Merge "Add Nova AZ dashboard"
diff --git a/README.rst b/README.rst
index e5151f0..845b30a 100644
--- a/README.rst
+++ b/README.rst
@@ -33,6 +33,10 @@
vif_plugging_timeout: 300
vif_plugging_is_fatal: false
instance_build_timeout: 600
+ use_cow_images: False
+ force_raw_images: True
+ snapshot_image_format: qcow2
+ images_type: default
concurrency:
lock_path: '/var/lib/nova/tmp'
consoleauth:
@@ -281,6 +285,20 @@
.. note:: Barbican, Cinder, and placement url endpoints are discovering
using service catalog.
+Change default service policy configuration:
+--------------------------------------------
+
+.. code-block:: yaml
+
+ nova:
+ controller:
+ policy:
+ 'context_is_admin': 'role:admin or role:administrator'
+ 'compute:create': 'rule:admin_or_owner'
+ # Add key without value to remove line from policy.json
+ 'compute:create:attach_network':
+
+
Compute nodes
-------------
diff --git a/nova/controller.sls b/nova/controller.sls
index c7ce2ba..a25c1d6 100644
--- a/nova/controller.sls
+++ b/nova/controller.sls
@@ -296,13 +296,11 @@
{% endif %}
{%- if controller.version not in ['liberty', 'mitaka', 'newton'] %}
-{# nova no longer ships with a default policy.json #}
-{#- Since Queens release `policy.json` is changed to `policy.yaml`. But default option in `oslo_policy` is `policy.json` #}
/etc/nova/{{ controller.get('oslo_policy', {}).get('policy_file', 'policy.json') }}:
file.managed:
- - contents: '{}'
+ - mode: 0640
- replace: False
- - user: nova
+ - user: root
- group: nova
- require:
- pkg: nova_controller_packages
@@ -314,11 +312,11 @@
nova_keystone_rule_{{ name }}_present:
keystone_policy.rule_present:
- path: /etc/nova/{{ controller.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
- - name: {{ name }}
- - rule: {{ rule }}
+ - name: '{{ name }}'
+ - rule: '{{ rule }}'
- require:
- pkg: nova_controller_packages
- {% if controller.version not in ['liberty', 'mitaka', 'newton'] %}
+ {%- if controller.version not in ['liberty', 'mitaka', 'newton'] %}
- file: /etc/nova/{{ controller.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
{% endif%}
@@ -327,10 +325,10 @@
nova_keystone_rule_{{ name }}_absent:
keystone_policy.rule_absent:
- path: /etc/nova/{{ controller.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
- - name: {{ name }}
+ - name: '{{ name }}'
- require:
- pkg: nova_controller_packages
- {% if controller.version not in ['liberty', 'mitaka', 'newton'] %}
+ {%- if controller.version not in ['liberty', 'mitaka', 'newton'] %}
- file: /etc/nova/{{ controller.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
{% endif%}
@@ -432,7 +430,7 @@
nova_controller_discover_hosts:
cmd.run:
- - name: nova-manage cell_v2 discover_hosts --verbose
+ - name: nova-manage cell_v2 discover_hosts --verbose --by-service
{%- if grains.get('noservices') %}
- onlyif: /bin/false
{%- endif %}
diff --git a/nova/files/ocata/nova-controller.conf.Debian b/nova/files/ocata/nova-controller.conf.Debian
index 7bef3bf..ba3b26b 100644
--- a/nova/files/ocata/nova-controller.conf.Debian
+++ b/nova/files/ocata/nova-controller.conf.Debian
@@ -378,6 +378,9 @@
# backing files will not be used.
# (boolean value)
#use_cow_images=true
+{%- if controller.use_cow_images is defined and controller.use_cow_images|string|lower in ['true','false'] %}
+use_cow_images = {{ controller.use_cow_images|lower }}
+{%- endif %}
#
# Force conversion of backing images to raw format.
@@ -392,6 +395,9 @@
# * ``compute_driver``: Only the libvirt driver uses this option.
# (boolean value)
#force_raw_images=true
+{%- if controller.force_raw_images is defined and controller.force_raw_images|string|lower in ['true','false'] %}
+force_raw_images = {{ controller.force_raw_images|lower }}
+{%- endif %}
#
# Name of the mkfs commands for ephemeral device.
@@ -6399,6 +6405,9 @@
# (string value)
# Allowed values: raw, qcow2, vmdk, vdi
#snapshot_image_format=<None>
+{%- if controller.snapshot_image_format is defined and controller.snapshot_image_format in ['raw','qcow2','vmdk','vdi'] %}
+snapshot_image_format = {{ controller.snapshot_image_format }}
+{%- endif %}
#
# Override the default disk prefix for the devices attached to an instance.
@@ -6533,6 +6542,9 @@
# (string value)
# Allowed values: raw, flat, qcow2, lvm, rbd, ploop, default
#images_type=default
+{%- if controller.images_type is defined and controller.images_type in ['raw','flat','qcow2','lvm','rbd','ploop','default'] %}
+images_type = {{ controller.images_type }}
+{%- endif %}
#
# LVM Volume Group that is used for VM images, when you specify images_type=lvm
diff --git a/nova/files/pike/nova-controller.conf.Debian b/nova/files/pike/nova-controller.conf.Debian
index f172c79..60b747e 100644
--- a/nova/files/pike/nova-controller.conf.Debian
+++ b/nova/files/pike/nova-controller.conf.Debian
@@ -388,6 +388,9 @@
# backing files will not be used.
# (boolean value)
#use_cow_images=true
+{%- if controller.use_cow_images is defined and controller.use_cow_images|string|lower in ['true','false'] %}
+use_cow_images = {{ controller.use_cow_images|lower }}
+{%- endif %}
#
# Force conversion of backing images to raw format.
@@ -402,6 +405,9 @@
# * ``compute_driver``: Only the libvirt driver uses this option.
# (boolean value)
#force_raw_images=true
+{%- if controller.force_raw_images is defined and controller.force_raw_images|string|lower in ['true','false'] %}
+force_raw_images = {{ controller.force_raw_images|lower }}
+{%- endif %}
#
# Name of the mkfs commands for ephemeral device.
@@ -6476,6 +6482,9 @@
# (string value)
# Allowed values: raw, qcow2, vmdk, vdi
#snapshot_image_format=<None>
+{%- if controller.snapshot_image_format is defined and controller.snapshot_image_format in ['raw','qcow2','vmdk','vdi'] %}
+snapshot_image_format = {{ controller.snapshot_image_format }}
+{%- endif %}
#
# Override the default disk prefix for the devices attached to an instance.
@@ -6613,6 +6622,9 @@
# (string value)
# Allowed values: raw, flat, qcow2, lvm, rbd, ploop, default
#images_type=default
+{%- if controller.images_type is defined and controller.images_type in ['raw','flat','qcow2','lvm','rbd','ploop','default'] %}
+images_type = {{ controller.images_type }}
+{%- endif %}
#
# LVM Volume Group that is used for VM images, when you specify images_type=lvm
diff --git a/nova/files/queens/nova-controller.conf.Debian b/nova/files/queens/nova-controller.conf.Debian
index a861933..ba57f84 100644
--- a/nova/files/queens/nova-controller.conf.Debian
+++ b/nova/files/queens/nova-controller.conf.Debian
@@ -384,6 +384,9 @@
# backing files will not be used.
# (boolean value)
#use_cow_images = true
+{%- if controller.use_cow_images is defined and controller.use_cow_images|string|lower in ['true','false'] %}
+use_cow_images = {{ controller.use_cow_images|lower }}
+{%- endif %}
#
# Force conversion of backing images to raw format.
@@ -398,6 +401,9 @@
# * ``compute_driver``: Only the libvirt driver uses this option.
# (boolean value)
#force_raw_images = true
+{%- if controller.force_raw_images is defined and controller.force_raw_images|string|lower in ['true','false'] %}
+force_raw_images = {{ controller.force_raw_images|lower }}
+{%- endif %}
#
# Name of the mkfs commands for ephemeral device.
@@ -6700,6 +6706,9 @@
# vmdk - <No description provided>
# vdi - <No description provided>
#snapshot_image_format = <None>
+{%- if controller.snapshot_image_format is defined and controller.snapshot_image_format in ['raw','qcow2','vmdk','vdi'] %}
+snapshot_image_format = {{ controller.snapshot_image_format }}
+{%- endif %}
#
# Override the default disk prefix for the devices attached to an
@@ -7027,6 +7036,9 @@
# ploop - <No description provided>
# default - <No description provided>
#images_type = default
+{%- if controller.images_type is defined and controller.images_type in ['raw','flat','qcow2','lvm','rbd','ploop','default'] %}
+images_type = {{ controller.images_type }}
+{%- endif %}
#
# LVM Volume Group that is used for VM images, when you specify
diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index 16a9cc2..0bbfb06 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls
@@ -14,6 +14,10 @@
workers: 8
instance_build_timeout: 600
secure_proxy_ssl_header: HTTP_X_FORWARDED_PROTO
+ use_cow_images: False
+ force_raw_images: True
+ snapshot_image_format: qcow2
+ images_type: default
bind:
private_address: 127.0.0.1
public_address: 127.0.0.1