Merge pull request #41 from mnederlof/scheduler-filters-fix
Fix custom available filters for ocata and pike
diff --git a/.kitchen.yml b/.kitchen.yml
index ebc69d5..d4c9f5e 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -21,6 +21,9 @@
- name: keystone
repo: git
source: https://github.com/salt-formulas/salt-formula-keystone
+ - name: apache
+ repo: git
+ source: https://github.com/salt-formulas/salt-formula-apache
state_top:
base:
"*":
@@ -41,9 +44,9 @@
sudo: true
platforms:
- - name: <%= ENV['PLATFORM'] || 'ubuntu-xenial' %>
+ - name: <%=ENV['PLATFORM'] || 'saltstack-ubuntu-xenial-salt-stable' %>
driver_config:
- image: <%= ENV['PLATFORM'] || 'trevorj/salty-whales:xenial' %>
+ image: <%=ENV['PLATFORM'] || 'epcim/salt:saltstack-ubuntu-xenial-salt-stable'%>
platform: ubuntu
suites:
@@ -68,4 +71,5 @@
controller:
version: <%= ENV['OS_VERSION'] || 'ocata' %>
+
# vim: ft=yaml sw=2 ts=2 sts=2 tw=125
diff --git a/.travis.yml b/.travis.yml
index 51f3437..60015c8 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,3 +1,6 @@
+language: python
+python:
+- "2.7.13"
sudo: required
services:
- docker
@@ -17,22 +20,26 @@
- bundle install
env:
- - PLATFORM=trevorj/salty-whales:trusty-2017.7 OS_VERSION=mitaka SUITE=compute-cluster
- - PLATFORM=trevorj/salty-whales:trusty-2017.7 OS_VERSION=mitaka SUITE=control-cluster
- - PLATFORM=trevorj/salty-whales:xenial-2017.7 OS_VERSION=mitaka SUITE=compute-cluster
- - PLATFORM=trevorj/salty-whales:xenial-2017.7 OS_VERSION=mitaka SUITE=control-cluster
- - PLATFORM=trevorj/salty-whales:xenial-2017.7 OS_VERSION=newton SUITE=compute-cluster
- - PLATFORM=trevorj/salty-whales:xenial-2017.7 OS_VERSION=newton SUITE=control-cluster
- - PLATFORM=trevorj/salty-whales:xenial-2017.7 OS_VERSION=ocata SUITE=compute-cluster
- - PLATFORM=trevorj/salty-whales:xenial-2017.7 OS_VERSION=ocata SUITE=control-cluster
- - PLATFORM=trevorj/salty-whales:trusty OS_VERSION=mitaka SUITE=compute-cluster
- - PLATFORM=trevorj/salty-whales:trusty OS_VERSION=mitaka SUITE=control-cluster
- - PLATFORM=trevorj/salty-whales:xenial OS_VERSION=mitaka SUITE=compute-cluster
- - PLATFORM=trevorj/salty-whales:xenial OS_VERSION=mitaka SUITE=control-cluster
- - PLATFORM=trevorj/salty-whales:xenial OS_VERSION=newton SUITE=compute-cluster
- - PLATFORM=trevorj/salty-whales:xenial OS_VERSION=newton SUITE=control-cluster
- - PLATFORM=trevorj/salty-whales:xenial OS_VERSION=ocata SUITE=compute-cluster
- - PLATFORM=trevorj/salty-whales:xenial OS_VERSION=ocata SUITE=control-cluster
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2017.7 OS_VERSION=mitaka SUITE=compute-cluster
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2017.7 OS_VERSION=mitaka SUITE=control-cluster
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2017.7 OS_VERSION=newton SUITE=compute-cluster
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2017.7 OS_VERSION=newton SUITE=control-cluster
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2017.7 OS_VERSION=ocata SUITE=compute-cluster
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2017.7 OS_VERSION=ocata SUITE=control-cluster
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2018.3 OS_VERSION=ocata SUITE=compute-cluster
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2018.3 OS_VERSION=ocata SUITE=control-cluster
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2018.3 OS_VERSION=pike SUITE=compute-cluster
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2018.3 OS_VERSION=pike SUITE=control-cluster
+ # - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2017.7 OS_VERSION=mitaka SUITE=compute-cluster
+ # - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2017.7 OS_VERSION=mitaka SUITE=control-cluster
+ # - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2017.7 OS_VERSION=newton SUITE=compute-cluster
+ # - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2017.7 OS_VERSION=newton SUITE=control-cluster
+ # - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2017.7 OS_VERSION=ocata SUITE=compute-cluster
+ # - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2017.7 OS_VERSION=ocata SUITE=control-cluster
+ # - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2018.3 OS_VERSION=ocata SUITE=compute-cluster
+ # - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2018.3 OS_VERSION=ocata SUITE=control-cluster
+ # - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2018.3 OS_VERSION=pike SUITE=compute-cluster
+ # - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2018.3 OS_VERSION=pike SUITE=control-cluster
before_script:
- set -o pipefail
diff --git a/Makefile b/Makefile
index 1043fbe..d166862 100644
--- a/Makefile
+++ b/Makefile
@@ -27,6 +27,7 @@
all:
@echo "make install - Install into DESTDIR"
+ @echo "make lint - Run lint tests"
@echo "make test - Run tests"
@echo "make kitchen - Run Kitchen CI tests (create, converge, verify)"
@echo "make clean - Cleanup after tests run"
@@ -45,6 +46,9 @@
[ -d $(DESTDIR)/$(RECLASSDIR)/service/$(FORMULANAME) ] || mkdir -p $(DESTDIR)/$(RECLASSDIR)/service/$(FORMULANAME)
cp -a metadata/service/* $(DESTDIR)/$(RECLASSDIR)/service/$(FORMULANAME)
+lint:
+ [ ! -d tests ] || (cd tests; ./run_tests.sh lint)
+
test:
[ ! -d tests ] || (cd tests; ./run_tests.sh)
@@ -65,7 +69,7 @@
[ ! -f debian/changelog ] || dch -v $(VERSION_MAJOR).$(NEW_MINOR_VERSION) -m --force-distribution -D `dpkg-parsechangelog -S Distribution` "New version"
make genchangelog-$(VERSION_MAJOR).$(NEW_MINOR_VERSION)
(git add -u; git commit -m "Version $(VERSION_MAJOR).$(NEW_MINOR_VERSION)")
- git tag -s -m $(NEW_MAJOR_VERSION) $(VERSION_MAJOR).$(NEW_MINOR_VERSION)
+ git tag -s -m $(VERSION_MAJOR).$(NEW_MINOR_VERSION) $(VERSION_MAJOR).$(NEW_MINOR_VERSION)
check-changes:
@git log --pretty=oneline --decorate $(VERSION)..HEAD | grep -Eqc '.*' || (echo "No new changes since version $(VERSION)"; exit 1)
diff --git a/README.rst b/README.rst
index 828dd01..b93b061 100644
--- a/README.rst
+++ b/README.rst
@@ -1,6 +1,6 @@
============
-Nova Formula
+Usage
============
OpenStack Nova provides a cloud computing fabric controller, supporting a wide
@@ -14,7 +14,7 @@
Controller nodes
----------------
-Nova services on the controller node
+Nova services on the controller node:
.. code-block:: yaml
@@ -74,8 +74,7 @@
barbican:
enabled: true
-
-Nova services from custom package repository
+Nova services from custom package repository:
.. code-block:: yaml
@@ -87,8 +86,7 @@
address: http://...
....
-
-Client-side RabbitMQ HA setup
+Client-side RabbitMQ HA setup:
.. code-block:: yaml
@@ -106,8 +104,7 @@
virtual_host: '/openstack'
....
-
-Enable auditing filter, ie: CADF
+Enable auditing filter, i.e: CADF:
.. code-block:: yaml
@@ -120,8 +117,7 @@
map_file: '/etc/pycadf/nova_api_audit_map.conf'
....
-
-Enable CORS parameters
+Enable CORS parameters:
.. code-block:: yaml
@@ -135,7 +131,7 @@
allow_credentials: True
max_age: 86400
-Configuration of policy.json file
+Configuration of the ``policy.json`` file:
.. code-block:: yaml
@@ -148,7 +144,7 @@
# Add key without value to remove line from policy.json
'compute:create:attach_network':
-Enable Barbican integration
+Enable Barbican integration:
.. code-block:: yaml
@@ -158,87 +154,93 @@
barbican:
enabled: true
+Enable cells update:
+
+.. note:: Useful when upgrading Openstack. To update cells to test
+ sync db agains duplicated production database.
+
+.. code-block:: yaml
+
+ nova:
+ controller:
+ update_cells: true
+
Configuring TLS communications
------------------------------
-
-**Note:** by default system wide installed CA certs are used, so ``cacert_file`` param is optional, as well as ``cacert``.
-
-
+.. note:: By default system wide installed CA certs are used,
+ so ``cacert_file`` param is optional, as well as ``cacert``.
- **RabbitMQ TLS**
-.. code-block:: yaml
+ .. code-block:: yaml
- nova:
- compute:
- message_queue:
- port: 5671
- ssl:
- enabled: True
- (optional) cacert: cert body if the cacert_file does not exists
- (optional) cacert_file: /etc/openstack/rabbitmq-ca.pem
- (optional) version: TLSv1_2
-
+ nova:
+ compute:
+ message_queue:
+ port: 5671
+ ssl:
+ enabled: True
+ (optional) cacert: cert body if the cacert_file does not exists
+ (optional) cacert_file: /etc/openstack/rabbitmq-ca.pem
+ (optional) version: TLSv1_2
- **MySQL TLS**
-.. code-block:: yaml
+ .. code-block:: yaml
- nova:
- controller:
- database:
- ssl:
- enabled: True
- (optional) cacert: cert body if the cacert_file does not exists
- (optional) cacert_file: /etc/openstack/mysql-ca.pem
+ nova:
+ controller:
+ database:
+ ssl:
+ enabled: True
+ (optional) cacert: cert body if the cacert_file does not exists
+ (optional) cacert_file: /etc/openstack/mysql-ca.pem
- **Openstack HTTPS API**
+ Set the ``https`` as protocol at ``nova:compute`` and
+ ``nova:controller`` sections :
-Set the ``https`` as protocol at ``nova:compute`` and ``nova:controller`` sections :
+ .. code-block:: yaml
-.. code-block:: yaml
+ nova:
+ controller :
+ identity:
+ protocol: https
+ (optional) cacert_file: /etc/openstack/proxy.pem
+ network:
+ protocol: https
+ (optional) cacert_file: /etc/openstack/proxy.pem
+ glance:
+ protocol: https
+ (optional) cacert_file: /etc/openstack/proxy.pem
- nova:
- controller :
- identity:
- protocol: https
- (optional) cacert_file: /etc/openstack/proxy.pem
- network:
- protocol: https
- (optional) cacert_file: /etc/openstack/proxy.pem
- glance:
- protocol: https
- (optional) cacert_file: /etc/openstack/proxy.pem
+ .. code-block:: yaml
+ nova:
+ compute:
+ identity:
+ protocol: https
+ (optional) cacert_file: /etc/openstack/proxy.pem
+ network:
+ protocol: https
+ (optional) cacert_file: /etc/openstack/proxy.pem
+ image:
+ protocol: https
+ (optional) cacert_file: /etc/openstack/proxy.pem
+ ironic:
+ protocol: https
+ (optional) cacert_file: /etc/openstack/proxy.pem
-.. code-block:: yaml
-
- nova:
- compute:
- identity:
- protocol: https
- (optional) cacert_file: /etc/openstack/proxy.pem
- network:
- protocol: https
- (optional) cacert_file: /etc/openstack/proxy.pem
- image:
- protocol: https
- (optional) cacert_file: /etc/openstack/proxy.pem
- ironic:
- protocol: https
- (optional) cacert_file: /etc/openstack/proxy.pem
-
-
-**Note:** the barbican, cinder and placement url endpoints are discovering using service catalog.
-
+.. note:: Barbican, Cinder, and placement url endpoints are discovering
+ using service catalog.
Compute nodes
-------------
-Nova controller services on compute node
+Nova controller services on compute node:
.. code-block:: yaml
@@ -246,7 +248,6 @@
compute:
version: juno
enabled: true
- virtualization: kvm
cross_az_attach: false
disk_cachemodes: network=writeback,block=none
availability_zone: availability_zone_01
@@ -255,6 +256,7 @@
- hosts_with_ssd
security_group: true
resume_guests_state_on_host_boot: False
+ preallocate_images: space # Default is 'none'
my_ip: 10.1.0.16
bind:
vnc_address: 172.20.0.100
@@ -302,7 +304,23 @@
max_processes: 4096
host: node-12.domain.tld
-Group and user to be used for QEMU processes run by the system instance
+Compute with vmware driver. Each vmware cluster requires a separate process of nova-compute.
+Each process should have uniq host identifier. However multiple computes might be running on
+single host. It is not recommended to have multiple computes running on different hosts that
+manage the same vmware cluster. To achive this pacemaker/corosync or keepalived might be used.
+
+.. code-block:: yaml
+
+ nova:
+ compute:
+ compute_driver: vmwareapi.VMwareVCDriver
+ vmware:
+ host_username: vmware
+ host_password: vmware
+ cluster_name: vmware_cluster01
+ host_ip: 1.2.3.4
+
+Group and user to be used for QEMU processes run by the system instance:
.. code-block:: yaml
@@ -315,7 +333,7 @@
group: cinder
dynamic_ownership: 1
-Group membership for user nova (upgrade related)
+Group membership for user nova (upgrade related):
.. code-block:: yaml
@@ -327,7 +345,7 @@
groups:
- libvirt
-Nova services on compute node with OpenContrail
+Nova services on compute node with OpenContrail:
.. code-block:: yaml
@@ -337,8 +355,7 @@
...
networking: contrail
-
-Nova services on compute node with memcached caching
+Nova services on compute node with memcached caching:
.. code-block:: yaml
@@ -354,8 +371,7 @@
- host: 127.0.0.1
port: 11211
-
-Client-side RabbitMQ HA setup
+Client-side RabbitMQ HA setup:
.. code-block:: yaml
@@ -373,7 +389,7 @@
virtual_host: '/openstack'
....
-Nova with ephemeral configured with Ceph
+Nova with ephemeral configured with Ceph:
.. code-block:: yaml
@@ -388,7 +404,7 @@
secret_uuid: 03006edd-d957-40a3-ac4c-26cd254b3731
....
-Nova with ephemeral configured with LVM
+Nova with ephemeral configured with LVM:
.. code-block:: yaml
@@ -414,7 +430,7 @@
- /dev/sdj
- /dev/sdh
-Enable Barbican integration
+Enable Barbican integration:
.. code-block:: yaml
@@ -424,11 +440,23 @@
barbican:
enabled: true
+Nova metadata custom bindings:
+
+.. code-block:: yaml
+
+ nova:
+ controller:
+ enabled: true
+ ...
+ metadata:
+ bind:
+ address: 1.2.3.4
+ port: 8776
Client role
-----------
-Nova configured with NFS
+Nova configured with NFS:
.. code-block:: yaml
@@ -447,7 +475,7 @@
file_system: nfs
opts: rw,vers=3
-Nova flavors
+Nova flavors:
.. code-block:: yaml
@@ -471,8 +499,7 @@
flavor:
...
-
-Availability zones
+Availability zones:
.. code-block:: yaml
@@ -485,9 +512,7 @@
- availability_zone_01
- availability_zone_02
-
-
-Aggregates
+Aggregates:
.. code-block:: yaml
@@ -500,7 +525,7 @@
- aggregate1
- aggregate2
-Upgrade levels
+Upgrade levels:
.. code-block:: yaml
@@ -517,7 +542,8 @@
SR-IOV
------
-Add PciPassthroughFilter into scheduler filters and NICs on specific compute nodes.
+Add ``PciPassthroughFilter`` into scheduler filters and NICs on
+specific compute nodes:
.. code-block:: yaml
@@ -536,8 +562,8 @@
CPU pinning & Hugepages
-----------------------
-CPU pinning of virtual machine instances to dedicated physical CPU cores.
-Hugepages mount point for libvirt.
+CPU pinning of virtual machine instances to dedicated physical
+CPU cores. Hugepages mount point for libvirt.
.. code-block:: yaml
@@ -556,7 +582,8 @@
Custom Scheduler filters
------------------------
-If you have a custom filter, that needs to be included in the scheduler, then you can include it like so:
+If you have a custom filter, that needs to be included in the
+scheduler, then you can include it like so:
.. code-block:: yaml
@@ -571,7 +598,8 @@
Hardware Trip/Unmap Support
---------------------------
-To enable TRIM support for ephemeral images (thru nova managed images), libvirt has this option.
+To enable TRIM support for ephemeral images (thru nova managed
+images), libvirt has this option:
.. code-block:: yaml
@@ -580,14 +608,14 @@
libvirt:
hw_disk_discard: unmap
-In order to actually utilize this feature, the following metadata must be set on the image as well, so the SCSI unmap is supported.
+To actually utilize this feature, the following metadata must be
+set on the image as well, so the SCSI unmap is supported:
.. code-block:: bash
glance image-update --property hw_scsi_model=virtio-scsi <image>
glance image-update --property hw_disk_bus=scsi <image>
-
Scheduler Host Manager
----------------------
@@ -596,10 +624,9 @@
libvirt CPU mode
----------------
-Allow setting the model of CPU that is exposed to a VM. This allows better
-support live migration between hypervisors with different hardware, among other
-things. Defaults to host-passthrough.
-
+Allow setting the model of CPU that is exposed to a VM. This
+allows for better support live migration between hypervisors with
+different hardware, among other things. Defaults to host-passthrough.
.. code-block:: yaml
@@ -610,24 +637,37 @@
compute:
cpu_mode: host-model
+Nova compute cpu model
+----------------------
+
+.. code-block:: yaml
+
+ nova:
+ compute:
+ cpu_mode: custom
+ libvirt:
+ cpu_model: IvyBridge
+
+
Nova compute workarounds
------------------------
-Live snapshotting is disabled by default in nova. To enable this, it needs a manual switch.
+Live snapshotting is disabled by default in nova. To enable
+this, it needs a manual switch.
From manual:
.. code-block:: yaml
- # When using libvirt 1.2.2 live snapshots fail intermittently under load
- # (likely related to concurrent libvirt/qemu operations). This config
- # option provides a mechanism to disable live snapshot, in favor of cold
- # snapshot, while this is resolved. Cold snapshot causes an instance
- # outage while the guest is going through the snapshotting process.
- #
- # For more information, refer to the bug report:
- #
- # https://bugs.launchpad.net/nova/+bug/1334398
+ When using libvirt 1.2.2 live snapshots fail intermittently under load
+ (likely related to concurrent libvirt/qemu operations). This config
+ option provides a mechanism to disable live snapshot, in favor of cold
+ snapshot, while this is resolved. Cold snapshot causes an instance
+ outage while the guest is going through the snapshotting process.
+
+ For more information, refer to the bug report:
+
+ https://bugs.launchpad.net/nova/+bug/1334398
Configurable pillar data:
@@ -641,7 +681,8 @@
Config drive options
--------------------
-See example below on how to configure the options for the config drive.
+See example below on how to configure the options for the
+config drive:
.. code-block:: yaml
@@ -656,20 +697,23 @@
Number of concurrent live migrates
----------------------------------
-Default is to have no concurrent live migrations (so 1 live-migration at a time).
+Default is to have no concurrent live migrations (so 1
+live-migration at a time).
-Excerpt from config options page (https://docs.openstack.org/ocata/config-reference/compute/config-options.html):
+Excerpt from config options page
+https://docs.openstack.org/ocata/config-reference/compute/config-options.html:
- Maximum number of live migrations to run concurrently. This limit is
- enforced to avoid outbound live migrations overwhelming the host/network
- and causing failures. It is not recommended that you change this unless
- you are very sure that doing so is safe and stable in your environment.
+Maximum number of live migrations to run concurrently. This limit is
+enforced to avoid outbound live migrations overwhelming the host/network
+and causing failures. It is not recommended that you change this unless
+you are very sure that doing so is safe and stable in your environment.
- Possible values:
+Possible values:
- - 0 : treated as unlimited.
- - Negative value defaults to 0.
- - Any positive integer representing maximum number of live migrations to run concurrently.
+- 0 : treated as unlimited.
+- Negative value defaults to 0.
+- Any positive integer representing maximum number of live migrations
+ to run concurrently.
To configure this option:
@@ -679,16 +723,45 @@
compute:
max_concurrent_live_migrations: 1 # (1 is the default)
+Live migration with auto converge
+----------------------------------
+
+Auto converge throttles down CPU if a progress of on-going live
+migration is slow
+https://docs.openstack.org/ocata/config-reference/compute/config-options.html:
+
+.. code-block:: yaml
+
+ nova:
+ compute:
+ libvirt:
+ live_migration_permit_auto_converge: False # (False is the default)
+
+.. code-block:: yaml
+
+ nova:
+ controller:
+ libvirt:
+ live_migration_permit_auto_converge: False # (False is the default)
+
Enhanced logging with logging.conf
----------------------------------
-By default logging.conf is disabled.
+By default ``logging.conf`` is disabled.
That is possible to enable per-binary logging.conf with new variables:
- * openstack_log_appender - set it to true to enable log_config_append for all OpenStack services;
- * openstack_fluentd_handler_enabled - set to true to enable FluentHandler for all Openstack services.
-Only WatchedFileHandler and FluentHandler are available.
+* ``openstack_log_appender``
+ Set to true to enable log_config_append for all OpenStack services
+
+* ``openstack_fluentd_handler_enabled``
+ Set to true to enable FluentHandler for all Openstack services
+
+* ``openstack_ossyslog_handler_enabled``
+ Set to true to enable OSSysLogHandler for all Openstack services
+
+Only ``WatchedFileHandler``, ``OSSysLogHandler``, and ``FluentHandler``
+are available.
Also it is possible to configure this with pillar:
@@ -703,6 +776,8 @@
enabled: true
fluentd:
enabled: true
+ ossyslog:
+ enabled: true
compute:
logging:
@@ -712,36 +787,321 @@
enabled: true
fluentd:
enabled: true
+ ossyslog:
+ enabled: true
+
+The log level might be configured per logger by using the
+following pillar structure:
+
+.. code-block:: yaml
+
+ nova:
+ compute:
+ logging:
+ loggers:
+ <logger_name>:
+ level: WARNING
+
+ nova:
+ compute:
+ logging:
+ loggers:
+ <logger_name>:
+ level: WARNING
+
+Configure syslog parameters for libvirtd
+----------------------------------------
+
+To configure syslog parameters for libvirtd the below pillar
+structure should be used with values which are supported
+by libvirtd. These values might be known from the documentation.
+
+.. code-block:: yaml
+
+ nova:
+ compute:
+ libvirt:
+ logging:
+ level: 3
+ filters: '3:remote 4:event'
+ outputs: '3:syslog:libvirtd'
+ buffer_size: 64
+
+Logging controls:
+
+Logging level: 4 errors, 3 warnings, 2 information, 1 debug
+basically 1 will log everything possible ``log_level = 3``
+
+Logging filters:
+
+A filter allows to select a different logging level for a given category
+of logs.
+
+The format for a filter is one of:
+
+* ``x:name``
+* ``x:+name``
+ where name is a string which is matched against source file name,
+ e.g., ``remote``, ``qemu``, or ``util/json``, the optional ``+`` prefix
+ tells libvirt to log stack trace for each message matching name,
+ and x is the minimal level where matching messages should be logged:
+
+* ``1: DEBUG``
+* ``2: INFO``
+* ``3: WARNING``
+* ``4: ERROR``
+
+Multiple filter can be defined in a single @filters, they just
+need to be separated by spaces.
+
+For example, to only get warning or errors from the remote layer
+and only errors from the event layer: ``log_filters="3:remote 4:event``
+
+Logging outputs:
+
+An output is one of the places to save logging information
+The format for an output can be:
+
+* ``x:stderr``
+ Output goes to stderr
+
+* ``x:syslog:name``
+ Use syslog for the output and use the given name as the ident
+
+* ``x:file:file_path``
+ output to a file, with the given filepath
+
+ In all case the x prefix is the minimal level, acting as a filter
+
+* ``1: DEBUG``
+* ``2: INFO``
+* ``3: WARNING``
+* ``4: ERROR``
+
+Multiple output can be defined, they just need to be separated by spaces.
+For example, to log all warnings and errors to syslog under the libvirt
+dident: ``log_outputs="3:syslog:libvirtd``
+
+Log debug buffer size: default 64
+The daemon keeps an internal debug log buffer which will be dumped
+in case of crash or upon receiving a ``SIGUSR2`` signal. This setting
+allows to override the default buffer size in kilobytes.
+If value is ``0`` or less the debug log buffer is deactivated
+``log_buffer_size = 64``
+
+To configure the logging parameters for QEMU, the below pillar
+structure and logging parameters should be used:
+
+.. code-block:: yaml
+
+ nova:
+ compute:
+ qemu:
+ logging:
+ handler: logd
+ virtlog:
+ enabled: true
+ level: 4
+ filters: '3:remote 3:event'
+ outputs: '4:syslog:virtlogd'
+ max_clients: 512
+ max_size: 2097100
+ max_backups: 2
+
+Inject password to VM
+---------------------
+
+By default nova blocks up any inject to VM because
+``inject_partition`` param is equal to ``-2``.
+If you want to inject password to VM, you will need to
+define ``inject_partition`` greater or equal to ``-1`` and
+define ``inject_password`` to ``True``
+
+For example:
+
+.. code-block:: yaml
+
+ nova:
+ compute:
+ inject_partition: '-1'
+ inject_password: True
+
+Allow the injection of an admin password for instance only at
+``create`` and ``rebuild`` process.
+
+There is no agent needed within the image to do this. If *libguestfs* is
+available on the host, it will be used. Otherwise *nbd* is used. The file
+system of the image will be mounted and the admin password, which is provided
+in the REST API call will be injected as password for the root user. If no
+root user is available, the instance won't be launched and an error is thrown.
+Be aware that the injection is *not* possible when the instance gets launched
+from a volume.
+
+Possible values:
+
+* ``True``
+ Allows the injection
+
+* ``False`` (default)
+ Disallows the injection. Any via the REST API provided
+ admin password will be silently ignored.
+
+Related options:
+
+* ``inject_partition``
+ Decides about the discovery and usage of the file system.
+ It also can disable the injection at all.
+ (boolean value)
+
+You can read more about injecting the administrator password here:
+https://docs.openstack.org/nova/queens/admin/admin-password-injection.html
+
+Enable libvirt control channel over TLS
+---------------------------------------
+
+By default TLS is disabled.
+
+Enable TLS transport:
+
+.. code-block:: yaml
+
+ compute:
+ libvirt:
+ tls:
+ enabled: True
+
+You able to set custom certificates in pillar:
+
+.. code-block:: yaml
+
+ nova:
+ compute:
+ libvirt:
+ tls:
+ key: (certificate content)
+ cert: (certificate content)
+ cacert: (certificate content)
+ client:
+ key: (certificate content)
+ cert: (certificate content)
+
+You can read more about live migration over TLS here:
+https://wiki.libvirt.org/page/TLSCreateServerCerts
+
+Enable transport + authentication for VNC over TLS
+---------------------
+# Only for Queens. Communication between noVNC proxy service and QEMU
+
+By default communication between nova-novncproxy and qemu service is unsecure.
+
+compute:
+ qemu:
+ vnc:
+ tls:
+ enabled: True
+
+controller:
+ novncproxy:
+ # This section responsible for communication between noVNC proxy and client machine
+ tls:
+ enabled: True
+ # This section responsible for communication between nova-novncproxy and qemu service
+ vencrypt:
+ tls:
+ enabled: True
+
+You able to set custom certificates in pillar:
+
+nova:
+ compute:
+ qemu:
+ vnc:
+ tls:
+ cacert (certificate content)
+ cert (certificate content)
+ key (certificate content)
+
+nova:
+ controller:
+ novncproxy:
+ tls:
+ server:
+ cert (certificate content)
+ key (certificate content)
+ vencrypt:
+ tls:
+ cacert (certificate content)
+ cert (certificate content)
+ key (certificate content)
+
+
+You can read more about it here:
+ https://docs.openstack.org/nova/queens/admin/remote-console-access.html
+
+Enable communication between noVNC proxy and client machine over TLS
+---------------------
+
+By default communication between noVNC proxy and client machine is unsecure.
+
+ controller:
+ novncproxy:
+ tls:
+ enabled: True
+
+ nova:
+ controller:
+ novncproxy:
+ tls:
+ server:
+ cert (certificate content)
+ key (certificate content)
+
+You can read more about it here:
+ https://docs.openstack.org/mitaka/config-reference/dashboard/configure.html
+
+Enable x509 and ssl communication between Nova and Galera cluster.
+---------------------
+By default communication between Nova and Galera is unsecure.
+
+You able to set custom certificates in pillar:
+controller:
+ database:
+ x509:
+ enabled: True
+
+nova:
+ controller:
+ database:
+ x509:
+ cacert (certificate content)
+ cert (certificate content)
+ key (certificate content)
+
+You can read more about it here:
+ https://docs.openstack.org/security-guide/databases/database-access-control.html
Documentation and Bugs
======================
-To learn how to install and update salt-formulas, consult the documentation
-available online at:
+* http://salt-formulas.readthedocs.io/
+ Learn how to install and update salt-formulas
- http://salt-formulas.readthedocs.io/
+* https://github.com/salt-formulas/salt-formula-nova/issues
+ In the unfortunate event that bugs are discovered, report the issue to the
+ appropriate issue tracker. Use the Github issue tracker for a specific salt
+ formula
-In the unfortunate event that bugs are discovered, they should be reported to
-the appropriate issue tracker. Use Github issue tracker for specific salt
-formula:
+* https://launchpad.net/salt-formulas
+ For feature requests, bug reports, or blueprints affecting the entire
+ ecosystem, use the Launchpad salt-formulas project
- https://github.com/salt-formulas/salt-formula-nova/issues
+* https://launchpad.net/~salt-formulas-users
+ Join the salt-formulas-users team and subscribe to mailing list if required
-For feature requests, bug reports or blueprints affecting entire ecosystem,
-use Launchpad salt-formulas project:
+* https://github.com/salt-formulas/salt-formula-nova
+ Develop the salt-formulas projects in the master branch and then submit pull
+ requests against a specific formula
- https://launchpad.net/salt-formulas
-
-You can also join salt-formulas-users team and subscribe to mailing list:
-
- https://launchpad.net/~salt-formulas-users
-
-Developers wishing to work on the salt-formulas projects should always base
-their work on master branch and submit pull request against specific formula.
-
- https://github.com/salt-formulas/salt-formula-nova
-
-Any questions or feedback is always welcome so feel free to join our IRC
-channel:
-
- #salt-formulas @ irc.freenode.net
+* #salt-formulas @ irc.freenode.net
+ Use this IRC channel in case of any questions or feedback which is always
+ welcome
diff --git a/_modules/novang.py b/_modules/novang.py
index 9853c64..791e185 100644
--- a/_modules/novang.py
+++ b/_modules/novang.py
@@ -59,6 +59,7 @@
os_auth_system = __salt__['config.option']('keystone.os_auth_system')
use_keystoneauth = __salt__['config.option']('keystone.use_keystoneauth', False)
verify = __salt__['config.option']('keystone.verify', True)
+
kwargs = {
'username': user,
'password': password,
@@ -68,7 +69,8 @@
'region_name': region_name,
'os_auth_plugin': os_auth_system,
'use_keystoneauth': use_keystoneauth,
- 'verify': verify
+ 'verify': verify,
+ 'profile': profile
}
return SaltNova(**kwargs)
@@ -546,215 +548,21 @@
os_auth_plugin=None,
use_keystoneauth=False,
verify=True,
+ profile=None,
**kwargs
):
'''
Set up nova credentials
'''
- if all([use_keystoneauth, HAS_KEYSTONEAUTH]):
- self._new_init(username=username,
- project_id=project_id,
- auth_url=auth_url,
- region_name=region_name,
- password=password,
- os_auth_plugin=os_auth_plugin,
- verify=verify,
- **kwargs)
- else:
- self._old_init(username=username,
- project_id=project_id,
- auth_url=auth_url,
- region_name=region_name,
- password=password,
- os_auth_plugin=os_auth_plugin,
- verify=verify,
- **kwargs)
- def _new_init(self, username, project_id, auth_url, region_name, password, os_auth_plugin, auth=None, verify=True, **kwargs):
- if auth is None:
- auth = {}
+ self._keystoneng_init(profile=profile, **kwargs)
- loader = keystoneauth1.loading.get_plugin_loader(os_auth_plugin or 'password')
-
- self.client_kwargs = kwargs.copy()
- self.kwargs = auth.copy()
- if not self.extensions:
- if hasattr(OpenStackComputeShell, '_discover_extensions'):
- self.extensions = OpenStackComputeShell()._discover_extensions('2.0')
- else:
- self.extensions = client.discover_extensions('2.0')
- for extension in self.extensions:
- extension.run_hooks('__pre_parse_args__')
- self.client_kwargs['extensions'] = self.extensions
-
- self.kwargs['username'] = username
- self.kwargs['project_name'] = project_id
- self.kwargs['auth_url'] = auth_url
- self.kwargs['password'] = password
- if auth_url.endswith('3'):
- self.kwargs['user_domain_name'] = kwargs.get('user_domain_name', 'default')
- self.kwargs['project_domain_name'] = kwargs.get('project_domain_name', 'default')
-
- self.client_kwargs['region_name'] = region_name
- self.client_kwargs['service_type'] = 'compute'
-
- if hasattr(self, 'extensions'):
- # needs an object, not a dictionary
- self.kwargstruct = KwargsStruct(**self.client_kwargs)
- for extension in self.extensions:
- extension.run_hooks('__post_parse_args__', self.kwargstruct)
- self.client_kwargs = self.kwargstruct.__dict__
-
- # Requires novaclient version >= 2.6.1
+ def _keystoneng_init(self, profile, **kwargs):
+ kstone = __salt__['keystoneng.auth'](profile, **kwargs)
+ self.session = kstone.session
self.version = str(kwargs.get('version', 2))
-
- self.client_kwargs = sanatize_novaclient(self.client_kwargs)
- options = loader.load_from_options(**self.kwargs)
- self.session = keystoneauth1.session.Session(auth=options, verify=verify)
- conn = client.Client(version=self.version, session=self.session, **self.client_kwargs)
- self.kwargs['auth_token'] = conn.client.session.get_token()
- if conn.client.get_endpoint(service_type='identity').endswith('v3'):
- self.catalog = conn.client.session.get('/auth/catalog', endpoint_filter={'service_type': 'identity'}).json().get('catalog', [])
- self._v3_setup(region_name)
- else:
- if OCATA:
- endpoints_v2 = conn.client.session.get('/endpoints', endpoint_filter={'service_type': 'identity', 'interface': 'admin'}).json().get('endpoints', [])
- services = conn.client.session.get('/OS-KSADM/services', endpoint_filter={'service_type': 'identity', 'interface': 'admin'}).json().get('OS-KSADM:services', [])
- self.catalog = _format_v2_endpoints(endpoints_v2, services)
- else:
- self.catalog = conn.client.service_catalog.catalog['access']['serviceCatalog']
- self._v2_setup(region_name)
-
- def _old_init(self, username, project_id, auth_url, region_name, password, os_auth_plugin, **kwargs):
- self.kwargs = kwargs.copy()
- if not self.extensions:
- if hasattr(OpenStackComputeShell, '_discover_extensions'):
- self.extensions = OpenStackComputeShell()._discover_extensions('2.0')
- else:
- self.extensions = client.discover_extensions('2.0')
- for extension in self.extensions:
- extension.run_hooks('__pre_parse_args__')
- self.kwargs['extensions'] = self.extensions
-
- self.kwargs['username'] = username
- self.kwargs['project_id'] = project_id
- self.kwargs['auth_url'] = auth_url
- self.kwargs['region_name'] = region_name
- self.kwargs['service_type'] = 'compute'
-
- # used in novaclient extensions to see if they are rackspace or not, to know if it needs to load
- # the hooks for that extension or not. This is cleaned up by sanatize_novaclient
- self.kwargs['os_auth_url'] = auth_url
-
- if os_auth_plugin is not None:
- if OCATA:
- msg = 'Module auth_plugin is no longer present in python-novaclient >= 7.0.0'
- raise Exception(msg)
- else:
- novaclient.auth_plugin.discover_auth_systems()
- auth_plugin = novaclient.auth_plugin.load_plugin(os_auth_plugin)
- self.kwargs['auth_plugin'] = auth_plugin
- self.kwargs['auth_system'] = os_auth_plugin
-
- if not self.kwargs.get('api_key', None):
- self.kwargs['api_key'] = password
-
- # This has to be run before sanatize_novaclient before extra variables are cleaned out.
- if hasattr(self, 'extensions'):
- # needs an object, not a dictionary
- self.kwargstruct = KwargsStruct(**self.kwargs)
- for extension in self.extensions:
- extension.run_hooks('__post_parse_args__', self.kwargstruct)
- self.kwargs = self.kwargstruct.__dict__
-
- self.kwargs = sanatize_novaclient(self.kwargs)
-
- # Requires novaclient version >= 2.6.1
- self.kwargs['version'] = str(kwargs.get('version', 2))
-
- conn = client.Client(**self.kwargs)
- try:
- conn.client.authenticate()
- except novaclient.exceptions.AmbiguousEndpoints:
- raise SaltCloudSystemExit(
- "Nova provider requires a 'region_name' to be specified"
- )
-
- self.kwargs['auth_token'] = conn.client.auth_token
-
- # There is currently no way to get service catalog in the expected format with Ocata compatible
- # python-novaclient in _old_init, because there is no session
- if OCATA:
- msg = 'Method service_catalog is no longer present in python-novaclient >= 7.0.0'
- raise Exception(msg)
-
- self.catalog = conn.client.service_catalog.catalog['access']['serviceCatalog']
-
- self._v2_setup(region_name)
-
- def _v3_setup(self, region_name):
- if region_name is not None:
- servers_endpoints = get_entry(self.catalog, 'type', 'compute')['endpoints']
- self.kwargs['bypass_url'] = get_entry_multi(
- servers_endpoints,
- [('region', region_name), ('interface', 'public')]
- )['url']
-
- if hasattr(self, 'session'):
- self.compute_conn = client.Client(version=self.version, session=self.session, **self.client_kwargs)
- else:
- self.compute_conn = client.Client(**self.kwargs)
-
- volume_endpoints = get_entry(self.catalog, 'type', 'volume', raise_error=False).get('endpoints', {})
- if volume_endpoints:
- if region_name is not None:
- self.kwargs['bypass_url'] = get_entry_multi(
- volume_endpoints,
- [('region', region_name), ('interface', 'public')]
- )['url']
-
- if hasattr(self, 'session'):
- self.volume_conn = client.Client(version=self.version, session=self.session, **self.client_kwargs)
- else:
- self.volume_conn = client.Client(**self.kwargs)
-
- if hasattr(self, 'extensions'):
- self.expand_extensions()
- else:
- self.volume_conn = None
-
- def _v2_setup(self, region_name):
- if region_name is not None:
- servers_endpoints = get_entry(self.catalog, 'type', 'compute')['endpoints']
- self.kwargs['bypass_url'] = get_entry(
- servers_endpoints,
- 'region',
- region_name
- )['publicURL']
-
- if hasattr(self, 'session'):
- self.compute_conn = client.Client(version=self.version, session=self.session, **self.client_kwargs)
- else:
- self.compute_conn = client.Client(**self.kwargs)
-
- volume_endpoints = get_entry(self.catalog, 'type', 'volume', raise_error=False).get('endpoints', {})
- if volume_endpoints:
- if region_name is not None:
- self.kwargs['bypass_url'] = get_entry(
- volume_endpoints,
- 'region',
- region_name
- )['publicURL']
-
- if hasattr(self, 'session'):
- self.volume_conn = client.Client(version=self.version, session=self.session, **self.client_kwargs)
- else:
- self.volume_conn = client.Client(**self.kwargs)
-
- if hasattr(self, 'extensions'):
- self.expand_extensions()
- else:
- self.volume_conn = None
+ self.compute_conn = client.Client(version=self.version, session=self.session)
+ self.volume_conn = client.Client(version=self.version, session=self.session)
def expand_extensions(self):
for connection in (self.compute_conn, self.volume_conn):
@@ -1591,7 +1399,8 @@
'region_name': region_name,
'os_auth_plugin': os_auth_system,
'use_keystoneauth': use_keystoneauth,
- 'verify': verify
+ 'verify': verify,
+ 'profile': profile
}
return SaltNova(**kwargs)
diff --git a/_modules/novav21/__init__.py b/_modules/novav21/__init__.py
new file mode 100644
index 0000000..8ea591c
--- /dev/null
+++ b/_modules/novav21/__init__.py
@@ -0,0 +1,75 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+try:
+ import os_client_config
+ REQUIREMENTS_MET = True
+except ImportError:
+ REQUIREMENTS_MET = False
+
+__virtualname__ = 'novav21'
+
+import aggregates
+import flavors
+import keypairs
+import quotas
+import servers
+
+aggregate_add_host = aggregates.add_host
+aggregate_create = aggregates.create
+aggregate_delete = aggregates.delete
+aggregate_get = aggregates.get
+aggregate_list = aggregates.list_
+aggregate_remove_host = aggregates.remove_host
+aggregate_set_metadata = aggregates.set_metadata
+flavor_add_extra_specs = flavors.add_extra_specs
+flavor_create = flavors.create
+flavor_delete = flavors.delete
+flavor_delete_extra_spec = flavors.delete_extra_spec
+flavor_get = flavors.get
+flavor_get_extra_specs = flavors.get_extra_specs
+flavor_list = flavors.list_
+keypair_create = keypairs.create
+keypair_delete = keypairs.delete
+keypair_get = keypairs.get
+keypair_list = keypairs.list_
+quota_delete = quotas.delete
+quota_list = quotas.list_
+quota_update = quotas.update
+server_create = servers.create
+server_delete = servers.delete
+server_get = servers.get
+server_list = servers.list_
+server_lock = servers.lock
+server_resume = servers.resume
+server_suspend = servers.suspend
+server_unlock = servers.unlock
+
+
+__all__ = (
+ 'aggregate_add_host', 'aggregate_create', 'aggregate_delete',
+ 'aggregate_get', 'aggregate_list', 'aggregate_remove_host',
+ 'aggregate_set_metadata', 'flavor_add_extra_specs', 'flavor_create',
+ 'flavor_delete', 'flavor_delete_extra_spec', 'flavor_get',
+ 'flavor_get_extra_specs', 'flavor_list', 'keypair_create',
+ 'keypair_delete', 'keypair_get', 'keypair_list', 'quota_delete',
+ 'quota_list', 'quota_update', 'server_create', 'server_delete',
+ 'server_get', 'server_list', 'server_lock', 'server_resume',
+ 'server_suspend', 'server_unlock')
+
+
+def __virtual__():
+ if REQUIREMENTS_MET:
+ return __virtualname__
+ else:
+ return False, ("The novav21 execution module cannot be loaded: "
+ "os_client_config package not found.")
diff --git a/_modules/novav21/aggregates.py b/_modules/novav21/aggregates.py
new file mode 100644
index 0000000..9f61f2d
--- /dev/null
+++ b/_modules/novav21/aggregates.py
@@ -0,0 +1,80 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import common
+
+# Function alias to not shadow built-ins
+__func_alias__ = {
+ 'list_': 'list'
+}
+
+
+@common.function_descriptor('find', 'Host aggregate', 'aggregates')
+@common.send('get')
+def list_(**kwargs):
+ """List host aggregates"""
+ url = '/os-aggregates'
+ return url, {}
+
+
+@common.function_descriptor('update', 'Host aggregate', 'aggregate')
+@common.get_by_name_or_uuid(list_, 'aggregates')
+@common.send('post')
+def add_host(aggregate_id, host, **kwargs):
+ """Add host to a host aggregate"""
+ url = '/os-aggregates/%s/action' % aggregate_id
+ return url, {'json': {'add_host': {'host': host}}}
+
+
+@common.function_descriptor('create', 'Host aggregate', 'aggregate')
+@common.send('post')
+def create(name, availability_zone, **kwargs):
+ """Create a host aggregate"""
+ url = '/os-aggregates'
+ req = {'name': name, 'availability_zone': availability_zone}
+ return url, {'json': {'aggregate': req}}
+
+
+@common.function_descriptor('delete', 'Host aggregate')
+@common.get_by_name_or_uuid(list_, 'aggregates')
+@common.send('delete')
+def delete(aggregate_id, **kwargs):
+ """Delete a host aggregate"""
+ url = '/os-aggregates/%s' % aggregate_id
+ return url, {}
+
+
+@common.function_descriptor('find', 'Host aggregate', 'aggregate')
+@common.get_by_name_or_uuid(list_, 'aggregates')
+@common.send('get')
+def get(aggregate_id, **kwargs):
+ """Get a host aggregate"""
+ url = '/os-aggregates/%s' % aggregate_id
+ return url, {}
+
+
+@common.function_descriptor('update', 'Host aggregate', 'aggregate')
+@common.get_by_name_or_uuid(list_, 'aggregates')
+@common.send('post')
+def remove_host(aggregate_id, host, **kwargs):
+ """Remove host from a host aggregate"""
+ url = '/os-aggregates/%s/action' % aggregate_id
+ return url, {'json': {'remove_host': {'host': host}}}
+
+
+@common.function_descriptor('update', 'Host aggregate', 'aggregate')
+@common.get_by_name_or_uuid(list_, 'aggregates')
+@common.send('post')
+def set_metadata(aggregate_id, **kwargs):
+ """Set host aggregate metadata"""
+ url = '/os-aggregates/%s/action' % aggregate_id
+ return url, {'json': {'set_metadata': {'metadata': kwargs}}}
diff --git a/_modules/novav21/common.py b/_modules/novav21/common.py
new file mode 100644
index 0000000..391eab4
--- /dev/null
+++ b/_modules/novav21/common.py
@@ -0,0 +1,129 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import six
+import logging
+import uuid
+
+import os_client_config
+from salt import exceptions
+
+
+log = logging.getLogger(__name__)
+
+SERVICE_KEY = 'compute'
+
+
+def get_raw_client(cloud_name):
+ config = os_client_config.OpenStackConfig()
+ cloud = config.get_one_cloud(cloud_name)
+ adapter = cloud.get_session_client(SERVICE_KEY)
+ adapter.version = '2.1'
+ endpoints = []
+ try:
+ access_info = adapter.session.auth.get_access(adapter.session)
+ endpoints = access_info.service_catalog.get_endpoints()
+ except (AttributeError, ValueError) as exc:
+ six.raise_from(exc, exceptions.SaltInvocationError(
+ "Cannot load keystoneauth plugin. Please check your environment "
+ "configuration."))
+ if SERVICE_KEY not in endpoints:
+ raise exceptions.SaltInvocationError("Cannot find compute endpoint in "
+ "environment endpoint list.")
+ return adapter
+
+
+def send(method):
+ def wrap(func):
+ @six.wraps(func)
+ def wrapped_f(*args, **kwargs):
+ cloud_name = kwargs.pop('cloud_name', None)
+ if not cloud_name:
+ raise exceptions.SaltInvocationError(
+ "No cloud_name specified. Please provide cloud_name "
+ "parameter")
+ adapter = get_raw_client(cloud_name)
+ kwarg_keys = list(kwargs.keys())
+ for k in kwarg_keys:
+ if k.startswith('__'):
+ kwargs.pop(k)
+ url, request_kwargs = func(*args, **kwargs)
+ try:
+ response = getattr(adapter, method.lower())(url,
+ **request_kwargs)
+ except Exception as e:
+ log.exception("Error occurred when executing request")
+ return {"result": False,
+ "comment": six.text_type(e),
+ "status_code": getattr(e, "http_status", 500)}
+ return {"result": True,
+ "body": response.json() if response.content else {},
+ "status_code": response.status_code}
+ return wrapped_f
+ return wrap
+
+
+def _check_uuid(val):
+ try:
+ return str(uuid.UUID(val)) == val
+ except (TypeError, ValueError, AttributeError):
+ return False
+
+
+def get_by_name_or_uuid(resource_list, resp_key):
+ def wrap(func):
+ @six.wraps(func)
+ def wrapped_f(*args, **kwargs):
+ if 'name' in kwargs:
+ ref = kwargs.pop('name', None)
+ start_arg = 0
+ else:
+ start_arg = 1
+ ref = args[0]
+ item_id = None
+ if _check_uuid(ref):
+ item_id = ref
+ else:
+ cloud_name = kwargs['cloud_name']
+ resp = resource_list(cloud_name=cloud_name)["body"][resp_key]
+ for item in resp:
+ if item["name"] == ref:
+ if item_id is not None:
+ return {
+ "name": ref,
+ "changes": {},
+ "result": False,
+ "comment": "Multiple resources ({resource}) "
+ "with requested name found ".format(
+ resource=resp_key)}
+ item_id = item["id"]
+ if not item_id:
+ return {
+ "name": ref,
+ "changes": {},
+ "result": False,
+ "comment": "Resource ({resource}) "
+ "with requested name not found ".format(
+ resource=resp_key)}
+ return func(item_id, *args[start_arg:], **kwargs)
+ return wrapped_f
+ return wrap
+
+
+def function_descriptor(action_type, resource_human_readable_name,
+ body_response_key=None):
+ def decorator(fun):
+ fun._action_type = action_type
+ fun._body_response_key = body_response_key or ''
+ fun._resource_human_readable_name = resource_human_readable_name
+ return fun
+ return decorator
diff --git a/_modules/novav21/flavors.py b/_modules/novav21/flavors.py
new file mode 100644
index 0000000..53cd7a4
--- /dev/null
+++ b/_modules/novav21/flavors.py
@@ -0,0 +1,81 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import common
+
+# Function alias to not shadow built-ins
+__func_alias__ = {
+ 'list_': 'list'
+}
+
+
+@common.function_descriptor('update', 'Flavor extra specs', 'extra_specs')
+@common.send('post')
+def add_extra_specs(flavor_id, **kwargs):
+ # NOTE: flavor_id can be any string, don't convert flavor name to uuid
+ url = '/flavors/{flavor_id}/os-extra_specs'.format(flavor_id=flavor_id)
+ return url, {'json': {"extra_specs": kwargs}}
+
+
+@common.function_descriptor('create', 'Flavor', 'flavor')
+@common.send('post')
+def create(name, vcpus, ram, disk, **kwargs):
+ """Create flavor(s)."""
+ url = '/flavors'
+ req = {'flavor': {'name': name, 'vcpus': vcpus, 'ram': ram, 'disk': disk}}
+ req['flavor'].update(kwargs)
+ return url, {'json': req}
+
+
+@common.function_descriptor('delete', 'Flavor')
+@common.send('delete')
+def delete(flavor_id, **kwargs):
+ """Delete flavor."""
+ # NOTE: flavor_id can be any string, don't convert flavor name to uuid
+ url = '/flavors/{flavor_id}'.format(flavor_id=flavor_id)
+ return url, {}
+
+
+@common.function_descriptor('update', 'Flavor extra specs')
+@common.send('delete')
+def delete_extra_spec(flavor_id, key_name, **kwargs):
+ # NOTE: flavor_id can be any string, don't convert flavor name to uuid
+ url = '/flavors/{flavor_id}/os-extra_specs/{key_name}'.format(
+ flavor_id=flavor_id, key_name=key_name)
+ return url, {}
+
+
+@common.function_descriptor('find', 'Flavor', 'flavor')
+@common.send('get')
+def get(flavor_id, **kwargs):
+ """Return one flavor."""
+ # NOTE: flavor_id can be any string, don't convert flavor name to uuid
+ url = '/flavors/{flavor_id}'.format(flavor_id=flavor_id)
+ return url, {}
+
+
+@common.function_descriptor('find', 'Flavor extra specs', 'extra_specs')
+@common.send('get')
+def get_extra_specs(flavor_id, **kwargs):
+ # NOTE: flavor_id can be any string, don't convert flavor name to uuid
+ url = '/flavors/{flavor_id}/os-extra_specs'.format(flavor_id=flavor_id)
+ return url, {}
+
+
+@common.function_descriptor('find', 'Flavor', 'flavors')
+@common.send('get')
+def list_(detail=False, **kwargs):
+ """Return list of flavors."""
+ url = '/flavors'
+ if detail:
+ url = '%s/detail' % url
+ return url, {}
diff --git a/_modules/novav21/keypairs.py b/_modules/novav21/keypairs.py
new file mode 100644
index 0000000..1a1317b
--- /dev/null
+++ b/_modules/novav21/keypairs.py
@@ -0,0 +1,54 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import six.moves.urllib.parse as urllib_parse
+
+import common
+
+# Function alias to not shadow built-ins
+__func_alias__ = {
+ 'list_': 'list'
+}
+
+
+@common.function_descriptor('create', 'Keypair', 'keypair')
+@common.send('post')
+def create(name, public_key, **kwargs):
+ """Create a keypair"""
+ url = '/os-keypairs'
+ body = {'name': name, 'public_key': public_key}
+ body.update(kwargs)
+ return url, {'json': {'keypair': body}}
+
+
+@common.function_descriptor('delete', 'Keypair')
+@common.send('delete')
+def delete(name, **kwargs):
+ """Delete keypair"""
+ url = '/os-keypairs/{}?{}'.format(name, urllib_parse.urlencode(kwargs))
+ return url, {}
+
+
+@common.function_descriptor('find', 'Keypair', 'keypair')
+@common.send('get')
+def get(name, **kwargs):
+ """Get a keypair of a project (and user)"""
+ url = '/os-keypairs/{}?{}'.format(name, urllib_parse.urlencode(kwargs))
+ return url, {}
+
+
+@common.function_descriptor('find', 'Keypair', 'keypairs')
+@common.send('get')
+def list_(**kwargs):
+ """List keypairs of a project (and user)"""
+ url = '/os-keypairs?{}'.format(urllib_parse.urlencode(kwargs))
+ return url, {}
diff --git a/_modules/novav21/quotas.py b/_modules/novav21/quotas.py
new file mode 100644
index 0000000..3b303f2
--- /dev/null
+++ b/_modules/novav21/quotas.py
@@ -0,0 +1,48 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import common
+
+# Function alias to not shadow built-ins
+__func_alias__ = {
+ 'list_': 'list'
+}
+
+
+@common.function_descriptor('delete', 'Project quota')
+@common.send('get')
+def delete(project_id, user_id=None, **kwargs):
+ """List quotas of a project (and user)"""
+ url = '/os-quota-sets/%s' % project_id
+ if user_id:
+ url = '%s?user_id=%s' % (url, user_id)
+ return url, {}
+
+
+@common.function_descriptor('find', 'Project quota', 'quota_set')
+@common.send('get')
+def list_(project_id, user_id=None, **kwargs):
+ """List quotas of a project (and user)"""
+ url = '/os-quota-sets/%s' % project_id
+ if user_id:
+ url = '%s?user_id=%s' % (url, user_id)
+ return url, {}
+
+
+@common.function_descriptor('update', 'Project quota', 'quota_set')
+@common.send('put')
+def update(project_id, user_id=None, **kwargs):
+ """Update quota of the specified project (and user)"""
+ url = '/os-quota-sets/%s' % project_id
+ if user_id:
+ url = '%s?user_id=%s' % (url, user_id)
+ return url, {'json': {'quota_set': kwargs}}
diff --git a/_modules/novav21/servers.py b/_modules/novav21/servers.py
new file mode 100644
index 0000000..6606c3e
--- /dev/null
+++ b/_modules/novav21/servers.py
@@ -0,0 +1,89 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import six.moves.urllib.parse as urllib_parse
+
+import common
+
+# Function alias to not shadow built-ins
+__func_alias__ = {
+ 'list_': 'list'
+}
+
+
+@common.send('get')
+def list_(**kwargs):
+ """Return list of servers."""
+ url = '/servers?{}'.format(urllib_parse.urlencode(kwargs))
+ return url, {}
+
+
+@common.send('post')
+def create(name, flavor, **kwargs):
+ """Create server(s)."""
+ # TODO: add something useful :)
+ url = '/servers'
+ req = {'server': {'name': name, 'flavor': flavor}}
+ req['server'].update(kwargs)
+ return url, {'json': req}
+
+
+@common.get_by_name_or_uuid(list_, 'servers')
+@common.send('delete')
+def delete(server_id, **kwargs):
+ """Delete server."""
+ url = '/servers/{server_id}'.format(server_id=server_id)
+ return url, {}
+
+
+@common.get_by_name_or_uuid(list_, 'servers')
+@common.send('get')
+def get(server_id, **kwargs):
+ """Return one server."""
+ url = '/servers/{server_id}'.format(server_id=server_id)
+ return url, {}
+
+
+@common.get_by_name_or_uuid(list_, 'servers')
+@common.send('post')
+def lock(server_id, **kwargs):
+ """Lock server."""
+ url = '/servers/{server_id}/action'.format(server_id=server_id)
+ req = {"lock": None}
+ return url, {"json": req}
+
+
+@common.get_by_name_or_uuid(list_, 'servers')
+@common.send('post')
+def resume(server_id, **kwargs):
+ """Resume server after suspend."""
+ url = '/servers/{server_id}/action'.format(server_id=server_id)
+ req = {"resume": None}
+ return url, {"json": req}
+
+
+@common.get_by_name_or_uuid(list_, 'servers')
+@common.send('post')
+def suspend(server_id, **kwargs):
+ """Suspend server."""
+ url = '/servers/{server_id}/action'.format(server_id=server_id)
+ req = {"suspend": None}
+ return url, {"json": req}
+
+
+@common.get_by_name_or_uuid(list_, 'servers')
+@common.send('post')
+def unlock(server_id, **kwargs):
+ """Unlock server."""
+ url = '/servers/{server_id}/action'.format(server_id=server_id)
+ req = {"unlock": None}
+ return url, {"json": req}
diff --git a/_states/novang.py b/_states/novang.py
index a3376e7..b496117 100644
--- a/_states/novang.py
+++ b/_states/novang.py
@@ -43,7 +43,7 @@
'changes': {},
'result': False,
'comment': 'Cell "{0}" does not exists'.format(name)}
- cell_uuid = __salt__['cmd.shell']('nova-manage cell_v2 list_cells 2>&- | grep ' + name + ' | tr -d \"\n\" | awk \'{print $4}\'')
+ cell_uuid = __salt__['cmd.shell']('nova-manage cell_v2 list_cells 2>/dev/null | awk \'/' + name + '/ {print $4}\'')
if cell_uuid:
try:
__salt__['cmd.shell']('nova-manage cell_v2 map_instances --cell_uuid ' + cell_uuid)
@@ -57,6 +57,28 @@
return ret
+def update_cell(name='cell1', transport_url='none:///', db_engine='mysql', db_name='nova_upgrade', db_user='nova', db_password=None, db_address='0.0.0.0'):
+ '''
+ Ensures that the nova cell is setup correctly
+ '''
+ ret = {'name': name,
+ 'changes': {},
+ 'result': False,
+ 'comment': 'Cell "{0}" does not exists'.format(name)}
+ cell_uuid = __salt__['cmd.shell']('nova-manage cell_v2 list_cells 2>/dev/null | awk \'/' + name + '/ {print $4}\'')
+ if cell_uuid:
+ try:
+ __salt__['cmd.shell']('nova-manage cell_v2 update_cell --cell_uuid ' + cell_uuid + ' --transport-url ' + transport_url + ' --database_connection ' + db_engine + '+pymysql://' + db_user + ':' + db_password + '@' + db_address + '/' + db_name + '?charset=utf8')
+ ret['result'] = True
+ ret['comment'] = 'Cell {0} updated'.format(name)
+ ret['changes'][name] = 'Cell {0} successfuly updated'.format(name)
+ except:
+ ret['result'] = False
+ ret['comment'] = 'Cell {0} not updated'.format(name)
+ ret['changes'][name] = 'Cell {0} failed to be updated'.format(name)
+ return ret
+
+
def api_db_version_present(name=None, version="20"):
'''
Ensures that specific api_db version is present
@@ -173,7 +195,7 @@
if zone_exists == False:
item_created = __salt__['novang.availability_zone_create'](name, availability_zone, profile)
if bool(item_created):
- return _created(availability_zone, 'availabilty zone', item_created)
+ return _created(availability_zone, 'availabilty zone', item_created)
else:
return _already_exists(availability_zone, 'availabilty zone')
return existing_availability_zones
diff --git a/_states/novav21.py b/_states/novav21.py
new file mode 100644
index 0000000..1feefee
--- /dev/null
+++ b/_states/novav21.py
@@ -0,0 +1,489 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import logging
+import six
+from six.moves import zip_longest
+
+import salt
+
+LOG = logging.getLogger(__name__)
+
+KEYSTONE_LOADED = False
+
+
+def __virtual__():
+ """Only load if the nova module is in __salt__"""
+ if 'keystonev3.project_get_details' in __salt__:
+ global KEYSTONE_LOADED
+ KEYSTONE_LOADED = True
+ return 'novav21'
+
+
+class SaltModuleCallException(Exception):
+
+ def __init__(self, result_dict, *args, **kwargs):
+ super(SaltModuleCallException, self).__init__(*args, **kwargs)
+ self.result_dict = result_dict
+
+
+def _get_failure_function_mapping():
+ return {
+ 'create': _create_failed,
+ 'update': _update_failed,
+ 'find': _find_failed,
+ 'delete': _delete_failed,
+ }
+
+
+def _call_nova_salt_module(call_string, name, module_name='novav21'):
+ def inner(*args, **kwargs):
+ func = __salt__['%s.%s' % (module_name, call_string)]
+ result = func(*args, **kwargs)
+ if not result['result']:
+ ret = _get_failure_function_mapping()[func._action_type](
+ name, func._resource_human_readable_name)
+ ret['comment'] += '\nStatus code: %s\n%s' % (result['status_code'],
+ result['comment'])
+ raise SaltModuleCallException(ret)
+ return result['body'].get(func._body_response_key)
+ return inner
+
+
+def _error_handler(fun):
+ @six.wraps(fun)
+ def inner(*args, **kwargs):
+ try:
+ return fun(*args, **kwargs)
+ except SaltModuleCallException as e:
+ return e.result_dict
+ return inner
+
+
+@_error_handler
+def flavor_present(name, cloud_name, vcpus=1, ram=256, disk=0, flavor_id=None,
+ extra_specs=None):
+ """Ensures that the flavor exists"""
+ extra_specs = extra_specs or {}
+ # There is no way to query flavors by name
+ flavors = _call_nova_salt_module('flavor_list', name)(
+ detail=True, cloud_name=cloud_name)
+ flavor = [flavor for flavor in flavors if flavor['name'] == name]
+ # Flavor names are unique, there is either 1 or 0 with requested name
+ if flavor:
+ flavor = flavor[0]
+ current_extra_specs = _call_nova_salt_module(
+ 'flavor_get_extra_specs', name)(
+ flavor['id'], cloud_name=cloud_name)
+ to_delete = set(current_extra_specs) - set(extra_specs)
+ to_add = set(extra_specs) - set(current_extra_specs)
+ for spec in to_delete:
+ _call_nova_salt_module('flavor_delete_extra_spec', name)(
+ flavor['id'], spec, cloud_name=cloud_name)
+ _call_nova_salt_module('flavor_add_extra_specs', name)(
+ flavor['id'], cloud_name=cloud_name, **extra_specs)
+ if to_delete or to_add:
+ ret = _updated(name, 'Flavor', extra_specs)
+ else:
+ ret = _no_change(name, 'Flavor')
+ else:
+ flavor = _call_nova_salt_module('flavor_create', name)(
+ name, vcpus, ram, disk, id=flavor_id, cloud_name=cloud_name)
+ _call_nova_salt_module('flavor_add_extra_specs', name)(
+ flavor['id'], cloud_name=cloud_name, **extra_specs)
+ flavor['extra_specs'] = extra_specs
+ ret = _created(name, 'Flavor', flavor)
+ return ret
+
+
+@_error_handler
+def flavor_absent(name, cloud_name):
+ """Ensure flavor is absent"""
+ # There is no way to query flavors by name
+ flavors = _call_nova_salt_module('flavor_list', name)(
+ detail=True, cloud_name=cloud_name)
+ flavor = [flavor for flavor in flavors if flavor['name'] == name]
+ # Flavor names are unique, there is either 1 or 0 with requested name
+ if flavor:
+ _call_nova_salt_module('flavor_delete', name)(
+ flavor[0]['id'], cloud_name=cloud_name)
+ return _deleted(name, 'Flavor')
+ return _non_existent(name, 'Flavor')
+
+
+def _get_keystone_project_id_by_name(project_name, cloud_name):
+ if not KEYSTONE_LOADED:
+ LOG.error("Keystone module not found, can not look up project ID "
+ "by name")
+ return None
+ project = __salt__['keystonev3.project_get_details'](
+ project_name, cloud_name=cloud_name)
+ if not project:
+ return None
+ return project['project']['id']
+
+
+@_error_handler
+def quota_present(name, cloud_name, **kwargs):
+ """Ensures that the nova quota exists
+
+ :param name: project name to ensure quota for.
+ """
+ project_name = name
+ project_id = _get_keystone_project_id_by_name(project_name, cloud_name)
+ changes = {}
+ if not project_id:
+ ret = _update_failed(project_name, 'Project quota')
+ ret['comment'] += ('\nCould not retrieve keystone project %s' %
+ project_name)
+ return ret
+ quota = _call_nova_salt_module('quota_list', project_name)(
+ project_id, cloud_name=cloud_name)
+ for key, value in kwargs.items():
+ if quota.get(key) != value:
+ changes[key] = value
+ if changes:
+ _call_nova_salt_module('quota_update', project_name)(
+ project_id, cloud_name=cloud_name, **changes)
+ return _updated(project_name, 'Project quota', changes)
+ else:
+ return _no_change(project_name, 'Project quota')
+
+
+@_error_handler
+def quota_absent(name, cloud_name):
+ """Ensures that the nova quota set to default
+
+ :param name: project name to reset quota for.
+ """
+ project_name = name
+ project_id = _get_keystone_project_id_by_name(project_name, cloud_name)
+ if not project_id:
+ ret = _delete_failed(project_name, 'Project quota')
+ ret['comment'] += ('\nCould not retrieve keystone project %s' %
+ project_name)
+ return ret
+ _call_nova_salt_module('quota_delete', name)(
+ project_id, cloud_name=cloud_name)
+ return _deleted(name, 'Project quota')
+
+
+@_error_handler
+def aggregate_present(name, cloud_name, availability_zone_name=None,
+ hosts=None, metadata=None):
+ """Ensures that the nova aggregate exists"""
+ aggregates = _call_nova_salt_module('aggregate_list', name)(
+ cloud_name=cloud_name)
+ aggregate_exists = [agg for agg in aggregates
+ if agg['name'] == name]
+ metadata = metadata or {}
+ hosts = hosts or []
+ if availability_zone_name:
+ metadata.update(availability_zone=availability_zone_name)
+ if not aggregate_exists:
+ aggregate = _call_nova_salt_module('aggregate_create', name)(
+ name, availability_zone_name, cloud_name=cloud_name)
+ if metadata:
+ _call_nova_salt_module('aggregate_set_metadata', name)(
+ cloud_name=cloud_name, **metadata)
+ aggregate['metadata'] = metadata
+ for host in hosts or []:
+ _call_nova_salt_module('aggregate_add_host', name)(
+ name, host, cloud_name=cloud_name)
+ aggregate['hosts'] = hosts
+ return _created(name, 'Host aggregate', aggregate)
+ else:
+ aggregate = aggregate_exists[0]
+ changes = {}
+ existing_meta = set(aggregate['metadata'].items())
+ requested_meta = set(metadata.items())
+ if existing_meta - requested_meta or requested_meta - existing_meta:
+ _call_nova_salt_module('aggregate_set_metadata', name)(
+ name, cloud_name=cloud_name, **metadata)
+ changes['metadata'] = metadata
+ hosts_to_add = set(hosts) - set(aggregate['hosts'])
+ hosts_to_remove = set(aggregate['hosts']) - set(hosts)
+ if hosts_to_remove or hosts_to_add:
+ for host in hosts_to_add:
+ _call_nova_salt_module('aggregate_add_host', name)(
+ name, host, cloud_name=cloud_name)
+ for host in hosts_to_remove:
+ _call_nova_salt_module('aggregate_remove_host', name)(
+ name, host, cloud_name=cloud_name)
+ changes['hosts'] = hosts
+ if changes:
+ return _updated(name, 'Host aggregate', changes)
+ else:
+ return _no_change(name, 'Host aggregate')
+
+
+@_error_handler
+def aggregate_absent(name, cloud_name):
+ """Ensure aggregate is absent"""
+ existing_aggregates = _call_nova_salt_module('aggregate_list', name)(
+ cloud_name=cloud_name)
+ matching_aggs = [agg for agg in existing_aggregates
+ if agg['name'] == name]
+ if matching_aggs:
+ _call_nova_salt_module('aggregate_delete', name)(
+ name, cloud_name=cloud_name)
+ return _deleted(name, 'Host Aggregate')
+ return _non_existent(name, 'Host Aggregate')
+
+
+@_error_handler
+def keypair_present(name, cloud_name, public_key_file=None, public_key=None):
+ """Ensures that the Nova key-pair exists"""
+ existing_keypairs = _call_nova_salt_module('keypair_list', name)(
+ cloud_name=cloud_name)
+ matching_kps = [kp for kp in existing_keypairs
+ if kp['keypair']['name'] == name]
+ if public_key_file and not public_key:
+ with salt.utils.fopen(public_key_file, 'r') as f:
+ public_key = f.read()
+ if not public_key:
+ ret = _create_failed(name, 'Keypair')
+ ret['comment'] += '\nPlease specify public key for keypair creation.'
+ return ret
+ if matching_kps:
+ # Keypair names are unique, there is either 1 or 0 with requested name
+ kp = matching_kps[0]['keypair']
+ if kp['public_key'] != public_key:
+ _call_nova_salt_module('keypair_delete', name)(
+ name, cloud_name=cloud_name)
+ else:
+ return _no_change(name, 'Keypair')
+ res = _call_nova_salt_module('keypair_create', name)(
+ name, cloud_name=cloud_name, public_key=public_key)
+ return _created(name, 'Keypair', res)
+
+
+@_error_handler
+def keypair_absent(name, cloud_name):
+ """Ensure keypair is absent"""
+ existing_keypairs = _call_nova_salt_module('keypair_list', name)(
+ cloud_name=cloud_name)
+ matching_kps = [kp for kp in existing_keypairs
+ if kp['keypair']['name'] == name]
+ if matching_kps:
+ _call_nova_salt_module('keypair_delete', name)(
+ name, cloud_name=cloud_name)
+ return _deleted(name, 'Keypair')
+ return _non_existent(name, 'Keypair')
+
+
+def cell_present(name='cell1', transport_url='none:///', db_engine='mysql',
+ db_name='nova_upgrade', db_user='nova', db_password=None,
+ db_address='0.0.0.0'):
+ """Ensure nova cell is present
+
+ For newly created cells this state also runs discover_hosts and
+ map_instances."""
+ cell_info = __salt__['cmd.shell'](
+ "nova-manage cell_v2 list_cells --verbose | "
+ "awk '/%s/ {print $4,$6,$8}'" % name).split()
+ db_connection = (
+ '%(db_engine)s+pymysql://%(db_user)s:%(db_password)s@'
+ '%(db_address)s/%(db_name)s?charset=utf8' % {
+ 'db_engine': db_engine, 'db_user': db_user,
+ 'db_password': db_password, 'db_address': db_address,
+ 'db_name': db_name})
+ args = {'transport_url': transport_url, 'db_connection': db_connection}
+ # There should be at least 1 component printed to cell_info
+ if len(cell_info) >= 1:
+ cell_info = dict(zip_longest(
+ ('cell_uuid', 'existing_transport_url', 'existing_db_connection'),
+ cell_info))
+ cell_uuid, existing_transport_url, existing_db_connection = cell_info
+ command_string = ''
+ if existing_transport_url != transport_url:
+ command_string = (
+ '%s --transport-url %%(transport_url)s' % command_string)
+ if existing_db_connection != db_connection:
+ command_string = (
+ '%s --database_connection %%(db_connection)s' % command_string)
+ if not command_string:
+ return _no_change(name, 'Nova cell')
+ try:
+ __salt__['cmd.shell'](
+ ('nova-manage cell_v2 update_cell --cell_uuid %s %s' % (
+ cell_uuid, command_string)) % args)
+ LOG.warning("Updating the transport_url or database_connection "
+ "fields on a running system will NOT result in all "
+ "nodes immediately using the new values. Use caution "
+ "when changing these values.")
+ ret = _updated(name, 'Nova cell', args)
+ except Exception as e:
+ ret = _update_failed(name, 'Nova cell')
+ ret['comment'] += '\nException: %s' % e
+ return ret
+ args.update(name=name)
+ try:
+ cell_uuid = __salt__['cmd.shell'](
+ 'nova-manage cell_v2 create_cell --name %(name)s '
+ '--transport-url %(transport_url)s '
+ '--database_connection %(db_connection)s --verbose' % args)
+ __salt__['cmd.shell']('nova-manage cell_v2 discover_hosts '
+ '--cell_uuid %s --verbose' % cell_uuid)
+ __salt__['cmd.shell']('nova-manage cell_v2 map_instances '
+ '--cell_uuid %s' % cell_uuid)
+ ret = _created(name, 'Nova cell', args)
+ except Exception as e:
+ ret = _create_failed(name, 'Nova cell')
+ ret['comment'] += '\nException: %s' % e
+ return ret
+
+
+def cell_absent(name, force=False):
+ """Ensure cell is absent"""
+ cell_uuid = __salt__['cmd.shell'](
+ "nova-manage cell_v2 list_cells | awk '/%s/ {print $4}'" % name)
+ if not cell_uuid:
+ return _non_existent(name, 'Nova cell')
+ try:
+ __salt__['cmd.shell'](
+ 'nova-manage cell_v2 delete_cell --cell_uuid %s %s' % (
+ cell_uuid, '--force' if force else ''))
+ ret = _deleted(name, 'Nova cell')
+ except Exception as e:
+ ret = _delete_failed(name, 'Nova cell')
+ ret['comment'] += '\nException: %s' % e
+ return ret
+
+
+def _db_version_update(db, version, human_readable_resource_name):
+ existing_version = __salt__['cmd.shell'](
+ 'nova-manage %s version 2>/dev/null' % db)
+ try:
+ existing_version = int(existing_version)
+ version = int(version)
+ except Exception as e:
+ ret = _update_failed(existing_version,
+ human_readable_resource_name)
+ ret['comment'] += ('\nCan not convert existing or requested version '
+ 'to integer, exception: %s' % e)
+ LOG.error(ret['comment'])
+ return ret
+ if existing_version < version:
+ try:
+ __salt__['cmd.shell'](
+ 'nova-manage %s sync --version %s' % (db, version))
+ ret = _updated(existing_version, human_readable_resource_name,
+ {db: '%s sync --version %s' % (db, version)})
+ except Exception as e:
+ ret = _update_failed(existing_version,
+ human_readable_resource_name)
+ ret['comment'] += '\nException: %s' % e
+ return ret
+ return _no_change(existing_version, human_readable_resource_name)
+
+
+def api_db_version_present(name=None, version="20"):
+ """Ensures that specific api_db version is present"""
+ return _db_version_update('api_db', version, 'Nova API database version')
+
+
+def db_version_present(name=None, version="334"):
+ """Ensures that specific db version is present"""
+ return _db_version_update('db', version, 'Nova database version')
+
+
+def online_data_migrations_present(name=None, api_db_version="20",
+ db_version="334"):
+ """Runs online_data_migrations if databases are of specific versions"""
+ ret = {'name': 'online_data_migrations', 'changes': {}, 'result': False,
+ 'comment': 'Current nova api_db version != {0} or nova db version '
+ '!= {1}.'.format(api_db_version, db_version)}
+ cur_api_db_version = __salt__['cmd.shell'](
+ 'nova-manage api_db version 2>/dev/null')
+ cur_db_version = __salt__['cmd.shell'](
+ 'nova-manage db version 2>/dev/null')
+ try:
+ cur_api_db_version = int(cur_api_db_version)
+ cur_db_version = int(cur_db_version)
+ api_db_version = int(api_db_version)
+ db_version = int(db_version)
+ except Exception as e:
+ LOG.error(ret['comment'])
+ ret['comment'] = ('\nCan not convert existing or requested database '
+ 'versions to integer, exception: %s' % e)
+ return ret
+ if cur_api_db_version == api_db_version and cur_db_version == db_version:
+ try:
+ __salt__['cmd.shell']('nova-manage db online_data_migrations')
+ ret['result'] = True
+ ret['comment'] = ('nova-manage db online_data_migrations was '
+ 'executed successfuly')
+ ret['changes']['online_data_migrations'] = (
+ 'online_data_migrations run on nova api_db version {0} and '
+ 'nova db version {1}'.format(api_db_version, db_version))
+ except Exception as e:
+ ret['comment'] = (
+ 'Failed to execute online_data_migrations on nova api_db '
+ 'version %s and nova db version %s, exception: %s' % (
+ api_db_version, db_version, e))
+ return ret
+
+
+def _find_failed(name, resource):
+ return {
+ 'name': name, 'changes': {}, 'result': False,
+ 'comment': 'Failed to find {0}s with name {1}'.format(resource, name)}
+
+
+def _created(name, resource, changes):
+ return {
+ 'name': name, 'changes': changes, 'result': True,
+ 'comment': '{0} {1} created'.format(resource, name)}
+
+
+def _create_failed(name, resource):
+ return {
+ 'name': name, 'changes': {}, 'result': False,
+ 'comment': '{0} {1} creation failed'.format(resource, name)}
+
+
+def _no_change(name, resource):
+ return {
+ 'name': name, 'changes': {}, 'result': True,
+ 'comment': '{0} {1} already is in the desired state'.format(
+ resource, name)}
+
+
+def _updated(name, resource, changes):
+ return {
+ 'name': name, 'changes': changes, 'result': True,
+ 'comment': '{0} {1} was updated'.format(resource, name)}
+
+
+def _update_failed(name, resource):
+ return {
+ 'name': name, 'changes': {}, 'result': False,
+ 'comment': '{0} {1} update failed'.format(resource, name)}
+
+
+def _deleted(name, resource):
+ return {
+ 'name': name, 'changes': {}, 'result': True,
+ 'comment': '{0} {1} deleted'.format(resource, name)}
+
+
+def _delete_failed(name, resource):
+ return {
+ 'name': name, 'changes': {}, 'result': False,
+ 'comment': '{0} {1} deletion failed'.format(resource, name)}
+
+
+def _non_existent(name, resource):
+ return {
+ 'name': name, 'changes': {}, 'result': True,
+ 'comment': '{0} {1} does not exist'.format(resource, name)}
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..fff7d87
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,48 @@
+salt-formula-nova (2016.12.1) xenial; urgency=medium
+
+ * Switch using 3.0 native source format
+
+ -- devops <devops@mirantis.com> Fri, 10 Aug 2018 15:42:34 +0400
+
+salt-formula-nova (2016.12.1-2xenial1) xenial; urgency=medium
+
+ * Fix files/pike symlink
+
+ -- devops <devops@mirantis.com> Tue, 06 Feb 2018 15:40:55 +0200
+
+salt-formula-nova (2016.12.1-1xenial1) xenial; urgency=medium
+
+ * Build for Ubuntu Xenial
+
+ -- Filip Pytloun <filip@pytloun.cz> Tue, 24 Jan 2017 12:15:30 +0100
+
+salt-formula-nova (2016.12.1-1) unstable; urgency=medium
+
+ * New upstream release
+ * d/{control,copyright}: Use my @debian.org email address
+ * Bumped debhelper version to 10
+
+ -- OndÅ™ej Nový <onovy@debian.org> Sun, 25 Dec 2016 17:06:06 +0100
+
+salt-formula-nova (2016.4.2-2) unstable; urgency=medium
+
+ * Added Debian tests
+
+ -- OndÅ™ej Nový <novy@ondrej.org> Wed, 08 Jun 2016 21:27:23 +0200
+
+salt-formula-nova (2016.4.2-1) unstable; urgency=medium
+
+ [ Filip Pytloun ]
+ * New upstream release
+
+ [ OndÅ™ej Nový ]
+ * d/copyright: Added myself to Debian part
+ * Added myself as uploader
+
+ -- OndÅ™ej Nový <novy@ondrej.org> Sat, 23 Apr 2016 18:43:44 +0200
+
+salt-formula-nova (2016.4.1-1) unstable; urgency=medium
+
+ * Initial release (Closes: #821921)
+
+ -- Filip Pytloun <filip@pytloun.cz> Wed, 20 Apr 2016 16:04:36 +0200
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..ec63514
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+9
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..b1b7659
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,25 @@
+Source: salt-formula-nova
+Maintainer: PKG OpenStack <openstack-devel@lists.alioth.debian.org>
+Uploaders: Filip Pytloun <filip@pytloun.cz>,
+ OndÅ™ej Nový <onovy@debian.org>,
+Section: admin
+Priority: extra
+Build-Depends: debhelper (>= 9),
+ openstack-pkg-tools,
+Build-Depends-Indep: python-all,
+ python-yaml,
+ salt-formula-keystone,
+Standards-Version: 3.9.6
+Homepage: https://wiki.openstack.org/wiki/OpenStackSalt
+Vcs-Browser: https://anonscm.debian.org/cgit/openstack/salt-formula-nova.git/
+Vcs-Git: https://anonscm.debian.org/git/openstack/salt-formula-nova.git
+
+Package: salt-formula-nova
+Architecture: all
+Depends: ${misc:Depends},
+Description: Salt formula for OpenStack Nova
+ Salt is a powerful remote execution manager that can be used to
+ administer servers in a fast and efficient way.
+ .
+ This SaltStack formula manages both installation and configuration of
+ OpenStack Nova.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..0dc7e21
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,28 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: salt-formula-nova
+Source: https://github.com/openstack/salt-formula-nova
+
+Files: *
+Copyright: 2014-2016 tcp cloud
+License: Apache-2.0
+
+Files: debian/*
+Copyright: (c) 2016, Filip Pytloun <filip@pytloun.cz>
+ (c) 2016, OndÅ™ej Nový <onovy@debian.org>
+License: Apache-2.0
+
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.
diff --git a/debian/docs b/debian/docs
new file mode 100644
index 0000000..a1320b1
--- /dev/null
+++ b/debian/docs
@@ -0,0 +1 @@
+README.rst
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..7bf5959
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,8 @@
+[DEFAULT]
+upstream-branch = master
+debian-branch = debian/unstable
+upstream-tag = %(version)s
+compression = xz
+
+[buildpackage]
+export-dir = ../build-area/
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..f7d5908
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,7 @@
+#!/usr/bin/make -f
+
+include /usr/share/openstack-pkg-tools/pkgos.make
+
+%:
+ dh $@
+
diff --git a/debian/salt-formula-nova.postinst b/debian/salt-formula-nova.postinst
new file mode 100644
index 0000000..3934013
--- /dev/null
+++ b/debian/salt-formula-nova.postinst
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+dpkg-maintscript-helper symlink_to_dir \
+ /usr/share/salt-formulas/env/nova/files/pike /usr/share/salt-formulas/env/nova/files/ocata salt-formula-nova -- "$@"
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/salt-formula-nova.postrm b/debian/salt-formula-nova.postrm
new file mode 100644
index 0000000..3934013
--- /dev/null
+++ b/debian/salt-formula-nova.postrm
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+dpkg-maintscript-helper symlink_to_dir \
+ /usr/share/salt-formulas/env/nova/files/pike /usr/share/salt-formulas/env/nova/files/ocata salt-formula-nova -- "$@"
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/salt-formula-nova.preinst b/debian/salt-formula-nova.preinst
new file mode 100644
index 0000000..3934013
--- /dev/null
+++ b/debian/salt-formula-nova.preinst
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+dpkg-maintscript-helper symlink_to_dir \
+ /usr/share/salt-formulas/env/nova/files/pike /usr/share/salt-formulas/env/nova/files/ocata salt-formula-nova -- "$@"
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..89ae9db
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (native)
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..685e62b
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,2 @@
+Test-Command: cd tests && ./run_tests.sh
+Restrictions: allow-stderr
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..d2eb4bd
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,3 @@
+version=3
+opts="uversionmangle=s/\.(b|rc)/~$1/" \
+https://github.com/openstack/salt-formula-nova/tags .*/(\d[\d\.]+)\.tar\.gz
diff --git a/metadata.yml b/metadata.yml
index 0ee34f0..5a279bc 100644
--- a/metadata.yml
+++ b/metadata.yml
@@ -4,3 +4,5 @@
dependencies:
- name: keystone
source: "https://github.com/salt-formulas/salt-formula-keystone"
+ - name: apache
+ source: "https://github.com/salt-formulas/salt-formula-apache"
diff --git a/metadata/service/compute/cluster.yml b/metadata/service/compute/cluster.yml
index 77fed1a..ba85fbd 100644
--- a/metadata/service/compute/cluster.yml
+++ b/metadata/service/compute/cluster.yml
@@ -4,14 +4,13 @@
- service.nova.support
parameters:
_param:
- nova_compute_virtualization: kvm
openstack_log_appender: false
openstack_fluentd_handler_enabled: false
+ openstack_ossyslog_handler_enabled: false
nova:
compute:
version: ${_param:nova_version}
enabled: true
- virtualization: ${_param:nova_compute_virtualization}
heal_instance_info_cache_interval: 60
vncproxy_url: http://${_param:cluster_vip_address}:6080
bind:
@@ -40,6 +39,8 @@
enabled: true
fluentd:
enabled: ${_param:openstack_fluentd_handler_enabled}
+ ossyslog:
+ enabled: ${_param:openstack_ossyslog_handler_enabled}
message_queue:
engine: rabbitmq
port: 5672
diff --git a/metadata/service/compute/container.yml b/metadata/service/compute/container.yml
index 145ebcc..51f771d 100644
--- a/metadata/service/compute/container.yml
+++ b/metadata/service/compute/container.yml
@@ -10,7 +10,6 @@
compute:
version: ${_param:nova_version}
enabled: true
- virtualization: kvm
vncproxy_url: http://${_param:nova_service_host}:6080
reserved_host_memory_mb: 32768
libvirt:
@@ -50,4 +49,4 @@
user: neutron
password: ${_param:keystone_neutron_password}
host: ${_param:neutron_service_host}
- port: 9696
\ No newline at end of file
+ port: 9696
diff --git a/metadata/service/compute/ironic.yml b/metadata/service/compute/ironic.yml
index 339099e..5428d44 100644
--- a/metadata/service/compute/ironic.yml
+++ b/metadata/service/compute/ironic.yml
@@ -6,6 +6,7 @@
_param:
openstack_log_appender: false
openstack_fluentd_handler_enabled: false
+ openstack_ossyslog_handler_enabled: false
nova:
compute:
version: ${_param:nova_version}
@@ -37,6 +38,8 @@
enabled: true
fluentd:
enabled: ${_param:openstack_fluentd_handler_enabled}
+ ossyslog:
+ enabled: ${_param:openstack_ossyslog_handler_enabled}
message_queue:
engine: rabbitmq
host: ${_param:cluster_vip_address}
diff --git a/metadata/service/compute/kvm.yml b/metadata/service/compute/kvm.yml
index 0e71d06..2ede8af 100644
--- a/metadata/service/compute/kvm.yml
+++ b/metadata/service/compute/kvm.yml
@@ -6,11 +6,11 @@
_param:
openstack_log_appender: false
openstack_fluentd_handler_enabled: false
+ openstack_ossyslog_handler_enabled: false
nova:
compute:
version: ${_param:nova_version}
enabled: true
- virtualization: kvm
heal_instance_info_cache_interval: 60
vncproxy_url: http://${_param:cluster_vip_address}:6080
bind:
@@ -39,6 +39,8 @@
enabled: true
fluentd:
enabled: ${_param:openstack_fluentd_handler_enabled}
+ ossyslog:
+ enabled: ${_param:openstack_ossyslog_handler_enabled}
message_queue:
engine: rabbitmq
host: ${_param:cluster_vip_address}
diff --git a/metadata/service/control/cluster.yml b/metadata/service/control/cluster.yml
index 7858b72..03daebc 100644
--- a/metadata/service/control/cluster.yml
+++ b/metadata/service/control/cluster.yml
@@ -8,6 +8,7 @@
nova_networking: default
openstack_log_appender: false
openstack_fluentd_handler_enabled: false
+ openstack_ossyslog_handler_enabled: false
nova:
controller:
enabled: true
@@ -48,6 +49,8 @@
enabled: true
fluentd:
enabled: ${_param:openstack_fluentd_handler_enabled}
+ ossyslog:
+ enabled: ${_param:openstack_ossyslog_handler_enabled}
message_queue:
engine: rabbitmq
host: ${_param:cluster_vip_address}
diff --git a/metadata/service/control/single.yml b/metadata/service/control/single.yml
index a6d04e8..9cdbacb 100644
--- a/metadata/service/control/single.yml
+++ b/metadata/service/control/single.yml
@@ -8,6 +8,7 @@
nova_networking: default
openstack_log_appender: false
openstack_fluentd_handler_enabled: false
+ openstack_ossyslog_handler_enabled: false
nova:
controller:
enabled: true
@@ -48,6 +49,8 @@
enabled: true
fluentd:
enabled: ${_param:openstack_fluentd_handler_enabled}
+ ossyslog:
+ enabled: ${_param:openstack_ossyslog_handler_enabled}
message_queue:
engine: rabbitmq
host: ${_param:single_address}
diff --git a/nova/_ssl/mysql.sls b/nova/_ssl/mysql.sls
new file mode 100644
index 0000000..3f44e2a
--- /dev/null
+++ b/nova/_ssl/mysql.sls
@@ -0,0 +1,58 @@
+{% from "nova/map.jinja" import controller with context %}
+
+{%- if controller.database.get('x509',{}).get('enabled',False) %}
+
+ {%- set ca_file=controller.database.x509.get('ca_file') %}
+ {%- set key_file=controller.database.x509.get('key_file') %}
+ {%- set cert_file=controller.database.x509.get('cert_file') %}
+
+mysql_nova_ssl_x509_ca:
+ {%- if controller.database.x509.cacert is defined %}
+ file.managed:
+ - name: {{ ca_file }}
+ - contents_pillar: nova:controller:database:x509:cacert
+ - mode: 444
+ - makedirs: true
+ {%- else %}
+ file.exists:
+ - name: {{ ca_file }}
+ {%- endif %}
+
+mysql_nova_client_ssl_cert:
+ {%- if controller.database.x509.cert is defined %}
+ file.managed:
+ - name: {{ cert_file }}
+ - contents_pillar: nova:controller:database:x509:cert
+ - mode: 440
+ - makedirs: true
+ {%- else %}
+ file.exists:
+ - name: {{ cert_file }}
+ {%- endif %}
+
+mysql_nova_client_ssl_private_key:
+ {%- if controller.database.x509.key is defined %}
+ file.managed:
+ - name: {{ key_file }}
+ - contents_pillar: nova:controller:database:x509:key
+ - mode: 400
+ - makedirs: true
+ {%- else %}
+ file.exists:
+ - name: {{ key_file }}
+ {%- endif %}
+
+{% elif controller.database.get('ssl',{}).get('enabled',False) %}
+mysql_ca_nova_controller:
+ {%- if controller.database.ssl.cacert is defined %}
+ file.managed:
+ - name: {{ controller.database.ssl.cacert_file }}
+ - contents_pillar: nova:controller:database:ssl:cacert
+ - mode: 0444
+ - makedirs: true
+ {%- else %}
+ file.exists:
+ - name: {{ controller.database.ssl.get('cacert_file', controller.cacert_file) }}
+ {%- endif %}
+
+{%- endif %}
diff --git a/nova/compute.sls b/nova/compute.sls
index 081b600..1b8c149 100644
--- a/nova/compute.sls
+++ b/nova/compute.sls
@@ -105,7 +105,7 @@
{{ service_name }}_logging_conf:
file.managed:
- name: /etc/nova/logging/logging-{{ service_name }}.conf
- - source: salt://nova/files/logging.conf
+ - source: salt://oslo_templates/files/logging/_logging.conf
- template: jinja
- user: nova
- group: nova
@@ -117,7 +117,7 @@
- makedirs: True
- defaults:
service_name: {{ service_name }}
- values: {{ compute }}
+ _data: {{ compute.logging }}
- watch_in:
- service: nova_compute_services
@@ -138,6 +138,118 @@
{%- endif %}
{%- endif %}
+{%- if compute.libvirt.get('tls',{}).get('enabled',False) %}
+{%- set ca_file=compute.libvirt.tls.get('ca_file') %}
+{%- set key_file=compute.libvirt.tls.get('key_file') %}
+{%- set cert_file=compute.libvirt.tls.get('cert_file') %}
+{%- set client_key_file=compute.libvirt.tls.client.get('key_file') %}
+{%- set client_cert_file=compute.libvirt.tls.client.get('cert_file') %}
+
+libvirt_ca_nova_compute:
+{%- if compute.libvirt.tls.cacert is defined %}
+ file.managed:
+ - name: {{ ca_file }}
+ - contents_pillar: nova:compute:libvirt:tls:cacert
+ - mode: 444
+ - makedirs: true
+{%- else %}
+ file.exists:
+ - name: {{ ca_file }}
+{%- endif %}
+
+libvirt_public_cert:
+{%- if compute.libvirt.tls.cert is defined %}
+ file.managed:
+ - name: {{ cert_file }}
+ - contents_pillar: nova:compute:libvirt:tls:cert
+ - mode: 440
+ - makedirs: true
+{%- else %}
+ file.exists:
+ - name: {{ cert_file }}
+{%- endif %}
+
+libvirt_private_key:
+{%- if compute.libvirt.tls.key is defined %}
+ file.managed:
+ - name: {{ key_file }}
+ - contents_pillar: nova:compute:libvirt:tls:key
+ - mode: 400
+ - makedirs: true
+{%- else %}
+ file.exists:
+ - name: {{ key_file }}
+{%- endif %}
+
+libvirt_client_public_cert:
+{%- if compute.libvirt.tls.client.cert is defined %}
+ file.managed:
+ - name: {{ client_cert_file }}
+ - contents_pillar: nova:compute:libvirt:tls:client:cert
+ - mode: 440
+ - makedirs: true
+{%- else %}
+ file.exists:
+ - name: {{ client_cert_file }}
+{%- endif %}
+
+libvirt_client_key:
+{%- if compute.libvirt.tls.client.key is defined %}
+ file.managed:
+ - name: {{ client_key_file }}
+ - contents_pillar: nova:compute:libvirt:tls:client:key
+ - mode: 400
+ - makedirs: true
+{%- else %}
+ file.exists:
+ - name: {{ client_key_file }}
+{%- endif %}
+{%- endif %}
+
+{%- if compute.qemu.vnc.tls.get('enabled', False) %}
+
+{%- set ca_file=compute.qemu.vnc.tls.get('ca_file') %}
+{%- set key_file=compute.qemu.vnc.tls.get('key_file') %}
+{%- set cert_file=compute.qemu.vnc.tls.get('cert_file') %}
+
+qemu_ca_nova_compute:
+{%- if compute.qemu.vnc.tls.cacert is defined %}
+ file.managed:
+ - name: {{ ca_file }}
+ - contents_pillar: nova:compute:qemu:vnc:tls:cacert
+ - mode: 444
+ - makedirs: true
+{%- else %}
+ file.exists:
+ - name: {{ ca_file }}
+{%- endif %}
+
+qemu_public_cert:
+{%- if compute.qemu.vnc.tls.cert is defined %}
+ file.managed:
+ - name: {{ cert_file }}
+ - contents_pillar: nova:compute:qemu:vnc:tls:cert
+ - mode: 440
+ - makedirs: true
+{%- else %}
+ file.exists:
+ - name: {{ cert_file }}
+{%- endif %}
+
+qemu_private_key:
+{%- if compute.qemu.vnc.tls.key is defined %}
+ file.managed:
+ - name: {{ key_file }}
+ - contents_pillar: nova:compute:qemu:vnc:tls:key
+ - mode: 400
+ - makedirs: true
+{%- else %}
+ file.exists:
+ - name: {{ key_file }}
+{%- endif %}
+
+{%- endif %}
+
nova_compute_services:
service.running:
- enable: true
@@ -177,11 +289,15 @@
Add_compute_to_aggregate_{{ aggregate }}:
cmd.run:
- name: "nova {{ identity_params }} aggregate-add-host {{ aggregate }} {{ pillar.linux.system.name }}"
+ {%- if compute.version in ['juno','kilo','liberty','mitaka'] %}
- unless: "nova {{ identity_params }} aggregate-details {{ aggregate }} | grep {{ pillar.linux.system.name }}"
+ {%- else %}
+ - unless: "nova {{ identity_params }} aggregate-show {{ aggregate }} | grep {{ pillar.linux.system.name }}"
+ {%- endif %}
{%- endfor %}
-{%- if compute.virtualization == 'kvm' %}
+{%- if compute.get('compute_driver', 'libvirt.LibvirtDriver') == 'libvirt.LibvirtDriver' %}
{%- if not salt['user.info']('nova') %}
# MOS9 libvirt fix to create group
@@ -309,7 +425,7 @@
{%- if grains.get('init', None) == 'systemd' %}
-libvirt_restart_systemd:
+nova_libvirt_restart_systemd:
module.wait:
- name: service.systemctl_reload
- watch:
@@ -334,6 +450,26 @@
- require:
- pkg: nova_compute_packages
+{%- if compute.get('virtlog',{}).get('enabled', false) %}
+
+/etc/libvirt/virtlogd.conf:
+ file.managed:
+ - source: salt://nova/files/{{ compute.version }}/virtlogd.conf.{{ grains.os_family }}
+ - template: jinja
+ - require:
+ - pkg: nova_compute_packages
+
+/usr/sbin/virtlogd:
+ service.running:
+ - name: virtlogd
+ - enable: true
+ {%- if grains.get('noservices') %}
+ - onlyif: /bin/false
+ {%- endif %}
+ - watch:
+ - file: /etc/libvirt/virtlogd.conf
+{%- endif %}
+
virsh net-undefine default:
cmd.run:
- name: "virsh net-destroy default"
diff --git a/nova/controller.sls b/nova/controller.sls
index 24bb535..19caa45 100644
--- a/nova/controller.sls
+++ b/nova/controller.sls
@@ -1,7 +1,21 @@
{% from "nova/map.jinja" import controller with context %}
+{%- set mysql_x509_ssl_enabled = controller.database.get('x509',{}).get('enabled',False) or controller.database.get('ssl',{}).get('enabled',False) %}
+
{%- if controller.get('enabled') %}
+include:
+ {%- if controller.version not in ["juno", "kilo", "liberty", "mitaka", "newton"] %}
+ - apache
+ {%- endif %}
+ - nova.db.offline_sync
+ # TODO(vsaienko) we need to run online dbsync only once after upgrade
+ # Move to appropriate upgrade phase
+ - nova.db.online_sync
+ {%- if mysql_x509_ssl_enabled %}
+ - nova._ssl.mysql
+ {%- endif %}
+
{%- if grains.os_family == 'Debian' %}
debconf-set-prerequisite:
pkg.installed:
@@ -50,6 +64,9 @@
- system: True
- require_in:
- pkg: nova_controller_packages
+{%- if controller.version not in ["juno", "kilo", "liberty", "mitaka", "newton"] %}
+ - pkg: nova_placement_package
+{%- endif %}
group_nova:
group.present:
@@ -61,6 +78,85 @@
- user: user_nova
{%- endif %}
+# Only for Queens. Communication between noVNC proxy service and QEMU
+{%- if controller.version not in ['mitaka', 'newton', 'ocata', 'pike'] %}
+{%- if controller.novncproxy.vencrypt.tls.get('enabled', False) %}
+
+{%- set ca_file=controller.novncproxy.vencrypt.tls.get('ca_file') %}
+{%- set key_file=controller.novncproxy.vencrypt.tls.get('key_file') %}
+{%- set cert_file=controller.novncproxy.vencrypt.tls.get('cert_file') %}
+
+novncproxy_vencrypt_ca:
+{%- if controller.novncproxy.vencrypt.tls.cacert is defined %}
+ file.managed:
+ - name: {{ ca_file }}
+ - contents_pillar: nova:controller:novncproxy:vencrypt:tls:cacert
+ - mode: 444
+ - makedirs: true
+ - watch_in:
+ - service: nova_controller_services
+{%- else %}
+ file.exists:
+ - name: {{ ca_file }}
+{%- endif %}
+
+novncproxy_vencrypt_public_cert:
+{%- if controller.novncproxy.vencrypt.tls.cert is defined %}
+ file.managed:
+ - name: {{ cert_file }}
+ - contents_pillar: nova:controller:novncproxy:vencrypt:tls:cert
+ - mode: 440
+ - makedirs: true
+{%- else %}
+ file.exists:
+ - name: {{ cert_file }}
+{%- endif %}
+
+novncproxy_vencrypt_private_key:
+{%- if controller.novncproxy.vencrypt.tls.key is defined %}
+ file.managed:
+ - name: {{ key_file }}
+ - contents_pillar: nova:controller:novncproxy:vencrypt:tls:key
+ - mode: 400
+ - makedirs: true
+{%- else %}
+ file.exists:
+ - name: {{ key_file }}
+{%- endif %}
+{%- endif %}
+{%- endif %}
+
+{%- if controller.novncproxy.tls.get('enabled', False) %}
+{%- set key_file=controller.novncproxy.tls.server.get('key_file') %}
+{%- set cert_file=controller.novncproxy.tls.server.get('cert_file') %}
+
+novncproxy_server_public_cert:
+{%- if controller.novncproxy.tls.server.cert is defined %}
+ file.managed:
+ - name: {{ cert_file }}
+ - contents_pillar: nova:controller:novncproxy:tls:server:cert
+ - mode: 440
+ - makedirs: true
+ - watch_in:
+ - service: nova_controller_services
+{%- else %}
+ file.exists:
+ - name: {{ cert_file }}
+{%- endif %}
+
+novncproxy_server_private_key:
+{%- if controller.novncproxy.tls.server.key is defined %}
+ file.managed:
+ - name: {{ key_file }}
+ - contents_pillar: nova:controller:novncproxy:tls:server:key
+ - mode: 400
+ - makedirs: true
+{%- else %}
+ file.exists:
+ - name: {{ key_file }}
+{%- endif %}
+{%- endif %}
+
{%- if controller.get('networking', 'default') == "contrail" and controller.version == "juno" %}
contrail_nova_packages:
@@ -77,6 +173,9 @@
- template: jinja
- require:
- pkg: nova_controller_packages
+ - require_in:
+ - sls: nova.db.offline_sync
+ - sls: nova.db.online_sync
/etc/nova/api-paste.ini:
file.managed:
@@ -113,7 +212,7 @@
nova_general_logging_conf:
file.managed:
- name: /etc/nova/logging.conf
- - source: salt://nova/files/logging.conf
+ - source: salt://oslo_templates/files/logging/_logging.conf
- template: jinja
- user: nova
- group: nova
@@ -124,7 +223,7 @@
{%- endif %}
- defaults:
service_name: nova
- values: {{ controller }}
+ _data: {{ controller.logging }}
- watch_in:
- service: nova_controller_services
@@ -143,7 +242,7 @@
{{ service_name }}_logging_conf:
file.managed:
- name: /etc/nova/logging/logging-{{ service_name }}.conf
- - source: salt://nova/files/logging.conf
+ - source: salt://oslo_templates/files/logging/_logging.conf
- template: jinja
- user: nova
- group: nova
@@ -155,7 +254,7 @@
- makedirs: True
- defaults:
service_name: {{ service_name }}
- values: {{ controller }}
+ _data: {{ controller.logging }}
- watch_in:
- service: nova_controller_services
{%- if controller.version not in ["juno", "kilo", "liberty", "mitaka", "newton"] %}
@@ -182,7 +281,7 @@
{%- for name, rule in controller.get('policy', {}).iteritems() %}
{%- if rule != None %}
-rule_{{ name }}_present:
+nova_keystone_rule_{{ name }}_present:
keystone_policy.rule_present:
- path: /etc/nova/policy.json
- name: {{ name }}
@@ -195,7 +294,7 @@
{%- else %}
-rule_{{ name }}_absent:
+nova_keystone_rule_{{ name }}_absent:
keystone_policy.rule_absent:
- path: /etc/nova/policy.json
- name: {{ name }}
@@ -210,60 +309,44 @@
{%- endfor %}
{%- if controller.version not in ["juno", "kilo", "liberty", "mitaka", "newton"] %}
+{%- if controller.get('update_cells') %}
-{#- the following api_db sync --version 20 happens only if the current api_db version is < 20 #}
-
-nova_controller_api_db_sync_version_20:
- novang.api_db_version_present:
- - version: "20"
+nova_update_cell0:
+ novang.update_cell:
+ - name: "cell0"
+ - db_name: {{ controller.database.name }}_cell0
+ - db_engine: {{ controller.database.engine }}
+ - db_password: {{ controller.database.password }}
+ - db_user: {{ controller.database.user }}
+ - db_address: {{ controller.database.host }}
{%- if grains.get('noservices') %}
- onlyif: /bin/false
{%- endif %}
- - require:
- - file: /etc/nova/nova.conf
-{#- the following db sync --version 334 happens only if the current db version is < 334 #}
+{%- set rabbit_port = controller.message_queue.get('port', 5671 if controller.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
-nova_controller_db_sync_version_334:
- novang.db_version_present:
- - version: "334"
+nova_update_cell1:
+ novang.update_cell:
+ - name: "cell1"
+ - db_name: {{ controller.database.name }}
+{%- if controller.message_queue.members is defined %}
+ - transport_url = rabbit://{% for member in controller.message_queue.members -%}
+ {{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ member.host }}:{{ member.get('port', rabbit_port) }}
+ {%- if not loop.last -%},{%- endif -%}
+ {%- endfor -%}
+ /{{ controller.message_queue.virtual_host }}
+{%- else %}
+ - transport_url: rabbit://{{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ controller.message_queue.host }}:{{ rabbit_port}}/{{ controller.message_queue.virtual_host }}
+{%- endif %}
+ - db_engine: {{ controller.database.engine }}
+ - db_password: {{ controller.database.password }}
+ - db_user: {{ controller.database.user }}
+ - db_address: {{ controller.database.host }}
{%- if grains.get('noservices') %}
- onlyif: /bin/false
{%- endif %}
- - require:
- - file: /etc/nova/nova.conf
-{#- the following db online_data_migrations executes only if the current db version == 334 && api_db version == 20 #}
-
-online_data_migrations_for_apidb20_and_db334:
- novang.online_data_migrations_present:
- - api_db_version: "20"
- - db_version: "334"
- {%- if grains.get('noservices') %}
- - onlyif: /bin/false
- {%- endif %}
- - require:
- - novang: nova_controller_api_db_sync_version_20
- - novang: nova_controller_db_sync_version_334
-
-nova_controller_map_cell0:
- cmd.run:
- - name: nova-manage cell_v2 map_cell0
- {%- if grains.get('noservices') %}
- - onlyif: /bin/false
- {%- endif %}
- - require:
- - cmd: nova_controller_syncdb
-
-nova_cell1_create:
- cmd.run:
- - name: nova-manage cell_v2 create_cell --name=cell1
- {%- if grains.get('noservices') %}
- - onlyif: /bin/false
- {%- endif %}
- - unless: 'nova-manage cell_v2 list_cells | grep cell1'
- - require:
- - cmd: nova_controller_syncdb
+{%- endif %}
nova_placement_service_mask:
file.symlink:
@@ -276,8 +359,12 @@
- require:
- file: nova_placement_service_mask
-/etc/apache2/sites-available/nova-placement-api.conf:
+{#- Creation of sites using templates is deprecated, sites should be generated by apache pillar, and enabled by barbican formula #}
+{%- if pillar.get('apache', {}).get('server', {}).get('site', {}).nova_placement is not defined %}
+
+nova_placement_apache_conf_file:
file.managed:
+ - name: /etc/apache2/sites-available/nova-placement-api.conf
- source: salt://nova/files/{{ controller.version }}/nova-placement-api.conf
- template: jinja
- require:
@@ -285,20 +372,42 @@
- pkg: nova_placement_package
placement_config:
- file.symlink:
- - name: /etc/apache2/sites-enabled/nova-placement-api.conf
- - target: /etc/apache2/sites-available/nova-placement-api.conf
+ apache_site.enabled:
+ - name: nova-placement-api
+ - require:
+ - nova_placement_apache_conf_file
+
+{%- else %}
+
+nova_cleanup_configs:
+ file.absent:
+ - names:
+ - '/etc/apache2/sites-available/nova-placement-api.conf'
+ - '/etc/apache2/sites-enabled/nova-placement-api.conf'
+
+nova_placement_apache_conf_file:
+ file.exists:
+ - name: /etc/apache2/sites-available/wsgi_nova_placement.conf
+ - require:
+ - pkg: nova_placement_package
+ - nova_cleanup_configs
+
+placement_config:
+ apache_site.enabled:
+ - name: wsgi_nova_placement
+ - require:
+ - nova_placement_apache_conf_file
+
+{%- endif %}
nova_controller_discover_hosts:
cmd.run:
- - name: nova-manage cell_v2 discover_hosts
+ - name: nova-manage cell_v2 discover_hosts --verbose
{%- if grains.get('noservices') %}
- onlyif: /bin/false
{%- endif %}
- require:
- - cmd: nova_controller_map_cell0
- - cmd: nova_cell1_create
- - cmd: nova_controller_syncdb
+ - sls: nova.db.offline_sync
nova_controller_map_instances:
novang.map_instances:
@@ -312,41 +421,6 @@
{%- endif %}
-{%- if controller.version not in ["juno", "kilo", "liberty"] %}
-nova_controller_sync_apidb:
- cmd.run:
- - name: nova-manage api_db sync
- {%- if grains.get('noservices') %}
- - onlyif: /bin/false
- {%- endif %}
- - require:
- - file: /etc/nova/nova.conf
-
-{%- endif %}
-
-nova_controller_syncdb:
- cmd.run:
- - names:
- - nova-manage db sync
- {%- if grains.get('noservices') %}
- - onlyif: /bin/false
- {%- endif %}
- - require:
- - file: /etc/nova/nova.conf
-
-{%- if controller.version not in ["juno", "kilo", "liberty"] %}
-
-nova_controller_online_data_migrations:
- cmd.run:
- - name: nova-manage db online_data_migrations
- {%- if grains.get('noservices') %}
- - onlyif: /bin/false
- {%- endif %}
- - require:
- - cmd: nova_controller_syncdb
-
-{%- endif %}
-
{%- if controller.version not in ["juno", "kilo", "liberty", "mitaka", "newton"] %}
nova_apache_restart:
@@ -357,17 +431,17 @@
- onlyif: /bin/false
{%- endif %}
- require:
- - cmd: nova_controller_syncdb
+ - sls: nova.db.offline_sync
+ {%- if mysql_x509_ssl_enabled %}
+ - sls: nova._ssl.mysql
+ {%- endif %}
- watch:
- file: /etc/nova/nova.conf
- file: /etc/nova/api-paste.ini
- - file: /etc/apache2/sites-available/nova-placement-api.conf
- {%- if controller.database.get('ssl',{}).get('enabled',False) %}
- - file: mysql_ca_nova_controller
- {% endif %}
+ - nova_placement_apache_conf_file
+ - placement_config
{%- endif %}
-
nova_controller_services:
service.running:
- enable: true
@@ -376,16 +450,18 @@
- onlyif: /bin/false
{%- endif %}
- require:
- - cmd: nova_controller_syncdb
+ - sls: nova.db.offline_sync
+ - require_in:
+ - sls: nova.db.online_sync
+ {%- if mysql_x509_ssl_enabled %}
+ - sls: nova._ssl.mysql
+ {%- endif %}
- watch:
- file: /etc/nova/nova.conf
- file: /etc/nova/api-paste.ini
{%- if controller.message_queue.get('ssl',{}).get('enabled',False) %}
- file: rabbitmq_ca_nova_controller
{%- endif %}
- {%- if controller.database.get('ssl',{}).get('enabled',False) %}
- - file: mysql_ca_nova_controller
- {% endif %}
{%- if grains.get('virtual_subtype', None) == "Docker" %}
@@ -398,22 +474,4 @@
{%- endif %}
-{%- if controller.database.get('ssl',{}).get('enabled',False) %}
-mysql_ca_nova_controller:
-{%- if controller.database.ssl.cacert is defined %}
- file.managed:
- - name: {{ controller.database.ssl.cacert_file }}
- - contents_pillar: nova:controller:database:ssl:cacert
- - mode: 0444
- - makedirs: true
- - require_in:
- - file: /etc/nova/nova.conf
-{%- else %}
- file.exists:
- - name: {{ controller.database.ssl.get('cacert_file', controller.cacert_file) }}
- - require_in:
- - file: /etc/nova/nova.conf
-{%- endif %}
-{%- endif %}
-
{%- endif %}
diff --git a/nova/db/offline_sync.sls b/nova/db/offline_sync.sls
new file mode 100644
index 0000000..724ce2d
--- /dev/null
+++ b/nova/db/offline_sync.sls
@@ -0,0 +1,45 @@
+{% from "nova/map.jinja" import controller with context %}
+
+{%- if controller.version not in ["juno", "kilo", "liberty"] %}
+nova_controller_sync_apidb:
+ cmd.run:
+ - name: nova-manage api_db sync
+ {%- if grains.get('noservices') or controller.get('role', 'primary') == 'secondary' %}
+ - onlyif: /bin/false
+ {%- endif %}
+ - require_in:
+ - nova_controller_syncdb
+
+{%- endif %}
+
+{%- if controller.version not in ["juno", "kilo", "liberty", "mitaka", "newton"] %}
+
+nova_controller_map_cell0:
+ cmd.run:
+ - name: nova-manage cell_v2 map_cell0
+ {%- if grains.get('noservices') %}
+ - onlyif: /bin/false
+ {%- endif %}
+ - require:
+ - nova_controller_sync_apidb
+
+nova_cell1_create:
+ cmd.run:
+ - name: nova-manage cell_v2 create_cell --name=cell1 --verbose
+ {%- if grains.get('noservices') %}
+ - onlyif: /bin/false
+ {%- endif %}
+ - unless: 'nova-manage cell_v2 list_cells | grep cell1'
+ - require:
+ - nova_controller_map_cell0
+ - require_in:
+ - nova_controller_syncdb
+
+{%- endif %}
+
+nova_controller_syncdb:
+ cmd.run:
+ - name: nova-manage db sync
+ {%- if grains.get('noservices') or controller.get('role', 'primary') == 'secondary' %}
+ - onlyif: /bin/false
+ {%- endif %}
diff --git a/nova/db/online_sync.sls b/nova/db/online_sync.sls
new file mode 100644
index 0000000..7c13c52
--- /dev/null
+++ b/nova/db/online_sync.sls
@@ -0,0 +1,11 @@
+{% from "nova/map.jinja" import controller with context %}
+
+{%- set should_run = '/bin/false' %}
+{%- if not grains.get('noservices') and controller.version not in ["juno", "kilo", "liberty"] and controller.get('role', 'primary') == 'primary' %}
+{%- set should_run = '/bin/true' %}
+{%- endif %}
+
+nova_controller_online_data_migrations:
+ cmd.run:
+ - name: nova-manage db online_data_migrations
+ - onlyif: {{ should_run }}
diff --git a/nova/files/default b/nova/files/default
index 815ede9..be934df 100644
--- a/nova/files/default
+++ b/nova/files/default
@@ -1,4 +1,4 @@
# Generated by Salt.
{% if values.logging.log_appender %}
-DAEMON_ARGS="--log-config-append=/etc/nova/logging/logging-{{ service_name }}.conf"
+DAEMON_ARGS="${DAEMON_ARGS} --log-config-append=/etc/nova/logging/logging-{{ service_name }}.conf"
{% endif %}
diff --git a/nova/files/grafana_dashboards/hypervisor_prometheus.json b/nova/files/grafana_dashboards/hypervisor_prometheus.json
index f564bd9..7465b00 100644
--- a/nova/files/grafana_dashboards/hypervisor_prometheus.json
+++ b/nova/files/grafana_dashboards/hypervisor_prometheus.json
@@ -1106,7 +1106,8 @@
"style": "dark",
"tags": [
"hypervisor",
- "nova"
+ "nova",
+ "openstack"
],
"templating": {
"list": [
diff --git a/nova/files/grafana_dashboards/nova_hypervisor_prometheus.json b/nova/files/grafana_dashboards/nova_hypervisor_prometheus.json
new file mode 100644
index 0000000..9e5ab5d
--- /dev/null
+++ b/nova/files/grafana_dashboards/nova_hypervisor_prometheus.json
@@ -0,0 +1,414 @@
+{%- raw %}
+{
+ "annotations": {
+ "list": [
+ {
+ "$$hashKey": "object:40272",
+ "builtIn": 1,
+ "datasource": "prometheus",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "limit": 100,
+ "name": "Annotations & Alerts",
+ "showIn": 0,
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "id": null,
+ "iteration": 1529672421700,
+ "links": [],
+ "panels": [
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "id": 4,
+ "panels": [],
+ "title": "CPU Usage",
+ "type": "row"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": true,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "decimals": 1,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 24,
+ "x": 0,
+ "y": 1
+ },
+ "id": 2,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 3,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "repeat": "host",
+ "repeatDirection": "h",
+ "scopedVars": {
+ "host": {
+ "$$hashKey": "object:40285",
+ "selected": true,
+ "text": "cmp002",
+ "value": "cmp002"
+ }
+ },
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "scalar(system_load15{host=\"$host\"}) / max(openstack_nova_vcpus{hostname=\"$host\"})",
+ "format": "time_series",
+ "instant": false,
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.85,0.95",
+ "title": "$host",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 4
+ },
+ "id": 81,
+ "panels": [],
+ "title": "RAM Usage",
+ "type": "row"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": true,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "decimals": 1,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 24,
+ "x": 0,
+ "y": 5
+ },
+ "id": 82,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 3,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "repeat": "host",
+ "repeatDirection": "h",
+ "scopedVars": {
+ "host": {
+ "$$hashKey": "object:40285",
+ "selected": true,
+ "text": "cmp002",
+ "value": "cmp002"
+ }
+ },
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_nova_used_ram{hostname=\"$host\"} / openstack_nova_ram{hostname=\"$host\"})",
+ "format": "time_series",
+ "instant": false,
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.85,0.95",
+ "title": "$host",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 8
+ },
+ "id": 234,
+ "panels": [],
+ "title": "Disk Usage",
+ "type": "row"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": true,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "decimals": 1,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 24,
+ "x": 0,
+ "y": 9
+ },
+ "id": 235,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 3,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "repeat": "host",
+ "repeatDirection": "h",
+ "scopedVars": {
+ "host": {
+ "$$hashKey": "object:40285",
+ "selected": true,
+ "text": "cmp002",
+ "value": "cmp002"
+ }
+ },
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_nova_used_disk{hostname=\"$host\"} / openstack_nova_disk{hostname=\"$host\"})",
+ "format": "time_series",
+ "instant": false,
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.85,0.95",
+ "title": "$host",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ }
+ ],
+ "refresh": "1m",
+ "schemaVersion": 16,
+ "style": "dark",
+ "tags": [
+ "openstack"
+ ],
+ "templating": {
+ "list": [
+ {
+ "allValue": null,
+ "current": {
+ "text": "cmp002",
+ "value": [
+ "cmp002"
+ ]
+ },
+ "datasource": "prometheus",
+ "hide": 0,
+ "includeAll": true,
+ "label": null,
+ "multi": true,
+ "name": "host",
+ "options": [],
+ "query": "label_values(openstack_nova_running_instances,hostname)",
+ "refresh": 1,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "",
+ "title": "Nova - Hypervisor Overview",
+ "uid": null,
+ "version": 1
+}
+{%- endraw %}
diff --git a/nova/files/grafana_dashboards/nova_instances_prometheus.json b/nova/files/grafana_dashboards/nova_instances_prometheus.json
new file mode 100644
index 0000000..f98b327
--- /dev/null
+++ b/nova/files/grafana_dashboards/nova_instances_prometheus.json
@@ -0,0 +1,1104 @@
+{%- raw %}
+{
+ "annotations": {
+ "list": [
+ {
+ "$$hashKey": "object:35259",
+ "builtIn": 1,
+ "datasource": "prometheus",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "limit": 100,
+ "name": "Annotations & Alerts",
+ "showIn": 0,
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "id": null,
+ "iteration": 1529671515947,
+ "links": [],
+ "panels": [
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "id": 2,
+ "panels": [],
+ "repeat": null,
+ "title": "Host Utilization",
+ "type": "row"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": true,
+ "colorValue": false,
+ "colors": [
+ "#d44a3a",
+ "rgba(237, 129, 40, 0.89)",
+ "#299c46"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 3,
+ "x": 0,
+ "y": 1
+ },
+ "id": 12,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "libvirt_up{host=\"$host\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.5,0.5",
+ "title": "Libvirt Exporter",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ },
+ {
+ "op": "=",
+ "text": "FAIL",
+ "value": "0"
+ },
+ {
+ "op": "=",
+ "text": "OK",
+ "value": "1"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 3,
+ "x": 3,
+ "y": 1
+ },
+ "id": 17,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_nova_running_instances{hostname=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "title": "Running Instances",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 3,
+ "x": 6,
+ "y": 1
+ },
+ "id": 14,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_nova_running_tasks{hostname=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "title": "Running Tasks",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 9,
+ "y": 1
+ },
+ "id": 6,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "scalar(system_load15{host=\"$host\"}) / max(openstack_nova_vcpus{hostname=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.85,0.95",
+ "title": "CPU Usage",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 14,
+ "y": 1
+ },
+ "id": 8,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_nova_used_ram{hostname=\"$host\"} / openstack_nova_ram{hostname=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.85,0.95",
+ "title": "RAM Usage",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 19,
+ "y": 1
+ },
+ "id": 10,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_nova_used_disk{hostname=\"$host\"} / openstack_nova_disk{hostname=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.85,0.95",
+ "title": "Disk Usage",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 6
+ },
+ "id": 16,
+ "panels": [],
+ "repeat": "instance",
+ "scopedVars": {
+ "instance": {
+ "$$hashKey": "object:35480",
+ "selected": true,
+ "text": "instance-000146ee",
+ "value": "instance-000146ee"
+ }
+ },
+ "title": "Instance Utilization @$instance",
+ "type": "row"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 5,
+ "w": 12,
+ "x": 0,
+ "y": 7
+ },
+ "id": 19,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "hideEmpty": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "scopedVars": {
+ "instance": {
+ "$$hashKey": "object:35480",
+ "selected": true,
+ "text": "instance-000146ee",
+ "value": "instance-000146ee"
+ }
+ },
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(libvirt_domain_info_cpu_time_seconds_total{host=~\"$host\",domain=~\"$instance\"}[$rate_interval])",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "usage",
+ "refId": "C"
+ },
+ {
+ "expr": "libvirt_domain_info_virtual_cpus{host=~\"$host\",domain=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "total",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "decimals": null,
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 5,
+ "w": 12,
+ "x": 12,
+ "y": 7
+ },
+ "id": 24,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "scopedVars": {
+ "instance": {
+ "$$hashKey": "object:35480",
+ "selected": true,
+ "text": "instance-000146ee",
+ "value": "instance-000146ee"
+ }
+ },
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "libvirt_domain_info_memory_usage_bytes{host=~\"$host\",domain=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "usage",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Usage",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "decbytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 5,
+ "w": 12,
+ "x": 0,
+ "y": 12
+ },
+ "id": 20,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": false,
+ "hideEmpty": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "scopedVars": {
+ "instance": {
+ "$$hashKey": "object:35480",
+ "selected": true,
+ "text": "instance-000146ee",
+ "value": "instance-000146ee"
+ }
+ },
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(libvirt_domain_block_stats_read_bytes_total{host=~\"$host\",domain=~\"$instance\"}[$rate_interval]))",
+ "format": "time_series",
+ "instant": false,
+ "intervalFactor": 2,
+ "legendFormat": "read",
+ "refId": "A"
+ },
+ {
+ "expr": "sum(rate(libvirt_domain_block_stats_write_bytes_total{host=~\"$host\",domain=~\"$instance\"}[$rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "write",
+ "refId": "C"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Disks I/O",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 5,
+ "w": 12,
+ "x": 12,
+ "y": 12
+ },
+ "id": 22,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": false,
+ "hideEmpty": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "scopedVars": {
+ "instance": {
+ "$$hashKey": "object:35480",
+ "selected": true,
+ "text": "instance-000146ee",
+ "value": "instance-000146ee"
+ }
+ },
+ "seriesOverrides": [
+ {
+ "alias": "/tx.*/",
+ "transform": "negative-Y"
+ }
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(libvirt_domain_interface_stats_receive_bytes_total{host=~\"$host\",domain=~\"$instance\"}[$rate_interval]))",
+ "format": "time_series",
+ "instant": false,
+ "intervalFactor": 2,
+ "legendFormat": "rx",
+ "refId": "A"
+ },
+ {
+ "expr": "sum(rate(libvirt_domain_interface_stats_transmit_bytes_total{host=~\"$host\",domain=~\"$instance\"}[$rate_interval]))",
+ "format": "time_series",
+ "instant": false,
+ "intervalFactor": 2,
+ "legendFormat": "tx",
+ "refId": "C"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Network RX/TX",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ }
+ ],
+ "refresh": "1m",
+ "schemaVersion": 16,
+ "style": "dark",
+ "tags": [
+ "openstack"
+ ],
+ "templating": {
+ "list": [
+ {
+ "allValue": null,
+ "current": {
+ "tags": [],
+ "text": "cmp002",
+ "value": "cmp002"
+ },
+ "datasource": "prometheus",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "host",
+ "options": [],
+ "query": "label_values(libvirt_up,host)",
+ "refresh": 1,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+ "tags": [],
+ "text": "instance-000146ee",
+ "value": [
+ "instance-000146ee"
+ ]
+ },
+ "datasource": "prometheus",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": true,
+ "name": "instance",
+ "options": [],
+ "query": "label_values(libvirt_domain_info_virtual_cpus{host=~\"$host\"},domain)",
+ "refresh": 1,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+ "tags": [],
+ "text": "3m",
+ "value": "3m"
+ },
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "rate_interval",
+ "options": [
+ {
+ "selected": false,
+ "text": "1m",
+ "value": "1m"
+ },
+ {
+ "selected": true,
+ "text": "3m",
+ "value": "3m"
+ },
+ {
+ "selected": false,
+ "text": "5m",
+ "value": "5m"
+ },
+ {
+ "selected": false,
+ "text": "10m",
+ "value": "10m"
+ },
+ {
+ "selected": false,
+ "text": "15m",
+ "value": "15m"
+ }
+ ],
+ "query": "1m,3m,5m,10m,15m",
+ "type": "custom"
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "",
+ "title": "Nova - Instances",
+ "uid": null,
+ "version": 1
+}
+{%- endraw %}
diff --git a/nova/files/grafana_dashboards/nova_overview_prometheus.json b/nova/files/grafana_dashboards/nova_overview_prometheus.json
new file mode 100644
index 0000000..fbde0bd
--- /dev/null
+++ b/nova/files/grafana_dashboards/nova_overview_prometheus.json
@@ -0,0 +1,1583 @@
+{%- if parameters is defined and parameters.get('nova_cert_enabled', False) == True %}
+ {%- set service_width = 6 %}
+{%- else %}
+ {%- set service_width = 8 %}
+{%- endif %}
+{%- raw %}
+{
+ "annotations": {
+ "list": [
+ {
+ "$$hashKey": "object:40940",
+ "builtIn": 1,
+ "datasource": "prometheus",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "limit": 100,
+ "name": "Annotations & Alerts",
+ "showIn": 0,
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "id": null,
+ "iteration": 1529672527796,
+ "links": [],
+ "panels": [
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "id": 6,
+ "panels": [],
+ "title": "Cluster Status",
+ "type": "row"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": true,
+ "colors": [
+ "#d44a3a",
+ "rgba(237, 129, 40, 0.89)",
+ "#299c46"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 0,
+ "y": 1
+ },
+ "id": 9,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "80%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "min(openstack_api_check_status{name=\"nova\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.5,0.5",
+ "title": "VIP API availability",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ },
+ {
+ "op": "=",
+ "text": "FAIL",
+ "value": "0"
+ },
+ {
+ "op": "=",
+ "text": "OK",
+ "value": "1"
+ }
+ ],
+ "valueName": "avg"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": true,
+ "colors": [
+ "#d44a3a",
+ "rgba(237, 129, 40, 0.89)",
+ "#299c46"
+ ],
+ "datasource": null,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 4,
+ "y": 1
+ },
+ "id": 8,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": " Up",
+ "postfixFontSize": "80%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "sum(http_response_status{service=\"nova-api\"}) / count(http_response_status{service=\"nova-api\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.3,0.6",
+ "title": "Hosts APIs availability",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "avg"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#d44a3a",
+ "rgba(237, 129, 40, 0.89)",
+ "#299c46"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 4,
+ "x": 8,
+ "y": 1
+ },
+ "id": 14,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "80%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "min(haproxy_active_servers{proxy=~\"nova.api\", sv=\"BACKEND\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.35,0.7",
+ "title": "Haproxy Nova API backends",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "avg"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 5,
+ "w": 12,
+ "x": 12,
+ "y": 1
+ },
+ "id": 26,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "hideEmpty": false,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "$$hashKey": "object:41038",
+ "expr": "max(openstack_nova_instances) by (state)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{ state }}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Instances",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 6
+ },
+ "id": 31,
+ "panels": [],
+ "title": "Host API Status",
+ "type": "row"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": true,
+ "colorValue": false,
+ "colors": [
+ "#d44a3a",
+ "rgba(237, 129, 40, 0.89)",
+ "#299c46"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 8,
+ "x": 0,
+ "y": 7
+ },
+ "id": 33,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "repeat": "host",
+ "repeatDirection": "h",
+ "scopedVars": {
+ "host": {
+ "selected": false,
+ "text": "ctl01",
+ "value": "ctl01"
+ }
+ },
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "http_response_status{host=~\"$host\",name=\"nova-api\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.5,0.5",
+ "title": "Nova@$host",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ },
+ {
+ "op": "=",
+ "text": "FAIL",
+ "value": "0"
+ },
+ {
+ "op": "=",
+ "text": "OK",
+ "value": "1"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": true,
+ "colorValue": false,
+ "colors": [
+ "#d44a3a",
+ "rgba(237, 129, 40, 0.89)",
+ "#299c46"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 8,
+ "x": 8,
+ "y": 7
+ },
+ "id": 34,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "repeat": null,
+ "repeatDirection": "h",
+ "repeatIteration": 1529672527796,
+ "repeatPanelId": 33,
+ "scopedVars": {
+ "host": {
+ "selected": false,
+ "text": "ctl02",
+ "value": "ctl02"
+ }
+ },
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "http_response_status{host=~\"$host\",name=\"nova-api\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.5,0.5",
+ "title": "Nova@$host",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ },
+ {
+ "op": "=",
+ "text": "FAIL",
+ "value": "0"
+ },
+ {
+ "op": "=",
+ "text": "OK",
+ "value": "1"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": true,
+ "colorValue": false,
+ "colors": [
+ "#d44a3a",
+ "rgba(237, 129, 40, 0.89)",
+ "#299c46"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 8,
+ "x": 16,
+ "y": 7
+ },
+ "id": 35,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "repeat": null,
+ "repeatDirection": "h",
+ "repeatIteration": 1529672527796,
+ "repeatPanelId": 33,
+ "scopedVars": {
+ "host": {
+ "selected": false,
+ "text": "ctl03",
+ "value": "ctl03"
+ }
+ },
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "http_response_status{host=~\"$host\",name=\"nova-api\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.5,0.5",
+ "title": "Nova@$host",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ },
+ {
+ "op": "=",
+ "text": "FAIL",
+ "value": "0"
+ },
+ {
+ "op": "=",
+ "text": "OK",
+ "value": "1"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 10
+ },
+ "id": 13,
+ "panels": [],
+ "repeat": null,
+ "title": "API Performance",
+ "type": "row"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "decimals": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 5,
+ "w": 12,
+ "x": 0,
+ "y": 11
+ },
+ "hideTimeOverride": false,
+ "id": 16,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "hideEmpty": false,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "minSpan": null,
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "repeatDirection": "v",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(openstack_http_response_times_count{service=\"nova\",host=~\"$host\"}[$rate_interval])) by (http_status)",
+ "format": "time_series",
+ "hide": false,
+ "intervalFactor": 2,
+ "legendFormat": "{{ http_status }}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Throughput@$host",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "transparent": false,
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "decimals": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 5,
+ "w": 12,
+ "x": 12,
+ "y": 11
+ },
+ "id": 17,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "hideEmpty": false,
+ "hideZero": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "repeatDirection": "v",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "avg(openstack_http_response_times{service='nova',quantile=\"0.9\",host=~\"^$host$\",http_status=~\"2..\"}) by (http_method)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{http_method}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Latency@$host",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 16
+ },
+ "id": 11,
+ "panels": [],
+ "title": "Nova Services",
+ "type": "row"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 4,
+ "gridPos": {
+ "h": 5,
+ "w": {% endraw %}{{ service_width }}{% raw %},
+ "x": {% endraw %}{{ service_width * 0 }}{% raw %},
+ "y": 17
+ },
+ "id": 27,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "hideEmpty": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeatDirection": "h",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "max(count(openstack_nova_service_state{binary=\"nova-conductor\"} == 1 and openstack_nova_service_status{binary=\"nova-conductor\"} == 1) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "enabled/up",
+ "refId": "A"
+ },
+ {
+ "expr": "max(count(openstack_nova_service_state{binary=\"nova-conductor\"} == 1 and openstack_nova_service_status{binary=\"nova-conductor\"} == 0) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "enabled/down",
+ "refId": "B"
+ },
+ {
+ "expr": "max(count(openstack_nova_service_state{binary=\"nova-conductor\"} == 0 and openstack_nova_service_status{binary=\"nova-conductor\"} == 1) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "disabled/up",
+ "refId": "C"
+ },
+ {
+ "expr": "max(count(openstack_nova_service_state{binary=\"nova-conductor\"} == 0 and openstack_nova_service_status{binary=\"nova-conductor\"} == 0) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "disabled/down",
+ "refId": "D"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Nova Conductor",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "transparent": false,
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 4,
+ "gridPos": {
+ "h": 5,
+ "w": {% endraw %}{{ service_width }}{% raw %},
+ "x": {% endraw %}{{ service_width * 1 }}{% raw %},
+ "y": 17
+ },
+ "id": 28,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "hideEmpty": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeatDirection": "h",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "max(count(openstack_nova_service_state{binary=\"nova-consoleauth\"} == 1 and openstack_nova_service_status{binary=\"nova-consoleauth\"} == 1) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "enabled/up",
+ "refId": "A"
+ },
+ {
+ "expr": "max(count(openstack_nova_service_state{binary=\"nova-consoleauth\"} == 1 and openstack_nova_service_status{binary=\"nova-consoleauth\"} == 0) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "enabled/down",
+ "refId": "B"
+ },
+ {
+ "expr": "max(count(openstack_nova_service_state{binary=\"nova-consoleauth\"} == 0 and openstack_nova_service_status{binary=\"nova-consoleauth\"} == 1) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "disabled/up",
+ "refId": "C"
+ },
+ {
+ "expr": "max(count(openstack_nova_service_state{binary=\"nova-consoleauth\"} == 0 and openstack_nova_service_status{binary=\"nova-consoleauth\"} == 0) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "disabled/down",
+ "refId": "D"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Nova Consoleauth",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "transparent": false,
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 4,
+ "gridPos": {
+ "h": 5,
+ "w": {% endraw %}{{ service_width }}{% raw %},
+ "x": {% endraw %}{{ service_width * 2 }}{% raw %},
+ "y": 17
+ },
+ "id": 29,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "hideEmpty": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeatDirection": "h",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "max(count(openstack_nova_service_state{binary=\"nova-scheduler\"} == 1 and openstack_nova_service_status{binary=\"nova-scheduler\"} == 1) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "enabled/up",
+ "refId": "A"
+ },
+ {
+ "expr": "max(count(openstack_nova_service_state{binary=\"nova-scheduler\"} == 1 and openstack_nova_service_status{binary=\"nova-scheduler\"} == 0) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "enabled/down",
+ "refId": "B"
+ },
+ {
+ "expr": "max(count(openstack_nova_service_state{binary=\"nova-scheduler\"} == 0 and openstack_nova_service_status{binary=\"nova-scheduler\"} == 1) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "disabled/up",
+ "refId": "C"
+ },
+ {
+ "expr": "max(count(openstack_nova_service_state{binary=\"nova-scheduler\"} == 0 and openstack_nova_service_status{binary=\"nova-scheduler\"} == 0) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "disabled/down",
+ "refId": "D"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Nova Scheduler",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "transparent": false,
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+{%- endraw %}
+{%- if parameters is defined and parameters.get('nova_cert_enabled', False) == True %}
+{%- set service_width = 6 %}
+{%- raw %}
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 4,
+ "gridPos": {
+ "h": 5,
+ "w": {% endraw %}{{ service_width }}{% raw %},
+ "x": {% endraw %}{{ service_width * 3 }}{% raw %},
+ "y": 17
+ },
+ "id": 19,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "hideEmpty": false,
+ "hideZero": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "repeatDirection": "h",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "max(count(openstack_nova_service_state{binary=\"nova-cert\"} == 1 and openstack_nova_service_status{binary=\"nova-cert\"} == 1) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "enabled/up",
+ "refId": "A"
+ },
+ {
+ "expr": "max(count(openstack_nova_service_state{binary=\"nova-cert\"} == 1 and openstack_nova_service_status{binary=\"nova-cert\"} == 0) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "enabled/down",
+ "refId": "B"
+ },
+ {
+ "expr": "max(count(openstack_nova_service_state{binary=\"nova-cert\"} == 0 and openstack_nova_service_status{binary=\"nova-cert\"} == 1) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "disabled/up",
+ "refId": "C"
+ },
+ {
+ "expr": "max(count(openstack_nova_service_state{binary=\"nova-cert\"} == 0 and openstack_nova_service_status{binary=\"nova-cert\"} == 0) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "disabled/down",
+ "refId": "D"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Nova Cert",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "transparent": false,
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+{%- endraw %}
+{%- endif %}
+{%- raw %}
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 4,
+ "gridPos": {
+ "h": 5,
+ "w": 24,
+ "x": 0,
+ "y": 22
+ },
+ "id": 23,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "hideEmpty": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "repeatDirection": "h",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "max(count(openstack_nova_service_state{service=\"nova-compute\"} == 1 and openstack_nova_service_status{service=\"nova-compute\"} == 1) by (instance))",
+ "format": "time_series",
+ "instant": false,
+ "intervalFactor": 2,
+ "legendFormat": "enabled/up",
+ "refId": "A"
+ },
+ {
+ "expr": "max(count(openstack_nova_service_state{service=\"nova-compute\"} == 1 and openstack_nova_service_status{service=\"nova-compute\"} == 0) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "enabled/down",
+ "refId": "B"
+ },
+ {
+ "expr": "max(count(openstack_nova_service_state{service=\"nova-compute\"} == 0 and openstack_nova_service_status{service=\"nova-compute\"} == 1) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "disabled/up",
+ "refId": "C"
+ },
+ {
+ "expr": "max(count(openstack_nova_service_state{service=\"nova-compute\"} == 0 and openstack_nova_service_status{service=\"nova-compute\"} == 0) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "disabled/down",
+ "refId": "D"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Nova Compute",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ }
+ ],
+ "refresh": "1m",
+ "schemaVersion": 16,
+ "style": "dark",
+ "tags": [
+ "openstack"
+ ],
+ "templating": {
+ "list": [
+ {
+ "allValue": null,
+ "current": {
+ "text": "All",
+ "value": [
+ "$__all"
+ ]
+ },
+ "datasource": "prometheus",
+ "hide": 0,
+ "includeAll": true,
+ "label": null,
+ "multi": true,
+ "name": "host",
+ "options": [],
+ "query": "label_values(openstack_http_response_times{service=\"nova\"},host)",
+ "refresh": 1,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+ "tags": [],
+ "text": "3m",
+ "value": "3m"
+ },
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "rate_interval",
+ "options": [
+ {
+ "selected": false,
+ "text": "1m",
+ "value": "1m"
+ },
+ {
+ "selected": true,
+ "text": "3m",
+ "value": "3m"
+ },
+ {
+ "selected": false,
+ "text": "5m",
+ "value": "5m"
+ },
+ {
+ "selected": false,
+ "text": "10m",
+ "value": "10m"
+ },
+ {
+ "selected": false,
+ "text": "15m",
+ "value": "15m"
+ }
+ ],
+ "query": "1m,3m,5m,10m,15m",
+ "type": "custom"
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "",
+ "title": "Nova - Overview",
+ "uid": null,
+ "version": 1
+}
+{%- endraw %}
diff --git a/nova/files/grafana_dashboards/nova_prometheus.json b/nova/files/grafana_dashboards/nova_prometheus.json
index 2e6a249..8ec0841 100644
--- a/nova/files/grafana_dashboards/nova_prometheus.json
+++ b/nova/files/grafana_dashboards/nova_prometheus.json
@@ -591,7 +591,7 @@
},
{
"collapse": false,
- "height": "250px",
+ "height": 220,
"panels": [
{
"content": "<br />\n<h3 align=\"center\"> Compute nodes </h3>",
@@ -623,6 +623,83 @@
"thresholdLabels": false,
"thresholdMarkers": true
},
+ "id": 52,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 1,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.compute\"} == 1 and openstack_nova_service_state{service=~\"nova.compute\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.compute\"} == 1 and openstack_nova_service_state{service=~\"nova.compute\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "En/Up",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(71, 212, 59, 0.4)",
+ "rgba(245, 150, 40, 0.73)",
+ "rgba(225, 40, 40, 0.59)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
"id": 9,
"interval": null,
"links": [],
@@ -656,11 +733,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.compute\", state=\"disabled\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.compute\"} == 1 and openstack_nova_service_state{service=~\"nova.compute\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.compute\"} == 1 and openstack_nova_service_state{service=~\"nova.compute\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -669,7 +747,7 @@
}
],
"thresholds": "",
- "title": "Disabled",
+ "title": "En/Down",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -732,11 +810,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.compute\", state=\"up\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.compute\"} == 0 and openstack_nova_service_state{service=~\"nova.compute\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.compute\"} == 0 and openstack_nova_service_state{service=~\"nova.compute\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -745,7 +824,7 @@
}
],
"thresholds": "",
- "title": "Up",
+ "title": "Dis/Up",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -808,11 +887,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.compute\", state=\"down\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.compute\"} == 0 and openstack_nova_service_state{service=~\"nova.compute\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.compute\"} == 0 and openstack_nova_service_state{service=~\"nova.compute\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -821,7 +901,7 @@
}
],
"thresholds": "",
- "title": "Down",
+ "title": "Dis/Down",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -861,17 +941,41 @@
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
- "span": 7,
+ "span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.compute\"}) by (state)",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.compute\"} == 1 and openstack_nova_service_state{service=~\"nova.compute\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.compute\"} == 1 and openstack_nova_service_state{service=~\"nova.compute\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
- "legendFormat": "{{ state }}",
+ "legendFormat": "en/up",
"refId": "A",
- "step": 4
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.compute\"} == 1 and openstack_nova_service_state{service=~\"nova.compute\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.compute\"} == 1 and openstack_nova_service_state{service=~\"nova.compute\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "en/down",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.compute\"} == 0 and openstack_nova_service_state{service=~\"nova.compute\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.compute\"} == 0 and openstack_nova_service_state{service=~\"nova.compute\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/up",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.compute\"} == 0 and openstack_nova_service_state{service=~\"nova.compute\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.compute\"} == 0 and openstack_nova_service_state{service=~\"nova.compute\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/down",
+ "refId": "D",
+ "step": 10
}
],
"thresholds": [],
@@ -940,6 +1044,83 @@
"thresholdLabels": false,
"thresholdMarkers": true
},
+ "id": 53,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 1,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.scheduler\"} == 1 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.scheduler\"} == 1 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "En/Up",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(71, 212, 59, 0.4)",
+ "rgba(245, 150, 40, 0.73)",
+ "rgba(225, 40, 40, 0.59)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
"id": 14,
"interval": null,
"links": [],
@@ -973,11 +1154,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.scheduler\", state=\"disabled\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.scheduler\"} == 1 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.scheduler\"} == 1 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -986,7 +1168,7 @@
}
],
"thresholds": "",
- "title": "Disabled",
+ "title": "En/Down",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -1049,11 +1231,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.scheduler\", state=\"up\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.scheduler\"} == 0 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.scheduler\"} == 0 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -1062,7 +1245,7 @@
}
],
"thresholds": "",
- "title": "Up",
+ "title": "Dis/Up",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -1125,11 +1308,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.scheduler\", state=\"down\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.scheduler\"} == 0 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.scheduler\"} == 0 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -1138,7 +1322,7 @@
}
],
"thresholds": "",
- "title": "Down",
+ "title": "Dis/Down",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -1178,17 +1362,41 @@
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
- "span": 7,
+ "span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.scheduler\"}) by (state)",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.scheduler\"} == 1 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.scheduler\"} == 1 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
- "legendFormat": "{{ state }}",
+ "legendFormat": "en/up",
"refId": "A",
- "step": 4
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.scheduler\"} == 1 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.scheduler\"} == 1 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "en/down",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.scheduler\"} == 0 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.scheduler\"} == 0 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/up",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.scheduler\"} == 0 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.scheduler\"} == 0 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/down",
+ "refId": "D",
+ "step": 10
}
],
"thresholds": [],
@@ -1290,11 +1498,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.conductor\", state=\"disabled\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.conductor\"} == 1 and openstack_nova_service_state{service=~\"nova.conductor\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.conductor\"} == 1 and openstack_nova_service_state{service=~\"nova.conductor\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -1303,7 +1512,7 @@
}
],
"thresholds": "",
- "title": "Disabled",
+ "title": "En/Up",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -1366,11 +1575,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.conductor\", state=\"up\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.conductor\"} == 1 and openstack_nova_service_state{service=~\"nova.conductor\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.conductor\"} == 1 and openstack_nova_service_state{service=~\"nova.conductor\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -1379,7 +1589,84 @@
}
],
"thresholds": "",
- "title": "Up",
+ "title": "En/Down",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(71, 212, 59, 0.4)",
+ "rgba(245, 150, 40, 0.73)",
+ "rgba(225, 40, 40, 0.59)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 54,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 1,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.conductor\"} == 0 and openstack_nova_service_state{service=~\"nova.conductor\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.conductor\"} == 0 and openstack_nova_service_state{service=~\"nova.conductor\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Dis/Up",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -1442,11 +1729,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.conductor\", state=\"down\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.conductor\"} == 0 and openstack_nova_service_state{service=~\"nova.conductor\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.conductor\"} == 0 and openstack_nova_service_state{service=~\"nova.conductor\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -1455,7 +1743,7 @@
}
],
"thresholds": "",
- "title": "Down",
+ "title": "Dis/Down",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -1495,17 +1783,41 @@
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
- "span": 7,
+ "span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.conductor\"}) by (state)",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.conductor\"} == 1 and openstack_nova_service_state{service=~\"nova.conductor\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.conductor\"} == 1 and openstack_nova_service_state{service=~\"nova.conductor\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
- "legendFormat": "{{ state }}",
+ "legendFormat": "en/up",
"refId": "A",
- "step": 4
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.conductor\"} == 1 and openstack_nova_service_state{service=~\"nova.conductor\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.conductor\"} == 1 and openstack_nova_service_state{service=~\"nova.conductor\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "en/down",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.conductor\"} == 0 and openstack_nova_service_state{service=~\"nova.conductor\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.conductor\"} == 0 and openstack_nova_service_state{service=~\"nova.conductor\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/up",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.conductor\"} == 0 and openstack_nova_service_state{service=~\"nova.conductor\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.conductor\"} == 0 and openstack_nova_service_state{service=~\"nova.conductor\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/down",
+ "refId": "D",
+ "step": 10
}
],
"thresholds": [],
@@ -1607,11 +1919,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.cert\", state=\"disabled\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.cert\"} == 1 and openstack_nova_service_state{service=~\"nova.cert\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.cert\"} == 1 and openstack_nova_service_state{service=~\"nova.cert\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -1620,7 +1933,7 @@
}
],
"thresholds": "",
- "title": "Disabled",
+ "title": "En/Up",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -1683,11 +1996,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.cert\", state=\"up\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.cert\"} == 1 and openstack_nova_service_state{service=~\"nova.cert\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.cert\"} == 1 and openstack_nova_service_state{service=~\"nova.cert\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -1696,7 +2010,84 @@
}
],
"thresholds": "",
- "title": "Up",
+ "title": "En/Down",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(71, 212, 59, 0.4)",
+ "rgba(245, 150, 40, 0.73)",
+ "rgba(225, 40, 40, 0.59)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 55,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 1,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.cert\"} == 0 and openstack_nova_service_state{service=~\"nova.cert\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.cert\"} == 0 and openstack_nova_service_state{service=~\"nova.cert\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Dis/Up",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -1759,11 +2150,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.cert\", state=\"down\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.cert\"} == 0 and openstack_nova_service_state{service=~\"nova.cert\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.cert\"} == 0 and openstack_nova_service_state{service=~\"nova.cert\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -1772,7 +2164,7 @@
}
],
"thresholds": "",
- "title": "Down",
+ "title": "Dis/Down",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -1812,17 +2204,41 @@
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
- "span": 7,
+ "span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.cert\"}) by (state)",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.cert\"} == 1 and openstack_nova_service_state{service=~\"nova.cert\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.cert\"} == 1 and openstack_nova_service_state{service=~\"nova.cert\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
- "legendFormat": "{{ state }}",
+ "legendFormat": "en/up",
"refId": "A",
- "step": 4
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.cert\"} == 1 and openstack_nova_service_state{service=~\"nova.cert\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.cert\"} == 1 and openstack_nova_service_state{service=~\"nova.cert\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "en/down",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.cert\"} == 0 and openstack_nova_service_state{service=~\"nova.cert\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.cert\"} == 0 and openstack_nova_service_state{service=~\"nova.cert\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/up",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.cert\"} == 0 and openstack_nova_service_state{service=~\"nova.cert\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.cert\"} == 0 and openstack_nova_service_state{service=~\"nova.cert\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/down",
+ "refId": "D",
+ "step": 10
}
],
"thresholds": [],
@@ -1924,11 +2340,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.consoleauth\", state=\"disabled\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 1 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 1 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -1937,7 +2354,7 @@
}
],
"thresholds": "",
- "title": "Disabled",
+ "title": "En/Up",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -2000,11 +2417,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.consoleauth\", state=\"up\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 1 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 1 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -2013,7 +2431,84 @@
}
],
"thresholds": "",
- "title": "Up",
+ "title": "En/Down",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(71, 212, 59, 0.4)",
+ "rgba(245, 150, 40, 0.73)",
+ "rgba(225, 40, 40, 0.59)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 56,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 1,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 0 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 0 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Dis/Up",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -2076,11 +2571,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.consoleauth\", state=\"down\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 0 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 0 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -2089,7 +2585,7 @@
}
],
"thresholds": "",
- "title": "Down",
+ "title": "Dis/Down",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -2129,17 +2625,41 @@
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
- "span": 7,
+ "span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.consoleauth\"}) by (state)",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 1 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 1 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
- "legendFormat": "{{ state }}",
+ "legendFormat": "en/up",
"refId": "A",
- "step": 4
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 1 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 1 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "en/down",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 0 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 0 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/up",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 0 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 0 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/down",
+ "refId": "D",
+ "step": 10
}
],
"thresholds": [],
@@ -2783,7 +3303,7 @@
"tableColumn": "",
"targets": [
{
- "expr": "openstack_nova_total_used_vcpus",
+ "expr": "sum(system_load15 and on (host) label_replace(openstack_nova_vcpus, \"host\", \"$1\", \"hostname\", \"(.*)\"))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -2861,7 +3381,13 @@
"tableColumn": "",
"targets": [
{
- "expr": "openstack_nova_total_used_disk",
+ {%- endraw %}
+ {%- if parameters is defined and parameters.get('nova_compute_ceph_ephemeral', False) == True %}
+ "expr": "max(avg(openstack_nova_used_disk) by (instance))",
+ {%- else %}
+ "expr": "max(sum(openstack_nova_used_disk) by (instance))",
+ {%- endif %}
+ {%- raw %}
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -2939,7 +3465,7 @@
"tableColumn": "",
"targets": [
{
- "expr": "openstack_nova_total_used_ram",
+ "expr": "max(sum(openstack_nova_used_ram) by (instance))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -3017,7 +3543,7 @@
"tableColumn": "",
"targets": [
{
- "expr": "openstack_nova_total_free_vcpus",
+ "expr": "sum(label_replace(openstack_nova_vcpus, \"host\", \"$1\", \"hostname\", \"(.*)\") - on (host) system_load15)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -3095,7 +3621,13 @@
"tableColumn": "",
"targets": [
{
- "expr": "openstack_nova_total_free_disk",
+ {%- endraw %}
+ {%- if parameters is defined and parameters.get('nova_compute_ceph_ephemeral', False) == True %}
+ "expr": "max(avg(openstack_nova_disk_available) by (instance))",
+ {%- else %}
+ "expr": "max(sum(openstack_nova_disk - openstack_nova_used_disk) by (instance))",
+ {%- endif %}
+ {%- raw %}
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -3173,7 +3705,7 @@
"tableColumn": "",
"targets": [
{
- "expr": "openstack_nova_total_free_ram",
+ "expr": "max(sum(openstack_nova_ram - openstack_nova_used_ram) by (instance))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -3681,7 +4213,7 @@
"sharedCrosshair": true,
"style": "dark",
"tags": [
- "nova"
+ "openstack"
],
"templating": {
"list": [
diff --git a/nova/files/grafana_dashboards/nova_prometheus_fluentd.json b/nova/files/grafana_dashboards/nova_prometheus_fluentd.json
index d967591..978f951 100644
--- a/nova/files/grafana_dashboards/nova_prometheus_fluentd.json
+++ b/nova/files/grafana_dashboards/nova_prometheus_fluentd.json
@@ -591,7 +591,7 @@
},
{
"collapse": false,
- "height": "250px",
+ "height": 220,
"panels": [
{
"content": "<br />\n<h3 align=\"center\"> Compute nodes </h3>",
@@ -623,6 +623,83 @@
"thresholdLabels": false,
"thresholdMarkers": true
},
+ "id": 52,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 1,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.compute\"} == 1 and openstack_nova_service_state{service=~\"nova.compute\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.compute\"} == 1 and openstack_nova_service_state{service=~\"nova.compute\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "En/Up",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(71, 212, 59, 0.4)",
+ "rgba(245, 150, 40, 0.73)",
+ "rgba(225, 40, 40, 0.59)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
"id": 9,
"interval": null,
"links": [],
@@ -656,11 +733,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.compute\", state=\"disabled\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.compute\"} == 1 and openstack_nova_service_state{service=~\"nova.compute\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.compute\"} == 1 and openstack_nova_service_state{service=~\"nova.compute\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -669,7 +747,7 @@
}
],
"thresholds": "",
- "title": "Disabled",
+ "title": "En/Down",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -732,11 +810,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.compute\", state=\"up\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.compute\"} == 0 and openstack_nova_service_state{service=~\"nova.compute\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.compute\"} == 0 and openstack_nova_service_state{service=~\"nova.compute\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -745,7 +824,7 @@
}
],
"thresholds": "",
- "title": "Up",
+ "title": "Dis/Up",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -808,11 +887,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.compute\", state=\"down\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.compute\"} == 0 and openstack_nova_service_state{service=~\"nova.compute\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.compute\"} == 0 and openstack_nova_service_state{service=~\"nova.compute\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -821,7 +901,7 @@
}
],
"thresholds": "",
- "title": "Down",
+ "title": "Dis/Down",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -861,17 +941,41 @@
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
- "span": 7,
+ "span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.compute\"}) by (state)",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.compute\"} == 1 and openstack_nova_service_state{service=~\"nova.compute\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.compute\"} == 1 and openstack_nova_service_state{service=~\"nova.compute\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
- "legendFormat": "{{ state }}",
+ "legendFormat": "en/up",
"refId": "A",
- "step": 4
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.compute\"} == 1 and openstack_nova_service_state{service=~\"nova.compute\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.compute\"} == 1 and openstack_nova_service_state{service=~\"nova.compute\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "en/down",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.compute\"} == 0 and openstack_nova_service_state{service=~\"nova.compute\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.compute\"} == 0 and openstack_nova_service_state{service=~\"nova.compute\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/up",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.compute\"} == 0 and openstack_nova_service_state{service=~\"nova.compute\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.compute\"} == 0 and openstack_nova_service_state{service=~\"nova.compute\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/down",
+ "refId": "D",
+ "step": 10
}
],
"thresholds": [],
@@ -940,6 +1044,83 @@
"thresholdLabels": false,
"thresholdMarkers": true
},
+ "id": 53,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 1,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.scheduler\"} == 1 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.scheduler\"} == 1 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "En/Up",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(71, 212, 59, 0.4)",
+ "rgba(245, 150, 40, 0.73)",
+ "rgba(225, 40, 40, 0.59)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
"id": 14,
"interval": null,
"links": [],
@@ -973,11 +1154,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.scheduler\", state=\"disabled\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.scheduler\"} == 1 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.scheduler\"} == 1 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -986,7 +1168,7 @@
}
],
"thresholds": "",
- "title": "Disabled",
+ "title": "En/Down",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -1049,11 +1231,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.scheduler\", state=\"up\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.scheduler\"} == 0 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.scheduler\"} == 0 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -1062,7 +1245,7 @@
}
],
"thresholds": "",
- "title": "Up",
+ "title": "Dis/Up",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -1125,11 +1308,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.scheduler\", state=\"down\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.scheduler\"} == 0 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.scheduler\"} == 0 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -1138,7 +1322,7 @@
}
],
"thresholds": "",
- "title": "Down",
+ "title": "Dis/Down",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -1178,17 +1362,41 @@
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
- "span": 7,
+ "span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.scheduler\"}) by (state)",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.scheduler\"} == 1 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.scheduler\"} == 1 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
- "legendFormat": "{{ state }}",
+ "legendFormat": "en/up",
"refId": "A",
- "step": 4
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.scheduler\"} == 1 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.scheduler\"} == 1 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "en/down",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.scheduler\"} == 0 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.scheduler\"} == 0 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/up",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.scheduler\"} == 0 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.scheduler\"} == 0 and openstack_nova_service_state{service=~\"nova.scheduler\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/down",
+ "refId": "D",
+ "step": 10
}
],
"thresholds": [],
@@ -1290,11 +1498,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.conductor\", state=\"disabled\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.conductor\"} == 1 and openstack_nova_service_state{service=~\"nova.conductor\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.conductor\"} == 1 and openstack_nova_service_state{service=~\"nova.conductor\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -1303,7 +1512,7 @@
}
],
"thresholds": "",
- "title": "Disabled",
+ "title": "En/Up",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -1366,11 +1575,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.conductor\", state=\"up\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.conductor\"} == 1 and openstack_nova_service_state{service=~\"nova.conductor\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.conductor\"} == 1 and openstack_nova_service_state{service=~\"nova.conductor\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -1379,7 +1589,84 @@
}
],
"thresholds": "",
- "title": "Up",
+ "title": "En/Down",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(71, 212, 59, 0.4)",
+ "rgba(245, 150, 40, 0.73)",
+ "rgba(225, 40, 40, 0.59)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 54,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 1,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.conductor\"} == 0 and openstack_nova_service_state{service=~\"nova.conductor\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.conductor\"} == 0 and openstack_nova_service_state{service=~\"nova.conductor\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Dis/Up",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -1442,11 +1729,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.conductor\", state=\"down\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.conductor\"} == 0 and openstack_nova_service_state{service=~\"nova.conductor\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.conductor\"} == 0 and openstack_nova_service_state{service=~\"nova.conductor\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -1455,7 +1743,7 @@
}
],
"thresholds": "",
- "title": "Down",
+ "title": "Dis/Down",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -1495,17 +1783,41 @@
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
- "span": 7,
+ "span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.conductor\"}) by (state)",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.conductor\"} == 1 and openstack_nova_service_state{service=~\"nova.conductor\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.conductor\"} == 1 and openstack_nova_service_state{service=~\"nova.conductor\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
- "legendFormat": "{{ state }}",
+ "legendFormat": "en/up",
"refId": "A",
- "step": 4
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.conductor\"} == 1 and openstack_nova_service_state{service=~\"nova.conductor\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.conductor\"} == 1 and openstack_nova_service_state{service=~\"nova.conductor\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "en/down",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.conductor\"} == 0 and openstack_nova_service_state{service=~\"nova.conductor\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.conductor\"} == 0 and openstack_nova_service_state{service=~\"nova.conductor\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/up",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.conductor\"} == 0 and openstack_nova_service_state{service=~\"nova.conductor\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.conductor\"} == 0 and openstack_nova_service_state{service=~\"nova.conductor\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/down",
+ "refId": "D",
+ "step": 10
}
],
"thresholds": [],
@@ -1607,11 +1919,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.cert\", state=\"disabled\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.cert\"} == 1 and openstack_nova_service_state{service=~\"nova.cert\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.cert\"} == 1 and openstack_nova_service_state{service=~\"nova.cert\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -1620,7 +1933,7 @@
}
],
"thresholds": "",
- "title": "Disabled",
+ "title": "En/Up",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -1683,11 +1996,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.cert\", state=\"up\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.cert\"} == 1 and openstack_nova_service_state{service=~\"nova.cert\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.cert\"} == 1 and openstack_nova_service_state{service=~\"nova.cert\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -1696,7 +2010,84 @@
}
],
"thresholds": "",
- "title": "Up",
+ "title": "En/Down",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(71, 212, 59, 0.4)",
+ "rgba(245, 150, 40, 0.73)",
+ "rgba(225, 40, 40, 0.59)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 55,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 1,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.cert\"} == 0 and openstack_nova_service_state{service=~\"nova.cert\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.cert\"} == 0 and openstack_nova_service_state{service=~\"nova.cert\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Dis/Up",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -1759,11 +2150,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.cert\", state=\"down\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.cert\"} == 0 and openstack_nova_service_state{service=~\"nova.cert\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.cert\"} == 0 and openstack_nova_service_state{service=~\"nova.cert\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -1772,7 +2164,7 @@
}
],
"thresholds": "",
- "title": "Down",
+ "title": "Dis/Down",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -1812,17 +2204,41 @@
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
- "span": 7,
+ "span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.cert\"}) by (state)",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.cert\"} == 1 and openstack_nova_service_state{service=~\"nova.cert\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.cert\"} == 1 and openstack_nova_service_state{service=~\"nova.cert\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
- "legendFormat": "{{ state }}",
+ "legendFormat": "en/up",
"refId": "A",
- "step": 4
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.cert\"} == 1 and openstack_nova_service_state{service=~\"nova.cert\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.cert\"} == 1 and openstack_nova_service_state{service=~\"nova.cert\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "en/down",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.cert\"} == 0 and openstack_nova_service_state{service=~\"nova.cert\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.cert\"} == 0 and openstack_nova_service_state{service=~\"nova.cert\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/up",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.cert\"} == 0 and openstack_nova_service_state{service=~\"nova.cert\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.cert\"} == 0 and openstack_nova_service_state{service=~\"nova.cert\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/down",
+ "refId": "D",
+ "step": 10
}
],
"thresholds": [],
@@ -1924,11 +2340,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.consoleauth\", state=\"disabled\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 1 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 1 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -1937,7 +2354,7 @@
}
],
"thresholds": "",
- "title": "Disabled",
+ "title": "En/Up",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -2000,11 +2417,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.consoleauth\", state=\"up\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 1 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 1 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -2013,7 +2431,84 @@
}
],
"thresholds": "",
- "title": "Up",
+ "title": "En/Down",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(71, 212, 59, 0.4)",
+ "rgba(245, 150, 40, 0.73)",
+ "rgba(225, 40, 40, 0.59)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 56,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 1,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 0 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 0 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Dis/Up",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -2076,11 +2571,12 @@
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
- "show": true
+ "show": false
},
+ "tableColumn": "",
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.consoleauth\", state=\"down\"})",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 0 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 0 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 0) - 1",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -2089,7 +2585,7 @@
}
],
"thresholds": "",
- "title": "Down",
+ "title": "Dis/Down",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
@@ -2129,17 +2625,41 @@
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
- "span": 7,
+ "span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
- "expr": "max(openstack_nova_services{service=~\"nova.consoleauth\"}) by (state)",
+ "expr": "count(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 1 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 1 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 1) - 1",
"format": "time_series",
"intervalFactor": 2,
- "legendFormat": "{{ state }}",
+ "legendFormat": "en/up",
"refId": "A",
- "step": 4
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 1 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 1 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "en/down",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 0 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 1) or absent(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 0 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 1) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/up",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "count(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 0 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 0) or absent(openstack_nova_service_status{service=~\"nova.consoleauth\"} == 0 and openstack_nova_service_state{service=~\"nova.consoleauth\"} == 0) - 1",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "dis/down",
+ "refId": "D",
+ "step": 10
}
],
"thresholds": [],
@@ -2499,182 +3019,6 @@
"show": true
}
]
- },
- {
- "cacheTimeout": null,
- "colorBackground": false,
- "colorValue": false,
- "colors": [
- "rgba(245, 54, 54, 0.9)",
- "rgba(237, 129, 40, 0.89)",
- "rgba(50, 172, 45, 0.97)"
- ],
- "datasource": "prometheus",
- "decimals": null,
- "format": "s",
- "gauge": {
- "maxValue": 100,
- "minValue": 0,
- "show": false,
- "thresholdLabels": false,
- "thresholdMarkers": true
- },
- "id": 52,
- "interval": null,
- "links": [],
- "mappingType": 1,
- "mappingTypes": [
- {
- "name": "value to text",
- "value": 1
- },
- {
- "name": "range to text",
- "value": 2
- }
- ],
- "maxDataPoints": 100,
- "nullPointMode": "connected",
- "nullText": null,
- "postfix": "",
- "postfixFontSize": "50%",
- "prefix": "",
- "prefixFontSize": "50%",
- "rangeMaps": [
- {
- "from": "null",
- "text": "N/A",
- "to": "null"
- }
- ],
- "span": 2,
- "sparkline": {
- "fillColor": "rgba(31, 118, 189, 0.18)",
- "full": false,
- "lineColor": "rgb(31, 120, 193)",
- "show": false
- },
- "tableColumn": "",
- "targets": [
- {
- "expr": "avg(openstack_nova_instance_creation_time)",
- "format": "time_series",
- "hide": false,
- "intervalFactor": 2,
- "legendFormat": "",
- "metric": "",
- "refId": "A",
- "step": 60
- }
- ],
- "thresholds": "",
- "title": "Instance creation time (average)",
- "type": "singlestat",
- "valueFontSize": "80%",
- "valueMaps": [
- {
- "op": "=",
- "text": "N/A",
- "value": "null"
- }
- ],
- "valueName": "min"
- },
- {
- "aliasColors": {
- "Avg": "#6ED0E0"
- },
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "prometheus",
- "fill": 1,
- "id": 53,
- "legend": {
- "avg": false,
- "current": false,
- "hideEmpty": false,
- "hideZero": false,
- "max": false,
- "min": false,
- "show": true,
- "total": false,
- "values": false
- },
- "lines": true,
- "linewidth": 1,
- "links": [],
- "nullPointMode": "null as zero",
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "span": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "expr": "avg(openstack_nova_instance_creation_time)",
- "format": "time_series",
- "intervalFactor": 2,
- "legendFormat": "Avg",
- "refId": "A",
- "step": 4
- },
- {
- "expr": "min(openstack_nova_instance_creation_time)",
- "format": "time_series",
- "intervalFactor": 2,
- "legendFormat": "Min",
- "refId": "B",
- "step": 4
- },
- {
- "expr": "max(openstack_nova_instance_creation_time)",
- "format": "time_series",
- "intervalFactor": 2,
- "legendFormat": "Max",
- "refId": "C",
- "step": 4
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeShift": null,
- "title": "Instances",
- "tooltip": {
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "s",
- "label": "Creation time",
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": "",
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ]
}
],
"repeat": null,
@@ -2783,7 +3127,7 @@
"tableColumn": "",
"targets": [
{
- "expr": "openstack_nova_total_used_vcpus",
+ "expr": "sum(system_load15 and on (host) label_replace(openstack_nova_vcpus, \"host\", \"$1\", \"hostname\", \"(.*)\"))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -2861,7 +3205,13 @@
"tableColumn": "",
"targets": [
{
- "expr": "openstack_nova_total_used_disk",
+ {%- endraw %}
+ {%- if parameters is defined and parameters.get('nova_compute_ceph_ephemeral', False) == True %}
+ "expr": "max(avg(openstack_nova_used_disk) by (instance))",
+ {%- else %}
+ "expr": "max(sum(openstack_nova_used_disk) by (instance))",
+ {%- endif %}
+ {%- raw %}
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -2939,7 +3289,7 @@
"tableColumn": "",
"targets": [
{
- "expr": "openstack_nova_total_used_ram",
+ "expr": "max(sum(openstack_nova_used_ram) by (instance))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -3017,7 +3367,7 @@
"tableColumn": "",
"targets": [
{
- "expr": "openstack_nova_total_free_vcpus",
+ "expr": "sum(label_replace(openstack_nova_vcpus, \"host\", \"$1\", \"hostname\", \"(.*)\") - on (host) system_load15)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -3095,7 +3445,13 @@
"tableColumn": "",
"targets": [
{
- "expr": "openstack_nova_total_free_disk",
+ {%- endraw %}
+ {%- if parameters is defined and parameters.get('nova_compute_ceph_ephemeral', False) == True %}
+ "expr": "max(avg(openstack_nova_disk_available) by (instance))",
+ {%- else %}
+ "expr": "max(sum(openstack_nova_disk - openstack_nova_used_disk) by (instance))",
+ {%- endif %}
+ {%- raw %}
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -3173,7 +3529,7 @@
"tableColumn": "",
"targets": [
{
- "expr": "openstack_nova_total_free_ram",
+ "expr": "max(sum(openstack_nova_ram - openstack_nova_used_ram) by (instance))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
@@ -3244,7 +3600,7 @@
"intervalFactor": 2,
"legendFormat": "{{ aggregate }}",
"refId": "A",
- "step": 4
+ "step": 10
}
],
"thresholds": [],
@@ -3321,7 +3677,7 @@
"intervalFactor": 2,
"legendFormat": "{{ aggregate }}",
"refId": "A",
- "step": 4
+ "step": 10
}
],
"thresholds": [],
@@ -3398,7 +3754,7 @@
"intervalFactor": 2,
"legendFormat": "{{ aggregate }}",
"refId": "A",
- "step": 4
+ "step": 10
}
],
"thresholds": [],
@@ -3475,7 +3831,7 @@
"intervalFactor": 2,
"legendFormat": "{{ aggregate }}",
"refId": "A",
- "step": 4
+ "step": 10
}
],
"thresholds": [],
@@ -3552,7 +3908,7 @@
"intervalFactor": 2,
"legendFormat": "{{ aggregate }}",
"refId": "A",
- "step": 4
+ "step": 10
}
],
"thresholds": [],
@@ -3629,7 +3985,7 @@
"intervalFactor": 2,
"legendFormat": "{{ aggregate }}",
"refId": "A",
- "step": 4
+ "step": 10
}
],
"thresholds": [],
@@ -3681,7 +4037,7 @@
"sharedCrosshair": true,
"style": "dark",
"tags": [
- "nova"
+ "openstack"
],
"templating": {
"list": [
@@ -3739,6 +4095,6 @@
},
"timezone": "browser",
"title": "Nova",
- "version": 3
+ "version": 4
}
{% endraw %}
diff --git a/nova/files/grafana_dashboards/nova_utilization_prometheus.json b/nova/files/grafana_dashboards/nova_utilization_prometheus.json
new file mode 100644
index 0000000..957dc6f
--- /dev/null
+++ b/nova/files/grafana_dashboards/nova_utilization_prometheus.json
@@ -0,0 +1,2720 @@
+{%- raw %}
+{
+ "annotations": {
+ "list": [
+ {
+ "$$hashKey": "object:32922",
+ "builtIn": 1,
+ "datasource": "prometheus",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "limit": 100,
+ "name": "Annotations & Alerts",
+ "showIn": 0,
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "id": null,
+ "iteration": 1529670945678,
+ "links": [],
+ "panels": [
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "id": 6,
+ "panels": [],
+ "title": "Total Utilization",
+ "type": "row"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 0,
+ "y": 1
+ },
+ "id": 12,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "sum(system_load15 and on (host) label_replace(openstack_nova_vcpus, \"host\", \"$1\", \"hostname\", \"(.*)\")) / max(sum(openstack_nova_vcpus) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.85,0.95",
+ "title": "CPU Usage",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 5,
+ "w": 14,
+ "x": 5,
+ "y": 1
+ },
+ "id": 8,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "$$hashKey": "object:33652",
+ "expr": "max(sum(openstack_nova_vcpus) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "total",
+ "refId": "A"
+ },
+ {
+ "$$hashKey": "object:33653",
+ "expr": "sum(system_load15 and on (host) label_replace(openstack_nova_vcpus, \"host\", \"$1\", \"hostname\", \"(.*)\"))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "used",
+ "refId": "B"
+ },
+ {
+ "$$hashKey": "object:33654",
+ "expr": "max(sum(openstack_nova_used_vcpus) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "allocated",
+ "refId": "C"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "$$hashKey": "object:33724",
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "$$hashKey": "object:33725",
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "decimals": 2,
+ "format": "none",
+ "gauge": {
+ "maxValue": 32,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 19,
+ "y": 1
+ },
+ "id": 13,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(sum(openstack_nova_used_vcpus) by (instance)) / max(sum(openstack_nova_vcpus) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "12,16",
+ "title": "Current CPU Allocation Ratio",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 0,
+ "y": 6
+ },
+ "id": 14,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(sum(openstack_nova_used_ram) by (instance)) / max(sum(openstack_nova_ram) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.85,0.95",
+ "title": "RAM Usage",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 5,
+ "w": 14,
+ "x": 5,
+ "y": 6
+ },
+ "id": 9,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "$$hashKey": "object:33887",
+ "expr": "max(sum(openstack_nova_ram) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "total",
+ "refId": "A"
+ },
+ {
+ "$$hashKey": "object:33888",
+ "expr": "max(sum(openstack_nova_used_ram) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "used",
+ "refId": "B"
+ },
+ {
+ "$$hashKey": "object:33889",
+ "expr": "max(sum(openstack_nova_ram - openstack_nova_free_ram) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "allocated",
+ "refId": "C"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "RAM",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "$$hashKey": "object:33959",
+ "format": "decmbytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "$$hashKey": "object:33960",
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "decimals": 2,
+ "format": "none",
+ "gauge": {
+ "maxValue": 3,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 19,
+ "y": 6
+ },
+ "id": 15,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(sum(openstack_nova_ram - openstack_nova_free_ram) by (instance)) / max(sum(openstack_nova_ram) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "1,1.5",
+ "title": "Current RAM Allocation Ratio",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 0,
+ "y": 11
+ },
+ "id": 16,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ {%- endraw %}
+ {%- if parameters is defined and parameters.get('nova_compute_ceph_ephemeral', False) == True %}
+ "expr": "max(avg(openstack_nova_used_disk) by (instance)) / max(avg(openstack_nova_disk) by (instance))",
+ {%- else %}
+ "expr": "max(sum(openstack_nova_used_disk) by (instance)) / max(sum(openstack_nova_disk) by (instance))",
+ {%- endif %}
+ {%- raw %}
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.85,0.95",
+ "title": "Disk Usage",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 5,
+ "w": 14,
+ "x": 5,
+ "y": 11
+ },
+ "id": 10,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "$$hashKey": "object:33000",
+ {%- endraw %}
+ {%- if parameters is defined and parameters.get('nova_compute_ceph_ephemeral', False) == True %}
+ "expr": "max(avg(openstack_nova_disk) by (instance))",
+ {%- else %}
+ "expr": "max(sum(openstack_nova_disk) by (instance))",
+ {%- endif %}
+ {%- raw %}
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "total",
+ "refId": "A"
+ },
+ {
+ "$$hashKey": "object:33001",
+ {%- endraw %}
+ {%- if parameters is defined and parameters.get('nova_compute_ceph_ephemeral', False) == True %}
+ "expr": "max(avg(openstack_nova_used_disk) by (instance))",
+ {%- else %}
+ "expr": "max(sum(openstack_nova_used_disk) by (instance))",
+ {%- endif %}
+ {%- raw %}
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "used",
+ "refId": "B"
+ },
+ {
+ "$$hashKey": "object:33002",
+ {%- endraw %}
+ {%- if parameters is defined and parameters.get('nova_compute_ceph_ephemeral', False) == True %}
+ "expr": "max(avg(openstack_nova_used_disk) by (instance))",
+ {%- else %}
+ "expr": "max(sum(openstack_nova_disk - openstack_nova_disk_available) by (instance))",
+ {%- endif %}
+ {%- raw %}
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "allocated",
+ "refId": "C"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Disk",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "decgbytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "decimals": 2,
+ "format": "none",
+ "gauge": {
+ "maxValue": 2,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 19,
+ "y": 11
+ },
+ "id": 17,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "$$hashKey": "object:33092",
+ {%- endraw %}
+ {%- if parameters is defined and parameters.get('nova_compute_ceph_ephemeral', False) == True %}
+ "expr": "max(avg(openstack_nova_used_disk) by (instance)) / max(avg(openstack_nova_disk) by (instance))",
+ {%- else %}
+ "expr": "max(sum(openstack_nova_disk - openstack_nova_disk_available) by (instance)) / max(sum(openstack_nova_disk) by (instance))",
+ {%- endif %}
+ {%- raw %}
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.9,1",
+ "title": "Current Disk Allocation Ratio",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "collapsed": true,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 16
+ },
+ "id": 4,
+ "panels": [
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 0,
+ "y": 17
+ },
+ "id": 18,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "scopedVars": {
+ "aggregate": {
+ "selected": true,
+ "text": "infra-dev",
+ "value": "infra-dev"
+ }
+ },
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_nova_aggregate_running_instances{aggregate=\"$aggregate\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "title": "Running Instances",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 5,
+ "w": 14,
+ "x": 5,
+ "y": 17
+ },
+ "id": 19,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "scopedVars": {
+ "aggregate": {
+ "selected": true,
+ "text": "infra-dev",
+ "value": "infra-dev"
+ }
+ },
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "$$hashKey": "object:34227",
+ "expr": "max(openstack_nova_aggregate_vcpus{aggregate=\"$aggregate\"})",
+ "format": "time_series",
+ "instant": false,
+ "intervalFactor": 2,
+ "legendFormat": "total",
+ "refId": "A"
+ },
+ {
+ "$$hashKey": "object:34228",
+ "expr": "max(openstack_nova_aggregate_used_vcpus{aggregate=\"$aggregate\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "allocated",
+ "refId": "C"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "decimals": 2,
+ "format": "none",
+ "gauge": {
+ "maxValue": 32,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 19,
+ "y": 17
+ },
+ "id": 21,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "scopedVars": {
+ "aggregate": {
+ "selected": true,
+ "text": "infra-dev",
+ "value": "infra-dev"
+ }
+ },
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_nova_aggregate_used_vcpus{aggregate=\"$aggregate\"} / openstack_nova_aggregate_vcpus{aggregate=\"$aggregate\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "12,16",
+ "title": "Current CPU Allocation Ratio",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 0,
+ "y": 22
+ },
+ "id": 23,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "scopedVars": {
+ "aggregate": {
+ "selected": true,
+ "text": "infra-dev",
+ "value": "infra-dev"
+ }
+ },
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_nova_aggregate_used_ram{aggregate=\"$aggregate\"} / openstack_nova_aggregate_ram{aggregate=\"$aggregate\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.85,0.95",
+ "title": "RAM Usage",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 5,
+ "w": 14,
+ "x": 5,
+ "y": 22
+ },
+ "id": 22,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "scopedVars": {
+ "aggregate": {
+ "selected": true,
+ "text": "infra-dev",
+ "value": "infra-dev"
+ }
+ },
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "$$hashKey": "object:34328",
+ "expr": "max(openstack_nova_aggregate_ram{aggregate=\"$aggregate\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "total",
+ "refId": "A"
+ },
+ {
+ "$$hashKey": "object:34329",
+ "expr": "max(openstack_nova_aggregate_used_ram{aggregate=\"$aggregate\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "used",
+ "refId": "B"
+ },
+ {
+ "$$hashKey": "object:34330",
+ "expr": "max(openstack_nova_aggregate_ram{aggregate=\"$aggregate\"} - openstack_nova_aggregate_free_ram{aggregate=\"$aggregate\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "allocated",
+ "refId": "C"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "RAM",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "decmbytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "decimals": 2,
+ "format": "none",
+ "gauge": {
+ "maxValue": 3,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 19,
+ "y": 22
+ },
+ "id": 24,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "scopedVars": {
+ "aggregate": {
+ "selected": true,
+ "text": "infra-dev",
+ "value": "infra-dev"
+ }
+ },
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max((openstack_nova_aggregate_ram{aggregate=\"$aggregate\"} - openstack_nova_aggregate_free_ram{aggregate=\"$aggregate\"}) / openstack_nova_aggregate_ram{aggregate=\"$aggregate\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "1,1.5",
+ "title": "Current RAM Allocation Ratio",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 0,
+ "y": 27
+ },
+ "id": 26,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "scopedVars": {
+ "aggregate": {
+ "selected": true,
+ "text": "infra-dev",
+ "value": "infra-dev"
+ }
+ },
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_nova_aggregate_used_disk{aggregate=\"$aggregate\"} / openstack_nova_aggregate_disk{aggregate=\"$aggregate\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.85,0.95",
+ "title": "Disk Usage",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 5,
+ "w": 14,
+ "x": 5,
+ "y": 27
+ },
+ "id": 25,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "scopedVars": {
+ "aggregate": {
+ "selected": true,
+ "text": "infra-dev",
+ "value": "infra-dev"
+ }
+ },
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "$$hashKey": "object:33182",
+ "expr": "max(openstack_nova_aggregate_disk{aggregate=\"$aggregate\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "total",
+ "refId": "A"
+ },
+ {
+ "$$hashKey": "object:33183",
+ "expr": "max(openstack_nova_aggregate_used_disk{aggregate=\"$aggregate\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "used",
+ "refId": "B"
+ },
+ {
+ "$$hashKey": "object:33184",
+ "expr": "max(openstack_nova_aggregate_disk{aggregate=\"$aggregate\"} - openstack_nova_aggregate_disk_available{aggregate=\"$aggregate\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "allocated",
+ "refId": "C"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Disk",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "decgbytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "decimals": 2,
+ "format": "none",
+ "gauge": {
+ "maxValue": 2,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 19,
+ "y": 27
+ },
+ "id": 27,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "scopedVars": {
+ "aggregate": {
+ "selected": true,
+ "text": "infra-dev",
+ "value": "infra-dev"
+ }
+ },
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "$$hashKey": "object:33274",
+ "expr": "max((openstack_nova_aggregate_disk{aggregate=\"$aggregate\"} - openstack_nova_aggregate_disk_available{aggregate=\"$aggregate\"}) / openstack_nova_aggregate_disk{aggregate=\"$aggregate\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.9,1",
+ "title": "Current Disk Allocation Ratio",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ }
+ ],
+ "repeat": "aggregate",
+ "scopedVars": {
+ "aggregate": {
+ "$$hashKey": "object:33592",
+ "selected": true,
+ "text": "infra-dev",
+ "value": "infra-dev"
+ }
+ },
+ "title": "Aggregate Utilization @$aggregate",
+ "type": "row"
+ },
+ {
+ "collapsed": true,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 17
+ },
+ "id": 2,
+ "panels": [
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 0,
+ "y": 33
+ },
+ "id": 28,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "scopedVars": {
+ "host": {
+ "selected": true,
+ "text": "cmp002",
+ "value": "cmp002"
+ }
+ },
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "scalar(system_load15{host=\"$host\"}) / max(openstack_nova_vcpus{hostname=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.85,0.95",
+ "title": "CPU Usage",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 5,
+ "w": 14,
+ "x": 5,
+ "y": 33
+ },
+ "id": 29,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "scopedVars": {
+ "host": {
+ "selected": true,
+ "text": "cmp002",
+ "value": "cmp002"
+ }
+ },
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "$$hashKey": "object:34607",
+ "expr": "max(openstack_nova_vcpus{hostname=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "total",
+ "refId": "A"
+ },
+ {
+ "$$hashKey": "object:34608",
+ "expr": "scalar(system_load15{host=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "used",
+ "refId": "B"
+ },
+ {
+ "$$hashKey": "object:34609",
+ "expr": "max(openstack_nova_used_vcpus{hostname=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "allocated",
+ "refId": "C"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "decimals": 2,
+ "format": "none",
+ "gauge": {
+ "maxValue": 32,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 19,
+ "y": 33
+ },
+ "id": 30,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "scopedVars": {
+ "host": {
+ "selected": true,
+ "text": "cmp002",
+ "value": "cmp002"
+ }
+ },
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_nova_used_vcpus{hostname=\"$host\"} / openstack_nova_vcpus{hostname=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "12,16",
+ "title": "Current CPU Allocation Ratio",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 0,
+ "y": 38
+ },
+ "id": 31,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "scopedVars": {
+ "host": {
+ "selected": true,
+ "text": "cmp002",
+ "value": "cmp002"
+ }
+ },
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_nova_used_ram{hostname=\"$host\"} / openstack_nova_ram{hostname=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.85,0.95",
+ "title": "RAM Usage",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 5,
+ "w": 14,
+ "x": 5,
+ "y": 38
+ },
+ "id": 32,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "scopedVars": {
+ "host": {
+ "selected": true,
+ "text": "cmp002",
+ "value": "cmp002"
+ }
+ },
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "$$hashKey": "object:34730",
+ "expr": "max(openstack_nova_ram{hostname=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "total",
+ "refId": "A"
+ },
+ {
+ "$$hashKey": "object:34731",
+ "expr": "max(openstack_nova_used_ram{hostname=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "used",
+ "refId": "B"
+ },
+ {
+ "$$hashKey": "object:34732",
+ "expr": "max(openstack_nova_ram{hostname=\"$host\"} - openstack_nova_free_ram{hostname=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "allocated",
+ "refId": "C"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "RAM",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "decmbytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "decimals": 2,
+ "format": "none",
+ "gauge": {
+ "maxValue": 3,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 19,
+ "y": 38
+ },
+ "id": 33,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "scopedVars": {
+ "host": {
+ "selected": true,
+ "text": "cmp002",
+ "value": "cmp002"
+ }
+ },
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max((openstack_nova_ram{hostname=\"$host\"} - openstack_nova_free_ram{hostname=\"$host\"}) / openstack_nova_ram{hostname=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "1,1.5",
+ "title": "Current RAM Allocation Ratio",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 0,
+ "y": 43
+ },
+ "id": 34,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "scopedVars": {
+ "host": {
+ "selected": true,
+ "text": "cmp002",
+ "value": "cmp002"
+ }
+ },
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_nova_used_disk{hostname=\"$host\"} / openstack_nova_disk{hostname=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.85,0.95",
+ "title": "Disk Usage",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 5,
+ "w": 14,
+ "x": 5,
+ "y": 43
+ },
+ "id": 35,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "scopedVars": {
+ "host": {
+ "selected": true,
+ "text": "cmp002",
+ "value": "cmp002"
+ }
+ },
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "$$hashKey": "object:33364",
+ "expr": "max(openstack_nova_disk{hostname=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "total",
+ "refId": "A"
+ },
+ {
+ "$$hashKey": "object:33365",
+ "expr": "max(openstack_nova_used_disk{hostname=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "used",
+ "refId": "B"
+ },
+ {
+ "$$hashKey": "object:33366",
+ "expr": "max(openstack_nova_disk{hostname=\"$host\"} - openstack_nova_disk_available{hostname=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "allocated",
+ "refId": "C"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Disk",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "decgbytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "decimals": 2,
+ "format": "none",
+ "gauge": {
+ "maxValue": 2,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 19,
+ "y": 43
+ },
+ "id": 36,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "scopedVars": {
+ "host": {
+ "selected": true,
+ "text": "cmp002",
+ "value": "cmp002"
+ }
+ },
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max((openstack_nova_disk{hostname=\"$host\"} - openstack_nova_disk_available{hostname=\"$host\"}) / openstack_nova_disk{hostname=\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.9,1",
+ "title": "Current Disk Allocation Ratio",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ }
+ ],
+ "repeat": "host",
+ "scopedVars": {
+ "host": {
+ "$$hashKey": "object:33433",
+ "selected": true,
+ "text": "cmp002",
+ "value": "cmp002"
+ }
+ },
+ "title": "Hypervisors Utilization @$host",
+ "type": "row"
+ }
+ ],
+ "refresh": "1m",
+ "schemaVersion": 16,
+ "style": "dark",
+ "tags": [
+ "openstack"
+ ],
+ "templating": {
+ "list": [
+ {
+ "allValue": null,
+ "current": {
+ "text": "infra-dev",
+ "value": [
+ "infra-dev"
+ ]
+ },
+ "datasource": "prometheus",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": true,
+ "name": "aggregate",
+ "options": [],
+ "query": "label_values(openstack_nova_aggregate_running_instances,aggregate)",
+ "refresh": 1,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "cmp002",
+ "value": [
+ "cmp002"
+ ]
+ },
+ "datasource": "prometheus",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": true,
+ "name": "host",
+ "options": [],
+ "query": "label_values(openstack_nova_running_instances,hostname)",
+ "refresh": 1,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "",
+ "title": "Nova - Utilization",
+ "uid": null,
+ "version": 1
+}
+{%- endraw %}
diff --git a/nova/files/grafana_dashboards/openstack_overview_prometheus.json b/nova/files/grafana_dashboards/openstack_overview_prometheus.json
new file mode 100644
index 0000000..ccaae42
--- /dev/null
+++ b/nova/files/grafana_dashboards/openstack_overview_prometheus.json
@@ -0,0 +1,1088 @@
+{%- raw %}
+{
+ "annotations": {
+ "list": [
+ {
+ "$$hashKey": "object:58569",
+ "builtIn": 1,
+ "datasource": "prometheus",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "limit": 100,
+ "name": "Annotations & Alerts",
+ "showIn": 0,
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "id": null,
+ "iteration": 1529677956265,
+ "links": [],
+ "panels": [
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "id": 2,
+ "panels": [],
+ "title": "Cloud Usage",
+ "type": "row"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 6,
+ "x": 0,
+ "y": 1
+ },
+ "id": 6,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "sum(system_load15 and on (host) label_replace(openstack_nova_vcpus, \"host\", \"$1\", \"hostname\", \"(.*)\")) / max(sum(openstack_nova_vcpus) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.85,0.95",
+ "title": "CPU Usage",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 6,
+ "x": 6,
+ "y": 1
+ },
+ "id": 8,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(sum(openstack_nova_used_ram) by (instance)) / max(sum(openstack_nova_ram) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.85,0.95",
+ "title": "RAM Usage",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 6,
+ "x": 12,
+ "y": 1
+ },
+ "id": 4,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ {%- endraw %}
+ {%- if parameters is defined and parameters.get('nova_compute_ceph_ephemeral', False) == True %}
+ "expr": "max(avg(openstack_nova_used_disk) by (instance)) / max(avg(openstack_nova_disk) by (instance))",
+ {%- else %}
+ "expr": "max(sum(openstack_nova_used_disk) by (instance)) / max(sum(openstack_nova_disk) by (instance))",
+ {%- endif %}
+ {%- raw %}
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.85,0.95",
+ "title": "Disk Usage",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 6,
+ "x": 18,
+ "y": 1
+ },
+ "id": 9,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(sum(openstack_cinder_pool_capacity_provisioned) by (instance) / sum(openstack_cinder_pool_capacity_total) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.85,0.95",
+ "title": "Cinder Block Storage Usage",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 5,
+ "x": 0,
+ "y": 6
+ },
+ "id": 11,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "count(openstack_nova_service_status{binary=\"nova-compute\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "title": "Compute Nodes",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 5,
+ "w": 19,
+ "x": 5,
+ "y": 6
+ },
+ "id": 18,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "max(openstack_nova_instances{state=\"active\"}) by (state)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{state}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Active Instances",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "decimals": null,
+ "format": "none",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 11
+ },
+ "id": 13,
+ "panels": [],
+ "title": "API Errors",
+ "type": "row"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 6,
+ "w": 12,
+ "x": 0,
+ "y": 12
+ },
+ "id": 16,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sort": "avg",
+ "sortDesc": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(openstack_http_response_times_count{http_status=~\"4..\"}[$rate_interval])) by (service)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{service}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Client Errors",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 6,
+ "w": 12,
+ "x": 12,
+ "y": 12
+ },
+ "id": 15,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sort": "avg",
+ "sortDesc": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(openstack_http_response_times_count{http_status=~\"5..\"}[$rate_interval])) by (service)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{service}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Server Errors",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "collapsed": true,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 18
+ },
+ "id": 20,
+ "panels": [
+ {
+ "aliasColors": {},
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 8,
+ "w": 24,
+ "x": 0,
+ "y": 19
+ },
+ "id": 22,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideZero": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": false,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "max(openstack_nova_aggregate_used_vcpus) by (aggregate)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{aggregate}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU",
+ "tooltip": {
+ "shared": false,
+ "sort": 1,
+ "value_type": "individual"
+ },
+ "transparent": false,
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "series",
+ "name": null,
+ "show": true,
+ "values": [
+ "current"
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "none",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": 1
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 8,
+ "w": 24,
+ "x": 0,
+ "y": 27
+ },
+ "id": 23,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideZero": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": false,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "max(openstack_nova_aggregate_ram - openstack_nova_aggregate_free_ram) by (aggregate)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{aggregate}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "RAM",
+ "tooltip": {
+ "shared": false,
+ "sort": 1,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "series",
+ "name": null,
+ "show": true,
+ "values": [
+ "current"
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "decmbytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": 1
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 8,
+ "w": 24,
+ "x": 0,
+ "y": 35
+ },
+ "id": 24,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideZero": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": false,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "max(openstack_nova_aggregate_disk - openstack_nova_aggregate_disk_available) by (aggregate)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{aggregate}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Disk",
+ "tooltip": {
+ "shared": false,
+ "sort": 1,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "series",
+ "name": null,
+ "show": true,
+ "values": [
+ "current"
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "decgbytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": 1
+ }
+ }
+ ],
+ "title": "Allocated per Aggregate",
+ "type": "row"
+ }
+ ],
+ "refresh": "1m",
+ "schemaVersion": 16,
+ "style": "dark",
+ "tags": [
+ "openstack"
+ ],
+ "templating": {
+ "list": [
+ {
+ "allValue": null,
+ "current": {
+ "tags": [],
+ "text": "15m",
+ "value": "15m"
+ },
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "rate_interval",
+ "options": [
+ {
+ "selected": false,
+ "text": "1m",
+ "value": "1m"
+ },
+ {
+ "selected": false,
+ "text": "3m",
+ "value": "3m"
+ },
+ {
+ "selected": false,
+ "text": "5m",
+ "value": "5m"
+ },
+ {
+ "selected": false,
+ "text": "10m",
+ "value": "10m"
+ },
+ {
+ "selected": true,
+ "text": "15m",
+ "value": "15m"
+ }
+ ],
+ "query": "1m,3m,5m,10m,15m",
+ "type": "custom"
+ }
+ ]
+ },
+ "time": {
+ "from": "now-24h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "",
+ "title": "Openstack - Overview",
+ "uid": null,
+ "version": 1
+}
+{%- endraw %}
diff --git a/nova/files/juno/nova-compute.conf.Debian b/nova/files/juno/nova-compute.conf.Debian
index de61288..b5693e7 100644
--- a/nova/files/juno/nova-compute.conf.Debian
+++ b/nova/files/juno/nova-compute.conf.Debian
@@ -94,7 +94,9 @@
rpc_cast_timeout = 30
rpc_conn_pool_size = 300
-rpc_response_timeout = 3600
+{%- if compute.message_queue.rpc_response_timeout is defined %}
+rpc_response_timeout = {{ compute.message_queue.rpc_response_timeout }}
+{%- endif %}
rpc_thread_pool_size = 70
report_interval = 5
diff --git a/nova/files/juno/nova-controller.conf.Debian b/nova/files/juno/nova-controller.conf.Debian
index 7d4c04e..0cdffdc 100644
--- a/nova/files/juno/nova-controller.conf.Debian
+++ b/nova/files/juno/nova-controller.conf.Debian
@@ -20,6 +20,9 @@
libvirt_inject_partition = -1
vif_plugging_is_fatal = False
vif_plugging_timeout = 0
+{%- if controller.default_schedule_zone is defined %}
+default_schedule_zone = {{ controller.default_schedule_zone }}
+{%- endif %}
allow_resize_to_same_host = True
@@ -118,7 +121,9 @@
rpc_cast_timeout = 30
rpc_conn_pool_size = 300
-rpc_response_timeout = 3600
+{%- if controller.message_queue.rpc_response_timeout is defined %}
+rpc_response_timeout = {{ controller.message_queue.rpc_response_timeout }}
+{%- endif %}
rpc_thread_pool_size = 70
report_interval = 5
diff --git a/nova/files/kilo/nova-compute.conf.Debian b/nova/files/kilo/nova-compute.conf.Debian
index 059ae78..d76e9a1 100644
--- a/nova/files/kilo/nova-compute.conf.Debian
+++ b/nova/files/kilo/nova-compute.conf.Debian
@@ -83,7 +83,9 @@
rpc_cast_timeout = 30
rpc_conn_pool_size = 300
-rpc_response_timeout = 3600
+{%- if compute.message_queue.rpc_response_timeout is defined %}
+rpc_response_timeout = {{ compute.message_queue.rpc_response_timeout }}
+{%- endif %}
rpc_thread_pool_size = 70
report_interval = {{ compute.get('report_interval', '60') }}
diff --git a/nova/files/kilo/nova-controller.conf.Debian b/nova/files/kilo/nova-controller.conf.Debian
index 228c358..64a40d8 100644
--- a/nova/files/kilo/nova-controller.conf.Debian
+++ b/nova/files/kilo/nova-controller.conf.Debian
@@ -23,6 +23,9 @@
cpu_allocation_ratio = {{ controller.cpu_allocation_ratio }}
ram_allocation_ratio = {{ controller.ram_allocation_ratio }}
disk_allocation_ratio = {{ controller.disk_allocation_ratio }}
+{%- if controller.default_schedule_zone is defined %}
+default_schedule_zone = {{ controller.default_schedule_zone }}
+{%- endif %}
scheduler_default_filters = {{ controller.scheduler_default_filters }}
vnc_keymap = {{ controller.get('vnc_keymap', 'en-us') }}
@@ -107,7 +110,9 @@
rpc_cast_timeout = 30
rpc_conn_pool_size = 300
-rpc_response_timeout = 3600
+{%- if controller.message_queue.rpc_response_timeout is defined %}
+rpc_response_timeout = {{ controller.message_queue.rpc_response_timeout }}
+{%- endif %}
rpc_thread_pool_size = 70
report_interval = 5
diff --git a/nova/files/liberty/nova-compute.conf.Debian b/nova/files/liberty/nova-compute.conf.Debian
index 90e56ee..de611f7 100644
--- a/nova/files/liberty/nova-compute.conf.Debian
+++ b/nova/files/liberty/nova-compute.conf.Debian
@@ -91,7 +91,9 @@
rpc_cast_timeout = 30
rpc_conn_pool_size = 300
-rpc_response_timeout = 3600
+{%- if compute.message_queue.rpc_response_timeout is defined %}
+rpc_response_timeout = {{ compute.message_queue.rpc_response_timeout }}
+{%- endif %}
rpc_thread_pool_size = 70
report_interval = {{ compute.get('report_interval', '60') }}
diff --git a/nova/files/liberty/nova-controller.conf.Debian b/nova/files/liberty/nova-controller.conf.Debian
index 4ceb955..64d8c85 100644
--- a/nova/files/liberty/nova-controller.conf.Debian
+++ b/nova/files/liberty/nova-controller.conf.Debian
@@ -105,7 +105,9 @@
rpc_cast_timeout = 30
rpc_conn_pool_size = 300
-rpc_response_timeout = 3600
+{%- if controller.message_queue.rpc_response_timeout is defined %}
+rpc_response_timeout = {{ controller.message_queue.rpc_response_timeout }}
+{%- endif %}
rpc_thread_pool_size = 70
report_interval = 5
diff --git a/nova/files/logging.conf b/nova/files/logging.conf
deleted file mode 100644
index fbc6ecb..0000000
--- a/nova/files/logging.conf
+++ /dev/null
@@ -1,86 +0,0 @@
-{%- set log_handlers = [] -%}
-{%- for log_handler_name, log_handler_attrs in values.logging.log_handlers.items() %}
- {%- if log_handler_attrs.get('enabled', False) %}
- {%- do log_handlers.append(log_handler_name) -%}
- {%- endif %}
-{%- endfor %}
-
-[loggers]
-keys = root, nova
-
-[handlers]
-keys = {{ log_handlers | join(", ") }}
-
-[formatters]
-keys = context, default, fluentd
-
-[logger_root]
-level = WARNING
-handlers = {{ log_handlers | join(", ") }}
-
-[logger_nova]
-level = INFO
-handlers = {{ log_handlers | join(", ") }}
-qualname = nova
-propagate = 0
-
-[logger_amqp]
-level = WARNING
-handlers = {{ log_handlers | join(", ") }}
-qualname = amqp
-
-[logger_amqplib]
-level = WARNING
-handlers = {{ log_handlers | join(", ") }}
-qualname = amqplib
-
-[logger_sqlalchemy]
-level = WARNING
-handlers = {{ log_handlers | join(", ") }}
-qualname = sqlalchemy
-# "level = INFO" logs SQL queries.
-# "level = DEBUG" logs SQL queries and results.
-# "level = WARNING" logs neither. (Recommended for production systems.)
-
-[logger_boto]
-level = WARNING
-handlers = {{ log_handlers | join(", ") }}
-qualname = boto
-
-# NOTE(mikal): suds is used by the vmware driver, removing this will
-# cause many extraneous log lines for their tempest runs. Refer to
-# https://review.openstack.org/#/c/219225/ for details.
-[logger_suds]
-level = INFO
-handlers = {{ log_handlers | join(", ") }}
-qualname = suds
-
-[logger_eventletwsgi]
-level = WARNING
-handlers = {{ log_handlers | join(", ") }}
-qualname = eventlet.wsgi.server
-
-{% if values.logging.log_handlers.get('fluentd').get('enabled', False) -%}
-[handler_fluentd]
-class = fluent.handler.FluentHandler
-args = ('openstack.{{ service_name | replace("-", ".", 1) }}', 'localhost', 24224)
-formatter = fluentd
-{%- endif %}
-
-{% if values.logging.log_handlers.watchedfile.enabled -%}
-[handler_watchedfile]
-class = handlers.WatchedFileHandler
-args = ('/var/log/nova/{{ service_name }}.log',)
-formatter = context
-{%- endif %}
-
-[formatter_context]
-class = oslo_log.formatters.ContextFormatter
-
-[formatter_default]
-format = %(message)s
-
-{% if values.logging.log_handlers.get('fluentd').get('enabled', False) -%}
-[formatter_fluentd]
-class = oslo_log.formatters.FluentFormatter
-{%- endif %}
diff --git a/nova/files/mitaka/libvirtd.conf.Debian b/nova/files/mitaka/libvirtd.conf.Debian
index 4fab737..607cbcb 100644
--- a/nova/files/mitaka/libvirtd.conf.Debian
+++ b/nova/files/mitaka/libvirtd.conf.Debian
@@ -295,7 +295,9 @@
# Logging level: 4 errors, 3 warnings, 2 information, 1 debug
# basically 1 will log everything possible
#log_level = 3
-
+{%- if compute.libvirt.get('logging',{}).level is defined %}
+log_level = {{ compute.libvirt.logging.level }}
+{%- endif %}
# Logging filters:
# A filter allows to select a different logging level for a given category
# of logs
@@ -317,7 +319,9 @@
# e.g. to only get warning or errors from the remote layer and only errors
# from the event layer:
#log_filters="3:remote 4:event"
-
+{%- if compute.libvirt.get('logging',{}).filters is defined %}
+log_filters={{ compute.libvirt.logging.filters|yaml_dquote }}
+{%- endif %}
# Logging outputs:
# An output is one of the places to save logging information
# The format for an output can be:
@@ -336,16 +340,18 @@
# Multiple output can be defined, they just need to be separated by spaces.
# e.g. to log all warnings and errors to syslog under the libvirtd ident:
#log_outputs="3:syslog:libvirtd"
-#
-
+{%- if compute.libvirt.get('logging',{}).outputs is defined %}
+log_outputs={{ compute.libvirt.logging.outputs|yaml_dquote }}
+{%- endif %}
# Log debug buffer size: default 64
# The daemon keeps an internal debug log buffer which will be dumped in case
# of crash or upon receiving a SIGUSR2 signal. This setting allows to override
# the default buffer size in kilobytes.
# If value is 0 or less the debug log buffer is deactivated
#log_buffer_size = 64
-
-
+{%- if compute.libvirt.get('logging',{}).buffer_size is defined %}
+log_buffer_size = {{ compute.libvirt.logging.buffer_size }}
+{%- endif %}
##################################################################
#
# Auditing
@@ -400,4 +406,4 @@
# If set to 1, libvirtd will refuse to talk to clients that do not
# support keepalive protocol. Defaults to 0.
#
-#keepalive_required = 1
\ No newline at end of file
+#keepalive_required = 1
diff --git a/nova/files/mitaka/nova-compute.conf.Debian b/nova/files/mitaka/nova-compute.conf.Debian
index f6aa190..4b22b31 100644
--- a/nova/files/mitaka/nova-compute.conf.Debian
+++ b/nova/files/mitaka/nova-compute.conf.Debian
@@ -26,6 +26,7 @@
{%- if compute.image.use_cow is defined %}
use_cow_images = {{ compute.image.use_cow }}
{%- endif %}
+force_raw_images={{ compute.get('image', {}).get('force_raw', True)|lower }}
{%- if compute.my_ip is defined %}
my_ip={{ compute.my_ip }}
{%- endif %}
@@ -67,7 +68,9 @@
firewall_driver = nova.virt.firewall.NoopFirewallDriver
rpc_cast_timeout = 30
-rpc_response_timeout = 3600
+{%- if compute.message_queue.rpc_response_timeout is defined %}
+rpc_response_timeout = {{ compute.message_queue.rpc_response_timeout }}
+{%- endif %}
executor_thread_pool_size = 70
report_interval = {{ compute.get('report_interval', '60') }}
@@ -109,7 +112,11 @@
enabled = true
novncproxy_base_url={{ compute.vncproxy_url }}/vnc_auto.html
novncproxy_port={{ compute.bind.vnc_port }}
+{%- if compute.bind.vnc_address is defined %}
+vncserver_listen={{ compute.bind.vnc_address }}
+{%- else %}
vncserver_listen=0.0.0.0
+{%- endif %}
vncserver_proxyclient_address={{ compute.bind.vnc_address }}
keymap = {{ compute.get('vnc_keymap', 'en-us') }}
@@ -126,9 +133,19 @@
[libvirt]
cpu_mode = {{ compute.get('cpu_mode', 'host-passthrough') }}
+{%- if compute.libvirt.virt_type is defined %}
+virt_type = {{ compute.libvirt.virt_type }}
+{%- else %}
virt_type = kvm
-inject_partition=-2
+{%- endif%}
+
+inject_partition={{ compute.libvirt.inject_partition }}
+{%- if compute.libvirt.get('inject_partition', '-2')|string == '-2' %}
inject_password=False
+{%- else %}
+inject_password={{ compute.libvirt.inject_password }}
+{%- endif %}
+
disk_cachemodes="{{ compute.get('disk_cachemodes', 'network=writeback,block=none') }}"
libvirt_inject_password=True
block_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_NON_SHARED_INC
diff --git a/nova/files/mitaka/nova-controller.conf.Debian b/nova/files/mitaka/nova-controller.conf.Debian
index 2ed73c4..5f568da 100644
--- a/nova/files/mitaka/nova-controller.conf.Debian
+++ b/nova/files/mitaka/nova-controller.conf.Debian
@@ -25,6 +25,9 @@
scheduler_default_filters = {{ controller.scheduler_default_filters }}
scheduler_available_filters = nova.scheduler.filters.all_filters
scheduler_available_filters = nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter
+{%- if controller.default_schedule_zone is defined %}
+default_schedule_zone = {{ controller.default_schedule_zone }}
+{%- endif %}
{% for filter in controller.get('scheduler_custom_filters', []) %}
scheduler_available_filters = {{ filter }}
{% endfor %}
@@ -64,13 +67,19 @@
allow_resize_to_same_host=True
rpc_cast_timeout = 30
-rpc_response_timeout = 3600
+{%- if controller.message_queue.rpc_response_timeout is defined %}
+rpc_response_timeout = {{ controller.message_queue.rpc_response_timeout }}
+{%- endif %}
rpc_thread_pool_size = 70
report_interval = 5
block_device_allocate_retries=600
block_device_allocate_retries_interval=10
+{%- if controller.host is defined %}
+host={{ controller.host }}
+{%- endif %}
+
[vnc]
enabled = true
novncproxy_host = {{ controller.bind.get('novncproxy_address', '0.0.0.0') }}
diff --git a/nova/files/mitaka/qemu.conf.Debian b/nova/files/mitaka/qemu.conf.Debian
index 5b039c4..a338e7d 100644
--- a/nova/files/mitaka/qemu.conf.Debian
+++ b/nova/files/mitaka/qemu.conf.Debian
@@ -484,3 +484,21 @@
"/dev/vfio/vfio",
{% endif %}
]
+
+# The backend to use for handling stdout/stderr output from
+# QEMU processes.
+#
+# 'file': QEMU writes directly to a plain file. This is the
+# historical default, but allows QEMU to inflict a
+# denial of service attack on the host by exhausting
+# filesystem space
+#
+# 'logd': QEMU writes to a pipe provided by virtlogd daemon.
+# This is the current default, providing protection
+# against denial of service by performing log file
+# rollover when a size limit is hit.
+#
+#stdio_handler = "logd"
+{%- if compute.get('qemu',{}).get('logging',{}).handler is defined %}
+stdio_handler = "{{ compute.qemu.logging.handler }}"
+{%- endif %}
diff --git a/nova/files/mitaka/virtlogd.conf.Debian b/nova/files/mitaka/virtlogd.conf.Debian
new file mode 100644
index 0000000..ecb5b2e
--- /dev/null
+++ b/nova/files/mitaka/virtlogd.conf.Debian
@@ -0,0 +1,78 @@
+{%- from "nova/map.jinja" import compute with context %}
+# Master virtlogd daemon configuration file
+#
+
+#################################################################
+#
+# Logging controls
+#
+
+# Logging level: 4 errors, 3 warnings, 2 information, 1 debug
+# basically 1 will log everything possible
+{%- if compute.get('virtlog',{}).level is defined %}
+log_level = {{ compute.virtlog.level }}
+{%- endif %}
+# Logging filters:
+# A filter allows to select a different logging level for a given category
+# of logs
+# The format for a filter is one of:
+# x:name
+# x:+name
+# where name is a string which is matched against source file name,
+# e.g., "remote", "qemu", or "util/json", the optional "+" prefix
+# tells libvirt to log stack trace for each message matching name,
+# and x is the minimal level where matching messages should be logged:
+# 1: DEBUG
+# 2: INFO
+# 3: WARNING
+# 4: ERROR
+#
+# Multiple filter can be defined in a single @filters, they just need to be
+# separated by spaces.
+#
+# e.g. to only get warning or errors from the remote layer and only errors
+# from the event layer:
+#log_filters="3:remote 4:event"
+{%- if compute.get('virtlog',{}).filters is defined %}
+log_filters={{ compute.virtlog.get('filters')|yaml_dquote }}
+{%- endif %}
+# Logging outputs:
+# An output is one of the places to save logging information
+# The format for an output can be:
+# x:stderr
+# output goes to stderr
+# x:syslog:name
+# use syslog for the output and use the given name as the ident
+# x:file:file_path
+# output to a file, with the given filepath
+# x:journald
+# ouput to the systemd journal
+# In all case the x prefix is the minimal level, acting as a filter
+# 1: DEBUG
+# 2: INFO
+# 3: WARNING
+# 4: ERROR
+#
+# Multiple output can be defined, they just need to be separated by spaces.
+# e.g. to log all warnings and errors to syslog under the virtlogd ident:
+#log_outputs="3:syslog:virtlogd"
+{%- if compute.get('virtlog',{}).outputs is defined %}
+log_outputs={{ compute.virtlog.get('outputs')|yaml_dquote }}
+{%- endif %}
+# The maximum number of concurrent client connections to allow
+# over all sockets combined.
+#max_clients = 1024
+{%- if compute.get('virtlog',{}).max_clients is defined %}
+max_clients = {{ compute.virtlog.max_clients }}
+{%- endif %}
+# Maximum file size before rolling over. Defaults to 2 MB
+#max_size = 2097152
+{%- if compute.get('virtlog',{}).max_size is defined %}
+max_size = {{ compute.virtlog.max_size }}
+{%- endif %}
+# Maximum number of backup files to keep. Defaults to 3,
+# not including the primary active file
+#max_backups = 3
+{%- if compute.get('virtlog',{}).max_backups is defined %}
+max_backups = {{ compute.virtlog.max_backups }}
+{%- endif %}
diff --git a/nova/files/mitaka/virtlogd.conf.RedHat b/nova/files/mitaka/virtlogd.conf.RedHat
new file mode 120000
index 0000000..d466306
--- /dev/null
+++ b/nova/files/mitaka/virtlogd.conf.RedHat
@@ -0,0 +1 @@
+virtlogd.conf.Debian
\ No newline at end of file
diff --git a/nova/files/newton/libvirtd.conf.Debian b/nova/files/newton/libvirtd.conf.Debian
index 4fab737..607cbcb 100644
--- a/nova/files/newton/libvirtd.conf.Debian
+++ b/nova/files/newton/libvirtd.conf.Debian
@@ -295,7 +295,9 @@
# Logging level: 4 errors, 3 warnings, 2 information, 1 debug
# basically 1 will log everything possible
#log_level = 3
-
+{%- if compute.libvirt.get('logging',{}).level is defined %}
+log_level = {{ compute.libvirt.logging.level }}
+{%- endif %}
# Logging filters:
# A filter allows to select a different logging level for a given category
# of logs
@@ -317,7 +319,9 @@
# e.g. to only get warning or errors from the remote layer and only errors
# from the event layer:
#log_filters="3:remote 4:event"
-
+{%- if compute.libvirt.get('logging',{}).filters is defined %}
+log_filters={{ compute.libvirt.logging.filters|yaml_dquote }}
+{%- endif %}
# Logging outputs:
# An output is one of the places to save logging information
# The format for an output can be:
@@ -336,16 +340,18 @@
# Multiple output can be defined, they just need to be separated by spaces.
# e.g. to log all warnings and errors to syslog under the libvirtd ident:
#log_outputs="3:syslog:libvirtd"
-#
-
+{%- if compute.libvirt.get('logging',{}).outputs is defined %}
+log_outputs={{ compute.libvirt.logging.outputs|yaml_dquote }}
+{%- endif %}
# Log debug buffer size: default 64
# The daemon keeps an internal debug log buffer which will be dumped in case
# of crash or upon receiving a SIGUSR2 signal. This setting allows to override
# the default buffer size in kilobytes.
# If value is 0 or less the debug log buffer is deactivated
#log_buffer_size = 64
-
-
+{%- if compute.libvirt.get('logging',{}).buffer_size is defined %}
+log_buffer_size = {{ compute.libvirt.logging.buffer_size }}
+{%- endif %}
##################################################################
#
# Auditing
@@ -400,4 +406,4 @@
# If set to 1, libvirtd will refuse to talk to clients that do not
# support keepalive protocol. Defaults to 0.
#
-#keepalive_required = 1
\ No newline at end of file
+#keepalive_required = 1
diff --git a/nova/files/newton/nova-compute.conf.Debian b/nova/files/newton/nova-compute.conf.Debian
index 622c832..b0d8f9c 100644
--- a/nova/files/newton/nova-compute.conf.Debian
+++ b/nova/files/newton/nova-compute.conf.Debian
@@ -14,7 +14,7 @@
config_drive_format={{ compute.get('config_drive_format', compute.get('config_drive', {}).get('format', 'vfat')) }}
force_config_drive={{ compute.get('config_drive', {}).get('forced', True)|lower }}
config_drive_inject_password={{ compute.get('config_drive', {}).get('inject_password', False)|lower }}
-force_raw_images=True
+force_raw_images={{ compute.get('image', {}).get('force_raw', True)|lower }}
notify_api_faults=False
security_group_api=neutron
vif_plugging_is_fatal=True
@@ -87,7 +87,9 @@
firewall_driver = nova.virt.firewall.NoopFirewallDriver
rpc_cast_timeout = 30
-rpc_response_timeout = 3600
+{%- if compute.message_queue.rpc_response_timeout is defined %}
+rpc_response_timeout = {{ compute.message_queue.rpc_response_timeout }}
+{%- endif %}
executor_thread_pool_size = 70
report_interval = {{ compute.get('report_interval', '60') }}
@@ -159,9 +161,13 @@
{%- if compute.get('bind', {}).get('vnc_port') %}
novncproxy_port={{ compute.bind.vnc_port }}
{%- endif %}
-vncserver_listen=0.0.0.0
-{%- if compute.get('bind', {}).get('vnc_address') %}
+{%- if compute.bind is defined %}
+{%- if compute.bind.vnc_address is defined %}
+vncserver_listen={{ compute.bind.vnc_address }}
vncserver_proxyclient_address={{ compute.bind.vnc_address }}
+{%- else %}
+vncserver_listen=0.0.0.0
+{%- endif %}
{%- endif %}
keymap = {{ compute.get('vnc_keymap', 'en-us') }}
@@ -179,10 +185,20 @@
{%- endif %}
[libvirt]
-cpu_mode = {{ compute.get('cpu_mode', 'host-passthrough') }}
+cpu_mode = {{ compute.cpu_mode }}
+{%- if compute.libvirt.virt_type is defined %}
+virt_type = {{ compute.libvirt.virt_type }}
+{%- else %}
virt_type = kvm
-inject_partition=-2
+{%- endif%}
+
+inject_partition={{ compute.libvirt.inject_partition }}
+{%- if compute.libvirt.get('inject_partition', '-2')|string == '-2' %}
inject_password=False
+{%- else %}
+inject_password={{ compute.libvirt.inject_password }}
+{%- endif %}
+
disk_cachemodes="{{ compute.get('disk_cachemodes', 'network=writeback,block=none') }}"
libvirt_inject_password=True
block_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_NON_SHARED_INC
@@ -193,6 +209,9 @@
libvirt_inject_key=True
inject_key=False
vif_driver=nova.virt.libvirt.vif.LibvirtGenericVIFDriver
+{%- if compute.get('libvirt', {}).cpu_model is defined and compute.cpu_mode == 'custom' %}
+cpu_model = {{ compute.libvirt.cpu_model }}
+{%- endif %}
{%- if compute.get('ceph', {}).ephemeral is defined %}
images_type=rbd
diff --git a/nova/files/newton/nova-controller.conf.Debian b/nova/files/newton/nova-controller.conf.Debian
index 43a2ec6..26c38a1 100644
--- a/nova/files/newton/nova-controller.conf.Debian
+++ b/nova/files/newton/nova-controller.conf.Debian
@@ -24,6 +24,9 @@
disk_allocation_ratio = {{ controller.disk_allocation_ratio }}
scheduler_default_filters = {{ controller.scheduler_default_filters }}
scheduler_available_filters = nova.scheduler.filters.all_filters
+{%- if controller.default_schedule_zone is defined %}
+default_schedule_zone = {{ controller.default_schedule_zone }}
+{%- endif %}
{% for filter in controller.get('scheduler_custom_filters', []) %}
scheduler_available_filters = {{ filter }}
{% endfor %}
@@ -71,7 +74,9 @@
allow_resize_to_same_host=True
rpc_cast_timeout = 30
-rpc_response_timeout = 3600
+{%- if controller.message_queue.rpc_response_timeout is defined %}
+rpc_response_timeout = {{ controller.message_queue.rpc_response_timeout }}
+{%- endif %}
rpc_thread_pool_size = 70
report_interval = 5
@@ -92,6 +97,11 @@
{# rabbitmq ssl configuration #}
{%- if controller.message_queue.get('ssl',{}).get('enabled', False) %}
+
+{%- if controller.host is defined %}
+host={{ controller.host }}
+{%- endif %}
+
[oslo_messaging_rabbit]
rabbit_use_ssl=true
diff --git a/nova/files/newton/qemu.conf.Debian b/nova/files/newton/qemu.conf.Debian
index 5b039c4..a338e7d 100644
--- a/nova/files/newton/qemu.conf.Debian
+++ b/nova/files/newton/qemu.conf.Debian
@@ -484,3 +484,21 @@
"/dev/vfio/vfio",
{% endif %}
]
+
+# The backend to use for handling stdout/stderr output from
+# QEMU processes.
+#
+# 'file': QEMU writes directly to a plain file. This is the
+# historical default, but allows QEMU to inflict a
+# denial of service attack on the host by exhausting
+# filesystem space
+#
+# 'logd': QEMU writes to a pipe provided by virtlogd daemon.
+# This is the current default, providing protection
+# against denial of service by performing log file
+# rollover when a size limit is hit.
+#
+#stdio_handler = "logd"
+{%- if compute.get('qemu',{}).get('logging',{}).handler is defined %}
+stdio_handler = "{{ compute.qemu.logging.handler }}"
+{%- endif %}
diff --git a/nova/files/newton/virtlogd.conf.Debian b/nova/files/newton/virtlogd.conf.Debian
new file mode 100644
index 0000000..ecb5b2e
--- /dev/null
+++ b/nova/files/newton/virtlogd.conf.Debian
@@ -0,0 +1,78 @@
+{%- from "nova/map.jinja" import compute with context %}
+# Master virtlogd daemon configuration file
+#
+
+#################################################################
+#
+# Logging controls
+#
+
+# Logging level: 4 errors, 3 warnings, 2 information, 1 debug
+# basically 1 will log everything possible
+{%- if compute.get('virtlog',{}).level is defined %}
+log_level = {{ compute.virtlog.level }}
+{%- endif %}
+# Logging filters:
+# A filter allows to select a different logging level for a given category
+# of logs
+# The format for a filter is one of:
+# x:name
+# x:+name
+# where name is a string which is matched against source file name,
+# e.g., "remote", "qemu", or "util/json", the optional "+" prefix
+# tells libvirt to log stack trace for each message matching name,
+# and x is the minimal level where matching messages should be logged:
+# 1: DEBUG
+# 2: INFO
+# 3: WARNING
+# 4: ERROR
+#
+# Multiple filter can be defined in a single @filters, they just need to be
+# separated by spaces.
+#
+# e.g. to only get warning or errors from the remote layer and only errors
+# from the event layer:
+#log_filters="3:remote 4:event"
+{%- if compute.get('virtlog',{}).filters is defined %}
+log_filters={{ compute.virtlog.get('filters')|yaml_dquote }}
+{%- endif %}
+# Logging outputs:
+# An output is one of the places to save logging information
+# The format for an output can be:
+# x:stderr
+# output goes to stderr
+# x:syslog:name
+# use syslog for the output and use the given name as the ident
+# x:file:file_path
+# output to a file, with the given filepath
+# x:journald
+# ouput to the systemd journal
+# In all case the x prefix is the minimal level, acting as a filter
+# 1: DEBUG
+# 2: INFO
+# 3: WARNING
+# 4: ERROR
+#
+# Multiple output can be defined, they just need to be separated by spaces.
+# e.g. to log all warnings and errors to syslog under the virtlogd ident:
+#log_outputs="3:syslog:virtlogd"
+{%- if compute.get('virtlog',{}).outputs is defined %}
+log_outputs={{ compute.virtlog.get('outputs')|yaml_dquote }}
+{%- endif %}
+# The maximum number of concurrent client connections to allow
+# over all sockets combined.
+#max_clients = 1024
+{%- if compute.get('virtlog',{}).max_clients is defined %}
+max_clients = {{ compute.virtlog.max_clients }}
+{%- endif %}
+# Maximum file size before rolling over. Defaults to 2 MB
+#max_size = 2097152
+{%- if compute.get('virtlog',{}).max_size is defined %}
+max_size = {{ compute.virtlog.max_size }}
+{%- endif %}
+# Maximum number of backup files to keep. Defaults to 3,
+# not including the primary active file
+#max_backups = 3
+{%- if compute.get('virtlog',{}).max_backups is defined %}
+max_backups = {{ compute.virtlog.max_backups }}
+{%- endif %}
diff --git a/nova/files/newton/virtlogd.conf.RedHat b/nova/files/newton/virtlogd.conf.RedHat
new file mode 120000
index 0000000..d466306
--- /dev/null
+++ b/nova/files/newton/virtlogd.conf.RedHat
@@ -0,0 +1 @@
+virtlogd.conf.Debian
\ No newline at end of file
diff --git a/nova/files/ocata/libvirt.RedHat b/nova/files/ocata/libvirt.RedHat
new file mode 120000
index 0000000..f8f6638
--- /dev/null
+++ b/nova/files/ocata/libvirt.RedHat
@@ -0,0 +1 @@
+libvirt.Debian
\ No newline at end of file
diff --git a/nova/files/ocata/libvirtd.conf.Debian b/nova/files/ocata/libvirtd.conf.Debian
index 4fab737..1278aea 100644
--- a/nova/files/ocata/libvirtd.conf.Debian
+++ b/nova/files/ocata/libvirtd.conf.Debian
@@ -295,7 +295,9 @@
# Logging level: 4 errors, 3 warnings, 2 information, 1 debug
# basically 1 will log everything possible
#log_level = 3
-
+{%- if compute.libvirt.get('logging',{}).level is defined %}
+log_level = {{ compute.libvirt.logging.level }}
+{%- endif %}
# Logging filters:
# A filter allows to select a different logging level for a given category
# of logs
@@ -317,7 +319,9 @@
# e.g. to only get warning or errors from the remote layer and only errors
# from the event layer:
#log_filters="3:remote 4:event"
-
+{%- if compute.libvirt.get('logging',{}).filters is defined %}
+log_filters={{ compute.libvirt.logging.filters|yaml_dquote }}
+{%- endif %}
# Logging outputs:
# An output is one of the places to save logging information
# The format for an output can be:
@@ -336,15 +340,18 @@
# Multiple output can be defined, they just need to be separated by spaces.
# e.g. to log all warnings and errors to syslog under the libvirtd ident:
#log_outputs="3:syslog:libvirtd"
-#
-
+{%- if compute.libvirt.get('logging',{}).outputs is defined %}
+log_outputs={{ compute.libvirt.logging.outputs|yaml_dquote }}
+{%- endif %}
# Log debug buffer size: default 64
# The daemon keeps an internal debug log buffer which will be dumped in case
# of crash or upon receiving a SIGUSR2 signal. This setting allows to override
# the default buffer size in kilobytes.
# If value is 0 or less the debug log buffer is deactivated
#log_buffer_size = 64
-
+{%- if compute.libvirt.get('logging',{}).buffer_size is defined %}
+log_buffer_size = {{ compute.libvirt.logging.buffer_size }}
+{%- endif %}
##################################################################
#
@@ -400,4 +407,4 @@
# If set to 1, libvirtd will refuse to talk to clients that do not
# support keepalive protocol. Defaults to 0.
#
-#keepalive_required = 1
\ No newline at end of file
+#keepalive_required = 1
diff --git a/nova/files/ocata/libvirtd.conf.RedHat b/nova/files/ocata/libvirtd.conf.RedHat
new file mode 120000
index 0000000..2a7b101
--- /dev/null
+++ b/nova/files/ocata/libvirtd.conf.RedHat
@@ -0,0 +1 @@
+libvirtd.conf.Debian
\ No newline at end of file
diff --git a/nova/files/ocata/nova-compute.conf.Debian b/nova/files/ocata/nova-compute.conf.Debian
index a58482b..60e9cd6 100644
--- a/nova/files/ocata/nova-compute.conf.Debian
+++ b/nova/files/ocata/nova-compute.conf.Debian
@@ -399,7 +399,7 @@
# * ``compute_driver``: Only the libvirt driver uses this option.
# (boolean value)
#force_raw_images=true
-force_raw_images=true
+force_raw_images={{ compute.get('image', {}).get('force_raw', True)|lower }}
#
# Name of the mkfs commands for ephemeral device.
@@ -3090,7 +3090,9 @@
# Seconds to wait for a response from a call. (integer value)
#rpc_response_timeout=60
-rpc_response_timeout = 3600
+{%- if compute.message_queue.rpc_response_timeout is defined %}
+rpc_response_timeout = {{ compute.message_queue.rpc_response_timeout }}
+{%- endif %}
{%- set rabbit_port = compute.message_queue.get('port', 5671 if compute.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
@@ -5939,17 +5941,27 @@
#
# From nova.conf
#
-cpu_mode = {{ compute.get('cpu_mode', 'host-passthrough') }}
+cpu_mode = {{ compute.cpu_mode }}
+{%- if compute.libvirt.virt_type is defined %}
+virt_type = {{ compute.libvirt.virt_type }}
+{%- else %}
virt_type = kvm
-inject_partition=-2
-inject_password=True
+{%- endif%}
+
+inject_partition={{ compute.libvirt.inject_partition }}
+{%- if compute.libvirt.get('inject_partition', '-2')|string == '-2' %}
+inject_password=False
+{%- else %}
+inject_password={{ compute.libvirt.inject_password }}
+{%- endif %}
+
disk_cachemodes="{{ compute.get('disk_cachemodes', 'network=writeback,block=none') }}"
block_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_NON_SHARED_INC
live_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_PERSIST_DEST
inject_key=True
vif_driver=nova.virt.libvirt.vif.LibvirtGenericVIFDriver
-{%- if compute.get('ceph', {}).ephemeral is defined %}
+{%- if compute.get('ceph', {}).get('ephemeral', False) %}
images_type=rbd
images_rbd_pool={{ compute.ceph.rbd_pool }}
images_rbd_ceph_conf=/etc/ceph/ceph.conf
@@ -5957,7 +5969,7 @@
rbd_secret_uuid={{ compute.ceph.secret_uuid }}
inject_password=false
inject_key=false
-{%- elif compute.get('lvm', {}).ephemeral is defined %}
+{%- elif compute.get('lvm', {}).get('ephemeral', False) %}
images_type=lvm
images_volume_group={{ compute.lvm.images_volume_group }}
{%- if compute.lvm.volume_clear is defined %}
@@ -6374,6 +6386,9 @@
# * live_migration_permit_post_copy
# (boolean value)
#live_migration_permit_auto_converge=false
+{%- if compute.libvirt.live_migration_permit_auto_converge is defined %}
+live_migration_permit_auto_converge={{ compute.libvirt.live_migration_permit_auto_converge|lower }}
+{%- endif %}
#
# Determine the snapshot image format when sending to the image service.
@@ -6452,7 +6467,11 @@
# This would result in an error and the instance won't be launched.
# * ``virt_type``: Only the virtualization types ``kvm`` and ``qemu`` use this.
# (string value)
+{%- if compute.get('libvirt', {}).cpu_model is defined and compute.cpu_mode == 'custom' %}
+cpu_model = {{ compute.libvirt.cpu_model }}
+{%- else %}
#cpu_model=<None>
+{%- endif %}
# Location where libvirt driver will store snapshots before uploading them to
# image service (string value)
@@ -9925,9 +9944,13 @@
{%- if compute.bind is defined and compute.bind.vnc_port is defined %}
novncproxy_port={{ compute.bind.vnc_port }}
{%- endif %}
-vncserver_listen=0.0.0.0
-{%- if compute.bind is defined and compute.bind.vnc_address is defined %}
+{%- if compute.bind is defined %}
+{%- if compute.bind.vnc_address is defined %}
+vncserver_listen={{ compute.bind.vnc_address }}
vncserver_proxyclient_address={{ compute.bind.vnc_address }}
+{%- else %}
+vncserver_listen=0.0.0.0
+{%- endif %}
{%- endif %}
keymap = {{ compute.get('vnc_keymap', 'en-us') }}
diff --git a/nova/files/ocata/nova-controller.conf.Debian b/nova/files/ocata/nova-controller.conf.Debian
index df624e2..ac6b0e5 100644
--- a/nova/files/ocata/nova-controller.conf.Debian
+++ b/nova/files/ocata/nova-controller.conf.Debian
@@ -181,7 +181,9 @@
# * Any string representing an availability zone name
# * Default value is None.
# (string value)
-#default_schedule_zone=<None>
+{%- if controller.default_schedule_zone is defined %}
+default_schedule_zone = {{ controller.default_schedule_zone }}
+{%- endif %}
#
# Image properties that should not be inherited from the instance
@@ -1509,6 +1511,9 @@
# * String with hostname, FQDN or IP address. Default is hostname of this host.
# (string value)
#host=lcy01-22
+{%- if controller.host is defined %}
+host={{ controller.host }}
+{%- endif %}
#
# Assign IPv6 and IPv4 addresses when creating instances.
@@ -2690,7 +2695,7 @@
# requests.
# (string value)
#metadata_listen=0.0.0.0
-metadata_listen={{ controller.bind.private_address }}
+metadata_listen={{ controller.get('metadata', {}).get('bind', {}).get('address', controller.bind.private_address) }}
osapi_volume_listen={{ controller.bind.private_address }}
#
@@ -2701,7 +2706,11 @@
# (port value)
# Minimum value: 0
# Maximum value: 65535
+{%- if controller.get('metadata', {}).get('bind', {}).port is defined %}
+metadata_listen_port={{ controller.metadata.bind.port }}
+{%- else %}
#metadata_listen_port=8775
+{%- endif %}
#
# Number of workers for metadata service. If not specified the number of
@@ -3036,7 +3045,9 @@
# Seconds to wait for a response from a call. (integer value)
#rpc_response_timeout=60
-rpc_response_timeout=3600
+{%- if controller.message_queue.rpc_response_timeout is defined %}
+rpc_response_timeout = {{ controller.message_queue.rpc_response_timeout }}
+{%- endif %}
{%- set rabbit_port = controller.message_queue.get('port', 5671 if controller.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
@@ -6336,6 +6347,9 @@
# * live_migration_permit_post_copy
# (boolean value)
#live_migration_permit_auto_converge=false
+{%- if controller.get('libvirt', {}).live_migration_permit_auto_converge is defined %}
+live_migration_permit_auto_converge={{ controller.libvirt.live_migration_permit_auto_converge|lower }}
+{%- endif %}
#
# Determine the snapshot image format when sending to the image service.
diff --git a/nova/files/ocata/qemu.conf.Debian b/nova/files/ocata/qemu.conf.Debian
index 6212dda..cb20491 100644
--- a/nova/files/ocata/qemu.conf.Debian
+++ b/nova/files/ocata/qemu.conf.Debian
@@ -497,3 +497,21 @@
"/dev/vfio/vfio",
{% endif %}
]
+
+# The backend to use for handling stdout/stderr output from
+# QEMU processes.
+#
+# 'file': QEMU writes directly to a plain file. This is the
+# historical default, but allows QEMU to inflict a
+# denial of service attack on the host by exhausting
+# filesystem space
+#
+# 'logd': QEMU writes to a pipe provided by virtlogd daemon.
+# This is the current default, providing protection
+# against denial of service by performing log file
+# rollover when a size limit is hit.
+#
+#stdio_handler = "logd"
+{%- if compute.get('qemu',{}).get('logging',{}).handler is defined %}
+stdio_handler = "{{ compute.qemu.logging.handler }}"
+{%- endif %}
diff --git a/nova/files/ocata/qemu.conf.RedHat b/nova/files/ocata/qemu.conf.RedHat
new file mode 120000
index 0000000..1d23f19
--- /dev/null
+++ b/nova/files/ocata/qemu.conf.RedHat
@@ -0,0 +1 @@
+qemu.conf.Debian
\ No newline at end of file
diff --git a/nova/files/ocata/virtlogd.conf.Debian b/nova/files/ocata/virtlogd.conf.Debian
new file mode 100644
index 0000000..ecb5b2e
--- /dev/null
+++ b/nova/files/ocata/virtlogd.conf.Debian
@@ -0,0 +1,78 @@
+{%- from "nova/map.jinja" import compute with context %}
+# Master virtlogd daemon configuration file
+#
+
+#################################################################
+#
+# Logging controls
+#
+
+# Logging level: 4 errors, 3 warnings, 2 information, 1 debug
+# basically 1 will log everything possible
+{%- if compute.get('virtlog',{}).level is defined %}
+log_level = {{ compute.virtlog.level }}
+{%- endif %}
+# Logging filters:
+# A filter allows to select a different logging level for a given category
+# of logs
+# The format for a filter is one of:
+# x:name
+# x:+name
+# where name is a string which is matched against source file name,
+# e.g., "remote", "qemu", or "util/json", the optional "+" prefix
+# tells libvirt to log stack trace for each message matching name,
+# and x is the minimal level where matching messages should be logged:
+# 1: DEBUG
+# 2: INFO
+# 3: WARNING
+# 4: ERROR
+#
+# Multiple filter can be defined in a single @filters, they just need to be
+# separated by spaces.
+#
+# e.g. to only get warning or errors from the remote layer and only errors
+# from the event layer:
+#log_filters="3:remote 4:event"
+{%- if compute.get('virtlog',{}).filters is defined %}
+log_filters={{ compute.virtlog.get('filters')|yaml_dquote }}
+{%- endif %}
+# Logging outputs:
+# An output is one of the places to save logging information
+# The format for an output can be:
+# x:stderr
+# output goes to stderr
+# x:syslog:name
+# use syslog for the output and use the given name as the ident
+# x:file:file_path
+# output to a file, with the given filepath
+# x:journald
+# ouput to the systemd journal
+# In all case the x prefix is the minimal level, acting as a filter
+# 1: DEBUG
+# 2: INFO
+# 3: WARNING
+# 4: ERROR
+#
+# Multiple output can be defined, they just need to be separated by spaces.
+# e.g. to log all warnings and errors to syslog under the virtlogd ident:
+#log_outputs="3:syslog:virtlogd"
+{%- if compute.get('virtlog',{}).outputs is defined %}
+log_outputs={{ compute.virtlog.get('outputs')|yaml_dquote }}
+{%- endif %}
+# The maximum number of concurrent client connections to allow
+# over all sockets combined.
+#max_clients = 1024
+{%- if compute.get('virtlog',{}).max_clients is defined %}
+max_clients = {{ compute.virtlog.max_clients }}
+{%- endif %}
+# Maximum file size before rolling over. Defaults to 2 MB
+#max_size = 2097152
+{%- if compute.get('virtlog',{}).max_size is defined %}
+max_size = {{ compute.virtlog.max_size }}
+{%- endif %}
+# Maximum number of backup files to keep. Defaults to 3,
+# not including the primary active file
+#max_backups = 3
+{%- if compute.get('virtlog',{}).max_backups is defined %}
+max_backups = {{ compute.virtlog.max_backups }}
+{%- endif %}
diff --git a/nova/files/ocata/virtlogd.conf.RedHat b/nova/files/ocata/virtlogd.conf.RedHat
new file mode 120000
index 0000000..d466306
--- /dev/null
+++ b/nova/files/ocata/virtlogd.conf.RedHat
@@ -0,0 +1 @@
+virtlogd.conf.Debian
\ No newline at end of file
diff --git a/nova/files/pike/compute/_vmware.conf b/nova/files/pike/compute/_vmware.conf
new file mode 100644
index 0000000..2ecf3c4
--- /dev/null
+++ b/nova/files/pike/compute/_vmware.conf
@@ -0,0 +1,310 @@
+
+[vmware]
+#
+# Related options:
+# Following options must be set in order to launch VMware-based
+# virtual machines.
+#
+# * compute_driver: Must use vmwareapi.VMwareVCDriver.
+# * vmware.host_username
+# * vmware.host_password
+# * vmware.cluster_name
+
+#
+# From nova.conf
+#
+
+#
+# This option specifies the physical ethernet adapter name for VLAN
+# networking.
+#
+# Set the vlan_interface configuration option to match the ESX host
+# interface that handles VLAN-tagged VM traffic.
+#
+# Possible values:
+#
+# * Any valid string representing VLAN interface name
+# (string value)
+#vlan_interface = vmnic0
+{%- if _data.vlan_interface is defined %}
+vlan_interface = {{ _data.vlan_interface }}
+{%- endif %}
+
+#
+# This option should be configured only when using the NSX-MH Neutron
+# plugin. This is the name of the integration bridge on the ESXi server
+# or host. This should not be set for any other Neutron plugin. Hence
+# the default value is not set.
+#
+# Possible values:
+#
+# * Any valid string representing the name of the integration bridge
+# (string value)
+#integration_bridge = <None>
+{%- if _data.integration_bridge is defined %}
+integration_bridge = {{ _data.integration_bridge }}
+{%- endif %}
+
+#
+# Set this value if affected by an increased network latency causing
+# repeated characters when typing in a remote console.
+# (integer value)
+# Minimum value: 0
+#console_delay_seconds = <None>
+{%- if _data.console_delay_seconds is defined %}
+console_delay_seconds = {{ _data.console_delay_seconds }}
+{%- endif %}
+
+#
+# Identifies the remote system where the serial port traffic will
+# be sent.
+#
+# This option adds a virtual serial port which sends console output to
+# a configurable service URI. At the service URI address there will be
+# virtual serial port concentrator that will collect console logs.
+# If this is not set, no serial ports will be added to the created VMs.
+#
+# Possible values:
+#
+# * Any valid URI
+# (string value)
+#serial_port_service_uri = <None>
+{%- if _data.serial_port_service_uri is defined %}
+serial_port_service_uri = {{ _data.serial_port_service_uri }}
+{%- endif %}
+
+#
+# Identifies a proxy service that provides network access to the
+# serial_port_service_uri.
+#
+# Possible values:
+#
+# * Any valid URI (The scheme is 'telnet' or 'telnets'.)
+#
+# Related options:
+# This option is ignored if serial_port_service_uri is not specified.
+# * serial_port_service_uri
+# (uri value)
+#serial_port_proxy_uri = <None>
+{%- if _data.serial_port_proxy_uri is defined %}
+serial_port_proxy_uri = {{ _data.serial_port_proxy_uri }}
+{%- endif %}
+
+#
+# Hostname or IP address for connection to VMware vCenter host. (unknown value)
+#host_ip = <None>
+host_ip = {{ _data.host_ip }}
+
+# Port for connection to VMware vCenter host. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#host_port = 443
+{%- if _data.host_port is defined %}
+host_port = {{ _data.host_port }}
+{%- endif %}
+
+# Username for connection to VMware vCenter host. (string value)
+#host_username = <None>
+host_username = {{ _data.host_username }}
+
+# Password for connection to VMware vCenter host. (string value)
+#host_password = <None>
+host_password = {{ _data.host_password }}
+
+#
+# Specifies the CA bundle file to be used in verifying the vCenter
+# server certificate.
+# (string value)
+#ca_file = <None>
+{%- if _data.cacert_file is defined %}
+ca_file = {{ _data.cacert_file }}
+{%- endif %}
+
+#
+# If true, the vCenter server certificate is not verified. If false,
+# then the default CA truststore is used for verification.
+#
+# Related options:
+# * ca_file: This option is ignored if "ca_file" is set.
+# (boolean value)
+#insecure = false
+{%- if _data.insecure is defined %}
+insecure = {{ _data.insecure }}
+{%- endif %}
+
+# Name of a VMware Cluster ComputeResource. (string value)
+#cluster_name = <None>
+cluster_name = {{ _data.cluster_name }}
+
+#
+# Regular expression pattern to match the name of datastore.
+#
+# The datastore_regex setting specifies the datastores to use with
+# Compute. For example, datastore_regex="nas.*" selects all the data
+# stores that have a name starting with "nas".
+#
+# NOTE: If no regex is given, it just picks the datastore with the
+# most freespace.
+#
+# Possible values:
+#
+# * Any matching regular expression to a datastore must be given
+# (string value)
+#datastore_regex = <None>
+{%- if _data.datastore_regex is defined %}
+datastore_regex = {{ _data.datastore_regex }}
+{%- endif %}
+
+#
+# Time interval in seconds to poll remote tasks invoked on
+# VMware VC server.
+# (floating point value)
+#task_poll_interval = 0.5
+{%- if _data.task_poll_interval is defined %}
+task_poll_interval = {{ _data.task_poll_interval }}
+{%- endif %}
+
+
+#
+# Number of times VMware vCenter server API must be retried on connection
+# failures, e.g. socket error, etc.
+# (integer value)
+# Minimum value: 0
+#api_retry_count = 10
+{%- if _data.api_retry_count is defined %}
+api_retry_count = {{ _data.api_retry_count }}
+{%- endif %}
+
+#
+# This option specifies VNC starting port.
+#
+# Every VM created by ESX host has an option of enabling VNC client
+# for remote connection. Above option 'vnc_port' helps you to set
+# default starting port for the VNC client.
+#
+# Possible values:
+#
+# * Any valid port number within 5900 -(5900 + vnc_port_total)
+#
+# Related options:
+# Below options should be set to enable VNC client.
+# * vnc.enabled = True
+# * vnc_port_total
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#vnc_port = 5900
+{%- if _data.vnc_port is defined %}
+vnc_port = {{ _data.vnc_port }}
+{%- endif %}
+
+#
+# Total number of VNC ports.
+# (integer value)
+# Minimum value: 0
+#vnc_port_total = 10000
+{%- if _data.vnc_port_total is defined %}
+vnc_port_total = {{ _data.vnc_port_total }}
+{%- endif %}
+
+#
+# This option enables/disables the use of linked clone.
+#
+# The ESX hypervisor requires a copy of the VMDK file in order to boot
+# up a virtual machine. The compute driver must download the VMDK via
+# HTTP from the OpenStack Image service to a datastore that is visible
+# to the hypervisor and cache it. Subsequent virtual machines that need
+# the VMDK use the cached version and don't have to copy the file again
+# from the OpenStack Image service.
+#
+# If set to false, even with a cached VMDK, there is still a copy
+# operation from the cache location to the hypervisor file directory
+# in the shared datastore. If set to true, the above copy operation
+# is avoided as it creates copy of the virtual machine that shares
+# virtual disks with its parent VM.
+# (boolean value)
+#use_linked_clone = true
+{%- if _data.use_linked_clone is defined %}
+use_linked_clone = {{ _data.use_linked_clone }}
+{%- endif %}
+
+#
+# This option enables or disables storage policy based placement
+# of instances.
+#
+# Related options:
+#
+# * pbm_default_policy
+# (boolean value)
+#pbm_enabled = false
+{%- if _data.pbm_enabled is defined %}
+pbm_enabled = {{ _data.pbm_enabled }}
+{%- endif %}
+
+#
+# This option specifies the PBM service WSDL file location URL.
+#
+# Setting this will disable storage policy based placement
+# of instances.
+#
+# Possible values:
+#
+# * Any valid file path
+# e.g file:///opt/SDK/spbm/wsdl/pbmService.wsdl
+# (string value)
+#pbm_wsdl_location = <None>
+{%- if _data.pbm_wsdl_location is defined %}
+pbm_wsdl_location = {{ _data.pbm_wsdl_location }}
+{%- endif %}
+
+#
+# This option specifies the default policy to be used.
+#
+# If pbm_enabled is set and there is no defined storage policy for the
+# specific request, then this policy will be used.
+#
+# Possible values:
+#
+# * Any valid storage policy such as VSAN default storage policy
+#
+# Related options:
+#
+# * pbm_enabled
+# (string value)
+#pbm_default_policy = <None>
+{%- if _data.pbm_default_policy is defined %}
+pbm_default_policy = {{ _data.pbm_default_policy }}
+{%- endif %}
+
+#
+# This option specifies the limit on the maximum number of objects to
+# return in a single result.
+#
+# A positive value will cause the operation to suspend the retrieval
+# when the count of objects reaches the specified limit. The server may
+# still limit the count to something less than the configured value.
+# Any remaining objects may be retrieved with additional requests.
+# (integer value)
+# Minimum value: 0
+#maximum_objects = 100
+{%- if _data.maximum_objects is defined %}
+maximum_objects = {{ _data.maximum_objects }}
+{%- endif %}
+
+#
+# This option adds a prefix to the folder where cached images are stored
+#
+# This is not the full path - just a folder prefix. This should only be
+# used when a datastore cache is shared between compute nodes.
+#
+# Note: This should only be used when the compute nodes are running on same
+# host or they have a shared file system.
+#
+# Possible values:
+#
+# * Any string representing the cache prefix to the folder
+# (string value)
+#cache_prefix = <None>
+{%- if _data.cache_prefix is defined %}
+cache_prefix = {{ _data.cache_prefix }}
+{%- endif %}
diff --git a/nova/files/pike/libvirt.RedHat b/nova/files/pike/libvirt.RedHat
new file mode 120000
index 0000000..f8f6638
--- /dev/null
+++ b/nova/files/pike/libvirt.RedHat
@@ -0,0 +1 @@
+libvirt.Debian
\ No newline at end of file
diff --git a/nova/files/pike/libvirtd.conf.Debian b/nova/files/pike/libvirtd.conf.Debian
index 4fab737..0f6b341 100644
--- a/nova/files/pike/libvirtd.conf.Debian
+++ b/nova/files/pike/libvirtd.conf.Debian
@@ -22,11 +22,17 @@
# This is enabled by default, uncomment this to disable it
#listen_tls = 0
-
+{%- if compute.libvirt.tls.get('enabled', False) %}
+listen_tcp = 0
+listen_tls = 1
+key_file = {{compute.libvirt.tls.key_file|yaml_squote}}
+cert_file = {{compute.libvirt.tls.cert_file|yaml_squote}}
+ca_file = {{compute.libvirt.tls.ca_file|yaml_squote}}
+{% else %}
listen_tls = 0
listen_tcp = 1
auth_tcp = "none"
-
+{% endif %}
# Listen for unencrypted TCP connections on the public TCP/IP port.
# NB, must pass the --listen flag to the libvirtd process for this to
@@ -295,7 +301,9 @@
# Logging level: 4 errors, 3 warnings, 2 information, 1 debug
# basically 1 will log everything possible
#log_level = 3
-
+{%- if compute.libvirt.get('logging',{}).level is defined %}
+log_level = {{ compute.libvirt.logging.level }}
+{%- endif %}
# Logging filters:
# A filter allows to select a different logging level for a given category
# of logs
@@ -317,6 +325,9 @@
# e.g. to only get warning or errors from the remote layer and only errors
# from the event layer:
#log_filters="3:remote 4:event"
+{%- if compute.libvirt.get('logging',{}).filters is defined %}
+log_filters={{ compute.libvirt.logging.filters|yaml_dquote }}
+{%- endif %}
# Logging outputs:
# An output is one of the places to save logging information
@@ -337,6 +348,9 @@
# e.g. to log all warnings and errors to syslog under the libvirtd ident:
#log_outputs="3:syslog:libvirtd"
#
+{%- if compute.libvirt.get('logging',{}).outputs is defined %}
+log_outputs={{ compute.libvirt.logging.outputs|yaml_dquote }}
+{%- endif %}
# Log debug buffer size: default 64
# The daemon keeps an internal debug log buffer which will be dumped in case
@@ -344,7 +358,9 @@
# the default buffer size in kilobytes.
# If value is 0 or less the debug log buffer is deactivated
#log_buffer_size = 64
-
+{%- if compute.libvirt.get('logging',{}).buffer_size is defined %}
+log_buffer_size = {{ compute.libvirt.logging.buffer_size }}
+{%- endif %}
##################################################################
#
@@ -400,4 +416,4 @@
# If set to 1, libvirtd will refuse to talk to clients that do not
# support keepalive protocol. Defaults to 0.
#
-#keepalive_required = 1
\ No newline at end of file
+#keepalive_required = 1
diff --git a/nova/files/pike/libvirtd.conf.RedHat b/nova/files/pike/libvirtd.conf.RedHat
new file mode 120000
index 0000000..2a7b101
--- /dev/null
+++ b/nova/files/pike/libvirtd.conf.RedHat
@@ -0,0 +1 @@
+libvirtd.conf.Debian
\ No newline at end of file
diff --git a/nova/files/pike/nova-compute.conf.Debian b/nova/files/pike/nova-compute.conf.Debian
index a58482b..7588003 100644
--- a/nova/files/pike/nova-compute.conf.Debian
+++ b/nova/files/pike/nova-compute.conf.Debian
@@ -1,4 +1,5 @@
-{%- from "nova/map.jinja" import compute with context %}
+{%- from "nova/map.jinja" import compute,compute_driver_mapping with context %}
+
[DEFAULT]
#
@@ -374,6 +375,9 @@
# (string value)
# Allowed values: none, space
#preallocate_images=none
+{%- if compute.preallocate_images is defined %}
+preallocate_images = {{ compute.preallocate_images }}
+{%- endif %}
#
# Enable use of copy-on-write (cow) images.
@@ -399,7 +403,7 @@
# * ``compute_driver``: Only the libvirt driver uses this option.
# (boolean value)
#force_raw_images=true
-force_raw_images=true
+force_raw_images={{ compute.get('image', {}).get('force_raw', True)|lower }}
#
# Name of the mkfs commands for ephemeral device.
@@ -3090,7 +3094,9 @@
# Seconds to wait for a response from a call. (integer value)
#rpc_response_timeout=60
-rpc_response_timeout = 3600
+{%- if compute.message_queue.rpc_response_timeout is defined %}
+rpc_response_timeout = {{ compute.message_queue.rpc_response_timeout }}
+{%- endif %}
{%- set rabbit_port = compute.message_queue.get('port', 5671 if compute.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
@@ -4252,6 +4258,37 @@
#vpn_key_suffix=-vpn
+[compute]
+
+#
+# From nova.conf
+#
+
+#
+# Number of consecutive failed builds that result in disabling a compute
+# service.
+#
+# This option will cause nova-compute to set itself to a disabled state
+# if a certain number of consecutive build failures occur. This will
+# prevent the scheduler from continuing to send builds to a compute node that is
+# consistently failing. Note that all failures qualify and count towards this
+# score, including reschedules that may have been due to racy scheduler
+# behavior.
+# Since the failures must be consecutive, it is unlikely that occasional
+# expected
+# reschedules will actually disable a compute node.
+#
+# Possible values:
+#
+# * Any positive integer representing a build failure count.
+# * Zero to never auto-disable.
+# (integer value)
+#consecutive_build_service_disable_threshold = 10
+{%- if compute.get('compute', {}).consecutive_build_service_disable_threshold is defined %}
+consecutive_build_service_disable_threshold = {{ compute.compute.consecutive_build_service_disable_threshold }}
+{%- endif %}
+
+
[conductor]
#
# Options under this group are used to define Conductor's communication,
@@ -5101,7 +5138,9 @@
# * The options in the `key_manager` group, as the key_manager is used
# for the signature validation.
# (boolean value)
-{%- if compute.get('barbican', {}).get('enabled', False) %}
+{%- if compute.get('image', {}).verify_glance_signatures is defined %}
+verify_glance_signatures={{ compute.image.verify_glance_signatures }}
+{%- elif compute.get('barbican', {}).get('enabled', False) %}
verify_glance_signatures=true
{%- else %}
#verify_glance_signatures=false
@@ -5939,17 +5978,27 @@
#
# From nova.conf
#
-cpu_mode = {{ compute.get('cpu_mode', 'host-passthrough') }}
+cpu_mode = {{ compute.cpu_mode }}
+{%- if compute.libvirt.virt_type is defined %}
+virt_type = {{ compute.libvirt.virt_type }}
+{%- else %}
virt_type = kvm
-inject_partition=-2
-inject_password=True
+{%- endif%}
+
+inject_partition={{ compute.libvirt.inject_partition }}
+{%- if compute.libvirt.get('inject_partition', '-2')|string == '-2' %}
+inject_password=False
+{%- else %}
+inject_password={{ compute.libvirt.inject_password }}
+{%- endif %}
+
disk_cachemodes="{{ compute.get('disk_cachemodes', 'network=writeback,block=none') }}"
block_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_NON_SHARED_INC
live_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_PERSIST_DEST
inject_key=True
vif_driver=nova.virt.libvirt.vif.LibvirtGenericVIFDriver
-{%- if compute.get('ceph', {}).ephemeral is defined %}
+{%- if compute.get('ceph', {}).get('ephemeral', False) %}
images_type=rbd
images_rbd_pool={{ compute.ceph.rbd_pool }}
images_rbd_ceph_conf=/etc/ceph/ceph.conf
@@ -5957,7 +6006,7 @@
rbd_secret_uuid={{ compute.ceph.secret_uuid }}
inject_password=false
inject_key=false
-{%- elif compute.get('lvm', {}).ephemeral is defined %}
+{%- elif compute.get('lvm', {}).get('ephemeral', False) %}
images_type=lvm
images_volume_group={{ compute.lvm.images_volume_group }}
{%- if compute.lvm.volume_clear is defined %}
@@ -5968,10 +6017,14 @@
{%- endif %}
{%- endif %}
+{%- if compute.libvirt.tls.get('enabled', False) %}
+live_migration_scheme="tls"
+{%- else %}
{%- if compute.get('libvirt', {}).uri is defined %}
connection_uri={{ compute.libvirt.uri }}
{%- endif %}
-#
+{%- endif %}
+
# The ID of the image to boot from to rescue data from a corrupted instance.
#
# If the rescue REST API operation doesn't provide an ID of an image to
@@ -6374,6 +6427,9 @@
# * live_migration_permit_post_copy
# (boolean value)
#live_migration_permit_auto_converge=false
+{%- if compute.libvirt.live_migration_permit_auto_converge is defined %}
+live_migration_permit_auto_converge={{ compute.libvirt.live_migration_permit_auto_converge|lower }}
+{%- endif %}
#
# Determine the snapshot image format when sending to the image service.
@@ -6452,7 +6508,12 @@
# This would result in an error and the instance won't be launched.
# * ``virt_type``: Only the virtualization types ``kvm`` and ``qemu`` use this.
# (string value)
+{%- if compute.get('libvirt', {}).cpu_model is defined and compute.cpu_mode == 'custom' %}
+cpu_model = {{ compute.libvirt.cpu_model }}
+{%- else %}
#cpu_model=<None>
+{%- endif %}
+
# Location where libvirt driver will store snapshots before uploading them to
# image service (string value)
@@ -9640,274 +9701,11 @@
# Tenant Name (string value)
#tenant_name=<None>
-
-[vmware]
-#
-# Related options:
-# Following options must be set in order to launch VMware-based
-# virtual machines.
-#
-# * compute_driver: Must use vmwareapi.VMwareVCDriver.
-# * vmware.host_username
-# * vmware.host_password
-# * vmware.cluster_name
-
-#
-# From nova.conf
-#
-
-#
-# This option specifies the physical ethernet adapter name for VLAN
-# networking.
-#
-# Set the vlan_interface configuration option to match the ESX host
-# interface that handles VLAN-tagged VM traffic.
-#
-# Possible values:
-#
-# * Any valid string representing VLAN interface name
-# (string value)
-#vlan_interface=vmnic0
-
-#
-# This option should be configured only when using the NSX-MH Neutron
-# plugin. This is the name of the integration bridge on the ESXi server
-# or host. This should not be set for any other Neutron plugin. Hence
-# the default value is not set.
-#
-# Possible values:
-#
-# * Any valid string representing the name of the integration bridge
-# (string value)
-#integration_bridge=<None>
-
-#
-# Set this value if affected by an increased network latency causing
-# repeated characters when typing in a remote console.
-# (integer value)
-# Minimum value: 0
-#console_delay_seconds=<None>
-
-#
-# Identifies the remote system where the serial port traffic will
-# be sent.
-#
-# This option adds a virtual serial port which sends console output to
-# a configurable service URI. At the service URI address there will be
-# virtual serial port concentrator that will collect console logs.
-# If this is not set, no serial ports will be added to the created VMs.
-#
-# Possible values:
-#
-# * Any valid URI
-# (string value)
-#serial_port_service_uri=<None>
-
-#
-# Identifies a proxy service that provides network access to the
-# serial_port_service_uri.
-#
-# Possible values:
-#
-# * Any valid URI
-#
-# Related options:
-# This option is ignored if serial_port_service_uri is not specified.
-# * serial_port_service_uri
-# (string value)
-#serial_port_proxy_uri=<None>
-
-#
-# Hostname or IP address for connection to VMware vCenter host. (string value)
-#host_ip=<None>
-
-# Port for connection to VMware vCenter host. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#host_port=443
-
-# Username for connection to VMware vCenter host. (string value)
-#host_username=<None>
-
-# Password for connection to VMware vCenter host. (string value)
-#host_password=<None>
-
-#
-# Specifies the CA bundle file to be used in verifying the vCenter
-# server certificate.
-# (string value)
-#ca_file=<None>
-
-#
-# If true, the vCenter server certificate is not verified. If false,
-# then the default CA truststore is used for verification.
-#
-# Related options:
-# * ca_file: This option is ignored if "ca_file" is set.
-# (boolean value)
-#insecure=false
-
-# Name of a VMware Cluster ComputeResource. (string value)
-#cluster_name=<None>
-
-#
-# Regular expression pattern to match the name of datastore.
-#
-# The datastore_regex setting specifies the datastores to use with
-# Compute. For example, datastore_regex="nas.*" selects all the data
-# stores that have a name starting with "nas".
-#
-# NOTE: If no regex is given, it just picks the datastore with the
-# most freespace.
-#
-# Possible values:
-#
-# * Any matching regular expression to a datastore must be given
-# (string value)
-#datastore_regex=<None>
-
-#
-# Time interval in seconds to poll remote tasks invoked on
-# VMware VC server.
-# (floating point value)
-#task_poll_interval=0.5
-
-#
-# Number of times VMware vCenter server API must be retried on connection
-# failures, e.g. socket error, etc.
-# (integer value)
-# Minimum value: 0
-#api_retry_count=10
-
-#
-# This option specifies VNC starting port.
-#
-# Every VM created by ESX host has an option of enabling VNC client
-# for remote connection. Above option 'vnc_port' helps you to set
-# default starting port for the VNC client.
-#
-# Possible values:
-#
-# * Any valid port number within 5900 -(5900 + vnc_port_total)
-#
-# Related options:
-# Below options should be set to enable VNC client.
-# * vnc.enabled = True
-# * vnc_port_total
-# (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#vnc_port=5900
-
-#
-# Total number of VNC ports.
-# (integer value)
-# Minimum value: 0
-#vnc_port_total=10000
-
-#
-# This option enables/disables the use of linked clone.
-#
-# The ESX hypervisor requires a copy of the VMDK file in order to boot
-# up a virtual machine. The compute driver must download the VMDK via
-# HTTP from the OpenStack Image service to a datastore that is visible
-# to the hypervisor and cache it. Subsequent virtual machines that need
-# the VMDK use the cached version and don't have to copy the file again
-# from the OpenStack Image service.
-#
-# If set to false, even with a cached VMDK, there is still a copy
-# operation from the cache location to the hypervisor file directory
-# in the shared datastore. If set to true, the above copy operation
-# is avoided as it creates copy of the virtual machine that shares
-# virtual disks with its parent VM.
-# (boolean value)
-#use_linked_clone=true
-
-# DEPRECATED:
-# This option specifies VIM Service WSDL Location
-#
-# If vSphere API versions 5.1 and later is being used, this section can
-# be ignored. If version is less than 5.1, WSDL files must be hosted
-# locally and their location must be specified in the above section.
-#
-# Optional over-ride to default location for bug work-arounds.
-#
-# Possible values:
-#
-# * http://<server>/vimService.wsdl
-# * file:///opt/stack/vmware/SDK/wsdl/vim25/vimService.wsdl
-# (string value)
-# This option is deprecated for removal since 15.0.0.
-# Its value may be silently ignored in the future.
-# Reason: Only vCenter versions earlier than 5.1 require this option and the
-# current minimum version is 5.1.
-#wsdl_location=<None>
-
-#
-# This option enables or disables storage policy based placement
-# of instances.
-#
-# Related options:
-#
-# * pbm_default_policy
-# (boolean value)
-#pbm_enabled=false
-
-#
-# This option specifies the PBM service WSDL file location URL.
-#
-# Setting this will disable storage policy based placement
-# of instances.
-#
-# Possible values:
-#
-# * Any valid file path
-# e.g file:///opt/SDK/spbm/wsdl/pbmService.wsdl
-# (string value)
-#pbm_wsdl_location=<None>
-
-#
-# This option specifies the default policy to be used.
-#
-# If pbm_enabled is set and there is no defined storage policy for the
-# specific request, then this policy will be used.
-#
-# Possible values:
-#
-# * Any valid storage policy such as VSAN default storage policy
-#
-# Related options:
-#
-# * pbm_enabled
-# (string value)
-#pbm_default_policy=<None>
-
-#
-# This option specifies the limit on the maximum number of objects to
-# return in a single result.
-#
-# A positive value will cause the operation to suspend the retrieval
-# when the count of objects reaches the specified limit. The server may
-# still limit the count to something less than the configured value.
-# Any remaining objects may be retrieved with additional requests.
-# (integer value)
-# Minimum value: 0
-#maximum_objects=100
-
-#
-# This option adds a prefix to the folder where cached images are stored
-#
-# This is not the full path - just a folder prefix. This should only be
-# used when a datastore cache is shared between compute nodes.
-#
-# Note: This should only be used when the compute nodes are running on same
-# host or they have a shared file system.
-#
-# Possible values:
-#
-# * Any string representing the cache prefix to the folder
-# (string value)
-#cache_prefix=<None>
+{%- set compute_driver = compute.get('compute_driver', 'libvirt.LibvirtDriver') %}
+{%- if compute_driver in compute_driver_mapping.keys() %}
+{%- set _data = compute.get(compute_driver_mapping[compute_driver]) %}
+{%- include "nova/files/pike/compute/_" + compute_driver_mapping[compute_driver] + ".conf" %}
+{%- endif %}
[vnc]
@@ -9925,9 +9723,13 @@
{%- if compute.bind is defined and compute.bind.vnc_port is defined %}
novncproxy_port={{ compute.bind.vnc_port }}
{%- endif %}
-vncserver_listen=0.0.0.0
-{%- if compute.bind is defined and compute.bind.vnc_address is defined %}
+{%- if compute.bind is defined %}
+{%- if compute.bind.vnc_address is defined %}
+vncserver_listen={{ compute.bind.vnc_address }}
vncserver_proxyclient_address={{ compute.bind.vnc_address }}
+{%- else %}
+vncserver_listen=0.0.0.0
+{%- endif %}
{%- endif %}
keymap = {{ compute.get('vnc_keymap', 'en-us') }}
diff --git a/nova/files/pike/nova-controller.conf.Debian b/nova/files/pike/nova-controller.conf.Debian
index 739efd2..8321a8d 100644
--- a/nova/files/pike/nova-controller.conf.Debian
+++ b/nova/files/pike/nova-controller.conf.Debian
@@ -1,6 +1,13 @@
-{%- from "nova/map.jinja" import controller with context %}
-[DEFAULT]
+{%- from "nova/map.jinja" import controller,compute_driver_mapping with context %}
+{%- set connection_x509_ssl_option = '' %}
+{%- if controller.database.get('x509',{}).get('enabled',False) %}
+ {%- set connection_x509_ssl_option = '&ssl_ca=' ~ controller.database.x509.get('ca_file') ~ '&ssl_cert=' ~ controller.database.x509.get('cert_file') ~ '&ssl_key=' ~ controller.database.x509.get('key_file') %}
+{%- elif controller.database.get('ssl',{}).get('enabled',False) %}
+ {%- set connection_x509_ssl_option = '&ssl_ca=' ~ controller.database.ssl.get('cacert_file', controller.cacert_file) %}
+{%- endif %}
+
+[DEFAULT]
#
# From nova.conf
#
@@ -94,6 +101,9 @@
# starting on 15th day of month.
# (string value)
#instance_usage_audit_period=month
+{% if controller.instance_usage_audit_period is defined %}
+instance_usage_audit_period = {{ controller.instance_usage_audit_period }}
+{%- endif %}
#
# Start and use a daemon that can run the commands that need to be run with
@@ -158,7 +168,7 @@
# * ``hyperv.HyperVDriver``
# (string value)
#compute_driver=<None>
-compute_driver=libvirt.LibvirtDriver
+compute_driver = {{ controller.get('compute_driver', 'libvirt.LibvirtDriver') }}
#
# Allow destination machine to match source for resize. Useful when
@@ -181,7 +191,9 @@
# * Any string representing an availability zone name
# * Default value is None.
# (string value)
-#default_schedule_zone=<None>
+{%- if controller.default_schedule_zone is defined %}
+default_schedule_zone = {{ controller.default_schedule_zone }}
+{%- endif %}
#
# Image properties that should not be inherited from the instance
@@ -637,6 +649,9 @@
# notifications are consumed by OpenStack Telemetry service.
# (boolean value)
#instance_usage_audit=false
+{% if controller.instance_usage_audit is defined %}
+instance_usage_audit = {{ controller.instance_usage_audit }}
+{%- endif %}
#
# Maximum number of 1 second retries in live_migration. It specifies number
@@ -1509,6 +1524,9 @@
# * String with hostname, FQDN or IP address. Default is hostname of this host.
# (string value)
#host=lcy01-22
+{%- if controller.host is defined %}
+host={{ controller.host }}
+{%- endif %}
#
# Assign IPv6 and IPv4 addresses when creating instances.
@@ -2514,6 +2532,11 @@
# Disallow non-encrypted connections. (boolean value)
#ssl_only=false
+{%- if controller.novncproxy.tls.get('enabled', False) %}
+ssl_only=True
+cert={{controller.novncproxy.tls.server.cert_file|yaml_squote}}
+key={{controller.novncproxy.tls.server.key_file|yaml_squote}}
+{%- endif %}
# Set to True if source host is addressed with IPv6. (boolean value)
#source_is_ipv6=false
@@ -2690,7 +2713,7 @@
# requests.
# (string value)
#metadata_listen=0.0.0.0
-metadata_listen={{ controller.bind.private_address }}
+metadata_listen={{ controller.get('metadata', {}).get('bind', {}).get('address', controller.bind.private_address) }}
osapi_volume_listen={{ controller.bind.private_address }}
#
@@ -2701,7 +2724,11 @@
# (port value)
# Minimum value: 0
# Maximum value: 65535
+{%- if controller.get('metadata', {}).get('bind', {}).port is defined %}
+metadata_listen_port={{ controller.metadata.bind.port }}
+{%- else %}
#metadata_listen_port=8775
+{%- endif %}
#
# Number of workers for metadata service. If not specified the number of
@@ -2774,7 +2801,9 @@
# example, logging_context_format_string). (string value)
# Note: This option can be changed without restarting.
# Deprecated group/name - [DEFAULT]/log_config
-#log_config_append=<None>
+{%- if controller.logging.log_appender %}
+log_config_append=/etc/nova/logging.conf
+{%- endif %}
# Defines the format string for %%(asctime)s in log records. Default:
# %(default)s . This option is ignored if log_config_append is set. (string
@@ -3033,7 +3062,9 @@
# Seconds to wait for a response from a call. (integer value)
#rpc_response_timeout=60
-rpc_response_timeout=3600
+{%- if controller.message_queue.rpc_response_timeout is defined %}
+rpc_response_timeout = {{ controller.message_queue.rpc_response_timeout }}
+{%- endif %}
{%- set rabbit_port = controller.message_queue.get('port', 5671 if controller.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
@@ -3416,7 +3447,7 @@
db_retry_interval = 1
connection_debug = 10
pool_timeout = 120
-connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}_api?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', controller.cacert_file) }}{% endif %}
+connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}_api?charset=utf8{{ connection_x509_ssl_option }}
# The SQLAlchemy connection string to use to connect to the database. (string
# value)
@@ -4465,7 +4496,7 @@
db_retry_interval = 1
connection_debug = 10
pool_timeout = 120
-connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', controller.cacert_file) }}{% endif %}
+connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8{{ connection_x509_ssl_option }}
# If True, SQLite uses synchronous mode. (boolean value)
# Deprecated group/name - [DEFAULT]/sqlite_synchronous
@@ -5503,6 +5534,7 @@
#filesystems =
+{% if controller.ironic is defined -%}
[ironic]
#
# Configuration options for Ironic driver (Bare Metal).
@@ -5520,7 +5552,7 @@
#
# URL override for the Ironic API endpoint. (string value)
-#api_endpoint=http://ironic.example.org:6385/
+api_endpoint={{ controller.ironic.get('protocol', 'http') }}://{{ controller.ironic.host }}:{{ controller.ironic.port }}
#
# The number of times to retry when a request conflicts.
@@ -5550,10 +5582,9 @@
# PEM encoded Certificate Authority to use when verifying HTTPs connections.
# (string value)
-#cafile=<None>
-
-# PEM encoded client certificate cert file (string value)
-#certfile=<None>
+{%- if controller.ironic.get('protocol', 'http') == 'https' %}
+cafile={{ controller.identity.get('cacert_file', controller.cacert_file) }}
+{%- endif %}
# PEM encoded client certificate key file (string value)
#keyfile=<None>
@@ -5566,13 +5597,13 @@
# Authentication type to load (string value)
# Deprecated group/name - [ironic]/auth_plugin
-#auth_type=<None>
+auth_type={{ controller.ironic.auth_type }}
# Config Section from which to load plugin specific options (string value)
#auth_section=<None>
# Authentication URL (string value)
-#auth_url=<None>
+auth_url={{ controller.identity.get('protocol', 'http') }}://{{ controller.identity.host }}:{{ controller.identity.port }}/v3
# Domain ID to scope to (string value)
#domain_id=<None>
@@ -5584,13 +5615,13 @@
#project_id=<None>
# Project name to scope to (string value)
-#project_name=<None>
+project_name={{ controller.identity.tenant }}
# Domain ID containing project (string value)
#project_domain_id=<None>
# Domain name containing project (string value)
-#project_domain_name=<None>
+project_domain_name={{ controller.ironic.project_domain_name }}
# Trust ID (string value)
#trust_id=<None>
@@ -5600,16 +5631,17 @@
# Username (string value)
# Deprecated group/name - [ironic]/user-name
-#username=<None>
+username={{ controller.ironic.user }}
# User's domain id (string value)
#user_domain_id=<None>
# User's domain name (string value)
-#user_domain_name=<None>
+user_domain_name={{ controller.ironic.user_domain_name }}
# User's password (string value)
-#password=<None>
+password={{ controller.ironic.password }}
+{%- endif %}
[key_manager]
@@ -6333,6 +6365,9 @@
# * live_migration_permit_post_copy
# (boolean value)
#live_migration_permit_auto_converge=false
+{%- if controller.get('libvirt', {}).live_migration_permit_auto_converge is defined %}
+live_migration_permit_auto_converge={{ controller.libvirt.live_migration_permit_auto_converge|lower }}
+{%- endif %}
#
# Determine the snapshot image format when sending to the image service.
@@ -7282,6 +7317,11 @@
# Allowed values: <None>, vm_state, vm_and_task_state
# Deprecated group/name - [DEFAULT]/notify_on_state_change
#notify_on_state_change=<None>
+{%- if controller.get('notification', {}).notify_on is defined %}
+{%- for key, value in controller.notification.notify_on.iteritems() %}
+notify_on_{{ key }} = {{ value }}
+{%- endfor %}
+{%- endif %}
#
# If enabled, send api.fault notifications on caught exceptions in the
@@ -9601,275 +9641,11 @@
# Tenant Name (string value)
#tenant_name=<None>
-
-[vmware]
-#
-# Related options:
-# Following options must be set in order to launch VMware-based
-# virtual machines.
-#
-# * compute_driver: Must use vmwareapi.VMwareVCDriver.
-# * vmware.host_username
-# * vmware.host_password
-# * vmware.cluster_name
-
-#
-# From nova.conf
-#
-
-#
-# This option specifies the physical ethernet adapter name for VLAN
-# networking.
-#
-# Set the vlan_interface configuration option to match the ESX host
-# interface that handles VLAN-tagged VM traffic.
-#
-# Possible values:
-#
-# * Any valid string representing VLAN interface name
-# (string value)
-#vlan_interface=vmnic0
-
-#
-# This option should be configured only when using the NSX-MH Neutron
-# plugin. This is the name of the integration bridge on the ESXi server
-# or host. This should not be set for any other Neutron plugin. Hence
-# the default value is not set.
-#
-# Possible values:
-#
-# * Any valid string representing the name of the integration bridge
-# (string value)
-#integration_bridge=<None>
-
-#
-# Set this value if affected by an increased network latency causing
-# repeated characters when typing in a remote console.
-# (integer value)
-# Minimum value: 0
-#console_delay_seconds=<None>
-
-#
-# Identifies the remote system where the serial port traffic will
-# be sent.
-#
-# This option adds a virtual serial port which sends console output to
-# a configurable service URI. At the service URI address there will be
-# virtual serial port concentrator that will collect console logs.
-# If this is not set, no serial ports will be added to the created VMs.
-#
-# Possible values:
-#
-# * Any valid URI
-# (string value)
-#serial_port_service_uri=<None>
-
-#
-# Identifies a proxy service that provides network access to the
-# serial_port_service_uri.
-#
-# Possible values:
-#
-# * Any valid URI
-#
-# Related options:
-# This option is ignored if serial_port_service_uri is not specified.
-# * serial_port_service_uri
-# (string value)
-#serial_port_proxy_uri=<None>
-
-#
-# Hostname or IP address for connection to VMware vCenter host. (string value)
-#host_ip=<None>
-
-# Port for connection to VMware vCenter host. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#host_port=443
-
-# Username for connection to VMware vCenter host. (string value)
-#host_username=<None>
-
-# Password for connection to VMware vCenter host. (string value)
-#host_password=<None>
-
-#
-# Specifies the CA bundle file to be used in verifying the vCenter
-# server certificate.
-# (string value)
-#ca_file=<None>
-
-#
-# If true, the vCenter server certificate is not verified. If false,
-# then the default CA truststore is used for verification.
-#
-# Related options:
-# * ca_file: This option is ignored if "ca_file" is set.
-# (boolean value)
-#insecure=false
-
-# Name of a VMware Cluster ComputeResource. (string value)
-#cluster_name=<None>
-
-#
-# Regular expression pattern to match the name of datastore.
-#
-# The datastore_regex setting specifies the datastores to use with
-# Compute. For example, datastore_regex="nas.*" selects all the data
-# stores that have a name starting with "nas".
-#
-# NOTE: If no regex is given, it just picks the datastore with the
-# most freespace.
-#
-# Possible values:
-#
-# * Any matching regular expression to a datastore must be given
-# (string value)
-#datastore_regex=<None>
-
-#
-# Time interval in seconds to poll remote tasks invoked on
-# VMware VC server.
-# (floating point value)
-#task_poll_interval=0.5
-
-#
-# Number of times VMware vCenter server API must be retried on connection
-# failures, e.g. socket error, etc.
-# (integer value)
-# Minimum value: 0
-#api_retry_count=10
-
-#
-# This option specifies VNC starting port.
-#
-# Every VM created by ESX host has an option of enabling VNC client
-# for remote connection. Above option 'vnc_port' helps you to set
-# default starting port for the VNC client.
-#
-# Possible values:
-#
-# * Any valid port number within 5900 -(5900 + vnc_port_total)
-#
-# Related options:
-# Below options should be set to enable VNC client.
-# * vnc.enabled = True
-# * vnc_port_total
-# (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#vnc_port=5900
-
-#
-# Total number of VNC ports.
-# (integer value)
-# Minimum value: 0
-#vnc_port_total=10000
-
-#
-# This option enables/disables the use of linked clone.
-#
-# The ESX hypervisor requires a copy of the VMDK file in order to boot
-# up a virtual machine. The compute driver must download the VMDK via
-# HTTP from the OpenStack Image service to a datastore that is visible
-# to the hypervisor and cache it. Subsequent virtual machines that need
-# the VMDK use the cached version and don't have to copy the file again
-# from the OpenStack Image service.
-#
-# If set to false, even with a cached VMDK, there is still a copy
-# operation from the cache location to the hypervisor file directory
-# in the shared datastore. If set to true, the above copy operation
-# is avoided as it creates copy of the virtual machine that shares
-# virtual disks with its parent VM.
-# (boolean value)
-#use_linked_clone=true
-
-# DEPRECATED:
-# This option specifies VIM Service WSDL Location
-#
-# If vSphere API versions 5.1 and later is being used, this section can
-# be ignored. If version is less than 5.1, WSDL files must be hosted
-# locally and their location must be specified in the above section.
-#
-# Optional over-ride to default location for bug work-arounds.
-#
-# Possible values:
-#
-# * http://<server>/vimService.wsdl
-# * file:///opt/stack/vmware/SDK/wsdl/vim25/vimService.wsdl
-# (string value)
-# This option is deprecated for removal since 15.0.0.
-# Its value may be silently ignored in the future.
-# Reason: Only vCenter versions earlier than 5.1 require this option and the
-# current minimum version is 5.1.
-#wsdl_location=<None>
-
-#
-# This option enables or disables storage policy based placement
-# of instances.
-#
-# Related options:
-#
-# * pbm_default_policy
-# (boolean value)
-#pbm_enabled=false
-
-#
-# This option specifies the PBM service WSDL file location URL.
-#
-# Setting this will disable storage policy based placement
-# of instances.
-#
-# Possible values:
-#
-# * Any valid file path
-# e.g file:///opt/SDK/spbm/wsdl/pbmService.wsdl
-# (string value)
-#pbm_wsdl_location=<None>
-
-#
-# This option specifies the default policy to be used.
-#
-# If pbm_enabled is set and there is no defined storage policy for the
-# specific request, then this policy will be used.
-#
-# Possible values:
-#
-# * Any valid storage policy such as VSAN default storage policy
-#
-# Related options:
-#
-# * pbm_enabled
-# (string value)
-#pbm_default_policy=<None>
-
-#
-# This option specifies the limit on the maximum number of objects to
-# return in a single result.
-#
-# A positive value will cause the operation to suspend the retrieval
-# when the count of objects reaches the specified limit. The server may
-# still limit the count to something less than the configured value.
-# Any remaining objects may be retrieved with additional requests.
-# (integer value)
-# Minimum value: 0
-#maximum_objects=100
-
-#
-# This option adds a prefix to the folder where cached images are stored
-#
-# This is not the full path - just a folder prefix. This should only be
-# used when a datastore cache is shared between compute nodes.
-#
-# Note: This should only be used when the compute nodes are running on same
-# host or they have a shared file system.
-#
-# Possible values:
-#
-# * Any string representing the cache prefix to the folder
-# (string value)
-#cache_prefix=<None>
-
+{%- set compute_driver = controller.get('compute_driver', 'libvirt.LibvirtDriver') %}
+{%- if compute_driver in compute_driver_mapping.keys() %}
+{%- set _data = controller.get(compute_driver_mapping[compute_driver]) %}
+{%- include "nova/files/pike/compute/_" + compute_driver_mapping[compute_driver] + ".conf" %}
+{%- endif %}
[vnc]
#
diff --git a/nova/files/pike/qemu.conf.Debian b/nova/files/pike/qemu.conf.Debian
index 6212dda..cb20491 100644
--- a/nova/files/pike/qemu.conf.Debian
+++ b/nova/files/pike/qemu.conf.Debian
@@ -497,3 +497,21 @@
"/dev/vfio/vfio",
{% endif %}
]
+
+# The backend to use for handling stdout/stderr output from
+# QEMU processes.
+#
+# 'file': QEMU writes directly to a plain file. This is the
+# historical default, but allows QEMU to inflict a
+# denial of service attack on the host by exhausting
+# filesystem space
+#
+# 'logd': QEMU writes to a pipe provided by virtlogd daemon.
+# This is the current default, providing protection
+# against denial of service by performing log file
+# rollover when a size limit is hit.
+#
+#stdio_handler = "logd"
+{%- if compute.get('qemu',{}).get('logging',{}).handler is defined %}
+stdio_handler = "{{ compute.qemu.logging.handler }}"
+{%- endif %}
diff --git a/nova/files/pike/qemu.conf.RedHat b/nova/files/pike/qemu.conf.RedHat
new file mode 120000
index 0000000..1d23f19
--- /dev/null
+++ b/nova/files/pike/qemu.conf.RedHat
@@ -0,0 +1 @@
+qemu.conf.Debian
\ No newline at end of file
diff --git a/nova/files/pike/virtlogd.conf.Debian b/nova/files/pike/virtlogd.conf.Debian
new file mode 100644
index 0000000..ecb5b2e
--- /dev/null
+++ b/nova/files/pike/virtlogd.conf.Debian
@@ -0,0 +1,78 @@
+{%- from "nova/map.jinja" import compute with context %}
+# Master virtlogd daemon configuration file
+#
+
+#################################################################
+#
+# Logging controls
+#
+
+# Logging level: 4 errors, 3 warnings, 2 information, 1 debug
+# basically 1 will log everything possible
+{%- if compute.get('virtlog',{}).level is defined %}
+log_level = {{ compute.virtlog.level }}
+{%- endif %}
+# Logging filters:
+# A filter allows to select a different logging level for a given category
+# of logs
+# The format for a filter is one of:
+# x:name
+# x:+name
+# where name is a string which is matched against source file name,
+# e.g., "remote", "qemu", or "util/json", the optional "+" prefix
+# tells libvirt to log stack trace for each message matching name,
+# and x is the minimal level where matching messages should be logged:
+# 1: DEBUG
+# 2: INFO
+# 3: WARNING
+# 4: ERROR
+#
+# Multiple filter can be defined in a single @filters, they just need to be
+# separated by spaces.
+#
+# e.g. to only get warning or errors from the remote layer and only errors
+# from the event layer:
+#log_filters="3:remote 4:event"
+{%- if compute.get('virtlog',{}).filters is defined %}
+log_filters={{ compute.virtlog.get('filters')|yaml_dquote }}
+{%- endif %}
+# Logging outputs:
+# An output is one of the places to save logging information
+# The format for an output can be:
+# x:stderr
+# output goes to stderr
+# x:syslog:name
+# use syslog for the output and use the given name as the ident
+# x:file:file_path
+# output to a file, with the given filepath
+# x:journald
+# ouput to the systemd journal
+# In all case the x prefix is the minimal level, acting as a filter
+# 1: DEBUG
+# 2: INFO
+# 3: WARNING
+# 4: ERROR
+#
+# Multiple output can be defined, they just need to be separated by spaces.
+# e.g. to log all warnings and errors to syslog under the virtlogd ident:
+#log_outputs="3:syslog:virtlogd"
+{%- if compute.get('virtlog',{}).outputs is defined %}
+log_outputs={{ compute.virtlog.get('outputs')|yaml_dquote }}
+{%- endif %}
+# The maximum number of concurrent client connections to allow
+# over all sockets combined.
+#max_clients = 1024
+{%- if compute.get('virtlog',{}).max_clients is defined %}
+max_clients = {{ compute.virtlog.max_clients }}
+{%- endif %}
+# Maximum file size before rolling over. Defaults to 2 MB
+#max_size = 2097152
+{%- if compute.get('virtlog',{}).max_size is defined %}
+max_size = {{ compute.virtlog.max_size }}
+{%- endif %}
+# Maximum number of backup files to keep. Defaults to 3,
+# not including the primary active file
+#max_backups = 3
+{%- if compute.get('virtlog',{}).max_backups is defined %}
+max_backups = {{ compute.virtlog.max_backups }}
+{%- endif %}
diff --git a/nova/files/pike/virtlogd.conf.RedHat b/nova/files/pike/virtlogd.conf.RedHat
new file mode 120000
index 0000000..d466306
--- /dev/null
+++ b/nova/files/pike/virtlogd.conf.RedHat
@@ -0,0 +1 @@
+virtlogd.conf.Debian
\ No newline at end of file
diff --git a/nova/files/queens/api-paste.ini.Debian b/nova/files/queens/api-paste.ini.Debian
new file mode 100644
index 0000000..9da196f
--- /dev/null
+++ b/nova/files/queens/api-paste.ini.Debian
@@ -0,0 +1,93 @@
+############
+# Metadata #
+############
+{%- from "nova/map.jinja" import controller with context %}
+[composite:metadata]
+use = egg:Paste#urlmap
+/: meta
+
+[pipeline:meta]
+pipeline = cors metaapp
+
+[app:metaapp]
+paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory
+
+#############
+# OpenStack #
+#############
+
+[composite:osapi_compute]
+use = call:nova.api.openstack.urlmap:urlmap_factory
+/: oscomputeversions
+# v21 is an exactly feature match for v2, except it has more stringent
+# input validation on the wsgi surface (prevents fuzzing early on the
+# API). It also provides new features via API microversions which are
+# opt into for clients. Unaware clients will receive the same frozen
+# v2 API feature set, but with some relaxed validation
+/v2: openstack_compute_api_v21_legacy_v2_compatible
+/v2.1: openstack_compute_api_v21
+
+[composite:openstack_compute_api_v21]
+use = call:nova.api.auth:pipeline_factory_v21
+noauth2 = cors http_proxy_to_wsgi compute_req_id faultwrap request_log sizelimit osprofiler noauth2 osapi_compute_app_v21
+keystone = cors http_proxy_to_wsgi compute_req_id faultwrap request_log sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}osapi_compute_app_v21
+
+[composite:openstack_compute_api_v21_legacy_v2_compatible]
+use = call:nova.api.auth:pipeline_factory_v21
+noauth2 = cors http_proxy_to_wsgi compute_req_id faultwrap request_log sizelimit osprofiler noauth2 legacy_v2_compatible osapi_compute_app_v21
+keystone = cors http_proxy_to_wsgi compute_req_id faultwrap request_log sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}legacy_v2_compatible osapi_compute_app_v21
+
+[filter:request_id]
+paste.filter_factory = oslo_middleware:RequestId.factory
+
+[filter:request_log]
+paste.filter_factory = nova.api.openstack.requestlog:RequestLog.factory
+
+[filter:compute_req_id]
+paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory
+
+[filter:faultwrap]
+paste.filter_factory = nova.api.openstack:FaultWrapper.factory
+
+[filter:noauth2]
+paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
+
+[filter:osprofiler]
+paste.filter_factory = nova.profiler:WsgiMiddleware.factory
+
+[filter:sizelimit]
+paste.filter_factory = oslo_middleware:RequestBodySizeLimiter.factory
+
+[filter:http_proxy_to_wsgi]
+paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
+
+[filter:legacy_v2_compatible]
+paste.filter_factory = nova.api.openstack:LegacyV2CompatibleWrapper.factory
+
+[app:osapi_compute_app_v21]
+paste.app_factory = nova.api.openstack.compute:APIRouterV21.factory
+
+[pipeline:oscomputeversions]
+pipeline = cors faultwrap request_log http_proxy_to_wsgi oscomputeversionapp
+
+[app:oscomputeversionapp]
+paste.app_factory = nova.api.openstack.compute.versions:Versions.factory
+
+{%- if controller.audit.enabled %}
+[filter:audit]
+paste.filter_factory = {{ controller.get("audit", {}).get("filter_factory", "keystonemiddleware.audit:filter_factory") }}
+audit_map_file = {{ controller.get("audit", {}).get("map_file", "/etc/pycadf/nova_api_audit_map.conf") }}
+{%- endif %}
+##########
+# Shared #
+##########
+
+[filter:cors]
+paste.filter_factory = oslo_middleware.cors:filter_factory
+oslo_config_project = nova
+
+[filter:keystonecontext]
+paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
diff --git a/nova/files/queens/api-paste.ini.RedHat b/nova/files/queens/api-paste.ini.RedHat
new file mode 120000
index 0000000..08fd76a
--- /dev/null
+++ b/nova/files/queens/api-paste.ini.RedHat
@@ -0,0 +1 @@
+api-paste.ini.Debian
\ No newline at end of file
diff --git a/nova/files/queens/compute/_vmware.conf b/nova/files/queens/compute/_vmware.conf
new file mode 100644
index 0000000..034053b
--- /dev/null
+++ b/nova/files/queens/compute/_vmware.conf
@@ -0,0 +1,332 @@
+
+[vmware]
+#
+# Related options:
+# Following options must be set in order to launch VMware-based
+# virtual machines.
+#
+# * compute_driver: Must use vmwareapi.VMwareVCDriver.
+# * vmware.host_username
+# * vmware.host_password
+# * vmware.cluster_name
+
+#
+# From nova.conf
+#
+
+#
+# This option specifies the physical ethernet adapter name for VLAN
+# networking.
+#
+# Set the vlan_interface configuration option to match the ESX host
+# interface that handles VLAN-tagged VM traffic.
+#
+# Possible values:
+#
+# * Any valid string representing VLAN interface name
+# (string value)
+#vlan_interface = vmnic0
+{%- if _data.vlan_interface is defined %}
+vlan_interface = {{ _data.vlan_interface }}
+{%- endif %}
+
+#
+# This option should be configured only when using the NSX-MH Neutron
+# plugin. This is the name of the integration bridge on the ESXi server
+# or host. This should not be set for any other Neutron plugin. Hence
+# the default value is not set.
+#
+# Possible values:
+#
+# * Any valid string representing the name of the integration bridge
+# (string value)
+#integration_bridge = <None>
+{%- if _data.integration_bridge is defined %}
+integration_bridge = {{ _data.integration_bridge }}
+{%- endif %}
+
+#
+# Set this value if affected by an increased network latency causing
+# repeated characters when typing in a remote console.
+# (integer value)
+# Minimum value: 0
+#console_delay_seconds = <None>
+{%- if _data.console_delay_seconds is defined %}
+console_delay_seconds = {{ _data.console_delay_seconds }}
+{%- endif %}
+
+#
+# Identifies the remote system where the serial port traffic will
+# be sent.
+#
+# This option adds a virtual serial port which sends console output to
+# a configurable service URI. At the service URI address there will be
+# virtual serial port concentrator that will collect console logs.
+# If this is not set, no serial ports will be added to the created VMs.
+#
+# Possible values:
+#
+# * Any valid URI
+# (string value)
+#serial_port_service_uri = <None>
+{%- if _data.serial_port_service_uri is defined %}
+serial_port_service_uri = {{ _data.serial_port_service_uri }}
+{%- endif %}
+
+#
+# Identifies a proxy service that provides network access to the
+# serial_port_service_uri.
+#
+# Possible values:
+#
+# * Any valid URI (The scheme is 'telnet' or 'telnets'.)
+#
+# Related options:
+# This option is ignored if serial_port_service_uri is not specified.
+# * serial_port_service_uri
+# (uri value)
+#serial_port_proxy_uri = <None>
+{%- if _data.serial_port_proxy_uri is defined %}
+serial_port_proxy_uri = {{ _data.serial_port_proxy_uri }}
+{%- endif %}
+
+# Specifies the directory where the Virtual Serial Port Concentrator is
+# storing console log files. It should match the 'serial_log_dir' config
+# value of VSPC.
+# (string value)
+#serial_log_dir = /opt/vmware/vspc
+{%- if _data.serial_port_proxy_uri is defined %}
+serial_port_proxy_uri = {{ _data.serial_port_proxy_uri }}
+{%- endif %}
+
+
+#
+# Hostname or IP address for connection to VMware vCenter host. (unknown value)
+#host_ip = <None>
+host_ip = {{ _data.host_ip }}
+
+# Port for connection to VMware vCenter host. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#host_port = 443
+{%- if _data.host_port is defined %}
+host_port = {{ _data.host_port }}
+{%- endif %}
+
+# Username for connection to VMware vCenter host. (string value)
+#host_username = <None>
+host_username = {{ _data.host_username }}
+
+# Password for connection to VMware vCenter host. (string value)
+#host_password = <None>
+host_password = {{ _data.host_password }}
+
+#
+# Specifies the CA bundle file to be used in verifying the vCenter
+# server certificate.
+# (string value)
+#ca_file = <None>
+{%- if _data.cacert_file is defined %}
+ca_file = {{ _data.cacert_file }}
+{%- endif %}
+
+#
+# If true, the vCenter server certificate is not verified. If false,
+# then the default CA truststore is used for verification.
+#
+# Related options:
+# * ca_file: This option is ignored if "ca_file" is set.
+# (boolean value)
+#insecure = false
+{%- if _data.insecure is defined %}
+insecure = {{ _data.insecure }}
+{%- endif %}
+
+# Name of a VMware Cluster ComputeResource. (string value)
+#cluster_name = <None>
+cluster_name = {{ _data.cluster_name }}
+
+#
+# Regular expression pattern to match the name of datastore.
+#
+# The datastore_regex setting specifies the datastores to use with
+# Compute. For example, datastore_regex="nas.*" selects all the data
+# stores that have a name starting with "nas".
+#
+# NOTE: If no regex is given, it just picks the datastore with the
+# most freespace.
+#
+# Possible values:
+#
+# * Any matching regular expression to a datastore must be given
+# (string value)
+#datastore_regex = <None>
+{%- if _data.datastore_regex is defined %}
+datastore_regex = {{ _data.datastore_regex }}
+{%- endif %}
+
+#
+# Time interval in seconds to poll remote tasks invoked on
+# VMware VC server.
+# (floating point value)
+#task_poll_interval = 0.5
+{%- if _data.task_poll_interval is defined %}
+task_poll_interval = {{ _data.task_poll_interval }}
+{%- endif %}
+
+
+#
+# Number of times VMware vCenter server API must be retried on connection
+# failures, e.g. socket error, etc.
+# (integer value)
+# Minimum value: 0
+#api_retry_count = 10
+{%- if _data.api_retry_count is defined %}
+api_retry_count = {{ _data.api_retry_count }}
+{%- endif %}
+
+#
+# This option specifies VNC starting port.
+#
+# Every VM created by ESX host has an option of enabling VNC client
+# for remote connection. Above option 'vnc_port' helps you to set
+# default starting port for the VNC client.
+#
+# Possible values:
+#
+# * Any valid port number within 5900 -(5900 + vnc_port_total)
+#
+# Related options:
+# Below options should be set to enable VNC client.
+# * vnc.enabled = True
+# * vnc_port_total
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#vnc_port = 5900
+{%- if _data.vnc_port is defined %}
+vnc_port = {{ _data.vnc_port }}
+{%- endif %}
+
+#
+# Total number of VNC ports.
+# (integer value)
+# Minimum value: 0
+#vnc_port_total = 10000
+{%- if _data.vnc_port_total is defined %}
+vnc_port_total = {{ _data.vnc_port_total }}
+{%- endif %}
+
+#
+# This option enables/disables the use of linked clone.
+#
+# The ESX hypervisor requires a copy of the VMDK file in order to boot
+# up a virtual machine. The compute driver must download the VMDK via
+# HTTP from the OpenStack Image service to a datastore that is visible
+# to the hypervisor and cache it. Subsequent virtual machines that need
+# the VMDK use the cached version and don't have to copy the file again
+# from the OpenStack Image service.
+#
+# If set to false, even with a cached VMDK, there is still a copy
+# operation from the cache location to the hypervisor file directory
+# in the shared datastore. If set to true, the above copy operation
+# is avoided as it creates copy of the virtual machine that shares
+# virtual disks with its parent VM.
+# (boolean value)
+#use_linked_clone = true
+{%- if _data.use_linked_clone is defined %}
+use_linked_clone = {{ _data.use_linked_clone }}
+{%- endif %}
+
+# This option sets the http connection pool size
+#
+# The connection pool size is the maximum number of connections from nova to
+# vSphere. It should only be increased if there are warnings indicating that
+# the connection pool is full, otherwise, the default should suffice.
+# (integer value)
+# Minimum value: 10
+#connection_pool_size = 10
+{%- if _data.connection_pool_size is defined %}
+connection_pool_size = {{ _data.connection_pool_size }}
+{%- endif %}
+
+#
+# This option enables or disables storage policy based placement
+# of instances.
+#
+# Related options:
+#
+# * pbm_default_policy
+# (boolean value)
+#pbm_enabled = false
+{%- if _data.pbm_enabled is defined %}
+pbm_enabled = {{ _data.pbm_enabled }}
+{%- endif %}
+
+#
+# This option specifies the PBM service WSDL file location URL.
+#
+# Setting this will disable storage policy based placement
+# of instances.
+#
+# Possible values:
+#
+# * Any valid file path
+# e.g file:///opt/SDK/spbm/wsdl/pbmService.wsdl
+# (string value)
+#pbm_wsdl_location = <None>
+{%- if _data.pbm_wsdl_location is defined %}
+pbm_wsdl_location = {{ _data.pbm_wsdl_location }}
+{%- endif %}
+
+#
+# This option specifies the default policy to be used.
+#
+# If pbm_enabled is set and there is no defined storage policy for the
+# specific request, then this policy will be used.
+#
+# Possible values:
+#
+# * Any valid storage policy such as VSAN default storage policy
+#
+# Related options:
+#
+# * pbm_enabled
+# (string value)
+#pbm_default_policy = <None>
+{%- if _data.pbm_default_policy is defined %}
+pbm_default_policy = {{ _data.pbm_default_policy }}
+{%- endif %}
+
+#
+# This option specifies the limit on the maximum number of objects to
+# return in a single result.
+#
+# A positive value will cause the operation to suspend the retrieval
+# when the count of objects reaches the specified limit. The server may
+# still limit the count to something less than the configured value.
+# Any remaining objects may be retrieved with additional requests.
+# (integer value)
+# Minimum value: 0
+#maximum_objects = 100
+{%- if _data.maximum_objects is defined %}
+maximum_objects = {{ _data.maximum_objects }}
+{%- endif %}
+
+#
+# This option adds a prefix to the folder where cached images are stored
+#
+# This is not the full path - just a folder prefix. This should only be
+# used when a datastore cache is shared between compute nodes.
+#
+# Note: This should only be used when the compute nodes are running on same
+# host or they have a shared file system.
+#
+# Possible values:
+#
+# * Any string representing the cache prefix to the folder
+# (string value)
+#cache_prefix = <None>
+{%- if _data.cache_prefix is defined %}
+cache_prefix = {{ _data.cache_prefix }}
+{%- endif %}
diff --git a/nova/files/queens/libvirt.Debian b/nova/files/queens/libvirt.Debian
new file mode 100644
index 0000000..b80fab0
--- /dev/null
+++ b/nova/files/queens/libvirt.Debian
@@ -0,0 +1,19 @@
+# Defaults for libvirt-bin initscript (/etc/init.d/libvirt-bin)
+# This is a POSIX shell fragment
+
+# Start libvirtd to handle qemu/kvm:
+start_libvirtd="yes"
+
+# options passed to libvirtd, add "-l" to listen on tcp
+{%- if grains.get('init', None) != 'systemd' %}
+libvirtd_opts="-d -l"
+LIBVIRTD_ARGS="--listen"
+
+{%- else %}
+# Don't use "-d" option with systemd
+libvirtd_opts="-l"
+LIBVIRTD_ARGS="--listen"
+{%- endif %}
+# pass in location of kerberos keytab
+#export KRB5_KTNAME=/etc/libvirt/libvirt.keytab
+
diff --git a/nova/files/queens/libvirt.RedHat b/nova/files/queens/libvirt.RedHat
new file mode 120000
index 0000000..f8f6638
--- /dev/null
+++ b/nova/files/queens/libvirt.RedHat
@@ -0,0 +1 @@
+libvirt.Debian
\ No newline at end of file
diff --git a/nova/files/queens/libvirtd.conf.Debian b/nova/files/queens/libvirtd.conf.Debian
new file mode 100644
index 0000000..0f6b341
--- /dev/null
+++ b/nova/files/queens/libvirtd.conf.Debian
@@ -0,0 +1,419 @@
+{%- from "nova/map.jinja" import compute with context %}
+# Master libvirt daemon configuration file
+#
+# For further information consult http://libvirt.org/format.html
+#
+# NOTE: the tests/daemon-conf regression test script requires
+# that each "PARAMETER = VALUE" line in this file have the parameter
+# name just after a leading "#".
+
+#################################################################
+#
+# Network connectivity controls
+#
+
+# Flag listening for secure TLS connections on the public TCP/IP port.
+# NB, must pass the --listen flag to the libvirtd process for this to
+# have any effect.
+#
+# It is necessary to setup a CA and issue server certificates before
+# using this capability.
+#
+# This is enabled by default, uncomment this to disable it
+#listen_tls = 0
+
+{%- if compute.libvirt.tls.get('enabled', False) %}
+listen_tcp = 0
+listen_tls = 1
+key_file = {{compute.libvirt.tls.key_file|yaml_squote}}
+cert_file = {{compute.libvirt.tls.cert_file|yaml_squote}}
+ca_file = {{compute.libvirt.tls.ca_file|yaml_squote}}
+{% else %}
+listen_tls = 0
+listen_tcp = 1
+auth_tcp = "none"
+{% endif %}
+
+# Listen for unencrypted TCP connections on the public TCP/IP port.
+# NB, must pass the --listen flag to the libvirtd process for this to
+# have any effect.
+#
+# Using the TCP socket requires SASL authentication by default. Only
+# SASL mechanisms which support data encryption are allowed. This is
+# DIGEST_MD5 and GSSAPI (Kerberos5)
+#
+# This is disabled by default, uncomment this to enable it.
+#listen_tcp = 1
+
+
+
+# Override the port for accepting secure TLS connections
+# This can be a port number, or service name
+#
+#tls_port = "16514"
+
+# Override the port for accepting insecure TCP connections
+# This can be a port number, or service name
+#
+#tcp_port = "16509"
+
+
+# Override the default configuration which binds to all network
+# interfaces. This can be a numeric IPv4/6 address, or hostname
+#
+#listen_addr = "192.168.0.1"
+
+
+# Flag toggling mDNS advertizement of the libvirt service.
+#
+# Alternatively can disable for all services on a host by
+# stopping the Avahi daemon
+#
+# This is disabled by default, uncomment this to enable it
+#mdns_adv = 1
+
+# Override the default mDNS advertizement name. This must be
+# unique on the immediate broadcast network.
+#
+# The default is "Virtualization Host HOSTNAME", where HOSTNAME
+# is subsituted for the short hostname of the machine (without domain)
+#
+#mdns_name = "Virtualization Host Joe Demo"
+
+
+#################################################################
+#
+# UNIX socket access controls
+#
+
+# Set the UNIX domain socket group ownership. This can be used to
+# allow a 'trusted' set of users access to management capabilities
+# without becoming root.
+#
+# This is restricted to 'root' by default.
+unix_sock_group = "{{ compute.get('libvirt_service_group', 'libvirtd') }}"
+
+# Set the UNIX socket permissions for the R/O socket. This is used
+# for monitoring VM status only
+#
+# Default allows any user. If setting group ownership may want to
+# restrict this to:
+#unix_sock_ro_perms = "0777"
+
+# Set the UNIX socket permissions for the R/W socket. This is used
+# for full management of VMs
+#
+# Default allows only root. If PolicyKit is enabled on the socket,
+# the default will change to allow everyone (eg, 0777)
+#
+# If not using PolicyKit and setting group ownership for access
+# control then you may want to relax this to:
+unix_sock_rw_perms = "0770"
+
+# Set the name of the directory in which sockets will be found/created.
+#unix_sock_dir = "/var/run/libvirt"
+
+#################################################################
+#
+# Authentication.
+#
+# - none: do not perform auth checks. If you can connect to the
+# socket you are allowed. This is suitable if there are
+# restrictions on connecting to the socket (eg, UNIX
+# socket permissions), or if there is a lower layer in
+# the network providing auth (eg, TLS/x509 certificates)
+#
+# - sasl: use SASL infrastructure. The actual auth scheme is then
+# controlled from /etc/sasl2/libvirt.conf. For the TCP
+# socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
+# For non-TCP or TLS sockets, any scheme is allowed.
+#
+# - polkit: use PolicyKit to authenticate. This is only suitable
+# for use on the UNIX sockets. The default policy will
+# require a user to supply their own password to gain
+# full read/write access (aka sudo like), while anyone
+# is allowed read/only access.
+#
+# Set an authentication scheme for UNIX read-only sockets
+# By default socket permissions allow anyone to connect
+#
+# To restrict monitoring of domains you may wish to enable
+# an authentication mechanism here
+auth_unix_ro = "none"
+
+# Set an authentication scheme for UNIX read-write sockets
+# By default socket permissions only allow root. If PolicyKit
+# support was compiled into libvirt, the default will be to
+# use 'polkit' auth.
+#
+# If the unix_sock_rw_perms are changed you may wish to enable
+# an authentication mechanism here
+auth_unix_rw = "none"
+
+# Change the authentication scheme for TCP sockets.
+#
+# If you don't enable SASL, then all TCP traffic is cleartext.
+# Don't do this outside of a dev/test scenario. For real world
+# use, always enable SASL and use the GSSAPI or DIGEST-MD5
+# mechanism in /etc/sasl2/libvirt.conf
+#auth_tcp = "sasl"
+#auth_tcp = "none"
+
+# Change the authentication scheme for TLS sockets.
+#
+# TLS sockets already have encryption provided by the TLS
+# layer, and limited authentication is done by certificates
+#
+# It is possible to make use of any SASL authentication
+# mechanism as well, by using 'sasl' for this option
+#auth_tls = "none"
+
+
+
+#################################################################
+#
+# TLS x509 certificate configuration
+#
+
+
+# Override the default server key file path
+#
+#key_file = "/etc/pki/libvirt/private/serverkey.pem"
+
+# Override the default server certificate file path
+#
+#cert_file = "/etc/pki/libvirt/servercert.pem"
+
+# Override the default CA certificate path
+#
+#ca_file = "/etc/pki/CA/cacert.pem"
+
+# Specify a certificate revocation list.
+#
+# Defaults to not using a CRL, uncomment to enable it
+#crl_file = "/etc/pki/CA/crl.pem"
+
+
+
+#################################################################
+#
+# Authorization controls
+#
+
+
+# Flag to disable verification of our own server certificates
+#
+# When libvirtd starts it performs some sanity checks against
+# its own certificates.
+#
+# Default is to always run sanity checks. Uncommenting this
+# will disable sanity checks which is not a good idea
+#tls_no_sanity_certificate = 1
+
+# Flag to disable verification of client certificates
+#
+# Client certificate verification is the primary authentication mechanism.
+# Any client which does not present a certificate signed by the CA
+# will be rejected.
+#
+# Default is to always verify. Uncommenting this will disable
+# verification - make sure an IP whitelist is set
+#tls_no_verify_certificate = 1
+
+
+# A whitelist of allowed x509 Distinguished Names
+# This list may contain wildcards such as
+#
+# "C=GB,ST=London,L=London,O=Red Hat,CN=*"
+#
+# See the POSIX fnmatch function for the format of the wildcards.
+#
+# NB If this is an empty list, no client can connect, so comment out
+# entirely rather than using empty list to disable these checks
+#
+# By default, no DN's are checked
+#tls_allowed_dn_list = ["DN1", "DN2"]
+
+
+# A whitelist of allowed SASL usernames. The format for usernames
+# depends on the SASL authentication mechanism. Kerberos usernames
+# look like username@REALM
+#
+# This list may contain wildcards such as
+#
+# "*@EXAMPLE.COM"
+#
+# See the POSIX fnmatch function for the format of the wildcards.
+#
+# NB If this is an empty list, no client can connect, so comment out
+# entirely rather than using empty list to disable these checks
+#
+# By default, no Username's are checked
+#sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ]
+
+
+
+#################################################################
+#
+# Processing controls
+#
+
+# The maximum number of concurrent client connections to allow
+# over all sockets combined.
+#max_clients = 20
+
+
+# The minimum limit sets the number of workers to start up
+# initially. If the number of active clients exceeds this,
+# then more threads are spawned, upto max_workers limit.
+# Typically you'd want max_workers to equal maximum number
+# of clients allowed
+#min_workers = 5
+#max_workers = 20
+
+
+# The number of priority workers. If all workers from above
+# pool will stuck, some calls marked as high priority
+# (notably domainDestroy) can be executed in this pool.
+#prio_workers = 5
+
+# Total global limit on concurrent RPC calls. Should be
+# at least as large as max_workers. Beyond this, RPC requests
+# will be read into memory and queued. This directly impact
+# memory usage, currently each request requires 256 KB of
+# memory. So by default upto 5 MB of memory is used
+#
+# XXX this isn't actually enforced yet, only the per-client
+# limit is used so far
+#max_requests = 20
+
+# Limit on concurrent requests from a single client
+# connection. To avoid one client monopolizing the server
+# this should be a small fraction of the global max_requests
+# and max_workers parameter
+#max_client_requests = 5
+
+#################################################################
+#
+# Logging controls
+#
+
+# Logging level: 4 errors, 3 warnings, 2 information, 1 debug
+# basically 1 will log everything possible
+#log_level = 3
+{%- if compute.libvirt.get('logging',{}).level is defined %}
+log_level = {{ compute.libvirt.logging.level }}
+{%- endif %}
+# Logging filters:
+# A filter allows to select a different logging level for a given category
+# of logs
+# The format for a filter is one of:
+# x:name
+# x:+name
+# where name is a string which is matched against source file name,
+# e.g., "remote", "qemu", or "util/json", the optional "+" prefix
+# tells libvirt to log stack trace for each message matching name,
+# and x is the minimal level where matching messages should be logged:
+# 1: DEBUG
+# 2: INFO
+# 3: WARNING
+# 4: ERROR
+#
+# Multiple filter can be defined in a single @filters, they just need to be
+# separated by spaces.
+#
+# e.g. to only get warning or errors from the remote layer and only errors
+# from the event layer:
+#log_filters="3:remote 4:event"
+{%- if compute.libvirt.get('logging',{}).filters is defined %}
+log_filters={{ compute.libvirt.logging.filters|yaml_dquote }}
+{%- endif %}
+
+# Logging outputs:
+# An output is one of the places to save logging information
+# The format for an output can be:
+# x:stderr
+# output goes to stderr
+# x:syslog:name
+# use syslog for the output and use the given name as the ident
+# x:file:file_path
+# output to a file, with the given filepath
+# In all case the x prefix is the minimal level, acting as a filter
+# 1: DEBUG
+# 2: INFO
+# 3: WARNING
+# 4: ERROR
+#
+# Multiple output can be defined, they just need to be separated by spaces.
+# e.g. to log all warnings and errors to syslog under the libvirtd ident:
+#log_outputs="3:syslog:libvirtd"
+#
+{%- if compute.libvirt.get('logging',{}).outputs is defined %}
+log_outputs={{ compute.libvirt.logging.outputs|yaml_dquote }}
+{%- endif %}
+
+# Log debug buffer size: default 64
+# The daemon keeps an internal debug log buffer which will be dumped in case
+# of crash or upon receiving a SIGUSR2 signal. This setting allows to override
+# the default buffer size in kilobytes.
+# If value is 0 or less the debug log buffer is deactivated
+#log_buffer_size = 64
+{%- if compute.libvirt.get('logging',{}).buffer_size is defined %}
+log_buffer_size = {{ compute.libvirt.logging.buffer_size }}
+{%- endif %}
+
+##################################################################
+#
+# Auditing
+#
+# This setting allows usage of the auditing subsystem to be altered:
+#
+# audit_level == 0 -> disable all auditing
+# audit_level == 1 -> enable auditing, only if enabled on host (default)
+# audit_level == 2 -> enable auditing, and exit if disabled on host
+#
+#audit_level = 2
+#
+# If set to 1, then audit messages will also be sent
+# via libvirt logging infrastructure. Defaults to 0
+#
+#audit_logging = 1
+
+###################################################################
+# UUID of the host:
+# Provide the UUID of the host here in case the command
+# 'dmidecode -s system-uuid' does not provide a valid uuid. In case
+# 'dmidecode' does not provide a valid UUID and none is provided here, a
+# temporary UUID will be generated.
+# Keep the format of the example UUID below. UUID must not have all digits
+# be the same.
+
+# NB This default all-zeros UUID will not work. Replace
+# it with the output of the 'uuidgen' command and then
+# uncomment this entry
+#host_uuid = "00000000-0000-0000-0000-000000000000"
+
+###################################################################
+# Keepalive protocol:
+# This allows libvirtd to detect broken client connections or even
+# dead client. A keepalive message is sent to a client after
+# keepalive_interval seconds of inactivity to check if the client is
+# still responding; keepalive_count is a maximum number of keepalive
+# messages that are allowed to be sent to the client without getting
+# any response before the connection is considered broken. In other
+# words, the connection is automatically closed approximately after
+# keepalive_interval * (keepalive_count + 1) seconds since the last
+# message received from the client. If keepalive_interval is set to
+# -1, libvirtd will never send keepalive requests; however clients
+# can still send them and the deamon will send responses. When
+# keepalive_count is set to 0, connections will be automatically
+# closed after keepalive_interval seconds of inactivity without
+# sending any keepalive messages.
+#
+#keepalive_interval = 5
+#keepalive_count = 5
+#
+# If set to 1, libvirtd will refuse to talk to clients that do not
+# support keepalive protocol. Defaults to 0.
+#
+#keepalive_required = 1
diff --git a/nova/files/queens/libvirtd.conf.RedHat b/nova/files/queens/libvirtd.conf.RedHat
new file mode 120000
index 0000000..2a7b101
--- /dev/null
+++ b/nova/files/queens/libvirtd.conf.RedHat
@@ -0,0 +1 @@
+libvirtd.conf.Debian
\ No newline at end of file
diff --git a/nova/files/queens/nova-compute.conf.Debian b/nova/files/queens/nova-compute.conf.Debian
new file mode 100644
index 0000000..b2168a1
--- /dev/null
+++ b/nova/files/queens/nova-compute.conf.Debian
@@ -0,0 +1,10838 @@
+{%- from "nova/map.jinja" import compute,compute_driver_mapping with context %}
+[DEFAULT]
+
+#
+# From nova.conf
+#
+compute_manager=nova.compute.manager.ComputeManager
+network_device_mtu=65000
+use_neutron = True
+security_group_api=neutron
+image_service=nova.image.glance.GlanceImageService
+
+#
+# Availability zone for internal services.
+#
+# This option determines the availability zone for the various
+# internal nova
+# services, such as 'nova-scheduler', 'nova-conductor', etc.
+#
+# Possible values:
+#
+# * Any string representing an existing availability zone name.
+# (string value)
+#internal_service_availability_zone = internal
+
+#
+# Default availability zone for compute services.
+#
+# This option determines the default availability zone for 'nova-
+# compute'
+# services, which will be used if the service(s) do not belong to
+# aggregates with
+# availability zone metadata.
+#
+# Possible values:
+#
+# * Any string representing an existing availability zone name.
+# (string value)
+#default_availability_zone = nova
+
+#
+# Default availability zone for instances.
+#
+# This option determines the default availability zone for instances,
+# which will
+# be used when a user does not specify one when creating an instance.
+# The
+# instance(s) will be bound to this availability zone for their
+# lifetime.
+#
+# Possible values:
+#
+# * Any string representing an existing availability zone name.
+# * None, which means that the instance can move from one availability
+# zone to
+# another during its lifetime if it is moved from one compute node
+# to another.
+# (string value)
+#default_schedule_zone = <None>
+
+# Length of generated instance admin passwords. (integer value)
+# Minimum value: 0
+#password_length = 12
+
+#
+# Time period to generate instance usages for. It is possible to
+# define optional
+# offset to given period by appending @ character followed by a number
+# defining
+# offset.
+#
+# Possible values:
+#
+# * period, example: ``hour``, ``day``, ``month` or ``year``
+# * period with offset, example: ``month@15`` will result in monthly
+# audits
+# starting on 15th day of month.
+# (string value)
+#instance_usage_audit_period = month
+{% if pillar.ceilometer is defined %}
+instance_usage_audit = True
+instance_usage_audit_period = hour
+{%- endif %}
+
+#
+# Start and use a daemon that can run the commands that need to be run
+# with
+# root privileges. This option is usually enabled on nodes that run
+# nova compute
+# processes.
+# (boolean value)
+#use_rootwrap_daemon = false
+
+#
+# Path to the rootwrap configuration file.
+#
+# Goal of the root wrapper is to allow a service-specific unprivileged
+# user to
+# run a number of actions as the root user in the safest manner
+# possible.
+# The configuration file used here must match the one defined in the
+# sudoers
+# entry.
+# (string value)
+rootwrap_config = /etc/nova/rootwrap.conf
+
+# Explicitly specify the temporary working directory. (string value)
+#tempdir = <None>
+
+# DEPRECATED:
+# Determine if monkey patching should be applied.
+#
+# Related options:
+#
+# * ``monkey_patch_modules``: This must have values set for this
+# option to
+# have any effect
+# (boolean value)
+# This option is deprecated for removal since 17.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# Monkey patching nova is not tested, not supported, and is a barrier
+# for interoperability.
+#monkey_patch = false
+
+# DEPRECATED:
+# List of modules/decorators to monkey patch.
+#
+# This option allows you to patch a decorator for all functions in
+# specified
+# modules.
+#
+# Possible values:
+#
+# * nova.compute.api:nova.notifications.notify_decorator
+# * [...]
+#
+# Related options:
+#
+# * ``monkey_patch``: This must be set to ``True`` for this option to
+# have any effect
+# (list value)
+# This option is deprecated for removal since 17.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# Monkey patching nova is not tested, not supported, and is a barrier
+# for interoperability.
+#monkey_patch_modules = nova.compute.api:nova.notifications.notify_decorator
+
+#
+# Defines which driver to use for controlling virtualization.
+#
+# Possible values:
+#
+# * ``libvirt.LibvirtDriver``
+# * ``xenapi.XenAPIDriver``
+# * ``fake.FakeDriver``
+# * ``ironic.IronicDriver``
+# * ``vmwareapi.VMwareVCDriver``
+# * ``hyperv.HyperVDriver``
+# * ``powervm.PowerVMDriver``
+# (string value)
+#compute_driver = <None>
+compute_driver = {{ compute.get('compute_driver', 'libvirt.LibvirtDriver') }}
+
+#
+# Allow destination machine to match source for resize. Useful when
+# testing in single-host environments. By default it is not allowed
+# to resize to the same host. Setting this option to true will add
+# the same host to the destination options. Also set to true
+# if you allow the ServerGroupAffinityFilter and need to resize.
+# (boolean value)
+#allow_resize_to_same_host = false
+allow_resize_to_same_host = true
+
+#
+# Image properties that should not be inherited from the instance
+# when taking a snapshot.
+#
+# This option gives an opportunity to select which image-properties
+# should not be inherited by newly created snapshots.
+#
+# Possible values:
+#
+# * A comma-separated list whose item is an image property. Usually
+# only
+# the image properties that are only needed by base images can be
+# included
+# here, since the snapshots that are created from the base images
+# don't
+# need them.
+# * Default list: cache_in_nova, bittorrent,
+# img_signature_hash_method,
+# img_signature, img_signature_key_type,
+# img_signature_certificate_uuid
+#
+# (list value)
+#non_inheritable_image_properties = cache_in_nova,bittorrent,img_signature_hash_method,img_signature,img_signature_key_type,img_signature_certificate_uuid
+
+# DEPRECATED:
+# When creating multiple instances with a single request using the
+# os-multiple-create API extension, this template will be used to
+# build
+# the display name for each instance. The benefit is that the
+# instances
+# end up with different hostnames. Example display names when creating
+# two VM's: name-1, name-2.
+#
+# Possible values:
+#
+# * Valid keys for the template are: name, uuid, count.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# This config changes API behaviour. All changes in API behaviour
+# should be
+# discoverable.
+#multi_instance_display_name_template = %(name)s-%(count)d
+
+#
+# Maximum number of devices that will result in a local image being
+# created on the hypervisor node.
+#
+# A negative number means unlimited. Setting max_local_block_devices
+# to 0 means that any request that attempts to create a local disk
+# will fail. This option is meant to limit the number of local discs
+# (so root local disc that is the result of --image being used, and
+# any other ephemeral and swap disks). 0 does not mean that images
+# will be automatically converted to volumes and boot instances from
+# volumes - it just means that all requests that attempt to create a
+# local disk will fail.
+#
+# Possible values:
+#
+# * 0: Creating a local disk is not allowed.
+# * Negative number: Allows unlimited number of local discs.
+# * Positive number: Allows only these many number of local discs.
+# (Default value is 3).
+# (integer value)
+#max_local_block_devices = 3
+
+#
+# A comma-separated list of monitors that can be used for getting
+# compute metrics. You can use the alias/name from the setuptools
+# entry points for nova.compute.monitors.* namespaces. If no
+# namespace is supplied, the "cpu." namespace is assumed for
+# backwards-compatibility.
+#
+# NOTE: Only one monitor per namespace (For example: cpu) can be
+# loaded at
+# a time.
+#
+# Possible values:
+#
+# * An empty list will disable the feature (Default).
+# * An example value that would enable both the CPU and NUMA memory
+# bandwidth monitors that use the virt driver variant:
+#
+# compute_monitors = cpu.virt_driver, numa_mem_bw.virt_driver
+# (list value)
+#compute_monitors =
+
+#
+# The default format an ephemeral_volume will be formatted with on
+# creation.
+#
+# Possible values:
+#
+# * ``ext2``
+# * ``ext3``
+# * ``ext4``
+# * ``xfs``
+# * ``ntfs`` (only for Windows guests)
+# (string value)
+#default_ephemeral_format = <None>
+
+#
+# Determine if instance should boot or fail on VIF plugging timeout.
+#
+# Nova sends a port update to Neutron after an instance has been
+# scheduled,
+# providing Neutron with the necessary information to finish setup of
+# the port.
+# Once completed, Neutron notifies Nova that it has finished setting
+# up the
+# port, at which point Nova resumes the boot of the instance since
+# network
+# connectivity is now supposed to be present. A timeout will occur if
+# the reply
+# is not received after a given interval.
+#
+# This option determines what Nova does when the VIF plugging timeout
+# event
+# happens. When enabled, the instance will error out. When disabled,
+# the
+# instance will continue to boot on the assumption that the port is
+# ready.
+#
+# Possible values:
+#
+# * True: Instances should fail after VIF plugging timeout
+# * False: Instances should continue booting after VIF plugging
+# timeout
+# (boolean value)
+vif_plugging_is_fatal = {{ compute.get('vif_plugging_is_fatal', 'true') }}
+
+#
+# Timeout for Neutron VIF plugging event message arrival.
+#
+# Number of seconds to wait for Neutron vif plugging events to
+# arrive before continuing or failing (see 'vif_plugging_is_fatal').
+#
+# Related options:
+#
+# * vif_plugging_is_fatal - If ``vif_plugging_timeout`` is set to zero
+# and
+# ``vif_plugging_is_fatal`` is False, events should not be expected
+# to
+# arrive at all.
+# (integer value)
+# Minimum value: 0
+vif_plugging_timeout = {{ compute.get('vif_plugging_timeout', '300') }}
+
+# Path to '/etc/network/interfaces' template.
+#
+# The path to a template file for the '/etc/network/interfaces'-style
+# file, which
+# will be populated by nova and subsequently used by cloudinit. This
+# provides a
+# method to configure network connectivity in environments without a
+# DHCP server.
+#
+# The template will be rendered using Jinja2 template engine, and
+# receive a
+# top-level key called ``interfaces``. This key will contain a list of
+# dictionaries, one for each interface.
+#
+# Refer to the cloudinit documentaion for more information:
+#
+# https://cloudinit.readthedocs.io/en/latest/topics/datasources.html
+#
+# Possible values:
+#
+# * A path to a Jinja2-formatted template for a Debian
+# '/etc/network/interfaces'
+# file. This applies even if using a non Debian-derived guest.
+#
+# Related options:
+#
+# * ``flat_inject``: This must be set to ``True`` to ensure nova
+# embeds network
+# configuration information in the metadata provided through the
+# config drive.
+# (string value)
+#injected_network_template = $pybasedir/nova/virt/interfaces.template
+
+#
+# The image preallocation mode to use.
+#
+# Image preallocation allows storage for instance images to be
+# allocated up front
+# when the instance is initially provisioned. This ensures immediate
+# feedback is
+# given if enough space isn't available. In addition, it should
+# significantly
+# improve performance on writes to new blocks and may even improve I/O
+# performance to prewritten blocks due to reduced fragmentation.
+#
+# Possible values:
+#
+# * "none" => no storage provisioning is done up front
+# * "space" => storage is fully allocated at instance start
+# (string value)
+# Possible values:
+# none - <No description provided>
+# space - <No description provided>
+#preallocate_images = none
+{%- if compute.preallocate_images is defined %}
+preallocate_images = {{ compute.preallocate_images }}
+{%- endif %}
+
+#
+# Enable use of copy-on-write (cow) images.
+#
+# QEMU/KVM allow the use of qcow2 as backing files. By disabling this,
+# backing files will not be used.
+# (boolean value)
+#use_cow_images = true
+{%- if compute.image is defined and compute.image.use_cow is defined %}
+use_cow_images = {{ compute.image.use_cow }}
+{%- endif %}
+
+#
+# Force conversion of backing images to raw format.
+#
+# Possible values:
+#
+# * True: Backing image files will be converted to raw image format
+# * False: Backing image files will not be converted
+#
+# Related options:
+#
+# * ``compute_driver``: Only the libvirt driver uses this option.
+# (boolean value)
+#force_raw_images = true
+force_raw_images={{ compute.get('image', {}).get('force_raw', True)|lower }}
+
+#
+# Name of the mkfs commands for ephemeral device.
+#
+# The format is <os_type>=<mkfs command>
+# (multi valued)
+#virt_mkfs =
+
+#
+# Enable resizing of filesystems via a block device.
+#
+# If enabled, attempt to resize the filesystem by accessing the image
+# over a
+# block device. This is done by the host and may not be necessary if
+# the image
+# contains a recent version of cloud-init. Possible mechanisms require
+# the nbd
+# driver (for qcow and raw), or loop (for raw).
+# (boolean value)
+#resize_fs_using_block_device = false
+
+# Amount of time, in seconds, to wait for NBD device start up.
+# (integer value)
+# Minimum value: 0
+#timeout_nbd = 10
+
+#
+# Location of cached images.
+#
+# This is NOT the full path - just a folder name relative to
+# '$instances_path'.
+# For per-compute-host cached images, set to '_base_$my_ip'
+# (string value)
+#image_cache_subdirectory_name = _base
+
+# Should unused base images be removed? (boolean value)
+#remove_unused_base_images = true
+
+#
+# Unused unresized base images younger than this will not be removed.
+# (integer value)
+remove_unused_original_minimum_age_seconds = 86400
+
+#
+# Generic property to specify the pointer type.
+#
+# Input devices allow interaction with a graphical framebuffer. For
+# example to provide a graphic tablet for absolute cursor movement.
+#
+# If set, the 'hw_pointer_model' image property takes precedence over
+# this configuration option.
+#
+# Possible values:
+#
+# * None: Uses default behavior provided by drivers (mouse on PS2 for
+# libvirt x86)
+# * ps2mouse: Uses relative movement. Mouse connected by PS2
+# * usbtablet: Uses absolute movement. Tablet connect by USB
+#
+# Related options:
+#
+# * usbtablet must be configured with VNC enabled or SPICE enabled and
+# SPICE
+# agent disabled. When used with libvirt the instance mode should be
+# configured as HVM.
+# (string value)
+# Possible values:
+# <None> - <No description provided>
+# ps2mouse - <No description provided>
+# usbtablet - <No description provided>
+#pointer_model = usbtablet
+
+#
+# Defines which physical CPUs (pCPUs) can be used by instance
+# virtual CPUs (vCPUs).
+#
+# Possible values:
+#
+# * A comma-separated list of physical CPU numbers that virtual CPUs
+# can be
+# allocated to by default. Each element should be either a single
+# CPU number,
+# a range of CPU numbers, or a caret followed by a CPU number to be
+# excluded from a previous range. For example:
+#
+# vcpu_pin_set = "4-12,^8,15"
+# (string value)
+#vcpu_pin_set = <None>
+{%- if compute.vcpu_pin_set is defined %}
+vcpu_pin_set={{ compute.vcpu_pin_set }}
+{%- endif %}
+
+#
+# Number of huge/large memory pages to reserved per NUMA host cell.
+#
+# Possible values:
+#
+# * A list of valid key=value which reflect NUMA node ID, page size
+# (Default unit is KiB) and number of pages to be reserved.
+#
+# reserved_huge_pages = node:0,size:2048,count:64
+# reserved_huge_pages = node:1,size:1GB,count:1
+#
+# In this example we are reserving on NUMA node 0 64 pages of 2MiB
+# and on NUMA node 1 1 page of 1GiB.
+# (dict value)
+#reserved_huge_pages = <None>
+
+#
+# Amount of disk resources in MB to make them always available to
+# host. The
+# disk usage gets reported back to the scheduler from nova-compute
+# running
+# on the compute nodes. To prevent the disk resources from being
+# considered
+# as available, this option can be used to reserve disk space for that
+# host.
+#
+# Possible values:
+#
+# * Any positive integer representing amount of disk in MB to reserve
+# for the host.
+# (integer value)
+# Minimum value: 0
+#reserved_host_disk_mb = 0
+
+#
+# Amount of memory in MB to reserve for the host so that it is always
+# available
+# to host processes. The host resources usage is reported back to the
+# scheduler
+# continuously from nova-compute running on the compute node. To
+# prevent the host
+# memory from being considered as available, this option is used to
+# reserve
+# memory for the host.
+#
+# Possible values:
+#
+# * Any positive integer representing amount of memory in MB to
+# reserve
+# for the host.
+# (integer value)
+# Minimum value: 0
+#reserved_host_memory_mb = 512
+reserved_host_memory_mb = {{ compute.get('reserved_host_memory_mb', '512') }}
+
+#
+# Number of physical CPUs to reserve for the host. The host resources
+# usage is
+# reported back to the scheduler continuously from nova-compute
+# running on the
+# compute node. To prevent the host CPU from being considered as
+# available,
+# this option is used to reserve random pCPU(s) for the host.
+#
+# Possible values:
+#
+# * Any positive integer representing number of physical CPUs to
+# reserve
+# for the host.
+# (integer value)
+# Minimum value: 0
+#reserved_host_cpus = 0
+
+#
+# This option helps you specify virtual CPU to physical CPU allocation
+# ratio.
+#
+# From Ocata (15.0.0) this is used to influence the hosts selected by
+# the Placement API. Note that when Placement is used, the CoreFilter
+# is redundant, because the Placement API will have already filtered
+# out hosts that would have failed the CoreFilter.
+#
+# This configuration specifies ratio for CoreFilter which can be set
+# per compute node. For AggregateCoreFilter, it will fall back to this
+# configuration value if no per-aggregate setting is found.
+#
+# NOTE: This can be set per-compute, or if set to 0.0, the value
+# set on the scheduler node(s) or compute node(s) will be used
+# and defaulted to 16.0.
+#
+# NOTE: As of the 16.0.0 Pike release, this configuration option is
+# ignored
+# for the ironic.IronicDriver compute driver and is hardcoded to 1.0.
+#
+# Possible values:
+#
+# * Any valid positive integer or float value
+# (floating point value)
+# Minimum value: 0
+#cpu_allocation_ratio = 0.0
+{%- if compute.cpu_allocation_ratio is defined %}
+cpu_allocation_ratio = {{ compute.cpu_allocation_ratio }}
+{%- else %}
+#cpu_allocation_ratio=0.0
+{%- endif %}
+
+#
+# This option helps you specify virtual RAM to physical RAM
+# allocation ratio.
+#
+# From Ocata (15.0.0) this is used to influence the hosts selected by
+# the Placement API. Note that when Placement is used, the RamFilter
+# is redundant, because the Placement API will have already filtered
+# out hosts that would have failed the RamFilter.
+#
+# This configuration specifies ratio for RamFilter which can be set
+# per compute node. For AggregateRamFilter, it will fall back to this
+# configuration value if no per-aggregate setting found.
+#
+# NOTE: This can be set per-compute, or if set to 0.0, the value
+# set on the scheduler node(s) or compute node(s) will be used and
+# defaulted to 1.5.
+#
+# NOTE: As of the 16.0.0 Pike release, this configuration option is
+# ignored
+# for the ironic.IronicDriver compute driver and is hardcoded to 1.0.
+#
+# Possible values:
+#
+# * Any valid positive integer or float value
+# (floating point value)
+# Minimum value: 0
+#ram_allocation_ratio = 0.0
+{%- if compute.ram_allocation_ratio is defined %}
+ram_allocation_ratio = {{ compute.ram_allocation_ratio }}
+{%- else %}
+#ram_allocation_ratio=0.0
+{%- endif %}
+
+#
+# This option helps you specify virtual disk to physical disk
+# allocation ratio.
+#
+# From Ocata (15.0.0) this is used to influence the hosts selected by
+# the Placement API. Note that when Placement is used, the DiskFilter
+# is redundant, because the Placement API will have already filtered
+# out hosts that would have failed the DiskFilter.
+#
+# A ratio greater than 1.0 will result in over-subscription of the
+# available physical disk, which can be useful for more
+# efficiently packing instances created with images that do not
+# use the entire virtual disk, such as sparse or compressed
+# images. It can be set to a value between 0.0 and 1.0 in order
+# to preserve a percentage of the disk for uses other than
+# instances.
+#
+# NOTE: This can be set per-compute, or if set to 0.0, the value
+# set on the scheduler node(s) or compute node(s) will be used and
+# defaulted to 1.0.
+#
+# NOTE: As of the 16.0.0 Pike release, this configuration option is
+# ignored
+# for the ironic.IronicDriver compute driver and is hardcoded to 1.0.
+#
+# Possible values:
+#
+# * Any valid positive integer or float value
+# (floating point value)
+# Minimum value: 0
+#disk_allocation_ratio = 0.0
+
+#
+# Console proxy host to be used to connect to instances on this host.
+# It is the
+# publicly visible name for the console host.
+#
+# Possible values:
+#
+# * Current hostname (default) or any string representing hostname.
+# (string value)
+#console_host = <current_hostname>
+
+#
+# Name of the network to be used to set access IPs for instances. If
+# there are
+# multiple IPs to choose from, an arbitrary one will be chosen.
+#
+# Possible values:
+#
+# * None (default)
+# * Any string representing network name.
+# (string value)
+#default_access_ip_network_name = <None>
+
+#
+# Whether to batch up the application of IPTables rules during a host
+# restart
+# and apply all at the end of the init phase.
+# (boolean value)
+#defer_iptables_apply = false
+
+#
+# Specifies where instances are stored on the hypervisor's disk.
+# It can point to locally attached storage or a directory on NFS.
+#
+# Possible values:
+#
+# * $state_path/instances where state_path is a config option that
+# specifies
+# the top-level directory for maintaining nova's state. (default) or
+# Any string representing directory path.
+# (string value)
+instances_path = {{ compute.instances_path }}
+
+#
+# This option enables periodic compute.instance.exists notifications.
+# Each
+# compute node must be configured to generate system usage data. These
+# notifications are consumed by OpenStack Telemetry service.
+# (boolean value)
+#instance_usage_audit = false
+
+#
+# Maximum number of 1 second retries in live_migration. It specifies
+# number
+# of retries to iptables when it complains. It happens when an user
+# continuously
+# sends live-migration request to same host leading to concurrent
+# request
+# to iptables.
+#
+# Possible values:
+#
+# * Any positive integer representing retry count.
+# (integer value)
+# Minimum value: 0
+#live_migration_retry_count = 30
+
+#
+# This option specifies whether to start guests that were running
+# before the
+# host rebooted. It ensures that all of the instances on a Nova
+# compute node
+# resume their state each time the compute node boots or restarts.
+# (boolean value)
+resume_guests_state_on_host_boot = {{ compute.get('resume_guests_state_on_host_boot', True) }}
+
+#
+# Number of times to retry network allocation. It is required to
+# attempt network
+# allocation retries if the virtual interface plug fails.
+#
+# Possible values:
+#
+# * Any positive integer representing retry count.
+# (integer value)
+# Minimum value: 0
+#network_allocate_retries = 0
+
+#
+# Limits the maximum number of instance builds to run concurrently by
+# nova-compute. Compute service can attempt to build an infinite
+# number of
+# instances, if asked to do so. This limit is enforced to avoid
+# building
+# unlimited instance concurrently on a compute node. This value can be
+# set
+# per compute node.
+#
+# Possible Values:
+#
+# * 0 : treated as unlimited.
+# * Any positive integer representing maximum concurrent builds.
+# (integer value)
+# Minimum value: 0
+#max_concurrent_builds = 10
+
+#
+# Maximum number of live migrations to run concurrently. This limit is
+# enforced
+# to avoid outbound live migrations overwhelming the host/network and
+# causing
+# failures. It is not recommended that you change this unless you are
+# very sure
+# that doing so is safe and stable in your environment.
+#
+# Possible values:
+#
+# * 0 : treated as unlimited.
+# * Negative value defaults to 0.
+# * Any positive integer representing maximum number of live
+# migrations
+# to run concurrently.
+# (integer value)
+#max_concurrent_live_migrations = 1
+{%- if compute.max_concurrent_live_migrations is defined %}
+max_concurrent_live_migrations = {{ compute.max_concurrent_live_migrations }}
+{%- endif %}
+
+#
+# Number of times to retry block device allocation on failures.
+# Starting with
+# Liberty, Cinder can use image volume cache. This may help with block
+# device
+# allocation performance. Look at the cinder
+# image_volume_cache_enabled
+# configuration option.
+#
+# Possible values:
+#
+# * 60 (default)
+# * If value is 0, then one attempt is made.
+# * Any negative value is treated as 0.
+# * For any value > 0, total attempts are (value + 1)
+# (integer value)
+block_device_allocate_retries = {{ compute.get('block_device_allocate_retries', '600') }}
+
+#
+# Number of greenthreads available for use to sync power states.
+#
+# This option can be used to reduce the number of concurrent requests
+# made to the hypervisor or system with real instance power states
+# for performance reasons, for example, with Ironic.
+#
+# Possible values:
+#
+# * Any positive integer representing greenthreads count.
+# (integer value)
+#sync_power_state_pool_size = 1000
+
+#
+# Number of seconds to wait between runs of the image cache manager.
+#
+# Possible values:
+# * 0: run at the default rate.
+# * -1: disable
+# * Any other value
+# (integer value)
+# Minimum value: -1
+image_cache_manager_interval = 0
+
+#
+# Interval to pull network bandwidth usage info.
+#
+# Not supported on all hypervisors. If a hypervisor doesn't support
+# bandwidth
+# usage, it will not get the info in the usage events.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+# (integer value)
+#bandwidth_poll_interval = 600
+
+#
+# Interval to sync power states between the database and the
+# hypervisor.
+#
+# The interval that Nova checks the actual virtual machine power state
+# and the power state that Nova has in its database. If a user powers
+# down their VM, Nova updates the API to report the VM has been
+# powered down. Should something turn on the VM unexpectedly,
+# Nova will turn the VM back off to keep the system in the expected
+# state.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+#
+# Related options:
+#
+# * If ``handle_virt_lifecycle_events`` in workarounds_group is
+# false and this option is negative, then instances that get out
+# of sync between the hypervisor and the Nova database will have
+# to be synchronized manually.
+# (integer value)
+#sync_power_state_interval = 600
+
+#
+# Interval between instance network information cache updates.
+#
+# Number of seconds after which each compute node runs the task of
+# querying Neutron for all of its instances networking information,
+# then updates the Nova db with that information. Nova will never
+# update it's cache if this option is set to 0. If we don't update the
+# cache, the metadata service and nova-api endpoints will be proxying
+# incorrect network data about the instance. So, it is not recommended
+# to set this option to 0.
+#
+# Possible values:
+#
+# * Any positive integer in seconds.
+# * Any value <=0 will disable the sync. This is not recommended.
+# (integer value)
+#heal_instance_info_cache_interval = 60
+heal_instance_info_cache_interval = {{ compute.heal_instance_info_cache_interval }}
+
+#
+# Interval for reclaiming deleted instances.
+#
+# A value greater than 0 will enable SOFT_DELETE of instances.
+# This option decides whether the server to be deleted will be put
+# into
+# the SOFT_DELETED state. If this value is greater than 0, the deleted
+# server will not be deleted immediately, instead it will be put into
+# a queue until it's too old (deleted time greater than the value of
+# reclaim_instance_interval). The server can be recovered from the
+# delete queue by using the restore action. If the deleted server
+# remains
+# longer than the value of reclaim_instance_interval, it will be
+# deleted by a periodic task in the compute service automatically.
+#
+# Note that this option is read from both the API and compute nodes,
+# and
+# must be set globally otherwise servers could be put into a soft
+# deleted
+# state in the API and never actually reclaimed (deleted) on the
+# compute
+# node.
+#
+# Possible values:
+#
+# * Any positive integer(in seconds) greater than 0 will enable
+# this option.
+# * Any value <=0 will disable the option.
+# (integer value)
+#reclaim_instance_interval = 0
+
+#
+# Interval for gathering volume usages.
+#
+# This option updates the volume usage cache for every
+# volume_usage_poll_interval number of seconds.
+#
+# Possible values:
+#
+# * Any positive integer(in seconds) greater than 0 will enable
+# this option.
+# * Any value <=0 will disable the option.
+# (integer value)
+#volume_usage_poll_interval = 0
+
+#
+# Interval for polling shelved instances to offload.
+#
+# The periodic task runs for every shelved_poll_interval number
+# of seconds and checks if there are any shelved instances. If it
+# finds a shelved instance, based on the 'shelved_offload_time' config
+# value it offloads the shelved instances. Check
+# 'shelved_offload_time'
+# config option description for details.
+#
+# Possible values:
+#
+# * Any value <= 0: Disables the option.
+# * Any positive integer in seconds.
+#
+# Related options:
+#
+# * ``shelved_offload_time``
+# (integer value)
+#shelved_poll_interval = 3600
+
+#
+# Time before a shelved instance is eligible for removal from a host.
+#
+# By default this option is set to 0 and the shelved instance will be
+# removed from the hypervisor immediately after shelve operation.
+# Otherwise, the instance will be kept for the value of
+# shelved_offload_time(in seconds) so that during the time period the
+# unshelve action will be faster, then the periodic task will remove
+# the instance from hypervisor after shelved_offload_time passes.
+#
+# Possible values:
+#
+# * 0: Instance will be immediately offloaded after being
+# shelved.
+# * Any value < 0: An instance will never offload.
+# * Any positive integer in seconds: The instance will exist for
+# the specified number of seconds before being offloaded.
+# (integer value)
+#shelved_offload_time = 0
+
+#
+# Interval for retrying failed instance file deletes.
+#
+# This option depends on 'maximum_instance_delete_attempts'.
+# This option specifies how often to retry deletes whereas
+# 'maximum_instance_delete_attempts' specifies the maximum number
+# of retry attempts that can be made.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+#
+# Related options:
+#
+# * ``maximum_instance_delete_attempts`` from instance_cleaning_opts
+# group.
+# (integer value)
+#instance_delete_interval = 300
+
+#
+# Interval (in seconds) between block device allocation retries on
+# failures.
+#
+# This option allows the user to specify the time interval between
+# consecutive retries. 'block_device_allocate_retries' option
+# specifies
+# the maximum number of retries.
+#
+# Possible values:
+#
+# * 0: Disables the option.
+# * Any positive integer in seconds enables the option.
+#
+# Related options:
+#
+# * ``block_device_allocate_retries`` in compute_manager_opts group.
+# (integer value)
+# Minimum value: 0
+block_device_allocate_retries_interval = {{ compute.get('block_device_allocate_retries_interval', '10') }}
+
+#
+# Interval between sending the scheduler a list of current instance
+# UUIDs to
+# verify that its view of instances is in sync with nova.
+#
+# If the CONF option 'scheduler_tracks_instance_changes' is
+# False, the sync calls will not be made. So, changing this option
+# will
+# have no effect.
+#
+# If the out of sync situations are not very common, this interval
+# can be increased to lower the number of RPC messages being sent.
+# Likewise, if sync issues turn out to be a problem, the interval
+# can be lowered to check more frequently.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+#
+# Related options:
+#
+# * This option has no impact if ``scheduler_tracks_instance_changes``
+# is set to False.
+# (integer value)
+#scheduler_instance_sync_interval = 120
+
+#
+# Interval for updating compute resources.
+#
+# This option specifies how often the update_available_resources
+# periodic task should run. A number less than 0 means to disable the
+# task completely. Leaving this at the default of 0 will cause this to
+# run at the default periodic interval. Setting it to any positive
+# value will cause it to run at approximately that number of seconds.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+# (integer value)
+#update_resources_interval = 0
+
+#
+# Time interval after which an instance is hard rebooted
+# automatically.
+#
+# When doing a soft reboot, it is possible that a guest kernel is
+# completely hung in a way that causes the soft reboot task
+# to not ever finish. Setting this option to a time period in seconds
+# will automatically hard reboot an instance if it has been stuck
+# in a rebooting state longer than N seconds.
+#
+# Possible values:
+#
+# * 0: Disables the option (default).
+# * Any positive integer in seconds: Enables the option.
+# (integer value)
+# Minimum value: 0
+#reboot_timeout = 0
+
+#
+# Maximum time in seconds that an instance can take to build.
+#
+# If this timer expires, instance status will be changed to ERROR.
+# Enabling this option will make sure an instance will not be stuck
+# in BUILD state for a longer period.
+#
+# Possible values:
+#
+# * 0: Disables the option (default)
+# * Any positive integer in seconds: Enables the option.
+# (integer value)
+# Minimum value: 0
+#instance_build_timeout = 0
+
+#
+# Interval to wait before un-rescuing an instance stuck in RESCUE.
+#
+# Possible values:
+#
+# * 0: Disables the option (default)
+# * Any positive integer in seconds: Enables the option.
+# (integer value)
+# Minimum value: 0
+#rescue_timeout = 0
+
+#
+# Automatically confirm resizes after N seconds.
+#
+# Resize functionality will save the existing server before resizing.
+# After the resize completes, user is requested to confirm the resize.
+# The user has the opportunity to either confirm or revert all
+# changes. Confirm resize removes the original server and changes
+# server status from resized to active. Setting this option to a time
+# period (in seconds) will automatically confirm the resize if the
+# server is in resized state longer than that time.
+#
+# Possible values:
+#
+# * 0: Disables the option (default)
+# * Any positive integer in seconds: Enables the option.
+# (integer value)
+# Minimum value: 0
+#resize_confirm_window = 0
+
+#
+# Total time to wait in seconds for an instance toperform a clean
+# shutdown.
+#
+# It determines the overall period (in seconds) a VM is allowed to
+# perform a clean shutdown. While performing stop, rescue and shelve,
+# rebuild operations, configuring this option gives the VM a chance
+# to perform a controlled shutdown before the instance is powered off.
+# The default timeout is 60 seconds.
+#
+# The timeout value can be overridden on a per image basis by means
+# of os_shutdown_timeout that is an image metadata setting allowing
+# different types of operating systems to specify how much time they
+# need to shut down cleanly.
+#
+# Possible values:
+#
+# * Any positive integer in seconds (default value is 60).
+# (integer value)
+# Minimum value: 1
+#shutdown_timeout = 60
+
+#
+# The compute service periodically checks for instances that have been
+# deleted in the database but remain running on the compute node. The
+# above option enables action to be taken when such instances are
+# identified.
+#
+# Possible values:
+#
+# * reap: Powers down the instances and deletes them(default)
+# * log: Logs warning message about deletion of the resource
+# * shutdown: Powers down instances and marks them as non-
+# bootable which can be later used for debugging/analysis
+# * noop: Takes no action
+#
+# Related options:
+#
+# * running_deleted_instance_poll_interval
+# * running_deleted_instance_timeout
+# (string value)
+# Possible values:
+# noop - <No description provided>
+# log - <No description provided>
+# shutdown - <No description provided>
+# reap - <No description provided>
+#running_deleted_instance_action = reap
+
+#
+# Time interval in seconds to wait between runs for the clean up
+# action.
+# If set to 0, above check will be disabled. If
+# "running_deleted_instance
+# _action" is set to "log" or "reap", a value greater than 0 must be
+# set.
+#
+# Possible values:
+#
+# * Any positive integer in seconds enables the option.
+# * 0: Disables the option.
+# * 1800: Default value.
+#
+# Related options:
+#
+# * running_deleted_instance_action
+# (integer value)
+#running_deleted_instance_poll_interval = 1800
+
+#
+# Time interval in seconds to wait for the instances that have
+# been marked as deleted in database to be eligible for cleanup.
+#
+# Possible values:
+#
+# * Any positive integer in seconds(default is 0).
+#
+# Related options:
+#
+# * "running_deleted_instance_action"
+# (integer value)
+#running_deleted_instance_timeout = 0
+
+#
+# The number of times to attempt to reap an instance's files.
+#
+# This option specifies the maximum number of retry attempts
+# that can be made.
+#
+# Possible values:
+#
+# * Any positive integer defines how many attempts are made.
+# * Any value <=0 means no delete attempts occur, but you should use
+# ``instance_delete_interval`` to disable the delete attempts.
+#
+# Related options:
+# * ``instance_delete_interval`` in interval_opts group can be used to
+# disable
+# this option.
+# (integer value)
+#maximum_instance_delete_attempts = 5
+
+#
+# Sets the scope of the check for unique instance names.
+#
+# The default doesn't check for unique names. If a scope for the name
+# check is
+# set, a launch of a new instance or an update of an existing instance
+# with a
+# duplicate name will result in an ''InstanceExists'' error. The
+# uniqueness is
+# case-insensitive. Setting this option can increase the usability for
+# end
+# users as they don't have to distinguish among instances with the
+# same name
+# by their IDs.
+#
+# Possible values:
+#
+# * '': An empty value means that no uniqueness check is done and
+# duplicate
+# names are possible.
+# * "project": The instance name check is done only for instances
+# within the
+# same project.
+# * "global": The instance name check is done for all instances
+# regardless of
+# the project.
+# (string value)
+# Possible values:
+# '' - <No description provided>
+# project - <No description provided>
+# global - <No description provided>
+#osapi_compute_unique_server_name_scope =
+
+#
+# Enable new nova-compute services on this host automatically.
+#
+# When a new nova-compute service starts up, it gets
+# registered in the database as an enabled service. Sometimes it can
+# be useful
+# to register new compute services in disabled state and then enabled
+# them at a
+# later point in time. This option only sets this behavior for nova-
+# compute
+# services, it does not auto-disable other services like nova-
+# conductor,
+# nova-scheduler, nova-consoleauth, or nova-osapi_compute.
+#
+# Possible values:
+#
+# * ``True``: Each new compute service is enabled as soon as it
+# registers itself.
+# * ``False``: Compute services must be enabled via an os-services
+# REST API call
+# or with the CLI with ``nova service-enable <hostname> <binary>``,
+# otherwise
+# they are not ready to use.
+# (boolean value)
+#enable_new_services = true
+
+#
+# Template string to be used to generate instance names.
+#
+# This template controls the creation of the database name of an
+# instance. This
+# is *not* the display name you enter when creating an instance (via
+# Horizon
+# or CLI). For a new deployment it is advisable to change the default
+# value
+# (which uses the database autoincrement) to another value which makes
+# use
+# of the attributes of an instance, like ``instance-%(uuid)s``. If you
+# already have instances in your deployment when you change this, your
+# deployment will break.
+#
+# Possible values:
+#
+# * A string which either uses the instance database ID (like the
+# default)
+# * A string with a list of named database columns, for example
+# ``%(id)d``
+# or ``%(uuid)s`` or ``%(hostname)s``.
+#
+# Related options:
+#
+# * not to be confused with: ``multi_instance_display_name_template``
+# (string value)
+#instance_name_template = instance-%08x
+
+#
+# Number of times to retry live-migration before failing.
+#
+# Possible values:
+#
+# * If == -1, try until out of hosts (default)
+# * If == 0, only try once, no retries
+# * Integer greater than 0
+# (integer value)
+# Minimum value: -1
+#migrate_max_retries = -1
+
+#
+# Configuration drive format
+#
+# Configuration drive format that will contain metadata attached to
+# the
+# instance when it boots.
+#
+# Possible values:
+#
+# * iso9660: A file system image standard that is widely supported
+# across
+# operating systems. NOTE: Mind the libvirt bug
+# (https://bugs.launchpad.net/nova/+bug/1246201) - If your
+# hypervisor
+# driver is libvirt, and you want live migrate to work without
+# shared storage,
+# then use VFAT.
+# * vfat: For legacy reasons, you can configure the configuration
+# drive to
+# use VFAT format instead of ISO 9660.
+#
+# Related options:
+#
+# * This option is meaningful when one of the following alternatives
+# occur:
+# 1. force_config_drive option set to 'true'
+# 2. the REST API call to create the instance contains an enable
+# flag for
+# config drive option
+# 3. the image used to create the instance requires a config drive,
+# this is defined by img_config_drive property for that image.
+# * A compute node running Hyper-V hypervisor can be configured to
+# attach
+# configuration drive as a CD drive. To attach the configuration
+# drive as a CD
+# drive, set config_drive_cdrom option at hyperv section, to true.
+# (string value)
+# Possible values:
+# iso9660 - <No description provided>
+# vfat - <No description provided>
+#config_drive_format = iso9660
+config_drive_format={{ compute.get('config_drive_format', compute.get('config_drive', {}).get('format', 'vfat')) }}
+
+#
+# Force injection to take place on a config drive
+#
+# When this option is set to true configuration drive functionality
+# will be
+# forced enabled by default, otherwise user can still enable
+# configuration
+# drives via the REST API or image metadata properties.
+#
+# Possible values:
+#
+# * True: Force to use of configuration drive regardless the user's
+# input in the
+# REST API call.
+# * False: Do not force use of configuration drive. Config drives can
+# still be
+# enabled via the REST API or image metadata properties.
+#
+# Related options:
+#
+# * Use the 'mkisofs_cmd' flag to set the path where you install the
+# genisoimage program. If genisoimage is in same path as the
+# nova-compute service, you do not need to set this flag.
+# * To use configuration drive with Hyper-V, you must set the
+# 'mkisofs_cmd' value to the full path to an mkisofs.exe
+# installation.
+# Additionally, you must set the qemu_img_cmd value in the hyperv
+# configuration section to the full path to an qemu-img command
+# installation.
+# (boolean value)
+#force_config_drive = false
+force_config_drive={{ compute.get('config_drive', {}).get('forced', True)|lower }}
+
+#
+# Name or path of the tool used for ISO image creation
+#
+# Use the mkisofs_cmd flag to set the path where you install the
+# genisoimage
+# program. If genisoimage is on the system path, you do not need to
+# change
+# the default value.
+#
+# To use configuration drive with Hyper-V, you must set the
+# mkisofs_cmd value
+# to the full path to an mkisofs.exe installation. Additionally, you
+# must set
+# the qemu_img_cmd value in the hyperv configuration section to the
+# full path
+# to an qemu-img command installation.
+#
+# Possible values:
+#
+# * Name of the ISO image creator program, in case it is in the same
+# directory
+# as the nova-compute service
+# * Path to ISO image creator program
+#
+# Related options:
+#
+# * This option is meaningful when config drives are enabled.
+# * To use configuration drive with Hyper-V, you must set the
+# qemu_img_cmd
+# value in the hyperv configuration section to the full path to an
+# qemu-img
+# command installation.
+# (string value)
+#mkisofs_cmd = genisoimage
+
+# DEPRECATED: The driver to use for database access (string value)
+# This option is deprecated for removal since 13.0.0.
+# Its value may be silently ignored in the future.
+#db_driver = nova.db
+
+# DEPRECATED:
+# Default flavor to use for the EC2 API only.
+# The Nova API does not support a default flavor.
+# (string value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: The EC2 API is deprecated.
+#default_flavor = m1.small
+
+#
+# The IP address which the host is using to connect to the management
+# network.
+#
+# Possible values:
+#
+# * String with valid IP address. Default is IPv4 address of this
+# host.
+#
+# Related options:
+#
+# * metadata_host
+# * my_block_storage_ip
+# * routing_source_ip
+# * vpn_ip
+# (string value)
+#my_ip = <host_ipv4>
+{%- if compute.my_ip is defined %}
+my_ip={{ compute.my_ip }}
+{%- endif %}
+
+#
+# The IP address which is used to connect to the block storage
+# network.
+#
+# Possible values:
+#
+# * String with valid IP address. Default is IP address of this host.
+#
+# Related options:
+#
+# * my_ip - if my_block_storage_ip is not set, then my_ip value is
+# used.
+# (string value)
+#my_block_storage_ip = $my_ip
+
+#
+# Hostname, FQDN or IP address of this host.
+#
+# Used as:
+#
+# * the oslo.messaging queue name for nova-compute worker
+# * we use this value for the binding_host sent to neutron. This means
+# if you use
+# a neutron agent, it should have the same value for host.
+# * cinder host attachment information
+#
+# Must be valid within AMQP key.
+#
+# Possible values:
+#
+# * String with hostname, FQDN or IP address. Default is hostname of
+# this host.
+# (string value)
+#host = <current_hostname>
+{%- if compute.host is defined %}
+host={{ compute.host }}
+{%- endif %}
+
+# DEPRECATED:
+# This option is a list of full paths to one or more configuration
+# files for
+# dhcpbridge. In most cases the default path of '/etc/nova/nova-
+# dhcpbridge.conf'
+# should be sufficient, but if you have special needs for configuring
+# dhcpbridge,
+# you can change or add to this list.
+#
+# Possible values
+#
+# * A list of strings, where each string is the full path to a
+# dhcpbridge
+# configuration file.
+# (multi valued)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#dhcpbridge_flagfile = /etc/nova/nova.conf
+
+# DEPRECATED:
+# The location where the network configuration files will be kept. The
+# default is
+# the 'networks' directory off of the location where nova's Python
+# module is
+# installed.
+#
+# Possible values
+#
+# * A string containing the full path to the desired configuration
+# directory
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#networks_path = $state_path/networks
+
+# DEPRECATED:
+# This is the name of the network interface for public IP addresses.
+# The default
+# is 'eth0'.
+#
+# Possible values:
+#
+# * Any string representing a network interface name
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#public_interface = eth0
+
+# DEPRECATED:
+# The location of the binary nova-dhcpbridge. By default it is the
+# binary named
+# 'nova-dhcpbridge' that is installed with all the other nova
+# binaries.
+#
+# Possible values:
+#
+# * Any string representing the full path to the binary for dhcpbridge
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#dhcpbridge = $bindir/nova-dhcpbridge
+
+# DEPRECATED:
+# The public IP address of the network host.
+#
+# This is used when creating an SNAT rule.
+#
+# Possible values:
+#
+# * Any valid IP address
+#
+# Related options:
+#
+# * ``force_snat_range``
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#routing_source_ip = $my_ip
+
+# DEPRECATED:
+# The lifetime of a DHCP lease, in seconds. The default is 86400 (one
+# day).
+#
+# Possible values:
+#
+# * Any positive integer value.
+# (integer value)
+# Minimum value: 1
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#dhcp_lease_time = 86400
+
+# DEPRECATED:
+# Despite the singular form of the name of this option, it is actually
+# a list of
+# zero or more server addresses that dnsmasq will use for DNS
+# nameservers. If
+# this is not empty, dnsmasq will not read /etc/resolv.conf, but will
+# only use
+# the servers specified in this option. If the option
+# use_network_dns_servers is
+# True, the dns1 and dns2 servers from the network will be appended to
+# this list,
+# and will be used as DNS servers, too.
+#
+# Possible values:
+#
+# * A list of strings, where each string is either an IP address or a
+# FQDN.
+#
+# Related options:
+#
+# * ``use_network_dns_servers``
+# (multi valued)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#dns_server =
+
+# DEPRECATED:
+# When this option is set to True, the dns1 and dns2 servers for the
+# network
+# specified by the user on boot will be used for DNS, as well as any
+# specified in
+# the `dns_server` option.
+#
+# Related options:
+#
+# * ``dns_server``
+# (boolean value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#use_network_dns_servers = false
+
+# DEPRECATED:
+# This option is a list of zero or more IP address ranges in your
+# network's DMZ
+# that should be accepted.
+#
+# Possible values:
+#
+# * A list of strings, each of which should be a valid CIDR.
+# (list value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#dmz_cidr =
+
+# DEPRECATED:
+# This is a list of zero or more IP ranges that traffic from the
+# `routing_source_ip` will be SNATted to. If the list is empty, then
+# no SNAT
+# rules are created.
+#
+# Possible values:
+#
+# * A list of strings, each of which should be a valid CIDR.
+#
+# Related options:
+#
+# * ``routing_source_ip``
+# (multi valued)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#force_snat_range =
+
+# DEPRECATED:
+# The path to the custom dnsmasq configuration file, if any.
+#
+# Possible values:
+#
+# * The full path to the configuration file, or an empty string if
+# there is no
+# custom dnsmasq configuration file.
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#dnsmasq_config_file =
+
+# DEPRECATED:
+# This is the class used as the ethernet device driver for linuxnet
+# bridge
+# operations. The default value should be all you need for most cases,
+# but if you
+# wish to use a customized class, set this option to the full dot-
+# separated
+# import path for that class.
+#
+# Possible values:
+#
+# * Any string representing a dot-separated class path that Nova can
+# import.
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#linuxnet_interface_driver = nova.network.linux_net.LinuxBridgeInterfaceDriver
+
+# DEPRECATED:
+# The name of the Open vSwitch bridge that is used with linuxnet when
+# connecting
+# with Open vSwitch."
+#
+# Possible values:
+#
+# * Any string representing a valid bridge name.
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#linuxnet_ovs_integration_bridge = br-int
+
+#
+# When True, when a device starts up, and upon binding floating IP
+# addresses, arp
+# messages will be sent to ensure that the arp caches on the compute
+# hosts are
+# up-to-date.
+#
+# Related options:
+#
+# * ``send_arp_for_ha_count``
+# (boolean value)
+#send_arp_for_ha = false
+
+#
+# When arp messages are configured to be sent, they will be sent with
+# the count
+# set to the value of this option. Of course, if this is set to zero,
+# no arp
+# messages will be sent.
+#
+# Possible values:
+#
+# * Any integer greater than or equal to 0
+#
+# Related options:
+#
+# * ``send_arp_for_ha``
+# (integer value)
+#send_arp_for_ha_count = 3
+
+# DEPRECATED:
+# When set to True, only the firt nic of a VM will get its default
+# gateway from
+# the DHCP server.
+# (boolean value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#use_single_default_gateway = false
+
+# DEPRECATED:
+# One or more interfaces that bridges can forward traffic to. If any
+# of the items
+# in this list is the special keyword 'all', then all traffic will be
+# forwarded.
+#
+# Possible values:
+#
+# * A list of zero or more interface names, or the word 'all'.
+# (multi valued)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#forward_bridge_interface = all
+
+#
+# This option determines the IP address for the network metadata API
+# server.
+#
+# This is really the client side of the metadata host equation that
+# allows
+# nova-network to find the metadata server when doing a default multi
+# host
+# networking.
+#
+# Possible values:
+#
+# * Any valid IP address. The default is the address of the Nova API
+# server.
+#
+# Related options:
+#
+# * ``metadata_port``
+# (string value)
+#metadata_host = $my_ip
+
+# DEPRECATED:
+# This option determines the port used for the metadata API server.
+#
+# Related options:
+#
+# * ``metadata_host``
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#metadata_port = 8775
+
+# DEPRECATED:
+# This expression, if defined, will select any matching iptables rules
+# and place
+# them at the top when applying metadata changes to the rules.
+#
+# Possible values:
+#
+# * Any string representing a valid regular expression, or an empty
+# string
+#
+# Related options:
+#
+# * ``iptables_bottom_regex``
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#iptables_top_regex =
+
+# DEPRECATED:
+# This expression, if defined, will select any matching iptables rules
+# and place
+# them at the bottom when applying metadata changes to the rules.
+#
+# Possible values:
+#
+# * Any string representing a valid regular expression, or an empty
+# string
+#
+# Related options:
+#
+# * iptables_top_regex
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#iptables_bottom_regex =
+
+# DEPRECATED:
+# By default, packets that do not pass the firewall are DROPped. In
+# many cases,
+# though, an operator may find it more useful to change this from DROP
+# to REJECT,
+# so that the user issuing those packets may have a better idea as to
+# what's
+# going on, or LOGDROP in order to record the blocked traffic before
+# DROPping.
+#
+# Possible values:
+#
+# * A string representing an iptables chain. The default is DROP.
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#iptables_drop_action = DROP
+
+# DEPRECATED:
+# This option represents the period of time, in seconds, that the
+# ovs_vsctl calls
+# will wait for a response from the database before timing out. A
+# setting of 0
+# means that the utility should wait forever for a response.
+#
+# Possible values:
+#
+# * Any positive integer if a limited timeout is desired, or zero if
+# the calls
+# should wait forever for a response.
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ovs_vsctl_timeout = 120
+
+# DEPRECATED:
+# This option is used mainly in testing to avoid calls to the
+# underlying network
+# utilities.
+# (boolean value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#fake_network = false
+
+# DEPRECATED:
+# This option determines the number of times to retry ebtables
+# commands before
+# giving up. The minimum number of retries is 1.
+#
+# Possible values:
+#
+# * Any positive integer
+#
+# Related options:
+#
+# * ``ebtables_retry_interval``
+# (integer value)
+# Minimum value: 1
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ebtables_exec_attempts = 3
+
+# DEPRECATED:
+# This option determines the time, in seconds, that the system will
+# sleep in
+# between ebtables retries. Note that each successive retry waits a
+# multiple of
+# this value, so for example, if this is set to the default of 1.0
+# seconds, and
+# ebtables_exec_attempts is 4, after the first failure, the system
+# will sleep for
+# 1 * 1.0 seconds, after the second failure it will sleep 2 * 1.0
+# seconds, and
+# after the third failure it will sleep 3 * 1.0 seconds.
+#
+# Possible values:
+#
+# * Any non-negative float or integer. Setting this to zero will
+# result in no
+# waiting between attempts.
+#
+# Related options:
+#
+# * ebtables_exec_attempts
+# (floating point value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ebtables_retry_interval = 1.0
+
+# DEPRECATED:
+# Enable neutron as the backend for networking.
+#
+# Determine whether to use Neutron or Nova Network as the back end.
+# Set to true
+# to use neutron.
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#use_neutron = true
+
+#
+# This option determines whether the network setup information is
+# injected into
+# the VM before it is booted. While it was originally designed to be
+# used only
+# by nova-network, it is also used by the vmware and xenapi virt
+# drivers to
+# control whether network information is injected into a VM. The
+# libvirt virt
+# driver also uses it when we use config_drive to configure network to
+# control
+# whether network information is injected into a VM.
+# (boolean value)
+#flat_injected = false
+
+# DEPRECATED:
+# This option determines the bridge used for simple network interfaces
+# when no
+# bridge is specified in the VM creation request.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# * Any string representing a valid network bridge, such as 'br100'
+#
+# Related options:
+#
+# * ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#flat_network_bridge = <None>
+
+# DEPRECATED:
+# This is the address of the DNS server for a simple network. If this
+# option is
+# not specified, the default of '8.8.4.4' is used.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# * Any valid IP address.
+#
+# Related options:
+#
+# * ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#flat_network_dns = 8.8.4.4
+
+# DEPRECATED:
+# This option is the name of the virtual interface of the VM on which
+# the bridge
+# will be built. While it was originally designed to be used only by
+# nova-network, it is also used by libvirt for the bridge interface
+# name.
+#
+# Possible values:
+#
+# * Any valid virtual interface name, such as 'eth0'
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#flat_interface = <None>
+
+# DEPRECATED:
+# This is the VLAN number used for private networks. Note that the
+# when creating
+# the networks, if the specified number has already been assigned,
+# nova-network
+# will increment this number until it finds an available VLAN.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment. It also will be ignored if the
+# configuration option
+# for `network_manager` is not set to the default of
+# 'nova.network.manager.VlanManager'.
+#
+# Possible values:
+#
+# * Any integer between 1 and 4094. Values outside of that range will
+# raise a
+# ValueError exception.
+#
+# Related options:
+#
+# * ``network_manager``
+# * ``use_neutron``
+# (integer value)
+# Minimum value: 1
+# Maximum value: 4094
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#vlan_start = 100
+
+# DEPRECATED:
+# This option is the name of the virtual interface of the VM on which
+# the VLAN
+# bridge will be built. While it was originally designed to be used
+# only by
+# nova-network, it is also used by libvirt and xenapi for the bridge
+# interface
+# name.
+#
+# Please note that this setting will be ignored in nova-network if the
+# configuration option for `network_manager` is not set to the default
+# of
+# 'nova.network.manager.VlanManager'.
+#
+# Possible values:
+#
+# * Any valid virtual interface name, such as 'eth0'
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options. While
+# this option has an effect when using neutron, it incorrectly
+# override the value
+# provided by neutron and should therefore not be used.
+#vlan_interface = <None>
+
+# DEPRECATED:
+# This option represents the number of networks to create if not
+# explicitly
+# specified when the network is created. The only time this is used is
+# if a CIDR
+# is specified, but an explicit network_size is not. In that case, the
+# subnets
+# are created by diving the IP address space of the CIDR by
+# num_networks. The
+# resulting subnet sizes cannot be larger than the configuration
+# option
+# `network_size`; in that event, they are reduced to `network_size`,
+# and a
+# warning is logged.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# * Any positive integer is technically valid, although there are
+# practical
+# limits based upon available IP address space and virtual
+# interfaces.
+#
+# Related options:
+#
+# * ``use_neutron``
+# * ``network_size``
+# (integer value)
+# Minimum value: 1
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#num_networks = 1
+
+# DEPRECATED:
+# This option is no longer used since the /os-cloudpipe API was
+# removed in the
+# 16.0.0 Pike release. This is the public IP address for the cloudpipe
+# VPN
+# servers. It defaults to the IP address of the host.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment. It also will be ignored if the
+# configuration option
+# for `network_manager` is not set to the default of
+# 'nova.network.manager.VlanManager'.
+#
+# Possible values:
+#
+# * Any valid IP address. The default is ``$my_ip``, the IP address of
+# the VM.
+#
+# Related options:
+#
+# * ``network_manager``
+# * ``use_neutron``
+# * ``vpn_start``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#vpn_ip = $my_ip
+
+# DEPRECATED:
+# This is the port number to use as the first VPN port for private
+# networks.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment. It also will be ignored if the
+# configuration option
+# for `network_manager` is not set to the default of
+# 'nova.network.manager.VlanManager', or if you specify a value the
+# 'vpn_start'
+# parameter when creating a network.
+#
+# Possible values:
+#
+# * Any integer representing a valid port number. The default is 1000.
+#
+# Related options:
+#
+# * ``use_neutron``
+# * ``vpn_ip``
+# * ``network_manager``
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#vpn_start = 1000
+
+# DEPRECATED:
+# This option determines the number of addresses in each private
+# subnet.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# * Any positive integer that is less than or equal to the available
+# network
+# size. Note that if you are creating multiple networks, they must
+# all fit in
+# the available IP address space. The default is 256.
+#
+# Related options:
+#
+# * ``use_neutron``
+# * ``num_networks``
+# (integer value)
+# Minimum value: 1
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#network_size = 256
+
+# DEPRECATED:
+# This option determines the fixed IPv6 address block when creating a
+# network.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# * Any valid IPv6 CIDR
+#
+# Related options:
+#
+# * ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#fixed_range_v6 = fd00::/48
+
+# DEPRECATED:
+# This is the default IPv4 gateway. It is used only in the testing
+# suite.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# * Any valid IP address.
+#
+# Related options:
+#
+# * ``use_neutron``
+# * ``gateway_v6``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#gateway = <None>
+
+# DEPRECATED:
+# This is the default IPv6 gateway. It is used only in the testing
+# suite.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# * Any valid IP address.
+#
+# Related options:
+#
+# * ``use_neutron``
+# * ``gateway``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#gateway_v6 = <None>
+
+# DEPRECATED:
+# This option represents the number of IP addresses to reserve at the
+# top of the
+# address range for VPN clients. It also will be ignored if the
+# configuration
+# option for `network_manager` is not set to the default of
+# 'nova.network.manager.VlanManager'.
+#
+# Possible values:
+#
+# * Any integer, 0 or greater.
+#
+# Related options:
+#
+# * ``use_neutron``
+# * ``network_manager``
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#cnt_vpn_clients = 0
+
+# DEPRECATED:
+# This is the number of seconds to wait before disassociating a
+# deallocated fixed
+# IP address. This is only used with the nova-network service, and has
+# no effect
+# when using neutron for networking.
+#
+# Possible values:
+#
+# * Any integer, zero or greater.
+#
+# Related options:
+#
+# * ``use_neutron``
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#fixed_ip_disassociate_timeout = 600
+
+# DEPRECATED:
+# This option determines how many times nova-network will attempt to
+# create a
+# unique MAC address before giving up and raising a
+# `VirtualInterfaceMacAddressException` error.
+#
+# Possible values:
+#
+# * Any positive integer. The default is 5.
+#
+# Related options:
+#
+# * ``use_neutron``
+# (integer value)
+# Minimum value: 1
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#create_unique_mac_address_attempts = 5
+
+# DEPRECATED:
+# Determines whether unused gateway devices, both VLAN and bridge, are
+# deleted if
+# the network is in nova-network VLAN mode and is multi-hosted.
+#
+# Related options:
+#
+# * ``use_neutron``
+# * ``vpn_ip``
+# * ``fake_network``
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#teardown_unused_network_gateway = false
+
+# DEPRECATED:
+# When this option is True, a call is made to release the DHCP for the
+# instance
+# when that instance is terminated.
+#
+# Related options:
+#
+# * ``use_neutron``
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+force_dhcp_release = {{ compute.get('force_dhcp_release', 'true') }}
+
+# DEPRECATED:
+# When this option is True, whenever a DNS entry must be updated, a
+# fanout cast
+# message is sent to all network hosts to update their DNS entries in
+# multi-host
+# mode.
+#
+# Related options:
+#
+# * ``use_neutron``
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#update_dns_entries = false
+
+# DEPRECATED:
+# This option determines the time, in seconds, to wait between
+# refreshing DNS
+# entries for the network.
+#
+# Possible values:
+#
+# * A positive integer
+# * -1 to disable updates
+#
+# Related options:
+#
+# * ``use_neutron``
+# (integer value)
+# Minimum value: -1
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#dns_update_periodic_interval = -1
+
+# DEPRECATED:
+# This option allows you to specify the domain for the DHCP server.
+#
+# Possible values:
+#
+# * Any string that is a valid domain name.
+#
+# Related options:
+#
+# * ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#dhcp_domain = novalocal
+dhcp_domain={{ compute.get('dhcp_domain', 'novalocal') }}
+
+# DEPRECATED:
+# This option allows you to specify the L3 management library to be
+# used.
+#
+# Possible values:
+#
+# * Any dot-separated string that represents the import path to an L3
+# networking
+# library.
+#
+# Related options:
+#
+# * ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#l3_lib = nova.network.l3.LinuxNetL3
+
+# DEPRECATED:
+# THIS VALUE SHOULD BE SET WHEN CREATING THE NETWORK.
+#
+# If True in multi_host mode, all compute hosts share the same dhcp
+# address. The
+# same IP address used for DHCP will be added on each nova-network
+# node which is
+# only visible to the VMs on the same host.
+#
+# The use of this configuration has been deprecated and may be removed
+# in any
+# release after Mitaka. It is recommended that instead of relying on
+# this option,
+# an explicit value should be passed to 'create_networks()' as a
+# keyword argument
+# with the name 'share_address'.
+# (boolean value)
+# This option is deprecated for removal since 2014.2.
+# Its value may be silently ignored in the future.
+#share_dhcp_address = false
+
+# DEPRECATED:
+# URL for LDAP server which will store DNS entries
+#
+# Possible values:
+#
+# * A valid LDAP URL representing the server
+# (uri value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_url = ldap://ldap.example.com:389
+
+# DEPRECATED: Bind user for LDAP server (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_user = uid=admin,ou=people,dc=example,dc=org
+
+# DEPRECATED: Bind user's password for LDAP server (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_password = password
+
+# DEPRECATED:
+# Hostmaster for LDAP DNS driver Statement of Authority
+#
+# Possible values:
+#
+# * Any valid string representing LDAP DNS hostmaster.
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_soa_hostmaster = hostmaster@example.org
+
+# DEPRECATED:
+# DNS Servers for LDAP DNS driver
+#
+# Possible values:
+#
+# * A valid URL representing a DNS server
+# (multi valued)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_servers = dns.example.org
+
+# DEPRECATED:
+# Base distinguished name for the LDAP search query
+#
+# This option helps to decide where to look up the host in LDAP.
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_base_dn = ou=hosts,dc=example,dc=org
+
+# DEPRECATED:
+# Refresh interval (in seconds) for LDAP DNS driver Start of Authority
+#
+# Time interval, a secondary/slave DNS server waits before requesting
+# for
+# primary DNS server's current SOA record. If the records are
+# different,
+# secondary DNS server will request a zone transfer from primary.
+#
+# NOTE: Lower values would cause more traffic.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_soa_refresh = 1800
+
+# DEPRECATED:
+# Retry interval (in seconds) for LDAP DNS driver Start of Authority
+#
+# Time interval, a secondary/slave DNS server should wait, if an
+# attempt to transfer zone failed during the previous refresh
+# interval.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_soa_retry = 3600
+
+# DEPRECATED:
+# Expiry interval (in seconds) for LDAP DNS driver Start of Authority
+#
+# Time interval, a secondary/slave DNS server holds the information
+# before it is no longer considered authoritative.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_soa_expiry = 86400
+
+# DEPRECATED:
+# Minimum interval (in seconds) for LDAP DNS driver Start of Authority
+#
+# It is Minimum time-to-live applies for all resource records in the
+# zone file. This value is supplied to other servers how long they
+# should keep the data in cache.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_soa_minimum = 7200
+
+# DEPRECATED:
+# Default value for multi_host in networks.
+#
+# nova-network service can operate in a multi-host or single-host
+# mode.
+# In multi-host mode each compute node runs a copy of nova-network and
+# the
+# instances on that compute node use the compute node as a gateway to
+# the
+# Internet. Where as in single-host mode, a central server runs the
+# nova-network
+# service. All compute nodes forward traffic from the instances to the
+# cloud controller which then forwards traffic to the Internet.
+#
+# If this options is set to true, some rpc network calls will be sent
+# directly
+# to host.
+#
+# Note that this option is only used when using nova-network instead
+# of
+# Neutron in your deployment.
+#
+# Related options:
+#
+# * ``use_neutron``
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#multi_host = false
+
+# DEPRECATED:
+# Driver to use for network creation.
+#
+# Network driver initializes (creates bridges and so on) only when the
+# first VM lands on a host node. All network managers configure the
+# network using network drivers. The driver is not tied to any
+# particular
+# network manager.
+#
+# The default Linux driver implements vlans, bridges, and iptables
+# rules
+# using linux utilities.
+#
+# Note that this option is only used when using nova-network instead
+# of Neutron in your deployment.
+#
+# Related options:
+#
+# * ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#network_driver = nova.network.linux_net
+
+# DEPRECATED:
+# Firewall driver to use with ``nova-network`` service.
+#
+# This option only applies when using the ``nova-network`` service.
+# When using
+# another networking services, such as Neutron, this should be to set
+# to the
+# ``nova.virt.firewall.NoopFirewallDriver``.
+#
+# Possible values:
+#
+# * ``nova.virt.firewall.IptablesFirewallDriver``
+# * ``nova.virt.firewall.NoopFirewallDriver``
+# * ``nova.virt.libvirt.firewall.IptablesFirewallDriver``
+# * [...]
+#
+# Related options:
+#
+# * ``use_neutron``: This must be set to ``False`` to enable ``nova-
+# network``
+# networking
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+
+# DEPRECATED:
+# Determine whether to allow network traffic from same network.
+#
+# When set to true, hosts on the same subnet are not filtered and are
+# allowed
+# to pass all types of traffic between them. On a flat network, this
+# allows
+# all instances from all projects unfiltered communication. With VLAN
+# networking, this allows access between instances within the same
+# project.
+#
+# This option only applies when using the ``nova-network`` service.
+# When using
+# another networking services, such as Neutron, security groups or
+# other
+# approaches should be used.
+#
+# Possible values:
+#
+# * True: Network traffic should be allowed pass between all instances
+# on the
+# same network, regardless of their tenant and security policies
+# * False: Network traffic should not be allowed pass between
+# instances unless
+# it is unblocked in a security group
+#
+# Related options:
+#
+# * ``use_neutron``: This must be set to ``False`` to enable ``nova-
+# network``
+# networking
+# * ``firewall_driver``: This must be set to
+# ``nova.virt.libvirt.firewall.IptablesFirewallDriver`` to ensure
+# the
+# libvirt firewall driver is enabled.
+# (boolean value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#allow_same_net_traffic = true
+
+# DEPRECATED:
+# Default pool for floating IPs.
+#
+# This option specifies the default floating IP pool for allocating
+# floating IPs.
+#
+# While allocating a floating ip, users can optionally pass in the
+# name of the
+# pool they want to allocate from, otherwise it will be pulled from
+# the
+# default pool.
+#
+# If this option is not set, then 'nova' is used as default floating
+# pool.
+#
+# Possible values:
+#
+# * Any string representing a floating IP pool name
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# This option was used for two purposes: to set the floating IP pool
+# name for
+# nova-network and to do the same for neutron. nova-network is
+# deprecated, as are
+# any related configuration options. Users of neutron, meanwhile,
+# should use the
+# 'default_floating_pool' option in the '[neutron]' group.
+#default_floating_pool = nova
+
+# DEPRECATED:
+# Autoassigning floating IP to VM
+#
+# When set to True, floating IP is auto allocated and associated
+# to the VM upon creation.
+#
+# Related options:
+#
+# * use_neutron: this options only works with nova-network.
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#auto_assign_floating_ip = false
+
+# DEPRECATED:
+# Full class name for the DNS Manager for floating IPs.
+#
+# This option specifies the class of the driver that provides
+# functionality
+# to manage DNS entries associated with floating IPs.
+#
+# When a user adds a DNS entry for a specified domain to a floating
+# IP,
+# nova will add a DNS entry using the specified floating DNS driver.
+# When a floating IP is deallocated, its DNS entry will automatically
+# be deleted.
+#
+# Possible values:
+#
+# * Full Python path to the class to be used
+#
+# Related options:
+#
+# * use_neutron: this options only works with nova-network.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#floating_ip_dns_manager = nova.network.noop_dns_driver.NoopDNSDriver
+
+# DEPRECATED:
+# Full class name for the DNS Manager for instance IPs.
+#
+# This option specifies the class of the driver that provides
+# functionality
+# to manage DNS entries for instances.
+#
+# On instance creation, nova will add DNS entries for the instance
+# name and
+# id, using the specified instance DNS driver and domain. On instance
+# deletion,
+# nova will remove the DNS entries.
+#
+# Possible values:
+#
+# * Full Python path to the class to be used
+#
+# Related options:
+#
+# * use_neutron: this options only works with nova-network.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#instance_dns_manager = nova.network.noop_dns_driver.NoopDNSDriver
+
+# DEPRECATED:
+# If specified, Nova checks if the availability_zone of every instance
+# matches
+# what the database says the availability_zone should be for the
+# specified
+# dns_domain.
+#
+# Related options:
+#
+# * use_neutron: this options only works with nova-network.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#instance_dns_domain =
+
+# DEPRECATED:
+# Assign IPv6 and IPv4 addresses when creating instances.
+#
+# Related options:
+#
+# * use_neutron: this only works with nova-network.
+# (boolean value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#use_ipv6 = false
+
+# DEPRECATED:
+# Abstracts out IPv6 address generation to pluggable backends.
+#
+# nova-network can be put into dual-stack mode, so that it uses
+# both IPv4 and IPv6 addresses. In dual-stack mode, by default,
+# instances
+# acquire IPv6 global unicast addresses with the help of stateless
+# address
+# auto-configuration mechanism.
+#
+# Related options:
+#
+# * use_neutron: this option only works with nova-network.
+# * use_ipv6: this option only works if ipv6 is enabled for nova-
+# network.
+# (string value)
+# Possible values:
+# rfc2462 - <No description provided>
+# account_identifier - <No description provided>
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ipv6_backend = rfc2462
+
+# DEPRECATED:
+# This option is used to enable or disable quota checking for tenant
+# networks.
+#
+# Related options:
+#
+# * quota_networks
+# (boolean value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# CRUD operations on tenant networks are only available when using
+# nova-network
+# and nova-network is itself deprecated.
+#enable_network_quota = false
+
+# DEPRECATED:
+# This option controls the number of private networks that can be
+# created per
+# project (or per tenant).
+#
+# Related options:
+#
+# * enable_network_quota
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# CRUD operations on tenant networks are only available when using
+# nova-network
+# and nova-network is itself deprecated.
+#quota_networks = 3
+
+#
+# Filename that will be used for storing websocket frames received
+# and sent by a proxy service (like VNC, spice, serial) running on
+# this host.
+# If this is not set, no recording will be done.
+# (string value)
+#record = <None>
+
+# Run as a background process. (boolean value)
+#daemon = false
+
+# Disallow non-encrypted connections. (boolean value)
+#ssl_only = false
+
+# Set to True if source host is addressed with IPv6. (boolean value)
+#source_is_ipv6 = false
+
+# Path to SSL certificate file. (string value)
+#cert = self.pem
+
+# SSL key file (if separate from cert). (string value)
+#key = <None>
+
+#
+# Path to directory with content which will be served by a web server.
+# (string value)
+#web = /usr/share/spice-html5
+
+#
+# The directory where the Nova python modules are installed.
+#
+# This directory is used to store template files for networking and
+# remote
+# console access. It is also the default path for other config options
+# which
+# need to persist Nova internal data. It is very unlikely that you
+# need to
+# change this option from its default value.
+#
+# Possible values:
+#
+# * The full path to a directory.
+#
+# Related options:
+#
+# * ``state_path``
+# (string value)
+#pybasedir = /usr/lib/python2.7/dist-packages
+
+#
+# The directory where the Nova binaries are installed.
+#
+# This option is only relevant if the networking capabilities from
+# Nova are
+# used (see services below). Nova's networking capabilities are
+# targeted to
+# be fully replaced by Neutron in the future. It is very unlikely that
+# you need
+# to change this option from its default value.
+#
+# Possible values:
+#
+# * The full path to a directory.
+# (string value)
+#bindir = /usr/local/bin
+
+#
+# The top-level directory for maintaining Nova's state.
+#
+# This directory is used to store Nova's internal state. It is used by
+# a
+# variety of other config options which derive from this. In some
+# scenarios
+# (for example migrations) it makes sense to use a storage location
+# which is
+# shared between multiple compute hosts (for example via NFS). Unless
+# the
+# option ``instances_path`` gets overwritten, this directory can grow
+# very
+# large.
+#
+# Possible values:
+#
+# * The full path to a directory. Defaults to value provided in
+# ``pybasedir``.
+# (string value)
+state_path = /var/lib/nova
+
+#
+# Number of seconds indicating how frequently the state of services on
+# a
+# given hypervisor is reported. Nova needs to know this to determine
+# the
+# overall health of the deployment.
+#
+# Related Options:
+#
+# * service_down_time
+# report_interval should be less than service_down_time. If
+# service_down_time
+# is less than report_interval, services will routinely be
+# considered down,
+# because they report in too rarely.
+# (integer value)
+#report_interval = 10
+report_interval = {{ compute.get('report_interval', '60') }}
+
+#
+# Maximum time in seconds since last check-in for up service
+#
+# Each compute node periodically updates their database status based
+# on the
+# specified report interval. If the compute node hasn't updated the
+# status
+# for more than service_down_time, then the compute node is considered
+# down.
+#
+# Related Options:
+#
+# * report_interval (service_down_time should not be less than
+# report_interval)
+# (integer value)
+service_down_time = 90
+
+#
+# Enable periodic tasks.
+#
+# If set to true, this option allows services to periodically run
+# tasks
+# on the manager.
+#
+# In case of running multiple schedulers or conductors you may want to
+# run
+# periodic tasks on only one host - in this case disable this option
+# for all
+# hosts but one.
+# (boolean value)
+#periodic_enable = true
+
+#
+# Number of seconds to randomly delay when starting the periodic task
+# scheduler to reduce stampeding.
+#
+# When compute workers are restarted in unison across a cluster,
+# they all end up running the periodic tasks at the same time
+# causing problems for the external services. To mitigate this
+# behavior, periodic_fuzzy_delay option allows you to introduce a
+# random initial delay when starting the periodic task scheduler.
+#
+# Possible Values:
+#
+# * Any positive integer (in seconds)
+# * 0 : disable the random delay
+# (integer value)
+# Minimum value: 0
+#periodic_fuzzy_delay = 60
+
+# List of APIs to be enabled by default. (list value)
+enabled_apis = osapi_compute,metadata
+
+#
+# List of APIs with enabled SSL.
+#
+# Nova provides SSL support for the API servers. enabled_ssl_apis
+# option
+# allows configuring the SSL support.
+# (list value)
+#enabled_ssl_apis =
+
+#
+# IP address on which the OpenStack API will listen.
+#
+# The OpenStack API service listens on this IP address for incoming
+# requests.
+# (string value)
+#osapi_compute_listen = 0.0.0.0
+
+#
+# Port on which the OpenStack API will listen.
+#
+# The OpenStack API service listens on this port number for incoming
+# requests.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#osapi_compute_listen_port = 8774
+
+#
+# Number of workers for OpenStack API service. The default will be the
+# number
+# of CPUs available.
+#
+# OpenStack API services can be configured to run as multi-process
+# (workers).
+# This overcomes the problem of reduction in throughput when API
+# request
+# concurrency increases. OpenStack API service will run in the
+# specified
+# number of processes.
+#
+# Possible Values:
+#
+# * Any positive integer
+# * None (default value)
+# (integer value)
+# Minimum value: 1
+#osapi_compute_workers = <None>
+
+#
+# IP address on which the metadata API will listen.
+#
+# The metadata API service listens on this IP address for incoming
+# requests.
+# (string value)
+#metadata_listen = 0.0.0.0
+
+#
+# Port on which the metadata API will listen.
+#
+# The metadata API service listens on this port number for incoming
+# requests.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#metadata_listen_port = 8775
+
+#
+# Number of workers for metadata service. If not specified the number
+# of
+# available CPUs will be used.
+#
+# The metadata service can be configured to run as multi-process
+# (workers).
+# This overcomes the problem of reduction in throughput when API
+# request
+# concurrency increases. The metadata service will run in the
+# specified
+# number of processes.
+#
+# Possible Values:
+#
+# * Any positive integer
+# * None (default value)
+# (integer value)
+# Minimum value: 1
+#metadata_workers = <None>
+
+# Full class name for the Manager for network (string value)
+# Possible values:
+# nova.network.manager.FlatManager - <No description provided>
+# nova.network.manager.FlatDHCPManager - <No description provided>
+# nova.network.manager.VlanManager - <No description provided>
+#network_manager = nova.network.manager.VlanManager
+
+#
+# This option specifies the driver to be used for the servicegroup
+# service.
+#
+# ServiceGroup API in nova enables checking status of a compute node.
+# When a
+# compute worker running the nova-compute daemon starts, it calls the
+# join API
+# to join the compute group. Services like nova scheduler can query
+# the
+# ServiceGroup API to check if a node is alive. Internally, the
+# ServiceGroup
+# client driver automatically updates the compute worker status. There
+# are
+# multiple backend implementations for this service: Database
+# ServiceGroup driver
+# and Memcache ServiceGroup driver.
+#
+# Possible Values:
+#
+# * db : Database ServiceGroup driver
+# * mc : Memcache ServiceGroup driver
+#
+# Related Options:
+#
+# * service_down_time (maximum time since last check-in for up
+# service)
+# (string value)
+# Possible values:
+# db - <No description provided>
+# mc - <No description provided>
+#servicegroup_driver = db
+
+#
+# From oslo.service.periodic_task
+#
+
+# Some periodic tasks can be run in a separate process. Should we run
+# them here? (boolean value)
+#run_external_periodic_tasks = true
+
+#
+# From oslo.service.service
+#
+
+# Enable eventlet backdoor. Acceptable values are 0, <port>, and
+# <start>:<end>, where 0 results in listening on a random tcp port
+# number; <port> results in listening on the specified port number
+# (and not enabling backdoor if that port is in use); and
+# <start>:<end> results in listening on the smallest unused port
+# number within the specified range of port numbers. The chosen port
+# is displayed in the service's log file. (string value)
+#backdoor_port = <None>
+
+# Enable eventlet backdoor, using the provided path as a unix socket
+# that can receive connections. This option is mutually exclusive with
+# 'backdoor_port' in that only one should be provided. If both are
+# provided then the existence of this option overrides the usage of
+# that option. (string value)
+#backdoor_socket = <None>
+
+# Enables or disables logging values of all registered options when
+# starting a service (at DEBUG level). (boolean value)
+#log_options = true
+
+# Specify a timeout after which a gracefully shutdown server will
+# exit. Zero value means endless wait. (integer value)
+#graceful_shutdown_timeout = 60
+
+{%- if compute.logging is defined %}
+{%- set _data = compute.logging %}
+{%- include "oslo_templates/files/queens/oslo/_log.conf" %}
+{%- endif %}
+
+{%- set _data = compute.message_queue %}
+{%- include "oslo_templates/files/queens/oslo/messaging/_default.conf" %}
+
+[api]
+#
+# Options under this group are used to define Nova API.
+
+#
+# From nova.conf
+#
+
+#
+# This determines the strategy to use for authentication: keystone or
+# noauth2.
+# 'noauth2' is designed for testing only, as it does no actual
+# credential
+# checking. 'noauth2' provides administrative credentials only if
+# 'admin' is
+# specified as the username.
+# (string value)
+# Possible values:
+# keystone - <No description provided>
+# noauth2 - <No description provided>
+auth_strategy = keystone
+
+#
+# When True, the 'X-Forwarded-For' header is treated as the canonical
+# remote
+# address. When False (the default), the 'remote_address' header is
+# used.
+#
+# You should only enable this if you have an HTML sanitizing proxy.
+# (boolean value)
+#use_forwarded_for = false
+
+#
+# When gathering the existing metadata for a config drive, the
+# EC2-style
+# metadata is returned for all versions that don't appear in this
+# option.
+# As of the Liberty release, the available versions are:
+#
+# * 1.0
+# * 2007-01-19
+# * 2007-03-01
+# * 2007-08-29
+# * 2007-10-10
+# * 2007-12-15
+# * 2008-02-01
+# * 2008-09-01
+# * 2009-04-04
+#
+# The option is in the format of a single string, with each version
+# separated
+# by a space.
+#
+# Possible values:
+#
+# * Any string that represents zero or more versions, separated by
+# spaces.
+# (string value)
+#config_drive_skip_versions = 1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01
+
+#
+# A list of vendordata providers.
+#
+# vendordata providers are how deployers can provide metadata via
+# configdrive
+# and metadata that is specific to their deployment. There are
+# currently two
+# supported providers: StaticJSON and DynamicJSON.
+#
+# StaticJSON reads a JSON file configured by the flag
+# vendordata_jsonfile_path
+# and places the JSON from that file into vendor_data.json and
+# vendor_data2.json.
+#
+# DynamicJSON is configured via the vendordata_dynamic_targets flag,
+# which is
+# documented separately. For each of the endpoints specified in that
+# flag, a
+# section is added to the vendor_data2.json.
+#
+# For more information on the requirements for implementing a
+# vendordata
+# dynamic endpoint, please see the vendordata.rst file in the nova
+# developer
+# reference.
+#
+# Possible values:
+#
+# * A list of vendordata providers, with StaticJSON and DynamicJSON
+# being
+# current options.
+#
+# Related options:
+#
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_ssl_certfile
+# * vendordata_dynamic_connect_timeout
+# * vendordata_dynamic_read_timeout
+# * vendordata_dynamic_failure_fatal
+# (list value)
+#vendordata_providers = StaticJSON
+
+#
+# A list of targets for the dynamic vendordata provider. These targets
+# are of
+# the form <name>@<url>.
+#
+# The dynamic vendordata provider collects metadata by contacting
+# external REST
+# services and querying them for information about the instance. This
+# behaviour
+# is documented in the vendordata.rst file in the nova developer
+# reference.
+# (list value)
+#vendordata_dynamic_targets =
+
+#
+# Path to an optional certificate file or CA bundle to verify dynamic
+# vendordata REST services ssl certificates against.
+#
+# Possible values:
+#
+# * An empty string, or a path to a valid certificate file
+#
+# Related options:
+#
+# * vendordata_providers
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_connect_timeout
+# * vendordata_dynamic_read_timeout
+# * vendordata_dynamic_failure_fatal
+# (string value)
+#vendordata_dynamic_ssl_certfile =
+
+#
+# Maximum wait time for an external REST service to connect.
+#
+# Possible values:
+#
+# * Any integer with a value greater than three (the TCP packet
+# retransmission
+# timeout). Note that instance start may be blocked during this wait
+# time,
+# so this value should be kept small.
+#
+# Related options:
+#
+# * vendordata_providers
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_ssl_certfile
+# * vendordata_dynamic_read_timeout
+# * vendordata_dynamic_failure_fatal
+# (integer value)
+# Minimum value: 3
+#vendordata_dynamic_connect_timeout = 5
+
+#
+# Maximum wait time for an external REST service to return data once
+# connected.
+#
+# Possible values:
+#
+# * Any integer. Note that instance start is blocked during this wait
+# time,
+# so this value should be kept small.
+#
+# Related options:
+#
+# * vendordata_providers
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_ssl_certfile
+# * vendordata_dynamic_connect_timeout
+# * vendordata_dynamic_failure_fatal
+# (integer value)
+# Minimum value: 0
+#vendordata_dynamic_read_timeout = 5
+
+#
+# Should failures to fetch dynamic vendordata be fatal to instance
+# boot?
+#
+# Related options:
+#
+# * vendordata_providers
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_ssl_certfile
+# * vendordata_dynamic_connect_timeout
+# * vendordata_dynamic_read_timeout
+# (boolean value)
+#vendordata_dynamic_failure_fatal = false
+
+#
+# This option is the time (in seconds) to cache metadata. When set to
+# 0,
+# metadata caching is disabled entirely; this is generally not
+# recommended for
+# performance reasons. Increasing this setting should improve response
+# times
+# of the metadata API when under heavy load. Higher values may
+# increase memory
+# usage, and result in longer times for host metadata changes to take
+# effect.
+# (integer value)
+# Minimum value: 0
+#metadata_cache_expiration = 15
+
+#
+# Cloud providers may store custom data in vendor data file that will
+# then be
+# available to the instances via the metadata service, and to the
+# rendering of
+# config-drive. The default class for this, JsonFileVendorData, loads
+# this
+# information from a JSON file, whose path is configured by this
+# option. If
+# there is no path set by this option, the class returns an empty
+# dictionary.
+#
+# Possible values:
+#
+# * Any string representing the path to the data file, or an empty
+# string
+# (default).
+# (string value)
+#vendordata_jsonfile_path = <None>
+
+#
+# As a query can potentially return many thousands of items, you can
+# limit the
+# maximum number of items in a single response by setting this option.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/osapi_max_limit
+#max_limit = 1000
+
+#
+# This string is prepended to the normal URL that is returned in links
+# to the
+# OpenStack Compute API. If it is empty (the default), the URLs are
+# returned
+# unchanged.
+#
+# Possible values:
+#
+# * Any string, including an empty string (the default).
+# (string value)
+# Deprecated group/name - [DEFAULT]/osapi_compute_link_prefix
+#compute_link_prefix = <None>
+
+#
+# This string is prepended to the normal URL that is returned in links
+# to
+# Glance resources. If it is empty (the default), the URLs are
+# returned
+# unchanged.
+#
+# Possible values:
+#
+# * Any string, including an empty string (the default).
+# (string value)
+# Deprecated group/name - [DEFAULT]/osapi_glance_link_prefix
+#glance_link_prefix = <None>
+
+# DEPRECATED:
+# Operators can turn off the ability for a user to take snapshots of
+# their
+# instances by setting this option to False. When disabled, any
+# attempt to
+# take a snapshot will result in a HTTP 400 response ("Bad Request").
+# (boolean value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: This option disables the createImage server action API in a
+# non-discoverable way and is thus a barrier to interoperability.
+# Also, it is not used for other APIs that create snapshots like
+# shelve or createBackup. Disabling snapshots should be done via
+# policy if so desired.
+#allow_instance_snapshots = true
+
+# DEPRECATED:
+# This option is a list of all instance states for which network
+# address
+# information should not be returned from the API.
+#
+# Possible values:
+#
+# A list of strings, where each string is a valid VM state, as
+# defined in
+# nova/compute/vm_states.py. As of the Newton release, they are:
+#
+# * "active"
+# * "building"
+# * "paused"
+# * "suspended"
+# * "stopped"
+# * "rescued"
+# * "resized"
+# * "soft-delete"
+# * "deleted"
+# * "error"
+# * "shelved"
+# * "shelved_offloaded"
+# (list value)
+# Deprecated group/name - [DEFAULT]/osapi_hide_server_address_states
+# This option is deprecated for removal since 17.0.0.
+# Its value may be silently ignored in the future.
+# Reason: This option hide the server address in server representation
+# for configured server states. Which makes GET server API controlled
+# by this config options. Due to this config options, user would not
+# be able to discover the API behavior on different clouds which leads
+# to the interop issue.
+#hide_server_address_states = building
+
+# The full path to the fping binary. (string value)
+#fping_path = /usr/sbin/fping
+
+#
+# When True, the TenantNetworkController will query the Neutron API to
+# get the
+# default networks to use.
+#
+# Related options:
+#
+# * neutron_default_tenant_id
+# (boolean value)
+#use_neutron_default_nets = false
+
+#
+# Tenant ID for getting the default network from Neutron API (also
+# referred in
+# some places as the 'project ID') to use.
+#
+# Related options:
+#
+# * use_neutron_default_nets
+# (string value)
+#neutron_default_tenant_id = default
+
+#
+# Enables returning of the instance password by the relevant server
+# API calls
+# such as create, rebuild, evacuate, or rescue. If the hypervisor does
+# not
+# support password injection, then the password returned will not be
+# correct,
+# so if your hypervisor does not support password injection, set this
+# to False.
+# (boolean value)
+#enable_instance_password = true
+
+
+[api_database]
+{%- set _data = {} %}
+{%- do _data.update(compute.database) %}
+{%- do _data.update({'name': 'nova_api'}) %}
+{%- if _data.ssl is defined and 'cacert_file' not in _data.get('ssl', {}).keys() %}{% do _data['ssl'].update({'cacert_file': compute.cacert_file}) %}{% endif %}
+{%- include "oslo_templates/files/queens/oslo/_database.conf" %}
+
+{%- if compute.get('barbican', {}).get('enabled', False) %}
+{%- set _data = compute.identity %}
+[barbican]
+{%- include "oslo_templates/files/queens/castellan/_barbican.conf" %}
+{%- endif %}
+
+[cache]
+
+#
+# From nova.conf
+#
+{%- if compute.cache is defined %}
+backend = oslo_cache.memcache_pool
+enabled = true
+memcache_servers={%- for member in compute.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
+{%- endif %}
+
+# Prefix for building the configuration dictionary for the cache
+# region. This should not need to be changed unless there is another
+# dogpile.cache region with the same configuration name. (string
+# value)
+#config_prefix = cache.oslo
+
+# Default TTL, in seconds, for any cached item in the dogpile.cache
+# region. This applies to any cached method that doesn't have an
+# explicit cache expiration time defined for it. (integer value)
+#expiration_time = 600
+
+# Cache backend module. For eventlet-based or environments with
+# hundreds of threaded servers, Memcache with pooling
+# (oslo_cache.memcache_pool) is recommended. For environments with
+# less than 100 threaded servers, Memcached (dogpile.cache.memcached)
+# or Redis (dogpile.cache.redis) is recommended. Test environments
+# with a single instance of the server can use the
+# dogpile.cache.memory backend. (string value)
+# Possible values:
+# oslo_cache.memcache_pool - <No description provided>
+# oslo_cache.dict - <No description provided>
+# oslo_cache.mongo - <No description provided>
+# oslo_cache.etcd3gw - <No description provided>
+# dogpile.cache.memcached - <No description provided>
+# dogpile.cache.pylibmc - <No description provided>
+# dogpile.cache.bmemcached - <No description provided>
+# dogpile.cache.dbm - <No description provided>
+# dogpile.cache.redis - <No description provided>
+# dogpile.cache.memory - <No description provided>
+# dogpile.cache.memory_pickle - <No description provided>
+# dogpile.cache.null - <No description provided>
+#backend = dogpile.cache.null
+
+# Arguments supplied to the backend module. Specify this option once
+# per argument to be passed to the dogpile.cache backend. Example
+# format: "<argname>:<value>". (multi valued)
+#backend_argument =
+
+# Proxy classes to import that will affect the way the dogpile.cache
+# backend functions. See the dogpile.cache documentation on changing-
+# backend-behavior. (list value)
+#proxies =
+
+# Global toggle for caching. (boolean value)
+#enabled = false
+
+# Extra debugging from the cache backend (cache keys,
+# get/set/delete/etc calls). This is only really useful if you need to
+# see the specific cache-backend get/set/delete calls with the
+# keys/values. Typically this should be left set to false. (boolean
+# value)
+#debug_cache_backend = false
+
+# Memcache servers in the format of "host:port".
+# (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
+# (list value)
+#memcache_servers = localhost:11211
+
+# Number of seconds memcached server is considered dead before it is
+# tried again. (dogpile.cache.memcache and oslo_cache.memcache_pool
+# backends only). (integer value)
+#memcache_dead_retry = 300
+
+# Timeout in seconds for every call to a server.
+# (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
+# (integer value)
+#memcache_socket_timeout = 3
+
+# Max total number of open connections to every memcached server.
+# (oslo_cache.memcache_pool backend only). (integer value)
+#memcache_pool_maxsize = 10
+
+# Number of seconds a connection to memcached is held unused in the
+# pool before it is closed. (oslo_cache.memcache_pool backend only).
+# (integer value)
+#memcache_pool_unused_timeout = 60
+
+# Number of seconds that an operation will wait to get a memcache
+# client connection. (integer value)
+#memcache_pool_connection_get_timeout = 10
+
+
+[cells]
+#
+# DEPRECATED: Cells options allow you to use cells v1 functionality in
+# an
+# OpenStack deployment.
+#
+# Note that the options in this group are only for cells v1
+# functionality, which
+# is considered experimental and not recommended for new deployments.
+# Cells v1
+# is being replaced with cells v2, which starting in the 15.0.0 Ocata
+# release is
+# required and all Nova deployments will be at least a cells v2 cell
+# of one.
+#
+
+#
+# From nova.conf
+#
+
+# DEPRECATED:
+# Enable cell v1 functionality.
+#
+# Note that cells v1 is considered experimental and not recommended
+# for new
+# Nova deployments. Cells v1 is being replaced by cells v2 which
+# starting in
+# the 15.0.0 Ocata release, all Nova deployments are at least a cells
+# v2 cell
+# of one. Setting this option, or any other options in the [cells]
+# group, is
+# not required for cells v2.
+#
+# When this functionality is enabled, it lets you to scale an
+# OpenStack
+# Compute cloud in a more distributed fashion without having to use
+# complicated technologies like database and message queue clustering.
+# Cells are configured as a tree. The top-level cell should have a
+# host
+# that runs a nova-api service, but no nova-compute services. Each
+# child cell should run all of the typical nova-* services in a
+# regular
+# Compute cloud except for nova-api. You can think of cells as a
+# normal
+# Compute deployment in that each cell has its own database server and
+# message queue broker.
+#
+# Related options:
+#
+# * name: A unique cell name must be given when this functionality
+# is enabled.
+# * cell_type: Cell type should be defined for all cells.
+# (boolean value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#enable = false
+
+# DEPRECATED:
+# Name of the current cell.
+#
+# This value must be unique for each cell. Name of a cell is used as
+# its id, leaving this option unset or setting the same name for
+# two or more cells may cause unexpected behaviour.
+#
+# Related options:
+#
+# * enabled: This option is meaningful only when cells service
+# is enabled
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#name = nova
+
+# DEPRECATED:
+# Cell capabilities.
+#
+# List of arbitrary key=value pairs defining capabilities of the
+# current cell to be sent to the parent cells. These capabilities
+# are intended to be used in cells scheduler filters/weighers.
+#
+# Possible values:
+#
+# * key=value pairs list for example;
+# ``hypervisor=xenserver;kvm,os=linux;windows``
+# (list value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#capabilities = hypervisor=xenserver;kvm,os=linux;windows
+
+# DEPRECATED:
+# Call timeout.
+#
+# Cell messaging module waits for response(s) to be put into the
+# eventlet queue. This option defines the seconds waited for
+# response from a call to a cell.
+#
+# Possible values:
+#
+# * An integer, corresponding to the interval time in seconds.
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#call_timeout = 60
+
+# DEPRECATED:
+# Reserve percentage
+#
+# Percentage of cell capacity to hold in reserve, so the minimum
+# amount of free resource is considered to be;
+#
+# min_free = total * (reserve_percent / 100.0)
+#
+# This option affects both memory and disk utilization.
+#
+# The primary purpose of this reserve is to ensure some space is
+# available for users who want to resize their instance to be larger.
+# Note that currently once the capacity expands into this reserve
+# space this option is ignored.
+#
+# Possible values:
+#
+# * An integer or float, corresponding to the percentage of cell
+# capacity to
+# be held in reserve.
+# (floating point value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#reserve_percent = 10.0
+
+# DEPRECATED:
+# Type of cell.
+#
+# When cells feature is enabled the hosts in the OpenStack Compute
+# cloud are partitioned into groups. Cells are configured as a tree.
+# The top-level cell's cell_type must be set to ``api``. All other
+# cells are defined as a ``compute cell`` by default.
+#
+# Related option:
+#
+# * quota_driver: Disable quota checking for the child cells.
+# (nova.quota.NoopQuotaDriver)
+# (string value)
+# Possible values:
+# api - <No description provided>
+# compute - <No description provided>
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#cell_type = compute
+
+# DEPRECATED:
+# Mute child interval.
+#
+# Number of seconds after which a lack of capability and capacity
+# update the child cell is to be treated as a mute cell. Then the
+# child cell will be weighed as recommend highly that it be skipped.
+#
+# Possible values:
+#
+# * An integer, corresponding to the interval time in seconds.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#mute_child_interval = 300
+
+# DEPRECATED:
+# Bandwidth update interval.
+#
+# Seconds between bandwidth usage cache updates for cells.
+#
+# Possible values:
+#
+# * An integer, corresponding to the interval time in seconds.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#bandwidth_update_interval = 600
+
+# DEPRECATED:
+# Instance update sync database limit.
+#
+# Number of instances to pull from the database at one time for
+# a sync. If there are more instances to update the results will
+# be paged through.
+#
+# Possible values:
+#
+# * An integer, corresponding to a number of instances.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#instance_update_sync_database_limit = 100
+
+# DEPRECATED:
+# Mute weight multiplier.
+#
+# Multiplier used to weigh mute children. Mute children cells are
+# recommended to be skipped so their weight is multiplied by this
+# negative value.
+#
+# Possible values:
+#
+# * Negative numeric number
+# (floating point value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#mute_weight_multiplier = -10000.0
+
+# DEPRECATED:
+# Ram weight multiplier.
+#
+# Multiplier used for weighing ram. Negative numbers indicate that
+# Compute should stack VMs on one host instead of spreading out new
+# VMs to more hosts in the cell.
+#
+# Possible values:
+#
+# * Numeric multiplier
+# (floating point value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#ram_weight_multiplier = 10.0
+
+# DEPRECATED:
+# Offset weight multiplier
+#
+# Multiplier used to weigh offset weigher. Cells with higher
+# weight_offsets in the DB will be preferred. The weight_offset
+# is a property of a cell stored in the database. It can be used
+# by a deployer to have scheduling decisions favor or disfavor
+# cells based on the setting.
+#
+# Possible values:
+#
+# * Numeric multiplier
+# (floating point value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#offset_weight_multiplier = 1.0
+
+# DEPRECATED:
+# Instance updated at threshold
+#
+# Number of seconds after an instance was updated or deleted to
+# continue to update cells. This option lets cells manager to only
+# attempt to sync instances that have been updated recently.
+# i.e., a threshold of 3600 means to only update instances that
+# have modified in the last hour.
+#
+# Possible values:
+#
+# * Threshold in seconds
+#
+# Related options:
+#
+# * This value is used with the ``instance_update_num_instances``
+# value in a periodic task run.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#instance_updated_at_threshold = 3600
+
+# DEPRECATED:
+# Instance update num instances
+#
+# On every run of the periodic task, nova cells manager will attempt
+# to
+# sync instance_updated_at_threshold number of instances. When the
+# manager gets the list of instances, it shuffles them so that
+# multiple
+# nova-cells services do not attempt to sync the same instances in
+# lockstep.
+#
+# Possible values:
+#
+# * Positive integer number
+#
+# Related options:
+#
+# * This value is used with the ``instance_updated_at_threshold``
+# value in a periodic task run.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#instance_update_num_instances = 1
+
+# DEPRECATED:
+# Maximum hop count
+#
+# When processing a targeted message, if the local cell is not the
+# target, a route is defined between neighbouring cells. And the
+# message is processed across the whole routing path. This option
+# defines the maximum hop counts until reaching the target.
+#
+# Possible values:
+#
+# * Positive integer value
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#max_hop_count = 10
+
+# DEPRECATED:
+# Cells scheduler.
+#
+# The class of the driver used by the cells scheduler. This should be
+# the full Python path to the class to be used. If nothing is
+# specified
+# in this option, the CellsScheduler is used.
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#scheduler = nova.cells.scheduler.CellsScheduler
+
+# DEPRECATED:
+# RPC driver queue base.
+#
+# When sending a message to another cell by JSON-ifying the message
+# and making an RPC cast to 'process_message', a base queue is used.
+# This option defines the base queue name to be used when
+# communicating
+# between cells. Various topics by message type will be appended to
+# this.
+#
+# Possible values:
+#
+# * The base queue name to be used when communicating between cells.
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#rpc_driver_queue_base = cells.intercell
+
+# DEPRECATED:
+# Scheduler filter classes.
+#
+# Filter classes the cells scheduler should use. An entry of
+# "nova.cells.filters.all_filters" maps to all cells filters
+# included with nova. As of the Mitaka release the following
+# filter classes are available:
+#
+# Different cell filter: A scheduler hint of 'different_cell'
+# with a value of a full cell name may be specified to route
+# a build away from a particular cell.
+#
+# Image properties filter: Image metadata named
+# 'hypervisor_version_requires' with a version specification
+# may be specified to ensure the build goes to a cell which
+# has hypervisors of the required version. If either the version
+# requirement on the image or the hypervisor capability of the
+# cell is not present, this filter returns without filtering out
+# the cells.
+#
+# Target cell filter: A scheduler hint of 'target_cell' with a
+# value of a full cell name may be specified to route a build to
+# a particular cell. No error handling is done as there's no way
+# to know whether the full path is a valid.
+#
+# As an admin user, you can also add a filter that directs builds
+# to a particular cell.
+#
+# (list value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#scheduler_filter_classes = nova.cells.filters.all_filters
+
+# DEPRECATED:
+# Scheduler weight classes.
+#
+# Weigher classes the cells scheduler should use. An entry of
+# "nova.cells.weights.all_weighers" maps to all cell weighers
+# included with nova. As of the Mitaka release the following
+# weight classes are available:
+#
+# mute_child: Downgrades the likelihood of child cells being
+# chosen for scheduling requests, which haven't sent capacity
+# or capability updates in a while. Options include
+# mute_weight_multiplier (multiplier for mute children; value
+# should be negative).
+#
+# ram_by_instance_type: Select cells with the most RAM capacity
+# for the instance type being requested. Because higher weights
+# win, Compute returns the number of available units for the
+# instance type requested. The ram_weight_multiplier option defaults
+# to 10.0 that adds to the weight by a factor of 10. Use a negative
+# number to stack VMs on one host instead of spreading out new VMs
+# to more hosts in the cell.
+#
+# weight_offset: Allows modifying the database to weight a particular
+# cell. The highest weight will be the first cell to be scheduled for
+# launching an instance. When the weight_offset of a cell is set to 0,
+# it is unlikely to be picked but it could be picked if other cells
+# have a lower weight, like if they're full. And when the
+# weight_offset
+# is set to a very high value (for example, '999999999999999'), it is
+# likely to be picked if another cell do not have a higher weight.
+# (list value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#scheduler_weight_classes = nova.cells.weights.all_weighers
+
+# DEPRECATED:
+# Scheduler retries.
+#
+# How many retries when no cells are available. Specifies how many
+# times the scheduler tries to launch a new instance when no cells
+# are available.
+#
+# Possible values:
+#
+# * Positive integer value
+#
+# Related options:
+#
+# * This value is used with the ``scheduler_retry_delay`` value
+# while retrying to find a suitable cell.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#scheduler_retries = 10
+
+# DEPRECATED:
+# Scheduler retry delay.
+#
+# Specifies the delay (in seconds) between scheduling retries when no
+# cell can be found to place the new instance on. When the instance
+# could not be scheduled to a cell after ``scheduler_retries`` in
+# combination with ``scheduler_retry_delay``, then the scheduling
+# of the instance failed.
+#
+# Possible values:
+#
+# * Time in seconds.
+#
+# Related options:
+#
+# * This value is used with the ``scheduler_retries`` value
+# while retrying to find a suitable cell.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#scheduler_retry_delay = 2
+
+# DEPRECATED:
+# DB check interval.
+#
+# Cell state manager updates cell status for all cells from the DB
+# only after this particular interval time is passed. Otherwise cached
+# status are used. If this value is 0 or negative all cell status are
+# updated from the DB whenever a state is needed.
+#
+# Possible values:
+#
+# * Interval time, in seconds.
+#
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#db_check_interval = 60
+
+# DEPRECATED:
+# Optional cells configuration.
+#
+# Configuration file from which to read cells configuration. If given,
+# overrides reading cells from the database.
+#
+# Cells store all inter-cell communication data, including user names
+# and passwords, in the database. Because the cells data is not
+# updated
+# very frequently, use this option to specify a JSON file to store
+# cells data. With this configuration, the database is no longer
+# consulted when reloading the cells data. The file must have columns
+# present in the Cell model (excluding common database fields and the
+# id column). You must specify the queue connection information
+# through
+# a transport_url field, instead of username, password, and so on.
+#
+# The transport_url has the following form:
+# rabbit://USERNAME:PASSWORD@HOSTNAME:PORT/VIRTUAL_HOST
+#
+# Possible values:
+#
+# The scheme can be either qpid or rabbit, the following sample shows
+# this optional configuration:
+#
+# {
+# "parent": {
+# "name": "parent",
+# "api_url": "http://api.example.com:8774",
+# "transport_url": "rabbit://rabbit.example.com",
+# "weight_offset": 0.0,
+# "weight_scale": 1.0,
+# "is_parent": true
+# },
+# "cell1": {
+# "name": "cell1",
+# "api_url": "http://api.example.com:8774",
+# "transport_url": "rabbit://rabbit1.example.com",
+# "weight_offset": 0.0,
+# "weight_scale": 1.0,
+# "is_parent": false
+# },
+# "cell2": {
+# "name": "cell2",
+# "api_url": "http://api.example.com:8774",
+# "transport_url": "rabbit://rabbit2.example.com",
+# "weight_offset": 0.0,
+# "weight_scale": 1.0,
+# "is_parent": false
+# }
+# }
+#
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#cells_config = <None>
+
+
+[cinder]
+
+#
+# From nova.conf
+#
+
+#
+# Info to match when looking for cinder in the service catalog.
+#
+# Possible values:
+#
+# * Format is separated values of the form:
+# <service_type>:<service_name>:<endpoint_type>
+#
+# Note: Nova does not support the Cinder v2 API since the Nova 17.0.0
+# Queens
+# release.
+#
+# Related options:
+#
+# * endpoint_template - Setting this option will override catalog_info
+# (string value)
+#catalog_info = volumev3:cinderv3:publicURL
+catalog_info = volumev3:cinderv3:internalURL
+
+#
+# If this option is set then it will override service catalog lookup
+# with
+# this template for cinder endpoint
+#
+# Possible values:
+#
+# * URL for cinder endpoint API
+# e.g. http://localhost:8776/v3/%(project_id)s
+#
+# Note: Nova does not support the Cinder v2 API since the Nova 17.0.0
+# Queens
+# release.
+#
+# Related options:
+#
+# * catalog_info - If endpoint_template is not set, catalog_info will
+# be used.
+# (string value)
+#endpoint_template = <None>
+
+#
+# Region name of this node. This is used when picking the URL in the
+# service
+# catalog.
+#
+# Possible values:
+#
+# * Any string representing region name
+# (string value)
+#os_region_name = <None>
+os_region_name = {{ compute.identity.region }}
+
+#
+# Number of times cinderclient should retry on any failed http call.
+# 0 means connection is attempted only once. Setting it to any
+# positive integer
+# means that on failure connection is retried that many times e.g.
+# setting it
+# to 3 means total attempts to connect will be 4.
+#
+# Possible values:
+#
+# * Any integer value. 0 means connection is attempted only once
+# (integer value)
+# Minimum value: 0
+#http_retries = 3
+
+#
+# Allow attach between instance and volume in different availability
+# zones.
+#
+# If False, volumes attached to an instance must be in the same
+# availability
+# zone in Cinder as the instance availability zone in Nova.
+# This also means care should be taken when booting an instance from a
+# volume
+# where source is not "volume" because Nova will attempt to create a
+# volume using
+# the same availability zone as what is assigned to the instance.
+# If that AZ is not in Cinder (or
+# allow_availability_zone_fallback=False in
+# cinder.conf), the volume create request will fail and the instance
+# will fail
+# the build request.
+# By default there is no availability zone restriction on volume
+# attach.
+# (boolean value)
+#cross_az_attach = true
+{%- if compute.cross_az_attach is defined %}
+cross_az_attach={{ compute.cross_az_attach }}
+{%- endif %}
+
+{%- set _data = compute.get('cinder', compute.get('identity', {})) %}
+{%- set auth_type = _data.get('auth_type', 'password') %}
+{%- include "oslo_templates/files/queens/keystoneauth/_type_" + auth_type + ".conf" %}
+
+
+[compute]
+
+#
+# From nova.conf
+#
+
+#
+# Number of consecutive failed builds that result in disabling a
+# compute service.
+#
+# This option will cause nova-compute to set itself to a disabled
+# state
+# if a certain number of consecutive build failures occur. This will
+# prevent the scheduler from continuing to send builds to a compute
+# node that is
+# consistently failing. Note that all failures qualify and count
+# towards this
+# score, including reschedules that may have been due to racy
+# scheduler behavior.
+# Since the failures must be consecutive, it is unlikely that
+# occasional expected
+# reschedules will actually disable a compute node.
+#
+# Possible values:
+#
+# * Any positive integer representing a build failure count.
+# * Zero to never auto-disable.
+# (integer value)
+#consecutive_build_service_disable_threshold = 10
+{%- if compute.get('compute', {}).consecutive_build_service_disable_threshold is defined %}
+consecutive_build_service_disable_threshold = {{ compute.compute.consecutive_build_service_disable_threshold }}
+{%- endif %}
+
+#
+# Interval for updating nova-compute-side cache of the compute node
+# resource
+# provider's aggregates and traits info.
+#
+# This option specifies the number of seconds between attempts to
+# update a
+# provider's aggregates and traits information in the local cache of
+# the compute
+# node.
+#
+# Possible values:
+#
+# * Any positive integer in seconds.
+# (integer value)
+# Minimum value: 1
+#resource_provider_association_refresh = 300
+
+
+[conductor]
+#
+# Options under this group are used to define Conductor's
+# communication,
+# which manager should be act as a proxy between computes and
+# database,
+# and finally, how many worker processes will be used.
+
+#
+# From nova.conf
+#
+
+# DEPRECATED:
+# Topic exchange name on which conductor nodes listen.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# There is no need to let users choose the RPC topic for all services
+# - there
+# is little gain from this. Furthermore, it makes it really easy to
+# break Nova
+# by using this option.
+#topic = conductor
+
+#
+# Number of workers for OpenStack Conductor service. The default will
+# be the
+# number of CPUs available.
+# (integer value)
+#workers = <None>
+
+
+[console]
+#
+# Options under this group allow to tune the configuration of the
+# console proxy
+# service.
+#
+# Note: in configuration of every compute is a ``console_host``
+# option,
+# which allows to select the console proxy service to connect to.
+
+#
+# From nova.conf
+#
+
+#
+# Adds list of allowed origins to the console websocket proxy to allow
+# connections from other origin hostnames.
+# Websocket proxy matches the host header with the origin header to
+# prevent cross-site requests. This list specifies if any there are
+# values other than host are allowed in the origin header.
+#
+# Possible values:
+#
+# * A list where each element is an allowed origin hostnames, else an
+# empty list
+# (list value)
+# Deprecated group/name - [DEFAULT]/console_allowed_origins
+#allowed_origins =
+
+
+[consoleauth]
+
+#
+# From nova.conf
+#
+
+#
+# The lifetime of a console auth token (in seconds).
+#
+# A console auth token is used in authorizing console access for a
+# user.
+# Once the auth token time to live count has elapsed, the token is
+# considered expired. Expired tokens are then deleted.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/console_token_ttl
+#token_ttl = 600
+
+
+[crypto]
+
+#
+# From nova.conf
+#
+
+#
+# Filename of root CA (Certificate Authority). This is a container
+# format
+# and includes root certificates.
+#
+# Possible values:
+#
+# * Any file name containing root CA, cacert.pem is default
+#
+# Related options:
+#
+# * ca_path
+# (string value)
+#ca_file = cacert.pem
+
+#
+# Filename of a private key.
+#
+# Related options:
+#
+# * keys_path
+# (string value)
+#key_file = private/cakey.pem
+
+#
+# Filename of root Certificate Revocation List (CRL). This is a list
+# of
+# certificates that have been revoked, and therefore, entities
+# presenting
+# those (revoked) certificates should no longer be trusted.
+#
+# Related options:
+#
+# * ca_path
+# (string value)
+#crl_file = crl.pem
+
+#
+# Directory path where keys are located.
+#
+# Related options:
+#
+# * key_file
+# (string value)
+#keys_path = $state_path/keys
+
+#
+# Directory path where root CA is located.
+#
+# Related options:
+#
+# * ca_file
+# (string value)
+#ca_path = $state_path/CA
+
+# Option to enable/disable use of CA for each project. (boolean value)
+#use_project_ca = false
+
+#
+# Subject for certificate for users, %s for
+# project, user, timestamp
+# (string value)
+#user_cert_subject = /C=US/ST=California/O=OpenStack/OU=NovaDev/CN=%.16s-%.16s-%s
+
+#
+# Subject for certificate for projects, %s for
+# project, timestamp
+# (string value)
+#project_cert_subject = /C=US/ST=California/O=OpenStack/OU=NovaDev/CN=project-ca-%.16s-%s
+
+
+[devices]
+
+#
+# From nova.conf
+#
+
+#
+# A list of the vGPU types enabled in the compute node.
+#
+# Some pGPUs (e.g. NVIDIA GRID K1) support different vGPU types. User
+# can use
+# this option to specify a list of enabled vGPU types that may be
+# assigned to a
+# guest instance. But please note that Nova only supports a single
+# type in the
+# Queens release. If more than one vGPU type is specified (as a comma-
+# separated
+# list), only the first one will be used. An example is as the
+# following:
+# [devices]
+# enabled_vgpu_types = GRID K100,Intel GVT-g,MxGPU.2,nvidia-11
+# (list value)
+#enabled_vgpu_types =
+
+
+[ephemeral_storage_encryption]
+
+#
+# From nova.conf
+#
+
+#
+# Enables/disables LVM ephemeral storage encryption.
+# (boolean value)
+#enabled = false
+
+#
+# Cipher-mode string to be used.
+#
+# The cipher and mode to be used to encrypt ephemeral storage. The set
+# of
+# cipher-mode combinations available depends on kernel support.
+# According
+# to the dm-crypt documentation, the cipher is expected to be in the
+# format:
+# "<cipher>-<chainmode>-<ivmode>".
+#
+# Possible values:
+#
+# * Any crypto option listed in ``/proc/crypto``.
+# (string value)
+#cipher = aes-xts-plain64
+
+#
+# Encryption key length in bits.
+#
+# The bit length of the encryption key to be used to encrypt ephemeral
+# storage.
+# In XTS mode only half of the bits are used for encryption key.
+# (integer value)
+# Minimum value: 1
+#key_size = 512
+
+
+[filter_scheduler]
+
+#
+# From nova.conf
+#
+
+#
+# Size of subset of best hosts selected by scheduler.
+#
+# New instances will be scheduled on a host chosen randomly from a
+# subset of the
+# N best hosts, where N is the value set by this option.
+#
+# Setting this to a value greater than 1 will reduce the chance that
+# multiple
+# scheduler processes handling similar requests will select the same
+# host,
+# creating a potential race condition. By selecting a host randomly
+# from the N
+# hosts that best fit the request, the chance of a conflict is
+# reduced. However,
+# the higher you set this value, the less optimal the chosen host may
+# be for a
+# given request.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * An integer, where the integer corresponds to the size of a host
+# subset. Any
+# integer is valid, although any value less than 1 will be treated
+# as 1
+# (integer value)
+# Minimum value: 1
+# Deprecated group/name - [DEFAULT]/scheduler_host_subset_size
+#host_subset_size = 1
+
+#
+# The number of instances that can be actively performing IO on a
+# host.
+#
+# Instances performing IO includes those in the following states:
+# build, resize,
+# snapshot, migrate, rescue, unshelve.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the 'io_ops_filter' filter is enabled.
+#
+# Possible values:
+#
+# * An integer, where the integer corresponds to the max number of
+# instances
+# that can be actively performing IO on any given host.
+# (integer value)
+#max_io_ops_per_host = 8
+
+#
+# Maximum number of instances that be active on a host.
+#
+# If you need to limit the number of instances on any given host, set
+# this option
+# to the maximum number of instances you want to allow. The
+# num_instances_filter
+# will reject any host that has at least as many instances as this
+# option's
+# value.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the 'num_instances_filter' filter is
+# enabled.
+#
+# Possible values:
+#
+# * An integer, where the integer corresponds to the max instances
+# that can be
+# scheduled on a host.
+# (integer value)
+# Minimum value: 1
+#max_instances_per_host = 50
+
+#
+# Enable querying of individual hosts for instance information.
+#
+# The scheduler may need information about the instances on a host in
+# order to
+# evaluate its filters and weighers. The most common need for this
+# information is
+# for the (anti-)affinity filters, which need to choose a host based
+# on the
+# instances already running on a host.
+#
+# If the configured filters and weighers do not need this information,
+# disabling
+# this option will improve performance. It may also be disabled when
+# the tracking
+# overhead proves too heavy, although this will cause classes
+# requiring host
+# usage data to query the database on each request instead.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# NOTE: In a multi-cell (v2) setup where the cell MQ is separated from
+# the
+# top-level, computes cannot directly communicate with the scheduler.
+# Thus,
+# this option cannot be enabled in that scenario. See also the
+# [workarounds]/disable_group_policy_check_upcall option.
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/scheduler_tracks_instance_changes
+#track_instance_changes = true
+
+#
+# Filters that the scheduler can use.
+#
+# An unordered list of the filter classes the nova scheduler may
+# apply. Only the
+# filters specified in the 'enabled_filters' option will be used, but
+# any filter appearing in that option must also be included in this
+# list.
+#
+# By default, this is set to all filters that are included with nova.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more strings, where each string corresponds to
+# the name of
+# a filter that may be used for selecting a host
+#
+# Related options:
+#
+# * enabled_filters
+# (multi valued)
+# Deprecated group/name - [DEFAULT]/scheduler_available_filters
+#available_filters = nova.scheduler.filters.all_filters
+
+#
+# Filters that the scheduler will use.
+#
+# An ordered list of filter class names that will be used for
+# filtering
+# hosts. These filters will be applied in the order they are listed so
+# place your most restrictive filters first to make the filtering
+# process more
+# efficient.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more strings, where each string corresponds to
+# the name of
+# a filter to be used for selecting a host
+#
+# Related options:
+#
+# * All of the filters in this option *must* be present in the
+# 'scheduler_available_filters' option, or a
+# SchedulerHostFilterNotFound
+# exception will be raised.
+# (list value)
+# Deprecated group/name - [DEFAULT]/scheduler_default_filters
+#enabled_filters = RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter
+
+# DEPRECATED:
+# Filters used for filtering baremetal hosts.
+#
+# Filters are applied in order, so place your most restrictive filters
+# first to
+# make the filtering process more efficient.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more strings, where each string corresponds to
+# the name of
+# a filter to be used for selecting a baremetal host
+#
+# Related options:
+#
+# * If the 'scheduler_use_baremetal_filters' option is False, this
+# option has
+# no effect.
+# (list value)
+# Deprecated group/name - [DEFAULT]/baremetal_scheduler_default_filters
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason:
+# These filters were used to overcome some of the baremetal scheduling
+# limitations in Nova prior to the use of the Placement API. Now
+# scheduling will
+# use the custom resource class defined for each baremetal node to
+# make its
+# selection.
+#baremetal_enabled_filters = RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ExactRamFilter,ExactDiskFilter,ExactCoreFilter
+
+# DEPRECATED:
+# Enable baremetal filters.
+#
+# Set this to True to tell the nova scheduler that it should use the
+# filters
+# specified in the 'baremetal_enabled_filters' option. If you are not
+# scheduling baremetal nodes, leave this at the default setting of
+# False.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Related options:
+#
+# * If this option is set to True, then the filters specified in the
+# 'baremetal_enabled_filters' are used instead of the filters
+# specified in 'enabled_filters'.
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/scheduler_use_baremetal_filters
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason:
+# These filters were used to overcome some of the baremetal scheduling
+# limitations in Nova prior to the use of the Placement API. Now
+# scheduling will
+# use the custom resource class defined for each baremetal node to
+# make its
+# selection.
+#use_baremetal_filters = false
+
+#
+# Weighers that the scheduler will use.
+#
+# Only hosts which pass the filters are weighed. The weight for any
+# host starts
+# at 0, and the weighers order these hosts by adding to or subtracting
+# from the
+# weight assigned by the previous weigher. Weights may become
+# negative. An
+# instance will be scheduled to one of the N most-weighted hosts,
+# where N is
+# 'scheduler_host_subset_size'.
+#
+# By default, this is set to all weighers that are included with Nova.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more strings, where each string corresponds to
+# the name of
+# a weigher that will be used for selecting a host
+# (list value)
+# Deprecated group/name - [DEFAULT]/scheduler_weight_classes
+#weight_classes = nova.scheduler.weights.all_weighers
+
+#
+# Ram weight multipler ratio.
+#
+# This option determines how hosts with more or less available RAM are
+# weighed. A
+# positive value will result in the scheduler preferring hosts with
+# more
+# available RAM, and a negative number will result in the scheduler
+# preferring
+# hosts with less available RAM. Another way to look at it is that
+# positive
+# values for this option will tend to spread instances across many
+# hosts, while
+# negative values will tend to fill up (stack) hosts as much as
+# possible before
+# scheduling to a less-used host. The absolute value, whether positive
+# or
+# negative, controls how strong the RAM weigher is relative to other
+# weighers.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the 'ram' weigher is enabled.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the
+# multipler
+# ratio for this weigher.
+# (floating point value)
+#ram_weight_multiplier = 1.0
+
+#
+# Disk weight multipler ratio.
+#
+# Multiplier used for weighing free disk space. Negative numbers mean
+# to
+# stack vs spread.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the 'disk' weigher is enabled.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the
+# multipler
+# ratio for this weigher.
+# (floating point value)
+#disk_weight_multiplier = 1.0
+
+#
+# IO operations weight multipler ratio.
+#
+# This option determines how hosts with differing workloads are
+# weighed. Negative
+# values, such as the default, will result in the scheduler preferring
+# hosts with
+# lighter workloads whereas positive values will prefer hosts with
+# heavier
+# workloads. Another way to look at it is that positive values for
+# this option
+# will tend to schedule instances onto hosts that are already busy,
+# while
+# negative values will tend to distribute the workload across more
+# hosts. The
+# absolute value, whether positive or negative, controls how strong
+# the io_ops
+# weigher is relative to other weighers.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the 'io_ops' weigher is enabled.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the
+# multipler
+# ratio for this weigher.
+# (floating point value)
+#io_ops_weight_multiplier = -1.0
+
+#
+# PCI device affinity weight multiplier.
+#
+# The PCI device affinity weighter computes a weighting based on the
+# number of
+# PCI devices on the host and the number of PCI devices requested by
+# the
+# instance. The ``NUMATopologyFilter`` filter must be enabled for this
+# to have
+# any significance. For more information, refer to the filter
+# documentation:
+#
+# https://docs.openstack.org/nova/latest/user/filter-
+# scheduler.html
+#
+# Possible values:
+#
+# * A positive integer or float value, where the value corresponds to
+# the
+# multiplier ratio for this weigher.
+# (floating point value)
+# Minimum value: 0
+#pci_weight_multiplier = 1.0
+
+#
+# Multiplier used for weighing hosts for group soft-affinity.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to weight
+# multiplier
+# for hosts with group soft affinity. Only a positive value are
+# meaningful, as
+# negative values would make this behave as a soft anti-affinity
+# weigher.
+# (floating point value)
+#soft_affinity_weight_multiplier = 1.0
+
+#
+# Multiplier used for weighing hosts for group soft-anti-affinity.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to weight
+# multiplier
+# for hosts with group soft anti-affinity. Only a positive value are
+# meaningful, as negative values would make this behave as a soft
+# affinity
+# weigher.
+# (floating point value)
+#soft_anti_affinity_weight_multiplier = 1.0
+
+#
+# Enable spreading the instances between hosts with the same best
+# weight.
+#
+# Enabling it is beneficial for cases when host_subset_size is 1
+# (default), but there is a large number of hosts with same maximal
+# weight.
+# This scenario is common in Ironic deployments where there are
+# typically many
+# baremetal nodes with identical weights returned to the scheduler.
+# In such case enabling this option will reduce contention and chances
+# for
+# rescheduling events.
+# At the same time it will make the instance packing (even in
+# unweighed case)
+# less dense.
+# (boolean value)
+#shuffle_best_same_weighed_hosts = false
+
+#
+# The default architecture to be used when using the image properties
+# filter.
+#
+# When using the ImagePropertiesFilter, it is possible that you want
+# to define
+# a default architecture to make the user experience easier and avoid
+# having
+# something like x86_64 images landing on aarch64 compute nodes
+# because the
+# user did not specify the 'hw_architecture' property in Glance.
+#
+# Possible values:
+#
+# * CPU Architectures such as x86_64, aarch64, s390x.
+# (string value)
+# Possible values:
+# alpha - <No description provided>
+# armv6 - <No description provided>
+# armv7l - <No description provided>
+# armv7b - <No description provided>
+# aarch64 - <No description provided>
+# cris - <No description provided>
+# i686 - <No description provided>
+# ia64 - <No description provided>
+# lm32 - <No description provided>
+# m68k - <No description provided>
+# microblaze - <No description provided>
+# microblazeel - <No description provided>
+# mips - <No description provided>
+# mipsel - <No description provided>
+# mips64 - <No description provided>
+# mips64el - <No description provided>
+# openrisc - <No description provided>
+# parisc - <No description provided>
+# parisc64 - <No description provided>
+# ppc - <No description provided>
+# ppcle - <No description provided>
+# ppc64 - <No description provided>
+# ppc64le - <No description provided>
+# ppcemb - <No description provided>
+# s390 - <No description provided>
+# s390x - <No description provided>
+# sh4 - <No description provided>
+# sh4eb - <No description provided>
+# sparc - <No description provided>
+# sparc64 - <No description provided>
+# unicore32 - <No description provided>
+# x86_64 - <No description provided>
+# xtensa - <No description provided>
+# xtensaeb - <No description provided>
+#image_properties_default_architecture = <None>
+
+#
+# List of UUIDs for images that can only be run on certain hosts.
+#
+# If there is a need to restrict some images to only run on certain
+# designated
+# hosts, list those image UUIDs here.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the 'IsolatedHostsFilter' filter is
+# enabled.
+#
+# Possible values:
+#
+# * A list of UUID strings, where each string corresponds to the UUID
+# of an
+# image
+#
+# Related options:
+#
+# * scheduler/isolated_hosts
+# * scheduler/restrict_isolated_hosts_to_isolated_images
+# (list value)
+#isolated_images =
+
+#
+# List of hosts that can only run certain images.
+#
+# If there is a need to restrict some images to only run on certain
+# designated
+# hosts, list those host names here.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the 'IsolatedHostsFilter' filter is
+# enabled.
+#
+# Possible values:
+#
+# * A list of strings, where each string corresponds to the name of a
+# host
+#
+# Related options:
+#
+# * scheduler/isolated_images
+# * scheduler/restrict_isolated_hosts_to_isolated_images
+# (list value)
+#isolated_hosts =
+
+#
+# Prevent non-isolated images from being built on isolated hosts.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the 'IsolatedHostsFilter' filter is
+# enabled. Even
+# then, this option doesn't affect the behavior of requests for
+# isolated images,
+# which will *always* be restricted to isolated hosts.
+#
+# Related options:
+#
+# * scheduler/isolated_images
+# * scheduler/isolated_hosts
+# (boolean value)
+#restrict_isolated_hosts_to_isolated_images = true
+
+#
+# Image property namespace for use in the host aggregate.
+#
+# Images and hosts can be configured so that certain images can only
+# be scheduled
+# to hosts in a particular aggregate. This is done with metadata
+# values set on
+# the host aggregate that are identified by beginning with the value
+# of this
+# option. If the host is part of an aggregate with such a metadata
+# key, the image
+# in the request spec must have the value of that metadata in its
+# properties in
+# order for the scheduler to consider the host as acceptable.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the
+# 'aggregate_image_properties_isolation' filter is
+# enabled.
+#
+# Possible values:
+#
+# * A string, where the string corresponds to an image property
+# namespace
+#
+# Related options:
+#
+# * aggregate_image_properties_isolation_separator
+# (string value)
+#aggregate_image_properties_isolation_namespace = <None>
+
+#
+# Separator character(s) for image property namespace and name.
+#
+# When using the aggregate_image_properties_isolation filter, the
+# relevant
+# metadata keys are prefixed with the namespace defined in the
+# aggregate_image_properties_isolation_namespace configuration option
+# plus a
+# separator. This option defines the separator to be used.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the
+# 'aggregate_image_properties_isolation' filter
+# is enabled.
+#
+# Possible values:
+#
+# * A string, where the string corresponds to an image property
+# namespace
+# separator character
+#
+# Related options:
+#
+# * aggregate_image_properties_isolation_namespace
+# (string value)
+#aggregate_image_properties_isolation_separator = .
+
+
+[glance]
+# Configuration options for the Image service
+
+#
+# From nova.conf
+#
+
+#
+# List of glance api servers endpoints available to nova.
+#
+# https is used for ssl-based glance api servers.
+#
+# NOTE: The preferred mechanism for endpoint discovery is via
+# keystoneauth1
+# loading options. Only use api_servers if you need multiple endpoints
+# and are
+# unable to use a load balancer for some reason.
+#
+# Possible values:
+#
+# * A list of any fully qualified url of the form
+# "scheme://hostname:port[/path]"
+# (i.e. "http://10.0.1.0:9292" or "https://my.glance.server/image").
+# (list value)
+#api_servers = <None>
+{%- if compute.image is defined %}
+api_servers = {{ compute.image.get('protocol', 'http') }}://{{ compute.image.host }}:{{ compute.image.get('port', 9292) }}
+{% endif %}
+
+#
+# Enable glance operation retries.
+#
+# Specifies the number of retries when uploading / downloading
+# an image to / from glance. 0 means no retries.
+# (integer value)
+# Minimum value: 0
+#num_retries = 0
+
+# DEPRECATED:
+# List of url schemes that can be directly accessed.
+#
+# This option specifies a list of url schemes that can be downloaded
+# directly via the direct_url. This direct_URL can be fetched from
+# Image metadata which can be used by nova to get the
+# image more efficiently. nova-compute could benefit from this by
+# invoking a copy when it has access to the same file system as
+# glance.
+#
+# Possible values:
+#
+# * [file], Empty list (default)
+# (list value)
+# This option is deprecated for removal since 17.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# This was originally added for the 'nova.image.download.file'
+# FileTransfer
+# extension which was removed in the 16.0.0 Pike release. The
+# 'nova.image.download.modules' extension point is not maintained
+# and there is no indication of its use in production clouds.
+#allowed_direct_url_schemes =
+
+#
+# Enable image signature verification.
+#
+# nova uses the image signature metadata from glance and verifies the
+# signature
+# of a signed image while downloading that image. If the image
+# signature cannot
+# be verified or if the image signature metadata is either incomplete
+# or
+# unavailable, then nova will not boot the image and instead will
+# place the
+# instance into an error state. This provides end users with stronger
+# assurances
+# of the integrity of the image data they are using to create servers.
+#
+# Related options:
+#
+# * The options in the `key_manager` group, as the key_manager is used
+# for the signature validation.
+# * Both enable_certificate_validation and
+# default_trusted_certificate_ids
+# below depend on this option being enabled.
+# (boolean value)
+{%- if compute.get('image', {}).verify_glance_signatures is defined %}
+verify_glance_signatures={{ compute.image.verify_glance_signatures }}
+{%- elif compute.get('barbican', {}).get('enabled', False) %}
+verify_glance_signatures=true
+{%- else %}
+#verify_glance_signatures=false
+{%- endif %}
+
+# DEPRECATED:
+# Enable certificate validation for image signature verification.
+#
+# During image signature verification nova will first verify the
+# validity of the
+# image's signing certificate using the set of trusted certificates
+# associated
+# with the instance. If certificate validation fails, signature
+# verification
+# will not be performed and the image will be placed into an error
+# state. This
+# provides end users with stronger assurances that the image data is
+# unmodified
+# and trustworthy. If left disabled, image signature verification can
+# still
+# occur but the end user will not have any assurance that the signing
+# certificate used to generate the image signature is still
+# trustworthy.
+#
+# Related options:
+#
+# * This option only takes effect if verify_glance_signatures is
+# enabled.
+# * The value of default_trusted_certificate_ids may be used when this
+# option
+# is enabled.
+# (boolean value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# This option is intended to ease the transition for deployments
+# leveraging
+# image signature verification. The intended state long-term is for
+# signature
+# verification and certificate validation to always happen together.
+#enable_certificate_validation = false
+
+#
+# List of certificate IDs for certificates that should be trusted.
+#
+# May be used as a default list of trusted certificate IDs for
+# certificate
+# validation. The value of this option will be ignored if the user
+# provides a
+# list of trusted certificate IDs with an instance API request. The
+# value of
+# this option will be persisted with the instance data if signature
+# verification
+# and certificate validation are enabled and if the user did not
+# provide an
+# alternative list. If left empty when certificate validation is
+# enabled the
+# user must provide a list of trusted certificate IDs otherwise
+# certificate
+# validation will fail.
+#
+# Related options:
+#
+# * The value of this option may be used if both
+# verify_glance_signatures and
+# enable_certificate_validation are enabled.
+# (list value)
+#default_trusted_certificate_ids =
+
+# Enable or disable debug logging with glanceclient. (boolean value)
+#debug = false
+
+# PEM encoded Certificate Authority to use when verifying HTTPs
+# connections. (string value)
+#cafile = <None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile = <None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# The default service_type for endpoint URL discovery. (string value)
+#service_type = image
+
+# The default service_name for endpoint URL discovery. (string value)
+#service_name = <None>
+
+# List of interfaces, in order of preference, for endpoint URL. (list
+# value)
+#valid_interfaces = internal,public
+
+# The default region_name for endpoint URL discovery. (string value)
+#region_name = <None>
+
+# Always use this endpoint URL for requests for this client. NOTE: The
+# unversioned endpoint should be specified here; to request a
+# particular API version, use the `version`, `min-version`, and/or
+# `max-version` options. (string value)
+#endpoint_override = <None>
+
+
+[guestfs]
+#
+# libguestfs is a set of tools for accessing and modifying virtual
+# machine (VM) disk images. You can use this for viewing and editing
+# files inside guests, scripting changes to VMs, monitoring disk
+# used/free statistics, creating guests, P2V, V2V, performing backups,
+# cloning VMs, building VMs, formatting disks and resizing disks.
+
+#
+# From nova.conf
+#
+
+#
+# Enable/disables guestfs logging.
+#
+# This configures guestfs to debug messages and push them to OpenStack
+# logging system. When set to True, it traces libguestfs API calls and
+# enable verbose debug messages. In order to use the above feature,
+# "libguestfs" package must be installed.
+#
+# Related options:
+# Since libguestfs access and modifies VM's managed by libvirt, below
+# options
+# should be set to give access to those VM's.
+# * libvirt.inject_key
+# * libvirt.inject_partition
+# * libvirt.inject_password
+# (boolean value)
+#debug = false
+
+
+[hyperv]
+#
+# The hyperv feature allows you to configure the Hyper-V hypervisor
+# driver to be used within an OpenStack deployment.
+
+#
+# From nova.conf
+#
+
+#
+# Dynamic memory ratio
+#
+# Enables dynamic memory allocation (ballooning) when set to a value
+# greater than 1. The value expresses the ratio between the total RAM
+# assigned to an instance and its startup RAM amount. For example a
+# ratio of 2.0 for an instance with 1024MB of RAM implies 512MB of
+# RAM allocated at startup.
+#
+# Possible values:
+#
+# * 1.0: Disables dynamic memory allocation (Default).
+# * Float values greater than 1.0: Enables allocation of total implied
+# RAM divided by this value for startup.
+# (floating point value)
+#dynamic_memory_ratio = 1.0
+
+#
+# Enable instance metrics collection
+#
+# Enables metrics collections for an instance by using Hyper-V's
+# metric APIs. Collected data can be retrieved by other apps and
+# services, e.g.: Ceilometer.
+# (boolean value)
+#enable_instance_metrics_collection = false
+
+#
+# Instances path share
+#
+# The name of a Windows share mapped to the "instances_path" dir
+# and used by the resize feature to copy files to the target host.
+# If left blank, an administrative share (hidden network share) will
+# be used, looking for the same "instances_path" used locally.
+#
+# Possible values:
+#
+# * "": An administrative share will be used (Default).
+# * Name of a Windows share.
+#
+# Related options:
+#
+# * "instances_path": The directory which will be used if this option
+# here is left blank.
+# (string value)
+#instances_path_share =
+
+#
+# Limit CPU features
+#
+# This flag is needed to support live migration to hosts with
+# different CPU features and checked during instance creation
+# in order to limit the CPU features used by the instance.
+# (boolean value)
+#limit_cpu_features = false
+
+#
+# Mounted disk query retry count
+#
+# The number of times to retry checking for a mounted disk.
+# The query runs until the device can be found or the retry
+# count is reached.
+#
+# Possible values:
+#
+# * Positive integer values. Values greater than 1 is recommended
+# (Default: 10).
+#
+# Related options:
+#
+# * Time interval between disk mount retries is declared with
+# "mounted_disk_query_retry_interval" option.
+# (integer value)
+# Minimum value: 0
+#mounted_disk_query_retry_count = 10
+
+#
+# Mounted disk query retry interval
+#
+# Interval between checks for a mounted disk, in seconds.
+#
+# Possible values:
+#
+# * Time in seconds (Default: 5).
+#
+# Related options:
+#
+# * This option is meaningful when the mounted_disk_query_retry_count
+# is greater than 1.
+# * The retry loop runs with mounted_disk_query_retry_count and
+# mounted_disk_query_retry_interval configuration options.
+# (integer value)
+# Minimum value: 0
+#mounted_disk_query_retry_interval = 5
+
+#
+# Power state check timeframe
+#
+# The timeframe to be checked for instance power state changes.
+# This option is used to fetch the state of the instance from Hyper-V
+# through the WMI interface, within the specified timeframe.
+#
+# Possible values:
+#
+# * Timeframe in seconds (Default: 60).
+# (integer value)
+# Minimum value: 0
+#power_state_check_timeframe = 60
+
+#
+# Power state event polling interval
+#
+# Instance power state change event polling frequency. Sets the
+# listener interval for power state events to the given value.
+# This option enhances the internal lifecycle notifications of
+# instances that reboot themselves. It is unlikely that an operator
+# has to change this value.
+#
+# Possible values:
+#
+# * Time in seconds (Default: 2).
+# (integer value)
+# Minimum value: 0
+#power_state_event_polling_interval = 2
+
+#
+# qemu-img command
+#
+# qemu-img is required for some of the image related operations
+# like converting between different image types. You can get it
+# from here: (http://qemu.weilnetz.de/) or you can install the
+# Cloudbase OpenStack Hyper-V Compute Driver
+# (https://cloudbase.it/openstack-hyperv-driver/) which automatically
+# sets the proper path for this config option. You can either give the
+# full path of qemu-img.exe or set its path in the PATH environment
+# variable and leave this option to the default value.
+#
+# Possible values:
+#
+# * Name of the qemu-img executable, in case it is in the same
+# directory as the nova-compute service or its path is in the
+# PATH environment variable (Default).
+# * Path of qemu-img command (DRIVELETTER:\PATH\TO\QEMU-IMG\COMMAND).
+#
+# Related options:
+#
+# * If the config_drive_cdrom option is False, qemu-img will be used
+# to
+# convert the ISO to a VHD, otherwise the configuration drive will
+# remain an ISO. To use configuration drive with Hyper-V, you must
+# set the mkisofs_cmd value to the full path to an mkisofs.exe
+# installation.
+# (string value)
+#qemu_img_cmd = qemu-img.exe
+
+#
+# External virtual switch name
+#
+# The Hyper-V Virtual Switch is a software-based layer-2 Ethernet
+# network switch that is available with the installation of the
+# Hyper-V server role. The switch includes programmatically managed
+# and extensible capabilities to connect virtual machines to both
+# virtual networks and the physical network. In addition, Hyper-V
+# Virtual Switch provides policy enforcement for security, isolation,
+# and service levels. The vSwitch represented by this config option
+# must be an external one (not internal or private).
+#
+# Possible values:
+#
+# * If not provided, the first of a list of available vswitches
+# is used. This list is queried using WQL.
+# * Virtual switch name.
+# (string value)
+#vswitch_name = <None>
+
+#
+# Wait soft reboot seconds
+#
+# Number of seconds to wait for instance to shut down after soft
+# reboot request is made. We fall back to hard reboot if instance
+# does not shutdown within this window.
+#
+# Possible values:
+#
+# * Time in seconds (Default: 60).
+# (integer value)
+# Minimum value: 0
+#wait_soft_reboot_seconds = 60
+
+#
+# Configuration drive cdrom
+#
+# OpenStack can be configured to write instance metadata to
+# a configuration drive, which is then attached to the
+# instance before it boots. The configuration drive can be
+# attached as a disk drive (default) or as a CD drive.
+#
+# Possible values:
+#
+# * True: Attach the configuration drive image as a CD drive.
+# * False: Attach the configuration drive image as a disk drive
+# (Default).
+#
+# Related options:
+#
+# * This option is meaningful with force_config_drive option set to
+# 'True'
+# or when the REST API call to create an instance will have
+# '--config-drive=True' flag.
+# * config_drive_format option must be set to 'iso9660' in order to
+# use
+# CD drive as the configuration drive image.
+# * To use configuration drive with Hyper-V, you must set the
+# mkisofs_cmd value to the full path to an mkisofs.exe installation.
+# Additionally, you must set the qemu_img_cmd value to the full path
+# to an qemu-img command installation.
+# * You can configure the Compute service to always create a
+# configuration
+# drive by setting the force_config_drive option to 'True'.
+# (boolean value)
+#config_drive_cdrom = false
+config_drive_cdrom = {{ compute.get('config_drive', {}).get('cdrom', False)|lower }}
+
+#
+# Configuration drive inject password
+#
+# Enables setting the admin password in the configuration drive image.
+#
+# Related options:
+#
+# * This option is meaningful when used with other options that enable
+# configuration drive usage with Hyper-V, such as
+# force_config_drive.
+# * Currently, the only accepted config_drive_format is 'iso9660'.
+# (boolean value)
+#config_drive_inject_password = false
+config_drive_inject_password = {{ compute.get('config_drive', {}).get('inject_password', False)|lower }}
+
+#
+# Volume attach retry count
+#
+# The number of times to retry attaching a volume. Volume attachment
+# is retried until success or the given retry count is reached.
+#
+# Possible values:
+#
+# * Positive integer values (Default: 10).
+#
+# Related options:
+#
+# * Time interval between attachment attempts is declared with
+# volume_attach_retry_interval option.
+# (integer value)
+# Minimum value: 0
+#volume_attach_retry_count = 10
+
+#
+# Volume attach retry interval
+#
+# Interval between volume attachment attempts, in seconds.
+#
+# Possible values:
+#
+# * Time in seconds (Default: 5).
+#
+# Related options:
+#
+# * This options is meaningful when volume_attach_retry_count
+# is greater than 1.
+# * The retry loop runs with volume_attach_retry_count and
+# volume_attach_retry_interval configuration options.
+# (integer value)
+# Minimum value: 0
+#volume_attach_retry_interval = 5
+
+#
+# Enable RemoteFX feature
+#
+# This requires at least one DirectX 11 capable graphics adapter for
+# Windows / Hyper-V Server 2012 R2 or newer and RDS-Virtualization
+# feature has to be enabled.
+#
+# Instances with RemoteFX can be requested with the following flavor
+# extra specs:
+#
+# **os:resolution**. Guest VM screen resolution size. Acceptable
+# values::
+#
+# 1024x768, 1280x1024, 1600x1200, 1920x1200, 2560x1600, 3840x2160
+#
+# ``3840x2160`` is only available on Windows / Hyper-V Server 2016.
+#
+# **os:monitors**. Guest VM number of monitors. Acceptable values::
+#
+# [1, 4] - Windows / Hyper-V Server 2012 R2
+# [1, 8] - Windows / Hyper-V Server 2016
+#
+# **os:vram**. Guest VM VRAM amount. Only available on
+# Windows / Hyper-V Server 2016. Acceptable values::
+#
+# 64, 128, 256, 512, 1024
+# (boolean value)
+#enable_remotefx = false
+
+#
+# Use multipath connections when attaching iSCSI or FC disks.
+#
+# This requires the Multipath IO Windows feature to be enabled. MPIO
+# must be
+# configured to claim such devices.
+# (boolean value)
+#use_multipath_io = false
+
+#
+# List of iSCSI initiators that will be used for estabilishing iSCSI
+# sessions.
+#
+# If none are specified, the Microsoft iSCSI initiator service will
+# choose the
+# initiator.
+# (list value)
+#iscsi_initiator_list =
+
+{% if compute.ironic is defined -%}
+[ironic]
+#
+# Configuration options for Ironic driver (Bare Metal).
+# If using the Ironic driver following options must be set:
+# * auth_type
+# * auth_url
+# * project_name
+# * username
+# * password
+# * project_domain_id or project_domain_name
+# * user_domain_id or user_domain_name
+
+#
+# From nova.conf
+#
+
+# DEPRECATED: URL override for the Ironic API endpoint. (uri value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Endpoint lookup uses the service catalog via common
+# keystoneauth1 Adapter configuration options. In the current release,
+# api_endpoint will override this behavior, but will be ignored and/or
+# removed in a future release. To achieve the same result, use the
+# endpoint_override option instead.
+#api_endpoint = http://ironic.example.org:6385/
+api_endpoint={{ compute.ironic.get('protocol', 'http') }}://{{ compute.ironic.host }}:{{ compute.ironic.port }}
+
+#
+# The number of times to retry when a request conflicts.
+# If set to 0, only try once, no retries.
+#
+# Related options:
+#
+# * api_retry_interval
+# (integer value)
+# Minimum value: 0
+#api_max_retries = 60
+
+#
+# The number of seconds to wait before retrying the request.
+#
+# Related options:
+#
+# * api_max_retries
+# (integer value)
+# Minimum value: 0
+#api_retry_interval = 2
+
+# Timeout (seconds) to wait for node serial console state changed. Set
+# to 0 to disable timeout. (integer value)
+# Minimum value: 0
+#serial_console_state_timeout = 10
+
+# PEM encoded Certificate Authority to use when verifying HTTPs
+# connections. (string value)
+#cafile = <None>
+{%- if compute.ironic.get('protocol', 'http') == 'https' %}
+cafile={{ compute.identity.get('cacert_file', compute.cacert_file) }}
+{%- endif %}
+
+# PEM encoded client certificate cert file (string value)
+#certfile = <None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Authentication type to load (string value)
+# Deprecated group/name - [ironic]/auth_plugin
+#auth_type = <None>
+auth_type={{ compute.ironic.auth_type }}
+
+# Config Section from which to load plugin specific options (string
+# value)
+#auth_section = <None>
+
+# Authentication URL (string value)
+#auth_url = <None>
+auth_url={{ compute.identity.get('protocol', 'http') }}://{{ compute.identity.host }}:{{ compute.identity.port }}/v3
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+#project_name = <None>
+project_name={{ compute.identity.tenant }}
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+project_domain_name={{ compute.ironic.project_domain_name }}
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# User ID (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [ironic]/user_name
+#username = <None>
+username={{ compute.ironic.user }}
+
+# User's domain id (string value)
+#user_domain_id = <None>
+
+# User's domain name (string value)
+#user_domain_name = <None>
+user_domain_name={{ compute.ironic.user_domain_name }}
+
+
+# User's password (string value)
+#password = <None>
+password={{ compute.ironic.password }}
+# The default service_type for endpoint URL discovery. (string value)
+#service_type = baremetal
+
+# The default service_name for endpoint URL discovery. (string value)
+#service_name = <None>
+
+# List of interfaces, in order of preference, for endpoint URL. (list
+# value)
+#valid_interfaces = internal,public
+
+# The default region_name for endpoint URL discovery. (string value)
+#region_name = <None>
+
+# Always use this endpoint URL for requests for this client. NOTE: The
+# unversioned endpoint should be specified here; to request a
+# particular API version, use the `version`, `min-version`, and/or
+# `max-version` options. (string value)
+# Deprecated group/name - [ironic]/api_endpoint
+#endpoint_override = <None>
+{%- endif %}
+
+
+[key_manager]
+
+#
+# From nova.conf
+#
+
+#
+# Fixed key returned by key manager, specified in hex.
+#
+# Possible values:
+#
+# * Empty string or a key in hex value
+# (string value)
+#fixed_key = <None>
+{%- if compute.get('barbican', {}).get('enabled', False) %}
+api_class=castellan.key_manager.barbican_key_manager.BarbicanKeyManager
+{%- endif %}
+
+# Specify the key manager implementation. Options are "barbican" and
+# "vault". Default is "barbican". Will support the values earlier
+# set using [key_manager]/api_class for some time. (string value)
+# Deprecated group/name - [key_manager]/api_class
+#backend = barbican
+
+# The type of authentication credential to create. Possible values are
+# 'token', 'password', 'keystone_token', and 'keystone_password'.
+# Required if no context is passed to the credential factory. (string
+# value)
+#auth_type = <None>
+
+# Token for authentication. Required for 'token' and 'keystone_token'
+# auth_type if no context is passed to the credential factory. (string
+# value)
+#token = <None>
+
+# Username for authentication. Required for 'password' auth_type.
+# Optional for the 'keystone_password' auth_type. (string value)
+#username = <None>
+
+# Password for authentication. Required for 'password' and
+# 'keystone_password' auth_type. (string value)
+#password = <None>
+
+# Use this endpoint to connect to Keystone. (string value)
+#auth_url = <None>
+
+# User ID for authentication. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#user_id = <None>
+
+# User's domain ID for authentication. Optional for 'keystone_token'
+# and 'keystone_password' auth_type. (string value)
+#user_domain_id = <None>
+
+# User's domain name for authentication. Optional for 'keystone_token'
+# and 'keystone_password' auth_type. (string value)
+#user_domain_name = <None>
+
+# Trust ID for trust scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#trust_id = <None>
+
+# Domain ID for domain scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#domain_id = <None>
+
+# Domain name for domain scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#domain_name = <None>
+
+# Project ID for project scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#project_id = <None>
+
+# Project name for project scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#project_name = <None>
+
+# Project's domain ID for project. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#project_domain_id = <None>
+
+# Project's domain name for project. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#project_domain_name = <None>
+
+# Allow fetching a new token if the current one is going to expire.
+# Optional for 'keystone_token' and 'keystone_password' auth_type.
+# (boolean value)
+#reauthenticate = true
+
+
+[keystone]
+# Configuration options for the identity service
+
+#
+# From nova.conf
+#
+
+# PEM encoded Certificate Authority to use when verifying HTTPs
+# connections. (string value)
+#cafile = <None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile = <None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# The default service_type for endpoint URL discovery. (string value)
+#service_type = identity
+
+# The default service_name for endpoint URL discovery. (string value)
+#service_name = <None>
+
+# List of interfaces, in order of preference, for endpoint URL. (list
+# value)
+#valid_interfaces = internal,public
+
+# The default region_name for endpoint URL discovery. (string value)
+#region_name = <None>
+
+# Always use this endpoint URL for requests for this client. NOTE: The
+# unversioned endpoint should be specified here; to request a
+# particular API version, use the `version`, `min-version`, and/or
+# `max-version` options. (string value)
+#endpoint_override = <None>
+
+
+[libvirt]
+#
+# Libvirt options allows cloud administrator to configure related
+# libvirt hypervisor driver to be used within an OpenStack deployment.
+#
+# Almost all of the libvirt config options are influence by
+# ``virt_type`` config
+# which describes the virtualization type (or so called domain type)
+# libvirt
+# should use for specific features such as live migration, snapshot.
+
+#
+# From nova.conf
+#
+{%- if compute.libvirt.virt_type is defined %}
+virt_type = {{ compute.libvirt.virt_type }}
+{%- else %}
+virt_type = kvm
+{%- endif%}
+
+inject_partition={{ compute.libvirt.inject_partition }}
+{%- if compute.libvirt.get('inject_partition', '-2')|string == '-2' %}
+inject_password=False
+{%- else %}
+inject_password={{ compute.libvirt.inject_password }}
+{%- endif %}
+
+disk_cachemodes="{{ compute.get('disk_cachemodes', 'network=writeback,block=none') }}"
+block_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_NON_SHARED_INC
+live_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_PERSIST_DEST
+inject_key=True
+vif_driver=nova.virt.libvirt.vif.LibvirtGenericVIFDriver
+
+{%- if compute.get('ceph', {}).get('ephemeral', False) %}
+images_type=rbd
+images_rbd_pool={{ compute.ceph.rbd_pool }}
+images_rbd_ceph_conf=/etc/ceph/ceph.conf
+rbd_user={{ compute.ceph.rbd_user }}
+rbd_secret_uuid={{ compute.ceph.secret_uuid }}
+inject_password=false
+inject_key=false
+{%- elif compute.get('lvm', {}).get('ephemeral', False) %}
+images_type=lvm
+images_volume_group={{ compute.lvm.images_volume_group }}
+{%- if compute.lvm.volume_clear is defined %}
+volume_clear={{ compute.lvm.volume_clear }}
+{%- endif %}
+{%- if compute.lvm.volume_clear_size is defined %}
+volume_clear_size={{ compute.lvm.volume_clear_size }}
+{%- endif %}
+{%- endif %}
+
+{%- if compute.libvirt.tls.get('enabled', False) %}
+live_migration_scheme="tls"
+{%- else %}
+{%- if compute.get('libvirt', {}).uri is defined %}
+connection_uri={{ compute.libvirt.uri }}
+{%- endif %}
+{%- endif %}
+
+#
+# The ID of the image to boot from to rescue data from a corrupted
+# instance.
+#
+# If the rescue REST API operation doesn't provide an ID of an image
+# to
+# use, the image which is referenced by this ID is used. If this
+# option is not set, the image from the instance is used.
+#
+# Possible values:
+#
+# * An ID of an image or nothing. If it points to an *Amazon Machine
+# Image* (AMI), consider to set the config options
+# ``rescue_kernel_id``
+# and ``rescue_ramdisk_id`` too. If nothing is set, the image of the
+# instance
+# is used.
+#
+# Related options:
+#
+# * ``rescue_kernel_id``: If the chosen rescue image allows the
+# separate
+# definition of its kernel disk, the value of this option is used,
+# if specified. This is the case when *Amazon*'s AMI/AKI/ARI image
+# format is used for the rescue image.
+# * ``rescue_ramdisk_id``: If the chosen rescue image allows the
+# separate
+# definition of its RAM disk, the value of this option is used if,
+# specified. This is the case when *Amazon*'s AMI/AKI/ARI image
+# format is used for the rescue image.
+# (string value)
+#rescue_image_id = <None>
+
+#
+# The ID of the kernel (AKI) image to use with the rescue image.
+#
+# If the chosen rescue image allows the separate definition of its
+# kernel
+# disk, the value of this option is used, if specified. This is the
+# case
+# when *Amazon*'s AMI/AKI/ARI image format is used for the rescue
+# image.
+#
+# Possible values:
+#
+# * An ID of an kernel image or nothing. If nothing is specified, the
+# kernel
+# disk from the instance is used if it was launched with one.
+#
+# Related options:
+#
+# * ``rescue_image_id``: If that option points to an image in
+# *Amazon*'s
+# AMI/AKI/ARI image format, it's useful to use ``rescue_kernel_id``
+# too.
+# (string value)
+#rescue_kernel_id = <None>
+
+#
+# The ID of the RAM disk (ARI) image to use with the rescue image.
+#
+# If the chosen rescue image allows the separate definition of its RAM
+# disk, the value of this option is used, if specified. This is the
+# case
+# when *Amazon*'s AMI/AKI/ARI image format is used for the rescue
+# image.
+#
+# Possible values:
+#
+# * An ID of a RAM disk image or nothing. If nothing is specified, the
+# RAM
+# disk from the instance is used if it was launched with one.
+#
+# Related options:
+#
+# * ``rescue_image_id``: If that option points to an image in
+# *Amazon*'s
+# AMI/AKI/ARI image format, it's useful to use ``rescue_ramdisk_id``
+# too.
+# (string value)
+#rescue_ramdisk_id = <None>
+
+#
+# Describes the virtualization type (or so called domain type) libvirt
+# should
+# use.
+#
+# The choice of this type must match the underlying virtualization
+# strategy
+# you have chosen for this host.
+#
+# Possible values:
+#
+# * See the predefined set of case-sensitive values.
+#
+# Related options:
+#
+# * ``connection_uri``: depends on this
+# * ``disk_prefix``: depends on this
+# * ``cpu_mode``: depends on this
+# * ``cpu_model``: depends on this
+# (string value)
+# Possible values:
+# kvm - <No description provided>
+# lxc - <No description provided>
+# qemu - <No description provided>
+# uml - <No description provided>
+# xen - <No description provided>
+# parallels - <No description provided>
+#virt_type = kvm
+
+#
+# Overrides the default libvirt URI of the chosen virtualization type.
+#
+# If set, Nova will use this URI to connect to libvirt.
+#
+# Possible values:
+#
+# * An URI like ``qemu:///system`` or ``xen+ssh://oirase/`` for
+# example.
+# This is only necessary if the URI differs to the commonly known
+# URIs
+# for the chosen virtualization type.
+#
+# Related options:
+#
+# * ``virt_type``: Influences what is used as default value here.
+# (string value)
+#connection_uri =
+
+#
+# Algorithm used to hash the injected password.
+# Note that it must be supported by libc on the compute host
+# _and_ by libc inside *any guest image* that will be booted by this
+# compute
+# host whith requested password injection.
+# In case the specified algorithm is not supported by libc on the
+# compute host,
+# a fallback to DES algorithm will be performed.
+#
+# Related options:
+#
+# * ``inject_password``
+# * ``inject_partition``
+# (string value)
+# Possible values:
+# SHA-512 - <No description provided>
+# SHA-256 - <No description provided>
+# MD5 - <No description provided>
+#inject_password_algorithm = MD5
+
+#
+# Allow the injection of an admin password for instance only at
+# ``create`` and
+# ``rebuild`` process.
+#
+# There is no agent needed within the image to do this. If
+# *libguestfs* is
+# available on the host, it will be used. Otherwise *nbd* is used. The
+# file
+# system of the image will be mounted and the admin password, which is
+# provided
+# in the REST API call will be injected as password for the root user.
+# If no
+# root user is available, the instance won't be launched and an error
+# is thrown.
+# Be aware that the injection is *not* possible when the instance gets
+# launched
+# from a volume.
+#
+# Possible values:
+#
+# * True: Allows the injection.
+# * False (default): Disallows the injection. Any via the REST API
+# provided
+# admin password will be silently ignored.
+#
+# Related options:
+#
+# * ``inject_partition``: That option will decide about the discovery
+# and usage
+# of the file system. It also can disable the injection at all.
+# (boolean value)
+#inject_password = false
+
+#
+# Allow the injection of an SSH key at boot time.
+#
+# There is no agent needed within the image to do this. If
+# *libguestfs* is
+# available on the host, it will be used. Otherwise *nbd* is used. The
+# file
+# system of the image will be mounted and the SSH key, which is
+# provided
+# in the REST API call will be injected as SSH key for the root user
+# and
+# appended to the ``authorized_keys`` of that user. The SELinux
+# context will
+# be set if necessary. Be aware that the injection is *not* possible
+# when the
+# instance gets launched from a volume.
+#
+# This config option will enable directly modifying the instance disk
+# and does
+# not affect what cloud-init may do using data from config_drive
+# option or the
+# metadata service.
+#
+# Related options:
+#
+# * ``inject_partition``: That option will decide about the discovery
+# and usage
+# of the file system. It also can disable the injection at all.
+# (boolean value)
+#inject_key = false
+
+#
+# Determines the way how the file system is chosen to inject data into
+# it.
+#
+# *libguestfs* will be used a first solution to inject data. If that's
+# not
+# available on the host, the image will be locally mounted on the host
+# as a
+# fallback solution. If libguestfs is not able to determine the root
+# partition
+# (because there are more or less than one root partition) or cannot
+# mount the
+# file system it will result in an error and the instance won't be
+# boot.
+#
+# Possible values:
+#
+# * -2 => disable the injection of data.
+# * -1 => find the root partition with the file system to mount with
+# libguestfs
+# * 0 => The image is not partitioned
+# * >0 => The number of the partition to use for the injection
+#
+# Related options:
+#
+# * ``inject_key``: If this option allows the injection of a SSH key
+# it depends
+# on value greater or equal to -1 for ``inject_partition``.
+# * ``inject_password``: If this option allows the injection of an
+# admin password
+# it depends on value greater or equal to -1 for
+# ``inject_partition``.
+# * ``guestfs`` You can enable the debug log level of libguestfs with
+# this
+# config option. A more verbose output will help in debugging
+# issues.
+# * ``virt_type``: If you use ``lxc`` as virt_type it will be treated
+# as a
+# single partition image
+# (integer value)
+# Minimum value: -2
+#inject_partition = -2
+
+# DEPRECATED:
+# Enable a mouse cursor within a graphical VNC or SPICE sessions.
+#
+# This will only be taken into account if the VM is fully virtualized
+# and VNC
+# and/or SPICE is enabled. If the node doesn't support a graphical
+# framebuffer,
+# then it is valid to set this to False.
+#
+# Related options:
+# * ``[vnc]enabled``: If VNC is enabled, ``use_usb_tablet`` will have
+# an effect.
+# * ``[spice]enabled`` + ``[spice].agent_enabled``: If SPICE is
+# enabled and the
+# spice agent is disabled, the config value of ``use_usb_tablet``
+# will have
+# an effect.
+# (boolean value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: This option is being replaced by the 'pointer_model' option.
+#use_usb_tablet = true
+
+#
+# The IP address or hostname to be used as the target for live
+# migration traffic.
+#
+# If this option is set to None, the hostname of the migration target
+# compute
+# node will be used.
+#
+# This option is useful in environments where the live-migration
+# traffic can
+# impact the network plane significantly. A separate network for live-
+# migration
+# traffic can then use this config option and avoids the impact on the
+# management network.
+#
+# Possible values:
+#
+# * A valid IP address or hostname, else None.
+#
+# Related options:
+#
+# * ``live_migration_tunnelled``: The live_migration_inbound_addr
+# value is
+# ignored if tunneling is enabled.
+# (string value)
+#live_migration_inbound_addr = <None>
+{%- if compute.libvirt.migration_inbound_addr is defined %}
+live_migration_inbound_addr = {{ compute.libvirt.migration_inbound_addr }}
+{%- endif %}
+
+# DEPRECATED:
+# Live migration target URI to use.
+#
+# Override the default libvirt live migration target URI (which is
+# dependent
+# on virt_type). Any included "%s" is replaced with the migration
+# target
+# hostname.
+#
+# If this option is set to None (which is the default), Nova will
+# automatically
+# generate the `live_migration_uri` value based on only 4 supported
+# `virt_type`
+# in following list:
+#
+# * 'kvm': 'qemu+tcp://%s/system'
+# * 'qemu': 'qemu+tcp://%s/system'
+# * 'xen': 'xenmigr://%s/system'
+# * 'parallels': 'parallels+tcp://%s/system'
+#
+# Related options:
+#
+# * ``live_migration_inbound_addr``: If
+# ``live_migration_inbound_addr`` value
+# is not None and ``live_migration_tunnelled`` is False, the
+# ip/hostname
+# address of target compute node is used instead of
+# ``live_migration_uri`` as
+# the uri for live migration.
+# * ``live_migration_scheme``: If ``live_migration_uri`` is not set,
+# the scheme
+# used for live migration is taken from ``live_migration_scheme``
+# instead.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# live_migration_uri is deprecated for removal in favor of two other
+# options that
+# allow to change live migration scheme and target URI:
+# ``live_migration_scheme``
+# and ``live_migration_inbound_addr`` respectively.
+#live_migration_uri = <None>
+
+#
+# URI scheme used for live migration.
+#
+# Override the default libvirt live migration scheme (which is
+# dependent on
+# virt_type). If this option is set to None, nova will automatically
+# choose a
+# sensible default based on the hypervisor. It is not recommended that
+# you change
+# this unless you are very sure that hypervisor supports a particular
+# scheme.
+#
+# Related options:
+#
+# * ``virt_type``: This option is meaningful only when ``virt_type``
+# is set to
+# `kvm` or `qemu`.
+# * ``live_migration_uri``: If ``live_migration_uri`` value is not
+# None, the
+# scheme used for live migration is taken from
+# ``live_migration_uri`` instead.
+# (string value)
+#live_migration_scheme = <None>
+
+#
+# Enable tunnelled migration.
+#
+# This option enables the tunnelled migration feature, where migration
+# data is
+# transported over the libvirtd connection. If enabled, we use the
+# VIR_MIGRATE_TUNNELLED migration flag, avoiding the need to configure
+# the network to allow direct hypervisor to hypervisor communication.
+# If False, use the native transport. If not set, Nova will choose a
+# sensible default based on, for example the availability of native
+# encryption support in the hypervisor. Enabling this option will
+# definitely
+# impact performance massively.
+#
+# Note that this option is NOT compatible with use of block migration.
+#
+# Related options:
+#
+# * ``live_migration_inbound_addr``: The live_migration_inbound_addr
+# value is
+# ignored if tunneling is enabled.
+# (boolean value)
+#live_migration_tunnelled = false
+{%- if compute.libvirt.live_migration_tunnelled is defined %}
+live_migration_tunnelled = {{ compute.libvirt.live_migration_tunnelled }}
+{%- endif %}
+
+#
+# Maximum bandwidth(in MiB/s) to be used during migration.
+#
+# If set to 0, the hypervisor will choose a suitable default. Some
+# hypervisors
+# do not support this feature and will return an error if bandwidth is
+# not 0.
+# Please refer to the libvirt documentation for further details.
+# (integer value)
+#live_migration_bandwidth = 0
+
+#
+# Maximum permitted downtime, in milliseconds, for live migration
+# switchover.
+#
+# Will be rounded up to a minimum of 100ms. You can increase this
+# value
+# if you want to allow live-migrations to complete faster, or avoid
+# live-migration timeout errors by allowing the guest to be paused for
+# longer during the live-migration switch over.
+#
+# Related options:
+#
+# * live_migration_completion_timeout
+# (integer value)
+# Minimum value: 100
+#live_migration_downtime = 500
+
+#
+# Number of incremental steps to reach max downtime value.
+#
+# Will be rounded up to a minimum of 3 steps.
+# (integer value)
+# Minimum value: 3
+#live_migration_downtime_steps = 10
+
+#
+# Time to wait, in seconds, between each step increase of the
+# migration
+# downtime.
+#
+# Minimum delay is 3 seconds. Value is per GiB of guest RAM + disk to
+# be
+# transferred, with lower bound of a minimum of 2 GiB per device.
+# (integer value)
+# Minimum value: 3
+#live_migration_downtime_delay = 75
+
+#
+# Time to wait, in seconds, for migration to successfully complete
+# transferring
+# data before aborting the operation.
+#
+# Value is per GiB of guest RAM + disk to be transferred, with lower
+# bound of
+# a minimum of 2 GiB. Should usually be larger than downtime delay *
+# downtime
+# steps. Set to 0 to disable timeouts.
+#
+# Related options:
+#
+# * live_migration_downtime
+# * live_migration_downtime_steps
+# * live_migration_downtime_delay
+# (integer value)
+# Note: This option can be changed without restarting.
+#live_migration_completion_timeout = 800
+
+# DEPRECATED:
+# Time to wait, in seconds, for migration to make forward progress in
+# transferring data before aborting the operation.
+#
+# Set to 0 to disable timeouts.
+#
+# This is deprecated, and now disabled by default because we have
+# found serious
+# bugs in this feature that caused false live-migration timeout
+# failures. This
+# feature will be removed or replaced in a future release.
+# (integer value)
+# Note: This option can be changed without restarting.
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Serious bugs found in this feature.
+#live_migration_progress_timeout = 0
+
+#
+# This option allows nova to switch an on-going live migration to
+# post-copy
+# mode, i.e., switch the active VM to the one on the destination node
+# before the
+# migration is complete, therefore ensuring an upper bound on the
+# memory that
+# needs to be transferred. Post-copy requires libvirt>=1.3.3 and
+# QEMU>=2.5.0.
+#
+# When permitted, post-copy mode will be automatically activated if a
+# live-migration memory copy iteration does not make percentage
+# increase of at
+# least 10% over the last iteration.
+#
+# The live-migration force complete API also uses post-copy when
+# permitted. If
+# post-copy mode is not available, force complete falls back to
+# pausing the VM
+# to ensure the live-migration operation will complete.
+#
+# When using post-copy mode, if the source and destination hosts loose
+# network
+# connectivity, the VM being live-migrated will need to be rebooted.
+# For more
+# details, please see the Administration guide.
+#
+# Related options:
+#
+# * live_migration_permit_auto_converge
+# (boolean value)
+#live_migration_permit_post_copy = false
+
+#
+# This option allows nova to start live migration with auto converge
+# on.
+#
+# Auto converge throttles down CPU if a progress of on-going live
+# migration
+# is slow. Auto converge will only be used if this flag is set to True
+# and
+# post copy is not permitted or post copy is unavailable due to the
+# version
+# of libvirt and QEMU in use.
+#
+# Related options:
+#
+# * live_migration_permit_post_copy
+# (boolean value)
+#live_migration_permit_auto_converge = false
+{%- if compute.libvirt.live_migration_permit_auto_converge is defined %}
+live_migration_permit_auto_converge={{ compute.libvirt.live_migration_permit_auto_converge|lower }}
+{%- endif %}
+
+#
+# Determine the snapshot image format when sending to the image
+# service.
+#
+# If set, this decides what format is used when sending the snapshot
+# to the
+# image service.
+# If not set, defaults to same type as source image.
+#
+# Possible values:
+#
+# * ``raw``: RAW disk format
+# * ``qcow2``: KVM default disk format
+# * ``vmdk``: VMWare default disk format
+# * ``vdi``: VirtualBox default disk format
+# * If not set, defaults to same type as source image.
+# (string value)
+# Possible values:
+# raw - <No description provided>
+# qcow2 - <No description provided>
+# vmdk - <No description provided>
+# vdi - <No description provided>
+#snapshot_image_format = <None>
+
+#
+# Override the default disk prefix for the devices attached to an
+# instance.
+#
+# If set, this is used to identify a free disk device name for a bus.
+#
+# Possible values:
+#
+# * Any prefix which will result in a valid disk device name like
+# 'sda' or 'hda'
+# for example. This is only necessary if the device names differ to
+# the
+# commonly known device name prefixes for a virtualization type such
+# as: sd,
+# xvd, uvd, vd.
+#
+# Related options:
+#
+# * ``virt_type``: Influences which device type is used, which
+# determines
+# the default disk prefix.
+# (string value)
+#disk_prefix = <None>
+
+# Number of seconds to wait for instance to shut down after soft
+# reboot request is made. We fall back to hard reboot if instance does
+# not shutdown within this window. (integer value)
+#wait_soft_reboot_seconds = 120
+
+#
+# Is used to set the CPU mode an instance should have.
+#
+# If virt_type="kvm|qemu", it will default to "host-model", otherwise
+# it will
+# default to "none".
+#
+# Possible values:
+#
+# * ``host-model``: Clones the host CPU feature flags
+# * ``host-passthrough``: Use the host CPU model exactly
+# * ``custom``: Use a named CPU model
+# * ``none``: Don't set a specific CPU model. For instances with
+# ``virt_type`` as KVM/QEMU, the default CPU model from QEMU will be
+# used,
+# which provides a basic set of CPU features that are compatible with
+# most
+# hosts.
+#
+# Related options:
+#
+# * ``cpu_model``: This should be set ONLY when ``cpu_mode`` is set to
+# ``custom``. Otherwise, it would result in an error and the instance
+# launch will fail.
+#
+# (string value)
+# Possible values:
+# host-model - <No description provided>
+# host-passthrough - <No description provided>
+# custom - <No description provided>
+# none - <No description provided>
+#cpu_mode = <None>
+cpu_mode = {{ compute.cpu_mode }}
+
+#
+# Set the name of the libvirt CPU model the instance should use.
+#
+# Possible values:
+#
+# * The named CPU models listed in ``/usr/share/libvirt/cpu_map.xml``
+#
+# Related options:
+#
+# * ``cpu_mode``: This should be set to ``custom`` ONLY when you want
+# to
+# configure (via ``cpu_model``) a specific named CPU model.
+# Otherwise, it
+# would result in an error and the instance launch will fail.
+#
+# * ``virt_type``: Only the virtualization types ``kvm`` and ``qemu``
+# use this.
+# (string value)
+#cpu_model = <None>
+{%- if compute.get('libvirt', {}).cpu_model is defined and compute.cpu_mode == 'custom' %}
+cpu_model = {{ compute.libvirt.cpu_model }}
+{%- endif %}
+
+#
+# This allows specifying granular CPU feature flags when specifying
+# CPU
+# models. For example, to explicitly specify the ``pcid``
+# (Process-Context ID, an Intel processor feature) flag to the
+# "IvyBridge"
+# virtual CPU model::
+#
+# [libvirt]
+# cpu_mode = custom
+# cpu_model = IvyBridge
+# cpu_model_extra_flags = pcid
+#
+# Currently, the choice is restricted to only one option: ``pcid``
+# (the
+# option is case-insensitive, so ``PCID`` is also valid). This flag
+# is
+# now required to address the guest performance degradation as a
+# result of
+# applying the "Meltdown" CVE fixes on certain Intel CPU models.
+#
+# Note that when using this config attribute to set the 'PCID' CPU
+# flag,
+# not all virtual (i.e. libvirt / QEMU) CPU models need it:
+#
+# * The only virtual CPU models that include the 'PCID' capability are
+# Intel "Haswell", "Broadwell", and "Skylake" variants.
+#
+# * The libvirt / QEMU CPU models "Nehalem", "Westmere",
+# "SandyBridge",
+# and "IvyBridge" will _not_ expose the 'PCID' capability by
+# default,
+# even if the host CPUs by the same name include it. I.e. 'PCID'
+# needs
+# to be explicitly specified when using the said virtual CPU models.
+#
+# For now, the ``cpu_model_extra_flags`` config attribute is valid
+# only in
+# combination with ``cpu_mode`` + ``cpu_model`` options.
+#
+# Besides ``custom``, the libvirt driver has two other CPU modes: The
+# default, ``host-model``, tells it to do the right thing with respect
+# to
+# handling 'PCID' CPU flag for the guest -- *assuming* you are running
+# updated processor microcode, host and guest kernel, libvirt, and
+# QEMU.
+# The other mode, ``host-passthrough``, checks if 'PCID' is available
+# in
+# the hardware, and if so directly passes it through to the Nova
+# guests.
+# Thus, in context of 'PCID', with either of these CPU modes
+# (``host-model`` or ``host-passthrough``), there is no need to use
+# the
+# ``cpu_model_extra_flags``.
+#
+# Related options:
+#
+# * cpu_mode
+# * cpu_model
+# (list value)
+#cpu_model_extra_flags =
+
+# Location where libvirt driver will store snapshots before uploading
+# them to image service (string value)
+#snapshots_directory = $instances_path/snapshots
+
+# Location where the Xen hvmloader is kept (string value)
+#xen_hvmloader_path = /usr/lib/xen/boot/hvmloader
+
+#
+# Specific cache modes to use for different disk types.
+#
+# For example: file=directsync,block=none,network=writeback
+#
+# For local or direct-attached storage, it is recommended that you use
+# writethrough (default) mode, as it ensures data integrity and has
+# acceptable
+# I/O performance for applications running in the guest, especially
+# for read
+# operations. However, caching mode none is recommended for remote NFS
+# storage,
+# because direct I/O operations (O_DIRECT) perform better than
+# synchronous I/O
+# operations (with O_SYNC). Caching mode none effectively turns all
+# guest I/O
+# operations into direct I/O operations on the host, which is the NFS
+# client in
+# this environment.
+#
+# Possible cache modes:
+#
+# * default: Same as writethrough.
+# * none: With caching mode set to none, the host page cache is
+# disabled, but
+# the disk write cache is enabled for the guest. In this mode, the
+# write
+# performance in the guest is optimal because write operations
+# bypass the host
+# page cache and go directly to the disk write cache. If the disk
+# write cache
+# is battery-backed, or if the applications or storage stack in the
+# guest
+# transfer data properly (either through fsync operations or file
+# system
+# barriers), then data integrity can be ensured. However, because
+# the host
+# page cache is disabled, the read performance in the guest would
+# not be as
+# good as in the modes where the host page cache is enabled, such as
+# writethrough mode. Shareable disk devices, like for a multi-
+# attachable block
+# storage volume, will have their cache mode set to 'none'
+# regardless of
+# configuration.
+# * writethrough: writethrough mode is the default caching mode. With
+# caching set to writethrough mode, the host page cache is enabled,
+# but the
+# disk write cache is disabled for the guest. Consequently, this
+# caching mode
+# ensures data integrity even if the applications and storage stack
+# in the
+# guest do not transfer data to permanent storage properly (either
+# through
+# fsync operations or file system barriers). Because the host page
+# cache is
+# enabled in this mode, the read performance for applications
+# running in the
+# guest is generally better. However, the write performance might be
+# reduced
+# because the disk write cache is disabled.
+# * writeback: With caching set to writeback mode, both the host page
+# cache
+# and the disk write cache are enabled for the guest. Because of
+# this, the
+# I/O performance for applications running in the guest is good, but
+# the data
+# is not protected in a power failure. As a result, this caching
+# mode is
+# recommended only for temporary data where potential data loss is
+# not a
+# concern.
+# * directsync: Like "writethrough", but it bypasses the host page
+# cache.
+# * unsafe: Caching mode of unsafe ignores cache transfer operations
+# completely. As its name implies, this caching mode should be used
+# only for
+# temporary data where data loss is not a concern. This mode can be
+# useful for
+# speeding up guest installations, but you should switch to another
+# caching
+# mode in production environments.
+# (list value)
+#disk_cachemodes =
+
+# A path to a device that will be used as source of entropy on the
+# host. Permitted options are: /dev/random or /dev/hwrng (string
+# value)
+#rng_dev_path = <None>
+
+# For qemu or KVM guests, set this option to specify a default machine
+# type per host architecture. You can find a list of supported machine
+# types in your environment by checking the output of the "virsh
+# capabilities"command. The format of the value for this config option
+# is host-arch=machine-type. For example:
+# x86_64=machinetype1,armv7l=machinetype2 (list value)
+#hw_machine_type = <None>
+
+# The data source used to the populate the host "serial" UUID exposed
+# to guest in the virtual BIOS. (string value)
+# Possible values:
+# none - <No description provided>
+# os - <No description provided>
+# hardware - <No description provided>
+# auto - <No description provided>
+#sysinfo_serial = auto
+
+# A number of seconds to memory usage statistics period. Zero or
+# negative value mean to disable memory usage statistics. (integer
+# value)
+#mem_stats_period_seconds = 10
+
+# List of uid targets and ranges.Syntax is guest-uid:host-
+# uid:countMaximum of 5 allowed. (list value)
+#uid_maps =
+
+# List of guid targets and ranges.Syntax is guest-gid:host-
+# gid:countMaximum of 5 allowed. (list value)
+#gid_maps =
+
+# In a realtime host context vCPUs for guest will run in that
+# scheduling priority. Priority depends on the host kernel (usually
+# 1-99) (integer value)
+#realtime_scheduler_priority = 1
+
+#
+# This is a performance event list which could be used as monitor.
+# These events
+# will be passed to libvirt domain xml while creating a new instances.
+# Then event statistics data can be collected from libvirt. The
+# minimum
+# libvirt version is 2.0.0. For more information about `Performance
+# monitoring
+# events`, refer https://libvirt.org/formatdomain.html#elementsPerf .
+#
+# Possible values:
+# * A string list. For example: ``enabled_perf_events = cmt, mbml,
+# mbmt``
+# The supported events list can be found in
+# https://libvirt.org/html/libvirt-libvirt-domain.html ,
+# which you may need to search key words ``VIR_PERF_PARAM_*``
+# (list value)
+#enabled_perf_events =
+
+#
+# VM Images format.
+#
+# If default is specified, then use_cow_images flag is used instead of
+# this
+# one.
+#
+# Related options:
+#
+# * virt.use_cow_images
+# * images_volume_group
+# (string value)
+# Possible values:
+# raw - <No description provided>
+# flat - <No description provided>
+# qcow2 - <No description provided>
+# lvm - <No description provided>
+# rbd - <No description provided>
+# ploop - <No description provided>
+# default - <No description provided>
+#images_type = default
+
+#
+# LVM Volume Group that is used for VM images, when you specify
+# images_type=lvm
+#
+# Related options:
+#
+# * images_type
+# (string value)
+#images_volume_group = <None>
+
+#
+# Create sparse logical volumes (with virtualsize) if this flag is set
+# to True.
+# (boolean value)
+#sparse_logical_volumes = false
+
+# The RADOS pool in which rbd volumes are stored (string value)
+#images_rbd_pool = rbd
+
+# Path to the ceph configuration file to use (string value)
+#images_rbd_ceph_conf =
+
+#
+# Discard option for nova managed disks.
+#
+# Requires:
+#
+# * Libvirt >= 1.0.6
+# * Qemu >= 1.5 (raw format)
+# * Qemu >= 1.6 (qcow2 format)
+# (string value)
+# Possible values:
+# ignore - <No description provided>
+# unmap - <No description provided>
+#hw_disk_discard = <None>
+{%- if compute.libvirt.hw_disk_discard is defined %}
+hw_disk_discard={{ compute.libvirt.hw_disk_discard }}
+{%- endif %}
+
+# DEPRECATED: Allows image information files to be stored in non-
+# standard locations (string value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Image info files are no longer used by the image cache
+#image_info_filename_pattern = $instances_path/$image_cache_subdirectory_name/%(image)s.info
+
+# Unused resized base images younger than this will not be removed
+# (integer value)
+#remove_unused_resized_minimum_age_seconds = 3600
+
+# DEPRECATED: Write a checksum for files in _base to disk (boolean
+# value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: The image cache no longer periodically calculates checksums
+# of stored images. Data integrity can be checked at the block or
+# filesystem level.
+#checksum_base_images = false
+
+# DEPRECATED: How frequently to checksum base images (integer value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: The image cache no longer periodically calculates checksums
+# of stored images. Data integrity can be checked at the block or
+# filesystem level.
+#checksum_interval_seconds = 3600
+
+#
+# Method used to wipe ephemeral disks when they are deleted. Only
+# takes effect
+# if LVM is set as backing storage.
+#
+# Possible values:
+#
+# * none - do not wipe deleted volumes
+# * zero - overwrite volumes with zeroes
+# * shred - overwrite volume repeatedly
+#
+# Related options:
+#
+# * images_type - must be set to ``lvm``
+# * volume_clear_size
+# (string value)
+# Possible values:
+# none - <No description provided>
+# zero - <No description provided>
+# shred - <No description provided>
+#volume_clear = zero
+
+#
+# Size of area in MiB, counting from the beginning of the allocated
+# volume,
+# that will be cleared using method set in ``volume_clear`` option.
+#
+# Possible values:
+#
+# * 0 - clear whole volume
+# * >0 - clear specified amount of MiB
+#
+# Related options:
+#
+# * images_type - must be set to ``lvm``
+# * volume_clear - must be set and the value must be different than
+# ``none``
+# for this option to have any impact
+# (integer value)
+# Minimum value: 0
+#volume_clear_size = 0
+
+#
+# Enable snapshot compression for ``qcow2`` images.
+#
+# Note: you can set ``snapshot_image_format`` to ``qcow2`` to force
+# all
+# snapshots to be in ``qcow2`` format, independently from their
+# original image
+# type.
+#
+# Related options:
+#
+# * snapshot_image_format
+# (boolean value)
+#snapshot_compression = false
+
+# Use virtio for bridge interfaces with KVM/QEMU (boolean value)
+#use_virtio_for_bridges = true
+
+#
+# Use multipath connection of the iSCSI or FC volume
+#
+# Volumes can be connected in the LibVirt as multipath devices. This
+# will
+# provide high availability and fault tolerance.
+# (boolean value)
+# Deprecated group/name - [libvirt]/iscsi_use_multipath
+#volume_use_multipath = false
+
+#
+# Number of times to scan given storage protocol to find volume.
+# (integer value)
+# Deprecated group/name - [libvirt]/num_iscsi_scan_tries
+#num_volume_scan_tries = 5
+
+#
+# Number of times to rediscover AoE target to find volume.
+#
+# Nova provides support for block storage attaching to hosts via AOE
+# (ATA over
+# Ethernet). This option allows the user to specify the maximum number
+# of retry
+# attempts that can be made to discover the AoE device.
+# (integer value)
+#num_aoe_discover_tries = 3
+
+#
+# The iSCSI transport iface to use to connect to target in case
+# offload support
+# is desired.
+#
+# Default format is of the form <transport_name>.<hwaddress> where
+# <transport_name> is one of (be2iscsi, bnx2i, cxgb3i, cxgb4i,
+# qla4xxx, ocs) and
+# <hwaddress> is the MAC address of the interface and can be generated
+# via the
+# iscsiadm -m iface command. Do not confuse the iscsi_iface parameter
+# to be
+# provided here with the actual transport name.
+# (string value)
+# Deprecated group/name - [libvirt]/iscsi_transport
+#iscsi_iface = <None>
+
+#
+# Number of times to scan iSER target to find volume.
+#
+# iSER is a server network protocol that extends iSCSI protocol to use
+# Remote
+# Direct Memory Access (RDMA). This option allows the user to specify
+# the maximum
+# number of scan attempts that can be made to find iSER volume.
+# (integer value)
+#num_iser_scan_tries = 5
+
+#
+# Use multipath connection of the iSER volume.
+#
+# iSER volumes can be connected as multipath devices. This will
+# provide high
+# availability and fault tolerance.
+# (boolean value)
+#iser_use_multipath = false
+
+#
+# The RADOS client name for accessing rbd(RADOS Block Devices)
+# volumes.
+#
+# Libvirt will refer to this user when connecting and authenticating
+# with
+# the Ceph RBD server.
+# (string value)
+#rbd_user = <None>
+
+#
+# The libvirt UUID of the secret for the rbd_user volumes.
+# (string value)
+#rbd_secret_uuid = <None>
+
+#
+# Directory where the NFS volume is mounted on the compute node.
+# The default is 'mnt' directory of the location where nova's Python
+# module
+# is installed.
+#
+# NFS provides shared storage for the OpenStack Block Storage service.
+#
+# Possible values:
+#
+# * A string representing absolute path of mount point.
+# (string value)
+#nfs_mount_point_base = $state_path/mnt
+
+#
+# Mount options passed to the NFS client. See section of the nfs man
+# page
+# for details.
+#
+# Mount options controls the way the filesystem is mounted and how the
+# NFS client behaves when accessing files on this mount point.
+#
+# Possible values:
+#
+# * Any string representing mount options separated by commas.
+# * Example string: vers=3,lookupcache=pos
+# (string value)
+#nfs_mount_options = <None>
+
+#
+# Directory where the Quobyte volume is mounted on the compute node.
+#
+# Nova supports Quobyte volume driver that enables storing Block
+# Storage
+# service volumes on a Quobyte storage back end. This Option specifies
+# the
+# path of the directory where Quobyte volume is mounted.
+#
+# Possible values:
+#
+# * A string representing absolute path of mount point.
+# (string value)
+#quobyte_mount_point_base = $state_path/mnt
+
+# Path to a Quobyte Client configuration file. (string value)
+#quobyte_client_cfg = <None>
+
+#
+# Directory where the SMBFS shares are mounted on the compute node.
+# (string value)
+#smbfs_mount_point_base = $state_path/mnt
+
+#
+# Mount options passed to the SMBFS client.
+#
+# Provide SMBFS options as a single string containing all parameters.
+# See mount.cifs man page for details. Note that the libvirt-qemu
+# ``uid``
+# and ``gid`` must be specified.
+# (string value)
+#smbfs_mount_options =
+
+#
+# libvirt's transport method for remote file operations.
+#
+# Because libvirt cannot use RPC to copy files over network to/from
+# other
+# compute nodes, other method must be used for:
+#
+# * creating directory on remote host
+# * creating file on remote host
+# * removing file from remote host
+# * copying file to remote host
+# (string value)
+# Possible values:
+# ssh - <No description provided>
+# rsync - <No description provided>
+#remote_filesystem_transport = ssh
+
+#
+# Directory where the Virtuozzo Storage clusters are mounted on the
+# compute
+# node.
+#
+# This option defines non-standard mountpoint for Vzstorage cluster.
+#
+# Related options:
+#
+# * vzstorage_mount_* group of parameters
+# (string value)
+#vzstorage_mount_point_base = $state_path/mnt
+
+#
+# Mount owner user name.
+#
+# This option defines the owner user of Vzstorage cluster mountpoint.
+#
+# Related options:
+#
+# * vzstorage_mount_* group of parameters
+# (string value)
+#vzstorage_mount_user = stack
+
+#
+# Mount owner group name.
+#
+# This option defines the owner group of Vzstorage cluster mountpoint.
+#
+# Related options:
+#
+# * vzstorage_mount_* group of parameters
+# (string value)
+#vzstorage_mount_group = qemu
+
+#
+# Mount access mode.
+#
+# This option defines the access bits of Vzstorage cluster mountpoint,
+# in the format similar to one of chmod(1) utility, like this: 0770.
+# It consists of one to four digits ranging from 0 to 7, with missing
+# lead digits assumed to be 0's.
+#
+# Related options:
+#
+# * vzstorage_mount_* group of parameters
+# (string value)
+#vzstorage_mount_perms = 0770
+
+#
+# Path to vzstorage client log.
+#
+# This option defines the log of cluster operations,
+# it should include "%(cluster_name)s" template to separate
+# logs from multiple shares.
+#
+# Related options:
+#
+# * vzstorage_mount_opts may include more detailed logging options.
+# (string value)
+#vzstorage_log_path = /var/log/vstorage/%(cluster_name)s/nova.log.gz
+
+#
+# Path to the SSD cache file.
+#
+# You can attach an SSD drive to a client and configure the drive to
+# store
+# a local cache of frequently accessed data. By having a local cache
+# on a
+# client's SSD drive, you can increase the overall cluster performance
+# by
+# up to 10 and more times.
+# WARNING! There is a lot of SSD models which are not server grade and
+# may loose arbitrary set of data changes on power loss.
+# Such SSDs should not be used in Vstorage and are dangerous as may
+# lead
+# to data corruptions and inconsistencies. Please consult with the
+# manual
+# on which SSD models are known to be safe or verify it using
+# vstorage-hwflush-check(1) utility.
+#
+# This option defines the path which should include "%(cluster_name)s"
+# template to separate caches from multiple shares.
+#
+# Related options:
+#
+# * vzstorage_mount_opts may include more detailed cache options.
+# (string value)
+#vzstorage_cache_path = <None>
+
+#
+# Extra mount options for pstorage-mount
+#
+# For full description of them, see
+# https://static.openvz.org/vz-man/man1/pstorage-mount.1.gz.html
+# Format is a python string representation of arguments list, like:
+# "['-v', '-R', '500']"
+# Shouldn't include -c, -l, -C, -u, -g and -m as those have
+# explicit vzstorage_* options.
+#
+# Related options:
+#
+# * All other vzstorage_* options
+# (list value)
+#vzstorage_mount_opts =
+
+
+[metrics]
+#
+# Configuration options for metrics
+#
+# Options under this group allow to adjust how values assigned to
+# metrics are
+# calculated.
+
+#
+# From nova.conf
+#
+
+#
+# When using metrics to weight the suitability of a host, you can use
+# this option
+# to change how the calculated weight influences the weight assigned
+# to a host as
+# follows:
+#
+# * >1.0: increases the effect of the metric on overall weight
+# * 1.0: no change to the calculated weight
+# * >0.0,<1.0: reduces the effect of the metric on overall weight
+# * 0.0: the metric value is ignored, and the value of the
+# 'weight_of_unavailable' option is returned instead
+# * >-1.0,<0.0: the effect is reduced and reversed
+# * -1.0: the effect is reversed
+# * <-1.0: the effect is increased proportionally and reversed
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the
+# multipler
+# ratio for this weigher.
+#
+# Related options:
+#
+# * weight_of_unavailable
+# (floating point value)
+#weight_multiplier = 1.0
+
+#
+# This setting specifies the metrics to be weighed and the relative
+# ratios for
+# each metric. This should be a single string value, consisting of a
+# series of
+# one or more 'name=ratio' pairs, separated by commas, where 'name' is
+# the name
+# of the metric to be weighed, and 'ratio' is the relative weight for
+# that
+# metric.
+#
+# Note that if the ratio is set to 0, the metric value is ignored, and
+# instead
+# the weight will be set to the value of the 'weight_of_unavailable'
+# option.
+#
+# As an example, let's consider the case where this option is set to:
+#
+# ``name1=1.0, name2=-1.3``
+#
+# The final weight will be:
+#
+# ``(name1.value * 1.0) + (name2.value * -1.3)``
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more key/value pairs separated by commas, where
+# the key is
+# a string representing the name of a metric and the value is a
+# numeric weight
+# for that metric. If any value is set to 0, the value is ignored
+# and the
+# weight will be set to the value of the 'weight_of_unavailable'
+# option.
+#
+# Related options:
+#
+# * weight_of_unavailable
+# (list value)
+#weight_setting =
+
+#
+# This setting determines how any unavailable metrics are treated. If
+# this option
+# is set to True, any hosts for which a metric is unavailable will
+# raise an
+# exception, so it is recommended to also use the MetricFilter to
+# filter out
+# those hosts before weighing.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * True or False, where False ensures any metric being unavailable
+# for a host
+# will set the host weight to 'weight_of_unavailable'.
+#
+# Related options:
+#
+# * weight_of_unavailable
+# (boolean value)
+#required = true
+
+#
+# When any of the following conditions are met, this value will be
+# used in place
+# of any actual metric value:
+#
+# * One of the metrics named in 'weight_setting' is not available for
+# a host,
+# and the value of 'required' is False
+# * The ratio specified for a metric in 'weight_setting' is 0
+# * The 'weight_multiplier' option is set to 0
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the
+# multipler
+# ratio for this weigher.
+#
+# Related options:
+#
+# * weight_setting
+# * required
+# * weight_multiplier
+# (floating point value)
+#weight_of_unavailable = -10000.0
+
+
+[mks]
+#
+# Nova compute node uses WebMKS, a desktop sharing protocol to provide
+# instance console access to VM's created by VMware hypervisors.
+#
+# Related options:
+# Following options must be set to provide console access.
+# * mksproxy_base_url
+# * enabled
+
+#
+# From nova.conf
+#
+
+#
+# Location of MKS web console proxy
+#
+# The URL in the response points to a WebMKS proxy which
+# starts proxying between client and corresponding vCenter
+# server where instance runs. In order to use the web based
+# console access, WebMKS proxy should be installed and configured
+#
+# Possible values:
+#
+# * Must be a valid URL of the form:``http://host:port/`` or
+# ``https://host:port/``
+# (uri value)
+#mksproxy_base_url = http://127.0.0.1:6090/
+
+#
+# Enables graphical console access for virtual machines.
+# (boolean value)
+#enabled = false
+
+
+[neutron]
+#
+# Configuration options for neutron (network connectivity as a
+# service).
+
+#
+# From nova.conf
+#
+
+# DEPRECATED:
+# This option specifies the URL for connecting to Neutron.
+#
+# Possible values:
+#
+# * Any valid URL that points to the Neutron API service is
+# appropriate here.
+# This typically matches the URL returned for the 'network' service
+# type
+# from the Keystone service catalog.
+# (uri value)
+# This option is deprecated for removal since 17.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Endpoint lookup uses the service catalog via common
+# keystoneauth1 Adapter configuration options. In the current release,
+# "url" will override this behavior, but will be ignored and/or
+# removed in a future release. To achieve the same result, use the
+# endpoint_override option instead.
+#url = http://127.0.0.1:9696
+
+#
+# Default name for the Open vSwitch integration bridge.
+#
+# Specifies the name of an integration bridge interface used by
+# OpenvSwitch.
+# This option is only used if Neutron does not specify the OVS bridge
+# name in
+# port binding responses.
+# (string value)
+#ovs_bridge = br-int
+
+#
+# Default name for the floating IP pool.
+#
+# Specifies the name of floating IP pool used for allocating floating
+# IPs. This
+# option is only used if Neutron does not specify the floating IP pool
+# name in
+# port binding reponses.
+# (string value)
+#default_floating_pool = nova
+
+#
+# Integer value representing the number of seconds to wait before
+# querying
+# Neutron for extensions. After this number of seconds the next time
+# Nova
+# needs to create a resource in Neutron it will requery Neutron for
+# the
+# extensions that it has loaded. Setting value to 0 will refresh the
+# extensions with no wait.
+# (integer value)
+# Minimum value: 0
+#extension_sync_interval = 600
+extension_sync_interval={{ compute.network.get('extension_sync_interval', '600') }}
+
+#
+# When set to True, this option indicates that Neutron will be used to
+# proxy
+# metadata requests and resolve instance ids. Otherwise, the instance
+# ID must be
+# passed to the metadata request in the 'X-Instance-ID' header.
+#
+# Related options:
+#
+# * metadata_proxy_shared_secret
+# (boolean value)
+#service_metadata_proxy = false
+
+#
+# This option holds the shared secret string used to validate proxy
+# requests to
+# Neutron metadata requests. In order to be used, the
+# 'X-Metadata-Provider-Signature' header must be supplied in the
+# request.
+#
+# Related options:
+#
+# * service_metadata_proxy
+# (string value)
+#metadata_proxy_shared_secret =
+
+# PEM encoded Certificate Authority to use when verifying HTTPs
+# connections. (string value)
+#cafile = <None>
+{%- if compute.network.get('protocol', 'http') == 'https' %}
+cafile={{ compute.network.get('cacert_file', compute.cacert_file) }}
+{%- endif %}
+
+# PEM encoded client certificate cert file (string value)
+#certfile = <None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+timeout=300
+
+# Authentication type to load (string value)
+# Deprecated group/name - [neutron]/auth_plugin
+#auth_type = <None>
+auth_type = v3password
+
+# Config Section from which to load plugin specific options (string
+# value)
+#auth_section = <None>
+
+# Authentication URL (string value)
+#auth_url = <None>
+auth_url = {{ compute.identity.get('protocol', 'http') }}://{{ compute.identity.host }}:{{ compute.identity.port }}/v3
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+#project_name = <None>
+project_name={{ compute.identity.tenant }}
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+project_domain_name = {{ compute.get('project_domain_name', 'Default') }}
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used
+# for both the user and project domain in v3 and ignored in v2
+# authentication. (string value)
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will
+# be used for both the user and project domain in v3 and ignored in v2
+# authentication. (string value)
+#default_domain_name = <None>
+
+# User ID (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [neutron]/user_name
+#username = <None>
+username={{ compute.network.user }}
+
+# User's domain id (string value)
+#user_domain_id = <None>
+
+# User's domain name (string value)
+#user_domain_name = <None>
+user_domain_name = {{ compute.get('user_domain_name', 'Default') }}
+
+# User's password (string value)
+#password = <None>
+password={{ compute.network.password }}
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+# The default service_type for endpoint URL discovery. (string value)
+#service_type = network
+
+# The default service_name for endpoint URL discovery. (string value)
+#service_name = <None>
+
+# List of interfaces, in order of preference, for endpoint URL. (list
+# value)
+#valid_interfaces = internal,public
+
+# The default region_name for endpoint URL discovery. (string value)
+#region_name = <None>
+region_name= {{ compute.network.region }}
+
+# Always use this endpoint URL for requests for this client. NOTE: The
+# unversioned endpoint should be specified here; to request a
+# particular API version, use the `version`, `min-version`, and/or
+# `max-version` options. (string value)
+#endpoint_override = <None>
+
+
+[notifications]
+#
+# Most of the actions in Nova which manipulate the system state
+# generate
+# notifications which are posted to the messaging component (e.g.
+# RabbitMQ) and
+# can be consumed by any service outside the OpenStack. More technical
+# details
+# at
+# https://docs.openstack.org/nova/latest/reference/notifications.html
+
+#
+# From nova.conf
+#
+
+#
+# If set, send compute.instance.update notifications on
+# instance state changes.
+#
+# Please refer to
+# https://docs.openstack.org/nova/latest/reference/notifications.html
+# for
+# additional information on notifications.
+#
+# Possible values:
+#
+# * None - no notifications
+# * "vm_state" - notifications are sent with VM state transition
+# information in
+# the ``old_state`` and ``state`` fields. The ``old_task_state`` and
+# ``new_task_state`` fields will be set to the current task_state of
+# the
+# instance.
+# * "vm_and_task_state" - notifications are sent with VM and task
+# state
+# transition information.
+# (string value)
+# Possible values:
+# <None> - <No description provided>
+# vm_state - <No description provided>
+# vm_and_task_state - <No description provided>
+#notify_on_state_change = <None>
+{%- if compute.get('notification', {}).notify_on is defined %}
+{%- for key, value in compute.notification.notify_on.iteritems() %}
+notify_on_{{ key }} = {{ value }}
+{%- endfor %}
+{%- elif pillar.ceilometer is defined %}
+notify_on_state_change = vm_and_task_state
+{%- endif %}
+
+# Default notification level for outgoing notifications. (string
+# value)
+# Possible values:
+# DEBUG - <No description provided>
+# INFO - <No description provided>
+# WARN - <No description provided>
+# ERROR - <No description provided>
+# CRITICAL - <No description provided>
+# Deprecated group/name - [DEFAULT]/default_notification_level
+#default_level = INFO
+
+# DEPRECATED:
+# Default publisher_id for outgoing notifications. If you consider
+# routing
+# notifications using different publisher, change this value
+# accordingly.
+#
+# Possible values:
+#
+# * Defaults to the current hostname of this host, but it can be any
+# valid
+# oslo.messaging publisher_id
+#
+# Related options:
+#
+# * host - Hostname, FQDN or IP address of this host.
+# (string value)
+# This option is deprecated for removal since 17.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# This option is only used when ``monkey_patch=True`` and
+# ``monkey_patch_modules`` is configured to specify the legacy
+# notify_decorator.
+# Since the monkey_patch and monkey_patch_modules options are
+# deprecated, this
+# option is also deprecated.
+#default_publisher_id = $host
+
+#
+# Specifies which notification format shall be used by nova.
+#
+# The default value is fine for most deployments and rarely needs to
+# be changed.
+# This value can be set to 'versioned' once the infrastructure moves
+# closer to
+# consuming the newer format of notifications. After this occurs, this
+# option
+# will be removed.
+#
+# Note that notifications can be completely disabled by setting
+# ``driver=noop``
+# in the ``[oslo_messaging_notifications]`` group.
+#
+# Possible values:
+# * unversioned: Only the legacy unversioned notifications are
+# emitted.
+# * versioned: Only the new versioned notifications are emitted.
+# * both: Both the legacy unversioned and the new versioned
+# notifications are
+# emitted. (Default)
+#
+# The list of versioned notifications is visible in
+# https://docs.openstack.org/nova/latest/reference/notifications.html
+# (string value)
+# Possible values:
+# unversioned - <No description provided>
+# versioned - <No description provided>
+# both - <No description provided>
+#notification_format = both
+
+#
+# Specifies the topics for the versioned notifications issued by nova.
+#
+# The default value is fine for most deployments and rarely needs to
+# be changed.
+# However, if you have a third-party service that consumes versioned
+# notifications, it might be worth getting a topic for that service.
+# Nova will send a message containing a versioned notification payload
+# to each
+# topic queue in this list.
+#
+# The list of versioned notifications is visible in
+# https://docs.openstack.org/nova/latest/reference/notifications.html
+# (list value)
+#versioned_notifications_topics = versioned_notifications
+
+#
+# If enabled, include block device information in the versioned
+# notification
+# payload. Sending block device information is disabled by default as
+# providing
+# that information can incur some overhead on the system since the
+# information
+# may need to be loaded from the database.
+# (boolean value)
+#bdms_in_notifications = false
+
+
+[osapi_v21]
+
+#
+# From nova.conf
+#
+
+# DEPRECATED:
+# This option is a string representing a regular expression (regex)
+# that matches
+# the project_id as contained in URLs. If not set, it will match
+# normal UUIDs
+# created by keystone.
+#
+# Possible values:
+#
+# * A string representing any legal regular expression
+# (string value)
+# This option is deprecated for removal since 13.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# Recent versions of nova constrain project IDs to hexadecimal
+# characters and
+# dashes. If your installation uses IDs outside of this range, you
+# should use
+# this option to provide your own regex and give you time to migrate
+# offending
+# projects to valid IDs before the next release.
+#project_id_regex = <None>
+
+
+[pci]
+
+#
+# From nova.conf
+#
+
+#
+# An alias for a PCI passthrough device requirement.
+#
+# This allows users to specify the alias in the extra specs for a
+# flavor, without
+# needing to repeat all the PCI property requirements.
+#
+# Possible Values:
+#
+# * A list of JSON values which describe the aliases. For example::
+#
+# alias = {
+# "name": "QuickAssist",
+# "product_id": "0443",
+# "vendor_id": "8086",
+# "device_type": "type-PCI",
+# "numa_policy": "required"
+# }
+#
+# This defines an alias for the Intel QuickAssist card. (multi
+# valued). Valid
+# key values are :
+#
+# ``name``
+# Name of the PCI alias.
+#
+# ``product_id``
+# Product ID of the device in hexadecimal.
+#
+# ``vendor_id``
+# Vendor ID of the device in hexadecimal.
+#
+# ``device_type``
+# Type of PCI device. Valid values are: ``type-PCI``, ``type-PF``
+# and
+# ``type-VF``.
+#
+# ``numa_policy``
+# Required NUMA affinity of device. Valid values are: ``legacy``,
+# ``preferred`` and ``required``.
+# (multi valued)
+# Deprecated group/name - [DEFAULT]/pci_alias
+#alias =
+
+#
+# White list of PCI devices available to VMs.
+#
+# Possible values:
+#
+# * A JSON dictionary which describe a whitelisted PCI device. It
+# should take
+# the following format:
+#
+# ["vendor_id": "<id>",] ["product_id": "<id>",]
+# ["address": "[[[[<domain>]:]<bus>]:][<slot>][.[<function>]]" |
+# "devname": "<name>",]
+# {"<tag>": "<tag_value>",}
+#
+# Where '[' indicates zero or one occurrences, '{' indicates zero or
+# multiple
+# occurrences, and '|' mutually exclusive options. Note that any
+# missing
+# fields are automatically wildcarded.
+#
+# Valid key values are :
+#
+# * "vendor_id": Vendor ID of the device in hexadecimal.
+# * "product_id": Product ID of the device in hexadecimal.
+# * "address": PCI address of the device.
+# * "devname": Device name of the device (for e.g. interface name).
+# Not all
+# PCI devices have a name.
+# * "<tag>": Additional <tag> and <tag_value> used for matching PCI
+# devices.
+# Supported <tag>: "physical_network".
+#
+# The address key supports traditional glob style and regular
+# expression
+# syntax. Valid examples are:
+#
+# passthrough_whitelist = {"devname":"eth0",
+# "physical_network":"physnet"}
+# passthrough_whitelist = {"address":"*:0a:00.*"}
+# passthrough_whitelist = {"address":":0a:00.",
+# "physical_network":"physnet1"}
+# passthrough_whitelist = {"vendor_id":"1137",
+# "product_id":"0071"}
+# passthrough_whitelist = {"vendor_id":"1137",
+# "product_id":"0071",
+# "address": "0000:0a:00.1",
+# "physical_network":"physnet1"}
+# passthrough_whitelist = {"address":{"domain": ".*",
+# "bus": "02", "slot": "01",
+# "function": "[2-7]"},
+# "physical_network":"physnet1"}
+# passthrough_whitelist = {"address":{"domain": ".*",
+# "bus": "02", "slot":
+# "0[1-2]",
+# "function": ".*"},
+# "physical_network":"physnet1"}
+#
+# The following are invalid, as they specify mutually exclusive
+# options:
+#
+# passthrough_whitelist = {"devname":"eth0",
+# "physical_network":"physnet",
+# "address":"*:0a:00.*"}
+#
+# * A JSON list of JSON dictionaries corresponding to the above
+# format. For
+# example:
+#
+# passthrough_whitelist = [{"product_id":"0001",
+# "vendor_id":"8086"},
+# {"product_id":"0002",
+# "vendor_id":"8086"}]
+# (multi valued)
+# Deprecated group/name - [DEFAULT]/pci_passthrough_whitelist
+#passthrough_whitelist =
+{%- if compute.get('sriov', false) %}
+{%- for nic_name, sriov in compute.sriov.iteritems() %}
+passthrough_whitelist = {"devname":"{{ sriov.devname }}","physical_network":"{{ sriov.physical_network }}"}
+{%- endfor %}
+{%- endif %}
+
+[placement]
+
+#
+# From nova.conf
+#
+
+# DEPRECATED:
+# Region name of this node. This is used when picking the URL in the
+# service
+# catalog.
+#
+# Possible values:
+#
+# * Any string representing region name
+# (string value)
+# This option is deprecated for removal since 17.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Endpoint lookup uses the service catalog via common
+# keystoneauth1 Adapter configuration options. Use the region_name
+# option instead.
+os_region_name = {{ compute.identity.region }}
+
+# DEPRECATED:
+# Endpoint interface for this node. This is used when picking the URL
+# in the
+# service catalog.
+# (string value)
+# This option is deprecated for removal since 17.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Endpoint lookup uses the service catalog via common
+# keystoneauth1 Adapter configuration options. Use the
+# valid_interfaces option instead.
+#os_interface = <None>
+
+#
+# If True, when limiting allocation candidate results, the results
+# will be
+# a random sampling of the full result set. If False, allocation
+# candidates
+# are returned in a deterministic but undefined order. That is, all
+# things
+# being equal, two requests for allocation candidates will return the
+# same
+# results in the same order; but no guarantees are made as to how that
+# order
+# is determined.
+# (boolean value)
+#randomize_allocation_candidates = false
+
+# PEM encoded Certificate Authority to use when verifying HTTPs
+# connections. (string value)
+#cafile = <None>
+{%- if compute.identity.get('protocol', 'http') == 'https' %}
+cafile={{ compute.identity.get('cacert_file', compute.cacert_file) }}
+{%- endif %}
+
+# PEM encoded client certificate cert file (string value)
+#certfile = <None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Authentication type to load (string value)
+# Deprecated group/name - [placement]/auth_plugin
+auth_type = password
+
+# Config Section from which to load plugin specific options (string
+# value)
+#auth_section = <None>
+
+# Authentication URL (string value)
+#auth_url = <None>
+auth_url={{ compute.identity.get('protocol', 'http') }}://{{ compute.identity.host }}:35357/v3
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+project_name = {{ compute.identity.tenant }}
+
+# Domain ID containing project (string value)
+project_domain_id = {{ compute.identity.get('domain', 'default') }}
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used
+# for both the user and project domain in v3 and ignored in v2
+# authentication. (string value)
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will
+# be used for both the user and project domain in v3 and ignored in v2
+# authentication. (string value)
+#default_domain_name = <None>
+
+# User ID (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [placement]/user_name
+username = {{ compute.identity.user }}
+
+# User's domain id (string value)
+user_domain_id = {{ compute.identity.get('domain', 'default') }}
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
+# User's password (string value)
+password = {{ compute.identity.password }}
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+# The default service_type for endpoint URL discovery. (string value)
+#service_type = placement
+
+# The default service_name for endpoint URL discovery. (string value)
+#service_name = <None>
+
+# List of interfaces, in order of preference, for endpoint URL. (list
+# value)
+# Deprecated group/name - [placement]/os_interface
+valid_interfaces = internal
+
+# The default region_name for endpoint URL discovery. (string value)
+# Deprecated group/name - [placement]/os_region_name
+#region_name = <None>
+
+# Always use this endpoint URL for requests for this client. NOTE: The
+# unversioned endpoint should be specified here; to request a
+# particular API version, use the `version`, `min-version`, and/or
+# `max-version` options. (string value)
+#endpoint_override = <None>
+
+
+[quota]
+#
+# Quota options allow to manage quotas in openstack deployment.
+
+#
+# From nova.conf
+#
+
+#
+# The number of instances allowed per project.
+#
+# Possible Values
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_instances
+#instances = 10
+
+#
+# The number of instance cores or vCPUs allowed per project.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_cores
+#cores = 20
+
+#
+# The number of megabytes of instance RAM allowed per project.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_ram
+#ram = 51200
+
+# DEPRECATED:
+# The number of floating IPs allowed per project.
+#
+# Floating IPs are not allocated to instances by default. Users need
+# to select
+# them from the pool configured by the OpenStack administrator to
+# attach to their
+# instances.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_floating_ips
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#floating_ips = 10
+
+# DEPRECATED:
+# The number of fixed IPs allowed per project.
+#
+# Unlike floating IPs, fixed IPs are allocated dynamically by the
+# network
+# component when instances boot up. This quota value should be at
+# least the
+# number of instances allowed
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_fixed_ips
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#fixed_ips = -1
+
+#
+# The number of metadata items allowed per instance.
+#
+# Users can associate metadata with an instance during instance
+# creation. This
+# metadata takes the form of key-value pairs.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_metadata_items
+#metadata_items = 128
+
+#
+# The number of injected files allowed.
+#
+# File injection allows users to customize the personality of an
+# instance by
+# injecting data into it upon boot. Only text file injection is
+# permitted: binary
+# or ZIP files are not accepted. During file injection, any existing
+# files that
+# match specified files are renamed to include ``.bak`` extension
+# appended with a
+# timestamp.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_injected_files
+#injected_files = 5
+
+#
+# The number of bytes allowed per injected file.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_injected_file_content_bytes
+#injected_file_content_bytes = 10240
+
+#
+# The maximum allowed injected file path length.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_injected_file_path_length
+#injected_file_path_length = 255
+
+# DEPRECATED:
+# The number of security groups per project.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_security_groups
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#security_groups = 10
+
+# DEPRECATED:
+# The number of security rules per security group.
+#
+# The associated rules in each security group control the traffic to
+# instances in
+# the group.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_security_group_rules
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#security_group_rules = 20
+
+#
+# The maximum number of key pairs allowed per user.
+#
+# Users can create at least one key pair for each project and use the
+# key pair
+# for multiple instances that belong to that project.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_key_pairs
+#key_pairs = 100
+
+#
+# The maxiumum number of server groups per project.
+#
+# Server groups are used to control the affinity and anti-affinity
+# scheduling
+# policy for a group of servers or instances. Reducing the quota will
+# not affect
+# any existing group, but new servers will not be allowed into groups
+# that have
+# become over quota.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_server_groups
+#server_groups = 10
+
+#
+# The maximum number of servers per server group.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_server_group_members
+#server_group_members = 10
+
+#
+# The number of seconds until a reservation expires.
+#
+# This quota represents the time period for invalidating quota
+# reservations.
+# (integer value)
+#reservation_expire = 86400
+
+#
+# The count of reservations until usage is refreshed.
+#
+# This defaults to 0 (off) to avoid additional load but it is useful
+# to turn on
+# to help keep quota usage up-to-date and reduce the impact of out of
+# sync usage
+# issues.
+# (integer value)
+# Minimum value: 0
+#until_refresh = 0
+
+#
+# The number of seconds between subsequent usage refreshes.
+#
+# This defaults to 0 (off) to avoid additional load but it is useful
+# to turn on
+# to help keep quota usage up-to-date and reduce the impact of out of
+# sync usage
+# issues. Note that quotas are not updated on a periodic task, they
+# will update
+# on a new reservation if max_age has passed since the last
+# reservation.
+# (integer value)
+# Minimum value: 0
+#max_age = 0
+
+# DEPRECATED:
+# The quota enforcer driver.
+#
+# Provides abstraction for quota checks. Users can configure a
+# specific
+# driver to use for quota checks.
+#
+# Possible values:
+#
+# * nova.quota.DbQuotaDriver (default) or any string representing
+# fully
+# qualified class name.
+# (string value)
+# Deprecated group/name - [DEFAULT]/quota_driver
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+#driver = nova.quota.DbQuotaDriver
+
+#
+# Recheck quota after resource creation to prevent allowing quota to
+# be exceeded.
+#
+# This defaults to True (recheck quota after resource creation) but
+# can be set to
+# False to avoid additional load if allowing quota to be exceeded
+# because of
+# racing requests is considered acceptable. For example, when set to
+# False, if a
+# user makes highly parallel REST API requests to create servers, it
+# will be
+# possible for them to create more servers than their allowed quota
+# during the
+# race. If their quota is 10 servers, they might be able to create 50
+# during the
+# burst. After the burst, they will not be able to create any more
+# servers but
+# they will be able to keep their 50 servers until they delete them.
+#
+# The initial quota check is done before resources are created, so if
+# multiple
+# parallel requests arrive at the same time, all could pass the quota
+# check and
+# create resources, potentially exceeding quota. When recheck_quota is
+# True,
+# quota will be checked a second time after resources have been
+# created and if
+# the resource is over quota, it will be deleted and OverQuota will be
+# raised,
+# usually resulting in a 403 response to the REST API user. This makes
+# it
+# impossible for a user to exceed their quota with the caveat that it
+# will,
+# however, be possible for a REST API user to be rejected with a 403
+# response in
+# the event of a collision close to reaching their quota limit, even
+# if the user
+# has enough quota available when they made the request.
+# (boolean value)
+#recheck_quota = true
+
+
+[rdp]
+#
+# Options under this group enable and configure Remote Desktop
+# Protocol (
+# RDP) related features.
+#
+# This group is only relevant to Hyper-V users.
+
+#
+# From nova.conf
+#
+
+#
+# Enable Remote Desktop Protocol (RDP) related features.
+#
+# Hyper-V, unlike the majority of the hypervisors employed on Nova
+# compute
+# nodes, uses RDP instead of VNC and SPICE as a desktop sharing
+# protocol to
+# provide instance console access. This option enables RDP for
+# graphical
+# console access for virtual machines created by Hyper-V.
+#
+# **Note:** RDP should only be enabled on compute nodes that support
+# the Hyper-V
+# virtualization platform.
+#
+# Related options:
+#
+# * ``compute_driver``: Must be hyperv.
+#
+# (boolean value)
+#enabled = false
+
+#
+# The URL an end user would use to connect to the RDP HTML5 console
+# proxy.
+# The console proxy service is called with this token-embedded URL and
+# establishes the connection to the proper instance.
+#
+# An RDP HTML5 console proxy service will need to be configured to
+# listen on the
+# address configured here. Typically the console proxy service would
+# be run on a
+# controller node. The localhost address used as default would only
+# work in a
+# single node environment i.e. devstack.
+#
+# An RDP HTML5 proxy allows a user to access via the web the text or
+# graphical
+# console of any Windows server or workstation using RDP. RDP HTML5
+# console
+# proxy services include FreeRDP, wsgate.
+# See https://github.com/FreeRDP/FreeRDP-WebConnect
+#
+# Possible values:
+#
+# * <scheme>://<ip-address>:<port-number>/
+#
+# The scheme must be identical to the scheme configured for the RDP
+# HTML5
+# console proxy service. It is ``http`` or ``https``.
+#
+# The IP address must be identical to the address on which the RDP
+# HTML5
+# console proxy service is listening.
+#
+# The port must be identical to the port on which the RDP HTML5
+# console proxy
+# service is listening.
+#
+# Related options:
+#
+# * ``rdp.enabled``: Must be set to ``True`` for
+# ``html5_proxy_base_url`` to be
+# effective.
+# (uri value)
+#html5_proxy_base_url = http://127.0.0.1:6083/
+
+
+[remote_debug]
+
+#
+# From nova.conf
+#
+
+#
+# Debug host (IP or name) to connect to. This command line parameter
+# is used when
+# you want to connect to a nova service via a debugger running on a
+# different
+# host.
+#
+# Note that using the remote debug option changes how Nova uses the
+# eventlet
+# library to support async IO. This could result in failures that do
+# not occur
+# under normal operation. Use at your own risk.
+#
+# Possible Values:
+#
+# * IP address of a remote host as a command line parameter
+# to a nova service. For Example:
+#
+# /usr/local/bin/nova-compute --config-file /etc/nova/nova.conf
+# --remote_debug-host <IP address where the debugger is running>
+# (unknown value)
+#host = <None>
+
+#
+# Debug port to connect to. This command line parameter allows you to
+# specify
+# the port you want to use to connect to a nova service via a debugger
+# running
+# on different host.
+#
+# Note that using the remote debug option changes how Nova uses the
+# eventlet
+# library to support async IO. This could result in failures that do
+# not occur
+# under normal operation. Use at your own risk.
+#
+# Possible Values:
+#
+# * Port number you want to use as a command line parameter
+# to a nova service. For Example:
+#
+# /usr/local/bin/nova-compute --config-file /etc/nova/nova.conf
+# --remote_debug-host <IP address where the debugger is running>
+# --remote_debug-port <port> it's listening on>.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#port = <None>
+
+
+[scheduler]
+
+#
+# From nova.conf
+#
+
+#
+# The scheduler host manager to use.
+#
+# The host manager manages the in-memory picture of the hosts that the
+# scheduler
+# uses. The options values are chosen from the entry points under the
+# namespace
+# 'nova.scheduler.host_manager' in 'setup.cfg'.
+#
+# NOTE: The "ironic_host_manager" option is deprecated as of the
+# 17.0.0 Queens
+# release.
+# (string value)
+# Possible values:
+# host_manager - <No description provided>
+# ironic_host_manager - <No description provided>
+# Deprecated group/name - [DEFAULT]/scheduler_host_manager
+#host_manager = host_manager
+
+#
+# The class of the driver used by the scheduler. This should be chosen
+# from one
+# of the entrypoints under the namespace 'nova.scheduler.driver' of
+# file
+# 'setup.cfg'. If nothing is specified in this option, the
+# 'filter_scheduler' is
+# used.
+#
+# Other options are:
+#
+# * 'caching_scheduler' which aggressively caches the system state for
+# better
+# individual scheduler performance at the risk of more retries when
+# running
+# multiple schedulers. [DEPRECATED]
+# * 'chance_scheduler' which simply picks a host at random.
+# [DEPRECATED]
+# * 'fake_scheduler' which is used for testing.
+#
+# Possible values:
+#
+# * Any of the drivers included in Nova:
+# ** filter_scheduler
+# ** caching_scheduler
+# ** chance_scheduler
+# ** fake_scheduler
+# * You may also set this to the entry point name of a custom
+# scheduler driver,
+# but you will be responsible for creating and maintaining it in
+# your setup.cfg
+# file.
+# (string value)
+# Deprecated group/name - [DEFAULT]/scheduler_driver
+#driver = filter_scheduler
+
+#
+# Periodic task interval.
+#
+# This value controls how often (in seconds) to run periodic tasks in
+# the
+# scheduler. The specific tasks that are run for each period are
+# determined by
+# the particular scheduler being used.
+#
+# If this is larger than the nova-service 'service_down_time' setting,
+# Nova may
+# report the scheduler service as down. This is because the scheduler
+# driver is
+# responsible for sending a heartbeat and it will only do that as
+# often as this
+# option allows. As each scheduler can work a little differently than
+# the others,
+# be sure to test this with your selected scheduler.
+#
+# Possible values:
+#
+# * An integer, where the integer corresponds to periodic task
+# interval in
+# seconds. 0 uses the default interval (60 seconds). A negative
+# value disables
+# periodic tasks.
+#
+# Related options:
+#
+# * ``nova-service service_down_time``
+# (integer value)
+# Deprecated group/name - [DEFAULT]/scheduler_driver_task_period
+#periodic_task_interval = 60
+
+#
+# This is the maximum number of attempts that will be made for a given
+# instance
+# build/move operation. It limits the number of alternate hosts
+# returned by the
+# scheduler. When that list of hosts is exhausted, a
+# MaxRetriesExceeded
+# exception is raised and the instance is set to an error state.
+#
+# Possible values:
+#
+# * A positive integer, where the integer corresponds to the max
+# number of
+# attempts that can be made when building or moving an instance.
+# (integer value)
+# Minimum value: 1
+# Deprecated group/name - [DEFAULT]/scheduler_max_attempts
+#max_attempts = 3
+
+#
+# Periodic task interval.
+#
+# This value controls how often (in seconds) the scheduler should
+# attempt
+# to discover new hosts that have been added to cells. If negative
+# (the
+# default), no automatic discovery will occur.
+#
+# Deployments where compute nodes come and go frequently may want this
+# enabled, where others may prefer to manually discover hosts when one
+# is added to avoid any overhead from constantly checking. If enabled,
+# every time this runs, we will select any unmapped hosts out of each
+# cell database on every run.
+# (integer value)
+# Minimum value: -1
+#discover_hosts_in_cells_interval = -1
+
+#
+# This setting determines the maximum limit on results received from
+# the
+# placement service during a scheduling operation. It effectively
+# limits
+# the number of hosts that may be considered for scheduling requests
+# that
+# match a large number of candidates.
+#
+# A value of 1 (the minimum) will effectively defer scheduling to the
+# placement
+# service strictly on "will it fit" grounds. A higher value will put
+# an upper
+# cap on the number of results the scheduler will consider during the
+# filtering
+# and weighing process. Large deployments may need to set this lower
+# than the
+# total number of hosts available to limit memory consumption, network
+# traffic,
+# etc. of the scheduler.
+#
+# This option is only used by the FilterScheduler; if you use a
+# different
+# scheduler, this option has no effect.
+# (integer value)
+# Minimum value: 1
+#max_placement_results = 1000
+
+
+[serial_console]
+#
+# The serial console feature allows you to connect to a guest in case
+# a
+# graphical console like VNC, RDP or SPICE is not available. This is
+# only
+# currently supported for the libvirt, Ironic and hyper-v drivers.
+
+#
+# From nova.conf
+#
+
+#
+# Enable the serial console feature.
+#
+# In order to use this feature, the service ``nova-serialproxy`` needs
+# to run.
+# This service is typically executed on the controller node.
+# (boolean value)
+#enabled = false
+
+#
+# A range of TCP ports a guest can use for its backend.
+#
+# Each instance which gets created will use one port out of this
+# range. If the
+# range is not big enough to provide another port for an new instance,
+# this
+# instance won't get launched.
+#
+# Possible values:
+#
+# * Each string which passes the regex ``\d+:\d+`` For example
+# ``10000:20000``.
+# Be sure that the first port number is lower than the second port
+# number
+# and that both are in range from 0 to 65535.
+# (string value)
+#port_range = 10000:20000
+
+#
+# The URL an end user would use to connect to the ``nova-serialproxy``
+# service.
+#
+# The ``nova-serialproxy`` service is called with this token enriched
+# URL
+# and establishes the connection to the proper instance.
+#
+# Related options:
+#
+# * The IP address must be identical to the address to which the
+# ``nova-serialproxy`` service is listening (see option
+# ``serialproxy_host``
+# in this section).
+# * The port must be the same as in the option ``serialproxy_port`` of
+# this
+# section.
+# * If you choose to use a secured websocket connection, then start
+# this option
+# with ``wss://`` instead of the unsecured ``ws://``. The options
+# ``cert``
+# and ``key`` in the ``[DEFAULT]`` section have to be set for that.
+# (uri value)
+#base_url = ws://127.0.0.1:6083/
+
+#
+# The IP address to which proxy clients (like ``nova-serialproxy``)
+# should
+# connect to get the serial console of an instance.
+#
+# This is typically the IP address of the host of a ``nova-compute``
+# service.
+# (string value)
+#proxyclient_address = 127.0.0.1
+
+#
+# The IP address which is used by the ``nova-serialproxy`` service to
+# listen
+# for incoming requests.
+#
+# The ``nova-serialproxy`` service listens on this IP address for
+# incoming
+# connection requests to instances which expose serial console.
+#
+# Related options:
+#
+# * Ensure that this is the same IP address which is defined in the
+# option
+# ``base_url`` of this section or use ``0.0.0.0`` to listen on all
+# addresses.
+# (string value)
+#serialproxy_host = 0.0.0.0
+
+#
+# The port number which is used by the ``nova-serialproxy`` service to
+# listen
+# for incoming requests.
+#
+# The ``nova-serialproxy`` service listens on this port number for
+# incoming
+# connection requests to instances which expose serial console.
+#
+# Related options:
+#
+# * Ensure that this is the same port number which is defined in the
+# option
+# ``base_url`` of this section.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#serialproxy_port = 6083
+
+
+[service_user]
+#
+# Configuration options for service to service authentication using a
+# service
+# token. These options allow sending a service token along with the
+# user's token
+# when contacting external REST APIs.
+
+#
+# From nova.conf
+#
+
+#
+# When True, if sending a user token to a REST API, also send a
+# service token.
+#
+# Nova often reuses the user token provided to the nova-api to talk to
+# other REST
+# APIs, such as Cinder, Glance and Neutron. It is possible that while
+# the user
+# token was valid when the request was made to Nova, the token may
+# expire before
+# it reaches the other service. To avoid any failures, and to make it
+# clear it is
+# Nova calling the service on the user's behalf, we include a service
+# token along
+# with the user token. Should the user's token have expired, a valid
+# service
+# token ensures the REST API request will still be accepted by the
+# keystone
+# middleware.
+# (boolean value)
+#send_service_user_token = false
+
+# PEM encoded Certificate Authority to use when verifying HTTPs
+# connections. (string value)
+#cafile = <None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile = <None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Authentication type to load (string value)
+# Deprecated group/name - [service_user]/auth_plugin
+#auth_type = <None>
+
+# Config Section from which to load plugin specific options (string
+# value)
+#auth_section = <None>
+
+# Authentication URL (string value)
+#auth_url = <None>
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+#project_name = <None>
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used
+# for both the user and project domain in v3 and ignored in v2
+# authentication. (string value)
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will
+# be used for both the user and project domain in v3 and ignored in v2
+# authentication. (string value)
+#default_domain_name = <None>
+
+# User ID (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [service_user]/user_name
+#username = <None>
+
+# User's domain id (string value)
+#user_domain_id = <None>
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
+# User's password (string value)
+#password = <None>
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+
+[spice]
+#
+# SPICE console feature allows you to connect to a guest virtual
+# machine.
+# SPICE is a replacement for fairly limited VNC protocol.
+#
+# Following requirements must be met in order to use SPICE:
+#
+# * Virtualization driver must be libvirt
+# * spice.enabled set to True
+# * vnc.enabled set to False
+# * update html5proxy_base_url
+# * update server_proxyclient_address
+
+#
+# From nova.conf
+#
+
+#
+# Enable SPICE related features.
+#
+# Related options:
+#
+# * VNC must be explicitly disabled to get access to the SPICE
+# console. Set the
+# enabled option to False in the [vnc] section to disable the VNC
+# console.
+# (boolean value)
+#enabled = false
+enabled = false
+#
+# Enable the SPICE guest agent support on the instances.
+#
+# The Spice agent works with the Spice protocol to offer a better
+# guest console
+# experience. However, the Spice console can still be used without the
+# Spice
+# Agent. With the Spice agent installed the following features are
+# enabled:
+#
+# * Copy & Paste of text and images between the guest and client
+# machine
+# * Automatic adjustment of resolution when the client screen changes
+# - e.g.
+# if you make the Spice console full screen the guest resolution
+# will adjust to
+# match it rather than letterboxing.
+# * Better mouse integration - The mouse can be captured and released
+# without
+# needing to click inside the console or press keys to release it.
+# The
+# performance of mouse movement is also improved.
+# (boolean value)
+#agent_enabled = true
+
+#
+# Location of the SPICE HTML5 console proxy.
+#
+# End user would use this URL to connect to the `nova-
+# spicehtml5proxy``
+# service. This service will forward request to the console of an
+# instance.
+#
+# In order to use SPICE console, the service ``nova-spicehtml5proxy``
+# should be
+# running. This service is typically launched on the controller node.
+#
+# Possible values:
+#
+# * Must be a valid URL of the form:
+# ``http://host:port/spice_auto.html``
+# where host is the node running ``nova-spicehtml5proxy`` and the
+# port is
+# typically 6082. Consider not using default value as it is not well
+# defined
+# for any real deployment.
+#
+# Related options:
+#
+# * This option depends on ``html5proxy_host`` and ``html5proxy_port``
+# options.
+# The access URL returned by the compute node must have the host
+# and port where the ``nova-spicehtml5proxy`` service is listening.
+# (uri value)
+#html5proxy_base_url = http://127.0.0.1:6082/spice_auto.html
+{%- if compute.vncproxy_url is defined %}
+html5proxy_base_url = {{ compute.vncproxy_url }}/spice_auto.html
+{%- endif %}
+
+#
+# The address where the SPICE server running on the instances should
+# listen.
+#
+# Typically, the ``nova-spicehtml5proxy`` proxy client runs on the
+# controller
+# node and connects over the private network to this address on the
+# compute
+# node(s).
+#
+# Possible values:
+#
+# * IP address to listen on.
+# (string value)
+#server_listen = 127.0.0.1
+
+#
+# The address used by ``nova-spicehtml5proxy`` client to connect to
+# instance
+# console.
+#
+# Typically, the ``nova-spicehtml5proxy`` proxy client runs on the
+# controller node and connects over the private network to this
+# address on the
+# compute node(s).
+#
+# Possible values:
+#
+# * Any valid IP address on the compute node.
+#
+# Related options:
+#
+# * This option depends on the ``server_listen`` option.
+# The proxy client must be able to access the address specified in
+# ``server_listen`` using the value of this option.
+# (string value)
+#server_proxyclient_address = 127.0.0.1
+
+#
+# A keyboard layout which is supported by the underlying hypervisor on
+# this
+# node.
+#
+# Possible values:
+# * This is usually an 'IETF language tag' (default is 'en-us'). If
+# you
+# use QEMU as hypervisor, you should find the list of supported
+# keyboard
+# layouts at /usr/share/qemu/keymaps.
+# (string value)
+#keymap = en-us
+
+#
+# IP address or a hostname on which the ``nova-spicehtml5proxy``
+# service
+# listens for incoming requests.
+#
+# Related options:
+#
+# * This option depends on the ``html5proxy_base_url`` option.
+# The ``nova-spicehtml5proxy`` service must be listening on a host
+# that is
+# accessible from the HTML5 client.
+# (unknown value)
+#html5proxy_host = 0.0.0.0
+
+#
+# Port on which the ``nova-spicehtml5proxy`` service listens for
+# incoming
+# requests.
+#
+# Related options:
+#
+# * This option depends on the ``html5proxy_base_url`` option.
+# The ``nova-spicehtml5proxy`` service must be listening on a port
+# that is
+# accessible from the HTML5 client.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#html5proxy_port = 6082
+
+
+[upgrade_levels]
+
+{%- if compute.upgrade_levels is defined %}
+{%- for key, value in compute.upgrade_levels.iteritems() %}
+{{ key }}={{ value }}
+{%- endfor %}
+{%- endif %}
+#
+# upgrade_levels options are used to set version cap for RPC
+# messages sent between different nova services.
+#
+# By default all services send messages using the latest version
+# they know about.
+#
+# The compute upgrade level is an important part of rolling upgrades
+# where old and new nova-compute services run side by side.
+#
+# The other options can largely be ignored, and are only kept to
+# help with a possible future backport issue.
+
+#
+# From nova.conf
+#
+
+#
+# Compute RPC API version cap.
+#
+# By default, we always send messages using the most recent version
+# the client knows about.
+#
+# Where you have old and new compute services running, you should set
+# this to the lowest deployed version. This is to guarantee that all
+# services never send messages that one of the compute nodes can't
+# understand. Note that we only support upgrading from release N to
+# release N+1.
+#
+# Set this option to "auto" if you want to let the compute RPC module
+# automatically determine what version to use based on the service
+# versions in the deployment.
+#
+# Possible values:
+#
+# * By default send the latest version the client knows about
+# * 'auto': Automatically determines what version to use based on
+# the service versions in the deployment.
+# * A string representing a version number in the format 'N.N';
+# for example, possible values might be '1.12' or '2.0'.
+# * An OpenStack release name, in lower case, such as 'mitaka' or
+# 'liberty'.
+# (string value)
+#compute = <None>
+
+# Cells RPC API version cap (string value)
+#cells = <None>
+
+# Intercell RPC API version cap (string value)
+#intercell = <None>
+
+# Cert RPC API version cap (string value)
+#cert = <None>
+
+# Scheduler RPC API version cap (string value)
+#scheduler = <None>
+
+# Conductor RPC API version cap (string value)
+#conductor = <None>
+
+# Console RPC API version cap (string value)
+#console = <None>
+
+# Consoleauth RPC API version cap (string value)
+#consoleauth = <None>
+
+# Network RPC API version cap (string value)
+#network = <None>
+
+# Base API RPC API version cap (string value)
+#baseapi = <None>
+
+
+[vault]
+
+#
+# From nova.conf
+#
+
+# root token for vault (string value)
+#root_token_id = <None>
+
+# Use this endpoint to connect to Vault, for example:
+# "http://127.0.0.1:8200" (string value)
+#vault_url = http://127.0.0.1:8200
+
+# Absolute path to ca cert file (string value)
+#ssl_ca_crt_file = <None>
+
+# SSL Enabled/Disabled (boolean value)
+#use_ssl = false
+
+
+[vendordata_dynamic_auth]
+#
+# Options within this group control the authentication of the
+# vendordata
+# subsystem of the metadata API server (and config drive) with
+# external systems.
+
+#
+# From nova.conf
+#
+
+# PEM encoded Certificate Authority to use when verifying HTTPs
+# connections. (string value)
+#cafile = <None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile = <None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Authentication type to load (string value)
+# Deprecated group/name - [vendordata_dynamic_auth]/auth_plugin
+#auth_type = <None>
+
+# Config Section from which to load plugin specific options (string
+# value)
+#auth_section = <None>
+
+# Authentication URL (string value)
+#auth_url = <None>
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+#project_name = <None>
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used
+# for both the user and project domain in v3 and ignored in v2
+# authentication. (string value)
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will
+# be used for both the user and project domain in v3 and ignored in v2
+# authentication. (string value)
+#default_domain_name = <None>
+
+# User ID (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [vendordata_dynamic_auth]/user_name
+#username = <None>
+
+# User's domain id (string value)
+#user_domain_id = <None>
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
+# User's password (string value)
+#password = <None>
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+{%- set compute_driver = compute.get('compute_driver', 'libvirt.LibvirtDriver') %}
+{%- if compute_driver in compute_driver_mapping.keys() %}
+{%- set _data = compute.get(compute_driver_mapping[compute_driver]) %}
+{%- include "nova/files/queens/compute/_" + compute_driver_mapping[compute_driver] + ".conf" %}
+{%- endif %}
+
+[vnc]
+#
+# Virtual Network Computer (VNC) can be used to provide remote desktop
+# console access to instances for tenants and/or administrators.
+
+#
+# From nova.conf
+#
+
+#
+# Enable VNC related features.
+#
+# Guests will get created with graphical devices to support this.
+# Clients
+# (for example Horizon) can then establish a VNC connection to the
+# guest.
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/vnc_enabled
+enabled = true
+
+{%- if compute.vncproxy_url is defined %}
+novncproxy_base_url={{ compute.vncproxy_url }}/vnc_auto.html
+{%- endif %}
+{%- if compute.bind is defined and compute.bind.vnc_port is defined %}
+novncproxy_port={{ compute.bind.vnc_port }}
+{%- endif %}
+{%- if compute.bind is defined %}
+{%- if compute.bind.vnc_address is defined %}
+vncserver_listen={{ compute.bind.vnc_address }}
+vncserver_proxyclient_address={{ compute.bind.vnc_address }}
+{%- else %}
+vncserver_listen=0.0.0.0
+{%- endif %}
+{%- endif %}
+
+#
+# Keymap for VNC.
+#
+# The keyboard mapping (keymap) determines which keyboard layout a VNC
+# session should use by default.
+#
+# Possible values:
+#
+# * A keyboard layout which is supported by the underlying hypervisor
+# on
+# this node. This is usually an 'IETF language tag' (for example
+# 'en-us'). If you use QEMU as hypervisor, you should find the
+# list
+# of supported keyboard layouts at ``/usr/share/qemu/keymaps``.
+# (string value)
+# Deprecated group/name - [DEFAULT]/vnc_keymap
+keymap = {{ compute.get('vnc_keymap', 'en-us') }}
+
+#
+# The IP address or hostname on which an instance should listen to for
+# incoming VNC connection requests on this node.
+# (unknown value)
+# Deprecated group/name - [DEFAULT]/vncserver_listen
+# Deprecated group/name - [vnc]/vncserver_listen
+#server_listen = 127.0.0.1
+
+#
+# Private, internal IP address or hostname of VNC console proxy.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients.
+#
+# This option sets the private address to which proxy clients, such as
+# ``nova-xvpvncproxy``, should connect to.
+# (unknown value)
+# Deprecated group/name - [DEFAULT]/vncserver_proxyclient_address
+# Deprecated group/name - [vnc]/vncserver_proxyclient_address
+#server_proxyclient_address = 127.0.0.1
+
+#
+# Public address of noVNC VNC console proxy.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. noVNC provides
+# VNC support through a websocket-based client.
+#
+# This option sets the public base URL to which client systems will
+# connect. noVNC clients can use this address to connect to the noVNC
+# instance and, by extension, the VNC sessions.
+#
+# Related options:
+#
+# * novncproxy_host
+# * novncproxy_port
+# (uri value)
+#novncproxy_base_url = http://127.0.0.1:6080/vnc_auto.html
+
+#
+# IP address or hostname that the XVP VNC console proxy should bind
+# to.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. Xen provides
+# the Xenserver VNC Proxy, or XVP, as an alternative to the
+# websocket-based noVNC proxy used by Libvirt. In contrast to noVNC,
+# XVP clients are Java-based.
+#
+# This option sets the private address to which the XVP VNC console
+# proxy
+# service should bind to.
+#
+# Related options:
+#
+# * xvpvncproxy_port
+# * xvpvncproxy_base_url
+# (unknown value)
+#xvpvncproxy_host = 0.0.0.0
+
+#
+# Port that the XVP VNC console proxy should bind to.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. Xen provides
+# the Xenserver VNC Proxy, or XVP, as an alternative to the
+# websocket-based noVNC proxy used by Libvirt. In contrast to noVNC,
+# XVP clients are Java-based.
+#
+# This option sets the private port to which the XVP VNC console proxy
+# service should bind to.
+#
+# Related options:
+#
+# * xvpvncproxy_host
+# * xvpvncproxy_base_url
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#xvpvncproxy_port = 6081
+
+#
+# Public URL address of XVP VNC console proxy.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. Xen provides
+# the Xenserver VNC Proxy, or XVP, as an alternative to the
+# websocket-based noVNC proxy used by Libvirt. In contrast to noVNC,
+# XVP clients are Java-based.
+#
+# This option sets the public base URL to which client systems will
+# connect. XVP clients can use this address to connect to the XVP
+# instance and, by extension, the VNC sessions.
+#
+# Related options:
+#
+# * xvpvncproxy_host
+# * xvpvncproxy_port
+# (uri value)
+#xvpvncproxy_base_url = http://127.0.0.1:6081/console
+
+#
+# IP address that the noVNC console proxy should bind to.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. noVNC provides
+# VNC support through a websocket-based client.
+#
+# This option sets the private address to which the noVNC console
+# proxy
+# service should bind to.
+#
+# Related options:
+#
+# * novncproxy_port
+# * novncproxy_base_url
+# (string value)
+#novncproxy_host = 0.0.0.0
+
+#
+# Port that the noVNC console proxy should bind to.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. noVNC provides
+# VNC support through a websocket-based client.
+#
+# This option sets the private port to which the noVNC console proxy
+# service should bind to.
+#
+# Related options:
+#
+# * novncproxy_host
+# * novncproxy_base_url
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#novncproxy_port = 6080
+
+#
+# The authentication schemes to use with the compute node.
+#
+# Control what RFB authentication schemes are permitted for
+# connections between
+# the proxy and the compute host. If multiple schemes are enabled, the
+# first
+# matching scheme will be used, thus the strongest schemes should be
+# listed
+# first.
+#
+# Possible values:
+#
+# * ``none``: allow connection without authentication
+# * ``vencrypt``: use VeNCrypt authentication scheme
+#
+# Related options:
+#
+# * ``[vnc]vencrypt_client_key``, ``[vnc]vencrypt_client_cert``: must
+# also be set
+# (list value)
+#auth_schemes = none
+
+# The path to the client certificate PEM file (for x509)
+#
+# The fully qualified path to a PEM file containing the private key
+# which the VNC
+# proxy server presents to the compute node during VNC authentication.
+#
+# Related options:
+#
+# * ``vnc.auth_schemes``: must include ``vencrypt``
+# * ``vnc.vencrypt_client_cert``: must also be set
+# (string value)
+#vencrypt_client_key = <None>
+
+# The path to the client key file (for x509)
+#
+# The fully qualified path to a PEM file containing the x509
+# certificate which
+# the VNC proxy server presents to the compute node during VNC
+# authentication.
+#
+# Realted options:
+#
+# * ``vnc.auth_schemes``: must include ``vencrypt``
+# * ``vnc.vencrypt_client_key``: must also be set
+# (string value)
+#vencrypt_client_cert = <None>
+
+# The path to the CA certificate PEM file
+#
+# The fully qualified path to a PEM file containing one or more x509
+# certificates
+# for the certificate authorities used by the compute node VNC server.
+#
+# Related options:
+#
+# * ``vnc.auth_schemes``: must include ``vencrypt``
+# (string value)
+#vencrypt_ca_certs = <None>
+
+
+[workarounds]
+#
+# A collection of workarounds used to mitigate bugs or issues found in
+# system
+# tools (e.g. Libvirt or QEMU) or Nova itself under certain
+# conditions. These
+# should only be enabled in exceptional circumstances. All options are
+# linked
+# against bug IDs, where more information on the issue can be found.
+
+#
+# From nova.conf
+#
+
+#
+# Use sudo instead of rootwrap.
+#
+# Allow fallback to sudo for performance reasons.
+#
+# For more information, refer to the bug report:
+#
+# https://bugs.launchpad.net/nova/+bug/1415106
+#
+# Possible values:
+#
+# * True: Use sudo instead of rootwrap
+# * False: Use rootwrap as usual
+#
+# Interdependencies to other options:
+#
+# * Any options that affect 'rootwrap' will be ignored.
+# (boolean value)
+#disable_rootwrap = false
+
+#
+# Disable live snapshots when using the libvirt driver.
+#
+# Live snapshots allow the snapshot of the disk to happen without an
+# interruption to the guest, using coordination with a guest agent to
+# quiesce the filesystem.
+#
+# When using libvirt 1.2.2 live snapshots fail intermittently under
+# load
+# (likely related to concurrent libvirt/qemu operations). This config
+# option provides a mechanism to disable live snapshot, in favor of
+# cold
+# snapshot, while this is resolved. Cold snapshot causes an instance
+# outage while the guest is going through the snapshotting process.
+#
+# For more information, refer to the bug report:
+#
+# https://bugs.launchpad.net/nova/+bug/1334398
+#
+# Possible values:
+#
+# * True: Live snapshot is disabled when using libvirt
+# * False: Live snapshots are always used when snapshotting (as long
+# as
+# there is a new enough libvirt and the backend storage supports it)
+# (boolean value)
+#disable_libvirt_livesnapshot = false
+disable_libvirt_livesnapshot = {{ compute.get('workaround', {}).get('disable_libvirt_livesnapshot', True)|lower }}
+
+#
+# Enable handling of events emitted from compute drivers.
+#
+# Many compute drivers emit lifecycle events, which are events that
+# occur when,
+# for example, an instance is starting or stopping. If the instance is
+# going
+# through task state changes due to an API operation, like resize, the
+# events
+# are ignored.
+#
+# This is an advanced feature which allows the hypervisor to signal to
+# the
+# compute service that an unexpected state change has occurred in an
+# instance
+# and that the instance can be shutdown automatically. Unfortunately,
+# this can
+# race in some conditions, for example in reboot operations or when
+# the compute
+# service or when host is rebooted (planned or due to an outage). If
+# such races
+# are common, then it is advisable to disable this feature.
+#
+# Care should be taken when this feature is disabled and
+# 'sync_power_state_interval' is set to a negative value. In this
+# case, any
+# instances that get out of sync between the hypervisor and the Nova
+# database
+# will have to be synchronized manually.
+#
+# For more information, refer to the bug report:
+#
+# https://bugs.launchpad.net/bugs/1444630
+#
+# Interdependencies to other options:
+#
+# * If ``sync_power_state_interval`` is negative and this feature is
+# disabled,
+# then instances that get out of sync between the hypervisor and the
+# Nova
+# database will have to be synchronized manually.
+# (boolean value)
+#handle_virt_lifecycle_events = true
+
+#
+# Disable the server group policy check upcall in compute.
+#
+# In order to detect races with server group affinity policy, the
+# compute
+# service attempts to validate that the policy was not violated by the
+# scheduler. It does this by making an upcall to the API database to
+# list
+# the instances in the server group for one that it is booting, which
+# violates
+# our api/cell isolation goals. Eventually this will be solved by
+# proper affinity
+# guarantees in the scheduler and placement service, but until then,
+# this late
+# check is needed to ensure proper affinity policy.
+#
+# Operators that desire api/cell isolation over this check should
+# enable this flag, which will avoid making that upcall from compute.
+#
+# Related options:
+#
+# * [filter_scheduler]/track_instance_changes also relies on upcalls
+# from the
+# compute service to the scheduler service.
+# (boolean value)
+#disable_group_policy_check_upcall = false
+
+
+[wsgi]
+#
+# Options under this group are used to configure WSGI (Web Server
+# Gateway
+# Interface). WSGI is used to serve API requests.
+
+#
+# From nova.conf
+#
+
+#
+# This option represents a file name for the paste.deploy config for
+# nova-api.
+#
+# Possible values:
+#
+# * A string representing file name for the paste.deploy config.
+# (string value)
+api_paste_config = /etc/nova/api-paste.ini
+
+# DEPRECATED:
+# It represents a python format string that is used as the template to
+# generate
+# log lines. The following values can be formatted into it: client_ip,
+# date_time, request_line, status_code, body_length, wall_seconds.
+#
+# This option is used for building custom request loglines when
+# running
+# nova-api under eventlet. If used under uwsgi or apache, this option
+# has no effect.
+#
+# Possible values:
+#
+# * '%(client_ip)s "%(request_line)s" status: %(status_code)s'
+# 'len: %(body_length)s time: %(wall_seconds).7f' (default)
+# * Any formatted string formed by specific values.
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# This option only works when running nova-api under eventlet, and
+# encodes very eventlet specific pieces of information. Starting in
+# Pike
+# the preferred model for running nova-api is under uwsgi or apache
+# mod_wsgi.
+#wsgi_log_format = %(client_ip)s "%(request_line)s" status: %(status_code)s len: %(body_length)s time: %(wall_seconds).7f
+
+#
+# This option specifies the HTTP header used to determine the protocol
+# scheme
+# for the original request, even if it was removed by a SSL
+# terminating proxy.
+#
+# Possible values:
+#
+# * None (default) - the request scheme is not influenced by any HTTP
+# headers
+# * Valid HTTP header, like HTTP_X_FORWARDED_PROTO
+#
+# WARNING: Do not set this unless you know what you are doing.
+#
+# Make sure ALL of the following are true before setting this
+# (assuming the
+# values from the example above):
+# * Your API is behind a proxy.
+# * Your proxy strips the X-Forwarded-Proto header from all incoming
+# requests.
+# In other words, if end users include that header in their
+# requests, the proxy
+# will discard it.
+# * Your proxy sets the X-Forwarded-Proto header and sends it to API,
+# but only
+# for requests that originally come in via HTTPS.
+#
+# If any of those are not true, you should keep this setting set to
+# None.
+#
+# (string value)
+#secure_proxy_ssl_header = <None>
+
+#
+# This option allows setting path to the CA certificate file that
+# should be used
+# to verify connecting clients.
+#
+# Possible values:
+#
+# * String representing path to the CA certificate file.
+#
+# Related options:
+#
+# * enabled_ssl_apis
+# (string value)
+#ssl_ca_file = <None>
+
+#
+# This option allows setting path to the SSL certificate of API
+# server.
+#
+# Possible values:
+#
+# * String representing path to the SSL certificate.
+#
+# Related options:
+#
+# * enabled_ssl_apis
+# (string value)
+#ssl_cert_file = <None>
+
+#
+# This option specifies the path to the file where SSL private key of
+# API
+# server is stored when SSL is in effect.
+#
+# Possible values:
+#
+# * String representing path to the SSL private key.
+#
+# Related options:
+#
+# * enabled_ssl_apis
+# (string value)
+#ssl_key_file = <None>
+
+#
+# This option sets the value of TCP_KEEPIDLE in seconds for each
+# server socket.
+# It specifies the duration of time to keep connection active. TCP
+# generates a
+# KEEPALIVE transmission for an application that requests to keep
+# connection
+# active. Not supported on OS X.
+#
+# Related options:
+#
+# * keep_alive
+# (integer value)
+# Minimum value: 0
+#tcp_keepidle = 600
+
+#
+# This option specifies the size of the pool of greenthreads used by
+# wsgi.
+# It is possible to limit the number of concurrent connections using
+# this
+# option.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/wsgi_default_pool_size
+#default_pool_size = 1000
+
+#
+# This option specifies the maximum line size of message headers to be
+# accepted.
+# max_header_line may need to be increased when using large tokens
+# (typically
+# those generated by the Keystone v3 API with big service catalogs).
+#
+# Since TCP is a stream based protocol, in order to reuse a
+# connection, the HTTP
+# has to have a way to indicate the end of the previous response and
+# beginning
+# of the next. Hence, in a keep_alive case, all messages must have a
+# self-defined message length.
+# (integer value)
+# Minimum value: 0
+#max_header_line = 16384
+
+#
+# This option allows using the same TCP connection to send and receive
+# multiple
+# HTTP requests/responses, as opposed to opening a new one for every
+# single
+# request/response pair. HTTP keep-alive indicates HTTP connection
+# reuse.
+#
+# Possible values:
+#
+# * True : reuse HTTP connection.
+# * False : closes the client socket connection explicitly.
+#
+# Related options:
+#
+# * tcp_keepidle
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/wsgi_keep_alive
+#keep_alive = true
+
+#
+# This option specifies the timeout for client connections' socket
+# operations.
+# If an incoming connection is idle for this number of seconds it will
+# be
+# closed. It indicates timeout on individual read/writes on the socket
+# connection. To wait forever set to 0.
+# (integer value)
+# Minimum value: 0
+#client_socket_timeout = 900
+
+
+[xenserver]
+#
+# XenServer options are used when the compute_driver is set to use
+# XenServer (compute_driver=xenapi.XenAPIDriver).
+#
+# Must specify connection_url, connection_password and
+# ovs_integration_bridge to
+# use compute_driver=xenapi.XenAPIDriver.
+
+#
+# From nova.conf
+#
+
+#
+# Number of seconds to wait for agent's reply to a request.
+#
+# Nova configures/performs certain administrative actions on a server
+# with the
+# help of an agent that's installed on the server. The communication
+# between
+# Nova and the agent is achieved via sharing messages, called records,
+# over
+# xenstore, a shared storage across all the domains on a Xenserver
+# host.
+# Operations performed by the agent on behalf of nova are: 'version','
+# key_init',
+# 'password','resetnetwork','inject_file', and 'agentupdate'.
+#
+# To perform one of the above operations, the xapi 'agent' plugin
+# writes the
+# command and its associated parameters to a certain location known to
+# the domain
+# and awaits response. On being notified of the message, the agent
+# performs
+# appropriate actions on the server and writes the result back to
+# xenstore. This
+# result is then read by the xapi 'agent' plugin to determine the
+# success/failure
+# of the operation.
+#
+# This config option determines how long the xapi 'agent' plugin shall
+# wait to
+# read the response off of xenstore for a given request/command. If
+# the agent on
+# the instance fails to write the result in this time period, the
+# operation is
+# considered to have timed out.
+#
+# Related options:
+#
+# * ``agent_version_timeout``
+# * ``agent_resetnetwork_timeout``
+#
+# (integer value)
+# Minimum value: 0
+#agent_timeout = 30
+
+#
+# Number of seconds to wait for agent't reply to version request.
+#
+# This indicates the amount of time xapi 'agent' plugin waits for the
+# agent to
+# respond to the 'version' request specifically. The generic timeout
+# for agent
+# communication ``agent_timeout`` is ignored in this case.
+#
+# During the build process the 'version' request is used to determine
+# if the
+# agent is available/operational to perform other requests such as
+# 'resetnetwork', 'password', 'key_init' and 'inject_file'. If the
+# 'version' call
+# fails, the other configuration is skipped. So, this configuration
+# option can
+# also be interpreted as time in which agent is expected to be fully
+# operational.
+# (integer value)
+# Minimum value: 0
+#agent_version_timeout = 300
+
+#
+# Number of seconds to wait for agent's reply to resetnetwork
+# request.
+#
+# This indicates the amount of time xapi 'agent' plugin waits for the
+# agent to
+# respond to the 'resetnetwork' request specifically. The generic
+# timeout for
+# agent communication ``agent_timeout`` is ignored in this case.
+# (integer value)
+# Minimum value: 0
+#agent_resetnetwork_timeout = 60
+
+#
+# Path to locate guest agent on the server.
+#
+# Specifies the path in which the XenAPI guest agent should be
+# located. If the
+# agent is present, network configuration is not injected into the
+# image.
+#
+# Related options:
+#
+# For this option to have an effect:
+# * ``flat_injected`` should be set to ``True``
+# * ``compute_driver`` should be set to ``xenapi.XenAPIDriver``
+#
+# (string value)
+#agent_path = usr/sbin/xe-update-networking
+
+#
+# Disables the use of XenAPI agent.
+#
+# This configuration option suggests whether the use of agent should
+# be enabled
+# or not regardless of what image properties are present. Image
+# properties have
+# an effect only when this is set to ``True``. Read description of
+# config option
+# ``use_agent_default`` for more information.
+#
+# Related options:
+#
+# * ``use_agent_default``
+#
+# (boolean value)
+#disable_agent = false
+
+#
+# Whether or not to use the agent by default when its usage is enabled
+# but not
+# indicated by the image.
+#
+# The use of XenAPI agent can be disabled altogether using the
+# configuration
+# option ``disable_agent``. However, if it is not disabled, the use of
+# an agent
+# can still be controlled by the image in use through one of its
+# properties,
+# ``xenapi_use_agent``. If this property is either not present or
+# specified
+# incorrectly on the image, the use of agent is determined by this
+# configuration
+# option.
+#
+# Note that if this configuration is set to ``True`` when the agent is
+# not
+# present, the boot times will increase significantly.
+#
+# Related options:
+#
+# * ``disable_agent``
+#
+# (boolean value)
+#use_agent_default = false
+
+# Timeout in seconds for XenAPI login. (integer value)
+# Minimum value: 0
+#login_timeout = 10
+
+#
+# Maximum number of concurrent XenAPI connections.
+#
+# In nova, multiple XenAPI requests can happen at a time.
+# Configuring this option will parallelize access to the XenAPI
+# session, which allows you to make concurrent XenAPI connections.
+# (integer value)
+# Minimum value: 1
+#connection_concurrent = 5
+
+#
+# Cache glance images locally.
+#
+# The value for this option must be chosen from the choices listed
+# here. Configuring a value other than these will default to 'all'.
+#
+# Note: There is nothing that deletes these images.
+#
+# Possible values:
+#
+# * `all`: will cache all images.
+# * `some`: will only cache images that have the
+# image_property `cache_in_nova=True`.
+# * `none`: turns off caching entirely.
+# (string value)
+# Possible values:
+# all - <No description provided>
+# some - <No description provided>
+# none - <No description provided>
+#cache_images = all
+
+#
+# Compression level for images.
+#
+# By setting this option we can configure the gzip compression level.
+# This option sets GZIP environment variable before spawning tar -cz
+# to force the compression level. It defaults to none, which means the
+# GZIP environment variable is not set and the default (usually -6)
+# is used.
+#
+# Possible values:
+#
+# * Range is 1-9, e.g., 9 for gzip -9, 9 being most
+# compressed but most CPU intensive on dom0.
+# * Any values out of this range will default to None.
+# (integer value)
+# Minimum value: 1
+# Maximum value: 9
+#image_compression_level = <None>
+
+# Default OS type used when uploading an image to glance (string
+# value)
+#default_os_type = linux
+
+# Time in secs to wait for a block device to be created (integer
+# value)
+# Minimum value: 1
+#block_device_creation_timeout = 10
+{%- if compute.block_device_creation_timeout is defined %}
+block_device_creation_timeout = {{ compute.block_device_creation_timeout }}
+{%- endif %}
+
+#
+# Maximum size in bytes of kernel or ramdisk images.
+#
+# Specifying the maximum size of kernel or ramdisk will avoid copying
+# large files to dom0 and fill up /boot/guest.
+# (integer value)
+#max_kernel_ramdisk_size = 16777216
+
+#
+# Filter for finding the SR to be used to install guest instances on.
+#
+# Possible values:
+#
+# * To use the Local Storage in default XenServer/XCP installations
+# set this flag to other-config:i18n-key=local-storage.
+# * To select an SR with a different matching criteria, you could
+# set it to other-config:my_favorite_sr=true.
+# * To fall back on the Default SR, as displayed by XenCenter,
+# set this flag to: default-sr:true.
+# (string value)
+#sr_matching_filter = default-sr:true
+
+#
+# Whether to use sparse_copy for copying data on a resize down.
+# (False will use standard dd). This speeds up resizes down
+# considerably since large runs of zeros won't have to be rsynced.
+# (boolean value)
+#sparse_copy = true
+
+#
+# Maximum number of retries to unplug VBD.
+# If set to 0, should try once, no retries.
+# (integer value)
+# Minimum value: 0
+#num_vbd_unplug_retries = 10
+
+#
+# Name of network to use for booting iPXE ISOs.
+#
+# An iPXE ISO is a specially crafted ISO which supports iPXE booting.
+# This feature gives a means to roll your own image.
+#
+# By default this option is not set. Enable this option to
+# boot an iPXE ISO.
+#
+# Related Options:
+#
+# * `ipxe_boot_menu_url`
+# * `ipxe_mkisofs_cmd`
+# (string value)
+#ipxe_network_name = <None>
+
+#
+# URL to the iPXE boot menu.
+#
+# An iPXE ISO is a specially crafted ISO which supports iPXE booting.
+# This feature gives a means to roll your own image.
+#
+# By default this option is not set. Enable this option to
+# boot an iPXE ISO.
+#
+# Related Options:
+#
+# * `ipxe_network_name`
+# * `ipxe_mkisofs_cmd`
+# (string value)
+#ipxe_boot_menu_url = <None>
+
+#
+# Name and optionally path of the tool used for ISO image creation.
+#
+# An iPXE ISO is a specially crafted ISO which supports iPXE booting.
+# This feature gives a means to roll your own image.
+#
+# Note: By default `mkisofs` is not present in the Dom0, so the
+# package can either be manually added to Dom0 or include the
+# `mkisofs` binary in the image itself.
+#
+# Related Options:
+#
+# * `ipxe_network_name`
+# * `ipxe_boot_menu_url`
+# (string value)
+#ipxe_mkisofs_cmd = mkisofs
+
+#
+# URL for connection to XenServer/Xen Cloud Platform. A special value
+# of unix://local can be used to connect to the local unix socket.
+#
+# Possible values:
+#
+# * Any string that represents a URL. The connection_url is
+# generally the management network IP address of the XenServer.
+# * This option must be set if you chose the XenServer driver.
+# (string value)
+#connection_url = <None>
+
+# Username for connection to XenServer/Xen Cloud Platform (string
+# value)
+#connection_username = root
+
+# Password for connection to XenServer/Xen Cloud Platform (string
+# value)
+#connection_password = <None>
+
+#
+# The interval used for polling of coalescing vhds.
+#
+# This is the interval after which the task of coalesce VHD is
+# performed, until it reaches the max attempts that is set by
+# vhd_coalesce_max_attempts.
+#
+# Related options:
+#
+# * `vhd_coalesce_max_attempts`
+# (floating point value)
+# Minimum value: 0
+#vhd_coalesce_poll_interval = 5.0
+
+#
+# Ensure compute service is running on host XenAPI connects to.
+# This option must be set to false if the 'independent_compute'
+# option is set to true.
+#
+# Possible values:
+#
+# * Setting this option to true will make sure that compute service
+# is running on the same host that is specified by connection_url.
+# * Setting this option to false, doesn't perform the check.
+#
+# Related options:
+#
+# * `independent_compute`
+# (boolean value)
+#check_host = true
+
+#
+# Max number of times to poll for VHD to coalesce.
+#
+# This option determines the maximum number of attempts that can be
+# made for coalescing the VHD before giving up.
+#
+# Related opitons:
+#
+# * `vhd_coalesce_poll_interval`
+# (integer value)
+# Minimum value: 0
+#vhd_coalesce_max_attempts = 20
+
+# Base path to the storage repository on the XenServer host. (string
+# value)
+#sr_base_path = /var/run/sr-mount
+
+#
+# The iSCSI Target Host.
+#
+# This option represents the hostname or ip of the iSCSI Target.
+# If the target host is not present in the connection information from
+# the volume provider then the value from this option is taken.
+#
+# Possible values:
+#
+# * Any string that represents hostname/ip of Target.
+# (unknown value)
+#target_host = <None>
+
+#
+# The iSCSI Target Port.
+#
+# This option represents the port of the iSCSI Target. If the
+# target port is not present in the connection information from the
+# volume provider then the value from this option is taken.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#target_port = 3260
+
+#
+# Used to prevent attempts to attach VBDs locally, so Nova can
+# be run in a VM on a different host.
+#
+# Related options:
+#
+# * ``CONF.flat_injected`` (Must be False)
+# * ``CONF.xenserver.check_host`` (Must be False)
+# * ``CONF.default_ephemeral_format`` (Must be unset or 'ext3')
+# * Joining host aggregates (will error if attempted)
+# * Swap disks for Windows VMs (will error if attempted)
+# * Nova-based auto_configure_disk (will error if attempted)
+# (boolean value)
+#independent_compute = false
+
+#
+# Wait time for instances to go to running state.
+#
+# Provide an integer value representing time in seconds to set the
+# wait time for an instance to go to running state.
+#
+# When a request to create an instance is received by nova-api and
+# communicated to nova-compute, the creation of the instance occurs
+# through interaction with Xen via XenAPI in the compute node. Once
+# the node on which the instance(s) are to be launched is decided by
+# nova-schedule and the launch is triggered, a certain amount of wait
+# time is involved until the instance(s) can become available and
+# 'running'. This wait time is defined by running_timeout. If the
+# instances do not go to running state within this specified wait
+# time, the launch expires and the instance(s) are set to 'error'
+# state.
+# (integer value)
+# Minimum value: 0
+#running_timeout = 60
+
+# DEPRECATED:
+# The XenAPI VIF driver using XenServer Network APIs.
+#
+# Provide a string value representing the VIF XenAPI vif driver to use
+# for
+# plugging virtual network interfaces.
+#
+# Xen configuration uses bridging within the backend domain to allow
+# all VMs to appear on the network as individual hosts. Bridge
+# interfaces are used to create a XenServer VLAN network in which
+# the VIFs for the VM instances are plugged. If no VIF bridge driver
+# is plugged, the bridge is not made available. This configuration
+# option takes in a value for the VIF driver.
+#
+# Possible values:
+#
+# * nova.virt.xenapi.vif.XenAPIOpenVswitchDriver (default)
+# * nova.virt.xenapi.vif.XenAPIBridgeDriver (deprecated)
+#
+# Related options:
+#
+# * ``vlan_interface``
+# * ``ovs_integration_bridge``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# There are only two in-tree vif drivers for XenServer.
+# XenAPIBridgeDriver is for
+# nova-network which is deprecated and XenAPIOpenVswitchDriver is for
+# Neutron
+# which is the default configuration for Nova since the 15.0.0 Ocata
+# release. In
+# the future the "use_neutron" configuration option will be used to
+# determine
+# which vif driver to use.
+#vif_driver = nova.virt.xenapi.vif.XenAPIOpenVswitchDriver
+
+#
+# Dom0 plugin driver used to handle image uploads.
+#
+# Provide a string value representing a plugin driver required to
+# handle the image uploading to GlanceStore.
+#
+# Images, and snapshots from XenServer need to be uploaded to the data
+# store for use. image_upload_handler takes in a value for the Dom0
+# plugin driver. This driver is then called to uplaod images to the
+# GlanceStore.
+# (string value)
+#image_upload_handler = nova.virt.xenapi.image.glance.GlanceStore
+
+#
+# Number of seconds to wait for SR to settle if the VDI
+# does not exist when first introduced.
+#
+# Some SRs, particularly iSCSI connections are slow to see the VDIs
+# right after they got introduced. Setting this option to a
+# time interval will make the SR to wait for that time period
+# before raising VDI not found exception.
+# (integer value)
+# Minimum value: 0
+#introduce_vdi_retry_wait = 20
+
+#
+# The name of the integration Bridge that is used with xenapi
+# when connecting with Open vSwitch.
+#
+# Note: The value of this config option is dependent on the
+# environment, therefore this configuration value must be set
+# accordingly if you are using XenAPI.
+#
+# Possible values:
+#
+# * Any string that represents a bridge name.
+# (string value)
+#ovs_integration_bridge = <None>
+
+#
+# When adding new host to a pool, this will append a --force flag to
+# the
+# command, forcing hosts to join a pool, even if they have different
+# CPUs.
+#
+# Since XenServer version 5.6 it is possible to create a pool of hosts
+# that have
+# different CPU capabilities. To accommodate CPU differences,
+# XenServer limited
+# features it uses to determine CPU compatibility to only the ones
+# that are
+# exposed by CPU and support for CPU masking was added.
+# Despite this effort to level differences between CPUs, it is still
+# possible
+# that adding new host will fail, thus option to force join was
+# introduced.
+# (boolean value)
+#use_join_force = true
+
+#
+# Publicly visible name for this console host.
+#
+# Possible values:
+#
+# * Current hostname (default) or any string representing hostname.
+# (string value)
+#console_public_hostname = <current_hostname>
+
+
+[xvp]
+#
+# Configuration options for XVP.
+#
+# xvp (Xen VNC Proxy) is a proxy server providing password-protected
+# VNC-based
+# access to the consoles of virtual machines hosted on Citrix
+# XenServer.
+
+#
+# From nova.conf
+#
+
+# XVP conf template (string value)
+#console_xvp_conf_template = $pybasedir/nova/console/xvp.conf.template
+
+# Generated XVP conf file (string value)
+#console_xvp_conf = /etc/xvp.conf
+
+# XVP master process pid file (string value)
+#console_xvp_pid = /var/run/xvp.pid
+
+# XVP log file (string value)
+#console_xvp_log = /var/log/xvp.log
+
+# Port for XVP to multiplex VNC connections on (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#console_xvp_multiplex_port = 5900
+
+[matchmaker_redis]
+{#- include "oslo_templates/oslo/_matchmaker_redis.conf" #}
+
+[oslo_messaging_notifications]
+{%- set _data = compute.notification %}
+{%- include "oslo_templates/files/queens/oslo/messaging/_notifications.conf" %}
+
+{%- if compute.message_queue is defined %}
+{%- set _data = compute.message_queue %}
+{%- if _data.engine == 'rabbitmq' %}
+ {%- set messaging_engine = 'rabbit' %}
+{%- else %}
+ {%- set messaging_engine = _data.engine %}
+{%- endif %}
+[oslo_messaging_{{ messaging_engine }}]
+{%- include "oslo_templates/files/queens/oslo/messaging/_" + messaging_engine + ".conf" %}
+{%- endif %}
+
+[oslo_policy]
+{%- if compute.policy is defined %}
+{%- set _data = compute.policy %}
+{%- include "oslo_templates/files/queens/oslo/_policy.conf" %}
+{%- endif %}
+
+[database]
+{%- set _data = compute.database %}
+{%- if _data.ssl is defined and 'cacert_file' not in _data.get('ssl', {}).keys() %}{% do _data['ssl'].update({'cacert_file': compute.cacert_file}) %}{% endif %}
+{%- include "oslo_templates/files/queens/oslo/_database.conf" %}
+
+[oslo_middleware]
+{%- set _data = compute %}
+{%- include "oslo_templates/files/queens/oslo/_middleware.conf" %}
+
+[keystone_authtoken]
+{%- set _data = compute.identity %}
+{%- if 'cacert_file' not in _data.keys() %}{% do _data.update({'cacert_file': compute.cacert_file}) %}{% endif %}
+{%- set auth_type = _data.get('auth_type', 'password') %}
+{%- include "oslo_templates/files/queens/keystonemiddleware/_auth_token.conf" %}
+{%- include "oslo_templates/files/queens/keystoneauth/_type_" + auth_type + ".conf" %}
+
diff --git a/nova/files/queens/nova-compute.conf.RedHat b/nova/files/queens/nova-compute.conf.RedHat
new file mode 120000
index 0000000..ad4c8f6
--- /dev/null
+++ b/nova/files/queens/nova-compute.conf.RedHat
@@ -0,0 +1 @@
+nova-compute.conf.Debian
\ No newline at end of file
diff --git a/nova/files/queens/nova-controller.conf.Debian b/nova/files/queens/nova-controller.conf.Debian
new file mode 100644
index 0000000..c413d87
--- /dev/null
+++ b/nova/files/queens/nova-controller.conf.Debian
@@ -0,0 +1,10751 @@
+{%- from "nova/map.jinja" import controller,compute_driver_mapping with context %}
+[DEFAULT]
+
+#
+# From nova.conf
+#
+compute_manager=nova.controller.manager.ComputeManager
+network_device_mtu=65000
+use_neutron = True
+security_group_api=neutron
+image_service=nova.image.glance.GlanceImageService
+
+#
+# Availability zone for internal services.
+#
+# This option determines the availability zone for the various
+# internal nova
+# services, such as 'nova-scheduler', 'nova-conductor', etc.
+#
+# Possible values:
+#
+# * Any string representing an existing availability zone name.
+# (string value)
+#internal_service_availability_zone = internal
+
+#
+# Default availability zone for compute services.
+#
+# This option determines the default availability zone for 'nova-
+# compute'
+# services, which will be used if the service(s) do not belong to
+# aggregates with
+# availability zone metadata.
+#
+# Possible values:
+#
+# * Any string representing an existing availability zone name.
+# (string value)
+#default_availability_zone = nova
+
+#
+# Default availability zone for instances.
+#
+# This option determines the default availability zone for instances,
+# which will
+# be used when a user does not specify one when creating an instance.
+# The
+# instance(s) will be bound to this availability zone for their
+# lifetime.
+#
+# Possible values:
+#
+# * Any string representing an existing availability zone name.
+# * None, which means that the instance can move from one availability
+# zone to
+# another during its lifetime if it is moved from one compute node
+# to another.
+# (string value)
+#default_schedule_zone = <None>
+
+# Length of generated instance admin passwords. (integer value)
+# Minimum value: 0
+#password_length = 12
+
+#
+# Time period to generate instance usages for. It is possible to
+# define optional
+# offset to given period by appending @ character followed by a number
+# defining
+# offset.
+#
+# Possible values:
+#
+# * period, example: ``hour``, ``day``, ``month` or ``year``
+# * period with offset, example: ``month@15`` will result in monthly
+# audits
+# starting on 15th day of month.
+# (string value)
+#instance_usage_audit_period = month
+{% if pillar.ceilometer is defined %}
+instance_usage_audit = True
+instance_usage_audit_period = hour
+{%- endif %}
+
+#
+# Start and use a daemon that can run the commands that need to be run
+# with
+# root privileges. This option is usually enabled on nodes that run
+# nova compute
+# processes.
+# (boolean value)
+#use_rootwrap_daemon = false
+
+#
+# Path to the rootwrap configuration file.
+#
+# Goal of the root wrapper is to allow a service-specific unprivileged
+# user to
+# run a number of actions as the root user in the safest manner
+# possible.
+# The configuration file used here must match the one defined in the
+# sudoers
+# entry.
+# (string value)
+rootwrap_config = /etc/nova/rootwrap.conf
+
+# Explicitly specify the temporary working directory. (string value)
+#tempdir = <None>
+
+# DEPRECATED:
+# Determine if monkey patching should be applied.
+#
+# Related options:
+#
+# * ``monkey_patch_modules``: This must have values set for this
+# option to
+# have any effect
+# (boolean value)
+# This option is deprecated for removal since 17.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# Monkey patching nova is not tested, not supported, and is a barrier
+# for interoperability.
+#monkey_patch = false
+
+# DEPRECATED:
+# List of modules/decorators to monkey patch.
+#
+# This option allows you to patch a decorator for all functions in
+# specified
+# modules.
+#
+# Possible values:
+#
+# * nova.compute.api:nova.notifications.notify_decorator
+# * [...]
+#
+# Related options:
+#
+# * ``monkey_patch``: This must be set to ``True`` for this option to
+# have any effect
+# (list value)
+# This option is deprecated for removal since 17.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# Monkey patching nova is not tested, not supported, and is a barrier
+# for interoperability.
+#monkey_patch_modules = nova.compute.api:nova.notifications.notify_decorator
+
+#
+# Defines which driver to use for controlling virtualization.
+#
+# Possible values:
+#
+# * ``libvirt.LibvirtDriver``
+# * ``xenapi.XenAPIDriver``
+# * ``fake.FakeDriver``
+# * ``ironic.IronicDriver``
+# * ``vmwareapi.VMwareVCDriver``
+# * ``hyperv.HyperVDriver``
+# * ``powervm.PowerVMDriver``
+# (string value)
+#compute_driver = <None>
+compute_driver = {{ controller.get('compute_driver', 'libvirt.LibvirtDriver') }}
+
+#
+# Allow destination machine to match source for resize. Useful when
+# testing in single-host environments. By default it is not allowed
+# to resize to the same host. Setting this option to true will add
+# the same host to the destination options. Also set to true
+# if you allow the ServerGroupAffinityFilter and need to resize.
+# (boolean value)
+#allow_resize_to_same_host = false
+allow_resize_to_same_host = true
+
+#
+# Image properties that should not be inherited from the instance
+# when taking a snapshot.
+#
+# This option gives an opportunity to select which image-properties
+# should not be inherited by newly created snapshots.
+#
+# Possible values:
+#
+# * A comma-separated list whose item is an image property. Usually
+# only
+# the image properties that are only needed by base images can be
+# included
+# here, since the snapshots that are created from the base images
+# don't
+# need them.
+# * Default list: cache_in_nova, bittorrent,
+# img_signature_hash_method,
+# img_signature, img_signature_key_type,
+# img_signature_certificate_uuid
+#
+# (list value)
+#non_inheritable_image_properties = cache_in_nova,bittorrent,img_signature_hash_method,img_signature,img_signature_key_type,img_signature_certificate_uuid
+
+# DEPRECATED:
+# When creating multiple instances with a single request using the
+# os-multiple-create API extension, this template will be used to
+# build
+# the display name for each instance. The benefit is that the
+# instances
+# end up with different hostnames. Example display names when creating
+# two VM's: name-1, name-2.
+#
+# Possible values:
+#
+# * Valid keys for the template are: name, uuid, count.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# This config changes API behaviour. All changes in API behaviour
+# should be
+# discoverable.
+#multi_instance_display_name_template = %(name)s-%(count)d
+
+#
+# Maximum number of devices that will result in a local image being
+# created on the hypervisor node.
+#
+# A negative number means unlimited. Setting max_local_block_devices
+# to 0 means that any request that attempts to create a local disk
+# will fail. This option is meant to limit the number of local discs
+# (so root local disc that is the result of --image being used, and
+# any other ephemeral and swap disks). 0 does not mean that images
+# will be automatically converted to volumes and boot instances from
+# volumes - it just means that all requests that attempt to create a
+# local disk will fail.
+#
+# Possible values:
+#
+# * 0: Creating a local disk is not allowed.
+# * Negative number: Allows unlimited number of local discs.
+# * Positive number: Allows only these many number of local discs.
+# (Default value is 3).
+# (integer value)
+#max_local_block_devices = 3
+
+#
+# A comma-separated list of monitors that can be used for getting
+# compute metrics. You can use the alias/name from the setuptools
+# entry points for nova.compute.monitors.* namespaces. If no
+# namespace is supplied, the "cpu." namespace is assumed for
+# backwards-compatibility.
+#
+# NOTE: Only one monitor per namespace (For example: cpu) can be
+# loaded at
+# a time.
+#
+# Possible values:
+#
+# * An empty list will disable the feature (Default).
+# * An example value that would enable both the CPU and NUMA memory
+# bandwidth monitors that use the virt driver variant:
+#
+# compute_monitors = cpu.virt_driver, numa_mem_bw.virt_driver
+# (list value)
+#compute_monitors =
+
+#
+# The default format an ephemeral_volume will be formatted with on
+# creation.
+#
+# Possible values:
+#
+# * ``ext2``
+# * ``ext3``
+# * ``ext4``
+# * ``xfs``
+# * ``ntfs`` (only for Windows guests)
+# (string value)
+#default_ephemeral_format = <None>
+
+#
+# Determine if instance should boot or fail on VIF plugging timeout.
+#
+# Nova sends a port update to Neutron after an instance has been
+# scheduled,
+# providing Neutron with the necessary information to finish setup of
+# the port.
+# Once completed, Neutron notifies Nova that it has finished setting
+# up the
+# port, at which point Nova resumes the boot of the instance since
+# network
+# connectivity is now supposed to be present. A timeout will occur if
+# the reply
+# is not received after a given interval.
+#
+# This option determines what Nova does when the VIF plugging timeout
+# event
+# happens. When enabled, the instance will error out. When disabled,
+# the
+# instance will continue to boot on the assumption that the port is
+# ready.
+#
+# Possible values:
+#
+# * True: Instances should fail after VIF plugging timeout
+# * False: Instances should continue booting after VIF plugging
+# timeout
+# (boolean value)
+vif_plugging_is_fatal = {{ controller.get('vif_plugging_is_fatal', 'true') }}
+
+#
+# Timeout for Neutron VIF plugging event message arrival.
+#
+# Number of seconds to wait for Neutron vif plugging events to
+# arrive before continuing or failing (see 'vif_plugging_is_fatal').
+#
+# Related options:
+#
+# * vif_plugging_is_fatal - If ``vif_plugging_timeout`` is set to zero
+# and
+# ``vif_plugging_is_fatal`` is False, events should not be expected
+# to
+# arrive at all.
+# (integer value)
+# Minimum value: 0
+vif_plugging_timeout = {{ controller.get('vif_plugging_timeout', '300') }}
+
+# Path to '/etc/network/interfaces' template.
+#
+# The path to a template file for the '/etc/network/interfaces'-style
+# file, which
+# will be populated by nova and subsequently used by cloudinit. This
+# provides a
+# method to configure network connectivity in environments without a
+# DHCP server.
+#
+# The template will be rendered using Jinja2 template engine, and
+# receive a
+# top-level key called ``interfaces``. This key will contain a list of
+# dictionaries, one for each interface.
+#
+# Refer to the cloudinit documentaion for more information:
+#
+# https://cloudinit.readthedocs.io/en/latest/topics/datasources.html
+#
+# Possible values:
+#
+# * A path to a Jinja2-formatted template for a Debian
+# '/etc/network/interfaces'
+# file. This applies even if using a non Debian-derived guest.
+#
+# Related options:
+#
+# * ``flat_inject``: This must be set to ``True`` to ensure nova
+# embeds network
+# configuration information in the metadata provided through the
+# config drive.
+# (string value)
+#injected_network_template = $pybasedir/nova/virt/interfaces.template
+
+#
+# The image preallocation mode to use.
+#
+# Image preallocation allows storage for instance images to be
+# allocated up front
+# when the instance is initially provisioned. This ensures immediate
+# feedback is
+# given if enough space isn't available. In addition, it should
+# significantly
+# improve performance on writes to new blocks and may even improve I/O
+# performance to prewritten blocks due to reduced fragmentation.
+#
+# Possible values:
+#
+# * "none" => no storage provisioning is done up front
+# * "space" => storage is fully allocated at instance start
+# (string value)
+# Possible values:
+# none - <No description provided>
+# space - <No description provided>
+#preallocate_images = none
+
+#
+# Enable use of copy-on-write (cow) images.
+#
+# QEMU/KVM allow the use of qcow2 as backing files. By disabling this,
+# backing files will not be used.
+# (boolean value)
+#use_cow_images = true
+
+#
+# Force conversion of backing images to raw format.
+#
+# Possible values:
+#
+# * True: Backing image files will be converted to raw image format
+# * False: Backing image files will not be converted
+#
+# Related options:
+#
+# * ``compute_driver``: Only the libvirt driver uses this option.
+# (boolean value)
+#force_raw_images = true
+
+#
+# Name of the mkfs commands for ephemeral device.
+#
+# The format is <os_type>=<mkfs command>
+# (multi valued)
+#virt_mkfs =
+
+#
+# Enable resizing of filesystems via a block device.
+#
+# If enabled, attempt to resize the filesystem by accessing the image
+# over a
+# block device. This is done by the host and may not be necessary if
+# the image
+# contains a recent version of cloud-init. Possible mechanisms require
+# the nbd
+# driver (for qcow and raw), or loop (for raw).
+# (boolean value)
+#resize_fs_using_block_device = false
+
+# Amount of time, in seconds, to wait for NBD device start up.
+# (integer value)
+# Minimum value: 0
+#timeout_nbd = 10
+
+#
+# Location of cached images.
+#
+# This is NOT the full path - just a folder name relative to
+# '$instances_path'.
+# For per-compute-host cached images, set to '_base_$my_ip'
+# (string value)
+#image_cache_subdirectory_name = _base
+
+# Should unused base images be removed? (boolean value)
+#remove_unused_base_images = true
+
+#
+# Unused unresized base images younger than this will not be removed.
+# (integer value)
+remove_unused_original_minimum_age_seconds = 86400
+
+#
+# Generic property to specify the pointer type.
+#
+# Input devices allow interaction with a graphical framebuffer. For
+# example to provide a graphic tablet for absolute cursor movement.
+#
+# If set, the 'hw_pointer_model' image property takes precedence over
+# this configuration option.
+#
+# Possible values:
+#
+# * None: Uses default behavior provided by drivers (mouse on PS2 for
+# libvirt x86)
+# * ps2mouse: Uses relative movement. Mouse connected by PS2
+# * usbtablet: Uses absolute movement. Tablet connect by USB
+#
+# Related options:
+#
+# * usbtablet must be configured with VNC enabled or SPICE enabled and
+# SPICE
+# agent disabled. When used with libvirt the instance mode should be
+# configured as HVM.
+# (string value)
+# Possible values:
+# <None> - <No description provided>
+# ps2mouse - <No description provided>
+# usbtablet - <No description provided>
+#pointer_model = usbtablet
+
+#
+# Defines which physical CPUs (pCPUs) can be used by instance
+# virtual CPUs (vCPUs).
+#
+# Possible values:
+#
+# * A comma-separated list of physical CPU numbers that virtual CPUs
+# can be
+# allocated to by default. Each element should be either a single
+# CPU number,
+# a range of CPU numbers, or a caret followed by a CPU number to be
+# excluded from a previous range. For example:
+#
+# vcpu_pin_set = "4-12,^8,15"
+# (string value)
+#vcpu_pin_set = <None>
+
+#
+# Number of huge/large memory pages to reserved per NUMA host cell.
+#
+# Possible values:
+#
+# * A list of valid key=value which reflect NUMA node ID, page size
+# (Default unit is KiB) and number of pages to be reserved.
+#
+# reserved_huge_pages = node:0,size:2048,count:64
+# reserved_huge_pages = node:1,size:1GB,count:1
+#
+# In this example we are reserving on NUMA node 0 64 pages of 2MiB
+# and on NUMA node 1 1 page of 1GiB.
+# (dict value)
+#reserved_huge_pages = <None>
+
+#
+# Amount of disk resources in MB to make them always available to
+# host. The
+# disk usage gets reported back to the scheduler from nova-compute
+# running
+# on the compute nodes. To prevent the disk resources from being
+# considered
+# as available, this option can be used to reserve disk space for that
+# host.
+#
+# Possible values:
+#
+# * Any positive integer representing amount of disk in MB to reserve
+# for the host.
+# (integer value)
+# Minimum value: 0
+#reserved_host_disk_mb = 0
+
+#
+# Amount of memory in MB to reserve for the host so that it is always
+# available
+# to host processes. The host resources usage is reported back to the
+# scheduler
+# continuously from nova-compute running on the compute node. To
+# prevent the host
+# memory from being considered as available, this option is used to
+# reserve
+# memory for the host.
+#
+# Possible values:
+#
+# * Any positive integer representing amount of memory in MB to
+# reserve
+# for the host.
+# (integer value)
+# Minimum value: 0
+#reserved_host_memory_mb = 512
+
+#
+# Number of physical CPUs to reserve for the host. The host resources
+# usage is
+# reported back to the scheduler continuously from nova-compute
+# running on the
+# compute node. To prevent the host CPU from being considered as
+# available,
+# this option is used to reserve random pCPU(s) for the host.
+#
+# Possible values:
+#
+# * Any positive integer representing number of physical CPUs to
+# reserve
+# for the host.
+# (integer value)
+# Minimum value: 0
+#reserved_host_cpus = 0
+
+#
+# This option helps you specify virtual CPU to physical CPU allocation
+# ratio.
+#
+# From Ocata (15.0.0) this is used to influence the hosts selected by
+# the Placement API. Note that when Placement is used, the CoreFilter
+# is redundant, because the Placement API will have already filtered
+# out hosts that would have failed the CoreFilter.
+#
+# This configuration specifies ratio for CoreFilter which can be set
+# per compute node. For AggregateCoreFilter, it will fall back to this
+# configuration value if no per-aggregate setting is found.
+#
+# NOTE: This can be set per-compute, or if set to 0.0, the value
+# set on the scheduler node(s) or compute node(s) will be used
+# and defaulted to 16.0.
+#
+# NOTE: As of the 16.0.0 Pike release, this configuration option is
+# ignored
+# for the ironic.IronicDriver compute driver and is hardcoded to 1.0.
+#
+# Possible values:
+#
+# * Any valid positive integer or float value
+# (floating point value)
+# Minimum value: 0
+#cpu_allocation_ratio = 0.0
+{%- if controller.cpu_allocation_ratio is defined %}
+cpu_allocation_ratio = {{ controller.cpu_allocation_ratio }}
+{%- else %}
+#cpu_allocation_ratio=0.0
+{%- endif %}
+
+#
+# This option helps you specify virtual RAM to physical RAM
+# allocation ratio.
+#
+# From Ocata (15.0.0) this is used to influence the hosts selected by
+# the Placement API. Note that when Placement is used, the RamFilter
+# is redundant, because the Placement API will have already filtered
+# out hosts that would have failed the RamFilter.
+#
+# This configuration specifies ratio for RamFilter which can be set
+# per compute node. For AggregateRamFilter, it will fall back to this
+# configuration value if no per-aggregate setting found.
+#
+# NOTE: This can be set per-compute, or if set to 0.0, the value
+# set on the scheduler node(s) or compute node(s) will be used and
+# defaulted to 1.5.
+#
+# NOTE: As of the 16.0.0 Pike release, this configuration option is
+# ignored
+# for the ironic.IronicDriver compute driver and is hardcoded to 1.0.
+#
+# Possible values:
+#
+# * Any valid positive integer or float value
+# (floating point value)
+# Minimum value: 0
+#ram_allocation_ratio = 0.0
+{%- if controller.ram_allocation_ratio is defined %}
+ram_allocation_ratio = {{ controller.ram_allocation_ratio }}
+{%- else %}
+#ram_allocation_ratio=0.0
+{%- endif %}
+
+#
+# This option helps you specify virtual disk to physical disk
+# allocation ratio.
+#
+# From Ocata (15.0.0) this is used to influence the hosts selected by
+# the Placement API. Note that when Placement is used, the DiskFilter
+# is redundant, because the Placement API will have already filtered
+# out hosts that would have failed the DiskFilter.
+#
+# A ratio greater than 1.0 will result in over-subscription of the
+# available physical disk, which can be useful for more
+# efficiently packing instances created with images that do not
+# use the entire virtual disk, such as sparse or compressed
+# images. It can be set to a value between 0.0 and 1.0 in order
+# to preserve a percentage of the disk for uses other than
+# instances.
+#
+# NOTE: This can be set per-compute, or if set to 0.0, the value
+# set on the scheduler node(s) or compute node(s) will be used and
+# defaulted to 1.0.
+#
+# NOTE: As of the 16.0.0 Pike release, this configuration option is
+# ignored
+# for the ironic.IronicDriver compute driver and is hardcoded to 1.0.
+#
+# Possible values:
+#
+# * Any valid positive integer or float value
+# (floating point value)
+# Minimum value: 0
+#disk_allocation_ratio = 0.0
+
+#
+# Console proxy host to be used to connect to instances on this host.
+# It is the
+# publicly visible name for the console host.
+#
+# Possible values:
+#
+# * Current hostname (default) or any string representing hostname.
+# (string value)
+#console_host = <current_hostname>
+
+#
+# Name of the network to be used to set access IPs for instances. If
+# there are
+# multiple IPs to choose from, an arbitrary one will be chosen.
+#
+# Possible values:
+#
+# * None (default)
+# * Any string representing network name.
+# (string value)
+#default_access_ip_network_name = <None>
+
+#
+# Whether to batch up the application of IPTables rules during a host
+# restart
+# and apply all at the end of the init phase.
+# (boolean value)
+#defer_iptables_apply = false
+
+#
+# Specifies where instances are stored on the hypervisor's disk.
+# It can point to locally attached storage or a directory on NFS.
+#
+# Possible values:
+#
+# * $state_path/instances where state_path is a config option that
+# specifies
+# the top-level directory for maintaining nova's state. (default) or
+# Any string representing directory path.
+# (string value)
+#instances_path =
+
+#
+# This option enables periodic compute.instance.exists notifications.
+# Each
+# compute node must be configured to generate system usage data. These
+# notifications are consumed by OpenStack Telemetry service.
+# (boolean value)
+#instance_usage_audit = false
+{% if controller.instance_usage_audit is defined %}
+instance_usage_audit = {{ controller.instance_usage_audit }}
+{%- endif %}
+
+#
+# Maximum number of 1 second retries in live_migration. It specifies
+# number
+# of retries to iptables when it complains. It happens when an user
+# continuously
+# sends live-migration request to same host leading to concurrent
+# request
+# to iptables.
+#
+# Possible values:
+#
+# * Any positive integer representing retry count.
+# (integer value)
+# Minimum value: 0
+#live_migration_retry_count = 30
+
+#
+# This option specifies whether to start guests that were running
+# before the
+# host rebooted. It ensures that all of the instances on a Nova
+# compute node
+# resume their state each time the compute node boots or restarts.
+# (boolean value)
+#resume_guests_state_on_host_boot = {{ controller.get('resume_guests_state_on_host_boot', True) }}
+
+#
+# Number of times to retry network allocation. It is required to
+# attempt network
+# allocation retries if the virtual interface plug fails.
+#
+# Possible values:
+#
+# * Any positive integer representing retry count.
+# (integer value)
+# Minimum value: 0
+#network_allocate_retries = 0
+
+#
+# Limits the maximum number of instance builds to run concurrently by
+# nova-compute. Compute service can attempt to build an infinite
+# number of
+# instances, if asked to do so. This limit is enforced to avoid
+# building
+# unlimited instance concurrently on a compute node. This value can be
+# set
+# per compute node.
+#
+# Possible Values:
+#
+# * 0 : treated as unlimited.
+# * Any positive integer representing maximum concurrent builds.
+# (integer value)
+# Minimum value: 0
+#max_concurrent_builds = 10
+
+#
+# Maximum number of live migrations to run concurrently. This limit is
+# enforced
+# to avoid outbound live migrations overwhelming the host/network and
+# causing
+# failures. It is not recommended that you change this unless you are
+# very sure
+# that doing so is safe and stable in your environment.
+#
+# Possible values:
+#
+# * 0 : treated as unlimited.
+# * Negative value defaults to 0.
+# * Any positive integer representing maximum number of live
+# migrations
+# to run concurrently.
+# (integer value)
+#max_concurrent_live_migrations = 1
+
+#
+# Number of times to retry block device allocation on failures.
+# Starting with
+# Liberty, Cinder can use image volume cache. This may help with block
+# device
+# allocation performance. Look at the cinder
+# image_volume_cache_enabled
+# configuration option.
+#
+# Possible values:
+#
+# * 60 (default)
+# * If value is 0, then one attempt is made.
+# * Any negative value is treated as 0.
+# * For any value > 0, total attempts are (value + 1)
+# (integer value)
+block_device_allocate_retries = {{ controller.get('block_device_allocate_retries', '600') }}
+
+#
+# Number of greenthreads available for use to sync power states.
+#
+# This option can be used to reduce the number of concurrent requests
+# made to the hypervisor or system with real instance power states
+# for performance reasons, for example, with Ironic.
+#
+# Possible values:
+#
+# * Any positive integer representing greenthreads count.
+# (integer value)
+#sync_power_state_pool_size = 1000
+
+#
+# Number of seconds to wait between runs of the image cache manager.
+#
+# Possible values:
+# * 0: run at the default rate.
+# * -1: disable
+# * Any other value
+# (integer value)
+# Minimum value: -1
+# image_cache_manager_interval = 0
+
+#
+# Interval to pull network bandwidth usage info.
+#
+# Not supported on all hypervisors. If a hypervisor doesn't support
+# bandwidth
+# usage, it will not get the info in the usage events.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+# (integer value)
+#bandwidth_poll_interval = 600
+
+#
+# Interval to sync power states between the database and the
+# hypervisor.
+#
+# The interval that Nova checks the actual virtual machine power state
+# and the power state that Nova has in its database. If a user powers
+# down their VM, Nova updates the API to report the VM has been
+# powered down. Should something turn on the VM unexpectedly,
+# Nova will turn the VM back off to keep the system in the expected
+# state.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+#
+# Related options:
+#
+# * If ``handle_virt_lifecycle_events`` in workarounds_group is
+# false and this option is negative, then instances that get out
+# of sync between the hypervisor and the Nova database will have
+# to be synchronized manually.
+# (integer value)
+#sync_power_state_interval = 600
+
+#
+# Interval between instance network information cache updates.
+#
+# Number of seconds after which each compute node runs the task of
+# querying Neutron for all of its instances networking information,
+# then updates the Nova db with that information. Nova will never
+# update it's cache if this option is set to 0. If we don't update the
+# cache, the metadata service and nova-api endpoints will be proxying
+# incorrect network data about the instance. So, it is not recommended
+# to set this option to 0.
+#
+# Possible values:
+#
+# * Any positive integer in seconds.
+# * Any value <=0 will disable the sync. This is not recommended.
+# (integer value)
+#heal_instance_info_cache_interval = 60
+
+#
+# Interval for reclaiming deleted instances.
+#
+# A value greater than 0 will enable SOFT_DELETE of instances.
+# This option decides whether the server to be deleted will be put
+# into
+# the SOFT_DELETED state. If this value is greater than 0, the deleted
+# server will not be deleted immediately, instead it will be put into
+# a queue until it's too old (deleted time greater than the value of
+# reclaim_instance_interval). The server can be recovered from the
+# delete queue by using the restore action. If the deleted server
+# remains
+# longer than the value of reclaim_instance_interval, it will be
+# deleted by a periodic task in the compute service automatically.
+#
+# Note that this option is read from both the API and compute nodes,
+# and
+# must be set globally otherwise servers could be put into a soft
+# deleted
+# state in the API and never actually reclaimed (deleted) on the
+# compute
+# node.
+#
+# Possible values:
+#
+# * Any positive integer(in seconds) greater than 0 will enable
+# this option.
+# * Any value <=0 will disable the option.
+# (integer value)
+#reclaim_instance_interval = 0
+
+#
+# Interval for gathering volume usages.
+#
+# This option updates the volume usage cache for every
+# volume_usage_poll_interval number of seconds.
+#
+# Possible values:
+#
+# * Any positive integer(in seconds) greater than 0 will enable
+# this option.
+# * Any value <=0 will disable the option.
+# (integer value)
+#volume_usage_poll_interval = 0
+
+#
+# Interval for polling shelved instances to offload.
+#
+# The periodic task runs for every shelved_poll_interval number
+# of seconds and checks if there are any shelved instances. If it
+# finds a shelved instance, based on the 'shelved_offload_time' config
+# value it offloads the shelved instances. Check
+# 'shelved_offload_time'
+# config option description for details.
+#
+# Possible values:
+#
+# * Any value <= 0: Disables the option.
+# * Any positive integer in seconds.
+#
+# Related options:
+#
+# * ``shelved_offload_time``
+# (integer value)
+#shelved_poll_interval = 3600
+
+#
+# Time before a shelved instance is eligible for removal from a host.
+#
+# By default this option is set to 0 and the shelved instance will be
+# removed from the hypervisor immediately after shelve operation.
+# Otherwise, the instance will be kept for the value of
+# shelved_offload_time(in seconds) so that during the time period the
+# unshelve action will be faster, then the periodic task will remove
+# the instance from hypervisor after shelved_offload_time passes.
+#
+# Possible values:
+#
+# * 0: Instance will be immediately offloaded after being
+# shelved.
+# * Any value < 0: An instance will never offload.
+# * Any positive integer in seconds: The instance will exist for
+# the specified number of seconds before being offloaded.
+# (integer value)
+#shelved_offload_time = 0
+
+#
+# Interval for retrying failed instance file deletes.
+#
+# This option depends on 'maximum_instance_delete_attempts'.
+# This option specifies how often to retry deletes whereas
+# 'maximum_instance_delete_attempts' specifies the maximum number
+# of retry attempts that can be made.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+#
+# Related options:
+#
+# * ``maximum_instance_delete_attempts`` from instance_cleaning_opts
+# group.
+# (integer value)
+#instance_delete_interval = 300
+
+#
+# Interval (in seconds) between block device allocation retries on
+# failures.
+#
+# This option allows the user to specify the time interval between
+# consecutive retries. 'block_device_allocate_retries' option
+# specifies
+# the maximum number of retries.
+#
+# Possible values:
+#
+# * 0: Disables the option.
+# * Any positive integer in seconds enables the option.
+#
+# Related options:
+#
+# * ``block_device_allocate_retries`` in compute_manager_opts group.
+# (integer value)
+# Minimum value: 0
+block_device_allocate_retries_interval = {{ controller.get('block_device_allocate_retries_interval', '10') }}
+
+#
+# Interval between sending the scheduler a list of current instance
+# UUIDs to
+# verify that its view of instances is in sync with nova.
+#
+# If the CONF option 'scheduler_tracks_instance_changes' is
+# False, the sync calls will not be made. So, changing this option
+# will
+# have no effect.
+#
+# If the out of sync situations are not very common, this interval
+# can be increased to lower the number of RPC messages being sent.
+# Likewise, if sync issues turn out to be a problem, the interval
+# can be lowered to check more frequently.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+#
+# Related options:
+#
+# * This option has no impact if ``scheduler_tracks_instance_changes``
+# is set to False.
+# (integer value)
+#scheduler_instance_sync_interval = 120
+
+#
+# Interval for updating compute resources.
+#
+# This option specifies how often the update_available_resources
+# periodic task should run. A number less than 0 means to disable the
+# task completely. Leaving this at the default of 0 will cause this to
+# run at the default periodic interval. Setting it to any positive
+# value will cause it to run at approximately that number of seconds.
+#
+# Possible values:
+#
+# * 0: Will run at the default periodic interval.
+# * Any value < 0: Disables the option.
+# * Any positive integer in seconds.
+# (integer value)
+#update_resources_interval = 0
+
+#
+# Time interval after which an instance is hard rebooted
+# automatically.
+#
+# When doing a soft reboot, it is possible that a guest kernel is
+# completely hung in a way that causes the soft reboot task
+# to not ever finish. Setting this option to a time period in seconds
+# will automatically hard reboot an instance if it has been stuck
+# in a rebooting state longer than N seconds.
+#
+# Possible values:
+#
+# * 0: Disables the option (default).
+# * Any positive integer in seconds: Enables the option.
+# (integer value)
+# Minimum value: 0
+#reboot_timeout = 0
+
+#
+# Maximum time in seconds that an instance can take to build.
+#
+# If this timer expires, instance status will be changed to ERROR.
+# Enabling this option will make sure an instance will not be stuck
+# in BUILD state for a longer period.
+#
+# Possible values:
+#
+# * 0: Disables the option (default)
+# * Any positive integer in seconds: Enables the option.
+# (integer value)
+# Minimum value: 0
+#instance_build_timeout = 0
+
+#
+# Interval to wait before un-rescuing an instance stuck in RESCUE.
+#
+# Possible values:
+#
+# * 0: Disables the option (default)
+# * Any positive integer in seconds: Enables the option.
+# (integer value)
+# Minimum value: 0
+#rescue_timeout = 0
+
+#
+# Automatically confirm resizes after N seconds.
+#
+# Resize functionality will save the existing server before resizing.
+# After the resize completes, user is requested to confirm the resize.
+# The user has the opportunity to either confirm or revert all
+# changes. Confirm resize removes the original server and changes
+# server status from resized to active. Setting this option to a time
+# period (in seconds) will automatically confirm the resize if the
+# server is in resized state longer than that time.
+#
+# Possible values:
+#
+# * 0: Disables the option (default)
+# * Any positive integer in seconds: Enables the option.
+# (integer value)
+# Minimum value: 0
+#resize_confirm_window = 0
+
+#
+# Total time to wait in seconds for an instance toperform a clean
+# shutdown.
+#
+# It determines the overall period (in seconds) a VM is allowed to
+# perform a clean shutdown. While performing stop, rescue and shelve,
+# rebuild operations, configuring this option gives the VM a chance
+# to perform a controlled shutdown before the instance is powered off.
+# The default timeout is 60 seconds.
+#
+# The timeout value can be overridden on a per image basis by means
+# of os_shutdown_timeout that is an image metadata setting allowing
+# different types of operating systems to specify how much time they
+# need to shut down cleanly.
+#
+# Possible values:
+#
+# * Any positive integer in seconds (default value is 60).
+# (integer value)
+# Minimum value: 1
+#shutdown_timeout = 60
+
+#
+# The compute service periodically checks for instances that have been
+# deleted in the database but remain running on the compute node. The
+# above option enables action to be taken when such instances are
+# identified.
+#
+# Possible values:
+#
+# * reap: Powers down the instances and deletes them(default)
+# * log: Logs warning message about deletion of the resource
+# * shutdown: Powers down instances and marks them as non-
+# bootable which can be later used for debugging/analysis
+# * noop: Takes no action
+#
+# Related options:
+#
+# * running_deleted_instance_poll_interval
+# * running_deleted_instance_timeout
+# (string value)
+# Possible values:
+# noop - <No description provided>
+# log - <No description provided>
+# shutdown - <No description provided>
+# reap - <No description provided>
+#running_deleted_instance_action = reap
+
+#
+# Time interval in seconds to wait between runs for the clean up
+# action.
+# If set to 0, above check will be disabled. If
+# "running_deleted_instance
+# _action" is set to "log" or "reap", a value greater than 0 must be
+# set.
+#
+# Possible values:
+#
+# * Any positive integer in seconds enables the option.
+# * 0: Disables the option.
+# * 1800: Default value.
+#
+# Related options:
+#
+# * running_deleted_instance_action
+# (integer value)
+#running_deleted_instance_poll_interval = 1800
+
+#
+# Time interval in seconds to wait for the instances that have
+# been marked as deleted in database to be eligible for cleanup.
+#
+# Possible values:
+#
+# * Any positive integer in seconds(default is 0).
+#
+# Related options:
+#
+# * "running_deleted_instance_action"
+# (integer value)
+#running_deleted_instance_timeout = 0
+
+#
+# The number of times to attempt to reap an instance's files.
+#
+# This option specifies the maximum number of retry attempts
+# that can be made.
+#
+# Possible values:
+#
+# * Any positive integer defines how many attempts are made.
+# * Any value <=0 means no delete attempts occur, but you should use
+# ``instance_delete_interval`` to disable the delete attempts.
+#
+# Related options:
+# * ``instance_delete_interval`` in interval_opts group can be used to
+# disable
+# this option.
+# (integer value)
+#maximum_instance_delete_attempts = 5
+
+#
+# Sets the scope of the check for unique instance names.
+#
+# The default doesn't check for unique names. If a scope for the name
+# check is
+# set, a launch of a new instance or an update of an existing instance
+# with a
+# duplicate name will result in an ''InstanceExists'' error. The
+# uniqueness is
+# case-insensitive. Setting this option can increase the usability for
+# end
+# users as they don't have to distinguish among instances with the
+# same name
+# by their IDs.
+#
+# Possible values:
+#
+# * '': An empty value means that no uniqueness check is done and
+# duplicate
+# names are possible.
+# * "project": The instance name check is done only for instances
+# within the
+# same project.
+# * "global": The instance name check is done for all instances
+# regardless of
+# the project.
+# (string value)
+# Possible values:
+# '' - <No description provided>
+# project - <No description provided>
+# global - <No description provided>
+#osapi_compute_unique_server_name_scope =
+
+#
+# Enable new nova-compute services on this host automatically.
+#
+# When a new nova-compute service starts up, it gets
+# registered in the database as an enabled service. Sometimes it can
+# be useful
+# to register new compute services in disabled state and then enabled
+# them at a
+# later point in time. This option only sets this behavior for nova-
+# compute
+# services, it does not auto-disable other services like nova-
+# conductor,
+# nova-scheduler, nova-consoleauth, or nova-osapi_compute.
+#
+# Possible values:
+#
+# * ``True``: Each new compute service is enabled as soon as it
+# registers itself.
+# * ``False``: Compute services must be enabled via an os-services
+# REST API call
+# or with the CLI with ``nova service-enable <hostname> <binary>``,
+# otherwise
+# they are not ready to use.
+# (boolean value)
+#enable_new_services = true
+
+#
+# Template string to be used to generate instance names.
+#
+# This template controls the creation of the database name of an
+# instance. This
+# is *not* the display name you enter when creating an instance (via
+# Horizon
+# or CLI). For a new deployment it is advisable to change the default
+# value
+# (which uses the database autoincrement) to another value which makes
+# use
+# of the attributes of an instance, like ``instance-%(uuid)s``. If you
+# already have instances in your deployment when you change this, your
+# deployment will break.
+#
+# Possible values:
+#
+# * A string which either uses the instance database ID (like the
+# default)
+# * A string with a list of named database columns, for example
+# ``%(id)d``
+# or ``%(uuid)s`` or ``%(hostname)s``.
+#
+# Related options:
+#
+# * not to be confused with: ``multi_instance_display_name_template``
+# (string value)
+#instance_name_template = instance-%08x
+
+#
+# Number of times to retry live-migration before failing.
+#
+# Possible values:
+#
+# * If == -1, try until out of hosts (default)
+# * If == 0, only try once, no retries
+# * Integer greater than 0
+# (integer value)
+# Minimum value: -1
+#migrate_max_retries = -1
+
+#
+# Configuration drive format
+#
+# Configuration drive format that will contain metadata attached to
+# the
+# instance when it boots.
+#
+# Possible values:
+#
+# * iso9660: A file system image standard that is widely supported
+# across
+# operating systems. NOTE: Mind the libvirt bug
+# (https://bugs.launchpad.net/nova/+bug/1246201) - If your
+# hypervisor
+# driver is libvirt, and you want live migrate to work without
+# shared storage,
+# then use VFAT.
+# * vfat: For legacy reasons, you can configure the configuration
+# drive to
+# use VFAT format instead of ISO 9660.
+#
+# Related options:
+#
+# * This option is meaningful when one of the following alternatives
+# occur:
+# 1. force_config_drive option set to 'true'
+# 2. the REST API call to create the instance contains an enable
+# flag for
+# config drive option
+# 3. the image used to create the instance requires a config drive,
+# this is defined by img_config_drive property for that image.
+# * A compute node running Hyper-V hypervisor can be configured to
+# attach
+# configuration drive as a CD drive. To attach the configuration
+# drive as a CD
+# drive, set config_drive_cdrom option at hyperv section, to true.
+# (string value)
+# Possible values:
+# iso9660 - <No description provided>
+# vfat - <No description provided>
+#config_drive_format = iso9660
+
+#
+# Force injection to take place on a config drive
+#
+# When this option is set to true configuration drive functionality
+# will be
+# forced enabled by default, otherwise user can still enable
+# configuration
+# drives via the REST API or image metadata properties.
+#
+# Possible values:
+#
+# * True: Force to use of configuration drive regardless the user's
+# input in the
+# REST API call.
+# * False: Do not force use of configuration drive. Config drives can
+# still be
+# enabled via the REST API or image metadata properties.
+#
+# Related options:
+#
+# * Use the 'mkisofs_cmd' flag to set the path where you install the
+# genisoimage program. If genisoimage is in same path as the
+# nova-compute service, you do not need to set this flag.
+# * To use configuration drive with Hyper-V, you must set the
+# 'mkisofs_cmd' value to the full path to an mkisofs.exe
+# installation.
+# Additionally, you must set the qemu_img_cmd value in the hyperv
+# configuration section to the full path to an qemu-img command
+# installation.
+# (boolean value)
+#force_config_drive = false
+
+#
+# Name or path of the tool used for ISO image creation
+#
+# Use the mkisofs_cmd flag to set the path where you install the
+# genisoimage
+# program. If genisoimage is on the system path, you do not need to
+# change
+# the default value.
+#
+# To use configuration drive with Hyper-V, you must set the
+# mkisofs_cmd value
+# to the full path to an mkisofs.exe installation. Additionally, you
+# must set
+# the qemu_img_cmd value in the hyperv configuration section to the
+# full path
+# to an qemu-img command installation.
+#
+# Possible values:
+#
+# * Name of the ISO image creator program, in case it is in the same
+# directory
+# as the nova-compute service
+# * Path to ISO image creator program
+#
+# Related options:
+#
+# * This option is meaningful when config drives are enabled.
+# * To use configuration drive with Hyper-V, you must set the
+# qemu_img_cmd
+# value in the hyperv configuration section to the full path to an
+# qemu-img
+# command installation.
+# (string value)
+#mkisofs_cmd = genisoimage
+
+# DEPRECATED: The driver to use for database access (string value)
+# This option is deprecated for removal since 13.0.0.
+# Its value may be silently ignored in the future.
+#db_driver = nova.db
+
+# DEPRECATED:
+# Default flavor to use for the EC2 API only.
+# The Nova API does not support a default flavor.
+# (string value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: The EC2 API is deprecated.
+#default_flavor = m1.small
+
+#
+# The IP address which the host is using to connect to the management
+# network.
+#
+# Possible values:
+#
+# * String with valid IP address. Default is IPv4 address of this
+# host.
+#
+# Related options:
+#
+# * metadata_host
+# * my_block_storage_ip
+# * routing_source_ip
+# * vpn_ip
+# (string value)
+#my_ip = <host_ipv4>
+my_ip={{ controller.bind.private_address }}
+
+#
+# The IP address which is used to connect to the block storage
+# network.
+#
+# Possible values:
+#
+# * String with valid IP address. Default is IP address of this host.
+#
+# Related options:
+#
+# * my_ip - if my_block_storage_ip is not set, then my_ip value is
+# used.
+# (string value)
+#my_block_storage_ip = $my_ip
+
+#
+# Hostname, FQDN or IP address of this host.
+#
+# Used as:
+#
+# * the oslo.messaging queue name for nova-compute worker
+# * we use this value for the binding_host sent to neutron. This means
+# if you use
+# a neutron agent, it should have the same value for host.
+# * cinder host attachment information
+#
+# Must be valid within AMQP key.
+#
+# Possible values:
+#
+# * String with hostname, FQDN or IP address. Default is hostname of
+# this host.
+# (string value)
+#host = <current_hostname>
+{%- if controller.host is defined %}
+host={{ controller.host }}
+{%- endif %}
+
+# DEPRECATED:
+# This option is a list of full paths to one or more configuration
+# files for
+# dhcpbridge. In most cases the default path of '/etc/nova/nova-
+# dhcpbridge.conf'
+# should be sufficient, but if you have special needs for configuring
+# dhcpbridge,
+# you can change or add to this list.
+#
+# Possible values
+#
+# * A list of strings, where each string is the full path to a
+# dhcpbridge
+# configuration file.
+# (multi valued)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#dhcpbridge_flagfile = /etc/nova/nova.conf
+
+# DEPRECATED:
+# The location where the network configuration files will be kept. The
+# default is
+# the 'networks' directory off of the location where nova's Python
+# module is
+# installed.
+#
+# Possible values
+#
+# * A string containing the full path to the desired configuration
+# directory
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#networks_path = $state_path/networks
+
+# DEPRECATED:
+# This is the name of the network interface for public IP addresses.
+# The default
+# is 'eth0'.
+#
+# Possible values:
+#
+# * Any string representing a network interface name
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#public_interface = eth0
+
+# DEPRECATED:
+# The location of the binary nova-dhcpbridge. By default it is the
+# binary named
+# 'nova-dhcpbridge' that is installed with all the other nova
+# binaries.
+#
+# Possible values:
+#
+# * Any string representing the full path to the binary for dhcpbridge
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#dhcpbridge = $bindir/nova-dhcpbridge
+
+# DEPRECATED:
+# The public IP address of the network host.
+#
+# This is used when creating an SNAT rule.
+#
+# Possible values:
+#
+# * Any valid IP address
+#
+# Related options:
+#
+# * ``force_snat_range``
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#routing_source_ip = $my_ip
+
+# DEPRECATED:
+# The lifetime of a DHCP lease, in seconds. The default is 86400 (one
+# day).
+#
+# Possible values:
+#
+# * Any positive integer value.
+# (integer value)
+# Minimum value: 1
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#dhcp_lease_time = 86400
+
+# DEPRECATED:
+# Despite the singular form of the name of this option, it is actually
+# a list of
+# zero or more server addresses that dnsmasq will use for DNS
+# nameservers. If
+# this is not empty, dnsmasq will not read /etc/resolv.conf, but will
+# only use
+# the servers specified in this option. If the option
+# use_network_dns_servers is
+# True, the dns1 and dns2 servers from the network will be appended to
+# this list,
+# and will be used as DNS servers, too.
+#
+# Possible values:
+#
+# * A list of strings, where each string is either an IP address or a
+# FQDN.
+#
+# Related options:
+#
+# * ``use_network_dns_servers``
+# (multi valued)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#dns_server =
+
+# DEPRECATED:
+# When this option is set to True, the dns1 and dns2 servers for the
+# network
+# specified by the user on boot will be used for DNS, as well as any
+# specified in
+# the `dns_server` option.
+#
+# Related options:
+#
+# * ``dns_server``
+# (boolean value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#use_network_dns_servers = false
+
+# DEPRECATED:
+# This option is a list of zero or more IP address ranges in your
+# network's DMZ
+# that should be accepted.
+#
+# Possible values:
+#
+# * A list of strings, each of which should be a valid CIDR.
+# (list value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#dmz_cidr =
+
+# DEPRECATED:
+# This is a list of zero or more IP ranges that traffic from the
+# `routing_source_ip` will be SNATted to. If the list is empty, then
+# no SNAT
+# rules are created.
+#
+# Possible values:
+#
+# * A list of strings, each of which should be a valid CIDR.
+#
+# Related options:
+#
+# * ``routing_source_ip``
+# (multi valued)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#force_snat_range =
+
+# DEPRECATED:
+# The path to the custom dnsmasq configuration file, if any.
+#
+# Possible values:
+#
+# * The full path to the configuration file, or an empty string if
+# there is no
+# custom dnsmasq configuration file.
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#dnsmasq_config_file =
+
+# DEPRECATED:
+# This is the class used as the ethernet device driver for linuxnet
+# bridge
+# operations. The default value should be all you need for most cases,
+# but if you
+# wish to use a customized class, set this option to the full dot-
+# separated
+# import path for that class.
+#
+# Possible values:
+#
+# * Any string representing a dot-separated class path that Nova can
+# import.
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#linuxnet_interface_driver = nova.network.linux_net.LinuxBridgeInterfaceDriver
+
+# DEPRECATED:
+# The name of the Open vSwitch bridge that is used with linuxnet when
+# connecting
+# with Open vSwitch."
+#
+# Possible values:
+#
+# * Any string representing a valid bridge name.
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#linuxnet_ovs_integration_bridge = br-int
+
+#
+# When True, when a device starts up, and upon binding floating IP
+# addresses, arp
+# messages will be sent to ensure that the arp caches on the compute
+# hosts are
+# up-to-date.
+#
+# Related options:
+#
+# * ``send_arp_for_ha_count``
+# (boolean value)
+#send_arp_for_ha = false
+
+#
+# When arp messages are configured to be sent, they will be sent with
+# the count
+# set to the value of this option. Of course, if this is set to zero,
+# no arp
+# messages will be sent.
+#
+# Possible values:
+#
+# * Any integer greater than or equal to 0
+#
+# Related options:
+#
+# * ``send_arp_for_ha``
+# (integer value)
+#send_arp_for_ha_count = 3
+
+# DEPRECATED:
+# When set to True, only the firt nic of a VM will get its default
+# gateway from
+# the DHCP server.
+# (boolean value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#use_single_default_gateway = false
+
+# DEPRECATED:
+# One or more interfaces that bridges can forward traffic to. If any
+# of the items
+# in this list is the special keyword 'all', then all traffic will be
+# forwarded.
+#
+# Possible values:
+#
+# * A list of zero or more interface names, or the word 'all'.
+# (multi valued)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#forward_bridge_interface = all
+
+#
+# This option determines the IP address for the network metadata API
+# server.
+#
+# This is really the client side of the metadata host equation that
+# allows
+# nova-network to find the metadata server when doing a default multi
+# host
+# networking.
+#
+# Possible values:
+#
+# * Any valid IP address. The default is the address of the Nova API
+# server.
+#
+# Related options:
+#
+# * ``metadata_port``
+# (string value)
+#metadata_host = $my_ip
+
+# DEPRECATED:
+# This option determines the port used for the metadata API server.
+#
+# Related options:
+#
+# * ``metadata_host``
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#metadata_port = 8775
+
+# DEPRECATED:
+# This expression, if defined, will select any matching iptables rules
+# and place
+# them at the top when applying metadata changes to the rules.
+#
+# Possible values:
+#
+# * Any string representing a valid regular expression, or an empty
+# string
+#
+# Related options:
+#
+# * ``iptables_bottom_regex``
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#iptables_top_regex =
+
+# DEPRECATED:
+# This expression, if defined, will select any matching iptables rules
+# and place
+# them at the bottom when applying metadata changes to the rules.
+#
+# Possible values:
+#
+# * Any string representing a valid regular expression, or an empty
+# string
+#
+# Related options:
+#
+# * iptables_top_regex
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#iptables_bottom_regex =
+
+# DEPRECATED:
+# By default, packets that do not pass the firewall are DROPped. In
+# many cases,
+# though, an operator may find it more useful to change this from DROP
+# to REJECT,
+# so that the user issuing those packets may have a better idea as to
+# what's
+# going on, or LOGDROP in order to record the blocked traffic before
+# DROPping.
+#
+# Possible values:
+#
+# * A string representing an iptables chain. The default is DROP.
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#iptables_drop_action = DROP
+
+# DEPRECATED:
+# This option represents the period of time, in seconds, that the
+# ovs_vsctl calls
+# will wait for a response from the database before timing out. A
+# setting of 0
+# means that the utility should wait forever for a response.
+#
+# Possible values:
+#
+# * Any positive integer if a limited timeout is desired, or zero if
+# the calls
+# should wait forever for a response.
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ovs_vsctl_timeout = 120
+
+# DEPRECATED:
+# This option is used mainly in testing to avoid calls to the
+# underlying network
+# utilities.
+# (boolean value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#fake_network = false
+
+# DEPRECATED:
+# This option determines the number of times to retry ebtables
+# commands before
+# giving up. The minimum number of retries is 1.
+#
+# Possible values:
+#
+# * Any positive integer
+#
+# Related options:
+#
+# * ``ebtables_retry_interval``
+# (integer value)
+# Minimum value: 1
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ebtables_exec_attempts = 3
+
+# DEPRECATED:
+# This option determines the time, in seconds, that the system will
+# sleep in
+# between ebtables retries. Note that each successive retry waits a
+# multiple of
+# this value, so for example, if this is set to the default of 1.0
+# seconds, and
+# ebtables_exec_attempts is 4, after the first failure, the system
+# will sleep for
+# 1 * 1.0 seconds, after the second failure it will sleep 2 * 1.0
+# seconds, and
+# after the third failure it will sleep 3 * 1.0 seconds.
+#
+# Possible values:
+#
+# * Any non-negative float or integer. Setting this to zero will
+# result in no
+# waiting between attempts.
+#
+# Related options:
+#
+# * ebtables_exec_attempts
+# (floating point value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ebtables_retry_interval = 1.0
+
+# DEPRECATED:
+# Enable neutron as the backend for networking.
+#
+# Determine whether to use Neutron or Nova Network as the back end.
+# Set to true
+# to use neutron.
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+use_neutron = true
+
+#
+# This option determines whether the network setup information is
+# injected into
+# the VM before it is booted. While it was originally designed to be
+# used only
+# by nova-network, it is also used by the vmware and xenapi virt
+# drivers to
+# control whether network information is injected into a VM. The
+# libvirt virt
+# driver also uses it when we use config_drive to configure network to
+# control
+# whether network information is injected into a VM.
+# (boolean value)
+#flat_injected = false
+
+# DEPRECATED:
+# This option determines the bridge used for simple network interfaces
+# when no
+# bridge is specified in the VM creation request.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# * Any string representing a valid network bridge, such as 'br100'
+#
+# Related options:
+#
+# * ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#flat_network_bridge = <None>
+
+# DEPRECATED:
+# This is the address of the DNS server for a simple network. If this
+# option is
+# not specified, the default of '8.8.4.4' is used.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# * Any valid IP address.
+#
+# Related options:
+#
+# * ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#flat_network_dns = 8.8.4.4
+
+# DEPRECATED:
+# This option is the name of the virtual interface of the VM on which
+# the bridge
+# will be built. While it was originally designed to be used only by
+# nova-network, it is also used by libvirt for the bridge interface
+# name.
+#
+# Possible values:
+#
+# * Any valid virtual interface name, such as 'eth0'
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#flat_interface = <None>
+
+# DEPRECATED:
+# This is the VLAN number used for private networks. Note that the
+# when creating
+# the networks, if the specified number has already been assigned,
+# nova-network
+# will increment this number until it finds an available VLAN.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment. It also will be ignored if the
+# configuration option
+# for `network_manager` is not set to the default of
+# 'nova.network.manager.VlanManager'.
+#
+# Possible values:
+#
+# * Any integer between 1 and 4094. Values outside of that range will
+# raise a
+# ValueError exception.
+#
+# Related options:
+#
+# * ``network_manager``
+# * ``use_neutron``
+# (integer value)
+# Minimum value: 1
+# Maximum value: 4094
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#vlan_start = 100
+
+# DEPRECATED:
+# This option is the name of the virtual interface of the VM on which
+# the VLAN
+# bridge will be built. While it was originally designed to be used
+# only by
+# nova-network, it is also used by libvirt and xenapi for the bridge
+# interface
+# name.
+#
+# Please note that this setting will be ignored in nova-network if the
+# configuration option for `network_manager` is not set to the default
+# of
+# 'nova.network.manager.VlanManager'.
+#
+# Possible values:
+#
+# * Any valid virtual interface name, such as 'eth0'
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options. While
+# this option has an effect when using neutron, it incorrectly
+# override the value
+# provided by neutron and should therefore not be used.
+#vlan_interface = <None>
+
+# DEPRECATED:
+# This option represents the number of networks to create if not
+# explicitly
+# specified when the network is created. The only time this is used is
+# if a CIDR
+# is specified, but an explicit network_size is not. In that case, the
+# subnets
+# are created by diving the IP address space of the CIDR by
+# num_networks. The
+# resulting subnet sizes cannot be larger than the configuration
+# option
+# `network_size`; in that event, they are reduced to `network_size`,
+# and a
+# warning is logged.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# * Any positive integer is technically valid, although there are
+# practical
+# limits based upon available IP address space and virtual
+# interfaces.
+#
+# Related options:
+#
+# * ``use_neutron``
+# * ``network_size``
+# (integer value)
+# Minimum value: 1
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#num_networks = 1
+
+# DEPRECATED:
+# This option is no longer used since the /os-cloudpipe API was
+# removed in the
+# 16.0.0 Pike release. This is the public IP address for the cloudpipe
+# VPN
+# servers. It defaults to the IP address of the host.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment. It also will be ignored if the
+# configuration option
+# for `network_manager` is not set to the default of
+# 'nova.network.manager.VlanManager'.
+#
+# Possible values:
+#
+# * Any valid IP address. The default is ``$my_ip``, the IP address of
+# the VM.
+#
+# Related options:
+#
+# * ``network_manager``
+# * ``use_neutron``
+# * ``vpn_start``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#vpn_ip = $my_ip
+
+# DEPRECATED:
+# This is the port number to use as the first VPN port for private
+# networks.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment. It also will be ignored if the
+# configuration option
+# for `network_manager` is not set to the default of
+# 'nova.network.manager.VlanManager', or if you specify a value the
+# 'vpn_start'
+# parameter when creating a network.
+#
+# Possible values:
+#
+# * Any integer representing a valid port number. The default is 1000.
+#
+# Related options:
+#
+# * ``use_neutron``
+# * ``vpn_ip``
+# * ``network_manager``
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#vpn_start = 1000
+
+# DEPRECATED:
+# This option determines the number of addresses in each private
+# subnet.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# * Any positive integer that is less than or equal to the available
+# network
+# size. Note that if you are creating multiple networks, they must
+# all fit in
+# the available IP address space. The default is 256.
+#
+# Related options:
+#
+# * ``use_neutron``
+# * ``num_networks``
+# (integer value)
+# Minimum value: 1
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#network_size = 256
+
+# DEPRECATED:
+# This option determines the fixed IPv6 address block when creating a
+# network.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# * Any valid IPv6 CIDR
+#
+# Related options:
+#
+# * ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#fixed_range_v6 = fd00::/48
+
+# DEPRECATED:
+# This is the default IPv4 gateway. It is used only in the testing
+# suite.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# * Any valid IP address.
+#
+# Related options:
+#
+# * ``use_neutron``
+# * ``gateway_v6``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#gateway = <None>
+
+# DEPRECATED:
+# This is the default IPv6 gateway. It is used only in the testing
+# suite.
+#
+# Please note that this option is only used when using nova-network
+# instead of
+# Neutron in your deployment.
+#
+# Possible values:
+#
+# * Any valid IP address.
+#
+# Related options:
+#
+# * ``use_neutron``
+# * ``gateway``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#gateway_v6 = <None>
+
+# DEPRECATED:
+# This option represents the number of IP addresses to reserve at the
+# top of the
+# address range for VPN clients. It also will be ignored if the
+# configuration
+# option for `network_manager` is not set to the default of
+# 'nova.network.manager.VlanManager'.
+#
+# Possible values:
+#
+# * Any integer, 0 or greater.
+#
+# Related options:
+#
+# * ``use_neutron``
+# * ``network_manager``
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#cnt_vpn_clients = 0
+
+# DEPRECATED:
+# This is the number of seconds to wait before disassociating a
+# deallocated fixed
+# IP address. This is only used with the nova-network service, and has
+# no effect
+# when using neutron for networking.
+#
+# Possible values:
+#
+# * Any integer, zero or greater.
+#
+# Related options:
+#
+# * ``use_neutron``
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#fixed_ip_disassociate_timeout = 600
+
+# DEPRECATED:
+# This option determines how many times nova-network will attempt to
+# create a
+# unique MAC address before giving up and raising a
+# `VirtualInterfaceMacAddressException` error.
+#
+# Possible values:
+#
+# * Any positive integer. The default is 5.
+#
+# Related options:
+#
+# * ``use_neutron``
+# (integer value)
+# Minimum value: 1
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#create_unique_mac_address_attempts = 5
+
+# DEPRECATED:
+# Determines whether unused gateway devices, both VLAN and bridge, are
+# deleted if
+# the network is in nova-network VLAN mode and is multi-hosted.
+#
+# Related options:
+#
+# * ``use_neutron``
+# * ``vpn_ip``
+# * ``fake_network``
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#teardown_unused_network_gateway = false
+
+# DEPRECATED:
+# When this option is True, a call is made to release the DHCP for the
+# instance
+# when that instance is terminated.
+#
+# Related options:
+#
+# * ``use_neutron``
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+force_dhcp_release = {{ controller.get('force_dhcp_release', 'true') }}
+
+# DEPRECATED:
+# When this option is True, whenever a DNS entry must be updated, a
+# fanout cast
+# message is sent to all network hosts to update their DNS entries in
+# multi-host
+# mode.
+#
+# Related options:
+#
+# * ``use_neutron``
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#update_dns_entries = false
+
+# DEPRECATED:
+# This option determines the time, in seconds, to wait between
+# refreshing DNS
+# entries for the network.
+#
+# Possible values:
+#
+# * A positive integer
+# * -1 to disable updates
+#
+# Related options:
+#
+# * ``use_neutron``
+# (integer value)
+# Minimum value: -1
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#dns_update_periodic_interval = -1
+
+# DEPRECATED:
+# This option allows you to specify the domain for the DHCP server.
+#
+# Possible values:
+#
+# * Any string that is a valid domain name.
+#
+# Related options:
+#
+# * ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#dhcp_domain = novalocal
+dhcp_domain={{ controller.get('dhcp_domain', 'novalocal') }}
+
+# DEPRECATED:
+# This option allows you to specify the L3 management library to be
+# used.
+#
+# Possible values:
+#
+# * Any dot-separated string that represents the import path to an L3
+# networking
+# library.
+#
+# Related options:
+#
+# * ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#l3_lib = nova.network.l3.LinuxNetL3
+
+# DEPRECATED:
+# THIS VALUE SHOULD BE SET WHEN CREATING THE NETWORK.
+#
+# If True in multi_host mode, all compute hosts share the same dhcp
+# address. The
+# same IP address used for DHCP will be added on each nova-network
+# node which is
+# only visible to the VMs on the same host.
+#
+# The use of this configuration has been deprecated and may be removed
+# in any
+# release after Mitaka. It is recommended that instead of relying on
+# this option,
+# an explicit value should be passed to 'create_networks()' as a
+# keyword argument
+# with the name 'share_address'.
+# (boolean value)
+# This option is deprecated for removal since 2014.2.
+# Its value may be silently ignored in the future.
+#share_dhcp_address = false
+
+# DEPRECATED:
+# URL for LDAP server which will store DNS entries
+#
+# Possible values:
+#
+# * A valid LDAP URL representing the server
+# (uri value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_url = ldap://ldap.example.com:389
+
+# DEPRECATED: Bind user for LDAP server (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_user = uid=admin,ou=people,dc=example,dc=org
+
+# DEPRECATED: Bind user's password for LDAP server (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_password = password
+
+# DEPRECATED:
+# Hostmaster for LDAP DNS driver Statement of Authority
+#
+# Possible values:
+#
+# * Any valid string representing LDAP DNS hostmaster.
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_soa_hostmaster = hostmaster@example.org
+
+# DEPRECATED:
+# DNS Servers for LDAP DNS driver
+#
+# Possible values:
+#
+# * A valid URL representing a DNS server
+# (multi valued)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_servers = dns.example.org
+
+# DEPRECATED:
+# Base distinguished name for the LDAP search query
+#
+# This option helps to decide where to look up the host in LDAP.
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_base_dn = ou=hosts,dc=example,dc=org
+
+# DEPRECATED:
+# Refresh interval (in seconds) for LDAP DNS driver Start of Authority
+#
+# Time interval, a secondary/slave DNS server waits before requesting
+# for
+# primary DNS server's current SOA record. If the records are
+# different,
+# secondary DNS server will request a zone transfer from primary.
+#
+# NOTE: Lower values would cause more traffic.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_soa_refresh = 1800
+
+# DEPRECATED:
+# Retry interval (in seconds) for LDAP DNS driver Start of Authority
+#
+# Time interval, a secondary/slave DNS server should wait, if an
+# attempt to transfer zone failed during the previous refresh
+# interval.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_soa_retry = 3600
+
+# DEPRECATED:
+# Expiry interval (in seconds) for LDAP DNS driver Start of Authority
+#
+# Time interval, a secondary/slave DNS server holds the information
+# before it is no longer considered authoritative.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_soa_expiry = 86400
+
+# DEPRECATED:
+# Minimum interval (in seconds) for LDAP DNS driver Start of Authority
+#
+# It is Minimum time-to-live applies for all resource records in the
+# zone file. This value is supplied to other servers how long they
+# should keep the data in cache.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ldap_dns_soa_minimum = 7200
+
+# DEPRECATED:
+# Default value for multi_host in networks.
+#
+# nova-network service can operate in a multi-host or single-host
+# mode.
+# In multi-host mode each compute node runs a copy of nova-network and
+# the
+# instances on that compute node use the compute node as a gateway to
+# the
+# Internet. Where as in single-host mode, a central server runs the
+# nova-network
+# service. All compute nodes forward traffic from the instances to the
+# cloud controller which then forwards traffic to the Internet.
+#
+# If this options is set to true, some rpc network calls will be sent
+# directly
+# to host.
+#
+# Note that this option is only used when using nova-network instead
+# of
+# Neutron in your deployment.
+#
+# Related options:
+#
+# * ``use_neutron``
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#multi_host = false
+
+# DEPRECATED:
+# Driver to use for network creation.
+#
+# Network driver initializes (creates bridges and so on) only when the
+# first VM lands on a host node. All network managers configure the
+# network using network drivers. The driver is not tied to any
+# particular
+# network manager.
+#
+# The default Linux driver implements vlans, bridges, and iptables
+# rules
+# using linux utilities.
+#
+# Note that this option is only used when using nova-network instead
+# of Neutron in your deployment.
+#
+# Related options:
+#
+# * ``use_neutron``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#network_driver = nova.network.linux_net
+
+# DEPRECATED:
+# Firewall driver to use with ``nova-network`` service.
+#
+# This option only applies when using the ``nova-network`` service.
+# When using
+# another networking services, such as Neutron, this should be to set
+# to the
+# ``nova.virt.firewall.NoopFirewallDriver``.
+#
+# Possible values:
+#
+# * ``nova.virt.firewall.IptablesFirewallDriver``
+# * ``nova.virt.firewall.NoopFirewallDriver``
+# * ``nova.virt.libvirt.firewall.IptablesFirewallDriver``
+# * [...]
+#
+# Related options:
+#
+# * ``use_neutron``: This must be set to ``False`` to enable ``nova-
+# network``
+# networking
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+
+# DEPRECATED:
+# Determine whether to allow network traffic from same network.
+#
+# When set to true, hosts on the same subnet are not filtered and are
+# allowed
+# to pass all types of traffic between them. On a flat network, this
+# allows
+# all instances from all projects unfiltered communication. With VLAN
+# networking, this allows access between instances within the same
+# project.
+#
+# This option only applies when using the ``nova-network`` service.
+# When using
+# another networking services, such as Neutron, security groups or
+# other
+# approaches should be used.
+#
+# Possible values:
+#
+# * True: Network traffic should be allowed pass between all instances
+# on the
+# same network, regardless of their tenant and security policies
+# * False: Network traffic should not be allowed pass between
+# instances unless
+# it is unblocked in a security group
+#
+# Related options:
+#
+# * ``use_neutron``: This must be set to ``False`` to enable ``nova-
+# network``
+# networking
+# * ``firewall_driver``: This must be set to
+# ``nova.virt.libvirt.firewall.IptablesFirewallDriver`` to ensure
+# the
+# libvirt firewall driver is enabled.
+# (boolean value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#allow_same_net_traffic = true
+
+# DEPRECATED:
+# Default pool for floating IPs.
+#
+# This option specifies the default floating IP pool for allocating
+# floating IPs.
+#
+# While allocating a floating ip, users can optionally pass in the
+# name of the
+# pool they want to allocate from, otherwise it will be pulled from
+# the
+# default pool.
+#
+# If this option is not set, then 'nova' is used as default floating
+# pool.
+#
+# Possible values:
+#
+# * Any string representing a floating IP pool name
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# This option was used for two purposes: to set the floating IP pool
+# name for
+# nova-network and to do the same for neutron. nova-network is
+# deprecated, as are
+# any related configuration options. Users of neutron, meanwhile,
+# should use the
+# 'default_floating_pool' option in the '[neutron]' group.
+#default_floating_pool = nova
+
+# DEPRECATED:
+# Autoassigning floating IP to VM
+#
+# When set to True, floating IP is auto allocated and associated
+# to the VM upon creation.
+#
+# Related options:
+#
+# * use_neutron: this options only works with nova-network.
+# (boolean value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#auto_assign_floating_ip = false
+
+# DEPRECATED:
+# Full class name for the DNS Manager for floating IPs.
+#
+# This option specifies the class of the driver that provides
+# functionality
+# to manage DNS entries associated with floating IPs.
+#
+# When a user adds a DNS entry for a specified domain to a floating
+# IP,
+# nova will add a DNS entry using the specified floating DNS driver.
+# When a floating IP is deallocated, its DNS entry will automatically
+# be deleted.
+#
+# Possible values:
+#
+# * Full Python path to the class to be used
+#
+# Related options:
+#
+# * use_neutron: this options only works with nova-network.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#floating_ip_dns_manager = nova.network.noop_dns_driver.NoopDNSDriver
+
+# DEPRECATED:
+# Full class name for the DNS Manager for instance IPs.
+#
+# This option specifies the class of the driver that provides
+# functionality
+# to manage DNS entries for instances.
+#
+# On instance creation, nova will add DNS entries for the instance
+# name and
+# id, using the specified instance DNS driver and domain. On instance
+# deletion,
+# nova will remove the DNS entries.
+#
+# Possible values:
+#
+# * Full Python path to the class to be used
+#
+# Related options:
+#
+# * use_neutron: this options only works with nova-network.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#instance_dns_manager = nova.network.noop_dns_driver.NoopDNSDriver
+
+# DEPRECATED:
+# If specified, Nova checks if the availability_zone of every instance
+# matches
+# what the database says the availability_zone should be for the
+# specified
+# dns_domain.
+#
+# Related options:
+#
+# * use_neutron: this options only works with nova-network.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#instance_dns_domain =
+
+# DEPRECATED:
+# Assign IPv6 and IPv4 addresses when creating instances.
+#
+# Related options:
+#
+# * use_neutron: this only works with nova-network.
+# (boolean value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#use_ipv6 = false
+
+# DEPRECATED:
+# Abstracts out IPv6 address generation to pluggable backends.
+#
+# nova-network can be put into dual-stack mode, so that it uses
+# both IPv4 and IPv6 addresses. In dual-stack mode, by default,
+# instances
+# acquire IPv6 global unicast addresses with the help of stateless
+# address
+# auto-configuration mechanism.
+#
+# Related options:
+#
+# * use_neutron: this option only works with nova-network.
+# * use_ipv6: this option only works if ipv6 is enabled for nova-
+# network.
+# (string value)
+# Possible values:
+# rfc2462 - <No description provided>
+# account_identifier - <No description provided>
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#ipv6_backend = rfc2462
+
+# DEPRECATED:
+# This option is used to enable or disable quota checking for tenant
+# networks.
+#
+# Related options:
+#
+# * quota_networks
+# (boolean value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# CRUD operations on tenant networks are only available when using
+# nova-network
+# and nova-network is itself deprecated.
+#enable_network_quota = false
+
+# DEPRECATED:
+# This option controls the number of private networks that can be
+# created per
+# project (or per tenant).
+#
+# Related options:
+#
+# * enable_network_quota
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# CRUD operations on tenant networks are only available when using
+# nova-network
+# and nova-network is itself deprecated.
+#quota_networks = 3
+
+#
+# Filename that will be used for storing websocket frames received
+# and sent by a proxy service (like VNC, spice, serial) running on
+# this host.
+# If this is not set, no recording will be done.
+# (string value)
+#record = <None>
+
+# Run as a background process. (boolean value)
+#daemon = false
+
+# Disallow non-encrypted connections. (boolean value)
+#ssl_only = false
+{%- if controller.novncproxy.tls.get('enabled', False) %}
+ssl_only=True
+cert={{controller.novncproxy.tls.server.cert_file|yaml_squote}}
+key={{controller.novncproxy.tls.server.key_file|yaml_squote}}
+{%- endif %}
+
+# Set to True if source host is addressed with IPv6. (boolean value)
+#source_is_ipv6 = false
+
+# Path to SSL certificate file. (string value)
+#cert = self.pem
+
+# SSL key file (if separate from cert). (string value)
+#key = <None>
+
+#
+# Path to directory with content which will be served by a web server.
+# (string value)
+#web = /usr/share/spice-html5
+
+#
+# The directory where the Nova python modules are installed.
+#
+# This directory is used to store template files for networking and
+# remote
+# console access. It is also the default path for other config options
+# which
+# need to persist Nova internal data. It is very unlikely that you
+# need to
+# change this option from its default value.
+#
+# Possible values:
+#
+# * The full path to a directory.
+#
+# Related options:
+#
+# * ``state_path``
+# (string value)
+#pybasedir = /usr/lib/python2.7/dist-packages
+
+#
+# The directory where the Nova binaries are installed.
+#
+# This option is only relevant if the networking capabilities from
+# Nova are
+# used (see services below). Nova's networking capabilities are
+# targeted to
+# be fully replaced by Neutron in the future. It is very unlikely that
+# you need
+# to change this option from its default value.
+#
+# Possible values:
+#
+# * The full path to a directory.
+# (string value)
+#bindir = /usr/local/bin
+
+#
+# The top-level directory for maintaining Nova's state.
+#
+# This directory is used to store Nova's internal state. It is used by
+# a
+# variety of other config options which derive from this. In some
+# scenarios
+# (for example migrations) it makes sense to use a storage location
+# which is
+# shared between multiple compute hosts (for example via NFS). Unless
+# the
+# option ``instances_path`` gets overwritten, this directory can grow
+# very
+# large.
+#
+# Possible values:
+#
+# * The full path to a directory. Defaults to value provided in
+# ``pybasedir``.
+# (string value)
+state_path = /var/lib/nova
+
+#
+# Number of seconds indicating how frequently the state of services on
+# a
+# given hypervisor is reported. Nova needs to know this to determine
+# the
+# overall health of the deployment.
+#
+# Related Options:
+#
+# * service_down_time
+# report_interval should be less than service_down_time. If
+# service_down_time
+# is less than report_interval, services will routinely be
+# considered down,
+# because they report in too rarely.
+# (integer value)
+#report_interval = 10
+report_interval = {{ controller.get('report_interval', '60') }}
+
+#
+# Maximum time in seconds since last check-in for up service
+#
+# Each compute node periodically updates their database status based
+# on the
+# specified report interval. If the compute node hasn't updated the
+# status
+# for more than service_down_time, then the compute node is considered
+# down.
+#
+# Related Options:
+#
+# * report_interval (service_down_time should not be less than
+# report_interval)
+# (integer value)
+service_down_time = {{ controller.service_down_time|default('180') }}
+
+#
+# Enable periodic tasks.
+#
+# If set to true, this option allows services to periodically run
+# tasks
+# on the manager.
+#
+# In case of running multiple schedulers or conductors you may want to
+# run
+# periodic tasks on only one host - in this case disable this option
+# for all
+# hosts but one.
+# (boolean value)
+#periodic_enable = true
+
+#
+# Number of seconds to randomly delay when starting the periodic task
+# scheduler to reduce stampeding.
+#
+# When compute workers are restarted in unison across a cluster,
+# they all end up running the periodic tasks at the same time
+# causing problems for the external services. To mitigate this
+# behavior, periodic_fuzzy_delay option allows you to introduce a
+# random initial delay when starting the periodic task scheduler.
+#
+# Possible Values:
+#
+# * Any positive integer (in seconds)
+# * 0 : disable the random delay
+# (integer value)
+# Minimum value: 0
+#periodic_fuzzy_delay = 60
+
+# List of APIs to be enabled by default. (list value)
+enabled_apis = osapi_compute,metadata
+
+#
+# List of APIs with enabled SSL.
+#
+# Nova provides SSL support for the API servers. enabled_ssl_apis
+# option
+# allows configuring the SSL support.
+# (list value)
+#enabled_ssl_apis =
+
+#
+# IP address on which the OpenStack API will listen.
+#
+# The OpenStack API service listens on this IP address for incoming
+# requests.
+# (string value)
+#osapi_compute_listen = 0.0.0.0
+osapi_compute_listen = {{ controller.bind.private_address }}
+
+#
+# Port on which the OpenStack API will listen.
+#
+# The OpenStack API service listens on this port number for incoming
+# requests.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#osapi_compute_listen_port = 8774
+
+#
+# Number of workers for OpenStack API service. The default will be the
+# number
+# of CPUs available.
+#
+# OpenStack API services can be configured to run as multi-process
+# (workers).
+# This overcomes the problem of reduction in throughput when API
+# request
+# concurrency increases. OpenStack API service will run in the
+# specified
+# number of processes.
+#
+# Possible Values:
+#
+# * Any positive integer
+# * None (default value)
+# (integer value)
+# Minimum value: 1
+#osapi_compute_workers = <None>
+
+#
+# IP address on which the metadata API will listen.
+#
+# The metadata API service listens on this IP address for incoming
+# requests.
+# (string value)
+#metadata_listen = 0.0.0.0
+metadata_listen={{ controller.get('metadata', {}).get('bind', {}).get('address', controller.bind.private_address) }}
+
+#
+# Port on which the metadata API will listen.
+#
+# The metadata API service listens on this port number for incoming
+# requests.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#metadata_listen_port = 8775
+{%- if controller.get('metadata', {}).get('bind', {}).port is defined %}
+metadata_listen_port={{ controller.metadata.bind.port }}
+{%- else %}
+#metadata_listen_port=8775
+{%- endif %}
+
+#
+# Number of workers for metadata service. If not specified the number
+# of
+# available CPUs will be used.
+#
+# The metadata service can be configured to run as multi-process
+# (workers).
+# This overcomes the problem of reduction in throughput when API
+# request
+# concurrency increases. The metadata service will run in the
+# specified
+# number of processes.
+#
+# Possible Values:
+#
+# * Any positive integer
+# * None (default value)
+# (integer value)
+# Minimum value: 1
+#metadata_workers = <None>
+metadata_workers = {{ controller.workers }}
+
+# Full class name for the Manager for network (string value)
+# Possible values:
+# nova.network.manager.FlatManager - <No description provided>
+# nova.network.manager.FlatDHCPManager - <No description provided>
+# nova.network.manager.VlanManager - <No description provided>
+#network_manager = nova.network.manager.VlanManager
+
+#
+# This option specifies the driver to be used for the servicegroup
+# service.
+#
+# ServiceGroup API in nova enables checking status of a compute node.
+# When a
+# compute worker running the nova-compute daemon starts, it calls the
+# join API
+# to join the compute group. Services like nova scheduler can query
+# the
+# ServiceGroup API to check if a node is alive. Internally, the
+# ServiceGroup
+# client driver automatically updates the compute worker status. There
+# are
+# multiple backend implementations for this service: Database
+# ServiceGroup driver
+# and Memcache ServiceGroup driver.
+#
+# Possible Values:
+#
+# * db : Database ServiceGroup driver
+# * mc : Memcache ServiceGroup driver
+#
+# Related Options:
+#
+# * service_down_time (maximum time since last check-in for up
+# service)
+# (string value)
+# Possible values:
+# db - <No description provided>
+# mc - <No description provided>
+#servicegroup_driver = db
+
+#
+# From oslo.service.periodic_task
+#
+
+# Some periodic tasks can be run in a separate process. Should we run
+# them here? (boolean value)
+#run_external_periodic_tasks = true
+
+#
+# From oslo.service.service
+#
+
+# Enable eventlet backdoor. Acceptable values are 0, <port>, and
+# <start>:<end>, where 0 results in listening on a random tcp port
+# number; <port> results in listening on the specified port number
+# (and not enabling backdoor if that port is in use); and
+# <start>:<end> results in listening on the smallest unused port
+# number within the specified range of port numbers. The chosen port
+# is displayed in the service's log file. (string value)
+#backdoor_port = <None>
+
+# Enable eventlet backdoor, using the provided path as a unix socket
+# that can receive connections. This option is mutually exclusive with
+# 'backdoor_port' in that only one should be provided. If both are
+# provided then the existence of this option overrides the usage of
+# that option. (string value)
+#backdoor_socket = <None>
+
+# Enables or disables logging values of all registered options when
+# starting a service (at DEBUG level). (boolean value)
+#log_options = true
+
+# Specify a timeout after which a gracefully shutdown server will
+# exit. Zero value means endless wait. (integer value)
+#graceful_shutdown_timeout = 60
+
+{%- if controller.logging is defined %}
+{%- set _data = controller.logging %}
+{%- include "oslo_templates/files/queens/oslo/_log.conf" %}
+{%- endif %}
+
+{%- set _data = controller.message_queue %}
+{%- include "oslo_templates/files/queens/oslo/messaging/_default.conf" %}
+
+[api]
+#
+# Options under this group are used to define Nova API.
+
+#
+# From nova.conf
+#
+
+#
+# This determines the strategy to use for authentication: keystone or
+# noauth2.
+# 'noauth2' is designed for testing only, as it does no actual
+# credential
+# checking. 'noauth2' provides administrative credentials only if
+# 'admin' is
+# specified as the username.
+# (string value)
+# Possible values:
+# keystone - <No description provided>
+# noauth2 - <No description provided>
+auth_strategy = keystone
+
+#
+# When True, the 'X-Forwarded-For' header is treated as the canonical
+# remote
+# address. When False (the default), the 'remote_address' header is
+# used.
+#
+# You should only enable this if you have an HTML sanitizing proxy.
+# (boolean value)
+#use_forwarded_for = false
+
+#
+# When gathering the existing metadata for a config drive, the
+# EC2-style
+# metadata is returned for all versions that don't appear in this
+# option.
+# As of the Liberty release, the available versions are:
+#
+# * 1.0
+# * 2007-01-19
+# * 2007-03-01
+# * 2007-08-29
+# * 2007-10-10
+# * 2007-12-15
+# * 2008-02-01
+# * 2008-09-01
+# * 2009-04-04
+#
+# The option is in the format of a single string, with each version
+# separated
+# by a space.
+#
+# Possible values:
+#
+# * Any string that represents zero or more versions, separated by
+# spaces.
+# (string value)
+#config_drive_skip_versions = 1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01
+
+#
+# A list of vendordata providers.
+#
+# vendordata providers are how deployers can provide metadata via
+# configdrive
+# and metadata that is specific to their deployment. There are
+# currently two
+# supported providers: StaticJSON and DynamicJSON.
+#
+# StaticJSON reads a JSON file configured by the flag
+# vendordata_jsonfile_path
+# and places the JSON from that file into vendor_data.json and
+# vendor_data2.json.
+#
+# DynamicJSON is configured via the vendordata_dynamic_targets flag,
+# which is
+# documented separately. For each of the endpoints specified in that
+# flag, a
+# section is added to the vendor_data2.json.
+#
+# For more information on the requirements for implementing a
+# vendordata
+# dynamic endpoint, please see the vendordata.rst file in the nova
+# developer
+# reference.
+#
+# Possible values:
+#
+# * A list of vendordata providers, with StaticJSON and DynamicJSON
+# being
+# current options.
+#
+# Related options:
+#
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_ssl_certfile
+# * vendordata_dynamic_connect_timeout
+# * vendordata_dynamic_read_timeout
+# * vendordata_dynamic_failure_fatal
+# (list value)
+#vendordata_providers = StaticJSON
+
+#
+# A list of targets for the dynamic vendordata provider. These targets
+# are of
+# the form <name>@<url>.
+#
+# The dynamic vendordata provider collects metadata by contacting
+# external REST
+# services and querying them for information about the instance. This
+# behaviour
+# is documented in the vendordata.rst file in the nova developer
+# reference.
+# (list value)
+#vendordata_dynamic_targets =
+
+#
+# Path to an optional certificate file or CA bundle to verify dynamic
+# vendordata REST services ssl certificates against.
+#
+# Possible values:
+#
+# * An empty string, or a path to a valid certificate file
+#
+# Related options:
+#
+# * vendordata_providers
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_connect_timeout
+# * vendordata_dynamic_read_timeout
+# * vendordata_dynamic_failure_fatal
+# (string value)
+#vendordata_dynamic_ssl_certfile =
+
+#
+# Maximum wait time for an external REST service to connect.
+#
+# Possible values:
+#
+# * Any integer with a value greater than three (the TCP packet
+# retransmission
+# timeout). Note that instance start may be blocked during this wait
+# time,
+# so this value should be kept small.
+#
+# Related options:
+#
+# * vendordata_providers
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_ssl_certfile
+# * vendordata_dynamic_read_timeout
+# * vendordata_dynamic_failure_fatal
+# (integer value)
+# Minimum value: 3
+#vendordata_dynamic_connect_timeout = 5
+
+#
+# Maximum wait time for an external REST service to return data once
+# connected.
+#
+# Possible values:
+#
+# * Any integer. Note that instance start is blocked during this wait
+# time,
+# so this value should be kept small.
+#
+# Related options:
+#
+# * vendordata_providers
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_ssl_certfile
+# * vendordata_dynamic_connect_timeout
+# * vendordata_dynamic_failure_fatal
+# (integer value)
+# Minimum value: 0
+#vendordata_dynamic_read_timeout = 5
+
+#
+# Should failures to fetch dynamic vendordata be fatal to instance
+# boot?
+#
+# Related options:
+#
+# * vendordata_providers
+# * vendordata_dynamic_targets
+# * vendordata_dynamic_ssl_certfile
+# * vendordata_dynamic_connect_timeout
+# * vendordata_dynamic_read_timeout
+# (boolean value)
+#vendordata_dynamic_failure_fatal = false
+
+#
+# This option is the time (in seconds) to cache metadata. When set to
+# 0,
+# metadata caching is disabled entirely; this is generally not
+# recommended for
+# performance reasons. Increasing this setting should improve response
+# times
+# of the metadata API when under heavy load. Higher values may
+# increase memory
+# usage, and result in longer times for host metadata changes to take
+# effect.
+# (integer value)
+# Minimum value: 0
+#metadata_cache_expiration = 15
+
+#
+# Cloud providers may store custom data in vendor data file that will
+# then be
+# available to the instances via the metadata service, and to the
+# rendering of
+# config-drive. The default class for this, JsonFileVendorData, loads
+# this
+# information from a JSON file, whose path is configured by this
+# option. If
+# there is no path set by this option, the class returns an empty
+# dictionary.
+#
+# Possible values:
+#
+# * Any string representing the path to the data file, or an empty
+# string
+# (default).
+# (string value)
+#vendordata_jsonfile_path = <None>
+
+#
+# As a query can potentially return many thousands of items, you can
+# limit the
+# maximum number of items in a single response by setting this option.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/osapi_max_limit
+#max_limit = 1000
+max_limit={{ controller.osapi_max_limit|default('1000') }}
+
+#
+# This string is prepended to the normal URL that is returned in links
+# to the
+# OpenStack Compute API. If it is empty (the default), the URLs are
+# returned
+# unchanged.
+#
+# Possible values:
+#
+# * Any string, including an empty string (the default).
+# (string value)
+# Deprecated group/name - [DEFAULT]/osapi_compute_link_prefix
+#compute_link_prefix = <None>
+
+#
+# This string is prepended to the normal URL that is returned in links
+# to
+# Glance resources. If it is empty (the default), the URLs are
+# returned
+# unchanged.
+#
+# Possible values:
+#
+# * Any string, including an empty string (the default).
+# (string value)
+# Deprecated group/name - [DEFAULT]/osapi_glance_link_prefix
+#glance_link_prefix = <None>
+
+# DEPRECATED:
+# Operators can turn off the ability for a user to take snapshots of
+# their
+# instances by setting this option to False. When disabled, any
+# attempt to
+# take a snapshot will result in a HTTP 400 response ("Bad Request").
+# (boolean value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: This option disables the createImage server action API in a
+# non-discoverable way and is thus a barrier to interoperability.
+# Also, it is not used for other APIs that create snapshots like
+# shelve or createBackup. Disabling snapshots should be done via
+# policy if so desired.
+#allow_instance_snapshots = true
+
+# DEPRECATED:
+# This option is a list of all instance states for which network
+# address
+# information should not be returned from the API.
+#
+# Possible values:
+#
+# A list of strings, where each string is a valid VM state, as
+# defined in
+# nova/compute/vm_states.py. As of the Newton release, they are:
+#
+# * "active"
+# * "building"
+# * "paused"
+# * "suspended"
+# * "stopped"
+# * "rescued"
+# * "resized"
+# * "soft-delete"
+# * "deleted"
+# * "error"
+# * "shelved"
+# * "shelved_offloaded"
+# (list value)
+# Deprecated group/name - [DEFAULT]/osapi_hide_server_address_states
+# This option is deprecated for removal since 17.0.0.
+# Its value may be silently ignored in the future.
+# Reason: This option hide the server address in server representation
+# for configured server states. Which makes GET server API controlled
+# by this config options. Due to this config options, user would not
+# be able to discover the API behavior on different clouds which leads
+# to the interop issue.
+#hide_server_address_states = building
+
+# The full path to the fping binary. (string value)
+fping_path = /usr/sbin/fping
+
+#
+# When True, the TenantNetworkController will query the Neutron API to
+# get the
+# default networks to use.
+#
+# Related options:
+#
+# * neutron_default_tenant_id
+# (boolean value)
+#use_neutron_default_nets = false
+
+#
+# Tenant ID for getting the default network from Neutron API (also
+# referred in
+# some places as the 'project ID') to use.
+#
+# Related options:
+#
+# * use_neutron_default_nets
+# (string value)
+#neutron_default_tenant_id = default
+
+#
+# Enables returning of the instance password by the relevant server
+# API calls
+# such as create, rebuild, evacuate, or rescue. If the hypervisor does
+# not
+# support password injection, then the password returned will not be
+# correct,
+# so if your hypervisor does not support password injection, set this
+# to False.
+# (boolean value)
+#enable_instance_password = true
+
+
+[api_database]
+{%- set _data = {} %}
+{%- do _data.update(controller.database) %}
+{%- do _data.update({'name': 'nova_api'}) %}
+{%- if _data.ssl is defined and 'cacert_file' not in _data.get('ssl', {}).keys() %}{% do _data['ssl'].update({'cacert_file': controller.cacert_file}) %}{% endif %}
+{%- include "oslo_templates/files/queens/oslo/_database.conf" %}
+
+{%- if controller.get('barbican', {}).get('enabled', False) %}
+{%- set _data = controller.identity %}
+[barbican]
+{%- include "oslo_templates/files/queens/castellan/_barbican.conf" %}
+{%- endif %}
+
+[cache]
+
+#
+# From nova.conf
+#
+{%- if controller.cache is defined %}
+backend = oslo_cache.memcache_pool
+enabled = true
+memcache_servers={%- for member in controller.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
+{%- endif %}
+
+# Prefix for building the configuration dictionary for the cache
+# region. This should not need to be changed unless there is another
+# dogpile.cache region with the same configuration name. (string
+# value)
+#config_prefix = cache.oslo
+
+# Default TTL, in seconds, for any cached item in the dogpile.cache
+# region. This applies to any cached method that doesn't have an
+# explicit cache expiration time defined for it. (integer value)
+#expiration_time = 600
+
+# Cache backend module. For eventlet-based or environments with
+# hundreds of threaded servers, Memcache with pooling
+# (oslo_cache.memcache_pool) is recommended. For environments with
+# less than 100 threaded servers, Memcached (dogpile.cache.memcached)
+# or Redis (dogpile.cache.redis) is recommended. Test environments
+# with a single instance of the server can use the
+# dogpile.cache.memory backend. (string value)
+# Possible values:
+# oslo_cache.memcache_pool - <No description provided>
+# oslo_cache.dict - <No description provided>
+# oslo_cache.mongo - <No description provided>
+# oslo_cache.etcd3gw - <No description provided>
+# dogpile.cache.memcached - <No description provided>
+# dogpile.cache.pylibmc - <No description provided>
+# dogpile.cache.bmemcached - <No description provided>
+# dogpile.cache.dbm - <No description provided>
+# dogpile.cache.redis - <No description provided>
+# dogpile.cache.memory - <No description provided>
+# dogpile.cache.memory_pickle - <No description provided>
+# dogpile.cache.null - <No description provided>
+#backend = dogpile.cache.null
+
+# Arguments supplied to the backend module. Specify this option once
+# per argument to be passed to the dogpile.cache backend. Example
+# format: "<argname>:<value>". (multi valued)
+#backend_argument =
+
+# Proxy classes to import that will affect the way the dogpile.cache
+# backend functions. See the dogpile.cache documentation on changing-
+# backend-behavior. (list value)
+#proxies =
+
+# Global toggle for caching. (boolean value)
+#enabled = false
+
+# Extra debugging from the cache backend (cache keys,
+# get/set/delete/etc calls). This is only really useful if you need to
+# see the specific cache-backend get/set/delete calls with the
+# keys/values. Typically this should be left set to false. (boolean
+# value)
+#debug_cache_backend = false
+
+# Memcache servers in the format of "host:port".
+# (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
+# (list value)
+#memcache_servers = localhost:11211
+
+# Number of seconds memcached server is considered dead before it is
+# tried again. (dogpile.cache.memcache and oslo_cache.memcache_pool
+# backends only). (integer value)
+#memcache_dead_retry = 300
+
+# Timeout in seconds for every call to a server.
+# (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
+# (integer value)
+#memcache_socket_timeout = 3
+
+# Max total number of open connections to every memcached server.
+# (oslo_cache.memcache_pool backend only). (integer value)
+#memcache_pool_maxsize = 10
+
+# Number of seconds a connection to memcached is held unused in the
+# pool before it is closed. (oslo_cache.memcache_pool backend only).
+# (integer value)
+#memcache_pool_unused_timeout = 60
+
+# Number of seconds that an operation will wait to get a memcache
+# client connection. (integer value)
+#memcache_pool_connection_get_timeout = 10
+
+
+[cells]
+#
+# DEPRECATED: Cells options allow you to use cells v1 functionality in
+# an
+# OpenStack deployment.
+#
+# Note that the options in this group are only for cells v1
+# functionality, which
+# is considered experimental and not recommended for new deployments.
+# Cells v1
+# is being replaced with cells v2, which starting in the 15.0.0 Ocata
+# release is
+# required and all Nova deployments will be at least a cells v2 cell
+# of one.
+#
+
+#
+# From nova.conf
+#
+
+# DEPRECATED:
+# Enable cell v1 functionality.
+#
+# Note that cells v1 is considered experimental and not recommended
+# for new
+# Nova deployments. Cells v1 is being replaced by cells v2 which
+# starting in
+# the 15.0.0 Ocata release, all Nova deployments are at least a cells
+# v2 cell
+# of one. Setting this option, or any other options in the [cells]
+# group, is
+# not required for cells v2.
+#
+# When this functionality is enabled, it lets you to scale an
+# OpenStack
+# Compute cloud in a more distributed fashion without having to use
+# complicated technologies like database and message queue clustering.
+# Cells are configured as a tree. The top-level cell should have a
+# host
+# that runs a nova-api service, but no nova-compute services. Each
+# child cell should run all of the typical nova-* services in a
+# regular
+# Compute cloud except for nova-api. You can think of cells as a
+# normal
+# Compute deployment in that each cell has its own database server and
+# message queue broker.
+#
+# Related options:
+#
+# * name: A unique cell name must be given when this functionality
+# is enabled.
+# * cell_type: Cell type should be defined for all cells.
+# (boolean value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+enable = false
+
+# DEPRECATED:
+# Name of the current cell.
+#
+# This value must be unique for each cell. Name of a cell is used as
+# its id, leaving this option unset or setting the same name for
+# two or more cells may cause unexpected behaviour.
+#
+# Related options:
+#
+# * enabled: This option is meaningful only when cells service
+# is enabled
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#name = nova
+
+# DEPRECATED:
+# Cell capabilities.
+#
+# List of arbitrary key=value pairs defining capabilities of the
+# current cell to be sent to the parent cells. These capabilities
+# are intended to be used in cells scheduler filters/weighers.
+#
+# Possible values:
+#
+# * key=value pairs list for example;
+# ``hypervisor=xenserver;kvm,os=linux;windows``
+# (list value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#capabilities = hypervisor=xenserver;kvm,os=linux;windows
+
+# DEPRECATED:
+# Call timeout.
+#
+# Cell messaging module waits for response(s) to be put into the
+# eventlet queue. This option defines the seconds waited for
+# response from a call to a cell.
+#
+# Possible values:
+#
+# * An integer, corresponding to the interval time in seconds.
+# (integer value)
+# Minimum value: 0
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#call_timeout = 60
+
+# DEPRECATED:
+# Reserve percentage
+#
+# Percentage of cell capacity to hold in reserve, so the minimum
+# amount of free resource is considered to be;
+#
+# min_free = total * (reserve_percent / 100.0)
+#
+# This option affects both memory and disk utilization.
+#
+# The primary purpose of this reserve is to ensure some space is
+# available for users who want to resize their instance to be larger.
+# Note that currently once the capacity expands into this reserve
+# space this option is ignored.
+#
+# Possible values:
+#
+# * An integer or float, corresponding to the percentage of cell
+# capacity to
+# be held in reserve.
+# (floating point value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#reserve_percent = 10.0
+
+# DEPRECATED:
+# Type of cell.
+#
+# When cells feature is enabled the hosts in the OpenStack Compute
+# cloud are partitioned into groups. Cells are configured as a tree.
+# The top-level cell's cell_type must be set to ``api``. All other
+# cells are defined as a ``compute cell`` by default.
+#
+# Related option:
+#
+# * quota_driver: Disable quota checking for the child cells.
+# (nova.quota.NoopQuotaDriver)
+# (string value)
+# Possible values:
+# api - <No description provided>
+# compute - <No description provided>
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#cell_type = compute
+
+# DEPRECATED:
+# Mute child interval.
+#
+# Number of seconds after which a lack of capability and capacity
+# update the child cell is to be treated as a mute cell. Then the
+# child cell will be weighed as recommend highly that it be skipped.
+#
+# Possible values:
+#
+# * An integer, corresponding to the interval time in seconds.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#mute_child_interval = 300
+
+# DEPRECATED:
+# Bandwidth update interval.
+#
+# Seconds between bandwidth usage cache updates for cells.
+#
+# Possible values:
+#
+# * An integer, corresponding to the interval time in seconds.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#bandwidth_update_interval = 600
+
+# DEPRECATED:
+# Instance update sync database limit.
+#
+# Number of instances to pull from the database at one time for
+# a sync. If there are more instances to update the results will
+# be paged through.
+#
+# Possible values:
+#
+# * An integer, corresponding to a number of instances.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#instance_update_sync_database_limit = 100
+
+# DEPRECATED:
+# Mute weight multiplier.
+#
+# Multiplier used to weigh mute children. Mute children cells are
+# recommended to be skipped so their weight is multiplied by this
+# negative value.
+#
+# Possible values:
+#
+# * Negative numeric number
+# (floating point value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#mute_weight_multiplier = -10000.0
+
+# DEPRECATED:
+# Ram weight multiplier.
+#
+# Multiplier used for weighing ram. Negative numbers indicate that
+# Compute should stack VMs on one host instead of spreading out new
+# VMs to more hosts in the cell.
+#
+# Possible values:
+#
+# * Numeric multiplier
+# (floating point value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#ram_weight_multiplier = 10.0
+
+# DEPRECATED:
+# Offset weight multiplier
+#
+# Multiplier used to weigh offset weigher. Cells with higher
+# weight_offsets in the DB will be preferred. The weight_offset
+# is a property of a cell stored in the database. It can be used
+# by a deployer to have scheduling decisions favor or disfavor
+# cells based on the setting.
+#
+# Possible values:
+#
+# * Numeric multiplier
+# (floating point value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#offset_weight_multiplier = 1.0
+
+# DEPRECATED:
+# Instance updated at threshold
+#
+# Number of seconds after an instance was updated or deleted to
+# continue to update cells. This option lets cells manager to only
+# attempt to sync instances that have been updated recently.
+# i.e., a threshold of 3600 means to only update instances that
+# have modified in the last hour.
+#
+# Possible values:
+#
+# * Threshold in seconds
+#
+# Related options:
+#
+# * This value is used with the ``instance_update_num_instances``
+# value in a periodic task run.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#instance_updated_at_threshold = 3600
+
+# DEPRECATED:
+# Instance update num instances
+#
+# On every run of the periodic task, nova cells manager will attempt
+# to
+# sync instance_updated_at_threshold number of instances. When the
+# manager gets the list of instances, it shuffles them so that
+# multiple
+# nova-cells services do not attempt to sync the same instances in
+# lockstep.
+#
+# Possible values:
+#
+# * Positive integer number
+#
+# Related options:
+#
+# * This value is used with the ``instance_updated_at_threshold``
+# value in a periodic task run.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#instance_update_num_instances = 1
+
+# DEPRECATED:
+# Maximum hop count
+#
+# When processing a targeted message, if the local cell is not the
+# target, a route is defined between neighbouring cells. And the
+# message is processed across the whole routing path. This option
+# defines the maximum hop counts until reaching the target.
+#
+# Possible values:
+#
+# * Positive integer value
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#max_hop_count = 10
+
+# DEPRECATED:
+# Cells scheduler.
+#
+# The class of the driver used by the cells scheduler. This should be
+# the full Python path to the class to be used. If nothing is
+# specified
+# in this option, the CellsScheduler is used.
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#scheduler = nova.cells.scheduler.CellsScheduler
+
+# DEPRECATED:
+# RPC driver queue base.
+#
+# When sending a message to another cell by JSON-ifying the message
+# and making an RPC cast to 'process_message', a base queue is used.
+# This option defines the base queue name to be used when
+# communicating
+# between cells. Various topics by message type will be appended to
+# this.
+#
+# Possible values:
+#
+# * The base queue name to be used when communicating between cells.
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#rpc_driver_queue_base = cells.intercell
+
+# DEPRECATED:
+# Scheduler filter classes.
+#
+# Filter classes the cells scheduler should use. An entry of
+# "nova.cells.filters.all_filters" maps to all cells filters
+# included with nova. As of the Mitaka release the following
+# filter classes are available:
+#
+# Different cell filter: A scheduler hint of 'different_cell'
+# with a value of a full cell name may be specified to route
+# a build away from a particular cell.
+#
+# Image properties filter: Image metadata named
+# 'hypervisor_version_requires' with a version specification
+# may be specified to ensure the build goes to a cell which
+# has hypervisors of the required version. If either the version
+# requirement on the image or the hypervisor capability of the
+# cell is not present, this filter returns without filtering out
+# the cells.
+#
+# Target cell filter: A scheduler hint of 'target_cell' with a
+# value of a full cell name may be specified to route a build to
+# a particular cell. No error handling is done as there's no way
+# to know whether the full path is a valid.
+#
+# As an admin user, you can also add a filter that directs builds
+# to a particular cell.
+#
+# (list value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#scheduler_filter_classes = nova.cells.filters.all_filters
+
+# DEPRECATED:
+# Scheduler weight classes.
+#
+# Weigher classes the cells scheduler should use. An entry of
+# "nova.cells.weights.all_weighers" maps to all cell weighers
+# included with nova. As of the Mitaka release the following
+# weight classes are available:
+#
+# mute_child: Downgrades the likelihood of child cells being
+# chosen for scheduling requests, which haven't sent capacity
+# or capability updates in a while. Options include
+# mute_weight_multiplier (multiplier for mute children; value
+# should be negative).
+#
+# ram_by_instance_type: Select cells with the most RAM capacity
+# for the instance type being requested. Because higher weights
+# win, Compute returns the number of available units for the
+# instance type requested. The ram_weight_multiplier option defaults
+# to 10.0 that adds to the weight by a factor of 10. Use a negative
+# number to stack VMs on one host instead of spreading out new VMs
+# to more hosts in the cell.
+#
+# weight_offset: Allows modifying the database to weight a particular
+# cell. The highest weight will be the first cell to be scheduled for
+# launching an instance. When the weight_offset of a cell is set to 0,
+# it is unlikely to be picked but it could be picked if other cells
+# have a lower weight, like if they're full. And when the
+# weight_offset
+# is set to a very high value (for example, '999999999999999'), it is
+# likely to be picked if another cell do not have a higher weight.
+# (list value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#scheduler_weight_classes = nova.cells.weights.all_weighers
+
+# DEPRECATED:
+# Scheduler retries.
+#
+# How many retries when no cells are available. Specifies how many
+# times the scheduler tries to launch a new instance when no cells
+# are available.
+#
+# Possible values:
+#
+# * Positive integer value
+#
+# Related options:
+#
+# * This value is used with the ``scheduler_retry_delay`` value
+# while retrying to find a suitable cell.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#scheduler_retries = 10
+
+# DEPRECATED:
+# Scheduler retry delay.
+#
+# Specifies the delay (in seconds) between scheduling retries when no
+# cell can be found to place the new instance on. When the instance
+# could not be scheduled to a cell after ``scheduler_retries`` in
+# combination with ``scheduler_retry_delay``, then the scheduling
+# of the instance failed.
+#
+# Possible values:
+#
+# * Time in seconds.
+#
+# Related options:
+#
+# * This value is used with the ``scheduler_retries`` value
+# while retrying to find a suitable cell.
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#scheduler_retry_delay = 2
+
+# DEPRECATED:
+# DB check interval.
+#
+# Cell state manager updates cell status for all cells from the DB
+# only after this particular interval time is passed. Otherwise cached
+# status are used. If this value is 0 or negative all cell status are
+# updated from the DB whenever a state is needed.
+#
+# Possible values:
+#
+# * Interval time, in seconds.
+#
+# (integer value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#db_check_interval = 60
+
+# DEPRECATED:
+# Optional cells configuration.
+#
+# Configuration file from which to read cells configuration. If given,
+# overrides reading cells from the database.
+#
+# Cells store all inter-cell communication data, including user names
+# and passwords, in the database. Because the cells data is not
+# updated
+# very frequently, use this option to specify a JSON file to store
+# cells data. With this configuration, the database is no longer
+# consulted when reloading the cells data. The file must have columns
+# present in the Cell model (excluding common database fields and the
+# id column). You must specify the queue connection information
+# through
+# a transport_url field, instead of username, password, and so on.
+#
+# The transport_url has the following form:
+# rabbit://USERNAME:PASSWORD@HOSTNAME:PORT/VIRTUAL_HOST
+#
+# Possible values:
+#
+# The scheme can be either qpid or rabbit, the following sample shows
+# this optional configuration:
+#
+# {
+# "parent": {
+# "name": "parent",
+# "api_url": "http://api.example.com:8774",
+# "transport_url": "rabbit://rabbit.example.com",
+# "weight_offset": 0.0,
+# "weight_scale": 1.0,
+# "is_parent": true
+# },
+# "cell1": {
+# "name": "cell1",
+# "api_url": "http://api.example.com:8774",
+# "transport_url": "rabbit://rabbit1.example.com",
+# "weight_offset": 0.0,
+# "weight_scale": 1.0,
+# "is_parent": false
+# },
+# "cell2": {
+# "name": "cell2",
+# "api_url": "http://api.example.com:8774",
+# "transport_url": "rabbit://rabbit2.example.com",
+# "weight_offset": 0.0,
+# "weight_scale": 1.0,
+# "is_parent": false
+# }
+# }
+#
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Cells v1 is being replaced with Cells v2.
+#cells_config = <None>
+
+
+[cinder]
+
+#
+# From nova.conf
+#
+
+#
+# Info to match when looking for cinder in the service catalog.
+#
+# Possible values:
+#
+# * Format is separated values of the form:
+# <service_type>:<service_name>:<endpoint_type>
+#
+# Note: Nova does not support the Cinder v2 API since the Nova 17.0.0
+# Queens
+# release.
+#
+# Related options:
+#
+# * endpoint_template - Setting this option will override catalog_info
+# (string value)
+#catalog_info = volumev3:cinderv3:publicURL
+catalog_info = volumev3:cinderv3:internalURL
+
+#
+# If this option is set then it will override service catalog lookup
+# with
+# this template for cinder endpoint
+#
+# Possible values:
+#
+# * URL for cinder endpoint API
+# e.g. http://localhost:8776/v3/%(project_id)s
+#
+# Note: Nova does not support the Cinder v2 API since the Nova 17.0.0
+# Queens
+# release.
+#
+# Related options:
+#
+# * catalog_info - If endpoint_template is not set, catalog_info will
+# be used.
+# (string value)
+#endpoint_template = <None>
+
+# * Any string representing region name
+# (string value)
+#os_region_name = <None>
+os_region_name = {{ controller.identity.region }}
+
+#
+# Number of times cinderclient should retry on any failed http call.
+# 0 means connection is attempted only once. Setting it to any
+# positive integer
+# means that on failure connection is retried that many times e.g.
+# setting it
+# to 3 means total attempts to connect will be 4.
+#
+# Possible values:
+#
+# * Any integer value. 0 means connection is attempted only once
+# (integer value)
+# Minimum value: 0
+#http_retries = 3
+
+#
+# Allow attach between instance and volume in different availability
+# zones.
+#
+# If False, volumes attached to an instance must be in the same
+# availability
+# zone in Cinder as the instance availability zone in Nova.
+# This also means care should be taken when booting an instance from a
+# volume
+# where source is not "volume" because Nova will attempt to create a
+# volume using
+# the same availability zone as what is assigned to the instance.
+# If that AZ is not in Cinder (or
+# allow_availability_zone_fallback=False in
+# cinder.conf), the volume create request will fail and the instance
+# will fail
+# the build request.
+# By default there is no availability zone restriction on volume
+# attach.
+# (boolean value)
+#cross_az_attach = true
+{%- if controller.cross_az_attach is defined %}
+cross_az_attach={{ controller.cross_az_attach }}
+{%- endif %}
+
+{%- set _data = controller.get('cinder', controller.get('identity', {})) %}
+{%- if 'cacert_file' not in _data.keys() %}{% do _data.update({'cacert_file': controller.cacert_file}) %}{% endif %}
+{%- set auth_type = _data.get('auth_type', 'password') %}
+{%- include "oslo_templates/files/queens/keystoneauth/_type_" + auth_type + ".conf" %}
+
+[conductor]
+#
+# Options under this group are used to define Conductor's
+# communication,
+# which manager should be act as a proxy between computes and
+# database,
+# and finally, how many worker processes will be used.
+
+#
+# From nova.conf
+#
+
+# DEPRECATED:
+# Topic exchange name on which conductor nodes listen.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# There is no need to let users choose the RPC topic for all services
+# - there
+# is little gain from this. Furthermore, it makes it really easy to
+# break Nova
+# by using this option.
+#topic = conductor
+
+#
+# Number of workers for OpenStack Conductor service. The default will
+# be the
+# number of CPUs available.
+# (integer value)
+workers = {{ controller.workers }}
+
+
+[console]
+#
+# Options under this group allow to tune the configuration of the
+# console proxy
+# service.
+#
+# Note: in configuration of every compute is a ``console_host``
+# option,
+# which allows to select the console proxy service to connect to.
+
+#
+# From nova.conf
+#
+
+#
+# Adds list of allowed origins to the console websocket proxy to allow
+# connections from other origin hostnames.
+# Websocket proxy matches the host header with the origin header to
+# prevent cross-site requests. This list specifies if any there are
+# values other than host are allowed in the origin header.
+#
+# Possible values:
+#
+# * A list where each element is an allowed origin hostnames, else an
+# empty list
+# (list value)
+# Deprecated group/name - [DEFAULT]/console_allowed_origins
+#allowed_origins =
+
+
+[consoleauth]
+
+#
+# From nova.conf
+#
+
+#
+# The lifetime of a console auth token (in seconds).
+#
+# A console auth token is used in authorizing console access for a
+# user.
+# Once the auth token time to live count has elapsed, the token is
+# considered expired. Expired tokens are then deleted.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/console_token_ttl
+#token_ttl = 600
+
+[cors]
+{%- if controller.cors is defined %}
+{%- set _data = controller.cors %}
+{%- include "oslo_templates/files/queens/oslo/_cors.conf" %}
+{%- endif %}
+
+[crypto]
+
+#
+# From nova.conf
+#
+
+#
+# Filename of root CA (Certificate Authority). This is a container
+# format
+# and includes root certificates.
+#
+# Possible values:
+#
+# * Any file name containing root CA, cacert.pem is default
+#
+# Related options:
+#
+# * ca_path
+# (string value)
+#ca_file = cacert.pem
+
+#
+# Filename of a private key.
+#
+# Related options:
+#
+# * keys_path
+# (string value)
+#key_file = private/cakey.pem
+
+#
+# Filename of root Certificate Revocation List (CRL). This is a list
+# of
+# certificates that have been revoked, and therefore, entities
+# presenting
+# those (revoked) certificates should no longer be trusted.
+#
+# Related options:
+#
+# * ca_path
+# (string value)
+#crl_file = crl.pem
+
+#
+# Directory path where keys are located.
+#
+# Related options:
+#
+# * key_file
+# (string value)
+#keys_path = $state_path/keys
+
+#
+# Directory path where root CA is located.
+#
+# Related options:
+#
+# * ca_file
+# (string value)
+#ca_path = $state_path/CA
+
+# Option to enable/disable use of CA for each project. (boolean value)
+#use_project_ca = false
+
+#
+# Subject for certificate for users, %s for
+# project, user, timestamp
+# (string value)
+#user_cert_subject = /C=US/ST=California/O=OpenStack/OU=NovaDev/CN=%.16s-%.16s-%s
+
+#
+# Subject for certificate for projects, %s for
+# project, timestamp
+# (string value)
+#project_cert_subject = /C=US/ST=California/O=OpenStack/OU=NovaDev/CN=project-ca-%.16s-%s
+
+
+[devices]
+
+#
+# From nova.conf
+#
+
+#
+# A list of the vGPU types enabled in the compute node.
+#
+# Some pGPUs (e.g. NVIDIA GRID K1) support different vGPU types. User
+# can use
+# this option to specify a list of enabled vGPU types that may be
+# assigned to a
+# guest instance. But please note that Nova only supports a single
+# type in the
+# Queens release. If more than one vGPU type is specified (as a comma-
+# separated
+# list), only the first one will be used. An example is as the
+# following:
+# [devices]
+# enabled_vgpu_types = GRID K100,Intel GVT-g,MxGPU.2,nvidia-11
+# (list value)
+#enabled_vgpu_types =
+
+
+[ephemeral_storage_encryption]
+
+#
+# From nova.conf
+#
+
+#
+# Enables/disables LVM ephemeral storage encryption.
+# (boolean value)
+#enabled = false
+
+#
+# Cipher-mode string to be used.
+#
+# The cipher and mode to be used to encrypt ephemeral storage. The set
+# of
+# cipher-mode combinations available depends on kernel support.
+# According
+# to the dm-crypt documentation, the cipher is expected to be in the
+# format:
+# "<cipher>-<chainmode>-<ivmode>".
+#
+# Possible values:
+#
+# * Any crypto option listed in ``/proc/crypto``.
+# (string value)
+#cipher = aes-xts-plain64
+
+#
+# Encryption key length in bits.
+#
+# The bit length of the encryption key to be used to encrypt ephemeral
+# storage.
+# In XTS mode only half of the bits are used for encryption key.
+# (integer value)
+# Minimum value: 1
+#key_size = 512
+
+
+[filter_scheduler]
+
+#
+# From nova.conf
+#
+
+#
+# Size of subset of best hosts selected by scheduler.
+#
+# New instances will be scheduled on a host chosen randomly from a
+# subset of the
+# N best hosts, where N is the value set by this option.
+#
+# Setting this to a value greater than 1 will reduce the chance that
+# multiple
+# scheduler processes handling similar requests will select the same
+# host,
+# creating a potential race condition. By selecting a host randomly
+# from the N
+# hosts that best fit the request, the chance of a conflict is
+# reduced. However,
+# the higher you set this value, the less optimal the chosen host may
+# be for a
+# given request.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * An integer, where the integer corresponds to the size of a host
+# subset. Any
+# integer is valid, although any value less than 1 will be treated
+# as 1
+# (integer value)
+# Minimum value: 1
+# Deprecated group/name - [DEFAULT]/scheduler_host_subset_size
+host_subset_size = 30
+
+#
+# The number of instances that can be actively performing IO on a
+# host.
+#
+# Instances performing IO includes those in the following states:
+# build, resize,
+# snapshot, migrate, rescue, unshelve.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the 'io_ops_filter' filter is enabled.
+#
+# Possible values:
+#
+# * An integer, where the integer corresponds to the max number of
+# instances
+# that can be actively performing IO on any given host.
+# (integer value)
+max_io_ops_per_host = 8
+
+#
+# Maximum number of instances that be active on a host.
+#
+# If you need to limit the number of instances on any given host, set
+# this option
+# to the maximum number of instances you want to allow. The
+# num_instances_filter
+# will reject any host that has at least as many instances as this
+# option's
+# value.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the 'num_instances_filter' filter is
+# enabled.
+#
+# Possible values:
+#
+# * An integer, where the integer corresponds to the max instances
+# that can be
+# scheduled on a host.
+# (integer value)
+# Minimum value: 1
+max_instances_per_host = 50
+
+#
+# Enable querying of individual hosts for instance information.
+#
+# The scheduler may need information about the instances on a host in
+# order to
+# evaluate its filters and weighers. The most common need for this
+# information is
+# for the (anti-)affinity filters, which need to choose a host based
+# on the
+# instances already running on a host.
+#
+# If the configured filters and weighers do not need this information,
+# disabling
+# this option will improve performance. It may also be disabled when
+# the tracking
+# overhead proves too heavy, although this will cause classes
+# requiring host
+# usage data to query the database on each request instead.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# NOTE: In a multi-cell (v2) setup where the cell MQ is separated from
+# the
+# top-level, computes cannot directly communicate with the scheduler.
+# Thus,
+# this option cannot be enabled in that scenario. See also the
+# [workarounds]/disable_group_policy_check_upcall option.
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/scheduler_tracks_instance_changes
+#track_instance_changes = true
+
+#
+# Filters that the scheduler can use.
+#
+# An unordered list of the filter classes the nova scheduler may
+# apply. Only the
+# filters specified in the 'enabled_filters' option will be used, but
+# any filter appearing in that option must also be included in this
+# list.
+#
+# By default, this is set to all filters that are included with nova.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more strings, where each string corresponds to
+# the name of
+# a filter that may be used for selecting a host
+#
+# Related options:
+#
+# * enabled_filters
+# (multi valued)
+# Deprecated group/name - [DEFAULT]/scheduler_available_filters
+#available_filters = nova.scheduler.filters.all_filters
+available_filters=nova.scheduler.filters.all_filters
+available_filters=nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter
+{% for filter in controller.get('scheduler_custom_filters', []) %}
+scheduler_available_filters = {{ filter }}
+{% endfor %}
+
+#
+# Filters that the scheduler will use.
+#
+# An ordered list of filter class names that will be used for
+# filtering
+# hosts. These filters will be applied in the order they are listed so
+# place your most restrictive filters first to make the filtering
+# process more
+# efficient.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more strings, where each string corresponds to
+# the name of
+# a filter to be used for selecting a host
+#
+# Related options:
+#
+# * All of the filters in this option *must* be present in the
+# 'scheduler_available_filters' option, or a
+# SchedulerHostFilterNotFound
+# exception will be raised.
+# (list value)
+# Deprecated group/name - [DEFAULT]/scheduler_default_filters
+#enabled_filters = RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter
+enabled_filters={{ controller.scheduler_default_filters }}
+
+# DEPRECATED:
+# Filters used for filtering baremetal hosts.
+#
+# Filters are applied in order, so place your most restrictive filters
+# first to
+# make the filtering process more efficient.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more strings, where each string corresponds to
+# the name of
+# a filter to be used for selecting a baremetal host
+#
+# Related options:
+#
+# * If the 'scheduler_use_baremetal_filters' option is False, this
+# option has
+# no effect.
+# (list value)
+# Deprecated group/name - [DEFAULT]/baremetal_scheduler_default_filters
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason:
+# These filters were used to overcome some of the baremetal scheduling
+# limitations in Nova prior to the use of the Placement API. Now
+# scheduling will
+# use the custom resource class defined for each baremetal node to
+# make its
+# selection.
+#baremetal_enabled_filters = RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ExactRamFilter,ExactDiskFilter,ExactCoreFilter
+
+# DEPRECATED:
+# Enable baremetal filters.
+#
+# Set this to True to tell the nova scheduler that it should use the
+# filters
+# specified in the 'baremetal_enabled_filters' option. If you are not
+# scheduling baremetal nodes, leave this at the default setting of
+# False.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Related options:
+#
+# * If this option is set to True, then the filters specified in the
+# 'baremetal_enabled_filters' are used instead of the filters
+# specified in 'enabled_filters'.
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/scheduler_use_baremetal_filters
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason:
+# These filters were used to overcome some of the baremetal scheduling
+# limitations in Nova prior to the use of the Placement API. Now
+# scheduling will
+# use the custom resource class defined for each baremetal node to
+# make its
+# selection.
+#use_baremetal_filters = false
+
+#
+# Weighers that the scheduler will use.
+#
+# Only hosts which pass the filters are weighed. The weight for any
+# host starts
+# at 0, and the weighers order these hosts by adding to or subtracting
+# from the
+# weight assigned by the previous weigher. Weights may become
+# negative. An
+# instance will be scheduled to one of the N most-weighted hosts,
+# where N is
+# 'scheduler_host_subset_size'.
+#
+# By default, this is set to all weighers that are included with Nova.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more strings, where each string corresponds to
+# the name of
+# a weigher that will be used for selecting a host
+# (list value)
+# Deprecated group/name - [DEFAULT]/scheduler_weight_classes
+#weight_classes = nova.scheduler.weights.all_weighers
+
+#
+# Ram weight multipler ratio.
+#
+# This option determines how hosts with more or less available RAM are
+# weighed. A
+# positive value will result in the scheduler preferring hosts with
+# more
+# available RAM, and a negative number will result in the scheduler
+# preferring
+# hosts with less available RAM. Another way to look at it is that
+# positive
+# values for this option will tend to spread instances across many
+# hosts, while
+# negative values will tend to fill up (stack) hosts as much as
+# possible before
+# scheduling to a less-used host. The absolute value, whether positive
+# or
+# negative, controls how strong the RAM weigher is relative to other
+# weighers.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the 'ram' weigher is enabled.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the
+# multipler
+# ratio for this weigher.
+# (floating point value)
+#ram_weight_multiplier = 1.0
+
+#
+# Disk weight multipler ratio.
+#
+# Multiplier used for weighing free disk space. Negative numbers mean
+# to
+# stack vs spread.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the 'disk' weigher is enabled.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the
+# multipler
+# ratio for this weigher.
+# (floating point value)
+#disk_weight_multiplier = 1.0
+
+#
+# IO operations weight multipler ratio.
+#
+# This option determines how hosts with differing workloads are
+# weighed. Negative
+# values, such as the default, will result in the scheduler preferring
+# hosts with
+# lighter workloads whereas positive values will prefer hosts with
+# heavier
+# workloads. Another way to look at it is that positive values for
+# this option
+# will tend to schedule instances onto hosts that are already busy,
+# while
+# negative values will tend to distribute the workload across more
+# hosts. The
+# absolute value, whether positive or negative, controls how strong
+# the io_ops
+# weigher is relative to other weighers.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the 'io_ops' weigher is enabled.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the
+# multipler
+# ratio for this weigher.
+# (floating point value)
+#io_ops_weight_multiplier = -1.0
+
+#
+# PCI device affinity weight multiplier.
+#
+# The PCI device affinity weighter computes a weighting based on the
+# number of
+# PCI devices on the host and the number of PCI devices requested by
+# the
+# instance. The ``NUMATopologyFilter`` filter must be enabled for this
+# to have
+# any significance. For more information, refer to the filter
+# documentation:
+#
+# https://docs.openstack.org/nova/latest/user/filter-
+# scheduler.html
+#
+# Possible values:
+#
+# * A positive integer or float value, where the value corresponds to
+# the
+# multiplier ratio for this weigher.
+# (floating point value)
+# Minimum value: 0
+#pci_weight_multiplier = 1.0
+
+#
+# Multiplier used for weighing hosts for group soft-affinity.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to weight
+# multiplier
+# for hosts with group soft affinity. Only a positive value are
+# meaningful, as
+# negative values would make this behave as a soft anti-affinity
+# weigher.
+# (floating point value)
+#soft_affinity_weight_multiplier = 1.0
+
+#
+# Multiplier used for weighing hosts for group soft-anti-affinity.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to weight
+# multiplier
+# for hosts with group soft anti-affinity. Only a positive value are
+# meaningful, as negative values would make this behave as a soft
+# affinity
+# weigher.
+# (floating point value)
+#soft_anti_affinity_weight_multiplier = 1.0
+
+#
+# Enable spreading the instances between hosts with the same best
+# weight.
+#
+# Enabling it is beneficial for cases when host_subset_size is 1
+# (default), but there is a large number of hosts with same maximal
+# weight.
+# This scenario is common in Ironic deployments where there are
+# typically many
+# baremetal nodes with identical weights returned to the scheduler.
+# In such case enabling this option will reduce contention and chances
+# for
+# rescheduling events.
+# At the same time it will make the instance packing (even in
+# unweighed case)
+# less dense.
+# (boolean value)
+#shuffle_best_same_weighed_hosts = false
+
+#
+# The default architecture to be used when using the image properties
+# filter.
+#
+# When using the ImagePropertiesFilter, it is possible that you want
+# to define
+# a default architecture to make the user experience easier and avoid
+# having
+# something like x86_64 images landing on aarch64 compute nodes
+# because the
+# user did not specify the 'hw_architecture' property in Glance.
+#
+# Possible values:
+#
+# * CPU Architectures such as x86_64, aarch64, s390x.
+# (string value)
+# Possible values:
+# alpha - <No description provided>
+# armv6 - <No description provided>
+# armv7l - <No description provided>
+# armv7b - <No description provided>
+# aarch64 - <No description provided>
+# cris - <No description provided>
+# i686 - <No description provided>
+# ia64 - <No description provided>
+# lm32 - <No description provided>
+# m68k - <No description provided>
+# microblaze - <No description provided>
+# microblazeel - <No description provided>
+# mips - <No description provided>
+# mipsel - <No description provided>
+# mips64 - <No description provided>
+# mips64el - <No description provided>
+# openrisc - <No description provided>
+# parisc - <No description provided>
+# parisc64 - <No description provided>
+# ppc - <No description provided>
+# ppcle - <No description provided>
+# ppc64 - <No description provided>
+# ppc64le - <No description provided>
+# ppcemb - <No description provided>
+# s390 - <No description provided>
+# s390x - <No description provided>
+# sh4 - <No description provided>
+# sh4eb - <No description provided>
+# sparc - <No description provided>
+# sparc64 - <No description provided>
+# unicore32 - <No description provided>
+# x86_64 - <No description provided>
+# xtensa - <No description provided>
+# xtensaeb - <No description provided>
+#image_properties_default_architecture = <None>
+
+#
+# List of UUIDs for images that can only be run on certain hosts.
+#
+# If there is a need to restrict some images to only run on certain
+# designated
+# hosts, list those image UUIDs here.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the 'IsolatedHostsFilter' filter is
+# enabled.
+#
+# Possible values:
+#
+# * A list of UUID strings, where each string corresponds to the UUID
+# of an
+# image
+#
+# Related options:
+#
+# * scheduler/isolated_hosts
+# * scheduler/restrict_isolated_hosts_to_isolated_images
+# (list value)
+#isolated_images =
+
+#
+# List of hosts that can only run certain images.
+#
+# If there is a need to restrict some images to only run on certain
+# designated
+# hosts, list those host names here.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the 'IsolatedHostsFilter' filter is
+# enabled.
+#
+# Possible values:
+#
+# * A list of strings, where each string corresponds to the name of a
+# host
+#
+# Related options:
+#
+# * scheduler/isolated_images
+# * scheduler/restrict_isolated_hosts_to_isolated_images
+# (list value)
+#isolated_hosts =
+
+#
+# Prevent non-isolated images from being built on isolated hosts.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the 'IsolatedHostsFilter' filter is
+# enabled. Even
+# then, this option doesn't affect the behavior of requests for
+# isolated images,
+# which will *always* be restricted to isolated hosts.
+#
+# Related options:
+#
+# * scheduler/isolated_images
+# * scheduler/isolated_hosts
+# (boolean value)
+#restrict_isolated_hosts_to_isolated_images = true
+
+#
+# Image property namespace for use in the host aggregate.
+#
+# Images and hosts can be configured so that certain images can only
+# be scheduled
+# to hosts in a particular aggregate. This is done with metadata
+# values set on
+# the host aggregate that are identified by beginning with the value
+# of this
+# option. If the host is part of an aggregate with such a metadata
+# key, the image
+# in the request spec must have the value of that metadata in its
+# properties in
+# order for the scheduler to consider the host as acceptable.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the
+# 'aggregate_image_properties_isolation' filter is
+# enabled.
+#
+# Possible values:
+#
+# * A string, where the string corresponds to an image property
+# namespace
+#
+# Related options:
+#
+# * aggregate_image_properties_isolation_separator
+# (string value)
+#aggregate_image_properties_isolation_namespace = <None>
+
+#
+# Separator character(s) for image property namespace and name.
+#
+# When using the aggregate_image_properties_isolation filter, the
+# relevant
+# metadata keys are prefixed with the namespace defined in the
+# aggregate_image_properties_isolation_namespace configuration option
+# plus a
+# separator. This option defines the separator to be used.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect. Also note that
+# this setting
+# only affects scheduling if the
+# 'aggregate_image_properties_isolation' filter
+# is enabled.
+#
+# Possible values:
+#
+# * A string, where the string corresponds to an image property
+# namespace
+# separator character
+#
+# Related options:
+#
+# * aggregate_image_properties_isolation_namespace
+# (string value)
+#aggregate_image_properties_isolation_separator = .
+
+
+[glance]
+# Configuration options for the Image service
+
+#
+# From nova.conf
+#
+
+#
+# List of glance api servers endpoints available to nova.
+#
+# https is used for ssl-based glance api servers.
+#
+# NOTE: The preferred mechanism for endpoint discovery is via
+# keystoneauth1
+# loading options. Only use api_servers if you need multiple endpoints
+# and are
+# unable to use a load balancer for some reason.
+#
+# Possible values:
+#
+# * A list of any fully qualified url of the form
+# "scheme://hostname:port[/path]"
+# (i.e. "http://10.0.1.0:9292" or "https://my.glance.server/image").
+# (list value)
+#api_servers = <None>
+api_servers = {{ controller.glance.get('protocol', 'http') }}://{{ controller.glance.host }}:{{ controller.glance.get('port', 9292) }}
+
+#
+# Enable glance operation retries.
+#
+# Specifies the number of retries when uploading / downloading
+# an image to / from glance. 0 means no retries.
+# (integer value)
+# Minimum value: 0
+#num_retries = 0
+
+# DEPRECATED:
+# List of url schemes that can be directly accessed.
+#
+# This option specifies a list of url schemes that can be downloaded
+# directly via the direct_url. This direct_URL can be fetched from
+# Image metadata which can be used by nova to get the
+# image more efficiently. nova-compute could benefit from this by
+# invoking a copy when it has access to the same file system as
+# glance.
+#
+# Possible values:
+#
+# * [file], Empty list (default)
+# (list value)
+# This option is deprecated for removal since 17.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# This was originally added for the 'nova.image.download.file'
+# FileTransfer
+# extension which was removed in the 16.0.0 Pike release. The
+# 'nova.image.download.modules' extension point is not maintained
+# and there is no indication of its use in production clouds.
+#allowed_direct_url_schemes =
+
+#
+# Enable image signature verification.
+#
+# nova uses the image signature metadata from glance and verifies the
+# signature
+# of a signed image while downloading that image. If the image
+# signature cannot
+# be verified or if the image signature metadata is either incomplete
+# or
+# unavailable, then nova will not boot the image and instead will
+# place the
+# instance into an error state. This provides end users with stronger
+# assurances
+# of the integrity of the image data they are using to create servers.
+#
+# Related options:
+#
+# * The options in the `key_manager` group, as the key_manager is used
+# for the signature validation.
+# * Both enable_certificate_validation and
+# default_trusted_certificate_ids
+# below depend on this option being enabled.
+# (boolean value)
+{%- if controller.get('barbican', {}).get('enabled', False) %}
+verify_glance_signatures=true
+{%- else %}
+#verify_glance_signatures=false
+{%- endif %}
+
+# DEPRECATED:
+# Enable certificate validation for image signature verification.
+#
+# During image signature verification nova will first verify the
+# validity of the
+# image's signing certificate using the set of trusted certificates
+# associated
+# with the instance. If certificate validation fails, signature
+# verification
+# will not be performed and the image will be placed into an error
+# state. This
+# provides end users with stronger assurances that the image data is
+# unmodified
+# and trustworthy. If left disabled, image signature verification can
+# still
+# occur but the end user will not have any assurance that the signing
+# certificate used to generate the image signature is still
+# trustworthy.
+#
+# Related options:
+#
+# * This option only takes effect if verify_glance_signatures is
+# enabled.
+# * The value of default_trusted_certificate_ids may be used when this
+# option
+# is enabled.
+# (boolean value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# This option is intended to ease the transition for deployments
+# leveraging
+# image signature verification. The intended state long-term is for
+# signature
+# verification and certificate validation to always happen together.
+#enable_certificate_validation = false
+
+#
+# List of certificate IDs for certificates that should be trusted.
+#
+# May be used as a default list of trusted certificate IDs for
+# certificate
+# validation. The value of this option will be ignored if the user
+# provides a
+# list of trusted certificate IDs with an instance API request. The
+# value of
+# this option will be persisted with the instance data if signature
+# verification
+# and certificate validation are enabled and if the user did not
+# provide an
+# alternative list. If left empty when certificate validation is
+# enabled the
+# user must provide a list of trusted certificate IDs otherwise
+# certificate
+# validation will fail.
+#
+# Related options:
+#
+# * The value of this option may be used if both
+# verify_glance_signatures and
+# enable_certificate_validation are enabled.
+# (list value)
+#default_trusted_certificate_ids =
+
+# Enable or disable debug logging with glanceclient. (boolean value)
+#debug = false
+
+# PEM encoded Certificate Authority to use when verifying HTTPs
+# connections. (string value)
+#cafile = <None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile = <None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# The default service_type for endpoint URL discovery. (string value)
+#service_type = image
+
+# The default service_name for endpoint URL discovery. (string value)
+#service_name = <None>
+
+# List of interfaces, in order of preference, for endpoint URL. (list
+# value)
+#valid_interfaces = internal,public
+
+# The default region_name for endpoint URL discovery. (string value)
+#region_name = <None>
+
+# Always use this endpoint URL for requests for this client. NOTE: The
+# unversioned endpoint should be specified here; to request a
+# particular API version, use the `version`, `min-version`, and/or
+# `max-version` options. (string value)
+#endpoint_override = <None>
+
+
+[guestfs]
+#
+# libguestfs is a set of tools for accessing and modifying virtual
+# machine (VM) disk images. You can use this for viewing and editing
+# files inside guests, scripting changes to VMs, monitoring disk
+# used/free statistics, creating guests, P2V, V2V, performing backups,
+# cloning VMs, building VMs, formatting disks and resizing disks.
+
+#
+# From nova.conf
+#
+
+#
+# Enable/disables guestfs logging.
+#
+# This configures guestfs to debug messages and push them to OpenStack
+# logging system. When set to True, it traces libguestfs API calls and
+# enable verbose debug messages. In order to use the above feature,
+# "libguestfs" package must be installed.
+#
+# Related options:
+# Since libguestfs access and modifies VM's managed by libvirt, below
+# options
+# should be set to give access to those VM's.
+# * libvirt.inject_key
+# * libvirt.inject_partition
+# * libvirt.inject_password
+# (boolean value)
+#debug = false
+
+
+[hyperv]
+#
+# The hyperv feature allows you to configure the Hyper-V hypervisor
+# driver to be used within an OpenStack deployment.
+
+#
+# From nova.conf
+#
+
+#
+# Dynamic memory ratio
+#
+# Enables dynamic memory allocation (ballooning) when set to a value
+# greater than 1. The value expresses the ratio between the total RAM
+# assigned to an instance and its startup RAM amount. For example a
+# ratio of 2.0 for an instance with 1024MB of RAM implies 512MB of
+# RAM allocated at startup.
+#
+# Possible values:
+#
+# * 1.0: Disables dynamic memory allocation (Default).
+# * Float values greater than 1.0: Enables allocation of total implied
+# RAM divided by this value for startup.
+# (floating point value)
+#dynamic_memory_ratio = 1.0
+
+#
+# Enable instance metrics collection
+#
+# Enables metrics collections for an instance by using Hyper-V's
+# metric APIs. Collected data can be retrieved by other apps and
+# services, e.g.: Ceilometer.
+# (boolean value)
+#enable_instance_metrics_collection = false
+
+#
+# Instances path share
+#
+# The name of a Windows share mapped to the "instances_path" dir
+# and used by the resize feature to copy files to the target host.
+# If left blank, an administrative share (hidden network share) will
+# be used, looking for the same "instances_path" used locally.
+#
+# Possible values:
+#
+# * "": An administrative share will be used (Default).
+# * Name of a Windows share.
+#
+# Related options:
+#
+# * "instances_path": The directory which will be used if this option
+# here is left blank.
+# (string value)
+#instances_path_share =
+
+#
+# Limit CPU features
+#
+# This flag is needed to support live migration to hosts with
+# different CPU features and checked during instance creation
+# in order to limit the CPU features used by the instance.
+# (boolean value)
+#limit_cpu_features = false
+
+#
+# Mounted disk query retry count
+#
+# The number of times to retry checking for a mounted disk.
+# The query runs until the device can be found or the retry
+# count is reached.
+#
+# Possible values:
+#
+# * Positive integer values. Values greater than 1 is recommended
+# (Default: 10).
+#
+# Related options:
+#
+# * Time interval between disk mount retries is declared with
+# "mounted_disk_query_retry_interval" option.
+# (integer value)
+# Minimum value: 0
+#mounted_disk_query_retry_count = 10
+
+#
+# Mounted disk query retry interval
+#
+# Interval between checks for a mounted disk, in seconds.
+#
+# Possible values:
+#
+# * Time in seconds (Default: 5).
+#
+# Related options:
+#
+# * This option is meaningful when the mounted_disk_query_retry_count
+# is greater than 1.
+# * The retry loop runs with mounted_disk_query_retry_count and
+# mounted_disk_query_retry_interval configuration options.
+# (integer value)
+# Minimum value: 0
+#mounted_disk_query_retry_interval = 5
+
+#
+# Power state check timeframe
+#
+# The timeframe to be checked for instance power state changes.
+# This option is used to fetch the state of the instance from Hyper-V
+# through the WMI interface, within the specified timeframe.
+#
+# Possible values:
+#
+# * Timeframe in seconds (Default: 60).
+# (integer value)
+# Minimum value: 0
+#power_state_check_timeframe = 60
+
+#
+# Power state event polling interval
+#
+# Instance power state change event polling frequency. Sets the
+# listener interval for power state events to the given value.
+# This option enhances the internal lifecycle notifications of
+# instances that reboot themselves. It is unlikely that an operator
+# has to change this value.
+#
+# Possible values:
+#
+# * Time in seconds (Default: 2).
+# (integer value)
+# Minimum value: 0
+#power_state_event_polling_interval = 2
+
+#
+# qemu-img command
+#
+# qemu-img is required for some of the image related operations
+# like converting between different image types. You can get it
+# from here: (http://qemu.weilnetz.de/) or you can install the
+# Cloudbase OpenStack Hyper-V Compute Driver
+# (https://cloudbase.it/openstack-hyperv-driver/) which automatically
+# sets the proper path for this config option. You can either give the
+# full path of qemu-img.exe or set its path in the PATH environment
+# variable and leave this option to the default value.
+#
+# Possible values:
+#
+# * Name of the qemu-img executable, in case it is in the same
+# directory as the nova-compute service or its path is in the
+# PATH environment variable (Default).
+# * Path of qemu-img command (DRIVELETTER:\PATH\TO\QEMU-IMG\COMMAND).
+#
+# Related options:
+#
+# * If the config_drive_cdrom option is False, qemu-img will be used
+# to
+# convert the ISO to a VHD, otherwise the configuration drive will
+# remain an ISO. To use configuration drive with Hyper-V, you must
+# set the mkisofs_cmd value to the full path to an mkisofs.exe
+# installation.
+# (string value)
+#qemu_img_cmd = qemu-img.exe
+
+#
+# External virtual switch name
+#
+# The Hyper-V Virtual Switch is a software-based layer-2 Ethernet
+# network switch that is available with the installation of the
+# Hyper-V server role. The switch includes programmatically managed
+# and extensible capabilities to connect virtual machines to both
+# virtual networks and the physical network. In addition, Hyper-V
+# Virtual Switch provides policy enforcement for security, isolation,
+# and service levels. The vSwitch represented by this config option
+# must be an external one (not internal or private).
+#
+# Possible values:
+#
+# * If not provided, the first of a list of available vswitches
+# is used. This list is queried using WQL.
+# * Virtual switch name.
+# (string value)
+#vswitch_name = <None>
+
+#
+# Wait soft reboot seconds
+#
+# Number of seconds to wait for instance to shut down after soft
+# reboot request is made. We fall back to hard reboot if instance
+# does not shutdown within this window.
+#
+# Possible values:
+#
+# * Time in seconds (Default: 60).
+# (integer value)
+# Minimum value: 0
+#wait_soft_reboot_seconds = 60
+
+#
+# Configuration drive cdrom
+#
+# OpenStack can be configured to write instance metadata to
+# a configuration drive, which is then attached to the
+# instance before it boots. The configuration drive can be
+# attached as a disk drive (default) or as a CD drive.
+#
+# Possible values:
+#
+# * True: Attach the configuration drive image as a CD drive.
+# * False: Attach the configuration drive image as a disk drive
+# (Default).
+#
+# Related options:
+#
+# * This option is meaningful with force_config_drive option set to
+# 'True'
+# or when the REST API call to create an instance will have
+# '--config-drive=True' flag.
+# * config_drive_format option must be set to 'iso9660' in order to
+# use
+# CD drive as the configuration drive image.
+# * To use configuration drive with Hyper-V, you must set the
+# mkisofs_cmd value to the full path to an mkisofs.exe installation.
+# Additionally, you must set the qemu_img_cmd value to the full path
+# to an qemu-img command installation.
+# * You can configure the Compute service to always create a
+# configuration
+# drive by setting the force_config_drive option to 'True'.
+# (boolean value)
+#config_drive_cdrom = false
+
+#
+# Configuration drive inject password
+#
+# Enables setting the admin password in the configuration drive image.
+#
+# Related options:
+#
+# * This option is meaningful when used with other options that enable
+# configuration drive usage with Hyper-V, such as
+# force_config_drive.
+# * Currently, the only accepted config_drive_format is 'iso9660'.
+# (boolean value)
+#config_drive_inject_password = false
+
+#
+# Volume attach retry count
+#
+# The number of times to retry attaching a volume. Volume attachment
+# is retried until success or the given retry count is reached.
+#
+# Possible values:
+#
+# * Positive integer values (Default: 10).
+#
+# Related options:
+#
+# * Time interval between attachment attempts is declared with
+# volume_attach_retry_interval option.
+# (integer value)
+# Minimum value: 0
+#volume_attach_retry_count = 10
+
+#
+# Volume attach retry interval
+#
+# Interval between volume attachment attempts, in seconds.
+#
+# Possible values:
+#
+# * Time in seconds (Default: 5).
+#
+# Related options:
+#
+# * This options is meaningful when volume_attach_retry_count
+# is greater than 1.
+# * The retry loop runs with volume_attach_retry_count and
+# volume_attach_retry_interval configuration options.
+# (integer value)
+# Minimum value: 0
+#volume_attach_retry_interval = 5
+
+#
+# Enable RemoteFX feature
+#
+# This requires at least one DirectX 11 capable graphics adapter for
+# Windows / Hyper-V Server 2012 R2 or newer and RDS-Virtualization
+# feature has to be enabled.
+#
+# Instances with RemoteFX can be requested with the following flavor
+# extra specs:
+#
+# **os:resolution**. Guest VM screen resolution size. Acceptable
+# values::
+#
+# 1024x768, 1280x1024, 1600x1200, 1920x1200, 2560x1600, 3840x2160
+#
+# ``3840x2160`` is only available on Windows / Hyper-V Server 2016.
+#
+# **os:monitors**. Guest VM number of monitors. Acceptable values::
+#
+# [1, 4] - Windows / Hyper-V Server 2012 R2
+# [1, 8] - Windows / Hyper-V Server 2016
+#
+# **os:vram**. Guest VM VRAM amount. Only available on
+# Windows / Hyper-V Server 2016. Acceptable values::
+#
+# 64, 128, 256, 512, 1024
+# (boolean value)
+#enable_remotefx = false
+
+#
+# Use multipath connections when attaching iSCSI or FC disks.
+#
+# This requires the Multipath IO Windows feature to be enabled. MPIO
+# must be
+# configured to claim such devices.
+# (boolean value)
+#use_multipath_io = false
+
+#
+# List of iSCSI initiators that will be used for estabilishing iSCSI
+# sessions.
+#
+# If none are specified, the Microsoft iSCSI initiator service will
+# choose the
+# initiator.
+# (list value)
+#iscsi_initiator_list =
+
+{% if controller.ironic is defined -%}
+[ironic]
+#
+# Configuration options for Ironic driver (Bare Metal).
+# If using the Ironic driver following options must be set:
+# * auth_type
+# * auth_url
+# * project_name
+# * username
+# * password
+# * project_domain_id or project_domain_name
+# * user_domain_id or user_domain_name
+
+#
+# From nova.conf
+#
+
+# DEPRECATED: URL override for the Ironic API endpoint. (uri value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Endpoint lookup uses the service catalog via common
+# keystoneauth1 Adapter configuration options. In the current release,
+# api_endpoint will override this behavior, but will be ignored and/or
+# removed in a future release. To achieve the same result, use the
+# endpoint_override option instead.
+#api_endpoint = http://ironic.example.org:6385/
+api_endpoint={{ controller.ironic.get('protocol', 'http') }}://{{ controller.ironic.host }}:{{ controller.ironic.port }}
+
+#
+# The number of times to retry when a request conflicts.
+# If set to 0, only try once, no retries.
+#
+# Related options:
+#
+# * api_retry_interval
+# (integer value)
+# Minimum value: 0
+#api_max_retries = 60
+
+#
+# The number of seconds to wait before retrying the request.
+#
+# Related options:
+#
+# * api_max_retries
+# (integer value)
+# Minimum value: 0
+#api_retry_interval = 2
+
+# Timeout (seconds) to wait for node serial console state changed. Set
+# to 0 to disable timeout. (integer value)
+# Minimum value: 0
+#serial_console_state_timeout = 10
+
+# PEM encoded Certificate Authority to use when verifying HTTPs
+# connections. (string value)
+#cafile = <None>
+{%- if controller.ironic.get('protocol', 'http') == 'https' %}
+cafile={{ controller.identity.get('cacert_file', controller.cacert_file) }}
+{%- endif %}
+
+# PEM encoded client certificate cert file (string value)
+#certfile = <None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Authentication type to load (string value)
+# Deprecated group/name - [ironic]/auth_plugin
+#auth_type = <None>
+auth_type={{ controller.ironic.auth_type }}
+
+# Config Section from which to load plugin specific options (string
+# value)
+#auth_section = <None>
+
+# Authentication URL (string value)
+#auth_url = <None>
+auth_url={{ controller.identity.get('protocol', 'http') }}://{{ controller.identity.host }}:{{ controller.identity.port }}/v3
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+#project_name = <None>
+project_name={{ controller.identity.tenant }}
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+project_domain_name={{ controller.ironic.project_domain_name }}
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# User ID (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [ironic]/user_name
+#username = <None>
+username={{ controller.ironic.user }}
+
+# User's domain id (string value)
+#user_domain_id = <None>
+
+# User's domain name (string value)
+#user_domain_name = <None>
+user_domain_name={{ controller.ironic.user_domain_name }}
+
+
+# User's password (string value)
+#password = <None>
+password={{ controller.ironic.password }}
+# The default service_type for endpoint URL discovery. (string value)
+#service_type = baremetal
+
+# The default service_name for endpoint URL discovery. (string value)
+#service_name = <None>
+
+# List of interfaces, in order of preference, for endpoint URL. (list
+# value)
+#valid_interfaces = internal,public
+
+# The default region_name for endpoint URL discovery. (string value)
+#region_name = <None>
+
+# Always use this endpoint URL for requests for this client. NOTE: The
+# unversioned endpoint should be specified here; to request a
+# particular API version, use the `version`, `min-version`, and/or
+# `max-version` options. (string value)
+# Deprecated group/name - [ironic]/api_endpoint
+#endpoint_override = <None>
+{%- endif %}
+
+
+[key_manager]
+
+#
+# From nova.conf
+#
+
+#
+# Fixed key returned by key manager, specified in hex.
+#
+# Possible values:
+#
+# * Empty string or a key in hex value
+# (string value)
+#fixed_key = <None>
+{%- if controller.get('barbican', {}).get('enabled', False) %}
+api_class=castellan.key_manager.barbican_key_manager.BarbicanKeyManager
+{%- endif %}
+
+# Specify the key manager implementation. Options are "barbican" and
+# "vault". Default is "barbican". Will support the values earlier
+# set using [key_manager]/api_class for some time. (string value)
+# Deprecated group/name - [key_manager]/api_class
+#backend = barbican
+
+# The type of authentication credential to create. Possible values are
+# 'token', 'password', 'keystone_token', and 'keystone_password'.
+# Required if no context is passed to the credential factory. (string
+# value)
+#auth_type = <None>
+
+# Token for authentication. Required for 'token' and 'keystone_token'
+# auth_type if no context is passed to the credential factory. (string
+# value)
+#token = <None>
+
+# Username for authentication. Required for 'password' auth_type.
+# Optional for the 'keystone_password' auth_type. (string value)
+#username = <None>
+
+# Password for authentication. Required for 'password' and
+# 'keystone_password' auth_type. (string value)
+#password = <None>
+
+# Use this endpoint to connect to Keystone. (string value)
+#auth_url = <None>
+
+# User ID for authentication. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#user_id = <None>
+
+# User's domain ID for authentication. Optional for 'keystone_token'
+# and 'keystone_password' auth_type. (string value)
+#user_domain_id = <None>
+
+# User's domain name for authentication. Optional for 'keystone_token'
+# and 'keystone_password' auth_type. (string value)
+#user_domain_name = <None>
+
+# Trust ID for trust scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#trust_id = <None>
+
+# Domain ID for domain scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#domain_id = <None>
+
+# Domain name for domain scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#domain_name = <None>
+
+# Project ID for project scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#project_id = <None>
+
+# Project name for project scoping. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#project_name = <None>
+
+# Project's domain ID for project. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#project_domain_id = <None>
+
+# Project's domain name for project. Optional for 'keystone_token' and
+# 'keystone_password' auth_type. (string value)
+#project_domain_name = <None>
+
+# Allow fetching a new token if the current one is going to expire.
+# Optional for 'keystone_token' and 'keystone_password' auth_type.
+# (boolean value)
+#reauthenticate = true
+
+
+[keystone]
+# Configuration options for the identity service
+
+#
+# From nova.conf
+#
+
+# PEM encoded Certificate Authority to use when verifying HTTPs
+# connections. (string value)
+#cafile = <None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile = <None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# The default service_type for endpoint URL discovery. (string value)
+#service_type = identity
+
+# The default service_name for endpoint URL discovery. (string value)
+#service_name = <None>
+
+# List of interfaces, in order of preference, for endpoint URL. (list
+# value)
+#valid_interfaces = internal,public
+
+# The default region_name for endpoint URL discovery. (string value)
+#region_name = <None>
+
+# Always use this endpoint URL for requests for this client. NOTE: The
+# unversioned endpoint should be specified here; to request a
+# particular API version, use the `version`, `min-version`, and/or
+# `max-version` options. (string value)
+#endpoint_override = <None>
+
+
+[libvirt]
+#
+# Libvirt options allows cloud administrator to configure related
+# libvirt hypervisor driver to be used within an OpenStack deployment.
+#
+# Almost all of the libvirt config options are influence by
+# ``virt_type`` config
+# which describes the virtualization type (or so called domain type)
+# libvirt
+# should use for specific features such as live migration, snapshot.
+
+#
+# From nova.conf
+#
+virt_type = kvm
+
+inject_partition = -1
+
+#
+# The ID of the image to boot from to rescue data from a corrupted
+# instance.
+#
+# If the rescue REST API operation doesn't provide an ID of an image
+# to
+# use, the image which is referenced by this ID is used. If this
+# option is not set, the image from the instance is used.
+#
+# Possible values:
+#
+# * An ID of an image or nothing. If it points to an *Amazon Machine
+# Image* (AMI), consider to set the config options
+# ``rescue_kernel_id``
+# and ``rescue_ramdisk_id`` too. If nothing is set, the image of the
+# instance
+# is used.
+#
+# Related options:
+#
+# * ``rescue_kernel_id``: If the chosen rescue image allows the
+# separate
+# definition of its kernel disk, the value of this option is used,
+# if specified. This is the case when *Amazon*'s AMI/AKI/ARI image
+# format is used for the rescue image.
+# * ``rescue_ramdisk_id``: If the chosen rescue image allows the
+# separate
+# definition of its RAM disk, the value of this option is used if,
+# specified. This is the case when *Amazon*'s AMI/AKI/ARI image
+# format is used for the rescue image.
+# (string value)
+#rescue_image_id = <None>
+
+#
+# The ID of the kernel (AKI) image to use with the rescue image.
+#
+# If the chosen rescue image allows the separate definition of its
+# kernel
+# disk, the value of this option is used, if specified. This is the
+# case
+# when *Amazon*'s AMI/AKI/ARI image format is used for the rescue
+# image.
+#
+# Possible values:
+#
+# * An ID of an kernel image or nothing. If nothing is specified, the
+# kernel
+# disk from the instance is used if it was launched with one.
+#
+# Related options:
+#
+# * ``rescue_image_id``: If that option points to an image in
+# *Amazon*'s
+# AMI/AKI/ARI image format, it's useful to use ``rescue_kernel_id``
+# too.
+# (string value)
+#rescue_kernel_id = <None>
+
+#
+# The ID of the RAM disk (ARI) image to use with the rescue image.
+#
+# If the chosen rescue image allows the separate definition of its RAM
+# disk, the value of this option is used, if specified. This is the
+# case
+# when *Amazon*'s AMI/AKI/ARI image format is used for the rescue
+# image.
+#
+# Possible values:
+#
+# * An ID of a RAM disk image or nothing. If nothing is specified, the
+# RAM
+# disk from the instance is used if it was launched with one.
+#
+# Related options:
+#
+# * ``rescue_image_id``: If that option points to an image in
+# *Amazon*'s
+# AMI/AKI/ARI image format, it's useful to use ``rescue_ramdisk_id``
+# too.
+# (string value)
+#rescue_ramdisk_id = <None>
+
+#
+# Describes the virtualization type (or so called domain type) libvirt
+# should
+# use.
+#
+# The choice of this type must match the underlying virtualization
+# strategy
+# you have chosen for this host.
+#
+# Possible values:
+#
+# * See the predefined set of case-sensitive values.
+#
+# Related options:
+#
+# * ``connection_uri``: depends on this
+# * ``disk_prefix``: depends on this
+# * ``cpu_mode``: depends on this
+# * ``cpu_model``: depends on this
+# (string value)
+# Possible values:
+# kvm - <No description provided>
+# lxc - <No description provided>
+# qemu - <No description provided>
+# uml - <No description provided>
+# xen - <No description provided>
+# parallels - <No description provided>
+#virt_type = kvm
+
+#
+# Overrides the default libvirt URI of the chosen virtualization type.
+#
+# If set, Nova will use this URI to connect to libvirt.
+#
+# Possible values:
+#
+# * An URI like ``qemu:///system`` or ``xen+ssh://oirase/`` for
+# example.
+# This is only necessary if the URI differs to the commonly known
+# URIs
+# for the chosen virtualization type.
+#
+# Related options:
+#
+# * ``virt_type``: Influences what is used as default value here.
+# (string value)
+#connection_uri =
+
+#
+# Algorithm used to hash the injected password.
+# Note that it must be supported by libc on the compute host
+# _and_ by libc inside *any guest image* that will be booted by this
+# compute
+# host whith requested password injection.
+# In case the specified algorithm is not supported by libc on the
+# compute host,
+# a fallback to DES algorithm will be performed.
+#
+# Related options:
+#
+# * ``inject_password``
+# * ``inject_partition``
+# (string value)
+# Possible values:
+# SHA-512 - <No description provided>
+# SHA-256 - <No description provided>
+# MD5 - <No description provided>
+#inject_password_algorithm = MD5
+
+#
+# Allow the injection of an admin password for instance only at
+# ``create`` and
+# ``rebuild`` process.
+#
+# There is no agent needed within the image to do this. If
+# *libguestfs* is
+# available on the host, it will be used. Otherwise *nbd* is used. The
+# file
+# system of the image will be mounted and the admin password, which is
+# provided
+# in the REST API call will be injected as password for the root user.
+# If no
+# root user is available, the instance won't be launched and an error
+# is thrown.
+# Be aware that the injection is *not* possible when the instance gets
+# launched
+# from a volume.
+#
+# Possible values:
+#
+# * True: Allows the injection.
+# * False (default): Disallows the injection. Any via the REST API
+# provided
+# admin password will be silently ignored.
+#
+# Related options:
+#
+# * ``inject_partition``: That option will decide about the discovery
+# and usage
+# of the file system. It also can disable the injection at all.
+# (boolean value)
+#inject_password = false
+
+#
+# Allow the injection of an SSH key at boot time.
+#
+# There is no agent needed within the image to do this. If
+# *libguestfs* is
+# available on the host, it will be used. Otherwise *nbd* is used. The
+# file
+# system of the image will be mounted and the SSH key, which is
+# provided
+# in the REST API call will be injected as SSH key for the root user
+# and
+# appended to the ``authorized_keys`` of that user. The SELinux
+# context will
+# be set if necessary. Be aware that the injection is *not* possible
+# when the
+# instance gets launched from a volume.
+#
+# This config option will enable directly modifying the instance disk
+# and does
+# not affect what cloud-init may do using data from config_drive
+# option or the
+# metadata service.
+#
+# Related options:
+#
+# * ``inject_partition``: That option will decide about the discovery
+# and usage
+# of the file system. It also can disable the injection at all.
+# (boolean value)
+#inject_key = false
+
+#
+# Determines the way how the file system is chosen to inject data into
+# it.
+#
+# *libguestfs* will be used a first solution to inject data. If that's
+# not
+# available on the host, the image will be locally mounted on the host
+# as a
+# fallback solution. If libguestfs is not able to determine the root
+# partition
+# (because there are more or less than one root partition) or cannot
+# mount the
+# file system it will result in an error and the instance won't be
+# boot.
+#
+# Possible values:
+#
+# * -2 => disable the injection of data.
+# * -1 => find the root partition with the file system to mount with
+# libguestfs
+# * 0 => The image is not partitioned
+# * >0 => The number of the partition to use for the injection
+#
+# Related options:
+#
+# * ``inject_key``: If this option allows the injection of a SSH key
+# it depends
+# on value greater or equal to -1 for ``inject_partition``.
+# * ``inject_password``: If this option allows the injection of an
+# admin password
+# it depends on value greater or equal to -1 for
+# ``inject_partition``.
+# * ``guestfs`` You can enable the debug log level of libguestfs with
+# this
+# config option. A more verbose output will help in debugging
+# issues.
+# * ``virt_type``: If you use ``lxc`` as virt_type it will be treated
+# as a
+# single partition image
+# (integer value)
+# Minimum value: -2
+#inject_partition = -2
+
+# DEPRECATED:
+# Enable a mouse cursor within a graphical VNC or SPICE sessions.
+#
+# This will only be taken into account if the VM is fully virtualized
+# and VNC
+# and/or SPICE is enabled. If the node doesn't support a graphical
+# framebuffer,
+# then it is valid to set this to False.
+#
+# Related options:
+# * ``[vnc]enabled``: If VNC is enabled, ``use_usb_tablet`` will have
+# an effect.
+# * ``[spice]enabled`` + ``[spice].agent_enabled``: If SPICE is
+# enabled and the
+# spice agent is disabled, the config value of ``use_usb_tablet``
+# will have
+# an effect.
+# (boolean value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: This option is being replaced by the 'pointer_model' option.
+use_usb_tablet = true
+
+#
+# The IP address or hostname to be used as the target for live
+# migration traffic.
+#
+# If this option is set to None, the hostname of the migration target
+# compute
+# node will be used.
+#
+# This option is useful in environments where the live-migration
+# traffic can
+# impact the network plane significantly. A separate network for live-
+# migration
+# traffic can then use this config option and avoids the impact on the
+# management network.
+#
+# Possible values:
+#
+# * A valid IP address or hostname, else None.
+#
+# Related options:
+#
+# * ``live_migration_tunnelled``: The live_migration_inbound_addr
+# value is
+# ignored if tunneling is enabled.
+# (string value)
+#live_migration_inbound_addr = <None>
+
+# DEPRECATED:
+# Live migration target URI to use.
+#
+# Override the default libvirt live migration target URI (which is
+# dependent
+# on virt_type). Any included "%s" is replaced with the migration
+# target
+# hostname.
+#
+# If this option is set to None (which is the default), Nova will
+# automatically
+# generate the `live_migration_uri` value based on only 4 supported
+# `virt_type`
+# in following list:
+#
+# * 'kvm': 'qemu+tcp://%s/system'
+# * 'qemu': 'qemu+tcp://%s/system'
+# * 'xen': 'xenmigr://%s/system'
+# * 'parallels': 'parallels+tcp://%s/system'
+#
+# Related options:
+#
+# * ``live_migration_inbound_addr``: If
+# ``live_migration_inbound_addr`` value
+# is not None and ``live_migration_tunnelled`` is False, the
+# ip/hostname
+# address of target compute node is used instead of
+# ``live_migration_uri`` as
+# the uri for live migration.
+# * ``live_migration_scheme``: If ``live_migration_uri`` is not set,
+# the scheme
+# used for live migration is taken from ``live_migration_scheme``
+# instead.
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# live_migration_uri is deprecated for removal in favor of two other
+# options that
+# allow to change live migration scheme and target URI:
+# ``live_migration_scheme``
+# and ``live_migration_inbound_addr`` respectively.
+#live_migration_uri = <None>
+
+#
+# URI scheme used for live migration.
+#
+# Override the default libvirt live migration scheme (which is
+# dependent on
+# virt_type). If this option is set to None, nova will automatically
+# choose a
+# sensible default based on the hypervisor. It is not recommended that
+# you change
+# this unless you are very sure that hypervisor supports a particular
+# scheme.
+#
+# Related options:
+#
+# * ``virt_type``: This option is meaningful only when ``virt_type``
+# is set to
+# `kvm` or `qemu`.
+# * ``live_migration_uri``: If ``live_migration_uri`` value is not
+# None, the
+# scheme used for live migration is taken from
+# ``live_migration_uri`` instead.
+# (string value)
+#live_migration_scheme = <None>
+
+#
+# Enable tunnelled migration.
+#
+# This option enables the tunnelled migration feature, where migration
+# data is
+# transported over the libvirtd connection. If enabled, we use the
+# VIR_MIGRATE_TUNNELLED migration flag, avoiding the need to configure
+# the network to allow direct hypervisor to hypervisor communication.
+# If False, use the native transport. If not set, Nova will choose a
+# sensible default based on, for example the availability of native
+# encryption support in the hypervisor. Enabling this option will
+# definitely
+# impact performance massively.
+#
+# Note that this option is NOT compatible with use of block migration.
+#
+# Related options:
+#
+# * ``live_migration_inbound_addr``: The live_migration_inbound_addr
+# value is
+# ignored if tunneling is enabled.
+# (boolean value)
+#live_migration_tunnelled = false
+
+#
+# Maximum bandwidth(in MiB/s) to be used during migration.
+#
+# If set to 0, the hypervisor will choose a suitable default. Some
+# hypervisors
+# do not support this feature and will return an error if bandwidth is
+# not 0.
+# Please refer to the libvirt documentation for further details.
+# (integer value)
+#live_migration_bandwidth = 0
+
+#
+# Maximum permitted downtime, in milliseconds, for live migration
+# switchover.
+#
+# Will be rounded up to a minimum of 100ms. You can increase this
+# value
+# if you want to allow live-migrations to complete faster, or avoid
+# live-migration timeout errors by allowing the guest to be paused for
+# longer during the live-migration switch over.
+#
+# Related options:
+#
+# * live_migration_completion_timeout
+# (integer value)
+# Minimum value: 100
+#live_migration_downtime = 500
+
+#
+# Number of incremental steps to reach max downtime value.
+#
+# Will be rounded up to a minimum of 3 steps.
+# (integer value)
+# Minimum value: 3
+#live_migration_downtime_steps = 10
+
+#
+# Time to wait, in seconds, between each step increase of the
+# migration
+# downtime.
+#
+# Minimum delay is 3 seconds. Value is per GiB of guest RAM + disk to
+# be
+# transferred, with lower bound of a minimum of 2 GiB per device.
+# (integer value)
+# Minimum value: 3
+#live_migration_downtime_delay = 75
+
+#
+# Time to wait, in seconds, for migration to successfully complete
+# transferring
+# data before aborting the operation.
+#
+# Value is per GiB of guest RAM + disk to be transferred, with lower
+# bound of
+# a minimum of 2 GiB. Should usually be larger than downtime delay *
+# downtime
+# steps. Set to 0 to disable timeouts.
+#
+# Related options:
+#
+# * live_migration_downtime
+# * live_migration_downtime_steps
+# * live_migration_downtime_delay
+# (integer value)
+# Note: This option can be changed without restarting.
+#live_migration_completion_timeout = 800
+
+# DEPRECATED:
+# Time to wait, in seconds, for migration to make forward progress in
+# transferring data before aborting the operation.
+#
+# Set to 0 to disable timeouts.
+#
+# This is deprecated, and now disabled by default because we have
+# found serious
+# bugs in this feature that caused false live-migration timeout
+# failures. This
+# feature will be removed or replaced in a future release.
+# (integer value)
+# Note: This option can be changed without restarting.
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Serious bugs found in this feature.
+#live_migration_progress_timeout = 0
+
+#
+# This option allows nova to switch an on-going live migration to
+# post-copy
+# mode, i.e., switch the active VM to the one on the destination node
+# before the
+# migration is complete, therefore ensuring an upper bound on the
+# memory that
+# needs to be transferred. Post-copy requires libvirt>=1.3.3 and
+# QEMU>=2.5.0.
+#
+# When permitted, post-copy mode will be automatically activated if a
+# live-migration memory copy iteration does not make percentage
+# increase of at
+# least 10% over the last iteration.
+#
+# The live-migration force complete API also uses post-copy when
+# permitted. If
+# post-copy mode is not available, force complete falls back to
+# pausing the VM
+# to ensure the live-migration operation will complete.
+#
+# When using post-copy mode, if the source and destination hosts loose
+# network
+# connectivity, the VM being live-migrated will need to be rebooted.
+# For more
+# details, please see the Administration guide.
+#
+# Related options:
+#
+# * live_migration_permit_auto_converge
+# (boolean value)
+#live_migration_permit_post_copy = false
+
+#
+# This option allows nova to start live migration with auto converge
+# on.
+#
+# Auto converge throttles down CPU if a progress of on-going live
+# migration
+# is slow. Auto converge will only be used if this flag is set to True
+# and
+# post copy is not permitted or post copy is unavailable due to the
+# version
+# of libvirt and QEMU in use.
+#
+# Related options:
+#
+# * live_migration_permit_post_copy
+# (boolean value)
+#live_migration_permit_auto_converge = false
+{%- if controller.get('libvirt', {}).live_migration_permit_auto_converge is defined %}
+live_migration_permit_auto_converge={{ controller.libvirt.live_migration_permit_auto_converge|lower }}
+{%- endif %}
+
+#
+# Determine the snapshot image format when sending to the image
+# service.
+#
+# If set, this decides what format is used when sending the snapshot
+# to the
+# image service.
+# If not set, defaults to same type as source image.
+#
+# Possible values:
+#
+# * ``raw``: RAW disk format
+# * ``qcow2``: KVM default disk format
+# * ``vmdk``: VMWare default disk format
+# * ``vdi``: VirtualBox default disk format
+# * If not set, defaults to same type as source image.
+# (string value)
+# Possible values:
+# raw - <No description provided>
+# qcow2 - <No description provided>
+# vmdk - <No description provided>
+# vdi - <No description provided>
+#snapshot_image_format = <None>
+
+#
+# Override the default disk prefix for the devices attached to an
+# instance.
+#
+# If set, this is used to identify a free disk device name for a bus.
+#
+# Possible values:
+#
+# * Any prefix which will result in a valid disk device name like
+# 'sda' or 'hda'
+# for example. This is only necessary if the device names differ to
+# the
+# commonly known device name prefixes for a virtualization type such
+# as: sd,
+# xvd, uvd, vd.
+#
+# Related options:
+#
+# * ``virt_type``: Influences which device type is used, which
+# determines
+# the default disk prefix.
+# (string value)
+#disk_prefix = <None>
+
+# Number of seconds to wait for instance to shut down after soft
+# reboot request is made. We fall back to hard reboot if instance does
+# not shutdown within this window. (integer value)
+#wait_soft_reboot_seconds = 120
+
+#
+# Is used to set the CPU mode an instance should have.
+#
+# If virt_type="kvm|qemu", it will default to "host-model", otherwise
+# it will
+# default to "none".
+#
+# Possible values:
+#
+# * ``host-model``: Clones the host CPU feature flags
+# * ``host-passthrough``: Use the host CPU model exactly
+# * ``custom``: Use a named CPU model
+# * ``none``: Don't set a specific CPU model. For instances with
+# ``virt_type`` as KVM/QEMU, the default CPU model from QEMU will be
+# used,
+# which provides a basic set of CPU features that are compatible with
+# most
+# hosts.
+#
+# Related options:
+#
+# * ``cpu_model``: This should be set ONLY when ``cpu_mode`` is set to
+# ``custom``. Otherwise, it would result in an error and the instance
+# launch will fail.
+#
+# (string value)
+# Possible values:
+# host-model - <No description provided>
+# host-passthrough - <No description provided>
+# custom - <No description provided>
+# none - <No description provided>
+# cpu_model = <None>
+{%- if controller.cpu_mode is defined %}
+cpu_mode = {{ controller.cpu_mode }}
+{%- endif %}
+
+#
+# Set the name of the libvirt CPU model the instance should use.
+#
+# Possible values:
+#
+# * The named CPU models listed in ``/usr/share/libvirt/cpu_map.xml``
+#
+# Related options:
+#
+# * ``cpu_mode``: This should be set to ``custom`` ONLY when you want
+# to
+# configure (via ``cpu_model``) a specific named CPU model.
+# Otherwise, it
+# would result in an error and the instance launch will fail.
+#
+# * ``virt_type``: Only the virtualization types ``kvm`` and ``qemu``
+# use this.
+# (string value)
+#cpu_model = <None>
+{%- if controller.get('libvirt', {}).cpu_model is defined and controller.cpu_mode == 'custom' %}
+cpu_model = {{ controller.libvirt.cpu_model }}
+{%- endif %}
+
+
+#
+# This allows specifying granular CPU feature flags when specifying
+# CPU
+# models. For example, to explicitly specify the ``pcid``
+# (Process-Context ID, an Intel processor feature) flag to the
+# "IvyBridge"
+# virtual CPU model::
+#
+# [libvirt]
+# cpu_mode = custom
+# cpu_model = IvyBridge
+# cpu_model_extra_flags = pcid
+#
+# Currently, the choice is restricted to only one option: ``pcid``
+# (the
+# option is case-insensitive, so ``PCID`` is also valid). This flag
+# is
+# now required to address the guest performance degradation as a
+# result of
+# applying the "Meltdown" CVE fixes on certain Intel CPU models.
+#
+# Note that when using this config attribute to set the 'PCID' CPU
+# flag,
+# not all virtual (i.e. libvirt / QEMU) CPU models need it:
+#
+# * The only virtual CPU models that include the 'PCID' capability are
+# Intel "Haswell", "Broadwell", and "Skylake" variants.
+#
+# * The libvirt / QEMU CPU models "Nehalem", "Westmere",
+# "SandyBridge",
+# and "IvyBridge" will _not_ expose the 'PCID' capability by
+# default,
+# even if the host CPUs by the same name include it. I.e. 'PCID'
+# needs
+# to be explicitly specified when using the said virtual CPU models.
+#
+# For now, the ``cpu_model_extra_flags`` config attribute is valid
+# only in
+# combination with ``cpu_mode`` + ``cpu_model`` options.
+#
+# Besides ``custom``, the libvirt driver has two other CPU modes: The
+# default, ``host-model``, tells it to do the right thing with respect
+# to
+# handling 'PCID' CPU flag for the guest -- *assuming* you are running
+# updated processor microcode, host and guest kernel, libvirt, and
+# QEMU.
+# The other mode, ``host-passthrough``, checks if 'PCID' is available
+# in
+# the hardware, and if so directly passes it through to the Nova
+# guests.
+# Thus, in context of 'PCID', with either of these CPU modes
+# (``host-model`` or ``host-passthrough``), there is no need to use
+# the
+# ``cpu_model_extra_flags``.
+#
+# Related options:
+#
+# * cpu_mode
+# * cpu_model
+# (list value)
+#cpu_model_extra_flags =
+
+# Location where libvirt driver will store snapshots before uploading
+# them to image service (string value)
+#snapshots_directory = $instances_path/snapshots
+
+# Location where the Xen hvmloader is kept (string value)
+#xen_hvmloader_path = /usr/lib/xen/boot/hvmloader
+
+#
+# Specific cache modes to use for different disk types.
+#
+# For example: file=directsync,block=none,network=writeback
+#
+# For local or direct-attached storage, it is recommended that you use
+# writethrough (default) mode, as it ensures data integrity and has
+# acceptable
+# I/O performance for applications running in the guest, especially
+# for read
+# operations. However, caching mode none is recommended for remote NFS
+# storage,
+# because direct I/O operations (O_DIRECT) perform better than
+# synchronous I/O
+# operations (with O_SYNC). Caching mode none effectively turns all
+# guest I/O
+# operations into direct I/O operations on the host, which is the NFS
+# client in
+# this environment.
+#
+# Possible cache modes:
+#
+# * default: Same as writethrough.
+# * none: With caching mode set to none, the host page cache is
+# disabled, but
+# the disk write cache is enabled for the guest. In this mode, the
+# write
+# performance in the guest is optimal because write operations
+# bypass the host
+# page cache and go directly to the disk write cache. If the disk
+# write cache
+# is battery-backed, or if the applications or storage stack in the
+# guest
+# transfer data properly (either through fsync operations or file
+# system
+# barriers), then data integrity can be ensured. However, because
+# the host
+# page cache is disabled, the read performance in the guest would
+# not be as
+# good as in the modes where the host page cache is enabled, such as
+# writethrough mode. Shareable disk devices, like for a multi-
+# attachable block
+# storage volume, will have their cache mode set to 'none'
+# regardless of
+# configuration.
+# * writethrough: writethrough mode is the default caching mode. With
+# caching set to writethrough mode, the host page cache is enabled,
+# but the
+# disk write cache is disabled for the guest. Consequently, this
+# caching mode
+# ensures data integrity even if the applications and storage stack
+# in the
+# guest do not transfer data to permanent storage properly (either
+# through
+# fsync operations or file system barriers). Because the host page
+# cache is
+# enabled in this mode, the read performance for applications
+# running in the
+# guest is generally better. However, the write performance might be
+# reduced
+# because the disk write cache is disabled.
+# * writeback: With caching set to writeback mode, both the host page
+# cache
+# and the disk write cache are enabled for the guest. Because of
+# this, the
+# I/O performance for applications running in the guest is good, but
+# the data
+# is not protected in a power failure. As a result, this caching
+# mode is
+# recommended only for temporary data where potential data loss is
+# not a
+# concern.
+# * directsync: Like "writethrough", but it bypasses the host page
+# cache.
+# * unsafe: Caching mode of unsafe ignores cache transfer operations
+# completely. As its name implies, this caching mode should be used
+# only for
+# temporary data where data loss is not a concern. This mode can be
+# useful for
+# speeding up guest installations, but you should switch to another
+# caching
+# mode in production environments.
+# (list value)
+#disk_cachemodes =
+
+# A path to a device that will be used as source of entropy on the
+# host. Permitted options are: /dev/random or /dev/hwrng (string
+# value)
+#rng_dev_path = <None>
+
+# For qemu or KVM guests, set this option to specify a default machine
+# type per host architecture. You can find a list of supported machine
+# types in your environment by checking the output of the "virsh
+# capabilities"command. The format of the value for this config option
+# is host-arch=machine-type. For example:
+# x86_64=machinetype1,armv7l=machinetype2 (list value)
+#hw_machine_type = <None>
+
+# The data source used to the populate the host "serial" UUID exposed
+# to guest in the virtual BIOS. (string value)
+# Possible values:
+# none - <No description provided>
+# os - <No description provided>
+# hardware - <No description provided>
+# auto - <No description provided>
+#sysinfo_serial = auto
+
+# A number of seconds to memory usage statistics period. Zero or
+# negative value mean to disable memory usage statistics. (integer
+# value)
+#mem_stats_period_seconds = 10
+
+# List of uid targets and ranges.Syntax is guest-uid:host-
+# uid:countMaximum of 5 allowed. (list value)
+#uid_maps =
+
+# List of guid targets and ranges.Syntax is guest-gid:host-
+# gid:countMaximum of 5 allowed. (list value)
+#gid_maps =
+
+# In a realtime host context vCPUs for guest will run in that
+# scheduling priority. Priority depends on the host kernel (usually
+# 1-99) (integer value)
+#realtime_scheduler_priority = 1
+
+#
+# This is a performance event list which could be used as monitor.
+# These events
+# will be passed to libvirt domain xml while creating a new instances.
+# Then event statistics data can be collected from libvirt. The
+# minimum
+# libvirt version is 2.0.0. For more information about `Performance
+# monitoring
+# events`, refer https://libvirt.org/formatdomain.html#elementsPerf .
+#
+# Possible values:
+# * A string list. For example: ``enabled_perf_events = cmt, mbml,
+# mbmt``
+# The supported events list can be found in
+# https://libvirt.org/html/libvirt-libvirt-domain.html ,
+# which you may need to search key words ``VIR_PERF_PARAM_*``
+# (list value)
+#enabled_perf_events =
+
+#
+# VM Images format.
+#
+# If default is specified, then use_cow_images flag is used instead of
+# this
+# one.
+#
+# Related options:
+#
+# * virt.use_cow_images
+# * images_volume_group
+# (string value)
+# Possible values:
+# raw - <No description provided>
+# flat - <No description provided>
+# qcow2 - <No description provided>
+# lvm - <No description provided>
+# rbd - <No description provided>
+# ploop - <No description provided>
+# default - <No description provided>
+#images_type = default
+
+#
+# LVM Volume Group that is used for VM images, when you specify
+# images_type=lvm
+#
+# Related options:
+#
+# * images_type
+# (string value)
+#images_volume_group = <None>
+
+#
+# Create sparse logical volumes (with virtualsize) if this flag is set
+# to True.
+# (boolean value)
+#sparse_logical_volumes = false
+
+# The RADOS pool in which rbd volumes are stored (string value)
+#images_rbd_pool = rbd
+
+# Path to the ceph configuration file to use (string value)
+#images_rbd_ceph_conf =
+
+#
+# Discard option for nova managed disks.
+#
+# Requires:
+#
+# * Libvirt >= 1.0.6
+# * Qemu >= 1.5 (raw format)
+# * Qemu >= 1.6 (qcow2 format)
+# (string value)
+# Possible values:
+# ignore - <No description provided>
+# unmap - <No description provided>
+#hw_disk_discard = <None>
+
+# DEPRECATED: Allows image information files to be stored in non-
+# standard locations (string value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Image info files are no longer used by the image cache
+#image_info_filename_pattern = $instances_path/$image_cache_subdirectory_name/%(image)s.info
+
+# Unused resized base images younger than this will not be removed
+# (integer value)
+#remove_unused_resized_minimum_age_seconds = 3600
+
+# DEPRECATED: Write a checksum for files in _base to disk (boolean
+# value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: The image cache no longer periodically calculates checksums
+# of stored images. Data integrity can be checked at the block or
+# filesystem level.
+#checksum_base_images = false
+
+# DEPRECATED: How frequently to checksum base images (integer value)
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+# Reason: The image cache no longer periodically calculates checksums
+# of stored images. Data integrity can be checked at the block or
+# filesystem level.
+#checksum_interval_seconds = 3600
+
+#
+# Method used to wipe ephemeral disks when they are deleted. Only
+# takes effect
+# if LVM is set as backing storage.
+#
+# Possible values:
+#
+# * none - do not wipe deleted volumes
+# * zero - overwrite volumes with zeroes
+# * shred - overwrite volume repeatedly
+#
+# Related options:
+#
+# * images_type - must be set to ``lvm``
+# * volume_clear_size
+# (string value)
+# Possible values:
+# none - <No description provided>
+# zero - <No description provided>
+# shred - <No description provided>
+#volume_clear = zero
+
+#
+# Size of area in MiB, counting from the beginning of the allocated
+# volume,
+# that will be cleared using method set in ``volume_clear`` option.
+#
+# Possible values:
+#
+# * 0 - clear whole volume
+# * >0 - clear specified amount of MiB
+#
+# Related options:
+#
+# * images_type - must be set to ``lvm``
+# * volume_clear - must be set and the value must be different than
+# ``none``
+# for this option to have any impact
+# (integer value)
+# Minimum value: 0
+#volume_clear_size = 0
+
+#
+# Enable snapshot compression for ``qcow2`` images.
+#
+# Note: you can set ``snapshot_image_format`` to ``qcow2`` to force
+# all
+# snapshots to be in ``qcow2`` format, independently from their
+# original image
+# type.
+#
+# Related options:
+#
+# * snapshot_image_format
+# (boolean value)
+#snapshot_compression = false
+
+# Use virtio for bridge interfaces with KVM/QEMU (boolean value)
+use_virtio_for_bridges = true
+
+#
+# Use multipath connection of the iSCSI or FC volume
+#
+# Volumes can be connected in the LibVirt as multipath devices. This
+# will
+# provide high availability and fault tolerance.
+# (boolean value)
+# Deprecated group/name - [libvirt]/iscsi_use_multipath
+#volume_use_multipath = false
+
+#
+# Number of times to scan given storage protocol to find volume.
+# (integer value)
+# Deprecated group/name - [libvirt]/num_iscsi_scan_tries
+#num_volume_scan_tries = 5
+
+#
+# Number of times to rediscover AoE target to find volume.
+#
+# Nova provides support for block storage attaching to hosts via AOE
+# (ATA over
+# Ethernet). This option allows the user to specify the maximum number
+# of retry
+# attempts that can be made to discover the AoE device.
+# (integer value)
+#num_aoe_discover_tries = 3
+
+#
+# The iSCSI transport iface to use to connect to target in case
+# offload support
+# is desired.
+#
+# Default format is of the form <transport_name>.<hwaddress> where
+# <transport_name> is one of (be2iscsi, bnx2i, cxgb3i, cxgb4i,
+# qla4xxx, ocs) and
+# <hwaddress> is the MAC address of the interface and can be generated
+# via the
+# iscsiadm -m iface command. Do not confuse the iscsi_iface parameter
+# to be
+# provided here with the actual transport name.
+# (string value)
+# Deprecated group/name - [libvirt]/iscsi_transport
+#iscsi_iface = <None>
+
+#
+# Number of times to scan iSER target to find volume.
+#
+# iSER is a server network protocol that extends iSCSI protocol to use
+# Remote
+# Direct Memory Access (RDMA). This option allows the user to specify
+# the maximum
+# number of scan attempts that can be made to find iSER volume.
+# (integer value)
+#num_iser_scan_tries = 5
+
+#
+# Use multipath connection of the iSER volume.
+#
+# iSER volumes can be connected as multipath devices. This will
+# provide high
+# availability and fault tolerance.
+# (boolean value)
+#iser_use_multipath = false
+
+#
+# The RADOS client name for accessing rbd(RADOS Block Devices)
+# volumes.
+#
+# Libvirt will refer to this user when connecting and authenticating
+# with
+# the Ceph RBD server.
+# (string value)
+#rbd_user = <None>
+
+#
+# The libvirt UUID of the secret for the rbd_user volumes.
+# (string value)
+#rbd_secret_uuid = <None>
+
+#
+# Directory where the NFS volume is mounted on the compute node.
+# The default is 'mnt' directory of the location where nova's Python
+# module
+# is installed.
+#
+# NFS provides shared storage for the OpenStack Block Storage service.
+#
+# Possible values:
+#
+# * A string representing absolute path of mount point.
+# (string value)
+#nfs_mount_point_base = $state_path/mnt
+
+#
+# Mount options passed to the NFS client. See section of the nfs man
+# page
+# for details.
+#
+# Mount options controls the way the filesystem is mounted and how the
+# NFS client behaves when accessing files on this mount point.
+#
+# Possible values:
+#
+# * Any string representing mount options separated by commas.
+# * Example string: vers=3,lookupcache=pos
+# (string value)
+#nfs_mount_options = <None>
+
+#
+# Directory where the Quobyte volume is mounted on the compute node.
+#
+# Nova supports Quobyte volume driver that enables storing Block
+# Storage
+# service volumes on a Quobyte storage back end. This Option specifies
+# the
+# path of the directory where Quobyte volume is mounted.
+#
+# Possible values:
+#
+# * A string representing absolute path of mount point.
+# (string value)
+#quobyte_mount_point_base = $state_path/mnt
+
+# Path to a Quobyte Client configuration file. (string value)
+#quobyte_client_cfg = <None>
+
+#
+# Directory where the SMBFS shares are mounted on the compute node.
+# (string value)
+#smbfs_mount_point_base = $state_path/mnt
+
+#
+# Mount options passed to the SMBFS client.
+#
+# Provide SMBFS options as a single string containing all parameters.
+# See mount.cifs man page for details. Note that the libvirt-qemu
+# ``uid``
+# and ``gid`` must be specified.
+# (string value)
+#smbfs_mount_options =
+
+#
+# libvirt's transport method for remote file operations.
+#
+# Because libvirt cannot use RPC to copy files over network to/from
+# other
+# compute nodes, other method must be used for:
+#
+# * creating directory on remote host
+# * creating file on remote host
+# * removing file from remote host
+# * copying file to remote host
+# (string value)
+# Possible values:
+# ssh - <No description provided>
+# rsync - <No description provided>
+#remote_filesystem_transport = ssh
+
+#
+# Directory where the Virtuozzo Storage clusters are mounted on the
+# compute
+# node.
+#
+# This option defines non-standard mountpoint for Vzstorage cluster.
+#
+# Related options:
+#
+# * vzstorage_mount_* group of parameters
+# (string value)
+#vzstorage_mount_point_base = $state_path/mnt
+
+#
+# Mount owner user name.
+#
+# This option defines the owner user of Vzstorage cluster mountpoint.
+#
+# Related options:
+#
+# * vzstorage_mount_* group of parameters
+# (string value)
+#vzstorage_mount_user = stack
+
+#
+# Mount owner group name.
+#
+# This option defines the owner group of Vzstorage cluster mountpoint.
+#
+# Related options:
+#
+# * vzstorage_mount_* group of parameters
+# (string value)
+#vzstorage_mount_group = qemu
+
+#
+# Mount access mode.
+#
+# This option defines the access bits of Vzstorage cluster mountpoint,
+# in the format similar to one of chmod(1) utility, like this: 0770.
+# It consists of one to four digits ranging from 0 to 7, with missing
+# lead digits assumed to be 0's.
+#
+# Related options:
+#
+# * vzstorage_mount_* group of parameters
+# (string value)
+#vzstorage_mount_perms = 0770
+
+#
+# Path to vzstorage client log.
+#
+# This option defines the log of cluster operations,
+# it should include "%(cluster_name)s" template to separate
+# logs from multiple shares.
+#
+# Related options:
+#
+# * vzstorage_mount_opts may include more detailed logging options.
+# (string value)
+#vzstorage_log_path = /var/log/vstorage/%(cluster_name)s/nova.log.gz
+
+#
+# Path to the SSD cache file.
+#
+# You can attach an SSD drive to a client and configure the drive to
+# store
+# a local cache of frequently accessed data. By having a local cache
+# on a
+# client's SSD drive, you can increase the overall cluster performance
+# by
+# up to 10 and more times.
+# WARNING! There is a lot of SSD models which are not server grade and
+# may loose arbitrary set of data changes on power loss.
+# Such SSDs should not be used in Vstorage and are dangerous as may
+# lead
+# to data corruptions and inconsistencies. Please consult with the
+# manual
+# on which SSD models are known to be safe or verify it using
+# vstorage-hwflush-check(1) utility.
+#
+# This option defines the path which should include "%(cluster_name)s"
+# template to separate caches from multiple shares.
+#
+# Related options:
+#
+# * vzstorage_mount_opts may include more detailed cache options.
+# (string value)
+#vzstorage_cache_path = <None>
+
+#
+# Extra mount options for pstorage-mount
+#
+# For full description of them, see
+# https://static.openvz.org/vz-man/man1/pstorage-mount.1.gz.html
+# Format is a python string representation of arguments list, like:
+# "['-v', '-R', '500']"
+# Shouldn't include -c, -l, -C, -u, -g and -m as those have
+# explicit vzstorage_* options.
+#
+# Related options:
+#
+# * All other vzstorage_* options
+# (list value)
+#vzstorage_mount_opts =
+
+
+[metrics]
+#
+# Configuration options for metrics
+#
+# Options under this group allow to adjust how values assigned to
+# metrics are
+# calculated.
+
+#
+# From nova.conf
+#
+
+#
+# When using metrics to weight the suitability of a host, you can use
+# this option
+# to change how the calculated weight influences the weight assigned
+# to a host as
+# follows:
+#
+# * >1.0: increases the effect of the metric on overall weight
+# * 1.0: no change to the calculated weight
+# * >0.0,<1.0: reduces the effect of the metric on overall weight
+# * 0.0: the metric value is ignored, and the value of the
+# 'weight_of_unavailable' option is returned instead
+# * >-1.0,<0.0: the effect is reduced and reversed
+# * -1.0: the effect is reversed
+# * <-1.0: the effect is increased proportionally and reversed
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the
+# multipler
+# ratio for this weigher.
+#
+# Related options:
+#
+# * weight_of_unavailable
+# (floating point value)
+#weight_multiplier = 1.0
+
+#
+# This setting specifies the metrics to be weighed and the relative
+# ratios for
+# each metric. This should be a single string value, consisting of a
+# series of
+# one or more 'name=ratio' pairs, separated by commas, where 'name' is
+# the name
+# of the metric to be weighed, and 'ratio' is the relative weight for
+# that
+# metric.
+#
+# Note that if the ratio is set to 0, the metric value is ignored, and
+# instead
+# the weight will be set to the value of the 'weight_of_unavailable'
+# option.
+#
+# As an example, let's consider the case where this option is set to:
+#
+# ``name1=1.0, name2=-1.3``
+#
+# The final weight will be:
+#
+# ``(name1.value * 1.0) + (name2.value * -1.3)``
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * A list of zero or more key/value pairs separated by commas, where
+# the key is
+# a string representing the name of a metric and the value is a
+# numeric weight
+# for that metric. If any value is set to 0, the value is ignored
+# and the
+# weight will be set to the value of the 'weight_of_unavailable'
+# option.
+#
+# Related options:
+#
+# * weight_of_unavailable
+# (list value)
+#weight_setting =
+
+#
+# This setting determines how any unavailable metrics are treated. If
+# this option
+# is set to True, any hosts for which a metric is unavailable will
+# raise an
+# exception, so it is recommended to also use the MetricFilter to
+# filter out
+# those hosts before weighing.
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * True or False, where False ensures any metric being unavailable
+# for a host
+# will set the host weight to 'weight_of_unavailable'.
+#
+# Related options:
+#
+# * weight_of_unavailable
+# (boolean value)
+#required = true
+
+#
+# When any of the following conditions are met, this value will be
+# used in place
+# of any actual metric value:
+#
+# * One of the metrics named in 'weight_setting' is not available for
+# a host,
+# and the value of 'required' is False
+# * The ratio specified for a metric in 'weight_setting' is 0
+# * The 'weight_multiplier' option is set to 0
+#
+# This option is only used by the FilterScheduler and its subclasses;
+# if you use
+# a different scheduler, this option has no effect.
+#
+# Possible values:
+#
+# * An integer or float value, where the value corresponds to the
+# multipler
+# ratio for this weigher.
+#
+# Related options:
+#
+# * weight_setting
+# * required
+# * weight_multiplier
+# (floating point value)
+#weight_of_unavailable = -10000.0
+
+
+[mks]
+#
+# Nova compute node uses WebMKS, a desktop sharing protocol to provide
+# instance console access to VM's created by VMware hypervisors.
+#
+# Related options:
+# Following options must be set to provide console access.
+# * mksproxy_base_url
+# * enabled
+
+#
+# From nova.conf
+#
+
+#
+# Location of MKS web console proxy
+#
+# The URL in the response points to a WebMKS proxy which
+# starts proxying between client and corresponding vCenter
+# server where instance runs. In order to use the web based
+# console access, WebMKS proxy should be installed and configured
+#
+# Possible values:
+#
+# * Must be a valid URL of the form:``http://host:port/`` or
+# ``https://host:port/``
+# (uri value)
+#mksproxy_base_url = http://127.0.0.1:6090/
+
+#
+# Enables graphical console access for virtual machines.
+# (boolean value)
+#enabled = false
+
+
+[neutron]
+#
+# Configuration options for neutron (network connectivity as a
+# service).
+
+#
+# From nova.conf
+#
+
+# DEPRECATED:
+# This option specifies the URL for connecting to Neutron.
+#
+# Possible values:
+#
+# * Any valid URL that points to the Neutron API service is
+# appropriate here.
+# This typically matches the URL returned for the 'network' service
+# type
+# from the Keystone service catalog.
+# (uri value)
+# This option is deprecated for removal since 17.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Endpoint lookup uses the service catalog via common
+# keystoneauth1 Adapter configuration options. In the current release,
+# "url" will override this behavior, but will be ignored and/or
+# removed in a future release. To achieve the same result, use the
+# endpoint_override option instead.
+#url = http://127.0.0.1:9696
+
+#
+# Default name for the Open vSwitch integration bridge.
+#
+# Specifies the name of an integration bridge interface used by
+# OpenvSwitch.
+# This option is only used if Neutron does not specify the OVS bridge
+# name in
+# port binding responses.
+# (string value)
+#ovs_bridge = br-int
+
+#
+# Default name for the floating IP pool.
+#
+# Specifies the name of floating IP pool used for allocating floating
+# IPs. This
+# option is only used if Neutron does not specify the floating IP pool
+# name in
+# port binding reponses.
+# (string value)
+#default_floating_pool = nova
+
+#
+# Integer value representing the number of seconds to wait before
+# querying
+# Neutron for extensions. After this number of seconds the next time
+# Nova
+# needs to create a resource in Neutron it will requery Neutron for
+# the
+# extensions that it has loaded. Setting value to 0 will refresh the
+# extensions with no wait.
+# (integer value)
+# Minimum value: 0
+#extension_sync_interval = 600
+
+#
+# When set to True, this option indicates that Neutron will be used to
+# proxy
+# metadata requests and resolve instance ids. Otherwise, the instance
+# ID must be
+# passed to the metadata request in the 'X-Instance-ID' header.
+#
+# Related options:
+#
+# * metadata_proxy_shared_secret
+# (boolean value)
+#service_metadata_proxy = false
+service_metadata_proxy=True
+
+#
+# This option holds the shared secret string used to validate proxy
+# requests to
+# Neutron metadata requests. In order to be used, the
+# 'X-Metadata-Provider-Signature' header must be supplied in the
+# request.
+#
+# Related options:
+#
+# * service_metadata_proxy
+# (string value)
+#metadata_proxy_shared_secret =
+{%- if controller.get('networking', 'default') != "contrail" %}
+metadata_proxy_shared_secret = {{ controller.metadata.password }}
+{%- endif %}
+
+# PEM encoded Certificate Authority to use when verifying HTTPs
+# connections. (string value)
+#cafile = <None>
+{%- if controller.network.get('protocol', 'http') == 'https' %}
+cafile={{ controller.network.get('cacert_file', controller.cacert_file) }}
+{%- endif %}
+
+# PEM encoded client certificate cert file (string value)
+#certfile = <None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+timeout=300
+
+# Authentication type to load (string value)
+# Deprecated group/name - [neutron]/auth_plugin
+#auth_type = <None>
+auth_type = v3password
+
+# Config Section from which to load plugin specific options (string
+# value)
+#auth_section = <None>
+
+# Authentication URL (string value)
+#auth_url = <None>
+auth_url = {{ controller.identity.get('protocol', 'http') }}://{{ controller.identity.host }}:{{ controller.identity.port }}/v3
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+#project_name = <None>
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+project_domain_name = {{ controller.get('project_domain_name', 'Default') }}
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used
+# for both the user and project domain in v3 and ignored in v2
+# authentication. (string value)
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will
+# be used for both the user and project domain in v3 and ignored in v2
+# authentication. (string value)
+#default_domain_name = <None>
+
+# User ID (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [neutron]/user_name
+#username = <None>
+
+# User's domain id (string value)
+#user_domain_id = <None>
+
+# User's domain name (string value)
+#user_domain_name = <None>
+user_domain_name = {{ controller.get('user_domain_name', 'Default') }}
+
+# User's password (string value)
+#password = <None>
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+# The default service_type for endpoint URL discovery. (string value)
+#service_type = network
+
+# The default service_name for endpoint URL discovery. (string value)
+#service_name = <None>
+
+# List of interfaces, in order of preference, for endpoint URL. (list
+# value)
+#valid_interfaces = internal,public
+
+# The default region_name for endpoint URL discovery. (string value)
+#region_name = <None>
+
+# Always use this endpoint URL for requests for this client. NOTE: The
+# unversioned endpoint should be specified here; to request a
+# particular API version, use the `version`, `min-version`, and/or
+# `max-version` options. (string value)
+#endpoint_override = <None>
+{% if pillar.neutron is defined and pillar.neutron.server is defined %}
+password = {{ pillar.neutron.server.identity.password }}
+project_name = {{ pillar.neutron.server.identity.tenant }}
+username = {{ pillar.neutron.server.identity.user }}
+region_name = {{ pillar.neutron.server.identity.region }}
+{%- else %}
+password = {{ controller.network.password }}
+project_name = {{ controller.network.tenant }}
+username = {{ controller.network.user }}
+region_name = {{ controller.network.region }}
+{%- endif %}
+
+
+[notifications]
+#
+# Most of the actions in Nova which manipulate the system state
+# generate
+# notifications which are posted to the messaging component (e.g.
+# RabbitMQ) and
+# can be consumed by any service outside the OpenStack. More technical
+# details
+# at
+# https://docs.openstack.org/nova/latest/reference/notifications.html
+
+#
+# From nova.conf
+#
+
+#
+# If set, send compute.instance.update notifications on
+# instance state changes.
+#
+# Please refer to
+# https://docs.openstack.org/nova/latest/reference/notifications.html
+# for
+# additional information on notifications.
+#
+# Possible values:
+#
+# * None - no notifications
+# * "vm_state" - notifications are sent with VM state transition
+# information in
+# the ``old_state`` and ``state`` fields. The ``old_task_state`` and
+# ``new_task_state`` fields will be set to the current task_state of
+# the
+# instance.
+# * "vm_and_task_state" - notifications are sent with VM and task
+# state
+# transition information.
+# (string value)
+# Possible values:
+# <None> - <No description provided>
+# vm_state - <No description provided>
+# vm_and_task_state - <No description provided>
+#notify_on_state_change = <None>
+{%- if controller.get('notification', {}).notify_on is defined %}
+{%- for key, value in controller.notification.notify_on.iteritems() %}
+notify_on_{{ key }} = {{ value }}
+{%- endfor %}
+{%- endif %}
+
+#
+# If enabled, send api.fault notifications on caught exceptions in the
+# API service.
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/notify_api_faults
+#notify_on_api_faults=false
+notify_on_api_faults=false
+
+# Default notification level for outgoing notifications. (string
+# value)
+# Possible values:
+# DEBUG - <No description provided>
+# INFO - <No description provided>
+# WARN - <No description provided>
+# ERROR - <No description provided>
+# CRITICAL - <No description provided>
+# Deprecated group/name - [DEFAULT]/default_notification_level
+#default_level = INFO
+
+# DEPRECATED:
+# Default publisher_id for outgoing notifications. If you consider
+# routing
+# notifications using different publisher, change this value
+# accordingly.
+#
+# Possible values:
+#
+# * Defaults to the current hostname of this host, but it can be any
+# valid
+# oslo.messaging publisher_id
+#
+# Related options:
+#
+# * host - Hostname, FQDN or IP address of this host.
+# (string value)
+# This option is deprecated for removal since 17.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# This option is only used when ``monkey_patch=True`` and
+# ``monkey_patch_modules`` is configured to specify the legacy
+# notify_decorator.
+# Since the monkey_patch and monkey_patch_modules options are
+# deprecated, this
+# option is also deprecated.
+#default_publisher_id = $host
+
+#
+# Specifies which notification format shall be used by nova.
+#
+# The default value is fine for most deployments and rarely needs to
+# be changed.
+# This value can be set to 'versioned' once the infrastructure moves
+# closer to
+# consuming the newer format of notifications. After this occurs, this
+# option
+# will be removed.
+#
+# Note that notifications can be completely disabled by setting
+# ``driver=noop``
+# in the ``[oslo_messaging_notifications]`` group.
+#
+# Possible values:
+# * unversioned: Only the legacy unversioned notifications are
+# emitted.
+# * versioned: Only the new versioned notifications are emitted.
+# * both: Both the legacy unversioned and the new versioned
+# notifications are
+# emitted. (Default)
+#
+# The list of versioned notifications is visible in
+# https://docs.openstack.org/nova/latest/reference/notifications.html
+# (string value)
+# Possible values:
+# unversioned - <No description provided>
+# versioned - <No description provided>
+# both - <No description provided>
+#notification_format = both
+
+#
+# Specifies the topics for the versioned notifications issued by nova.
+#
+# The default value is fine for most deployments and rarely needs to
+# be changed.
+# However, if you have a third-party service that consumes versioned
+# notifications, it might be worth getting a topic for that service.
+# Nova will send a message containing a versioned notification payload
+# to each
+# topic queue in this list.
+#
+# The list of versioned notifications is visible in
+# https://docs.openstack.org/nova/latest/reference/notifications.html
+# (list value)
+#versioned_notifications_topics = versioned_notifications
+
+#
+# If enabled, include block device information in the versioned
+# notification
+# payload. Sending block device information is disabled by default as
+# providing
+# that information can incur some overhead on the system since the
+# information
+# may need to be loaded from the database.
+# (boolean value)
+#bdms_in_notifications = false
+
+
+[osapi_v21]
+
+#
+# From nova.conf
+#
+
+# DEPRECATED:
+# This option is a string representing a regular expression (regex)
+# that matches
+# the project_id as contained in URLs. If not set, it will match
+# normal UUIDs
+# created by keystone.
+#
+# Possible values:
+#
+# * A string representing any legal regular expression
+# (string value)
+# This option is deprecated for removal since 13.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# Recent versions of nova constrain project IDs to hexadecimal
+# characters and
+# dashes. If your installation uses IDs outside of this range, you
+# should use
+# this option to provide your own regex and give you time to migrate
+# offending
+# projects to valid IDs before the next release.
+#project_id_regex = <None>
+
+
+[pci]
+
+#
+# From nova.conf
+#
+
+#
+# An alias for a PCI passthrough device requirement.
+#
+# This allows users to specify the alias in the extra specs for a
+# flavor, without
+# needing to repeat all the PCI property requirements.
+#
+# Possible Values:
+#
+# * A list of JSON values which describe the aliases. For example::
+#
+# alias = {
+# "name": "QuickAssist",
+# "product_id": "0443",
+# "vendor_id": "8086",
+# "device_type": "type-PCI",
+# "numa_policy": "required"
+# }
+#
+# This defines an alias for the Intel QuickAssist card. (multi
+# valued). Valid
+# key values are :
+#
+# ``name``
+# Name of the PCI alias.
+#
+# ``product_id``
+# Product ID of the device in hexadecimal.
+#
+# ``vendor_id``
+# Vendor ID of the device in hexadecimal.
+#
+# ``device_type``
+# Type of PCI device. Valid values are: ``type-PCI``, ``type-PF``
+# and
+# ``type-VF``.
+#
+# ``numa_policy``
+# Required NUMA affinity of device. Valid values are: ``legacy``,
+# ``preferred`` and ``required``.
+# (multi valued)
+# Deprecated group/name - [DEFAULT]/pci_alias
+#alias =
+
+#
+# White list of PCI devices available to VMs.
+#
+# Possible values:
+#
+# * A JSON dictionary which describe a whitelisted PCI device. It
+# should take
+# the following format:
+#
+# ["vendor_id": "<id>",] ["product_id": "<id>",]
+# ["address": "[[[[<domain>]:]<bus>]:][<slot>][.[<function>]]" |
+# "devname": "<name>",]
+# {"<tag>": "<tag_value>",}
+#
+# Where '[' indicates zero or one occurrences, '{' indicates zero or
+# multiple
+# occurrences, and '|' mutually exclusive options. Note that any
+# missing
+# fields are automatically wildcarded.
+#
+# Valid key values are :
+#
+# * "vendor_id": Vendor ID of the device in hexadecimal.
+# * "product_id": Product ID of the device in hexadecimal.
+# * "address": PCI address of the device.
+# * "devname": Device name of the device (for e.g. interface name).
+# Not all
+# PCI devices have a name.
+# * "<tag>": Additional <tag> and <tag_value> used for matching PCI
+# devices.
+# Supported <tag>: "physical_network".
+#
+# The address key supports traditional glob style and regular
+# expression
+# syntax. Valid examples are:
+#
+# passthrough_whitelist = {"devname":"eth0",
+# "physical_network":"physnet"}
+# passthrough_whitelist = {"address":"*:0a:00.*"}
+# passthrough_whitelist = {"address":":0a:00.",
+# "physical_network":"physnet1"}
+# passthrough_whitelist = {"vendor_id":"1137",
+# "product_id":"0071"}
+# passthrough_whitelist = {"vendor_id":"1137",
+# "product_id":"0071",
+# "address": "0000:0a:00.1",
+# "physical_network":"physnet1"}
+# passthrough_whitelist = {"address":{"domain": ".*",
+# "bus": "02", "slot": "01",
+# "function": "[2-7]"},
+# "physical_network":"physnet1"}
+# passthrough_whitelist = {"address":{"domain": ".*",
+# "bus": "02", "slot":
+# "0[1-2]",
+# "function": ".*"},
+# "physical_network":"physnet1"}
+#
+# The following are invalid, as they specify mutually exclusive
+# options:
+#
+# passthrough_whitelist = {"devname":"eth0",
+# "physical_network":"physnet",
+# "address":"*:0a:00.*"}
+#
+# * A JSON list of JSON dictionaries corresponding to the above
+# format. For
+# example:
+#
+# passthrough_whitelist = [{"product_id":"0001",
+# "vendor_id":"8086"},
+# {"product_id":"0002",
+# "vendor_id":"8086"}]
+# (multi valued)
+# Deprecated group/name - [DEFAULT]/pci_passthrough_whitelist
+#passthrough_whitelist =
+{%- if controller.get('sriov', false) %}
+{%- for nic_name, sriov in controller.sriov.iteritems() %}
+passthrough_whitelist = {"devname":"{{ sriov.devname }}","physical_network":"{{ sriov.physical_network }}"}
+{%- endfor %}
+{%- endif %}
+
+[placement]
+
+#
+# From nova.conf
+#
+
+# DEPRECATED:
+# Region name of this node. This is used when picking the URL in the
+# service
+# catalog.
+#
+# Possible values:
+#
+# * Any string representing region name
+# (string value)
+# This option is deprecated for removal since 17.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Endpoint lookup uses the service catalog via common
+# keystoneauth1 Adapter configuration options. Use the region_name
+# option instead.
+os_region_name = {{ controller.identity.region }}
+
+# DEPRECATED:
+# Endpoint interface for this node. This is used when picking the URL
+# in the
+# service catalog.
+# (string value)
+# This option is deprecated for removal since 17.0.0.
+# Its value may be silently ignored in the future.
+# Reason: Endpoint lookup uses the service catalog via common
+# keystoneauth1 Adapter configuration options. Use the
+# valid_interfaces option instead.
+#os_interface = <None>
+
+#
+# If True, when limiting allocation candidate results, the results
+# will be
+# a random sampling of the full result set. If False, allocation
+# candidates
+# are returned in a deterministic but undefined order. That is, all
+# things
+# being equal, two requests for allocation candidates will return the
+# same
+# results in the same order; but no guarantees are made as to how that
+# order
+# is determined.
+# (boolean value)
+#randomize_allocation_candidates = false
+
+# PEM encoded Certificate Authority to use when verifying HTTPs
+# connections. (string value)
+#cafile = <None>
+{%- if controller.identity.get('protocol', 'http') == 'https' %}
+cafile={{ controller.identity.get('cacert_file', controller.cacert_file) }}
+{%- endif %}
+
+# PEM encoded client certificate cert file (string value)
+#certfile = <None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Authentication type to load (string value)
+# Deprecated group/name - [placement]/auth_plugin
+auth_type = password
+
+# Config Section from which to load plugin specific options (string
+# value)
+#auth_section = <None>
+
+# Authentication URL (string value)
+#auth_url = <None>
+auth_url={{ controller.identity.get('protocol', 'http') }}://{{ controller.identity.host }}:35357/v3
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+project_name = {{ controller.identity.tenant }}
+
+# Domain ID containing project (string value)
+project_domain_id = {{ controller.identity.get('domain', 'default') }}
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used
+# for both the user and project domain in v3 and ignored in v2
+# authentication. (string value)
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will
+# be used for both the user and project domain in v3 and ignored in v2
+# authentication. (string value)
+#default_domain_name = <None>
+
+# User ID (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [placement]/user_name
+username = {{ controller.identity.user }}
+
+# User's domain id (string value)
+user_domain_id = {{ controller.identity.get('domain', 'default') }}
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
+# User's password (string value)
+password = {{ controller.identity.password }}
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+# The default service_type for endpoint URL discovery. (string value)
+#service_type = placement
+
+# The default service_name for endpoint URL discovery. (string value)
+#service_name = <None>
+
+# List of interfaces, in order of preference, for endpoint URL. (list
+# value)
+# Deprecated group/name - [placement]/os_interface
+valid_interfaces = internal
+
+# The default region_name for endpoint URL discovery. (string value)
+# Deprecated group/name - [placement]/os_region_name
+#region_name = <None>
+
+# Always use this endpoint URL for requests for this client. NOTE: The
+# unversioned endpoint should be specified here; to request a
+# particular API version, use the `version`, `min-version`, and/or
+# `max-version` options. (string value)
+#endpoint_override = <None>
+
+
+[quota]
+#
+# Quota options allow to manage quotas in openstack deployment.
+
+#
+# From nova.conf
+#
+
+#
+# The number of instances allowed per project.
+#
+# Possible Values
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_instances
+#instances = 10
+
+#
+# The number of instance cores or vCPUs allowed per project.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_cores
+#cores = 20
+
+#
+# The number of megabytes of instance RAM allowed per project.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_ram
+#ram = 51200
+
+# DEPRECATED:
+# The number of floating IPs allowed per project.
+#
+# Floating IPs are not allocated to instances by default. Users need
+# to select
+# them from the pool configured by the OpenStack administrator to
+# attach to their
+# instances.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_floating_ips
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#floating_ips = 10
+
+# DEPRECATED:
+# The number of fixed IPs allowed per project.
+#
+# Unlike floating IPs, fixed IPs are allocated dynamically by the
+# network
+# component when instances boot up. This quota value should be at
+# least the
+# number of instances allowed
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_fixed_ips
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#fixed_ips = -1
+
+#
+# The number of metadata items allowed per instance.
+#
+# Users can associate metadata with an instance during instance
+# creation. This
+# metadata takes the form of key-value pairs.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_metadata_items
+#metadata_items = 128
+
+#
+# The number of injected files allowed.
+#
+# File injection allows users to customize the personality of an
+# instance by
+# injecting data into it upon boot. Only text file injection is
+# permitted: binary
+# or ZIP files are not accepted. During file injection, any existing
+# files that
+# match specified files are renamed to include ``.bak`` extension
+# appended with a
+# timestamp.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_injected_files
+#injected_files = 5
+
+#
+# The number of bytes allowed per injected file.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_injected_file_content_bytes
+#injected_file_content_bytes = 10240
+
+#
+# The maximum allowed injected file path length.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_injected_file_path_length
+#injected_file_path_length = 255
+
+# DEPRECATED:
+# The number of security groups per project.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_security_groups
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#security_groups = 10
+
+# DEPRECATED:
+# The number of security rules per security group.
+#
+# The associated rules in each security group control the traffic to
+# instances in
+# the group.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_security_group_rules
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# nova-network is deprecated, as are any related configuration
+# options.
+#security_group_rules = 20
+
+#
+# The maximum number of key pairs allowed per user.
+#
+# Users can create at least one key pair for each project and use the
+# key pair
+# for multiple instances that belong to that project.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_key_pairs
+#key_pairs = 100
+
+#
+# The maxiumum number of server groups per project.
+#
+# Server groups are used to control the affinity and anti-affinity
+# scheduling
+# policy for a group of servers or instances. Reducing the quota will
+# not affect
+# any existing group, but new servers will not be allowed into groups
+# that have
+# become over quota.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_server_groups
+#server_groups = 10
+
+#
+# The maximum number of servers per server group.
+#
+# Possible values:
+#
+# * A positive integer or 0.
+# * -1 to disable the quota.
+# (integer value)
+# Minimum value: -1
+# Deprecated group/name - [DEFAULT]/quota_server_group_members
+#server_group_members = 10
+
+#
+# The number of seconds until a reservation expires.
+#
+# This quota represents the time period for invalidating quota
+# reservations.
+# (integer value)
+#reservation_expire = 86400
+
+#
+# The count of reservations until usage is refreshed.
+#
+# This defaults to 0 (off) to avoid additional load but it is useful
+# to turn on
+# to help keep quota usage up-to-date and reduce the impact of out of
+# sync usage
+# issues.
+# (integer value)
+# Minimum value: 0
+#until_refresh = 0
+
+#
+# The number of seconds between subsequent usage refreshes.
+#
+# This defaults to 0 (off) to avoid additional load but it is useful
+# to turn on
+# to help keep quota usage up-to-date and reduce the impact of out of
+# sync usage
+# issues. Note that quotas are not updated on a periodic task, they
+# will update
+# on a new reservation if max_age has passed since the last
+# reservation.
+# (integer value)
+# Minimum value: 0
+#max_age = 0
+
+# DEPRECATED:
+# The quota enforcer driver.
+#
+# Provides abstraction for quota checks. Users can configure a
+# specific
+# driver to use for quota checks.
+#
+# Possible values:
+#
+# * nova.quota.DbQuotaDriver (default) or any string representing
+# fully
+# qualified class name.
+# (string value)
+# Deprecated group/name - [DEFAULT]/quota_driver
+# This option is deprecated for removal since 14.0.0.
+# Its value may be silently ignored in the future.
+#driver = nova.quota.DbQuotaDriver
+
+#
+# Recheck quota after resource creation to prevent allowing quota to
+# be exceeded.
+#
+# This defaults to True (recheck quota after resource creation) but
+# can be set to
+# False to avoid additional load if allowing quota to be exceeded
+# because of
+# racing requests is considered acceptable. For example, when set to
+# False, if a
+# user makes highly parallel REST API requests to create servers, it
+# will be
+# possible for them to create more servers than their allowed quota
+# during the
+# race. If their quota is 10 servers, they might be able to create 50
+# during the
+# burst. After the burst, they will not be able to create any more
+# servers but
+# they will be able to keep their 50 servers until they delete them.
+#
+# The initial quota check is done before resources are created, so if
+# multiple
+# parallel requests arrive at the same time, all could pass the quota
+# check and
+# create resources, potentially exceeding quota. When recheck_quota is
+# True,
+# quota will be checked a second time after resources have been
+# created and if
+# the resource is over quota, it will be deleted and OverQuota will be
+# raised,
+# usually resulting in a 403 response to the REST API user. This makes
+# it
+# impossible for a user to exceed their quota with the caveat that it
+# will,
+# however, be possible for a REST API user to be rejected with a 403
+# response in
+# the event of a collision close to reaching their quota limit, even
+# if the user
+# has enough quota available when they made the request.
+# (boolean value)
+#recheck_quota = true
+
+
+[rdp]
+#
+# Options under this group enable and configure Remote Desktop
+# Protocol (
+# RDP) related features.
+#
+# This group is only relevant to Hyper-V users.
+
+#
+# From nova.conf
+#
+
+#
+# Enable Remote Desktop Protocol (RDP) related features.
+#
+# Hyper-V, unlike the majority of the hypervisors employed on Nova
+# compute
+# nodes, uses RDP instead of VNC and SPICE as a desktop sharing
+# protocol to
+# provide instance console access. This option enables RDP for
+# graphical
+# console access for virtual machines created by Hyper-V.
+#
+# **Note:** RDP should only be enabled on compute nodes that support
+# the Hyper-V
+# virtualization platform.
+#
+# Related options:
+#
+# * ``compute_driver``: Must be hyperv.
+#
+# (boolean value)
+#enabled = false
+
+#
+# The URL an end user would use to connect to the RDP HTML5 console
+# proxy.
+# The console proxy service is called with this token-embedded URL and
+# establishes the connection to the proper instance.
+#
+# An RDP HTML5 console proxy service will need to be configured to
+# listen on the
+# address configured here. Typically the console proxy service would
+# be run on a
+# controller node. The localhost address used as default would only
+# work in a
+# single node environment i.e. devstack.
+#
+# An RDP HTML5 proxy allows a user to access via the web the text or
+# graphical
+# console of any Windows server or workstation using RDP. RDP HTML5
+# console
+# proxy services include FreeRDP, wsgate.
+# See https://github.com/FreeRDP/FreeRDP-WebConnect
+#
+# Possible values:
+#
+# * <scheme>://<ip-address>:<port-number>/
+#
+# The scheme must be identical to the scheme configured for the RDP
+# HTML5
+# console proxy service. It is ``http`` or ``https``.
+#
+# The IP address must be identical to the address on which the RDP
+# HTML5
+# console proxy service is listening.
+#
+# The port must be identical to the port on which the RDP HTML5
+# console proxy
+# service is listening.
+#
+# Related options:
+#
+# * ``rdp.enabled``: Must be set to ``True`` for
+# ``html5_proxy_base_url`` to be
+# effective.
+# (uri value)
+#html5_proxy_base_url = http://127.0.0.1:6083/
+
+
+[remote_debug]
+
+#
+# From nova.conf
+#
+
+#
+# Debug host (IP or name) to connect to. This command line parameter
+# is used when
+# you want to connect to a nova service via a debugger running on a
+# different
+# host.
+#
+# Note that using the remote debug option changes how Nova uses the
+# eventlet
+# library to support async IO. This could result in failures that do
+# not occur
+# under normal operation. Use at your own risk.
+#
+# Possible Values:
+#
+# * IP address of a remote host as a command line parameter
+# to a nova service. For Example:
+#
+# /usr/local/bin/nova-compute --config-file /etc/nova/nova.conf
+# --remote_debug-host <IP address where the debugger is running>
+# (unknown value)
+#host = <None>
+
+#
+# Debug port to connect to. This command line parameter allows you to
+# specify
+# the port you want to use to connect to a nova service via a debugger
+# running
+# on different host.
+#
+# Note that using the remote debug option changes how Nova uses the
+# eventlet
+# library to support async IO. This could result in failures that do
+# not occur
+# under normal operation. Use at your own risk.
+#
+# Possible Values:
+#
+# * Port number you want to use as a command line parameter
+# to a nova service. For Example:
+#
+# /usr/local/bin/nova-compute --config-file /etc/nova/nova.conf
+# --remote_debug-host <IP address where the debugger is running>
+# --remote_debug-port <port> it's listening on>.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#port = <None>
+
+
+[scheduler]
+
+#
+# From nova.conf
+#
+
+#
+# The scheduler host manager to use.
+#
+# The host manager manages the in-memory picture of the hosts that the
+# scheduler
+# uses. The options values are chosen from the entry points under the
+# namespace
+# 'nova.scheduler.host_manager' in 'setup.cfg'.
+#
+# NOTE: The "ironic_host_manager" option is deprecated as of the
+# 17.0.0 Queens
+# release.
+# (string value)
+# Possible values:
+# host_manager - <No description provided>
+# ironic_host_manager - <No description provided>
+# Deprecated group/name - [DEFAULT]/scheduler_host_manager
+#host_manager = host_manager
+
+#
+# The class of the driver used by the scheduler. This should be chosen
+# from one
+# of the entrypoints under the namespace 'nova.scheduler.driver' of
+# file
+# 'setup.cfg'. If nothing is specified in this option, the
+# 'filter_scheduler' is
+# used.
+#
+# Other options are:
+#
+# * 'caching_scheduler' which aggressively caches the system state for
+# better
+# individual scheduler performance at the risk of more retries when
+# running
+# multiple schedulers. [DEPRECATED]
+# * 'chance_scheduler' which simply picks a host at random.
+# [DEPRECATED]
+# * 'fake_scheduler' which is used for testing.
+#
+# Possible values:
+#
+# * Any of the drivers included in Nova:
+# ** filter_scheduler
+# ** caching_scheduler
+# ** chance_scheduler
+# ** fake_scheduler
+# * You may also set this to the entry point name of a custom
+# scheduler driver,
+# but you will be responsible for creating and maintaining it in
+# your setup.cfg
+# file.
+# (string value)
+# Deprecated group/name - [DEFAULT]/scheduler_driver
+#driver = filter_scheduler
+
+#
+# Periodic task interval.
+#
+# This value controls how often (in seconds) to run periodic tasks in
+# the
+# scheduler. The specific tasks that are run for each period are
+# determined by
+# the particular scheduler being used.
+#
+# If this is larger than the nova-service 'service_down_time' setting,
+# Nova may
+# report the scheduler service as down. This is because the scheduler
+# driver is
+# responsible for sending a heartbeat and it will only do that as
+# often as this
+# option allows. As each scheduler can work a little differently than
+# the others,
+# be sure to test this with your selected scheduler.
+#
+# Possible values:
+#
+# * An integer, where the integer corresponds to periodic task
+# interval in
+# seconds. 0 uses the default interval (60 seconds). A negative
+# value disables
+# periodic tasks.
+#
+# Related options:
+#
+# * ``nova-service service_down_time``
+# (integer value)
+# Deprecated group/name - [DEFAULT]/scheduler_driver_task_period
+#periodic_task_interval = 60
+
+#
+# This is the maximum number of attempts that will be made for a given
+# instance
+# build/move operation. It limits the number of alternate hosts
+# returned by the
+# scheduler. When that list of hosts is exhausted, a
+# MaxRetriesExceeded
+# exception is raised and the instance is set to an error state.
+#
+# Possible values:
+#
+# * A positive integer, where the integer corresponds to the max
+# number of
+# attempts that can be made when building or moving an instance.
+# (integer value)
+# Minimum value: 1
+# Deprecated group/name - [DEFAULT]/scheduler_max_attempts
+#max_attempts = 3
+
+#
+# Periodic task interval.
+#
+# This value controls how often (in seconds) the scheduler should
+# attempt
+# to discover new hosts that have been added to cells. If negative
+# (the
+# default), no automatic discovery will occur.
+#
+# Deployments where compute nodes come and go frequently may want this
+# enabled, where others may prefer to manually discover hosts when one
+# is added to avoid any overhead from constantly checking. If enabled,
+# every time this runs, we will select any unmapped hosts out of each
+# cell database on every run.
+# (integer value)
+# Minimum value: -1
+#discover_hosts_in_cells_interval = -1
+
+#
+# This setting determines the maximum limit on results received from
+# the
+# placement service during a scheduling operation. It effectively
+# limits
+# the number of hosts that may be considered for scheduling requests
+# that
+# match a large number of candidates.
+#
+# A value of 1 (the minimum) will effectively defer scheduling to the
+# placement
+# service strictly on "will it fit" grounds. A higher value will put
+# an upper
+# cap on the number of results the scheduler will consider during the
+# filtering
+# and weighing process. Large deployments may need to set this lower
+# than the
+# total number of hosts available to limit memory consumption, network
+# traffic,
+# etc. of the scheduler.
+#
+# This option is only used by the FilterScheduler; if you use a
+# different
+# scheduler, this option has no effect.
+# (integer value)
+# Minimum value: 1
+#max_placement_results = 1000
+
+
+[serial_console]
+#
+# The serial console feature allows you to connect to a guest in case
+# a
+# graphical console like VNC, RDP or SPICE is not available. This is
+# only
+# currently supported for the libvirt, Ironic and hyper-v drivers.
+
+#
+# From nova.conf
+#
+
+#
+# Enable the serial console feature.
+#
+# In order to use this feature, the service ``nova-serialproxy`` needs
+# to run.
+# This service is typically executed on the controller node.
+# (boolean value)
+#enabled = false
+
+#
+# A range of TCP ports a guest can use for its backend.
+#
+# Each instance which gets created will use one port out of this
+# range. If the
+# range is not big enough to provide another port for an new instance,
+# this
+# instance won't get launched.
+#
+# Possible values:
+#
+# * Each string which passes the regex ``\d+:\d+`` For example
+# ``10000:20000``.
+# Be sure that the first port number is lower than the second port
+# number
+# and that both are in range from 0 to 65535.
+# (string value)
+#port_range = 10000:20000
+
+#
+# The URL an end user would use to connect to the ``nova-serialproxy``
+# service.
+#
+# The ``nova-serialproxy`` service is called with this token enriched
+# URL
+# and establishes the connection to the proper instance.
+#
+# Related options:
+#
+# * The IP address must be identical to the address to which the
+# ``nova-serialproxy`` service is listening (see option
+# ``serialproxy_host``
+# in this section).
+# * The port must be the same as in the option ``serialproxy_port`` of
+# this
+# section.
+# * If you choose to use a secured websocket connection, then start
+# this option
+# with ``wss://`` instead of the unsecured ``ws://``. The options
+# ``cert``
+# and ``key`` in the ``[DEFAULT]`` section have to be set for that.
+# (uri value)
+#base_url = ws://127.0.0.1:6083/
+
+#
+# The IP address to which proxy clients (like ``nova-serialproxy``)
+# should
+# connect to get the serial console of an instance.
+#
+# This is typically the IP address of the host of a ``nova-compute``
+# service.
+# (string value)
+#proxyclient_address = 127.0.0.1
+
+#
+# The IP address which is used by the ``nova-serialproxy`` service to
+# listen
+# for incoming requests.
+#
+# The ``nova-serialproxy`` service listens on this IP address for
+# incoming
+# connection requests to instances which expose serial console.
+#
+# Related options:
+#
+# * Ensure that this is the same IP address which is defined in the
+# option
+# ``base_url`` of this section or use ``0.0.0.0`` to listen on all
+# addresses.
+# (string value)
+#serialproxy_host = 0.0.0.0
+
+#
+# The port number which is used by the ``nova-serialproxy`` service to
+# listen
+# for incoming requests.
+#
+# The ``nova-serialproxy`` service listens on this port number for
+# incoming
+# connection requests to instances which expose serial console.
+#
+# Related options:
+#
+# * Ensure that this is the same port number which is defined in the
+# option
+# ``base_url`` of this section.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#serialproxy_port = 6083
+
+
+[service_user]
+#
+# Configuration options for service to service authentication using a
+# service
+# token. These options allow sending a service token along with the
+# user's token
+# when contacting external REST APIs.
+
+#
+# From nova.conf
+#
+
+#
+# When True, if sending a user token to a REST API, also send a
+# service token.
+#
+# Nova often reuses the user token provided to the nova-api to talk to
+# other REST
+# APIs, such as Cinder, Glance and Neutron. It is possible that while
+# the user
+# token was valid when the request was made to Nova, the token may
+# expire before
+# it reaches the other service. To avoid any failures, and to make it
+# clear it is
+# Nova calling the service on the user's behalf, we include a service
+# token along
+# with the user token. Should the user's token have expired, a valid
+# service
+# token ensures the REST API request will still be accepted by the
+# keystone
+# middleware.
+# (boolean value)
+#send_service_user_token = false
+
+# PEM encoded Certificate Authority to use when verifying HTTPs
+# connections. (string value)
+#cafile = <None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile = <None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Authentication type to load (string value)
+# Deprecated group/name - [service_user]/auth_plugin
+#auth_type = <None>
+
+# Config Section from which to load plugin specific options (string
+# value)
+#auth_section = <None>
+
+# Authentication URL (string value)
+#auth_url = <None>
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+#project_name = <None>
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used
+# for both the user and project domain in v3 and ignored in v2
+# authentication. (string value)
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will
+# be used for both the user and project domain in v3 and ignored in v2
+# authentication. (string value)
+#default_domain_name = <None>
+
+# User ID (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [service_user]/user_name
+#username = <None>
+
+# User's domain id (string value)
+#user_domain_id = <None>
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
+# User's password (string value)
+#password = <None>
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+
+[spice]
+#
+# SPICE console feature allows you to connect to a guest virtual
+# machine.
+# SPICE is a replacement for fairly limited VNC protocol.
+#
+# Following requirements must be met in order to use SPICE:
+#
+# * Virtualization driver must be libvirt
+# * spice.enabled set to True
+# * vnc.enabled set to False
+# * update html5proxy_base_url
+# * update server_proxyclient_address
+
+#
+# From nova.conf
+#
+
+#
+# Enable SPICE related features.
+#
+# Related options:
+#
+# * VNC must be explicitly disabled to get access to the SPICE
+# console. Set the
+# enabled option to False in the [vnc] section to disable the VNC
+# console.
+# (boolean value)
+#enabled = false
+enabled = false
+#
+# Enable the SPICE guest agent support on the instances.
+#
+# The Spice agent works with the Spice protocol to offer a better
+# guest console
+# experience. However, the Spice console can still be used without the
+# Spice
+# Agent. With the Spice agent installed the following features are
+# enabled:
+#
+# * Copy & Paste of text and images between the guest and client
+# machine
+# * Automatic adjustment of resolution when the client screen changes
+# - e.g.
+# if you make the Spice console full screen the guest resolution
+# will adjust to
+# match it rather than letterboxing.
+# * Better mouse integration - The mouse can be captured and released
+# without
+# needing to click inside the console or press keys to release it.
+# The
+# performance of mouse movement is also improved.
+# (boolean value)
+#agent_enabled = true
+
+#
+# Location of the SPICE HTML5 console proxy.
+#
+# End user would use this URL to connect to the `nova-
+# spicehtml5proxy``
+# service. This service will forward request to the console of an
+# instance.
+#
+# In order to use SPICE console, the service ``nova-spicehtml5proxy``
+# should be
+# running. This service is typically launched on the controller node.
+#
+# Possible values:
+#
+# * Must be a valid URL of the form:
+# ``http://host:port/spice_auto.html``
+# where host is the node running ``nova-spicehtml5proxy`` and the
+# port is
+# typically 6082. Consider not using default value as it is not well
+# defined
+# for any real deployment.
+#
+# Related options:
+#
+# * This option depends on ``html5proxy_host`` and ``html5proxy_port``
+# options.
+# The access URL returned by the compute node must have the host
+# and port where the ``nova-spicehtml5proxy`` service is listening.
+# (uri value)
+#html5proxy_base_url = http://127.0.0.1:6082/spice_auto.html
+{%- if controller.vncproxy_url is defined %}
+html5proxy_base_url = {{ controller.vncproxy_url }}/spice_auto.html
+{%- endif %}
+
+#
+# The address where the SPICE server running on the instances should
+# listen.
+#
+# Typically, the ``nova-spicehtml5proxy`` proxy client runs on the
+# controller
+# node and connects over the private network to this address on the
+# compute
+# node(s).
+#
+# Possible values:
+#
+# * IP address to listen on.
+# (string value)
+#server_listen = 127.0.0.1
+
+#
+# The address used by ``nova-spicehtml5proxy`` client to connect to
+# instance
+# console.
+#
+# Typically, the ``nova-spicehtml5proxy`` proxy client runs on the
+# controller node and connects over the private network to this
+# address on the
+# compute node(s).
+#
+# Possible values:
+#
+# * Any valid IP address on the compute node.
+#
+# Related options:
+#
+# * This option depends on the ``server_listen`` option.
+# The proxy client must be able to access the address specified in
+# ``server_listen`` using the value of this option.
+# (string value)
+#server_proxyclient_address = 127.0.0.1
+
+#
+# A keyboard layout which is supported by the underlying hypervisor on
+# this
+# node.
+#
+# Possible values:
+# * This is usually an 'IETF language tag' (default is 'en-us'). If
+# you
+# use QEMU as hypervisor, you should find the list of supported
+# keyboard
+# layouts at /usr/share/qemu/keymaps.
+# (string value)
+#keymap = en-us
+
+#
+# IP address or a hostname on which the ``nova-spicehtml5proxy``
+# service
+# listens for incoming requests.
+#
+# Related options:
+#
+# * This option depends on the ``html5proxy_base_url`` option.
+# The ``nova-spicehtml5proxy`` service must be listening on a host
+# that is
+# accessible from the HTML5 client.
+# (unknown value)
+#html5proxy_host = 0.0.0.0
+
+#
+# Port on which the ``nova-spicehtml5proxy`` service listens for
+# incoming
+# requests.
+#
+# Related options:
+#
+# * This option depends on the ``html5proxy_base_url`` option.
+# The ``nova-spicehtml5proxy`` service must be listening on a port
+# that is
+# accessible from the HTML5 client.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#html5proxy_port = 6082
+
+
+[upgrade_levels]
+
+{%- if controller.upgrade_levels is defined %}
+{%- for key, value in controller.upgrade_levels.iteritems() %}
+{{ key }}={{ value }}
+{%- endfor %}
+{%- endif %}
+#
+# upgrade_levels options are used to set version cap for RPC
+# messages sent between different nova services.
+#
+# By default all services send messages using the latest version
+# they know about.
+#
+# The compute upgrade level is an important part of rolling upgrades
+# where old and new nova-compute services run side by side.
+#
+# The other options can largely be ignored, and are only kept to
+# help with a possible future backport issue.
+
+#
+# From nova.conf
+#
+
+#
+# Compute RPC API version cap.
+#
+# By default, we always send messages using the most recent version
+# the client knows about.
+#
+# Where you have old and new compute services running, you should set
+# this to the lowest deployed version. This is to guarantee that all
+# services never send messages that one of the compute nodes can't
+# understand. Note that we only support upgrading from release N to
+# release N+1.
+#
+# Set this option to "auto" if you want to let the compute RPC module
+# automatically determine what version to use based on the service
+# versions in the deployment.
+#
+# Possible values:
+#
+# * By default send the latest version the client knows about
+# * 'auto': Automatically determines what version to use based on
+# the service versions in the deployment.
+# * A string representing a version number in the format 'N.N';
+# for example, possible values might be '1.12' or '2.0'.
+# * An OpenStack release name, in lower case, such as 'mitaka' or
+# 'liberty'.
+# (string value)
+#compute = <None>
+
+# Cells RPC API version cap (string value)
+#cells = <None>
+
+# Intercell RPC API version cap (string value)
+#intercell = <None>
+
+# Cert RPC API version cap (string value)
+#cert = <None>
+
+# Scheduler RPC API version cap (string value)
+#scheduler = <None>
+
+# Conductor RPC API version cap (string value)
+#conductor = <None>
+
+# Console RPC API version cap (string value)
+#console = <None>
+
+# Consoleauth RPC API version cap (string value)
+#consoleauth = <None>
+
+# Network RPC API version cap (string value)
+#network = <None>
+
+# Base API RPC API version cap (string value)
+#baseapi = <None>
+
+
+[vault]
+
+#
+# From nova.conf
+#
+
+# root token for vault (string value)
+#root_token_id = <None>
+
+# Use this endpoint to connect to Vault, for example:
+# "http://127.0.0.1:8200" (string value)
+#vault_url = http://127.0.0.1:8200
+
+# Absolute path to ca cert file (string value)
+#ssl_ca_crt_file = <None>
+
+# SSL Enabled/Disabled (boolean value)
+#use_ssl = false
+
+
+[vendordata_dynamic_auth]
+#
+# Options within this group control the authentication of the
+# vendordata
+# subsystem of the metadata API server (and config drive) with
+# external systems.
+
+#
+# From nova.conf
+#
+
+# PEM encoded Certificate Authority to use when verifying HTTPs
+# connections. (string value)
+#cafile = <None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile = <None>
+
+# PEM encoded client certificate key file (string value)
+#keyfile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Authentication type to load (string value)
+# Deprecated group/name - [vendordata_dynamic_auth]/auth_plugin
+#auth_type = <None>
+
+# Config Section from which to load plugin specific options (string
+# value)
+#auth_section = <None>
+
+# Authentication URL (string value)
+#auth_url = <None>
+
+# Scope for system operations (string value)
+#system_scope = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Project ID to scope to (string value)
+#project_id = <None>
+
+# Project name to scope to (string value)
+#project_name = <None>
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used
+# for both the user and project domain in v3 and ignored in v2
+# authentication. (string value)
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will
+# be used for both the user and project domain in v3 and ignored in v2
+# authentication. (string value)
+#default_domain_name = <None>
+
+# User ID (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [vendordata_dynamic_auth]/user_name
+#username = <None>
+
+# User's domain id (string value)
+#user_domain_id = <None>
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
+# User's password (string value)
+#password = <None>
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+{%- set compute_driver = controller.get('compute_driver', 'libvirt.LibvirtDriver') %}
+{%- if compute_driver in compute_driver_mapping.keys() %}
+{%- set _data = controller.get(compute_driver_mapping[compute_driver]) %}
+{%- include "nova/files/queens/compute/_" + compute_driver_mapping[compute_driver] + ".conf" %}
+{%- endif %}
+
+[vnc]
+#
+# Virtual Network Computer (VNC) can be used to provide remote desktop
+# console access to instances for tenants and/or administrators.
+
+#
+# From nova.conf
+#
+
+#
+# Enable VNC related features.
+#
+# Guests will get created with graphical devices to support this.
+# Clients
+# (for example Horizon) can then establish a VNC connection to the
+# guest.
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/vnc_enabled
+enabled = true
+
+novncproxy_host = {{ controller.bind.get('novncproxy_address', '0.0.0.0') }}
+novncproxy_base_url = {{ controller.vncproxy_url }}/vnc_auto.html
+novncproxy_port={{ controller.bind.get('vncproxy_port', '6080') }}
+{%- if pillar.nova.compute is defined %}
+vncserver_listen={{ controller.bind.private_address }}
+vncserver_proxyclient_address={{ controller.bind.private_address }}
+{%- else %}
+vncserver_listen={{ controller.bind.get('novncproxy_address', '0.0.0.0') }}
+{%- endif %}
+{%- if controller.novncproxy.vencrypt.tls.get('enabled', False) %}
+auth_schemes=vencrypt
+vencrypt_client_key={{controller.novncproxy.vencrypt.tls.key_file|yaml_squote}}
+vencrypt_client_cert={{controller.novncproxy.vencrypt.tls.cert_file|yaml_squote}}
+vencrypt_ca_certs={{controller.novncproxy.vencrypt.tls.ca_file|yaml_squote}}
+{%- endif %}
+
+#
+# Keymap for VNC.
+#
+# The keyboard mapping (keymap) determines which keyboard layout a VNC
+# session should use by default.
+#
+# Possible values:
+#
+# * A keyboard layout which is supported by the underlying hypervisor
+# on
+# this node. This is usually an 'IETF language tag' (for example
+# 'en-us'). If you use QEMU as hypervisor, you should find the
+# list
+# of supported keyboard layouts at ``/usr/share/qemu/keymaps``.
+# (string value)
+# Deprecated group/name - [DEFAULT]/vnc_keymap
+keymap = {{ controller.get('vnc_keymap', 'en-us') }}
+
+#
+# The IP address or hostname on which an instance should listen to for
+# incoming VNC connection requests on this node.
+# (unknown value)
+# Deprecated group/name - [DEFAULT]/vncserver_listen
+# Deprecated group/name - [vnc]/vncserver_listen
+#server_listen = 127.0.0.1
+
+#
+# Private, internal IP address or hostname of VNC console proxy.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients.
+#
+# This option sets the private address to which proxy clients, such as
+# ``nova-xvpvncproxy``, should connect to.
+# (unknown value)
+# Deprecated group/name - [DEFAULT]/vncserver_proxyclient_address
+# Deprecated group/name - [vnc]/vncserver_proxyclient_address
+#server_proxyclient_address = 127.0.0.1
+
+#
+# Public address of noVNC VNC console proxy.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. noVNC provides
+# VNC support through a websocket-based client.
+#
+# This option sets the public base URL to which client systems will
+# connect. noVNC clients can use this address to connect to the noVNC
+# instance and, by extension, the VNC sessions.
+#
+# Related options:
+#
+# * novncproxy_host
+# * novncproxy_port
+# (uri value)
+#novncproxy_base_url = http://127.0.0.1:6080/vnc_auto.html
+
+#
+# IP address or hostname that the XVP VNC console proxy should bind
+# to.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. Xen provides
+# the Xenserver VNC Proxy, or XVP, as an alternative to the
+# websocket-based noVNC proxy used by Libvirt. In contrast to noVNC,
+# XVP clients are Java-based.
+#
+# This option sets the private address to which the XVP VNC console
+# proxy
+# service should bind to.
+#
+# Related options:
+#
+# * xvpvncproxy_port
+# * xvpvncproxy_base_url
+# (unknown value)
+#xvpvncproxy_host = 0.0.0.0
+
+#
+# Port that the XVP VNC console proxy should bind to.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. Xen provides
+# the Xenserver VNC Proxy, or XVP, as an alternative to the
+# websocket-based noVNC proxy used by Libvirt. In contrast to noVNC,
+# XVP clients are Java-based.
+#
+# This option sets the private port to which the XVP VNC console proxy
+# service should bind to.
+#
+# Related options:
+#
+# * xvpvncproxy_host
+# * xvpvncproxy_base_url
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#xvpvncproxy_port = 6081
+
+#
+# Public URL address of XVP VNC console proxy.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. Xen provides
+# the Xenserver VNC Proxy, or XVP, as an alternative to the
+# websocket-based noVNC proxy used by Libvirt. In contrast to noVNC,
+# XVP clients are Java-based.
+#
+# This option sets the public base URL to which client systems will
+# connect. XVP clients can use this address to connect to the XVP
+# instance and, by extension, the VNC sessions.
+#
+# Related options:
+#
+# * xvpvncproxy_host
+# * xvpvncproxy_port
+# (uri value)
+#xvpvncproxy_base_url = http://127.0.0.1:6081/console
+
+#
+# IP address that the noVNC console proxy should bind to.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. noVNC provides
+# VNC support through a websocket-based client.
+#
+# This option sets the private address to which the noVNC console
+# proxy
+# service should bind to.
+#
+# Related options:
+#
+# * novncproxy_port
+# * novncproxy_base_url
+# (string value)
+#novncproxy_host = 0.0.0.0
+
+#
+# Port that the noVNC console proxy should bind to.
+#
+# The VNC proxy is an OpenStack component that enables compute service
+# users to access their instances through VNC clients. noVNC provides
+# VNC support through a websocket-based client.
+#
+# This option sets the private port to which the noVNC console proxy
+# service should bind to.
+#
+# Related options:
+#
+# * novncproxy_host
+# * novncproxy_base_url
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#novncproxy_port = 6080
+
+#
+# The authentication schemes to use with the compute node.
+#
+# Control what RFB authentication schemes are permitted for
+# connections between
+# the proxy and the compute host. If multiple schemes are enabled, the
+# first
+# matching scheme will be used, thus the strongest schemes should be
+# listed
+# first.
+#
+# Possible values:
+#
+# * ``none``: allow connection without authentication
+# * ``vencrypt``: use VeNCrypt authentication scheme
+#
+# Related options:
+#
+# * ``[vnc]vencrypt_client_key``, ``[vnc]vencrypt_client_cert``: must
+# also be set
+# (list value)
+#auth_schemes = none
+
+# The path to the client certificate PEM file (for x509)
+#
+# The fully qualified path to a PEM file containing the private key
+# which the VNC
+# proxy server presents to the compute node during VNC authentication.
+#
+# Related options:
+#
+# * ``vnc.auth_schemes``: must include ``vencrypt``
+# * ``vnc.vencrypt_client_cert``: must also be set
+# (string value)
+#vencrypt_client_key = <None>
+
+# The path to the client key file (for x509)
+#
+# The fully qualified path to a PEM file containing the x509
+# certificate which
+# the VNC proxy server presents to the compute node during VNC
+# authentication.
+#
+# Realted options:
+#
+# * ``vnc.auth_schemes``: must include ``vencrypt``
+# * ``vnc.vencrypt_client_key``: must also be set
+# (string value)
+#vencrypt_client_cert = <None>
+
+# The path to the CA certificate PEM file
+#
+# The fully qualified path to a PEM file containing one or more x509
+# certificates
+# for the certificate authorities used by the compute node VNC server.
+#
+# Related options:
+#
+# * ``vnc.auth_schemes``: must include ``vencrypt``
+# (string value)
+#vencrypt_ca_certs = <None>
+
+
+[workarounds]
+#
+# A collection of workarounds used to mitigate bugs or issues found in
+# system
+# tools (e.g. Libvirt or QEMU) or Nova itself under certain
+# conditions. These
+# should only be enabled in exceptional circumstances. All options are
+# linked
+# against bug IDs, where more information on the issue can be found.
+
+#
+# From nova.conf
+#
+
+#
+# Use sudo instead of rootwrap.
+#
+# Allow fallback to sudo for performance reasons.
+#
+# For more information, refer to the bug report:
+#
+# https://bugs.launchpad.net/nova/+bug/1415106
+#
+# Possible values:
+#
+# * True: Use sudo instead of rootwrap
+# * False: Use rootwrap as usual
+#
+# Interdependencies to other options:
+#
+# * Any options that affect 'rootwrap' will be ignored.
+# (boolean value)
+#disable_rootwrap = false
+
+#
+# Disable live snapshots when using the libvirt driver.
+#
+# Live snapshots allow the snapshot of the disk to happen without an
+# interruption to the guest, using coordination with a guest agent to
+# quiesce the filesystem.
+#
+# When using libvirt 1.2.2 live snapshots fail intermittently under
+# load
+# (likely related to concurrent libvirt/qemu operations). This config
+# option provides a mechanism to disable live snapshot, in favor of
+# cold
+# snapshot, while this is resolved. Cold snapshot causes an instance
+# outage while the guest is going through the snapshotting process.
+#
+# For more information, refer to the bug report:
+#
+# https://bugs.launchpad.net/nova/+bug/1334398
+#
+# Possible values:
+#
+# * True: Live snapshot is disabled when using libvirt
+# * False: Live snapshots are always used when snapshotting (as long
+# as
+# there is a new enough libvirt and the backend storage supports it)
+# (boolean value)
+#disable_libvirt_livesnapshot = false
+disable_libvirt_livesnapshot = {{ controller.get('workaround', {}).get('disable_libvirt_livesnapshot', True)|lower }}
+
+#
+# Enable handling of events emitted from compute drivers.
+#
+# Many compute drivers emit lifecycle events, which are events that
+# occur when,
+# for example, an instance is starting or stopping. If the instance is
+# going
+# through task state changes due to an API operation, like resize, the
+# events
+# are ignored.
+#
+# This is an advanced feature which allows the hypervisor to signal to
+# the
+# compute service that an unexpected state change has occurred in an
+# instance
+# and that the instance can be shutdown automatically. Unfortunately,
+# this can
+# race in some conditions, for example in reboot operations or when
+# the compute
+# service or when host is rebooted (planned or due to an outage). If
+# such races
+# are common, then it is advisable to disable this feature.
+#
+# Care should be taken when this feature is disabled and
+# 'sync_power_state_interval' is set to a negative value. In this
+# case, any
+# instances that get out of sync between the hypervisor and the Nova
+# database
+# will have to be synchronized manually.
+#
+# For more information, refer to the bug report:
+#
+# https://bugs.launchpad.net/bugs/1444630
+#
+# Interdependencies to other options:
+#
+# * If ``sync_power_state_interval`` is negative and this feature is
+# disabled,
+# then instances that get out of sync between the hypervisor and the
+# Nova
+# database will have to be synchronized manually.
+# (boolean value)
+#handle_virt_lifecycle_events = true
+
+#
+# Disable the server group policy check upcall in compute.
+#
+# In order to detect races with server group affinity policy, the
+# compute
+# service attempts to validate that the policy was not violated by the
+# scheduler. It does this by making an upcall to the API database to
+# list
+# the instances in the server group for one that it is booting, which
+# violates
+# our api/cell isolation goals. Eventually this will be solved by
+# proper affinity
+# guarantees in the scheduler and placement service, but until then,
+# this late
+# check is needed to ensure proper affinity policy.
+#
+# Operators that desire api/cell isolation over this check should
+# enable this flag, which will avoid making that upcall from compute.
+#
+# Related options:
+#
+# * [filter_scheduler]/track_instance_changes also relies on upcalls
+# from the
+# compute service to the scheduler service.
+# (boolean value)
+#disable_group_policy_check_upcall = false
+
+
+[wsgi]
+#
+# Options under this group are used to configure WSGI (Web Server
+# Gateway
+# Interface). WSGI is used to serve API requests.
+
+#
+# From nova.conf
+#
+
+#
+# This option represents a file name for the paste.deploy config for
+# nova-api.
+#
+# Possible values:
+#
+# * A string representing file name for the paste.deploy config.
+# (string value)
+api_paste_config = /etc/nova/api-paste.ini
+
+# DEPRECATED:
+# It represents a python format string that is used as the template to
+# generate
+# log lines. The following values can be formatted into it: client_ip,
+# date_time, request_line, status_code, body_length, wall_seconds.
+#
+# This option is used for building custom request loglines when
+# running
+# nova-api under eventlet. If used under uwsgi or apache, this option
+# has no effect.
+#
+# Possible values:
+#
+# * '%(client_ip)s "%(request_line)s" status: %(status_code)s'
+# 'len: %(body_length)s time: %(wall_seconds).7f' (default)
+# * Any formatted string formed by specific values.
+# (string value)
+# This option is deprecated for removal since 16.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# This option only works when running nova-api under eventlet, and
+# encodes very eventlet specific pieces of information. Starting in
+# Pike
+# the preferred model for running nova-api is under uwsgi or apache
+# mod_wsgi.
+#wsgi_log_format = %(client_ip)s "%(request_line)s" status: %(status_code)s len: %(body_length)s time: %(wall_seconds).7f
+
+#
+# This option specifies the HTTP header used to determine the protocol
+# scheme
+# for the original request, even if it was removed by a SSL
+# terminating proxy.
+#
+# Possible values:
+#
+# * None (default) - the request scheme is not influenced by any HTTP
+# headers
+# * Valid HTTP header, like HTTP_X_FORWARDED_PROTO
+#
+# WARNING: Do not set this unless you know what you are doing.
+#
+# Make sure ALL of the following are true before setting this
+# (assuming the
+# values from the example above):
+# * Your API is behind a proxy.
+# * Your proxy strips the X-Forwarded-Proto header from all incoming
+# requests.
+# In other words, if end users include that header in their
+# requests, the proxy
+# will discard it.
+# * Your proxy sets the X-Forwarded-Proto header and sends it to API,
+# but only
+# for requests that originally come in via HTTPS.
+#
+# If any of those are not true, you should keep this setting set to
+# None.
+#
+# (string value)
+#secure_proxy_ssl_header = <None>
+
+#
+# This option allows setting path to the CA certificate file that
+# should be used
+# to verify connecting clients.
+#
+# Possible values:
+#
+# * String representing path to the CA certificate file.
+#
+# Related options:
+#
+# * enabled_ssl_apis
+# (string value)
+#ssl_ca_file = <None>
+
+#
+# This option allows setting path to the SSL certificate of API
+# server.
+#
+# Possible values:
+#
+# * String representing path to the SSL certificate.
+#
+# Related options:
+#
+# * enabled_ssl_apis
+# (string value)
+#ssl_cert_file = <None>
+
+#
+# This option specifies the path to the file where SSL private key of
+# API
+# server is stored when SSL is in effect.
+#
+# Possible values:
+#
+# * String representing path to the SSL private key.
+#
+# Related options:
+#
+# * enabled_ssl_apis
+# (string value)
+#ssl_key_file = <None>
+
+#
+# This option sets the value of TCP_KEEPIDLE in seconds for each
+# server socket.
+# It specifies the duration of time to keep connection active. TCP
+# generates a
+# KEEPALIVE transmission for an application that requests to keep
+# connection
+# active. Not supported on OS X.
+#
+# Related options:
+#
+# * keep_alive
+# (integer value)
+# Minimum value: 0
+#tcp_keepidle = 600
+
+#
+# This option specifies the size of the pool of greenthreads used by
+# wsgi.
+# It is possible to limit the number of concurrent connections using
+# this
+# option.
+# (integer value)
+# Minimum value: 0
+# Deprecated group/name - [DEFAULT]/wsgi_default_pool_size
+#default_pool_size = 1000
+
+#
+# This option specifies the maximum line size of message headers to be
+# accepted.
+# max_header_line may need to be increased when using large tokens
+# (typically
+# those generated by the Keystone v3 API with big service catalogs).
+#
+# Since TCP is a stream based protocol, in order to reuse a
+# connection, the HTTP
+# has to have a way to indicate the end of the previous response and
+# beginning
+# of the next. Hence, in a keep_alive case, all messages must have a
+# self-defined message length.
+# (integer value)
+# Minimum value: 0
+#max_header_line = 16384
+
+#
+# This option allows using the same TCP connection to send and receive
+# multiple
+# HTTP requests/responses, as opposed to opening a new one for every
+# single
+# request/response pair. HTTP keep-alive indicates HTTP connection
+# reuse.
+#
+# Possible values:
+#
+# * True : reuse HTTP connection.
+# * False : closes the client socket connection explicitly.
+#
+# Related options:
+#
+# * tcp_keepidle
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/wsgi_keep_alive
+#keep_alive = true
+
+#
+# This option specifies the timeout for client connections' socket
+# operations.
+# If an incoming connection is idle for this number of seconds it will
+# be
+# closed. It indicates timeout on individual read/writes on the socket
+# connection. To wait forever set to 0.
+# (integer value)
+# Minimum value: 0
+#client_socket_timeout = 900
+
+
+[xenserver]
+#
+# XenServer options are used when the compute_driver is set to use
+# XenServer (compute_driver=xenapi.XenAPIDriver).
+#
+# Must specify connection_url, connection_password and
+# ovs_integration_bridge to
+# use compute_driver=xenapi.XenAPIDriver.
+
+#
+# From nova.conf
+#
+
+#
+# Number of seconds to wait for agent's reply to a request.
+#
+# Nova configures/performs certain administrative actions on a server
+# with the
+# help of an agent that's installed on the server. The communication
+# between
+# Nova and the agent is achieved via sharing messages, called records,
+# over
+# xenstore, a shared storage across all the domains on a Xenserver
+# host.
+# Operations performed by the agent on behalf of nova are: 'version','
+# key_init',
+# 'password','resetnetwork','inject_file', and 'agentupdate'.
+#
+# To perform one of the above operations, the xapi 'agent' plugin
+# writes the
+# command and its associated parameters to a certain location known to
+# the domain
+# and awaits response. On being notified of the message, the agent
+# performs
+# appropriate actions on the server and writes the result back to
+# xenstore. This
+# result is then read by the xapi 'agent' plugin to determine the
+# success/failure
+# of the operation.
+#
+# This config option determines how long the xapi 'agent' plugin shall
+# wait to
+# read the response off of xenstore for a given request/command. If
+# the agent on
+# the instance fails to write the result in this time period, the
+# operation is
+# considered to have timed out.
+#
+# Related options:
+#
+# * ``agent_version_timeout``
+# * ``agent_resetnetwork_timeout``
+#
+# (integer value)
+# Minimum value: 0
+#agent_timeout = 30
+
+#
+# Number of seconds to wait for agent't reply to version request.
+#
+# This indicates the amount of time xapi 'agent' plugin waits for the
+# agent to
+# respond to the 'version' request specifically. The generic timeout
+# for agent
+# communication ``agent_timeout`` is ignored in this case.
+#
+# During the build process the 'version' request is used to determine
+# if the
+# agent is available/operational to perform other requests such as
+# 'resetnetwork', 'password', 'key_init' and 'inject_file'. If the
+# 'version' call
+# fails, the other configuration is skipped. So, this configuration
+# option can
+# also be interpreted as time in which agent is expected to be fully
+# operational.
+# (integer value)
+# Minimum value: 0
+#agent_version_timeout = 300
+
+#
+# Number of seconds to wait for agent's reply to resetnetwork
+# request.
+#
+# This indicates the amount of time xapi 'agent' plugin waits for the
+# agent to
+# respond to the 'resetnetwork' request specifically. The generic
+# timeout for
+# agent communication ``agent_timeout`` is ignored in this case.
+# (integer value)
+# Minimum value: 0
+#agent_resetnetwork_timeout = 60
+
+#
+# Path to locate guest agent on the server.
+#
+# Specifies the path in which the XenAPI guest agent should be
+# located. If the
+# agent is present, network configuration is not injected into the
+# image.
+#
+# Related options:
+#
+# For this option to have an effect:
+# * ``flat_injected`` should be set to ``True``
+# * ``compute_driver`` should be set to ``xenapi.XenAPIDriver``
+#
+# (string value)
+#agent_path = usr/sbin/xe-update-networking
+
+#
+# Disables the use of XenAPI agent.
+#
+# This configuration option suggests whether the use of agent should
+# be enabled
+# or not regardless of what image properties are present. Image
+# properties have
+# an effect only when this is set to ``True``. Read description of
+# config option
+# ``use_agent_default`` for more information.
+#
+# Related options:
+#
+# * ``use_agent_default``
+#
+# (boolean value)
+#disable_agent = false
+
+#
+# Whether or not to use the agent by default when its usage is enabled
+# but not
+# indicated by the image.
+#
+# The use of XenAPI agent can be disabled altogether using the
+# configuration
+# option ``disable_agent``. However, if it is not disabled, the use of
+# an agent
+# can still be controlled by the image in use through one of its
+# properties,
+# ``xenapi_use_agent``. If this property is either not present or
+# specified
+# incorrectly on the image, the use of agent is determined by this
+# configuration
+# option.
+#
+# Note that if this configuration is set to ``True`` when the agent is
+# not
+# present, the boot times will increase significantly.
+#
+# Related options:
+#
+# * ``disable_agent``
+#
+# (boolean value)
+#use_agent_default = false
+
+# Timeout in seconds for XenAPI login. (integer value)
+# Minimum value: 0
+#login_timeout = 10
+
+#
+# Maximum number of concurrent XenAPI connections.
+#
+# In nova, multiple XenAPI requests can happen at a time.
+# Configuring this option will parallelize access to the XenAPI
+# session, which allows you to make concurrent XenAPI connections.
+# (integer value)
+# Minimum value: 1
+#connection_concurrent = 5
+
+#
+# Cache glance images locally.
+#
+# The value for this option must be chosen from the choices listed
+# here. Configuring a value other than these will default to 'all'.
+#
+# Note: There is nothing that deletes these images.
+#
+# Possible values:
+#
+# * `all`: will cache all images.
+# * `some`: will only cache images that have the
+# image_property `cache_in_nova=True`.
+# * `none`: turns off caching entirely.
+# (string value)
+# Possible values:
+# all - <No description provided>
+# some - <No description provided>
+# none - <No description provided>
+#cache_images = all
+
+#
+# Compression level for images.
+#
+# By setting this option we can configure the gzip compression level.
+# This option sets GZIP environment variable before spawning tar -cz
+# to force the compression level. It defaults to none, which means the
+# GZIP environment variable is not set and the default (usually -6)
+# is used.
+#
+# Possible values:
+#
+# * Range is 1-9, e.g., 9 for gzip -9, 9 being most
+# compressed but most CPU intensive on dom0.
+# * Any values out of this range will default to None.
+# (integer value)
+# Minimum value: 1
+# Maximum value: 9
+#image_compression_level = <None>
+
+# Default OS type used when uploading an image to glance (string
+# value)
+#default_os_type = linux
+
+# Time in secs to wait for a block device to be created (integer
+# value)
+# Minimum value: 1
+#block_device_creation_timeout = 10
+{%- if controller.block_device_creation_timeout is defined %}
+block_device_creation_timeout = {{ controller.block_device_creation_timeout }}
+{%- endif %}
+
+#
+# Maximum size in bytes of kernel or ramdisk images.
+#
+# Specifying the maximum size of kernel or ramdisk will avoid copying
+# large files to dom0 and fill up /boot/guest.
+# (integer value)
+#max_kernel_ramdisk_size = 16777216
+
+#
+# Filter for finding the SR to be used to install guest instances on.
+#
+# Possible values:
+#
+# * To use the Local Storage in default XenServer/XCP installations
+# set this flag to other-config:i18n-key=local-storage.
+# * To select an SR with a different matching criteria, you could
+# set it to other-config:my_favorite_sr=true.
+# * To fall back on the Default SR, as displayed by XenCenter,
+# set this flag to: default-sr:true.
+# (string value)
+#sr_matching_filter = default-sr:true
+
+#
+# Whether to use sparse_copy for copying data on a resize down.
+# (False will use standard dd). This speeds up resizes down
+# considerably since large runs of zeros won't have to be rsynced.
+# (boolean value)
+#sparse_copy = true
+
+#
+# Maximum number of retries to unplug VBD.
+# If set to 0, should try once, no retries.
+# (integer value)
+# Minimum value: 0
+#num_vbd_unplug_retries = 10
+
+#
+# Name of network to use for booting iPXE ISOs.
+#
+# An iPXE ISO is a specially crafted ISO which supports iPXE booting.
+# This feature gives a means to roll your own image.
+#
+# By default this option is not set. Enable this option to
+# boot an iPXE ISO.
+#
+# Related Options:
+#
+# * `ipxe_boot_menu_url`
+# * `ipxe_mkisofs_cmd`
+# (string value)
+#ipxe_network_name = <None>
+
+#
+# URL to the iPXE boot menu.
+#
+# An iPXE ISO is a specially crafted ISO which supports iPXE booting.
+# This feature gives a means to roll your own image.
+#
+# By default this option is not set. Enable this option to
+# boot an iPXE ISO.
+#
+# Related Options:
+#
+# * `ipxe_network_name`
+# * `ipxe_mkisofs_cmd`
+# (string value)
+#ipxe_boot_menu_url = <None>
+
+#
+# Name and optionally path of the tool used for ISO image creation.
+#
+# An iPXE ISO is a specially crafted ISO which supports iPXE booting.
+# This feature gives a means to roll your own image.
+#
+# Note: By default `mkisofs` is not present in the Dom0, so the
+# package can either be manually added to Dom0 or include the
+# `mkisofs` binary in the image itself.
+#
+# Related Options:
+#
+# * `ipxe_network_name`
+# * `ipxe_boot_menu_url`
+# (string value)
+#ipxe_mkisofs_cmd = mkisofs
+
+#
+# URL for connection to XenServer/Xen Cloud Platform. A special value
+# of unix://local can be used to connect to the local unix socket.
+#
+# Possible values:
+#
+# * Any string that represents a URL. The connection_url is
+# generally the management network IP address of the XenServer.
+# * This option must be set if you chose the XenServer driver.
+# (string value)
+#connection_url = <None>
+
+# Username for connection to XenServer/Xen Cloud Platform (string
+# value)
+#connection_username = root
+
+# Password for connection to XenServer/Xen Cloud Platform (string
+# value)
+#connection_password = <None>
+
+#
+# The interval used for polling of coalescing vhds.
+#
+# This is the interval after which the task of coalesce VHD is
+# performed, until it reaches the max attempts that is set by
+# vhd_coalesce_max_attempts.
+#
+# Related options:
+#
+# * `vhd_coalesce_max_attempts`
+# (floating point value)
+# Minimum value: 0
+#vhd_coalesce_poll_interval = 5.0
+
+#
+# Ensure compute service is running on host XenAPI connects to.
+# This option must be set to false if the 'independent_compute'
+# option is set to true.
+#
+# Possible values:
+#
+# * Setting this option to true will make sure that compute service
+# is running on the same host that is specified by connection_url.
+# * Setting this option to false, doesn't perform the check.
+#
+# Related options:
+#
+# * `independent_compute`
+# (boolean value)
+#check_host = true
+
+#
+# Max number of times to poll for VHD to coalesce.
+#
+# This option determines the maximum number of attempts that can be
+# made for coalescing the VHD before giving up.
+#
+# Related opitons:
+#
+# * `vhd_coalesce_poll_interval`
+# (integer value)
+# Minimum value: 0
+#vhd_coalesce_max_attempts = 20
+
+# Base path to the storage repository on the XenServer host. (string
+# value)
+#sr_base_path = /var/run/sr-mount
+
+#
+# The iSCSI Target Host.
+#
+# This option represents the hostname or ip of the iSCSI Target.
+# If the target host is not present in the connection information from
+# the volume provider then the value from this option is taken.
+#
+# Possible values:
+#
+# * Any string that represents hostname/ip of Target.
+# (unknown value)
+#target_host = <None>
+
+#
+# The iSCSI Target Port.
+#
+# This option represents the port of the iSCSI Target. If the
+# target port is not present in the connection information from the
+# volume provider then the value from this option is taken.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#target_port = 3260
+
+#
+# Used to prevent attempts to attach VBDs locally, so Nova can
+# be run in a VM on a different host.
+#
+# Related options:
+#
+# * ``CONF.flat_injected`` (Must be False)
+# * ``CONF.xenserver.check_host`` (Must be False)
+# * ``CONF.default_ephemeral_format`` (Must be unset or 'ext3')
+# * Joining host aggregates (will error if attempted)
+# * Swap disks for Windows VMs (will error if attempted)
+# * Nova-based auto_configure_disk (will error if attempted)
+# (boolean value)
+#independent_compute = false
+
+#
+# Wait time for instances to go to running state.
+#
+# Provide an integer value representing time in seconds to set the
+# wait time for an instance to go to running state.
+#
+# When a request to create an instance is received by nova-api and
+# communicated to nova-compute, the creation of the instance occurs
+# through interaction with Xen via XenAPI in the compute node. Once
+# the node on which the instance(s) are to be launched is decided by
+# nova-schedule and the launch is triggered, a certain amount of wait
+# time is involved until the instance(s) can become available and
+# 'running'. This wait time is defined by running_timeout. If the
+# instances do not go to running state within this specified wait
+# time, the launch expires and the instance(s) are set to 'error'
+# state.
+# (integer value)
+# Minimum value: 0
+#running_timeout = 60
+
+# DEPRECATED:
+# The XenAPI VIF driver using XenServer Network APIs.
+#
+# Provide a string value representing the VIF XenAPI vif driver to use
+# for
+# plugging virtual network interfaces.
+#
+# Xen configuration uses bridging within the backend domain to allow
+# all VMs to appear on the network as individual hosts. Bridge
+# interfaces are used to create a XenServer VLAN network in which
+# the VIFs for the VM instances are plugged. If no VIF bridge driver
+# is plugged, the bridge is not made available. This configuration
+# option takes in a value for the VIF driver.
+#
+# Possible values:
+#
+# * nova.virt.xenapi.vif.XenAPIOpenVswitchDriver (default)
+# * nova.virt.xenapi.vif.XenAPIBridgeDriver (deprecated)
+#
+# Related options:
+#
+# * ``vlan_interface``
+# * ``ovs_integration_bridge``
+# (string value)
+# This option is deprecated for removal since 15.0.0.
+# Its value may be silently ignored in the future.
+# Reason:
+# There are only two in-tree vif drivers for XenServer.
+# XenAPIBridgeDriver is for
+# nova-network which is deprecated and XenAPIOpenVswitchDriver is for
+# Neutron
+# which is the default configuration for Nova since the 15.0.0 Ocata
+# release. In
+# the future the "use_neutron" configuration option will be used to
+# determine
+# which vif driver to use.
+#vif_driver = nova.virt.xenapi.vif.XenAPIOpenVswitchDriver
+
+#
+# Dom0 plugin driver used to handle image uploads.
+#
+# Provide a string value representing a plugin driver required to
+# handle the image uploading to GlanceStore.
+#
+# Images, and snapshots from XenServer need to be uploaded to the data
+# store for use. image_upload_handler takes in a value for the Dom0
+# plugin driver. This driver is then called to uplaod images to the
+# GlanceStore.
+# (string value)
+#image_upload_handler = nova.virt.xenapi.image.glance.GlanceStore
+
+#
+# Number of seconds to wait for SR to settle if the VDI
+# does not exist when first introduced.
+#
+# Some SRs, particularly iSCSI connections are slow to see the VDIs
+# right after they got introduced. Setting this option to a
+# time interval will make the SR to wait for that time period
+# before raising VDI not found exception.
+# (integer value)
+# Minimum value: 0
+#introduce_vdi_retry_wait = 20
+
+#
+# The name of the integration Bridge that is used with xenapi
+# when connecting with Open vSwitch.
+#
+# Note: The value of this config option is dependent on the
+# environment, therefore this configuration value must be set
+# accordingly if you are using XenAPI.
+#
+# Possible values:
+#
+# * Any string that represents a bridge name.
+# (string value)
+#ovs_integration_bridge = <None>
+
+#
+# When adding new host to a pool, this will append a --force flag to
+# the
+# command, forcing hosts to join a pool, even if they have different
+# CPUs.
+#
+# Since XenServer version 5.6 it is possible to create a pool of hosts
+# that have
+# different CPU capabilities. To accommodate CPU differences,
+# XenServer limited
+# features it uses to determine CPU compatibility to only the ones
+# that are
+# exposed by CPU and support for CPU masking was added.
+# Despite this effort to level differences between CPUs, it is still
+# possible
+# that adding new host will fail, thus option to force join was
+# introduced.
+# (boolean value)
+#use_join_force = true
+
+#
+# Publicly visible name for this console host.
+#
+# Possible values:
+#
+# * Current hostname (default) or any string representing hostname.
+# (string value)
+#console_public_hostname = <current_hostname>
+
+
+[xvp]
+#
+# Configuration options for XVP.
+#
+# xvp (Xen VNC Proxy) is a proxy server providing password-protected
+# VNC-based
+# access to the consoles of virtual machines hosted on Citrix
+# XenServer.
+
+#
+# From nova.conf
+#
+
+# XVP conf template (string value)
+#console_xvp_conf_template = $pybasedir/nova/console/xvp.conf.template
+
+# Generated XVP conf file (string value)
+#console_xvp_conf = /etc/xvp.conf
+
+# XVP master process pid file (string value)
+#console_xvp_pid = /var/run/xvp.pid
+
+# XVP log file (string value)
+#console_xvp_log = /var/log/xvp.log
+
+# Port for XVP to multiplex VNC connections on (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#console_xvp_multiplex_port = 5900
+
+[matchmaker_redis]
+{#- include "oslo_templates/oslo/_matchmaker_redis.conf" #}
+
+[oslo_messaging_notifications]
+{%- set _data = controller.notification %}
+{%- include "oslo_templates/files/queens/oslo/messaging/_notifications.conf" %}
+
+{%- if controller.message_queue is defined %}
+{%- set _data = controller.message_queue %}
+{%- if _data.engine == 'rabbitmq' %}
+ {%- set messaging_engine = 'rabbit' %}
+{%- else %}
+ {%- set messaging_engine = _data.engine %}
+{%- endif %}
+[oslo_messaging_{{ messaging_engine }}]
+{%- include "oslo_templates/files/queens/oslo/messaging/_" + messaging_engine + ".conf" %}
+{%- endif %}
+
+[oslo_policy]
+{%- if controller.policy is defined %}
+{%- set _data = controller.policy %}
+{%- include "oslo_templates/files/queens/oslo/_policy.conf" %}
+{%- endif %}
+
+[database]
+{%- set _data = controller.database %}
+{%- if _data.ssl is defined and 'cacert_file' not in _data.get('ssl', {}).keys() %}{% do _data['ssl'].update({'cacert_file': controller.cacert_file}) %}{% endif %}
+{%- include "oslo_templates/files/queens/oslo/_database.conf" %}
+
+[oslo_middleware]
+{%- set _data = controller %}
+{%- include "oslo_templates/files/queens/oslo/_middleware.conf" %}
+
+[keystone_authtoken]
+{%- set _data = controller.identity %}
+{%- if 'cacert_file' not in _data.keys() %}{% do _data.update({'cacert_file': controller.cacert_file}) %}{% endif %}
+{%- set auth_type = _data.get('auth_type', 'password') %}
+{%- include "oslo_templates/files/queens/keystonemiddleware/_auth_token.conf" %}
+{%- include "oslo_templates/files/queens/keystoneauth/_type_" + auth_type + ".conf" %}
+
diff --git a/nova/files/queens/nova-controller.conf.RedHat b/nova/files/queens/nova-controller.conf.RedHat
new file mode 120000
index 0000000..09c7524
--- /dev/null
+++ b/nova/files/queens/nova-controller.conf.RedHat
@@ -0,0 +1 @@
+nova-controller.conf.Debian
\ No newline at end of file
diff --git a/nova/files/queens/nova-placement-api.conf b/nova/files/queens/nova-placement-api.conf
new file mode 100644
index 0000000..e7cde11
--- /dev/null
+++ b/nova/files/queens/nova-placement-api.conf
@@ -0,0 +1,28 @@
+{%- from "nova/map.jinja" import controller with context %}
+Listen {{ controller.bind.private_address }}:8778
+
+<VirtualHost {{ controller.bind.private_address }}:8778>
+ WSGIScriptAlias / /usr/bin/nova-placement-api
+ WSGIDaemonProcess nova-placement processes=5 threads=1 user=nova group=nova display-name=%{GROUP}
+ WSGIProcessGroup nova-placement
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ LimitRequestBody 114688
+
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%{cu}t %M"
+ </IfVersion>
+
+ ErrorLog /var/log/apache2/nova_placement_error.log
+ CustomLog /var/log/apache2/nova_placement_access.log "%v:%p %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\""
+
+ <Directory /usr/bin>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ </Directory>
+</VirtualHost>
diff --git a/nova/files/queens/qemu.conf.Debian b/nova/files/queens/qemu.conf.Debian
new file mode 100644
index 0000000..3960007
--- /dev/null
+++ b/nova/files/queens/qemu.conf.Debian
@@ -0,0 +1,521 @@
+{%- from "nova/map.jinja" import compute with context %}
+# Master configuration file for the QEMU driver.
+# All settings described here are optional - if omitted, sensible
+# defaults are used.
+
+# VNC is configured to listen on 127.0.0.1 by default.
+# To make it listen on all public interfaces, uncomment
+# this next option.
+#
+# NB, strong recommendation to enable TLS + x509 certificate
+# verification when allowing public access
+#
+#vnc_listen = "0.0.0.0"
+
+# Enable this option to have VNC served over an automatically created
+# unix socket. This prevents unprivileged access from users on the
+# host machine, though most VNC clients do not support it.
+#
+# This will only be enabled for VNC configurations that do not have
+# a hardcoded 'listen' or 'socket' value. This setting takes preference
+# over vnc_listen.
+#
+#vnc_auto_unix_socket = 1
+
+# Enable use of TLS encryption on the VNC server. This requires
+# a VNC client which supports the VeNCrypt protocol extension.
+# Examples include vinagre, virt-viewer, virt-manager and vencrypt
+# itself. UltraVNC, RealVNC, TightVNC do not support this
+#
+# It is necessary to setup CA and issue a server certificate
+# before enabling this.
+#
+#vnc_tls = 1
+{%- if compute.qemu.vnc.tls.get('enabled', False) %}
+vnc_tls = 1
+vnc_tls_x509_verify = 1
+vnc_tls_x509_cert_dir = {{compute.qemu.vnc.tls.cert_dir|yaml_squote}}
+{%- endif %}
+
+# Use of TLS requires that x509 certificates be issued. The
+# default it to keep them in /etc/pki/libvirt-vnc. This directory
+# must contain
+#
+# ca-cert.pem - the CA master certificate
+# server-cert.pem - the server certificate signed with ca-cert.pem
+# server-key.pem - the server private key
+#
+# This option allows the certificate directory to be changed
+#
+#vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
+
+
+# The default TLS configuration only uses certificates for the server
+# allowing the client to verify the server's identity and establish
+# an encrypted channel.
+#
+# It is possible to use x509 certificates for authentication too, by
+# issuing a x509 certificate to every client who needs to connect.
+#
+# Enabling this option will reject any client who does not have a
+# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
+#
+#vnc_tls_x509_verify = 1
+
+
+# The default VNC password. Only 8 bytes are significant for
+# VNC passwords. This parameter is only used if the per-domain
+# XML config does not already provide a password. To allow
+# access without passwords, leave this commented out. An empty
+# string will still enable passwords, but be rejected by QEMU,
+# effectively preventing any use of VNC. Obviously change this
+# example here before you set this.
+#
+#vnc_password = "XYZ12345"
+
+
+# Enable use of SASL encryption on the VNC server. This requires
+# a VNC client which supports the SASL protocol extension.
+# Examples include vinagre, virt-viewer and virt-manager
+# itself. UltraVNC, RealVNC, TightVNC do not support this
+#
+# It is necessary to configure /etc/sasl2/qemu.conf to choose
+# the desired SASL plugin (eg, GSSPI for Kerberos)
+#
+#vnc_sasl = 1
+
+
+# The default SASL configuration file is located in /etc/sasl2/
+# When running libvirtd unprivileged, it may be desirable to
+# override the configs in this location. Set this parameter to
+# point to the directory, and create a qemu.conf in that location
+#
+#vnc_sasl_dir = "/some/directory/sasl2"
+
+
+# QEMU implements an extension for providing audio over a VNC connection,
+# though if your VNC client does not support it, your only chance for getting
+# sound output is through regular audio backends. By default, libvirt will
+# disable all QEMU sound backends if using VNC, since they can cause
+# permissions issues. Enabling this option will make libvirtd honor the
+# QEMU_AUDIO_DRV environment variable when using VNC.
+#
+#vnc_allow_host_audio = 0
+
+
+
+# SPICE is configured to listen on 127.0.0.1 by default.
+# To make it listen on all public interfaces, uncomment
+# this next option.
+#
+# NB, strong recommendation to enable TLS + x509 certificate
+# verification when allowing public access
+#
+#spice_listen = "0.0.0.0"
+
+
+# Enable use of TLS encryption on the SPICE server.
+#
+# It is necessary to setup CA and issue a server certificate
+# before enabling this.
+#
+#spice_tls = 1
+
+
+# Use of TLS requires that x509 certificates be issued. The
+# default it to keep them in /etc/pki/libvirt-spice. This directory
+# must contain
+#
+# ca-cert.pem - the CA master certificate
+# server-cert.pem - the server certificate signed with ca-cert.pem
+# server-key.pem - the server private key
+#
+# This option allows the certificate directory to be changed.
+#
+#spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"
+
+
+# The default SPICE password. This parameter is only used if the
+# per-domain XML config does not already provide a password. To
+# allow access without passwords, leave this commented out. An
+# empty string will still enable passwords, but be rejected by
+# QEMU, effectively preventing any use of SPICE. Obviously change
+# this example here before you set this.
+#
+#spice_password = "XYZ12345"
+
+
+# Enable use of SASL encryption on the SPICE server. This requires
+# a SPICE client which supports the SASL protocol extension.
+#
+# It is necessary to configure /etc/sasl2/qemu.conf to choose
+# the desired SASL plugin (eg, GSSPI for Kerberos)
+#
+#spice_sasl = 1
+
+# The default SASL configuration file is located in /etc/sasl2/
+# When running libvirtd unprivileged, it may be desirable to
+# override the configs in this location. Set this parameter to
+# point to the directory, and create a qemu.conf in that location
+#
+#spice_sasl_dir = "/some/directory/sasl2"
+
+
+# By default, if no graphical front end is configured, libvirt will disable
+# QEMU audio output since directly talking to alsa/pulseaudio may not work
+# with various security settings. If you know what you're doing, enable
+# the setting below and libvirt will passthrough the QEMU_AUDIO_DRV
+# environment variable when using nographics.
+#
+#nographics_allow_host_audio = 1
+
+
+# Override the port for creating both VNC and SPICE sessions (min).
+# This defaults to 5900 and increases for consecutive sessions
+# or when ports are occupied, until it hits the maximum.
+#
+# Minimum must be greater than or equal to 5900 as lower number would
+# result into negative vnc display number.
+#
+# Maximum must be less than 65536, because higher numbers do not make
+# sense as a port number.
+#
+#remote_display_port_min = 5900
+#remote_display_port_max = 65535
+
+# VNC WebSocket port policies, same rules apply as with remote display
+# ports. VNC WebSockets use similar display <-> port mappings, with
+# the exception being that ports start from 5700 instead of 5900.
+#
+#remote_websocket_port_min = 5700
+#remote_websocket_port_max = 65535
+
+# The default security driver is SELinux. If SELinux is disabled
+# on the host, then the security driver will automatically disable
+# itself. If you wish to disable QEMU SELinux security driver while
+# leaving SELinux enabled for the host in general, then set this
+# to 'none' instead. It's also possible to use more than one security
+# driver at the same time, for this use a list of names separated by
+# comma and delimited by square brackets. For example:
+#
+# security_driver = [ "selinux", "apparmor" ]
+#
+# Notes: The DAC security driver is always enabled; as a result, the
+# value of security_driver cannot contain "dac". The value "none" is
+# a special value; security_driver can be set to that value in
+# isolation, but it cannot appear in a list of drivers.
+#
+#security_driver = "selinux"
+
+# If set to non-zero, then the default security labeling
+# will make guests confined. If set to zero, then guests
+# will be unconfined by default. Defaults to 1.
+#security_default_confined = 1
+
+# If set to non-zero, then attempts to create unconfined
+# guests will be blocked. Defaults to 0.
+#security_require_confined = 1
+
+# The user for QEMU processes run by the system instance. It can be
+# specified as a user name or as a user id. The qemu driver will try to
+# parse this value first as a name and then, if the name doesn't exist,
+# as a user id.
+#
+# Since a sequence of digits is a valid user name, a leading plus sign
+# can be used to ensure that a user id will not be interpreted as a user
+# name.
+#
+# Some examples of valid values are:
+#
+# user = "qemu" # A user named "qemu"
+# user = "+0" # Super user (uid=0)
+# user = "100" # A user named "100" or a user with uid=100
+#
+#user = "root"
+
+# The group for QEMU processes run by the system instance. It can be
+# specified in a similar way to user.
+#group = "root"
+
+# Whether libvirt should dynamically change file ownership
+# to match the configured user/group above. Defaults to 1.
+# Set to 0 to disable file ownership changes.
+#dynamic_ownership = 1
+
+{%- if compute.qemu is defined %}
+{%- if compute.qemu.user is defined %}
+user = "{{ compute.qemu.user }}"
+{%- endif %}
+
+{%- if compute.qemu.group is defined %}
+group = "{{ compute.qemu.group }}"
+{%- endif %}
+
+{%- if compute.qemu.dynamic_ownership is defined %}
+dynamic_ownership = "{{ compute.qemu.dynamic_ownership }}"
+{%- endif %}
+{%- endif %}
+
+# What cgroup controllers to make use of with QEMU guests
+#
+# - 'cpu' - use for schedular tunables
+# - 'devices' - use for device whitelisting
+# - 'memory' - use for memory tunables
+# - 'blkio' - use for block devices I/O tunables
+# - 'cpuset' - use for CPUs and memory nodes
+# - 'cpuacct' - use for CPUs statistics.
+#
+# NB, even if configured here, they won't be used unless
+# the administrator has mounted cgroups, e.g.:
+#
+# mkdir /dev/cgroup
+# mount -t cgroup -o devices,cpu,memory,blkio,cpuset none /dev/cgroup
+#
+# They can be mounted anywhere, and different controllers
+# can be mounted in different locations. libvirt will detect
+# where they are located.
+#
+#cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ]
+
+# This is the basic set of devices allowed / required by
+# all virtual machines.
+#
+# As well as this, any configured block backed disks,
+# all sound device, and all PTY devices are allowed.
+#
+# This will only need setting if newer QEMU suddenly
+# wants some device we don't already know about.
+#
+#cgroup_device_acl = [
+# "/dev/null", "/dev/full", "/dev/zero",
+# "/dev/random", "/dev/urandom",
+# "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
+# "/dev/rtc","/dev/hpet", "/dev/vfio/vfio"
+#]
+
+
+# The default format for Qemu/KVM guest save images is raw; that is, the
+# memory from the domain is dumped out directly to a file. If you have
+# guests with a large amount of memory, however, this can take up quite
+# a bit of space. If you would like to compress the images while they
+# are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz"
+# for save_image_format. Note that this means you slow down the process of
+# saving a domain in order to save disk space; the list above is in descending
+# order by performance and ascending order by compression ratio.
+#
+# save_image_format is used when you use 'virsh save' or 'virsh managedsave'
+# at scheduled saving, and it is an error if the specified save_image_format
+# is not valid, or the requested compression program can't be found.
+#
+# dump_image_format is used when you use 'virsh dump' at emergency
+# crashdump, and if the specified dump_image_format is not valid, or
+# the requested compression program can't be found, this falls
+# back to "raw" compression.
+#
+# snapshot_image_format specifies the compression algorithm of the memory save
+# image when an external snapshot of a domain is taken. This does not apply
+# on disk image format. It is an error if the specified format isn't valid,
+# or the requested compression program can't be found.
+#
+#save_image_format = "raw"
+#dump_image_format = "raw"
+#snapshot_image_format = "raw"
+
+# When a domain is configured to be auto-dumped when libvirtd receives a
+# watchdog event from qemu guest, libvirtd will save dump files in directory
+# specified by auto_dump_path. Default value is /var/lib/libvirt/qemu/dump
+#
+#auto_dump_path = "/var/lib/libvirt/qemu/dump"
+
+# When a domain is configured to be auto-dumped, enabling this flag
+# has the same effect as using the VIR_DUMP_BYPASS_CACHE flag with the
+# virDomainCoreDump API. That is, the system will avoid using the
+# file system cache while writing the dump file, but may cause
+# slower operation.
+#
+#auto_dump_bypass_cache = 0
+
+# When a domain is configured to be auto-started, enabling this flag
+# has the same effect as using the VIR_DOMAIN_START_BYPASS_CACHE flag
+# with the virDomainCreateWithFlags API. That is, the system will
+# avoid using the file system cache when restoring any managed state
+# file, but may cause slower operation.
+#
+#auto_start_bypass_cache = 0
+
+# If provided by the host and a hugetlbfs mount point is configured,
+# a guest may request huge page backing. When this mount point is
+# unspecified here, determination of a host mount point in /proc/mounts
+# will be attempted. Specifying an explicit mount overrides detection
+# of the same in /proc/mounts. Setting the mount point to "" will
+# disable guest hugepage backing.
+#
+# NB, within this mount point, guests will create memory backing files
+# in a location of $MOUNTPOINT/libvirt/qemu
+#
+#hugetlbfs_mount = "/dev/hugepages"
+#hugetlbfs_mount = ["/run/hugepages/kvm", "/mnt/hugepages_1GB"]
+{%- if compute.hugepages is defined %}
+hugetlbfs_mount = [{%- for mount in compute.hugepages.mount_points %}"{{ mount.path }}"{% if not loop.last %}, {% endif %}{%- endfor %}]
+security_driver="none"
+{%- endif %}
+
+# Path to the setuid helper for creating tap devices. This executable
+# is used to create <source type='bridge'> interfaces when libvirtd is
+# running unprivileged. libvirt invokes the helper directly, instead
+# of using "-netdev bridge", for security reasons.
+#bridge_helper = "/usr/libexec/qemu-bridge-helper"
+
+
+
+# If clear_emulator_capabilities is enabled, libvirt will drop all
+# privileged capabilities of the QEmu/KVM emulator. This is enabled by
+# default.
+#
+# Warning: Disabling this option means that a compromised guest can
+# exploit the privileges and possibly do damage to the host.
+#
+#clear_emulator_capabilities = 1
+
+
+# If enabled, libvirt will have QEMU set its process name to
+# "qemu:VM_NAME", where VM_NAME is the name of the VM. The QEMU
+# process will appear as "qemu:VM_NAME" in process listings and
+# other system monitoring tools. By default, QEMU does not set
+# its process title, so the complete QEMU command (emulator and
+# its arguments) appear in process listings.
+#
+#set_process_name = 1
+
+
+# If max_processes is set to a positive integer, libvirt will use
+# it to set the maximum number of processes that can be run by qemu
+# user. This can be used to override default value set by host OS.
+# The same applies to max_files which sets the limit on the maximum
+# number of opened files.
+#
+{%- if compute.qemu is defined %}
+
+{%- if compute.qemu.max_processes is defined %}
+max_processes = {{ compute.qemu.max_processes }}
+{%- endif %}
+
+{%- if compute.qemu.max_files is defined %}
+max_files = {{ compute.qemu.max_files }}
+{%- endif %}
+
+{%- endif %}
+
+# mac_filter enables MAC addressed based filtering on bridge ports.
+# This currently requires ebtables to be installed.
+#
+#mac_filter = 1
+
+
+# By default, PCI devices below non-ACS switch are not allowed to be assigned
+# to guests. By setting relaxed_acs_check to 1 such devices will be allowed to
+# be assigned to guests.
+#
+#relaxed_acs_check = 1
+
+
+# If allow_disk_format_probing is enabled, libvirt will probe disk
+# images to attempt to identify their format, when not otherwise
+# specified in the XML. This is disabled by default.
+#
+# WARNING: Enabling probing is a security hole in almost all
+# deployments. It is strongly recommended that users update their
+# guest XML <disk> elements to include <driver type='XXXX'/>
+# elements instead of enabling this option.
+#
+#allow_disk_format_probing = 1
+
+
+# To enable 'Sanlock' project based locking of the file
+# content (to prevent two VMs writing to the same
+# disk), uncomment this
+#
+#lock_manager = "sanlock"
+
+
+
+# Set limit of maximum APIs queued on one domain. All other APIs
+# over this threshold will fail on acquiring job lock. Specially,
+# setting to zero turns this feature off.
+# Note, that job lock is per domain.
+#
+#max_queued = 0
+
+###################################################################
+# Keepalive protocol:
+# This allows qemu driver to detect broken connections to remote
+# libvirtd during peer-to-peer migration. A keepalive message is
+# sent to the daemon after keepalive_interval seconds of inactivity
+# to check if the daemon is still responding; keepalive_count is a
+# maximum number of keepalive messages that are allowed to be sent
+# to the daemon without getting any response before the connection
+# is considered broken. In other words, the connection is
+# automatically closed approximately after
+# keepalive_interval * (keepalive_count + 1) seconds since the last
+# message received from the daemon. If keepalive_interval is set to
+# -1, qemu driver will not send keepalive requests during
+# peer-to-peer migration; however, the remote libvirtd can still
+# send them and source libvirtd will send responses. When
+# keepalive_count is set to 0, connections will be automatically
+# closed after keepalive_interval seconds of inactivity without
+# sending any keepalive messages.
+#
+#keepalive_interval = 5
+#keepalive_count = 5
+
+
+
+# Use seccomp syscall whitelisting in QEMU.
+# 1 = on, 0 = off, -1 = use QEMU default
+# Defaults to -1.
+#
+#seccomp_sandbox = 1
+
+
+
+# Override the listen address for all incoming migrations. Defaults to
+# 0.0.0.0, or :: if both host and qemu are capable of IPv6.
+#migration_address = "127.0.0.1"
+
+
+# Override the port range used for incoming migrations.
+#
+# Minimum must be greater than 0, however when QEMU is not running as root,
+# setting the minimum to be lower than 1024 will not work.
+#
+# Maximum must not be greater than 65535.
+#
+#migration_port_min = 49152
+#migration_port_max = 49215
+cgroup_device_acl = [
+ "/dev/null", "/dev/full", "/dev/zero",
+ "/dev/random", "/dev/urandom",
+ "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
+ "/dev/rtc", "/dev/hpet","/dev/net/tun",
+ {%- if compute.get('sriov', false) %}
+ "/dev/vfio/vfio",
+ {% endif %}
+]
+
+# The backend to use for handling stdout/stderr output from
+# QEMU processes.
+#
+# 'file': QEMU writes directly to a plain file. This is the
+# historical default, but allows QEMU to inflict a
+# denial of service attack on the host by exhausting
+# filesystem space
+#
+# 'logd': QEMU writes to a pipe provided by virtlogd daemon.
+# This is the current default, providing protection
+# against denial of service by performing log file
+# rollover when a size limit is hit.
+#
+#stdio_handler = "logd"
+{%- if compute.get('qemu',{}).get('logging',{}).handler is defined %}
+stdio_handler = "{{ compute.qemu.logging.handler }}"
+{%- endif %}
diff --git a/nova/files/queens/qemu.conf.RedHat b/nova/files/queens/qemu.conf.RedHat
new file mode 120000
index 0000000..1d23f19
--- /dev/null
+++ b/nova/files/queens/qemu.conf.RedHat
@@ -0,0 +1 @@
+qemu.conf.Debian
\ No newline at end of file
diff --git a/nova/files/queens/virtlogd.conf.Debian b/nova/files/queens/virtlogd.conf.Debian
new file mode 100644
index 0000000..ecb5b2e
--- /dev/null
+++ b/nova/files/queens/virtlogd.conf.Debian
@@ -0,0 +1,78 @@
+{%- from "nova/map.jinja" import compute with context %}
+# Master virtlogd daemon configuration file
+#
+
+#################################################################
+#
+# Logging controls
+#
+
+# Logging level: 4 errors, 3 warnings, 2 information, 1 debug
+# basically 1 will log everything possible
+{%- if compute.get('virtlog',{}).level is defined %}
+log_level = {{ compute.virtlog.level }}
+{%- endif %}
+# Logging filters:
+# A filter allows to select a different logging level for a given category
+# of logs
+# The format for a filter is one of:
+# x:name
+# x:+name
+# where name is a string which is matched against source file name,
+# e.g., "remote", "qemu", or "util/json", the optional "+" prefix
+# tells libvirt to log stack trace for each message matching name,
+# and x is the minimal level where matching messages should be logged:
+# 1: DEBUG
+# 2: INFO
+# 3: WARNING
+# 4: ERROR
+#
+# Multiple filter can be defined in a single @filters, they just need to be
+# separated by spaces.
+#
+# e.g. to only get warning or errors from the remote layer and only errors
+# from the event layer:
+#log_filters="3:remote 4:event"
+{%- if compute.get('virtlog',{}).filters is defined %}
+log_filters={{ compute.virtlog.get('filters')|yaml_dquote }}
+{%- endif %}
+# Logging outputs:
+# An output is one of the places to save logging information
+# The format for an output can be:
+# x:stderr
+# output goes to stderr
+# x:syslog:name
+# use syslog for the output and use the given name as the ident
+# x:file:file_path
+# output to a file, with the given filepath
+# x:journald
+# ouput to the systemd journal
+# In all case the x prefix is the minimal level, acting as a filter
+# 1: DEBUG
+# 2: INFO
+# 3: WARNING
+# 4: ERROR
+#
+# Multiple output can be defined, they just need to be separated by spaces.
+# e.g. to log all warnings and errors to syslog under the virtlogd ident:
+#log_outputs="3:syslog:virtlogd"
+{%- if compute.get('virtlog',{}).outputs is defined %}
+log_outputs={{ compute.virtlog.get('outputs')|yaml_dquote }}
+{%- endif %}
+# The maximum number of concurrent client connections to allow
+# over all sockets combined.
+#max_clients = 1024
+{%- if compute.get('virtlog',{}).max_clients is defined %}
+max_clients = {{ compute.virtlog.max_clients }}
+{%- endif %}
+# Maximum file size before rolling over. Defaults to 2 MB
+#max_size = 2097152
+{%- if compute.get('virtlog',{}).max_size is defined %}
+max_size = {{ compute.virtlog.max_size }}
+{%- endif %}
+# Maximum number of backup files to keep. Defaults to 3,
+# not including the primary active file
+#max_backups = 3
+{%- if compute.get('virtlog',{}).max_backups is defined %}
+max_backups = {{ compute.virtlog.max_backups }}
+{%- endif %}
diff --git a/nova/files/queens/virtlogd.conf.RedHat b/nova/files/queens/virtlogd.conf.RedHat
new file mode 120000
index 0000000..d466306
--- /dev/null
+++ b/nova/files/queens/virtlogd.conf.RedHat
@@ -0,0 +1 @@
+virtlogd.conf.Debian
\ No newline at end of file
diff --git a/nova/map.jinja b/nova/map.jinja
index 03b509f..651293a 100644
--- a/nova/map.jinja
+++ b/nova/map.jinja
@@ -5,6 +5,11 @@
})}
%}
+# TODO(vsaienko) add more drivers settings when they are templatized
+{% set compute_driver_mapping = {
+ 'vmwareapi.VMwareVCDriver': 'vmware',
+} %}
+
{% set compute_bind_defaults = {
'vnc_address': '10.0.0.10',
'vnc_port': '6080',
@@ -15,7 +20,7 @@
{%- if grains.os_family == "Debian" %}
{%- set pkgs_list = [ 'nova-common', 'nova-consoleproxy', 'novnc', 'nova-api', 'nova-conductor', 'nova-consoleauth', 'nova-doc', 'nova-scheduler', 'python-novaclient', 'python-memcache', 'gettext-base', 'python-pycadf'] %}
{%- set services_list = ['nova-api', 'nova-consoleauth', 'nova-scheduler', 'nova-conductor', 'nova-novncproxy'] %}
-{%- if pillar.nova.controller is defined and pillar.nova.controller.get('version',{}) in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata"] %}
+{%- if pillar.nova.controller is defined and pillar.nova.controller.get('version',{}) in ["juno", "kilo", "liberty", "mitaka"] %}
{%- do pkgs_list.append('nova-cert') %}
{%- do services_list.append('nova-cert') %}
{%- endif %}
@@ -42,6 +47,7 @@
'enabled': false
},
'logging': {
+ 'app_name': 'nova',
'log_appender': false,
'log_handlers': {
'watchedfile': {
@@ -49,6 +55,23 @@
}
}
},
+ 'novncproxy': {
+ 'tls': {
+ 'enabled': false,
+ 'server': {
+ 'key_file': '/etc/pki/nova-novncproxy/server-key.pem',
+ 'cert_file': '/etc/pki/nova-novncproxy/server-cert.pem',
+ }
+ },
+ 'vencrypt': {
+ 'tls': {
+ 'enabled': false,
+ 'key_file': '/etc/pki/nova-novncproxy/client-key.pem',
+ 'cert_file': '/etc/pki/nova-novncproxy/client-cert.pem',
+ 'ca_file': '/etc/pki/nova-novncproxy/ca-cert.pem',
+ }
+ }
+ },
},
'RedHat': {
'pkgs': pkgs_list,
@@ -60,6 +83,7 @@
'enabled': false
},
'logging': {
+ 'app_name': 'nova',
'log_appender': false,
'log_handlers': {
'watchedfile': {
@@ -67,6 +91,23 @@
}
}
},
+ 'novncproxy': {
+ 'tls': {
+ 'enabled': false,
+ 'server': {
+ 'key_file': '/etc/pki/nova-novncproxy/server-key.pem',
+ 'cert_file': '/etc/pki/nova-novncproxy/server-cert.pem',
+ }
+ },
+ 'vencrypt': {
+ 'tls': {
+ 'enabled': false,
+ 'key_file': '/etc/pki/nova-novncproxy/client-key.pem',
+ 'cert_file': '/etc/pki/nova-novncproxy/client-cert.pem',
+ 'ca_file': '/etc/pki/nova-novncproxy/ca-cert.pem',
+ }
+ }
+ },
},
}, merge=pillar.nova.get('controller', {}), base='BaseDefaults') %}
@@ -109,9 +150,6 @@
- qemu-kvm
- python-guestfs
- gettext-base
- {%- if pillar.nova.compute is defined and pillar.nova.compute.get('networking', 'default') == "contrail" and pillar.nova.compute.get('version', 'ocata') not in ["juno", "kilo", "liberty", "mitaka", "newton"] %}
- - contrail-nova-driver
- {%- endif %}
services:
- nova-compute
libvirt_config: libvirtd.conf
@@ -124,16 +162,38 @@
libvirt_service: libvirt-bin
bind: compute_bind_defaults
debug: false
- libvirt: []
+ qemu:
+ vnc:
+ tls:
+ enabled: False
+ key_file: '/etc/pki/libvirt-vnc/server-key.pem'
+ cert_file: '/etc/pki/libvirt-vnc/server-cert.pem'
+ ca_file: '/etc/pki/libvirt-vnc/ca-cert.pem'
+ cert_dir: '/etc/pki/libvirt-vnc'
+ libvirt:
+ inject_partition: '-2'
+ inject_password: False
+ tls:
+ enabled: False
+ key_file: '/etc/pki/libvirt/private/serverkey.pem'
+ cert_file: '/etc/pki/libvirt/servercert.pem'
+ ca_file: '/etc/pki/CA/cacert.pem'
+ client:
+ key_file: '/etc/pki/libvirt/private/clientkey.pem'
+ cert_file: '/etc/pki/libvirt/clientcert.pem'
instances_path: "$state_path/instances"
notification: false
availability_zone:
aggregates: []
+ cpu_mode: host-passthrough
identity:
region: RegionOne
network: {{ compute_network }}
heal_instance_info_cache_interval: '60'
+ message_queue:
+ zmq_linger: 30
logging:
+ app_name: 'nova'
log_appender: false
log_handlers:
watchedfile:
@@ -154,14 +214,35 @@
libvirt_service: libvirtd
bind: compute_bind_defaults
debug: false
- libvirt: []
+ qemu:
+ vnc:
+ tls:
+ enabled: False
+ key_file: '/etc/pki/libvirt-vnc/server-key.pem'
+ cert_file: '/etc/pki/libvirt-vnc/server-cert.pem'
+ ca_file: '/etc/pki/libvirt-vnc/ca-cert.pem'
+ cert_dir: '/etc/pki/libvirt-vnc'
+ libvirt:
+ inject_partition: '-2'
+ inject_password: False
+ tls:
+ enabled: False
+ key_file: '/etc/pki/libvirt/private/serverkey.pem'
+ cert_file: '/etc/pki/libvirt/servercert.pem'
+ ca_file: '/etc/pki/CA/cacert.pem'
+ client:
+ key_file: '/etc/pki/libvirt/private/clientkey.pem'
+ cert_file: '/etc/pki/libvirt/clientcert.pem'
notification: false
availability_zone:
identity:
region: RegionOne
network: {{ compute_network }}
heal_instance_info_cache_interval: '60'
+ message_queue:
+ zmq_linger: 30
logging:
+ app_name: 'nova'
log_appender: false
log_handlers:
watchedfile:
@@ -182,5 +263,12 @@
'services_failed_critical_threshold_percent': 0.6,
'computes_failed_warning_threshold_percent': 0.25,
'computes_failed_critical_threshold_percent': 0.5,
+ 'cpu_minor_threshold': 0.85,
+ 'cpu_major_threshold': 0.95,
+ 'ram_major_threshold': 0.85,
+ 'ram_critical_threshold': 0.95,
+ 'disk_major_threshold': 0.85,
+ 'disk_critical_threshold': 0.95,
+ 'endpoint_failed_major_threshold': 0.5,
},
}, grain='os_family', merge=salt['pillar.get']('nova:monitoring')) %}
diff --git a/nova/meta/fluentd.yml b/nova/meta/fluentd.yml
index 43d7a28..48cf241 100644
--- a/nova/meta/fluentd.yml
+++ b/nova/meta/fluentd.yml
@@ -43,8 +43,9 @@
value: INFO
- name: programname
value: nova-placement-wsgi
+ # Apache logs response time in microseconds
- name: http_response_time
- value: ${ record['http_response_time'].to_i/100000.to_f }
+ value: ${ record['http_response_time'].to_i/10**6.to_f }
match:
send_to_default:
tag: openstack.nova
diff --git a/nova/meta/grafana.yml b/nova/meta/grafana.yml
index 7ebae7c..0fc3ac3 100644
--- a/nova/meta/grafana.yml
+++ b/nova/meta/grafana.yml
@@ -1,19 +1,39 @@
+{%- from "nova/map.jinja" import controller, compute with context %}
+parameters:
+ {%- if compute is defined and compute.get('enabled', False) and compute.get('ceph', {}).get('ephemeral', False) %}
+ nova_compute_ceph_ephemeral: True
+ {%- endif %}
+ {%- if controller is defined and controller.get('version',{}) in ["juno", "kilo", "liberty", "mitaka"] %}
+ nova_cert_enabled: True
+ {%- endif %}
dashboard:
{%- if pillar.get('fluentd', {}).get('agent', {}).get('enabled', False) %}
- nova_prometheus:
+ nova_overview_prometheus:
datasource: prometheus
format: json
- template: nova/files/grafana_dashboards/nova_prometheus_fluentd.json
+ template: nova/files/grafana_dashboards/nova_overview_prometheus.json
{%- else %}
nova_prometheus:
datasource: prometheus
format: json
template: nova/files/grafana_dashboards/nova_prometheus.json
{%- endif %}
- hypervisor_prometheus:
+ nova_hypervisor_prometheus:
datasource: prometheus
format: json
- template: nova/files/grafana_dashboards/hypervisor_prometheus.json
+ template: nova/files/grafana_dashboards/nova_hypervisor_prometheus.json
+ nova_utilization_prometheus:
+ datasource: prometheus
+ format: json
+ template: nova/files/grafana_dashboards/nova_utilization_prometheus.json
+ nova_instances_prometheus:
+ datasource: prometheus
+ format: json
+ template: nova/files/grafana_dashboards/nova_instances_prometheus.json
+ openstack_overview_prometheus:
+ datasource: prometheus
+ format: json
+ template: nova/files/grafana_dashboards/openstack_overview_prometheus.json
nova_influxdb:
datasource: influxdb
format: json
diff --git a/nova/meta/prometheus.yml b/nova/meta/prometheus.yml
index 24cdac6..001a9ea 100644
--- a/nova/meta/prometheus.yml
+++ b/nova/meta/prometheus.yml
@@ -30,188 +30,278 @@
server:
alert:
{%- if is_controller %}
+{%- set minor_threshold = monitoring.services_failed_warning_threshold_percent|float %}
+{%- set major_threshold = monitoring.services_failed_critical_threshold_percent|float %}
+{%- set minor_compute_threshold = monitoring.computes_failed_warning_threshold_percent|float %}
+{%- set major_compute_threshold = monitoring.computes_failed_critical_threshold_percent|float %}
+{%- set major_endpoint_threshold = monitoring.endpoint_failed_major_threshold|float %}
{% raw %}
- NovaAPIDown:
+ NovaApiOutage:
if: >-
- openstack_api_check_status{service=~"nova.*|placement"} == 0
- for: 2m
- labels:
- severity: down
- service: "{{ $labels.service }}"
- annotations:
- summary: "Endpoint check for '{{ $labels.service }}' is down"
- description: >-
- Endpoint check for '{{ $labels.service }}' is down for the last 2 minutes
- NovaAPIServiceDown:
- if: >-
- http_response_status{service=~"nova-api"} == 0
- for: 2m
- labels:
- severity: down
- service: "{{ $labels.service }}"
- annotations:
- summary: "HTTP check for '{{ $labels.service }}' down"
- description: >-
- The HTTP check for '{{ $labels.service }}' is down on {{ $labels.host }} for the last 2 minutes.
- NovaServicesWarning:
- if: >-
- openstack_nova_services{state="down",service=~"nova-cert|nova-conductor|nova-consoleauth|nova-scheduler"} >= on (service) sum(openstack_nova_services{service=~"nova-cert|nova-conductor|nova-consoleauth|nova-scheduler"}) by (service) * {%- endraw %} {{monitoring.services_failed_warning_threshold_percent}} {%- raw %}
- for: 2m
- labels:
- severity: warning
- service: "{{ $labels.service }}"
- annotations:
- summary: "More than {%- endraw %} {{monitoring.services_failed_warning_threshold_percent*100}}%{%- raw %} of {{ $labels.service }} services are down"
- description: >-
- More than {%- endraw %} {{monitoring.services_failed_warning_threshold_percent*100}}%{%- raw %} of {{ $labels.service }} services are down for the last 2 minutes
- NovaServicesCritical:
- if: >-
- openstack_nova_services{state="down",service=~"nova-cert|nova-conductor|nova-consoleauth|nova-scheduler"} >= on (service) sum(openstack_nova_services{service=~"nova-cert|nova-conductor|nova-consoleauth|nova-scheduler"}) by (service) * {%- endraw %} {{monitoring.services_failed_critical_threshold_percent}} {%- raw %}
- for: 2m
- labels:
- severity: critical
- service: "{{ $labels.service }}"
- annotations:
- summary: "More than {%- endraw %} {{monitoring.services_failed_critical_threshold_percent*100}}%{%- raw %} of {{ $labels.service }} services are down"
- description: >-
- More than {%- endraw %} {{monitoring.services_failed_critical_threshold_percent*100}}%{%- raw %} of {{ $labels.service }} services are down for the last 2 minutes
- NovaServicesDown:
- if: >-
- openstack_nova_services{state="up",service=~"nova-cert|nova-conductor|nova-consoleauth|nova-scheduler"} == 0
- for: 2m
- labels:
- severity: down
- service: "{{ $labels.service }}"
- annotations:
- summary: "All {{ $labels.service }} services down"
- description: >-
- All '{{ $labels.service }}' services are down for the last 2 minutes
- NovaComputesWarning:
- if: >-
- openstack_nova_services{state="down",service=~"nova-compute"} >= on (service) sum(openstack_nova_services{service=~"nova-compute"}) by (service) * {%- endraw %} {{monitoring.computes_failed_warning_threshold_percent}} {%- raw %}
- for: 2m
- labels:
- severity: warning
- service: "{{ $labels.service }}"
- annotations:
- summary: "More than {%- endraw %} {{monitoring.computes_failed_warning_threshold_percent*100}}%{%- raw %} of {{ $labels.service }} services are down"
- description: >-
- More than {%- endraw %} {{monitoring.computes_failed_warning_threshold_percent*100}}%{%- raw %} of {{ $labels.service }} services are down for the last 2 minutes
- NovaComputesCritical:
- if: >-
- openstack_nova_services_percent{state="down",service=~"nova-compute"} >= on (service) sum(openstack_nova_services{service=~"nova-compute"}) by (service) * {%- endraw %} {{monitoring.computes_failed_critical_threshold_percent}} {%- raw %}
- for: 2m
- labels:
- severity: critical
- service: "{{ $labels.service }}"
- annotations:
- summary: "More than {%- endraw %} {{monitoring.computes_failed_critical_threshold_percent*100}}%{%- raw %} of {{ $labels.service }} services are down"
- description: >-
- More than {%- endraw %} {{monitoring.computes_failed_critical_threshold_percent*100}}%{%- raw %} of {{ $labels.service }} services are down for the last 2 minutes
- NovaComputesDown:
- if: >-
- openstack_nova_services{state="up",service=~"nova-compute"} == 0
- for: 2m
- labels:
- severity: down
- service: "{{ $labels.service }}"
- annotations:
- summary: "All {{ $labels.service }} services are down"
- description: >-
- All '{{ $labels.service }}' services are down for the last 2 minutes
- NovaTotalFreeVCPUsLow:
- if: >-
- (100.0 * openstack_nova_total_free_vcpus) / (openstack_nova_total_free_vcpus + openstack_nova_total_used_vcpus) < 10.0
- for: 1m
- labels:
- severity: warning
- service: nova
- annotations:
- summary: "VCPU low limit for new instances"
- description: >-
- VPCU low limit for 1 minutes
- NovaTotalFreeMemoryLow:
- if: >-
- (100.0 * openstack_nova_total_free_ram) / (openstack_nova_total_free_ram + openstack_nova_total_used_ram) < 10.0
- for: 1m
- labels:
- severity: warning
- service: nova
- annotations:
- summary: "Memory low limit for new instances"
- description: >-
- Memory low limit for 1 minutes
- NovaTotalFreeVCPUsShortage:
- if: >-
- (100.0 * openstack_nova_total_free_vcpus) / (openstack_nova_total_free_vcpus + openstack_nova_total_used_vcpus) < 2.0
- for: 1m
+ max(openstack_api_check_status{name=~"nova.*|placement"}) == 0
labels:
severity: critical
service: nova
annotations:
- summary: "VCPU shortage for new instances"
+ summary: "Nova API outage"
description: >-
- VPCU shortage for 1 minutes
- NovaTotalFreeMemoryShortage:
+ Nova API is not accessible for all available Nova endpoints in the OpenStack service catalog.
+ NovaApiDown:
if: >-
- (100.0 * openstack_nova_total_free_ram) / (openstack_nova_total_free_ram + openstack_nova_total_used_ram) < 2.0
- for: 1m
+ openstack_api_check_status{name=~"nova.*|placement"} == 0
labels:
- severity: critical
+ severity: major
service: nova
annotations:
- summary: "Memory shortage for new instances"
+ summary: "{{ $labels.name }} endpoint is not accessible"
description: >-
- Memory shortage for 1 minutes
- NovaAggregatesFreeVCPUsLow:
+ Nova API is not accessible for the {{ $labels.name }} endpoint.
+ NovaApiEndpointDown:
if: >-
- (100.0 * openstack_nova_aggregate_free_vcpus) / (openstack_nova_aggregate_free_vcpus + openstack_nova_aggregate_used_vcpus) < 10.0
- for: 1m
+ http_response_status{name=~"nova-api"} == 0
+ for: 2m
labels:
- severity: warning
+ severity: minor
service: nova
- aggregate: "{{ $labels.aggregate }}"
annotations:
- summary: "VCPU low limit for new instances on aggregate {{ $labels.aggregate }}"
+ summary: "nova-api endpoint is not accessible"
description: >-
- VPCU low limit for 1 minutes on aggregate {{ $labels.aggregate }}
- NovaAggregatesFreeMemoryLow:
- if: >-
- (100.0 * openstack_nova_aggregate_free_ram) / (openstack_nova_aggregate_free_ram + openstack_nova_aggregate_used_ram) < 10.0
- for: 1m
- labels:
- severity: warning
- service: nova
- aggregate: "{{ $labels.aggregate }}"
- annotations:
- summary: "Memory low limit for new instances on aggregate {{ $labels.aggregate }}"
- description: >-
- Memory low limit for 1 minutes on aggregate {{ $labels.aggregate }}
- NovaAggregatesFreeVCPUsShortage:
- if: >-
- (100.0 * openstack_nova_aggregate_free_vcpus) / (openstack_nova_aggregate_free_vcpus + openstack_nova_aggregate_used_vcpus) < 2.0
- for: 1m
- labels:
- severity: critical
- service: nova
- aggregate: "{{ $labels.aggregate }}"
- annotations:
- summary: "VCPU shortage for new instances on aggregate {{ $labels.aggregate }}"
- description: >-
- VPCU shortage for 1 minutes on aggregate {{ $labels.aggregate }}
- NovaAggregatesFreeMemoryShortage:
- if: >-
- (100.0 * openstack_nova_aggregate_free_ram) / (openstack_nova_aggregate_free_ram + openstack_nova_aggregate_used_ram) < 2.0
- for: 1m
- labels:
- severity: critical
- service: nova
- aggregate: "{{ $labels.aggregate }}"
- annotations:
- summary: "Memory shortage for new instances on aggregate {{ $labels.aggregate }}"
- description: >-
- Memory shortage for 1 minutes on aggregate {{ $labels.aggregate }}
+ The nova-api endpoint on the {{ $labels.host }} node is not accessible for 2 minutes.
{%- endraw %}
+ NovaApiEndpointsDownMajor:
+ if: >-
+ count(http_response_status{name=~"nova-api"} == 0) >= count(http_response_status{name=~"nova-api"}) * {{ major_endpoint_threshold }}
+ for: 2m
+ labels:
+ severity: major
+ service: nova
+ annotations:
+ summary: "{{major_endpoint_threshold * 100}}% of nova-api endpoints are not accessible"
+ description: >-
+ {% raw %}{{ $value }} nova-api endpoints (>= {% endraw %} {{major_endpoint_threshold * 100}}{% raw %}%) are not accessible for 2 minutes.
+ NovaApiEndpointsOutage:
+ if: >-
+ count(http_response_status{name=~"nova-api"} == 0) == count(http_response_status{name=~"nova-api"})
+ for: 2m
+ labels:
+ severity: critical
+ service: nova
+ annotations:
+ summary: "nova-api endpoints outage"
+ description: >-
+ All available nova-api endpoints are not accessible for 2 minutes.
+ NovaServiceDown:
+ if: >-
+ openstack_nova_service_state == 0
+ labels:
+ severity: minor
+ service: nova
+ annotations:
+ summary: "{{ $labels.binary }} service is down"
+ description: >-
+ The {{ $labels.binary }} service on the {{ $labels.hostname }} node is down.
+{%- endraw %}
+ NovaServicesDownMinor:
+ if: >-
+ count(openstack_nova_service_state{binary!~"nova-compute"} == 0) by (binary) >= on (binary) count(openstack_nova_service_state{binary!~"nova-compute"}) by (binary) * {{minor_threshold}}
+ labels:
+ severity: minor
+ service: nova
+ annotations:
+ summary: "{{minor_threshold * 100}}%{%- raw %} of {{ $labels.binary }} services are down"
+ description: >-
+ {{ $value }} {{ $labels.binary }} services (>= {%- endraw %} {{minor_threshold * 100}}%) are down.
+ NovaComputeServicesDownMinor:
+ if: >-
+ count(openstack_nova_service_state{binary="nova-compute"} == 0) >= count(openstack_nova_service_state{binary="nova-compute"}) * {{minor_compute_threshold}}
+ labels:
+ severity: minor
+ service: nova
+ annotations:
+ summary: "{{minor_compute_threshold * 100}}%{%- raw %} of nova-compute services are down"
+ description: >-
+ {{ $value }} nova-compute services (>= {%- endraw %} {{minor_compute_threshold * 100}}%) are down.
+ NovaServicesDownMajor:
+ if: >-
+ count(openstack_nova_service_state{binary!~"nova-compute"} == 0) by (binary) >= on (binary) count(openstack_nova_service_state{binary!~"nova-compute"}) by (binary) * {{major_threshold}}
+ labels:
+ severity: major
+ service: nova
+ annotations:
+ summary: "{{major_threshold * 100}}%{%- raw %} of {{ $labels.binary }} services are down"
+ description: >-
+ {{ $value }} {{ $labels.binary }} services (>= {%- endraw %} {{major_threshold * 100}}%) are down.
+ NovaComputeServicesDownMajor:
+ if: >-
+ count(openstack_nova_service_state{binary="nova-compute"} == 0) >= count(openstack_nova_service_state{binary="nova-compute"}) * {{major_compute_threshold}}
+ labels:
+ severity: major
+ service: nova
+ annotations:
+ summary: "{{major_compute_threshold * 100}}%{%- raw %} of nova-compute services are down"
+ description: >-
+ {{ $value }} nova-compute services (>= {%- endraw %} {{major_compute_threshold * 100}}{%- raw %}%) are down.
+ NovaServiceOutage:
+ if: >-
+ count(openstack_nova_service_state == 0) by (binary) == on (binary) count(openstack_nova_service_state) by (binary)
+ labels:
+ severity: critical
+ service: nova
+ annotations:
+ summary: "{{ $labels.binary }} service outage"
+ description: >-
+ All {{ $labels.binary }} services are down.
+{%- endraw %}
+{%- set cpu_minor_threshold = monitoring.cpu_minor_threshold|float %}
+{%- set cpu_major_threshold = monitoring.cpu_major_threshold|float %}
+{%- set ram_major_threshold = monitoring.ram_major_threshold|float %}
+{%- set ram_critical_threshold = monitoring.ram_critical_threshold|float %}
+{%- set disk_major_threshold = monitoring.disk_major_threshold|float %}
+{%- set disk_critical_threshold = monitoring.disk_critical_threshold|float %}
+ NovaHypervisorVCPUsFullMinor:
+ if: >-
+ label_replace(system_load15, "hostname", "$1", "host", "(.*)") > on (hostname) openstack_nova_vcpus * {{ cpu_minor_threshold }}
+ labels:
+ severity: minor
+ service: nova
+ annotations:
+ summary: "{{ cpu_minor_threshold * 100 }}% of hypervisor VCPUs are used"
+ description: "{% raw %}{{ $value }} VCPUs on the {{ $labels.hostname }} node (> {% endraw %} {{ cpu_minor_threshold * 100 }}%) are used."
+ NovaHypervisorVCPUsFullMajor:
+ if: >-
+ label_replace(system_load15, "hostname", "$1", "host", "(.*)") > on (hostname) openstack_nova_vcpus * {{ cpu_major_threshold }}
+ labels:
+ severity: major
+ service: nova
+ annotations:
+ summary: "{{ cpu_major_threshold * 100 }}% of hypervisor VCPUs are used"
+ description: "{% raw %}{{ $value }} VCPUs on the {{ $labels.hostname }} node (> {% endraw %} {{ cpu_major_threshold * 100 }}%) are used."
+ NovaHypervisorMemoryFullMajor:
+ if: >-
+ openstack_nova_used_ram > openstack_nova_ram * {{ ram_major_threshold }}
+ labels:
+ severity: major
+ service: nova
+ annotations:
+ summary: "{{ ram_major_threshold * 100 }}% of hypervisor RAM is used"
+ description: "{% raw %}{{ $value }}MB of RAM on the {{ $labels.hostname }} node (> {% endraw %} {{ ram_major_threshold * 100 }}%) is used."
+ NovaHypervisorMemoryFullCritical:
+ if: >-
+ openstack_nova_used_ram > openstack_nova_ram * {{ ram_critical_threshold }}
+ labels:
+ severity: critical
+ service: nova
+ annotations:
+ summary: "{{ ram_critical_threshold * 100 }}% of hypervisor RAM is used"
+ description: "{% raw %}{{ $value }}MB of RAM on the {{ $labels.hostname }} node (> {% endraw %} {{ ram_critical_threshold * 100 }}%) is used."
+ NovaHypervisorDiskFullMajor:
+ if: >-
+ openstack_nova_used_disk > openstack_nova_disk * {{ disk_major_threshold }}
+ labels:
+ severity: major
+ service: nova
+ annotations:
+ summary: "{{ disk_major_threshold * 100 }}% of hypervisor disk space is used"
+ description: "{% raw %}{{ $value }}GB of disk space on the {{ $labels.hostname }} node (> {% endraw %} {{ disk_major_threshold * 100 }}%) is used."
+ NovaHypervisorDiskFullCritical:
+ if: >-
+ openstack_nova_used_disk > openstack_nova_disk * {{ disk_critical_threshold }}
+ labels:
+ severity: critical
+ service: nova
+ annotations:
+ summary: "{{ disk_critical_threshold * 100 }}% of hypervisor disk space is used"
+ description: "{% raw %}{{ $value }}GB of disk space on the {{ $labels.hostname }} node (> {% endraw %} {{ disk_critical_threshold * 100 }}%) is used."
+ NovaAggregateMemoryFullMajor:
+ if: >-
+ openstack_nova_aggregate_used_ram > openstack_nova_aggregate_ram * {{ ram_major_threshold }}
+ labels:
+ severity: major
+ service: nova
+ annotations:
+ summary: "{{ ram_major_threshold * 100 }}% of aggregate RAM is used"
+ description: "{% raw %}{{ $value }}MB of RAM on the {{ $labels.aggregate }} aggregate (> {% endraw %} {{ ram_major_threshold * 100 }}%) is used."
+ NovaAggregateMemoryFullCritical:
+ if: >-
+ openstack_nova_aggregate_used_ram > openstack_nova_aggregate_ram * {{ ram_critical_threshold }}
+ labels:
+ severity: critical
+ service: nova
+ annotations:
+ summary: "{{ ram_critical_threshold * 100 }}% of aggregate RAM is used"
+ description: "{% raw %}{{ $value }}MB of RAM on the {{ $labels.aggregate }} aggregate (> {% endraw %} {{ ram_critical_threshold * 100 }}%) is used."
+ NovaAggregateDiskFullMajor:
+ if: >-
+ openstack_nova_aggregate_used_disk > openstack_nova_aggregate_disk * {{ disk_major_threshold }}
+ labels:
+ severity: major
+ service: nova
+ annotations:
+ summary: "{{ disk_major_threshold * 100 }}% of aggregate disk space is used"
+ description: "{% raw %}{{ $value }}GB of disk space on the {{ $labels.aggregate }} aggregate (> {% endraw %} {{ disk_major_threshold * 100 }}%) is used."
+ NovaAggregateDiskFullCritical:
+ if: >-
+ openstack_nova_aggregate_used_disk > openstack_nova_aggregate_disk * {{ disk_critical_threshold }}
+ labels:
+ severity: critical
+ service: nova
+ annotations:
+ summary: "{{ disk_critical_threshold * 100 }}% of aggregate disk space is used"
+ description: "{% raw %}{{ $value }}GB of disk space on the {{ $labels.aggregate }} aggregate (> {% endraw %} {{ disk_critical_threshold * 100 }}%) is used."
+ NovaTotalVCPUsFullMinor:
+ if: >-
+ sum(label_replace(system_load15, "hostname", "$1", "host", "(.*)") and on (hostname) openstack_nova_vcpus) > max(sum(openstack_nova_vcpus) by (instance)) * {{ cpu_minor_threshold }}
+ labels:
+ severity: minor
+ service: nova
+ annotations:
+ summary: "{{ cpu_minor_threshold * 100 }}% of cloud VCPUs are used"
+ description: "{% raw %}{{ $value }} VCPUs in the cloud (> {% endraw %} {{ cpu_minor_threshold * 100 }}%) are used."
+ NovaTotalVCPUsFullMajor:
+ if: >-
+ sum(label_replace(system_load15, "hostname", "$1", "host", "(.*)") and on (hostname) openstack_nova_vcpus) > max(sum(openstack_nova_vcpus) by (instance)) * {{ cpu_major_threshold }}
+ labels:
+ severity: major
+ service: nova
+ annotations:
+ summary: "{{ cpu_major_threshold * 100 }}% of cloud VCPUs are used"
+ description: "{% raw %}{{ $value }} VCPUs in the cloud (> {% endraw %} {{ cpu_major_threshold * 100 }}%) are used."
+ NovaTotalMemoryFullMajor:
+ if: >-
+ openstack_nova_total_used_ram > openstack_nova_total_ram * {{ ram_major_threshold }}
+ labels:
+ severity: major
+ service: nova
+ annotations:
+ summary: "{{ ram_major_threshold * 100 }}% of cloud RAM is used"
+ description: "{% raw %}{{ $value }}MB of RAM in the cloud (> {% endraw %} {{ ram_major_threshold * 100 }}%) is used."
+ NovaTotalMemoryFullCritical:
+ if: >-
+ openstack_nova_total_used_ram > openstack_nova_total_ram * {{ ram_critical_threshold }}
+ labels:
+ severity: critical
+ service: nova
+ annotations:
+ summary: "{{ ram_critical_threshold * 100 }}% of cloud RAM is used"
+ description: "{% raw %}{{ $value }}MB of RAM in the cloud (> {% endraw %} {{ ram_critical_threshold * 100 }}%) is used."
+ NovaTotalDiskFullMajor:
+ if: >-
+ openstack_nova_total_used_disk > openstack_nova_total_disk * {{ disk_major_threshold }}
+ labels:
+ severity: major
+ service: nova
+ annotations:
+ summary: "{{ disk_major_threshold * 100 }}% of cloud disk space is used"
+ description: "{% raw %}{{ $value }}GB of disk space in the cloud (> {% endraw %} {{ disk_major_threshold * 100 }}%) is used."
+ NovaTotalDiskFullCritical:
+ if: >-
+ openstack_nova_total_used_disk > openstack_nova_total_disk * {{ disk_critical_threshold }}
+ labels:
+ severity: critical
+ service: nova
+ annotations:
+ summary: "{{ disk_critical_threshold * 100 }}% of cloud disk space is used"
+ description: "{% raw %}{{ $value }}GB of disk space in the cloud (> {% endraw %} {{ disk_critical_threshold * 100 }}%) is used."
{%- endif %}
NovaErrorLogsTooHigh:
{%- set log_threshold = monitoring.error_log_rate.warn|float %}
@@ -220,27 +310,24 @@
{%- raw %}
labels:
severity: warning
- service: "{{ $labels.service }}"
+ service: nova
annotations:
- summary: 'Too many errors in {{ $labels.service }} logs'
- description: 'The rate of errors in {{ $labels.service }} logs over the last 5 minutes is too high on node {{ $labels.host }} (current value={{ $value }}, threshold={%- endraw %}{{ log_threshold }}).'
-
-{%- if is_compute %}
+ summary: "High number of errors in Nova logs"
+ description: "The average per-second rate of errors in Nova logs on the {{ $labels.host }} node is {{ $value }} (as measured over the last 5 minutes)."
+{%- endraw %}
+{%- if is_compute and exporters is defined %}
{%- raw %}
- NovaLibvirtDown:
+ LibvirtDown:
if: >-
- max(libvirt_up) by (host) == 0
+ libvirt_up == 0
for: 2m
labels:
- severity: down
- service: "libvirt"
+ severity: critical
+ service: libvirt
annotations:
- summary: "libvirt check on '{{ $labels.host }}' is down"
- description: >-
- libvirt check on '{{ $labels.host }}' is down for 2 minutes
+ summary: "Failure to gather Libvirt metrics"
+ description: "The Libvirt metric exporter fails to gather metrics on the {{ $labels.host }} node for 2 minutes."
{%- endraw %}
-{%- if exporters is defined %}
{%- include "prometheus/_exporters_config.sls" %}
{%- endif %}
{%- endif %}
-{%- endif %}
diff --git a/nova/meta/sphinx.yml b/nova/meta/sphinx.yml
index edf5eae..b95b2bb 100644
--- a/nova/meta/sphinx.yml
+++ b/nova/meta/sphinx.yml
@@ -10,9 +10,6 @@
version:
name: "Version"
value: {{ compute.version }}
- virtualization:
- name: "Virtualization type"
- value: {{ compute.virtualization }}
{%- if compute.vncproxy_url is defined %}
vncproxy_url:
name: "VNC proxy URL"
@@ -34,9 +31,18 @@
name: "Image service"
value: {{ compute.image.host }}:{{ compute.image.port }}
{%- endif %}
+ {%- set rabbit_port = compute.message_queue.get('port', 5671 if compute.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
message_queue_ip:
name: "Message queue"
- value: {{ compute.message_queue.user }}@{{ compute.message_queue.host }}:{{ compute.message_queue.port }}{{ compute.message_queue.virtual_host }}
+ {%- if compute.message_queue.members is defined %}
+ value: {% for member in compute.message_queue.members -%}
+ {{ compute.message_queue.user }}:{{ compute.message_queue.password }}@{{ member.host }}:{{ member.get('port',rabbit_port) }}
+ {%- if not loop.last -%},{%- endif -%}
+ {%- endfor -%}
+ /{{ compute.message_queue.virtual_host }}
+ {%- else %}
+ value: {{ compute.message_queue.user }}:{{ compute.message_queue.password }}@{{ compute.message_queue.host }}:{{ rabbit_port }}/{{ compute.message_queue.virtual_host }}
+ {%- endif %}
identity_host:
name: "Identity host ip"
value: {{ compute.identity.user }}@{{ compute.identity.host }}:{{ compute.identity.port }}
@@ -113,9 +119,18 @@
glance_host:
name: "Glance service"
value: {{ controller.glance.host }}:{{ controller.glance.port }}
+ {%- set rabbit_port = controller.message_queue.get('port', 5671 if controller.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
message_queue_ip:
name: "Message queue"
- value: {{ controller.message_queue.user }}@{{ controller.message_queue.host }}:{{ controller.message_queue.port }}{{ controller.message_queue.virtual_host }}
+ {%- if controller.message_queue.members is defined %}
+ value: {% for member in controller.message_queue.members -%}
+ {{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ member.host }}:{{ member.get('port',rabbit_port) }}
+ {%- if not loop.last -%},{%- endif -%}
+ {%- endfor -%}
+ /{{ controller.message_queue.virtual_host }}
+ {%- else %}
+ value: {{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ controller.message_queue.host }}:{{ rabbit_port }}/{{ controller.message_queue.virtual_host }}
+ {%- endif %}
identity_host:
name: "Identity host ip"
value: {{ controller.identity.user }}@{{ controller.identity.host }}:{{ controller.identity.port }}
diff --git a/tests/pillar/compute_cluster.sls b/tests/pillar/compute_cluster.sls
index b6ad010..c057c09 100644
--- a/tests/pillar/compute_cluster.sls
+++ b/tests/pillar/compute_cluster.sls
@@ -6,13 +6,13 @@
hugepages:
mount_points:
- path: /mnt/hugepages_1GB
- virtualization: kvm
disk_cachemodes: network=writeback,block=none
heal_instance_info_cache_interval: 60
vncproxy_url: openstack:6080
report_interval: 60
vnc_keymap: en-gb
resume_guests_state_on_host_boot: True
+ preallocate_images: space
bind:
vnc_address: 127.0.0.1
vnc_port: 6080
@@ -32,6 +32,15 @@
user: nova
password: password
tenant: service
+ logging:
+ log_appender: false
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: false
+ ossyslog:
+ enabled: false
message_queue:
engine: rabbitmq
members:
diff --git a/tests/pillar/compute_cluster_vmware.sls b/tests/pillar/compute_cluster_vmware.sls
new file mode 100644
index 0000000..ceaf142
--- /dev/null
+++ b/tests/pillar/compute_cluster_vmware.sls
@@ -0,0 +1,78 @@
+nova:
+ compute:
+ version: pike
+ enabled: true
+ bind:
+ vnc_address: 127.0.0.1
+ vnc_port: 6080
+ vnc_name: 0.0.0.0
+ database:
+ engine: mysql
+ host: 127.0.0.1
+ port: 3306
+ name: nova
+ user: nova
+ password: password
+ identity:
+ engine: keystone
+ region: RegionOne
+ host: 127.0.0.1
+ port: 35357
+ user: nova
+ password: password
+ tenant: service
+ logging:
+ log_appender: false
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: false
+ ossyslog:
+ enabled: false
+ message_queue:
+ engine: rabbitmq
+ members:
+ - host: 127.0.0.1
+ - host: 127.0.1.1
+ - host: 127.0.2.1
+ user: openstack
+ password: password
+ virtual_host: '/openstack'
+ image:
+ engine: glance
+ host: 127.0.0.1
+ port: 9292
+ network:
+ engine: neutron
+ region: RegionOne
+ host: 127.0.0.1
+ port: 9696
+ extension_sync_interval: 600
+ user: nova
+ password: password
+ tenant: service
+ metadata:
+ password: metadata
+ cache:
+ engine: memcached
+ members:
+ - host: 127.0.0.1
+ port: 11211
+ - host: 127.0.1.1
+ port: 11211
+ - host: 127.0.2.1
+ port: 11211
+ compute_driver: vmwareapi.VMwareVCDriver
+ vmware:
+ host_username: vmware
+ host_password: vmware
+ cluster_name: vmware_cluster01
+ upgrade_levels:
+ compute: liberty
+ libvirt_service_group: libvirtd
+ lvm:
+ ephemeral: yes
+ images_volume_group: nova_vg
+ volume_clear: zero
+ volume_clear_size: 0
diff --git a/tests/pillar/compute_cluster_vmware_queens.sls b/tests/pillar/compute_cluster_vmware_queens.sls
new file mode 100644
index 0000000..1d6b0cf
--- /dev/null
+++ b/tests/pillar/compute_cluster_vmware_queens.sls
@@ -0,0 +1,78 @@
+nova:
+ compute:
+ version: queens
+ enabled: true
+ bind:
+ vnc_address: 127.0.0.1
+ vnc_port: 6080
+ vnc_name: 0.0.0.0
+ database:
+ engine: mysql
+ host: 127.0.0.1
+ port: 3306
+ name: nova
+ user: nova
+ password: password
+ identity:
+ engine: keystone
+ region: RegionOne
+ host: 127.0.0.1
+ port: 35357
+ user: nova
+ password: password
+ tenant: service
+ logging:
+ log_appender: false
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: false
+ ossyslog:
+ enabled: false
+ message_queue:
+ engine: rabbitmq
+ members:
+ - host: 127.0.0.1
+ - host: 127.0.1.1
+ - host: 127.0.2.1
+ user: openstack
+ password: password
+ virtual_host: '/openstack'
+ image:
+ engine: glance
+ host: 127.0.0.1
+ port: 9292
+ network:
+ engine: neutron
+ region: RegionOne
+ host: 127.0.0.1
+ port: 9696
+ extension_sync_interval: 600
+ user: nova
+ password: password
+ tenant: service
+ metadata:
+ password: metadata
+ cache:
+ engine: memcached
+ members:
+ - host: 127.0.0.1
+ port: 11211
+ - host: 127.0.1.1
+ port: 11211
+ - host: 127.0.2.1
+ port: 11211
+ compute_driver: vmwareapi.VMwareVCDriver
+ vmware:
+ host_username: vmware
+ host_password: vmware
+ cluster_name: vmware_cluster01
+ upgrade_levels:
+ compute: liberty
+ libvirt_service_group: libvirtd
+ lvm:
+ ephemeral: yes
+ images_volume_group: nova_vg
+ volume_clear: zero
+ volume_clear_size: 0
diff --git a/tests/pillar/compute_single.sls b/tests/pillar/compute_single.sls
index bba29a0..8d752de 100644
--- a/tests/pillar/compute_single.sls
+++ b/tests/pillar/compute_single.sls
@@ -1,12 +1,15 @@
nova:
compute:
- version: liberty
+ version: newton
enabled: true
- virtualization: kvm
heal_instance_info_cache_interval: 60
vncproxy_url: openstack:6080
vnc_keymap: en-gb
resume_guests_state_on_host_boot: False
+ preallocate_images: space
+ cpu_mode: custom
+ libvirt:
+ cpu_model: IvyBridge
bind:
vnc_address: 127.0.0.1
vnc_port: 6080
@@ -26,6 +29,15 @@
user: nova
password: password
tenant: service
+ logging:
+ log_appender: false
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: false
+ ossyslog:
+ enabled: false
message_queue:
engine: rabbitmq
host: 127.0.0.1
diff --git a/tests/pillar/compute_single_config_drive_options.sls b/tests/pillar/compute_single_config_drive_options.sls
index a181f8b..f33faca 100644
--- a/tests/pillar/compute_single_config_drive_options.sls
+++ b/tests/pillar/compute_single_config_drive_options.sls
@@ -2,11 +2,11 @@
compute:
version: mitaka
enabled: true
- virtualization: kvm
heal_instance_info_cache_interval: 60
vncproxy_url: openstack:6080
vnc_keymap: en-gb
resume_guests_state_on_host_boot: False
+ preallocate_images: space
bind:
vnc_address: 127.0.0.1
vnc_port: 6080
@@ -26,6 +26,15 @@
user: nova
password: password
tenant: service
+ logging:
+ log_appender: false
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: false
+ ossyslog:
+ enabled: false
message_queue:
engine: rabbitmq
host: 127.0.0.1
@@ -51,4 +60,4 @@
config_drive:
cdrom: True
format: iso9660
- inject_password: True
\ No newline at end of file
+ inject_password: True
diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index d057d1b..f11a947 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls
@@ -2,7 +2,7 @@
controller:
enabled: true
networking: default
- version: liberty
+ version: pike
vncproxy_url: 127.0.0.1
vnc_keymap: en-gb
security_group: false
@@ -32,6 +32,15 @@
user: nova
password: password
tenant: service
+ logging:
+ log_appender: false
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: false
+ ossyslog:
+ enabled: false
message_queue:
engine: rabbitmq
members:
@@ -66,3 +75,40 @@
compute: liberty
barbican:
enabled: true
+apache:
+ server:
+ enabled: true
+ default_mpm: event
+ mpm:
+ prefork:
+ enabled: true
+ servers:
+ start: 5
+ spare:
+ min: 2
+ max: 10
+ max_requests: 0
+ max_clients: 20
+ limit: 20
+ site:
+ nova_placement:
+ enabled: false
+ available: true
+ type: wsgi
+ name: nova_placement
+ wsgi:
+ daemon_process: nova-placement
+ processes: 5
+ threads: 1
+ user: nova
+ group: nova
+ display_name: '%{GROUP}'
+ script_alias: '/ /usr/bin/nova-placement-api'
+ application_group: '%{GLOBAL}'
+ authorization: 'On'
+ limits:
+ request_body: 114688
+ host:
+ address: 127.0.0.1
+ name: 127.0.0.1
+ port: 8778
diff --git a/tests/pillar/control_single.sls b/tests/pillar/control_single.sls
index 78eaa40..3b36463 100644
--- a/tests/pillar/control_single.sls
+++ b/tests/pillar/control_single.sls
@@ -2,7 +2,7 @@
controller:
enabled: true
networking: contrail
- version: liberty
+ version: pike
security_group: false
vncproxy_url: 127.0.0.1
vnc_keymap: en-gb
@@ -32,6 +32,15 @@
user: nova
password: password
tenant: service
+ logging:
+ log_appender: false
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: false
+ ossyslog:
+ enabled: false
message_queue:
engine: rabbitmq
host: 127.0.0.1
@@ -60,3 +69,18 @@
'context_is_admin': 'role:admin or role:administrator'
'compute:create': 'rule:admin_or_owner'
'compute:create:attach_network':
+apache:
+ server:
+ enabled: true
+ default_mpm: event
+ mpm:
+ prefork:
+ enabled: true
+ servers:
+ start: 5
+ spare:
+ min: 2
+ max: 10
+ max_requests: 0
+ max_clients: 20
+ limit: 20
diff --git a/tests/pillar/repo_mcp_openstack_pike.sls b/tests/pillar/repo_mcp_openstack_pike.sls
new file mode 100644
index 0000000..789b907
--- /dev/null
+++ b/tests/pillar/repo_mcp_openstack_pike.sls
@@ -0,0 +1,12 @@
+linux:
+ system:
+ enabled: true
+ repo:
+ mirantis_openstack_repo:
+ source: "deb http://mirror.fuel-infra.org/mcp-repos/pike/{{ grains.get('oscodename') }} pike main"
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/pike/{{ grains.get('oscodename') }}/archive-mcppike.key"
+ pin:
+ - pin: 'release a=pike'
+ priority: 1050
+ package: '*'
\ No newline at end of file
diff --git a/tests/run_tests.sh b/tests/run_tests.sh
index db89554..9761585 100755
--- a/tests/run_tests.sh
+++ b/tests/run_tests.sh
@@ -6,11 +6,13 @@
CURDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
METADATA=${CURDIR}/../metadata.yml
FORMULA_NAME=$(cat $METADATA | python -c "import sys,yaml; print yaml.load(sys.stdin)['name']")
+FORMULA_META_DIR=${CURDIR}/../${FORMULA_NAME}/meta
## Overrideable parameters
PILLARDIR=${PILLARDIR:-${CURDIR}/pillar}
BUILDDIR=${BUILDDIR:-${CURDIR}/build}
VENV_DIR=${VENV_DIR:-${BUILDDIR}/virtualenv}
+MOCK_BIN_DIR=${MOCK_BIN_DIR:-${CURDIR}/mock_bin}
DEPSDIR=${BUILDDIR}/deps
SALT_FILE_DIR=${SALT_FILE_DIR:-${BUILDDIR}/file_root}
@@ -37,7 +39,16 @@
log_info "Setting up Python virtualenv"
virtualenv $VENV_DIR
source ${VENV_DIR}/bin/activate
- pip install salt${PIP_SALT_VERSION}
+ python -m pip install salt${PIP_SALT_VERSION}
+}
+
+setup_mock_bin() {
+ # If some state requires a binary, a lightweight replacement for
+ # such binary can be put into MOCK_BIN_DIR for test purposes
+ if [ -d "${MOCK_BIN_DIR}" ]; then
+ PATH="${MOCK_BIN_DIR}:$PATH"
+ export PATH
+ fi
}
setup_pillar() {
@@ -114,13 +125,14 @@
salt_run() {
[ -e ${VENV_DIR}/bin/activate ] && source ${VENV_DIR}/bin/activate
- salt-call ${SALT_OPTS} $*
+ python $(which salt-call) ${SALT_OPTS} $*
}
prepare() {
[ -d ${BUILDDIR} ] && mkdir -p ${BUILDDIR}
which salt-call || setup_virtualenv
+ setup_mock_bin
setup_pillar
setup_salt
install_dependencies
@@ -130,7 +142,26 @@
for pillar in ${PILLARDIR}/*.sls; do
grep ${FORMULA_NAME}: ${pillar} &>/dev/null || continue
state_name=$(basename ${pillar%.sls})
+ salt_run grains.set 'noservices' False force=True
+
+ echo "Checking state ${FORMULA_NAME}.${state_name} ..."
salt_run --id=${state_name} state.show_sls ${FORMULA_NAME} || (log_err "Execution of ${FORMULA_NAME}.${state_name} failed"; exit 1)
+
+ # Check that all files in 'meta' folder can be rendered using any valid pillar
+ for meta in `find ${FORMULA_META_DIR} -type f`; do
+ meta_name=$(basename ${meta})
+ echo "Checking meta ${meta_name} ..."
+ salt_run --out=quiet --id=${state_name} cp.get_template ${meta} ${SALT_CACHE_DIR}/${meta_name} \
+ || (log_err "Failed to render meta ${meta} using pillar ${FORMULA_NAME}.${state_name}"; exit 1)
+ cat ${SALT_CACHE_DIR}/${meta_name}
+ done
+ done
+}
+
+real_run() {
+ for pillar in ${PILLARDIR}/*.sls; do
+ state_name=$(basename ${pillar%.sls})
+ salt_run --id=${state_name} state.sls ${FORMULA_NAME} || (log_err "Execution of ${FORMULA_NAME}.${state_name} failed"; exit 1)
done
}
@@ -159,6 +190,9 @@
run)
run
;;
+ real-run)
+ real_run
+ ;;
*)
prepare
run