{%- from "nova/map.jinja" import controller with context %}
[DEFAULT]
verbose = True
log-dir = /var/log/nova
{%- if controller.debug %}
debug = True
{%- else %}
debug = False
{%- endif %}
{%- if controller.logging.log_appender %}
log_config_append=/etc/nova/logging.conf
{%- endif %}
state_path = /var/lib/nova
volumes_dir = /etc/nova/volumes
dhcpbridge = /usr/bin/nova-dhcpbridge
dhcpbridge_flagfile = /etc/nova/nova.conf
force_dhcp_release = True
injected_network_template = /usr/share/nova/interfaces.template
libvirt_nonblocking = True
vif_plugging_is_fatal = False
vif_plugging_timeout = 0
cpu_allocation_ratio = {{ controller.cpu_allocation_ratio }}
ram_allocation_ratio = {{ controller.ram_allocation_ratio }}
disk_allocation_ratio = {{ controller.disk_allocation_ratio }}
scheduler_default_filters = {{ controller.scheduler_default_filters }}
scheduler_available_filters = nova.scheduler.filters.all_filters
{%- if controller.default_schedule_zone is defined %}
default_schedule_zone = {{ controller.default_schedule_zone }}
{%- endif %}
{% for filter in controller.get('scheduler_custom_filters', []) %}
scheduler_available_filters = {{ filter }}
{% endfor %}
scheduler_driver = filter_scheduler
scheduler_use_baremetal_filters = False
allow_resize_to_same_host = True
osapi_max_limit = {{ controller.osapi_max_limit|default('1000') }}
notify_api_faults=False
iscsi_helper=tgtadm
connection_type=libvirt
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
api_paste_config=/etc/nova/api-paste.ini
max_age=0
scheduler_max_attempts=3
max_io_ops_per_host=8
max_instances_per_host=50
scheduler_host_manager={{ controller.get('scheduler_host_manager', 'host_manager') }}
use_forwarded_for=False
reservation_expire=86400
compute_driver = libvirt.LibvirtDriver
rootwrap_config = /etc/nova/rootwrap.conf
auth_strategy = keystone
firewall_driver=nova.virt.firewall.NoopFirewallDriver
enabled_apis = osapi_compute,metadata
image_service=nova.image.glance.GlanceImageService
until_refresh=0
scheduler_host_subset_size=30
my_ip={{ controller.bind.private_address }}
fping_path=/usr/bin/fping

service_down_time = {{ controller.service_down_time|default('180') }}


use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

osapi_volume_listen={{ controller.bind.private_address }}
osapi_compute_listen={{ controller.bind.private_address }}
metadata_listen={{ controller.bind.private_address }}
glance_host = {{ controller.glance.host }}
osapi_compute_workers = {{ controller.workers }}
metadata_workers = {{ controller.workers }}


allow_resize_to_same_host=True

rpc_cast_timeout = 30
rpc_response_timeout = 3600
rpc_thread_pool_size = 70
report_interval = 5

block_device_allocate_retries=600
block_device_allocate_retries_interval=10

{%- set rabbit_port = controller.message_queue.get('port', 5671 if controller.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}

{%- if controller.message_queue.members is defined %}
transport_url = rabbit://{% for member in controller.message_queue.members -%}
                             {{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ member.host }}:{{ member.get('port', rabbit_port) }}
                             {%- if not loop.last -%},{%- endif -%}
                         {%- endfor -%}
                             /{{ controller.message_queue.virtual_host }}
{%- else %}
transport_url = rabbit://{{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ controller.message_queue.host }}:{{ rabbit_port }}/{{ controller.message_queue.virtual_host }}
{%- endif %}

{# rabbitmq ssl configuration #}
{%- if controller.message_queue.get('ssl',{}).get('enabled', False) %}

{%- if controller.host is defined %}
host={{ controller.host }}
{%- endif %}

[oslo_messaging_rabbit]
rabbit_use_ssl=true

{%- if controller.message_queue.ssl.version is defined %}
kombu_ssl_version = {{ controller.message_queue.ssl.version }}
{%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
kombu_ssl_version = TLSv1_2
{%- endif %}

kombu_ssl_ca_certs = {{ controller.message_queue.ssl.get('cacert_file', controller.cacert_file) }}
{%- endif %}

[vnc]
enabled = true
novncproxy_host = {{ controller.bind.get('novncproxy_address', '0.0.0.0') }}
novncproxy_base_url = {{ controller.vncproxy_url }}/vnc_auto.html
novncproxy_port={{ controller.bind.get('vncproxy_port', '6080') }}
{%- if pillar.nova.compute is defined %}
vncserver_listen={{ controller.bind.private_address }}
vncserver_proxyclient_address={{ controller.bind.private_address }}
{%- else %}
vncserver_listen={{ controller.bind.get('novncproxy_address', '0.0.0.0') }}
{%- endif %}
keymap = {{ controller.get('vnc_keymap', 'en-us') }}

[spice]
enabled = false
html5proxy_base_url = {{ controller.vncproxy_url }}/spice_auto.html

[libvirt]
inject_partition = -1
use_usb_tablet = True
cpu_mode = host-passthrough
virt_type = kvm
use_virtio_for_bridges = True

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

[oslo_messaging_notifications]
{%- if controller.notification is mapping %}
driver = {{ controller.notification.get('driver', 'messagingv2') }}
{%- if controller.notification.topics is defined %}
topics = {{ controller.notification.topics }}
{%- endif %}
{%- elif controller.notification %}
driver=messagingv2
{%- endif %}

[oslo_messaging_rabbit]
rabbit_retry_interval = 1
rabbit_retry_backoff = 2
rpc_conn_pool_size = 300

[cache]
{%- if controller.cache is defined %}
enabled = true
backend = oslo_cache.memcache_pool
memcache_servers={%- for member in controller.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
{%- endif %}

[keystone_authtoken]
revocation_cache_time = 10
signing_dir=/tmp/keystone-signing-nova
auth_type = password
user_domain_id = {{ controller.identity.get('domain', 'default') }}
project_domain_id = {{ controller.identity.get('domain', 'default') }}
project_name = {{ controller.identity.tenant }}
username = {{ controller.identity.user }}
password = {{ controller.identity.password }}
auth_uri=http://{{ controller.identity.host }}:5000
auth_url=http://{{ controller.identity.host }}:35357
{%- if controller.cache is defined %}
memcached_servers={%- for member in controller.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
{%- endif %}

[conductor]
workers = {{ controller.workers }}

[database]
idle_timeout = 180
min_pool_size = 100
max_pool_size = 700
max_overflow = 100
retry_interval = 5
max_retries = -1
db_max_retries = 3
db_retry_interval = 1
connection_debug = 10
pool_timeout = 120
connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', conroller.cacert_file) }}{% endif %}

[oslo_middleware]
enable_proxy_headers_parsing=True

[api_database]
idle_timeout = 180
min_pool_size = 100
max_pool_size = 700
max_overflow = 100
retry_interval = 5
max_retries = -1
db_max_retries = 3
db_retry_interval = 1
connection_debug = 10
pool_timeout = 120
connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}_api?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', controller.cacert_file) }}{% endif %}

[glance]

api_servers = {{ controller.glance.host }}:9292

[neutron]
auth_type=v3password
project_domain_name = Default
user_domain_name = Default
auth_url = http://{{ controller.identity.host }}:35357/v3
{% if pillar.neutron is defined and pillar.neutron.server is defined %}
password={{ pillar.neutron.server.identity.password }}
project_name={{ pillar.neutron.server.identity.tenant }}
username={{ pillar.neutron.server.identity.user }}
region_name= {{ pillar.neutron.server.identity.region }}
{%- else %}
password={{ controller.network.password }}
project_name={{ controller.network.tenant }}
username={{ controller.network.user }}
region_name= {{ controller.network.region }}
{%- endif %}
url=http://{{ controller.network.host }}:{{ controller.network.port }}

{%- if controller.get('networking', 'default') != "contrail" %}
metadata_proxy_shared_secret={{ controller.metadata.password }}
{%- endif %}
service_metadata_proxy=True

[cinder]
os_region_name = {{ controller.identity.region }}
catalog_info=volumev2:cinderv2:internalURL
{%- if controller.cross_az_attach is defined %}
cross_az_attach={{ controller.cross_az_attach }}
{%- endif %}

[wsgi]
api_paste_config=/etc/nova/api-paste.ini

[cors]
#
# From oslo.middleware
#

# Indicate whether this resource may be shared with the domain received in the
# requests "origin" header. (list value)
#allowed_origin = <None>
{% if controller.cors.allowed_origin is defined %}
allowed_origin = {{ controller.cors.allowed_origin }}
{% endif %}

# Indicate that the actual request can include user credentials (boolean value)
#allow_credentials = true
{% if controller.cors.allow_credentials is defined %}
allow_credentials = {{ controller.cors.allow_credentials }}
{% endif %}

# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
# Headers. (list value)
#expose_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
{% if controller.cors.expose_headers is defined %}
expose_headers = {{ controller.cors.expose_headers }}
{% endif %}

# Maximum cache age of CORS preflight requests. (integer value)
#max_age = 3600
{% if controller.cors.max_age is defined %}
max_age = {{ controller.cors.max_age }}
{% endif %}


# Indicate which methods can be used during the actual request. (list value)
#allow_methods = GET,PUT,POST,DELETE,PATCH
{% if controller.cors.allow_methods is defined %}
allow_methods = {{ controller.cors.allow_methods }}
{% endif %}

# Indicate which header field names may be used during the actual request.
# (list value)
#allow_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name
{% if controller.cors.allow_headers is defined %}
allow_headers = {{ controller.cors.allow_headers }}
{% endif %}

{%- if controller.upgrade_levels is defined %}
[upgrade_levels]
{%- for key, value in controller.upgrade_levels.iteritems() %}
{{ key }}={{ value }}
{%- endfor %}
{%- endif %}