openstack/openstack-helm
Code Issues Proposed changes
fa6b67c7fb
openstack-helm/nova/values.yaml
portdirect 4746de33f4 Helm-Test: remove user and tenant creation from test context 
This PS removes the user managemnt from the rally driven helm tests
which allows LDAP and other read only sources being used to validate
service functionality, in addition to reducing false -ve results in
the Zuul gates.

Change-Id: I1cc0e99bf74d578648b3cd40eaf60c1804044d88
2018-01-29 02:40:22 +00:00

1513 lines
44 KiB
YAML
Raw Blame History

# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for nova.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
release_group: null
labels:
agent:
compute:
node_selector_key: openstack-compute-node
node_selector_value: enabled
conductor:
node_selector_key: openstack-control-plane
node_selector_value: enabled
consoleauth:
node_selector_key: openstack-control-plane
node_selector_value: enabled
scheduler:
node_selector_key: openstack-control-plane
node_selector_value: enabled
osapi:
node_selector_key: openstack-control-plane
node_selector_value: enabled
api_metadata:
node_selector_key: openstack-control-plane
node_selector_value: enabled
placement:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
novncproxy:
node_selector_key: openstack-control-plane
node_selector_value: enabled
spiceproxy:
node_selector_key: openstack-control-plane
node_selector_value: enabled
images:
tags:
test: docker.io/kolla/ubuntu-source-rally:4.0.0
db_init: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
db_sync: docker.io/kolla/ubuntu-source-nova-api:3.0.3
db_drop: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
ks_service: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
ks_endpoints: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
api: docker.io/kolla/ubuntu-source-nova-api:3.0.3
conductor: docker.io/kolla/ubuntu-source-nova-conductor:3.0.3
scheduler: docker.io/kolla/ubuntu-source-nova-scheduler:3.0.3
novncproxy: docker.io/kolla/ubuntu-source-nova-novncproxy:3.0.3
novncproxy_assets: docker.io/kolla/ubuntu-source-nova-novncproxy:3.0.3
spiceproxy: docker.io/kolla/ubuntu-source-nova-spicehtml5proxy:3.0.3
spiceproxy_assets: docker.io/kolla/ubuntu-source-nova-spicehtml5proxy:3.0.3
consoleauth: docker.io/kolla/ubuntu-source-nova-consoleauth:3.0.3
compute: docker.io/kolla/ubuntu-source-nova-compute:3.0.3
compute_ssh: docker.io/kolla/ubuntu-source-nova-ssh:3.0.3
placement: docker.io/kolla/ubuntu-source-nova-placement-api:3.0.3-beta.1
bootstrap: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
cell_setup: docker.io/kolla/ubuntu-source-nova-api:3.0.3
pull_policy: "IfNotPresent"
bootstrap:
enabled: true
script: null
flavors:
enabled: true
options:
m1_tiny:
name: "m1.tiny"
id: "auto"
ram: 512
disk: 1
vcpus: 1
m1_small:
name: "m1.small"
id: "auto"
ram: 2048
disk: 20
vcpus: 1
m1_medium:
name: "m1.medium"
id: "auto"
ram: 4096
disk: 40
vcpus: 2
m1_large:
name: "m1.large"
id: "auto"
ram: 8192
disk: 80
vcpus: 4
m1_xlarge:
name: "m1.xlarge"
id: "auto"
ram: 16384
disk: 160
vcpus: 8
network:
osapi:
port: 8774
ingress:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 30774
metadata:
# IF blank, set clusterIP and metadata_host dynamically
ip:
port: 8775
ingress:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 30775
placement:
port: 8778
ingress:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
node_port:
enabled: false
port: 30778
novncproxy:
node_port:
enabled: false
port: 30680
port: 6080
targetPort: 6080
spiceproxy:
node_port:
enabled: false
port: 30682
port: 6082
targetPort: 6082
ssh:
name: "nova-ssh"
port: 8022
ceph:
enabled: true
monitors: []
cinder_user: "admin"
cinder_keyring: null
secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
dependencies:
api:
jobs:
- nova-db-sync
- nova-ks-user
- nova-ks-endpoints
services:
- service: oslo_messaging
endpoint: internal
- service: oslo_db
endpoint: internal
- service: identity
endpoint: internal
- service: compute_metadata
endpoint: public
db_init:
services:
- service: oslo_db
endpoint: internal
db_sync:
jobs:
- nova-db-init
services:
- service: oslo_db
endpoint: internal
db_drop:
services:
- service: oslo_db
endpoint: internal
bootstrap:
services:
- service: identity
endpoint: internal
- service: compute
endpoint: internal
ks_user:
services:
- service: identity
endpoint: internal
ks_service:
services:
- service: identity
endpoint: internal
ks_endpoints:
jobs:
- nova-ks-service
services:
- service: identity
endpoint: internal
compute:
jobs:
- nova-db-sync
services:
- service: oslo_messaging
endpoint: internal
- service: image
endpoint: internal
- service: compute
endpoint: internal
- service: network
endpoint: internal
daemonset:
- libvirt
# this should be set to corresponding neutron L2 agent
- neutron-ovs-agent
consoleauth:
jobs:
- nova-db-sync
services:
- service: oslo_messaging
endpoint: internal
- service: oslo_db
endpoint: internal
- service: identity
endpoint: internal
- service: compute
endpoint: internal
scheduler:
jobs:
- nova-db-sync
services:
- service: oslo_messaging
endpoint: internal
- service: oslo_db
endpoint: internal
- service: identity
endpoint: internal
- service: compute
endpoint: internal
conductor:
jobs:
- nova-db-sync
services:
- service: oslo_messaging
endpoint: internal
- service: oslo_db
endpoint: internal
- service: identity
endpoint: internal
- service: compute
endpoint: internal
tests:
service:
- service: image
endpoint: internal
- service: compute
endpoint: internal
- service: network
endpoint: internal
novncproxy:
jobs:
- nova-db-sync
services:
- service: oslo_db
endpoint: internal
cell_setup:
jobs:
- nova-db-sync
services:
- service: oslo_messaging
endpoint: internal
- service: oslo_db
endpoint: internal
- service: identity
endpoint: internal
- service: compute
endpoint: internal
console:
# serial | spice | novnc | none
console_kind: novnc
serial:
spice:
compute:
# IF blank, search default routing interface
server_proxyclient_interface:
proxy:
# IF blank, search default routing interface
server_proxyclient_interface:
novnc:
compute:
# IF blank, search default routing interface
vncserver_proxyclient_interface:
vncproxy:
# IF blank, search default routing interface
vncserver_proxyclient_interface:
ssh:
key_types:
- rsa
- dsa
- ecdsa
- ed25519
conf:
ssh:
override:
append:
rally_tests:
run_tempest: false
tests:
NovaAgents.list_agents:
- runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaAggregates.create_and_get_aggregate_details:
- args:
availability_zone: nova
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaAggregates.create_and_update_aggregate:
- args:
availability_zone: nova
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaAggregates.list_aggregates:
- runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaAvailabilityZones.list_availability_zones:
- args:
detailed: true
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaFlavors.create_and_delete_flavor:
- args:
disk: 1
ram: 500
vcpus: 1
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaFlavors.create_and_list_flavor_access:
- args:
disk: 1
ram: 500
vcpus: 1
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaFlavors.create_flavor:
- args:
disk: 1
ram: 500
vcpus: 1
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaFlavors.create_flavor_and_add_tenant_access:
- args:
disk: 1
ram: 500
vcpus: 1
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaFlavors.create_flavor_and_set_keys:
- args:
disk: 1
extra_specs:
'quota:disk_read_bytes_sec': 10240
ram: 500
vcpus: 1
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaFlavors.list_flavors:
- args:
detailed: true
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaHosts.list_hosts:
- runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaHypervisors.list_and_get_hypervisors:
- args:
detailed: true
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaHypervisors.list_and_get_uptime_hypervisors:
- args:
detailed: true
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaHypervisors.list_and_search_hypervisors:
- args:
detailed: true
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaHypervisors.list_hypervisors:
- args:
detailed: true
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaHypervisors.statistics_hypervisors:
- args: {}
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaImages.list_images:
- args:
detailed: true
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaKeypair.create_and_delete_keypair:
- runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaKeypair.create_and_list_keypairs:
- runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaSecGroup.create_and_delete_secgroups:
- args:
rules_per_security_group: 1
security_group_count: 1
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaSecGroup.create_and_list_secgroups:
- args:
rules_per_security_group: 1
security_group_count: 1
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaSecGroup.create_and_update_secgroups:
- args:
security_group_count: 1
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaServerGroups.create_and_list_server_groups:
- args:
all_projects: false
kwargs:
policies:
- affinity
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
NovaServices.list_services:
- runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
paste:
composite:metadata:
use: egg:Paste#urlmap
/: meta
pipeline:meta:
pipeline: cors metaapp
app:metaapp:
paste.app_factory: nova.api.metadata.handler:MetadataRequestHandler.factory
composite:osapi_compute:
use: call:nova.api.openstack.urlmap:urlmap_factory
/: oscomputeversions
/v2: openstack_compute_api_v21_legacy_v2_compatible
/v2.1: openstack_compute_api_v21
composite:openstack_compute_api_v21:
use: call:nova.api.auth:pipeline_factory_v21
noauth2: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21
keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21
composite:openstack_compute_api_v21_legacy_v2_compatible:
use: call:nova.api.auth:pipeline_factory_v21
noauth2: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit noauth2 legacy_v2_compatible osapi_compute_app_v21
keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_v2_compatible osapi_compute_app_v21
filter:request_id:
paste.filter_factory: oslo_middleware:RequestId.factory
filter:compute_req_id:
paste.filter_factory: nova.api.compute_req_id:ComputeReqIdMiddleware.factory
filter:faultwrap:
paste.filter_factory: nova.api.openstack:FaultWrapper.factory
filter:noauth2:
paste.filter_factory: nova.api.openstack.auth:NoAuthMiddleware.factory
filter:sizelimit:
paste.filter_factory: oslo_middleware:RequestBodySizeLimiter.factory
filter:http_proxy_to_wsgi:
paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
filter:legacy_v2_compatible:
paste.filter_factory: nova.api.openstack:LegacyV2CompatibleWrapper.factory
app:osapi_compute_app_v21:
paste.app_factory: nova.api.openstack.compute:APIRouterV21.factory
pipeline:oscomputeversions:
pipeline: faultwrap http_proxy_to_wsgi oscomputeversionapp
app:oscomputeversionapp:
paste.app_factory: nova.api.openstack.compute.versions:Versions.factory
filter:cors:
paste.filter_factory: oslo_middleware.cors:filter_factory
oslo_config_project: nova
filter:keystonecontext:
paste.filter_factory: nova.api.auth:NovaKeystoneContext.factory
filter:authtoken:
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
policy:
os_compute_api:os-admin-actions:discoverable: "@"
os_compute_api:os-admin-actions:reset_state: rule:admin_api
os_compute_api:os-admin-actions:inject_network_info: rule:admin_api
os_compute_api:os-admin-actions: rule:admin_api
os_compute_api:os-admin-actions:reset_network: rule:admin_api
os_compute_api:os-admin-password:discoverable: "@"
os_compute_api:os-admin-password: rule:admin_or_owner
os_compute_api:os-agents: rule:admin_api
os_compute_api:os-agents:discoverable: "@"
os_compute_api:os-aggregates:set_metadata: rule:admin_api
os_compute_api:os-aggregates:add_host: rule:admin_api
os_compute_api:os-aggregates:discoverable: "@"
os_compute_api:os-aggregates:create: rule:admin_api
os_compute_api:os-aggregates:remove_host: rule:admin_api
os_compute_api:os-aggregates:update: rule:admin_api
os_compute_api:os-aggregates:index: rule:admin_api
os_compute_api:os-aggregates:delete: rule:admin_api
os_compute_api:os-aggregates:show: rule:admin_api
os_compute_api:os-assisted-volume-snapshots:create: rule:admin_api
os_compute_api:os-assisted-volume-snapshots:delete: rule:admin_api
os_compute_api:os-assisted-volume-snapshots:discoverable: "@"
os_compute_api:os-attach-interfaces: rule:admin_or_owner
os_compute_api:os-attach-interfaces:discoverable: "@"
os_compute_api:os-attach-interfaces:create: rule:admin_or_owner
os_compute_api:os-attach-interfaces:delete: rule:admin_or_owner
os_compute_api:os-availability-zone:list: rule:admin_or_owner
os_compute_api:os-availability-zone:discoverable: "@"
os_compute_api:os-availability-zone:detail: rule:admin_api
os_compute_api:os-baremetal-nodes:discoverable: "@"
os_compute_api:os-baremetal-nodes: rule:admin_api
context_is_admin: role:admin
admin_or_owner: is_admin:True or project_id:%(project_id)s
admin_api: is_admin:True
network:attach_external_network: is_admin:True
os_compute_api:os-block-device-mapping:discoverable: "@"
os_compute_api:os-block-device-mapping-v1:discoverable: "@"
os_compute_api:os-cells:discoverable: "@"
os_compute_api:os-cells:update: rule:admin_api
os_compute_api:os-cells:create: rule:admin_api
os_compute_api:os-cells: rule:admin_api
os_compute_api:os-cells:sync_instances: rule:admin_api
os_compute_api:os-cells:delete: rule:admin_api
cells_scheduler_filter:DifferentCellFilter: is_admin:True
cells_scheduler_filter:TargetCellFilter: is_admin:True
os_compute_api:os-certificates:discoverable: "@"
os_compute_api:os-certificates:create: rule:admin_or_owner
os_compute_api:os-certificates:show: rule:admin_or_owner
os_compute_api:os-cloudpipe: rule:admin_api
os_compute_api:os-cloudpipe:discoverable: "@"
os_compute_api:os-config-drive:discoverable: "@"
os_compute_api:os-config-drive: rule:admin_or_owner
os_compute_api:os-console-auth-tokens:discoverable: "@"
os_compute_api:os-console-auth-tokens: rule:admin_api
os_compute_api:os-console-output:discoverable: "@"
os_compute_api:os-console-output: rule:admin_or_owner
os_compute_api:os-consoles:create: rule:admin_or_owner
os_compute_api:os-consoles:show: rule:admin_or_owner
os_compute_api:os-consoles:delete: rule:admin_or_owner
os_compute_api:os-consoles:discoverable: "@"
os_compute_api:os-consoles:index: rule:admin_or_owner
os_compute_api:os-create-backup:discoverable: "@"
os_compute_api:os-create-backup: rule:admin_or_owner
os_compute_api:os-deferred-delete:discoverable: "@"
os_compute_api:os-deferred-delete: rule:admin_or_owner
os_compute_api:os-evacuate:discoverable: "@"
os_compute_api:os-evacuate: rule:admin_api
os_compute_api:os-extended-availability-zone: rule:admin_or_owner
os_compute_api:os-extended-availability-zone:discoverable: "@"
os_compute_api:os-extended-server-attributes: rule:admin_api
os_compute_api:os-extended-server-attributes:discoverable: "@"
os_compute_api:os-extended-status:discoverable: "@"
os_compute_api:os-extended-status: rule:admin_or_owner
os_compute_api:os-extended-volumes: rule:admin_or_owner
os_compute_api:os-extended-volumes:discoverable: "@"
os_compute_api:extension_info:discoverable: "@"
os_compute_api:extensions: rule:admin_or_owner
os_compute_api:extensions:discoverable: "@"
os_compute_api:os-fixed-ips:discoverable: "@"
os_compute_api:os-fixed-ips: rule:admin_api
os_compute_api:os-flavor-access:add_tenant_access: rule:admin_api
os_compute_api:os-flavor-access:discoverable: "@"
os_compute_api:os-flavor-access:remove_tenant_access: rule:admin_api
os_compute_api:os-flavor-access: rule:admin_or_owner
os_compute_api:os-flavor-extra-specs:show: rule:admin_or_owner
os_compute_api:os-flavor-extra-specs:create: rule:admin_api
os_compute_api:os-flavor-extra-specs:discoverable: "@"
os_compute_api:os-flavor-extra-specs:update: rule:admin_api
os_compute_api:os-flavor-extra-specs:delete: rule:admin_api
os_compute_api:os-flavor-extra-specs:index: rule:admin_or_owner
os_compute_api:os-flavor-manage: rule:admin_api
os_compute_api:os-flavor-manage:discoverable: "@"
os_compute_api:os-flavor-rxtx: rule:admin_or_owner
os_compute_api:os-flavor-rxtx:discoverable: "@"
os_compute_api:flavors:discoverable: "@"
os_compute_api:flavors: rule:admin_or_owner
os_compute_api:os-floating-ip-dns: rule:admin_or_owner
os_compute_api:os-floating-ip-dns:domain:update: rule:admin_api
os_compute_api:os-floating-ip-dns:discoverable: "@"
os_compute_api:os-floating-ip-dns:domain:delete: rule:admin_api
os_compute_api:os-floating-ip-pools:discoverable: "@"
os_compute_api:os-floating-ip-pools: rule:admin_or_owner
os_compute_api:os-floating-ips: rule:admin_or_owner
os_compute_api:os-floating-ips:discoverable: "@"
os_compute_api:os-floating-ips-bulk:discoverable: "@"
os_compute_api:os-floating-ips-bulk: rule:admin_api
os_compute_api:os-fping:all_tenants: rule:admin_api
os_compute_api:os-fping:discoverable: "@"
os_compute_api:os-fping: rule:admin_or_owner
os_compute_api:os-hide-server-addresses:discoverable: "@"
os_compute_api:os-hide-server-addresses: is_admin:False
os_compute_api:os-hosts:discoverable: "@"
os_compute_api:os-hosts: rule:admin_api
os_compute_api:os-hypervisors:discoverable: "@"
os_compute_api:os-hypervisors: rule:admin_api
os_compute_api:image-metadata:discoverable: "@"
os_compute_api:image-size:discoverable: "@"
os_compute_api:image-size: rule:admin_or_owner
os_compute_api:images:discoverable: "@"
os_compute_api:os-instance-actions:events: rule:admin_api
os_compute_api:os-instance-actions: rule:admin_or_owner
os_compute_api:os-instance-actions:discoverable: "@"
os_compute_api:os-instance-usage-audit-log: rule:admin_api
os_compute_api:os-instance-usage-audit-log:discoverable: "@"
os_compute_api:ips:discoverable: "@"
os_compute_api:ips:show: rule:admin_or_owner
os_compute_api:ips:index: rule:admin_or_owner
os_compute_api:os-keypairs:discoverable: "@"
os_compute_api:os-keypairs:index: rule:admin_api or user_id:%(user_id)s
os_compute_api:os-keypairs:create: rule:admin_api or user_id:%(user_id)s
os_compute_api:os-keypairs:delete: rule:admin_api or user_id:%(user_id)s
os_compute_api:os-keypairs:show: rule:admin_api or user_id:%(user_id)s
os_compute_api:os-keypairs: rule:admin_or_owner
os_compute_api:limits:discoverable: "@"
os_compute_api:limits: rule:admin_or_owner
os_compute_api:os-lock-server:discoverable: "@"
os_compute_api:os-lock-server:lock: rule:admin_or_owner
os_compute_api:os-lock-server:unlock:unlock_override: rule:admin_api
os_compute_api:os-lock-server:unlock: rule:admin_or_owner
os_compute_api:os-migrate-server:migrate: rule:admin_api
os_compute_api:os-migrate-server:discoverable: "@"
os_compute_api:os-migrate-server:migrate_live: rule:admin_api
os_compute_api:os-migrations:index: rule:admin_api
os_compute_api:os-migrations:discoverable: "@"
os_compute_api:os-multinic: rule:admin_or_owner
os_compute_api:os-multinic:discoverable: "@"
os_compute_api:os-multiple-create:discoverable: "@"
os_compute_api:os-networks:discoverable: "@"
os_compute_api:os-networks: rule:admin_api
os_compute_api:os-networks:view: rule:admin_or_owner
os_compute_api:os-networks-associate: rule:admin_api
os_compute_api:os-networks-associate:discoverable: "@"
os_compute_api:os-pause-server:unpause: rule:admin_or_owner
os_compute_api:os-pause-server:discoverable: "@"
os_compute_api:os-pause-server:pause: rule:admin_or_owner
os_compute_api:os-pci:index: rule:admin_api
os_compute_api:os-pci:detail: rule:admin_api
os_compute_api:os-pci:pci_servers: rule:admin_or_owner
os_compute_api:os-pci:show: rule:admin_api
os_compute_api:os-pci:discoverable: "@"
os_compute_api:os-quota-class-sets:show: is_admin:True or quota_class:%(quota_class)s
os_compute_api:os-quota-class-sets:discoverable: "@"
os_compute_api:os-quota-class-sets:update: rule:admin_api
os_compute_api:os-quota-sets:update: rule:admin_api
os_compute_api:os-quota-sets:defaults: "@"
os_compute_api:os-quota-sets:show: rule:admin_or_owner
os_compute_api:os-quota-sets:delete: rule:admin_api
os_compute_api:os-quota-sets:discoverable: "@"
os_compute_api:os-quota-sets:detail: rule:admin_api
os_compute_api:os-remote-consoles: rule:admin_or_owner
os_compute_api:os-remote-consoles:discoverable: "@"
os_compute_api:os-rescue:discoverable: "@"
os_compute_api:os-rescue: rule:admin_or_owner
os_compute_api:os-scheduler-hints:discoverable: "@"
os_compute_api:os-security-group-default-rules:discoverable: "@"
os_compute_api:os-security-group-default-rules: rule:admin_api
os_compute_api:os-security-groups: rule:admin_or_owner
os_compute_api:os-security-groups:discoverable: "@"
os_compute_api:os-server-diagnostics: rule:admin_api
os_compute_api:os-server-diagnostics:discoverable: "@"
os_compute_api:os-server-external-events:create: rule:admin_api
os_compute_api:os-server-external-events:discoverable: "@"
os_compute_api:os-server-groups:discoverable: "@"
os_compute_api:os-server-groups: rule:admin_or_owner
os_compute_api:server-metadata:index: rule:admin_or_owner
os_compute_api:server-metadata:show: rule:admin_or_owner
os_compute_api:server-metadata:create: rule:admin_or_owner
os_compute_api:server-metadata:discoverable: "@"
os_compute_api:server-metadata:update_all: rule:admin_or_owner
os_compute_api:server-metadata:delete: rule:admin_or_owner
os_compute_api:server-metadata:update: rule:admin_or_owner
os_compute_api:os-server-password: rule:admin_or_owner
os_compute_api:os-server-password:discoverable: "@"
os_compute_api:os-server-tags:delete_all: "@"
os_compute_api:os-server-tags:index: "@"
os_compute_api:os-server-tags:update_all: "@"
os_compute_api:os-server-tags:delete: "@"
os_compute_api:os-server-tags:update: "@"
os_compute_api:os-server-tags:show: "@"
os_compute_api:os-server-tags:discoverable: "@"
os_compute_api:os-server-usage: rule:admin_or_owner
os_compute_api:os-server-usage:discoverable: "@"
os_compute_api:servers:index: rule:admin_or_owner
os_compute_api:servers:detail: rule:admin_or_owner
os_compute_api:servers:detail:get_all_tenants: rule:admin_api
os_compute_api:servers:index:get_all_tenants: rule:admin_api
os_compute_api:servers:show: rule:admin_or_owner
os_compute_api:servers:show:host_status: rule:admin_api
os_compute_api:servers:create: rule:admin_or_owner
os_compute_api:servers:create:forced_host: rule:admin_api
os_compute_api:servers:create:attach_volume: rule:admin_or_owner
os_compute_api:servers:create:attach_network: rule:admin_or_owner
os_compute_api:servers:delete: rule:admin_or_owner
os_compute_api:servers:update: rule:admin_or_owner
os_compute_api:servers:confirm_resize: rule:admin_or_owner
os_compute_api:servers:revert_resize: rule:admin_or_owner
os_compute_api:servers:reboot: rule:admin_or_owner
os_compute_api:servers:resize: rule:admin_or_owner
os_compute_api:servers:rebuild: rule:admin_or_owner
os_compute_api:servers:create_image: rule:admin_or_owner
os_compute_api:servers:create_image:allow_volume_backed: rule:admin_or_owner
os_compute_api:servers:start: rule:admin_or_owner
os_compute_api:servers:stop: rule:admin_or_owner
os_compute_api:servers:trigger_crash_dump: rule:admin_or_owner
os_compute_api:servers:discoverable: "@"
os_compute_api:servers:migrations:show: rule:admin_api
os_compute_api:servers:migrations:force_complete: rule:admin_api
os_compute_api:servers:migrations:delete: rule:admin_api
os_compute_api:servers:migrations:index: rule:admin_api
os_compute_api:server-migrations:discoverable: "@"
os_compute_api:os-services: rule:admin_api
os_compute_api:os-services:discoverable: "@"
os_compute_api:os-shelve:shelve: rule:admin_or_owner
os_compute_api:os-shelve:unshelve: rule:admin_or_owner
os_compute_api:os-shelve:shelve_offload: rule:admin_api
os_compute_api:os-shelve:discoverable: "@"
os_compute_api:os-simple-tenant-usage:show: rule:admin_or_owner
os_compute_api:os-simple-tenant-usage:list: rule:admin_api
os_compute_api:os-simple-tenant-usage:discoverable: "@"
os_compute_api:os-suspend-server:resume: rule:admin_or_owner
os_compute_api:os-suspend-server:suspend: rule:admin_or_owner
os_compute_api:os-suspend-server:discoverable: "@"
os_compute_api:os-tenant-networks: rule:admin_or_owner
os_compute_api:os-tenant-networks:discoverable: "@"
os_compute_api:os-used-limits:discoverable: "@"
os_compute_api:os-used-limits: rule:admin_api
os_compute_api:os-user-data:discoverable: "@"
os_compute_api:versions:discoverable: "@"
os_compute_api:os-virtual-interfaces:discoverable: "@"
os_compute_api:os-virtual-interfaces: rule:admin_or_owner
os_compute_api:os-volumes:discoverable: "@"
os_compute_api:os-volumes: rule:admin_or_owner
os_compute_api:os-volumes-attachments:index: rule:admin_or_owner
os_compute_api:os-volumes-attachments:create: rule:admin_or_owner
os_compute_api:os-volumes-attachments:show: rule:admin_or_owner
os_compute_api:os-volumes-attachments:discoverable: "@"
os_compute_api:os-volumes-attachments:update: rule:admin_api
os_compute_api:os-volumes-attachments:delete: rule:admin_or_owner
nova_sudoers:
override:
append:
rootwrap:
override:
append:
wsgi_placement:
override:
append:
rootwrap_filters:
api_metadata:
override:
append:
compute:
override:
append:
network:
override:
append:
nova:
DEFAULT:
default_ephemeral_format: ext4
ram_allocation_ratio: 1.0
disk_allocation_ratio: 1.0
cpu_allocation_ratio: 3.0
force_config_drive: true
state_path: /var/lib/nova
osapi_compute_listen: 0.0.0.0
osapi_compute_listen_port: 8774
osapi_compute_workers: 1
metadata_workers: 1
use_neutron: true
firewall_driver: nova.virt.firewall.NoopFirewallDriver
linuxnet_interface_driver: openvswitch
allow_resize_to_same_host: true
compute_driver: libvirt.LibvirtDriver
my_ip: 0.0.0.0
instance_usage_audit: True
instance_usage_audit_period: hour
notify_on_state_change: vm_and_task_state
resume_guests_state_on_host_boot: True
vnc:
novncproxy_host: 0.0.0.0
vncserver_listen: 0.0.0.0
# leave blank, this should be set by each compute nodes's ip
vncserver_proxyclient_address: null
spice:
html5proxy_host: 0.0.0.0
server_listen: 0.0.0.0
# leave blank, this should be set by each compute nodes's ip
server_proxyclient_address: null
conductor:
workers: 1
oslo_policy:
policy_file: /etc/nova/policy.yaml
oslo_concurrency:
lock_path: /var/lib/nova/tmp
oslo_middleware:
enable_proxy_headers_parsing: true
glance:
num_retries: 3
cinder:
catalog_info: volumev2:cinder:internalURL
neutron:
metadata_proxy_shared_secret: "password"
service_metadata_proxy: True
auth_type: password
auth_version: v3
database:
max_retries: -1
api_database:
max_retries: -1
cell0_database:
max_retries: -1
keystone_authtoken:
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
libvirt:
connection_uri: "qemu+tcp://127.0.0.1/system"
images_type: qcow2
images_rbd_pool: vms
images_rbd_ceph_conf: /etc/ceph/ceph.conf
rbd_user: admin
rbd_secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
disk_cachemodes: "network=writeback"
hw_disk_discard: unmap
upgrade_levels:
compute: auto
cache:
enabled: true
backend: oslo_cache.memcache_pool
wsgi:
api_paste_config: /etc/nova/api-paste.ini
oslo_messaging_notifications:
driver: messagingv2
placement:
auth_type: password
auth_version: v3
# Names of secrets used by bootstrap and environmental checks
secrets:
identity:
admin: nova-keystone-admin
nova: nova-keystone-user
placement: nova-keystone-placement
test: nova-keystone-test
oslo_db:
admin: nova-db-admin
nova: nova-db-user
oslo_db_api:
admin: nova-db-api-admin
nova: nova-db-api-user
oslo_db_cell0:
admin: nova-db-api-admin
nova: nova-db-api-user
# typically overriden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
cluster_domain_suffix: cluster.local
oslo_db:
auth:
admin:
username: root
password: password
nova:
username: nova
password: password
hosts:
default: mariadb
host_fqdn_override:
default: null
path: /nova
scheme: mysql+pymysql
port:
mysql:
default: 3306
oslo_db_api:
auth:
admin:
username: root
password: password
nova:
username: nova
password: password
hosts:
default: mariadb
host_fqdn_override:
default: null
path: /nova_api
scheme: mysql+pymysql
port:
mysql:
default: 3306
oslo_db_cell0:
auth:
admin:
username: root
password: password
nova:
username: nova
password: password
hosts:
default: mariadb
host_fqdn_override:
default: null
path: /nova_api_cell0
scheme: mysql+pymysql
port:
mysql:
default: 3306
oslo_messaging:
auth:
nova:
username: rabbitmq
password: password
hosts:
default: rabbitmq
host_fqdn_override:
default: null
path: /
scheme: rabbit
port:
amqp:
default: 5672
oslo_cache:
hosts:
default: memcached
host_fqdn_override:
default: null
port:
memcache:
default: 11211
identity:
name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
nova:
role: admin
region_name: RegionOne
username: nova
password: password
project_name: service
user_domain_name: default
project_domain_name: default
#NOTE(portdirect): the neutron user is not managed by the nova chart
# these values should match those set in the neutron chart.
neutron:
region_name: RegionOne
project_name: service
project_domain_name: default
user_domain_name: default
username: neutron
password: password
placement:
role: admin
region_name: RegionOne
username: placement
password: password
project_name: service
user_domain_name: default
project_domain_name: default
test:
role: admin
region_name: RegionOne
username: test
password: password
project_name: test
user_domain_name: default
project_domain_name: default
hosts:
default: keystone-api
public: keystone
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: http
port:
admin:
default: 35357
api:
default: 80
image:
name: glance
hosts:
default: glance-api
public: glance
host_fqdn_override:
default: null
path:
default: null
scheme:
default: http
port:
api:
default: 9292
public: 80
compute:
name: nova
hosts:
default: nova-api
public: nova
host_fqdn_override:
default: null
path:
default: "/v2/%(tenant_id)s"
scheme:
default: 'http'
port:
api:
default: 8774
public: 80
novncproxy:
default: 6080
compute_metadata:
name: nova
hosts:
default: nova-metadata
public: metadata
host_fqdn_override:
default: null
path:
default: /
scheme:
default: 'http'
port:
metadata:
default: 8775
public: 80
compute_novnc_proxy:
name: nova
hosts:
default: nova-novncproxy
host_fqdn_override:
default: null
path:
default: /vnc_auto.html
scheme:
default: 'http'
port:
novnc_proxy:
default: 6080
compute_spice_proxy:
name: nova
hosts:
default: nova-spiceproxy
host_fqdn_override:
default: null
path:
default: /spice_auto.html
scheme:
default: 'http'
port:
spice_proxy:
default: 6082
placement:
name: placement
hosts:
default: placement-api
public: placement
host_fqdn_override:
default: null
path:
default: /
scheme:
default: 'http'
port:
api:
default: 8778
public: 80
network:
name: neutron
hosts:
default: neutron-server
public: neutron
host_fqdn_override:
default: null
path:
default: null
scheme:
default: 'http'
port:
api:
default: 9696
public: 80
pod:
user:
nova:
uid: 1000
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
mounts:
nova_compute:
init_container: null
nova_compute:
nova_api_metadata:
init_container: null
nova_api_metadata:
nova_placement:
init_container: null
nova_placement:
nova_api_osapi:
init_container: null
nova_api_osapi:
nova_consoleauth:
init_container: null
nova_consoleauth:
nova_conductor:
init_container: null
nova_conductor:
nova_scheduler:
init_container: null
nova_scheduler:
nova_bootstrap:
init_container: null
nova_bootstrap:
nova_tests:
init_container: null
nova_tests:
nova_novncproxy:
init_novncproxy: null
nova_novncproxy:
nova_spiceproxy:
init_spiceproxy: null
nova_spiceproxy:
replicas:
api_metadata: 1
placement: 1
osapi: 1
conductor: 1
consoleauth: 1
scheduler: 1
novncproxy: 1
spiceproxy: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
daemonsets:
pod_replacement_strategy: RollingUpdate
compute:
enabled: true
min_ready_seconds: 0
max_unavailable: 1
disruption_budget:
metadata:
min_available: 0
placement:
min_available: 0
osapi:
min_available: 0
termination_grace_period:
metadata:
timeout: 30
placement:
timeout: 30
osapi:
timeout: 30
resources:
enabled: false
compute:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
api_metadata:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
placement:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
api:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
conductor:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
consoleauth:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
scheduler:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ssh:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
novncproxy:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
spiceproxy:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
bootstrap:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_drop:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_endpoints:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_service:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_user:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
cell_setup:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
manifests:
configmap_bin: true
configmap_etc: true
daemonset_compute: true
deployment_api_metadata: true
deployment_api_osapi: true
deployment_placement: true
deployment_conductor: true
deployment_consoleauth: true
deployment_novncproxy: true
deployment_spiceproxy: true
deployment_scheduler: true
ingress_metadata: true
ingress_placement: true
ingress_osapi: true
job_bootstrap: true
job_db_init: true
job_db_init_placement: true
job_db_sync: true
job_db_drop: false
job_ks_endpoints: true
job_ks_service: true
job_ks_user: true
job_ks_placement_endpoints: true
job_ks_placement_service: true
job_ks_placement_user: true
job_cell_setup: true
pdb_metadata: true
pdb_placement: true
pdb_osapi: true
pod_rally_test: true
secret_db_api: true
secret_db: true
secret_keystone: true
secret_keystone_placement: true
service_ingress_metadata: true
service_ingress_placement: true
service_ingress_osapi: true
service_metadata: true
service_placement: true
service_novncproxy: true
service_spiceproxy: true
service_osapi: true
View Git Blame Copy Permalink