path: root/openstack/usr/share/openstack
diff options
Diffstat (limited to 'openstack/usr/share/openstack')
3 files changed, 164 insertions, 54 deletions
diff --git a/openstack/usr/share/openstack/nova.yml b/openstack/usr/share/openstack/nova.yml
new file mode 100644
index 00000000..c1122c60
--- /dev/null
+++ b/openstack/usr/share/openstack/nova.yml
@@ -0,0 +1,102 @@
+- hosts: localhost
+ vars_files:
+ - "/etc/openstack/nova.conf"
+ tasks:
+ - name: Create the nova user.
+ user:
+ name: nova
+ comment: Openstack Nova Daemons
+ shell: /sbin/nologin
+ home: /var/lib/nova
+ groups: libvirt
+ append: yes
+ - name: Create the /var folders for nova
+ file:
+ path: "{{ item }}"
+ state: directory
+ owner: nova
+ group: nova
+ with_items:
+ - /var/run/nova
+ - /var/lock/nova
+ - /var/log/nova
+ - /var/lib/nova
+ - /var/lib/nova/instances
+ - file: path=/etc/nova state=directory
+ - name: Add the configuration needed for nova in /etc/nova using templates
+ template:
+ src: /usr/share/openstack/nova/{{ item }}
+ dest: /etc/nova/{{ item }}
+ with_lines:
+ - cd /usr/share/openstack/nova && find -type f
+ - name: Create nova service user in service tenant
+ keystone_user:
+ user: "{{ NOVA_SERVICE_USER }}"
+ password: "{{ NOVA_SERVICE_PASSWORD }}"
+ tenant: service
+ - name: Assign admin role to nova service user in the service tenant
+ keystone_user:
+ role: admin
+ user: "{{ NOVA_SERVICE_USER }}"
+ tenant: service
+ - name: Add nova endpoint
+ keystone_service:
+ name: nova
+ type: compute
+ description: Openstack Compute Service
+ publicurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s'
+ internalurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s'
+ adminurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s'
+ region: 'regionOne'
+ - name: Create postgresql user for nova
+ postgresql_user:
+ name: "{{ NOVA_DB_USER }}"
+ login_host: "{{ CONTROLLER_HOST_ADDRESS }}"
+ password: "{{ NOVA_DB_PASSWORD }}"
+ sudo: yes
+ sudo_user: nova
+ - name: Create database for nova services
+ postgresql_db:
+ name: nova
+ owner: "{{ NOVA_DB_USER }}"
+ login_host: "{{ CONTROLLER_HOST_ADDRESS }}"
+ sudo: yes
+ sudo_user: nova
+ - name: Initiate nova database
+ nova_manage:
+ action: dbsync
+ sudo: yes
+ sudo_user: nova
+# [1] Never enable openstack-nova-conductor service in a node with
+# openstack-nova-compute or the security benefits of removing
+# database access from nova-compute will be negated
+#systemctl start openstack-nova-conductor
+ - name: Enable and start openstack-nova services
+ service:
+ name: "{{ item }}"
+ enabled: yes
+ state: started
+ with_items:
+ - openstack-nova-api.service
+ - openstack-nova-cert.service
+ - openstack-nova-compute.service
+ - openstack-nova-consoleauth.service
+ - openstack-nova-novncproxy.service
+ - openstack-nova-scheduler.service
+ - openstack-nova-serialproxy.service
+# - openstack-nova-conductor.service
diff --git a/openstack/usr/share/openstack/nova/nova-compute.conf b/openstack/usr/share/openstack/nova/nova-compute.conf
new file mode 100644
index 00000000..b19de1d3
--- /dev/null
+++ b/openstack/usr/share/openstack/nova/nova-compute.conf
@@ -0,0 +1,4 @@
+virt_type={{ NOVA_VIRT_TYPE }}
diff --git a/openstack/usr/share/openstack/nova/nova.conf b/openstack/usr/share/openstack/nova/nova.conf
index abda2151..0a76b647 100644
--- a/openstack/usr/share/openstack/nova/nova.conf
+++ b/openstack/usr/share/openstack/nova/nova.conf
@@ -76,23 +76,23 @@
# The RabbitMQ broker address where a single node is used.
# (string value)
+rabbit_host={{ RABBITMQ_HOST }}
# The RabbitMQ broker port where a single node is used.
# (integer value)
+rabbit_port={{ RABBITMQ_PORT }}
# RabbitMQ HA cluster host:port pairs. (list value)
# Connect over SSL for RabbitMQ. (boolean value)
# The RabbitMQ userid. (string value)
+rabbit_userid={{ RABBITMQ_USER }}
# The RabbitMQ password. (string value)
+rabbit_password={{ RABBITMQ_PASSWORD }}
# the RabbitMQ login method (string value)
@@ -177,7 +177,7 @@
# The messaging driver to use, defaults to rabbit. Other
# drivers include qpid and zmq. (string value)
# The default exchange under which topics are scoped. May be
# overridden by an exchange name specified in the
@@ -241,7 +241,7 @@
# IP address of this host (string value)
# Name of this node. This can be an opaque identifier. It is
# not necessarily a hostname, FQDN, or IP address. However,
@@ -290,7 +290,7 @@
# Top-level directory for maintaining nova's state (string
# value)
@@ -376,7 +376,7 @@
# A list of APIs to enable by default (list value)
# A list of APIs with enabled SSL (list value)
@@ -470,7 +470,7 @@
# Path to the rootwrap configuration file to use for running
# commands as root (string value)
# Explicitly specify the temporary working directory (string
# value)
@@ -483,7 +483,7 @@
# File name for the paste.deploy config for nova-api (string
# value)
# A python format string that is used as the template to
# generate log lines. The following values can be formatted
@@ -527,7 +527,7 @@
# The strategy to use for auth: noauth or keystone. (string
# value)
# Treat X-Forwarded-For as the canonical remote address. Only
# enable this if you have a sanitizing proxy. (boolean value)
@@ -640,7 +640,7 @@
# osapi_compute_extension option with
# nova.api.openstack.compute.contrib.select_extensions (list
# value)
@@ -1078,11 +1078,11 @@
# Template string to be used to generate instance names
# (string value)
# Template string to be used to generate snapshot names
# (string value)
@@ -1146,7 +1146,7 @@
# The full class name of the network API class to use (string
# value)
@@ -1264,7 +1264,7 @@
# Driver used to create ethernet devices. (string value)
# Name of Open vSwitch bridge used with linuxnet (string
# value)
@@ -1416,7 +1416,7 @@
# The full class name of the security API class (string value)
@@ -1472,7 +1472,7 @@
# Directory to use for lock files. (string value)
@@ -1556,7 +1556,7 @@
# Use syslog for logging. Existing syslog format is DEPRECATED
# during I, and will change in J to honor RFC5424. (boolean
# value)
# (Optional) Enables or disables syslog rfc5424 format for
# logging. If enabled, prefixes the MSG part of the syslog
@@ -1734,7 +1734,7 @@
# Which filter class names to use for filtering hosts when not
# specified in the request. (list value)
# Which weight class names to use for weighing hosts (list
# value)
@@ -1759,7 +1759,7 @@
# Default driver to use for the scheduler (string value)
# How often (in seconds) to run periodic tasks in the
# scheduler driver of your choice. Please note this is likely
@@ -1867,7 +1867,7 @@
# include: libvirt.LibvirtDriver, xenapi.XenAPIDriver,
# fake.FakeDriver, baremetal.BareMetalDriver,
# vmwareapi.VMwareVCDriver, hyperv.HyperVDriver (string value)
# The default format an ephemeral_volume will be formatted
# with on creation. (string value)
@@ -1898,7 +1898,7 @@
# Firewall driver (defaults to hypervisor specific iptables
# driver) (string value)
# Whether to allow network traffic from same network (boolean
# value)
@@ -1959,7 +1959,7 @@
# Location of VNC console proxy, in the form
# "" (string value)
+novncproxy_base_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6080/vnc_auto.html
# Location of nova xvp VNC console proxy, in the form
# "" (string value)
@@ -1967,17 +1967,17 @@
# IP address on which instance vncservers should listen
# (string value)
# The address to which proxy clients (like nova-xvpvncproxy)
# should connect (string value)
+vncserver_proxyclient_address={{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
# Enable VNC related features (boolean value)
# Keymap for VNC (string value)
@@ -2366,7 +2366,7 @@
# Perform nova-conductor operations locally (boolean value)
# The topic on which conductor nodes listen (string value)
@@ -2409,22 +2409,22 @@
# Default glance hostname or IP address (string value)
# Deprecated group/name - [DEFAULT]/glance_host
# Default glance port (integer value)
# Deprecated group/name - [DEFAULT]/glance_port
# Default protocol to use when connecting to glance. Set to
# https for SSL. (string value)
# Deprecated group/name - [DEFAULT]/glance_protocol
# A list of the glance api servers available to nova. Prefix
# with https:// for ssl-based glance api servers.
# ([hostname|ip]:port) (list value)
# Deprecated group/name - [DEFAULT]/glance_api_servers
# Allow to perform insecure SSL (https) requests to glance
# (boolean value)
@@ -2626,23 +2626,23 @@
# Port of the admin Identity API endpoint. Deprecated, use
# identity_uri. (integer value)
# Protocol of the admin Identity API endpoint (http or https).
# Deprecated, use identity_uri. (string value)
# Complete public Identity API endpoint (string value)
+auth_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
# Complete admin Identity API endpoint. This should specify
# the unversioned root endpoint e.g. https://localhost:35357/
# (string value)
+identity_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:35357
# API version of the admin Identity API endpoint (string
# value)
# Do not handle authorization requests within the middleware,
# but delegate the authorization decision to downstream WSGI
@@ -2666,14 +2666,14 @@
# Keystone account username (string value)
+admin_user={{ NOVA_SERVICE_USER }}
# Keystone account password (string value)
+admin_password={{ NOVA_SERVICE_PASSWORD }}
# Keystone service account tenant name to validate user tokens
# (string value)
# Env key for the swift cache (string value)
@@ -2809,7 +2809,7 @@
# Libvirt domain type (valid options are: kvm, lxc, qemu, uml,
# xen) (string value)
+virt_type={{ NOVA_VIRT_TYPE }}
# Override the default libvirt URI (which is dependent on
# virt_type) (string value)
@@ -3126,12 +3126,12 @@
# Set flag to indicate Neutron will proxy metadata requests
# and resolve instance ids. (boolean value)
# Deprecated group/name - [DEFAULT]/service_neutron_metadata_proxy
# Shared secret to validate proxies Neutron metadata requests
# (string value)
# Deprecated group/name - [DEFAULT]/neutron_metadata_proxy_shared_secret
+metadata_proxy_shared_secret={{ METADATA_PROXY_SHARED_SECRET }}
@@ -3140,7 +3140,7 @@
# URL for connecting to neutron (string value)
# Deprecated group/name - [DEFAULT]/neutron_url
+url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696
# Timeout value for connecting to neutron in seconds (integer
# value)
@@ -3154,12 +3154,12 @@
# Username for connecting to neutron in admin context (string
# value)
# Deprecated group/name - [DEFAULT]/neutron_admin_username
+admin_username={{ NEUTRON_SERVICE_USER }}
# Password for connecting to neutron in admin context (string
# value)
# Deprecated group/name - [DEFAULT]/neutron_admin_password
+admin_password={{ NEUTRON_SERVICE_PASSWORD }}
# Tenant id for connecting to neutron in admin context (string
# value)
@@ -3171,7 +3171,7 @@
# Note that with Keystone V3 tenant names are only unique
# within a domain. (string value)
# Deprecated group/name - [DEFAULT]/neutron_admin_tenant_name
# Region name for connecting to neutron in admin context
# (string value)
@@ -3181,7 +3181,7 @@
# Authorization URL for connecting to neutron in admin context
# (string value)
# Deprecated group/name - [DEFAULT]/neutron_admin_auth_url
+admin_auth_url=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0
# If set, ignore any SSL validation issues (boolean value)
# Deprecated group/name - [DEFAULT]/neutron_api_insecure
@@ -3190,7 +3190,7 @@
# Authorization strategy for connecting to neutron in admin
# context (string value)
# Deprecated group/name - [DEFAULT]/neutron_auth_strategy
# Name of Integration Bridge used by Open vSwitch (string
# value)
@@ -3252,7 +3252,7 @@
# Host on which to listen for incoming requests (string value)
# Port on which to listen for incoming requests (integer
# value)
@@ -3264,7 +3264,7 @@
# Enable serial console related features (boolean value)
# Range of TCP ports to use for serial ports on compute hosts
# (string value)
@@ -3315,7 +3315,7 @@
# Enable spice related features (boolean value)
# Enable spice guest agent support (boolean value)
@@ -3802,4 +3802,8 @@
# (integer value)
+# The SQLAlchemy connection string to use to connect to the
+# database. (string value)
+connection=postgresql://{{ NOVA_DB_USER }}:{{ NOVA_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/nova