--- project_name: "nova-cell" nova_cell_services: nova-libvirt: container_name: nova_libvirt group: "{{ nova_cell_compute_group }}" enabled: "{{ nova_compute_virt_type in ['kvm', 'qemu'] }}" image: "{{ nova_libvirt_image_full }}" pid_mode: "host" privileged: True volumes: "{{ nova_libvirt_default_volumes + nova_libvirt_extra_volumes }}" dimensions: "{{ nova_libvirt_dimensions }}" nova-ssh: container_name: "nova_ssh" group: "{{ nova_cell_compute_group }}" image: "{{ nova_ssh_image_full }}" enabled: "{{ enable_nova_ssh | bool }}" volumes: "{{ nova_ssh_default_volumes + nova_ssh_extra_volumes }}" dimensions: "{{ nova_ssh_dimensions }}" nova-novncproxy: container_name: "nova_novncproxy" group: "{{ nova_cell_novncproxy_group }}" image: "{{ nova_novncproxy_image_full }}" enabled: "{{ nova_console == 'novnc' }}" volumes: "{{ nova_novncproxy_default_volumes + nova_novncproxy_extra_volumes }}" dimensions: "{{ nova_novncproxy_dimensions }}" nova-spicehtml5proxy: container_name: "nova_spicehtml5proxy" group: "{{ nova_cell_spicehtml5proxy_group }}" image: "{{ nova_spicehtml5proxy_image_full }}" enabled: "{{ nova_console == 'spice' }}" volumes: "{{ nova_spicehtml5proxy_default_volumes + nova_spicehtml5proxy_extra_volumes }}" dimensions: "{{ nova_spicehtml5proxy_dimensions }}" nova-serialproxy: container_name: "nova_serialproxy" group: "{{ nova_cell_serialproxy_group }}" image: "{{ nova_serialproxy_image_full }}" enabled: "{{ enable_nova_serialconsole_proxy | bool }}" volumes: "{{ nova_serialproxy_default_volumes + nova_serialproxy_extra_volumes }}" dimensions: "{{ nova_serialproxy_dimensions }}" nova-conductor: container_name: "nova_conductor" group: "{{ nova_cell_conductor_group }}" enabled: True image: "{{ nova_conductor_image_full }}" volumes: "{{ nova_conductor_default_volumes + nova_conductor_extra_volumes }}" dimensions: "{{ nova_conductor_dimensions }}" nova-compute: container_name: "nova_compute" group: "{{ nova_cell_compute_group }}" image: "{{ nova_compute_image_full }}" environment: LIBGUESTFS_BACKEND: "direct" privileged: True enabled: "{{ not enable_nova_fake | bool }}" ipc_mode: "host" volumes: "{{ nova_compute_default_volumes + nova_compute_extra_volumes }}" dimensions: "{{ nova_compute_dimensions }}" nova-compute-ironic: container_name: "nova_compute_ironic" group: "{{ nova_cell_compute_ironic_group }}" image: "{{ nova_compute_ironic_image_full }}" enabled: "{{ enable_ironic | bool and nova_cell_name == nova_cell_ironic_cell_name }}" volumes: "{{ nova_compute_ironic_default_volumes + nova_compute_ironic_extra_volumes }}" dimensions: "{{ nova_compute_ironic_dimensions }}" #################### # Ceph options #################### # Discard option for nova managed disks. Requires libvirt (1, 0, 6) or later and # qemu (1, 6, 0) or later. Set to "" to disable. nova_hw_disk_discard: "unmap" #################### # Cells Options #################### # Name of the cell. For backwards compatibility this defaults to an empty name, # since the cell created by kolla-ansible prior to the Train release had no # name. nova_cell_name: '' # Name of the cell in which nova-compute-ironic will be deployed. For backwards # compatibility this defaults to an empty name, since the cell created by # kolla-ansible prior to the Train release had no name. nova_cell_ironic_cell_name: '' # Name of the Ansible group containing compute hosts. For backwards # compatibility this is 'compute'. For a multi-cell deployment, this should be # set to the name of a group containing only the compute hosts in this cell. # Note that all compute hosts should also be in the 'compute' group. nova_cell_compute_group: 'compute' # Name of the Ansible group containing nova-compute-ironic hosts. For backwards # compatibility this is 'nova-compute-ironic'. For a multi-cell deployment, # this should be set to the name of a group containing only the compute hosts # # in this cell. Note that all nova-compute-ironic hosts should also be in the # 'nova-compute-ironic' group. nova_cell_compute_ironic_group: 'nova-compute-ironic' # Name of the Ansible group containing nova-conductor hosts. For backwards # compatibility this is 'nova-conductor'. For a multi-cell deployment, this # should be set to the name of a group containing only the nova-conductor hosts # in this cell. Note that all nova-conductor hosts should also be in the # 'nova-conductor' group. nova_cell_conductor_group: 'nova-conductor' # Name of the Ansible group containing nova-novncproxy hosts. For backwards # compatibility this is 'nova-novncproxy'. For a multi-cell deployment, this # should be set to the name of a group containing only the nova-novncproxy # hosts in this cell. Note that all nova-novncproxy hosts should also be in # the 'nova-novncproxy' group. nova_cell_novncproxy_group: 'nova-novncproxy' # Name of the Ansible group containing nova-spicehtml5proxy hosts. For # backwards compatibility this is 'nova-spicehtml5proxy'. For a multi-cell # deployment, this should be set to the name of a group containing only the # nova-spicehtml5proxy hosts in this cell. Note that all nova-spicehtml5proxy # hosts should also be in the 'nova-spicehtml5proxy' group. nova_cell_spicehtml5proxy_group: 'nova-spicehtml5proxy' # Name of the Ansible group containing nova-serialproxy hosts. For backwards # compatibility this is 'nova-serialproxy'. For a multi-cell deployment, this # should be set to the name of a group containing only the nova-serialproxy # hosts in this cell. Note that all nova-serialproxy hosts should also be in # the 'nova-serialproxy' group. nova_cell_serialproxy_group: 'nova-serialproxy' #################### # Database #################### nova_cell_database_admin_user: "{{ database_user }}" nova_cell_database_admin_password: "{{ database_password }}" nova_cell_database_name: "{{ 'nova_' ~ nova_cell_name if nova_cell_name else 'nova' }}" nova_cell_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}nova{% endif %}" nova_cell_database_password: '{{ nova_database_password }}' nova_cell_database_address: "{% if nova_cell_database_group is defined %}{{ 'api' | kolla_address(groups[nova_cell_database_group][0]) }}{% else %}{{ database_address }}{% endif %}" nova_cell_database_port: '{{ database_port }}' # Ideally, the cell conductors would not have access to the API database. # However, certain features require it (see # https://docs.openstack.org/nova/latest/user/cellsv2-layout.html#operations-requiring-upcalls). # Also, it is necessary for executing nova-manage cell_v2 create_cell. nova_api_database_name: "nova_api" nova_api_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}nova_api{% endif %}" nova_api_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}" # Optional group for cell database. If this is not defined, then the top level database is used. # nova_cell_database_group: #################### # RabbitMQ #################### # Internal rabbit users should set these nova_cell_rpc_user: "{{ om_rpc_user }}" nova_cell_rpc_password: "{{ om_rpc_password }}" nova_cell_rpc_port: "{{ om_rpc_port }}" nova_cell_rpc_group_name: "{{ om_rpc_group }}" nova_cell_rpc_transport: "{{ om_rpc_transport }}" nova_cell_rpc_vhost: "{{ 'nova_' ~ nova_cell_name if nova_cell_name else om_rpc_vhost }}" nova_cell_notify_user: "{{ nova_cell_rpc_user }}" nova_cell_notify_password: "{{ nova_cell_rpc_password }}" nova_cell_notify_port: "{{ nova_cell_rpc_port }}" nova_cell_notify_group_name: "{{ nova_cell_rpc_group_name }}" nova_cell_notify_transport: "{{ nova_cell_rpc_transport }}" nova_cell_notify_vhost: "{{ nova_cell_rpc_vhost }}" # External Rabbit users should override these nova_cell_rpc_transport_url: "{{ nova_cell_rpc_transport }}://{% for host in groups[nova_cell_rpc_group_name] %}{{ nova_cell_rpc_user }}:{{ nova_cell_rpc_password }}@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ nova_cell_rpc_port }}{% if not loop.last %},{% endif %}{% endfor %}/{{ nova_cell_rpc_vhost }}" nova_cell_notify_transport_url: "{{ nova_cell_notify_transport }}://{% for host in groups[nova_cell_notify_group_name] %}{{ nova_cell_notify_user }}:{{ nova_cell_notify_password }}@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ nova_cell_notify_port }}{% if not loop.last %},{% endif %}{% endfor %}/{{ nova_cell_notify_vhost }}" # These vhosts and users will be created. nova_cell_rpc_rabbitmq_users: - user: "{{ nova_cell_rpc_user }}" password: "{{ nova_cell_rpc_password }}" vhost: "{{ nova_cell_rpc_vhost }}" nova_cell_notify_rabbitmq_users: - user: "{{ nova_cell_notify_user }}" password: "{{ nova_cell_notify_password }}" vhost: "{{ nova_cell_notify_vhost }}" #################### # Docker #################### nova_install_type: "{{ kolla_install_type }}" nova_tag: "{{ openstack_tag }}" nova_libvirt_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-libvirt" nova_libvirt_tag: "{{ nova_tag }}" nova_libvirt_image_full: "{{ nova_libvirt_image }}:{{ nova_libvirt_tag }}" nova_libvirt_cpu_mode: "{{ 'host-passthrough' if ansible_architecture == 'aarch64' else '' }}" nova_ssh_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-ssh" nova_ssh_tag: "{{ nova_tag }}" nova_ssh_image_full: "{{ nova_ssh_image }}:{{ nova_ssh_tag }}" nova_novncproxy_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-novncproxy" nova_novncproxy_tag: "{{ nova_tag }}" nova_novncproxy_image_full: "{{ nova_novncproxy_image }}:{{ nova_novncproxy_tag }}" nova_spicehtml5proxy_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-spicehtml5proxy" nova_spicehtml5proxy_tag: "{{ nova_tag }}" nova_spicehtml5proxy_image_full: "{{ nova_spicehtml5proxy_image }}:{{ nova_spicehtml5proxy_tag }}" nova_serialproxy_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-serialproxy" nova_serialproxy_tag: "{{ nova_tag }}" nova_serialproxy_image_full: "{{ nova_serialproxy_image }}:{{ nova_serialproxy_tag }}" nova_conductor_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-conductor" nova_conductor_tag: "{{ nova_tag }}" nova_conductor_image_full: "{{ nova_conductor_image }}:{{ nova_conductor_tag }}" nova_compute_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-compute" nova_compute_tag: "{{ nova_tag }}" nova_compute_image_full: "{{ nova_compute_image }}:{{ nova_compute_tag }}" nova_compute_ironic_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-compute-ironic" nova_compute_ironic_tag: "{{ nova_tag }}" nova_compute_ironic_image_full: "{{ nova_compute_ironic_image }}:{{ nova_compute_ironic_tag }}" nova_libvirt_dimensions: "{{ default_container_dimensions }}" nova_ssh_dimensions: "{{ default_container_dimensions }}" nova_novncproxy_dimensions: "{{ default_container_dimensions }}" nova_spicehtml5proxy_dimensions: "{{ default_container_dimensions }}" nova_serialproxy_dimensions: "{{ default_container_dimensions }}" nova_conductor_dimensions: "{{ default_container_dimensions }}" nova_compute_dimensions: "{{ default_container_dimensions }}" nova_compute_ironic_dimensions: "{{ default_container_dimensions }}" nova_libvirt_default_volumes: - "{{ node_config_directory }}/nova-libvirt/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" - "{{ '/etc/timezone:/etc/timezone:ro' if kolla_base_distro in ['debian', 'ubuntu'] else '' }}" - "/lib/modules:/lib/modules:ro" - "/run/:/run/:shared" - "/dev:/dev" - "/sys/fs/cgroup:/sys/fs/cgroup" - "kolla_logs:/var/log/kolla/" - "libvirtd:/var/lib/libvirt" - "{{ nova_instance_datadir_volume }}:/var/lib/nova/" - "{% if enable_shared_var_lib_nova_mnt | bool %}/var/lib/nova/mnt:/var/lib/nova/mnt:shared{% endif %}" - "nova_libvirt_qemu:/etc/libvirt/qemu" - "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/nova' if nova_dev_mode | bool else '' }}" nova_ssh_default_volumes: - "{{ node_config_directory }}/nova-ssh/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" - "{{ '/etc/timezone:/etc/timezone:ro' if kolla_base_distro in ['debian', 'ubuntu'] else '' }}" - "kolla_logs:/var/log/kolla" - "{{ nova_instance_datadir_volume }}:/var/lib/nova" - "{% if enable_shared_var_lib_nova_mnt | bool %}/var/lib/nova/mnt:/var/lib/nova/mnt:shared{% endif %}" - "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/nova' if nova_dev_mode | bool else '' }}" nova_novncproxy_default_volumes: - "{{ node_config_directory }}/nova-novncproxy/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" - "{{ '/etc/timezone:/etc/timezone:ro' if kolla_base_distro in ['debian', 'ubuntu'] else '' }}" - "kolla_logs:/var/log/kolla/" - "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/nova' if nova_dev_mode | bool else '' }}" nova_spicehtml5proxy_default_volumes: - "{{ node_config_directory }}/nova-spicehtml5proxy/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" - "{{ '/etc/timezone:/etc/timezone:ro' if kolla_base_distro in ['debian', 'ubuntu'] else '' }}" - "kolla_logs:/var/log/kolla/" - "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/nova' if nova_dev_mode | bool else '' }}" nova_serialproxy_default_volumes: - "{{ node_config_directory }}/nova-serialproxy/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" - "{{ '/etc/timezone:/etc/timezone:ro' if kolla_base_distro in ['debian', 'ubuntu'] else '' }}" - "kolla_logs:/var/log/kolla/" - "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/nova' if nova_dev_mode | bool else '' }}" nova_conductor_default_volumes: - "{{ node_config_directory }}/nova-conductor/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" - "{{ '/etc/timezone:/etc/timezone:ro' if kolla_base_distro in ['debian', 'ubuntu'] else '' }}" - "kolla_logs:/var/log/kolla/" - "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/nova' if nova_dev_mode | bool else '' }}" nova_compute_default_volumes: - "{{ node_config_directory }}/nova-compute/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" - "{{ '/etc/timezone:/etc/timezone:ro' if kolla_base_distro in ['debian', 'ubuntu'] else '' }}" - "/lib/modules:/lib/modules:ro" - "/run:/run:shared" - "/dev:/dev" - "kolla_logs:/var/log/kolla/" - "{% if enable_iscsid | bool %}iscsi_info:/etc/iscsi{% endif %}" - "libvirtd:/var/lib/libvirt" - "{{ nova_instance_datadir_volume }}:/var/lib/nova/" - "{% if enable_shared_var_lib_nova_mnt | bool %}/var/lib/nova/mnt:/var/lib/nova/mnt:shared{% endif %}" - "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/nova' if nova_dev_mode | bool else '' }}" nova_compute_ironic_default_volumes: - "{{ node_config_directory }}/nova-compute-ironic/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" - "{{ '/etc/timezone:/etc/timezone:ro' if kolla_base_distro in ['debian', 'ubuntu'] else '' }}" - "kolla_logs:/var/log/kolla/" - "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/nova' if nova_dev_mode | bool else '' }}" # Used by bootstrapping containers. nova_cell_bootstrap_default_volumes: - "{{ node_config_directory }}/nova-cell-bootstrap/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" - "{{ '/etc/timezone:/etc/timezone:ro' if kolla_base_distro in ['debian', 'ubuntu'] else '' }}" - "kolla_logs:/var/log/kolla/" - "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/nova' if nova_dev_mode | bool else '' }}" nova_extra_volumes: "{{ default_extra_volumes }}" nova_libvirt_extra_volumes: "{{ nova_extra_volumes }}" nova_ssh_extra_volumes: "{{ nova_extra_volumes }}" nova_novncproxy_extra_volumes: "{{ nova_extra_volumes }}" nova_spicehtml5proxy_extra_volumes: "{{ nova_extra_volumes }}" nova_serialproxy_extra_volumes: "{{ nova_extra_volumes }}" nova_conductor_extra_volumes: "{{ nova_extra_volumes }}" nova_compute_extra_volumes: "{{ nova_extra_volumes }}" nova_compute_ironic_extra_volumes: "{{ nova_extra_volumes }}" # Used by bootstrapping containers. nova_cell_bootstrap_extra_volumes: "{{ nova_extra_volumes }}" #################### # HAProxy #################### haproxy_nova_serialconsole_proxy_tunnel_timeout: "10m" #################### # OpenStack #################### nova_logging_debug: "{{ openstack_logging_debug }}" openstack_nova_auth: "{{ openstack_auth }}" nova_compute_host_rp_filter_mode: 0 nova_safety_upgrade: "no" nova_libvirt_port: "{{'16514' if libvirt_tls | bool else '16509'}}" nova_ssh_port: "8022" # NOTE(mgoddard): The order of this list defines the order in which services # are restarted during an upgrade in reload.yml. Restarting the conductor # first is recommended. nova_cell_services_require_nova_conf: - nova-conductor - nova-compute - nova-compute-ironic - nova-novncproxy - nova-serialproxy - nova-spicehtml5proxy # Ideally these services would not require access to policy files, but there # is a place in compute where they are referenced: # https://opendev.org/openstack/nova/src/commit/627c461a62ce722a4c95a44b181f40b8db198c2b/nova/network/neutronv2/api.py#L532 nova_cell_services_require_policy_json: - nova-compute - nova-compute-ironic # After upgrading nova-compute, services will have an RPC version cap in place. # We need to restart all services that communicate with nova-compute in order # to allow them to use the latest RPC version. Ideally, there would be a way to # check whether all nova services are using the latest version, but currently # there is not. Instead, wait a short time for all nova compute services to # update the version of their service in the database. This seems to take # around 10 seconds, but the default is 30 to allow room for slowness. nova_compute_startup_delay: 30 # By default, the cell conductor is configured with access to the API database. # This is necessary for some features which require an 'upcall'. These are # listed here: # https://docs.openstack.org/nova/latest/user/cellsv2-layout.html#operations-requiring-upcalls. # To disable access to the API database from cell conductors, set # nova_cell_conductor_has_api_database to no. nova_cell_conductor_has_api_database: "yes" #################### # Notification #################### nova_notification_topics: - name: notifications enabled: "{{ enable_ceilometer | bool or enable_searchlight | bool or enable_neutron_infoblox_ipam_agent | bool }}" - name: notifications_designate enabled: "{{ enable_designate | bool }}" - name: vitrage_notifications enabled: "{{ enable_vitrage | bool }}" nova_enabled_notification_topics: "{{ nova_notification_topics | selectattr('enabled', 'equalto', true) | list }}" #################### # VMware #################### vmware_vcenter_datastore_regex: ".*" ovs_bridge: "nsx-managed" #################### # Libvirt/qemu #################### # The number of max files qemu can open qemu_max_files: 32768 # The number of max processes qemu can open qemu_max_processes: 131072 # Use TLS for libvirt connections and live migration libvirt_tls: false # Should kolla-ansible manage/copy the certs. False, assumes the deployer is # responsible for making the TLS certs show up in the config directories # also means the deployer is responsible for restarting the nova_compute and # nova_libvirt containers when the key changes, as we can't know when to do that libvirt_tls_manage_certs: true # When using tls we are verfiying the hostname we are connected to matches the # libvirt cert we are presented. As such we can't use IP's here, but keep the # ability for people to override the hostname to use. migration_hostname: "{{ ansible_nodename }}" #################### # Kolla #################### nova_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}" nova_dev_repos_pull: "{{ kolla_dev_repos_pull }}" nova_dev_mode: "{{ kolla_dev_mode }}" nova_source_version: "{{ kolla_source_version }}" ################################### # Enable Shared Bind Propogation ################################### enable_shared_var_lib_nova_mnt: "{{ enable_cinder_backend_nfs | bool or enable_cinder_backend_quobyte | bool }}"