| {% from "nova/map.jinja" import controller with context %} |
| |
| {%- if controller.get('enabled') %} |
| |
| include: |
| {%- if controller.version not in ["juno", "kilo", "liberty", "mitaka", "newton"] %} |
| - apache |
| {%- endif %} |
| - nova.db.offline_sync |
| # TODO(vsaienko) we need to run online dbsync only once after upgrade |
| # Move to appropriate upgrade phase |
| - nova.db.online_sync |
| - nova._ssl.mysql |
| - nova._ssl.rabbitmq |
| {%- if grains.os_family == 'Debian' %} |
| debconf-set-prerequisite: |
| pkg.installed: |
| - name: debconf-utils |
| - require_in: |
| - debconf: nova_consoleproxy_debconf |
| |
| nova_consoleproxy_debconf: |
| debconf.set: |
| - name: nova-consoleproxy |
| - data: |
| 'nova-consoleproxy/daemon_type': |
| type: 'string' |
| value: 'novnc' |
| - require_in: |
| - pkg: nova_controller_packages |
| {%- endif %} |
| |
| nova_controller_packages: |
| pkg.installed: |
| - names: {{ controller.pkgs }} |
| |
| {%- if not salt['user.info']('nova') %} |
| user_nova: |
| user.present: |
| - name: nova |
| - home: /var/lib/nova |
| - shell: /bin/false |
| {# note: nova uid/gid values would not be evaluated after user is created. #} |
| - uid: {{ controller.get('nova_uid', 303) }} |
| - gid: {{ controller.get('nova_gid', 303) }} |
| - system: True |
| - require_in: |
| - pkg: nova_controller_packages |
| - sls: nova._ssl.mysql |
| - sls: nova._ssl.rabbitmq |
| {%- if controller.version not in ["juno", "kilo", "liberty", "mitaka", "newton"] %} |
| - pkg: nova_placement_package |
| {%- endif %} |
| |
| group_nova: |
| group.present: |
| - name: nova |
| {# note: nova gid value would not be evaluated after user is created. #} |
| - gid: {{ controller.get('nova_gid', 303) }} |
| - system: True |
| - require_in: |
| - user: user_nova |
| {%- endif %} |
| |
| {%- if controller.get('concurrency', {}).lock_path is defined %} |
| nova_controller_lock_path_{{ controller.concurrency.lock_path }}: |
| file.directory: |
| - name: {{ controller.concurrency.lock_path }} |
| - user: nova |
| - group: nova |
| - mode: 750 |
| - makedirs: True |
| - require: |
| - pkg: nova_controller_packages |
| - require_in: |
| - service: nova_controller_services |
| {%- endif %} |
| |
| # Only for Queens. Communication between noVNC proxy service and QEMU |
| {%- if controller.version not in ['mitaka', 'newton', 'ocata', 'pike'] %} |
| {%- if controller.novncproxy.vencrypt.tls.get('enabled', False) %} |
| |
| {%- set ca_file=controller.novncproxy.vencrypt.tls.get('ca_file') %} |
| {%- set key_file=controller.novncproxy.vencrypt.tls.get('key_file') %} |
| {%- set cert_file=controller.novncproxy.vencrypt.tls.get('cert_file') %} |
| |
| novncproxy_vencrypt_ca: |
| {%- if controller.novncproxy.vencrypt.tls.cacert is defined %} |
| file.managed: |
| - name: {{ ca_file }} |
| - contents_pillar: nova:controller:novncproxy:vencrypt:tls:cacert |
| - mode: 644 |
| - makedirs: true |
| - user: root |
| - group: nova |
| - watch_in: |
| - service: nova_controller_services |
| {%- else %} |
| file.exists: |
| - name: {{ ca_file }} |
| {%- endif %} |
| |
| novncproxy_vencrypt_public_cert: |
| {%- if controller.novncproxy.vencrypt.tls.cert is defined %} |
| file.managed: |
| - name: {{ cert_file }} |
| - contents_pillar: nova:controller:novncproxy:vencrypt:tls:cert |
| - mode: 640 |
| - user: root |
| - group: nova |
| - makedirs: true |
| {%- else %} |
| file.exists: |
| - name: {{ cert_file }} |
| {%- endif %} |
| |
| novncproxy_vencrypt_private_key: |
| {%- if controller.novncproxy.vencrypt.tls.key is defined %} |
| file.managed: |
| - name: {{ key_file }} |
| - contents_pillar: nova:controller:novncproxy:vencrypt:tls:key |
| - mode: 640 |
| - user: root |
| - group: nova |
| - makedirs: true |
| {%- else %} |
| file.exists: |
| - name: {{ key_file }} |
| {%- endif %} |
| |
| novncproxy_vencrypt_set_user_and_group: |
| file.managed: |
| - names: |
| - {{ ca_file }} |
| - {{ cert_file }} |
| - {{ key_file }} |
| - user: root |
| - group: nova |
| |
| {%- endif %} |
| {%- endif %} |
| |
| {%- if controller.novncproxy.tls.get('enabled', False) %} |
| {%- set key_file=controller.novncproxy.tls.server.get('key_file') %} |
| {%- set cert_file=controller.novncproxy.tls.server.get('cert_file') %} |
| |
| novncproxy_server_public_cert: |
| {%- if controller.novncproxy.tls.server.cert is defined %} |
| file.managed: |
| - name: {{ cert_file }} |
| - contents_pillar: nova:controller:novncproxy:tls:server:cert |
| - mode: 644 |
| - makedirs: true |
| - user: root |
| - group: nova |
| - watch_in: |
| - service: nova_controller_services |
| {%- else %} |
| file.exists: |
| - name: {{ cert_file }} |
| {%- endif %} |
| |
| novncproxy_server_private_key: |
| {%- if controller.novncproxy.tls.server.key is defined %} |
| file.managed: |
| - name: {{ key_file }} |
| - contents_pillar: nova:controller:novncproxy:tls:server:key |
| - mode: 640 |
| - user: root |
| - group: nova |
| - makedirs: true |
| {%- else %} |
| file.exists: |
| - name: {{ key_file }} |
| {%- endif %} |
| |
| novncproxy_server_set_user_and_group: |
| file.managed: |
| - names: |
| - {{ cert_file }} |
| - {{ key_file }} |
| - user: root |
| - group: nova |
| |
| {%- endif %} |
| |
| {%- if controller.get('networking', 'default') == "contrail" and controller.version == "juno" %} |
| |
| contrail_nova_packages: |
| pkg.installed: |
| - names: |
| - contrail-nova-driver |
| - contrail-nova-networkapi |
| |
| {%- endif %} |
| |
| /etc/nova/nova.conf: |
| file.managed: |
| - source: salt://nova/files/{{ controller.version }}/nova-controller.conf.{{ grains.os_family }} |
| - template: jinja |
| - require: |
| - pkg: nova_controller_packages |
| - sls: nova._ssl.mysql |
| - sls: nova._ssl.rabbitmq |
| - require_in: |
| - sls: nova.db.offline_sync |
| - sls: nova.db.online_sync |
| |
| /etc/nova/api-paste.ini: |
| file.managed: |
| - source: salt://nova/files/{{ controller.version }}/api-paste.ini.{{ grains.os_family }} |
| - template: jinja |
| - require: |
| - pkg: nova_controller_packages |
| |
| {% for service_name in controller.services %} |
| {{ service_name }}_default: |
| file.managed: |
| - name: /etc/default/{{ service_name }} |
| - source: salt://nova/files/default |
| - template: jinja |
| - require: |
| - pkg: nova_controller_packages |
| - defaults: |
| service_name: {{ service_name }} |
| values: {{ controller }} |
| - require: |
| - pkg: nova_controller_packages |
| - watch_in: |
| - service: nova_controller_services |
| {% endfor %} |
| |
| {% if controller.logging.log_appender %} |
| |
| {%- if controller.logging.log_handlers.get('fluentd').get('enabled', False) %} |
| nova_controller_fluentd_logger_package: |
| pkg.installed: |
| - name: python-fluent-logger |
| {%- endif %} |
| |
| nova_general_logging_conf: |
| file.managed: |
| - name: /etc/nova/logging.conf |
| - source: salt://oslo_templates/files/logging/_logging.conf |
| - template: jinja |
| - user: nova |
| - group: nova |
| - require_in: |
| - sls: nova.db.offline_sync |
| - require: |
| - pkg: nova_controller_packages |
| {%- if controller.logging.log_handlers.get('fluentd').get('enabled', False) %} |
| - pkg: nova_controller_fluentd_logger_package |
| {%- endif %} |
| - defaults: |
| service_name: nova |
| _data: {{ controller.logging }} |
| - watch_in: |
| - service: nova_controller_services |
| |
| /var/log/nova/nova.log: |
| file.managed: |
| - user: nova |
| - group: nova |
| - watch_in: |
| - service: nova_controller_services |
| {%- if controller.version not in ["juno", "kilo", "liberty", "mitaka", "newton"] %} |
| - service: nova_apache_restart |
| {%- endif %} |
| |
| {% for service_name in controller.services %} |
| |
| {{ service_name }}_logging_conf: |
| file.managed: |
| - name: /etc/nova/logging/logging-{{ service_name }}.conf |
| - source: salt://oslo_templates/files/logging/_logging.conf |
| - template: jinja |
| - user: nova |
| - group: nova |
| - require: |
| - pkg: nova_controller_packages |
| {%- if controller.logging.log_handlers.get('fluentd').get('enabled', False) %} |
| - pkg: nova_controller_fluentd_logger_package |
| {%- endif %} |
| - makedirs: True |
| - defaults: |
| service_name: {{ service_name }} |
| _data: {{ controller.logging }} |
| - watch_in: |
| - service: nova_controller_services |
| {%- if controller.version not in ["juno", "kilo", "liberty", "mitaka", "newton"] %} |
| - service: nova_apache_restart |
| {%- endif %} |
| |
| {% endfor %} |
| {% endif %} |
| |
| {%- if controller.version not in ['liberty', 'mitaka', 'newton'] %} |
| {# nova no longer ships with a default policy.json #} |
| {#- Since Queens release `policy.json` is changed to `policy.yaml`. But default option in `oslo_policy` is `policy.json` #} |
| /etc/nova/{{ controller.get('oslo_policy', {}).get('policy_file', 'policy.json') }}: |
| file.managed: |
| - contents: '{}' |
| - replace: False |
| - user: nova |
| - group: nova |
| - require: |
| - pkg: nova_controller_packages |
| {%- endif %} |
| |
| {%- for name, rule in controller.get('policy', {}).iteritems() %} |
| |
| {%- if rule != None %} |
| nova_keystone_rule_{{ name }}_present: |
| keystone_policy.rule_present: |
| - path: /etc/nova/{{ controller.get('oslo_policy', {}).get('policy_file', 'policy.json') }} |
| - name: {{ name }} |
| - rule: {{ rule }} |
| - require: |
| - pkg: nova_controller_packages |
| {% if controller.version not in ['liberty', 'mitaka', 'newton'] %} |
| - file: /etc/nova/{{ controller.get('oslo_policy', {}).get('policy_file', 'policy.json') }} |
| {% endif%} |
| |
| {%- else %} |
| |
| nova_keystone_rule_{{ name }}_absent: |
| keystone_policy.rule_absent: |
| - path: /etc/nova/{{ controller.get('oslo_policy', {}).get('policy_file', 'policy.json') }} |
| - name: {{ name }} |
| - require: |
| - pkg: nova_controller_packages |
| {% if controller.version not in ['liberty', 'mitaka', 'newton'] %} |
| - file: /etc/nova/{{ controller.get('oslo_policy', {}).get('policy_file', 'policy.json') }} |
| {% endif%} |
| |
| {%- endif %} |
| |
| {%- endfor %} |
| |
| {%- if controller.version not in ["juno", "kilo", "liberty", "mitaka", "newton"] %} |
| {%- if controller.get('update_cells') %} |
| |
| nova_update_cell0: |
| novang.update_cell: |
| - name: "cell0" |
| - db_name: {{ controller.database.name }}_cell0 |
| - db_engine: {{ controller.database.engine }} |
| - db_password: {{ controller.database.password }} |
| - db_user: {{ controller.database.user }} |
| - db_address: {{ controller.database.host }} |
| {%- if grains.get('noservices') %} |
| - onlyif: /bin/false |
| {%- endif %} |
| |
| {%- set rabbit_port = controller.message_queue.get('port', 5671 if controller.message_queue.get('ssl',{}).get('enabled', False) else 5672) %} |
| |
| nova_update_cell1: |
| novang.update_cell: |
| - name: "cell1" |
| - db_name: {{ controller.database.name }} |
| {%- if controller.message_queue.members is defined %} |
| - transport_url: rabbit://{% for member in controller.message_queue.members -%} |
| {{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ member.host }}:{{ member.get('port', rabbit_port) }} |
| {%- if not loop.last -%},{%- endif -%} |
| {%- endfor -%} |
| /{{ controller.message_queue.virtual_host }} |
| {%- else %} |
| - transport_url: rabbit://{{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ controller.message_queue.host }}:{{ rabbit_port}}/{{ controller.message_queue.virtual_host }} |
| {%- endif %} |
| - db_engine: {{ controller.database.engine }} |
| - db_password: {{ controller.database.password }} |
| - db_user: {{ controller.database.user }} |
| - db_address: {{ controller.database.host }} |
| {%- if grains.get('noservices') %} |
| - onlyif: /bin/false |
| {%- endif %} |
| |
| {%- endif %} |
| |
| nova_placement_service_mask: |
| file.symlink: |
| - name: /etc/systemd/system/nova-placement-api.service |
| - target: /dev/null |
| |
| nova_placement_package: |
| pkg.installed: |
| - name: nova-placement-api |
| - require: |
| - file: nova_placement_service_mask |
| |
| {#- Creation of sites using templates is deprecated, sites should be generated by apache pillar, and enabled by barbican formula #} |
| {%- if pillar.get('apache', {}).get('server', {}).get('site', {}).nova_placement is not defined %} |
| |
| nova_placement_apache_conf_file: |
| file.managed: |
| - name: /etc/apache2/sites-available/nova-placement-api.conf |
| - source: salt://nova/files/{{ controller.version }}/nova-placement-api.conf |
| - template: jinja |
| - require: |
| - pkg: nova_controller_packages |
| - pkg: nova_placement_package |
| |
| placement_config: |
| apache_site.enabled: |
| - name: nova-placement-api |
| - require: |
| - nova_placement_apache_conf_file |
| |
| {%- else %} |
| |
| nova_cleanup_configs: |
| file.absent: |
| - names: |
| - '/etc/apache2/sites-available/nova-placement-api.conf' |
| - '/etc/apache2/sites-enabled/nova-placement-api.conf' |
| |
| nova_placement_apache_conf_file: |
| file.exists: |
| - name: /etc/apache2/sites-available/wsgi_nova_placement.conf |
| - require: |
| - pkg: nova_placement_package |
| - nova_cleanup_configs |
| |
| placement_config: |
| apache_site.enabled: |
| - name: wsgi_nova_placement |
| - require: |
| - nova_placement_apache_conf_file |
| |
| {%- endif %} |
| |
| nova_controller_discover_hosts: |
| cmd.run: |
| - name: nova-manage cell_v2 discover_hosts --verbose --by-service |
| {%- if grains.get('noservices') %} |
| - onlyif: /bin/false |
| {%- endif %} |
| - runas: 'nova' |
| - require: |
| - sls: nova.db.offline_sync |
| |
| nova_controller_map_instances: |
| novav21.instances_mapped_to_cell: |
| - name: 'cell1' |
| {%- if controller.get('mapped_instances_max_count') %} |
| - max_count: {{ controller.get('mapped_instances_max_count') }} |
| {%- endif %} |
| - timeout: {{ controller.get('mapped_instances_interval', 60) }} |
| {%- if grains.get('noservices') %} |
| - onlyif: /bin/false |
| {%- endif %} |
| - require: |
| - cmd: nova_controller_discover_hosts |
| - pkg: nova_controller_packages |
| |
| {%- endif %} |
| |
| {%- if controller.version not in ["juno", "kilo", "liberty", "mitaka", "newton"] %} |
| |
| nova_apache_restart: |
| service.running: |
| - enable: true |
| - name: apache2 |
| {%- if grains.get('noservices') %} |
| - onlyif: /bin/false |
| {%- endif %} |
| - require: |
| - sls: nova.db.offline_sync |
| - sls: nova._ssl.mysql |
| - watch: |
| - file: /etc/nova/nova.conf |
| - file: /etc/nova/api-paste.ini |
| - nova_placement_apache_conf_file |
| - placement_config |
| |
| {%- endif %} |
| nova_controller_services: |
| service.running: |
| - enable: true |
| - names: {{ controller.services }} |
| {%- if grains.get('noservices') %} |
| - onlyif: /bin/false |
| {%- endif %} |
| - require: |
| - sls: nova.db.offline_sync |
| - sls: nova._ssl.mysql |
| - sls: nova._ssl.rabbitmq |
| - require_in: |
| - sls: nova.db.online_sync |
| - watch: |
| - file: /etc/nova/nova.conf |
| - file: /etc/nova/api-paste.ini |
| |
| {%- if grains.get('virtual_subtype', None) == "Docker" %} |
| |
| nova_entrypoint: |
| file.managed: |
| - name: /entrypoint.sh |
| - template: jinja |
| - source: salt://nova/files/entrypoint.sh |
| - mode: 755 |
| |
| {%- endif %} |
| |
| {%- if controller.get('libvirt', {}).rng_dev_path is defined and controller.libvirt.rng_dev_path == '/dev/hwrng' %} |
| create_hwrng_udev_rule_controller: |
| file.managed: |
| - name: /etc/udev/rules.d/90-hwrng.rules |
| - source: salt://nova/files/90-hwrng.rules |
| - user: root |
| - group: root |
| - mode: 0644 |
| - onlyif: test -c /dev/hwrng |
| |
| trigger_hwrng_udev_controller: |
| cmd.run: |
| - name: udevadm trigger /dev/hwrng |
| - onchanges: |
| - file: /etc/udev/rules.d/90-hwrng.rules |
| |
| {%- endif %} |
| |
| |
| {%- endif %} |