6dfcf9d4c8
Calico driver support has been removed from OpenStack-Ansible starting in Antelope release [1]. We clean-up nove role to drop calico support from it as well. [1] https://review.opendev.org/c/openstack/openstack-ansible/+/866119 Change-Id: Ie9c118b8bab265e5bf06b6ec05731cd673ee4d95
63 lines
2.3 KiB
Django/Jinja
63 lines
2.3 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
{% if nova_libvirtd_listen_tls == 1 %}
|
|
# Use of TLS requires that x509 certificates be issued. The default is
|
|
# to keep them in /etc/pki/qemu. This directory must contain
|
|
#
|
|
# ca-cert.pem - the CA master certificate
|
|
# server-cert.pem - the server certificate signed with ca-cert.pem
|
|
# server-key.pem - the server private key
|
|
#
|
|
# and optionally may contain
|
|
#
|
|
# dh-params.pem - the DH params configuration file
|
|
#
|
|
# If the directory does not exist, libvirtd will fail to start. If the
|
|
# directory doesn't contain the necessary files, QEMU domains will fail
|
|
# to start if they are configured to use TLS.
|
|
#
|
|
# In order to overwrite the default path alter the following. This path
|
|
# definition will be used as the default path for other *_tls_x509_cert_dir
|
|
# configuration settings if their default path does not exist or is not
|
|
# specifically set.
|
|
#
|
|
default_tls_x509_cert_dir = "{{ nova_qemu_ssl_dir }}"
|
|
|
|
# The default TLS configuration only uses certificates for the server
|
|
# allowing the client to verify the server's identity and establish
|
|
# an encrypted channel.
|
|
#
|
|
# It is possible to use x509 certificates for authentication too, by
|
|
# issuing an x509 certificate to every client who needs to connect.
|
|
#
|
|
# Enabling this option will reject any client who does not have a
|
|
# certificate signed by the CA in /etc/pki/qemu/ca-cert.pem
|
|
#
|
|
# The default_tls_x509_cert_dir directory must also contain
|
|
#
|
|
# client-cert.pem - the client certificate signed with the ca-cert.pem
|
|
# client-key.pem - the client private key
|
|
#
|
|
# If this option is supplied it provides the default for the "_verify" option
|
|
# of specific TLS users such as vnc, backups, migration, etc. The specific
|
|
# users of TLS may override this by setting the specific "_verify" option.
|
|
#
|
|
# When not supplied the specific TLS users provide their own defaults.
|
|
#
|
|
default_tls_x509_verify = 1
|
|
{% endif %}
|
|
|
|
# Enable use of TLS encryption on the VNC server. This requires
|
|
# a VNC client which supports the VeNCrypt protocol extension.
|
|
# Examples include vinagre, virt-viewer, virt-manager and vencrypt
|
|
# itself. UltraVNC, RealVNC, TightVNC do not support this
|
|
#
|
|
# It is necessary to setup CA and issue a server certificate
|
|
# before enabling this.
|
|
#
|
|
vnc_tls = {{ nova_qemu_vnc_tls }}
|
|
|
|
{% for key, value in _nova_qemu_conf.items() %}
|
|
{{ key }} = {{ value }}
|
|
{% endfor %}
|