chef/cookbooks/nova/templates/default/nova.conf.erb
[DEFAULT]
ssl_only = <%= @vncproxy_ssl_enabled ? "True" : "False" %>
cert = <%= @vncproxy_cert_file %>
key = <%= @vncproxy_key_file %>
<% if @libvirt_type.eql?('zvm') %>
instance_name_template=zvm%05x
<% end %>
my_ip = <%= node[:nova][:my_ip] %>
<% unless @ironic_settings.nil? %>
scheduler_host_manager = ironic_host_manager
<% end %>
state_path = /var/lib/nova
enabled_ssl_apis = <%= @ssl_enabled ? "osapi_compute,metadata" : "" %>
osapi_compute_listen = <%= @bind_host %>
osapi_compute_listen_port = <%= @bind_port_api %>
osapi_compute_workers = <%= [node["cpu"]["total"], 2, 4].sort[1] %>
metadata_listen = <%= @metadata_bind_address %>
metadata_listen_port = <%= @bind_port_metadata %>
metadata_workers = <%= [node["cpu"]["total"], 2, 4].sort[1] %>
instance_usage_audit_period = hour
image_cache_manager_interval = <%= node[:nova][:image_cache_manager_interval] %>
<% if @libvirt_type.eql?('kvm') %>
use_rootwrap_daemon = <%= @use_rootwrap_daemon %>
<% end %>
memcached_servers = <%= @memcached_servers.join(',') %>
instances_path = <%= node[:nova][:instances_path] %>
instance_usage_audit = True
block_device_allocate_retries = <%= node[:nova][:block_device][:allocate_retries] %>
block_device_allocate_retries_interval = <%= node[:nova][:block_device][:allocate_retries_interval] %>
reserved_host_memory_mb = <%= @reserved_host_memory %>
cpu_allocation_ratio = <%= node[:nova][:scheduler][:cpu_allocation_ratio] %>
ram_allocation_ratio = <%= node[:nova][:scheduler][:ram_allocation_ratio] %>
disk_allocation_ratio = <%= node[:nova][:scheduler][:disk_allocation_ratio] %>
<% if @libvirt_type.eql?('vmware') %>
compute_driver = vmwareapi.VMwareVCDriver
<% elsif @libvirt_type.eql?('zvm') %>
compute_driver = nova.virt.zvm.ZVMDriver
<% elsif @libvirt_type.eql?('ironic') %>
compute_driver = ironic.IronicDriver
<% else %>
compute_driver = libvirt.LibvirtDriver
<% end %>
<% if @libvirt_type.eql?('xen') %>
use_cow_images = false
<% end %>
<% if @ssl_cert_required %>
ssl_ca_file = <%= @ssl_ca_file %>
<% end %>
<% if @force_config_drive || @libvirt_type.eql?('zvm') %>
flat_injected = true
<% end %>
dhcp_domain = <%= @neutron_dhcp_domain %>
security_group_api = neutron
<% if @force_config_drive and !@libvirt_type.eql?('zvm') %>
config_drive_format = vfat
<% end %>
<% if @force_config_drive || @libvirt_type.eql?('zvm') %>
force_config_drive = True
<% end %>
debug = <%= node[:nova][:debug] %>
log_dir = /var/log/nova
use_syslog = <%= node[:nova][:use_syslog] ? 'True' : 'False' %>
use_stderr = false
transport_url = <%= @rabbit_settings[:url] %>
control_exchange = nova
<% if @libvirt_type.eql?('zvm') %>
zvm_image_default_password = <%= node[:nova][:zvm][:zvm_image_default_password] %>
zvm_xcat_server = <%= node[:nova][:zvm][:zvm_xcat_server] %>
zvm_xcat_username = <%= node[:nova][:zvm][:zvm_xcat_username] %>
zvm_xcat_password = <%= node[:nova][:zvm][:zvm_xcat_password] %>
zvm_xcat_master = <%= node[:nova][:zvm][:zvm_xcat_master] %>
zvm_diskpool = <%= node[:nova][:zvm][:zvm_diskpool] %>
zvm_diskpool_type = <%= node[:nova][:zvm][:zvm_diskpool_type] %>
zvm_host = <%= node[:nova][:zvm][:zvm_host] %>
zvm_scsi_pool = <%= node[:nova][:zvm][:zvm_scsi_pool] %>
zvm_config_drive_inject_password = <%= node[:nova][:zvm][:zvm_config_drive_inject_password] %>
zvm_reachable_timeout = <%= node[:nova][:zvm][:zvm_reachable_timeout] %>
zvm_user_profile = <%= node[:nova][:zvm][:zvm_user_profile] %>
zvm_user_default_password = <%= node[:nova][:zvm][:zvm_user_default_password] %>
zvm_user_default_privilege = <%= node[:nova][:zvm][:zvm_user_default_privilege] %>
<% end %>
<% unless @default_log_levels.length.zero? -%>
default_log_levels = <%= @default_log_levels.join(", ") %>
<% end -%>
[api]
auth_strategy = keystone
<% if @vendordata_jsonfile %>
vendordata_jsonfile_path = <%= @vendordata_jsonfile %>
<% end %>
[api_database]
<% if @api_database_connection %>
connection = <%= @api_database_connection %>
<% end %>
<% unless node[:nova][:api_db][:max_pool_size].nil? %>
max_pool_size = <%= node[:nova][:api_db][:max_pool_size] %>
<% end %>
<% unless node[:nova][:api_db][:max_overflow].nil? %>
max_overflow = <%= node[:nova][:api_db][:max_overflow] %>
<% end %>
<% unless node[:nova][:api_db][:pool_timeout].nil? %>
pool_timeout = <%= node[:nova][:api_db][:pool_timeout] %>
<% end %>
[cache]
backend = oslo_cache.memcache_pool
enabled = true
memcache_servers = <%= @memcached_servers.join(',') %>
[cinder]
catalog_info = volumev3:cinderv3:internalURL
os_region_name = <%= @keystone_settings['endpoint_region'] %>
insecure = <%= @cinder_insecure ? 'True' : 'False' %>
cross_az_attach = <%= node[:nova][:cross_az_attach] %>
[conductor]
workers=<%= [node["cpu"]["total"], 2, 4].sort[1] %>
[database]
<% if @database_connection %>
connection = <%= @database_connection %>
<% end %>
<% unless node[:nova][:db][:min_pool_size].nil? %>
min_pool_size = <%= node[:nova][:db][:min_pool_size] %>
<% end %>
<% unless node[:nova][:db][:max_pool_size].nil? %>
max_pool_size = <%= node[:nova][:db][:max_pool_size] %>
<% end %>
<% unless node[:nova][:db][:max_overflow].nil? %>
max_overflow = <%= node[:nova][:db][:max_overflow] %>
<% end %>
<% unless node[:nova][:db][:pool_timeout].nil? %>
pool_timeout = <%= node[:nova][:db][:pool_timeout] %>
<% end %>
[glance]
<% unless @glance_server_host.nil? %>
host = <%= @glance_server_host %>
port = <%= @glance_server_port %>
api_servers = <%= "#{@glance_server_protocol}://#{@glance_server_host}:#{@glance_server_port}" %>
endpoint_type = internal
insecure = <%= @glance_server_insecure ? 'True' : 'False' %>
<% end %>
protocol = <%= @glance_server_protocol %>
<% if @ssl_cert_required %>
cafile = <%= @ssl_ca_file %>
<% end %>
certfile = <%= @ssl_cert_file %>
keyfile = <%= @ssl_key_file %>
<% unless @ironic_settings.nil? %>
[ironic]
# temporary workaround for nova using public ironic endpoint (this will be deprecated in Queens)
api_endpoint = <%= @ironic_settings[:api_protocol] %>://<%= @ironic_settings[:api_host] %>:<%= @ironic_settings[:api_port] %>
auth_type = password
auth_url = <%= @keystone_settings['internal_auth_url'] %>
username = <%= @ironic_settings[:service_user] %>
password = <%= @ironic_settings[:service_password] %>
project_name = <%= @keystone_settings['service_tenant'] %>
project_domain_name = <%= @keystone_settings['admin_domain']%>
user_domain_name = <%= @keystone_settings['admin_domain'] %>
<% end %>
[key_manager]
<% unless @keymgr_fixed_key.empty? %>
backend = nova.keymgr.conf_key_mgr.ConfKeyManager
fixed_key = <%= @keymgr_fixed_key.each_byte.map { |b| b.to_s(16) }.join %>
<% end %>
[keystone_authtoken]
auth_type = password
www_authenticate_uri = <%= @keystone_settings['public_auth_url'] %>
auth_url = <%= @keystone_settings['internal_auth_url'] %>
auth_version= <%= @keystone_settings['api_version_for_middleware'] %>
insecure = <%= @keystone_settings['insecure'] %>
region_name = <%= @keystone_settings['endpoint_region'] %>
username = <%= @keystone_settings['service_user'] %>
password = <%= @keystone_settings['service_password'] %>
project_name = <%= @keystone_settings['service_tenant'] %>
project_domain_name = <%= @keystone_settings["admin_domain"]%>
user_domain_name = <%= @keystone_settings["admin_domain"] %>
memcached_servers = <%= @memcached_servers.join(',') %>
memcache_security_strategy = ENCRYPT
memcache_secret_key = <%= node[:nova][:memcache_secret_key] %>
memcache_pool_socket_timeout = 1
service_token_roles_required = true
service_token_roles = admin
[libvirt]
<% if %w(kvm lxc qemu uml xen parallels).include? @libvirt_type %>
virt_type = <%= @libvirt_type %>
<% end %>
<% if (@libvirt_type.eql?('xen') and @libvirt_migration and @shared_instances) or @libvirt_type.eql?('kvm') %>
live_migration_inbound_addr = <%= @live_migration_inbound_fqdn %>
<% end %>
<% if @libvirt_type.eql?('xen') %>
<% if @libvirt_migration and @shared_instances %>
live_migration_flag = VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_LIVE
<% end %>
<% elsif @libvirt_type.eql?('kvm') %>
<% if @libvirt_migration %>
<% if @shared_instances %>
live_migration_flag = VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE
<% else %>
block_migration_flag = VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_NON_SHARED_INC, VIR_MIGRATE_LIVE
<% end %>
# Timeout migration if less than 1MB/s RAM can be copied
live_migration_completion_timeout=1000
<% end %>
<% end %>
<% if @libvirt_type.eql?('xen') %>
disk_prefix = xvd
<% end %>
<% unless @cpu_mode.empty? %>
cpu_mode = <%= @cpu_mode %>
<% end %>
<% unless @cpu_model.empty? %>
cpu_model = <%= @cpu_model %>
<% end %>
<% if @libvirt_type.eql?('kvm') %>
use_virtio_for_bridges = true
<% end %>
<% if @use_multipath %>
volume_use_multipath = true
<% end %>
<% if @use_multipath %>
iser_use_multipath = true
<% end %>
disk_cachemodes = <%= node[:nova][:kvm][:disk_cachemodes] %>
<% if @rng_device %>
rng_dev_path = <%= @rng_device %>
<% end %>
<% if @ephemeral_rbd_settings %>
images_type = rbd
rbd_user = <%= @ephemeral_rbd_settings[:user] %>
rbd_secret_uuid = <%= @ephemeral_rbd_settings[:secret_uuid] %>
images_rbd_pool = <%= @ephemeral_rbd_settings[:pool] %>
images_rbd_ceph_conf = <%= @ephemeral_rbd_settings[:config_file] %>
hw_disk_discard = unmap
<% end %>
[neutron]
service_metadata_proxy = true
metadata_proxy_shared_secret = <%= node[:nova][:neutron_metadata_proxy_shared_secret] %>
url = <%= @neutron_protocol %>://<%= @neutron_server_host %>:<%= @neutron_server_port %>
region_name = <%= @keystone_settings['endpoint_region'] %>
auth_url = <%= KeystoneHelper.versioned_service_URL(@keystone_settings["protocol"],
@keystone_settings["internal_url_host"],
@keystone_settings["service_port"],
"3") %>
endpoint_type = internal
auth_type = password
insecure = <%= @neutron_insecure ? 'True' : 'False' %>
password = <%= @neutron_service_password %>
project_name = <%= @keystone_settings['service_tenant'] %>
timeout = <%= node[:nova][:neutron_url_timeout] %>
username = <%= @neutron_service_user %>
user_domain_name = <%= @keystone_settings['admin_domain'] %>
project_domain_name = <%= @keystone_settings['admin_domain'] %>
default_floating_pool = floating
[oslo_concurrency]
<% if @need_shared_lock_path %>
lock_path = /var/run/openstack
<% else %>
lock_path = /var/run/nova
<% end %>
<% if @rabbit_settings[:enable_notifications] -%>
[oslo_messaging_notifications]
driver = messagingv2
[notifications]
notify_on_state_change = vm_and_task_state
notification_format = unversioned
<% end -%>
[oslo_messaging_rabbit]
amqp_durable_queues = <%= @rabbit_settings[:durable_queues] %>
rabbit_ha_queues = <%= @rabbit_settings[:ha_queues] %>
ssl = <%= @rabbit_settings[:use_ssl] %>
<% if @rabbit_settings[:client_ca_certs] %>
ssl_ca_file = <%= @rabbit_settings[:client_ca_certs] %>
<% end %>
heartbeat_timeout_threshold = <%= @rabbit_settings[:heartbeat_timeout] %>
[serial_console]
enabled = <%= @serial_enabled ? "True" : "False" %>
base_url = ws://<%= @serialproxy_public_host %>:<%= node[:nova][:ports][:serialproxy] %>/
proxyclient_address = <%= node[:nova][:my_ip] %>
serialproxy_host = <%= @bind_host %>
serialproxy_port = <%= @bind_port_serialproxy %>
[trusted_computing]
<% if @has_itxt %>
attestation_server= <%= @oat_appraiser_host %>
<% end %>
<% if @has_itxt %>
attestation_server_ca_file=/etc/nova/oat_certfile.cer
<% end %>
<% if @has_itxt %>
attestation_port=<%= @oat_appraiser_port %>
<% end %>
<% if @has_itxt %>
attestation_api_url=/AttestationService/resources
<% end %>
[vmware]
<% if @libvirt_type.eql?('vmware') %>
host_ip = <%= node[:nova][:vcenter][:host] %>
host_username = <%= node[:nova][:vcenter][:user] %>
host_password = <%= node[:nova][:vcenter][:password] %>
<% if ! node[:nova][:vcenter][:ca_file].empty? %>
ca_file = <%= node[:nova][:vcenter][:ca_file] %>
<% end %>
<% if node[:nova][:vcenter][:insecure] %>
insecure= <%= node[:nova][:vcenter][:insecure] %>
<% end %>
<% node[:nova][:vcenter][:clusters].each do |cluster| %>
cluster_name = "<%= cluster %>"
<% end %>
datastore_regex = <%= node[:nova][:vcenter][:datastore] %>
vlan_interface = <%= node[:nova][:vcenter][:interface] %>
vnc_keymap = <%= node[:nova][:vcenter][:vnc_keymap] %>
<% end %>
[vnc]
enabled = <%= @vnc_enabled ? "True" : "False" %>
server_listen = "0.0.0.0"
server_proxyclient_address = <%= node[:nova][:my_ip] %>
novncproxy_host = <%= @bind_host %>
novncproxy_port = <%= @bind_port_novncproxy %>
novncproxy_base_url = <%= @vncproxy_ssl_enabled ? "https" : "http" %>://<%= @vncproxy_public_host %>:<%= node[:nova][:ports][:novncproxy] %>/vnc_auto.html
xvpvncproxy_host = <%= @bind_host %>
[wsgi]
max_header_line = <%= node[:nova][:max_header_line] %>
ssl_cert_file = <%= @ssl_cert_file %>
ssl_key_file = <%= @ssl_key_file %>
keep_alive = false
[upgrade_levels]
# Determine RPC protocol version for nova based on the minimum
# of all services registered in nova service database.
compute=auto
[scheduler]
discover_hosts_in_cells_interval = <%= node[:nova][:scheduler][:discover_hosts_in_cells_interval] %>
max_attempts = 9
# Avoid scheduler conflicts when using HA
host_subset_size = 4
<% if @libvirt_type.eql?('ironic') %>
host_manager = ironic_host_manager
<% end %>
[filter_scheduler]
<% if @use_baremetal_filters %>
use_baremetal_filters = true
<% end %>
<% if @has_itxt %>
available_filters = nova.scheduler.filters.standard_filters
<% if @enabled_filters.empty? %>
enabled_filters = RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,TrustedFilter
<% else %>
enabled_filters = <%= @enabled_filters %>
<% end %>
<% else %>
available_filters = nova.scheduler.filters.all_filters
<% if @enabled_filters.empty? %>
enabled_filters = RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,SameHostFilter,DifferentHostFilter,PciPassthroughFilter
<% else %>
enabled_filters = <%= @enabled_filters %>
<% end %>
<% end %>
<% unless @track_instance_changes %>
track_instance_changes = false
<% end %>
<% if @profiler_settings[:enabled] -%>
[profiler]
enabled = true
trace_sqlalchemy = <%= @profiler_settings[:trace_sqlalchemy] ? "true" : "false" %>
hmac_keys = <%= @profiler_settings[:hmac_keys].join(",") %>
connection_string = <%= @profiler_settings[:connection_string] %>
<% end -%>