# nova.conf [DEFAULT] debug = {{ nova_logging_debug }} log_dir = /var/log/kolla/nova state_path = /var/lib/nova allow_resize_to_same_host = true {% if service_name == "nova-compute-ironic" %} host={{ ansible_facts.hostname }}-ironic log_file = /var/log/kolla/nova/nova-compute-ironic.log compute_driver = ironic.IronicDriver ram_allocation_ratio = 1.0 reserved_host_memory_mb = 0 {% elif enable_nova_fake | bool %} host = {{ ansible_facts.hostname }}_{{ service_name }} compute_driver = fake.FakeDriver {% elif nova_compute_virt_type == 'vmware' %} compute_driver = vmwareapi.VMwareVCDriver {% else %} compute_driver = libvirt.LibvirtDriver {% endif %} # Though my_ip is not used directly, lots of other variables use $my_ip my_ip = {{ api_interface_address }} {% if enable_ceilometer | bool or enable_designate | bool %} instance_usage_audit = True instance_usage_audit_period = hour {% if enable_watcher | bool %} compute_monitors=nova.compute.monitors.cpu.virt_driver {% endif %} {% endif %} transport_url = {{ nova_cell_rpc_transport_url }} [conductor] workers = {{ openstack_service_workers }} {% if nova_console == 'novnc' %} [vnc] {% if service_name == "nova-compute-ironic" %} enabled = false {% else %} novncproxy_host = {{ api_interface_address }} novncproxy_port = {{ nova_novncproxy_listen_port }} server_listen = {{ api_interface_address }} server_proxyclient_address = {{ api_interface_address }} {% if inventory_hostname in groups[nova_cell_compute_group] %} novncproxy_base_url = {{ public_protocol }}://{{ nova_novncproxy_fqdn | put_address_in_context('url') }}:{{ nova_novncproxy_port }}/vnc_auto.html {% endif %} {% endif %} {% elif nova_console == 'spice' %} [vnc] # We have to turn off vnc to use spice enabled = false [spice] enabled = true server_listen = {{ api_interface_address }} server_proxyclient_address = {{ api_interface_address }} {% if inventory_hostname in groups[nova_cell_compute_group] %} html5proxy_base_url = {{ public_protocol }}://{{ nova_spicehtml5proxy_fqdn | put_address_in_context('url') }}:{{ nova_spicehtml5proxy_port }}/spice_auto.html {% endif %} html5proxy_host = {{ api_interface_address }} html5proxy_port = {{ nova_spicehtml5proxy_listen_port }} {% elif nova_console == 'none' %} [vnc] enabled = false [spice] enabled = false {% endif %} {% if enable_nova_serialconsole_proxy | bool %} [serial_console] enabled = true base_url = {{ nova_serialproxy_protocol }}://{{ nova_serialproxy_fqdn | put_address_in_context('url') }}:{{ nova_serialproxy_port }}/ serialproxy_host = {{ api_interface_address }} serialproxy_port = {{ nova_serialproxy_listen_port }} proxyclient_address = {{ api_interface_address }} {% endif %} {% if service_name == "nova-compute-ironic" %} [ironic] username = {{ ironic_keystone_user }} password = {{ ironic_keystone_password }} auth_url = {{ openstack_auth.auth_url }}/v3 cafile = {{ openstack_cacert }} auth_type = password project_name = service user_domain_name = {{ default_user_domain_name }} project_domain_name = {{ default_project_domain_name }} endpoint_override = {{ ironic_internal_endpoint }}/v1 {% endif %} [oslo_concurrency] lock_path = /var/lib/nova/tmp [glance] debug = {{ nova_logging_debug }} api_servers = {{ glance_internal_endpoint }} cafile = {{ openstack_cacert }} num_retries = 3 {% if enable_cinder | bool %} [cinder] catalog_info = volumev3:cinderv3:internalURL os_region_name = {{ openstack_region_name }} auth_url = {{ keystone_admin_url }} auth_type = password project_domain_name = {{ default_project_domain_name }} user_domain_id = {{ default_user_domain_id }} project_name = service username = {{ cinder_keystone_user }} password = {{ cinder_keystone_password }} cafile = {{ openstack_cacert }} {% endif %} [neutron] metadata_proxy_shared_secret = {{ metadata_secret }} service_metadata_proxy = true {% if neutron_plugin_agent == 'vmware_nsxv3' %} ovs_bridge = {{ ovs_bridge }} {% endif %} auth_url = {{ keystone_admin_url }} auth_type = password cafile = {{ openstack_cacert }} project_domain_name = {{ default_project_domain_name }} user_domain_id = {{ default_user_domain_id }} project_name = service username = {{ neutron_keystone_user }} password = {{ neutron_keystone_password }} region_name = {{ openstack_region_name }} valid_interfaces = internal {% if not service_name.startswith('nova-compute') %} [database] connection = mysql+pymysql://{{ nova_cell_database_user }}:{{ nova_cell_database_password }}@{{ nova_cell_database_address | put_address_in_context('url') }}:{{ nova_cell_database_port }}/{{ nova_cell_database_name }} connection_recycle_time = {{ database_connection_recycle_time }} max_overflow = 1000 max_pool_size = {{ database_max_pool_size }} max_retries = -1 {% if service_name == 'nova-cell-bootstrap' or (service_name == 'nova-conductor' and nova_cell_conductor_has_api_database | bool) %} [api_database] connection = mysql+pymysql://{{ nova_api_database_user }}:{{ nova_api_database_password }}@{{ nova_api_database_address }}/{{ nova_api_database_name }} connection_recycle_time = {{ database_connection_recycle_time }} max_pool_size = {{ database_max_pool_size }} max_retries = -1 {% endif %} {% endif %} {% if service_name == 'nova-compute' %} {% if nova_compute_virt_type in ['kvm', 'qemu'] %} {# must be an include because Ansible 2.8 (and earlier) does not like defined variables referencing undefined variables: migration_interface_address here #} {# see https://github.com/ansible/ansible/issues/58835 #} {% include 'nova.conf.d/libvirt.conf.j2' %} {% endif %} {% endif %} {% if nova_compute_virt_type == "vmware" %} [vmware] host_ip = {{ vmware_vcenter_host_ip }} host_username = {{ vmware_vcenter_host_username }} host_password = {{ vmware_vcenter_host_password }} cluster_name = {{ vmware_vcenter_cluster_name }} datastore_regex = {{ vmware_vcenter_datastore_regex }} insecure = {{ vmware_vcenter_insecure }} {% if not vmware_vcenter_insecure | bool %} ca_file = /etc/nova/vmware_ca {% endif %} {% endif %} [upgrade_levels] compute = auto [oslo_messaging_notifications] transport_url = {{ nova_cell_notify_transport_url }} {% if nova_enabled_notification_topics %} driver = messagingv2 topics = {{ nova_enabled_notification_topics | map(attribute='name') | join(',') }} {% else %} driver = noop {% endif %} {% if om_enable_rabbitmq_tls | bool %} [oslo_messaging_rabbit] ssl = true ssl_ca_file = {{ om_rabbitmq_cacert }} {% endif %} {% if service_name in nova_cell_services_require_policy_json and nova_policy_file is defined %} [oslo_policy] policy_file = {{ nova_policy_file }} {% endif %} [privsep_entrypoint] helper_command=sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf [guestfs] debug = {{ nova_logging_debug }} [placement] auth_type = password auth_url = {{ keystone_admin_url }} username = {{ placement_keystone_user }} password = {{ placement_keystone_password }} user_domain_name = {{ default_user_domain_name }} project_name = service project_domain_name = {{ default_project_domain_name }} region_name = {{ openstack_region_name }} cafile = {{ openstack_cacert }} valid_interfaces = internal [notifications] {% if enable_ceilometer | bool or enable_designate | bool or enable_neutron_infoblox_ipam_agent | bool %} notify_on_state_change = vm_and_task_state {% endif %} {% if enable_osprofiler | bool %} [profiler] enabled = true trace_sqlalchemy = true hmac_keys = {{ osprofiler_secret }} connection_string = {{ osprofiler_backend_connection_string }} {% endif %} {% if enable_barbican | bool %} [barbican] auth_endpoint = {{ keystone_internal_url }} barbican_endpoint_type = internal verify_ssl_path = {{ openstack_cacert }} {% endif %} # Cell specific settings from DevStack: # https://opendev.org/openstack/devstack/src/branch/master/lib/nova#L874 {% if service_name.startswith("nova-compute") and enable_cells | bool %} [workarounds] disable_group_policy_check_upcall = true [filter_scheduler] # When in superconductor mode, nova-compute can't send instance # info updates to the scheduler, so just disable it. track_instance_changes = false {% endif %} {% if nova_pci_passthrough_whitelist %} [pci] passthrough_whitelist = {{ nova_pci_passthrough_whitelist | to_json }} {% endif %}