x
/
fuel-ccp-nova
Code Issues Proposed changes

Retire repository 

Fuel (from openstack namespace) and fuel-ccp (in x namespace)
repositories are unused and ready to retire.

This change removes all content from the repository and adds the usual
README file to point out that the repository is retired following the
process from
https://docs.openstack.org/infra/manual/drivers.html#retiring-a-project

See also
http://lists.openstack.org/pipermail/openstack-discuss/2019-December/011647.html

Depends-On: https://review.opendev.org/699362
Change-Id: I32d0e133270d39e9aad29e22c4465bc2083cf89f
This commit is contained in:
Andreas Jaeger 2019-12-18 09:51:17 +01:00
parent 022dbcad63
commit fb3f6f99b1
63 changed files with 10 additions and 2060 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
.gitignore vendored
View File

@ -1,69 +0,0 @@
*.py[cod]
# C extensions
*.so
# Packages
*.egg
*.egg-info
dist
build
.eggs
eggs
parts
bin
var
sdist
develop-eggs
.installed.cfg
lib
lib64
# Installer logs
pip-log.txt
# Unit test / coverage reports
.coverage
cover
.tox
nosetests.xml
.testrepository
.venv
# Translations
*.mo
# Mr Developer
.mr.developer.cfg
.project
.pydevproject
# Complexity
output/*.html
output/*/index.html
# Sphinx
doc/build
# oslo-config-generator
etc/*.sample
# pbr generates these
AUTHORS
ChangeLog
# Editors
*~
.*.swp
.*sw?
# Vagrant
.vagrant
vagrant/Vagrantfile.custom
vagrant/vagrantkey*
# generated openrc
openrc
# tests
tests/.cache/*

176
LICENSE
View File

@ -1,176 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.

10
README.rst Normal file
View File

@ -0,0 +1,10 @@
This project is no longer maintained.
The contents of this repository are still available in the Git
source code management system. To see the contents of this
repository before it reached its end of life, please check out the
previous commit with "git checkout HEAD^1".
For any further questions, please email
openstack-discuss@lists.openstack.org or join #openstack-dev on
Freenode.

8
docker/nova-api/Dockerfile.j2
View File

@ -1,8 +0,0 @@
FROM {{ image_spec("nova-base") }}
MAINTAINER {{ maintainer }}
RUN apt-get install -y --no-install-recommends \
mysql-client \
&& apt-get clean
USER nova

30
docker/nova-base/Dockerfile.j2
View File

@ -1,30 +0,0 @@
FROM {{ image_spec("openstack-base") }}
MAINTAINER {{ maintainer }}
COPY {{ render('sources.list.debian.j2') }} /etc/apt/sources.list.d/ceph.list
RUN apt-key adv --recv-keys --keyserver {{ url.ceph.debian.keyserver }} \
{{ url.ceph.debian.keyid }} \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
bridge-utils \
openvswitch-switch \
iptables \
ebtables \
dnsmasq \
openssh-client \
&& apt-get clean
{{ copy_sources("openstack/nova", "/nova") }}
RUN useradd --user-group --create-home --home-dir /var/lib/nova nova \
&& chmod 755 /var/lib/nova \
&& /var/lib/microservices/venv/bin/pip install /nova \
&& mkdir -p /etc/nova /var/lib/nova /var/log/nova \
&& cp -r /nova/etc/nova/* /etc/nova/ \
&& chown -R nova: /etc/nova /var/lib/nova /var/log/nova \
&& sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/microservices/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/nova/rootwrap.conf
COPY nova_sudoers /etc/sudoers.d/nova_sudoers
RUN chmod 750 /etc/sudoers.d \
&& chmod 440 /etc/sudoers.d/nova_sudoers \
&& usermod -a -G microservices nova

10
docker/nova-base/extend_start.sh
View File

@ -1,10 +0,0 @@
#!/bin/bash
if [[ ! -d "/var/log/microservices/nova" ]]; then
mkdir -p /var/log/microservices/nova
fi
if [[ $(stat -c %a /var/log/microservices/nova) != "755" ]]; then
chmod 755 /var/log/microservices/nova
fi
source /usr/local/bin/microservices_nova_extend_start

1
docker/nova-base/nova_sudoers
View File

@ -1 +0,0 @@
nova ALL=(root) NOPASSWD: /var/lib/microservices/venv/bin/nova-rootwrap /etc/nova/rootwrap.conf *, /bin/chown -R nova\: /var/lib/nova

1
docker/nova-base/sources.list.debian.j2
View File

@ -1 +0,0 @@
deb {{ url.ceph.debian.repo }} jessie main

8
docker/nova-compute-ironic/Dockerfile.j2
View File

@ -1,8 +0,0 @@
FROM {{ image_spec("nova-base") }}
MAINTAINER {{ maintainer }}
RUN apt-get -y install --no-install-recommends \
genisoimage \
&& apt-get clean
USER nova

34
docker/nova-compute/Dockerfile.j2
View File

@ -1,34 +0,0 @@
FROM {{ image_spec("nova-base") }}
MAINTAINER {{ maintainer }}
COPY {{ render('sources.list.debian.j2') }} /etc/apt/sources.list.d/testing.list
RUN apt-get update \
&& apt-get -y install -t jessie-backports --no-install-recommends \
qemu-utils \
ceph-common \
python-ceph \
python-rados \
&& apt-get -y install libvirt-daemon -t testing --no-install-recommends \
libvirt-dev \
&& apt-get -y install --no-install-recommends \
python-dev \
genisoimage \
open-iscsi \
dosfstools \
&& apt-get clean \
&& mkdir -p /etc/ceph /etc/pki \
&& chown -R nova: /etc/ceph /etc/pki \
&& ln -s /usr/lib/python2.7/dist-packages/rados.x86_64-linux-gnu.so /var/lib/microservices/venv/local/lib/python2.7/site-packages/rados.x86_64-linux-gnu.so \
&& ln -s /usr/lib/python2.7/dist-packages/rados-0.egg-info /var/lib/microservices/venv/local/lib/python2.7/site-packages/rados-0.egg-info \
&& ln -s /usr/lib/python2.7/dist-packages/rbd-0.egg-info /var/lib/microservices/venv/local/lib/python2.7/site-packages/rbd-0.egg-info \
&& ln -s /usr/lib/python2.7/dist-packages/rbd.x86_64-linux-gnu.so /var/lib/microservices/venv/local/lib/python2.7/site-packages/rbd.x86_64-linux-gnu.so \
&& sed -i 's/libvirt-python.*/\#libvirt-python==3.0.0/' /var/lib/microservices/venv/constraints.txt \
&& pip install --upgrade https://libvirt.org/sources/python/libvirt-python-3.0.0.tar.gz \
&& /var/lib/microservices/venv/bin/pip install rtslib-fb \
&& rm -f /etc/machine-id \
&& apt-get -y purge python-dev
ENV PATH $PATH:/lib/udev
USER nova

2
docker/nova-compute/sources.list.debian.j2
View File

@ -1,2 +0,0 @@
# Testing repos
deb {{ url.debian }} testing main

4
docker/nova-conductor/Dockerfile.j2
View File

@ -1,4 +0,0 @@
FROM {{ image_spec("nova-base") }}
MAINTAINER {{ maintainer }}
USER nova

4
docker/nova-consoleauth/Dockerfile.j2
View File

@ -1,4 +0,0 @@
FROM {{ image_spec("nova-base") }}
MAINTAINER {{ maintainer }}
USER nova

30
docker/nova-libvirt/Dockerfile.j2
View File

@ -1,30 +0,0 @@
FROM {{ image_spec("nova-base") }}
MAINTAINER {{ maintainer }}
COPY {{ render('sources.list.debian.j2') }} /etc/apt/sources.list.d/testing.list
COPY apt_preferences.debian /etc/apt/preferences
RUN apt-get update \
&& apt-get install -y --no-install-recommends -t jessie-backports \
ceph-common \
python-ceph \
python-rados \
&& apt-get -y install -t testing --no-install-recommends \
qemu-kvm \
qemu-block-extra \
libvirt-daemon \
libvirt-bin \
&& apt-get -y install --no-install-recommends \
libvirt-bin \
dmidecode \
pm-utils \
ebtables \
xen-utils-4.4 \
&& apt-get clean \
&& mkdir -p /etc/ceph \
&& rm -f /etc/libvirt/qemu/networks/default.xml /etc/libvirt/qemu/networks/autostart/default.xml \
&& usermod -a -G libvirt nova \
&& ln -s /usr/lib/python2.7/dist-packages/rados.so /var/lib/microservices/venv/local/lib/python2.7/site-packages/rados.so \
&& ln -s /usr/lib/python2.7/dist-packages/rados-0.egg-info /var/lib/microservices/venv/local/lib/python2.7/site-packages/rados-0.egg-info \
&& ln -s /usr/lib/python2.7/dist-packages/rbd-0.egg-info /var/lib/microservices/venv/local/lib/python2.7/site-packages/rbd-0.egg-info \
&& ln -s /usr/lib/python2.7/dist-packages/rbd.so /var/lib/microservices/venv/local/lib/python2.7/site-packages/rbd.so

4
docker/nova-libvirt/apt_preferences.debian
View File

@ -1,4 +0,0 @@
Package: qemu-kvm
Pin: release a=testing
Pin: version 2.8+dfsg-1
Pin-Priority: 500

3
docker/nova-libvirt/sources.list.debian.j2
View File

@ -1,3 +0,0 @@
# Testing repos
deb {{ url.debian }} testing main

10
docker/nova-novncproxy/Dockerfile.j2
View File

@ -1,10 +0,0 @@
FROM {{ image_spec("nova-base") }}
MAINTAINER {{ maintainer }}
RUN curl -L -o nova-novncproxy.tar.gz https://github.com/novnc/noVNC/archive/v{{ novnc_version }}.tar.gz && \
tar -zxvf nova-novncproxy.tar.gz && \
mv noVNC-{{ novnc_version }} /usr/share/novnc && \
chown -R nova: /usr/share/novnc && \
rm -f nova-novncproxy.tar.gz
USER nova

4
docker/nova-scheduler/Dockerfile.j2
View File

@ -1,4 +0,0 @@
FROM {{ image_spec("nova-base") }}
MAINTAINER {{ maintainer }}
USER nova

11
docker/nova-spicehtml5proxy/Dockerfile.j2
View File

@ -1,11 +0,0 @@
FROM {{ image_spec("nova-base") }}
MAINTAINER {{ maintainer }}
RUN curl -o spice.tar.gz https://codeload.github.com/SPICE/spice-html5/tar.gz/spice-html5-0.1.6 && \
tar -xzvf spice.tar.gz && \
mkdir -p /usr/share/spice-html5 && \
cp -rp spice-html5*/* /usr/share/spice-html5/ && \
chown -R nova: /usr/share/spice-html5 && \
rm -rf spice.tar.gz spice-html5*
USER nova

6
docker/nova-upgrade/Dockerfile.j2
View File

@ -1,6 +0,0 @@
FROM {{ image_spec("nova-base") }}
MAINTAINER {{ maintainer }}
RUN apt-get install -y --no-install-recommends \
mysql-client \
&& apt-get clean

12
docker/placement-api/Dockerfile.j2
View File

@ -1,12 +0,0 @@
FROM {{ image_spec("nova-base") }}
MAINTAINER {{ maintainer }}
COPY daemon.sh /usr/local/bin/daemon.sh
RUN apt-get install -y --no-install-recommends \
apache2 \
libapache2-mod-wsgi \
&& apt-get clean \
&& chmod 755 /usr/local/bin/daemon.sh \
&& usermod -aG www-data nova \
&& echo > /etc/apache2/ports.conf

4
docker/placement-api/daemon.sh
View File

@ -1,4 +0,0 @@
#!/bin/bash -ex
source /etc/apache2/envvars
/usr/sbin/apache2 -DNO_DETACH

25
service/actions/db-sync.yaml
View File

@ -1,25 +0,0 @@
actions:
- name: nova-db-sync
image: nova-base
dependencies:
- nova-db-create
command: nova-manage db sync
files:
- path: /etc/nova/nova.conf
content: nova.conf.j2
- name: nova-api-db-sync
image: nova-base
dependencies:
- nova-db-create
command: nova-manage api_db sync
files:
- path: /etc/nova/nova.conf
content: nova.conf.j2
- name: nova-db-online-data-migrations
image: nova-base
dependencies:
- nova-db-create
command: nova-manage db online_data_migrations
files:
- path: /etc/nova/nova.conf
content: nova.conf.j2

30
service/files/apache-placement-api.conf.j2
View File

@ -1,30 +0,0 @@
{% if placement.tls.enabled %}
Listen 127.0.0.1:{{ placement.port.cont }}
<VirtualHost 127.0.0.1:{{ placement.port.cont }}>
{% else %}
Listen {{ placement.port.cont }}
<VirtualHost *:{{ placement.port.cont }}>
{% endif %}
WSGIDaemonProcess placement-api processes={{ placement.wsgi.processes }} threads={{ placement.wsgi.threads }} user=nova display-name=%{GROUP} python-path=/var/lib/microservices/venv/lib/python2.7/site-packages
WSGIProcessGroup placement-api
WSGIScriptAlias / /var/lib/microservices/venv/bin/nova-placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%M"
</IfVersion>
<Directory /var/lib/microservices/venv/bin>
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>
Alias /placement /var/lib/microservices/venv/bin/nova-placement-api
<Location /placement>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>

10
service/files/backup.sh.j2
View File

@ -1,10 +0,0 @@
#!/bin/bash -ex
set -o pipefail
BACKUP_FILE="/var/ccp/backup/nova/backup-$(date "+%Y%m%d%H%M%S").sql"
mysqldump {% if db.tls.enabled %} --ssl-mode REQUIRED {% endif %} -h {{ address("database") }} \
-u {{ nova.db.username }} -p{{ nova.db.password }} \
--single-transaction {{ nova.db.name }} > "${BACKUP_FILE}"
BACKUP_FILE_API="/var/ccp/backup/nova/backup-$(date "+%Y%m%d%H%M%S")-api.sql"
mysqldump {% if db.tls.enabled %} --ssl-mode REQUIRED {% endif %} -h {{ address("database") }} \
-u {{ nova.db.username }} -p{{ nova.db.password }} \
--single-transaction {{ nova.db.api_name }} > "${BACKUP_FILE_API}"

1
service/files/ca-cert.pem.j2
View File

@ -1 +0,0 @@
{{ security.tls.ca_cert }}

4
service/files/ceph-libvirt-secret-config.sh.j2
View File

@ -1,4 +0,0 @@
# This whole approach is very insecure. Fixme.
virsh secret-define --file /etc/libvirt/secrets/secret.xml
virsh secret-set-value --secret {{ cinder.ceph.rbd_secret_uuid }} --base64 {{ cinder.ceph.key }}
rm -f /etc/libvirt/secrets/secret.xml /opt/ccp/bin/ceph-libvirt-secret-config.sh

3
service/files/ceph.client.cinder.keyring.j2
View File

@ -1,3 +0,0 @@
[client.{{ cinder.ceph.username }}]
key = {{ cinder.ceph.key }}

7
service/files/ceph.conf.j2
View File

@ -1,7 +0,0 @@
[global]
fsid = {{ ceph.fsid }}
mon_host = {{ ceph.mon_host }}
auth_cluster_required = cephx
auth_service_required = cephx
auth_client_required = cephx

31
service/files/create-flavor.sh.j2
View File

@ -1,31 +0,0 @@
#!/bin/bash
name=$1
id=$2
ram=$3
disk=$4
vcpus=$5
set -ex
export OS_IDENTITY_API_VERSION=3
export OS_INTERFACE="internal"
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PASSWORD={{ openstack.user_password }}
export OS_USERNAME={{ openstack.user_name }}
export OS_PROJECT_NAME={{ openstack.project_name }}
export OS_AUTH_URL="{{ address('keystone', keystone.admin_port, with_scheme=True) }}/v3"
{% if security.tls.create_certificates %}
export OS_CACERT="/opt/ccp/etc/tls/ca.pem"
{% endif %}
flavor_params="--id $id"
flavor_params+=" --ram $ram"
flavor_params+=" --disk $disk"
flavor_params+=" --vcpus $vcpus"
{% if nova.libvirt.hugepages %}
flavor_params+=" --property hw:mem_page_size=large"
{% endif %}
openstack flavor show $name || openstack --os-region-name=RegionOne \
flavor create $flavor_params $name

255
service/files/defaults.yaml
View File

@ -1,255 +0,0 @@
configs:
nova:
tls:
enabled: true
api_port:
cont: 8774
ingress: compute
novncproxy_port:
cont: 6080
ingress: console
metadata:
port:
cont: 8775
secret: "password"
scheduler:
enabled_filters:
- RetryFilter
- AvailabilityZoneFilter
- RamFilter
- DiskFilter
- ComputeFilter
- ComputeCapabilitiesFilter
- ImagePropertiesFilter
- ServerGroupAntiAffinityFilter
- ServerGroupAffinityFilter
- SameHostFilter
- DifferentHostFilter
debug: false
console: "novnc"
cells_v2:
enabled: false
cell_name: cell0
virt_type: "kvm"
libvirt:
hugepages: false
tls:
enabled: true
allocation_ratio:
cpu: 0.0
disk: 0.0
ram: 0.0
sriov:
enabled: false
ceph:
enable: false
pool_name: "vms"
bootstrap:
enable: true
flavors:
- name: m1.test
id: 0
ram: 128
disk: 1
vcpus: 1
- name: m1.tiny
id: 1
ram: 512
disk: 1
vcpus: 1
- name: m1.small
id: 2
ram: 2048
disk: 20
vcpus: 1
- name: m1.medium
id: 3
ram: 4096
disk: 40
vcpus: 2
- name: m1.large
id: 4
ram: 8192
disk: 80
vcpus: 4
- name: m1.xlarge
id: 5
ram: 16384
disk: 160
vcpus: 8
placement:
enabled: true
port:
cont: 8780
ingress: placement
tls:
enabled: true
wsgi:
processes: 4
threads: 4
secret_configs:
nova:
db:
password: password
name: nova
api_name: nova-api
username: nova
username: nova
password: password
libvirt:
libvirt_certificate_authority_certificate: |
-----BEGIN CERTIFICATE-----
MIIDRzCCAf+gAwIBAgIEWFKFHjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDEwht
aXJhbnRpczAeFw0xNjEyMTUxMTU3MThaFw0yNjEyMTMxMTU3MThaMBMxETAPBgNV
BAMTCG1pcmFudGlzMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAvhPb
qxqzwiD18/rB41RNXHcqLnovs0q1i2DkwK2pZi5o+qw1W5BITbLE54diSqNzJT0/
M5w1R0Gx2UZQ5RGgITI/z9dJS1zVWo63ePcCP/OYRqiGpQ/aPzSLIzpOc2PLfhLZ
VPJ82B7/upDeWJRxOl7Uur/PIjrETrlu8FCmtv63DSm+9zRsEpUfrA5pG+AVu17j
nx6dwCJ88F4myv1L8OwvMzllwaE/n5WWb4zv/qCAFL5cX7O1ePmuQ/zQ4sOEVN2d
CT6GNevC8EvawHKYxBsC+pfv4jjmslt8xntp+FNGI3j1OzBmDwWF5fwGmhFTVwDn
9aUjaE7tt4//Ogwh49QuA7qVS22k2onQCqS+j1v/EG4MyacaMjZ3RRivC3Hd/bYR
sS/F3uk+/R1EGv0guwIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB
/wQFAwMHBAAwHQYDVR0OBBYEFJq7vrEt4kNIQAK1n1QcQcwlPv7/MA0GCSqGSIb3
DQEBCwUAA4IBMQC6gNBrDbx5KtdvVE1sLlSHA/uhRm5388raEJj5Kqnxig0qqCjg
aQuJWtllXXIrnd9wszcsRm/G3uafz8KExeUW+JIqNcxTd864/abpQrlU+ecyvM7R
O0jXK/pINdM2vWqeduobm7fzWcXy8Kd70a3z2LE2zXJzF+NwSkyckFjVOrp5eg7e
3FE0rw4mm3Ai7eTfC0BiOcZhYvRkOpj5vJTTQ2bgvGLEckps2lch/5KMfo5rDL4N
v9Jmb4GEFZZbtYSFzHa7UuyFaydudncoEPDgSw9bpkE5L7TrWqSPuFVyeQEB/8Z9
YsxFjEt0BZr+wbgcjLaEqnorhMy8NRZUz/eJFJQ9rH26SX1PG7pYuW6sgo8wDvS+
ZEsiknVIvGgVe//R1cHSiZ9CAOIKu3pKNX+z
-----END CERTIFICATE-----
libvirt_server_certificate: |
-----BEGIN CERTIFICATE-----
MIIDlDCCAkygAwIBAgIEWFKFHjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDEwht
aXJhbnRpczAeFw0xNjEyMTUxMTU3MThaFw0yNjEyMTMxMTU3MThaMC0xETAPBgNV
BAoTCG1pcmFudGlzMRgwFgYDVQQDEw8qLmNsdXN0ZXIubG9jYWwwggFSMA0GCSqG
SIb3DQEBAQUAA4IBPwAwggE6AoIBMQDC8xMJwwennONEwD2bAMsvCCNEaQYaELwT
DxLK6wCqIqXIgHSnvSf3VvUGapn7kGujP99jugkgQpSZSu2GBHe8K1PK/i838Y/b
Q9rgbHNzxgZTST7z9q7YFiZblZlpu9iq5CllgBpheHii4RN8YHWz79CG/0PCR1ot
p0BCiREfGCWZSxlGbT7Mp6uahiTbzMGwyzL8utxACalxMupCDl58EJ2gng41e7mv
2njJPhI6gnJfUv1vnt6J/h5XzZZ5UNJxLdKDHaWutE4bfa/U5Lg+uEwRjB0zNyN8
6IXoi4xHHDBM3Hmc3GkqCvAgt9aKcAFcNBxN7wSdwbsGeYLh+N5UEfa9en+gtojq
qwYh28fh0Wf6XaUnGZ04OYkm816zUcAtKFjsLNuYWqnB9bAFS8KTAgMBAAGjdjB0
MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUD
AwegADAdBgNVHQ4EFgQUMFDl1BdEP/piE0bRJrqPmn4OTCwwHwYDVR0jBBgwFoAU
mru+sS3iQ0hAArWfVBxBzCU+/v8wDQYJKoZIhvcNAQELBQADggExAD3Cl0GfddqQ
q/QFsn0Dh6REP64lq0Q7MURKvk+9nwPLXCnJa090NVZh4q2edPsitn8a4i0LOK4P
4f2SAz4EmwPNOpF9/S3gshjqmGlaXWp8kHu7p1p3+lPXY1B4mpiBUh4F7htIJrDD
2cQ2evccKDCttflznDr/tZI4WPiK7tbUWAkpucfGY13km5tJCTvbguy6d3LEjZBy
ikSSflIIf9apBt8DnZobJk4s9Z9c9XVtXjgTVBJDBgymSUD/jD4GW+NM1B8Cmubh
fQWdb4u4T94Jsv6B3mtbGhbWoDKspWAo8ASZeSTeom4RIkYn42Qrvam6aumRyjfz
VrydJPO5NPYfCETGUtEV3Sb0/HRnkFg00UaHJaISpBNFSUeW5MUj3gtM00l1z9Cc
JP/10vBq2DM=
-----END CERTIFICATE-----
libvirt_server_key: |
-----BEGIN RSA PRIVATE KEY-----
MIIFewIBAAKCATEAwvMTCcMHp5zjRMA9mwDLLwgjRGkGGhC8Ew8SyusAqiKlyIB0
p70n91b1BmqZ+5Broz/fY7oJIEKUmUrthgR3vCtTyv4vN/GP20Pa4Gxzc8YGU0k+
8/au2BYmW5WZabvYquQpZYAaYXh4ouETfGB1s+/Qhv9DwkdaLadAQokRHxglmUsZ
Rm0+zKermoYk28zBsMsy/LrcQAmpcTLqQg5efBCdoJ4ONXu5r9p4yT4SOoJyX1L9
b57eif4eV82WeVDScS3Sgx2lrrROG32v1OS4PrhMEYwdMzcjfOiF6IuMRxwwTNx5
nNxpKgrwILfWinABXDQcTe8EncG7BnmC4fjeVBH2vXp/oLaI6qsGIdvH4dFn+l2l
JxmdODmJJvNes1HALShY7CzbmFqpwfWwBUvCkwIDAQABAoIBMDTLRxiZrHUD07hG
p2hWqq+t8H8SQgjFB2nR5zD0u1VX1LWbs/vJCg29itWWAOVTkxK+tWx4cQg/f6aT
2Ac3JoXa5fJPK9JmpKKomZm1RP7RXd0oNNg0sdzrArBCry0nJeIBsARA0OQcj+7s
LS69oKJ+C2bDskHmuNEsPgbGv9A/5c7Bu7KK2zrpHVvXgBvWM44BOWmf4Q2mFkph
0nWqyRU1PtWe+pgTsXlpGPdPksjeew1lLeL8C2X4OBeo7DWLrNUGBQqpmbHVix2W
3tnqpmZ5iJTKXJtOlM3s1IwfjKNEJXDt4HpnObLTFGvRgvXQOzT/BAxxk7dtbTE6
qsCjr8oG4DdmnNwwTOwMjr6Og3fHHRCeXyxzGluEZ01mw7omiPJ6oVdT1l4+kfbW
jPgZFQECgZkAxbtgE+fsknD+IU1jq9275vD7GnuV08hkZBgo9NWxx9F9q/xkXs5c
s62z+/cNEa29YqOPiXO7jMivbS3XvyXxV9r3Shn/OtTD84gWagutbAf/YDlQn9E0
T1z2Qc8A1a3cVe329d4Uw/ukZQngBwVlq24L8P/quk+H5l+2GOpraGZMH9Z4XwSy
qhqkkzpoJ0t/3QCq3ELJrSECgZkA/GXL9ZLFrGzzJ9+islLtcFtdzh0RoB6reKwh
RilGQN4u5ECCfY993Y5pXV/UvdeMoP6fj4yVsU0SLGZ13J08ywxeebOaNknjVXKC
EujUOwMNA/KgSxmn62MypTEhwwemjegawT2cNOs6PpXoEcA5mPAqnEVZZaQix5gQ
9mp1czXCrNniUTG7t34uyaWxWfmVu+MnHaGIpTMCgZgF3LtJe8vIv67ZH+k/lDBY
9XYMX/OeNse7K/gy4g8GRJC8Q5xaLzYSYaj/ZGCv0H3X6c98nMDHuL9ytjQ6R46z
Mxu3x7OIc/xnQPahKD15AXexy6E3S8WIQNJQOynkK+ZnacmzmmT1NoW2NSe+LYvJ
HFcgSwYThf4ad2X3sSOEEdxZ6UriTkpZvrZ4YvfpilR9IeLu6s/94QKBmDDv/+re
iWtUOJU7nE0dHSKS5I5JPpigObkNDuqOqCt9qPPiuipkPxBNQ4qyQQqKF59Dn2Zy
6LdW7TYkq6eZ6SapgEvyke0CyIxRxnyqHjRO9CAW1BObpt5R/ojfDN/GxPlwznc3
Xek4zrNB15xRfBl2P5zLKXk2qPOwPWG55InxG4zuNh5uGSqL0cCRWuDKLskeUwBA
yMDXAoGZAKrGRyNKe29tEgDfKq8MCqHsVt9h52NDvun17cS4Jl/ePjm+4tlTSCR3
pc5ZcPJqJa31h5GzOemRT35i9J/OY37g0fOyGKmSj/pLtjpgiJuaxIkSFUxo2qzs
g5FEavfjlIeRQkWjXcMbNhCgyJOEwTtvDgPx5JG4fQnSytXQhCFnXVu9HFE/tRVG
Bx05RhDXJF0Yq6f7WFTT
-----END RSA PRIVATE KEY-----
libvirt_client_certificate: |
-----BEGIN CERTIFICATE-----
MIIDlDCCAkygAwIBAgIEWFKFHjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDEwht
aXJhbnRpczAeFw0xNjEyMTUxMTU3MThaFw0yNjEyMTMxMTU3MThaMC0xETAPBgNV
BAoTCG1pcmFudGlzMRgwFgYDVQQDEw8qLmNsdXN0ZXIubG9jYWwwggFSMA0GCSqG
SIb3DQEBAQUAA4IBPwAwggE6AoIBMQCevZl+2PJl8iOznj2hJHvRSerYqAadUXOK
gngGHZzLPY2YzJsE7Dcg793IrYKOxhoCGjrevygBec+W30vFqts3nfgtt7WSGjYJ
6mqK0fV33ZDvHoQGBaTzCnVA7tRXQdtJ4Q1pY2W+rhs7IlJspZYsrT2BivmmtV1m
aE2vTv3ZvKrvnfEOT10i9xIaY6x88Wur2vDshcDBsyeprUTFK+O8+ZpP9KAdQlWe
jnqeGwVCe8w4YJKrECzE0WaGtTOrpuU7lahQR/GkYBKKoGvawoQ9F4D4GvxdWo7X
QX2hz1/Gb5Qdzf/EtaU89BrTbKi1RKIuBIb6+J1fuLKrKb/zwA87sfdGzZQgMw79
IHY+UCpJlMwV9mvMR07eluYv4nIYCfrmXQteN+9tZi2bwJz+e5j5AgMBAAGjdjB0
MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUD
AwegADAdBgNVHQ4EFgQUuH0uU1N0cqng/uFO5fKFzeXDjiMwHwYDVR0jBBgwFoAU
mru+sS3iQ0hAArWfVBxBzCU+/v8wDQYJKoZIhvcNAQELBQADggExAHmeOLnUK91K
ftLHcEr+nYlYq1andsQZwR8C/iuakTQ2k+7GQQYkW1Rlavlw7lDm2X3kQyLXmj62
794j0BD9p9w0CDL6qgT6SPo/AwALXUAKxwetZisSrdYn0BpsU0mnIVQlAqDZ48GB
EtLYXboCzhbVnG4HpoRk/9myX35ynznVutsHZbWmPLzf3ZPuf843ILW3x2sQXhBC
908VmXVlRtArUZzYX6Xx5Aw8zdCB/J667gbbdEPZRlePXfnUDgR+B1ZVbU2+GZse
JpadIFW91/+2qt/Y2DOcmjbCMH7CsVHklENwBtSUfmw7DA8h1HGBHCGjzvTTxAoe
2MZqS4wZwOZ1g9FRe5ByPR0O4p+ofB92Ebu0Pbs9yyCx6tmK6rUt5Kgd6t0PGjf0
W2JSONXft/Q=
-----END CERTIFICATE-----
libvirt_client_key: |
-----BEGIN RSA PRIVATE KEY-----
MIIFfAIBAAKCATEAnr2ZftjyZfIjs549oSR70Unq2KgGnVFzioJ4Bh2cyz2NmMyb
BOw3IO/dyK2CjsYaAho63r8oAXnPlt9LxarbN534Lbe1kho2CepqitH1d92Q7x6E
BgWk8wp1QO7UV0HbSeENaWNlvq4bOyJSbKWWLK09gYr5prVdZmhNr0792byq753x
Dk9dIvcSGmOsfPFrq9rw7IXAwbMnqa1ExSvjvPmaT/SgHUJVno56nhsFQnvMOGCS
qxAsxNFmhrUzq6blO5WoUEfxpGASiqBr2sKEPReA+Br8XVqO10F9oc9fxm+UHc3/
xLWlPPQa02yotUSiLgSG+vidX7iyqym/88APO7H3Rs2UIDMO/SB2PlAqSZTMFfZr
zEdO3pbmL+JyGAn65l0LXjfvbWYtm8Cc/nuY+QIDAQABAoIBMAtAKxIs94nwx/jL
WD94C2VRd/LqfpGFPAtCMclV+ig2qoPJmJqx0G4MSIVLgUtz0FSu0QmH6QkPV5gW
jaAqx5Lt2Zc8t086fiYxj/yOL5FS/RpqTyqLTHeqf/xd3cngOCKvCZk0rmAXc4TU
6wLNStMx/uZ6cZt2eXJJ8s7Gg/WVl1RLtutWbHNcD7nnSTEPyuhPjuMzAm7kxaC2
BZjx3OwKOmJDbDjlrYh84HNseFliCTJLgPCRZ+IFu3z4LaW6geMf/AOz2IGLYJ3R
mBptZjBLjkx0yy6S5KQW1rvZ1lfrsv7P5D+c4bs4zCVZHF18TJ/IofJrmYNTHpKC
J3rAdGGVmb/TJRe6ASXZxK8CAWWY0zl5MvnzOKVeYlSceyD0ylnvGSl2bHOf6NxA
2yGckQsCgZkAwwkyQtUKHfs7AlTnpr0RSeb7oAnC5X2X9fbsWz9CjY83Pn686JlZ
uKQ89AkkWVOYq3slTVwoGCUrzkrdEch5rLyiFcgEuYiDTHMmehX0YXJX5IpjMOyH
HXFjJ1rjoSYKJ6/eKeN4Fqr0YKeHSM2wf7CValwgo1mmCMyBrISMMe4NDODc6V/t
/KTFe+n5dZmrL/XjZG+2MGMCgZkA0FwMRvLHkwvLDyeTvBOdqy+6Q4zK3MOKXwUX
xusD7FLZtqfUnINtBhj/rRHVs5vP8/RkR1EDOf60F/Q1FFUVysOcBqE9kX5jQQ1i
/s/54v/qQtURa49c5EilF5Dq4Ewv97973e07bNZzNbrgSEl+VBH6V5hiABx4INlR
wgh/nhKf/QA6ziT97vjBgKQ7l7Z9LPAc9LKGGfMCgZhYgVfZlCufJ17D1Bu7QpkR
3EvbeBKFadUHvSHM1owxCQicx46aTty0OXOfmnZwQstJJfzreiKHsnaKitZ/N2Zf
yMoU8EuUlipfCvIu/L+FaQoRn+sbTHqUFdxVA53Ahy6ci+ZZQ+w+/R0gr2Vo2E57
43oqZdw5xHjgDU3bJ9sm3Uv2yCP3k5y/xVYIwUh+4VkZzo9+CGO42QKBmQC7vsV9
RJQaZt0A+cuABDjlIKt45KuCw1uyhRdIsUmmr3znvlCw+yfI/8uaemCSZ8q46rVV
IaWDo4NJtk4B1S0+uIWl37JnoHf1DQfvzR1AsxK2R+FbhyHPvbmtA3LwyxXJ6qvF
bFdIme/UMWCZIkgHnu9x8KgVq5F/H/MwoJHFsMiio4tZZzG9HD7YGKRt7wzZ6j5d
K2P0iwKBmQCKxRKn0yrhSWrKKFuBOfoouYFrDa1oLVwbNs4zMJGjTYeDNfMikI0o
BDbMt61cEMcaMdD5piZBF0vKTbt42yxiEl5McAD6A5YyGI5SVmbSwkxcl+ka25NM
psqMehCVjWiMVn1BdSS+W93GFFb2NJ5xQQ2k7QgPtD8DBaEVd9arvimBV9j1C5qP
v4i7e8F1kKNh2/q1WBrY+g==
-----END RSA PRIVATE KEY-----
placement:
account:
username: placement
password: password
versions:
novnc_version: "0.6.1"
sources:
openstack/nova:
git_url: https://git.openstack.org/openstack/nova.git
git_ref: stable/newton

1
service/files/libvirt.cacert.j2
View File

@ -1 +0,0 @@
{{ nova.libvirt.libvirt_certificate_authority_certificate }}

1
service/files/libvirt.clientcert.j2
View File

@ -1 +0,0 @@
{{ nova.libvirt.libvirt_client_certificate }}

1
service/files/libvirt.clientkey.j2
View File

@ -1 +0,0 @@
{{ nova.libvirt.libvirt_client_key }}

1
service/files/libvirt.servercert.j2
View File

@ -1 +0,0 @@
{{ nova.libvirt.libvirt_server_certificate }}

1
service/files/libvirt.serverkey.j2
View File

@ -1 +0,0 @@
{{ nova.libvirt.libvirt_server_key }}

17
service/files/libvirtd.conf.j2
View File

@ -1,17 +0,0 @@
{% if nova.libvirt.tls.enabled %}
listen_tcp = 0
listen_tls = 1
{% else %}
listen_tcp = 1
auth_tcp = "none"
# Prevent libvirtd from complaining in case /etc/pki/ is empty:
ca_file = ""
{% endif %}
log_level = 2
log_outputs = "2:file:/var/log/mcp/libvirt/libvirtd.log"
listen_addr = "{{ network_topology["private"]["address"] }}"
unix_sock_group = "nova"
unix_sock_ro_perms = "0777"
unix_sock_rw_perms = "0770"
auth_unix_ro = "none"
auth_unix_rw = "none"

18
service/files/nginx-nova-api.conf.j2
View File

@ -1,18 +0,0 @@
server {
listen {{ network_topology["private"]["address"] }}:{{ nova.api_port.cont }} ssl;
include common/ssl.conf;
location / {
proxy_pass http://nova_api;
include common/proxy-headers.conf;
}
}
server {
listen {{ network_topology["private"]["address"] }}:{{ nova.metadata.port.cont }} ssl;
include common/ssl.conf;
location / {
proxy_pass http://nova_metadata;
include common/proxy-headers.conf;
}
}

23
service/files/nginx-novncproxy.conf.j2
View File

@ -1,23 +0,0 @@
server {
listen {{ network_topology["private"]["address"] }}:{{ nova.novncproxy_port.cont }} ssl;
include common/ssl.conf;
location /console {
rewrite ^/console/(.*) /$1 break;
include common/proxy-headers.conf;
proxy_http_version 1.1;
proxy_read_timeout 86400;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://novncproxy;
}
location / {
include common/proxy-headers.conf;
proxy_http_version 1.1;
proxy_read_timeout 86400;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://novncproxy;
}
}

9
service/files/nginx-placement-api.conf.j2
View File

@ -1,9 +0,0 @@
server {
listen {{ network_topology["private"]["address"] }}:{{ placement.port.cont }} ssl;
include common/ssl.conf;
location / {
proxy_pass http://nova_placement_api;
include common/proxy-headers.conf;
}
}

19
service/files/nova-ironic.conf.j2
View File

@ -1,19 +0,0 @@
# nova-ironic.conf
[DEFAULT]
host = {{ node_name }}
compute_driver = ironic.IronicDriver
ram_allocation_ratio=1.0
reserved_host_memory_mb=0
# ironic is not working with vfat
config_drive_format = iso9660
[ironic]
api_endpoint = {{ address('ironic-api', ironic.api_port, with_scheme=True) }}/v1
auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}
auth_strategy = keystone
auth_plugin = password
project_domain_name = {{ service_account.domain }}
user_domain_name = {{ service_account.domain }}
project_name = {{ service_account.project }}
username = {{ ironic.username }}
password = {{ ironic.password }}

21
service/files/nova-libvirt-bootstrap.sh
View File

@ -1,21 +0,0 @@
#!/bin/bash
if [[ -c /dev/kvm ]]; then
chmod 660 /dev/kvm
chown root:kvm /dev/kvm
fi
# Mount xenfs for libxl to work
if [[ $(lsmod | grep xenfs) ]]; then
mount -t xenfs xenfs /proc/xen
fi
if [[ ! -d "/var/log/mcp/libvirt" ]]; then
mkdir -p /var/log/mcp/libvirt
touch /var/log/mcp/libvirt/libvirtd.log
chmod 644 /var/log/mcp/libvirt/libvirtd.log
fi
if [[ $(stat -c %a /var/log/mcp/libvirt) != "755" ]]; then
chmod 755 /var/log/mcp/libvirt
chmod 644 /var/log/mcp/libvirt/libvirtd.log
fi

233
service/files/nova.conf.j2
View File

@ -1,233 +0,0 @@
# nova.conf
[DEFAULT]
debug = {{ nova.debug }}
state_path = /var/lib/nova
{% if nova.tls.enabled %}
osapi_compute_listen=127.0.0.1
metadata_listen = 127.0.0.1
{% else %}
osapi_compute_listen = {{ network_topology["private"]["address"] }}
metadata_listen = {{ network_topology["private"]["address"] }}
{% endif %}
osapi_compute_listen_port = {{ nova.api_port.cont }}
metadata_listen_port = {{ nova.metadata.port.cont }}
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
scheduler_max_attempts = 10
{% if neutron.plugin_agent == "openvswitch" %}
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
{% elif neutron.plugin_agent == "linuxbridge" %}
linuxnet_interface_driver = nova.network.linux_net.BridgeInterfaceDriver
{% endif %}
allow_resize_to_same_host = true
compute_driver = libvirt.LibvirtDriver
# ironic requires different host manager, this not affects regular instances
scheduler_host_manager = ironic_host_manager
force_config_drive = True
# vfat format doesn't require sending config drive over scp (like in case
# of default iso format)
config_drive_format = vfat
# allocation ratio params
cpu_allocation_ratio = {{ nova.allocation_ratio.cpu }}
disk_allocation_ratio = {{ nova.allocation_ratio.disk }}
ram_allocation_ratio = {{ nova.allocation_ratio.ram }}
# scheduler filter params
scheduler_default_filters = {{ nova.scheduler.enabled_filters | join(",") }}
# Though my_ip is not used directly, lots of other variables use $my_ip
my_ip = {{ network_topology["private"]["address"] }}
{% if ingress.enabled %}
secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
{% endif %}
{% if nova.sriov.enabled %}
{% if nova.sriov.pci_alias %}
pci_alias = [
{%- for alias in nova.sriov.pci_alias -%}
{%- if not loop.first %},{% endif -%}
{"name": "{{ alias.name }}", "product_id": "{{ alias.product_id }}", vendor_id": "{{ alias.vendor_id }}"}
{%- endfor %}]
{% endif %}
pci_passthrough_whitelist = [
{%- for pci_dev in nova.sriov.pci_passthrough_whitelist -%}
{%- if not loop.first %},{% endif -%}
{"devname": "{{ pci_dev.devname }}", "physical_network": "{{ pci_dev.physical_network }}"}
{%- endfor %}]
{% endif %}
{% if nova.console == 'novnc' %}
[vnc]
{% if nova.tls.enabled %}
novncproxy_host = 127.0.0.1
{% else %}
novncproxy_host = {{ network_topology["private"]["address"] }}
{% endif %}
novncproxy_port = {{ nova.novncproxy_port.cont }}
vncserver_listen = {{ network_topology["private"]["address"] }}
vncserver_proxyclient_address = {{ network_topology["private"]["address"] }}
novncproxy_base_url = {{ address('nova-novncproxy', nova.novncproxy_port, external=True, with_scheme=True) }}/vnc_auto.html
{% elif nova.console == 'spice' %}
[vnc]
# We have to turn off vnc to use spice
enabled = false
[spice]
server_listen = {{ network_topology["private"]["address"] }}
server_proxyclient_address = {{ nova.spicehtml5proxy.host }}
html5proxy_base_url = http://{{ address('nova-html5proxy') }}:{{ nova.spicehtml5proxy.port.cont }}/spice_auto.html
html5proxy_host = {{ nova.spicehtml5proxy.host }}
html5proxy_port = {{ nova.spicehtml5proxy.port.cont }}
{% endif %}
{% if role_name == "nova-compute-ironic" %}
[ironic]
auth_type = password
auth_url = {{ address("keystone", keystone.public_port, with_scheme=True) }}
project_name = {{ service_account.project }}
username = {{ ironic.username }}
password = {{ ironic.password }}
project_domain_name = {{ service_account.domain }}
user_domain_name = {{ service_account.domain }}
cafile = /opt/ccp/etc/tls/ca.pem
#(TODO) remove these parameters when mitaka support will be dropped
#(TODO) remember to update this once discoverd is replaced by inspector
admin_username = {{ ironic.username }}
admin_password = {{ ironic.password }}
admin_url = {{ address("keystone", keystone.public_port, with_scheme=True) }}
admin_tenant_name = {{ service_account.project }}
api_endpoint = {{ address('ironic-api', ironic.api_port, with_scheme=True) }}/v1
{% endif %}
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
{% if glance.tls.enabled %}
[ssl]
ca_file = /opt/ccp/etc/tls/ca.pem
{% endif %}
[glance]
{% if glance.tls.enabled %}
protocol = https
{% endif %}
api_servers = {{ address('glance-api', glance.api_port, with_scheme=True) }}
# We need to do N number of retries here, N = number of glance-api daemons running
# FIXME
num_retries = 1
[cinder]
catalog_info = volumev2:cinder:internalURL
[neutron]
{% if neutron.tls.enabled %}
protocol = https
cafile = /opt/ccp/etc/tls/ca.pem
{% endif %}
url = {{ address('neutron-server', neutron.server_port, with_scheme=True) }}
auth_strategy = keystone
metadata_proxy_shared_secret = {{ nova.metadata.secret }}
service_metadata_proxy = true
auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}
auth_type = password
project_domain_name = {{ service_account.domain }}
user_domain_name = {{ service_account.domain }}
project_name = {{ service_account.project }}
username = {{ neutron.username }}
password = {{ neutron.password }}
[database]
connection = mysql+pymysql://{{ nova.db.username }}:{{ nova.db.password }}@{{ address("database") }}/{{ nova.db.name }}{% if db.tls.enabled %}?ssl_ca=/opt/ccp/etc/tls/ca.pem{% endif %}
max_pool_size = 50
max_overflow = 1000
max_retries = -1
[api_database]
connection = mysql+pymysql://{{ nova.db.username }}:{{ nova.db.password }}@{{ address("database") }}/{{ nova.db.api_name }}{% if db.tls.enabled %}?ssl_ca=/opt/ccp/etc/tls/ca.pem{% endif %}
max_retries = -1
[cache]
backend = oslo_cache.memcache_pool
enabled = true
# Here we need to pass an array of memcached daemons, for now we just use DNS
# FIXME
memcache_servers = {{ address('memcached', memcached.port) }}
{{ keystone_authtoken.keystone_authtoken(nova.username, nova.password) }}
[libvirt]
virt_type = {{ nova.virt_type }}
{% if nova.libvirt.tls.enabled %}
# TLS config:
# 1. NOTE: nova will use default connection_uri to connect to libvirt,
# e.g. qemu:/// which assumes nova-compute and libvirtd are on the same host.
#
# 2. We are using %s in live_migration_uri as workaround for TLS config with
# wildcard PKI certificates because they are issued for hostnames not IPs.
# We also need to pass domainname so FQDN (not just hostname) is used when
# initiating TLS connection and TLS can match server certificate to FQDN.
# FIXME
live_migration_uri = "qemu+tls://%s.{{ cluster_domain }}/system"
{% else %}
# non-TLS config:
connection_uri = "qemu+tcp://{{ network_topology["private"]["address"] }}/system"
live_migration_inbound_addr = "{{ network_topology["private"]["address"] }}"
{% endif %}
{% if nova.ceph.enable %}
images_type = rbd
images_rbd_pool = {{ nova.ceph.pool_name }}
images_rbd_ceph_conf = /etc/ceph/ceph.conf
rbd_user = {{ cinder.ceph.username }}
rbd_secret_uuid = {{ cinder.ceph.rbd_secret_uuid }}
disk_cachemodes="network=writeback"
hw_disk_discard = unmap
{% endif %}
[upgrade_levels]
compute = auto
[wsgi]
api_paste_config = /etc/nova/api-paste.ini
{% if nova.tls.enabled %}
[oslo_middleware]
enable_proxy_headers_parsing = true
{% endif %}
[oslo_messaging_notifications]
{% if searchlight is defined and searchlight.services.nova %}
driver = {{ searchlight.notification_driver }}
notify_on_state_change = vm_and_task_state
{% endif %}
{% if placement.enabled %}
[placement]
auth_url = {{ address("keystone", keystone.admin_port, with_scheme=True) }}/v3
auth_type = password
project_domain_name = {{ service_account.domain }}
user_domain_name = {{ service_account.domain }}
project_name = {{ service_account.project }}
username = {{ placement.account.username }}
password = {{ placement.account.password }}
memcached_servers = {{ address("memcached", memcached.port) }}
os_region_name = RegionOne
{% if keystone.tls.enabled %}
cafile = /opt/ccp/etc/tls/ca.pem
{% endif %}
{% endif %}
{# messaging macros templates #}
{{ oslo_messaging[messaging.backend.notifications]('notifications_config') }}
{{ oslo_messaging[messaging.backend.rpc]('rpc_config') }}

9
service/files/qemu.conf.j2
View File

@ -1,9 +0,0 @@
{% if neutron.plugin_agent == "calico" %}
clear_emulator_capabilities = 0
cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc", "/dev/hpet", "/dev/net/tun",
]
{% endif %}

6
service/files/rbd_secret.xml.j2
View File

@ -1,6 +0,0 @@
<secret ephemeral='no' private='no'>
<uuid>{{ cinder.ceph.rbd_secret_uuid }}</uuid>
<usage type='ceph'>
<name>client.cinder secret</name>
</usage>
</secret>

1
service/files/server-cert.pem.j2
View File

@ -1 +0,0 @@
{{ security.tls.server_cert }}

1
service/files/server-key.pem.j2
View File

@ -1 +0,0 @@
{{ security.tls.server_key }}

15
service/files/upstreams.conf.j2
View File

@ -1,15 +0,0 @@
upstream novncproxy {
server 127.0.0.1:{{ nova.novncproxy_port.cont }};
}
upstream nova_api {
server 127.0.0.1:{{ nova.api_port.cont }};
}
upstream nova_metadata {
server 127.0.0.1:{{ nova.metadata.port.cont }};
}
upstream nova_placement_api {
server 127.0.0.1:{{ placement.port.cont }};
}

9
service/nginx-placement-api.conf.j2
View File

@ -1,9 +0,0 @@
server {
listen {{ network_topology["private"]["address"] }}:{{ placement.port.cont }} ssl;
include common/ssl.conf;
location / {
proxy_pass http://nova_placement_api;
include common/proxy-headers.conf;
}
}

178
service/nova-api.yaml
View File

@ -1,178 +0,0 @@
dsl_version: 0.4.0
service:
name: nova-api
ports:
- {{ nova.api_port }}
- {{ nova.metadata.port }}
annotations:
service:
prometheus.io/probe: "true"
containers:
- name: nova-api
image: nova-api
privileged: true
pre:
- name: nova-db-create
type: single
command: mysql -v -u root -p{{ db.root_password }} -h {{ address("database") }} -e 'create database `{{ nova.db.name }}`;
create database `{{ nova.db.api_name }}`;
{% if nova.cells_v2.enabled %} create database `nova_{{ nova.cells_v2.cell_name }}`; {% endif -%}
create user "{{ nova.db.username }}"@"%" identified by "{{ nova.db.password }}"
{% if db.tls.enabled %} require ssl {% endif %};
grant all privileges on `{{ nova.db.name }}`.* to "{{ nova.db.username }}"@"%" identified by "{{ nova.db.password }}"
{% if db.tls.enabled %} require ssl {% endif %};
grant all privileges on `{{ nova.db.api_name }}`.* to "{{ nova.db.username }}"@"%" identified by "{{ nova.db.password }}"
{% if db.tls.enabled %} require ssl {% endif %};
{% if nova.cells_v2.enabled %} grant all privileges on `nova_{{ nova.cells_v2.cell_name }}`.* to "{{ nova.db.username }}"@"%" identified by "{{ nova.db.password }}"
{% if db.tls.enabled %} require ssl {% endif %}; {% endif %}'
dependencies:
- database
files:
- nova.conf
- name: nova-db-sync
type: single
command: nova-manage db sync
dependencies:
- nova-db-create
files:
- nova.conf
- name: nova-api-db-sync
type: single
command: nova-manage api_db sync
dependencies:
- nova-db-create
files:
- nova.conf
- name: nova-db-migrations
type: single
command: nova-manage db online_data_migrations
dependencies:
- nova-api-db-sync
files:
- nova.conf
# {% if nova.cells_v2.enabled %}
- name: nova-cell-create
type: single
dependencies:
- nova-api-db-sync
- nova-db-sync
command: nova-manage cell_v2 create_cell --name {{ nova.cells_v2.cell_name }}
files:
- nova.conf
# {% endif %}
- name: nova-user-create
type: single
command: openstack user create --domain {{ service_account.domain }} --password {{ nova.password }} {{ nova.username }}
dependencies:
- keystone-create-domain
- name: nova-role-add
dependencies:
- nova-user-create
type: single
command: openstack role add --project {{ service_account.project }} --user {{ nova.username }} admin
- name: nova-service-legacy-create
dependencies:
- keystone
type: single
command: openstack service create --name nova_legacy --description "Nova Compute Service (Legacy 2.0)" compute_legacy
- name: nova-public-legacy-endpoint-create
dependencies:
- nova-service-legacy-create
type: single
command: openstack endpoint create --region RegionOne compute_legacy public {{ address('nova-api', nova.api_port, external=True, with_scheme=True) }}/v2/$\(project_id\)s
- name: nova-internal-legacy-endpoint-create
dependencies:
- nova-service-legacy-create
type: single
command: openstack endpoint create --region RegionOne compute_legacy internal {{ address('nova-api', nova.api_port, with_scheme=True) }}/v2/$\(project_id\)s
- name: nova-admin-legacy-endpoint-create
dependencies:
- nova-service-legacy-create
type: single
command: openstack endpoint create --region RegionOne compute_legacy admin {{ address('nova-api', nova.api_port, with_scheme=True) }}/v2/$\(project_id\)s
- name: nova-service-create
dependencies:
- keystone
type: single
command: openstack service create --name nova --description "Nova Compute Service" compute
- name: nova-public-endpoint-create
dependencies:
- nova-service-create
type: single
command: openstack endpoint create --region RegionOne compute public {{ address('nova-api', nova.api_port, external=True, with_scheme=True) }}/v2.1
- name: nova-internal-endpoint-create
dependencies:
- nova-service-create
type: single
command: openstack endpoint create --region RegionOne compute internal {{ address('nova-api', nova.api_port, with_scheme=True) }}/v2.1
- name: nova-admin-endpoint-create
dependencies:
- nova-service-create
type: single
command: openstack endpoint create --region RegionOne compute admin {{ address('nova-api', nova.api_port, with_scheme=True) }}/v2.1
daemon:
command: nova-api --config-file /etc/nova/nova.conf
files:
- nova.conf
# {% if nova.tls.enabled %}
- ca-cert
# {% endif %}
# {% if nova.bootstrap.enable %}
post:
# {% for flavor in nova.bootstrap.flavors %}
- name: nova-bootstrap-flavor-{{ flavor.id }}
type: single
command: /opt/ccp/bin/create-flavor.sh {{ flavor.name }} {{ flavor.id }} {{ flavor.ram }} {{ flavor.disk }} {{ flavor.vcpus }}
files:
- create-flavor.sh
# {% if nova.tls.enabled %}
- ca-cert
# {% endif %}
# {% endfor %}
# {% endif %}
# {% if nova.tls.enabled %}
- name: nginx-nova-api
image: nginx
daemon:
files:
- upstreams
- servers
- server-cert
- server-key
command: nginx
# {% endif %}
files:
nova.conf:
path: /etc/nova/nova.conf
content: nova.conf.j2
perm: "0600"
create-flavor.sh:
path: /opt/ccp/bin/create-flavor.sh
content: create-flavor.sh.j2
perm: "0700"
# {% if nova.tls.enabled %}
servers:
path: /etc/nginx/conf.d/servers.conf
content: nginx-nova-api.conf.j2
perm: "0400"
upstreams:
path: /etc/nginx/conf.d/upstreams.conf
content: upstreams.conf.j2
perm: "0400"
server-cert:
path: /opt/ccp/etc/tls/server-cert.pem
content: server-cert.pem.j2
perm: "0400"
server-key:
path: /opt/ccp/etc/tls/server-key.pem
content: server-key.pem.j2
perm: "0400"
ca-cert:
path: /opt/ccp/etc/tls/ca.pem
content: ca-cert.pem.j2
perm: "0400"
# {% endif %}

38
service/nova-compute-ironic.yaml
View File

@ -1,38 +0,0 @@
dsl_version: 0.1.0
service:
name: nova-compute-ironic
kind: DaemonSet
containers:
- name: nova-compute-ironic
image: nova-compute-ironic
probes:
readiness: "true"
liveness:
command: "true"
type: "exec"
daemon:
command: nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/nova-ironic.conf
files:
- nova.conf
- nova-ironic.conf
# {% if keystone.tls.enabled %}
- ca-cert
# {% endif %}
dependencies:
- nova-db-migrations
- ironic-user-create
files:
nova.conf:
path: /etc/nova/nova.conf
content: nova.conf.j2
perm: "0600"
nova-ironic.conf:
path: /etc/nova/nova-ironic.conf
content: nova-ironic.conf.j2
perm: "0600"
# {% if keystone.tls.enabled %}
ca-cert:
path: /opt/ccp/etc/tls/ca.pem
content: ca-cert.pem.j2
perm: "0644"
# {% endif %}

80
service/nova-compute.yaml
View File

@ -1,80 +0,0 @@
dsl_version: 0.1.0
service:
name: nova-compute
kind: DaemonSet
hostNetwork: true
containers:
- name: nova-compute
image: nova-compute
privileged: true
volumes:
- name: run
type: host
path: /run
- name: modules
type: host
path: /lib/modules
- name: nova
type: host
path: /var/lib/nova
- name: libvirt
type: host
path: /var/lib/libvirt
pre:
- name: disable-netfilter-4
command: "echo sudo sysctl net.bridge.bridge-nf-call-iptables=1"
- name: disable-netfilter-6
command: "echo sudo sysctl net.bridge.bridge-nf-call-ip6tables=1"
- name: create-dir
command: "sudo /bin/chown -R nova: /var/lib/nova ; mkdir -p /var/lib/nova/instances"
daemon:
command: nova-compute --config-file /etc/nova/nova.conf
dependencies:
- nova-db-migrations
- nova-libvirt:local
- nova-conductor
- rpc
- notifications
files:
- nova.conf
# {% if nova.libvirt.tls.enabled %}
- libvirt-cacert
# {% endif %}
# {% if nova.ceph.enable %}
- ceph-conf
- nova-ceph-key
# {% endif %}
# {% if keystone.tls.enabled %}
- ca-cert
# {% endif %}
# {% if nova.cells_v2.enabled %}
post:
- name: add-host-to-cell
command: nova-manage cell_v2 map_cell_and_hosts
# {% endif %}
files:
nova.conf:
path: /etc/nova/nova.conf
content: nova.conf.j2
perm: "0600"
# {% if nova.libvirt.tls.enabled %}
libvirt-cacert:
path: /etc/pki/CA/cacert.pem
content: libvirt.cacert.j2
perm: "0444"
# {% endif %}
# {% if nova.ceph.enable %}
ceph-conf:
path: /etc/ceph/ceph.conf
content: ceph.conf.j2
nova-ceph-key:
path: /etc/ceph/ceph.client.{{ cinder.ceph.username }}.keyring
content: ceph.client.cinder.keyring.j2
# {% endif %}
# {% if keystone.tls.enabled %}
ca-cert:
path: /opt/ccp/etc/tls/ca.pem
content: ca-cert.pem.j2
perm: "0644"
# {% endif %}

19
service/nova-conductor.yaml
View File

@ -1,19 +0,0 @@
dsl_version: 0.1.0
service:
name: nova-conductor
containers:
- name: nova-conductor
image: nova-conductor
daemon:
command: nova-conductor --config-file /etc/nova/nova.conf
files:
- nova.conf
dependencies:
- nova-db-migrations
- rpc
- notifications
files:
nova.conf:
path: /etc/nova/nova.conf
content: nova.conf.j2
perm: "0600"

17
service/nova-consoleauth.yaml
View File

@ -1,17 +0,0 @@
dsl_version: 0.1.0
service:
name: nova-consoleauth
containers:
- name: nova-consoleauth
image: nova-consoleauth
daemon:
command: nova-consoleauth --config-file /etc/nova/nova.conf
files:
- nova.conf
dependencies:
- nova-db-migrations
files:
nova.conf:
path: /etc/nova/nova.conf
content: nova.conf.j2
perm: "0600"

140
service/nova-libvirt.yaml
View File

@ -1,140 +0,0 @@
dsl_version: 0.1.0
service:
name: nova-libvirt
kind: DaemonSet
hostNetwork: true
hostPID: true
containers:
- name: nova-libvirt
image: nova-libvirt
privileged: true
volumes:
- name: run
type: host
path: /run
- name: modules
type: host
path: /lib/modules
- name: nova
type: host
path: /var/lib/nova
- name: libvirt-lib
type: host
path: /var/lib/libvirt
- name: libvirt-conf
type: host
path: /etc/libvirt/qemu
- name: cgroup
type: host
path: /sys/fs/cgroup
# {% if nova.sriov.enabled %}
- name: dev
type: host
path: /dev
# {% endif %}
# {% if nova.libvirt.hugepages %}
- name: hugepages
type: host
path: /dev/hugepages
# {% endif %}
pre:
- name: nova-libvirt-bootstrap
command: /tmp/nova-libvirt-bootstrap.sh
daemon:
command: libvirtd --listen
dependencies:
- nova-db-migrations
files:
- libvirtd.conf
- nova-libvirt-bootstrap.sh
# {% if nova.libvirt.tls.enabled %}
- libvirt-cacert
- libvirt-servercert
- libvirt-serverkey
- libvirt-clientcert
- libvirt-clientkey
# {% endif %}
- qemu.conf
# {% if nova.ceph.enable %}
- rbd-secret
- ceph-conf
- nova-ceph-key
- ceph-libvirt-secret-config.sh
post:
- name: nova-libvirt-secret-set
command: /opt/ccp/bin/ceph-libvirt-secret-config.sh
# {% endif %}
- name: nova-virtlogd
image: nova-libvirt
privileged: true
volumes:
- name: run
type: host
path: /run
- name: modules
type: host
path: /lib/modules
- name: nova
type: host
path: /var/lib/nova
- name: libvirt-lib
type: host
path: /var/lib/libvirt
- name: libvirt-conf
type: host
path: /etc/libvirt/qemu
- name: cgroup
type: host
path: /sys/fs/cgroup
daemon:
command: virtlogd -f /etc/libvirt/virtlogd.conf
files:
libvirtd.conf:
path: /etc/libvirt/libvirtd.conf
content: libvirtd.conf.j2
perm: "0600"
nova-libvirt-bootstrap.sh:
path: /tmp/nova-libvirt-bootstrap.sh
content: nova-libvirt-bootstrap.sh
perm: "0755"
# {% if nova.libvirt.tls.enabled %}
libvirt-cacert:
path: /etc/pki/CA/cacert.pem
content: libvirt.cacert.j2
perm: "0444"
libvirt-servercert:
path: /etc/pki/libvirt/servercert.pem
content: libvirt.servercert.j2
perm: "0440"
libvirt-serverkey:
path: /etc/pki/libvirt/private/serverkey.pem
content: libvirt.serverkey.j2
perm: "0440"
libvirt-clientcert:
path: /etc/pki/libvirt/clientcert.pem
content: libvirt.clientcert.j2
perm: "0400"
libvirt-clientkey:
path: /etc/pki/libvirt/private/clientkey.pem
content: libvirt.clientkey.j2
perm: "0400"
# {% endif %}
qemu.conf:
path: /etc/libvirt/qemu.conf
content: qemu.conf.j2
perm: "0600"
rbd-secret:
path: /etc/libvirt/secrets/secret.xml
content: rbd_secret.xml.j2
perm: "0600"
ceph-conf:
path: /etc/ceph/ceph.conf
content: ceph.conf.j2
nova-ceph-key:
path: /etc/ceph/ceph.client.cinder.keyring
content: ceph.client.cinder.keyring.j2
ceph-libvirt-secret-config.sh:
path: /opt/ccp/bin/ceph-libvirt-secret-config.sh
content: ceph-libvirt-secret-config.sh.j2
perm: "0755"

55
service/nova-novncproxy.yaml
View File

@ -1,55 +0,0 @@
dsl_version: 0.1.0
service:
name: nova-novncproxy
ports:
- {{ nova.novncproxy_port }}
containers:
- name: nova-novncproxy
image: nova-novncproxy
daemon:
command: nova-novncproxy --config-file /etc/nova/nova.conf
files:
- nova.conf
# {% if nova.tls.enabled %}
- ca-cert
# {% endif %}
dependencies:
- nova-db-migrations
# {% if nova.tls.enabled %}
- name: nginx-nova-novncproxy
image: nginx
daemon:
files:
- upstreams
- servers
- server-cert
- server-key
command: nginx
# {% endif %}
files:
nova.conf:
path: /etc/nova/nova.conf
content: nova.conf.j2
perm: "0600"
# {% if nova.tls.enabled %}
servers:
path: /etc/nginx/conf.d/servers.conf
content: nginx-novncproxy.conf.j2
perm: "0400"
upstreams:
path: /etc/nginx/conf.d/upstreams.conf
content: upstreams.conf.j2
perm: "0400"
server-cert:
path: /opt/ccp/etc/tls/server-cert.pem
content: server-cert.pem.j2
perm: "0400"
server-key:
path: /opt/ccp/etc/tls/server-key.pem
content: server-key.pem.j2
perm: "0400"
ca-cert:
path: /opt/ccp/etc/tls/ca.pem
content: ca-cert.pem.j2
perm: "0400"
# {% endif %}

19
service/nova-scheduler.yaml
View File

@ -1,19 +0,0 @@
dsl_version: 0.1.0
service:
name: nova-scheduler
containers:
- name: nova-scheduler
image: nova-scheduler
daemon:
command: nova-scheduler --config-file /etc/nova/nova.conf
files:
- nova.conf
dependencies:
- nova-db-migrations
- rpc
- notifications
files:
nova.conf:
path: /etc/nova/nova.conf
content: nova.conf.j2
perm: "0600"

98
service/placement-api.yaml
View File

@ -1,98 +0,0 @@
dsl_version: 0.4.0
service:
name: placement-api
ports:
- {{ placement.port }}
annotations:
service:
prometheus.io/probe: "true"
containers:
- name: placement-api
image: placement-api
pre:
- name: placement-user-create
type: single
command: openstack user create --domain {{ service_account.domain }} --password {{ placement.account.password }} {{ placement.account.username }}
dependencies:
- keystone-create-domain
- name: placement-role-add
dependencies:
- keystone-create-project
- placement-user-create
type: single
command: openstack role add --project {{ service_account.project }} --user {{ placement.account.username }} admin
- name: placement-service-create
dependencies:
- keystone
type: single
command: openstack service create --name nova --description "Placement Service" placement
- name: placement-public-endpoint-create
dependencies:
- placement-service-create
type: single
command: openstack endpoint create --region RegionOne placement public {{ address('placement-api', placement.port, external=True, with_scheme=True) }}/placement
- name: placement-internal-endpoint-create
dependencies:
- placement-service-create
type: single
command: openstack endpoint create --region RegionOne placement internal {{ address('placement-api', placement.port, with_scheme=True) }}/placement
- name: placement-admin-endpoint-create
dependencies:
- placement-service-create
type: single
command: openstack endpoint create --region RegionOne placement admin {{ address('placement-api', placement.port, with_scheme=True) }}/placement
daemon:
command: daemon.sh
files:
- nova.conf
- apache-placement-api.conf
# {% if keystone.tls.enabled %}
- ca-cert
# {% endif %}
# {% if placement.tls.enabled %}
- name: nginx-placement-api
image: nginx
daemon:
files:
- upstreams
- servers
- server-cert
- server-key
command: nginx
# {% endif %}
files:
nova.conf:
path: /etc/nova/nova.conf
content: nova.conf.j2
perm: "0644"
apache-placement-api.conf:
path: /etc/apache2/conf-enabled/nova-placement-api.conf
content: apache-placement-api.conf.j2
perm: "0600"
# {% if placement.tls.enabled %}
servers:
path: /etc/nginx/conf.d/servers.conf
content: nginx-placement-api.conf.j2
perm: "0400"
upstreams:
path: /etc/nginx/conf.d/upstreams.conf
content: upstreams.conf.j2
perm: "0400"
server-cert:
path: /opt/ccp/etc/tls/server-cert.pem
content: server-cert.pem.j2
perm: "0400"
server-key:
path: /opt/ccp/etc/tls/server-key.pem
content: server-key.pem.j2
perm: "0400"
# {% endif %}
# {% if keystone.tls.enabled %}
ca-cert:
path: /opt/ccp/etc/tls/ca.pem
content: ca-cert.pem.j2
perm: "0644"
# {% endif %}

61
service/upgrade/default.yaml
View File

@ -1,61 +0,0 @@
upgrade:
name: upgrade-nova
image: nova-upgrade
steps:
- name: backup
command: /opt/ccp/bin/backup.sh
files:
- backup-sh
volumes:
- name: backup-dir
path: /var/ccp/backup/nova
type: host
readOnly: false
topology_key: backup
- name: db-sync
command: nova-manage db sync
files:
- nova.conf
- name: api-db-sync
command: nova-manage api_db sync
files:
- nova.conf
- name: kill-control-plane
type: kill-services
services:
- nova-api
- nova-conductor
- nova-consoleauth
- nova-novncproxy
- nova-scheduler
- name: roll-conductor
type: rolling-upgrade
services: [nova-conductor]
- name: roll-other
type: rolling-upgrade
services:
- nova-consoleauth
- nova-novncproxy
- nova-scheduler
- name: roll-api
type: rolling-upgrade
services: [nova-api]
- name: roll-compute
type: rolling-upgrade
services: [nova-compute]
- name: roll-libvirt
type: rolling-upgrade
services: [nova-libvirt]
- name: nova-db-migrations
command: nova-manage db online_data_migrations
files:
- nova.conf
files:
nova.conf:
path: /etc/nova/nova.conf
content: nova.conf.j2
perm: "0600"
backup-sh:
path: /opt/ccp/bin/backup.sh
content: backup.sh.j2
perm: "500"

129
tools/libvirt_create_certs.sh
View File

@ -1,129 +0,0 @@
#!/bin/bash -ex
# Create all necessary certifiactes for libvirt TLS config.
# based on: https://wiki.libvirt.org/page/TLSDaemonConfiguration
# (c) mzawadzki@mirantis.com
# CONFIG:
PKI_ORGANIZATION="mirantis"
DOMAIN_NAME="cluster.local"
PKI_EXPIRATION_DAYS="3650"
TEMP_DIR="/tmp"
echo "* cleaning up old files:"
pushd "${TEMP_DIR}"
rm -rf \
certificate_authority_template.info \
certificate_authority_key.pem \
certificate_authority_certificate.pem \
server_template.info \
server_key.pem \
server_certificate.pem \
client_template.info \
client_key.pem \
client_certificate.pem \
fuel-ccp-nova_service_files_defaults.yaml
echo "* checking if necessary tools are installed:"
which certtool || sudo apt-get install -y gnutls-bin
echo "* creating Certificate Authority Template:"
cat >certificate_authority_template.info << EOF
cn = ${PKI_ORGANIZATION}
ca
cert_signing_key
expiration_days = ${PKI_EXPIRATION_DAYS}
EOF
echo "* creating Certificate Authority Private Key:"
umask 277 && certtool --generate-privkey > certificate_authority_key.pem
ls -la certificate_authority_key.pem
echo "* creating Certificate Authority Certificate file:"
certtool --generate-self-signed \
--template certificate_authority_template.info \
--load-privkey certificate_authority_key.pem \
--outfile certificate_authority_certificate.pem
ls -la certificate_authority_certificate.pem
echo "* creating Server Certificate Template file:"
cat >server_template.info <<EOF
organization = ${PKI_ORGANIZATION}
cn = *.${DOMAIN_NAME}
tls_www_server
encryption_key
signing_key
expiration_days = ${PKI_EXPIRATION_DAYS}
EOF
echo "* creating Server Certificate Private Key:"
umask 277 && certtool --generate-privkey > server_key.pem
ls -al server_key.pem
echo "* creating Server Certificate:"
certtool --generate-certificate \
--template server_template.info \
--load-privkey server_key.pem \
--load-ca-certificate certificate_authority_certificate.pem \
--load-ca-privkey certificate_authority_key.pem \
--outfile server_certificate.pem
ls -la server_certificate.pem
echo "* creating Client Certificate Template file:"
cat >client_template.info <<EOF
organization = ${PKI_ORGANIZATION}
cn = *.${DOMAIN_NAME}
tls_www_client
encryption_key
signing_key
expiration_days = ${PKI_EXPIRATION_DAYS}
EOF
echo "* creating Client Certificate Private Key:"
umask 277 && certtool --generate-privkey > client_key.pem
ls -al client_key.pem
echo "* creating Client Certificate:"
certtool --generate-certificate \
--template client_template.info \
--load-privkey client_key.pem \
--load-ca-certificate certificate_authority_certificate.pem \
--load-ca-privkey certificate_authority_key.pem \
--outfile client_certificate.pem
ls -la client_certificate.pem
echo "* creating related fragment of fuel-ccp-nova/service/files/defaults.yaml:"
YAML_FILE="fuel-ccp-nova_service_files_defaults.yaml"
umask 000
echo -e " libvirt_certificate_authority_certificate: |\n$(cat certificate_authority_certificate.pem | sed 's/^/ /')" >> ${YAML_FILE}
echo -e " libvirt_server_certificate: |\n$(cat server_certificate.pem | sed 's/^/ /')" >> ${YAML_FILE}
echo -e " libvirt_server_key: |\n$(grep -A 100 "BEGIN RSA PRIVATE KEY" server_key.pem | grep -B 100 "END RSA PRIVATE KEY" | sed 's/^/ /')" >> ${YAML_FILE}
echo -e " libvirt_client_certificate: |\n$(cat client_certificate.pem | sed 's/^/ /')" >> ${YAML_FILE}
echo -e " libvirt_client_key: |\n$(grep -A 100 "BEGIN RSA PRIVATE KEY" client_key.pem | grep -B 100 "END RSA PRIVATE KEY" | sed 's/^/ /')" >> ${YAML_FILE}
set +x
echo -e "\n* Generating certificates for libvirtd in ${TEMP_DIR} complete."
ls -al *pem
md5sum *pem
cat << EOF
Here is summary where they should be copied (on each host or container
running libvirtd):
file destination permissions
-----------------------------------------------------------------------------
certificate_authority_certificate.pem /etc/pki/CA/cacert.pem 444
server_certificate.pem /etc/pki/libvirt/servercert.pem 440
server_key.pem /etc/pki/libvirt/private/serverkey.pem
440
client_certificate.pem /etc/pki/libvirt/clientcert.pem 400
client_key.pem /etc/pki/libvirt/private/clientkey.pem
400
-----------------------------------------------------------------------------
Please check ${TEMP_DIR}/fuel-ccp-nova_service_files_defaults.yaml
for copy&paste content for fuel-ccp-nova/service/files/default.yaml
EOF

5
tools/yamllint.sh
View File

@ -1,5 +0,0 @@
#!/bin/bash
set -ex
workdir=$(dirname $0)
yamllint -c $workdir/yamllint.yaml $(find . -not -path '*/\.*' -type f -name '*.yaml')

21
tools/yamllint.yaml
View File

@ -1,21 +0,0 @@
extends: default
rules:
braces:
max-spaces-inside: 1
comments:
level: error
comments-indentation:
level: warning
document-end:
present: no
document-start:
level: error
present: no
empty-lines:
max: 1
max-start: 0
max-end: 0
line-length:
level: warning
max: 120

17
tox.ini
View File

@ -1,17 +0,0 @@
[tox]
minversion = 1.6
envlist = linters,bashate
skipsdist = True
[testenv:linters]
deps = yamllint
commands =
{toxinidir}/tools/yamllint.sh
[testenv:bashate]
deps = bashate>=0.2
whitelist_externals = bash
commands = bash -c "find {toxinidir} -type f -name '*.sh' -not -path '*/.tox/*' -print0 | xargs -0 bashate -v"
[testenv:venv]
commands = {posargs}