Existing defaults are setup for tcp, and set ca_file to an empty string.
'If you set this to an empty string, then no trusted CA certificate is loaded.'
libvirt may complain 'unsupported configuration: No server certificate path
set to match server key', as such tls should also be explicitly set to 0.
Change-Id: I49c64808cb236dab1d9fa2e699d0a2f2fc54cc99
Implements compute part of the blueprint.
Make virt_type of nova_compute configerable.
Change-Id: I0f37e49e09c4f14a64797506007bb55a6f534f0f
Partially-implements: blueprint kolla-ansible-support-vsphere
Co-Authored-By: shaofeng cheng <chengsf@winhong.com>
Currently nova.conf.j2 generates two compute_driver options for
nova_compute_ironic container like this:
compute_driver = ironic.IronicDriver
compute_driver = libvirt.LibvirtDriver
nova_compute_ironic container fails to start because the latter value
overrides the former one.
This patch fixes the issue recently introduced in [1].
[1] 63314ad6dd181a0e975438de2e99409238f1b775
Change-Id: Ibb661a5a594120be4195d331c38883c3b2886361
Closes-Bug: #1706534
Trace method is enabled in default for httpd. There is security risk
with trace enabled. So disable it in default. more info please check[0].
[0] https://security.stackexchange.com/a/7711
Change-Id: I4496a6d058d88e1abfb210085f189e7a610e0362
Closes-Bug: #1705160
kolla-kubernetes is using its own configuration generation[0], so it is
time for kolla-ansible to remove the related code to simplify the
logical.
[0] https://github.com/openstack/kolla-kubernetes/tree/master/ansible
Change-Id: I7bb0b7fe3b8eea906613e936d5e9d19f4f2e80bb
Implements: blueprint clean-k8s-config
RDO packages a distribution configuration file
/usr/share/nova/nova-dist.conf which contains the following setting:
firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver
This causes the nova-compute-ironic service to fail to start as the
nova ironic virt driver attempts and fails to create a firewall driver
using this class.
This change reinstates the explicit setting of the [DEFAULT]
firewall_driver option to the noop driver which resolves this issue.
This comes at the cost of a WARN log message due to the option being
deprecated (see
6d831db687).
Change-Id: I41bd9d0671118ff256e7ada766e8653bb4b2b376
Closes-Bug: #1701564
With the following configuration in globals.yml
enable_ceilometer="no"
enable_designate="no"
enable_searchlight="yes"
nova.conf is generated like following:
[oslo_messaging_notifications]
driver = messagingv2
topics =
topics value is missing.
Change-Id: I27145c0da8b864b2614091933c33d83bdec8b9be
Closes-Bug: #1671935
Co-Authored-By: Jeffrey Zhang <jeffrey.zhang@99cloud.net>
Remove option vnc_enabled from group default.
Add option enabled in group vnc.
Change-Id: Ia48b335fd9d160b53bc2ec98b7e3bc5b89b9c553
Closes-Bug: #1695181
Many of the templates use 600, remove unnecessary permission
on these templates to bring them in line with the others.
Change-Id: I30fe1b3822b9c7bb6ab98729fc519dc1d603db27
If used external ceph for nova,the ceph storage not enable cephx.
So ceph keyring file not does not exist.
Task throw error of check ceph keyring files.
Change-Id: I6257c107b94abf4d363e854229aaab8301d1d694
Closes-Bug: #1684522
If disable cinder in openstack environment.
Cinder of configuration items do not need to configure in nova.conf
Change-Id: Ie346dfe45f8c2d3fd383095d0c64f8e9421100ff
* Ironic do not support multi glance ips.
* Write the nova-compute-ironic binary log to nova-compute-ironic.log
file
Change-Id: I87359c47a5845c4d7a6ab9daaefcc94a51c92eb0
Closes-Bug: #1671989
It is unnecessary and a waste to run nova-compute-ironic on a single
node, change the host name field in nova-compute-ironic could ensure
nova-compute and nova-compute-ironic run on the same node.
Change-Id: If2acbf25caab0570da444472003599b9e0f2a1ff
Closes-Bug: #1671103
Booting from volume require cinder's ceph client secret now. Move cinder
before nova in site.yml, because nova depends on cinder ceph client key
now.
Change-Id: I01c9ed80843d98305b8963894c4917c21a35d3ac
Closes-Bug: #1670676
Libvirt 2.5 (latest version in cloud archive) seems to have changed
behavior of dynamic_ownership.
Change-Id: Icf9592c2f82f0f4a35074b9b13a51643a32631e9
Closes-bug: #1668654
In ironic environment deployment, the compute nodes info will be empty
until ironic node is created. There are also some case that user just
want deploy without any nova-compute.
Also enable auto discover hosts feature. This is useful for small
environment.
Closes-Bug: #1666031
Change-Id: I6f3d1c3668452a404875aa5621ee99b2b41e28f0
The kolla-kubernetes deliverable uses Newton images, however,
the kolla-ansible 4.0.0 deliverable is targeted at Ocata. In
Ocata, nova requires the placement API implementation. This
change is transitory until genconfig is no longer required
for kolla-kubernetes to operate.
Change-Id: I1c192a01d91b4f507bafadb53b6abb1efdcdb46c
Closes-Bug: #1663961
Usernames can be configured with variables in
configuration files, but user creation is hardcoded.
Change-Id: I057cfb921d776217db66f59226dcfa79f3eb7368
Closes-Bug: #1661587
