openstack/charm-nova-cloud-controller
Code Issues Proposed changes
charm-nova-cloud-controller/templates/rocky/nova.conf
Felipe Reyes fd810f9afd Add support for using service tokens 
This patch configures nova-cloud-controller to send a service token
along with the received user token on requests sent to other services.
This allows those other services to accept the request even if the user
token has been invalidated since received by the nova services running
in nova-cloud-controller units, the same applies for incoming requests
from other services. Service tokens exist since Openstack Queens.

Change-Id: I95021600da8af12cb75ef5681fb5af8780ade4f8
Closes-Bug: #1992840
2023-05-18 22:32:51 -04:00

290 lines
8.0 KiB
Plaintext
Raw Permalink Blame History

# rocky
###############################################################################
# [ WARNING ]
# Configuration file maintained by Juju. Local changes may be overwritten.
###############################################################################
[DEFAULT]
verbose={{ verbose }}
debug={{ debug }}
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
logdir=/var/log/nova
state_path=/var/lib/nova
iscsi_helper=tgtadm
libvirt_use_virtio_for_bridges=True
connection_type=libvirt
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
volumes_path=/var/lib/nova/volumes
enabled_apis=osapi_compute,metadata
compute_driver=libvirt.LibvirtDriver
use_ipv6 = {{ use_ipv6 }}
osapi_compute_listen = {{ bind_host }}
{% if unique_server_names -%}
osapi_compute_unique_unique_server_names = {{ unique_server_names }}
{% endif -%}
metadata_host = {{ bind_host }}
s3_listen = {{ bind_host }}
enable_new_services = {{ enable_new_services }}
{% if debug -%}
default_log_levels = "amqp=WARN, amqplib=WARN, boto=WARN, qpid=WARN, sqlalchemy=WARN, suds=INFO, oslo.messaging=INFO, oslo_messaging=DEBUG, iso8601=WARN, requests.packages.urllib3.connectionpool=WARN, urllib3.connectionpool=WARN, websocket=WARN, requests.packages.urllib3.util.retry=WARN, urllib3.util.retry=WARN, keystonemiddleware=WARN, routes.middleware=WARN, stevedore=WARN, taskflow=WARN, keystoneauth=WARN, oslo.cache=INFO, dogpile.core.dogpile=INFO, glanceclient=WARN, oslo.privsep.daemon=INFO"
glance.debug = True
{% endif -%}
{% if transport_url %}
transport_url = {{ transport_url }}
{% endif %}
{% if dns_domain -%}
# Per LP#1805645, dhcp_domain needs to be configured for nova-metadata-api
# It gets this information from neutron.
dhcp_domain = {{ dns_domain }}
{% endif -%}
osapi_compute_workers = {{ workers }}
cpu_allocation_ratio = {{ cpu_allocation_ratio }}
ram_allocation_ratio = {{ ram_allocation_ratio }}
disk_allocation_ratio = {{ disk_allocation_ratio }}
use_syslog={{ use_syslog }}
my_ip = {{ host_ip }}
{% include "parts/novnc" %}
{% if max_local_block_devices is not none -%}
max_local_block_devices = {{ max_local_block_devices }}
{% endif -%}
{% if rbd_pool -%}
rbd_pool = {{ rbd_pool }}
rbd_user = {{ rbd_user }}
rbd_secret_uuid = {{ rbd_secret_uuid }}
{% endif -%}
{% if neutron_plugin and neutron_plugin in ('ovs', 'midonet') -%}
libvirt_vif_driver = nova.virt.libvirt.vif.LibvirtGenericVIFDriver
libvirt_user_virtio_for_bridges = True
{% if neutron_security_groups -%}
security_group_api = {{ network_manager }}
nova_firewall_driver = nova.virt.firewall.NoopFirewallDriver
{% endif -%}
{% if external_network -%}
default_floating_pool = {{ external_network }}
{% endif -%}
{% endif -%}
{% if neutron_plugin and neutron_plugin == 'vsp' -%}
neutron_ovs_bridge = alubr0
{% endif -%}
{% if neutron_plugin and neutron_plugin == 'nvp' -%}
security_group_api = neutron
nova_firewall_driver = nova.virt.firewall.NoopFirewallDriver
{% if external_network -%}
default_floating_pool = {{ external_network }}
{% endif -%}
{% endif -%}
{% if neutron_plugin and neutron_plugin == 'Calico' -%}
security_group_api = neutron
nova_firewall_driver = nova.virt.firewall.NoopFirewallDriver
{% endif -%}
{% if neutron_plugin and neutron_plugin == 'plumgrid' -%}
security_group_api=neutron
firewall_driver = nova.virt.firewall.NoopFirewallDriver
{% endif -%}
{% if network_manager_config -%}
{% for key, value in network_manager_config.items() -%}
{{ key }} = {{ value }}
{% endfor -%}
{% endif -%}
{% if network_manager and network_manager == 'neutron' -%}
network_api_class = nova.network.neutronv2.api.API
{% else -%}
network_manager = nova.network.manager.FlatDHCPManager
{% endif -%}
{% if default_floating_pool -%}
default_floating_pool = {{ default_floating_pool }}
{% endif -%}
{% if volume_service -%}
volume_api_class=nova.volume.cinder.API
{% endif -%}
{% if user_config_flags -%}
{% for key, value in user_config_flags.items() -%}
{{ key }} = {{ value }}
{% endfor -%}
{% endif -%}
{% if listen_ports -%}
{% for key, value in listen_ports.items() -%}
{{ key }} = {{ value }}
{% endfor -%}
{% endif -%}
{% if sections and 'DEFAULT' in sections -%}
{% for key, value in sections['DEFAULT'] -%}
{{ key }} = {{ value }}
{% endfor -%}
{% endif %}
[upgrade_levels]
compute = auto
{% include "section-zeromq" %}
{% include "parts/database-v2" %}
{% include "parts/database-api" %}
{% if glance_api_servers -%}
[glance]
api_servers = {{ glance_api_servers }}
{% endif -%}
{% if network_manager and network_manager == 'neutron' %}
{% include "parts/section-neutron" %}
{% endif %}
{% include "section-keystone-authtoken-mitaka" %}
{% include "section-service-user" %}
{% include "parts/section-cinder" %}
[osapi_v3]
enabled=True
{% include "parts/cell" %}
[conductor]
workers = {{ workers }}
{% include "section-oslo-messaging-rabbit" %}
{% include "section-oslo-notifications" %}
[oslo_concurrency]
lock_path=/var/lock/nova
[vnc]
{% if console_access_port and console_access_protocol == 'novnc' -%}
novncproxy_port = {{ console_access_port }}
{% endif %}
{% if console_access_port and console_access_protocol == 'xvpvnc' -%}
xvpvncproxy_port = {{ console_access_port }}
{% endif %}
[spice]
{% include "parts/spice" %}
{% if console_access_port and console_access_protocol == 'spice' -%}
html5proxy_port = {{ console_access_port }}
{% endif %}
{% include "parts/section-serial-console" %}
{% if memcached_servers %}
[cache]
enabled = true
backend = oslo_cache.memcache_pool
memcache_servers = {{ memcached_servers }}
{% endif %}
{% include "section-placement" %}
[scheduler]
# NOTE(jamespage): perform automatic host cell mapping
# until we can orchestrate this better
# using the nova-cc <--> nova-compute
# relation
discover_hosts_in_cells_interval = 30
workers = {{ workers }}
[filter_scheduler]
{% if additional_neutron_filters is defined %}
enabled_filters = {{ scheduler_default_filters }},{{ additional_neutron_filters }}
{% else %}
enabled_filters = {{ scheduler_default_filters }}
{% endif %}
{% if not skip_hosts_with_build_failures %}
# Disable BuildFailureWeigher as any failed build will result
# in a very low weighting for the hypervisor, resulting in
# instances all being scheduled to hypervisors with no build
# failures.
# https://bugs.launchpad.net/charm-nova-cloud-controller/+bug/1818239
build_failure_weight_multiplier = 0.0
{% endif %}
{%- if scheduler_host_subset_size %}
host_subset_size = {{ scheduler_host_subset_size }}
{%- endif %}
{%- if scheduler_max_attempts %}
max_attempts = {{ scheduler_max_attempts }}
{%- endif %}
[api]
auth_strategy=keystone
{% if vendor_data or vendor_data_url -%}
vendordata_providers = {{ vendordata_providers }}
{% if vendor_data -%}
vendordata_jsonfile_path = /etc/nova/vendor_data.json
{% endif -%}
{% if vendor_data_url -%}
vendordata_dynamic_targets = {{ vendor_data_url }}
{% endif -%}
{% endif -%}
[wsgi]
api_paste_config=/etc/nova/api-paste.ini
[pci]
{% if pci_alias %}
alias = {{ pci_alias }}
{% endif %}
{% for alias in pci_aliases -%}
alias = {{ alias }}
{% endfor -%}
{% include "section-oslo-middleware" %}
[quota]
{% if quota_instances is not none -%}
instances = {{ quota_instances }}
{% endif -%}
{% if quota_cores is not none -%}
cores = {{ quota_cores }}
{% endif -%}
{% if quota_ram is not none -%}
ram = {{ quota_ram }}
{% endif -%}
{% if quota_metadata_items is not none -%}
metadata_items = {{ quota_metadata_items }}
{% endif -%}
{% if quota_injected_files is not none -%}
injected_files = {{ quota_injected_files }}
{% endif -%}
{% if quota_injected_file_content_bytes is not none -%}
injected_file_content_bytes = {{ quota_injected_file_content_bytes }}
{% endif -%}
{% if quota_injected_file_path_length is not none -%}
injected_file_path_length = {{ quota_injected_file_path_length }}
{% endif -%}
{% if quota_key_pairs is not none -%}
key_pairs = {{ quota_key_pairs }}
{% endif -%}
{% if quota_server_groups is not none -%}
server_groups = {{ quota_server_groups }}
{% endif -%}
{% if quota_server_group_members is not none -%}
server_group_members = {{ quota_server_group_members }}
{% endif -%}
View Git Blame Copy Permalink