78 lines
2.7 KiB
Django/Jinja
78 lines
2.7 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
{% if nova_network_type == 'calico' %}
|
|
# Calico specific qemu settings
|
|
# Information available at:
|
|
# http://docs.projectcalico.org/en/latest/ubuntu-opens-install.html
|
|
clear_emulator_capabilities = 0
|
|
user = "root"
|
|
group = "root"
|
|
cgroup_device_acl = [
|
|
"/dev/null", "/dev/full", "/dev/zero",
|
|
"/dev/random", "/dev/urandom",
|
|
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
|
|
"/dev/rtc", "/dev/hpet", "/dev/net/tun",
|
|
]
|
|
{% endif %}
|
|
|
|
{% if nova_libvirtd_listen_tls == 1 %}
|
|
# Use of TLS requires that x509 certificates be issued. The default is
|
|
# to keep them in /etc/pki/qemu. This directory must contain
|
|
#
|
|
# ca-cert.pem - the CA master certificate
|
|
# server-cert.pem - the server certificate signed with ca-cert.pem
|
|
# server-key.pem - the server private key
|
|
#
|
|
# and optionally may contain
|
|
#
|
|
# dh-params.pem - the DH params configuration file
|
|
#
|
|
# If the directory does not exist, libvirtd will fail to start. If the
|
|
# directory doesn't contain the necessary files, QEMU domains will fail
|
|
# to start if they are configured to use TLS.
|
|
#
|
|
# In order to overwrite the default path alter the following. This path
|
|
# definition will be used as the default path for other *_tls_x509_cert_dir
|
|
# configuration settings if their default path does not exist or is not
|
|
# specifically set.
|
|
#
|
|
default_tls_x509_cert_dir = "{{ nova_qemu_ssl_dir }}"
|
|
|
|
# The default TLS configuration only uses certificates for the server
|
|
# allowing the client to verify the server's identity and establish
|
|
# an encrypted channel.
|
|
#
|
|
# It is possible to use x509 certificates for authentication too, by
|
|
# issuing an x509 certificate to every client who needs to connect.
|
|
#
|
|
# Enabling this option will reject any client who does not have a
|
|
# certificate signed by the CA in /etc/pki/qemu/ca-cert.pem
|
|
#
|
|
# The default_tls_x509_cert_dir directory must also contain
|
|
#
|
|
# client-cert.pem - the client certificate signed with the ca-cert.pem
|
|
# client-key.pem - the client private key
|
|
#
|
|
# If this option is supplied it provides the default for the "_verify" option
|
|
# of specific TLS users such as vnc, backups, migration, etc. The specific
|
|
# users of TLS may override this by setting the specific "_verify" option.
|
|
#
|
|
# When not supplied the specific TLS users provide their own defaults.
|
|
#
|
|
default_tls_x509_verify = 1
|
|
{% endif %}
|
|
|
|
# Enable use of TLS encryption on the VNC server. This requires
|
|
# a VNC client which supports the VeNCrypt protocol extension.
|
|
# Examples include vinagre, virt-viewer, virt-manager and vencrypt
|
|
# itself. UltraVNC, RealVNC, TightVNC do not support this
|
|
#
|
|
# It is necessary to setup CA and issue a server certificate
|
|
# before enabling this.
|
|
#
|
|
vnc_tls = {{ nova_qemu_vnc_tls }}
|
|
|
|
{% for key, value in _nova_qemu_conf.items() %}
|
|
{{ key }} = {{ value }}
|
|
{% endfor %}
|