1 heat_template_version: pike
4 OpenStack Libvirt Service
7 DockerNovaLibvirtImage:
10 # we configure libvirt via the nova-compute container due to coupling
11 # in the puppet modules
12 DockerNovaLibvirtConfigImage:
13 description: The container image to use for the nova_libvirt config_volume
17 description: Dictionary packing service data
21 description: Mapping of service_name -> network name. Typically set
22 via parameter_defaults in the resource registry. This
23 mapping overrides those in ServiceNetMapDefaults.
30 description: Role name on which the service is applied
34 description: Parameters specific to the role
38 description: Mapping of service endpoint -> protocol. Typically set
39 via parameter_defaults in the resource registry.
44 UseTLSTransportForLiveMigration:
47 description: If set to true and if EnableInternalTLS is enabled, it will
48 set the libvirt URI's transport to tls and configure the
49 relevant keys for libvirt.
50 DockerNovaMigrationSshdPort:
52 description: Port that dockerized nova migration target sshd service
57 description: Whether to enable or not the Rbd backend for Nova
59 CinderEnableRbdBackend:
61 description: Whether to enable or not the Rbd backend for Cinder
64 description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
69 description: The Ceph cluster FSID. Must be a UUID.
73 use_tls_for_live_migration:
76 - {get_param: EnableInternalTLS}
79 - {get_param: UseTLSTransportForLiveMigration}
85 - {get_param: NovaEnableRbdBackend}
88 - {get_param: CinderEnableRbdBackend}
94 type: ./containers-common.yaml
97 type: ../../puppet/services/database/mysql-client.yaml
100 type: ../../puppet/services/nova-libvirt.yaml
102 EndpointMap: {get_param: EndpointMap}
103 ServiceData: {get_param: ServiceData}
104 ServiceNetMap: {get_param: ServiceNetMap}
105 DefaultPasswords: {get_param: DefaultPasswords}
106 RoleName: {get_param: RoleName}
107 RoleParameters: {get_param: RoleParameters}
111 description: Role data for the Libvirt service.
113 service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]}
116 - get_attr: [NovaLibvirtBase, role_data, config_settings]
117 - tripleo::profile::base::certmonger_user::libvirt_postsave_cmd: "true" # TODO: restart the libvirt container here
119 logging_source: {get_attr: [NovaLibvirtBase, role_data, logging_source]}
120 logging_groups: {get_attr: [NovaLibvirtBase, role_data, logging_groups]}
121 step_config: &step_config
124 - - {get_attr: [NovaLibvirtBase, role_data, step_config]}
125 - {get_attr: [MySQLClient, role_data, step_config]}
127 config_volume: nova_libvirt
128 puppet_tags: libvirtd_config,nova_config,file
129 step_config: *step_config
130 config_image: {get_param: DockerNovaLibvirtConfigImage}
132 /var/lib/kolla/config_files/nova_libvirt.json:
135 - use_tls_for_live_migration
136 - /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf
137 - /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
139 - source: "/var/lib/kolla/config_files/src/*"
142 preserve_properties: true
143 - source: "/var/lib/kolla/config_files/src-ceph/"
146 preserve_properties: true
147 /var/lib/kolla/config_files/nova_virtlogd.json:
148 command: /usr/sbin/virtlogd --config /etc/libvirt/virtlogd.conf
150 - source: "/var/lib/kolla/config_files/src/*"
153 preserve_properties: true
155 - path: /var/log/nova
162 image: {get_param: DockerNovaLibvirtImage}
169 - {get_attr: [ContainersCommon, volumes]}
171 - /var/lib/kolla/config_files/nova_virtlogd.json:/var/lib/kolla/config_files/config.json:ro
172 - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
173 - /lib/modules:/lib/modules:ro
176 - /sys/fs/cgroup:/sys/fs/cgroup
177 - /var/lib/nova:/var/lib/nova:shared
178 - /var/run/libvirt:/var/run/libvirt
179 - /var/lib/libvirt:/var/lib/libvirt
180 - /etc/libvirt/qemu:/etc/libvirt/qemu:ro
181 - /var/log/libvirt/qemu:/var/log/libvirt/qemu
183 - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
186 image: {get_param: DockerNovaLibvirtImage}
193 - {get_attr: [ContainersCommon, volumes]}
195 - /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro
196 - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
197 - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
198 - /lib/modules:/lib/modules:ro
201 - /sys/fs/cgroup:/sys/fs/cgroup
202 - /var/lib/nova:/var/lib/nova:shared
203 - /etc/libvirt:/etc/libvirt
204 - /var/run/libvirt:/var/run/libvirt
205 - /var/lib/libvirt:/var/lib/libvirt
206 - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
207 - /var/log/containers/nova:/var/log/nova
208 - /var/lib/vhost_sockets:/var/lib/vhost_sockets
209 - /sys/fs/selinux:/sys/fs/selinux
212 - use_tls_for_live_migration
214 - /etc/ipa/ca.crt:/etc/pki/CA/cacert.pem:ro
215 - /etc/pki/libvirt/servercert.pem:/etc/pki/libvirt/servercert.pem:ro
216 - /etc/pki/libvirt/private/serverkey.pem:/etc/pki/libvirt/private/serverkey.pem:ro
217 - /etc/pki/libvirt/clientcert.pem:/etc/pki/libvirt/clientcert.pem:ro
218 - /etc/pki/libvirt/private/clientkey.pem:/etc/pki/libvirt/private/clientkey.pem:ro
221 - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
224 - need_libvirt_secret
225 - nova_libvirt_init_secret:
227 image: {get_param: DockerNovaLibvirtImage}
232 - {get_attr: [ContainersCommon, volumes]}
234 - /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro
235 - /etc/libvirt:/etc/libvirt
236 - /var/run/libvirt:/var/run/libvirt
237 - /var/lib/libvirt:/var/lib/libvirt
242 template: /usr/bin/virsh secret-define --file /etc/nova/secret.xml && /usr/bin/virsh secret-set-value --secret 'SECRET_UUID' --base64 'SECRET_KEY'
244 SECRET_UUID: {get_param: CephClusterFSID}
245 SECRET_KEY: {get_param: CephClientKey}
248 - name: create libvirt persistent data directories
254 - /etc/libvirt/secrets
257 - /var/log/containers/nova
258 # qemu user on host will be cretaed by libvirt package install, ensure
259 # the qemu user created with same uid/gid as like libvirt package.
260 # These specific values are required since ovs is running on host.
261 # Once ovs with DPDK is containerized, we could modify this uid/gid
262 # to match with kolla config values.
263 - name: ensure qemu group is present on the host
268 - name: ensure qemu user is present on the host
276 - name: create directory for vhost-user sockets with qemu ownership
278 path: /var/lib/vhost_sockets
282 - name: ensure ceph configurations exist
286 - name: check if libvirt is installed
287 command: /usr/bin/rpm -q libvirt-daemon
289 register: libvirt_installed
290 - name: make sure libvirt services are disabled
298 when: libvirt_installed.rc == 0
300 get_attr: [NovaLibvirtBase, role_data, metadata_settings]
302 - name: Stop and disable libvirtd service
304 service: name=libvirtd state=stopped enabled=no