5a3d5afa0f
This commit adds the following new variables to customise whether nova will allow key/partition/password injection: nova_libvirt_inject_key nova_libvirt_inject_partition nova_libvirt_inject_password Additionally, the following variable has been added to allow setting password via Horizon: horizon_can_set_password Lastly, password injection can now be tested with tempest via: tempest_compute_change_password Note that all variables have been defaulted to their current values. Closes-Bug: #1469238 Change-Id: Iff434ed7c042f7990990485c34d0f35b9a7baa7a
329 lines
13 KiB
YAML
329 lines
13 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Defines that the role will be deployed on a host machine
|
|
is_metal: true
|
|
|
|
# Enable/Disable ceilometer configurations
|
|
nova_ceilometer_enabled: False
|
|
|
|
## Verbosity Options
|
|
debug: False
|
|
verbose: True
|
|
nova_fatal_deprecations: False
|
|
|
|
## System info
|
|
nova_system_user_name: nova
|
|
nova_system_group_name: nova
|
|
nova_system_shell: /bin/bash
|
|
nova_system_comment: nova system user
|
|
nova_system_home_folder: "/var/lib/{{ nova_system_user_name }}"
|
|
|
|
## DB
|
|
nova_galera_user: nova
|
|
nova_galera_database: nova
|
|
nova_db_max_overflow: 10
|
|
nova_db_max_pool_size: 120
|
|
nova_db_pool_timeout: 30
|
|
|
|
## RPC
|
|
nova_rpc_backend: nova.openstack.common.rpc.impl_kombu
|
|
nova_rpc_thread_pool_size: 64
|
|
nova_rpc_conn_pool_size: 30
|
|
nova_rpc_response_timeout: 60
|
|
|
|
## Nova virtualization Type, set to KVM if supported
|
|
nova_virt_type: kvm
|
|
|
|
## Nova Auth
|
|
nova_service_region: RegionOne
|
|
nova_service_project_name: "service"
|
|
nova_service_project_domain_id: default
|
|
nova_service_user_domain_id: default
|
|
nova_service_user_name: "nova"
|
|
nova_service_role_name: "admin"
|
|
|
|
## Keystone authentication middleware
|
|
nova_keystone_auth_plugin: password
|
|
|
|
## Nova enabled apis
|
|
nova_enabled_apis: "osapi_compute,metadata"
|
|
|
|
## Nova s3
|
|
nova_s3_service_name: s3
|
|
nova_s3_service_type: s3
|
|
nova_s3_service_proto: http
|
|
nova_s3_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(nova_s3_service_proto) }}"
|
|
nova_s3_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(nova_s3_service_proto) }}"
|
|
nova_s3_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(nova_s3_service_proto) }}"
|
|
nova_s3_service_port: 3333
|
|
nova_s3_service_description: "S3 Compatibility Layer"
|
|
nova_s3_service_publicuri: "{{ nova_s3_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ nova_s3_service_port }}"
|
|
nova_s3_service_publicurl: "{{ nova_s3_service_publicuri }}"
|
|
nova_s3_service_adminuri: "{{ nova_s3_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ nova_s3_service_port }}"
|
|
nova_s3_service_adminurl: "{{ nova_s3_service_adminuri }}"
|
|
nova_s3_service_internaluri: "{{ nova_s3_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ nova_s3_service_port }}"
|
|
nova_s3_service_internalurl: "{{ nova_s3_service_internaluri }}"
|
|
nova_s3_program_name: nova-api-ec2
|
|
nova_s3_deprecated_but_enabled: false
|
|
|
|
## Nova v3
|
|
nova_v3_service_name: novav3
|
|
nova_v3_service_type: computev3
|
|
nova_v3_service_proto: http
|
|
nova_v3_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(nova_v3_service_proto) }}"
|
|
nova_v3_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(nova_v3_service_proto) }}"
|
|
nova_v3_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(nova_v3_service_proto) }}"
|
|
nova_v3_service_port: 8774
|
|
nova_v3_service_description: "Nova Compute Service V3"
|
|
nova_v3_service_publicuri: "{{ nova_v3_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ nova_v3_service_port }}"
|
|
nova_v3_service_publicurl: "{{ nova_v3_service_publicuri }}/v3"
|
|
nova_v3_service_adminuri: "{{ nova_v3_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ nova_v3_service_port }}"
|
|
nova_v3_service_adminurl: "{{ nova_v3_service_adminuri }}/v3"
|
|
nova_v3_service_internaluri: "{{ nova_v3_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ nova_v3_service_port }}"
|
|
nova_v3_service_internalurl: "{{ nova_v3_service_internaluri }}/v3"
|
|
nova_v3_deprecated_but_enabled: false
|
|
|
|
## Nova v2.1
|
|
nova_v21_service_name: novav21
|
|
nova_v21_service_type: computev21
|
|
nova_v21_service_proto: http
|
|
nova_v21_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(nova_v21_service_proto) }}"
|
|
nova_v21_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(nova_v21_service_proto) }}"
|
|
nova_v21_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(nova_v21_service_proto) }}"
|
|
nova_v21_service_port: 8774
|
|
nova_v21_service_description: "Nova Compute Service V2.1"
|
|
nova_v21_service_publicuri: "{{ nova_v21_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ nova_v21_service_port }}"
|
|
nova_v21_service_publicurl: "{{ nova_v21_service_publicuri }}/v2.1"
|
|
nova_v21_service_adminuri: "{{ nova_v21_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ nova_v21_service_port }}"
|
|
nova_v21_service_adminurl: "{{ nova_v21_service_adminuri }}/v2.1"
|
|
nova_v21_service_internaluri: "{{ nova_v21_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ nova_v21_service_port }}"
|
|
nova_v21_service_internalurl: "{{ nova_v21_service_internaluri }}/v2.1"
|
|
nova_v21_enabled: true
|
|
|
|
## Nova v2
|
|
nova_service_name: nova
|
|
nova_service_type: compute
|
|
nova_service_proto: http
|
|
nova_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(nova_service_proto) }}"
|
|
nova_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(nova_service_proto) }}"
|
|
nova_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(nova_service_proto) }}"
|
|
nova_service_port: 8774
|
|
nova_service_description: "Nova Compute Service"
|
|
nova_service_publicuri: "{{ nova_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ nova_service_port }}"
|
|
nova_service_publicurl: "{{ nova_service_publicuri }}/v2/%(tenant_id)s"
|
|
nova_service_adminuri: "{{ nova_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}"
|
|
nova_service_adminurl: "{{ nova_service_adminuri }}/v2/%(tenant_id)s"
|
|
nova_service_internaluri: "{{ nova_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}"
|
|
nova_service_internalurl: "{{ nova_service_internaluri }}/v2/%(tenant_id)s"
|
|
nova_program_name: nova-api-os-compute
|
|
|
|
## Nova ec2
|
|
# WARNNING: The EC2 api in the nova tree has been deprecated. To consume this API you'll need to
|
|
# uncomment the EC2 section found within the nova `api-paste.ini` file.
|
|
nova_ec2_service_name: ec2
|
|
nova_ec2_service_type: ec2
|
|
nova_ec2_service_proto: http
|
|
nova_ec2_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(nova_ec2_service_proto) }}"
|
|
nova_ec2_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(nova_ec2_service_proto) }}"
|
|
nova_ec2_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(nova_ec2_service_proto) }}"
|
|
nova_ec2_service_port: 8773
|
|
nova_ec2_service_description: "EC2 Compatibility Layer"
|
|
nova_ec2_service_publicuri: "{{ nova_ec2_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ nova_ec2_service_port }}"
|
|
nova_ec2_service_publicurl: "{{ nova_ec2_service_publicuri }}/services/Cloud"
|
|
nova_ec2_service_adminuri: "{{ nova_ec2_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ nova_ec2_service_port }}"
|
|
nova_ec2_service_adminurl: "{{ nova_ec2_service_adminuri }}/services/Admin"
|
|
nova_ec2_service_internaluri: "{{ nova_ec2_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ nova_ec2_service_port }}"
|
|
nova_ec2_service_internalurl: "{{ nova_ec2_service_internaluri }}/services/Cloud"
|
|
nova_ec2_program_name: nova-api-ec2
|
|
nova_ec2_deprecated_but_enabled: false
|
|
|
|
## Nova cinder
|
|
nova_cross_az_attach: True
|
|
|
|
## Nova spice
|
|
nova_spice_html5proxy_base_proto: http
|
|
nova_spice_html5proxy_base_port: 6082
|
|
nova_spice_html5proxy_base_uri: "{{ nova_spice_html5proxy_base_proto }}://{{ external_lb_vip_address}}:{{ nova_spice_html5proxy_base_port }}"
|
|
nova_spice_html5proxy_base_url: "{{ nova_spice_html5proxy_base_uri }}/spice_auto.html"
|
|
nova_spice_console_keymap: en-us
|
|
nova_spice_console_agent_enabled: True
|
|
nova_spice_program_name: nova-spicehtml5proxy
|
|
|
|
## Nova metadata
|
|
nova_metadata_proxy_enabled: True
|
|
nova_metadata_port: 8775
|
|
nova_metadata_program_name: nova-api-metadata
|
|
|
|
## Nova cert
|
|
nova_cert_program_name: nova-cert
|
|
|
|
## Nova compute
|
|
nova_enable_instance_password: True
|
|
nova_compute_program_name: nova-compute
|
|
# TODO: This defaults to 'False' upstream, we should set this to 'False' in Liberty
|
|
nova_force_config_drive: True
|
|
|
|
## Nova libvirt
|
|
nova_libvirt_inject_key: False
|
|
# inject partition options:
|
|
# -2 => disable, -1 => inspect (libguestfs only), 0 => not partitioned, >0 => partition number
|
|
nova_libvirt_inject_partition: -2
|
|
nova_libvirt_inject_password: False
|
|
|
|
## Nova conductor
|
|
nova_conductor_program_name: nova-conductor
|
|
|
|
## Nova console
|
|
nova_console_agent_enabled: True
|
|
nova_consoleauth_program_name: nova-consoleauth
|
|
nova_console_agent_enabled: True
|
|
nova_console_keymap: en-us
|
|
# Set the console type. Presently the only option is ["spice"].
|
|
nova_console_type: spice
|
|
|
|
## Nova global config
|
|
nova_cpu_mode: host-model
|
|
nova_linuxnet_interface_driver: nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
|
|
nova_libvirt_vif_driver: nova.virt.libvirt.vif.NeutronLinuxBridgeVIFDriver
|
|
nova_firewall_driver: nova.virt.firewall.NoopFirewallDriver
|
|
nova_compute_driver: libvirt.LibvirtDriver
|
|
nova_max_age: 0
|
|
nova_remove_unused_resized_minimum_age_seconds: 3600
|
|
nova_image_cache_manager_interval: 0
|
|
nova_resume_guests_state_on_host_boot: False
|
|
|
|
# Nova quota
|
|
nova_quota_cores: 20
|
|
nova_quota_fixed_ips: -1
|
|
nova_quota_floating_ips: 10
|
|
nova_quota_injected_file_content_bytes: 10240
|
|
nova_quota_injected_file_path_length: 255
|
|
nova_quota_injected_files: 5
|
|
nova_quota_instances: 10
|
|
nova_quota_key_pairs: 100
|
|
nova_quota_metadata_items: 128
|
|
nova_quota_networks: 3
|
|
nova_quota_ram: 51200
|
|
nova_quota_security_group_rules: 20
|
|
nova_quota_security_groups: 10
|
|
nova_quota_server_group_members: 10
|
|
nova_quota_server_groups: 10
|
|
|
|
# Nova Scheduler
|
|
nova_cpu_allocation_ratio: 2.0
|
|
nova_disk_allocation_ratio: 1.0
|
|
nova_max_instances_per_host: 50
|
|
nova_max_io_ops_per_host: 10
|
|
nova_ram_allocation_ratio: 1.0
|
|
nova_ram_weight_multiplier: 5.0
|
|
nova_reserved_host_disk_mb: 2048
|
|
nova_reserved_host_memory_mb: 2048
|
|
nova_scheduler_driver_task_period: 60
|
|
nova_scheduler_host_subset_size: 10
|
|
nova_scheduler_max_attempts: 5
|
|
nova_scheduler_default_filters: "RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,AggregateCoreFilter,AggregateDiskFilter"
|
|
nova_scheduler_driver: nova.scheduler.filter_scheduler.FilterScheduler
|
|
nova_scheduler_available_filters: nova.scheduler.filters.all_filters
|
|
nova_scheduler_host_manager: nova.scheduler.host_manager.HostManager
|
|
nova_scheduler_manager: nova.scheduler.manager.SchedulerManager
|
|
nova_scheduler_weight_classes: nova.scheduler.weights.all_weighers
|
|
nova_scheduler_program_name: nova-scheduler
|
|
|
|
# If you want to regenerate the nova users SSH keys, on each run, set this var to True
|
|
# Otherwise keys will be generated on the first run and not regenerated each run.
|
|
nova_recreate_keys: False
|
|
# Nova Ceph rbd
|
|
# Enble and define nova_libvirt_images_rbd_pool to use rbd as nova backend
|
|
#nova_libvirt_images_rbd_pool: vms
|
|
nova_ceph_client: '{{ cinder_ceph_client }}'
|
|
nova_ceph_client_uuid: 517a4663-3927-44bc-9ea7-4a90e1cd4c66
|
|
|
|
## General Neutron configuration
|
|
# If ``nova_osapi_compute_workers`` is unset the system will use half the number of available VCPUS to
|
|
# compute the number of api workers to use.
|
|
# nova_osapi_compute_workers: 16
|
|
|
|
# If ``nova_conductor_workers`` is unset the system will use half the number of available VCPUS to
|
|
# compute the number of api workers to use.
|
|
# nova_conductor_workers: 16
|
|
|
|
# If ``nova_ec2_workers`` is unset the system will use half the number of available VCPUS to
|
|
# compute the number of api workers to use.
|
|
# nova_ec2_workers: 16
|
|
|
|
# If ``nova_metadata_workers`` is unset the system will use half the number of available VCPUS to
|
|
# compute the number of api workers to use.
|
|
# nova_metadata_workers: 16
|
|
|
|
|
|
## Policy vars
|
|
# Provide a list of access controls to update the default policy.json with. These changes will be merged
|
|
# with the access controls in the default policy.json. E.g.
|
|
#nova_policy_overrides:
|
|
# "compute:create": ""
|
|
# "compute:create:attach_network": ""
|
|
|
|
## libvirtd config options
|
|
nova_libvirtd_listen_tls: 1
|
|
nova_libvirtd_listen_tcp: 0
|
|
nova_libvirtd_auth_tcp: sasl
|
|
|
|
## Service Names
|
|
nova_service_names:
|
|
- "{{ nova_metadata_program_name }}"
|
|
- "{{ nova_cert_program_name }}"
|
|
- "{{ nova_conductor_program_name }}"
|
|
- "{{ nova_s3_program_name }}"
|
|
- "{{ nova_program_name }}"
|
|
- "{{ nova_ec2_program_name }}"
|
|
- "{{ nova_scheduler_program_name }}"
|
|
- "{{ nova_compute_program_name }}"
|
|
- "{{ nova_spice_program_name }}"
|
|
- "{{ nova_consoleauth_program_name }}"
|
|
|
|
# Common apt packages
|
|
nova_apt_packages:
|
|
- genisoimage
|
|
- git
|
|
- libpq-dev
|
|
|
|
# Spice console apt packages
|
|
nova_spice_apt_packages:
|
|
- spice-html5
|
|
|
|
nova_compute_kvm_apt_packages:
|
|
- bridge-utils
|
|
- genisoimage
|
|
- kpartx
|
|
- libvirt-bin
|
|
- open-iscsi
|
|
- python-libguestfs
|
|
- python-libvirt
|
|
- qemu
|
|
- qemu-utils
|
|
- sysfsutils
|
|
- vlan
|
|
|
|
# Common pip packages
|
|
nova_pip_packages:
|
|
- MySQL-python
|
|
- python-memcached
|
|
- pycrypto
|
|
- python-keystoneclient
|
|
- python-novaclient
|
|
- keystonemiddleware
|
|
- nova
|