1 heat_template_version: ocata
4 Libvirt service configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Mapping of service endpoint -> protocol. Typically set
19 via parameter_defaults in the resource registry.
21 NovaComputeLibvirtType:
24 LibvirtEnabledPerfEvents:
25 type: comma_delimited_list
27 description: This is a performance event list which could be used as monitor.
28 For example - ``enabled_perf_events = cmt, mbml, mbmt``
29 The supported events list can be found in
30 https://libvirt.org/html/libvirt-libvirt-domain.html ,
31 which you may need to search key words ``VIR_PERF_PARAM_*``
32 MonitoringSubscriptionNovaLibvirt:
33 default: 'overcloud-nova-libvirt'
38 UseTLSTransportForLiveMigration:
41 description: If set to true and if EnableInternalTLS is enabled, it will
42 set the libvirt URI's transport to tls and configure the
43 relevant keys for libvirt.
46 default: '/etc/ipa/ca.crt'
47 description: This specifies the CA certificate to use for TLS in libvirt.
48 This file will be symlinked to the default CA path in libvirt,
49 which is /etc/pki/CA/cacert.pem. Note that due to limitations
50 GNU TLS, which is the TLS backend for libvirt, the file must
51 be less than 65K (so we can't use the system's CA bundle). The
52 current default reflects TripleO's default CA, which is
53 FreeIPA. It will only be used if internal TLS is enabled.
57 use_tls_for_live_migration:
60 - {get_param: EnableInternalTLS}
63 - {get_param: UseTLSTransportForLiveMigration}
68 type: ./nova-base.yaml
70 ServiceNetMap: {get_param: ServiceNetMap}
71 DefaultPasswords: {get_param: DefaultPasswords}
72 EndpointMap: {get_param: EndpointMap}
76 description: Role data for the Libvirt service.
78 service_name: nova_libvirt
79 monitoring_subscription: {get_param: MonitoringSubscriptionNovaLibvirt}
82 - get_attr: [NovaBase, role_data, config_settings]
83 # we include ::nova::compute::libvirt::services in nova/libvirt profile
84 - nova::compute::libvirt::manage_libvirt_services: false
85 # we manage migration in nova common puppet profile
86 nova::compute::libvirt::migration_support: false
87 tripleo::profile::base::nova::manage_migration: true
88 tripleo::profile::base::nova::libvirt_enabled: true
89 nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
90 nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
91 nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents}
92 nova::compute::libvirt::qemu::configure_qemu: true
93 nova::compute::libvirt::qemu::max_files: 32768
94 nova::compute::libvirt::qemu::max_processes: 131072
95 nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
96 tripleo.nova_libvirt.firewall_rules:
105 - use_tls_for_live_migration
107 generate_service_certificates: true
108 tripleo::profile::base::nova::libvirt_tls: true
109 nova::migration::libvirt::live_migration_inbound_addr:
112 "%{hiera('fqdn_$NETWORK')}"
114 $NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
115 tripleo::certmonger::ca::libvirt::origin_ca_pem:
116 get_param: LibvirtCACert
117 tripleo::certmonger::libvirt_dirs::certificate_dir: '/etc/pki/libvirt'
118 tripleo::certmonger::libvirt_dirs::key_dir: '/etc/pki/libvirt/private'
119 libvirt_certificates_specs:
121 service_certificate: '/etc/pki/libvirt/servercert.pem'
122 service_key: '/etc/pki/libvirt/private/serverkey.pem'
125 template: "%{hiera('fqdn_NETWORK')}"
127 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
130 template: "libvirt/%{hiera('fqdn_NETWORK')}"
132 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
134 service_certificate: '/etc/pki/libvirt/clientcert.pem'
135 service_key: '/etc/pki/libvirt/private/clientkey.pem'
138 template: "%{hiera('fqdn_NETWORK')}"
140 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
143 template: "libvirt/%{hiera('fqdn_NETWORK')}"
145 NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
148 include tripleo::profile::base::nova::libvirt
151 - use_tls_for_live_migration
154 network: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}