1 heat_template_version: ocata
4 Libvirt service configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Mapping of service endpoint -> protocol. Typically set
19 via parameter_defaults in the resource registry.
21 NovaComputeLibvirtType:
24 LibvirtEnabledPerfEvents:
25 type: comma_delimited_list
27 description: This is a performance event list which could be used as monitor.
28 For example - ``enabled_perf_events = cmt, mbml, mbmt``
29 The supported events list can be found in
30 https://libvirt.org/html/libvirt-libvirt-domain.html ,
31 which you may need to search key words ``VIR_PERF_PARAM_*``
32 MonitoringSubscriptionNovaLibvirt:
33 default: 'overcloud-nova-libvirt'
38 UseTLSTransportForLiveMigration:
41 description: If set to true and if EnableInternalTLS is enabled, it will
42 set the libvirt URI's transport to tls and configure the
43 relevant keys for libvirt.
45 default: '/etc/ipa/ca.crt'
47 description: Specifies the default CA cert to use if TLS is used for
48 services in the internal network.
52 description: This specifies the CA certificate to use for TLS in libvirt.
53 This file will be symlinked to the default CA path in libvirt,
54 which is /etc/pki/CA/cacert.pem. Note that due to limitations
55 GNU TLS, which is the TLS backend for libvirt, the file must
56 be less than 65K (so we can't use the system's CA bundle).
57 This parameter should be used if the default (which comes from
58 the InternalTLSCAFile parameter) is not desired. The current
59 default reflects TripleO's default CA, which is FreeIPA.
60 It will only be used if internal TLS is enabled.
64 use_tls_for_live_migration:
67 - {get_param: EnableInternalTLS}
70 - {get_param: UseTLSTransportForLiveMigration}
73 libvirt_specific_ca_unset:
75 - {get_param: LibvirtCACert}
80 type: ./nova-base.yaml
82 ServiceNetMap: {get_param: ServiceNetMap}
83 DefaultPasswords: {get_param: DefaultPasswords}
84 EndpointMap: {get_param: EndpointMap}
88 description: Role data for the Libvirt service.
90 service_name: nova_libvirt
91 monitoring_subscription: {get_param: MonitoringSubscriptionNovaLibvirt}
94 - get_attr: [NovaBase, role_data, config_settings]
95 # we include ::nova::compute::libvirt::services in nova/libvirt profile
96 - nova::compute::libvirt::manage_libvirt_services: false
97 # we manage migration in nova common puppet profile
98 nova::compute::libvirt::migration_support: false
99 tripleo::profile::base::nova::manage_migration: true
100 tripleo::profile::base::nova::libvirt_enabled: true
101 nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
102 nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
103 nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents}
104 nova::compute::libvirt::qemu::configure_qemu: true
105 nova::compute::libvirt::qemu::max_files: 32768
106 nova::compute::libvirt::qemu::max_processes: 131072
107 nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
108 tripleo.nova_libvirt.firewall_rules:
117 - use_tls_for_live_migration
119 generate_service_certificates: true
120 tripleo::profile::base::nova::libvirt_tls: true
121 nova::migration::libvirt::live_migration_inbound_addr:
124 "%{hiera('fqdn_$NETWORK')}"
126 $NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
127 tripleo::certmonger::ca::libvirt::origin_ca_pem:
129 - libvirt_specific_ca_unset
130 - get_param: InternalTLSCAFile
131 - get_param: LibvirtCACert
132 tripleo::certmonger::libvirt_dirs::certificate_dir: '/etc/pki/libvirt'
133 tripleo::certmonger::libvirt_dirs::key_dir: '/etc/pki/libvirt/private'
134 libvirt_certificates_specs:
136 service_certificate: '/etc/pki/libvirt/servercert.pem'
137 service_key: '/etc/pki/libvirt/private/serverkey.pem'
140 template: "%{hiera('fqdn_NETWORK')}"
142 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
145 template: "libvirt/%{hiera('fqdn_NETWORK')}"
147 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
149 service_certificate: '/etc/pki/libvirt/clientcert.pem'
150 service_key: '/etc/pki/libvirt/private/clientkey.pem'
153 template: "%{hiera('fqdn_NETWORK')}"
155 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
158 template: "libvirt/%{hiera('fqdn_NETWORK')}"
160 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
163 include tripleo::profile::base::nova::libvirt
166 - use_tls_for_live_migration
169 network: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}