_service_type }}"
+    insecure: "{{ keystone_service_adminuri_insecure }}"
+    endpoint_list:
+      - url: "{{ nova_placement_service_publicurl }}"
+        interface: "public"
+      - url: "{{ nova_placement_service_internalurl }}"
+        interface: "internal"
+      - url: "{{ nova_placement_service_adminurl }}"
+        interface: "admin"
+  register: add_service
+  until: add_service|success
+  retries: 5
+  delay: 10
+  tags:
+    - nova-api-setup
+    - nova-service-add

tasks/nova_placement_uwsgi.yml

@@ -0,0 +1,50 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Uwsgi Configuration
+- name: Ensure uWSGI directory exists
+  file:
+    path: "/etc/uwsgi/"
+    state: directory
+    mode: "0711"
+
+- name: Apply uWSGI configuration
+  config_template:
+    src: "nova-placement-uwsgi.ini.j2"
+    dest: "/etc/uwsgi/nova-placement-uwsgi.ini"
+    mode: "0744"
+    config_overrides: "{{ nova_placement_uwsgi_ini_overrides }}"
+    config_type: ini
+  notify:
+    - Restart nova services
+
+- include: nova_init_common.yml
+  vars:
+    program_name: "nova-placement-api"
+    service_name: "nova-placement-api"
+    system_user: "{{ nova_system_user_name }}"
+    system_group: "{{ nova_system_group_name }}"
+    service_home: "{{ nova_system_user_home }}"
+  notify:
+    - Restart nova services
+
+- name: Ensure uwsgi service started
+  systemd:
+    name: "nova-placement-api"
+    state: started
+  register: nova_placement_start
+  until: nova_placement_start | success
+  retries: 5
+  delay: 2

templates/nova-placement-nginx.conf.j2

@@ -0,0 +1,23 @@
+# {{ ansible_managed }}
+server {
+
+    listen {{ nova_placement_service_port }};
+
+    {% for line in nova_placement_nginx_extra_conf %}
+    {{ line }}
+    {%- endfor %}
+
+    access_log  /var/log/nova/nova-placement-api-access.log custom;
+    error_log   /var/log/nova/nova-placement-api-error.log info;
+
+    location /placement/ {
+        try_files   $uri @nova-placement-api;
+    }
+
+    location @nova-placement-api {
+        include     uwsgi_params;
+        uwsgi_pass  127.0.0.1:{{ nova_placement_uwsgi_socket_port }};
+        uwsgi_param SCRIPT_NAME '/placement';
+        uwsgi_modifier1 30;
+    }
+}

templates/nova-placement-uwsgi.ini.j2

@@ -0,0 +1,21 @@
+# {{ ansible_managed }}
+[uwsgi]
+uid = {{ nova_system_user_name }}
+gid = {{ nova_system_group_name }}
+
+virtualenv = /openstack/venvs/nova-{{ nova_venv_tag }}
+wsgi-file = {{ nova_bin }}/nova-placement-api
+http = :{{ nova_placement_uwsgi_http_port }}
+socket = 127.0.0.1:{{ nova_placement_uwsgi_socket_port }}
+
+master = true
+enable-threads = true
+processes = {{ nova_wsgi_processes }}
+threads = {{ nova_wsgi_threads }}
+exit-on-reload = true
+die-on-term = true
+lazy-apps = true
+add-header = Connection: close
+buffer-size = 65535
+thunder-lock = true
+logfile-chmod = 644

templates/nova-systemd-init.j2

@@ -10,10 +10,10 @@ Type=simple
 User={{ nova_system_user_name }}
 Group={{ nova_system_group_name }}
 
-{% if program_override is defined %}
-ExecStart={{ program_override }} {{ program_config_options|default('') }} --log-file=/var/log/nova/{{ item.value.service_name }}.log
+{% if item.value.program_override is defined %}
+ExecStart={{ item.value.program_override }} {{ item.value.program_config_options|default('') }} {{ item.value.log_string|default('--log-file=') }}/var/log/nova/{{ item.value.service_name }}.log
 {% else %}
-ExecStart={{ nova_bin }}/{{ item.value.service_name }} {{ program_config_options|default('') }} --log-file=/var/log/nova/{{ item.value.service_name }}.log
+ExecStart={{ nova_bin }}/{{ item.value.service_name }} {{ item.value.program_config_options|default('') }} {{ item.value.log_string|default('--log-file=') }}/var/log/nova/{{ item.value.service_name }}.log
 {% endif %}
 
 # Give a reasonable amount of time for the server to start up/shut down

templates/nova.conf.j2

@@ -202,6 +202,20 @@ service_metadata_proxy = {{ nova_metadata_proxy_enabled }}
 ovs_bridge = {{ nova_network_services[nova_network_type]['ovs_bridge'] }}
 {% endif %}
 
+{% if nova_placement_service_enabled | bool %}
+# Placement
+[placement]
+os_region_name = {{ nova_placement_service_region }}
+auth_type = "password"
+password = {{ nova_placement_service_password }}
+username = {{ nova_placement_service_username }}
+project_name = {{ nova_placement_service_project_name }}
+user_domain_name = {{ nova_placement_service_user_domain_id }}
+project_domain_name = {{ nova_placement_service_project_domain_id }}
+auth_url = {{ keystone_service_adminurl }}
+insecure = {{ keystone_service_adminuri_insecure | bool }}
+{% endif %}
+
 [conductor]
 workers = {{ nova_conductor_workers | default(api_threads) }}
 
@@ -226,7 +240,7 @@ token_cache_time = 300
 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcached_encryption_key }}
 
-{% if inventory_hostname in (groups['nova_conductor'] + groups['nova_scheduler'] + groups['nova_api_os_compute'] + groups['nova_api_metadata'] + groups['nova_console']) %}
+{% if inventory_hostname in (groups['nova_conductor'] + groups['nova_scheduler'] + groups['nova_api_os_compute'] + groups['nova_api_metadata'] + groups['nova_console'] + groups['nova_api_placement'])%}
 [database]
 connection = mysql+pymysql://{{ nova_galera_user }}:{{ nova_container_mysql_password }}@{{ nova_galera_address }}/{{ nova_galera_database }}?charset=utf8
 max_overflow = {{ nova_db_max_overflow }}
@@ -239,8 +253,15 @@ connection = mysql+pymysql://{{ nova_api_galera_user }}:{{ nova_api_container_my
 max_overflow = {{ nova_api_db_max_overflow }}
 max_pool_size = {{ nova_api_db_max_pool_size }}
 pool_timeout = {{ nova_api_db_pool_timeout }}
-{% endif %}
 
+{% if nova_placement_service_enabled | bool %}
+[placement_database]
+connection = mysql+pymysql://{{ nova_placement_galera_user }}:{{ nova_placement_container_mysql_password }}@{{ nova_placement_galera_address }}/{{ nova_placement_galera_database }}?charset=utf8
+max_overflow = {{ nova_placement_db_max_overflow }}
+max_pool_size = {{ nova_placement_db_max_pool_size }}
+pool_timeout = {{ nova_placement_db_pool_timeout }}
+{% endif %}
+{% endif %}
 
 [oslo_concurrency]
 lock_path = {{ nova_lock_path }}

tests/inventory

@@ -90,6 +90,9 @@ openstack1
 [nova_scheduler]
 openstack1
 
+[nova_api_placement]
+openstack1
+
 [nova_all:children]
 nova_api_metadata
 nova_api_os_compute
@@ -97,6 +100,7 @@ nova_compute
 nova_conductor
 nova_console
 nova_scheduler
+nova_api_placement
 
 [utility_all]
 infra1

tests/upgrades-inventory

@@ -82,6 +82,9 @@ openstack1
 [nova_cert]
 openstack1
 
+[nova_api_placement]
+openstack1
+
 [nova_compute]
 localhost
 
@@ -102,6 +105,7 @@ nova_compute
 nova_conductor
 nova_console
 nova_scheduler
+nova_api_placement
 
 [utility_all]
 infra1

vars/redhat-7.yml

@@ -64,3 +64,9 @@ nova_compute_powervm_distro_packages: []
 novalink_gpg_keys: []
 
 rdo_package: "https://rdoproject.org/repos/rdo-release.rpm"
+
+nova_nginx_distro_packages:
+  - nginx
+
+nova_nginx_conf_path: "conf.d"
+nova_nginx_user_name: "nginx"

vars/ubuntu-16.04.yml

@@ -69,6 +69,8 @@ nova_compute_lxd_distro_packages:
   - sysfsutils
   - vlan
 
+nova_nginx_distro_packages:
+  - nginx-full
 
 # Ubuntu Cloud Archive variables
 uca_openstack_release: newton
@@ -99,3 +101,6 @@ novalink_repo:
 novalink_gpg_keys:
   - url: "http://public.dhe.ibm.com/systems/virtualization/Novalink/debian/novalink-gpg-pub.key"
     state: "present"
+
+nova_nginx_conf_path: "sites-available"
+nova_nginx_user_name: "www-data"