Merge "Set default TTL for memcache item expiration"
diff --git a/.gitreview b/.gitreview
new file mode 100644
index 0000000..c3b59b4
--- /dev/null
+++ b/.gitreview
@@ -0,0 +1,4 @@
+[gerrit]
+host=gerrit.mcp.mirantis.com
+port=29418
+project=salt-formulas/nova.git
diff --git a/.kitchen.yml b/.kitchen.yml
index 4391444..5a730e3 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -61,7 +61,7 @@
suites:
<% for os_version in ['mitaka','newton','ocata','pike', 'queens', 'rocky'] %>
- - name: compute_cluster
+ - name: compute_cluster_<%=os_version%>
provisioner:
pillars-from-files:
nova.sls: tests/pillar/compute_cluster.sls
@@ -72,7 +72,7 @@
compute:
version: <%=os_version%>
- - name: control_cluster
+ - name: control_cluster_<%=os_version%>
provisioner:
pillars-from-files:
nova.sls: tests/pillar/control_cluster.sls
diff --git a/README.rst b/README.rst
index 90f2a4b..0184a83 100644
--- a/README.rst
+++ b/README.rst
@@ -32,6 +32,7 @@
dhcp_domain: novalocal
vif_plugging_timeout: 300
vif_plugging_is_fatal: false
+ instance_build_timeout: 600
consoleauth:
token_ttl: 600
bind:
@@ -274,6 +275,8 @@
compute:
version: juno
enabled: true
+ timeout_nbd: 10
+ heal_instance_info_cache_interval: 60
cross_az_attach: false
disk_cachemodes: network=writeback,block=none
availability_zone: availability_zone_01
@@ -323,6 +326,9 @@
name: "a1"
product_id: "154d"
vendor_id: "8086"
+ passthrough_whitelist:
+ - vendor_id: "10de"
+ product_id: "1db4"
network:
engine: neutron
host: 127.0.0.1
@@ -479,7 +485,7 @@
barbican:
enabled: true
-Define aliases for PCI devices:
+Define aliases for a PCI passthrough devices:
.. code-block:: yaml
nova:
@@ -493,6 +499,17 @@
product_id: "154d"
vendor_id: "8086"
+Define white list of PCI devices available to VMs:
+.. code-block:: yaml
+
+ nova:
+ compute:
+ ...
+ pci:
+ passthrough_whitelist:
+ - vendor_id: "10de"
+ product_id: "1db4"
+
Nova metadata custom bindings:
.. code-block:: yaml
@@ -1182,6 +1199,55 @@
You can read more about it here:
https://docs.openstack.org/security-guide/databases/database-access-control.html
+Nova database connection setup:
+========
+
+.. code-block:: yaml
+
+ nova:
+ controller:
+ enabled: True
+ ...
+ database:
+ idle_timeout: 180
+ min_pool_size: 100
+ max_pool_size: 700
+ max_overflow: 100
+ retry_interval: 5
+ max_retries: '-1'
+ db_max_retries: 3
+ db_retry_interval: 1
+ connection_debug: 10
+ pool_timeout: 120
+
+
+Configure nova to use service user tokens:
+========
+Long-running operations such as live migration or snapshot can sometimes overrun the
+expiry of the user token. In such cases, post operations such as cleaning up after a
+live migration can fail when the nova-compute service needs to cleanup resources in
+other services, such as in the block-storage (cinder) or networking (neutron) services.
+
+This patch enables nova to use service user tokens to supplement the regular user token
+used to initiate the operation. The identity service (keystone) will then authenticate
+a request using the service user token if the user token has already expired.
+
+.. code-block:: yaml
+
+ nova:
+ controller:
+ enabled: True
+ ...
+ service_user:
+ enabled: True
+ user_domain_id: default
+ project_domain_id: default
+ project_name: service
+ username: nova
+ password: pswd
+
+
+
Upgrades
========
diff --git a/_modules/novav21/common.py b/_modules/novav21/common.py
index 391eab4..87e3d75 100644
--- a/_modules/novav21/common.py
+++ b/_modules/novav21/common.py
@@ -14,7 +14,10 @@
import logging
import uuid
-import os_client_config
+try:
+ import os_client_config
+except ImportError:
+ os_client_config = None
from salt import exceptions
@@ -24,6 +27,10 @@
def get_raw_client(cloud_name):
+ if not os_client_config:
+ raise exceptions.SaltInvocationError(
+ "Cannot load os-client-config. Please check your environment "
+ "configuration.")
config = os_client_config.OpenStackConfig()
cloud = config.get_one_cloud(cloud_name)
adapter = cloud.get_session_client(SERVICE_KEY)
diff --git a/_states/novav21.py b/_states/novav21.py
index ffda7d1..ad8a4a5 100644
--- a/_states/novav21.py
+++ b/_states/novav21.py
@@ -466,6 +466,7 @@
:param timeout: amount of time in seconds mapping process should finish in.
:param runas: username to run the shell commands under.
"""
+ test = __opts__.get('test', False)
cell_uuid = __salt__['cmd.shell'](
"nova-manage cell_v2 list_cells 2>/dev/null | "
"awk '/%s/ {print $4}'" % name, runas=runas)
@@ -476,17 +477,21 @@
.format(name))
return result
start_time = time.time()
- while True:
- rc = __salt__['cmd.retcode']('nova-manage cell_v2 map_instances '
- '--cell_uuid %s' % cell_uuid, runas=runas)
- if rc == 0 or time.time() - start_time > timeout:
- break
- if rc != 0:
- result['comment'] = (
- 'Failed to map all instances in cell {0} in {1} seconds'
- .format(name, timeout))
- return result
+ if not test:
+ while True:
+ rc = __salt__['cmd.retcode'](
+ 'nova-manage cell_v2 map_instances --cell_uuid %s' % cell_uuid,
+ runas=runas)
+ if rc == 0 or time.time() - start_time > timeout:
+ break
+ if rc != 0:
+ result['comment'] = (
+ 'Failed to map all instances in cell {0} in {1} seconds'
+ .format(name, timeout))
+ return result
result['comment'] = 'All instances mapped in cell {0}'.format(name)
+ if test:
+ result['comment'] = 'TEST: {}'.format(result['comment'])
result['result'] = True
return result
diff --git a/nova/controller.sls b/nova/controller.sls
index 68a9bb4..6e9a4cb 100644
--- a/nova/controller.sls
+++ b/nova/controller.sls
@@ -428,8 +428,9 @@
- sls: nova.db.offline_sync
nova_controller_map_instances:
- novang.map_instances:
+ novav21.instances_mapped_to_cell:
- name: 'cell1'
+ - timeout: {{ controller.get('mapped_instances_interval', 60) }}
{%- if grains.get('noservices') %}
- onlyif: /bin/false
{%- endif %}
@@ -486,4 +487,4 @@
{%- endif %}
-{%- endif %}
+{%- endif %}
\ No newline at end of file
diff --git a/nova/files/ocata/nova-compute.conf.Debian b/nova/files/ocata/nova-compute.conf.Debian
index 3c069ed..38e3c3b 100644
--- a/nova/files/ocata/nova-compute.conf.Debian
+++ b/nova/files/ocata/nova-compute.conf.Debian
@@ -8343,6 +8343,13 @@
{%- endfor %}
{%- endif %}
+{%- if compute.get('pci', {}).get('passthrough_whitelist', false) %}
+ {%- for item in compute.pci.passthrough_whitelist %}
+passthrough_whitelist = {{ item | json }}
+ {%- endfor %}
+{%- endif %}
+
+
[placement]
#
@@ -9046,6 +9053,24 @@
#
# From nova.conf
#
+{%- if compute.get('service_user', {}).get('enabled', True) %}
+send_service_user_token = True
+auth_type = password
+ {%- if compute.service_user is defined %}
+ {%- set _data=compute.service_user %}
+ {%- else %}
+ {%- set _data=compute.identity %}
+ {%- endif %}
+user_domain_id = {{ _data.get('domain', 'default') }}
+project_domain_id = {{ _data.get('domain', 'default') }}
+project_name = {{ _data.get('tenant', 'service') }}
+username = {{ _data.get('user', 'nova') }}
+password = {{ _data.password }}
+auth_url={{ compute.identity.get('protocol', 'http') }}://{{ compute.identity.host }}:5000
+ {%- if compute.identity.get('protocol', 'http') == 'https' %}
+cafile={{ compute.identity.get('cacert_file', compute.cacert_file) }}
+ {%- endif %}
+{%- endif %}
#
# When True, if sending a user token to an REST API, also send a service token.
diff --git a/nova/files/ocata/nova-controller.conf.Debian b/nova/files/ocata/nova-controller.conf.Debian
index 23db54e..f2f5044 100644
--- a/nova/files/ocata/nova-controller.conf.Debian
+++ b/nova/files/ocata/nova-controller.conf.Debian
@@ -3436,16 +3436,16 @@
#
# From nova.conf
#
-idle_timeout = 180
-min_pool_size = 100
-max_pool_size = 700
-max_overflow = 100
-retry_interval = 5
-max_retries = -1
-db_max_retries = 3
-db_retry_interval = 1
-connection_debug = 10
-pool_timeout = 120
+idle_timeout = {{ controller.database.get('idle_timeout', 180) }}
+min_pool_size = {{ controller.database.get('min_pool_size', 100) }}
+max_pool_size = {{ controller.database.get('max_pool_size', 700) }}
+max_overflow = {{ controller.database.get('max_overflow', 100) }}
+retry_interval = {{ controller.database.get('retry_interval', 5) }}
+max_retries = {{ controller.database.get('max_retries', '-1') }}
+db_max_retries = {{ controller.database.get('db_max_retries', 3) }}
+db_retry_interval = {{ controller.database.get('db_retry_interval', 1) }}
+connection_debug = {{ controller.database.get('connection_debug', 10) }}
+pool_timeout = {{ controller.database.get('pool_timeout', 120) }}
connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}_api?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', controller.cacert_file) }}{% endif %}
# The SQLAlchemy connection string to use to connect to the database. (string
@@ -4491,16 +4491,16 @@
# Reason: Should use config option connection or slave_connection to connect the
# database.
#sqlite_db=oslo.sqlite
-idle_timeout = 180
-min_pool_size = 100
-max_pool_size = 700
-max_overflow = 100
-retry_interval = 5
-max_retries = -1
-db_max_retries = 3
-db_retry_interval = 1
-connection_debug = 10
-pool_timeout = 120
+idle_timeout = {{ controller.database.get('idle_timeout', 180) }}
+min_pool_size = {{ controller.database.get('min_pool_size', 100) }}
+max_pool_size = {{ controller.database.get('max_pool_size', 700) }}
+max_overflow = {{ controller.database.get('max_overflow', 100) }}
+retry_interval = {{ controller.database.get('retry_interval', 5) }}
+max_retries = {{ controller.database.get('max_retries', '-1') }}
+db_max_retries = {{ controller.database.get('db_max_retries', 3) }}
+db_retry_interval = {{ controller.database.get('db_retry_interval', 1) }}
+connection_debug = {{ controller.database.get('connection_debug', 10) }}
+pool_timeout = {{ controller.database.get('pool_timeout', 120) }}
connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', controller.cacert_file) }}{% endif %}
# If True, SQLite uses synchronous mode. (boolean value)
@@ -8315,6 +8315,11 @@
# (multi valued)
# Deprecated group/name - [DEFAULT]/pci_passthrough_whitelist
#passthrough_whitelist =
+{%- if controller.get('pci', {}).get('passthrough_whitelist', false) %}
+ {%- for item in controller.pci.passthrough_whitelist %}
+passthrough_whitelist = {{ item | json }}
+ {%- endfor %}
+{%- endif %}
[placement]
@@ -9025,6 +9030,24 @@
#
# From nova.conf
#
+{%- if controller.get('service_user', {}).get('enabled', True) %}
+send_service_user_token = True
+auth_type = password
+ {%- if controller.service_user is defined %}
+ {%- set _data=controller.service_user %}
+ {%- else %}
+ {%- set _data=controller.identity %}
+ {%- endif %}
+user_domain_id = {{ _data.get('domain', 'default') }}
+project_domain_id = {{ _data.get('domain', 'default') }}
+project_name = {{ _data.get('tenant', 'service') }}
+username = {{ _data.get('user', 'nova') }}
+password = {{ _data.password }}
+auth_url={{ controller.identity.get('protocol', 'http') }}://{{ controller.identity.host }}:5000
+ {%- if controller.identity.get('protocol', 'http') == 'https' %}
+cafile={{ controller.identity.get('cacert_file', controller.cacert_file) }}
+ {%- endif %}
+{%- endif %}
#
# When True, if sending a user token to an REST API, also send a service token.
diff --git a/nova/files/pike/nova-compute.conf.Debian b/nova/files/pike/nova-compute.conf.Debian
index a43729a..a5548bd 100644
--- a/nova/files/pike/nova-compute.conf.Debian
+++ b/nova/files/pike/nova-compute.conf.Debian
@@ -1028,7 +1028,11 @@
# * Any positive integer in seconds: Enables the option.
# (integer value)
# Minimum value: 0
-#instance_build_timeout=0
+{%- if compute.instance_build_timeout is defined %}
+instance_build_timeout = {{ compute.instance_build_timeout }}
+{%- else %}
+#instance_build_timeout = 0
+{%- endif %}
#
# Interval to wait before un-rescuing an instance stuck in RESCUE.
@@ -8542,6 +8546,13 @@
{%- endfor %}
{%- endif %}
+{%- if compute.get('pci', {}).get('passthrough_whitelist', false) %}
+ {%- for item in compute.pci.passthrough_whitelist %}
+passthrough_whitelist = {{ item | json }}
+ {%- endfor %}
+{%- endif %}
+
+
[placement]
#
@@ -9245,6 +9256,24 @@
#
# From nova.conf
#
+{%- if compute.get('service_user', {}).get('enabled', True) %}
+send_service_user_token = True
+auth_type = password
+ {%- if compute.service_user is defined %}
+ {%- set _data=compute.service_user %}
+ {%- else %}
+ {%- set _data=compute.identity %}
+ {%- endif %}
+user_domain_id = {{ _data.get('domain', 'default') }}
+project_domain_id = {{ _data.get('domain', 'default') }}
+project_name = {{ _data.get('tenant', 'service') }}
+username = {{ _data.get('user', 'nova') }}
+password = {{ _data.password }}
+auth_url={{ compute.identity.get('protocol', 'http') }}://{{ compute.identity.host }}:5000
+ {%- if compute.identity.get('protocol', 'http') == 'https' %}
+cafile={{ compute.identity.get('cacert_file', compute.cacert_file) }}
+ {%- endif %}
+{%- endif %}
#
# When True, if sending a user token to an REST API, also send a service token.
diff --git a/nova/files/pike/nova-controller.conf.Debian b/nova/files/pike/nova-controller.conf.Debian
index ac64982..74ff905 100644
--- a/nova/files/pike/nova-controller.conf.Debian
+++ b/nova/files/pike/nova-controller.conf.Debian
@@ -1008,7 +1008,11 @@
# * Any positive integer in seconds: Enables the option.
# (integer value)
# Minimum value: 0
-#instance_build_timeout=0
+{%- if controller.instance_build_timeout is defined %}
+instance_build_timeout = {{ controller.instance_build_timeout }}
+{%- else %}
+#instance_build_timeout = 0
+{%- endif %}
#
# Interval to wait before un-rescuing an instance stuck in RESCUE.
@@ -3486,16 +3490,16 @@
#
# From nova.conf
#
-idle_timeout = 180
-min_pool_size = 100
-max_pool_size = 700
-max_overflow = 100
-retry_interval = 5
-max_retries = -1
-db_max_retries = 3
-db_retry_interval = 1
-connection_debug = 10
-pool_timeout = 120
+idle_timeout = {{ controller.database.get('idle_timeout', 180) }}
+min_pool_size = {{ controller.database.get('min_pool_size', 100) }}
+max_pool_size = {{ controller.database.get('max_pool_size', 700) }}
+max_overflow = {{ controller.database.get('max_overflow', 100) }}
+retry_interval = {{ controller.database.get('retry_interval', 5) }}
+max_retries = {{ controller.database.get('max_retries', '-1') }}
+db_max_retries = {{ controller.database.get('db_max_retries', 3) }}
+db_retry_interval = {{ controller.database.get('db_retry_interval', 1) }}
+connection_debug = {{ controller.database.get('connection_debug', 10) }}
+pool_timeout = {{ controller.database.get('pool_timeout', 120) }}
connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}_api?charset=utf8{{ connection_x509_ssl_option|string }}
# The SQLAlchemy connection string to use to connect to the database. (string
@@ -4540,16 +4544,16 @@
# Reason: Should use config option connection or slave_connection to connect the
# database.
#sqlite_db=oslo.sqlite
-idle_timeout = 180
-min_pool_size = 100
-max_pool_size = 700
-max_overflow = 100
-retry_interval = 5
-max_retries = -1
-db_max_retries = 3
-db_retry_interval = 1
-connection_debug = 10
-pool_timeout = 120
+idle_timeout = {{ controller.database.get('idle_timeout', 180) }}
+min_pool_size = {{ controller.database.get('min_pool_size', 100) }}
+max_pool_size = {{ controller.database.get('max_pool_size', 700) }}
+max_overflow = {{ controller.database.get('max_overflow', 100) }}
+retry_interval = {{ controller.database.get('retry_interval', 5) }}
+max_retries = {{ controller.database.get('max_retries', '-1') }}
+db_max_retries = {{ controller.database.get('db_max_retries', 3) }}
+db_retry_interval = {{ controller.database.get('db_retry_interval', 1) }}
+connection_debug = {{ controller.database.get('connection_debug', 10) }}
+pool_timeout = {{ controller.database.get('pool_timeout', 120) }}
connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8{{ connection_x509_ssl_option|string }}
# If True, SQLite uses synchronous mode. (boolean value)
@@ -8525,6 +8529,11 @@
# (multi valued)
# Deprecated group/name - [DEFAULT]/pci_passthrough_whitelist
#passthrough_whitelist =
+{%- if controller.get('pci', {}).get('passthrough_whitelist', false) %}
+ {%- for item in controller.pci.passthrough_whitelist %}
+passthrough_whitelist = {{ item | json }}
+ {%- endfor %}
+{%- endif %}
[placement]
@@ -9235,6 +9244,24 @@
#
# From nova.conf
#
+{%- if controller.get('service_user', {}).get('enabled', True) %}
+send_service_user_token = True
+auth_type = password
+ {%- if controller.service_user is defined %}
+ {%- set _data=controller.service_user %}
+ {%- else %}
+ {%- set _data=controller.identity %}
+ {%- endif %}
+user_domain_id = {{ _data.get('domain', 'default') }}
+project_domain_id = {{ _data.get('domain', 'default') }}
+project_name = {{ _data.get('tenant', 'service') }}
+username = {{ _data.get('user', 'nova') }}
+password = {{ _data.password }}
+auth_url={{ controller.identity.get('protocol', 'http') }}://{{ controller.identity.host }}:5000
+ {%- if controller.identity.get('protocol', 'http') == 'https' %}
+cafile={{ controller.identity.get('cacert_file', controller.cacert_file) }}
+ {%- endif %}
+{%- endif %}
#
# When True, if sending a user token to an REST API, also send a service token.
diff --git a/nova/files/queens/nova-compute.conf.Debian b/nova/files/queens/nova-compute.conf.Debian
index 54dfd87..a056170 100644
--- a/nova/files/queens/nova-compute.conf.Debian
+++ b/nova/files/queens/nova-compute.conf.Debian
@@ -430,6 +430,9 @@
# (integer value)
# Minimum value: 0
#timeout_nbd = 10
+{%- if compute.timeout_nbd is defined %}
+timeout_nbd = {{ compute.timeout_nbd }}
+{%- endif %}
#
# Location of cached images.
@@ -1105,7 +1108,11 @@
# * Any positive integer in seconds: Enables the option.
# (integer value)
# Minimum value: 0
+{%- if compute.instance_build_timeout is defined %}
+instance_build_timeout = {{ compute.instance_build_timeout }}
+{%- else %}
#instance_build_timeout = 0
+{%- endif %}
#
# Interval to wait before un-rescuing an instance stuck in RESCUE.
@@ -3731,97 +3738,11 @@
[cache]
-#
-# From nova.conf
-#
{%- if compute.cache is defined %}
-backend = oslo_cache.memcache_pool
-enabled = true
-memcache_servers={%- for member in compute.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
+{%- set _data = compute.cache %}
+{%- include "oslo_templates/files/queens/oslo/_cache.conf" %}
{%- endif %}
-# Prefix for building the configuration dictionary for the cache
-# region. This should not need to be changed unless there is another
-# dogpile.cache region with the same configuration name. (string
-# value)
-#config_prefix = cache.oslo
-
-# Default TTL, in seconds, for any cached item in the dogpile.cache
-# region. This applies to any cached method that doesn't have an
-# explicit cache expiration time defined for it. (integer value)
-#expiration_time = 600
-
-# Cache backend module. For eventlet-based or environments with
-# hundreds of threaded servers, Memcache with pooling
-# (oslo_cache.memcache_pool) is recommended. For environments with
-# less than 100 threaded servers, Memcached (dogpile.cache.memcached)
-# or Redis (dogpile.cache.redis) is recommended. Test environments
-# with a single instance of the server can use the
-# dogpile.cache.memory backend. (string value)
-# Possible values:
-# oslo_cache.memcache_pool - <No description provided>
-# oslo_cache.dict - <No description provided>
-# oslo_cache.mongo - <No description provided>
-# oslo_cache.etcd3gw - <No description provided>
-# dogpile.cache.memcached - <No description provided>
-# dogpile.cache.pylibmc - <No description provided>
-# dogpile.cache.bmemcached - <No description provided>
-# dogpile.cache.dbm - <No description provided>
-# dogpile.cache.redis - <No description provided>
-# dogpile.cache.memory - <No description provided>
-# dogpile.cache.memory_pickle - <No description provided>
-# dogpile.cache.null - <No description provided>
-#backend = dogpile.cache.null
-
-# Arguments supplied to the backend module. Specify this option once
-# per argument to be passed to the dogpile.cache backend. Example
-# format: "<argname>:<value>". (multi valued)
-#backend_argument =
-
-# Proxy classes to import that will affect the way the dogpile.cache
-# backend functions. See the dogpile.cache documentation on changing-
-# backend-behavior. (list value)
-#proxies =
-
-# Global toggle for caching. (boolean value)
-#enabled = false
-
-# Extra debugging from the cache backend (cache keys,
-# get/set/delete/etc calls). This is only really useful if you need to
-# see the specific cache-backend get/set/delete calls with the
-# keys/values. Typically this should be left set to false. (boolean
-# value)
-#debug_cache_backend = false
-
-# Memcache servers in the format of "host:port".
-# (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
-# (list value)
-#memcache_servers = localhost:11211
-
-# Number of seconds memcached server is considered dead before it is
-# tried again. (dogpile.cache.memcache and oslo_cache.memcache_pool
-# backends only). (integer value)
-#memcache_dead_retry = 300
-
-# Timeout in seconds for every call to a server.
-# (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
-# (integer value)
-#memcache_socket_timeout = 3
-
-# Max total number of open connections to every memcached server.
-# (oslo_cache.memcache_pool backend only). (integer value)
-#memcache_pool_maxsize = 10
-
-# Number of seconds a connection to memcached is held unused in the
-# pool before it is closed. (oslo_cache.memcache_pool backend only).
-# (integer value)
-#memcache_pool_unused_timeout = 60
-
-# Number of seconds that an operation will wait to get a memcache
-# client connection. (integer value)
-#memcache_pool_connection_get_timeout = 10
-
-
[cells]
#
# DEPRECATED: Cells options allow you to use cells v1 functionality in
@@ -8317,6 +8238,13 @@
{%- endfor %}
{%- endif %}
+{%- if compute.get('pci', {}).get('passthrough_whitelist', false) %}
+ {%- for item in compute.pci.passthrough_whitelist %}
+passthrough_whitelist = {{ item | json }}
+ {%- endfor %}
+{%- endif %}
+
+
[placement]
#
@@ -9252,6 +9180,16 @@
# middleware.
# (boolean value)
#send_service_user_token = false
+{%- if compute.get('service_user', {}).get('enabled', True) %}
+send_service_user_token = True
+ {%- if compute.service_user is defined %}
+ {%- set _data=compute.service_user %}
+ {%- else %}
+ {%- set _data=compute.identity %}
+ {%- endif %}
+{%- if not _data.port == '5000' %}{% do _data.update({'port': '5000'}) %}{% endif %}
+{%- include "oslo_templates/files/queens/keystoneauth/_type_" + auth_type + ".conf" %}
+{%- else %}
# PEM encoded Certificate Authority to use when verifying HTTPs
# connections. (string value)
@@ -9335,6 +9273,7 @@
# Tenant Name (string value)
#tenant_name = <None>
+{%- endif %}
[spice]
diff --git a/nova/files/queens/nova-controller.conf.Debian b/nova/files/queens/nova-controller.conf.Debian
index 2f15f22..e38313e 100644
--- a/nova/files/queens/nova-controller.conf.Debian
+++ b/nova/files/queens/nova-controller.conf.Debian
@@ -423,6 +423,9 @@
# (integer value)
# Minimum value: 0
#timeout_nbd = 10
+{%- if controller.timeout_nbd is defined %}
+timeout_nbd = {{ controller.timeout_nbd }}
+{%- endif %}
#
# Location of cached images.
@@ -885,6 +888,9 @@
# * Any value <=0 will disable the sync. This is not recommended.
# (integer value)
#heal_instance_info_cache_interval = 60
+{%- if controller.heal_instance_info_cache_interval is defined %}
+heal_instance_info_cache_interval = {{ controller.heal_instance_info_cache_interval }}
+{%- endif %}
#
# Interval for reclaiming deleted instances.
@@ -1093,7 +1099,11 @@
# * Any positive integer in seconds: Enables the option.
# (integer value)
# Minimum value: 0
+{%- if controller.instance_build_timeout is defined %}
+instance_build_timeout = {{ controller.instance_build_timeout }}
+{%- else %}
#instance_build_timeout = 0
+{%- endif %}
#
# Interval to wait before un-rescuing an instance stuck in RESCUE.
@@ -3730,96 +3740,11 @@
[cache]
-#
-# From nova.conf
-#
{%- if controller.cache is defined %}
-backend = oslo_cache.memcache_pool
-enabled = true
-memcache_servers={%- for member in controller.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
+{%- set _data = controller.cache %}
+{%- include "oslo_templates/files/queens/oslo/_cache.conf" %}
{%- endif %}
-# Prefix for building the configuration dictionary for the cache
-# region. This should not need to be changed unless there is another
-# dogpile.cache region with the same configuration name. (string
-# value)
-#config_prefix = cache.oslo
-
-# Default TTL, in seconds, for any cached item in the dogpile.cache
-# region. This applies to any cached method that doesn't have an
-# explicit cache expiration time defined for it. (integer value)
-#expiration_time = 600
-
-# Cache backend module. For eventlet-based or environments with
-# hundreds of threaded servers, Memcache with pooling
-# (oslo_cache.memcache_pool) is recommended. For environments with
-# less than 100 threaded servers, Memcached (dogpile.cache.memcached)
-# or Redis (dogpile.cache.redis) is recommended. Test environments
-# with a single instance of the server can use the
-# dogpile.cache.memory backend. (string value)
-# Possible values:
-# oslo_cache.memcache_pool - <No description provided>
-# oslo_cache.dict - <No description provided>
-# oslo_cache.mongo - <No description provided>
-# oslo_cache.etcd3gw - <No description provided>
-# dogpile.cache.memcached - <No description provided>
-# dogpile.cache.pylibmc - <No description provided>
-# dogpile.cache.bmemcached - <No description provided>
-# dogpile.cache.dbm - <No description provided>
-# dogpile.cache.redis - <No description provided>
-# dogpile.cache.memory - <No description provided>
-# dogpile.cache.memory_pickle - <No description provided>
-# dogpile.cache.null - <No description provided>
-#backend = dogpile.cache.null
-
-# Arguments supplied to the backend module. Specify this option once
-# per argument to be passed to the dogpile.cache backend. Example
-# format: "<argname>:<value>". (multi valued)
-#backend_argument =
-
-# Proxy classes to import that will affect the way the dogpile.cache
-# backend functions. See the dogpile.cache documentation on changing-
-# backend-behavior. (list value)
-#proxies =
-
-# Global toggle for caching. (boolean value)
-#enabled = false
-
-# Extra debugging from the cache backend (cache keys,
-# get/set/delete/etc calls). This is only really useful if you need to
-# see the specific cache-backend get/set/delete calls with the
-# keys/values. Typically this should be left set to false. (boolean
-# value)
-#debug_cache_backend = false
-
-# Memcache servers in the format of "host:port".
-# (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
-# (list value)
-#memcache_servers = localhost:11211
-
-# Number of seconds memcached server is considered dead before it is
-# tried again. (dogpile.cache.memcache and oslo_cache.memcache_pool
-# backends only). (integer value)
-#memcache_dead_retry = 300
-
-# Timeout in seconds for every call to a server.
-# (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
-# (integer value)
-#memcache_socket_timeout = 3
-
-# Max total number of open connections to every memcached server.
-# (oslo_cache.memcache_pool backend only). (integer value)
-#memcache_pool_maxsize = 10
-
-# Number of seconds a connection to memcached is held unused in the
-# pool before it is closed. (oslo_cache.memcache_pool backend only).
-# (integer value)
-#memcache_pool_unused_timeout = 60
-
-# Number of seconds that an operation will wait to get a memcache
-# client connection. (integer value)
-#memcache_pool_connection_get_timeout = 10
-
[cells]
#
@@ -8174,6 +8099,13 @@
{%- endfor %}
{%- endif %}
+{%- if controller.get('pci', {}).get('passthrough_whitelist', false) %}
+ {%- for item in controller.pci.passthrough_whitelist %}
+passthrough_whitelist = {{ item | json }}
+ {%- endfor %}
+{%- endif %}
+
+
[placement]
{%- set _data = controller.identity %}
@@ -8969,6 +8901,16 @@
# middleware.
# (boolean value)
#send_service_user_token = false
+{%- if controller.get('service_user', {}).get('enabled', True) %}
+send_service_user_token = True
+ {%- if controller.service_user is defined %}
+ {%- set _data=controller.service_user %}
+ {%- else %}
+ {%- set _data=controller.identity %}
+ {%- endif %}
+{%- if not _data.port == '5000' %}{% do _data.update({'port': '5000'}) %}{% endif %}
+{%- include "oslo_templates/files/queens/keystoneauth/_type_" + auth_type + ".conf" %}
+{%- else %}
# PEM encoded Certificate Authority to use when verifying HTTPs
# connections. (string value)
@@ -9052,6 +8994,7 @@
# Tenant Name (string value)
#tenant_name = <None>
+{%- endif %}
[spice]
diff --git a/nova/files/rocky/nova-compute.conf.Debian b/nova/files/rocky/nova-compute.conf.Debian
index 819ad84..4621588 100644
--- a/nova/files/rocky/nova-compute.conf.Debian
+++ b/nova/files/rocky/nova-compute.conf.Debian
@@ -319,6 +319,9 @@
# Amount of time, in seconds, to wait for NBD device start up. (integer value)
# Minimum value: 0
#timeout_nbd = 10
+{%- if compute.timeout_nbd is defined %}
+timeout_nbd = {{ compute.timeout_nbd }}
+{%- endif %}
#
# Location of cached images.
@@ -3220,88 +3223,11 @@
[cache]
-
-#
-# From nova.conf
-#
-
{%- if compute.cache is defined %}
-# Global toggle for caching. (boolean value)
-enabled = true
-
-# Cache backend module. For eventlet-based or environments with hundreds of
-# threaded servers, Memcache with pooling (oslo_cache.memcache_pool) is
-# recommended. For environments with less than 100 threaded servers, Memcached
-# (dogpile.cache.memcached) or Redis (dogpile.cache.redis) is recommended. Test
-# environments with a single instance of the server can use the
-# dogpile.cache.memory backend. (string value)
-# Possible values:
-# oslo_cache.memcache_pool - <No description provided>
-# oslo_cache.dict - <No description provided>
-# oslo_cache.mongo - <No description provided>
-# oslo_cache.etcd3gw - <No description provided>
-# dogpile.cache.memcached - <No description provided>
-# dogpile.cache.pylibmc - <No description provided>
-# dogpile.cache.bmemcached - <No description provided>
-# dogpile.cache.dbm - <No description provided>
-# dogpile.cache.redis - <No description provided>
-# dogpile.cache.memory - <No description provided>
-# dogpile.cache.memory_pickle - <No description provided>
-# dogpile.cache.null - <No description provided>
-backend = oslo_cache.memcache_pool
-
-# Memcache servers in the format of "host:port". (dogpile.cache.memcache and
-# oslo_cache.memcache_pool backends only). (list value)
-memcache_servers = {%- for member in compute.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
+{%- set _data = compute.cache %}
+{%- include "oslo_templates/files/" ~ compute.version ~ "/oslo/_cache.conf" %}
{%- endif %}
-# Prefix for building the configuration dictionary for the cache region. This
-# should not need to be changed unless there is another dogpile.cache region
-# with the same configuration name. (string value)
-#config_prefix = cache.oslo
-
-# Default TTL, in seconds, for any cached item in the dogpile.cache region. This
-# applies to any cached method that doesn't have an explicit cache expiration
-# time defined for it. (integer value)
-#expiration_time = 600
-
-# Arguments supplied to the backend module. Specify this option once per
-# argument to be passed to the dogpile.cache backend. Example format:
-# "<argname>:<value>". (multi valued)
-#backend_argument =
-
-# Proxy classes to import that will affect the way the dogpile.cache backend
-# functions. See the dogpile.cache documentation on changing-backend-behavior.
-# (list value)
-#proxies =
-
-# Extra debugging from the cache backend (cache keys, get/set/delete/etc calls).
-# This is only really useful if you need to see the specific cache-backend
-# get/set/delete calls with the keys/values. Typically this should be left set
-# to false. (boolean value)
-#debug_cache_backend = false
-
-# Number of seconds memcached server is considered dead before it is tried
-# again. (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
-# (integer value)
-#memcache_dead_retry = 300
-
-# Timeout in seconds for every call to a server. (dogpile.cache.memcache and
-# oslo_cache.memcache_pool backends only). (floating point value)
-#memcache_socket_timeout = 3.0
-
-# Max total number of open connections to every memcached server.
-# (oslo_cache.memcache_pool backend only). (integer value)
-#memcache_pool_maxsize = 10
-
-# Number of seconds a connection to memcached is held unused in the pool before
-# it is closed. (oslo_cache.memcache_pool backend only). (integer value)
-#memcache_pool_unused_timeout = 60
-
-# Number of seconds that an operation will wait to get a memcache client
-# connection. (integer value)
-#memcache_pool_connection_get_timeout = 10
-
[cells]
#
@@ -7516,6 +7442,12 @@
{%- endfor %}
{%- endif %}
+{%- if compute.get('pci', {}).get('passthrough_whitelist', false) %}
+ {%- for item in compute.pci.passthrough_whitelist %}
+passthrough_whitelist = {{ item | json }}
+ {%- endfor %}
+{%- endif %}
+
[placement]
@@ -8580,6 +8512,16 @@
# middleware.
# (boolean value)
#send_service_user_token = false
+{%- if compute.get('service_user', {}).get('enabled', True) %}
+send_service_user_token = True
+ {%- if compute.service_user is defined %}
+ {%- set _data=compute.service_user %}
+ {%- else %}
+ {%- set _data=compute.identity %}
+ {%- endif %}
+{%- if not _data.port == '5000' %}{% do _data.update({'port': '5000'}) %}{% endif %}
+{%- include "oslo_templates/files/" ~ compute.version ~ "/keystoneauth/_type_" + auth_type + ".conf" %}
+{%- else %}
# PEM encoded Certificate Authority to use when verifying HTTPs connections.
# (string value)
@@ -8668,6 +8610,7 @@
# Tenant Name (string value)
#tenant_name = <None>
+{%- endif %}
[spice]
diff --git a/nova/files/rocky/nova-controller.conf.Debian b/nova/files/rocky/nova-controller.conf.Debian
index 63810ad..bbb411f 100644
--- a/nova/files/rocky/nova-controller.conf.Debian
+++ b/nova/files/rocky/nova-controller.conf.Debian
@@ -313,6 +313,9 @@
# Amount of time, in seconds, to wait for NBD device start up. (integer value)
# Minimum value: 0
#timeout_nbd = 10
+{%- if controller.timeout_nbd is defined %}
+timeout_nbd = {{ controller.timeout_nbd }}
+{%- endif %}
#
# Location of cached images.
@@ -736,6 +739,9 @@
# * Any value <=0 will disable the sync. This is not recommended.
# (integer value)
#heal_instance_info_cache_interval = 60
+{%- if controller.heal_instance_info_cache_interval is defined %}
+heal_instance_info_cache_interval = {{ controller.heal_instance_info_cache_interval }}
+{%- endif %}
#
# Interval for reclaiming deleted instances.
@@ -2673,6 +2679,7 @@
# * The full path to a directory. Defaults to value provided in ``pybasedir``.
# (string value)
#state_path = $pybasedir
+state_path = /var/lib/nova
#
# This option allows setting an alternate timeout value for RPC calls
@@ -3211,88 +3218,11 @@
[cache]
-
-#
-# From nova.conf
-#
-
{%- if controller.cache is defined %}
-# Global toggle for caching. (boolean value)
-enabled = true
-
-# Cache backend module. For eventlet-based or environments with hundreds of
-# threaded servers, Memcache with pooling (oslo_cache.memcache_pool) is
-# recommended. For environments with less than 100 threaded servers, Memcached
-# (dogpile.cache.memcached) or Redis (dogpile.cache.redis) is recommended. Test
-# environments with a single instance of the server can use the
-# dogpile.cache.memory backend. (string value)
-# Possible values:
-# oslo_cache.memcache_pool - <No description provided>
-# oslo_cache.dict - <No description provided>
-# oslo_cache.mongo - <No description provided>
-# oslo_cache.etcd3gw - <No description provided>
-# dogpile.cache.memcached - <No description provided>
-# dogpile.cache.pylibmc - <No description provided>
-# dogpile.cache.bmemcached - <No description provided>
-# dogpile.cache.dbm - <No description provided>
-# dogpile.cache.redis - <No description provided>
-# dogpile.cache.memory - <No description provided>
-# dogpile.cache.memory_pickle - <No description provided>
-# dogpile.cache.null - <No description provided>
-backend = oslo_cache.memcache_pool
-
-# Memcache servers in the format of "host:port". (dogpile.cache.memcache and
-# oslo_cache.memcache_pool backends only). (list value)
-memcache_servers = {%- for member in controller.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
+{%- set _data = controller.cache %}
+{%- include "oslo_templates/files/" ~ controller.version ~ "/oslo/_cache.conf" %}
{%- endif %}
-# Prefix for building the configuration dictionary for the cache region. This
-# should not need to be changed unless there is another dogpile.cache region
-# with the same configuration name. (string value)
-#config_prefix = cache.oslo
-
-# Default TTL, in seconds, for any cached item in the dogpile.cache region. This
-# applies to any cached method that doesn't have an explicit cache expiration
-# time defined for it. (integer value)
-#expiration_time = 600
-
-# Arguments supplied to the backend module. Specify this option once per
-# argument to be passed to the dogpile.cache backend. Example format:
-# "<argname>:<value>". (multi valued)
-#backend_argument =
-
-# Proxy classes to import that will affect the way the dogpile.cache backend
-# functions. See the dogpile.cache documentation on changing-backend-behavior.
-# (list value)
-#proxies =
-
-# Extra debugging from the cache backend (cache keys, get/set/delete/etc calls).
-# This is only really useful if you need to see the specific cache-backend
-# get/set/delete calls with the keys/values. Typically this should be left set
-# to false. (boolean value)
-#debug_cache_backend = false
-
-# Number of seconds memcached server is considered dead before it is tried
-# again. (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
-# (integer value)
-#memcache_dead_retry = 300
-
-# Timeout in seconds for every call to a server. (dogpile.cache.memcache and
-# oslo_cache.memcache_pool backends only). (floating point value)
-#memcache_socket_timeout = 3.0
-
-# Max total number of open connections to every memcached server.
-# (oslo_cache.memcache_pool backend only). (integer value)
-#memcache_pool_maxsize = 10
-
-# Number of seconds a connection to memcached is held unused in the pool before
-# it is closed. (oslo_cache.memcache_pool backend only). (integer value)
-#memcache_pool_unused_timeout = 60
-
-# Number of seconds that an operation will wait to get a memcache client
-# connection. (integer value)
-#memcache_pool_connection_get_timeout = 10
-
[cells]
#
@@ -7333,6 +7263,12 @@
{%- endfor %}
{%- endif %}
+{%- if controller.get('pci', {}).get('passthrough_whitelist', false) %}
+ {%- for item in controller.pci.passthrough_whitelist %}
+passthrough_whitelist = {{ item | json }}
+ {%- endfor %}
+{%- endif %}
+
[placement]
@@ -8296,6 +8232,16 @@
# middleware.
# (boolean value)
#send_service_user_token = false
+{%- if controller.get('service_user', {}).get('enabled', True) %}
+send_service_user_token = True
+ {%- if controller.service_user is defined %}
+ {%- set _data=controller.service_user %}
+ {%- else %}
+ {%- set _data=controller.identity %}
+ {%- endif %}
+{%- if not _data.port == '5000' %}{% do _data.update({'port': '5000'}) %}{% endif %}
+{%- include "oslo_templates/files/" ~ controller.version ~ "/keystoneauth/_type_" + auth_type + ".conf" %}
+{%- else %}
# PEM encoded Certificate Authority to use when verifying HTTPs connections.
# (string value)
@@ -8384,6 +8330,7 @@
# Tenant Name (string value)
#tenant_name = <None>
+{%- endif %}
[spice]
diff --git a/nova/map.jinja b/nova/map.jinja
index b5a71d6..21fb923 100644
--- a/nova/map.jinja
+++ b/nova/map.jinja
@@ -299,19 +299,5 @@
'warn': '15%',
'crit': '5%',
},
- 'error_log_rate': {
- 'warn': 0.2,
- },
- 'services_failed_warning_threshold_percent': 0.3,
- 'services_failed_critical_threshold_percent': 0.6,
- 'computes_failed_warning_threshold_percent': 0.25,
- 'computes_failed_critical_threshold_percent': 0.5,
- 'cpu_minor_threshold': 0.85,
- 'cpu_major_threshold': 0.95,
- 'ram_major_threshold': 0.85,
- 'ram_critical_threshold': 0.95,
- 'disk_major_threshold': 0.85,
- 'disk_critical_threshold': 0.95,
- 'endpoint_failed_major_threshold': 0.5,
},
}, grain='os_family', merge=salt['pillar.get']('nova:monitoring')) %}
diff --git a/nova/meta/prometheus.yml b/nova/meta/prometheus.yml
index 001a9ea..fbebd2d 100644
--- a/nova/meta/prometheus.yml
+++ b/nova/meta/prometheus.yml
@@ -1,4 +1,4 @@
-{% from "nova/map.jinja" import controller, compute, monitoring with context %}
+{% from "nova/map.jinja" import controller, compute with context %}
{%- set is_controller = controller.get('enabled', False) %}
{%- set is_compute = compute.get('enabled', False) %}
@@ -30,11 +30,6 @@
server:
alert:
{%- if is_controller %}
-{%- set minor_threshold = monitoring.services_failed_warning_threshold_percent|float %}
-{%- set major_threshold = monitoring.services_failed_critical_threshold_percent|float %}
-{%- set minor_compute_threshold = monitoring.computes_failed_warning_threshold_percent|float %}
-{%- set major_compute_threshold = monitoring.computes_failed_critical_threshold_percent|float %}
-{%- set major_endpoint_threshold = monitoring.endpoint_failed_major_threshold|float %}
{% raw %}
NovaApiOutage:
if: >-
@@ -67,18 +62,17 @@
summary: "nova-api endpoint is not accessible"
description: >-
The nova-api endpoint on the {{ $labels.host }} node is not accessible for 2 minutes.
-{%- endraw %}
NovaApiEndpointsDownMajor:
if: >-
- count(http_response_status{name=~"nova-api"} == 0) >= count(http_response_status{name=~"nova-api"}) * {{ major_endpoint_threshold }}
+ count(http_response_status{name=~"nova-api"} == 0) >= count(http_response_status{name=~"nova-api"}) * 0.6
for: 2m
labels:
severity: major
service: nova
annotations:
- summary: "{{major_endpoint_threshold * 100}}% of nova-api endpoints are not accessible"
+ summary: "60% of nova-api endpoints are not accessible"
description: >-
- {% raw %}{{ $value }} nova-api endpoints (>= {% endraw %} {{major_endpoint_threshold * 100}}{% raw %}%) are not accessible for 2 minutes.
+ More than 60% of nova-api endpoints are not accessible for 2 minutes.
NovaApiEndpointsOutage:
if: >-
count(http_response_status{name=~"nova-api"} == 0) == count(http_response_status{name=~"nova-api"})
@@ -100,47 +94,46 @@
summary: "{{ $labels.binary }} service is down"
description: >-
The {{ $labels.binary }} service on the {{ $labels.hostname }} node is down.
-{%- endraw %}
NovaServicesDownMinor:
if: >-
- count(openstack_nova_service_state{binary!~"nova-compute"} == 0) by (binary) >= on (binary) count(openstack_nova_service_state{binary!~"nova-compute"}) by (binary) * {{minor_threshold}}
+ count(openstack_nova_service_state{binary!~"nova-compute"} == 0) by (binary) >= on (binary) count(openstack_nova_service_state{binary!~"nova-compute"}) by (binary) * 0.3
labels:
severity: minor
service: nova
annotations:
- summary: "{{minor_threshold * 100}}%{%- raw %} of {{ $labels.binary }} services are down"
+ summary: "30% of {{ $labels.binary }} services are down"
description: >-
- {{ $value }} {{ $labels.binary }} services (>= {%- endraw %} {{minor_threshold * 100}}%) are down.
+ More than 30% {{ $labels.binary }} services are down.
NovaComputeServicesDownMinor:
if: >-
- count(openstack_nova_service_state{binary="nova-compute"} == 0) >= count(openstack_nova_service_state{binary="nova-compute"}) * {{minor_compute_threshold}}
+ count(openstack_nova_service_state{binary="nova-compute"} == 0) >= count(openstack_nova_service_state{binary="nova-compute"}) * 0.25
labels:
severity: minor
service: nova
annotations:
- summary: "{{minor_compute_threshold * 100}}%{%- raw %} of nova-compute services are down"
+ summary: "More than 25% of nova-compute services are down"
description: >-
- {{ $value }} nova-compute services (>= {%- endraw %} {{minor_compute_threshold * 100}}%) are down.
+ More than 25% of nova-compute services are down.
NovaServicesDownMajor:
if: >-
- count(openstack_nova_service_state{binary!~"nova-compute"} == 0) by (binary) >= on (binary) count(openstack_nova_service_state{binary!~"nova-compute"}) by (binary) * {{major_threshold}}
+ count(openstack_nova_service_state{binary!~"nova-compute"} == 0) by (binary) >= on (binary) count(openstack_nova_service_state{binary!~"nova-compute"}) by (binary) * 0.6
labels:
severity: major
service: nova
annotations:
- summary: "{{major_threshold * 100}}%{%- raw %} of {{ $labels.binary }} services are down"
+ summary: "More than 60% of {{ $labels.binary }} services are down"
description: >-
- {{ $value }} {{ $labels.binary }} services (>= {%- endraw %} {{major_threshold * 100}}%) are down.
+ More than 60% of {{ $labels.binary }} services are down.
NovaComputeServicesDownMajor:
if: >-
- count(openstack_nova_service_state{binary="nova-compute"} == 0) >= count(openstack_nova_service_state{binary="nova-compute"}) * {{major_compute_threshold}}
+ count(openstack_nova_service_state{binary="nova-compute"} == 0) >= count(openstack_nova_service_state{binary="nova-compute"}) * 0.5
labels:
severity: major
service: nova
annotations:
- summary: "{{major_compute_threshold * 100}}%{%- raw %} of nova-compute services are down"
+ summary: "More than 50% of nova-compute services are down"
description: >-
- {{ $value }} nova-compute services (>= {%- endraw %} {{major_compute_threshold * 100}}{%- raw %}%) are down.
+ More than 50% of nova-compute services are down.
NovaServiceOutage:
if: >-
count(openstack_nova_service_state == 0) by (binary) == on (binary) count(openstack_nova_service_state) by (binary)
@@ -152,168 +145,17 @@
description: >-
All {{ $labels.binary }} services are down.
{%- endraw %}
-{%- set cpu_minor_threshold = monitoring.cpu_minor_threshold|float %}
-{%- set cpu_major_threshold = monitoring.cpu_major_threshold|float %}
-{%- set ram_major_threshold = monitoring.ram_major_threshold|float %}
-{%- set ram_critical_threshold = monitoring.ram_critical_threshold|float %}
-{%- set disk_major_threshold = monitoring.disk_major_threshold|float %}
-{%- set disk_critical_threshold = monitoring.disk_critical_threshold|float %}
- NovaHypervisorVCPUsFullMinor:
- if: >-
- label_replace(system_load15, "hostname", "$1", "host", "(.*)") > on (hostname) openstack_nova_vcpus * {{ cpu_minor_threshold }}
- labels:
- severity: minor
- service: nova
- annotations:
- summary: "{{ cpu_minor_threshold * 100 }}% of hypervisor VCPUs are used"
- description: "{% raw %}{{ $value }} VCPUs on the {{ $labels.hostname }} node (> {% endraw %} {{ cpu_minor_threshold * 100 }}%) are used."
- NovaHypervisorVCPUsFullMajor:
- if: >-
- label_replace(system_load15, "hostname", "$1", "host", "(.*)") > on (hostname) openstack_nova_vcpus * {{ cpu_major_threshold }}
- labels:
- severity: major
- service: nova
- annotations:
- summary: "{{ cpu_major_threshold * 100 }}% of hypervisor VCPUs are used"
- description: "{% raw %}{{ $value }} VCPUs on the {{ $labels.hostname }} node (> {% endraw %} {{ cpu_major_threshold * 100 }}%) are used."
- NovaHypervisorMemoryFullMajor:
- if: >-
- openstack_nova_used_ram > openstack_nova_ram * {{ ram_major_threshold }}
- labels:
- severity: major
- service: nova
- annotations:
- summary: "{{ ram_major_threshold * 100 }}% of hypervisor RAM is used"
- description: "{% raw %}{{ $value }}MB of RAM on the {{ $labels.hostname }} node (> {% endraw %} {{ ram_major_threshold * 100 }}%) is used."
- NovaHypervisorMemoryFullCritical:
- if: >-
- openstack_nova_used_ram > openstack_nova_ram * {{ ram_critical_threshold }}
- labels:
- severity: critical
- service: nova
- annotations:
- summary: "{{ ram_critical_threshold * 100 }}% of hypervisor RAM is used"
- description: "{% raw %}{{ $value }}MB of RAM on the {{ $labels.hostname }} node (> {% endraw %} {{ ram_critical_threshold * 100 }}%) is used."
- NovaHypervisorDiskFullMajor:
- if: >-
- openstack_nova_used_disk > openstack_nova_disk * {{ disk_major_threshold }}
- labels:
- severity: major
- service: nova
- annotations:
- summary: "{{ disk_major_threshold * 100 }}% of hypervisor disk space is used"
- description: "{% raw %}{{ $value }}GB of disk space on the {{ $labels.hostname }} node (> {% endraw %} {{ disk_major_threshold * 100 }}%) is used."
- NovaHypervisorDiskFullCritical:
- if: >-
- openstack_nova_used_disk > openstack_nova_disk * {{ disk_critical_threshold }}
- labels:
- severity: critical
- service: nova
- annotations:
- summary: "{{ disk_critical_threshold * 100 }}% of hypervisor disk space is used"
- description: "{% raw %}{{ $value }}GB of disk space on the {{ $labels.hostname }} node (> {% endraw %} {{ disk_critical_threshold * 100 }}%) is used."
- NovaAggregateMemoryFullMajor:
- if: >-
- openstack_nova_aggregate_used_ram > openstack_nova_aggregate_ram * {{ ram_major_threshold }}
- labels:
- severity: major
- service: nova
- annotations:
- summary: "{{ ram_major_threshold * 100 }}% of aggregate RAM is used"
- description: "{% raw %}{{ $value }}MB of RAM on the {{ $labels.aggregate }} aggregate (> {% endraw %} {{ ram_major_threshold * 100 }}%) is used."
- NovaAggregateMemoryFullCritical:
- if: >-
- openstack_nova_aggregate_used_ram > openstack_nova_aggregate_ram * {{ ram_critical_threshold }}
- labels:
- severity: critical
- service: nova
- annotations:
- summary: "{{ ram_critical_threshold * 100 }}% of aggregate RAM is used"
- description: "{% raw %}{{ $value }}MB of RAM on the {{ $labels.aggregate }} aggregate (> {% endraw %} {{ ram_critical_threshold * 100 }}%) is used."
- NovaAggregateDiskFullMajor:
- if: >-
- openstack_nova_aggregate_used_disk > openstack_nova_aggregate_disk * {{ disk_major_threshold }}
- labels:
- severity: major
- service: nova
- annotations:
- summary: "{{ disk_major_threshold * 100 }}% of aggregate disk space is used"
- description: "{% raw %}{{ $value }}GB of disk space on the {{ $labels.aggregate }} aggregate (> {% endraw %} {{ disk_major_threshold * 100 }}%) is used."
- NovaAggregateDiskFullCritical:
- if: >-
- openstack_nova_aggregate_used_disk > openstack_nova_aggregate_disk * {{ disk_critical_threshold }}
- labels:
- severity: critical
- service: nova
- annotations:
- summary: "{{ disk_critical_threshold * 100 }}% of aggregate disk space is used"
- description: "{% raw %}{{ $value }}GB of disk space on the {{ $labels.aggregate }} aggregate (> {% endraw %} {{ disk_critical_threshold * 100 }}%) is used."
- NovaTotalVCPUsFullMinor:
- if: >-
- sum(label_replace(system_load15, "hostname", "$1", "host", "(.*)") and on (hostname) openstack_nova_vcpus) > max(sum(openstack_nova_vcpus) by (instance)) * {{ cpu_minor_threshold }}
- labels:
- severity: minor
- service: nova
- annotations:
- summary: "{{ cpu_minor_threshold * 100 }}% of cloud VCPUs are used"
- description: "{% raw %}{{ $value }} VCPUs in the cloud (> {% endraw %} {{ cpu_minor_threshold * 100 }}%) are used."
- NovaTotalVCPUsFullMajor:
- if: >-
- sum(label_replace(system_load15, "hostname", "$1", "host", "(.*)") and on (hostname) openstack_nova_vcpus) > max(sum(openstack_nova_vcpus) by (instance)) * {{ cpu_major_threshold }}
- labels:
- severity: major
- service: nova
- annotations:
- summary: "{{ cpu_major_threshold * 100 }}% of cloud VCPUs are used"
- description: "{% raw %}{{ $value }} VCPUs in the cloud (> {% endraw %} {{ cpu_major_threshold * 100 }}%) are used."
- NovaTotalMemoryFullMajor:
- if: >-
- openstack_nova_total_used_ram > openstack_nova_total_ram * {{ ram_major_threshold }}
- labels:
- severity: major
- service: nova
- annotations:
- summary: "{{ ram_major_threshold * 100 }}% of cloud RAM is used"
- description: "{% raw %}{{ $value }}MB of RAM in the cloud (> {% endraw %} {{ ram_major_threshold * 100 }}%) is used."
- NovaTotalMemoryFullCritical:
- if: >-
- openstack_nova_total_used_ram > openstack_nova_total_ram * {{ ram_critical_threshold }}
- labels:
- severity: critical
- service: nova
- annotations:
- summary: "{{ ram_critical_threshold * 100 }}% of cloud RAM is used"
- description: "{% raw %}{{ $value }}MB of RAM in the cloud (> {% endraw %} {{ ram_critical_threshold * 100 }}%) is used."
- NovaTotalDiskFullMajor:
- if: >-
- openstack_nova_total_used_disk > openstack_nova_total_disk * {{ disk_major_threshold }}
- labels:
- severity: major
- service: nova
- annotations:
- summary: "{{ disk_major_threshold * 100 }}% of cloud disk space is used"
- description: "{% raw %}{{ $value }}GB of disk space in the cloud (> {% endraw %} {{ disk_major_threshold * 100 }}%) is used."
- NovaTotalDiskFullCritical:
- if: >-
- openstack_nova_total_used_disk > openstack_nova_total_disk * {{ disk_critical_threshold }}
- labels:
- severity: critical
- service: nova
- annotations:
- summary: "{{ disk_critical_threshold * 100 }}% of cloud disk space is used"
- description: "{% raw %}{{ $value }}GB of disk space in the cloud (> {% endraw %} {{ disk_critical_threshold * 100 }}%) is used."
{%- endif %}
- NovaErrorLogsTooHigh:
- {%- set log_threshold = monitoring.error_log_rate.warn|float %}
- if: >-
- sum(rate(log_messages{service="nova",level=~"(?i:(error|emergency|fatal))"}[5m])) without (level) > {{ log_threshold }}
{%- raw %}
+ NovaErrorLogsTooHigh:
+ if: >-
+ sum(rate(log_messages{service="nova",level=~"(?i:(error|emergency|fatal))"}[5m])) without (level) > 0.2
labels:
severity: warning
service: nova
annotations:
summary: "High number of errors in Nova logs"
- description: "The average per-second rate of errors in Nova logs on the {{ $labels.host }} node is {{ $value }} (as measured over the last 5 minutes)."
+ description: "The average rate of errors in Nova logs on the {{ $labels.host }} node is more than 0.2 error messages per second (as measured over the last 5 minutes)."
{%- endraw %}
{%- if is_compute and exporters is defined %}
{%- raw %}
diff --git a/nova/upgrade/pre/init.sls b/nova/upgrade/pre/init.sls
index 9ed049a..0c5834e 100644
--- a/nova/upgrade/pre/init.sls
+++ b/nova/upgrade/pre/init.sls
@@ -16,7 +16,7 @@
/etc/nova/nova.conf:
file.managed:
- name: /etc/nova/nova.conf
- - source: salt://nova/files/{{ _data.version }}/nova-{{ type }}.conf.{{ grains.os_family }}
+ - source: salt://nova/files/{{ upgrade.old_release }}/nova-{{ type }}.conf.{{ grains.os_family }}
- template: jinja
{%- if controller.get('enabled') %}
diff --git a/nova/upgrade/upgrade/init.sls b/nova/upgrade/upgrade/init.sls
index 31f23f8..061e474 100644
--- a/nova/upgrade/upgrade/init.sls
+++ b/nova/upgrade/upgrade/init.sls
@@ -9,5 +9,7 @@
- nova.upgrade.service_stopped
- nova.upgrade.pkgs_latest
- nova.upgrade.render_config
+{%- if controller.get('enabled', False) %}
- nova.db.offline_sync
+{%- endif %}
- nova.upgrade.service_running
diff --git a/tests/pillar/compute_cluster.sls b/tests/pillar/compute_cluster.sls
index d1a4e82..79f5550 100644
--- a/tests/pillar/compute_cluster.sls
+++ b/tests/pillar/compute_cluster.sls
@@ -7,12 +7,14 @@
mount_points:
- path: /mnt/hugepages_1GB
disk_cachemodes: network=writeback,block=none
+ timeout_nbd: 10
heal_instance_info_cache_interval: 60
vncproxy_url: openstack:6080
report_interval: 60
vnc_keymap: en-gb
resume_guests_state_on_host_boot: True
preallocate_images: space
+ instance_build_timeout: 600
bind:
vnc_address: 127.0.0.1
vnc_port: 6080
diff --git a/tests/pillar/compute_cluster_vmware.sls b/tests/pillar/compute_cluster_vmware.sls
index 80954dd..4e57b01 100644
--- a/tests/pillar/compute_cluster_vmware.sls
+++ b/tests/pillar/compute_cluster_vmware.sls
@@ -21,6 +21,13 @@
user: nova
password: password
tenant: service
+ service_user:
+ enabled: True
+ user_domain_id: default
+ project_domain_id: default
+ project_name: service
+ username: nova
+ password: pswd
logging:
log_appender: false
log_handlers:
diff --git a/tests/pillar/compute_single.sls b/tests/pillar/compute_single.sls
index f92fa3b..2ba3222 100644
--- a/tests/pillar/compute_single.sls
+++ b/tests/pillar/compute_single.sls
@@ -2,6 +2,7 @@
compute:
version: newton
enabled: true
+ timeout_nbd: 10
heal_instance_info_cache_interval: 60
vncproxy_url: openstack:6080
vnc_keymap: en-gb
diff --git a/tests/pillar/compute_single_config_drive_options.sls b/tests/pillar/compute_single_config_drive_options.sls
index b64ea64..ae57794 100644
--- a/tests/pillar/compute_single_config_drive_options.sls
+++ b/tests/pillar/compute_single_config_drive_options.sls
@@ -2,6 +2,7 @@
compute:
version: queens
enabled: true
+ timeout_nbd: 10
heal_instance_info_cache_interval: 60
vncproxy_url: openstack:6080
vnc_keymap: en-gb
diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index c844124..cc88269 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls
@@ -12,6 +12,7 @@
ram_allocation_ratio: 1.5
disk_allocation_ratio: 1.0
workers: 8
+ instance_build_timeout: 600
bind:
private_address: 127.0.0.1
public_address: 127.0.0.1
@@ -24,6 +25,16 @@
name: nova
user: nova
password: password
+ idle_timeout: 180
+ min_pool_size: 100
+ max_pool_size: 700
+ max_overflow: 100
+ retry_interval: 5
+ max_retries: '-1'
+ db_max_retries: 3
+ db_retry_interval: 1
+ connection_debug: 10
+ pool_timeout: 120
identity:
engine: keystone
region: RegionOne
@@ -32,6 +43,14 @@
user: nova
password: password
tenant: service
+ service_user:
+ enabled: True
+ user_domain_id: default
+ project_domain_id: default
+ project_name: service
+ username: nova
+ password: pswd
+
logging:
log_appender: true
log_handlers:
diff --git a/tests/pillar/control_single.sls b/tests/pillar/control_single.sls
index 0872296..467d4b0 100644
--- a/tests/pillar/control_single.sls
+++ b/tests/pillar/control_single.sls
@@ -3,6 +3,8 @@
enabled: true
networking: contrail
version: queens
+ timeout_nbd: 10
+ heal_instance_info_cache_interval: 60
security_group: false
vncproxy_url: 127.0.0.1
vnc_keymap: en-gb
@@ -36,6 +38,16 @@
name: nova
user: nova
password: password
+ idle_timeout: 180
+ min_pool_size: 100
+ max_pool_size: 700
+ max_overflow: 100
+ retry_interval: 5
+ max_retries: '-1'
+ db_max_retries: 3
+ db_retry_interval: 1
+ connection_debug: 10
+ pool_timeout: 120
identity:
engine: keystone
region: RegionOne