
Controllers lacking compute should not be required to provide valid migration_interface as it is not used there (and prechecks do not check that either). Inclusion of libvirt conf section is now conditional on service type. libvirt conf section has been moved to separate included file to avoid evaluation of the undefined variable (conditional block did not prevent it and using 'default' filter may hide future issues). See https://github.com/ansible/ansible/issues/58835 Additionally this fixes the improper nesting of 'if' blocks for libvirt. Change-Id: I77af534fbe824cfbe95782ab97838b358c17b928 Closes-Bug: #1835713 Signed-off-by: Radosław Piliszek <radoslaw.piliszek@gmail.com>
288 lines
9.4 KiB
Django/Jinja
288 lines
9.4 KiB
Django/Jinja
# nova.conf
|
|
[DEFAULT]
|
|
debug = {{ nova_logging_debug }}
|
|
|
|
log_dir = /var/log/kolla/nova
|
|
|
|
state_path = /var/lib/nova
|
|
|
|
osapi_compute_listen = {{ api_interface_address }}
|
|
osapi_compute_listen_port = {{ nova_api_listen_port }}
|
|
osapi_compute_workers = {{ openstack_service_workers }}
|
|
metadata_workers = {{ openstack_service_workers }}
|
|
|
|
metadata_listen = {{ api_interface_address }}
|
|
metadata_listen_port = {{ nova_metadata_listen_port }}
|
|
|
|
# NOTE(mgoddard): This option has been deprecated but RDO sets a different
|
|
# default value for it in /usr/share/nova/nova-dist.conf which causes the
|
|
# ironic virt driver to fail to load. See
|
|
# https://bugs.launchpad.net/kolla-ansible/+bug/1701564.
|
|
firewall_driver = nova.virt.firewall.NoopFirewallDriver
|
|
|
|
allow_resize_to_same_host = true
|
|
|
|
{% if service_name == "nova-compute-ironic" %}
|
|
host={{ ansible_hostname }}-ironic
|
|
log_file = /var/log/kolla/nova/nova-compute-ironic.log
|
|
compute_driver = ironic.IronicDriver
|
|
ram_allocation_ratio = 1.0
|
|
reserved_host_memory_mb = 0
|
|
{% elif enable_nova_fake | bool %}
|
|
host = {{ ansible_hostname }}_{{ service_name }}
|
|
compute_driver = fake.FakeDriver
|
|
{% elif nova_compute_virt_type == 'vmware' %}
|
|
compute_driver = vmwareapi.VMwareVCDriver
|
|
{% elif nova_compute_virt_type == 'xenapi' %}
|
|
compute_driver = xenapi.XenAPIDriver
|
|
{% if service_name == 'nova-compute' %}
|
|
host = xenapi_facts['dom0_hostname']
|
|
{% endif %}
|
|
{% else %}
|
|
compute_driver = libvirt.LibvirtDriver
|
|
{% endif %}
|
|
|
|
# Though my_ip is not used directly, lots of other variables use $my_ip
|
|
my_ip = {{ api_interface_address }}
|
|
|
|
{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
|
|
instance_usage_audit = True
|
|
instance_usage_audit_period = hour
|
|
{% if enable_watcher | bool %}
|
|
compute_monitors=nova.compute.monitors.cpu.virt_driver
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
transport_url = {{ rpc_transport_url }}
|
|
|
|
{% if enable_blazar | bool %}
|
|
[filter_scheduler]
|
|
available_filters = nova.scheduler.filters.all_filters
|
|
available_filters = blazarnova.scheduler.filters.blazar_filter.BlazarFilter
|
|
enabled_filters = RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,BlazarFilter
|
|
{% endif %}
|
|
|
|
[api]
|
|
use_forwarded_for = true
|
|
|
|
[conductor]
|
|
workers = {{ openstack_service_workers }}
|
|
|
|
{% if nova_console == 'novnc' %}
|
|
[vnc]
|
|
{% if service_name == "nova-compute-ironic" %}
|
|
enabled = false
|
|
{% else %}
|
|
novncproxy_host = {{ api_interface_address }}
|
|
novncproxy_port = {{ nova_novncproxy_listen_port }}
|
|
server_listen = {{ api_interface_address }}
|
|
server_proxyclient_address = {{ api_interface_address }}
|
|
{% if inventory_hostname in groups['compute'] %}
|
|
novncproxy_base_url = {{ public_protocol }}://{{ nova_novncproxy_fqdn }}:{{ nova_novncproxy_port }}/vnc_auto.html
|
|
{% endif %}
|
|
{% endif %}
|
|
{% elif nova_console == 'spice' %}
|
|
[vnc]
|
|
# We have to turn off vnc to use spice
|
|
enabled = false
|
|
[spice]
|
|
enabled = true
|
|
server_listen = {{ api_interface_address }}
|
|
server_proxyclient_address = {{ api_interface_address }}
|
|
{% if inventory_hostname in groups['compute'] %}
|
|
html5proxy_base_url = {{ public_protocol }}://{{ nova_spicehtml5proxy_fqdn }}:{{ nova_spicehtml5proxy_port }}/spice_auto.html
|
|
{% endif %}
|
|
html5proxy_host = {{ api_interface_address }}
|
|
html5proxy_port = {{ nova_spicehtml5proxy_listen_port }}
|
|
{% elif nova_console == 'none' %}
|
|
[vnc]
|
|
enabled = false
|
|
[spice]
|
|
enabled = false
|
|
{% endif %}
|
|
{% if enable_nova_serialconsole_proxy | bool %}
|
|
[serial_console]
|
|
enabled = true
|
|
base_url = ws://{{ nova_serialproxy_fqdn }}:{{ nova_serialproxy_port }}/
|
|
serialproxy_host = {{ api_interface_address }}
|
|
serialproxy_port = {{ nova_serialproxy_listen_port }}
|
|
proxyclient_address = {{ api_interface_address }}
|
|
{% endif %}
|
|
|
|
{% if service_name == "nova-compute-ironic" %}
|
|
[ironic]
|
|
username = {{ ironic_keystone_user }}
|
|
password = {{ ironic_keystone_password }}
|
|
auth_url = {{ openstack_auth.auth_url }}/v3
|
|
auth_type = password
|
|
project_name = service
|
|
user_domain_name = {{ default_user_domain_name }}
|
|
project_domain_name = {{ default_project_domain_name }}
|
|
endpoint_override = {{ internal_protocol }}://{{ ironic_internal_fqdn }}:{{ ironic_api_port }}/v1
|
|
{% endif %}
|
|
|
|
[oslo_middleware]
|
|
enable_proxy_headers_parsing = True
|
|
|
|
[oslo_concurrency]
|
|
lock_path = /var/lib/nova/tmp
|
|
|
|
[glance]
|
|
api_servers = {{ internal_protocol }}://{{ glance_internal_fqdn }}:{{ glance_api_port }}
|
|
|
|
num_retries = {{ groups['glance-api'] | length }}
|
|
|
|
{% if enable_cinder | bool %}
|
|
[cinder]
|
|
catalog_info = volumev3:cinderv3:internalURL
|
|
os_region_name = {{ openstack_region_name }}
|
|
{% endif %}
|
|
|
|
[neutron]
|
|
url = {{ internal_protocol }}://{{ neutron_internal_fqdn }}:{{ neutron_server_port }}
|
|
metadata_proxy_shared_secret = {{ metadata_secret }}
|
|
service_metadata_proxy = true
|
|
{% if neutron_plugin_agent == 'vmware_nsxv3' %}
|
|
ovs_bridge = {{ ovs_bridge }}
|
|
{% endif %}
|
|
auth_url = {{ keystone_admin_url }}
|
|
auth_type = password
|
|
project_domain_name = {{ default_project_domain_name }}
|
|
user_domain_id = {{ default_user_domain_id }}
|
|
project_name = service
|
|
username = {{ neutron_keystone_user }}
|
|
password = {{ neutron_keystone_password }}
|
|
|
|
{% if not service_name.startswith('nova-compute') %}
|
|
[database]
|
|
connection = mysql+pymysql://{{ nova_database_user }}:{{ nova_database_password }}@{{ nova_database_address }}/{{ nova_database_name }}
|
|
max_pool_size = 50
|
|
max_overflow = 1000
|
|
max_retries = -1
|
|
|
|
[api_database]
|
|
connection = mysql+pymysql://{{ nova_api_database_user }}:{{ nova_api_database_password }}@{{ nova_api_database_address }}/{{ nova_api_database_name }}
|
|
max_retries = -1
|
|
{% endif %}
|
|
|
|
[cache]
|
|
backend = oslo_cache.memcache_pool
|
|
enabled = True
|
|
memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
|
|
|
|
|
[keystone_authtoken]
|
|
www_authenticate_uri = {{ keystone_internal_url }}
|
|
auth_url = {{ keystone_admin_url }}
|
|
auth_type = password
|
|
project_domain_id = {{ default_project_domain_id }}
|
|
user_domain_id = {{ default_user_domain_id }}
|
|
project_name = service
|
|
username = {{ nova_keystone_user }}
|
|
password = {{ nova_keystone_password }}
|
|
|
|
memcache_security_strategy = ENCRYPT
|
|
memcache_secret_key = {{ memcache_secret_key }}
|
|
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
|
|
|
{% if service_name == 'nova-compute' %}
|
|
{% if nova_compute_virt_type in ['kvm', 'qemu'] %}
|
|
{# must be an include because Ansible 2.8 (and earlier) does not like defined variables referencing undefined variables: migration_interface_address here #}
|
|
{# see https://github.com/ansible/ansible/issues/58835 #}
|
|
{% include 'nova.conf.d/libvirt.conf.j2' %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if nova_compute_virt_type == "vmware" %}
|
|
[vmware]
|
|
host_ip = {{ vmware_vcenter_host_ip }}
|
|
host_username = {{ vmware_vcenter_host_username }}
|
|
host_password = {{ vmware_vcenter_host_password }}
|
|
cluster_name = {{ vmware_vcenter_cluster_name }}
|
|
datastore_regex = {{ vmware_vcenter_datastore_regex }}
|
|
insecure = {{ vmware_vcenter_insecure }}
|
|
{% if not vmware_vcenter_insecure | bool %}
|
|
ca_file = /etc/nova/vmware_ca
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
[upgrade_levels]
|
|
compute = auto
|
|
|
|
[oslo_messaging_notifications]
|
|
transport_url = {{ notify_transport_url }}
|
|
{% if nova_enabled_notification_topics %}
|
|
driver = messagingv2
|
|
topics = {{ nova_enabled_notification_topics | map(attribute='name') | join(',') }}
|
|
{% else %}
|
|
driver = noop
|
|
{% endif %}
|
|
|
|
{% if nova_policy_file is defined %}
|
|
[oslo_policy]
|
|
policy_file = {{ nova_policy_file }}
|
|
{% endif %}
|
|
|
|
[privsep_entrypoint]
|
|
helper_command=sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf
|
|
|
|
[glance]
|
|
debug = {{ nova_logging_debug }}
|
|
|
|
[guestfs]
|
|
debug = {{ nova_logging_debug }}
|
|
|
|
[wsgi]
|
|
api_paste_config = /etc/nova/api-paste.ini
|
|
{% if kolla_enable_tls_external | bool %}
|
|
secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
|
|
{% endif %}
|
|
|
|
[scheduler]
|
|
max_attempts = 10
|
|
# NOTE(yoctozepto): kolla-ansible handles cell mapping by itself on each deploy
|
|
# periodic run must be disabled to avoid random failures (where both try to map)
|
|
# -1 is default and means periodic discovery is disabled
|
|
discover_hosts_in_cells_interval = -1
|
|
|
|
{% if enable_nova_fake | bool %}
|
|
default_filters = RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter
|
|
{% endif %}
|
|
|
|
[placement]
|
|
auth_type = password
|
|
auth_url = {{ keystone_admin_url }}
|
|
username = {{ placement_keystone_user }}
|
|
password = {{ placement_keystone_password }}
|
|
user_domain_name = {{ default_user_domain_name }}
|
|
project_name = service
|
|
project_domain_name = {{ default_project_domain_name }}
|
|
region_name = {{ openstack_region_name }}
|
|
os_interface = internal
|
|
|
|
[notifications]
|
|
{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool or enable_neutron_infoblox_ipam_agent | bool %}
|
|
notify_on_state_change = vm_and_task_state
|
|
{% endif %}
|
|
|
|
{% if enable_osprofiler | bool %}
|
|
[profiler]
|
|
enabled = true
|
|
trace_sqlalchemy = true
|
|
hmac_keys = {{ osprofiler_secret }}
|
|
connection_string = {{ osprofiler_backend_connection_string }}
|
|
{% endif %}
|
|
|
|
{% if enable_barbican | bool %}
|
|
[barbican]
|
|
auth_endpoint = {{ keystone_internal_url }}
|
|
{% endif %}
|
|
|
|
{% if nova_compute_virt_type == "xenapi" %}
|
|
[xenserver]
|
|
ovs_integration_bridge = br-int
|
|
connection_password = {{ xenserver_password }}
|
|
connection_username = {{ xenserver_username }}
|
|
connection_url = {{ xenserver_connect_protocol }}://{{ xenserver_himn_ip }}
|
|
{% endif %}
|