1 heat_template_version: pike
4 Libvirt service configured with Puppet
9 description: Dictionary packing service data
13 description: Mapping of service_name -> network name. Typically set
14 via parameter_defaults in the resource registry. This
15 mapping overrides those in ServiceNetMapDefaults.
22 description: Role name on which the service is applied
26 description: Parameters specific to the role
30 description: Mapping of service endpoint -> protocol. Typically set
31 via parameter_defaults in the resource registry.
37 description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
42 description: The Ceph cluster FSID. Must be a UUID.
43 CinderEnableRbdBackend:
45 description: Whether to enable or not the Rbd backend for Cinder
47 NovaComputeLibvirtType:
50 LibvirtEnabledPerfEvents:
51 type: comma_delimited_list
53 description: This is a performance event list which could be used as monitor.
54 For example - ``enabled_perf_events = cmt, mbml, mbmt``
55 The supported events list can be found in
56 https://libvirt.org/html/libvirt-libvirt-domain.html ,
57 which you may need to search key words ``VIR_PERF_PARAM_*``
58 MonitoringSubscriptionNovaLibvirt:
59 default: 'overcloud-nova-libvirt'
64 UseTLSTransportForLiveMigration:
67 description: If set to true and if EnableInternalTLS is enabled, it will
68 set the libvirt URI's transport to tls and configure the
69 relevant keys for libvirt.
71 default: '/etc/ipa/ca.crt'
73 description: Specifies the default CA cert to use if TLS is used for
74 services in the internal network.
78 description: This specifies the CA certificate to use for TLS in libvirt.
79 This file will be symlinked to the default CA path in libvirt,
80 which is /etc/pki/CA/cacert.pem. Note that due to limitations
81 GNU TLS, which is the TLS backend for libvirt, the file must
82 be less than 65K (so we can't use the system's CA bundle).
83 This parameter should be used if the default (which comes from
84 the InternalTLSCAFile parameter) is not desired. The current
85 default reflects TripleO's default CA, which is FreeIPA.
86 It will only be used if internal TLS is enabled.
90 SSH key for migration.
91 Expects a dictionary with keys 'public_key' and 'private_key'.
92 Values should be identical to SSH public/private key files.
98 description: Target port for migration over ssh
103 use_tls_for_live_migration:
106 - {get_param: EnableInternalTLS}
109 - {get_param: UseTLSTransportForLiveMigration}
112 libvirt_specific_ca_unset:
114 - {get_param: LibvirtCACert}
119 type: ./nova-base.yaml
121 ServiceData: {get_param: ServiceData}
122 ServiceNetMap: {get_param: ServiceNetMap}
123 DefaultPasswords: {get_param: DefaultPasswords}
124 EndpointMap: {get_param: EndpointMap}
125 RoleName: {get_param: RoleName}
126 RoleParameters: {get_param: RoleParameters}
130 description: Role data for the Libvirt service.
132 service_name: nova_libvirt
133 monitoring_subscription: {get_param: MonitoringSubscriptionNovaLibvirt}
136 - get_attr: [NovaBase, role_data, config_settings]
137 # we include ::nova::compute::libvirt::services in nova/libvirt profile
138 - nova::compute::libvirt::manage_libvirt_services: false
139 # we manage migration in nova common puppet profile
140 nova::compute::libvirt::migration_support: false
141 nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
142 nova::compute::rbd::rbd_keyring:
146 - {get_param: CephClientUserName}
147 nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
148 nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID}
149 tripleo::profile::base::nova::migration::client::libvirt_enabled: true
150 tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]}
151 tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort}
152 nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
153 nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
154 nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents}
155 nova::compute::libvirt::qemu::configure_qemu: true
156 nova::compute::libvirt::qemu::max_files: 32768
157 nova::compute::libvirt::qemu::max_processes: 131072
158 nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
159 rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
160 tripleo.nova_libvirt.firewall_rules:
169 - use_tls_for_live_migration
171 generate_service_certificates: true
172 tripleo::profile::base::nova::migration::client::libvirt_tls: true
173 nova::migration::libvirt::listen_address:
174 get_param: [ServiceNetMap, NovaLibvirtNetwork]
175 nova::migration::libvirt::live_migration_inbound_addr:
178 "%{hiera('fqdn_$NETWORK')}"
180 $NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
181 tripleo::certmonger::ca::libvirt::origin_ca_pem:
183 - libvirt_specific_ca_unset
184 - get_param: InternalTLSCAFile
185 - get_param: LibvirtCACert
186 tripleo::certmonger::libvirt_dirs::certificate_dir: '/etc/pki/libvirt'
187 tripleo::certmonger::libvirt_dirs::key_dir: '/etc/pki/libvirt/private'
188 libvirt_certificates_specs:
190 service_certificate: '/etc/pki/libvirt/servercert.pem'
191 service_key: '/etc/pki/libvirt/private/serverkey.pem'
194 template: "%{hiera('fqdn_NETWORK')}"
196 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
199 template: "libvirt/%{hiera('fqdn_NETWORK')}"
201 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
203 service_certificate: '/etc/pki/libvirt/clientcert.pem'
204 service_key: '/etc/pki/libvirt/private/clientkey.pem'
207 template: "%{hiera('fqdn_NETWORK')}"
209 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
212 template: "libvirt/%{hiera('fqdn_NETWORK')}"
214 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
217 include tripleo::profile::base::nova::libvirt
220 - use_tls_for_live_migration
223 network: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}