61be9e722d
This change matches an earlier modification to os_neutron Currently we symlink /etc/<service> to empty directory at pre-stage, and filling it with config only during post_install. This means, that policies and rootwrap filters are not working properly until playbook execution finish. Additionally, we replace sudoers file with new path in it, which makes current operations impossible for the service, since rootwrap can not gain sudo privileges. With this change we move symlinking and rootwrap steps to handlers, which means that we will do replace configs while service is stopped. During post_install we place all of the configs inside the venv, which is versioned at the moment. This way we minimise downtime of the service while performing upgrades Closes-Bug: #2056180 Change-Id: I9c8212408c21e09895ee5805011aecb40b689a13
373 lines
14 KiB
Django/Jinja
373 lines
14 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
[DEFAULT]
|
|
# Logs / State
|
|
debug = {{ debug }}
|
|
use_journal = True
|
|
state_path = {{ nova_system_home_folder }}
|
|
service_down_time = 120
|
|
|
|
# Scheduler
|
|
cpu_allocation_ratio = {{ nova_cpu_allocation_ratio }}
|
|
disk_allocation_ratio = {{ nova_disk_allocation_ratio }}
|
|
ram_allocation_ratio = {{ nova_ram_allocation_ratio }}
|
|
reserved_host_disk_mb = {{ nova_reserved_host_disk_mb }}
|
|
reserved_host_memory_mb = {{ nova_reserved_host_memory_mb }}
|
|
|
|
# Compute
|
|
compute_driver = {{ nova_compute_driver }}
|
|
instances_path = {{ nova_system_home_folder }}/instances
|
|
allow_resize_to_same_host = True
|
|
|
|
{% if nova_console_user_ssl_cert is defined and nova_console_user_ssl_key is defined and ( nova_services['nova-novncproxy']['group'] in group_names or nova_services['nova-spicehtml5proxy']['group'] in group_names or nova_services['nova-serialconsole-proxy']['group'] in group_names ) %}
|
|
# Console SSL keys
|
|
ssl_only = true
|
|
cert = {{ nova_console_ssl_cert }}
|
|
key = {{ nova_console_ssl_key }}
|
|
{% endif %}
|
|
|
|
# Api's
|
|
enabled_apis = {{ nova_enabled_apis }}
|
|
|
|
# Rpc all
|
|
transport_url = {{ nova_oslomsg_rpc_transport }}://{% for host in nova_oslomsg_rpc_servers.split(',') %}{{ nova_oslomsg_rpc_userid }}:{{ nova_oslomsg_rpc_password }}@{{ host }}:{{ nova_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _nova_oslomsg_rpc_vhost_conf }}{% if nova_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ nova_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ nova_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
|
|
|
|
# Network
|
|
my_ip = {{ _nova_my_ip }}
|
|
|
|
# Hypervisor
|
|
default_ephemeral_format = ext4
|
|
|
|
# Ceilometer notification configurations
|
|
{% if nova_oslomsg_notify_configure %}
|
|
instance_usage_audit = True
|
|
instance_usage_audit_period = hour
|
|
{% endif %}
|
|
|
|
# Notifications
|
|
[oslo_messaging_notifications]
|
|
{% set notification_topics = [] %}
|
|
{% if nova_oslomsg_notify_configure %}
|
|
{% set _ = notification_topics.append('notifications') %}
|
|
{% endif %}
|
|
{% if nova_designate_enabled %}
|
|
{% set _ = notification_topics.append(nova_notifications_designate) %}
|
|
{% endif %}
|
|
topics = {{ notification_topics | join(',') }}
|
|
driver = {{ (notification_topics | length > 0) | ternary('messagingv2', 'noop') }}
|
|
transport_url = {{ nova_oslomsg_notify_transport }}://{% for host in nova_oslomsg_notify_servers.split(',') %}{{ nova_oslomsg_notify_userid }}:{{ nova_oslomsg_notify_password }}@{{ host }}:{{ nova_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _nova_oslomsg_notify_vhost_conf }}{% if nova_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ nova_oslomsg_notify_ssl_version }}&ssl_ca_file={{ nova_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
|
|
|
|
# Messaging
|
|
[oslo_messaging_rabbit]
|
|
heartbeat_in_pthread = {{ nova_oslomsg_heartbeat_in_pthread }}
|
|
rabbit_quorum_queue = {{ nova_oslomsg_rabbit_quorum_queues }}
|
|
rabbit_transient_quorum_queue = {{ nova_oslomsg_rabbit_transient_quorum_queues }}
|
|
rabbit_qos_prefetch_count = {{ nova_oslomsg_rabbit_qos_prefetch_count }}
|
|
use_queue_manager = {{ nova_oslomsg_rabbit_queue_manager }}
|
|
{% if nova_oslomsg_rabbit_queue_manager %}
|
|
hostname = {{ [ansible_facts['hostname'], nova_service_name] | join('-') }}
|
|
{% endif %}
|
|
rabbit_stream_fanout = {{ nova_oslomsg_rabbit_stream_fanout }}
|
|
rabbit_quorum_delivery_limit = {{ nova_oslomsg_rabbit_quorum_delivery_limit }}
|
|
rabbit_quorum_max_memory_bytes = {{ nova_oslomsg_rabbit_quorum_max_memory_bytes }}
|
|
|
|
# Image cache
|
|
[image_cache]
|
|
manager_interval = {{ nova_image_cache_manager_interval }}
|
|
|
|
# Cache
|
|
[cache]
|
|
enabled = true
|
|
backend = {{ nova_cache_backend }}
|
|
{% if nova_cache_backend in nova_cache_backend_map['dogpile'] %}
|
|
memcache_servers = {{ nova_cache_servers }}
|
|
{% endif %}
|
|
|
|
|
|
# Cinder
|
|
[cinder]
|
|
catalog_info = volumev3:cinderv3:internalURL
|
|
os_region_name = {{ nova_service_region }}
|
|
auth_section = keystone_authtoken
|
|
|
|
[spice]
|
|
agent_enabled = {{ nova_spice_console_agent_enabled }}
|
|
enabled = {{ (nova_console_type == 'spice') | ternary(True, False) }}
|
|
{% if 'spice' in nova_console_proxy_types %}
|
|
html5proxy_base_url = {{ nova_spice_html5proxy_base_url }}
|
|
html5proxy_host = {{ _nova_my_ip }}
|
|
server_listen = {{ _nova_my_ip }}
|
|
server_proxyclient_address = {{ _nova_my_ip }}
|
|
{% endif %}
|
|
|
|
[vnc]
|
|
enabled = {{ (nova_console_type == 'novnc') | ternary(True, False) }}
|
|
{% if 'novnc' in nova_console_proxy_types %}
|
|
novncproxy_base_url = {{ nova_novncproxy_base_url }}
|
|
novncproxy_host = {{ nova_novncproxy_host }}
|
|
novncproxy_port = {{ nova_novncproxy_port }}
|
|
server_listen = {{ nova_novncproxy_vncserver_listen }}
|
|
server_proxyclient_address = {{ nova_novncproxy_vncserver_proxyclient_address }}
|
|
|
|
{% if nova_qemu_vnc_tls == 1 %}
|
|
auth_schemes={{ nova_vencrypt_auth_scheme }}
|
|
vencrypt_client_key={{ nova_vencrypt_client_key }}
|
|
vencrypt_client_cert={{ nova_vencrypt_client_cert }}
|
|
vencrypt_ca_certs={{ nova_vencrypt_ca_certs }}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
[serial_console]
|
|
enabled = {{ (nova_console_type == 'serialconsole') | ternary(True, False) }}
|
|
{% if 'serialconsole' in nova_console_proxy_types %}
|
|
base_url= {{ nova_serialconsoleproxy_base_url }}
|
|
proxyclient_address = {{ _nova_my_ip }}
|
|
port_range = {{ nova_serialconsoleproxy_port_range }}
|
|
serialproxy_host= {{ nova_serialconsoleproxy_serialconsole_proxyserver_proxyclient_address }}
|
|
serialproxy_port= {{ nova_serialconsoleproxy_port }}
|
|
{% endif %}
|
|
|
|
# Glance
|
|
[glance]
|
|
region_name = {{ nova_service_region }}
|
|
insecure = {{ keystone_service_internaluri_insecure | bool }}
|
|
{% if nova_glance_rbd_inuse | bool %}
|
|
enable_rbd_download = True
|
|
rbd_user = {{ nova_ceph_client }}
|
|
rbd_pool = {{ nova_glance_images_rbd_pool }}
|
|
rbd_ceph_conf = /etc/ceph/ceph.conf
|
|
{% endif %}
|
|
|
|
# Neutron
|
|
[neutron]
|
|
region_name = {{ nova_service_region }}
|
|
auth_type = password
|
|
default_floating_pool = public
|
|
username = {{ nova_service_user_name }}
|
|
password = {{ nova_service_password }}
|
|
project_name = {{ nova_service_project_name }}
|
|
user_domain_id = {{ nova_service_user_domain_id }}
|
|
project_domain_id = {{ nova_service_project_domain_id }}
|
|
auth_url = {{ keystone_service_adminurl }}
|
|
insecure = {{ keystone_service_adminuri_insecure | bool }}
|
|
metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }}
|
|
service_metadata_proxy = {{ nova_metadata_proxy_enabled }}
|
|
|
|
{% if nova_ceilometer_enabled %}
|
|
[notifications]
|
|
notify_on_state_change = vm_and_task_state
|
|
notification_format = {% if nova_versioned_notification_enabled %}both{% else %}unversioned{% endif %}
|
|
{% endif %}
|
|
|
|
[placement]
|
|
region_name = {{ nova_service_region }}
|
|
auth_type = password
|
|
username = {{ nova_service_user_name }}
|
|
password = {{ nova_service_password }}
|
|
project_name = {{ nova_service_project_name }}
|
|
user_domain_id = {{ nova_service_user_domain_id }}
|
|
project_domain_id = {{ nova_service_project_domain_id }}
|
|
auth_url = {{ keystone_service_adminurl }}
|
|
insecure = {{ keystone_service_adminuri_insecure | bool }}
|
|
|
|
[conductor]
|
|
workers = {{ nova_conductor_workers | default(nova_api_threads) }}
|
|
|
|
[service_user]
|
|
send_service_user_token = {{ nova_service_token_roles_required | bool }}
|
|
region_name = {{ nova_service_region }}
|
|
auth_type = password
|
|
username = {{ nova_service_user_name }}
|
|
password = {{ nova_service_password }}
|
|
project_name = {{ nova_service_project_name }}
|
|
user_domain_id = {{ nova_service_user_domain_id }}
|
|
project_domain_id = {{ nova_service_project_domain_id }}
|
|
auth_url = {{ keystone_service_adminurl }}
|
|
insecure = {{ keystone_service_adminuri_insecure | bool }}
|
|
|
|
[keystone_authtoken]
|
|
insecure = {{ keystone_service_internaluri_insecure | bool }}
|
|
auth_type = {{ nova_keystone_auth_plugin }}
|
|
auth_url = {{ keystone_service_adminuri }}
|
|
www_authenticate_uri = {{ keystone_service_internaluri }}
|
|
project_domain_id = {{ nova_service_project_domain_id }}
|
|
user_domain_id = {{ nova_service_user_domain_id }}
|
|
project_name = {{ nova_service_project_name }}
|
|
username = {{ nova_service_user_name }}
|
|
password = {{ nova_service_password }}
|
|
region_name = {{ keystone_service_region }}
|
|
|
|
service_token_roles_required = {{ nova_service_token_roles_required | bool }}
|
|
service_token_roles = {{ nova_service_token_roles | join(',') }}
|
|
service_type = {{ nova_service_type }}
|
|
|
|
{% if nova_cache_backend in nova_cache_backend_map['dogpile'] %}
|
|
memcached_servers = {{ nova_cache_servers }}
|
|
|
|
token_cache_time = 300
|
|
|
|
# if your memcached server is shared, use these settings to avoid cache poisoning
|
|
memcache_security_strategy = ENCRYPT
|
|
memcache_secret_key = {{ memcached_encryption_key }}
|
|
{% endif %}
|
|
|
|
{% if group_names | intersect(nova_services.keys() | difference('nova-compute') | map('extract', nova_services, 'group') | list) | count > 0 %}
|
|
[database]
|
|
connection = mysql+pymysql://{{ nova_galera_user }}:{{ nova_container_mysql_password }}@{{ nova_galera_address }}:{{ nova_galera_port }}/{{ nova_galera_database }}?charset=utf8{% if nova_galera_use_ssl | bool %}&ssl_verify_cert=true{% if nova_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ nova_galera_ssl_ca_cert }}{% endif %}{% endif %}
|
|
|
|
max_overflow = {{ nova_db_max_overflow }}
|
|
max_pool_size = {{ nova_db_max_pool_size }}
|
|
pool_timeout = {{ nova_db_pool_timeout }}
|
|
connection_recycle_time = {{ nova_db_connection_recycle_time }}
|
|
|
|
|
|
[api_database]
|
|
connection = mysql+pymysql://{{ nova_api_galera_user }}:{{ nova_api_container_mysql_password }}@{{ nova_api_galera_address }}:{{ nova_api_galera_port }}/{{ nova_api_galera_database }}?charset=utf8{% if nova_galera_use_ssl | bool %}&ssl_verify_cert=true{% if nova_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ nova_galera_ssl_ca_cert }}{% endif %}{% endif %}
|
|
|
|
max_overflow = {{ nova_api_db_max_overflow }}
|
|
max_pool_size = {{ nova_api_db_max_pool_size }}
|
|
pool_timeout = {{ nova_api_db_pool_timeout }}
|
|
connection_recycle_time = {{ nova_api_db_connection_recycle_time }}
|
|
|
|
{% endif %}
|
|
|
|
[oslo_concurrency]
|
|
lock_path = {{ nova_lock_dir }}/{{ nova_system_slice_name }}
|
|
|
|
|
|
{% if nova_virt_type == 'ironic' %}
|
|
[ironic]
|
|
auth_type = {{ nova_keystone_auth_plugin }}
|
|
username = {{ nova_service_user_name }}
|
|
password = {{ nova_service_password }}
|
|
project_name = {{ nova_service_project_name }}
|
|
user_domain_id = {{ nova_service_user_domain_id }}
|
|
project_domain_id = {{ nova_service_project_domain_id }}
|
|
auth_url = {{ keystone_service_adminurl }}
|
|
insecure = {{ keystone_service_adminuri_insecure | bool }}
|
|
|
|
{% endif %}
|
|
|
|
{% if nova_virt_type in ['kvm', 'qemu', 'xen', 'lxc', 'uml', 'parallels'] %}
|
|
|
|
{% if (neutron_plugin_type | default('') == "ml2.ovs") %}
|
|
[os_vif_ovs]
|
|
isolate_vif = True
|
|
{% endif %}
|
|
|
|
[libvirt]
|
|
inject_partition = {{ nova_libvirt_inject_partition }}
|
|
inject_password = {{ nova_libvirt_inject_password }}
|
|
inject_key = {{ nova_libvirt_inject_key }}
|
|
virt_type = {{ nova_virt_type }}
|
|
{% if nova_cpu_mode is defined %}
|
|
cpu_mode = {{ nova_cpu_mode }}
|
|
{% endif %}
|
|
|
|
{% if nova_rbd_inuse %}
|
|
# ceph rbd support
|
|
rbd_user = {{ nova_ceph_client }}
|
|
rbd_secret_uuid = {{ nova_ceph_client_uuid }}
|
|
{% endif %}
|
|
{% if nova_libvirt_images_rbd_pool | length > 0 %}
|
|
images_type = rbd
|
|
images_rbd_pool = {{ nova_libvirt_images_rbd_pool }}
|
|
images_rbd_ceph_conf = /etc/ceph/ceph.conf
|
|
{% endif %}
|
|
{% if nova_virt_type in ['kvm', 'qemu'] %}
|
|
{% if nova_libvirtd_listen_tls == 1 %}
|
|
live_migration_with_native_tls = true
|
|
live_migration_scheme = tls
|
|
{% else %}
|
|
live_migration_uri = "qemu+ssh://nova@%s/system?no_verify=1&keyfile={{ nova_system_home_folder }}/.ssh/id_rsa"
|
|
live_migration_tunnelled = True
|
|
{% endif %}
|
|
live_migration_inbound_addr = {{ nova_libvirt_live_migration_inbound_addr }}
|
|
{% endif %}
|
|
hw_disk_discard = {{ nova_libvirt_hw_disk_discard }}
|
|
disk_cachemodes = {{ nova_libvirt_disk_cachemodes }}
|
|
{% endif %}
|
|
|
|
{% if nova_barbican_enabled %}
|
|
[barbican]
|
|
barbican_endpoint_type = internal
|
|
auth_endpoint = {{ keystone_service_internaluri }}/v3
|
|
send_service_user_token = {{ nova_service_token_roles_required | bool }}
|
|
|
|
[barbican_service_user]
|
|
auth_section = service_user
|
|
|
|
[key_manager]
|
|
backend = barbican
|
|
auth_type = "password"
|
|
username = {{ nova_service_user_name }}
|
|
password = {{ nova_service_password }}
|
|
project_name = {{ nova_service_project_name }}
|
|
user_domain_id = {{ nova_service_user_domain_id }}
|
|
project_domain_id = {{ nova_service_project_domain_id }}
|
|
auth_url = {{ keystone_service_adminurl }}
|
|
insecure = {{ keystone_service_adminuri_insecure | bool }}
|
|
{% endif %}
|
|
|
|
[wsgi]
|
|
api_paste_config = {{ nova_conf_dir }}/api-paste.ini
|
|
|
|
|
|
[api]
|
|
vendordata_jsonfile_path = {{ nova_conf_dir }}/vendor_data.json
|
|
dhcp_domain = {{ nova_dhcp_domain }}
|
|
|
|
[scheduler]
|
|
workers = {{ nova_scheduler_workers | default(nova_api_threads) }}
|
|
max_attempts = {{ nova_scheduler_max_attempts }}
|
|
discover_hosts_in_cells_interval = {{ nova_discover_hosts_in_cells_interval }}
|
|
|
|
[filter_scheduler]
|
|
max_io_ops_per_host = {{ nova_max_io_ops_per_host }}
|
|
{% if nova_blazar_enabled and nova_blazar_scheduler_filters %}
|
|
available_filters = nova.scheduler.filters.all_filters
|
|
available_filters = blazarnova.scheduler.filters.blazar_filter.BlazarFilter
|
|
{% endif %}
|
|
enabled_filters = {{ _nova_scheduler_filters | join(',') }}
|
|
host_subset_size = {{ nova_scheduler_host_subset_size }}
|
|
track_instance_changes = {{ nova_scheduler_tracks_instance_changes }}
|
|
|
|
[upgrade_levels]
|
|
compute=auto
|
|
|
|
{% if nova_enabled_mdev_types | length > 0 or discovered_mdev_types is defined %}
|
|
[devices]
|
|
enabled_mdev_types = {{ nova_enabled_mdev_types | map(attribute='type') | list | default(discovered_mdev_types, true) | unique | join(',') }}
|
|
|
|
{% for record in nova_enabled_mdev_types | selectattr('address', 'defined') | list %}
|
|
[mdev_{{ record.type }}]
|
|
device_addresses = {{ (record.address is string) | ternary(record.address, record.address | join(',')) }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if nova_device_spec or nova_pci_alias %}
|
|
[pci]
|
|
{% if nova_device_spec %}
|
|
# PCI devices available to VMs
|
|
{% if nova_device_spec is string %}
|
|
device_spec = {{ nova_device_spec }}
|
|
{% elif nova_device_spec is mapping %}
|
|
device_spec = {{ nova_device_spec | to_json }}
|
|
{% else %}
|
|
{% for item in nova_device_spec %}
|
|
{% if item is string %}
|
|
device_spec = {{ item }}
|
|
{% elif item is mapping %}
|
|
device_spec = {{ item | to_json }}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if nova_pci_alias %}
|
|
# PCI Alias
|
|
{% for item in nova_pci_alias %}
|
|
alias = {{item}}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|