Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Merge "Add a new role for ComputeOvsDpdk and clean-up parameters"
[apex-tripleo-heat-templates.git] / docker / services / nova-libvirt.yaml
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index 9779d67..36bdc7f 100644 (file)
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -4,24 +4,22 @@ description: >
   OpenStack Libvirt Service
 
 parameters:
-  DockerNamespace:
-    description: namespace
-    default: 'tripleoupstream'
-    type: string
-  DockerLibvirtImage:
+  DockerNovaLibvirtImage:
     description: image
-    default: 'centos-binary-nova-libvirt:latest'
     type: string
   # we configure libvirt via the nova-compute container due to coupling
   # in the puppet modules
-  DockerNovaConfigImage:
-    description: image
-    default: 'centos-binary-nova-compute:latest'
+  DockerNovaLibvirtConfigImage:
+    description: The container image to use for the nova_libvirt config_volume
     type: string
   EnablePackageInstall:
     default: 'false'
     description: Set to true to enable package installation
     type: boolean
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
@@ -44,6 +42,26 @@ parameters:
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+  UseTLSTransportForLiveMigration:
+    type: boolean
+    default: true
+    description: If set to true and if EnableInternalTLS is enabled, it will
+                 set the libvirt URI's transport to tls and configure the
+                 relevant keys for libvirt.
+
+conditions:
+
+  use_tls_for_live_migration:
+    and:
+    - equals:
+      - {get_param: EnableInternalTLS}
+      - true
+    - equals:
+      - {get_param: UseTLSTransportForLiveMigration}
+      - true
 
 resources:
 
@@ -54,6 +72,7 @@ resources:
     type: ../../puppet/services/nova-libvirt.yaml
     properties:
       EndpointMap: {get_param: EndpointMap}
+      ServiceData: {get_param: ServiceData}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       RoleName: {get_param: RoleName}
@@ -77,15 +96,21 @@ outputs:
         get_attr: [NovaLibvirtBase, role_data, step_config]
       puppet_config:
         config_volume: nova_libvirt
-        puppet_tags: nova_config
+        puppet_tags: nova_config,file,exec
         step_config: *step_config
-        config_image:
-          list_join:
-          - '/'
-          - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
+        config_image: {get_param: DockerNovaLibvirtConfigImage}
       kolla_config:
-        /var/lib/kolla/config_files/nova-libvirt.json:
-          command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
+        /var/lib/kolla/config_files/nova_libvirt.json:
+          command:
+            if:
+              - use_tls_for_live_migration
+              - /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf
+              - /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
+          config_files:
+            - source: "/var/lib/kolla/config_files/src/*"
+              dest: "/"
+              merge: true
+              preserve_properties: true
           permissions:
             - path: /var/log/nova
               owner: nova:nova
@@ -93,10 +118,7 @@ outputs:
       docker_config:
         step_3:
           nova_libvirt:
-            image:
-              list_join:
-              - '/'
-              - [ {get_param: DockerNamespace}, {get_param: DockerLibvirtImage} ]
+            image: {get_param: DockerNovaLibvirtImage}
             net: host
             pid: host
             privileged: true
@@ -105,13 +127,14 @@ outputs:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 -
-                  - /var/lib/kolla/config_files/nova-libvirt.json:/var/lib/kolla/config_files/config.json:ro
-                  - /var/lib/config-data/nova_libvirt/etc/libvirt/:/etc/libvirt/:ro
+                  - /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
                   - /lib/modules:/lib/modules:ro
                   - /dev:/dev
                   - /run:/run
                   - /sys/fs/cgroup:/sys/fs/cgroup
                   - /var/lib/nova:/var/lib/nova
+                  - /etc/libvirt/secrets:/etc/libvirt/secrets
                   # Needed to use host's virtlogd
                   - /var/run/libvirt:/var/run/libvirt
                   - /var/lib/libvirt:/var/lib/libvirt
@@ -126,6 +149,7 @@ outputs:
             path: "{{ item }}"
             state: directory
           with_items:
+            - /etc/libvirt/secrets
             - /etc/libvirt/qemu
             - /var/lib/libvirt
             - /var/log/containers/nova