summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPedro Alvarez <pedro.alvarez@codethink.co.uk>2015-05-28 09:54:26 +0000
committerFrancisco Redondo Marchena <francisco.marchena@codethink.co.uk>2015-06-11 17:04:29 +0000
commite10ad8da85f1dc117d8df7a4c088b98d6335806d (patch)
tree3cbedf1d6f451bb975a77cf112cf3406615c6188
parentbfe523b5328d9fdccefb29b685d396e3de7427e2 (diff)
downloaddefinitions-e10ad8da85f1dc117d8df7a4c088b98d6335806d.tar.gz
OpenStack: Add custom configuration for the components
Add custom configuration for Keystone, Nova, Neutron, Cinder, Glance, Ironic, Swift, Ceilometer, Horizon and Tempest for Openstack Kilo release. Notes: - Horizon configuration has change in order to be less error prone and to be close to the default configuration, the following changes has been made to achive this purpose: - Install the openstack_dashboard django project in /var/lib/horizon avoiding: - to write in /usr/lib/python2.7/site-packages/static - to maintain a copy of local_settings.py - to create a symlink as workaround to make django.wsgi to work with the previous configuration. - Change the path of django.wsgi file - Remove the 'horizon/' suffix to access Horizon via URL. - Grant permissions to access to /var/lib/horizon/static Signed-off-by: Francisco Redondo Marchena <francisco.marchena@codethink.co.uk> Signed-off-by: Patrick Darley <patrick.darley@codethink.co.uk> Signed-off-by: Tiago Gomes <tiago.gomes@codethink.co.uk> Change-Id: I1fda4f85eb334b1b5bfec54dfcd9780a6112ea3b
-rw-r--r--extensions/openstack-ceilometer.configure2
-rw-r--r--install-files/openstack/etc/horizon/apache-horizon.conf10
-rw-r--r--install-files/openstack/etc/tempest/tempest.conf228
-rw-r--r--install-files/openstack/manifest2
-rw-r--r--install-files/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service3
-rw-r--r--install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf85
-rw-r--r--install-files/openstack/usr/share/openstack/cinder/cinder.conf66
-rw-r--r--install-files/openstack/usr/share/openstack/glance/glance-api.conf62
-rw-r--r--install-files/openstack/usr/share/openstack/glance/glance-registry.conf60
-rw-r--r--install-files/openstack/usr/share/openstack/horizon.yml7
-rw-r--r--install-files/openstack/usr/share/openstack/ironic/ironic.conf36
-rw-r--r--install-files/openstack/usr/share/openstack/keystone/keystone.conf26
-rw-r--r--install-files/openstack/usr/share/openstack/neutron-config.yml11
-rw-r--r--install-files/openstack/usr/share/openstack/neutron-db.yml2
-rw-r--r--install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini6
-rw-r--r--install-files/openstack/usr/share/openstack/neutron/l3_agent.ini4
-rw-r--r--install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini14
-rw-r--r--install-files/openstack/usr/share/openstack/neutron/neutron.conf66
-rw-r--r--install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini24
-rw-r--r--install-files/openstack/usr/share/openstack/nova/nova.conf134
-rw-r--r--install-files/swift/usr/share/swift/etc/swift/container-server.j28
-rw-r--r--install-files/swift/usr/share/swift/etc/swift/object-server.j225
-rw-r--r--install-files/swift/usr/share/swift/etc/swift/swift.j253
-rw-r--r--strata/openstack-services/horizon.morph66
24 files changed, 560 insertions, 440 deletions
diff --git a/extensions/openstack-ceilometer.configure b/extensions/openstack-ceilometer.configure
index 9c0b7b6d..a98c4d73 100644
--- a/extensions/openstack-ceilometer.configure
+++ b/extensions/openstack-ceilometer.configure
@@ -66,6 +66,7 @@ if [ -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" -o \
-z "$RABBITMQ_USER" -o \
-z "$RABBITMQ_PASSWORD" -o \
-z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -o \
+ -z "$NOVA_VIRT_TYPE" -o \
-z "$CONTROLLER_HOST_ADDRESS" ]; then
echo Some options required for Ceilometer were defined, but not all.
exit 1
@@ -114,6 +115,7 @@ ceilometer_configuration={
'RABBITMQ_PASSWORD': os.environ['RABBITMQ_PASSWORD'],
'MANAGEMENT_INTERFACE_IP_ADDRESS': os.environ['MANAGEMENT_INTERFACE_IP_ADDRESS'],
'CONTROLLER_HOST_ADDRESS': os.environ['CONTROLLER_HOST_ADDRESS'],
+ 'NOVA_VIRT_TYPE': os.environ['NOVA_VIRT_TYPE'],
}
yaml.dump(ceilometer_configuration, sys.stdout, default_flow_style=False)
diff --git a/install-files/openstack/etc/horizon/apache-horizon.conf b/install-files/openstack/etc/horizon/apache-horizon.conf
index ea88897a..ab3cf0c7 100644
--- a/install-files/openstack/etc/horizon/apache-horizon.conf
+++ b/install-files/openstack/etc/horizon/apache-horizon.conf
@@ -1,16 +1,18 @@
<VirtualHost *:80>
- WSGIScriptAlias /horizon /var/lib/horizon/openstack_dashboard/django.wsgi
+ WSGIScriptAlias / /var/lib/horizon/openstack_dashboard/wsgi/django.wsgi
WSGIDaemonProcess horizon user=horizon group=horizon processes=3 threads=10 home=/var/lib/horizon display-name=horizon
WSGIApplicationGroup %{GLOBAL}
- RedirectMatch ^/$ /horizon/
-
SetEnv APACHE_RUN_USER apache
SetEnv APACHE_RUN_GROUP apache
WSGIProcessGroup horizon
DocumentRoot /var/lib/horizon/.blackhole
- Alias /static /var/lib/horizon/openstack_dashboard/static
+ Alias /static /var/lib/horizon/static
+
+ <Directory /var/lib/horizon/static>
+ Require all granted
+ </Directory>
<Directory /var/lib/horizon/openstack_dashboard >
Options Indexes FollowSymLinks MultiViews
diff --git a/install-files/openstack/etc/tempest/tempest.conf b/install-files/openstack/etc/tempest/tempest.conf
index fcc8db9e..ad3d7fb2 100644
--- a/install-files/openstack/etc/tempest/tempest.conf
+++ b/install-files/openstack/etc/tempest/tempest.conf
@@ -41,7 +41,7 @@
# Use syslog for logging. Existing syslog format is DEPRECATED during
# I, and will change in J to honor RFC5424. (boolean value)
-#use_syslog = false
+use_syslog = true
# (Optional) Enables or disables syslog rfc5424 format for logging. If
# enabled, prefixes the MSG part of the syslog message with APP-NAME
@@ -107,7 +107,7 @@
# achieved configuring a list of test accounts (boolean value)
# Deprecated group/name - [compute]/allow_tenant_isolation
# Deprecated group/name - [orchestration]/allow_tenant_isolation
-#allow_tenant_isolation = true
+allow_tenant_isolation = true
# Roles to assign to all users created by tempest (list value)
#tempest_roles =
@@ -208,15 +208,15 @@
#
# enable cli tests (boolean value)
-#enabled = true
+enabled = true
# directory where python client binaries are located (string value)
-#cli_dir = /usr/local/bin
+cli_dir = /usr/bin
# Whether the tempest run location has access to the *-manage
# commands. In a pure blackbox environment it will not. (boolean
# value)
-#has_manage = true
+has_manage = true
# Number of seconds to wait on a CLI timeout (integer value)
#timeout = 15
@@ -238,10 +238,10 @@
#image_ref_alt = <None>
# Valid primary flavor to use in tests. (string value)
-#flavor_ref = 1
+flavor_ref = 1
# Valid secondary flavor to be used in tests. (string value)
-#flavor_ref_alt = 2
+flavor_ref_alt = 2
# User name used to authenticate to an instance. (string value)
#image_ssh_user = root
@@ -254,12 +254,12 @@
#image_alt_ssh_user = root
# Time in seconds between build status checks. (integer value)
-#build_interval = 1
+build_interval = 1
# Timeout in seconds to wait for an instance to build. Other services
# that do not define build_timeout will inherit this value. (integer
# value)
-#build_timeout = 300
+build_timeout = 300
# Should the tests ssh to instances? (boolean value)
#run_ssh = false
@@ -269,12 +269,12 @@
# servers with a ssh keypair. Configured: use the configured user and
# password. Adminpass: use the injected adminPass. Disabled: avoid
# using ssh when it is an option. (string value)
-#ssh_auth_method = keypair
+ssh_auth_method = adminpass
# How to connect to the instance? fixed: using the first ip belongs
# the fixed network floating: creating and using a floating ip.
# (string value)
-#ssh_connect_method = floating
+ssh_connect_method = floating
# User name used to authenticate to an instance. (string value)
#ssh_user = root
@@ -314,26 +314,26 @@
#network_for_ssh = public
# IP version used for SSH connections. (integer value)
-#ip_version_for_ssh = 4
+ip_version_for_ssh = 4
# Does SSH use Floating IPs? (boolean value)
#use_floatingip_for_ssh = true
# Catalog type of the Compute service. (string value)
-#catalog_type = compute
+catalog_type = compute
# The compute region name to use. If empty, the value of
# identity.region is used instead. If no such region is found in the
# service catalog, the first found one is used. (string value)
-#region =
+region = regionOne
# The endpoint type to use for the compute service. (string value)
# Allowed values: public, admin, internal, publicURL, adminURL, internalURL
-#endpoint_type = publicURL
+endpoint_type = publicURL
# Expected device name when a volume is attached to an instance
# (string value)
-#volume_device_name = vdb
+volume_device_name = vdb
# Time in seconds before a shelved instance is eligible for removing
# from a host. -1 never offload, 0 offload when shelved. This time
@@ -354,7 +354,7 @@
#
# If false, skip disk config tests (boolean value)
-#disk_config = true
+disk_config = true
# A list of enabled compute extensions with a special entry all which
# indicates every extension is enabled. Each extension should be
@@ -364,28 +364,28 @@
# Does the test environment support changing the admin password?
# (boolean value)
-#change_password = false
+change_password = false
# Does the test environment support obtaining instance serial console
# output? (boolean value)
-#console_output = true
+console_output = true
# Does the test environment support resizing? (boolean value)
-#resize = false
+resize = false
# Does the test environment support pausing? (boolean value)
-#pause = true
+pause = true
# Does the test environment support shelving/unshelving? (boolean
# value)
-#shelve = true
+shelve = true
# Does the test environment support suspend/resume? (boolean value)
-#suspend = true
+suspend = true
# Does the test environment support live migration available? (boolean
# value)
-#live_migration = true
+live_migration = false
# Does the test environment use block devices for live migration
# (boolean value)
@@ -394,43 +394,43 @@
# Does the test environment block migration support cinder iSCSI
# volumes. Note, libvirt doesn't support this, see
# https://bugs.launchpad.net/nova/+bug/1398999 (boolean value)
-#block_migrate_cinder_iscsi = false
+block_migrate_cinder_iscsi = false
# Enable VNC console. This configuration value should be same as
# [nova.vnc]->vnc_enabled in nova.conf (boolean value)
-#vnc_console = false
+vnc_console = true
# Enable Spice console. This configuration value should be same as
# [nova.spice]->enabled in nova.conf (boolean value)
-#spice_console = false
+spice_console = false
# Enable RDP console. This configuration value should be same as
# [nova.rdp]->enabled in nova.conf (boolean value)
-#rdp_console = false
+rdp_console = false
# Does the test environment support instance rescue mode? (boolean
# value)
-#rescue = true
+rescue = true
# Enables returning of the instance password by the relevant server
# API calls such as create, rebuild or rescue. (boolean value)
-#enable_instance_password = true
+enable_instance_password = true
# Does the test environment support dynamic network interface
# attachment? (boolean value)
-#interface_attach = true
+interface_attach = true
# Does the test environment support creating snapshot images of
# running instances? (boolean value)
-#snapshot = true
+snapshot = true
# Does the test environment have the ec2 api running? (boolean value)
-#ec2_api = true
+ec2_api = false
# Does Nova preserve preexisting ports from Neutron when deleting an
# instance? This should be set to True if testing Kilo+ Nova. (boolean
# value)
-#preserve_ports = false
+preserve_ports = true
[dashboard]
@@ -440,10 +440,10 @@
#
# Where the dashboard can be found (string value)
-#dashboard_url = http://localhost/
+dashboard_url = http://{{ CONTROLLER_HOST_ADDRESS }}
# Login page for the dashboard (string value)
-#login_url = http://localhost/auth/login/
+login_url = http://{{ CONTROLLER_HOST_ADDRESS }}/auth/login/
[data_processing]
@@ -515,7 +515,7 @@
#
# Catalog type of the Identity service. (string value)
-#catalog_type = identity
+catalog_type = identity
# Set to True if using self-signed SSL certificates. (boolean value)
#disable_ssl_certificate_validation = false
@@ -525,36 +525,36 @@
#ca_certificates_file = <None>
# Full URI of the OpenStack Identity API (Keystone), v2 (string value)
-#uri = <None>
+uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0/
# Full URI of the OpenStack Identity API (Keystone), v3 (string value)
#uri_v3 = <None>
# Identity API version to be used for authentication for API tests.
# (string value)
-#auth_version = v2
+auth_version = v2
# The identity region name to use. Also used as the other services'
# region name unless they are set explicitly. If no such region is
# found in the service catalog, the first found one is used. (string
# value)
-#region = RegionOne
+region = RegionOne
# The endpoint type to use for the identity service. (string value)
# Allowed values: public, admin, internal, publicURL, adminURL, internalURL
-#endpoint_type = publicURL
+endpoint_type = publicURL
# Username to use for Nova API requests. (string value)
-#username = <None>
+username = {{ NOVA_SERVICE_USER }}
# Tenant name to use for Nova API requests. (string value)
-#tenant_name = <None>
+tenant_name = service
# Role required to administrate keystone. (string value)
-#admin_role = admin
+admin_role = admin
# API key to use when authenticating. (string value)
-#password = <None>
+password = {{ NOVA_SERVICE_PASSWORD }}
# Domain name for authentication (Keystone V3).The same domain applies
# to user and project (string value)
@@ -577,14 +577,14 @@
# Administrative Username to use for Keystone API requests. (string
# value)
-#admin_username = <None>
+admin_username = admin
# Administrative Tenant name to use for Keystone API requests. (string
# value)
-#admin_tenant_name = <None>
+admin_tenant_name = admin
# API key to use when authenticating as admin. (string value)
-#admin_password = <None>
+admin_password = {{ KEYSTONE_ADMIN_PASSWORD }}
# Admin domain name for authentication (Keystone V3).The same domain
# applies to user and project (string value)
@@ -599,13 +599,13 @@
# Does the identity service have delegation and impersonation enabled
# (boolean value)
-#trust = true
+trust = false
# Is the v2 identity API enabled (boolean value)
-#api_v2 = true
+api_v2 = true
# Is the v3 identity API enabled (boolean value)
-#api_v3 = true
+api_v3 = false
[image]
@@ -615,27 +615,27 @@
#
# Catalog type of the Image service. (string value)
-#catalog_type = image
+catalog_type = image
# The image region name to use. If empty, the value of identity.region
# is used instead. If no such region is found in the service catalog,
# the first found one is used. (string value)
-#region =
+region = regionOne
# The endpoint type to use for the image service. (string value)
# Allowed values: public, admin, internal, publicURL, adminURL, internalURL
-#endpoint_type = publicURL
+endpoint_type = publicURL
# http accessible image (string value)
-#http_image = http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-uec.tar.gz
+http_image = http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-uec.tar.gz
# Timeout in seconds to wait for an image to become available.
# (integer value)
-#build_timeout = 300
+build_timeout = 300
# Time in seconds between image operation status checks. (integer
# value)
-#build_interval = 1
+build_interval = 1
[image-feature-enabled]
@@ -645,7 +645,7 @@
#
# Is the v2 image API enabled (boolean value)
-#api_v2 = true
+api_v2 = true
# Is the v1 image API enabled (boolean value)
#api_v1 = true
@@ -658,10 +658,10 @@
#
# Matching images become parameters for scenario tests (string value)
-#image_regex = ^cirros-0.3.1-x86_64-uec$
+image_regex = ^cirros-0.3.1-x86_64-uec$
# Matching flavors become parameters for scenario tests (string value)
-#flavor_regex = ^m1.nano$
+flavor_regex = ^m1.nano$
# SSH verification in tests is skippedfor matching images (string
# value)
@@ -678,33 +678,33 @@
#
# Catalog type of the Messaging service. (string value)
-#catalog_type = messaging
+catalog_type = messaging
# The maximum number of queue records per page when listing queues
# (integer value)
-#max_queues_per_page = 20
+max_queues_per_page = 20
# The maximum metadata size for a queue (integer value)
-#max_queue_metadata = 65536
+max_queue_metadata = 65536
# The maximum number of queue message per page when listing (or)
# posting messages (integer value)
-#max_messages_per_page = 20
+max_messages_per_page = 20
# The maximum size of a message body (integer value)
-#max_message_size = 262144
+max_message_size = 262144
# The maximum number of messages per claim (integer value)
-#max_messages_per_claim = 20
+max_messages_per_claim = 20
# The maximum ttl for a message (integer value)
-#max_message_ttl = 1209600
+max_message_ttl = 1209600
# The maximum ttl for a claim (integer value)
-#max_claim_ttl = 43200
+max_claim_ttl = 43200
# The maximum grace period for a claim (integer value)
-#max_claim_grace = 43200
+max_claim_grace = 43200
[negative]
@@ -714,7 +714,7 @@
#
# Test generator class for all negative tests (string value)
-#test_generator = tempest.common.generator.negative_generator.NegativeTestGenerator
+test_generator = tempest.common.generator.negative_generator.NegativeTestGenerator
[network]
@@ -724,22 +724,22 @@
#
# Catalog type of the Neutron service. (string value)
-#catalog_type = network
+catalog_type = network
# The network region name to use. If empty, the value of
# identity.region is used instead. If no such region is found in the
# service catalog, the first found one is used. (string value)
-#region =
+region = regionOne
# The endpoint type to use for the network service. (string value)
# Allowed values: public, admin, internal, publicURL, adminURL, internalURL
-#endpoint_type = publicURL
+endpoint_type = publicURL
# The cidr block to allocate tenant ipv4 subnets from (string value)
-#tenant_network_cidr = 10.100.0.0/16
+tenant_network_cidr = 192.168.1.0/24
# The mask bits for tenant ipv4 subnets (integer value)
-#tenant_network_mask_bits = 28
+tenant_network_mask_bits = 28
# The cidr block to allocate tenant ipv6 subnets from (string value)
#tenant_network_v6_cidr = 2003::/48
@@ -768,11 +768,11 @@
# Timeout in seconds to wait for network operation to complete.
# (integer value)
-#build_timeout = 300
+build_timeout = 300
# Time in seconds between network operation status checks. (integer
# value)
-#build_interval = 1
+build_interval = 1
# List of dns servers which should be used for subnet creation (list
# value)
@@ -791,7 +791,7 @@
#
# Allow the execution of IPv6 tests (boolean value)
-#ipv6 = true
+ipv6 = false
# A list of enabled network extensions with a special entry all which
# indicates every extension is enabled. Empty list indicates all
@@ -925,14 +925,14 @@
# Enables or disables inter-process locks. (boolean value)
# Deprecated group/name - [DEFAULT]/disable_process_locking
-#disable_process_locking = false
+disable_process_locking = false
# Directory to use for lock files. For security, the specified
# directory should only be writable by the user running the processes
# that need locking. Defaults to environment variable OSLO_LOCK_PATH.
# If external locks are used, a lock path must be set. (string value)
# Deprecated group/name - [DEFAULT]/lock_path
-#lock_path = <None>
+lock_path = /run/lock
[scenario]
@@ -984,41 +984,41 @@
#
# Whether or not cinder is expected to be available (boolean value)
-#cinder = true
+cinder = true
# Whether or not neutron is expected to be available (boolean value)
-#neutron = false
+neutron = true
# Whether or not glance is expected to be available (boolean value)
-#glance = true
+glance = true
# Whether or not swift is expected to be available (boolean value)
-#swift = true
+swift = false
# Whether or not nova is expected to be available (boolean value)
-#nova = true
+nova = true
# Whether or not Heat is expected to be available (boolean value)
-#heat = false
+heat = false
# Whether or not Ceilometer is expected to be available (boolean
# value)
-#ceilometer = true
+ceilometer = true
# Whether or not Horizon is expected to be available (boolean value)
-#horizon = true
+horizon = true
# Whether or not Sahara is expected to be available (boolean value)
-#sahara = false
+sahara = false
# Whether or not Ironic is expected to be available (boolean value)
-#ironic = false
+ironic = false
# Whether or not Trove is expected to be available (boolean value)
-#trove = false
+trove = false
# Whether or not Zaqar is expected to be available (boolean value)
-#zaqar = false
+zaqar = false
[stress]
@@ -1070,15 +1070,15 @@
#
# Catalog type of the Telemetry service. (string value)
-#catalog_type = metering
+catalog_type = metering
# The endpoint type to use for the telemetry service. (string value)
# Allowed values: public, admin, internal, publicURL, adminURL, internalURL
-#endpoint_type = publicURL
+endpoint_type = publicURL
# This variable is used as flag to enable notification tests (boolean
# value)
-#too_slow_to_test = true
+too_slow_to_test = true
[validation]
@@ -1091,26 +1091,26 @@
# belonging to the fixed network -floating: creates and uses a
# floating IP (string value)
# Allowed values: fixed, floating
-#connect_method = floating
+connect_method = floating
# Default authentication method to the instance. Only ssh via keypair
# is supported for now. Additional methods will be handled in a
# separate spec. (string value)
# Allowed values: keypair
-#auth_method = keypair
+auth_method = keypair
# Default IP version for ssh connections. (integer value)
-#ip_version_for_ssh = 4
+ip_version_for_ssh = 4
# Timeout in seconds to wait for ping to succeed. (integer value)
-#ping_timeout = 120
+ping_timeout = 120
# Timeout in seconds to wait for the TCP connection to be successful.
# (integer value)
-#connect_timeout = 60
+connect_timeout = 60
# Timeout in seconds to wait for the ssh banner. (integer value)
-#ssh_timeout = 300
+ssh_timeout = 300
[volume]
@@ -1127,37 +1127,37 @@
#build_timeout = 300
# Catalog type of the Volume Service (string value)
-#catalog_type = volume
+catalog_type = volume
# The volume region name to use. If empty, the value of
# identity.region is used instead. If no such region is found in the
# service catalog, the first found one is used. (string value)
-#region =
+region = regionOne
# The endpoint type to use for the volume service. (string value)
# Allowed values: public, admin, internal, publicURL, adminURL, internalURL
-#endpoint_type = publicURL
+endpoint_type = publicURL
# Name of the backend1 (must be declared in cinder.conf) (string
# value)
-#backend1_name = BACKEND_1
+backend1_name = LVM_iSCSI
# Name of the backend2 (must be declared in cinder.conf) (string
# value)
#backend2_name = BACKEND_2
# Backend protocol to target when creating volume types (string value)
-#storage_protocol = iSCSI
+storage_protocol = iSCSI
# Backend vendor to target when creating volume types (string value)
#vendor_name = Open Source
# Disk format to use when copying a volume to image (string value)
-#disk_format = raw
+disk_format = raw
# Default size in GB for volumes created by volumes tests (integer
# value)
-#volume_size = 1
+volume_size = 1
[volume-feature-enabled]
@@ -1167,22 +1167,22 @@
#
# Runs Cinder multi-backend test (requires 2 backends) (boolean value)
-#multi_backend = false
+multi_backend = false
# Runs Cinder volumes backup test (boolean value)
-#backup = true
+backup = false
# Runs Cinder volume snapshot test (boolean value)
-#snapshot = true
+snapshot = true
# A list of enabled volume extensions with a special entry all which
# indicates every extension is enabled. Empty list indicates all
# extensions are disabled (list value)
-#api_extensions = all
+api_extensions = all
# Is the v1 volume API enabled (boolean value)
-#api_v1 = true
+api_v1 = true
# Is the v2 volume API enabled (boolean value)
-#api_v2 = true
+api_v2 = true
diff --git a/install-files/openstack/manifest b/install-files/openstack/manifest
index 0b17aa08..da38a638 100644
--- a/install-files/openstack/manifest
+++ b/install-files/openstack/manifest
@@ -1,7 +1,5 @@
0040755 0 0 /etc/horizon
0100644 0 0 /etc/horizon/apache-horizon.conf
-0040755 0 0 /etc/horizon/openstack_dashboard
-0100644 0 0 /etc/horizon/openstack_dashboard/local_settings.py
template 0100644 0 0 /etc/tempest/tempest.conf
0040755 0 0 /usr/share/openstack
0100644 0 0 /usr/share/openstack/hosts
diff --git a/install-files/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service b/install-files/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service
index 76efea5c..72cd1651 100644
--- a/install-files/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service
+++ b/install-files/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service
@@ -11,8 +11,7 @@ StandardOutput=null
StandardError=null
ExecStart=/usr/bin/neutron-l3-agent \
--config-file=/etc/neutron/neutron.conf \
- --config-file=/etc/neutron/l3_agent.ini \
- --config-file=/etc/neutron/fwaas_driver.ini
+ --config-file=/etc/neutron/l3_agent.ini
[Install]
WantedBy=multi-user.target
diff --git a/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf b/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf
index 66a1db14..b1ad2f47 100644
--- a/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf
+++ b/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf
@@ -4,13 +4,15 @@
# From ceilometer
#
+auth_strategy = keystone
+
# To reduce large requests at same time to Nova or other components
# from different compute agents, shuffle start time of polling task.
# (integer value)
#shuffle_time_before_polling_task = 0
# Configuration file for WSGI definition of API. (string value)
-#api_paste_config = api_paste.ini
+api_paste_config = api_paste.ini
# Number of workers for Ceilometer API server. (integer value)
#api_workers = 1
@@ -24,10 +26,10 @@
#pollster_list = []
# Exchange name for Nova notifications. (string value)
-#nova_control_exchange = nova
+nova_control_exchange = nova
# List of metadata prefixes reserved for metering use. (list value)
-#reserved_metadata_namespace = metering.
+reserved_metadata_namespace = metering.
# Limit on length of reserved metadata values. (integer value)
#reserved_metadata_length = 256
@@ -37,11 +39,11 @@
#reserved_metadata_keys =
# Inspector to use for inspecting the hypervisor layer. (string value)
-#hypervisor_inspector = libvirt
+hypervisor_inspector = libvirt
# Libvirt domain type. (string value)
# Allowed values: kvm, lxc, qemu, uml, xen
-#libvirt_type = kvm
+libvirt_type = {{ NOVA_VIRT_TYPE }}
# Override the default libvirt URI (which is dependent on
# libvirt_type). (string value)
@@ -55,7 +57,7 @@
#dispatcher = database
# Exchange name for Keystone notifications. (string value)
-#keystone_control_exchange = keystone
+keystone_control_exchange = keystone
# Number of items to request in each paginated Glance API request
# (parameter used by glancecelient). If this is less than or equal to
@@ -64,10 +66,10 @@
#glance_page_size = 0
# Exchange name for Glance notifications. (string value)
-#glance_control_exchange = glance
+glance_control_exchange = glance
# Exchange name for Ironic notifications. (string value)
-#ironic_exchange = ironic
+ironic_exchange = ironic
# Exchanges name to listen for notifications. (multi valued)
#http_control_exchanges = nova
@@ -77,7 +79,7 @@
# Exchange name for Neutron notifications. (string value)
# Deprecated group/name - [DEFAULT]/quantum_control_exchange
-#neutron_control_exchange = neutron
+neutron_control_exchange = neutron
# Allow novaclient's debug log output. (boolean value)
#nova_http_log_debug = false
@@ -135,7 +137,7 @@
# Use syslog for logging. Existing syslog format is DEPRECATED during
# I, and will change in J to honor RFC5424. (boolean value)
-#use_syslog = false
+use_syslog = True
# (Optional) Enables or disables syslog rfc5424 format for logging. If
# enabled, prefixes the MSG part of the syslog message with APP-NAME
@@ -181,10 +183,10 @@
#heat_control_exchange = heat
# Configuration file for pipeline definition. (string value)
-#pipeline_cfg_file = pipeline.yaml
+pipeline_cfg_file = pipeline.yaml
# Configuration file for event pipeline definition. (string value)
-#event_pipeline_cfg_file = event_pipeline.yaml
+event_pipeline_cfg_file = event_pipeline.yaml
# Exchange name for DBaaS notifications. (string value)
#trove_control_exchange = trove
@@ -218,10 +220,10 @@
# Path to the rootwrap configuration file touse for running commands
# as root (string value)
-#rootwrap_config = /etc/ceilometer/rootwrap.conf
+rootwrap_config = /etc/ceilometer/rootwrap.conf
# Exchange name for Cinder notifications. (string value)
-#cinder_control_exchange = cinder
+cinder_control_exchange = cinder
#
# From oslo.messaging
@@ -282,7 +284,7 @@
# The messaging driver to use, defaults to rabbit. Other drivers
# include qpid and zmq. (string value)
-#rpc_backend = rabbit
+rpc_backend = rabbit
# The default exchange under which topics are scoped. May be
# overridden by an exchange name specified in the transport_url
@@ -316,7 +318,7 @@
# The topic that ceilometer uses for alarm notifier messages. (string
# value)
-#notifier_rpc_topic = alarm_notifier
+notifier_rpc_topic = alarm_notifier
# The topic that ceilometer uses for alarm partition coordination
# messages. DEPRECATED: RPC-based partitionedalarm evaluation service
@@ -351,10 +353,10 @@
# The port for the ceilometer API server. (integer value)
# Deprecated group/name - [DEFAULT]/metering_api_port
-#port = 8777
+port = 8777
# The listen IP for the ceilometer API server. (string value)
-#host = 0.0.0.0
+host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
# Toggle Pecan Debug Middleware. (boolean value)
#pecan_debug = false
@@ -488,6 +490,7 @@
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection = <None>
+connection=postgresql://{{ CEILOMETER_DB_USER }}:{{ CEILOMETER_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/ceilometer
# The SQLAlchemy connection string to use to connect to the slave
# database. (string value)
@@ -593,7 +596,7 @@
#
# Configuration file for event definitions. (string value)
-#definitions_cfg_file = event_definitions.yaml
+definitions_cfg_file = event_definitions.yaml
# Drop notifications if no event definition matches. (Otherwise, we
# convert them with just the default traits) (boolean value)
@@ -642,7 +645,7 @@
#
# Complete public Identity API endpoint. (string value)
-#auth_uri = <None>
+auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
# API version of the admin Identity API endpoint. (string value)
#auth_version = <None>
@@ -785,7 +788,7 @@
# Complete admin Identity API endpoint. This should specify the
# unversioned root endpoint e.g. https://localhost:35357/ (string
# value)
-#identity_uri = <None>
+identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357
# This option is deprecated and may be removed in a future release.
# Single shared secret with the Keystone configuration used for
@@ -795,13 +798,13 @@
#admin_token = <None>
# Service username. (string value)
-#admin_user = <None>
+admin_user = {{ CEILOMETER_SERVICE_USER }}
# Service user password. (string value)
-#admin_password = <None>
+admin_password = {{ CEILOMETER_SERVICE_PASSWORD }}
# Service tenant name. (string value)
-#admin_tenant_name = admin
+admin_tenant_name = service
[matchmaker_redis]
@@ -1047,12 +1050,12 @@
# The RabbitMQ broker address where a single node is used. (string
# value)
# Deprecated group/name - [DEFAULT]/rabbit_host
-#rabbit_host = localhost
+rabbit_host = {{ RABBITMQ_HOST }}
# The RabbitMQ broker port where a single node is used. (integer
# value)
# Deprecated group/name - [DEFAULT]/rabbit_port
-#rabbit_port = 5672
+rabbit_port = {{ RABBITMQ_PORT }}
# RabbitMQ HA cluster host:port pairs. (list value)
# Deprecated group/name - [DEFAULT]/rabbit_hosts
@@ -1060,15 +1063,15 @@
# Connect over SSL for RabbitMQ. (boolean value)
# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
-#rabbit_use_ssl = false
+rabbit_use_ssl = false
# The RabbitMQ userid. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_userid
-#rabbit_userid = guest
+rabbit_userid = {{ RABBITMQ_USER }}
# The RabbitMQ password. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_password
-#rabbit_password = guest
+rabbit_password = {{ RABBITMQ_PASSWORD }}
# The RabbitMQ login method. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_login_method
@@ -1076,7 +1079,7 @@
# The RabbitMQ virtual host. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_virtual_host
-#rabbit_virtual_host = /
+rabbit_virtual_host = /
# How frequently to retry connecting with RabbitMQ. (integer value)
#rabbit_retry_interval = 1
@@ -1120,12 +1123,12 @@
# The JSON file that defines policies. (string value)
# Deprecated group/name - [DEFAULT]/policy_file
-#policy_file = policy.json
+policy_file = policy.json
# Default rule. Enforced when a requested rule is not found. (string
# value)
# Deprecated group/name - [DEFAULT]/policy_default_rule
-#policy_default_rule = default
+policy_default_rule = default
# Directories where policy configuration files are stored. They can be
# relative to any directory in the search path defined by the
@@ -1216,11 +1219,11 @@
# User name to use for OpenStack service access. (string value)
# Deprecated group/name - [DEFAULT]/os_username
-#os_username = ceilometer
+os_username = {{ CEILOMETER_SERVICE_USER }}
# Password to use for OpenStack service access. (string value)
# Deprecated group/name - [DEFAULT]/os_password
-#os_password = admin
+os_password = {{ CEILOMETER_SERVICE_PASSWORD }}
# Tenant ID to use for OpenStack service access. (string value)
# Deprecated group/name - [DEFAULT]/os_tenant_id
@@ -1228,22 +1231,22 @@
# Tenant name to use for OpenStack service access. (string value)
# Deprecated group/name - [DEFAULT]/os_tenant_name
-#os_tenant_name = admin
+os_tenant_name = service
# Certificate chain for SSL validation. (string value)
#os_cacert = <None>
# Auth URL to use for OpenStack service access. (string value)
# Deprecated group/name - [DEFAULT]/os_auth_url
-#os_auth_url = http://localhost:5000/v2.0
+os_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
# Region name to use for OpenStack service endpoints. (string value)
# Deprecated group/name - [DEFAULT]/os_region_name
-#os_region_name = <None>
+os_region_name = regionOne
# Type of endpoint in Identity service catalog to use for
# communication with OpenStack services. (string value)
-#os_endpoint_type = publicURL
+os_endpoint_type = internalURL
# Disables X.509 certificate validation when an SSL connection to
# Identity Service is established. (boolean value)
@@ -1260,13 +1263,13 @@
#kwapi = energy
# Glance service type. (string value)
-#glance = image
+glance = image
# Neutron service type. (string value)
-#neutron = network
+neutron = network
# Nova service type. (string value)
-#nova = compute
+nova = compute
# Radosgw service type. (string value)
#radosgw = object-store
diff --git a/install-files/openstack/usr/share/openstack/cinder/cinder.conf b/install-files/openstack/usr/share/openstack/cinder/cinder.conf
index 8afdb941..f690fbed 100644
--- a/install-files/openstack/usr/share/openstack/cinder/cinder.conf
+++ b/install-files/openstack/usr/share/openstack/cinder/cinder.conf
@@ -1,5 +1,7 @@
[DEFAULT]
+use_syslog = True
+
#
# Options defined in oslo.messaging
#
@@ -45,7 +47,7 @@
# Driver or drivers to handle sending notifications. (multi
# valued)
-#notification_driver=
+notification_driver=messagingv2
# AMQP topic used for OpenStack notifications. (list value)
# Deprecated group/name - [rpc_notifier2]/topics
@@ -61,12 +63,12 @@
# The messaging driver to use, defaults to rabbit. Other
# drivers include qpid and zmq. (string value)
-#rpc_backend=rabbit
+rpc_backend=rabbit
# The default exchange under which topics are scoped. May be
# overridden by an exchange name specified in the
# transport_url option. (string value)
-#control_exchange=openstack
+control_exchange=cinder
#
@@ -481,18 +483,18 @@
# File name for the paste.deploy config for cinder-api (string
# value)
-#api_paste_config=api-paste.ini
+api_paste_config=api-paste.ini
# Top-level directory for maintaining cinder's state (string
# value)
# Deprecated group/name - [DEFAULT]/pybasedir
-#state_path=/var/lib/cinder
+state_path=/var/lib/cinder
# IP address of this host (string value)
-#my_ip=10.0.0.1
+my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
# Default glance host name or IP (string value)
-#glance_host=$my_ip
+glance_host={{ CONTROLLER_HOST_ADDRESS }}
# Default glance port (integer value)
#glance_port=9292
@@ -586,7 +588,7 @@
# Path to the rootwrap configuration file to use for running
# commands as root (string value)
-#rootwrap_config=/etc/cinder/rootwrap.conf
+rootwrap_config=/etc/cinder/rootwrap.conf
# Enable monkey patching (boolean value)
#monkey_patch=false
@@ -608,7 +610,7 @@
# The strategy to use for auth. Supports noauth, keystone, and
# deprecated. (string value)
-#auth_strategy=noauth
+auth_strategy=keystone
# A list of backend names to use. These backend names should
# be backed by a unique [CONFIG] group with its options (list
@@ -698,15 +700,15 @@
# Template string to be used to generate volume names (string
# value)
-#volume_name_template=volume-%s
+volume_name_template=volume-%s
# Template string to be used to generate snapshot names
# (string value)
-#snapshot_name_template=snapshot-%s
+snapshot_name_template=snapshot-%s
# Template string to be used to generate backup names (string
# value)
-#backup_name_template=backup-%s
+backup_name_template=backup-%s
#
@@ -941,7 +943,7 @@
# The IP address that the iSCSI daemon is listening on (string
# value)
-#iscsi_ip_address=$my_ip
+iscsi_ip_address={{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
# The list of secondary IP addresses of the iSCSI daemon (list
# value)
@@ -958,7 +960,7 @@
# The backend name for a given driver implementation (string
# value)
-#volume_backend_name=<None>
+volume_backend_name=LVM_iSCSI
# Do we attach/detach volumes in cinder using multipath for
# volume to image and image to volume transfers? (boolean
@@ -987,10 +989,10 @@
# support, iseradm for the ISER protocol, ietadm for iSCSI
# Enterprise Target, iscsictl for Chelsio iSCSI Target or fake
# for testing. (string value)
-#iscsi_helper=tgtadm
+iscsi_helper=lioadm
# Volume configuration file storage directory (string value)
-#volumes_dir=$state_path/volumes
+volumes_dir=$state_path/volumes
# IET configuration file (string value)
#iet_conf=/etc/iet/ietd.conf
@@ -1588,7 +1590,7 @@
# Name for the VG that will contain exported volumes (string
# value)
-#volume_group=cinder-volumes
+volume_group=cinder-volumes
# If >0, create LVs with multiple mirrors. Note that this
# requires lvm_mirrors + 2 PVs with available space (integer
@@ -2261,7 +2263,7 @@
#
# Driver to use for volume creation (string value)
-#volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver
+volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver
# Timeout for creating the volume to migrate to when
# performing volume migration (seconds) (integer value)
@@ -2357,6 +2359,10 @@
# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
#use_tpool=false
+# The SQLAlchemy connection string to use to connect to the
+# database. (string value)
+connection=postgresql://{{ CINDER_DB_USER }}:{{ CINDER_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/cinder
+
[fc-zone-manager]
@@ -2428,6 +2434,10 @@
#encryption_api_url=http://localhost:9311/v1
+[oslo_concurrency]
+
+lock_path = /var/lock/cinder
+
[keystone_authtoken]
#
@@ -2435,7 +2445,7 @@
#
# Complete public Identity API endpoint. (string value)
-#auth_uri=<None>
+auth_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
# API version of the admin Identity API endpoint. (string
# value)
@@ -2740,23 +2750,23 @@
# The RabbitMQ broker address where a single node is used.
# (string value)
-#rabbit_host=localhost
+rabbit_host={{ RABBITMQ_HOST }}
# The RabbitMQ broker port where a single node is used.
# (integer value)
-#rabbit_port=5672
+rabbit_port={{ RABBITMQ_PORT }}
# RabbitMQ HA cluster host:port pairs. (list value)
-#rabbit_hosts=$rabbit_host:$rabbit_port
+rabbit_hosts=$rabbit_host:$rabbit_port
# Connect over SSL for RabbitMQ. (boolean value)
#rabbit_use_ssl=false
# The RabbitMQ userid. (string value)
-#rabbit_userid=guest
+rabbit_userid={{ RABBITMQ_USER }}
# The RabbitMQ password. (string value)
-#rabbit_password=guest
+rabbit_password={{ RABBITMQ_PASSWORD }}
# The RabbitMQ login method. (string value)
#rabbit_login_method=AMQPLAIN
@@ -2962,7 +2972,7 @@
# Complete admin Identity API endpoint. This should specify the
# unversioned root endpoint e.g. https://localhost:35357/ (string
# value)
-#identity_uri = <None>
+identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357
# This option is deprecated and may be removed in a future release.
# Single shared secret with the Keystone configuration used for
@@ -2972,10 +2982,10 @@
#admin_token = <None>
# Service username. (string value)
-#admin_user = <None>
+admin_user = {{ CINDER_SERVICE_USER }}
# Service user password. (string value)
-#admin_password = <None>
+admin_password = {{ CINDER_SERVICE_PASSWORD }}
# Service tenant name. (string value)
-#admin_tenant_name = admin
+admin_tenant_name = service
diff --git a/install-files/openstack/usr/share/openstack/glance/glance-api.conf b/install-files/openstack/usr/share/openstack/glance/glance-api.conf
index 6e85cbb5..9c2e6628 100644
--- a/install-files/openstack/usr/share/openstack/glance/glance-api.conf
+++ b/install-files/openstack/usr/share/openstack/glance/glance-api.conf
@@ -12,7 +12,7 @@
#image_size_cap = 1099511627776
# Address to bind the API server
-bind_host = 0.0.0.0
+bind_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
# Port the bind the API server to
bind_port = 9292
@@ -22,7 +22,7 @@ bind_port = 9292
#
# If `log_file` is omitted and `use_syslog` is false, then log messages are
# sent to stdout as a fallback.
-log_file = /var/log/glance/api.log
+# log_file = /var/log/glance/api.log
# Backlog requests when creating socket
backlog = 4096
@@ -116,7 +116,7 @@ backlog = 4096
# Send logs to syslog (/dev/log) instead of to file specified
# by `log_file`
-#use_syslog = False
+use_syslog = True
# Facility to use. If unset defaults to LOG_USER.
#syslog_log_facility = LOG_LOCAL0
@@ -151,7 +151,7 @@ backlog = 4096
# ============ Registry Options ===============================
# Address to find the registry server
-registry_host = 0.0.0.0
+registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
# Port the registry server is listening on
registry_port = 9191
@@ -215,7 +215,7 @@ registry_client_protocol = http
# Driver or drivers to handle sending notifications. Set to
# 'messaging' to send notifications to a message queue.
-# notification_driver = noop
+notification_driver = messagingv2
# Default publisher_id for outgoing notifications.
# default_publisher_id = image.localhost
@@ -230,15 +230,15 @@ registry_client_protocol = http
# disabled_notifications = []
# Messaging driver used for 'messaging' notifications driver
-# rpc_backend = 'rabbit'
+rpc_backend = 'rabbit'
# Configuration options if sending notifications via rabbitmq (these are
# the defaults)
-rabbit_host = localhost
-rabbit_port = 5672
+rabbit_host = {{ RABBITMQ_HOST }}
+rabbit_port = {{ RABBITMQ_PORT }}
rabbit_use_ssl = false
-rabbit_userid = guest
-rabbit_password = guest
+rabbit_userid = {{ RABBITMQ_USER }}
+rabbit_password = {{ RABBITMQ_PASSWORD }}
rabbit_virtual_host = /
rabbit_notification_exchange = glance
rabbit_notification_topic = notifications
@@ -246,22 +246,22 @@ rabbit_durable_queues = False
# Configuration options if sending notifications via Qpid (these are
# the defaults)
-qpid_notification_exchange = glance
-qpid_notification_topic = notifications
-qpid_hostname = localhost
-qpid_port = 5672
-qpid_username =
-qpid_password =
-qpid_sasl_mechanisms =
-qpid_reconnect_timeout = 0
-qpid_reconnect_limit = 0
-qpid_reconnect_interval_min = 0
-qpid_reconnect_interval_max = 0
-qpid_reconnect_interval = 0
-qpid_heartbeat = 5
+#qpid_notification_exchange = glance
+#qpid_notification_topic = notifications
+#qpid_hostname = localhost
+#qpid_port = 5672
+#qpid_username =
+#qpid_password =
+#qpid_sasl_mechanisms =
+#qpid_reconnect_timeout = 0
+#qpid_reconnect_limit = 0
+#qpid_reconnect_interval_min = 0
+#qpid_reconnect_interval_max = 0
+#qpid_reconnect_interval = 0
+#qpid_heartbeat = 5
# Set to 'ssl' to enable SSL
-qpid_protocol = tcp
-qpid_tcp_nodelay = True
+#qpid_protocol = tcp
+#qpid_tcp_nodelay = True
# ============ Delayed Delete Options =============================
@@ -337,6 +337,7 @@ image_cache_dir = /var/lib/glance/image-cache/
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection = <None>
+connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance
# The SQL mode to be used for MySQL sessions. This option,
# including the default, overrides any server-set SQL mode. To
@@ -431,10 +432,11 @@ image_cache_dir = /var/lib/glance/image-cache/
#lock_path = /tmp
[keystone_authtoken]
-identity_uri = http://127.0.0.1:35357
-admin_tenant_name = %SERVICE_TENANT_NAME%
-admin_user = %SERVICE_USER%
-admin_password = %SERVICE_PASSWORD%
+auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
+identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357
+admin_tenant_name = service
+admin_user = {{ GLANCE_SERVICE_USER }}
+admin_password = {{ GLANCE_SERVICE_PASSWORD }}
revocation_cache_time = 10
[paste_deploy]
@@ -445,7 +447,7 @@ revocation_cache_time = 10
# service name removed. For example, if your paste section name is
# [pipeline:glance-api-keystone], you would configure the flavor below
# as 'keystone'.
-#flavor=
+flavor=keystone
[store_type_location_strategy]
# The scheme list to use to get store preference order. The scheme must be
diff --git a/install-files/openstack/usr/share/openstack/glance/glance-registry.conf b/install-files/openstack/usr/share/openstack/glance/glance-registry.conf
index f7ce7956..40993d8d 100644
--- a/install-files/openstack/usr/share/openstack/glance/glance-registry.conf
+++ b/install-files/openstack/usr/share/openstack/glance/glance-registry.conf
@@ -6,7 +6,7 @@
#debug = False
# Address to bind the registry server
-bind_host = 0.0.0.0
+bind_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
# Port the bind the registry server to
bind_port = 9191
@@ -16,7 +16,7 @@ bind_port = 9191
#
# If `log_file` is omitted and `use_syslog` is false, then log messages are
# sent to stdout as a fallback.
-log_file = /var/log/glance/registry.log
+# log_file = /var/log/glance/registry.log
# Backlog requests when creating socket
backlog = 4096
@@ -65,7 +65,7 @@ limit_param_default = 25
# Send logs to syslog (/dev/log) instead of to file specified
# by `log_file`
-#use_syslog = False
+use_syslog = True
# Facility to use. If unset defaults to LOG_USER.
#syslog_log_facility = LOG_LOCAL1
@@ -85,21 +85,21 @@ limit_param_default = 25
# Driver or drivers to handle sending notifications. Set to
# 'messaging' to send notifications to a message queue.
-# notification_driver = noop
+notification_driver = messagingv2
# Default publisher_id for outgoing notifications.
# default_publisher_id = image.localhost
# Messaging driver used for 'messaging' notifications driver
-# rpc_backend = 'rabbit'
+rpc_backend = 'rabbit'
# Configuration options if sending notifications via rabbitmq (these are
# the defaults)
-rabbit_host = localhost
-rabbit_port = 5672
+rabbit_host = {{ RABBITMQ_HOST }}
+rabbit_port = {{ RABBITMQ_PORT }}
rabbit_use_ssl = false
-rabbit_userid = guest
-rabbit_password = guest
+rabbit_userid = {{ RABBITMQ_USER }}
+rabbit_password = {{ RABBITMQ_PASSWORD }}
rabbit_virtual_host = /
rabbit_notification_exchange = glance
rabbit_notification_topic = notifications
@@ -107,22 +107,22 @@ rabbit_durable_queues = False
# Configuration options if sending notifications via Qpid (these are
# the defaults)
-qpid_notification_exchange = glance
-qpid_notification_topic = notifications
-qpid_hostname = localhost
-qpid_port = 5672
-qpid_username =
-qpid_password =
-qpid_sasl_mechanisms =
-qpid_reconnect_timeout = 0
-qpid_reconnect_limit = 0
-qpid_reconnect_interval_min = 0
-qpid_reconnect_interval_max = 0
-qpid_reconnect_interval = 0
-qpid_heartbeat = 5
+#qpid_notification_exchange = glance
+#qpid_notification_topic = notifications
+#qpid_hostname = localhost
+#qpid_port = 5672
+#qpid_username =
+#qpid_password =
+#qpid_sasl_mechanisms =
+#qpid_reconnect_timeout = 0
+#qpid_reconnect_limit = 0
+#qpid_reconnect_interval_min = 0
+#qpid_reconnect_interval_max = 0
+#qpid_reconnect_interval = 0
+#qpid_heartbeat = 5
# Set to 'ssl' to enable SSL
-qpid_protocol = tcp
-qpid_tcp_nodelay = True
+#qpid_protocol = tcp
+#qpid_tcp_nodelay = True
# =============== Policy Options ==============================
@@ -163,6 +163,7 @@ qpid_tcp_nodelay = True
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection = <None>
+connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance
# The SQL mode to be used for MySQL sessions. This option,
# including the default, overrides any server-set SQL mode. To
@@ -243,10 +244,11 @@ qpid_tcp_nodelay = True
#db_max_retries = 20
[keystone_authtoken]
-identity_uri = http://127.0.0.1:35357
-admin_tenant_name = %SERVICE_TENANT_NAME%
-admin_user = %SERVICE_USER%
-admin_password = %SERVICE_PASSWORD%
+auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
+identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357
+admin_tenant_name = service
+admin_user = {{ GLANCE_SERVICE_USER }}
+admin_password = {{ GLANCE_SERVICE_PASSWORD }}
[paste_deploy]
# Name of the paste configuration file that defines the available pipelines
@@ -256,7 +258,7 @@ admin_password = %SERVICE_PASSWORD%
# service name removed. For example, if your paste section name is
# [pipeline:glance-registry-keystone], you would configure the flavor below
# as 'keystone'.
-#flavor=
+flavor=keystone
[profiler]
# If False fully disable profiling feature.
diff --git a/install-files/openstack/usr/share/openstack/horizon.yml b/install-files/openstack/usr/share/openstack/horizon.yml
index 14cea5c5..1fec4ab0 100644
--- a/install-files/openstack/usr/share/openstack/horizon.yml
+++ b/install-files/openstack/usr/share/openstack/horizon.yml
@@ -23,14 +23,13 @@
shell: /sbin/nologin
home: /var/lib/horizon
- - name: Create the /var folders for horizon
+ - name: Fix permissions in /var/lib/horizon
file:
- path: "{{ item }}"
+ path: /var/lib/horizon
state: directory
owner: horizon
group: horizon
- with_items:
- - /var/lib/horizon
+ recurse: yes
- name: Link horizon apache configuration
file:
diff --git a/install-files/openstack/usr/share/openstack/ironic/ironic.conf b/install-files/openstack/usr/share/openstack/ironic/ironic.conf
index ccf368f0..a5b5d2e3 100644
--- a/install-files/openstack/usr/share/openstack/ironic/ironic.conf
+++ b/install-files/openstack/usr/share/openstack/ironic/ironic.conf
@@ -74,7 +74,7 @@
#
# IP address of this host. (string value)
-#my_ip=10.0.0.1
+my_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
#
@@ -102,7 +102,7 @@
# present on your system may be found by enumerating the
# "ironic.drivers" entrypoint. An example may be found in the
# developer documentation online. (list value)
-#enabled_drivers=pxe_ipmitool
+enabled_drivers=pxe_ipmitool,pxe_ssh
#
@@ -307,7 +307,7 @@
# Use syslog for logging. Existing syslog format is DEPRECATED
# during I, and will change in J to honor RFC5424. (boolean
# value)
-#use_syslog=false
+use_syslog=true
# (Optional) Enables or disables syslog rfc5424 format for
# logging. If enabled, prefixes the MSG part of the syslog
@@ -434,7 +434,7 @@
# URL of Ironic API service. If not set ironic can get the
# current value from the keystone service catalog. (string
# value)
-#api_url=<None>
+api_url = http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385
# Seconds between conductor heart beats. (integer value)
#heartbeat_interval=10
@@ -574,7 +574,7 @@
# Deprecated group/name - [DEFAULT]/sql_connection
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
-#connection=<None>
+connection = postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/ironic
# The SQLAlchemy connection string to use to connect to the
# slave database. (string value)
@@ -807,7 +807,7 @@
#
# Default glance hostname or IP address. (string value)
-#glance_host=$my_ip
+glance_host = {{ CONTROLLER_HOST_ADDRESS }}
# Default glance port. (integer value)
#glance_port=9292
@@ -966,7 +966,7 @@
#
# Complete public Identity API endpoint. (string value)
-#auth_uri=<None>
+auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
# API version of the admin Identity API endpoint. (string
# value)
@@ -1119,7 +1119,7 @@
# Complete admin Identity API endpoint. This should specify
# the unversioned root endpoint e.g. https://localhost:35357/
# (string value)
-#identity_uri=<None>
+identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357
# This option is deprecated and may be removed in a future
# release. Single shared secret with the Keystone
@@ -1130,13 +1130,13 @@
#admin_token=<None>
# Service username. (string value)
-#admin_user=<None>
+admin_user = {{ IRONIC_SERVICE_USER }}
# Service user password. (string value)
-#admin_password=<None>
+admin_password = {{ IRONIC_SERVICE_PASSWORD }}
# Service tenant name. (string value)
-#admin_tenant_name=admin
+admin_tenant_name=service
[matchmaker_redis]
@@ -1173,7 +1173,7 @@
#
# URL for connecting to neutron. (string value)
-#url=http://$my_ip:9696
+url = http://{{ CONTROLLER_HOST_ADDRESS }}:9696
# Timeout value for connecting to neutron in seconds. (integer
# value)
@@ -1356,11 +1356,11 @@
# The RabbitMQ broker address where a single node is used.
# (string value)
-#rabbit_host=localhost
+rabbit_host = {{ RABBITMQ_HOST }}
# The RabbitMQ broker port where a single node is used.
# (integer value)
-#rabbit_port=5672
+rabbit_port = {{ RABBITMQ_PORT }}
# RabbitMQ HA cluster host:port pairs. (list value)
#rabbit_hosts=$rabbit_host:$rabbit_port
@@ -1369,10 +1369,10 @@
#rabbit_use_ssl=false
# The RabbitMQ userid. (string value)
-#rabbit_userid=guest
+rabbit_userid = {{ RABBITMQ_USER }}
# The RabbitMQ password. (string value)
-#rabbit_password=guest
+rabbit_password = {{ RABBITMQ_PASSWORD }}
# The RabbitMQ login method. (string value)
#rabbit_login_method=AMQPLAIN
@@ -1483,11 +1483,11 @@
#tftp_server=$my_ip
# Ironic compute node's tftp root path. (string value)
-#tftp_root=/tftpboot
+tftp_root=/srv/tftp_root/
# Directory where master tftp images are stored on disk.
# (string value)
-#tftp_master_path=/tftpboot/master_images
+tftp_master_path=/srv/tftp_root/master_images
# Bootfile DHCP parameter. (string value)
#pxe_bootfile_name=pxelinux.0
diff --git a/install-files/openstack/usr/share/openstack/keystone/keystone.conf b/install-files/openstack/usr/share/openstack/keystone/keystone.conf
index 1c2298bf..1a082601 100644
--- a/install-files/openstack/usr/share/openstack/keystone/keystone.conf
+++ b/install-files/openstack/usr/share/openstack/keystone/keystone.conf
@@ -9,7 +9,7 @@
# production (highly recommended), remove AdminTokenAuthMiddleware from your
# paste application pipelines (for example, in keystone-paste.ini). (string
# value)
-#admin_token = ADMIN
+admin_token = {{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}
# (Deprecated) The port which the OpenStack Compute service listens on. This
# option was only used for string replacement in the templated catalog backend.
@@ -249,7 +249,7 @@
# The messaging driver to use, defaults to rabbit. Other drivers include qpid
# and zmq. (string value)
-#rpc_backend = rabbit
+rpc_backend = rabbit
# The default exchange under which topics are scoped. May be overridden by an
# exchange name specified in the transport_url option. (string value)
@@ -415,7 +415,7 @@
# Deprecated group/name - [DEFAULT]/sql_connection
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
-#connection = <None>
+connection=postgresql://{{ KEYSTONE_DB_USER }}:{{ KEYSTONE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/keystone
# The SQLAlchemy connection string to use to connect to the slave database.
# (string value)
@@ -557,7 +557,7 @@
# The port number which the public service listens on. (integer value)
# Deprecated group/name - [DEFAULT]/public_port
-#public_port = 5000
+public_port = 5000
# The IP address of the network interface for the admin service to listen on.
# (string value)
@@ -567,7 +567,7 @@
# The port number which the admin service listens on. (integer value)
# Deprecated group/name - [DEFAULT]/admin_port
-#admin_port = 35357
+admin_port = 35357
# Set this to true if you want to enable TCP_KEEPALIVE on server sockets, i.e.
# sockets used by the Keystone wsgi server for client connections. (boolean
@@ -1337,27 +1337,27 @@
# The RabbitMQ broker address where a single node is used. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_host
-#rabbit_host = localhost
+rabbit_host = {{ RABBITMQ_HOST }}
# The RabbitMQ broker port where a single node is used. (integer value)
# Deprecated group/name - [DEFAULT]/rabbit_port
-#rabbit_port = 5672
+rabbit_port = {{ RABBITMQ_PORT }}
# RabbitMQ HA cluster host:port pairs. (list value)
# Deprecated group/name - [DEFAULT]/rabbit_hosts
-#rabbit_hosts = $rabbit_host:$rabbit_port
+rabbit_hosts = $rabbit_host:$rabbit_port
# Connect over SSL for RabbitMQ. (boolean value)
# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
-#rabbit_use_ssl = false
+rabbit_use_ssl = false
# The RabbitMQ userid. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_userid
-#rabbit_userid = guest
+rabbit_userid = {{ RABBITMQ_USER }}
# The RabbitMQ password. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_password
-#rabbit_password = guest
+rabbit_password = {{ RABBITMQ_PASSWORD }}
# The RabbitMQ login method. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_login_method
@@ -1681,10 +1681,10 @@
# Controls the token construction, validation, and revocation operations. Core
# providers are "keystone.token.providers.[fernet|pkiz|pki|uuid].Provider".
# (string value)
-#provider = keystone.token.providers.uuid.Provider
+provider = keystone.token.providers.uuid.Provider
# Token persistence backend driver. (string value)
-#driver = keystone.token.persistence.backends.sql.Token
+driver = keystone.token.persistence.backends.sql.Token
# Toggle for token system caching. This has no effect unless global caching is
# enabled. (boolean value)
diff --git a/install-files/openstack/usr/share/openstack/neutron-config.yml b/install-files/openstack/usr/share/openstack/neutron-config.yml
index 97f4c76e..5d594353 100644
--- a/install-files/openstack/usr/share/openstack/neutron-config.yml
+++ b/install-files/openstack/usr/share/openstack/neutron-config.yml
@@ -22,17 +22,6 @@
- /var/lock/neutron
- /var/log/neutron
- - name: Get service tenant id needed in neutron.conf
- shell: |
- keystone \
- --os-endpoint http://{{ CONTROLLER_HOST_ADDRESS|quote }}:35357/v2.0 \
- --os-token {{ KEYSTONE_TEMPORARY_ADMIN_TOKEN|quote }} \
- tenant-get service | grep id | tr -d " " | cut -d"|" -f3
- register: tenant_service_id
-
- - set_fact:
- SERVICE_TENANT_ID: "{{ tenant_service_id.stdout }}"
-
- name: Create the directories needed for Neutron configuration files.
file:
path: /etc/{{ item }}
diff --git a/install-files/openstack/usr/share/openstack/neutron-db.yml b/install-files/openstack/usr/share/openstack/neutron-db.yml
index 91dde6fe..9cc77b5a 100644
--- a/install-files/openstack/usr/share/openstack/neutron-db.yml
+++ b/install-files/openstack/usr/share/openstack/neutron-db.yml
@@ -46,6 +46,6 @@
neutron-db-manage \
--config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
- upgrade juno
+ upgrade head
sudo: yes
sudo_user: neutron
diff --git a/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini b/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini
index a0adccaa..e0963e57 100644
--- a/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini
+++ b/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini
@@ -13,7 +13,7 @@
# Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP,
# BigSwitch/Floodlight)
-# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
+interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
# Name of Open vSwitch bridge to use
# ovs_integration_bridge = br-int
@@ -28,7 +28,7 @@
# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires
# no additional setup of the DHCP server.
-# dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
+dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
# iproute2 package that supports namespaces). This option is deprecated and
@@ -41,7 +41,7 @@
# specific host routes to the DHCP request. The metadata service will only
# be activated when the subnet does not contain any router port. The guest
# instance must be configured to request host routes via DHCP (Option 121).
-# enable_isolated_metadata = False
+enable_isolated_metadata = True
# Allows for serving metadata requests coming from a dedicated metadata
# access network whose cidr is 169.254.169.254/16 (or larger prefix), and
diff --git a/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini b/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini
index 0d56436b..bc1321e4 100644
--- a/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini
+++ b/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini
@@ -4,7 +4,7 @@
# L3 requires that an interface driver be set. Choose the one that best
# matches your plugin.
-# interface_driver =
+interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC)
# that supports L3 agent
@@ -59,7 +59,7 @@
# Name of bridge used for external network traffic. This should be set to
# empty value for the linux bridge. when this parameter is set, each L3 agent
# can be associated with no more than one external network.
-# external_network_bridge = br-ex
+external_network_bridge = br-ex
# TCP Port used by Neutron metadata server
# metadata_port = 9697
diff --git a/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini b/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini
index 4a0331ee..ee89c943 100644
--- a/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini
+++ b/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini
@@ -3,21 +3,21 @@
# debug = True
# The Neutron user information for accessing the Neutron API.
-auth_url = http://localhost:5000/v2.0
-auth_region = RegionOne
+auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
+auth_region = regionOne
# Turn off verification of the certificate for ssl
# auth_insecure = False
# Certificate Authority public key (CA cert) file for ssl
# auth_ca_cert =
-admin_tenant_name = %SERVICE_TENANT_NAME%
-admin_user = %SERVICE_USER%
-admin_password = %SERVICE_PASSWORD%
+admin_tenant_name = service
+admin_user = {{ NEUTRON_SERVICE_USER }}
+admin_password = {{ NEUTRON_SERVICE_PASSWORD }}
# Network service endpoint type to pull from the keystone catalog
# endpoint_type = adminURL
# IP address used by Nova metadata server
-# nova_metadata_ip = 127.0.0.1
+nova_metadata_ip = {{ CONTROLLER_HOST_ADDRESS }}
# TCP Port used by Nova metadata server
# nova_metadata_port = 8775
@@ -40,7 +40,7 @@ admin_password = %SERVICE_PASSWORD%
# shared secret to prevent spoofing. You may select any string for a secret,
# but it must match here and in the configuration used by the Nova Metadata
# Server. NOTE: Nova uses the same config key, but in [neutron] section.
-# metadata_proxy_shared_secret =
+metadata_proxy_shared_secret = {{ METADATA_PROXY_SHARED_SECRET }}
# Location of Metadata Proxy UNIX domain socket
# metadata_proxy_socket = $state_path/metadata_proxy
diff --git a/install-files/openstack/usr/share/openstack/neutron/neutron.conf b/install-files/openstack/usr/share/openstack/neutron/neutron.conf
index ee42954b..33c6398a 100644
--- a/install-files/openstack/usr/share/openstack/neutron/neutron.conf
+++ b/install-files/openstack/usr/share/openstack/neutron/neutron.conf
@@ -29,7 +29,7 @@
# (not user_stderr) and (not log_file) -> stdout
# publish_errors -> notification system
-# use_syslog = False
+use_syslog = True
# syslog_log_facility = LOG_USER
# use_stderr = True
@@ -57,7 +57,7 @@
# previous versions, the class name of a plugin can be specified instead of its
# entrypoint name.
#
-# core_plugin =
+core_plugin = ml2
# Example: core_plugin = ml2
# (ListOpt) List of service plugin entrypoints to be loaded from the
@@ -66,7 +66,7 @@
# with previous versions, the class name of a plugin can be specified instead
# of its entrypoint name.
#
-# service_plugins =
+service_plugins = router
# Example: service_plugins = router,firewall,lbaas,vpnaas,metering
# Paste configuration file
@@ -81,7 +81,7 @@
# The strategy to be used for auth.
# Supported values are 'keystone'(default), 'noauth'.
-# auth_strategy = keystone
+auth_strategy = keystone
# Base MAC address. The first 3 octets will remain unchanged. If the
# 4h octet is not 00, it will also be used. The others will be
@@ -118,7 +118,7 @@
# Enable or disable overlapping IPs for subnets
# Attention: the following parameter MUST be set to False if Neutron is
# being used in conjunction with nova security groups
-# allow_overlapping_ips = False
+allow_overlapping_ips = True
# Ensure that configured gateway is on subnet. For IPv6, validate only if
# gateway is not a link local address. Deprecated, to be removed during the
# K release, at which point the check will be mandatory.
@@ -334,14 +334,14 @@
# ======== neutron nova interactions ==========
# Send notification to nova when port status is active.
-# notify_nova_on_port_status_changes = True
+notify_nova_on_port_status_changes = True
# Send notifications to nova when port data (fixed_ips/floatingips) change
# so nova can update it's cache.
-# notify_nova_on_port_data_changes = True
+notify_nova_on_port_data_changes = True
# URL for connection to nova (Only supports one nova region currently).
-# nova_url = http://127.0.0.1:8774/v2
+nova_url = http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2
# Name of nova region to use. Useful if keystone manages more than one region
# nova_region_name =
@@ -450,7 +450,7 @@
# The RabbitMQ broker port where a single node is used.
# (integer value)
-# rabbit_port=5672
+# rabbit_port =5672
# RabbitMQ HA cluster host:port pairs. (list value)
# rabbit_hosts=$rabbit_host:$rabbit_port
@@ -531,7 +531,7 @@
# Driver or drivers to handle sending notifications. (multi
# valued)
-# notification_driver=
+notification_driver = neutron.openstack.common.notifier.rpc_notifier
# AMQP topic used for OpenStack notifications. (list value)
# Deprecated group/name - [rpc_notifier2]/topics
@@ -547,7 +547,7 @@
# The messaging driver to use, defaults to rabbit. Other
# drivers include qpid and zmq. (string value)
-# rpc_backend=rabbit
+rpc_backend = rabbit
# The default exchange under which topics are scoped. May be
# overridden by an exchange name specified in the
@@ -660,7 +660,7 @@
# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
# root filter facility.
# Change to "sudo" to skip the filtering and just run the command directly
-# root_helper = sudo
+root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
# Set to true to add comments to generated iptables rules that describe
# each rule's purpose. (System must support the iptables comments module.)
@@ -691,11 +691,11 @@
# =========== end of items for agent management extension =====
[keystone_authtoken]
-auth_uri = http://127.0.0.1:35357/v2.0/
-identity_uri = http://127.0.0.1:5000
-admin_tenant_name = %SERVICE_TENANT_NAME%
-admin_user = %SERVICE_USER%
-admin_password = %SERVICE_PASSWORD%
+auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
+identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357
+admin_tenant_name = service
+admin_user = {{ NEUTRON_SERVICE_USER }}
+admin_password = {{ NEUTRON_SERVICE_PASSWORD }}
[database]
# This line MUST be changed to actually run the plugin.
@@ -703,7 +703,8 @@ admin_password = %SERVICE_PASSWORD%
# connection = mysql://root:pass@127.0.0.1:3306/neutron
# Replace 127.0.0.1 above with the IP address of the database used by the
# main neutron server. (Leave it as is if the database runs on this host.)
-# connection = sqlite://
+connection=postgresql://{{ NEUTRON_DB_USER }}:{{ NEUTRON_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/neutron
+
# NOTE: In deployment the [database] section and its connection attribute may
# be set in the corresponding core plugin '.ini' file. However, it is suggested
# to put the [database] section and its connection attribute in this
@@ -747,7 +748,7 @@ admin_password = %SERVICE_PASSWORD%
[nova]
# Name of the plugin to load
-# auth_plugin =
+auth_plugin = password
# Config Section from which to load plugin specific options
# auth_section =
@@ -765,11 +766,28 @@ admin_password = %SERVICE_PASSWORD%
# keyfile =
# Name of nova region to use. Useful if keystone manages more than one region.
-# region_name =
+region_name = regionOne
# Timeout value for http requests
# timeout =
+# Authorization URL for connection to nova in admin context.
+auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0
+
+# Username for connection to nova in admin context
+username = {{ NOVA_SERVICE_USER }}
+
+# Password for connection to nova in admin context.
+password = {{ NOVA_SERVICE_PASSWORD }}
+
+# The uuid of the admin nova tenant
+# tenant_id =
+
+# The name of the admin nova tenant. If the uuid of the admin nova tenant
+# is set, this is optional. Useful for cases where the uuid of the admin
+# nova tenant is not available when configuration is being done.
+tenant_name = service
+
[oslo_concurrency]
# Directory to use for lock files. For security, the specified directory should
@@ -956,11 +974,11 @@ lock_path = $state_path/lock
# The RabbitMQ broker address where a single node is used. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_host
-# rabbit_host = localhost
+rabbit_host = {{ RABBITMQ_HOST }}
# The RabbitMQ broker port where a single node is used. (integer value)
# Deprecated group/name - [DEFAULT]/rabbit_port
-# rabbit_port = 5672
+rabbit_port = {{ RABBITMQ_PORT }}
# RabbitMQ HA cluster host:port pairs. (list value)
# Deprecated group/name - [DEFAULT]/rabbit_hosts
@@ -972,11 +990,11 @@ lock_path = $state_path/lock
# The RabbitMQ userid. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_userid
-# rabbit_userid = guest
+rabbit_userid = {{ RABBITMQ_USER }}
# The RabbitMQ password. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_password
-# rabbit_password = guest
+rabbit_password = {{ RABBITMQ_PASSWORD }}
# The RabbitMQ login method. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_login_method
diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini
index ac9a3d0d..3258a40f 100644
--- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini
+++ b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini
@@ -2,19 +2,19 @@
# (ListOpt) List of network type driver entrypoints to be loaded from
# the neutron.ml2.type_drivers namespace.
#
-# type_drivers = local,flat,vlan,gre,vxlan
+type_drivers = flat,gre
# Example: type_drivers = flat,vlan,gre,vxlan
# (ListOpt) Ordered list of network_types to allocate as tenant
# networks. The default value 'local' is useful for single-box testing
# but provides no connectivity between hosts.
#
-# tenant_network_types = local
+tenant_network_types = gre
# Example: tenant_network_types = vlan,gre,vxlan
# (ListOpt) Ordered list of networking mechanism driver entrypoints
# to be loaded from the neutron.ml2.mechanism_drivers namespace.
-# mechanism_drivers =
+mechanism_drivers = openvswitch
# Example: mechanism_drivers = openvswitch,mlnx
# Example: mechanism_drivers = arista
# Example: mechanism_drivers = cisco,logger
@@ -63,7 +63,7 @@
# can be created. Use * to allow flat networks with arbitrary
# physical_network names.
#
-# flat_networks =
+flat_networks = External
# Example:flat_networks = physnet1,physnet2
# Example:flat_networks = *
@@ -78,7 +78,7 @@
[ml2_type_gre]
# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation
-# tunnel_id_ranges =
+tunnel_id_ranges = 1:1000
[ml2_type_vxlan]
# (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples enumerating
@@ -96,8 +96,18 @@
[securitygroup]
# Controls if neutron security group is enabled or not.
# It should be false when you use nova security group.
-# enable_security_group = True
+enable_security_group = True
# Use ipset to speed-up the iptables security groups. Enabling ipset support
# requires that ipset is installed on L2 agent node.
-# enable_ipset = True
+enable_ipset = True
+
+firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+
+[ovs]
+local_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
+enable_tunneling = True
+bridge_mappings=External:br-ex
+
+[agent]
+tunnel_types = gre
diff --git a/install-files/openstack/usr/share/openstack/nova/nova.conf b/install-files/openstack/usr/share/openstack/nova/nova.conf
index b49f9522..9fc10493 100644
--- a/install-files/openstack/usr/share/openstack/nova/nova.conf
+++ b/install-files/openstack/usr/share/openstack/nova/nova.conf
@@ -42,7 +42,7 @@
#rpc_thread_pool_size = 64
# Driver or drivers to handle sending notifications. (multi valued)
-#notification_driver =
+notification_driver = messagingv2
# AMQP topic used for OpenStack notifications. (list value)
# Deprecated group/name - [rpc_notifier2]/topics
@@ -58,7 +58,7 @@
# The messaging driver to use, defaults to rabbit. Other drivers include qpid
# and zmq. (string value)
-#rpc_backend = rabbit
+rpc_backend = rabbit
# The default exchange under which topics are scoped. May be overridden by an
# exchange name specified in the transport_url option. (string value)
@@ -121,7 +121,7 @@
#
# IP address of this host (string value)
-#my_ip=10.0.0.1
+my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
# Block storage IP address of this host (string value)
#my_block_storage_ip=$my_ip
@@ -145,7 +145,7 @@
# notifications, "vm_state" for notifications on VM state
# changes, or "vm_and_task_state" for notifications on VM and
# task state changes. (string value)
-#notify_on_state_change=<None>
+notify_on_state_change=vm_and_task_state
# If set, send api.fault notifications on caught exceptions in
# the API service. (boolean value)
@@ -173,7 +173,7 @@
# Top-level directory for maintaining nova's state (string
# value)
-#state_path=$pybasedir
+state_path=/var/lib/nova
#
@@ -265,7 +265,7 @@
#periodic_fuzzy_delay=60
# A list of APIs to enable by default (list value)
-#enabled_apis=ec2,osapi_compute,metadata
+enabled_apis=ec2,osapi_compute,metadata
# A list of APIs with enabled SSL (list value)
#enabled_ssl_apis=
@@ -309,7 +309,7 @@
#metadata_workers=<None>
# Full class name for the Manager for compute (string value)
-#compute_manager=nova.compute.manager.ComputeManager
+compute_manager={{ COMPUTE_MANAGER }}
# Full class name for the Manager for console proxy (string
# value)
@@ -347,11 +347,11 @@
# Time period to generate instance usages for. Time period
# must be hour, day, month or year (string value)
-#instance_usage_audit_period=month
+instance_usage_audit_period=hour
# Path to the rootwrap configuration file to use for running
# commands as root (string value)
-#rootwrap_config=/etc/nova/rootwrap.conf
+rootwrap_config=/etc/nova/rootwrap.conf
# Explicitly specify the temporary working directory (string
# value)
@@ -364,7 +364,7 @@
# File name for the paste.deploy config for nova-api (string
# value)
-#api_paste_config=api-paste.ini
+api_paste_config=api-paste.ini
# A python format string that is used as the template to
# generate log lines. The following values can be formatted
@@ -422,7 +422,7 @@
# checking. noauth provides administrative credentials
# regardless of the passed in user, noauth2 only does if
# 'admin' is specified as the username. (string value)
-#auth_strategy=keystone
+auth_strategy=keystone
# Treat X-Forwarded-For as the canonical remote address. Only
# enable this if you have a sanitizing proxy. (boolean value)
@@ -587,7 +587,7 @@
#
# osapi compute extension to load (multi valued)
-#osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions
+osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions
#
@@ -753,7 +753,7 @@
# Generate periodic compute.instance.exists notifications
# (boolean value)
-#instance_usage_audit=false
+instance_usage_audit= True
# Number of 1 second retries needed in live_migration (integer
# value)
@@ -886,7 +886,7 @@
# Amount of memory in MB to reserve for the host (integer
# value)
-#reserved_host_memory_mb=512
+reserved_host_memory_mb={{ RESERVED_HOST_MEMORY_MB }}
# Class that will manage stats for the local compute host
# (string value)
@@ -982,11 +982,11 @@
# Template string to be used to generate instance names
# (string value)
-#instance_name_template=instance-%08x
+instance_name_template=instance-%08x
# Template string to be used to generate snapshot names
# (string value)
-#snapshot_name_template=snapshot-%s
+snapshot_name_template=snapshot-%s
#
@@ -1050,7 +1050,7 @@
# The full class name of the network API class to use (string
# value)
-#network_api_class=nova.network.api.API
+network_api_class=nova.network.neutronv2.api.API
#
@@ -1168,7 +1168,7 @@
#dnsmasq_config_file=
# Driver used to create ethernet devices. (string value)
-#linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver
+linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
# Name of Open vSwitch bridge used with linuxnet (string
# value)
@@ -1328,7 +1328,7 @@
#
# The full class name of the security API class (string value)
-#security_group_api=nova
+security_group_api=neutron
#
@@ -1401,7 +1401,7 @@
# Use syslog for logging. Existing syslog format is DEPRECATED during I, and
# will change in J to honor RFC5424. (boolean value)
-#use_syslog = false
+use_syslog = True
# (Optional) Enables or disables syslog rfc5424 format for logging. If enabled,
# prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The
@@ -1474,7 +1474,7 @@
#
# The scheduler host manager class to use (string value)
-#scheduler_host_manager=nova.scheduler.host_manager.HostManager
+scheduler_host_manager={{ SCHEDULER_HOST_MANAGER }}
#
@@ -1566,7 +1566,7 @@
# for RamFilter. For AggregateRamFilter, it will fall back to
# this configuration value if no per-aggregate setting found.
# (floating point value)
-#ram_allocation_ratio=1.5
+ram_allocation_ratio={{ RAM_ALLOCATION_RATIO }}
#
@@ -1581,7 +1581,7 @@
# Which filter class names to use for filtering hosts when not
# specified in the request. (list value)
-#scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter
+scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter
# Which weight class names to use for weighing hosts (list
# value)
@@ -1610,7 +1610,7 @@
#
# Default driver to use for the scheduler (string value)
-#scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
+scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
# How often (in seconds) to run periodic tasks in the
# scheduler driver of your choice. Please note this is likely
@@ -1725,7 +1725,7 @@
# include: libvirt.LibvirtDriver, xenapi.XenAPIDriver,
# fake.FakeDriver, baremetal.BareMetalDriver,
# vmwareapi.VMwareVCDriver, hyperv.HyperVDriver (string value)
-#compute_driver=<None>
+compute_driver={{ COMPUTE_DRIVER }}
# The default format an ephemeral_volume will be formatted
# with on creation. (string value)
@@ -1756,7 +1756,7 @@
# Firewall driver (defaults to hypervisor specific iptables
# driver) (string value)
-#firewall_driver=<None>
+firewall_driver=nova.virt.firewall.NoopFirewallDriver
# Whether to allow network traffic from same network (boolean
# value)
@@ -1816,7 +1816,7 @@
# Location of VNC console proxy, in the form
# "http://127.0.0.1:6080/vnc_auto.html" (string value)
-#novncproxy_base_url=http://127.0.0.1:6080/vnc_auto.html
+novncproxy_base_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6080/vnc_auto.html
# Location of nova xvp VNC console proxy, in the form
# "http://127.0.0.1:6081/console" (string value)
@@ -1824,17 +1824,17 @@
# IP address on which instance vncservers should listen
# (string value)
-#vncserver_listen=127.0.0.1
+vncserver_listen=0.0.0.0
# The address to which proxy clients (like nova-xvpvncproxy)
# should connect (string value)
-#vncserver_proxyclient_address=127.0.0.1
+vncserver_proxyclient_address={{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
# Enable VNC related features (boolean value)
-#vnc_enabled=true
+vnc_enabled=true
# Keymap for VNC (string value)
-#vnc_keymap=en-us
+vnc_keymap=en-us
#
@@ -1926,7 +1926,7 @@
# The SQLAlchemy connection string to use to connect to the
# Nova API database. (string value)
-#connection=<None>
+#connection=postgresql://{{ NOVA_DB_USER }}:{{ NOVA_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/nova
# If True, SQLite uses synchronous mode. (boolean value)
#sqlite_synchronous=true
@@ -2172,7 +2172,7 @@
#
# Perform nova-conductor operations locally (boolean value)
-#use_local=false
+use_local=true
# The topic on which conductor nodes listen (string value)
#topic=conductor
@@ -2210,6 +2210,7 @@
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection = <None>
+connection=postgresql://{{ NOVA_DB_USER }}:{{ NOVA_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/nova
# The SQLAlchemy connection string to use to connect to the slave database.
# (string value)
@@ -2330,19 +2331,19 @@
#
# Default glance hostname or IP address (string value)
-#host=$my_ip
+host={{ CONTROLLER_HOST_ADDRESS }}
# Default glance port (integer value)
-#port=9292
+port=9292
# Default protocol to use when connecting to glance. Set to
# https for SSL. (string value)
-#protocol=http
+protocol=http
# A list of the glance api servers available to nova. Prefix
# with https:// for ssl-based glance api servers.
# ([hostname|ip]:port) (list value)
-#api_servers=<None>
+api_servers=$host:$port
# Allow to perform insecure SSL (https) requests to glance
# (boolean value)
@@ -2485,19 +2486,19 @@
#api_version=1
# URL for Ironic API endpoint. (string value)
-#api_endpoint=<None>
+api_endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:6385/v1
# Ironic keystone admin name (string value)
-#admin_username=<None>
+admin_username={{ IRONIC_SERVICE_USER }}
# Ironic keystone admin password. (string value)
-#admin_password=<None>
+admin_password={{ IRONIC_SERVICE_PASSWORD }}
# Ironic keystone auth token. (string value)
#admin_auth_token=<None>
# Keystone public API endpoint. (string value)
-#admin_url=<None>
+admin_url=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0
# Log level override for ironicclient. Set this in order to
# override the global "default_log_levels", "verbose", and
@@ -2506,7 +2507,7 @@
#client_log_level=<None>
# Ironic keystone tenant name. (string value)
-#admin_tenant_name=<None>
+admin_tenant_name=service
# How many retries when a request does conflict. (integer
# value)
@@ -2544,10 +2545,10 @@
#
# Complete public Identity API endpoint. (string value)
-#auth_uri = <None>
+auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
# API version of the admin Identity API endpoint. (string value)
-#auth_version = <None>
+auth_version = v2.0
# Do not handle authorization requests within the middleware, but delegate the
# authorization decision to downstream WSGI components. (boolean value)
@@ -2678,7 +2679,7 @@
# Complete admin Identity API endpoint. This should specify the unversioned
# root endpoint e.g. https://localhost:35357/ (string value)
-#identity_uri = <None>
+identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357
# This option is deprecated and may be removed in a future release. Single
# shared secret with the Keystone configuration used for bootstrapping a
@@ -2688,13 +2689,13 @@
#admin_token = <None>
# Service username. (string value)
-#admin_user = <None>
+admin_user = {{ NOVA_SERVICE_USER }}
# Service user password. (string value)
-#admin_password = <None>
+admin_password = {{ NOVA_SERVICE_PASSWORD }}
# Service tenant name. (string value)
-#admin_tenant_name = admin
+admin_tenant_name = service
[libvirt]
@@ -2715,7 +2716,7 @@
# Libvirt domain type (valid options are: kvm, lxc, qemu, uml,
# xen and parallels) (string value)
-#virt_type=kvm
+virt_type={{ NOVA_VIRT_TYPE }}
# Override the default libvirt URI (which is dependent on
# virt_type) (string value)
@@ -3028,11 +3029,11 @@
# Set flag to indicate Neutron will proxy metadata requests
# and resolve instance ids. (boolean value)
-#service_metadata_proxy=false
+service_metadata_proxy=True
# Shared secret to validate proxies Neutron metadata requests
# (string value)
-#metadata_proxy_shared_secret=
+metadata_proxy_shared_secret={{ METADATA_PROXY_SHARED_SECRET }}
#
@@ -3040,7 +3041,7 @@
#
# URL for connecting to neutron (string value)
-#url=http://127.0.0.1:9696
+url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696
# User id for connecting to neutron in admin context.
# DEPRECATED: specify an auth_plugin and appropriate
@@ -3050,12 +3051,12 @@
# Username for connecting to neutron in admin context
# DEPRECATED: specify an auth_plugin and appropriate
# credentials instead. (string value)
-#admin_username=<None>
+admin_username={{ NEUTRON_SERVICE_USER }}
# Password for connecting to neutron in admin context
# DEPRECATED: specify an auth_plugin and appropriate
# credentials instead. (string value)
-#admin_password=<None>
+admin_password={{ NEUTRON_SERVICE_PASSWORD }}
# Tenant id for connecting to neutron in admin context
# DEPRECATED: specify an auth_plugin and appropriate
@@ -3067,7 +3068,7 @@
# Note that with Keystone V3 tenant names are only unique
# within a domain. DEPRECATED: specify an auth_plugin and
# appropriate credentials instead. (string value)
-#admin_tenant_name=<None>
+admin_tenant_name=service
# Region name for connecting to neutron in admin context
# (string value)
@@ -3076,13 +3077,13 @@
# Authorization URL for connecting to neutron in admin
# context. DEPRECATED: specify an auth_plugin and appropriate
# credentials instead. (string value)
-#admin_auth_url=http://localhost:5000/v2.0
+admin_auth_url=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0
# Authorization strategy for connecting to neutron in admin
# context. DEPRECATED: specify an auth_plugin and appropriate
# credentials instead. If an auth_plugin is specified strategy
# will be ignored. (string value)
-#auth_strategy=keystone
+auth_strategy=keystone
# Name of Integration Bridge used by Open vSwitch (string
# value)
@@ -3141,7 +3142,7 @@
#
# Host on which to listen for incoming requests (string value)
-#serialproxy_host=0.0.0.0
+serialproxy_host=127.0.0.1
# Port on which to listen for incoming requests (integer
# value)
@@ -3153,7 +3154,7 @@
#
# Enable serial console related features (boolean value)
-#enabled=false
+enabled=false
# Range of TCP ports to use for serial ports on compute hosts
# (string value)
@@ -3202,7 +3203,7 @@
#server_proxyclient_address=127.0.0.1
# Enable spice related features (boolean value)
-#enabled=false
+enabled=false
# Enable spice guest agent support (boolean value)
#agent_enabled=true
@@ -3783,7 +3784,7 @@
# Defaults to environment variable OSLO_LOCK_PATH. If external locks are used,
# a lock path must be set. (string value)
# Deprecated group/name - [DEFAULT]/lock_path
-#lock_path = <None>
+lock_path = /var/lock/nova
[oslo_messaging_amqp]
@@ -3946,11 +3947,11 @@
# The RabbitMQ broker address where a single node is used. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_host
-#rabbit_host = localhost
+rabbit_host = {{ RABBITMQ_HOST }}
# The RabbitMQ broker port where a single node is used. (integer value)
# Deprecated group/name - [DEFAULT]/rabbit_port
-#rabbit_port = 5672
+rabbit_port = {{ RABBITMQ_PORT }}
# RabbitMQ HA cluster host:port pairs. (list value)
# Deprecated group/name - [DEFAULT]/rabbit_hosts
@@ -3958,15 +3959,15 @@
# Connect over SSL for RabbitMQ. (boolean value)
# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
-#rabbit_use_ssl = false
+rabbit_use_ssl = false
# The RabbitMQ userid. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_userid
-#rabbit_userid = guest
+rabbit_userid = {{ RABBITMQ_USER }}
# The RabbitMQ password. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_password
-#rabbit_password = guest
+rabbit_password = {{ RABBITMQ_PASSWORD }}
# The RabbitMQ login method. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_login_method
@@ -4005,4 +4006,3 @@
# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value)
# Deprecated group/name - [DEFAULT]/fake_rabbit
#fake_rabbit = false
-
diff --git a/install-files/swift/usr/share/swift/etc/swift/container-server.j2 b/install-files/swift/usr/share/swift/etc/swift/container-server.j2
index d226d016..3c63b7d0 100644
--- a/install-files/swift/usr/share/swift/etc/swift/container-server.j2
+++ b/install-files/swift/usr/share/swift/etc/swift/container-server.j2
@@ -168,6 +168,14 @@ recon_cache_path = /var/cache/swift
#
# Maximum amount of time to spend syncing each container per pass
# container_time = 60
+#
+# Maximum amount of time in seconds for the connection attempt
+# conn_timeout = 5
+# Server errors from requests will be retried by default
+# request_tries = 3
+#
+# Internal client config file path
+# internal_client_conf_path = /etc/swift/internal-client.conf
# Note: Put it at the beginning of the pipeline to profile all middleware. But
# it is safer to put this after healthcheck.
diff --git a/install-files/swift/usr/share/swift/etc/swift/object-server.j2 b/install-files/swift/usr/share/swift/etc/swift/object-server.j2
index 66990be9..19d72f6c 100644
--- a/install-files/swift/usr/share/swift/etc/swift/object-server.j2
+++ b/install-files/swift/usr/share/swift/etc/swift/object-server.j2
@@ -77,7 +77,7 @@ use = egg:swift#object
# slow = 0
#
# Objects smaller than this are not evicted from the buffercache once read
-# keep_cache_size = 5424880
+# keep_cache_size = 5242880
#
# If true, objects for authenticated GET requests may be kept in buffer cache
# if small enough
@@ -212,6 +212,29 @@ recon_cache_path = /var/cache/swift
# removed when it has successfully replicated to all the canonical nodes.
# handoff_delete = auto
+[object-reconstructor]
+# You can override the default log routing for this app here (don't use set!):
+# Unless otherwise noted, each setting below has the same meaning as described
+# in the [object-replicator] section, however these settings apply to the EC
+# reconstructor
+#
+# log_name = object-reconstructor
+# log_facility = LOG_LOCAL0
+# log_level = INFO
+# log_address = /dev/log
+#
+# daemonize = on
+# run_pause = 30
+# concurrency = 1
+# stats_interval = 300
+# node_timeout = 10
+# http_timeout = 60
+# lockup_timeout = 1800
+# reclaim_age = 604800
+# ring_check_interval = 15
+# recon_cache_path = /var/cache/swift
+# handoffs_first = False
+
[object-updater]
# You can override the default log routing for this app here (don't use set!):
# log_name = object-updater
diff --git a/install-files/swift/usr/share/swift/etc/swift/swift.j2 b/install-files/swift/usr/share/swift/etc/swift/swift.j2
index 6d76215a..933e207e 100644
--- a/install-files/swift/usr/share/swift/etc/swift/swift.j2
+++ b/install-files/swift/usr/share/swift/etc/swift/swift.j2
@@ -22,9 +22,13 @@ swift_hash_path_prefix = {{ SWIFT_HASH_PATH_PREFIX }}
# defined you must define a policy with index 0 and you must specify a
# default. It is recommended you always define a section for
# storage-policy:0.
+#
+# A 'policy_type' argument is also supported but is not mandatory. Default
+# policy type 'replication' is used when 'policy_type' is unspecified.
[storage-policy:0]
name = Policy-0
default = yes
+#policy_type = replication
# the following section would declare a policy called 'silver', the number of
# replicas will be determined by how the ring is built. In this example the
@@ -39,9 +43,45 @@ default = yes
# current default.
#[storage-policy:1]
#name = silver
+#policy_type = replication
+
+# The following declares a storage policy of type 'erasure_coding' which uses
+# Erasure Coding for data reliability. The 'erasure_coding' storage policy in
+# Swift is available as a "beta". Please refer to Swift documentation for
+# details on how the 'erasure_coding' storage policy is implemented.
+#
+# Swift uses PyECLib, a Python Erasure coding API library, for encode/decode
+# operations. Please refer to Swift documentation for details on how to
+# install PyECLib.
+#
+# When defining an EC policy, 'policy_type' needs to be 'erasure_coding' and
+# EC configuration parameters 'ec_type', 'ec_num_data_fragments' and
+# 'ec_num_parity_fragments' must be specified. 'ec_type' is chosen from the
+# list of EC backends supported by PyECLib. The ring configured for the
+# storage policy must have it's "replica" count configured to
+# 'ec_num_data_fragments' + 'ec_num_parity_fragments' - this requirement is
+# validated when services start. 'ec_object_segment_size' is the amount of
+# data that will be buffered up before feeding a segment into the
+# encoder/decoder. More information about these configuration options and
+# supported `ec_type` schemes is available in the Swift documentation. Please
+# refer to Swift documentation for details on how to configure EC policies.
+#
+# The example 'deepfreeze10-4' policy defined below is a _sample_
+# configuration with 10 'data' and 4 'parity' fragments. 'ec_type'
+# defines the Erasure Coding scheme. 'jerasure_rs_vand' (Reed-Solomon
+# Vandermonde) is used as an example below.
+#
+#[storage-policy:2]
+#name = deepfreeze10-4
+#policy_type = erasure_coding
+#ec_type = jerasure_rs_vand
+#ec_num_data_fragments = 10
+#ec_num_parity_fragments = 4
+#ec_object_segment_size = 1048576
+
# The swift-constraints section sets the basic constraints on data
-# saved in the swift cluster. These constraints are automatically
+# saved in the swift cluster. These constraints are automatically
# published by the proxy server in responses to /info requests.
[swift-constraints]
@@ -116,3 +156,14 @@ default = yes
# of a container name
#max_container_name_length = 256
+
+
+# By default all REST API calls should use "v1" or "v1.0" as the version string,
+# for example "/v1/account". This can be manually overridden to make this
+# backward-compatible, in case a different version string has been used before.
+# Use a comma-separated list in case of multiple allowed versions, for example
+# valid_api_versions = v0,v1,v2
+# This is only enforced for account, container and object requests. The allowed
+# api versions are by default excluded from /info.
+
+# valid_api_versions = v1,v1.0
diff --git a/strata/openstack-services/horizon.morph b/strata/openstack-services/horizon.morph
index ae6399b1..74930a1e 100644
--- a/strata/openstack-services/horizon.morph
+++ b/strata/openstack-services/horizon.morph
@@ -4,16 +4,12 @@ configure-commands:
# Remove unnecessary .mo files they will be generated
# later during package build.
- find . -name "django*.mo" -exec rm -f '{}' \;
-# Set COMPRESS_OFFLINE=True
-- |
- sed -i 's:COMPRESS_OFFLINE.=.False:COMPRESS_OFFLINE = True:' \
- openstack_dashboard/settings.py
build-commands:
# Compile message strings
-- cd horizon && django-admin.py compilemessages && cd ..
-- cd openstack_dashboard && django-admin.py compilemessages && cd ..
+- cd horizon && django-admin.py compilemessages
+- cd openstack_dashboard && django-admin.py compilemessages
- python setup.py build
-post-build-commands:
+
# Use the local_settings.py example to compile and compress the css, js, etc files.
# This is a hack to make SECRET_KEY work.
- |
@@ -23,37 +19,45 @@ post-build-commands:
- python manage.py collectstatic --noinput
- python manage.py compress --force
install-commands:
-# Undo hack
+# Install horizon in a temporary folder first, and then move things to the
+# right place in $DESTDIR
+- mkdir temproot
+- python setup.py install -O1 --skip-build --prefix "$PREFIX" --root temproot
+# Remove unnecessary .po files
+- find temproot -name django.po -exec rm '{}' \;
+- find temproot -name djangojs.po -exec rm '{}' \;
+
+# Move openstack_dashboard to /var/lib/horizon
+- mkdir -p "$DESTDIR"/var/lib/horizon/
+- |
+ mv temproot/"$PREFIX"/lib/python*/site-packages/openstack_dashboard \
+ "$DESTDIR"/var/lib/horizon/
+- cp manage.py "$DESTDIR"/var/lib/horizon/openstack_dashboard/
+
+# Copy the rest to $DESTDIR
+- cp -a temproot/* "$DESTDIR"
+
+# Copy local_settings to /etc/horizon/openstack_dashboard, so that they
+# can be modified, and link them where openstack_dashboard is installed.
+- mkdir -p "$DESTDIR"/etc/horizon/openstack_dashboard/
- |
cp openstack_dashboard/local/local_settings.py.example \
- openstack_dashboard/local/local_settings.py
-# Install horizon
-- python setup.py install -O1 --skip-build --prefix "$PREFIX" --root "$DESTDIR"
-post-install-commands:
-# Remove unnecessary .po files
-- find "$DESTDIR" -name django.po -exec rm '{}' \;
-- find "$DESTDIR" -name djangojs.po -exec rm '{}' \;
-# Link Openstack local_settings where openstack_dashboard is installed.
+ "$DESTDIR"/etc/horizon/openstack_dashboard/local_settings.py
+# Set COMPRESS_OFFLINE=True
+- |
+ echo "COMPRESS_OFFLINE=True" >> \
+ "$DESTDIR"/etc/horizon/openstack_dashboard/local_settings.py
+
- mkdir -p "$DESTDIR"/var/lib/horizon/openstack_dashboard/local
- |
ln -sf /etc/horizon/openstack_dashboard/local_settings.py \
- "$DESTDIR$PREFIX"/lib/python2.7/site-packages/openstack_dashboard/local/local_settings.py
+ "$DESTDIR"/var/lib/horizon/openstack_dashboard/local/local_settings.py
+
# Create the static directory (STATIC_ROOT) used in local_settings.py to keep
# the static objects like css files.
-- mkdir -p "$DESTDIR"/var/lib/horizon/openstack_dashboard/static
+- mkdir -p "$DESTDIR"/var/lib/horizon/static
# Copy the compressed static files to horizon.
-- cp -a openstack_dashboard/static/* "$DESTDIR"/var/lib/horizon/openstack_dashboard/static
-- cp -a horizon/static/* "$DESTDIR"/var/lib/horizon/openstack_dashboard/static
-- cp -a static/* "$DESTDIR"/var/lib/horizon/openstack_dashboard/static
-# Work around to make django.wsgi working with horizon
-# See: https://bugs.launchpad.net/osprofiler/+bug/1361235
-# and: https://git.openstack.org/cgit/openstack/tripleo-image-elements/commit/?id=41c9a1dfad23f8aee366afb6a0b20a6c57ec8f79
-- |
- sed -i "s|'../..'|os.path.realpath('../..')|" \
- "$DESTDIR$PREFIX"/lib/python2.7/site-packages/openstack_dashboard/wsgi/django.wsgi
-# And link this django.wsgi file to the horizon home directory
-- |
- ln -sf "$PREFIX"/lib/python2.7/site-packages/openstack_dashboard/wsgi/django.wsgi \
- "$DESTDIR"/var/lib/horizon/openstack_dashboard/django.wsgi
+- cp -a static/* "$DESTDIR"/var/lib/horizon/static
+
# Create the horizon document root for apache configuration
- mkdir -p "$DESTDIR"/var/lib/horizon/.blackhole