| {%- from "nova/map.jinja" import controller with context %} |
| [DEFAULT] |
| verbose = True |
| log-dir = /var/log/nova |
| {%- if controller.debug %} |
| debug = True |
| {%- else %} |
| debug = False |
| {%- endif %} |
| {%- if controller.logging.log_appender %} |
| log_config_append=/etc/nova/logging.conf |
| {%- endif %} |
| state_path = /var/lib/nova |
| volumes_dir = /etc/nova/volumes |
| dhcpbridge = /usr/bin/nova-dhcpbridge |
| dhcpbridge_flagfile = /etc/nova/nova.conf |
| force_dhcp_release = True |
| injected_network_template = /usr/share/nova/interfaces.template |
| libvirt_nonblocking = True |
| vif_plugging_is_fatal = False |
| vif_plugging_timeout = 0 |
| cpu_allocation_ratio = {{ controller.cpu_allocation_ratio }} |
| ram_allocation_ratio = {{ controller.ram_allocation_ratio }} |
| disk_allocation_ratio = {{ controller.disk_allocation_ratio }} |
| scheduler_default_filters = {{ controller.scheduler_default_filters }} |
| scheduler_available_filters = nova.scheduler.filters.all_filters |
| {%- if controller.default_schedule_zone is defined %} |
| default_schedule_zone = {{ controller.default_schedule_zone }} |
| {%- endif %} |
| {% for filter in controller.get('scheduler_custom_filters', []) %} |
| scheduler_available_filters = {{ filter }} |
| {% endfor %} |
| scheduler_driver = filter_scheduler |
| scheduler_use_baremetal_filters = False |
| allow_resize_to_same_host = True |
| osapi_max_limit = {{ controller.osapi_max_limit|default('1000') }} |
| notify_api_faults=False |
| iscsi_helper=tgtadm |
| connection_type=libvirt |
| root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf |
| api_paste_config=/etc/nova/api-paste.ini |
| max_age=0 |
| scheduler_max_attempts=3 |
| max_io_ops_per_host=8 |
| max_instances_per_host=50 |
| scheduler_host_manager={{ controller.get('scheduler_host_manager', 'host_manager') }} |
| use_forwarded_for=False |
| reservation_expire=86400 |
| compute_driver = libvirt.LibvirtDriver |
| rootwrap_config = /etc/nova/rootwrap.conf |
| auth_strategy = keystone |
| firewall_driver=nova.virt.firewall.NoopFirewallDriver |
| enabled_apis = osapi_compute,metadata |
| image_service=nova.image.glance.GlanceImageService |
| until_refresh=0 |
| scheduler_host_subset_size=30 |
| my_ip={{ controller.bind.private_address }} |
| fping_path=/usr/bin/fping |
| |
| service_down_time = {{ controller.service_down_time|default('180') }} |
| |
| |
| use_neutron = True |
| firewall_driver = nova.virt.firewall.NoopFirewallDriver |
| |
| osapi_volume_listen={{ controller.bind.private_address }} |
| osapi_compute_listen={{ controller.bind.private_address }} |
| metadata_listen={{ controller.bind.private_address }} |
| glance_host = {{ controller.glance.host }} |
| osapi_compute_workers = {{ controller.workers }} |
| metadata_workers = {{ controller.workers }} |
| |
| |
| allow_resize_to_same_host=True |
| |
| rpc_cast_timeout = 30 |
| rpc_response_timeout = 3600 |
| rpc_thread_pool_size = 70 |
| report_interval = 5 |
| |
| block_device_allocate_retries=600 |
| block_device_allocate_retries_interval=10 |
| |
| {%- set rabbit_port = controller.message_queue.get('port', 5671 if controller.message_queue.get('ssl',{}).get('enabled', False) else 5672) %} |
| |
| {%- if controller.message_queue.members is defined %} |
| transport_url = rabbit://{% for member in controller.message_queue.members -%} |
| {{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ member.host }}:{{ member.get('port', rabbit_port) }} |
| {%- if not loop.last -%},{%- endif -%} |
| {%- endfor -%} |
| /{{ controller.message_queue.virtual_host }} |
| {%- else %} |
| transport_url = rabbit://{{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ controller.message_queue.host }}:{{ rabbit_port }}/{{ controller.message_queue.virtual_host }} |
| {%- endif %} |
| |
| {# rabbitmq ssl configuration #} |
| {%- if controller.message_queue.get('ssl',{}).get('enabled', False) %} |
| |
| {%- if controller.host is defined %} |
| host={{ controller.host }} |
| {%- endif %} |
| |
| [oslo_messaging_rabbit] |
| rabbit_use_ssl=true |
| |
| {%- if controller.message_queue.ssl.version is defined %} |
| kombu_ssl_version = {{ controller.message_queue.ssl.version }} |
| {%- elif salt['grains.get']('pythonversion') > [2,7,8] %} |
| kombu_ssl_version = TLSv1_2 |
| {%- endif %} |
| |
| kombu_ssl_ca_certs = {{ controller.message_queue.ssl.get('cacert_file', controller.cacert_file) }} |
| {%- endif %} |
| |
| [vnc] |
| enabled = true |
| novncproxy_host = {{ controller.bind.get('novncproxy_address', '0.0.0.0') }} |
| novncproxy_base_url = {{ controller.vncproxy_url }}/vnc_auto.html |
| novncproxy_port={{ controller.bind.get('vncproxy_port', '6080') }} |
| {%- if pillar.nova.compute is defined %} |
| vncserver_listen={{ controller.bind.private_address }} |
| vncserver_proxyclient_address={{ controller.bind.private_address }} |
| {%- else %} |
| vncserver_listen={{ controller.bind.get('novncproxy_address', '0.0.0.0') }} |
| {%- endif %} |
| keymap = {{ controller.get('vnc_keymap', 'en-us') }} |
| |
| [spice] |
| enabled = false |
| html5proxy_base_url = {{ controller.vncproxy_url }}/spice_auto.html |
| |
| [libvirt] |
| inject_partition = -1 |
| use_usb_tablet = True |
| cpu_mode = host-passthrough |
| virt_type = kvm |
| use_virtio_for_bridges = True |
| |
| [oslo_concurrency] |
| |
| lock_path = /var/lib/nova/tmp |
| |
| [oslo_messaging_notifications] |
| {%- if controller.notification is mapping %} |
| driver = {{ controller.notification.get('driver', 'messagingv2') }} |
| {%- if controller.notification.topics is defined %} |
| topics = {{ controller.notification.topics }} |
| {%- endif %} |
| {%- elif controller.notification %} |
| driver=messagingv2 |
| {%- endif %} |
| |
| [oslo_messaging_rabbit] |
| rabbit_retry_interval = 1 |
| rabbit_retry_backoff = 2 |
| rpc_conn_pool_size = 300 |
| |
| [cache] |
| {%- if controller.cache is defined %} |
| enabled = true |
| backend = oslo_cache.memcache_pool |
| memcache_servers={%- for member in controller.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %} |
| {%- endif %} |
| |
| [keystone_authtoken] |
| revocation_cache_time = 10 |
| signing_dir=/tmp/keystone-signing-nova |
| auth_type = password |
| user_domain_id = {{ controller.identity.get('domain', 'default') }} |
| project_domain_id = {{ controller.identity.get('domain', 'default') }} |
| project_name = {{ controller.identity.tenant }} |
| username = {{ controller.identity.user }} |
| password = {{ controller.identity.password }} |
| auth_uri=http://{{ controller.identity.host }}:5000 |
| auth_url=http://{{ controller.identity.host }}:35357 |
| {%- if controller.cache is defined %} |
| memcached_servers={%- for member in controller.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %} |
| {%- endif %} |
| |
| [conductor] |
| workers = {{ controller.workers }} |
| |
| [database] |
| idle_timeout = 180 |
| min_pool_size = 100 |
| max_pool_size = 700 |
| max_overflow = 100 |
| retry_interval = 5 |
| max_retries = -1 |
| db_max_retries = 3 |
| db_retry_interval = 1 |
| connection_debug = 10 |
| pool_timeout = 120 |
| connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', conroller.cacert_file) }}{% endif %} |
| |
| [oslo_middleware] |
| enable_proxy_headers_parsing=True |
| |
| [api_database] |
| idle_timeout = 180 |
| min_pool_size = 100 |
| max_pool_size = 700 |
| max_overflow = 100 |
| retry_interval = 5 |
| max_retries = -1 |
| db_max_retries = 3 |
| db_retry_interval = 1 |
| connection_debug = 10 |
| pool_timeout = 120 |
| connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}_api?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', controller.cacert_file) }}{% endif %} |
| |
| [glance] |
| |
| api_servers = {{ controller.glance.host }}:9292 |
| |
| [neutron] |
| auth_type=v3password |
| project_domain_name = Default |
| user_domain_name = Default |
| auth_url = http://{{ controller.identity.host }}:35357/v3 |
| {% if pillar.neutron is defined and pillar.neutron.server is defined %} |
| password={{ pillar.neutron.server.identity.password }} |
| project_name={{ pillar.neutron.server.identity.tenant }} |
| username={{ pillar.neutron.server.identity.user }} |
| region_name= {{ pillar.neutron.server.identity.region }} |
| {%- else %} |
| password={{ controller.network.password }} |
| project_name={{ controller.network.tenant }} |
| username={{ controller.network.user }} |
| region_name= {{ controller.network.region }} |
| {%- endif %} |
| url=http://{{ controller.network.host }}:{{ controller.network.port }} |
| |
| {%- if controller.get('networking', 'default') != "contrail" %} |
| metadata_proxy_shared_secret={{ controller.metadata.password }} |
| {%- endif %} |
| service_metadata_proxy=True |
| |
| [cinder] |
| os_region_name = {{ controller.identity.region }} |
| catalog_info=volumev2:cinderv2:internalURL |
| {%- if controller.cross_az_attach is defined %} |
| cross_az_attach={{ controller.cross_az_attach }} |
| {%- endif %} |
| |
| [wsgi] |
| api_paste_config=/etc/nova/api-paste.ini |
| |
| [cors] |
| # |
| # From oslo.middleware |
| # |
| |
| # Indicate whether this resource may be shared with the domain received in the |
| # requests "origin" header. (list value) |
| #allowed_origin = <None> |
| {% if controller.cors.allowed_origin is defined %} |
| allowed_origin = {{ controller.cors.allowed_origin }} |
| {% endif %} |
| |
| # Indicate that the actual request can include user credentials (boolean value) |
| #allow_credentials = true |
| {% if controller.cors.allow_credentials is defined %} |
| allow_credentials = {{ controller.cors.allow_credentials }} |
| {% endif %} |
| |
| # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple |
| # Headers. (list value) |
| #expose_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token |
| {% if controller.cors.expose_headers is defined %} |
| expose_headers = {{ controller.cors.expose_headers }} |
| {% endif %} |
| |
| # Maximum cache age of CORS preflight requests. (integer value) |
| #max_age = 3600 |
| {% if controller.cors.max_age is defined %} |
| max_age = {{ controller.cors.max_age }} |
| {% endif %} |
| |
| |
| # Indicate which methods can be used during the actual request. (list value) |
| #allow_methods = GET,PUT,POST,DELETE,PATCH |
| {% if controller.cors.allow_methods is defined %} |
| allow_methods = {{ controller.cors.allow_methods }} |
| {% endif %} |
| |
| # Indicate which header field names may be used during the actual request. |
| # (list value) |
| #allow_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name |
| {% if controller.cors.allow_headers is defined %} |
| allow_headers = {{ controller.cors.allow_headers }} |
| {% endif %} |
| |
| {%- if controller.upgrade_levels is defined %} |
| [upgrade_levels] |
| {%- for key, value in controller.upgrade_levels.iteritems() %} |
| {{ key }}={{ value }} |
| {%- endfor %} |
| {%- endif %} |