Add nova config

Implements: blueprint nova
Co-Authored-By: Michal Rostecki <mrostecki@mirantis.com>
Change-Id: I362d951c87c2ef36813d899b388cd053d406e849

config/nova/defaults/main.yml

@@ -0,0 +1,80 @@
+---
+project_name: "nova"
+
+####################
+# Ceph
+####################
+ceph_nova_pool_type: "{{ ceph_pool_type }}"
+ceph_nova_cache_mode: "{{ ceph_cache_mode }}"
+
+# Due to Ansible issues on include, you cannot override these variables. Please
+# override the variables they reference instead.
+nova_pool_name: "{{ ceph_nova_pool_name }}"
+nova_pool_type: "{{ ceph_nova_pool_type }}"
+nova_cache_mode: "{{ ceph_nova_cache_mode }}"
+
+
+####################
+# Database
+####################
+nova_database_name: "nova"
+nova_database_user: "nova"
+nova_database_address: "{{ kolla_internal_address }}"
+
+nova_api_database_name: "nova_api"
+nova_api_database_user: "nova_api"
+nova_api_database_address: "{{ kolla_internal_address }}"
+
+
+####################
+# Docker
+####################
+nova_libvirt_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-nova-libvirt"
+nova_libvirt_tag: "{{ openstack_release }}"
+nova_libvirt_image_full: "{{ nova_libvirt_image }}:{{ nova_libvirt_tag }}"
+
+nova_conductor_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-nova-conductor"
+nova_conductor_tag: "{{ openstack_release }}"
+nova_conductor_image_full: "{{ nova_conductor_image }}:{{ nova_conductor_tag }}"
+
+nova_consoleauth_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-nova-consoleauth"
+nova_consoleauth_tag: "{{ openstack_release }}"
+nova_consoleauth_image_full: "{{ nova_consoleauth_image }}:{{ nova_consoleauth_tag }}"
+
+nova_novncproxy_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-nova-novncproxy"
+nova_novncproxy_tag: "{{ openstack_release }}"
+nova_novncproxy_image_full: "{{ nova_novncproxy_image }}:{{ nova_novncproxy_tag }}"
+
+nova_spicehtml5proxy_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-nova-spicehtml5proxy"
+nova_spicehtml5proxy_tag: "{{ openstack_release }}"
+nova_spicehtml5proxy_image_full: "{{ nova_spicehtml5proxy_image }}:{{ nova_spicehtml5proxy_tag }}"
+
+nova_scheduler_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-nova-scheduler"
+nova_scheduler_tag: "{{ openstack_release }}"
+nova_scheduler_image_full: "{{ nova_scheduler_image }}:{{ nova_scheduler_tag }}"
+
+nova_compute_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-nova-compute"
+nova_compute_tag: "{{ openstack_release }}"
+nova_compute_image_full: "{{ nova_compute_image }}:{{ nova_compute_tag }}"
+
+nova_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-nova-api"
+nova_api_tag: "{{ openstack_release }}"
+nova_api_image_full: "{{ nova_api_image }}:{{ nova_api_tag }}"
+
+nova_compute_ironic_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-nova-compute-ironic"
+nova_compute_ironic_tag: "{{ openstack_release }}"
+nova_compute_ironic_image_full: "{{ nova_compute_ironic_image }}:{{ nova_compute_ironic_tag }}"
+
+####################
+# Openstack
+####################
+nova_public_address: "{{ kolla_external_address }}"
+nova_admin_address: "{{ kolla_internal_address }}"
+nova_internal_address: "{{ kolla_internal_address }}"
+
+nova_logging_verbose: "{{ openstack_logging_verbose }}"
+nova_logging_debug: "{{ openstack_logging_debug }}"
+
+nova_keystone_user: "nova"
+
+openstack_nova_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"

config/nova/templates/libvirtd.conf.j2

@@ -0,0 +1,11 @@
+listen_tcp = 1
+auth_tcp = "none"
+ca_file = ""
+log_level = 2
+log_outputs = "2:file:/var/log/libvirt/libvirtd.log"
+listen_addr = "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
+unix_sock_group = "nova"
+unix_sock_ro_perms = "0777"
+unix_sock_rw_perms = "0770"
+auth_unix_ro = "none"
+auth_unix_rw = "none"

config/nova/templates/nova.conf.j2

@@ -0,0 +1,153 @@
+# nova.conf
+[DEFAULT]
+debug = {{ nova_logging_debug }}
+
+api_paste_config = /etc/nova/api-paste.ini
+state_path = /var/lib/nova
+
+osapi_compute_listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+osapi_compute_listen_port = {{ nova_api_port }}
+
+metadata_listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+metadata_listen_port = {{ nova_metadata_port }}
+
+ec2_listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+ec2_listen_port = {{ nova_api_ec2_port }}
+
+notification_driver = noop
+
+security_group_api = neutron
+network_api_class = nova.network.neutronv2.api.API
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+
+{% if neutron_plugin_agent == "openvswitch" %}
+linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
+{% elif neutron_plugin_agent == "linuxbridge" %}
+linuxnet_interface_driver = nova.network.linux_net.BridgeInterfaceDriver
+{% endif %}
+
+allow_resize_to_same_host = true
+
+{% if enable_ironic | bool %}
+scheduler_host_manager = nova.scheduler.ironic_host_manager.IronicHostManager
+{% endif %}
+
+{% if service_name == "nova-compute-ironic" %}
+compute_driver = nova.virt.ironic.IronicDriver
+vnc_enabled = False
+ram_allocation_ratio = 1.0
+reserved_host_memory_mb = 0
+{% elif enable_nova_fake | bool %}
+scheduler_default_filters = RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter
+host = {{ ansible_hostname }}_{{ item }}
+compute_driver = fake.FakeDriver
+{% else %}
+compute_driver = libvirt.LibvirtDriver
+{% endif %}
+
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+
+# Though my_ip is not used directly, lots of other variables use $my_ip
+my_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+
+{% if nova_console == 'novnc' %}
+novncproxy_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+novncproxy_port = {{ nova_novncproxy_port }}
+[vnc]
+vncserver_listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+vncserver_proxyclient_address = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+{% if inventory_hostname in groups['compute'] %}
+novncproxy_base_url = http://{{ kolla_internal_address }}:{{ nova_novncproxy_port }}/vnc_auto.html
+{% endif %}
+{% elif nova_console == 'spice' %}
+[vnc]
+# We have to turn off vnc to use spice
+enabled = false
+[spice]
+server_listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+server_proxyclient_address = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+{% if inventory_hostname in groups['compute'] %}
+html5proxy_base_url = http://{{ kolla_internal_address }}:{{ nova_spicehtml5proxy_port }}/spice_auto.html
+{% endif %}
+html5proxy_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+html5proxy_port = {{ nova_spicehtml5proxy_port }}
+{% endif %}
+
+{% if service_name == "nova-compute-ironic" %}
+[ironic]
+#(TODO) remember to update this once discoverd is replaced by inspector
+admin_username = {{ ironic_keystone_user }}
+admin_password = {{ ironic_keystone_password }}
+admin_url = {{ openstack_auth_v2.auth_url }}
+admin_tenant_name = service
+api_endpoint = http://{{ kolla_internal_address }}:{{ ironic_api_port }}/v1
+{% endif %}
+
+[oslo_messaging_rabbit]
+rabbit_userid = {{ rabbitmq_user }}
+rabbit_password = {{ rabbitmq_password }}
+rabbit_ha_queues = true
+rabbit_hosts = {% for host in groups['rabbitmq'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+[oslo_concurrency]
+lock_path = /var/lib/nova/tmp
+
+[glance]
+{% if enable_ceph | bool %}
+host = {{ kolla_internal_address }}
+port = {{ glance_api_port }}
+{% else %}
+api_servers = {% for host in groups['glance-api'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_api_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+num_retries = {{ groups['glance-api'] | length }}
+{% endif %}
+
+[cinder]
+catalog_info = volume:cinder:internalURL
+
+[neutron]
+url = http://{{ kolla_internal_address }}:{{ neutron_server_port }}
+auth_strategy = keystone
+metadata_proxy_shared_secret = {{ metadata_secret }}
+service_metadata_proxy = true
+
+auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_plugin = password
+project_domain_name = default
+user_domain_id = default
+project_name = service
+username = neutron
+password = {{ neutron_keystone_password }}
+
+[database]
+connection = mysql+pymysql://{{ nova_database_user }}:{{ nova_database_password }}@{{ nova_database_address }}/{{ nova_database_name }}
+
+[api_database]
+connection = mysql+pymysql://{{ nova_api_database_user }}:{{ nova_api_database_password }}@{{ nova_api_database_address }}/{{ nova_api_database_name }}
+
+[keystone_authtoken]
+auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_plugin = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = nova
+password = {{ nova_keystone_password }}
+
+[libvirt]
+connection_uri = "qemu+tcp://{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}/system"
+{% if enable_ceph | bool %}
+images_type = rbd
+images_rbd_pool = {{ ceph_nova_pool_name }}
+images_rbd_ceph_conf = /etc/ceph/ceph.conf
+rbd_user = nova
+rbd_secret_uuid = {{ rbd_secret_uuid }}
+disk_cachemodes="network=writeback"
+live_migration_flag="VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_PERSIST_DEST,VIR_MIGRATE_TUNNELLED"
+hw_disk_discard = unmap
+{% endif %}
+
+[upgrade_levels]
+compute = auto

etc/passwords.yml

@@ -33,6 +33,7 @@ glance_database_password: "password"
 glance_keystone_password: "password"
 
 nova_database_password: "password"
+nova_api_database_password: "password"
 nova_keystone_password: "password"
 
 neutron_database_password: "password"

services/nova/nova-api.yml.j2

@@ -0,0 +1,22 @@
+name: openstack/nova/nova-api
+container:
+  image: "{{ nova_api_image }}:{{ nova_api_tag }}"
+service:
+  daemon:
+    dependencies: [nova-conductor/db_sync, nova_ansible_tasks/create_user]
+    command: nova-api --config-file /etc/nova/nova.conf --config-file /etc/nova/nova-override.conf
+    files:
+      nova-override.conf:
+        source: ["/etc/kolla-mesos/config/global.conf",
+                 "/etc/kolla-mesos/config/database.conf",
+                 "/etc/kolla-mesos/config/messaging.conf",
+                 "/etc/kolla-mesos/config/nova.conf",
+                 "/etc/kolla-mesos/config/nova/nova-api.conf"]
+        dest: /etc/nova/nova-override.conf
+        owner: nova
+        perm: "0600"
+      nova.conf.j2:
+        source: "config/nova/templates/nova.conf.j2"
+        dest: /etc/nova/nova.conf
+        owner: nova
+        perm: "0600"

services/nova/nova-compute.yml.j2

@@ -0,0 +1,47 @@
+name: openstack/nova/nova-compute
+container:
+  image: "{{ nova_compute_image }}:{{ nova_compute_tag }}"
+  privileged: true
+service:
+  mem: 1024
+  taskRateLimit: 600.0
+  cpus: 2
+  volumes:
+    - containerPath: "/lib/modules"
+      hostPath: "/lib/modules"
+      mode: RO
+    - containerPath: "/var/lib/nova"
+      hostPath: "/var/lib/nova"
+      mode: RW
+    - containerPath: "/var/lib/libvirt"
+      hostPath: "/var/lib/libvirt"
+      mode: RW
+    - containerPath: "/run"
+      hostPath: "/run"
+      mode: RW
+
+  daemon:
+    dependencies: [nova-conductor/db_sync, nova_ansible_tasks/create_user,
+                   keystone_ansible_tasks/running]
+    command: nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/nova-override.conf
+    files:
+      nova-override.conf.j2:
+        source: ["/etc/kolla-mesos/config/global.conf",
+                 "/etc/kolla-mesos/config/database.conf",
+                 "/etc/kolla-mesos/config/messaging.conf",
+                 "/etc/kolla-mesos/config/nova.conf",
+                 "/etc/kolla-mesos/config/nova/nova-compute.conf"]
+        dest: /etc/nova/nova-override.conf
+        owner: nova
+        perm: "0600"
+      nova.conf.j2:
+        source: "config/nova/templates/nova.conf.j2"
+        dest: /etc/nova/nova.conf
+        owner: nova
+        perm: "0600"
+
+commands:
+  disable-netfilter-4:
+    command: "echo sudo sysctl net.bridge.bridge-nf-call-iptables=1"
+  disable-netfilter-6:
+    command: "echo sudo sysctl net.bridge.bridge-nf-call-ip6tables=1"

services/nova/nova-conductor.yml.j2

@@ -0,0 +1,31 @@
+name: openstack/nova/nova-conductor
+container:
+  image: "{{ nova_conductor_image }}:{{ nova_conductor_tag }}"
+service:
+  daemon:
+    dependencies: [nova-conductor/db_sync, nova_ansible_tasks/create_user]
+    command: nova-conductor --config-file /etc/nova/nova.conf --config-file /etc/nova/nova-override.conf
+
+commands:
+  db_sync:
+    run_once: True
+    dependencies: [nova_ansible_tasks/create_database,
+                   nova_ansible_tasks/database_user_create]
+    command: kolla_extend_start
+    env:
+      KOLLA_BOOTSTRAP:
+    files:
+      nova-override.conf:
+        source: ["/etc/kolla-mesos/config/global.conf",
+                 "/etc/kolla-mesos/config/database.conf",
+                 "/etc/kolla-mesos/config/messaging.conf",
+                 "/etc/kolla-mesos/config/nova.conf",
+                 "/etc/kolla-mesos/config/nova/nova-conductor.conf"]
+        dest: /etc/nova/nova-override.conf
+        owner: nova
+        perm: "0600"
+      nova.conf.j2:
+        source: "config/nova/templates/nova.conf.j2"
+        dest: /etc/nova/nova.conf
+        owner: nova
+        perm: "0600"

services/nova/nova-consoleauth.yml.j2

@@ -0,0 +1,22 @@
+name: openstack/nova/nova-consoleauth
+container:
+  image: "{{ nova_consoleauth_image }}:{{ nova_consoleauth_tag }}"
+service:
+  daemon:
+    dependencies: [nova-conductor/db_sync, nova_ansible_tasks/create_user]
+    command: nova-consoleauth --config-file /etc/nova/nova.conf --config-file /etc/nova/nova-override.conf
+    files:
+      nova-override.conf:
+        source: ["/etc/kolla-mesos/config/global.conf",
+                 "/etc/kolla-mesos/config/database.conf",
+                 "/etc/kolla-mesos/config/messaging.conf",
+                 "/etc/kolla-mesos/config/nova.conf",
+                 "/etc/kolla-mesos/config/nova/nova-consoleauth.conf"]
+        dest: /etc/nova/nova-override.conf
+        owner: nova
+        perm: "0600"
+      nova.conf.j2:
+        source: "config/nova/templates/nova.conf.j2"
+        dest: /etc/nova/nova.conf
+        owner: nova
+        perm: "0600"

services/nova/nova-init.yml.j2

@@ -0,0 +1,96 @@
+name: openstack/nova/nova_ansible_tasks
+container:
+  image: "{{ kolla_toolbox_image }}:{{ kolla_toolbox_tag }}"
+task:
+commands:
+  create_database:
+    run_once: True
+    dependencies: [mariadb/daemon]
+    command: {{ ansible_task_cmd }}
+      -m mysql_db
+      -a "login_host='{{ database_address }}'
+          login_port='{{ mariadb_port }}'
+          login_user='{{ database_user }}'
+          login_password='{{ database_password }}'
+          name='{{ nova_database_name }}'"
+  create_api_database:
+    run_once: True
+    dependencies: [mariadb/daemon]
+    command: {{ ansible_task_cmd }}
+      -m mysql_db
+      -a "login_host='{{ database_address }}'
+          login_port='{{ mariadb_port }}'
+          login_user='{{ database_user }}'
+          login_password='{{ database_password }}'
+          name='{{ nova_api_database_name }}'"
+  database_user_create:
+    run_once: True
+    dependencies: [nova_ansible_tasks/create_database]
+    command: {{ ansible_task_cmd }}
+      -m mysql_user
+      -a "login_host='{{ database_address }}'
+          login_port='{{ mariadb_port }}'
+          login_user='{{ database_user }}'
+          login_password='{{ database_password }}'
+          name='{{ nova_database_name }}'
+          password='{{ nova_database_password }}'
+          host='%'
+          priv='{{ nova_database_name }}.*:ALL'
+          append_privs='yes'"
+  database_api_user_create:
+    run_once: True
+    dependencies: [nova_ansible_tasks/create_api_database]
+    command: {{ ansible_task_cmd }}
+      -m mysql_user
+      -a "login_host='{{ database_address }}'
+          login_port='{{ mariadb_port }}'
+          login_user='{{ database_user }}'
+          login_password='{{ database_password }}'
+          name='{{ nova_api_database_name }}'
+          password='{{ nova_api_database_password }}'
+          host='%'
+          priv='{{ nova_api_database_name }}.*:ALL'
+          append_privs='yes'"
+  register_endpoint:
+    run_once: True
+    dependencies: [nova-conductor/db_sync, keystone_ansible_tasks/running]
+    command: {{ ansible_task_cmd }}
+      -m kolla_keystone_service
+      -a "service_name=nova
+          service_type=image
+          description='Openstack Compute'
+          endpoint_region={{ openstack_region_name }}
+          admin_url='http://{{ kolla_internal_address }}:{{ nova_api_port }}/v2/%(tenant_id)s'
+          internal_url='http://{{ kolla_internal_address }}:{{ nova_api_port }}/v2/%(tenant_id)s'
+          public_url='http://{{ kolla_external_address }}:{{ nova_api_port }}/v2/%(tenant_id)s'
+          region_name={{ openstack_region_name }}
+          auth={{ '{{ openstack_nova_auth }}' }}"
+      -e "{'openstack_nova_auth':{{ openstack_nova_auth }}}"
+  create_user:
+    run_once: True
+    dependencies: [nova-conductor/db_sync, keystone_ansible_tasks/running]
+    command: {{ ansible_task_cmd }}
+      -m kolla_keystone_user
+      -a "project=service
+          user=nova
+          password={{ nova_keystone_password }}
+          role=admin
+          region_name={{ openstack_region_name }}
+          auth={{ '{{ openstack_nova_auth }}' }}"
+      -e "{'openstack_nova_auth':{{ openstack_nova_auth }}}"
+  running:
+    run_once: True
+    retries: 10
+    delay: 5
+    dependencies: [nova-conductor/db_sync, nova_ansible_tasks/register_endpoint,
+                   keystone_ansible_tasks/running]
+    command: {{ ansible_task_cmd }}
+      -m kolla_sanity
+      -a "service=nova
+          project=service
+          user=nova
+          password={{ nova_keystone_password }}
+          role=admin
+          region_name={{ openstack_region_name }}
+          auth={{ '{{ openstack_nova_auth }}' }}"
+      -e "{'openstack_nova_auth':{{ openstack_nova_auth }}}"

services/nova/nova-libvirt.yml.j2

@@ -0,0 +1,31 @@
+name: openstack/nova/nova-libvirt
+container:
+  image: "{{ nova_libvirt_image }}:{{ nova_libvirt_tag }}"
+  privileged: true
+service:
+  mem: 1024
+  taskRateLimit: 600.0
+  cpus: 2
+  volumes:
+    - containerPath: "/lib/modules"
+      hostPath: "/lib/modules"
+      mode: RO
+    - containerPath: "/var/lib/nova"
+      hostPath: "/var/lib/nova"
+      mode: RW
+    - containerPath: "/var/lib/libvirt"
+      hostPath: "/var/lib/libvirt"
+      mode: RW
+    - containerPath: "/run"
+      hostPath: "/run"
+      mode: RW
+
+  daemon:
+    dependencies: [nova-conductor/db_sync]
+    command: libvirtd --listen
+    files:
+      libvirtd.conf.j2:
+        source: "config/nova/templates/libvirtd.conf.j2"
+        dest: /etc/libvirt/libvirtd.conf
+        owner: root
+        perm: "0644"

services/nova/nova-novncproxy.yml.j2

@@ -0,0 +1,22 @@
+name: openstack/nova/nova-novncproxy
+container:
+  image: "{{ nova_novncproxy_image }}:{{ nova_novncproxy_tag }}"
+service:
+  daemon:
+    dependencies: [nova-conductor/db_sync, nova_ansible_tasks/create_user]
+    command: nova-novncproxy --config-file /etc/nova/nova.conf --config-file /etc/nova/nova-override.conf
+    files:
+      nova-override.conf:
+        source: ["/etc/kolla-mesos/config/global.conf",
+                 "/etc/kolla-mesos/config/database.conf",
+                 "/etc/kolla-mesos/config/messaging.conf",
+                 "/etc/kolla-mesos/config/nova.conf",
+                 "/etc/kolla-mesos/config/nova/nova-novncproxy.conf"]
+        dest: /etc/nova/nova-override.conf
+        owner: nova
+        perm: "0600"
+      nova.conf.j2:
+        source: "config/nova/templates/nova.conf.j2"
+        dest: /etc/nova/nova.conf
+        owner: nova
+        perm: "0600"

services/nova/nova-scheduler.yml.j2

@@ -0,0 +1,22 @@
+name: openstack/nova/nova-scheduler
+container:
+  image: "{{ nova_scheduler_image }}:{{ nova_scheduler_tag }}"
+service:
+  daemon:
+    dependencies: [nova-conductor/db_sync, nova_ansible_tasks/create_user]
+    command: nova-scheduler --config-file /etc/nova/nova.conf --config-file /etc/nova/nova-override.conf
+    files:
+      nova-override.conf:
+        source: ["/etc/kolla-mesos/config/global.conf",
+                 "/etc/kolla-mesos/config/database.conf",
+                 "/etc/kolla-mesos/config/messaging.conf",
+                 "/etc/kolla-mesos/config/nova.conf",
+                 "/etc/kolla-mesos/config/nova/nova-scheduler.conf"]
+        dest: /etc/nova/nova-override.conf
+        owner: nova
+        perm: "0600"
+      nova.conf.j2:
+        source: "config/nova/templates/nova.conf.j2"
+        dest: /etc/nova/nova.conf
+        owner: nova
+        perm: "0600"

services/nova/nova-spicehtml3proxy.yml.j2

@@ -0,0 +1,22 @@
+name: openstack/nova/nova-spicehtml3proxy
+container:
+  image: "{{ nova_spicehtml3proxy_image }}:{{ nova_spicehtml3proxy_tag }}"
+service:
+  daemon:
+    dependencies: [nova-conductor/db_sync, nova_ansible_tasks/create_user]
+    command: nova-spicehtml3proxy --config-file /etc/nova/nova.conf --config-file /etc/nova/nova-override.conf
+    files:
+      nova-override.conf:
+        source: ["/etc/kolla-mesos/config/global.conf",
+                 "/etc/kolla-mesos/config/database.conf",
+                 "/etc/kolla-mesos/config/messaging.conf",
+                 "/etc/kolla-mesos/config/nova.conf",
+                 "/etc/kolla-mesos/config/nova/nova-spicehtml3proxy.conf"]
+        dest: /etc/nova/nova-override.conf
+        owner: nova
+        perm: "0600"
+      nova.conf.j2:
+        source: "config/nova/templates/nova.conf.j2"
+        dest: /etc/nova/nova.conf
+        owner: nova
+        perm: "0600"