This patch adds basic support for running Nova/libvirt with hugepages
enabled. The /dev/hugepages mount point and the mem_page_size flavor
property are hardcoded for the scope of this patch.
This change is a dependency for DPDK enablement in fuel-ccp-neutron.
Change-Id: I0a22bbe4a81d845af743275c6c9c91de7d9ae464
This is a separate REST API stack and data model used to track resource
provider inventories and usages, along with different classes of
resources.
SSL support for placement api will be added in separate CRs.
Change-Id: I8bec585dd5d9eb7f52c1cd50e1e3d44aba6bbe9d
Nova communicate with different services, which can be under SSL in the
same time, when Keystone will be without SSL.
It's rare, but possible.
This patch makes exporting certificate for job depended on general
option "create_certificates".
Without it Nova under SSL with Keystone without SSL failed due to missed
certificate for Nova https endpoint.
Change-Id: I273707dc175b4ae026924af4f296e14af0bb23ca
Previously nova just created default flavors. This patch adds ability to
specify custom flavors in ~/.ccp.yaml.
Also this patch renames job to more general format and moves all default
flavors to defaults.yaml config. Now Jinja loop was moved to service
definition yaml, which create one job per one flavor.
Bootstrapping is enabled by default.
Change-Id: I07daad9be8b4ccbc5a8e618351e8897af7d61672
nova-compute-ironic service is same as nova-compute, but with the special
compute_driver and few config options required for Ironic.
While Ironic has poor integration with Nova, this service cannot be run
with regular nova-compute service on same host.
Change-Id: I5b6975f2b0fc5fb4002f8ecfc530c4c69ef53e43
Add condition to nova conf to update
oslo_messaging_notifications/driver to searchlight
required value if searchlight is listening nova.
Change-Id: Ic9f348119ed2db6dcc672acad3db4e91e8700323
This patch adds optional support for TLS encryption in libvirtd endpoints using
certificates.
Without encryption, libvirtd listens on private interface of K8s node without
any authentication thus allowing connections from any host on the internal
network.
TLS for libvirt is ENABLED by default and can be disabled in fuel-ccp-nova's
defaults.yaml file. When using TLS, CCP operator has 3 options:
1. Use sample, self-signed wildcard certificates valid for 10 years built into
config files (e.g. for testing purposes) - default.
2. Regenerate above certs using a script provided in tools/.
3. Provide own certificates.
The TLS configuration provided by this patch uses workarounds to make wildcard
certifcates work and should be used for testing purposes only.
The reason to have TLS enabled by default is to run all tests (e.g. CI) with
encrypted communication and catch possible errors.
An implementation more suitable for production usage may follow in a separate
patch.
Change-Id: I1d770e3618e2f5a32573b7ded74b11df18338f85
Only testing packages available(no backports).
That means - libvirtd and compute containers now contain major lib
changes comparing to the rest of containers.
I have to add new daemon to address new libvirt behaviorm plus
I have to override the OS upper-constrains to match the libvirt
2.4.0 version.
Do we want this? :-)
Change-Id: I3860238eeaa055609ef9217ee587eabad7cc6ebc
This is needed for libvirt to recover domain configuration
after restart. Overwise it wont detect running\failed VMs.
Change-Id: Id2695643d03387f0193b831b130a4a7bfe75b1a0