Mark Goddard 0edad7138c Remove default(omit) from openstack_cacert in templates
The use of default(omit) is for module parameters, not templates. We
define a default value for openstack_cacert, so it should never be
undefined anyway.

Change-Id: Idfa73097ca168c76559dc4f3aa8bb30b7113ab28
2020-04-03 14:49:11 +01:00

252 lines
8.1 KiB

# nova.conf
debug = {{ nova_logging_debug }}
log_dir = /var/log/kolla/nova
state_path = /var/lib/nova
allow_resize_to_same_host = true
{% if service_name == "nova-compute-ironic" %}
host={{ ansible_hostname }}-ironic
log_file = /var/log/kolla/nova/nova-compute-ironic.log
compute_driver = ironic.IronicDriver
ram_allocation_ratio = 1.0
reserved_host_memory_mb = 0
{% elif enable_nova_fake | bool %}
host = {{ ansible_hostname }}_{{ service_name }}
compute_driver = fake.FakeDriver
{% elif nova_compute_virt_type == 'vmware' %}
compute_driver = vmwareapi.VMwareVCDriver
{% elif nova_compute_virt_type == 'xenapi' %}
compute_driver = xenapi.XenAPIDriver
{% if service_name == 'nova-compute' %}
host = xenapi_facts['dom0_hostname']
{% endif %}
{% else %}
compute_driver = libvirt.LibvirtDriver
{% endif %}
# Though my_ip is not used directly, lots of other variables use $my_ip
my_ip = {{ api_interface_address }}
{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
instance_usage_audit = True
instance_usage_audit_period = hour
{% if enable_watcher | bool %}
{% endif %}
{% endif %}
transport_url = {{ nova_cell_rpc_transport_url }}
workers = {{ openstack_service_workers }}
{% if nova_console == 'novnc' %}
{% if service_name == "nova-compute-ironic" %}
enabled = false
{% else %}
novncproxy_host = {{ api_interface_address }}
novncproxy_port = {{ nova_novncproxy_listen_port }}
server_listen = {{ api_interface_address }}
server_proxyclient_address = {{ api_interface_address }}
{% if inventory_hostname in groups[nova_cell_compute_group] %}
novncproxy_base_url = {{ public_protocol }}://{{ nova_novncproxy_fqdn | put_address_in_context('url') }}:{{ nova_novncproxy_port }}/vnc_auto.html
{% endif %}
{% endif %}
{% elif nova_console == 'spice' %}
# We have to turn off vnc to use spice
enabled = false
enabled = true
server_listen = {{ api_interface_address }}
server_proxyclient_address = {{ api_interface_address }}
{% if inventory_hostname in groups[nova_cell_compute_group] %}
html5proxy_base_url = {{ public_protocol }}://{{ nova_spicehtml5proxy_fqdn | put_address_in_context('url') }}:{{ nova_spicehtml5proxy_port }}/spice_auto.html
{% endif %}
html5proxy_host = {{ api_interface_address }}
html5proxy_port = {{ nova_spicehtml5proxy_listen_port }}
{% elif nova_console == 'none' %}
enabled = false
enabled = false
{% endif %}
{% if enable_nova_serialconsole_proxy | bool %}
enabled = true
base_url = {{ nova_serialproxy_protocol }}://{{ nova_serialproxy_fqdn | put_address_in_context('url') }}:{{ nova_serialproxy_port }}/
serialproxy_host = {{ api_interface_address }}
serialproxy_port = {{ nova_serialproxy_listen_port }}
proxyclient_address = {{ api_interface_address }}
{% endif %}
{% if service_name == "nova-compute-ironic" %}
username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }}
auth_url = {{ openstack_auth.auth_url }}/v3
cafile = {{ openstack_cacert }}
auth_type = password
project_name = service
user_domain_name = {{ default_user_domain_name }}
project_domain_name = {{ default_project_domain_name }}
endpoint_override = {{ internal_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}/v1
{% endif %}
lock_path = /var/lib/nova/tmp
api_servers = {{ internal_protocol }}://{{ glance_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}
cafile = {{ openstack_cacert }}
num_retries = 3
{% if enable_cinder | bool %}
catalog_info = volumev3:cinderv3:internalURL
os_region_name = {{ openstack_region_name }}
cafile = {{ openstack_cacert }}
{% endif %}
metadata_proxy_shared_secret = {{ metadata_secret }}
service_metadata_proxy = true
{% if neutron_plugin_agent == 'vmware_nsxv3' %}
ovs_bridge = {{ ovs_bridge }}
{% endif %}
auth_url = {{ keystone_admin_url }}
auth_type = password
cafile = {{ openstack_cacert }}
project_domain_name = {{ default_project_domain_name }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ neutron_keystone_user }}
password = {{ neutron_keystone_password }}
region_name = {{ openstack_region_name }}
valid_interfaces = internal
{% if not service_name.startswith('nova-compute') %}
connection = mysql+pymysql://{{ nova_cell_database_user }}:{{ nova_cell_database_password }}@{{ nova_cell_database_address | put_address_in_context('url') }}:{{ nova_cell_database_port }}/{{ nova_cell_database_name }}
max_pool_size = 50
max_overflow = 1000
max_retries = -1
{% if service_name == 'nova-cell-bootstrap' or (service_name == 'nova-conductor' and nova_cell_conductor_has_api_database | bool) %}
connection = mysql+pymysql://{{ nova_api_database_user }}:{{ nova_api_database_password }}@{{ nova_api_database_address }}/{{ nova_api_database_name }}
max_retries = -1
{% endif %}
{% endif %}
{% if service_name == 'nova-compute' %}
{% if nova_compute_virt_type in ['kvm', 'qemu'] %}
{# must be an include because Ansible 2.8 (and earlier) does not like defined variables referencing undefined variables: migration_interface_address here #}
{# see #}
{% include 'nova.conf.d/libvirt.conf.j2' %}
{% endif %}
{% endif %}
{% if nova_compute_virt_type == "vmware" %}
host_ip = {{ vmware_vcenter_host_ip }}
host_username = {{ vmware_vcenter_host_username }}
host_password = {{ vmware_vcenter_host_password }}
cluster_name = {{ vmware_vcenter_cluster_name }}
datastore_regex = {{ vmware_vcenter_datastore_regex }}
insecure = {{ vmware_vcenter_insecure }}
{% if not vmware_vcenter_insecure | bool %}
ca_file = /etc/nova/vmware_ca
{% endif %}
{% endif %}
compute = auto
transport_url = {{ nova_cell_notify_transport_url }}
{% if nova_enabled_notification_topics %}
driver = messagingv2
topics = {{ nova_enabled_notification_topics | map(attribute='name') | join(',') }}
{% else %}
driver = noop
{% endif %}
{% if service_name in nova_cell_services_require_policy_json and nova_policy_file is defined %}
policy_file = {{ nova_policy_file }}
{% endif %}
helper_command=sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf
debug = {{ nova_logging_debug }}
cafile = {{ openstack_cacert }}
debug = {{ nova_logging_debug }}
auth_type = password
auth_url = {{ keystone_admin_url }}
username = {{ placement_keystone_user }}
password = {{ placement_keystone_password }}
user_domain_name = {{ default_user_domain_name }}
project_name = service
project_domain_name = {{ default_project_domain_name }}
region_name = {{ openstack_region_name }}
cafile = {{ openstack_cacert }}
valid_interfaces = internal
{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool or enable_neutron_infoblox_ipam_agent | bool %}
notify_on_state_change = vm_and_task_state
{% endif %}
{% if not enable_searchlight | bool %}
notification_format = unversioned
{% else %}
notification_format = both
{% endif %}
{% if enable_osprofiler | bool %}
enabled = true
trace_sqlalchemy = true
hmac_keys = {{ osprofiler_secret }}
connection_string = {{ osprofiler_backend_connection_string }}
{% endif %}
{% if enable_barbican | bool %}
auth_endpoint = {{ keystone_internal_url }}
cafile = {{ openstack_cacert }}
{% endif %}
{% if nova_compute_virt_type == "xenapi" %}
ovs_integration_bridge = br-int
connection_password = {{ xenserver_password }}
connection_username = {{ xenserver_username }}
connection_url = {{ xenserver_connect_protocol }}://{{ xenserver_himn_ip }}
{% endif %}
# Cell specific settings from DevStack:
{% if service_name.startswith("nova-compute") and enable_cells | bool %}
disable_group_policy_check_upcall = true
# When in superconductor mode, nova-compute can't send instance
# info updates to the scheduler, so just disable it.
track_instance_changes = false
{% endif %}