Merge "Create custom directory for sockets"
diff --git a/README.rst b/README.rst
index 56ecdb1..2a8ace1 100644
--- a/README.rst
+++ b/README.rst
@@ -71,6 +71,8 @@
audit:
enabled: false
osapi_max_limit: 500
+ barbican:
+ enabled: true
Nova services from custom package repository
@@ -146,6 +148,16 @@
# Add key without value to remove line from policy.json
'compute:create:attach_network':
+Enable Barbican integration
+
+.. code-block:: yaml
+
+ nova:
+ controller:
+ ....
+ barbican:
+ enabled: true
+
Client-side RabbitMQ TLS configuration:
---------------------------------------
@@ -367,6 +379,17 @@
- /dev/sdj
- /dev/sdh
+Enable Barbican integration
+
+.. code-block:: yaml
+
+ nova:
+ compute:
+ ....
+ barbican:
+ enabled: true
+
+
Client role
-----------
diff --git a/nova/files/mitaka/nova-compute.conf.Debian b/nova/files/mitaka/nova-compute.conf.Debian
index 232b569..e43e8ba 100644
--- a/nova/files/mitaka/nova-compute.conf.Debian
+++ b/nova/files/mitaka/nova-compute.conf.Debian
@@ -12,7 +12,6 @@
network_device_mtu=65000
use_neutron = True
config_drive_format={{ compute.get('config_drive_format', compute.get('config_drive', {}).get('format', 'vfat')) }}
-config_drive_cdrom={{ compute.get('config_drive', {}).get('cdrom', False)|lower }}
force_config_drive={{ compute.get('config_drive', {}).get('forced', True)|lower }}
config_drive_inject_password={{ compute.get('config_drive', {}).get('inject_password', False)|lower }}
security_group_api=neutron
@@ -242,3 +241,6 @@
{{ key }}={{ value }}
{%- endfor %}
{%- endif %}
+
+[hyperv]
+config_drive_cdrom={{ compute.get('config_drive', {}).get('cdrom', False)|lower }}
diff --git a/nova/files/newton/nova-compute.conf.Debian b/nova/files/newton/nova-compute.conf.Debian
index 7f950c1..7050864 100644
--- a/nova/files/newton/nova-compute.conf.Debian
+++ b/nova/files/newton/nova-compute.conf.Debian
@@ -12,7 +12,6 @@
network_device_mtu=65000
use_neutron = True
config_drive_format={{ compute.get('config_drive_format', compute.get('config_drive', {}).get('format', 'vfat')) }}
-config_drive_cdrom={{ compute.get('config_drive', {}).get('cdrom', False)|lower }}
force_config_drive={{ compute.get('config_drive', {}).get('forced', True)|lower }}
config_drive_inject_password={{ compute.get('config_drive', {}).get('inject_password', False)|lower }}
force_raw_images=True
@@ -264,3 +263,6 @@
{{ key }}={{ value }}
{%- endfor %}
{%- endif %}
+
+[hyperv]
+config_drive_cdrom={{ compute.get('config_drive', {}).get('cdrom', False)|lower }}
diff --git a/nova/files/ocata/nova-compute.conf.Debian b/nova/files/ocata/nova-compute.conf.Debian
index f7db4c2..ab59964 100644
--- a/nova/files/ocata/nova-compute.conf.Debian
+++ b/nova/files/ocata/nova-compute.conf.Debian
@@ -3477,7 +3477,7 @@
# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
#pool_timeout=<None>
-
+{%- if compute.get('barbican', {}).get('enabled', False) %}
[barbican]
#
@@ -3492,7 +3492,7 @@
#barbican_api_version=<None>
# Use this endpoint to connect to Keystone (string value)
-#auth_endpoint=http://localhost:5000/v3
+auth_endpoint={{ compute.identity.get('protocol', 'http') }}://{{ compute.identity.get('host', 'localhost') }}:{{ compute.identity.get('port', '5000') }}/v3
# Number of seconds to wait before retrying poll for key creation completion
# (integer value)
@@ -3500,7 +3500,7 @@
# Number of times to retry poll for key creation completion (integer value)
#number_of_retries=60
-
+{%- endif %}
[cache]
@@ -5069,7 +5069,11 @@
# * The options in the `key_manager` group, as the key_manager is used
# for the signature validation.
# (boolean value)
+{%- if compute.get('barbican', {}).get('enabled', False) %}
+verify_glance_signatures=true
+{%- else %}
#verify_glance_signatures=false
+{%- endif %}
# Enable or disable debug logging with glanceclient. (boolean value)
#debug=false
@@ -5601,7 +5605,9 @@
#fixed_key=<None>
# The full class name of the key manager API class (string value)
-#api_class=castellan.key_manager.barbican_key_manager.BarbicanKeyManager
+{%- if compute.get('barbican', {}).get('enabled', False) %}
+api_class=castellan.key_manager.barbican_key_manager.BarbicanKeyManager
+{%- endif %}
# The type of authentication credential to create. Possible values are 'token',
# 'password', 'keystone_token', and 'keystone_password'. Required if no context
diff --git a/nova/files/ocata/nova-controller.conf.Debian b/nova/files/ocata/nova-controller.conf.Debian
index ee7bcc3..9287087 100644
--- a/nova/files/ocata/nova-controller.conf.Debian
+++ b/nova/files/ocata/nova-controller.conf.Debian
@@ -3477,7 +3477,9 @@
#barbican_api_version=<None>
# Use this endpoint to connect to Keystone (string value)
-#auth_endpoint=http://localhost:5000/v3
+{%- if controller.get('barbican', {}).get('enabled', False) %}
+auth_endpoint={{ controller.identity.get('protocol', 'http') }}://{{ controller.identity.get('host', 'localhost') }}:{{ controller.identity.get('port', '5000') }}/v3
+{%- endif %}
# Number of seconds to wait before retrying poll for key creation completion
# (integer value)
@@ -5090,7 +5092,11 @@
# * The options in the `key_manager` group, as the key_manager is used
# for the signature validation.
# (boolean value)
+{%- if controller.get('barbican', {}).get('enabled', False) %}
+verify_glance_signatures=true
+{%- else %}
#verify_glance_signatures=false
+{%- endif %}
# Enable or disable debug logging with glanceclient. (boolean value)
#debug=false
@@ -5618,7 +5624,9 @@
#fixed_key=<None>
# The full class name of the key manager API class (string value)
-#api_class=castellan.key_manager.barbican_key_manager.BarbicanKeyManager
+{%- if controller.get('barbican', {}).get('enabled', False) %}
+api_class=castellan.key_manager.barbican_key_manager.BarbicanKeyManager
+{%- endif %}
# The type of authentication credential to create. Possible values are 'token',
# 'password', 'keystone_token', and 'keystone_password'. Required if no context
diff --git a/nova/meta/grafana.yml b/nova/meta/grafana.yml
index 7c352c3..336fa8c 100644
--- a/nova/meta/grafana.yml
+++ b/nova/meta/grafana.yml
@@ -77,7 +77,7 @@
alias: "Fatal"
rawQuery: true
query: SELECT count(max) FROM openstack_nova_http_response_times WHERE environment_label = '$environment' AND http_status = '5xx' AND $timeFilter
- main:
+ main_influxdb:
datasource: influxdb
row:
ost-control-plane:
@@ -106,3 +106,18 @@
cluster_status:
rawQuery: true
query: SELECT last(value) FROM cluster_status WHERE cluster_name = 'nova-data' AND environment_label = '$environment' AND $timeFilter GROUP BY time($interval) fill(null)
+ main_prometheus:
+ datasource: prometheus
+ row:
+ ost-control-plane:
+ title: OpenStack Control Plane
+ panel:
+ nova:
+ title: Nova
+ links:
+ - dashboard: Nova
+ title: Nova
+ type: dashboard
+ target:
+ cluster_status:
+ expr: avg(openstack_api_check_status{service="nova"})
diff --git a/tests/pillar/compute_cluster.sls b/tests/pillar/compute_cluster.sls
index b027101..e200640 100644
--- a/tests/pillar/compute_cluster.sls
+++ b/tests/pillar/compute_cluster.sls
@@ -75,4 +75,5 @@
images_volume_group: nova_vg
volume_clear: zero
volume_clear_size: 0
-
+ barbican:
+ enabled: true
diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index 07cb450..d057d1b 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls
@@ -64,3 +64,5 @@
'compute:create:attach_network':
upgrade_levels:
compute: liberty
+ barbican:
+ enabled: true