20 Commits

Author SHA1 Message Date
Frode Nordahl
2eef644a5c Revert "Update policy.json to give service role access"
This reverts commit ec2579a8448281cdf1154018c0a56c9d4b174e36.

We are not quite ready for fine grained RBAC for service
accounts.

Change-Id: I210685d7b9036abb191073d512f8a65ebff30613
Closes-Bug: 1655028
2017-01-11 15:33:11 +01:00
Frode Nordahl
ec2579a844 Update policy.json to give service role access
Role check is scoped to the configured service project and access
is granted to os_compute_api:servers:detail:get_all_tenants.

This change is required to allow Ceilometer to operate using a
non-Admin user.

Change-Id: I17729e2089cc658588eaea93f8de5051369e5dff
Closes-Bug: 1636098
2016-11-29 08:41:49 +01:00
James Page
469ef8dced Add support for serial console proxy access
Support access to instances via optionally enabled serial console
feature provided in Nova.

Seria console access is enabled using a new config flag; this flag
plus the required base_url for the nova-serialproxy are also passed
over the cloud-compute relation for use in nova-compute units.

This is only supported in OpenStack Juno or later, and replaces
the standard output to the nova console-log.

Change-Id: I3bfcca88bd6147be337e6d770db7348170b914e6
2016-09-15 12:37:33 +01:00
James Page
920deeaf61 Enable use of use_neutron flag
For mitaka onwards, use of the 'use_neutron' flag should be made
instead of setting the network API class.

For newton, this is required as the network_api_class is ignored.

Change-Id: I843d82eb0518a0c27858816becf0f8b392bdb5eb
2016-07-20 13:31:02 +01:00
Jenkins
5c9a385430 Merge "Add support for SR-IOV enablement via neutron-api" 2016-06-23 09:59:23 +00:00
Timothy Kuhlman
422c2797b3 Add support for SR-IOV enablement via neutron-api
The neutron-api charm will present an 'enable-sriov' flag to the
nova-cloud-controller charm when SR-IOV support has been enabled by the
end user; ensure that the PciPassthroughFilter is added to the filter
chain when SR-IOV is enabled, so that instances with SR-IOV device
assignments are scheduled to the correct compute hosts.

Change-Id: Iffa77abf22823ce37999ea08f943ce5eeb6af492
2016-05-25 10:28:57 -06:00
Ryo Tagami
854e3e7533 Add MidoNet support in nova-cc
When using MidoNet as Neutron plugin, booting instance with security
group other than `default` will result in failure.  This is because some
of the essential configuration options are missing from `nova.conf` on
Nova controller, namely `firewall_driver`, `libvirt_vif_driver`, and
`security_group_api`.

This commit will fix this problem by configuring those configuration
options in `nova.conf` on Nova controller.

Change-Id: Ibbaf6720bb27512a9d7dfe68d3258dd84ed17b0b
Signed-off-by: Ryo Tagami <rtagami@airstrip.jp>
2016-05-02 13:05:40 +09:00
Liam Young
44a5cc737c Update keystone_auth section for Mitaka
The keystone_auth section has changed for Mitaka. The Liberty format
,which is currently being used, is incompatible with keystone v3 on
Mitaka as it assumes the id of the default domain is default where
as in Mitaka it is a uuid.

The install documentation for Mitaka dictates that domain name should
be used rather than id when setting project_domain and user_domain

Change-Id: Id79a3dc10f3f08f837e6efdfb446380bb00a5891
Partial-Bug: 1571347
2016-04-17 16:59:46 +00:00
Corey Bryant
902224c44b Update config templates for Mitaka
Update api-paste.ini to align with the upstream Mitaka version.

Add nova.conf for Mitaka, dropping all EC2 config options as the
EC2 API was dropped from the nova source tree in Mitaka.

Change-Id: I341d0043d2580db2aa7974537321913dac70c3b7
2016-04-08 15:40:59 +00:00
Liam Young
0e58516b13 Add Liberty template with keystone v3 support
This change adds a template for liberty or above that works with a keystone
v3 endpoint. It also removes the Mitaka template as it duplicated the liberty
one.

Change-Id: Ic0bd24c8516b541c44dac9c8a92357050e75fcf6
Partial-Bug: 1522397
2016-03-29 08:20:24 +00:00
James Page
90f376453b Add nova-api database setup for Mitaka
Mitaka requires the use of a separate nova-api database;
ensure that this is setup on the shared-db relation and add
a new [api_database] section to the mitaka nova.conf file.

Add a new NovaAPISharedDBContext wrapper to prefix the key
names for the nova-api database with 'nova_api_' so that we
can present two database connections to the same configuration
file.

Ensure that 'nova-manage api_db sync' is called for database
setup for >= mitaka release.

For upgrades, ensure that the database migration and service
start is deferred until the nova_api database has been
setup by the related mysql service.

Closes-Bug: #1556896

Change-Id: If1c9a037b1e0745a486a57fddf885e26aa7e313d
2016-03-18 12:28:57 +00:00
billy.olsen@canonical.com
8808bf9302 Update code with feedback from code review:
1. Rebase
2. Update the new mitaka/nova.conf template
3. Add related_unit call to get the units
2016-02-17 10:24:59 -07:00
James Page
1e8a5fc028 Fixup template header 2016-02-12 11:53:43 +00:00
James Page
e5e8a7044a Username ffs 2016-02-09 12:46:31 +00:00
James Page
61a89dacb4 More depreprecation warnings 2016-02-09 12:42:21 +00:00
James Page
bc46078b86 Set region as well 2016-02-09 12:41:14 +00:00
James Page
3021763bb6 More fixes 2016-02-09 12:39:37 +00:00
James Page
556971804c Attempt to fixup neutron 2016-02-09 12:35:49 +00:00
Liam Young
c68cb753ae Update api-paste.ini from https://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/nova/tree/etc/nova/api-paste.ini 2016-01-20 11:50:19 +00:00
Liam Young
bd2de4a870 Fix up paste ini for mitaka 2016-01-15 14:34:22 +00:00