| {%- set default_params = { |
| 'cacert_file': salt['grains.filter_by']({ |
| 'Debian': '/etc/ssl/certs/ca-certificates.crt', |
| 'RedHat': '/etc/pki/tls/certs/ca-bundle.crt' |
| })} |
| %} |
| |
| # TODO(vsaienko) add more drivers settings when they are templatized |
| {% set compute_driver_mapping = { |
| 'vmwareapi.VMwareVCDriver': 'vmware', |
| } %} |
| |
| {% set compute_bind_defaults = { |
| 'vnc_address': '10.0.0.10', |
| 'vnc_port': '6080', |
| 'vnc_name': 'cloud.domain.com', |
| 'vnc_protocol': 'http', |
| } %} |
| |
| {%- if grains.os_family == "Debian" %} |
| {%- set pkgs_list = [ 'nova-common', 'nova-consoleproxy', 'novnc', 'nova-api', 'nova-conductor', 'nova-consoleauth', 'nova-doc', 'nova-scheduler', 'python-novaclient', 'python-memcache', 'gettext-base', 'python-pycadf'] %} |
| {%- set services_list = ['nova-conductor', 'nova-api', 'nova-consoleauth', 'nova-scheduler', 'nova-novncproxy'] %} |
| {%- if pillar.nova.controller is defined and pillar.nova.controller.get('version',{}) in ["juno", "kilo", "liberty", "mitaka"] %} |
| {%- do pkgs_list.append('nova-cert') %} |
| {%- do services_list.append('nova-cert') %} |
| {%- endif %} |
| {%- endif %} |
| |
| {%- if grains.os_family == "RedHat" %} |
| {%- set pkgs_list = ['openstack-nova-novncproxy', 'python-nova', 'openstack-nova-api', 'openstack-nova-console', 'openstack-nova-scheduler', 'python-novaclient', 'openstack-nova-common', 'openstack-nova-conductor', 'python-pycadf'] %} |
| {%- set services_list = ['openstack-nova-conductor', 'openstack-nova-api', 'openstack-nova-consoleauth', 'openstack-nova-scheduler', 'openstack-nova-novncproxy'] %} |
| {%- if pillar.nova.controller is defined and pillar.nova.controller.get('version',{}) in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata"] %} |
| {%- do pkgs_list.append('openstack-nova-cert') %} |
| {%- do services_list.append('openstack-nova-cert') %} |
| {%- endif %} |
| {%- endif %} |
| |
| {% set controller = salt['grains.filter_by']({ |
| 'BaseDefaults': default_params, |
| 'Debian': { |
| 'pkgs': pkgs_list, |
| 'services': services_list, |
| 'debug': false, |
| 'notification': false, |
| 'cors': {}, |
| 'audit': { |
| 'enabled': false |
| }, |
| 'logging': { |
| 'app_name': 'nova', |
| 'log_appender': false, |
| 'log_handlers': { |
| 'watchedfile': { |
| 'enabled': true |
| } |
| } |
| }, |
| 'novncproxy': { |
| 'tls': { |
| 'enabled': false, |
| 'server': { |
| 'key_file': '/etc/pki/nova-novncproxy/server-key.pem', |
| 'cert_file': '/etc/pki/nova-novncproxy/server-cert.pem', |
| } |
| }, |
| 'vencrypt': { |
| 'tls': { |
| 'enabled': false, |
| 'key_file': '/etc/pki/nova-novncproxy/client-key.pem', |
| 'cert_file': '/etc/pki/nova-novncproxy/client-cert.pem', |
| 'ca_file': '/etc/pki/nova-novncproxy/ca-cert.pem', |
| } |
| } |
| }, |
| }, |
| 'RedHat': { |
| 'pkgs': pkgs_list, |
| 'services': services_list, |
| 'debug': false, |
| 'notification': false, |
| 'cors': {}, |
| 'audit': { |
| 'enabled': false |
| }, |
| 'logging': { |
| 'app_name': 'nova', |
| 'log_appender': false, |
| 'log_handlers': { |
| 'watchedfile': { |
| 'enabled': true |
| } |
| } |
| }, |
| 'novncproxy': { |
| 'tls': { |
| 'enabled': false, |
| 'server': { |
| 'key_file': '/etc/pki/nova-novncproxy/server-key.pem', |
| 'cert_file': '/etc/pki/nova-novncproxy/server-cert.pem', |
| } |
| }, |
| 'vencrypt': { |
| 'tls': { |
| 'enabled': false, |
| 'key_file': '/etc/pki/nova-novncproxy/client-key.pem', |
| 'cert_file': '/etc/pki/nova-novncproxy/client-cert.pem', |
| 'ca_file': '/etc/pki/nova-novncproxy/ca-cert.pem', |
| } |
| } |
| }, |
| }, |
| }, merge=pillar.nova.get('controller', {}), base='BaseDefaults') %} |
| |
| {% set upgrade = pillar.get('nova', {}).get('upgrade', {}) %} |
| {% set pin_level = pillar.get('nova', {}).get('upgrade', {}).get('old_release','') %} |
| |
| {% set upgrade_levels = salt['grains.filter_by']({ |
| 'Debian': { |
| 'upgrade_levels': { |
| 'compute': pin_level, |
| 'cells': pin_level, |
| 'intercell': pin_level, |
| 'cert': pin_level, |
| 'scheduler': pin_level, |
| 'conductor': pin_level, |
| 'console': pin_level, |
| 'consoleauth': pin_level, |
| 'network': pin_level, |
| 'baseapi': pin_level, |
| }, |
| }, |
| 'RedHat': { |
| 'upgrade_levels': { |
| 'compute': pin_level, |
| 'cells': pin_level, |
| 'intercell': pin_level, |
| 'cert': pin_level, |
| 'scheduler': pin_level, |
| 'conductor': pin_level, |
| 'console': pin_level, |
| 'consoleauth': pin_level, |
| 'network': pin_level, |
| 'baseapi': pin_level, |
| }, |
| }, |
| }) %} |
| |
| {% set client = salt['grains.filter_by']({ |
| 'Debian': { |
| 'pkgs': ['python-novaclient'] |
| }, |
| 'RedHat': { |
| 'pkgs': ['python-novaclient'] |
| }, |
| }, merge=pillar.nova.get('client', {})) %} |
| |
| {% set compute_network = salt['grains.filter_by']({ |
| 'default': { |
| 'dpdk': { |
| 'enabled': false, |
| }, |
| 'openvswitch': { |
| 'vhost_socket_dir': { |
| 'name': 'openvswitch-vhost', |
| 'path': '/run/openvswitch-vhost', |
| }, |
| }, |
| 'region': 'RegionOne', |
| }, |
| }, merge=salt['pillar.get']('linux:network'), base='default') %} |
| |
| {%- load_yaml as compute_defaults %} |
| BaseDefaults: {{ default_params }} |
| Debian: |
| pkgs: |
| - nova-common |
| - nova-compute-kvm |
| - python-novaclient |
| - pm-utils |
| - sysfsutils |
| - sg3-utils |
| - python-memcache |
| - python-guestfs |
| - gettext-base |
| services: |
| - nova-compute |
| libvirt_config: libvirtd.conf |
| {# Since Openstack Pike Libvirt 3.6 package is installed, it requires different file name for environment file #} |
| {%- if pillar.nova.compute is defined and pillar.nova.compute.version not in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata"] %} |
| libvirt_bin: "/etc/default/libvirtd" |
| {%- else %} |
| libvirt_bin: "/etc/default/libvirt-bin" |
| {%- endif %} |
| libvirt_service: libvirt-bin |
| bind: compute_bind_defaults |
| debug: false |
| qemu: |
| vnc: |
| tls: |
| enabled: False |
| key_file: '/etc/pki/libvirt-vnc/server-key.pem' |
| cert_file: '/etc/pki/libvirt-vnc/server-cert.pem' |
| ca_file: '/etc/pki/libvirt-vnc/ca-cert.pem' |
| cert_dir: '/etc/pki/libvirt-vnc' |
| libvirt: |
| inject_partition: '-2' |
| inject_password: False |
| tls: |
| enabled: False |
| key_file: '/etc/pki/libvirt/private/serverkey.pem' |
| cert_file: '/etc/pki/libvirt/servercert.pem' |
| ca_file: '/etc/pki/CA/cacert.pem' |
| client: |
| key_file: '/etc/pki/libvirt/private/clientkey.pem' |
| cert_file: '/etc/pki/libvirt/clientcert.pem' |
| instances_path: "$state_path/instances" |
| notification: false |
| availability_zone: |
| aggregates: [] |
| cpu_mode: host-passthrough |
| identity: |
| region: RegionOne |
| network: {{ compute_network }} |
| heal_instance_info_cache_interval: '60' |
| message_queue: |
| zmq_linger: 30 |
| logging: |
| app_name: 'nova' |
| log_appender: false |
| log_handlers: |
| watchedfile: |
| enabled: true |
| RedHat: |
| pkgs: |
| - openstack-nova-compute |
| - python-novaclient |
| - python-nova |
| - sysfsutils |
| - sg3_utils |
| services: |
| - messagebus |
| - openstack-nova-compute |
| - libvirtd |
| libvirt_config: libvirt.conf |
| libvirt_bin: "/etc/sysconfig/libvirtd" |
| libvirt_service: libvirtd |
| bind: compute_bind_defaults |
| debug: false |
| qemu: |
| vnc: |
| tls: |
| enabled: False |
| key_file: '/etc/pki/libvirt-vnc/server-key.pem' |
| cert_file: '/etc/pki/libvirt-vnc/server-cert.pem' |
| ca_file: '/etc/pki/libvirt-vnc/ca-cert.pem' |
| cert_dir: '/etc/pki/libvirt-vnc' |
| libvirt: |
| inject_partition: '-2' |
| inject_password: False |
| tls: |
| enabled: False |
| key_file: '/etc/pki/libvirt/private/serverkey.pem' |
| cert_file: '/etc/pki/libvirt/servercert.pem' |
| ca_file: '/etc/pki/CA/cacert.pem' |
| client: |
| key_file: '/etc/pki/libvirt/private/clientkey.pem' |
| cert_file: '/etc/pki/libvirt/clientcert.pem' |
| notification: false |
| availability_zone: |
| identity: |
| region: RegionOne |
| network: {{ compute_network }} |
| heal_instance_info_cache_interval: '60' |
| message_queue: |
| zmq_linger: 30 |
| logging: |
| app_name: 'nova' |
| log_appender: false |
| log_handlers: |
| watchedfile: |
| enabled: true |
| {%- endload %} |
| {% set compute = salt["grains.filter_by"](compute_defaults, merge=pillar.nova.get("compute", {}), base='BaseDefaults') %} |
| |
| {%- if pillar.nova.get('upgrade',{}).get('upgrade_enabled',False) %} |
| {% do compute.update({'upgrade_levels': {'compute': 'auto'}}) %} |
| {% do controller.update(upgrade_levels) %} |
| {%- endif %} |
| |
| {% set monitoring = salt['grains.filter_by']({ |
| 'default': { |
| 'disk': { |
| 'warn': '15%', |
| 'crit': '5%', |
| }, |
| 'error_log_rate': { |
| 'warn': 0.2, |
| }, |
| 'services_failed_warning_threshold_percent': 0.3, |
| 'services_failed_critical_threshold_percent': 0.6, |
| 'computes_failed_warning_threshold_percent': 0.25, |
| 'computes_failed_critical_threshold_percent': 0.5, |
| 'cpu_minor_threshold': 0.85, |
| 'cpu_major_threshold': 0.95, |
| 'ram_major_threshold': 0.85, |
| 'ram_critical_threshold': 0.95, |
| 'disk_major_threshold': 0.85, |
| 'disk_critical_threshold': 0.95, |
| 'endpoint_failed_major_threshold': 0.5, |
| }, |
| }, grain='os_family', merge=salt['pillar.get']('nova:monitoring')) %} |
| |