This reverts commit ec2579a8448281cdf1154018c0a56c9d4b174e36.
We are not quite ready for fine grained RBAC for service
accounts.
Change-Id: I210685d7b9036abb191073d512f8a65ebff30613
Closes-Bug: 1655028
Role check is scoped to the configured service project and access
is granted to os_compute_api:servers:detail:get_all_tenants.
This change is required to allow Ceilometer to operate using a
non-Admin user.
Change-Id: I17729e2089cc658588eaea93f8de5051369e5dff
Closes-Bug: 1636098
Support access to instances via optionally enabled serial console
feature provided in Nova.
Seria console access is enabled using a new config flag; this flag
plus the required base_url for the nova-serialproxy are also passed
over the cloud-compute relation for use in nova-compute units.
This is only supported in OpenStack Juno or later, and replaces
the standard output to the nova console-log.
Change-Id: I3bfcca88bd6147be337e6d770db7348170b914e6
For mitaka onwards, use of the 'use_neutron' flag should be made
instead of setting the network API class.
For newton, this is required as the network_api_class is ignored.
Change-Id: I843d82eb0518a0c27858816becf0f8b392bdb5eb
The neutron-api charm will present an 'enable-sriov' flag to the
nova-cloud-controller charm when SR-IOV support has been enabled by the
end user; ensure that the PciPassthroughFilter is added to the filter
chain when SR-IOV is enabled, so that instances with SR-IOV device
assignments are scheduled to the correct compute hosts.
Change-Id: Iffa77abf22823ce37999ea08f943ce5eeb6af492
When using MidoNet as Neutron plugin, booting instance with security
group other than `default` will result in failure. This is because some
of the essential configuration options are missing from `nova.conf` on
Nova controller, namely `firewall_driver`, `libvirt_vif_driver`, and
`security_group_api`.
This commit will fix this problem by configuring those configuration
options in `nova.conf` on Nova controller.
Change-Id: Ibbaf6720bb27512a9d7dfe68d3258dd84ed17b0b
Signed-off-by: Ryo Tagami <rtagami@airstrip.jp>
The keystone_auth section has changed for Mitaka. The Liberty format
,which is currently being used, is incompatible with keystone v3 on
Mitaka as it assumes the id of the default domain is default where
as in Mitaka it is a uuid.
The install documentation for Mitaka dictates that domain name should
be used rather than id when setting project_domain and user_domain
Change-Id: Id79a3dc10f3f08f837e6efdfb446380bb00a5891
Partial-Bug: 1571347
Update api-paste.ini to align with the upstream Mitaka version.
Add nova.conf for Mitaka, dropping all EC2 config options as the
EC2 API was dropped from the nova source tree in Mitaka.
Change-Id: I341d0043d2580db2aa7974537321913dac70c3b7
This change adds a template for liberty or above that works with a keystone
v3 endpoint. It also removes the Mitaka template as it duplicated the liberty
one.
Change-Id: Ic0bd24c8516b541c44dac9c8a92357050e75fcf6
Partial-Bug: 1522397
Mitaka requires the use of a separate nova-api database;
ensure that this is setup on the shared-db relation and add
a new [api_database] section to the mitaka nova.conf file.
Add a new NovaAPISharedDBContext wrapper to prefix the key
names for the nova-api database with 'nova_api_' so that we
can present two database connections to the same configuration
file.
Ensure that 'nova-manage api_db sync' is called for database
setup for >= mitaka release.
For upgrades, ensure that the database migration and service
start is deferred until the nova_api database has been
setup by the related mysql service.
Closes-Bug: #1556896
Change-Id: If1c9a037b1e0745a486a57fddf885e26aa7e313d