aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/services/nova-libvirt.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-05-03Internal TLS: use common CA file parameter for libvirt CA certJuan Antonio Osorio Robles1-5/+20
libvirt has its own parameter for setting the CA, however, if we have a common CA for all services in the internal network (which we do), it's more consistent to use the common parameter for configuring that CA file. The previous parameter was left in case the deployer wants to use a specific CA file for the compute nodes. Change-Id: I3d132d3d257d7ea9f43e49593f8509c3cd205ca5
2017-04-20Merge "TLS-everywhere: Enable for TLS libvirt live migration"Jenkins1-0/+82
2017-04-19TLS-everywhere: Enable for TLS libvirt live migrationJuan Antonio Osorio Robles1-0/+82
This relies on using the default paths for certs/keys used by libvirt and is only enabled if TLS-everywhere is enabled. bp tls-via-certmonger Depends-On: If18206d89460f6660a81aabc4ff8b97f1f99bba7 Depends-On: I0a1684397ebefaa8dc00237e0b7952e9296381fa Change-Id: I0538bbdd54fd0b82518585f4f270b4be684f0ec4
2017-04-15Add migration SSH tunneling supportOliver Walsh1-1/+0
This enables nova cold migration. This also switches to SSH as the default transport for live-migration. The tripleo-common mistral action that generates passwords supplies the MigrationSshKey parameter that enables this. The TCP transport is no longer used for live-migration and the firewall port has been closed. Change-Id: I4e55a987c93673796525988a2e4cc264a6b5c24f Depends-On: I367757cbe8757d11943af7e41af620f9ce919a06 Depends-On: I9e7a1862911312ad942233ac8fc828f4e1be1dcf Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec
2017-02-01Configure VNC Server listen address through t-h-tJuan Antonio Osorio Robles1-0/+1
This adds an entry for libvirt (which is used by the VNC server) on which we can tell it via t-h-t on which IP address to listen on. Change-Id: Ie377c09734e9f6170daa519aed69c53fc67c366b Related-Bug: #1660099
2017-01-03Expose enabled_perf_events libvirt optionsPradeep Kilambi1-0/+9
For cache monitoring technology feature to work, nova config libvirt settings should have the perf events enabled for nova to emit these so telemetry can capture them. Depends-On: Ia27e6831f3f6e9cdeaacb650039be5c81b90cb40 Change-Id: I92c318008b965a6527acbce85b41a545eda7ee18
2017-01-03Merge "Increase libvirt/qemu.conf max_files and max_processes"Jenkins1-0/+3
2016-12-23Bump template version for all templates to "ocata"Steven Hardy1-1/+1
Heat now supports release name aliases, so we can replace the inconsistent mix of date related versions with one consistent version that aligns with the supported version of heat for this t-h-t branch. This should also help new users who sometimes copy/paste old templates and discover intrinsic functions in the t-h-t docs don't work because their template version is too old. Change-Id: Ib415e7290fea27447460baa280291492df197e54
2016-12-16Increase libvirt/qemu.conf max_files and max_processesGiulio Fidente1-0/+3
When Nova and/or Cinder are using Ceph as backend, qemu will need to open a connection and two threads for each and every Ceph OSD. This change raises the max_files (set to 1024 by default) to 32768 and the max_processes (set to 4096 by default) to 131072. The max number of FDs is per-process, while the max number of processes is per-user. The values can be overridden via ExtraConfig, no params are added to the templates. A more detailed description of the values were chosen can be found at: https://access.redhat.com/solutions/1602683 Change-Id: I1e79675f6aac1b0fe6cc7269550fa6bc8586e1fb Depends-On: I258afd3ee6633e4b2ebc45aa8611be652476be0c
2016-11-03nova: add missing vnc console port in firewallEmilien Macchi1-0/+1
- Remove vncproxy firewall rules from nova-api service - Add vncproxy firewall rules to nova-vncproxy service - Add console port range firewall rules to nova-libvirt service Change-Id: I421ae21c130cac6f25e7c0869b941ba77441172c
2016-11-03nova/libvirt: add missing ports for live-migrationEmilien Macchi1-0/+2
Some ports are missing to support live-migration. This patch adds them. Documented here: https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/paged/migrating-instances/chapter-1-how-to-migrate-a-live-instance Change-Id: I72634a9940c11602522322235e51bf27cb664e57
2016-10-20Open port 16509 for libvirt for live migrationJames Slagle1-0/+4
Port 16509 should be opened for tcp traffic to enable live migration. See Also: http://docs.openstack.org/admin-guide/compute-configuring-migrations.html Previously, we were not enabling any iptables rules on the Compute Roles, so this is a regression. Change-Id: Ie4abf53dc2a8171af48d02e34a1a3ad43f27cfb3 Closes-Bug: #1635427
2016-08-31Availability monitoring agents supportMartin Mágr1-0/+4
- adds possibility to install sensu-client on all nodes - each composable service has it's own subscription Co-Authored-By: Emilien Macchi <emilien@redhat.com> Co-Authored-By: Michele Baldessari <michele@redhat.com> Implements: blueprint tripleo-opstools-availability-monitoring Change-Id: I6a215763fd0f0015285b3573305d18d0f56c7770
2016-08-18Add DefaultPasswords to composable servicesDan Prince1-0/+4
This patch adds a new DefaultPasswords parameter to composable services. This is needed to help provide access to top level password resources that overcloud.yaml currently manages (passwords for Rabbit, Mysql, etc.). Moving the RandomString resources into composable services would cause them to regenerate within the stack. With this approach we can leave them where they are while we deprecate the top level mechanism and move the code that uses the passwords into the composable services. Change-Id: I4f21603c58a169a093962594e860933306879e3f
2016-08-18Pass ServiceNetMap to servicesGiulio Fidente1-0/+7
This will be needed to pick the network where the service has to bind to from within the service template. Change-Id: I52652e1ad8c7b360efd2c7af199e35932aaaea8c
2016-08-15Move Nova settings out of puppet/compute.yamlDan Prince1-0/+6
This finishes moving most of the config settings out of compute.yaml for Nova and into the proper nova-* services. Only the bind port/VIP related Nova settings remain now and those will be dealt with in a follow up patch. Change-Id: I1c40e7d54c11dfff2aaa6438c7701e98da17ebe6 Related-Bug: #1604412
2016-07-28Convert service_name to underscore syntaxSteven Hardy1-1/+1
Currently we use hyphens, e.g cinder-api, but in overcloud.yaml we have a lot of references to services (e.g for AllNodesConfig) by underscore, e.g cinder_api. To enable dynamic generation of this data, we need the service name in underscore format. Change-Id: Ief13dfe5d8d7691dfe2534ad5c39d7eacbcb6f70
2016-07-25Merge "Move nova::db data within service template"Jenkins1-0/+2
2016-07-22Move nova::db data within service templateGiulio Fidente1-0/+2
Change-Id: I86752248e59a2e98f8ff9b2c5998839f9ade4779
2016-07-22Add 'service_name' to composable servicesDan Prince1-0/+1
This patch adds a new service_name section to each composable service. We now have an explicit unit test check to ensure that service_name exists in tools/yaml-validate.py. This patch also wires service_names into hieradata on each of the roles so that tools can access the deployed services locally during deployment and upgrades. Change-Id: I60861c5aa760534db3e314bba16a13b90ea72f0c
2016-06-30First iteration of libvirt and nova-compute as a composable servicesEmilien Macchi1-0/+31
This is a first iteration of implementing libvirt and nova compute as composable services. Note: some parameters are still in puppet/compute.yaml -- we'll move them later in a next iteration. Implements: blueprint composable-services-within-roles Depends-On: I0b765f8cb08633005c1fc5a5a2a8e5658ff44302 Change-Id: I752198cdf231ef13062ba96c3877e5defd618c3a