1 heat_template_version: pike
4 Libvirt service configured with Puppet
9 description: Dictionary packing service data
13 description: Mapping of service_name -> network name. Typically set
14 via parameter_defaults in the resource registry. This
15 mapping overrides those in ServiceNetMapDefaults.
22 description: Role name on which the service is applied
26 description: Parameters specific to the role
30 description: Mapping of service endpoint -> protocol. Typically set
31 via parameter_defaults in the resource registry.
37 description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
42 description: The Ceph cluster FSID. Must be a UUID.
43 CinderEnableRbdBackend:
45 description: Whether to enable or not the Rbd backend for Cinder
47 NovaComputeLibvirtType:
50 LibvirtEnabledPerfEvents:
51 type: comma_delimited_list
53 description: This is a performance event list which could be used as monitor.
54 For example - ``enabled_perf_events = cmt, mbml, mbmt``
55 The supported events list can be found in
56 https://libvirt.org/html/libvirt-libvirt-domain.html ,
57 which you may need to search key words ``VIR_PERF_PARAM_*``
58 MonitoringSubscriptionNovaLibvirt:
59 default: 'overcloud-nova-libvirt'
64 UseTLSTransportForLiveMigration:
67 description: If set to true and if EnableInternalTLS is enabled, it will
68 set the libvirt URI's transport to tls and configure the
69 relevant keys for libvirt. NOTE. this is currently being
70 ignored and TLS for libvirtd is always disabled for now.
72 default: '/etc/ipa/ca.crt'
74 description: Specifies the default CA cert to use if TLS is used for
75 services in the internal network.
79 description: This specifies the CA certificate to use for TLS in libvirt.
80 This file will be symlinked to the default CA path in libvirt,
81 which is /etc/pki/CA/cacert.pem. Note that due to limitations
82 GNU TLS, which is the TLS backend for libvirt, the file must
83 be less than 65K (so we can't use the system's CA bundle).
84 This parameter should be used if the default (which comes from
85 the InternalTLSCAFile parameter) is not desired. The current
86 default reflects TripleO's default CA, which is FreeIPA.
87 It will only be used if internal TLS is enabled.
91 SSH key for migration.
92 Expects a dictionary with keys 'public_key' and 'private_key'.
93 Values should be identical to SSH public/private key files.
99 description: Target port for migration over ssh
104 use_tls_for_live_migration: false
107 # - {get_param: EnableInternalTLS}
110 # - {get_param: UseTLSTransportForLiveMigration}
113 libvirt_specific_ca_unset:
115 - {get_param: LibvirtCACert}
120 type: ./nova-base.yaml
122 ServiceData: {get_param: ServiceData}
123 ServiceNetMap: {get_param: ServiceNetMap}
124 DefaultPasswords: {get_param: DefaultPasswords}
125 EndpointMap: {get_param: EndpointMap}
126 RoleName: {get_param: RoleName}
127 RoleParameters: {get_param: RoleParameters}
131 description: Role data for the Libvirt service.
133 service_name: nova_libvirt
134 monitoring_subscription: {get_param: MonitoringSubscriptionNovaLibvirt}
137 - get_attr: [NovaBase, role_data, config_settings]
138 # we include ::nova::compute::libvirt::services in nova/libvirt profile
139 - nova::compute::libvirt::manage_libvirt_services: false
140 # we manage migration in nova common puppet profile
141 nova::compute::libvirt::migration_support: false
142 nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
143 nova::compute::rbd::rbd_keyring:
147 - {get_param: CephClientUserName}
148 nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
149 nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID}
150 tripleo::profile::base::nova::migration::client::libvirt_enabled: true
151 tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]}
152 tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort}
153 nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
154 nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
155 nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents}
156 nova::compute::libvirt::qemu::configure_qemu: true
157 nova::compute::libvirt::qemu::max_files: 32768
158 nova::compute::libvirt::qemu::max_processes: 131072
159 nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
160 rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
161 tripleo.nova_libvirt.firewall_rules:
170 - use_tls_for_live_migration
172 generate_service_certificates: true
173 tripleo::profile::base::nova::migration::client::libvirt_tls: true
174 nova::migration::libvirt::listen_address:
175 get_param: [ServiceNetMap, NovaLibvirtNetwork]
176 nova::migration::libvirt::live_migration_inbound_addr:
179 "%{hiera('fqdn_$NETWORK')}"
181 $NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
182 tripleo::certmonger::ca::libvirt::origin_ca_pem:
184 - libvirt_specific_ca_unset
185 - get_param: InternalTLSCAFile
186 - get_param: LibvirtCACert
187 tripleo::certmonger::libvirt_dirs::certificate_dir: '/etc/pki/libvirt'
188 tripleo::certmonger::libvirt_dirs::key_dir: '/etc/pki/libvirt/private'
189 libvirt_certificates_specs:
191 service_certificate: '/etc/pki/libvirt/servercert.pem'
192 service_key: '/etc/pki/libvirt/private/serverkey.pem'
195 template: "%{hiera('fqdn_NETWORK')}"
197 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
200 template: "libvirt/%{hiera('fqdn_NETWORK')}"
202 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
204 service_certificate: '/etc/pki/libvirt/clientcert.pem'
205 service_key: '/etc/pki/libvirt/private/clientkey.pem'
208 template: "%{hiera('fqdn_NETWORK')}"
210 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
213 template: "libvirt/%{hiera('fqdn_NETWORK')}"
215 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
218 include tripleo::profile::base::nova::libvirt
221 - use_tls_for_live_migration
224 network: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}