Merge "Implemented usage libvirt+tls"
diff --git a/nova/controller.sls b/nova/controller.sls
index d8ea1b9..528e0b0 100644
--- a/nova/controller.sls
+++ b/nova/controller.sls
@@ -260,7 +260,7 @@
nova_cell1_create:
cmd.run:
- - name: nova-manage cell_v2 create_cell --name=cell1
+ - name: nova-manage cell_v2 create_cell --name=cell1 --verbose
{%- if grains.get('noservices') %}
- onlyif: /bin/false
{%- endif %}
@@ -364,7 +364,7 @@
nova_controller_discover_hosts:
cmd.run:
- - name: nova-manage cell_v2 discover_hosts
+ - name: nova-manage cell_v2 discover_hosts --verbose
{%- if grains.get('noservices') %}
- onlyif: /bin/false
{%- endif %}
diff --git a/nova/files/queens/nova-compute.conf.Debian b/nova/files/queens/nova-compute.conf.Debian
index 62ece42..10e9cc8 100644
--- a/nova/files/queens/nova-compute.conf.Debian
+++ b/nova/files/queens/nova-compute.conf.Debian
@@ -3357,7 +3357,7 @@
{%- endif %}
{%- set _data = compute.message_queue %}
-{%- include "oslo_templates/files/queens/oslo/_messaging_default.conf" %}
+{%- include "oslo_templates/files/queens/oslo/messaging/_default.conf" %}
[api]
#
@@ -3711,67 +3711,11 @@
[api_database]
-#
-# The *Nova API Database* is a separate database which is used for
-# information
-# which is used across *cells*. This database is mandatory since the
-# Mitaka
-# release (13.0.0).
-
-#
-# From nova.conf
-#
-
-# The SQLAlchemy connection string to use to connect to the database.
-# (string value)
-#connection = <None>
-connection=sqlite:////var/lib/nova/nova.sqlite
-
-# If True, SQLite uses synchronous mode. (boolean value)
-#sqlite_synchronous = true
-
-# The SQLAlchemy connection string to use to connect to the slave
-# database. (string value)
-#slave_connection = <None>
-
-# The SQL mode to be used for MySQL sessions. This option, including
-# the default, overrides any server-set SQL mode. To use whatever SQL
-# mode is set by the server configuration, set this to no value.
-# Example: mysql_sql_mode= (string value)
-#mysql_sql_mode = TRADITIONAL
-
-# Connections which have been present in the connection pool longer
-# than this number of seconds will be replaced with a new one the next
-# time they are checked out from the pool. (integer value)
-# Deprecated group/name - [api_database]/idle_timeout
-#connection_recycle_time = 3600
-
-# Maximum number of SQL connections to keep open in a pool. Setting a
-# value of 0 indicates no limit. (integer value)
-#max_pool_size = <None>
-
-# Maximum number of database connection retries during startup. Set to
-# -1 to specify an infinite retry count. (integer value)
-#max_retries = 10
-
-# Interval between retries of opening a SQL connection. (integer
-# value)
-#retry_interval = 10
-
-# If set, use this value for max_overflow with SQLAlchemy. (integer
-# value)
-#max_overflow = <None>
-
-# Verbosity of SQL debugging information: 0=None, 100=Everything.
-# (integer value)
-#connection_debug = 0
-
-# Add Python stack traces to SQL as comment strings. (boolean value)
-#connection_trace = false
-
-# If set, use this value for pool_timeout with SQLAlchemy. (integer
-# value)
-#pool_timeout = <None>
+{%- set _data = {} %}
+{%- do _data.update(compute.database) %}
+{%- do _data.update({'name': 'nova_api'}) %}
+{%- if _data.ssl is defined and 'cacert_file' not in _data.get('ssl', {}).keys() %}{% do _data['ssl'].update({'cacert_file': compute.cacert_file}) %}{% endif %}
+{%- include "oslo_templates/files/queens/oslo/_database.conf" %}
{%- if compute.get('barbican', {}).get('enabled', False) %}
{%- set _data = compute.identity %}
@@ -4417,11 +4361,6 @@
#
# From nova.conf
#
-os_region_name = {{ compute.identity.region }}
-catalog_info=volumev2:cinderv2:internalURL
-{%- if compute.image.get('protocol', 'http') == 'https' %}
-cafile={{ compute.identity.get('cacert_file', compute.cacert_file) }}
-{%- endif %}
#
# Info to match when looking for cinder in the service catalog.
@@ -4472,6 +4411,7 @@
# * Any string representing region name
# (string value)
#os_region_name = <None>
+os_region_name = {{ compute.identity.region }}
#
# Number of times cinderclient should retry on any failed http call.
@@ -4513,88 +4453,9 @@
cross_az_attach={{ compute.cross_az_attach }}
{%- endif %}
-# PEM encoded Certificate Authority to use when verifying HTTPs
-# connections. (string value)
-#cafile = <None>
-
-# PEM encoded client certificate cert file (string value)
-#certfile = <None>
-
-# PEM encoded client certificate key file (string value)
-#keyfile = <None>
-
-# Verify HTTPS connections. (boolean value)
-#insecure = false
-
-# Timeout value for http requests (integer value)
-#timeout = <None>
-
-# Authentication type to load (string value)
-# Deprecated group/name - [cinder]/auth_plugin
-#auth_type = <None>
-
-# Config Section from which to load plugin specific options (string
-# value)
-#auth_section = <None>
-
-# Authentication URL (string value)
-#auth_url = <None>
-
-# Scope for system operations (string value)
-#system_scope = <None>
-
-# Domain ID to scope to (string value)
-#domain_id = <None>
-
-# Domain name to scope to (string value)
-#domain_name = <None>
-
-# Project ID to scope to (string value)
-#project_id = <None>
-
-# Project name to scope to (string value)
-#project_name = <None>
-
-# Domain ID containing project (string value)
-#project_domain_id = <None>
-
-# Domain name containing project (string value)
-#project_domain_name = <None>
-
-# Trust ID (string value)
-#trust_id = <None>
-
-# Optional domain ID to use with v3 and v2 parameters. It will be used
-# for both the user and project domain in v3 and ignored in v2
-# authentication. (string value)
-#default_domain_id = <None>
-
-# Optional domain name to use with v3 API and v2 parameters. It will
-# be used for both the user and project domain in v3 and ignored in v2
-# authentication. (string value)
-#default_domain_name = <None>
-
-# User ID (string value)
-#user_id = <None>
-
-# Username (string value)
-# Deprecated group/name - [cinder]/user_name
-#username = <None>
-
-# User's domain id (string value)
-#user_domain_id = <None>
-
-# User's domain name (string value)
-#user_domain_name = <None>
-
-# User's password (string value)
-#password = <None>
-
-# Tenant ID (string value)
-#tenant_id = <None>
-
-# Tenant Name (string value)
-#tenant_name = <None>
+{%- set _data = compute.get('cinder', compute.get('identity', {})) %}
+{%- set auth_type = _data.get('auth_type', 'password') %}
+{%- include "oslo_templates/files/queens/keystoneauth/_type_" + auth_type + ".conf" %}
[compute]
@@ -6354,7 +6215,6 @@
#
# From nova.conf
#
-cpu_mode = {{ compute.cpu_mode }}
{%- if compute.libvirt.virt_type is defined %}
virt_type = {{ compute.libvirt.virt_type }}
{%- else %}
@@ -7032,11 +6892,8 @@
# host-passthrough - <No description provided>
# custom - <No description provided>
# none - <No description provided>
-{%- if compute.get('libvirt', {}).cpu_model is defined and compute.cpu_mode == 'custom' %}
-cpu_model = {{ compute.libvirt.cpu_model }}
-{%- else %}
-#cpu_model=<None>
-{%- endif %}
+#cpu_mode = <None>
+cpu_mode = {{ compute.cpu_mode }}
#
# Set the name of the libvirt CPU model the instance should use.
@@ -7057,6 +6914,9 @@
# use this.
# (string value)
#cpu_model = <None>
+{%- if compute.get('libvirt', {}).cpu_model is defined and compute.cpu_mode == 'custom' %}
+cpu_model = {{ compute.libvirt.cpu_model }}
+{%- endif %}
#
# This allows specifying granular CPU feature flags when specifying
diff --git a/nova/files/queens/nova-controller.conf.Debian b/nova/files/queens/nova-controller.conf.Debian
index 480fec8..8883c82 100644
--- a/nova/files/queens/nova-controller.conf.Debian
+++ b/nova/files/queens/nova-controller.conf.Debian
@@ -3191,6 +3191,7 @@
# requests.
# (string value)
#osapi_compute_listen = 0.0.0.0
+osapi_compute_listen = {{ controller.bind.private_address }}
#
# Port on which the OpenStack API will listen.
@@ -3706,67 +3707,11 @@
[api_database]
-#
-# The *Nova API Database* is a separate database which is used for
-# information
-# which is used across *cells*. This database is mandatory since the
-# Mitaka
-# release (13.0.0).
-
-#
-# From nova.conf
-#
-
-# The SQLAlchemy connection string to use to connect to the database.
-# (string value)
-#connection = <None>
-connection=sqlite:////var/lib/nova/nova.sqlite
-
-# If True, SQLite uses synchronous mode. (boolean value)
-#sqlite_synchronous = true
-
-# The SQLAlchemy connection string to use to connect to the slave
-# database. (string value)
-#slave_connection = <None>
-
-# The SQL mode to be used for MySQL sessions. This option, including
-# the default, overrides any server-set SQL mode. To use whatever SQL
-# mode is set by the server configuration, set this to no value.
-# Example: mysql_sql_mode= (string value)
-#mysql_sql_mode = TRADITIONAL
-
-# Connections which have been present in the connection pool longer
-# than this number of seconds will be replaced with a new one the next
-# time they are checked out from the pool. (integer value)
-# Deprecated group/name - [api_database]/idle_timeout
-#connection_recycle_time = 3600
-
-# Maximum number of SQL connections to keep open in a pool. Setting a
-# value of 0 indicates no limit. (integer value)
-#max_pool_size = <None>
-
-# Maximum number of database connection retries during startup. Set to
-# -1 to specify an infinite retry count. (integer value)
-#max_retries = 10
-
-# Interval between retries of opening a SQL connection. (integer
-# value)
-#retry_interval = 10
-
-# If set, use this value for max_overflow with SQLAlchemy. (integer
-# value)
-#max_overflow = <None>
-
-# Verbosity of SQL debugging information: 0=None, 100=Everything.
-# (integer value)
-#connection_debug = 0
-
-# Add Python stack traces to SQL as comment strings. (boolean value)
-#connection_trace = false
-
-# If set, use this value for pool_timeout with SQLAlchemy. (integer
-# value)
-#pool_timeout = <None>
+{%- set _data = {} %}
+{%- do _data.update(controller.database) %}
+{%- do _data.update({'name': 'nova_api'}) %}
+{%- if _data.ssl is defined and 'cacert_file' not in _data.get('ssl', {}).keys() %}{% do _data['ssl'].update({'cacert_file': controller.cacert_file}) %}{% endif %}
+{%- include "oslo_templates/files/queens/oslo/_database.conf" %}
{%- if controller.get('barbican', {}).get('enabled', False) %}
{%- set _data = controller.identity %}
@@ -4412,10 +4357,6 @@
#
# From nova.conf
#
-catalog_info=volumev2:cinderv2:internalURL
-{%- if controller.glance.get('protocol', 'http') == 'https' %}
-cafile={{ controller.identity.get('cacert_file', controller.cacert_file) }}
-{%- endif %}
#
# Info to match when looking for cinder in the service catalog.
@@ -4434,6 +4375,7 @@
# * endpoint_template - Setting this option will override catalog_info
# (string value)
#catalog_info = volumev3:cinderv3:publicURL
+catalog_info = volumev3:cinderv3:publicURL
#
# If this option is set then it will override service catalog lookup
@@ -4456,13 +4398,6 @@
# (string value)
#endpoint_template = <None>
-#
-# Region name of this node. This is used when picking the URL in the
-# service
-# catalog.
-#
-# Possible values:
-#
# * Any string representing region name
# (string value)
#os_region_name = <None>
@@ -4508,88 +4443,9 @@
cross_az_attach={{ controller.cross_az_attach }}
{%- endif %}
-# PEM encoded Certificate Authority to use when verifying HTTPs
-# connections. (string value)
-#cafile = <None>
-
-# PEM encoded client certificate cert file (string value)
-#certfile = <None>
-
-# PEM encoded client certificate key file (string value)
-#keyfile = <None>
-
-# Verify HTTPS connections. (boolean value)
-#insecure = false
-
-# Timeout value for http requests (integer value)
-#timeout = <None>
-
-# Authentication type to load (string value)
-# Deprecated group/name - [cinder]/auth_plugin
-#auth_type = <None>
-
-# Config Section from which to load plugin specific options (string
-# value)
-#auth_section = <None>
-
-# Authentication URL (string value)
-#auth_url = <None>
-
-# Scope for system operations (string value)
-#system_scope = <None>
-
-# Domain ID to scope to (string value)
-#domain_id = <None>
-
-# Domain name to scope to (string value)
-#domain_name = <None>
-
-# Project ID to scope to (string value)
-#project_id = <None>
-
-# Project name to scope to (string value)
-#project_name = <None>
-
-# Domain ID containing project (string value)
-#project_domain_id = <None>
-
-# Domain name containing project (string value)
-#project_domain_name = <None>
-
-# Trust ID (string value)
-#trust_id = <None>
-
-# Optional domain ID to use with v3 and v2 parameters. It will be used
-# for both the user and project domain in v3 and ignored in v2
-# authentication. (string value)
-#default_domain_id = <None>
-
-# Optional domain name to use with v3 API and v2 parameters. It will
-# be used for both the user and project domain in v3 and ignored in v2
-# authentication. (string value)
-#default_domain_name = <None>
-
-# User ID (string value)
-#user_id = <None>
-
-# Username (string value)
-# Deprecated group/name - [cinder]/user_name
-#username = <None>
-
-# User's domain id (string value)
-#user_domain_id = <None>
-
-# User's domain name (string value)
-#user_domain_name = <None>
-
-# User's password (string value)
-#password = <None>
-
-# Tenant ID (string value)
-#tenant_id = <None>
-
-# Tenant Name (string value)
-#tenant_name = <None>
+{%- set _data = controller.get('cinder', controller.get('identity', {})) %}
+{%- set auth_type = _data.get('auth_type', 'password') %}
+{%- include "oslo_templates/files/queens/keystoneauth/_type_" + auth_type + ".conf" %}
[conductor]
#
@@ -6932,7 +6788,10 @@
# host-passthrough - <No description provided>
# custom - <No description provided>
# none - <No description provided>
-cpu_model = host-passthrough
+# cpu_model = <None>
+{%- if controller.cpu_mode is defined %}
+cpu_mode = {{ controller.cpu_mode }}
+{%- endif %}
#
# Set the name of the libvirt CPU model the instance should use.
@@ -6953,6 +6812,10 @@
# use this.
# (string value)
#cpu_model = <None>
+{%- if controller.get('libvirt', {}).cpu_model is defined and controller.cpu_mode == 'custom' %}
+cpu_model = {{ controller.libvirt.cpu_model }}
+{%- endif %}
+
#
# This allows specifying granular CPU feature flags when specifying
@@ -7833,6 +7696,7 @@
# * metadata_proxy_shared_secret
# (boolean value)
#service_metadata_proxy = false
+service_metadata_proxy=True
#
# This option holds the shared secret string used to validate proxy
@@ -7846,6 +7710,9 @@
# * service_metadata_proxy
# (string value)
#metadata_proxy_shared_secret =
+{%- if controller.get('networking', 'default') != "contrail" %}
+metadata_proxy_shared_secret = {{ controller.metadata.password }}
+{%- endif %}
# PEM encoded Certificate Authority to use when verifying HTTPs
# connections. (string value)