1 heat_template_version: pike
4 Libvirt service configured with Puppet
9 description: Dictionary packing service data
13 description: Mapping of service_name -> network name. Typically set
14 via parameter_defaults in the resource registry. This
15 mapping overrides those in ServiceNetMapDefaults.
22 description: Role name on which the service is applied
26 description: Parameters specific to the role
30 description: Mapping of service endpoint -> protocol. Typically set
31 via parameter_defaults in the resource registry.
37 description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
42 description: The Ceph cluster FSID. Must be a UUID.
43 CinderEnableRbdBackend:
45 description: Whether to enable or not the Rbd backend for Cinder
47 NovaComputeLibvirtType:
50 LibvirtEnabledPerfEvents:
51 type: comma_delimited_list
53 description: This is a performance event list which could be used as monitor.
54 For example - ``enabled_perf_events = cmt, mbml, mbmt``
55 The supported events list can be found in
56 https://libvirt.org/html/libvirt-libvirt-domain.html ,
57 which you may need to search key words ``VIR_PERF_PARAM_*``
58 MonitoringSubscriptionNovaLibvirt:
59 default: 'overcloud-nova-libvirt'
64 UseTLSTransportForLiveMigration:
67 description: If set to true and if EnableInternalTLS is enabled, it will
68 set the libvirt URI's transport to tls and configure the
69 relevant keys for libvirt.
71 default: '/etc/ipa/ca.crt'
73 description: Specifies the default CA cert to use if TLS is used for
74 services in the internal network.
78 description: This specifies the CA certificate to use for TLS in libvirt.
79 This file will be symlinked to the default CA path in libvirt,
80 which is /etc/pki/CA/cacert.pem. Note that due to limitations
81 GNU TLS, which is the TLS backend for libvirt, the file must
82 be less than 65K (so we can't use the system's CA bundle).
83 This parameter should be used if the default (which comes from
84 the InternalTLSCAFile parameter) is not desired. The current
85 default reflects TripleO's default CA, which is FreeIPA.
86 It will only be used if internal TLS is enabled.
90 SSH key for migration.
91 Expects a dictionary with keys 'public_key' and 'private_key'.
92 Values should be identical to SSH public/private key files.
98 description: Target port for migration over ssh
103 use_tls_for_live_migration:
106 - {get_param: EnableInternalTLS}
109 - {get_param: UseTLSTransportForLiveMigration}
112 libvirt_specific_ca_unset:
114 - {get_param: LibvirtCACert}
119 type: ./nova-base.yaml
121 ServiceData: {get_param: ServiceData}
122 ServiceNetMap: {get_param: ServiceNetMap}
123 DefaultPasswords: {get_param: DefaultPasswords}
124 EndpointMap: {get_param: EndpointMap}
125 RoleName: {get_param: RoleName}
126 RoleParameters: {get_param: RoleParameters}
130 description: Role data for the Libvirt service.
132 service_name: nova_libvirt
133 monitoring_subscription: {get_param: MonitoringSubscriptionNovaLibvirt}
136 - get_attr: [NovaBase, role_data, config_settings]
137 # we include ::nova::compute::libvirt::services in nova/libvirt profile
138 - nova::compute::libvirt::manage_libvirt_services: false
139 # we manage migration in nova common puppet profile
140 nova::compute::libvirt::migration_support: false
141 nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
142 nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
143 nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID}
144 tripleo::profile::base::nova::migration::client::libvirt_enabled: true
145 tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]}
146 tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort}
147 nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
148 nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
149 nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents}
150 nova::compute::libvirt::qemu::configure_qemu: true
151 nova::compute::libvirt::qemu::max_files: 32768
152 nova::compute::libvirt::qemu::max_processes: 131072
153 nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
154 rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
155 tripleo.nova_libvirt.firewall_rules:
164 - use_tls_for_live_migration
166 generate_service_certificates: true
167 tripleo::profile::base::nova::migration::client::libvirt_tls: true
168 nova::migration::libvirt::live_migration_inbound_addr:
171 "%{hiera('fqdn_$NETWORK')}"
173 $NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
174 tripleo::certmonger::ca::libvirt::origin_ca_pem:
176 - libvirt_specific_ca_unset
177 - get_param: InternalTLSCAFile
178 - get_param: LibvirtCACert
179 tripleo::certmonger::libvirt_dirs::certificate_dir: '/etc/pki/libvirt'
180 tripleo::certmonger::libvirt_dirs::key_dir: '/etc/pki/libvirt/private'
181 libvirt_certificates_specs:
183 service_certificate: '/etc/pki/libvirt/servercert.pem'
184 service_key: '/etc/pki/libvirt/private/serverkey.pem'
187 template: "%{hiera('fqdn_NETWORK')}"
189 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
192 template: "libvirt/%{hiera('fqdn_NETWORK')}"
194 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
196 service_certificate: '/etc/pki/libvirt/clientcert.pem'
197 service_key: '/etc/pki/libvirt/private/clientkey.pem'
200 template: "%{hiera('fqdn_NETWORK')}"
202 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
205 template: "libvirt/%{hiera('fqdn_NETWORK')}"
207 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
210 include tripleo::profile::base::nova::libvirt
213 - use_tls_for_live_migration
216 network: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}