{%- set default_params = {
    'cacert_file': salt['grains.filter_by']({
        'Debian': '/etc/ssl/certs/ca-certificates.crt',
        'RedHat': '/etc/pki/tls/certs/ca-bundle.crt'
    })}
%}

# TODO(vsaienko) add more drivers settings when they are templatized
{% set compute_driver_mapping = {
    'vmwareapi.VMwareVCDriver': 'vmware',
} %}

{% set compute_bind_defaults = {
    'vnc_address': '10.0.0.10',
    'vnc_port': '6080',
    'vnc_name': 'cloud.domain.com',
    'vnc_protocol': 'http',
} %}

{%- if grains.os_family == "Debian" %}
{%- set pkgs_list = [ 'nova-common', 'nova-consoleproxy', 'novnc', 'nova-api', 'nova-conductor', 'nova-consoleauth', 'nova-doc', 'nova-scheduler', 'python-novaclient', 'python-memcache', 'gettext-base', 'python-pycadf'] %}
{%- set services_list = ['nova-conductor', 'nova-api', 'nova-consoleauth', 'nova-scheduler', 'nova-novncproxy'] %}
{%- if pillar.nova.controller is defined and pillar.nova.controller.get('version',{}) in ["juno", "kilo", "liberty", "mitaka"] %}
{%- do pkgs_list.append('nova-cert') %}
{%- do services_list.append('nova-cert') %}
{%- endif %}
{%- endif %}

{%- if grains.os_family == "RedHat" %}
{%- set pkgs_list = ['openstack-nova-novncproxy', 'python-nova', 'openstack-nova-api', 'openstack-nova-console', 'openstack-nova-scheduler', 'python-novaclient', 'openstack-nova-common', 'openstack-nova-conductor', 'python-pycadf'] %}
{%- set services_list = ['openstack-nova-conductor', 'openstack-nova-api', 'openstack-nova-consoleauth', 'openstack-nova-scheduler', 'openstack-nova-novncproxy'] %}
{%- if pillar.nova.controller is defined and pillar.nova.controller.get('version',{}) in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata"] %}
{%- do pkgs_list.append('openstack-nova-cert') %}
{%- do services_list.append('openstack-nova-cert') %}
{%- endif %}
{%- endif %}

{% set controller = salt['grains.filter_by']({
    'BaseDefaults': default_params,
    'Debian': {
        'pkgs': pkgs_list,
        'services': services_list,
        'debug': false,
        'notification': false,
        'cors': {},
        'audit': {
          'enabled': false
        },
        'logging': {
          'app_name': 'nova',
          'log_appender': false,
          'log_handlers': {
            'watchedfile': {
              'enabled': true
            }
          }
        },
        'novncproxy': {
          'tls': {
            'enabled': false,
            'server': {
              'key_file': '/etc/pki/nova-novncproxy/server-key.pem',
              'cert_file': '/etc/pki/nova-novncproxy/server-cert.pem',
            }
          },
          'vencrypt': {
            'tls': {
              'enabled': false,
              'key_file': '/etc/pki/nova-novncproxy/client-key.pem',
              'cert_file': '/etc/pki/nova-novncproxy/client-cert.pem',
              'ca_file': '/etc/pki/nova-novncproxy/ca-cert.pem',
            }
          }
        },
    },
    'RedHat': {
        'pkgs': pkgs_list,
        'services': services_list,
        'debug': false,
        'notification': false,
        'cors': {},
        'audit': {
          'enabled': false
        },
        'logging': {
          'app_name': 'nova',
          'log_appender': false,
          'log_handlers': {
            'watchedfile': {
              'enabled': true
            }
          }
        },
        'novncproxy': {
          'tls': {
            'enabled': false,
            'server': {
              'key_file': '/etc/pki/nova-novncproxy/server-key.pem',
              'cert_file': '/etc/pki/nova-novncproxy/server-cert.pem',
            }
          },
          'vencrypt': {
            'tls': {
              'enabled': false,
              'key_file': '/etc/pki/nova-novncproxy/client-key.pem',
              'cert_file': '/etc/pki/nova-novncproxy/client-cert.pem',
              'ca_file': '/etc/pki/nova-novncproxy/ca-cert.pem',
            }
          }
        },
    },
}, merge=pillar.nova.get('controller', {}), base='BaseDefaults') %}

{% set upgrade = pillar.get('nova', {}).get('upgrade', {}) %}
{% set pin_level = 'auto' %}

{% set upgrade_levels = salt['grains.filter_by']({
    'Debian': {
        'upgrade_levels': {
          'compute': pin_level,
          'cells': pin_level,
          'intercell': pin_level,
          'cert': pin_level,
          'scheduler': pin_level,
          'conductor': pin_level,
          'console': pin_level,
          'consoleauth': pin_level,
          'network': pin_level,
          'baseapi': pin_level,
        },
     },
    'RedHat': {
        'upgrade_levels': {
          'compute': pin_level,
          'cells': pin_level,
          'intercell': pin_level,
          'cert': pin_level,
          'scheduler': pin_level,
          'conductor': pin_level,
          'console': pin_level,
          'consoleauth': pin_level,
          'network': pin_level,
          'baseapi': pin_level,
        },
    },
}) %}

{% set client = salt['grains.filter_by']({
    'Debian': {
        'pkgs': ['python-novaclient']
    },
    'RedHat': {
        'pkgs': ['python-novaclient']
    },
}, merge=pillar.nova.get('client', {})) %}

{% set compute_network = salt['grains.filter_by']({
    'default': {
        'dpdk': {
            'enabled': false,
        },
        'openvswitch': {
            'vhost_socket_dir': {
                'name': 'openvswitch-vhost',
                'path': '/run/openvswitch-vhost',
            },
        },
        'region': 'RegionOne',
    },
}, merge=salt['pillar.get']('linux:network'), base='default') %}

{%- load_yaml as compute_defaults %}
BaseDefaults: {{ default_params }}
Debian:
  pkgs:
  - nova-common
  - nova-compute-kvm
  - python-novaclient
  - pm-utils
  - sysfsutils
  - sg3-utils
  - libvirt-bin
  - python-memcache
  - qemu-kvm
  - python-guestfs
  - gettext-base
  services:
  - nova-compute
  libvirt_config: libvirtd.conf
  {# Since Openstack Pike Libvirt 3.6 package is installed, it requires different file name for environment file #}
  {%- if pillar.nova.compute is defined and pillar.nova.compute.version not in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata"] %}
  libvirt_bin: "/etc/default/libvirtd"
  {%- else %}
  libvirt_bin: "/etc/default/libvirt-bin"
  {%- endif %}
  libvirt_service: libvirt-bin
  bind: compute_bind_defaults
  debug: false
  qemu:
    vnc:
      tls:
        enabled: False
        key_file: '/etc/pki/libvirt-vnc/server-key.pem'
        cert_file: '/etc/pki/libvirt-vnc/server-cert.pem'
        ca_file: '/etc/pki/libvirt-vnc/ca-cert.pem'
        cert_dir: '/etc/pki/libvirt-vnc'
  libvirt:
    inject_partition: '-2'
    inject_password: False
    tls:
      enabled: False
      key_file: '/etc/pki/libvirt/private/serverkey.pem'
      cert_file: '/etc/pki/libvirt/servercert.pem'
      ca_file: '/etc/pki/CA/cacert.pem'
      client:
        key_file: '/etc/pki/libvirt/private/clientkey.pem'
        cert_file: '/etc/pki/libvirt/clientcert.pem'
  instances_path: "$state_path/instances"
  notification: false
  availability_zone:
  aggregates: []
  cpu_mode: host-passthrough
  identity:
    region: RegionOne
  network: {{ compute_network }}
  heal_instance_info_cache_interval: '60'
  message_queue:
    zmq_linger: 30
  logging:
    app_name: 'nova'
    log_appender: false
    log_handlers:
      watchedfile:
        enabled: true
RedHat:
  pkgs:
  - openstack-nova-compute
  - python-novaclient
  - python-nova
  - sysfsutils
  - sg3_utils
  services:
  - messagebus
  - openstack-nova-compute
  - libvirtd
  libvirt_config: libvirt.conf
  libvirt_bin: "/etc/sysconfig/libvirtd"
  libvirt_service: libvirtd
  bind: compute_bind_defaults
  debug: false
  qemu:
    vnc:
      tls:
        enabled: False
        key_file: '/etc/pki/libvirt-vnc/server-key.pem'
        cert_file: '/etc/pki/libvirt-vnc/server-cert.pem'
        ca_file: '/etc/pki/libvirt-vnc/ca-cert.pem'
        cert_dir: '/etc/pki/libvirt-vnc'
  libvirt:
    inject_partition: '-2'
    inject_password: False
    tls:
      enabled: False
      key_file: '/etc/pki/libvirt/private/serverkey.pem'
      cert_file: '/etc/pki/libvirt/servercert.pem'
      ca_file: '/etc/pki/CA/cacert.pem'
      client:
        key_file: '/etc/pki/libvirt/private/clientkey.pem'
        cert_file: '/etc/pki/libvirt/clientcert.pem'
  notification: false
  availability_zone:
  identity:
    region: RegionOne
  network: {{ compute_network }}
  heal_instance_info_cache_interval: '60'
  message_queue:
    zmq_linger: 30
  logging:
    app_name: 'nova'
    log_appender: false
    log_handlers:
      watchedfile:
        enabled: true
{%- endload %}
{% set compute = salt["grains.filter_by"](compute_defaults, merge=pillar.nova.get("compute", {}), base='BaseDefaults') %}

{%- if pillar.nova.get('upgrade',{}).get('upgrade_enabled',False) %}
  {% do compute.update(upgrade_levels) %}
  {% do controller.update(upgrade_levels) %}
{%- endif %}

{% set monitoring = salt['grains.filter_by']({
    'default': {
        'disk': {
              'warn': '15%',
              'crit': '5%',
        },
        'error_log_rate': {
              'warn': 0.2,
        },
        'services_failed_warning_threshold_percent': 0.3,
        'services_failed_critical_threshold_percent': 0.6,
        'computes_failed_warning_threshold_percent': 0.25,
        'computes_failed_critical_threshold_percent': 0.5,
        'cpu_minor_threshold': 0.85,
        'cpu_major_threshold': 0.95,
        'ram_major_threshold': 0.85,
        'ram_critical_threshold': 0.95,
        'disk_major_threshold': 0.85,
        'disk_critical_threshold': 0.95,
        'endpoint_failed_major_threshold': 0.5,
    },
}, grain='os_family', merge=salt['pillar.get']('nova:monitoring')) %}