Merge "add ocata tests"
diff --git a/.kitchen.yml b/.kitchen.yml
index 671d2da..c3e27e9 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -18,6 +18,9 @@
- name: linux
repo: git
source: https://github.com/salt-formulas/salt-formula-linux
+ - name: keystone
+ repo: git
+ source: https://github.com/salt-formulas/salt-formula-keystone
state_top:
base:
"*":
diff --git a/README.rst b/README.rst
index 252f845..7e3b28d 100644
--- a/README.rst
+++ b/README.rst
@@ -132,6 +132,18 @@
allow_credentials: True
max_age: 86400
+Configuration of policy.json file
+
+.. code-block:: yaml
+
+ nova:
+ controller:
+ ....
+ policy:
+ context_is_admin: 'role:admin or role:administrator'
+ 'compute:create': 'rule:admin_or_owner'
+ # Add key without value to remove line from policy.json
+ 'compute:create:attach_network':
Compute nodes
-------------
@@ -387,6 +399,20 @@
glance image-update --property hw_scsi_model=virtio-scsi <image>
glance image-update --property hw_disk_bus=scsi <image>
+libvirt CPU mode
+----------------
+
+Allow setting the model of CPU that is exposed to a VM. This allows better
+support live migration between hypervisors with different hardware, among other
+things. Defaults to host-passthrough.
+
+.. code-block:: yaml
+
+ nova:
+ compute:
+ cpu_mode: host-model
+
+
Documentation and Bugs
======================
diff --git a/_grains/nova_policy.py b/_grains/nova_policy.py
new file mode 100644
index 0000000..dc3d1d0
--- /dev/null
+++ b/_grains/nova_policy.py
@@ -0,0 +1,15 @@
+#!/usr/bin/env python
+import salt.config
+import salt.loader
+
+
+def main():
+ path = "/etc/nova/policy.json"
+ __opts__ = salt.config.minion_config('/etc/salt/minion')
+ keystone_policy_mod = salt.loader.raw_mod(__opts__, 'keystone_policy', None)
+ if keystone_policy_mod:
+ result = keystone_policy_mod['keystone_policy.rule_list'](path)
+ if result and 'Error' not in result:
+ return {'nova_policy': result}
+ return {}
+
diff --git a/metadata.yml b/metadata.yml
index 7445fbd..0ee34f0 100644
--- a/metadata.yml
+++ b/metadata.yml
@@ -1,3 +1,6 @@
name: "nova"
version: "2017.2"
source: "https://github.com/openstack/salt-formula-nova"
+dependencies:
+ - name: keystone
+ source: "https://github.com/salt-formulas/salt-formula-keystone"
diff --git a/metadata/service/compute/ironic.yml b/metadata/service/compute/ironic.yml
new file mode 100644
index 0000000..c776dde
--- /dev/null
+++ b/metadata/service/compute/ironic.yml
@@ -0,0 +1,52 @@
+applications:
+- nova
+classes:
+- service.nova.support
+parameters:
+ nova:
+ compute:
+ version: ${_param:nova_version}
+ enabled: true
+ compute_driver: 'ironic.IronicDriver'
+ ram_allocation_ratio: 1.0
+ force_config_drive: True
+ config_drive_format: 'iso9660'
+ database:
+ engine: mysql
+ host: ${_param:cluster_vip_address}
+ port: 3306
+ name: nova
+ user: nova
+ password: ${_param:mysql_nova_password}
+ identity:
+ engine: keystone
+ region: RegionOne
+ host: ${_param:cluster_vip_address}
+ port: 35357
+ user: nova
+ password: ${_param:keystone_nova_password}
+ tenant: service
+ message_queue:
+ engine: rabbitmq
+ host: ${_param:cluster_vip_address}
+ port: 5672
+ user: openstack
+ password: ${_param:rabbitmq_openstack_password}
+ virtual_host: '/openstack'
+ image:
+ engine: glance
+ host: ${_param:cluster_vip_address}
+ port: 9292
+ network:
+ engine: neutron
+ region: RegionOne
+ host: ${_param:cluster_vip_address}
+ port: 9696
+ ironic:
+ region: RegionOne
+ host: ${_param:ironic_service_host}
+ port: 6385
+ user: ironic
+ tenant: service
+ password: ${_param:keystone_ironic_password}
+ auth_type: password
diff --git a/metadata/service/support.yml b/metadata/service/support.yml
index b1d9bcd..2c762b0 100644
--- a/metadata/service/support.yml
+++ b/metadata/service/support.yml
@@ -13,3 +13,5 @@
enabled: true
grafana:
enabled: true
+ telegraf:
+ enabled: true
diff --git a/nova/compute.sls b/nova/compute.sls
index efc8b0a..7c60447 100644
--- a/nova/compute.sls
+++ b/nova/compute.sls
@@ -29,47 +29,6 @@
- service: nova_compute_services
{%- endif %}
-{%- if not salt['user.info']('nova') %}
-# MOS9 libvirt fix to create group
-group_libvirtd:
- group.present:
- - name: libvirtd
- - system: True
- - require_in:
- - user: user_nova
-
-user_nova:
- user.present:
- - name: nova
- - home: /var/lib/nova
- {%- if compute.user is defined %}
- - shell: /bin/bash
- {%- else %}
- - shell: /bin/false
- {%- endif %}
- - uid: 303
- - gid: 303
- - system: True
- - groups:
- {%- if salt['group.info']('libvirtd') %}
- - libvirtd
- {%- endif %}
- - nova
- - require_in:
- - pkg: nova_compute_packages
- {%- if compute.user is defined %}
- - file: /var/lib/nova/.ssh/id_rsa
- {%- endif %}
-
-group_nova:
- group.present:
- - name: nova
- - gid: 303
- - system: True
- - require_in:
- - user: user_nova
-{%- endif %}
-
{%- if compute.user is defined %}
nova_auth_keys:
@@ -105,20 +64,20 @@
{%- endif %}
{%- if pillar.nova.controller is not defined %}
-
/etc/nova/nova.conf:
file.managed:
- source: salt://nova/files/{{ compute.version }}/nova-compute.conf.{{ grains.os_family }}
- template: jinja
+ - watch_in:
+ - service: nova_compute_services
- require:
- pkg: nova_compute_packages
+{%- endif %}
nova_compute_services:
service.running:
- enable: true
- names: {{ compute.services }}
- - watch:
- - file: /etc/nova/nova.conf
{%- set ident = compute.identity %}
@@ -155,6 +114,47 @@
{%- if compute.virtualization == 'kvm' %}
+{%- if not salt['user.info']('nova') %}
+# MOS9 libvirt fix to create group
+group_libvirtd:
+ group.present:
+ - name: libvirtd
+ - system: True
+ - require_in:
+ - user: user_nova_compute
+
+user_nova_compute:
+ user.present:
+ - name: nova
+ - home: /var/lib/nova
+ {%- if compute.user is defined %}
+ - shell: /bin/bash
+ {%- else %}
+ - shell: /bin/false
+ {%- endif %}
+ - uid: 303
+ - gid: 303
+ - system: True
+ - groups:
+ {%- if salt['group.info']('libvirtd') %}
+ - libvirtd
+ {%- endif %}
+ - nova
+ - require_in:
+ - pkg: nova_compute_packages
+ {%- if compute.user is defined %}
+ - file: /var/lib/nova/.ssh/id_rsa
+ {%- endif %}
+
+group_nova_compute:
+ group.present:
+ - name: nova
+ - gid: 303
+ - system: True
+ - require_in:
+ - user: user_nova_compute
+{%- endif %}
+
{% if compute.ceph is defined %}
ceph_package:
@@ -189,7 +189,6 @@
- template: jinja
- require:
- pkg: nova_compute_packages
-{%- if not grains.get('noservices', False) %}
- watch_in:
- service: {{ compute.libvirt_service }}
@@ -205,7 +204,6 @@
{%- endif %}
{%- endif %}
-{%- endif %}
/etc/libvirt/qemu.conf:
file.managed:
@@ -228,17 +226,18 @@
- pkg: nova_compute_packages
- onlyif: "virsh net-list | grep default"
-{%- if not grains.get('noservices', False) %}
{{ compute.libvirt_service }}:
service.running:
- enable: true
+ {%- if grains.get('noservices') %}
+ - onlyif: /bin/false
+ {%- endif %}
- require:
- pkg: nova_compute_packages
- cmd: virsh net-undefine default
- watch:
- file: /etc/libvirt/{{ compute.libvirt_config }}
- file: /etc/libvirt/qemu.conf
-{%- endif %}
{%- if grains.get('init', None) == "upstart" %}
# MOS9 libvirt fix for upstart
@@ -249,8 +248,6 @@
{%- endif %}
-{%- endif %}
-
{# temporary hack to fix broken init script in MOS 9.0 libvirt package #}
{%- if compute.get('manage_init', False) and grains.init == 'upstart' %}
diff --git a/nova/controller.sls b/nova/controller.sls
index fd4df62..006a541 100644
--- a/nova/controller.sls
+++ b/nova/controller.sls
@@ -69,32 +69,82 @@
- require:
- pkg: nova_controller_packages
-{%- if not grains.get('noservices', False) %}
+{%- for name, rule in controller.get('policy', {}).iteritems() %}
+
+{%- if rule != None %}
+rule_{{ name }}_present:
+ keystone_policy.rule_present:
+ - path: /etc/nova/policy.json
+ - name: {{ name }}
+ - rule: {{ rule }}
+ - require:
+ - pkg: nova_controller_packages
+
+{%- else %}
+
+rule_{{ name }}_absent:
+ keystone_policy.rule_absent:
+ - path: /etc/nova/policy.json
+ - name: {{ name }}
+ - require:
+ - pkg: nova_controller_packages
+
+{%- endif %}
+
+{%- endfor %}
+
+{%- if controller.version in ["mitaka", "newton", "ocata"] %}
+nova_controller_sync_apidb:
+ cmd.run:
+ - name: nova-manage api_db sync
+ {%- if grains.get('noservices') %}
+ - onlyif: /bin/false
+ {%- endif %}
+ - require:
+ - file: /etc/nova/nova.conf
+
+{%- if controller.version in ["newton", "ocata"] %}
+nova_controller_online_data_migrations:
+ cmd.run:
+ - name: nova-manage db online_data_migrations
+{%- endif %}
nova_controller_syncdb:
cmd.run:
- names:
- {%- if controller.version == "mitaka" or controller.version == "newton" or controller.version == "ocata" %}
- - nova-manage api_db sync
- {%- endif %}
- {%- if controller.version == "newton" or controller.version == "ocata" %}
- - nova-manage db online_data_migrations
- {%- endif %}
- nova-manage db sync
- require:
- file: /etc/nova/nova.conf
-{%- if controller.version == "ocata" %}
+{%- if controller.version in ["ocata"] %}
-nova_controller_cell_syncdb:
+nova_controller_map_cell0:
cmd.run:
- - name: 'su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova'
+ - name: nova-manage cell_v2 map_cell0
- require:
+ - cmd: nova_controller_sync_apidb
+ - require_in:
- cmd: nova_controller_syncdb
+nova_cell1_create:
+ cmd.run:
+ - name: nova-manage cell_v2 create_cell --name=cell1
+ - unless: 'nova-manage cell_v2 list_cells | grep cell1'
+ - require:
+ - cmd: nova_controller_sync_apidb
+ - require_in:
+ - cmd: nova_controller_syncdb
+
+nova_placement_service_mask:
+ file.symlink:
+ - name: /etc/systemd/system/nova-placement-api.service
+ - target: /dev/null
+
nova_placement_package:
pkg.installed:
- name: nova-placement-api
+ - require:
+ - file: nova_placement_service_mask
/etc/apache2/sites-available/nova-placement-api.conf:
file.managed:
@@ -109,13 +159,6 @@
- name: /etc/apache2/sites-enabled/nova-placement-api.conf
- target: /etc/apache2/sites-available/nova-placement-api.conf
-nova_cell_create:
- cmd.run:
- - name: 'su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova'
- - unless: 'nova-manage cell_v2 list_cells | grep cell1'
- - require:
- - file: /etc/nova/nova.conf
-
nova_apache_restart:
service.running:
- enable: true
diff --git a/nova/files/juno/nova-controller.conf.Debian b/nova/files/juno/nova-controller.conf.Debian
index 0415ff6..263539b 100644
--- a/nova/files/juno/nova-controller.conf.Debian
+++ b/nova/files/juno/nova-controller.conf.Debian
@@ -40,6 +40,8 @@
network_api_class = nova.network.neutronv2.api.API
{%- endif %}
+service_down_time = {{ controller.service_down_time|default('180') }}
+
compute_driver = libvirt.LibvirtDriver
libvirt_type=kvm
rootwrap_config = /etc/nova/rootwrap.conf
diff --git a/nova/files/kilo/nova-controller.conf.Debian b/nova/files/kilo/nova-controller.conf.Debian
index 99dfe00..c86039a 100644
--- a/nova/files/kilo/nova-controller.conf.Debian
+++ b/nova/files/kilo/nova-controller.conf.Debian
@@ -36,6 +36,8 @@
api_paste_config=/etc/nova/api-paste.ini
volumes_path=/var/lib/nova/volumes
+service_down_time = {{ controller.service_down_time|default('180') }}
+
sql_connection = {{ controller.database.engine }}://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}
network_api_class = nova.network.neutronv2.api.API
diff --git a/nova/files/liberty/nova-controller.conf.Debian b/nova/files/liberty/nova-controller.conf.Debian
index 0c2f11a..e33c50e 100644
--- a/nova/files/liberty/nova-controller.conf.Debian
+++ b/nova/files/liberty/nova-controller.conf.Debian
@@ -29,6 +29,8 @@
allow_resize_to_same_host = True
+service_down_time = {{ controller.service_down_time|default('180') }}
+
logdir=/var/log/nova
iscsi_helper=tgtadm
connection_type=libvirt
diff --git a/nova/files/mitaka/nova-compute.conf.Debian b/nova/files/mitaka/nova-compute.conf.Debian
index ba9a0f0..be66daa 100644
--- a/nova/files/mitaka/nova-compute.conf.Debian
+++ b/nova/files/mitaka/nova-compute.conf.Debian
@@ -13,7 +13,6 @@
use_neutron = True
config_drive_format=vfat
force_config_drive=True
-allow_resize_to_same_host=True
security_group_api=neutron
vif_plugging_is_fatal=True
vif_plugging_timeout=300
@@ -105,7 +104,7 @@
{%- endif %}
[libvirt]
-cpu_mode = host-passthrough
+cpu_mode = {{ compute.get('cpu_mode', 'host-passthrough') }}
virt_type = kvm
inject_partition=-2
inject_password=False
@@ -168,8 +167,7 @@
rabbit_retry_backoff = 2
[glance]
-api_servers={{ compute.image.host }}:9292
-host={{ compute.image.host }}
+api_servers=http://{{ compute.image.host }}:9292
[neutron]
username={{ compute.network.user }}
diff --git a/nova/files/mitaka/nova-controller.conf.Debian b/nova/files/mitaka/nova-controller.conf.Debian
index 7c9b434..0cfc5eb 100644
--- a/nova/files/mitaka/nova-controller.conf.Debian
+++ b/nova/files/mitaka/nova-controller.conf.Debian
@@ -29,6 +29,9 @@
allow_resize_to_same_host = True
osapi_max_limit = {{ controller.osapi_max_limit|default('1000') }}
+service_down_time = {{ controller.service_down_time|default('180') }}
+
+
iscsi_helper=tgtadm
connection_type=libvirt
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
@@ -181,7 +184,7 @@
project_domain_name = default
user_domain_name = default
auth_url = http://{{ controller.identity.host }}:35357
-{% if pillar.neutron is defined %}
+{% if pillar.neutron is defined and pillar.neutron.server is defined %}
password={{ pillar.neutron.server.identity.password }}
project_name={{ pillar.neutron.server.identity.tenant }}
username={{ pillar.neutron.server.identity.user }}
diff --git a/nova/files/newton/nova-compute.conf.Debian b/nova/files/newton/nova-compute.conf.Debian
index f49529f..aed1670 100644
--- a/nova/files/newton/nova-compute.conf.Debian
+++ b/nova/files/newton/nova-compute.conf.Debian
@@ -11,11 +11,10 @@
compute_manager=nova.compute.manager.ComputeManager
network_device_mtu=65000
use_neutron = True
-config_drive_format=vfat
+config_drive_format={{ compute.get('config_drive_format', 'vfat') }}
force_config_drive=True
force_raw_images=True
notify_api_faults=False
-allow_resize_to_same_host=True
security_group_api=neutron
vif_plugging_is_fatal=True
vif_plugging_timeout=300
@@ -43,7 +42,10 @@
auth_strategy = keystone
neutron_url_timeout = 300
-compute_driver = libvirt.LibvirtDriver
+compute_driver = {{ compute.get('compute_driver', 'libvirt.LibvirtDriver') }}
+{%- if compute.ram_allocation_ratio is defined %}
+ram_allocation_ratio = {{ compute.ram_allocation_ratio }}
+{%- endif %}
heal_instance_info_cache_interval = {{ compute.heal_instance_info_cache_interval }}
@@ -119,7 +121,7 @@
{%- endif %}
[libvirt]
-cpu_mode = host-passthrough
+cpu_mode = {{ compute.get('cpu_mode', 'host-passthrough') }}
virt_type = kvm
inject_partition=-2
inject_password=False
@@ -167,8 +169,9 @@
[glance]
-api_servers={{ compute.image.host }}:9292
-host={{ compute.image.host }}
+{%- if compute.image is defined %}
+api_servers=http://{{ compute.image.host }}:9292
+{%- endif %}
[neutron]
username={{ compute.network.user }}
@@ -187,3 +190,14 @@
os_region_name = {{ compute.identity.region }}
catalog_info=volumev2:cinderv2:internalURL
+{%- if compute.ironic is defined %}
+[ironic]
+api_endpoint=http://{{ compute.ironic.host }}:{{ compute.ironic.get('port', 6385) }}
+auth_type={{ compute.ironic.auth_type }}
+auth_url=http://{{ compute.identity.host }}:{{ compute.identity.port }}/v3
+project_name={{ compute.identity.get('tenant', 'service') }}
+project_domain_name={{ compute.ironic.get('project_domain_name', 'Default') }}
+username={{ compute.ironic.user }}
+user_domain_name={{ compute.ironic.get('user_domain_name', 'Default') }}
+password={{ compute.ironic.password }}
+{%- endif %}
diff --git a/nova/files/newton/nova-controller.conf.Debian b/nova/files/newton/nova-controller.conf.Debian
index dee5e52..6bc11cf 100644
--- a/nova/files/newton/nova-controller.conf.Debian
+++ b/nova/files/newton/nova-controller.conf.Debian
@@ -52,6 +52,8 @@
my_ip={{ controller.bind.private_address }}
fping_path=/usr/bin/fping
+service_down_time = {{ controller.service_down_time|default('180') }}
+
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
@@ -192,7 +194,7 @@
project_domain_name = Default
user_domain_name = Default
auth_url = http://{{ controller.identity.host }}:35357/v3
-{% if pillar.neutron is defined %}
+{% if pillar.neutron is defined and pillar.neutron.server is defined %}
password={{ pillar.neutron.server.identity.password }}
project_name={{ pillar.neutron.server.identity.tenant }}
username={{ pillar.neutron.server.identity.user }}
diff --git a/nova/files/ocata/nova-compute.conf.Debian b/nova/files/ocata/nova-compute.conf.Debian
index c78117c..c42d000 100644
--- a/nova/files/ocata/nova-compute.conf.Debian
+++ b/nova/files/ocata/nova-compute.conf.Debian
@@ -165,7 +165,7 @@
# * ``hyperv.HyperVDriver``
# (string value)
#compute_driver=<None>
-compute_driver = libvirt.LibvirtDriver
+compute_driver = {{ compute.get('compute_driver', 'libvirt.LibvirtDriver') }}
#
# Allow destination machine to match source for resize. Useful when
@@ -382,7 +382,7 @@
# backing files will not be used.
# (boolean value)
#use_cow_images=true
-{%- if compute.image.use_cow is defined %}
+{%- if compute.image is defined and compute.image.use_cow is defined %}
use_cow_images = {{ compute.image.use_cow }}
{%- endif %}
@@ -574,7 +574,11 @@
# * Any valid positive integer or float value
# (floating point value)
# Minimum value: 0
+{%- if compute.ram_allocation_ratio is defined %}
+ram_allocation_ratio = {{ compute.ram_allocation_ratio }}
+{%- else %}
#ram_allocation_ratio=0.0
+{%- endif %}
#
# This option helps you specify virtual disk to physical disk
@@ -1253,7 +1257,7 @@
# (string value)
# Allowed values: iso9660, vfat
#config_drive_format=iso9660
-config_drive_format=vfat
+config_drive_format={{ compute.get('config_drive_format', 'vfat') }}
#
# Force injection to take place on a config drive
@@ -3062,7 +3066,7 @@
{%- endfor -%}
/{{ compute.message_queue.virtual_host }}
{%- else %}
-transport_url = rabbit://{{ compute.message_queue.user }}:{{ compute.message_queue.password }}@{{ compute.message_queue.host }}:{{ controller.message_queue.port }}{{ compute.message_queue.virtual_host }}
+transport_url = rabbit://{{ compute.message_queue.user }}:{{ compute.message_queue.password }}@{{ compute.message_queue.host }}:{{ compute.message_queue.port }}{{ compute.message_queue.virtual_host }}
{%- endif %}
rpc_backend=rabbit
@@ -5003,7 +5007,9 @@
# (i.e. "http://10.0.1.0:9292" or "https://my.glance.server/image").
# (list value)
#api_servers=<None>
-api_servers={{ compute.image.host }}:9292
+{%- if compute.image is defined %}
+api_servers=http://{{ compute.image.host }}:9292
+{% endif %}
#
# Enable insecure SSL (https) requests to glance.
@@ -5454,6 +5460,7 @@
#filesystems =
+{% if compute.ironic is defined -%}
[ironic]
#
# Configuration options for Ironic driver (Bare Metal).
@@ -5471,7 +5478,7 @@
#
# URL override for the Ironic API endpoint. (string value)
-#api_endpoint=http://ironic.example.org:6385/
+api_endpoint=http://{{ compute.ironic.host }}:{{ compute.ironic.port }}
#
# The number of times to retry when a request conflicts.
@@ -5517,13 +5524,13 @@
# Authentication type to load (string value)
# Deprecated group/name - [ironic]/auth_plugin
-#auth_type=<None>
+auth_type={{ compute.ironic.auth_type }}
# Config Section from which to load plugin specific options (string value)
#auth_section=<None>
# Authentication URL (string value)
-#auth_url=<None>
+auth_url=http://{{ compute.identity.host }}:{{ compute.identity.port }}/v3
# Domain ID to scope to (string value)
#domain_id=<None>
@@ -5535,13 +5542,13 @@
#project_id=<None>
# Project name to scope to (string value)
-#project_name=<None>
+project_name={{ compute.identity.tenant }}
# Domain ID containing project (string value)
#project_domain_id=<None>
# Domain name containing project (string value)
-#project_domain_name=<None>
+project_domain_name={{ compute.ironic.project_domain_name }}
# Trust ID (string value)
#trust_id=<None>
@@ -5551,16 +5558,17 @@
# Username (string value)
# Deprecated group/name - [ironic]/user-name
-#username=<None>
+username={{ compute.ironic.user }}
# User's domain id (string value)
#user_domain_id=<None>
# User's domain name (string value)
-#user_domain_name=<None>
+user_domain_name={{ compute.ironic.user_domain_name }}
# User's password (string value)
-#password=<None>
+password={{ compute.ironic.password }}
+{%- endif %}
[key_manager]
@@ -5878,7 +5886,7 @@
#
# From nova.conf
#
-cpu_mode = host-passthrough
+cpu_mode = {{ compute.get('cpu_mode', 'host-passthrough') }}
virt_type = kvm
inject_partition=-2
inject_password=True
@@ -9036,7 +9044,9 @@
# * update html5proxy_base_url
# * update server_proxyclient_address
enabled = false
+{%- if compute.vncproxy_url is defined %}
html5proxy_base_url = {{ compute.vncproxy_url }}/spice_auto.html
+{%- endif %}
#
# From nova.conf
#
@@ -9817,10 +9827,16 @@
# From nova.conf
#
enabled = true
+{%- if compute.vncproxy_url is defined %}
novncproxy_base_url={{ compute.vncproxy_url }}/vnc_auto.html
+{%- endif %}
+{%- if compute.bind is defined and compute.bind.vnc_port is defined %}
novncproxy_port={{ compute.bind.vnc_port }}
+{%- endif %}
vncserver_listen=0.0.0.0
+{%- if compute.bind is defined and compute.bind.vnc_address is defined %}
vncserver_proxyclient_address={{ compute.bind.vnc_address }}
+{%- endif %}
keymap = {{ compute.get('vnc_keymap', 'en-us') }}
#
diff --git a/nova/files/ocata/nova-controller.conf.Debian b/nova/files/ocata/nova-controller.conf.Debian
index 6777fa7..b002bfa 100644
--- a/nova/files/ocata/nova-controller.conf.Debian
+++ b/nova/files/ocata/nova-controller.conf.Debian
@@ -2603,7 +2603,7 @@
#
# * report_interval (service_down_time should not be less than report_interval)
# (integer value)
-#service_down_time=60
+service_down_time = {{ controller.service_down_time|default('180') }}
#
# Enable periodic tasks.
@@ -7070,7 +7070,7 @@
project_domain_name = Default
user_domain_name = Default
auth_url = http://{{ controller.identity.host }}:35357/v3
-{% if pillar.neutron is defined %}
+{% if pillar.neutron is defined and pillar.neutron.server is defined %}
password={{ pillar.neutron.server.identity.password }}
project_name={{ pillar.neutron.server.identity.tenant }}
username={{ pillar.neutron.server.identity.user }}
diff --git a/nova/map.jinja b/nova/map.jinja
index 4d56253..8e19b15 100644
--- a/nova/map.jinja
+++ b/nova/map.jinja
@@ -79,3 +79,14 @@
'heal_instance_info_cache_interval': '60',
},
}, merge=pillar.nova.get('compute', {})) %}
+
+
+
+{% set monitoring = salt['grains.filter_by']({
+ 'default': {
+ 'disk': {
+ 'warn': '15%',
+ 'crit': '5%',
+ },
+ },
+}, grain='os_family', merge=salt['pillar.get']('nova:monitoring')) %}
diff --git a/nova/meta/sensu.yml b/nova/meta/sensu.yml
index a92865e..5497b20 100644
--- a/nova/meta/sensu.yml
+++ b/nova/meta/sensu.yml
@@ -1,5 +1,4 @@
-{%- from "nova/map.jinja" import controller with context %}
-{%- from "nova/map.jinja" import compute with context %}
+{%- from "nova/map.jinja" import controller,compute,monitoring with context %}
{%- if pillar.nova.controller is defined %}
{%- set region = controller.identity.region %}
{%- endif %}
@@ -51,7 +50,7 @@
subscribers:
- local-nova-compute
local_linux_storage_nova_instances_usage:
- command: "PATH=$PATH:/usr/lib64/nagios/plugins:/usr/lib/nagios/plugins check_disk -w 15% -c 5% -p /var/lib/nova/instances"
+ command: "PATH=$PATH:/usr/lib64/nagios/plugins:/usr/lib/nagios/plugins check_disk -w {{ monitoring.disk.warn }} -c {{ monitoring.disk.crit }} -p /var/lib/nova/instances"
interval: 60
occurrences: 1
subscribers:
diff --git a/nova/meta/sphinx.yml b/nova/meta/sphinx.yml
index 9ccaa84..6a3a4cb 100644
--- a/nova/meta/sphinx.yml
+++ b/nova/meta/sphinx.yml
@@ -13,9 +13,11 @@
virtualization:
name: "Virtualization type"
value: {{ compute.virtualization }}
+ {%- if compute.vncproxy_url is defined %}
vncproxy_url:
name: "VNC proxy URL"
value: {{ compute.vncproxy_url }}
+ {%- endif %}
{%- if compute.reserved_host_memory_mb is defined %}
reserved_host_memory_mb:
name: "Reserved Host Memmory"
@@ -27,9 +29,11 @@
network_host:
name: "Network service"
value: {{ compute.network.host }}:{{ compute.network.port }}
+ {%- if compute.image is defined %}
glance_host:
name: "Image service"
value: {{ compute.image.host }}:{{ compute.image.port }}
+ {%- endif %}
message_queue_ip:
name: "Message queue"
value: {{ compute.message_queue.user }}@{{ compute.message_queue.host }}:{{ compute.message_queue.port }}{{ compute.message_queue.virtual_host }}
diff --git a/nova/meta/telegraf.yml b/nova/meta/telegraf.yml
new file mode 100644
index 0000000..6b2366b
--- /dev/null
+++ b/nova/meta/telegraf.yml
@@ -0,0 +1,7 @@
+{%- from "nova/map.jinja" import controller with context %}
+{%- if controller is defined and controller.get('enabled', False) and controller.cpu_allocation_ratio is defined %}
+remote_agent:
+ input:
+ openstack:
+ cpu_ratio: "{{ controller.cpu_allocation_ratio }}"
+{%- endif %}
diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index 163b4e3..84da744 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls
@@ -58,4 +58,8 @@
audit:
filter_factory: 'keystonemiddleware.audit:filter_factory'
map_file: '/etc/pycadf/nova_api_audit_map.conf'
+ policy:
+ context_is_admin: 'role:admin or role:administrator'
+ 'compute:create': 'rule:admin_or_owner'
+ 'compute:create:attach_network':
diff --git a/tests/pillar/control_single.sls b/tests/pillar/control_single.sls
index 8234bf3..ce33f8c 100644
--- a/tests/pillar/control_single.sls
+++ b/tests/pillar/control_single.sls
@@ -56,3 +56,7 @@
members:
- host: 127.0.0.1
port: 11211
+ policy:
+ context_is_admin: 'role:admin or role:administrator'
+ 'compute:create': 'rule:admin_or_owner'
+ 'compute:create:attach_network':