openstack/kolla-ansible
Code Issues Proposed changes
kolla-ansible/ansible/roles/nova-cell/templates/nova.conf.j2
Pierre Riteau c81772024c Reduce the use of SQLAlchemy connection pooling 
When the internal VIP is moved in the event of a failure of the active
controller, OpenStack services can become unresponsive as they try to
talk with MariaDB using connections from the SQLAlchemy pool.

It has been argued that OpenStack doesn't really need to use connection
pooling with MariaDB [1]. This commit reduces the use of connection
pooling via two configuration options:

- max_pool_size is set to 1 to allow only a single connection in the
  pool (it is not possible to disable connection pooling entirely via
  oslo.db, and max_pool_size = 0 means unlimited pool size)
- lower connection_recycle_time from the default of one hour to 10
  seconds, which means the single connection in the pool will be
  recreated regularly

These settings have shown better reactivity of the system in the event
of a failover.

[1] http://lists.openstack.org/pipermail/openstack-dev/2015-April/061808.html

Change-Id: Ib6a62d4428db9b95569314084090472870417f3d
Closes-Bug: #1896635
2020-09-22 17:54:45 +02:00

255 lines
8.1 KiB
Django/Jinja
Raw Blame History

# nova.conf
[DEFAULT]
debug = {{ nova_logging_debug }}
log_dir = /var/log/kolla/nova
state_path = /var/lib/nova
allow_resize_to_same_host = true
{% if service_name == "nova-compute-ironic" %}
host={{ ansible_hostname }}-ironic
log_file = /var/log/kolla/nova/nova-compute-ironic.log
compute_driver = ironic.IronicDriver
ram_allocation_ratio = 1.0
reserved_host_memory_mb = 0
{% elif enable_nova_fake | bool %}
host = {{ ansible_hostname }}_{{ service_name }}
compute_driver = fake.FakeDriver
{% elif nova_compute_virt_type == 'vmware' %}
compute_driver = vmwareapi.VMwareVCDriver
{% else %}
compute_driver = libvirt.LibvirtDriver
{% endif %}
# Though my_ip is not used directly, lots of other variables use $my_ip
my_ip = {{ api_interface_address }}
{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
instance_usage_audit = True
instance_usage_audit_period = hour
{% if enable_watcher | bool %}
compute_monitors=nova.compute.monitors.cpu.virt_driver
{% endif %}
{% endif %}
transport_url = {{ nova_cell_rpc_transport_url }}
[conductor]
workers = {{ openstack_service_workers }}
{% if nova_console == 'novnc' %}
[vnc]
{% if service_name == "nova-compute-ironic" %}
enabled = false
{% else %}
novncproxy_host = {{ api_interface_address }}
novncproxy_port = {{ nova_novncproxy_listen_port }}
server_listen = {{ api_interface_address }}
server_proxyclient_address = {{ api_interface_address }}
{% if inventory_hostname in groups[nova_cell_compute_group] %}
novncproxy_base_url = {{ public_protocol }}://{{ nova_novncproxy_fqdn | put_address_in_context('url') }}:{{ nova_novncproxy_port }}/vnc_auto.html
{% endif %}
{% endif %}
{% elif nova_console == 'spice' %}
[vnc]
# We have to turn off vnc to use spice
enabled = false
[spice]
enabled = true
server_listen = {{ api_interface_address }}
server_proxyclient_address = {{ api_interface_address }}
{% if inventory_hostname in groups[nova_cell_compute_group] %}
html5proxy_base_url = {{ public_protocol }}://{{ nova_spicehtml5proxy_fqdn | put_address_in_context('url') }}:{{ nova_spicehtml5proxy_port }}/spice_auto.html
{% endif %}
html5proxy_host = {{ api_interface_address }}
html5proxy_port = {{ nova_spicehtml5proxy_listen_port }}
{% elif nova_console == 'none' %}
[vnc]
enabled = false
[spice]
enabled = false
{% endif %}
{% if enable_nova_serialconsole_proxy | bool %}
[serial_console]
enabled = true
base_url = {{ nova_serialproxy_protocol }}://{{ nova_serialproxy_fqdn | put_address_in_context('url') }}:{{ nova_serialproxy_port }}/
serialproxy_host = {{ api_interface_address }}
serialproxy_port = {{ nova_serialproxy_listen_port }}
proxyclient_address = {{ api_interface_address }}
{% endif %}
{% if service_name == "nova-compute-ironic" %}
[ironic]
username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }}
auth_url = {{ openstack_auth.auth_url }}/v3
cafile = {{ openstack_cacert }}
auth_type = password
project_name = service
user_domain_name = {{ default_user_domain_name }}
project_domain_name = {{ default_project_domain_name }}
endpoint_override = {{ ironic_internal_endpoint }}/v1
{% endif %}
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[glance]
api_servers = {{ glance_internal_endpoint }}
cafile = {{ openstack_cacert }}
num_retries = 3
{% if enable_cinder | bool %}
[cinder]
catalog_info = volumev3:cinderv3:internalURL
os_region_name = {{ openstack_region_name }}
auth_url = {{ keystone_admin_url }}
auth_type = password
project_domain_name = {{ default_project_domain_name }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ cinder_keystone_user }}
password = {{ cinder_keystone_password }}
cafile = {{ openstack_cacert }}
{% endif %}
[neutron]
metadata_proxy_shared_secret = {{ metadata_secret }}
service_metadata_proxy = true
{% if neutron_plugin_agent == 'vmware_nsxv3' %}
ovs_bridge = {{ ovs_bridge }}
{% endif %}
auth_url = {{ keystone_admin_url }}
auth_type = password
cafile = {{ openstack_cacert }}
project_domain_name = {{ default_project_domain_name }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ neutron_keystone_user }}
password = {{ neutron_keystone_password }}
region_name = {{ openstack_region_name }}
valid_interfaces = internal
{% if not service_name.startswith('nova-compute') %}
[database]
connection = mysql+pymysql://{{ nova_cell_database_user }}:{{ nova_cell_database_password }}@{{ nova_cell_database_address | put_address_in_context('url') }}:{{ nova_cell_database_port }}/{{ nova_cell_database_name }}
connection_recycle_time = {{ database_connection_recycle_time }}
max_overflow = 1000
max_pool_size = {{ database_max_pool_size }}
max_retries = -1
{% if service_name == 'nova-cell-bootstrap' or (service_name == 'nova-conductor' and nova_cell_conductor_has_api_database | bool) %}
[api_database]
connection = mysql+pymysql://{{ nova_api_database_user }}:{{ nova_api_database_password }}@{{ nova_api_database_address }}/{{ nova_api_database_name }}
connection_recycle_time = {{ database_connection_recycle_time }}
max_pool_size = {{ database_max_pool_size }}
max_retries = -1
{% endif %}
{% endif %}
{% if service_name == 'nova-compute' %}
{% if nova_compute_virt_type in ['kvm', 'qemu'] %}
{# must be an include because Ansible 2.8 (and earlier) does not like defined variables referencing undefined variables: migration_interface_address here #}
{# see https://github.com/ansible/ansible/issues/58835 #}
{% include 'nova.conf.d/libvirt.conf.j2' %}
{% endif %}
{% endif %}
{% if nova_compute_virt_type == "vmware" %}
[vmware]
host_ip = {{ vmware_vcenter_host_ip }}
host_username = {{ vmware_vcenter_host_username }}
host_password = {{ vmware_vcenter_host_password }}
cluster_name = {{ vmware_vcenter_cluster_name }}
datastore_regex = {{ vmware_vcenter_datastore_regex }}
insecure = {{ vmware_vcenter_insecure }}
{% if not vmware_vcenter_insecure | bool %}
ca_file = /etc/nova/vmware_ca
{% endif %}
{% endif %}
[upgrade_levels]
compute = auto
[oslo_messaging_notifications]
transport_url = {{ nova_cell_notify_transport_url }}
{% if nova_enabled_notification_topics %}
driver = messagingv2
topics = {{ nova_enabled_notification_topics | map(attribute='name') | join(',') }}
{% else %}
driver = noop
{% endif %}
{% if service_name in nova_cell_services_require_policy_json and nova_policy_file is defined %}
[oslo_policy]
policy_file = {{ nova_policy_file }}
{% endif %}
[privsep_entrypoint]
helper_command=sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf
[glance]
debug = {{ nova_logging_debug }}
cafile = {{ openstack_cacert }}
[guestfs]
debug = {{ nova_logging_debug }}
[placement]
auth_type = password
auth_url = {{ keystone_admin_url }}
username = {{ placement_keystone_user }}
password = {{ placement_keystone_password }}
user_domain_name = {{ default_user_domain_name }}
project_name = service
project_domain_name = {{ default_project_domain_name }}
region_name = {{ openstack_region_name }}
cafile = {{ openstack_cacert }}
valid_interfaces = internal
[notifications]
{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool or enable_neutron_infoblox_ipam_agent | bool %}
notify_on_state_change = vm_and_task_state
{% endif %}
{% if not enable_searchlight | bool %}
notification_format = unversioned
{% else %}
notification_format = both
{% endif %}
{% if enable_osprofiler | bool %}
[profiler]
enabled = true
trace_sqlalchemy = true
hmac_keys = {{ osprofiler_secret }}
connection_string = {{ osprofiler_backend_connection_string }}
{% endif %}
{% if enable_barbican | bool %}
[barbican]
auth_endpoint = {{ keystone_internal_url }}
barbican_endpoint_type = internal
verify_ssl_path = {{ openstack_cacert }}
{% endif %}
# Cell specific settings from DevStack:
# https://opendev.org/openstack/devstack/src/branch/master/lib/nova#L874
{% if service_name.startswith("nova-compute") and enable_cells | bool %}
[workarounds]
disable_group_policy_check_upcall = true
[filter_scheduler]
# When in superconductor mode, nova-compute can't send instance
# info updates to the scheduler, so just disable it.
track_instance_changes = false
{% endif %}
{% if nova_pci_passthrough_whitelist %}
[pci]
passthrough_whitelist = {{ nova_pci_passthrough_whitelist | to_json }}
{% endif %}
View Git Blame Copy Permalink