Remove hardcoded config drive enforcement

This change removes the forced use of config drive to ensure that a user
can choose to use config drive as needed. This adds ability to
disable/enable config drive and allows libvirt to listen for connections
on tcp as needed for live migrations (prohibited otherwise by config drive).

The following new variables were added to os_nova role:

nova_force_config_drive
nova_libvirtd_listen_tls: 1
nova_libvirtd_listen_tcp: 0
nova_libvirtd_auth_tcp: sasl

Change-Id: I1de35a4b3611b8bc33a21930dae3fd38f9aaa151
Closes-Bug: #1468514
DocImpact

playbooks/roles/os_nova/defaults/main.yml

@@ -173,6 +173,8 @@ nova_cert_program_name: nova-cert
 ## Nova compute
 nova_enable_instance_password: True
 nova_compute_program_name: nova-compute
+# TODO: This defaults to 'False' upstream, we should set this to 'False' in Liberty
+nova_force_config_drive: True
 
 ## Nova conductor
 nova_conductor_program_name: nova-conductor
@@ -267,6 +269,10 @@ nova_ceph_client_uuid: 517a4663-3927-44bc-9ea7-4a90e1cd4c66
 #  "compute:create": ""
 #  "compute:create:attach_network": ""
 
+## libvirtd config options
+nova_libvirtd_listen_tls: 1
+nova_libvirtd_listen_tcp: 0
+nova_libvirtd_auth_tcp: sasl
 
 ## Service Names
 nova_service_names:

playbooks/roles/os_nova/tasks/nova_compute_kvm.yml

@@ -28,4 +28,40 @@
   tags:
     - nova-kvm
 
+- name: Set libvirtd config
+  template: >
+    src=libvirtd.conf.j2
+    dest=/etc/libvirt/libvirtd.conf
+    owner="root"
+    group="root"
+    mode=0644
+  notify: Restart libvirt-bin
+  tags:
+    - nova-kvm
+    - nova-libvirt
+
+- name: Set libvirt runtime options
+  lineinfile:
+    dest: "/etc/default/libvirt-bin"
+    line: 'libvirtd_opts="-d -l"'
+    regexp: "^libvirtd_opts="
+    backup: "yes"
+  when: nova_libvirtd_listen_tcp == 1
+  notify: Restart libvirt-bin
+  tags:
+    - nova-kvm
+    - nova-libvirt
+
+- name: Set libvirt runtime options
+  lineinfile:
+    dest: "/etc/default/libvirt-bin"
+    line: 'libvirtd_opts="-d"'
+    regexp: "^libvirtd_opts="
+    backup: "yes"
+  when: nova_libvirtd_listen_tcp == 0
+  notify: Restart libvirt-bin
+  tags:
+    - nova-kvm
+    - nova-libvirt
+
 - include: nova_compute_kvm_virsh_net_remove.yml

playbooks/roles/os_nova/templates/libvirtd.conf.j2

@@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+
+listen_tls = {{ nova_libvirtd_listen_tls }}
+listen_tcp = {{ nova_libvirtd_listen_tcp }}
+unix_sock_group = "libvirtd"
+unix_sock_ro_perms = "0777"
+unix_sock_rw_perms = "0770"
+auth_unix_ro = "none"
+auth_unix_rw = "none"
+auth_tcp = "{{ nova_libvirtd_auth_tcp }}"

playbooks/roles/os_nova/templates/nova.conf.j2

@@ -108,7 +108,7 @@ vif_plugging_is_fatal = False
 default_ephemeral_format = ext4
 
 # Configdrive
-force_config_drive = always
+force_config_drive = {{ nova_force_config_drive }}
 
 # Policy
 max_age = {{ nova_max_age }}