# Copyright 2017 The Openstack-Helm Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Default values for nova. # This is a YAML-formatted file. # Declare name/value pairs to be passed into your templates. # name: value release_group: null labels: agent: compute: node_selector_key: openstack-compute-node node_selector_value: enabled compute_ironic: node_selector_key: openstack-compute-node node_selector_value: enabled api_metadata: node_selector_key: openstack-control-plane node_selector_value: enabled conductor: node_selector_key: openstack-control-plane node_selector_value: enabled consoleauth: node_selector_key: openstack-control-plane node_selector_value: enabled job: node_selector_key: openstack-control-plane node_selector_value: enabled novncproxy: node_selector_key: openstack-control-plane node_selector_value: enabled osapi: node_selector_key: openstack-control-plane node_selector_value: enabled placement: node_selector_key: openstack-control-plane node_selector_value: enabled scheduler: node_selector_key: openstack-control-plane node_selector_value: enabled spiceproxy: node_selector_key: openstack-control-plane node_selector_value: enabled test: node_selector_key: openstack-control-plane node_selector_value: enabled images: pull_policy: IfNotPresent tags: bootstrap: docker.io/openstackhelm/heat:newton db_drop: docker.io/openstackhelm/heat:newton db_init: docker.io/openstackhelm/heat:newton dep_check: 'quay.io/stackanetes/kubernetes-entrypoint:v0.3.1' rabbit_init: docker.io/rabbitmq:3.7-management ks_user: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton ks_endpoints: docker.io/openstackhelm/heat:newton nova_api: docker.io/openstackhelm/nova:newton nova_cell_setup: docker.io/openstackhelm/nova:newton nova_cell_setup_init: docker.io/openstackhelm/heat:newton nova_compute: docker.io/openstackhelm/nova:newton nova_compute_ironic: 'docker.io/kolla/ubuntu-source-nova-compute-ironic:3.0.3' nova_compute_ssh: docker.io/openstackhelm/nova:newton nova_conductor: docker.io/openstackhelm/nova:newton nova_consoleauth: docker.io/openstackhelm/nova:newton nova_db_sync: docker.io/openstackhelm/nova:newton nova_novncproxy: docker.io/openstackhelm/nova:newton nova_novncproxy_assets: 'docker.io/kolla/ubuntu-source-nova-novncproxy:3.0.3' nova_placement: docker.io/openstackhelm/nova:newton nova_scheduler: docker.io/openstackhelm/nova:newton nova_spiceproxy: docker.io/openstackhelm/nova:newton nova_spiceproxy_assets: 'docker.io/kolla/ubuntu-source-nova-spicehtml5proxy:3.0.3' test: 'docker.io/kolla/ubuntu-source-rally:4.0.0' image_repo_sync: docker.io/docker:17.07.0 local_registry: active: false exclude: - dep_check - image_repo_sync jobs: # NOTE(portdirect): When using cells new nodes will be added to the cell on the hour by default. # TODO(portdirect): Add a post-start action to nova compute pods that registers themselves. cell_setup: cron: "0 */1 * * *" history: success: 3 failed: 1 bootstrap: enabled: true ks_user: admin script: null structured: flavors: enabled: true options: m1_tiny: name: "m1.tiny" id: "auto" ram: 512 disk: 1 vcpus: 1 m1_small: name: "m1.small" id: "auto" ram: 2048 disk: 20 vcpus: 1 m1_medium: name: "m1.medium" id: "auto" ram: 4096 disk: 40 vcpus: 2 m1_large: name: "m1.large" id: "auto" ram: 8192 disk: 80 vcpus: 4 m1_xlarge: name: "m1.xlarge" id: "auto" ram: 16384 disk: 160 vcpus: 8 network: # provide what type of network wiring will be used # possible options: openvswitch, linuxbridge, sriov backend: - openvswitch osapi: port: 8774 ingress: public: true classes: namespace: "nginx" cluster: "nginx-cluster" annotations: nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false port: 30774 metadata: port: 8775 ingress: public: true classes: namespace: "nginx" cluster: "nginx-cluster" annotations: nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false port: 30775 placement: port: 8778 ingress: public: true classes: namespace: "nginx" cluster: "nginx-cluster" annotations: nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30778 novncproxy: ingress: public: true classes: namespace: "nginx" cluster: "nginx-cluster" annotations: nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30680 spiceproxy: node_port: enabled: false port: 30682 ssh: name: "nova-ssh" port: 8022 dependencies: dynamic: common: local_image_registry: jobs: - nova-image-repo-sync services: - endpoint: node service: local_image_registry targeted: openvswitch: compute: pod: - requireSameNode: true labels: application: neutron component: neutron-ovs-agent linuxbridge: compute: pod: - requireSameNode: true labels: application: neutron component: neutron-lb-agent sriov: compute: pod: - requireSameNode: true labels: application: neutron component: neutron-sriov-agent static: api: jobs: - nova-db-sync - nova-ks-user - nova-ks-endpoints - nova-rabbit-init services: - endpoint: internal service: oslo_messaging - endpoint: internal service: oslo_db - endpoint: internal service: identity - endpoint: public service: compute_metadata bootstrap: services: - endpoint: internal service: identity - endpoint: internal service: compute cell_setup: jobs: - nova-db-sync - nova-rabbit-init services: - endpoint: internal service: oslo_messaging - endpoint: internal service: oslo_db - endpoint: internal service: identity - endpoint: internal service: compute pod: - requireSameNode: false labels: application: nova component: compute compute: pod: - requireSameNode: true labels: application: libvirt component: libvirt jobs: - nova-db-sync - nova-rabbit-init services: - endpoint: internal service: oslo_messaging - endpoint: internal service: image - endpoint: internal service: compute - endpoint: internal service: network compute_ironic: jobs: - nova-db-sync - nova-rabbit-init services: - endpoint: internal service: oslo_messaging - endpoint: internal service: image - endpoint: internal service: compute - endpoint: internal service: network - endpoint: internal service: baremetal conductor: jobs: - nova-db-sync - nova-rabbit-init services: - endpoint: internal service: oslo_messaging - endpoint: internal service: oslo_db - endpoint: internal service: identity - endpoint: internal service: compute consoleauth: jobs: - nova-db-sync - nova-rabbit-init services: - endpoint: internal service: oslo_messaging - endpoint: internal service: oslo_db - endpoint: internal service: identity - endpoint: internal service: compute db_drop: services: - endpoint: internal service: oslo_db db_init: services: - endpoint: internal service: oslo_db db_sync: jobs: - nova-db-init services: - endpoint: internal service: oslo_db ks_endpoints: jobs: - nova-ks-service services: - endpoint: internal service: identity ks_service: services: - endpoint: internal service: identity ks_user: services: - endpoint: internal service: identity rabbit_init: services: - service: oslo_messaging endpoint: internal novncproxy: jobs: - nova-db-sync services: - endpoint: internal service: oslo_db scheduler: jobs: - nova-db-sync - nova-rabbit-init services: - endpoint: internal service: oslo_messaging - endpoint: internal service: oslo_db - endpoint: internal service: identity - endpoint: internal service: compute tests: services: - endpoint: internal service: image - endpoint: internal service: compute - endpoint: internal service: network image_repo_sync: services: - endpoint: internal service: local_image_registry console: # serial | spice | novnc | none console_kind: novnc serial: spice: compute: # IF blank, search default routing interface server_proxyclient_interface: proxy: # IF blank, search default routing interface server_proxyclient_interface: novnc: compute: # IF blank, search default routing interface vncserver_proxyclient_interface: vncproxy: # IF blank, search default routing interface vncserver_proxyclient_interface: ssh: key_types: - rsa - dsa - ecdsa - ed25519 conf: ceph: enabled: true admin_keyring: null cinder: user: "cinder" keyring: null secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337 ssh: override: append: rally_tests: run_tempest: false tests: NovaAgents.list_agents: - runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaAggregates.create_and_get_aggregate_details: - args: availability_zone: nova runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaAggregates.create_and_update_aggregate: - args: availability_zone: nova runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaAggregates.list_aggregates: - runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaAvailabilityZones.list_availability_zones: - args: detailed: true runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaFlavors.create_and_delete_flavor: - args: disk: 1 ram: 500 vcpus: 1 runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaFlavors.create_and_list_flavor_access: - args: disk: 1 ram: 500 vcpus: 1 runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaFlavors.create_flavor: - args: disk: 1 ram: 500 vcpus: 1 runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaFlavors.create_flavor_and_add_tenant_access: - args: disk: 1 ram: 500 vcpus: 1 runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaFlavors.create_flavor_and_set_keys: - args: disk: 1 extra_specs: 'quota:disk_read_bytes_sec': 10240 ram: 500 vcpus: 1 runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaFlavors.list_flavors: - args: detailed: true runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaHosts.list_hosts: - runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaHypervisors.list_and_get_hypervisors: - args: detailed: true runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaHypervisors.list_and_get_uptime_hypervisors: - args: detailed: true runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaHypervisors.list_and_search_hypervisors: - args: detailed: true runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaHypervisors.list_hypervisors: - args: detailed: true runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaHypervisors.statistics_hypervisors: - args: {} runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaImages.list_images: - args: detailed: true runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaKeypair.create_and_delete_keypair: - runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaKeypair.create_and_list_keypairs: - runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaSecGroup.create_and_delete_secgroups: - args: rules_per_security_group: 1 security_group_count: 1 runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaSecGroup.create_and_list_secgroups: - args: rules_per_security_group: 1 security_group_count: 1 runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaSecGroup.create_and_update_secgroups: - args: security_group_count: 1 runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaServerGroups.create_and_list_server_groups: - args: all_projects: false kwargs: policies: - affinity runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 NovaServices.list_services: - runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 paste: composite:metadata: use: egg:Paste#urlmap /: meta pipeline:meta: pipeline: cors metaapp app:metaapp: paste.app_factory: nova.api.metadata.handler:MetadataRequestHandler.factory composite:osapi_compute: use: call:nova.api.openstack.urlmap:urlmap_factory /: oscomputeversions /v2: openstack_compute_api_v21_legacy_v2_compatible /v2.1: openstack_compute_api_v21 composite:openstack_compute_api_v21: use: call:nova.api.auth:pipeline_factory_v21 noauth2: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21 keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21 composite:openstack_compute_api_v21_legacy_v2_compatible: use: call:nova.api.auth:pipeline_factory_v21 noauth2: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit noauth2 legacy_v2_compatible osapi_compute_app_v21 keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_v2_compatible osapi_compute_app_v21 filter:request_id: paste.filter_factory: oslo_middleware:RequestId.factory filter:compute_req_id: paste.filter_factory: nova.api.compute_req_id:ComputeReqIdMiddleware.factory filter:faultwrap: paste.filter_factory: nova.api.openstack:FaultWrapper.factory filter:noauth2: paste.filter_factory: nova.api.openstack.auth:NoAuthMiddleware.factory filter:sizelimit: paste.filter_factory: oslo_middleware:RequestBodySizeLimiter.factory filter:http_proxy_to_wsgi: paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory filter:legacy_v2_compatible: paste.filter_factory: nova.api.openstack:LegacyV2CompatibleWrapper.factory app:osapi_compute_app_v21: paste.app_factory: nova.api.openstack.compute:APIRouterV21.factory pipeline:oscomputeversions: pipeline: faultwrap http_proxy_to_wsgi oscomputeversionapp app:oscomputeversionapp: paste.app_factory: nova.api.openstack.compute.versions:Versions.factory filter:cors: paste.filter_factory: oslo_middleware.cors:filter_factory oslo_config_project: nova filter:keystonecontext: paste.filter_factory: nova.api.auth:NovaKeystoneContext.factory filter:authtoken: paste.filter_factory: keystonemiddleware.auth_token:filter_factory policy: os_compute_api:os-admin-actions:discoverable: "@" os_compute_api:os-admin-actions:reset_state: rule:admin_api os_compute_api:os-admin-actions:inject_network_info: rule:admin_api os_compute_api:os-admin-actions: rule:admin_api os_compute_api:os-admin-actions:reset_network: rule:admin_api os_compute_api:os-admin-password:discoverable: "@" os_compute_api:os-admin-password: rule:admin_or_owner os_compute_api:os-agents: rule:admin_api os_compute_api:os-agents:discoverable: "@" os_compute_api:os-aggregates:set_metadata: rule:admin_api os_compute_api:os-aggregates:add_host: rule:admin_api os_compute_api:os-aggregates:discoverable: "@" os_compute_api:os-aggregates:create: rule:admin_api os_compute_api:os-aggregates:remove_host: rule:admin_api os_compute_api:os-aggregates:update: rule:admin_api os_compute_api:os-aggregates:index: rule:admin_api os_compute_api:os-aggregates:delete: rule:admin_api os_compute_api:os-aggregates:show: rule:admin_api os_compute_api:os-assisted-volume-snapshots:create: rule:admin_api os_compute_api:os-assisted-volume-snapshots:delete: rule:admin_api os_compute_api:os-assisted-volume-snapshots:discoverable: "@" os_compute_api:os-attach-interfaces: rule:admin_or_owner os_compute_api:os-attach-interfaces:discoverable: "@" os_compute_api:os-attach-interfaces:create: rule:admin_or_owner os_compute_api:os-attach-interfaces:delete: rule:admin_or_owner os_compute_api:os-availability-zone:list: rule:admin_or_owner os_compute_api:os-availability-zone:discoverable: "@" os_compute_api:os-availability-zone:detail: rule:admin_api os_compute_api:os-baremetal-nodes:discoverable: "@" os_compute_api:os-baremetal-nodes: rule:admin_api context_is_admin: role:admin admin_or_owner: is_admin:True or project_id:%(project_id)s admin_api: is_admin:True network:attach_external_network: is_admin:True os_compute_api:os-block-device-mapping:discoverable: "@" os_compute_api:os-block-device-mapping-v1:discoverable: "@" os_compute_api:os-cells:discoverable: "@" os_compute_api:os-cells:update: rule:admin_api os_compute_api:os-cells:create: rule:admin_api os_compute_api:os-cells: rule:admin_api os_compute_api:os-cells:sync_instances: rule:admin_api os_compute_api:os-cells:delete: rule:admin_api cells_scheduler_filter:DifferentCellFilter: is_admin:True cells_scheduler_filter:TargetCellFilter: is_admin:True os_compute_api:os-certificates:discoverable: "@" os_compute_api:os-certificates:create: rule:admin_or_owner os_compute_api:os-certificates:show: rule:admin_or_owner os_compute_api:os-cloudpipe: rule:admin_api os_compute_api:os-cloudpipe:discoverable: "@" os_compute_api:os-config-drive:discoverable: "@" os_compute_api:os-config-drive: rule:admin_or_owner os_compute_api:os-console-auth-tokens:discoverable: "@" os_compute_api:os-console-auth-tokens: rule:admin_api os_compute_api:os-console-output:discoverable: "@" os_compute_api:os-console-output: rule:admin_or_owner os_compute_api:os-consoles:create: rule:admin_or_owner os_compute_api:os-consoles:show: rule:admin_or_owner os_compute_api:os-consoles:delete: rule:admin_or_owner os_compute_api:os-consoles:discoverable: "@" os_compute_api:os-consoles:index: rule:admin_or_owner os_compute_api:os-create-backup:discoverable: "@" os_compute_api:os-create-backup: rule:admin_or_owner os_compute_api:os-deferred-delete:discoverable: "@" os_compute_api:os-deferred-delete: rule:admin_or_owner os_compute_api:os-evacuate:discoverable: "@" os_compute_api:os-evacuate: rule:admin_api os_compute_api:os-extended-availability-zone: rule:admin_or_owner os_compute_api:os-extended-availability-zone:discoverable: "@" os_compute_api:os-extended-server-attributes: rule:admin_api os_compute_api:os-extended-server-attributes:discoverable: "@" os_compute_api:os-extended-status:discoverable: "@" os_compute_api:os-extended-status: rule:admin_or_owner os_compute_api:os-extended-volumes: rule:admin_or_owner os_compute_api:os-extended-volumes:discoverable: "@" os_compute_api:extension_info:discoverable: "@" os_compute_api:extensions: rule:admin_or_owner os_compute_api:extensions:discoverable: "@" os_compute_api:os-fixed-ips:discoverable: "@" os_compute_api:os-fixed-ips: rule:admin_api os_compute_api:os-flavor-access:add_tenant_access: rule:admin_api os_compute_api:os-flavor-access:discoverable: "@" os_compute_api:os-flavor-access:remove_tenant_access: rule:admin_api os_compute_api:os-flavor-access: rule:admin_or_owner os_compute_api:os-flavor-extra-specs:show: rule:admin_or_owner os_compute_api:os-flavor-extra-specs:create: rule:admin_api os_compute_api:os-flavor-extra-specs:discoverable: "@" os_compute_api:os-flavor-extra-specs:update: rule:admin_api os_compute_api:os-flavor-extra-specs:delete: rule:admin_api os_compute_api:os-flavor-extra-specs:index: rule:admin_or_owner os_compute_api:os-flavor-manage: rule:admin_api os_compute_api:os-flavor-manage:discoverable: "@" os_compute_api:os-flavor-rxtx: rule:admin_or_owner os_compute_api:os-flavor-rxtx:discoverable: "@" os_compute_api:flavors:discoverable: "@" os_compute_api:flavors: rule:admin_or_owner os_compute_api:os-floating-ip-dns: rule:admin_or_owner os_compute_api:os-floating-ip-dns:domain:update: rule:admin_api os_compute_api:os-floating-ip-dns:discoverable: "@" os_compute_api:os-floating-ip-dns:domain:delete: rule:admin_api os_compute_api:os-floating-ip-pools:discoverable: "@" os_compute_api:os-floating-ip-pools: rule:admin_or_owner os_compute_api:os-floating-ips: rule:admin_or_owner os_compute_api:os-floating-ips:discoverable: "@" os_compute_api:os-floating-ips-bulk:discoverable: "@" os_compute_api:os-floating-ips-bulk: rule:admin_api os_compute_api:os-fping:all_tenants: rule:admin_api os_compute_api:os-fping:discoverable: "@" os_compute_api:os-fping: rule:admin_or_owner os_compute_api:os-hide-server-addresses:discoverable: "@" os_compute_api:os-hide-server-addresses: is_admin:False os_compute_api:os-hosts:discoverable: "@" os_compute_api:os-hosts: rule:admin_api os_compute_api:os-hypervisors:discoverable: "@" os_compute_api:os-hypervisors: rule:admin_api os_compute_api:image-metadata:discoverable: "@" os_compute_api:image-size:discoverable: "@" os_compute_api:image-size: rule:admin_or_owner os_compute_api:images:discoverable: "@" os_compute_api:os-instance-actions:events: rule:admin_api os_compute_api:os-instance-actions: rule:admin_or_owner os_compute_api:os-instance-actions:discoverable: "@" os_compute_api:os-instance-usage-audit-log: rule:admin_api os_compute_api:os-instance-usage-audit-log:discoverable: "@" os_compute_api:ips:discoverable: "@" os_compute_api:ips:show: rule:admin_or_owner os_compute_api:ips:index: rule:admin_or_owner os_compute_api:os-keypairs:discoverable: "@" os_compute_api:os-keypairs:index: rule:admin_api or user_id:%(user_id)s os_compute_api:os-keypairs:create: rule:admin_api or user_id:%(user_id)s os_compute_api:os-keypairs:delete: rule:admin_api or user_id:%(user_id)s os_compute_api:os-keypairs:show: rule:admin_api or user_id:%(user_id)s os_compute_api:os-keypairs: rule:admin_or_owner os_compute_api:limits:discoverable: "@" os_compute_api:limits: rule:admin_or_owner os_compute_api:os-lock-server:discoverable: "@" os_compute_api:os-lock-server:lock: rule:admin_or_owner os_compute_api:os-lock-server:unlock:unlock_override: rule:admin_api os_compute_api:os-lock-server:unlock: rule:admin_or_owner os_compute_api:os-migrate-server:migrate: rule:admin_api os_compute_api:os-migrate-server:discoverable: "@" os_compute_api:os-migrate-server:migrate_live: rule:admin_api os_compute_api:os-migrations:index: rule:admin_api os_compute_api:os-migrations:discoverable: "@" os_compute_api:os-multinic: rule:admin_or_owner os_compute_api:os-multinic:discoverable: "@" os_compute_api:os-multiple-create:discoverable: "@" os_compute_api:os-networks:discoverable: "@" os_compute_api:os-networks: rule:admin_api os_compute_api:os-networks:view: rule:admin_or_owner os_compute_api:os-networks-associate: rule:admin_api os_compute_api:os-networks-associate:discoverable: "@" os_compute_api:os-pause-server:unpause: rule:admin_or_owner os_compute_api:os-pause-server:discoverable: "@" os_compute_api:os-pause-server:pause: rule:admin_or_owner os_compute_api:os-pci:index: rule:admin_api os_compute_api:os-pci:detail: rule:admin_api os_compute_api:os-pci:pci_servers: rule:admin_or_owner os_compute_api:os-pci:show: rule:admin_api os_compute_api:os-pci:discoverable: "@" os_compute_api:os-quota-class-sets:show: is_admin:True or quota_class:%(quota_class)s os_compute_api:os-quota-class-sets:discoverable: "@" os_compute_api:os-quota-class-sets:update: rule:admin_api os_compute_api:os-quota-sets:update: rule:admin_api os_compute_api:os-quota-sets:defaults: "@" os_compute_api:os-quota-sets:show: rule:admin_or_owner os_compute_api:os-quota-sets:delete: rule:admin_api os_compute_api:os-quota-sets:discoverable: "@" os_compute_api:os-quota-sets:detail: rule:admin_api os_compute_api:os-remote-consoles: rule:admin_or_owner os_compute_api:os-remote-consoles:discoverable: "@" os_compute_api:os-rescue:discoverable: "@" os_compute_api:os-rescue: rule:admin_or_owner os_compute_api:os-scheduler-hints:discoverable: "@" os_compute_api:os-security-group-default-rules:discoverable: "@" os_compute_api:os-security-group-default-rules: rule:admin_api os_compute_api:os-security-groups: rule:admin_or_owner os_compute_api:os-security-groups:discoverable: "@" os_compute_api:os-server-diagnostics: rule:admin_api os_compute_api:os-server-diagnostics:discoverable: "@" os_compute_api:os-server-external-events:create: rule:admin_api os_compute_api:os-server-external-events:discoverable: "@" os_compute_api:os-server-groups:discoverable: "@" os_compute_api:os-server-groups: rule:admin_or_owner os_compute_api:server-metadata:index: rule:admin_or_owner os_compute_api:server-metadata:show: rule:admin_or_owner os_compute_api:server-metadata:create: rule:admin_or_owner os_compute_api:server-metadata:discoverable: "@" os_compute_api:server-metadata:update_all: rule:admin_or_owner os_compute_api:server-metadata:delete: rule:admin_or_owner os_compute_api:server-metadata:update: rule:admin_or_owner os_compute_api:os-server-password: rule:admin_or_owner os_compute_api:os-server-password:discoverable: "@" os_compute_api:os-server-tags:delete_all: "@" os_compute_api:os-server-tags:index: "@" os_compute_api:os-server-tags:update_all: "@" os_compute_api:os-server-tags:delete: "@" os_compute_api:os-server-tags:update: "@" os_compute_api:os-server-tags:show: "@" os_compute_api:os-server-tags:discoverable: "@" os_compute_api:os-server-usage: rule:admin_or_owner os_compute_api:os-server-usage:discoverable: "@" os_compute_api:servers:index: rule:admin_or_owner os_compute_api:servers:detail: rule:admin_or_owner os_compute_api:servers:detail:get_all_tenants: rule:admin_api os_compute_api:servers:index:get_all_tenants: rule:admin_api os_compute_api:servers:show: rule:admin_or_owner os_compute_api:servers:show:host_status: rule:admin_api os_compute_api:servers:create: rule:admin_or_owner os_compute_api:servers:create:forced_host: rule:admin_api os_compute_api:servers:create:attach_volume: rule:admin_or_owner os_compute_api:servers:create:attach_network: rule:admin_or_owner os_compute_api:servers:delete: rule:admin_or_owner os_compute_api:servers:update: rule:admin_or_owner os_compute_api:servers:confirm_resize: rule:admin_or_owner os_compute_api:servers:revert_resize: rule:admin_or_owner os_compute_api:servers:reboot: rule:admin_or_owner os_compute_api:servers:resize: rule:admin_or_owner os_compute_api:servers:rebuild: rule:admin_or_owner os_compute_api:servers:create_image: rule:admin_or_owner os_compute_api:servers:create_image:allow_volume_backed: rule:admin_or_owner os_compute_api:servers:start: rule:admin_or_owner os_compute_api:servers:stop: rule:admin_or_owner os_compute_api:servers:trigger_crash_dump: rule:admin_or_owner os_compute_api:servers:discoverable: "@" os_compute_api:servers:migrations:show: rule:admin_api os_compute_api:servers:migrations:force_complete: rule:admin_api os_compute_api:servers:migrations:delete: rule:admin_api os_compute_api:servers:migrations:index: rule:admin_api os_compute_api:server-migrations:discoverable: "@" os_compute_api:os-services: rule:admin_api os_compute_api:os-services:discoverable: "@" os_compute_api:os-shelve:shelve: rule:admin_or_owner os_compute_api:os-shelve:unshelve: rule:admin_or_owner os_compute_api:os-shelve:shelve_offload: rule:admin_api os_compute_api:os-shelve:discoverable: "@" os_compute_api:os-simple-tenant-usage:show: rule:admin_or_owner os_compute_api:os-simple-tenant-usage:list: rule:admin_api os_compute_api:os-simple-tenant-usage:discoverable: "@" os_compute_api:os-suspend-server:resume: rule:admin_or_owner os_compute_api:os-suspend-server:suspend: rule:admin_or_owner os_compute_api:os-suspend-server:discoverable: "@" os_compute_api:os-tenant-networks: rule:admin_or_owner os_compute_api:os-tenant-networks:discoverable: "@" os_compute_api:os-used-limits:discoverable: "@" os_compute_api:os-used-limits: rule:admin_api os_compute_api:os-user-data:discoverable: "@" os_compute_api:versions:discoverable: "@" os_compute_api:os-virtual-interfaces:discoverable: "@" os_compute_api:os-virtual-interfaces: rule:admin_or_owner os_compute_api:os-volumes:discoverable: "@" os_compute_api:os-volumes: rule:admin_or_owner os_compute_api:os-volumes-attachments:index: rule:admin_or_owner os_compute_api:os-volumes-attachments:create: rule:admin_or_owner os_compute_api:os-volumes-attachments:show: rule:admin_or_owner os_compute_api:os-volumes-attachments:discoverable: "@" os_compute_api:os-volumes-attachments:update: rule:admin_api os_compute_api:os-volumes-attachments:delete: rule:admin_or_owner nova_sudoers: override: append: rootwrap: override: append: wsgi_placement: override: append: rootwrap_filters: api_metadata: override: append: compute: override: append: network: override: append: nova_ironic: DEFAULT: scheduler_host_manager: ironic_host_manager compute_driver: ironic.IronicDriver nova: DEFAULT: default_ephemeral_format: ext4 ram_allocation_ratio: 1.0 disk_allocation_ratio: 1.0 cpu_allocation_ratio: 3.0 state_path: /var/lib/nova osapi_compute_listen: 0.0.0.0 # NOTE(portdirect): the bind port should not be defined, and is manipulated # via the endpoints section. osapi_compute_listen_port: null osapi_compute_workers: 1 metadata_workers: 1 use_neutron: true firewall_driver: nova.virt.firewall.NoopFirewallDriver linuxnet_interface_driver: openvswitch allow_resize_to_same_host: true compute_driver: libvirt.LibvirtDriver my_ip: 0.0.0.0 instance_usage_audit: True instance_usage_audit_period: hour notify_on_state_change: vm_and_task_state resume_guests_state_on_host_boot: True vnc: novncproxy_host: 0.0.0.0 vncserver_listen: 0.0.0.0 # This would be set by each compute nodes's ip # vncserver_proxyclient_address: 127.0.0.1 spice: html5proxy_host: 0.0.0.0 server_listen: 0.0.0.0 # This would be set by each compute nodes's ip # server_proxyclient_address: 127.0.0.1 conductor: workers: 1 oslo_policy: policy_file: /etc/nova/policy.yaml oslo_concurrency: lock_path: /var/lib/nova/tmp oslo_middleware: enable_proxy_headers_parsing: true glance: num_retries: 3 ironic: api_endpoint: null auth_url: null neutron: metadata_proxy_shared_secret: "password" service_metadata_proxy: True auth_type: password auth_version: v3 database: max_retries: -1 api_database: max_retries: -1 cell0_database: max_retries: -1 keystone_authtoken: auth_type: password auth_version: v3 memcache_security_strategy: ENCRYPT libvirt: connection_uri: "qemu+tcp://127.0.0.1/system" images_type: qcow2 images_rbd_pool: vms images_rbd_ceph_conf: /etc/ceph/ceph.conf rbd_user: cinder rbd_secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337 disk_cachemodes: "network=writeback" hw_disk_discard: unmap upgrade_levels: compute: auto cache: enabled: true backend: oslo_cache.memcache_pool wsgi: api_paste_config: /etc/nova/api-paste.ini oslo_messaging_notifications: driver: messagingv2 placement: auth_type: password auth_version: v3 # Names of secrets used by bootstrap and environmental checks secrets: identity: admin: nova-keystone-admin nova: nova-keystone-user placement: nova-keystone-placement test: nova-keystone-test oslo_db: admin: nova-db-admin nova: nova-db-user oslo_db_api: admin: nova-db-api-admin nova: nova-db-api-user oslo_db_cell0: admin: nova-db-api-admin nova: nova-db-api-user oslo_messaging: admin: nova-rabbitmq-admin nova: nova-rabbitmq-user tls: compute: osapi: public: nova-tls-public compute_novnc_proxy: novncproxy: public: nova-novncproxy-tls-public placement: placement: public: placement-tls-public # typically overridden by environmental # values, but should include all endpoints # required by this chart endpoints: cluster_domain_suffix: cluster.local local_image_registry: name: docker-registry namespace: docker-registry hosts: default: localhost internal: docker-registry node: localhost host_fqdn_override: default: null port: registry: node: 5000 oslo_db: auth: admin: username: root password: password nova: username: nova password: password hosts: default: mariadb host_fqdn_override: default: null path: /nova scheme: mysql+pymysql port: mysql: default: 3306 oslo_db_api: auth: admin: username: root password: password nova: username: nova password: password hosts: default: mariadb host_fqdn_override: default: null path: /nova_api scheme: mysql+pymysql port: mysql: default: 3306 oslo_db_cell0: auth: admin: username: root password: password nova: username: nova password: password hosts: default: mariadb host_fqdn_override: default: null path: /nova_cell0 scheme: mysql+pymysql port: mysql: default: 3306 oslo_messaging: auth: admin: username: rabbitmq password: password nova: username: nova password: password hosts: default: rabbitmq host_fqdn_override: default: null path: /nova scheme: rabbit port: amqp: default: 5672 http: default: 15672 oslo_cache: auth: # NOTE(portdirect): this is used to define the value for keystone # authtoken cache encryption key, if not set it will be populated # automatically with a random value, but to take advantage of # this feature all services should be set to use the same key, # and memcache service. memcache_secret_key: null hosts: default: memcached host_fqdn_override: default: null port: memcache: default: 11211 identity: name: keystone auth: admin: region_name: RegionOne username: admin password: password project_name: admin user_domain_name: default project_domain_name: default nova: role: admin region_name: RegionOne username: nova password: password project_name: service user_domain_name: default project_domain_name: default # NOTE(portdirect): the neutron user is not managed by the nova chart # these values should match those set in the neutron chart. neutron: region_name: RegionOne project_name: service project_domain_name: default user_domain_name: default username: neutron password: password # NOTE(portdirect): the ironic user is not managed by the nova chart # these values should match those set in the ironic chart. ironic: auth_type: password auth_version: v3 region_name: RegionOne project_name: service project_domain_name: default user_domain_name: default username: ironic password: password placement: role: admin region_name: RegionOne username: placement password: password project_name: service user_domain_name: default project_domain_name: default test: role: admin region_name: RegionOne username: test password: password project_name: test user_domain_name: default project_domain_name: default hosts: default: keystone-api public: keystone host_fqdn_override: default: null path: default: /v3 scheme: default: http port: admin: default: 35357 api: default: 80 image: name: glance hosts: default: glance-api public: glance host_fqdn_override: default: null path: default: null scheme: default: http port: api: default: 9292 public: 80 compute: name: nova hosts: default: nova-api public: nova host_fqdn_override: default: null # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public # endpoints using the following format: # public: # host: null # tls: # crt: null # key: null path: default: "/v2.1/%(tenant_id)s" scheme: default: 'http' port: api: default: 8774 public: 80 novncproxy: default: 6080 compute_metadata: name: nova ip: # IF blank, set clusterIP and metadata_host dynamically ingress: null hosts: default: nova-metadata public: metadata host_fqdn_override: default: null path: default: / scheme: default: 'http' port: metadata: default: 8775 public: 80 compute_novnc_proxy: name: nova hosts: default: nova-novncproxy public: novncproxy host_fqdn_override: default: null # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public # endpoints using the following format: # public: # host: null # tls: # crt: null # key: null path: default: /vnc_auto.html scheme: default: 'http' port: novnc_proxy: default: 6080 public: 80 compute_spice_proxy: name: nova hosts: default: nova-spiceproxy public: placement host_fqdn_override: default: null path: default: /spice_auto.html scheme: default: 'http' port: spice_proxy: default: 6082 placement: name: placement hosts: default: placement-api public: placement host_fqdn_override: default: null path: default: / scheme: default: 'http' port: api: default: 8778 public: 80 network: name: neutron hosts: default: neutron-server public: neutron host_fqdn_override: default: null path: default: null scheme: default: 'http' port: api: default: 9696 public: 80 baremetal: name: ironic hosts: default: ironic-api public: ironic host_fqdn_override: default: null path: default: null scheme: default: http port: api: default: 6385 public: 80 pod: user: nova: uid: 42424 affinity: anti: type: default: preferredDuringSchedulingIgnoredDuringExecution topologyKey: default: kubernetes.io/hostname mounts: nova_compute: init_container: null nova_compute: nova_compute_ironic: init_container: null nova_compute_ironic: nova_api_metadata: init_container: null nova_api_metadata: nova_placement: init_container: null nova_placement: nova_api_osapi: init_container: null nova_api_osapi: nova_consoleauth: init_container: null nova_consoleauth: nova_conductor: init_container: null nova_conductor: nova_scheduler: init_container: null nova_scheduler: nova_bootstrap: init_container: null nova_bootstrap: nova_tests: init_container: null nova_tests: nova_novncproxy: init_novncproxy: null nova_novncproxy: nova_spiceproxy: init_spiceproxy: null nova_spiceproxy: replicas: api_metadata: 1 compute_ironic: 1 placement: 1 osapi: 1 conductor: 1 consoleauth: 1 scheduler: 1 novncproxy: 1 spiceproxy: 1 lifecycle: upgrades: deployments: revision_history: 3 pod_replacement_strategy: RollingUpdate rolling_update: max_unavailable: 1 max_surge: 3 daemonsets: pod_replacement_strategy: RollingUpdate compute: enabled: true min_ready_seconds: 0 max_unavailable: 1 disruption_budget: metadata: min_available: 0 placement: min_available: 0 osapi: min_available: 0 termination_grace_period: metadata: timeout: 30 placement: timeout: 30 osapi: timeout: 30 resources: enabled: false compute: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" compute_ironic: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" api_metadata: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" placement: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" api: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" conductor: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" consoleauth: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" scheduler: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ssh: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" novncproxy: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" spiceproxy: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" jobs: bootstrap: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" db_init: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" rabbit_init: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" db_sync: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" db_drop: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ks_endpoints: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ks_service: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ks_user: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" tests: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" cell_setup: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" image_repo_sync: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" manifests: configmap_bin: true configmap_etc: true cron_job_cell_setup: true daemonset_compute: true deployment_api_metadata: true deployment_api_osapi: true deployment_placement: true deployment_conductor: true deployment_consoleauth: true deployment_novncproxy: true deployment_spiceproxy: true deployment_scheduler: true ingress_metadata: true ingress_novncproxy: true ingress_placement: true ingress_osapi: true job_bootstrap: true job_db_init: true job_db_init_placement: true job_db_sync: true job_db_drop: false job_image_repo_sync: true job_rabbit_init: true job_ks_endpoints: true job_ks_service: true job_ks_user: true job_ks_placement_endpoints: true job_ks_placement_service: true job_ks_placement_user: true job_cell_setup: true pdb_metadata: true pdb_placement: true pdb_osapi: true pod_rally_test: true secret_db_api: true secret_db: true secret_ingress_tls: true secret_keystone: true secret_keystone_placement: true secret_rabbitmq: true service_ingress_metadata: true service_ingress_novncproxy: true service_ingress_placement: true service_ingress_osapi: true service_metadata: true service_placement: true service_novncproxy: true service_spiceproxy: true service_osapi: true statefulset_compute_ironic: false