X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=docker%2Fservices%2Fnova-libvirt.yaml;h=d20c093d65e762d01a4589e73e450bce4d2a88a6;hb=c5a3fe490f1d37abdad28357cd8332fd5a1fe519;hp=62c25bb246ec64d4f470d3b778bcea571d6ed751;hpb=a906f71d8e1254efd46ca0fe499c2750b9bcfaea;p=apex-tripleo-heat-templates.git

diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index 62c25bb2..d20c093d 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -61,7 +61,7 @@ parameters:
     description: Whether to enable or not the Rbd backend for Cinder
     type: boolean
   CephClientKey:
-    description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+    description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
     type: string
     hidden: true
   CephClusterFSID:
@@ -113,7 +113,10 @@ outputs:
     value:
       service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]}
       config_settings:
-        get_attr: [NovaLibvirtBase, role_data, config_settings]
+        map_merge:
+          - get_attr: [NovaLibvirtBase, role_data, config_settings]
+          - tripleo::profile::base::certmonger_user::libvirt_postsave_cmd: "true" # TODO: restart the libvirt container here
+
       step_config: &step_config
         list_join:
           - "\n"
@@ -201,6 +204,17 @@ outputs:
                   - /var/lib/libvirt:/var/lib/libvirt
                   - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
                   - /var/log/containers/nova:/var/log/nova
+                  - /var/lib/vhost_sockets:/var/lib/vhost_sockets
+                -
+                  if:
+                    - use_tls_for_live_migration
+                    -
+                      - /etc/ipa/ca.crt:/etc/pki/CA/cacert.pem:ro
+                      - /etc/pki/libvirt/servercert.pem:/etc/pki/libvirt/servercert.pem:ro
+                      - /etc/pki/libvirt/private/serverkey.pem:/etc/pki/libvirt/private/serverkey.pem:ro
+                      - /etc/pki/libvirt/clientcert.pem:/etc/pki/libvirt/clientcert.pem:ro
+                      - /etc/pki/libvirt/private/clientkey.pem:/etc/pki/libvirt/private/clientkey.pem:ro
+                    - null
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
         step_4:
@@ -239,6 +253,30 @@ outputs:
             - /etc/libvirt/qemu
             - /var/lib/libvirt
             - /var/log/containers/nova
+        # qemu user on host will be cretaed by libvirt package install, ensure
+        # the qemu user created with same uid/gid as like libvirt package.
+        # These specific values are required since ovs is running on host.
+        # Once ovs with DPDK is containerized, we could modify this uid/gid
+        # to match with kolla config values.
+        - name: ensure qemu group is present on the host
+          group:
+            name: qemu
+            gid: 107
+            state: present
+        - name: ensure qemu user is present on the host
+          user:
+            name: qemu
+            uid: 107
+            group: qemu
+            state: present
+            shell: /sbin/nologin
+            comment: qemu user
+        - name: create directory for vhost-user sockets with qemu ownership
+          file:
+            path: /var/lib/vhost_sockets
+            state: directory
+            owner: qemu
+            group: qemu
         - name: ensure ceph configurations exist
           file:
             path: /etc/ceph
@@ -256,6 +294,8 @@ outputs:
             - libvirtd.service
             - virtlogd.socket
           when: libvirt_installed.rc == 0
+      metadata_settings:
+        get_attr: [NovaLibvirtBase, role_data, metadata_settings]
       upgrade_tasks:
         - name: Stop and disable libvirtd service
           tags: step2