Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 68cb6c6f0d8c1430a97837db621e2543a4b4d37f / . / charts / nova / values.yaml
blob: 4967835c272684b326926401e5cde6ca1e7187ab [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for nova.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19release_group: null
20
21labels:
22 agent:
23 compute:
24 node_selector_key: openstack-compute-node
25 node_selector_value: enabled
26 compute_ironic:
27 node_selector_key: openstack-compute-node
28 node_selector_value: enabled
29 api_metadata:
30 node_selector_key: openstack-control-plane
31 node_selector_value: enabled
32 conductor:
33 node_selector_key: openstack-control-plane
34 node_selector_value: enabled
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]35 job:
36 node_selector_key: openstack-control-plane
37 node_selector_value: enabled
38 novncproxy:
39 node_selector_key: openstack-control-plane
40 node_selector_value: enabled
41 osapi:
42 node_selector_key: openstack-control-plane
43 node_selector_value: enabled
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]44 scheduler:
45 node_selector_key: openstack-control-plane
46 node_selector_value: enabled
47 spiceproxy:
48 node_selector_key: openstack-control-plane
49 node_selector_value: enabled
50 test:
51 node_selector_key: openstack-control-plane
52 node_selector_value: enabled
53
54images:
55 pull_policy: IfNotPresent
56 tags:
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]57 bootstrap: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
58 db_drop: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
59 db_init: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
60 dep_check: 'quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal'
61 rabbit_init: docker.io/rabbitmq:3.13-management
62 ks_user: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
63 ks_service: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
64 nova_archive_deleted_rows: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
65 ks_endpoints: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
66 nova_api: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
67 nova_cell_setup: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
68 nova_cell_setup_init: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
69 nova_compute: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]70 nova_compute_ironic: 'docker.io/kolla/ubuntu-source-nova-compute-ironic:wallaby'
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]71 nova_compute_ssh: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
72 nova_conductor: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
73 nova_db_sync: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
74 nova_novncproxy: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]75 nova_novncproxy_assets: 'docker.io/kolla/ubuntu-source-nova-novncproxy:wallaby'
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]76 nova_scheduler: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
77 nova_storage_init: 'docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy'
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]78 # NOTE(portdirect): we simply use the ceph config helper here,
79 # as it has both oscli and jq.
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]80 nova_service_cleaner: 'docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy'
81 nova_spiceproxy: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
82 nova_spiceproxy_assets: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]83 test: docker.io/xrally/xrally-openstack:2.0.0
84 image_repo_sync: docker.io/docker:17.07.0
85 nova_wait_for_computes_init: gcr.io/google_containers/hyperkube-amd64:v1.11.6
86 local_registry:
87 active: false
88 exclude:
89 - dep_check
90 - image_repo_sync
91
92jobs:
93 # NOTE(portdirect): When using cells new nodes will be added to the cell on the hour by default.
94 # TODO(portdirect): Add a post-start action to nova compute pods that registers themselves.
95 cell_setup:
96 cron: "0 */1 * * *"
97 starting_deadline: 600
98 history:
99 success: 3
100 failed: 1
101 extended_wait:
102 enabled: false
103 iteration: 3
104 duration: 5
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]105 extra_command: null
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]106 service_cleaner:
107 cron: "0 */1 * * *"
108 starting_deadline: 600
109 history:
110 success: 3
111 failed: 1
112 sleep_time: 60
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]113 extra_command: null
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]114 archive_deleted_rows:
115 cron: "0 */1 * * *"
116 starting_deadline: 600
117 history:
118 success: 3
119 failed: 1
120
121bootstrap:
122 enabled: true
123 ks_user: admin
124 script: null
125 structured:
126 flavors:
127 enabled: true
128 options:
129 m1_tiny:
130 name: "m1.tiny"
131 ram: 512
132 disk: 1
133 vcpus: 1
134 m1_small:
135 name: "m1.small"
136 ram: 2048
137 disk: 20
138 vcpus: 1
139 m1_medium:
140 name: "m1.medium"
141 ram: 4096
142 disk: 40
143 vcpus: 2
144 m1_large:
145 name: "m1.large"
146 ram: 8192
147 disk: 80
148 vcpus: 4
149 m1_xlarge:
150 name: "m1.xlarge"
151 ram: 16384
152 disk: 160
153 vcpus: 8
154 wait_for_computes:
155 enabled: false
156 # Wait percentage is the minimum percentage of compute hypervisors which
157 # must be available before the remainder of the bootstrap script can be run.
158 wait_percentage: 70
159 # Once the wait_percentage above is achieved, the remaining_wait is the
160 # amount of time in seconds to wait before executing the remainder of the
161 # boostrap script.
162 remaining_wait: 300
163 scripts:
164 init_script: |
165 # This runs in a bootstrap init container. It counts the number of compute nodes.
166 COMPUTE_NODES=$(kubectl get nodes -o custom-columns=NAME:.metadata.name -l openstack-compute-node=enabled --no-headers | sort)
167 /bin/echo $COMPUTE_NODES > /tmp/compute_nodes.txt
168 wait_script: |
169 # This script runs in the main bootstrap container just before the
170 # bootstrap.script is called.
171 COMPUTE_HOSTS=`cat /tmp/compute_nodes.txt | wc -w`
172 if [[ $COMPUTE_HOSTS == 0 ]]; then
173 echo "There are no compute hosts found!"
174 exit 1
175 fi
176
177 # Wait for all hypervisors to come up before moving on with the deployment
178 HYPERVISOR_WAIT=true
179 WAIT_AFTER_READY=0
180 SLEEP=5
181 while [[ $HYPERVISOR_WAIT == true ]]; do
182 # Its possible that openstack command may fail due to not being able to
183 # reach the compute service
184 set +e
185 HYPERVISORS=$(openstack hypervisor list -f value -c 'Hypervisor Hostname' | wc -w)
186 set -e
187
188 PERCENT_READY=$(( $HYPERVISORS * 100 / $COMPUTE_HOSTS ))
189 if [[ $PERCENT_READY -ge $WAIT_PERCENTAGE ]]; then
190 echo "Hypervisor ready percentage is $PERCENT_READY"
191 if [[ $PERCENT_READY == 100 ]]; then
192 HYPERVISOR_WAIT=false
193 echo "All hypervisors are ready."
194 elif [[ WAIT_AFTER_READY -ge $REMAINING_WAIT ]]; then
195 HYPERVISOR_WAIT=false
196 echo "Waited the configured time -- $HYPERVISORS out of $COMPUTE_HOSTS hypervisor(s) ready -- proceeding with the bootstrap."
197 else
198 sleep $SLEEP
199 WAIT_AFTER_READY=$(( $WAIT_AFTER_READY + $SLEEP ))
200 fi
201 else
202 echo "Waiting $SLEEP seconds for enough hypervisors to be discovered..."
203 sleep $SLEEP
204 fi
205 done
206
207network:
208 # provide what type of network wiring will be used
209 # possible options: openvswitch, linuxbridge, sriov
210 backend:
211 - openvswitch
212 osapi:
213 port: 8774
214 ingress:
215 public: true
216 classes:
217 namespace: "nginx"
218 cluster: "nginx-cluster"
219 annotations:
220 nginx.ingress.kubernetes.io/rewrite-target: /
221 external_policy_local: false
222 node_port:
223 enabled: false
224 port: 30774
225 metadata:
226 port: 8775
227 ingress:
228 public: true
229 classes:
230 namespace: "nginx"
231 cluster: "nginx-cluster"
232 annotations:
233 nginx.ingress.kubernetes.io/rewrite-target: /
234 external_policy_local: false
235 node_port:
236 enabled: false
237 port: 30775
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]238 novncproxy:
239 ingress:
240 public: true
241 classes:
242 namespace: "nginx"
243 cluster: "nginx-cluster"
244 annotations:
245 nginx.ingress.kubernetes.io/rewrite-target: /
246 node_port:
247 enabled: false
248 port: 30680
249 spiceproxy:
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]250 ingress:
251 public: true
252 classes:
253 namespace: "nginx"
254 cluster: "nginx-cluster"
255 annotations:
256 nginx.ingress.kubernetes.io/rewrite-target: /
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]257 node_port:
258 enabled: false
259 port: 30682
260 ssh:
261 enabled: false
262 port: 8022
263 from_subnet: 0.0.0.0/0
264 key_types:
265 - rsa
266 - dsa
267 - ecdsa
268 - ed25519
269 private_key: 'null'
270 public_key: 'null'
271
272dependencies:
273 dynamic:
274 common:
275 local_image_registry:
276 jobs:
277 - nova-image-repo-sync
278 services:
279 - endpoint: node
280 service: local_image_registry
281 targeted:
Mohammed Naserd6db2452023-07-23 14:34:59 +0000[diff] [blame]282 ovn:
okozachenko1203567fc082023-08-21 22:50:02 +1000[diff] [blame]283 compute:
Mohammed Naserd6db2452023-07-23 14:34:59 +0000[diff] [blame]284 pod:
285 - requireSameNode: true
286 labels:
287 application: ovn
288 component: ovn-controller
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]289 openvswitch:
290 compute:
291 pod:
292 - requireSameNode: true
293 labels:
294 application: neutron
295 component: neutron-ovs-agent
296 linuxbridge:
297 compute:
298 pod:
299 - requireSameNode: true
300 labels:
301 application: neutron
302 component: neutron-lb-agent
303 sriov:
304 compute:
305 pod:
306 - requireSameNode: true
307 labels:
308 application: neutron
309 component: neutron-sriov-agent
310 static:
311 api:
312 jobs:
313 - nova-db-sync
314 - nova-ks-user
315 - nova-ks-endpoints
316 - nova-rabbit-init
317 services:
318 - endpoint: internal
319 service: oslo_messaging
320 - endpoint: internal
321 service: oslo_db
322 - endpoint: internal
323 service: identity
324 api_metadata:
325 jobs:
326 - nova-db-sync
327 - nova-ks-user
328 - nova-ks-endpoints
329 - nova-rabbit-init
330 services:
331 - endpoint: internal
332 service: oslo_messaging
333 - endpoint: internal
334 service: oslo_db
335 - endpoint: internal
336 service: identity
337 bootstrap:
338 services:
339 - endpoint: internal
340 service: identity
341 - endpoint: internal
342 service: compute
343 cell_setup:
344 jobs:
345 - nova-db-sync
346 - nova-rabbit-init
347 services:
348 - endpoint: internal
349 service: oslo_messaging
350 - endpoint: internal
351 service: oslo_db
352 - endpoint: internal
353 service: identity
354 - endpoint: internal
355 service: compute
356 pod:
357 - requireSameNode: false
358 labels:
359 application: nova
360 component: compute
361 service_cleaner:
362 jobs:
363 - nova-db-sync
364 - nova-rabbit-init
365 services:
366 - endpoint: internal
367 service: oslo_messaging
368 - endpoint: internal
369 service: oslo_db
370 - endpoint: internal
371 service: identity
372 - endpoint: internal
373 service: compute
374 compute:
375 pod:
376 - requireSameNode: true
377 labels:
378 application: libvirt
379 component: libvirt
380 jobs:
381 - nova-db-sync
382 - nova-rabbit-init
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]383 services:
384 - endpoint: internal
385 service: oslo_messaging
386 - endpoint: internal
387 service: image
388 - endpoint: internal
389 service: compute
390 - endpoint: internal
391 service: network
392 - endpoint: internal
393 service: compute_metadata
394 compute_ironic:
395 jobs:
396 - nova-db-sync
397 - nova-rabbit-init
398 services:
399 - endpoint: internal
400 service: oslo_messaging
401 - endpoint: internal
402 service: image
403 - endpoint: internal
404 service: compute
405 - endpoint: internal
406 service: network
407 - endpoint: internal
408 service: baremetal
409 conductor:
410 jobs:
411 - nova-db-sync
412 - nova-rabbit-init
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]413 services:
414 - endpoint: internal
415 service: oslo_messaging
416 - endpoint: internal
417 service: oslo_db
418 - endpoint: internal
419 service: identity
420 - endpoint: internal
421 service: compute
422 db_drop:
423 services:
424 - endpoint: internal
425 service: oslo_db
426 archive_deleted_rows:
427 jobs:
428 - nova-db-init
429 - nova-db-sync
430 db_init:
431 services:
432 - endpoint: internal
433 service: oslo_db
434 db_sync:
435 jobs:
436 - nova-db-init
437 services:
438 - endpoint: internal
439 service: oslo_db
440 ks_endpoints:
441 jobs:
442 - nova-ks-service
443 services:
444 - endpoint: internal
445 service: identity
446 ks_service:
447 services:
448 - endpoint: internal
449 service: identity
450 ks_user:
451 services:
452 - endpoint: internal
453 service: identity
454 rabbit_init:
455 services:
456 - service: oslo_messaging
457 endpoint: internal
458 novncproxy:
459 jobs:
460 - nova-db-sync
461 services:
462 - endpoint: internal
463 service: oslo_db
464 spiceproxy:
465 jobs:
466 - nova-db-sync
467 services:
468 - endpoint: internal
469 service: oslo_db
470 scheduler:
471 jobs:
472 - nova-db-sync
473 - nova-rabbit-init
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]474 services:
475 - endpoint: internal
476 service: oslo_messaging
477 - endpoint: internal
478 service: oslo_db
479 - endpoint: internal
480 service: identity
481 - endpoint: internal
482 service: compute
483 tests:
484 services:
485 - endpoint: internal
486 service: image
487 - endpoint: internal
488 service: compute
489 - endpoint: internal
490 service: network
491 - endpoint: internal
492 service: compute_metadata
493 image_repo_sync:
494 services:
495 - endpoint: internal
496 service: local_image_registry
497
498console:
499 # serial | spice | novnc | none
500 console_kind: novnc
501 serial:
502 spice:
503 compute:
504 # IF blank, search default routing interface
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]505 server_proxyclient_interface: null
506 # or set network cidr
507 server_proxyclient_network_cidr: 0/0
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]508 proxy:
509 # IF blank, search default routing interface
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]510 server_proxyclient_interface: null
511 # or set network cidr
512 server_proxyclient_network_cidr: 0/0
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]513 novnc:
514 compute:
515 # IF blank, search default routing interface
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]516 vncserver_proxyclient_interface: null
517 # or set network cidr
518 vncserver_proxyclient_network_cidr: 0/0
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]519 vncproxy:
520 # IF blank, search default routing interface
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]521 vncserver_proxyclient_interface: null
522 # or set network cidr
523 vncserver_proxyclient_network_cidr: 0/0
Rico Lin885c5152023-11-02 01:28:20 +0800[diff] [blame]524 address_search_enabled: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]525
526ceph_client:
527 configmap: ceph-etc
528 user_secret_name: pvc-ceph-client-key
529
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]530rbd_pool:
531 app_name: nova-vms
532 replication: 3
533 crush_rule: replicated_rule
534 chunk_size: 8
535
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]536conf:
537 security: |
538 #
539 # Disable access to the entire file system except for the directories that
540 # are explicitly allowed later.
541 #
542 # This currently breaks the configurations that come with some web application
543 # Debian packages.
544 #
545 #<Directory />
546 # AllowOverride None
547 # Require all denied
548 #</Directory>
549
550 # Changing the following options will not really affect the security of the
551 # server, but might make attacks slightly more difficult in some cases.
552
553 #
554 # ServerTokens
555 # This directive configures what you return as the Server HTTP response
556 # Header. The default is 'Full' which sends information about the OS-Type
557 # and compiled in modules.
558 # Set to one of: Full | OS | Minimal | Minor | Major | Prod
559 # where Full conveys the most information, and Prod the least.
560 ServerTokens Prod
561
562 #
563 # Optionally add a line containing the server version and virtual host
564 # name to server-generated pages (internal error documents, FTP directory
565 # listings, mod_status and mod_info output etc., but not CGI generated
566 # documents or custom error documents).
567 # Set to "EMail" to also include a mailto: link to the ServerAdmin.
568 # Set to one of: On | Off | EMail
569 ServerSignature Off
570
571 #
572 # Allow TRACE method
573 #
574 # Set to "extended" to also reflect the request body (only for testing and
575 # diagnostic purposes).
576 #
577 # Set to one of: On | Off | extended
578 TraceEnable Off
579
580 #
581 # Forbid access to version control directories
582 #
583 # If you use version control systems in your document root, you should
584 # probably deny access to their directories. For example, for subversion:
585 #
586 #<DirectoryMatch "/\.svn">
587 # Require all denied
588 #</DirectoryMatch>
589
590 #
591 # Setting this header will prevent MSIE from interpreting files as something
592 # else than declared by the content type in the HTTP headers.
593 # Requires mod_headers to be enabled.
594 #
595 #Header set X-Content-Type-Options: "nosniff"
596
597 #
598 # Setting this header will prevent other sites from embedding pages from this
599 # site as frames. This defends against clickjacking attacks.
600 # Requires mod_headers to be enabled.
601 #
602 #Header set X-Frame-Options: "sameorigin"
603 software:
604 apache2:
605 binary: apache2
606 start_parameters: -DFOREGROUND
607 conf_dir: /etc/apache2/conf-enabled
608 site_dir: /etc/apache2/sites-enable
609 mods_dir: /etc/apache2/mods-available
610 a2enmod: null
611 a2dismod: null
612 ceph:
613 enabled: true
614 admin_keyring: null
615 cinder:
616 user: "cinder"
617 keyring: null
618 secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
619 rally_tests:
620 run_tempest: false
621 clean_up: |
622 FLAVORS=$(openstack flavor list -f value --all | awk '$2 ~ /^s_rally_/ { print $1 }')
623 if [ -n "$FLAVORS" ]; then
624 echo $FLAVORS | xargs openstack flavor delete
625 fi
626 SERVERS=$(openstack server list -f value --all | awk '$2 ~ /^s_rally_/ { print $1 }')
627 if [ -n "$SERVERS" ]; then
628 echo $SERVERS | xargs openstack server delete
629 fi
630 IMAGES=$(openstack image list -f value | awk '$2 ~ /^c_rally_/ { print $1 }')
631 if [ -n "$IMAGES" ]; then
632 echo $IMAGES | xargs openstack image delete
633 fi
634 tests:
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]635 NovaAggregates.create_and_get_aggregate_details:
636 - args:
637 availability_zone: nova
638 runner:
639 concurrency: 1
640 times: 1
641 type: constant
642 sla:
643 failure_rate:
644 max: 0
645 NovaAggregates.create_and_update_aggregate:
646 - args:
647 availability_zone: nova
648 runner:
649 concurrency: 1
650 times: 1
651 type: constant
652 sla:
653 failure_rate:
654 max: 0
655 NovaAggregates.list_aggregates:
656 - runner:
657 concurrency: 1
658 times: 1
659 type: constant
660 sla:
661 failure_rate:
662 max: 0
663 NovaAvailabilityZones.list_availability_zones:
664 - args:
665 detailed: true
666 runner:
667 concurrency: 1
668 times: 1
669 type: constant
670 sla:
671 failure_rate:
672 max: 0
673 NovaFlavors.create_and_delete_flavor:
674 - args:
675 disk: 1
676 ram: 500
677 vcpus: 1
678 runner:
679 concurrency: 1
680 times: 1
681 type: constant
682 sla:
683 failure_rate:
684 max: 0
685 NovaFlavors.create_and_list_flavor_access:
686 - args:
687 disk: 1
688 ram: 500
689 vcpus: 1
690 runner:
691 concurrency: 1
692 times: 1
693 type: constant
694 sla:
695 failure_rate:
696 max: 0
697 NovaFlavors.create_flavor:
698 - args:
699 disk: 1
700 ram: 500
701 vcpus: 1
702 runner:
703 concurrency: 1
704 times: 1
705 type: constant
706 sla:
707 failure_rate:
708 max: 0
709 NovaFlavors.create_flavor_and_add_tenant_access:
710 - args:
711 disk: 1
712 ram: 500
713 vcpus: 1
714 runner:
715 concurrency: 1
716 times: 1
717 type: constant
718 sla:
719 failure_rate:
720 max: 0
721 NovaFlavors.create_flavor_and_set_keys:
722 - args:
723 disk: 1
724 extra_specs:
725 'quota:disk_read_bytes_sec': 10240
726 ram: 500
727 vcpus: 1
728 runner:
729 concurrency: 1
730 times: 1
731 type: constant
732 sla:
733 failure_rate:
734 max: 0
735 NovaFlavors.list_flavors:
736 - args:
737 detailed: true
738 runner:
739 concurrency: 1
740 times: 1
741 type: constant
742 sla:
743 failure_rate:
744 max: 0
745 NovaHypervisors.list_and_get_hypervisors:
746 - args:
747 detailed: true
748 runner:
749 concurrency: 1
750 times: 1
751 type: constant
752 sla:
753 failure_rate:
754 max: 0
755 NovaHypervisors.list_and_get_uptime_hypervisors:
756 - args:
757 detailed: true
758 runner:
759 concurrency: 1
760 times: 1
761 type: constant
762 sla:
763 failure_rate:
764 max: 0
765 NovaHypervisors.list_and_search_hypervisors:
766 - args:
767 detailed: true
768 runner:
769 concurrency: 1
770 times: 1
771 type: constant
772 sla:
773 failure_rate:
774 max: 0
775 NovaHypervisors.list_hypervisors:
776 - args:
777 detailed: true
778 runner:
779 concurrency: 1
780 times: 1
781 type: constant
782 sla:
783 failure_rate:
784 max: 0
785 NovaHypervisors.statistics_hypervisors:
786 - args: {}
787 runner:
788 concurrency: 1
789 times: 1
790 type: constant
791 sla:
792 failure_rate:
793 max: 0
794 NovaKeypair.create_and_delete_keypair:
795 - runner:
796 concurrency: 1
797 times: 1
798 type: constant
799 sla:
800 failure_rate:
801 max: 0
802 NovaKeypair.create_and_list_keypairs:
803 - runner:
804 concurrency: 1
805 times: 1
806 type: constant
807 sla:
808 failure_rate:
809 max: 0
810 NovaServerGroups.create_and_list_server_groups:
811 - args:
812 all_projects: false
813 kwargs:
814 policies:
815 - affinity
816 runner:
817 concurrency: 1
818 times: 1
819 type: constant
820 sla:
821 failure_rate:
822 max: 0
823 NovaServices.list_services:
824 - runner:
825 concurrency: 1
826 times: 1
827 type: constant
828 sla:
829 failure_rate:
830 max: 0
okozachenko120317930d42023-09-06 00:24:05 +1000[diff] [blame]831 paste:
832 composite:metadata:
833 use: egg:Paste#urlmap
834 /: meta
835 pipeline:meta:
836 pipeline: cors metaapp
837 app:metaapp:
838 paste.app_factory: nova.api.metadata.handler:MetadataRequestHandler.factory
839 composite:osapi_compute:
840 use: call:nova.api.openstack.urlmap:urlmap_factory
841 /: oscomputeversions
842 /v2: openstack_compute_api_v21_legacy_v2_compatible
843 /v2.1: openstack_compute_api_v21
844 composite:openstack_compute_api_v21:
845 use: call:nova.api.auth:pipeline_factory_v21
846 noauth2: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21
847 keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken audit keystonecontext osapi_compute_app_v21
848 composite:openstack_compute_api_v21_legacy_v2_compatible:
849 use: call:nova.api.auth:pipeline_factory_v21
850 noauth2: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit noauth2 legacy_v2_compatible osapi_compute_app_v21
851 keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken audit keystonecontext legacy_v2_compatible osapi_compute_app_v21
852 filter:request_id:
853 paste.filter_factory: oslo_middleware:RequestId.factory
854 filter:compute_req_id:
855 paste.filter_factory: nova.api.compute_req_id:ComputeReqIdMiddleware.factory
856 filter:faultwrap:
857 paste.filter_factory: nova.api.openstack:FaultWrapper.factory
858 filter:noauth2:
859 paste.filter_factory: nova.api.openstack.auth:NoAuthMiddleware.factory
860 filter:sizelimit:
861 paste.filter_factory: oslo_middleware:RequestBodySizeLimiter.factory
862 filter:http_proxy_to_wsgi:
863 paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
864 filter:legacy_v2_compatible:
865 paste.filter_factory: nova.api.openstack:LegacyV2CompatibleWrapper.factory
866 app:osapi_compute_app_v21:
867 paste.app_factory: nova.api.openstack.compute:APIRouterV21.factory
868 pipeline:oscomputeversions:
869 pipeline: faultwrap http_proxy_to_wsgi oscomputeversionapp
870 app:oscomputeversionapp:
871 paste.app_factory: nova.api.openstack.compute.versions:Versions.factory
872 filter:cors:
873 paste.filter_factory: oslo_middleware.cors:filter_factory
874 oslo_config_project: nova
875 filter:keystonecontext:
876 paste.filter_factory: nova.api.auth:NovaKeystoneContext.factory
877 filter:authtoken:
878 paste.filter_factory: keystonemiddleware.auth_token:filter_factory
879 filter:audit:
880 paste.filter_factory: keystonemiddleware.audit:filter_factory
881 audit_map_file: /etc/nova/api_audit_map.conf
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]882 policy: {}
883 nova_sudoers: |
884 # This sudoers file supports rootwrap for both Kolla and LOCI Images.
885 Defaults !requiretty
886 Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
887 nova ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/nova-rootwrap /etc/nova/rootwrap.conf *, /var/lib/openstack/bin/nova-rootwrap /etc/nova/rootwrap.conf *
888 api_audit_map:
889 DEFAULT:
890 target_endpoint_type: None
891 custom_actions:
892 enable: enable
893 disable: disable
894 delete: delete
895 startup: start/startup
896 shutdown: stop/shutdown
897 reboot: start/reboot
898 os-migrations/get: read
899 os-server-password/post: update
900 path_keywords:
901 add: None
902 action: None
903 enable: None
904 disable: None
905 configure-project: None
906 defaults: None
907 delete: None
908 detail: None
909 diagnostics: None
910 entries: entry
911 extensions: alias
912 flavors: flavor
913 images: image
914 ips: label
915 limits: None
916 metadata: key
917 os-agents: os-agent
918 os-aggregates: os-aggregate
919 os-availability-zone: None
920 os-certificates: None
921 os-cloudpipe: None
922 os-fixed-ips: ip
923 os-extra_specs: key
924 os-flavor-access: None
925 os-floating-ip-dns: domain
926 os-floating-ips-bulk: host
927 os-floating-ip-pools: None
928 os-floating-ips: floating-ip
929 os-hosts: host
930 os-hypervisors: hypervisor
931 os-instance-actions: instance-action
932 os-keypairs: keypair
933 os-migrations: None
934 os-networks: network
935 os-quota-sets: tenant
936 os-security-groups: security_group
937 os-security-group-rules: rule
938 os-server-password: None
939 os-services: None
940 os-simple-tenant-usage: tenant
941 os-virtual-interfaces: None
942 os-volume_attachments: attachment
943 os-volumes_boot: None
944 os-volumes: volume
945 os-volume-types: volume-type
946 os-snapshots: snapshot
947 reboot: None
948 servers: server
949 shutdown: None
950 startup: None
951 statistics: None
952 service_endpoints:
953 compute: service/compute
954 rootwrap: |
955 # Configuration for nova-rootwrap
956 # This file should be owned by (and only-writeable by) the root user
957
958 [DEFAULT]
959 # List of directories to load filter definitions from (separated by ',').
960 # These directories MUST all be only writeable by root !
961 filters_path=/etc/nova/rootwrap.d,/usr/share/nova/rootwrap
962
963 # List of directories to search executables in, in case filters do not
964 # explicitely specify a full path (separated by ',')
965 # If not specified, defaults to system PATH environment variable.
966 # These directories MUST all be only writeable by root !
967 exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/var/lib/openstack/bin,/var/lib/kolla/venv/bin
968
969 # Enable logging to syslog
970 # Default value is False
971 use_syslog=False
972
973 # Which syslog facility to use.
974 # Valid values include auth, authpriv, syslog, local0, local1...
975 # Default value is 'syslog'
976 syslog_log_facility=syslog
977
978 # Which messages to log.
979 # INFO means log all usage
980 # ERROR means only log unsuccessful attempts
981 syslog_log_level=ERROR
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]982 rootwrap_filters:
983 api_metadata:
984 pods:
985 - metadata
986 content: |
987 # nova-rootwrap command filters for api-metadata nodes
988 # This is needed on nova-api hosts running with "metadata" in enabled_apis
989 # or when running nova-api-metadata
990 # This file should be owned by (and only-writeable by) the root user
991
992 [Filters]
993 # nova/network/linux_net.py: 'ip[6]tables-save' % (cmd, '-t', ...
994 iptables-save: CommandFilter, iptables-save, root
995 ip6tables-save: CommandFilter, ip6tables-save, root
996
997 # nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,)
998 iptables-restore: CommandFilter, iptables-restore, root
999 ip6tables-restore: CommandFilter, ip6tables-restore, root
1000 compute:
1001 pods:
1002 - compute
1003 content: |
1004 # nova-rootwrap command filters for compute nodes
1005 # This file should be owned by (and only-writeable by) the root user
1006
1007 [Filters]
1008 # nova/virt/disk/mount/api.py: 'kpartx', '-a', device
1009 # nova/virt/disk/mount/api.py: 'kpartx', '-d', device
1010 kpartx: CommandFilter, kpartx, root
1011
1012 # nova/virt/xenapi/vm_utils.py: tune2fs, -O ^has_journal, part_path
1013 # nova/virt/xenapi/vm_utils.py: tune2fs, -j, partition_path
1014 tune2fs: CommandFilter, tune2fs, root
1015
1016 # nova/virt/disk/mount/api.py: 'mount', mapped_device
1017 # nova/virt/disk/api.py: 'mount', '-o', 'bind', src, target
1018 # nova/virt/xenapi/vm_utils.py: 'mount', '-t', 'ext2,ext3,ext4,reiserfs'..
1019 # nova/virt/configdrive.py: 'mount', device, mountdir
1020 # nova/virt/libvirt/volume.py: 'mount', '-t', 'sofs' ...
1021 mount: CommandFilter, mount, root
1022
1023 # nova/virt/disk/mount/api.py: 'umount', mapped_device
1024 # nova/virt/disk/api.py: 'umount' target
1025 # nova/virt/xenapi/vm_utils.py: 'umount', dev_path
1026 # nova/virt/configdrive.py: 'umount', mountdir
1027 umount: CommandFilter, umount, root
1028
1029 # nova/virt/disk/mount/nbd.py: 'qemu-nbd', '-c', device, image
1030 # nova/virt/disk/mount/nbd.py: 'qemu-nbd', '-d', device
1031 qemu-nbd: CommandFilter, qemu-nbd, root
1032
1033 # nova/virt/disk/mount/loop.py: 'losetup', '--find', '--show', image
1034 # nova/virt/disk/mount/loop.py: 'losetup', '--detach', device
1035 losetup: CommandFilter, losetup, root
1036
1037 # nova/virt/disk/vfs/localfs.py: 'blkid', '-o', 'value', '-s', 'TYPE', device
1038 blkid: CommandFilter, blkid, root
1039
1040 # nova/virt/libvirt/utils.py: 'blockdev', '--getsize64', path
1041 # nova/virt/disk/mount/nbd.py: 'blockdev', '--flushbufs', device
1042 blockdev: RegExpFilter, blockdev, root, blockdev, (--getsize64|--flushbufs), /dev/.*
1043
1044 # nova/virt/disk/vfs/localfs.py: 'tee', canonpath
1045 tee: CommandFilter, tee, root
1046
1047 # nova/virt/disk/vfs/localfs.py: 'mkdir', canonpath
1048 mkdir: CommandFilter, mkdir, root
1049
1050 # nova/virt/disk/vfs/localfs.py: 'chown'
1051 # nova/virt/libvirt/connection.py: 'chown', os.getuid( console_log
1052 # nova/virt/libvirt/connection.py: 'chown', os.getuid( console_log
1053 # nova/virt/libvirt/connection.py: 'chown', 'root', basepath('disk')
1054 chown: CommandFilter, chown, root
1055
1056 # nova/virt/disk/vfs/localfs.py: 'chmod'
1057 chmod: CommandFilter, chmod, root
1058
1059 # nova/virt/libvirt/vif.py: 'ip', 'tuntap', 'add', dev, 'mode', 'tap'
1060 # nova/virt/libvirt/vif.py: 'ip', 'link', 'set', dev, 'up'
1061 # nova/virt/libvirt/vif.py: 'ip', 'link', 'delete', dev
1062 # nova/network/linux_net.py: 'ip', 'addr', 'add', str(floating_ip)+'/32'i..
1063 # nova/network/linux_net.py: 'ip', 'addr', 'del', str(floating_ip)+'/32'..
1064 # nova/network/linux_net.py: 'ip', 'addr', 'add', '169.254.169.254/32',..
1065 # nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', dev, 'scope',..
1066 # nova/network/linux_net.py: 'ip', 'addr', 'del/add', ip_params, dev)
1067 # nova/network/linux_net.py: 'ip', 'addr', 'del', params, fields[-1]
1068 # nova/network/linux_net.py: 'ip', 'addr', 'add', params, bridge
1069 # nova/network/linux_net.py: 'ip', '-f', 'inet6', 'addr', 'change', ..
1070 # nova/network/linux_net.py: 'ip', 'link', 'set', 'dev', dev, 'promisc',..
1071 # nova/network/linux_net.py: 'ip', 'link', 'add', 'link', bridge_if ...
1072 # nova/network/linux_net.py: 'ip', 'link', 'set', interface, address,..
1073 # nova/network/linux_net.py: 'ip', 'link', 'set', interface, 'up'
1074 # nova/network/linux_net.py: 'ip', 'link', 'set', bridge, 'up'
1075 # nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', interface, ..
1076 # nova/network/linux_net.py: 'ip', 'link', 'set', dev, address, ..
1077 # nova/network/linux_net.py: 'ip', 'link', 'set', dev, 'up'
1078 # nova/network/linux_net.py: 'ip', 'route', 'add', ..
1079 # nova/network/linux_net.py: 'ip', 'route', 'del', .
1080 # nova/network/linux_net.py: 'ip', 'route', 'show', 'dev', dev
1081 ip: CommandFilter, ip, root
1082
1083 # nova/virt/libvirt/vif.py: 'tunctl', '-b', '-t', dev
1084 # nova/network/linux_net.py: 'tunctl', '-b', '-t', dev
1085 tunctl: CommandFilter, tunctl, root
1086
1087 # nova/virt/libvirt/vif.py: 'ovs-vsctl', ...
1088 # nova/virt/libvirt/vif.py: 'ovs-vsctl', 'del-port', ...
1089 # nova/network/linux_net.py: 'ovs-vsctl', ....
1090 ovs-vsctl: CommandFilter, ovs-vsctl, root
1091
1092 # nova/virt/libvirt/vif.py: 'vrouter-port-control', ...
1093 vrouter-port-control: CommandFilter, vrouter-port-control, root
1094
1095 # nova/virt/libvirt/vif.py: 'ebrctl', ...
1096 ebrctl: CommandFilter, ebrctl, root
1097
1098 # nova/virt/libvirt/vif.py: 'mm-ctl', ...
1099 mm-ctl: CommandFilter, mm-ctl, root
1100
1101 # nova/network/linux_net.py: 'ovs-ofctl', ....
1102 ovs-ofctl: CommandFilter, ovs-ofctl, root
1103
1104 # nova/virt/libvirt/connection.py: 'dd', if=%s % virsh_output, ...
1105 dd: CommandFilter, dd, root
1106
1107 # nova/virt/xenapi/volume_utils.py: 'iscsiadm', '-m', ...
1108 iscsiadm: CommandFilter, iscsiadm, root
1109
1110 # nova/virt/libvirt/volume/aoe.py: 'aoe-revalidate', aoedev
1111 # nova/virt/libvirt/volume/aoe.py: 'aoe-discover'
1112 aoe-revalidate: CommandFilter, aoe-revalidate, root
1113 aoe-discover: CommandFilter, aoe-discover, root
1114
1115 # nova/virt/xenapi/vm_utils.py: parted, --script, ...
1116 # nova/virt/xenapi/vm_utils.py: 'parted', '--script', dev_path, ..*.
1117 parted: CommandFilter, parted, root
1118
1119 # nova/virt/xenapi/vm_utils.py: 'pygrub', '-qn', dev_path
1120 pygrub: CommandFilter, pygrub, root
1121
1122 # nova/virt/xenapi/vm_utils.py: fdisk %(dev_path)s
1123 fdisk: CommandFilter, fdisk, root
1124
1125 # nova/virt/xenapi/vm_utils.py: e2fsck, -f, -p, partition_path
1126 # nova/virt/disk/api.py: e2fsck, -f, -p, image
1127 e2fsck: CommandFilter, e2fsck, root
1128
1129 # nova/virt/xenapi/vm_utils.py: resize2fs, partition_path
1130 # nova/virt/disk/api.py: resize2fs, image
1131 resize2fs: CommandFilter, resize2fs, root
1132
1133 # nova/network/linux_net.py: 'ip[6]tables-save' % (cmd, '-t', ...
1134 iptables-save: CommandFilter, iptables-save, root
1135 ip6tables-save: CommandFilter, ip6tables-save, root
1136
1137 # nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,)
1138 iptables-restore: CommandFilter, iptables-restore, root
1139 ip6tables-restore: CommandFilter, ip6tables-restore, root
1140
1141 # nova/network/linux_net.py: 'arping', '-U', floating_ip, '-A', '-I', ...
1142 # nova/network/linux_net.py: 'arping', '-U', network_ref['dhcp_server'],..
1143 arping: CommandFilter, arping, root
1144
1145 # nova/network/linux_net.py: 'dhcp_release', dev, address, mac_address
1146 dhcp_release: CommandFilter, dhcp_release, root
1147
1148 # nova/network/linux_net.py: 'kill', '-9', pid
1149 # nova/network/linux_net.py: 'kill', '-HUP', pid
1150 kill_dnsmasq: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP
1151
1152 # nova/network/linux_net.py: 'kill', pid
1153 kill_radvd: KillFilter, root, /usr/sbin/radvd
1154
1155 # nova/network/linux_net.py: dnsmasq call
1156 dnsmasq: EnvFilter, env, root, CONFIG_FILE=, NETWORK_ID=, dnsmasq
1157
1158 # nova/network/linux_net.py: 'radvd', '-C', '%s' % _ra_file(dev, 'conf'..
1159 radvd: CommandFilter, radvd, root
1160
1161 # nova/network/linux_net.py: 'brctl', 'addbr', bridge
1162 # nova/network/linux_net.py: 'brctl', 'setfd', bridge, 0
1163 # nova/network/linux_net.py: 'brctl', 'stp', bridge, 'off'
1164 # nova/network/linux_net.py: 'brctl', 'addif', bridge, interface
1165 brctl: CommandFilter, brctl, root
1166
1167 # nova/virt/libvirt/utils.py: 'mkswap'
1168 # nova/virt/xenapi/vm_utils.py: 'mkswap'
1169 mkswap: CommandFilter, mkswap, root
1170
1171 # nova/virt/libvirt/utils.py: 'nova-idmapshift'
1172 nova-idmapshift: CommandFilter, nova-idmapshift, root
1173
1174 # nova/virt/xenapi/vm_utils.py: 'mkfs'
1175 # nova/utils.py: 'mkfs', fs, path, label
1176 mkfs: CommandFilter, mkfs, root
1177
1178 # nova/virt/libvirt/utils.py: 'qemu-img'
1179 qemu-img: CommandFilter, qemu-img, root
1180
1181 # nova/virt/disk/vfs/localfs.py: 'readlink', '-e'
1182 readlink: CommandFilter, readlink, root
1183
1184 # nova/virt/disk/api.py:
1185 mkfs.ext3: CommandFilter, mkfs.ext3, root
1186 mkfs.ext4: CommandFilter, mkfs.ext4, root
1187 mkfs.ntfs: CommandFilter, mkfs.ntfs, root
1188
1189 # nova/virt/libvirt/connection.py:
1190 lvremove: CommandFilter, lvremove, root
1191
1192 # nova/virt/libvirt/utils.py:
1193 lvcreate: CommandFilter, lvcreate, root
1194
1195 # nova/virt/libvirt/utils.py:
1196 lvs: CommandFilter, lvs, root
1197
1198 # nova/virt/libvirt/utils.py:
1199 vgs: CommandFilter, vgs, root
1200
1201 # nova/utils.py:read_file_as_root: 'cat', file_path
1202 # (called from nova/virt/disk/vfs/localfs.py:VFSLocalFS.read_file)
1203 read_passwd: RegExpFilter, cat, root, cat, (/var|/usr)?/tmp/openstack-vfs-localfs[^/]+/etc/passwd
1204 read_shadow: RegExpFilter, cat, root, cat, (/var|/usr)?/tmp/openstack-vfs-localfs[^/]+/etc/shadow
1205
1206 # os-brick needed commands
1207 read_initiator: ReadFileFilter, /etc/iscsi/initiatorname.iscsi
1208 multipath: CommandFilter, multipath, root
1209 # multipathd show status
1210 multipathd: CommandFilter, multipathd, root
1211 systool: CommandFilter, systool, root
1212 vgc-cluster: CommandFilter, vgc-cluster, root
1213 # os_brick/initiator/connector.py
1214 drv_cfg: CommandFilter, /opt/emc/scaleio/sdc/bin/drv_cfg, root, /opt/emc/scaleio/sdc/bin/drv_cfg, --query_guid
1215
1216 # TODO(smcginnis) Temporary fix.
1217 # Need to pull in os-brick os-brick.filters file instead and clean
1218 # out stale brick values from this file.
1219 scsi_id: CommandFilter, /lib/udev/scsi_id, root
1220 # os_brick.privileged.default oslo.privsep context
1221 # This line ties the superuser privs with the config files, context name,
1222 # and (implicitly) the actual python code invoked.
1223 privsep-rootwrap: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, os_brick.privileged.default, --privsep_sock_path, /tmp/.*
1224
1225 # nova/storage/linuxscsi.py: sg_scan device
1226 sg_scan: CommandFilter, sg_scan, root
1227
1228 # nova/volume/encryptors/cryptsetup.py:
1229 # nova/volume/encryptors/luks.py:
1230 ln: RegExpFilter, ln, root, ln, --symbolic, --force, /dev/mapper/crypt-.+, .+
1231
1232 # nova/volume/encryptors.py:
1233 # nova/virt/libvirt/dmcrypt.py:
1234 cryptsetup: CommandFilter, cryptsetup, root
1235
1236 # nova/virt/xenapi/vm_utils.py:
1237 xenstore-read: CommandFilter, xenstore-read, root
1238
1239 # nova/virt/libvirt/utils.py:
1240 rbd: CommandFilter, rbd, root
1241
1242 # nova/virt/libvirt/utils.py: 'shred', '-n3', '-s%d' % volume_size, path
1243 shred: CommandFilter, shred, root
1244
1245 # nova/virt/libvirt/volume.py: 'cp', '/dev/stdin', delete_control..
1246 cp: CommandFilter, cp, root
1247
1248 # nova/virt/xenapi/vm_utils.py:
1249 sync: CommandFilter, sync, root
1250
1251 # nova/virt/libvirt/imagebackend.py:
1252 ploop: RegExpFilter, ploop, root, ploop, restore-descriptor, .*
1253 prl_disk_tool: RegExpFilter, prl_disk_tool, root, prl_disk_tool, resize, --size, .*M$, --resize_partition, --hdd, .*
1254
1255 # nova/virt/libvirt/utils.py: 'xend', 'status'
1256 xend: CommandFilter, xend, root
1257
1258 # nova/virt/libvirt/utils.py:
1259 touch: CommandFilter, touch, root
1260
1261 # nova/virt/libvirt/volume/vzstorage.py
1262 pstorage-mount: CommandFilter, pstorage-mount, root
1263 network:
1264 pods:
1265 - compute
1266 content: |
1267 # nova-rootwrap command filters for network nodes
1268 # This file should be owned by (and only-writeable by) the root user
1269
1270 [Filters]
1271 # nova/virt/libvirt/vif.py: 'ip', 'tuntap', 'add', dev, 'mode', 'tap'
1272 # nova/virt/libvirt/vif.py: 'ip', 'link', 'set', dev, 'up'
1273 # nova/virt/libvirt/vif.py: 'ip', 'link', 'delete', dev
1274 # nova/network/linux_net.py: 'ip', 'addr', 'add', str(floating_ip)+'/32'i..
1275 # nova/network/linux_net.py: 'ip', 'addr', 'del', str(floating_ip)+'/32'..
1276 # nova/network/linux_net.py: 'ip', 'addr', 'add', '169.254.169.254/32',..
1277 # nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', dev, 'scope',..
1278 # nova/network/linux_net.py: 'ip', 'addr', 'del/add', ip_params, dev)
1279 # nova/network/linux_net.py: 'ip', 'addr', 'del', params, fields[-1]
1280 # nova/network/linux_net.py: 'ip', 'addr', 'add', params, bridge
1281 # nova/network/linux_net.py: 'ip', '-f', 'inet6', 'addr', 'change', ..
1282 # nova/network/linux_net.py: 'ip', 'link', 'set', 'dev', dev, 'promisc',..
1283 # nova/network/linux_net.py: 'ip', 'link', 'add', 'link', bridge_if ...
1284 # nova/network/linux_net.py: 'ip', 'link', 'set', interface, address,..
1285 # nova/network/linux_net.py: 'ip', 'link', 'set', interface, 'up'
1286 # nova/network/linux_net.py: 'ip', 'link', 'set', bridge, 'up'
1287 # nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', interface, ..
1288 # nova/network/linux_net.py: 'ip', 'link', 'set', dev, address, ..
1289 # nova/network/linux_net.py: 'ip', 'link', 'set', dev, 'up'
1290 # nova/network/linux_net.py: 'ip', 'route', 'add', ..
1291 # nova/network/linux_net.py: 'ip', 'route', 'del', .
1292 # nova/network/linux_net.py: 'ip', 'route', 'show', 'dev', dev
1293 ip: CommandFilter, ip, root
1294
1295 # nova/virt/libvirt/vif.py: 'ovs-vsctl', ...
1296 # nova/virt/libvirt/vif.py: 'ovs-vsctl', 'del-port', ...
1297 # nova/network/linux_net.py: 'ovs-vsctl', ....
1298 ovs-vsctl: CommandFilter, ovs-vsctl, root
1299
1300 # nova/network/linux_net.py: 'ovs-ofctl', ....
1301 ovs-ofctl: CommandFilter, ovs-ofctl, root
1302
1303 # nova/virt/libvirt/vif.py: 'ivs-ctl', ...
1304 # nova/virt/libvirt/vif.py: 'ivs-ctl', 'del-port', ...
1305 # nova/network/linux_net.py: 'ivs-ctl', ....
1306 ivs-ctl: CommandFilter, ivs-ctl, root
1307
1308 # nova/virt/libvirt/vif.py: 'ifc_ctl', ...
1309 ifc_ctl: CommandFilter, /opt/pg/bin/ifc_ctl, root
1310
1311 # nova/network/linux_net.py: 'ebtables', '-D' ...
1312 # nova/network/linux_net.py: 'ebtables', '-I' ...
1313 ebtables: CommandFilter, ebtables, root
1314 ebtables_usr: CommandFilter, ebtables, root
1315
1316 # nova/network/linux_net.py: 'ip[6]tables-save' % (cmd, '-t', ...
1317 iptables-save: CommandFilter, iptables-save, root
1318 ip6tables-save: CommandFilter, ip6tables-save, root
1319
1320 # nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,)
1321 iptables-restore: CommandFilter, iptables-restore, root
1322 ip6tables-restore: CommandFilter, ip6tables-restore, root
1323
1324 # nova/network/linux_net.py: 'arping', '-U', floating_ip, '-A', '-I', ...
1325 # nova/network/linux_net.py: 'arping', '-U', network_ref['dhcp_server'],..
1326 arping: CommandFilter, arping, root
1327
1328 # nova/network/linux_net.py: 'dhcp_release', dev, address, mac_address
1329 dhcp_release: CommandFilter, dhcp_release, root
1330
1331 # nova/network/linux_net.py: 'kill', '-9', pid
1332 # nova/network/linux_net.py: 'kill', '-HUP', pid
1333 kill_dnsmasq: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP
1334
1335 # nova/network/linux_net.py: 'kill', pid
1336 kill_radvd: KillFilter, root, /usr/sbin/radvd
1337
1338 # nova/network/linux_net.py: dnsmasq call
1339 dnsmasq: EnvFilter, env, root, CONFIG_FILE=, NETWORK_ID=, dnsmasq
1340
1341 # nova/network/linux_net.py: 'radvd', '-C', '%s' % _ra_file(dev, 'conf'..
1342 radvd: CommandFilter, radvd, root
1343
1344 # nova/network/linux_net.py: 'brctl', 'addbr', bridge
1345 # nova/network/linux_net.py: 'brctl', 'setfd', bridge, 0
1346 # nova/network/linux_net.py: 'brctl', 'stp', bridge, 'off'
1347 # nova/network/linux_net.py: 'brctl', 'addif', bridge, interface
1348 brctl: CommandFilter, brctl, root
1349
1350 # nova/network/linux_net.py: 'sysctl', ....
1351 sysctl: CommandFilter, sysctl, root
1352
1353 # nova/network/linux_net.py: 'conntrack'
1354 conntrack: CommandFilter, conntrack, root
1355
1356 # nova/network/linux_net.py: 'fp-vdev'
1357 fp-vdev: CommandFilter, fp-vdev, root
1358 nova_ironic:
1359 DEFAULT:
1360 scheduler_host_manager: ironic_host_manager
1361 compute_driver: ironic.IronicDriver
1362 ram_allocation_ratio: 1.0
1363 cpu_allocation_ratio: 1.0
1364 reserved_host_memory_mb: 0
1365 libvirt:
Rico Lin885c5152023-11-02 01:28:20 +0800[diff] [blame]1366 address_search_enabled: true
1367 # When "address_search_enabled", get the IP address to be used as the target for live migration
1368 # traffic using interface name.
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1369 # If this option is set to None, the hostname of the migration target compute node will be used.
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]1370 live_migration_interface: null
1371 # or set cidr
1372 live_migration_network_cidr: 0/0
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1373 hypervisor:
Rico Lin885c5152023-11-02 01:28:20 +0800[diff] [blame]1374 address_search_enabled: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1375 # my_ip can be set automatically through this interface name.
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]1376 host_interface: null
1377 # If host_interface is null there is a fallback mechanism to search
1378 # for interface with routing using host network cidr.
1379 host_network_cidr: 0/0
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1380 # This list is the keys to exclude from the config file ingested by nova-compute
1381 nova_compute_redactions:
1382 - database
1383 - api_database
1384 - cell0_database
1385 nova:
1386 DEFAULT:
1387 log_config_append: /etc/nova/logging.conf
1388 default_ephemeral_format: ext4
1389 ram_allocation_ratio: 1.0
1390 disk_allocation_ratio: 1.0
1391 cpu_allocation_ratio: 3.0
1392 state_path: /var/lib/nova
1393 osapi_compute_listen: 0.0.0.0
1394 # NOTE(portdirect): the bind port should not be defined, and is manipulated
1395 # via the endpoints section.
1396 osapi_compute_listen_port: null
1397 osapi_compute_workers: 1
1398 metadata_workers: 1
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1399 compute_driver: libvirt.LibvirtDriver
1400 my_ip: 0.0.0.0
1401 instance_usage_audit: True
1402 instance_usage_audit_period: hour
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1403 resume_guests_state_on_host_boot: True
1404 vnc:
Mohammed Naser56484d72023-07-10 17:08:26 -0400[diff] [blame]1405 auth_schemes: none
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1406 novncproxy_host: 0.0.0.0
Mohammed Nasere4c14ad2023-03-24 19:50:39 +0000[diff] [blame]1407 server_listen: 0.0.0.0
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1408 # This would be set by each compute nodes's ip
1409 # server_proxyclient_address: 127.0.0.1
1410 spice:
1411 html5proxy_host: 0.0.0.0
1412 server_listen: 0.0.0.0
1413 # This would be set by each compute nodes's ip
1414 # server_proxyclient_address: 127.0.0.1
1415 conductor:
1416 workers: 1
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]1417 scheduler:
1418 max_attempts: 10
1419 discover_hosts_in_cells_interval: -1
1420 workers: 1
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1421 oslo_policy:
1422 policy_file: /etc/nova/policy.yaml
1423 oslo_concurrency:
1424 lock_path: /var/lib/nova/tmp
1425 oslo_middleware:
1426 enable_proxy_headers_parsing: true
1427 glance:
1428 num_retries: 3
1429 ironic:
1430 api_endpoint: null
1431 auth_url: null
1432 neutron:
1433 metadata_proxy_shared_secret: "password"
1434 service_metadata_proxy: True
1435 auth_type: password
1436 auth_version: v3
okozachenko1203567fc082023-08-21 22:50:02 +1000[diff] [blame]1437 cinder:
1438 catalog_info: volumev3::internalURL
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1439 database:
1440 max_retries: -1
1441 api_database:
1442 max_retries: -1
1443 cell0_database:
1444 max_retries: -1
1445 keystone_authtoken:
okozachenko1203567fc082023-08-21 22:50:02 +1000[diff] [blame]1446 service_token_roles: service
1447 service_token_roles_required: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1448 auth_type: password
1449 auth_version: v3
1450 memcache_security_strategy: ENCRYPT
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1451 service_type: compute
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]1452 notifications:
1453 notify_on_state_change: vm_and_task_state
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1454 service_user:
1455 auth_type: password
okozachenko1203567fc082023-08-21 22:50:02 +1000[diff] [blame]1456 send_service_user_token: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1457 libvirt:
1458 connection_uri: "qemu+unix:///system?socket=/run/libvirt/libvirt-sock"
1459 images_type: qcow2
1460 images_rbd_pool: vms
1461 images_rbd_ceph_conf: /etc/ceph/ceph.conf
1462 rbd_user: cinder
1463 rbd_secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
1464 disk_cachemodes: "network=writeback"
1465 hw_disk_discard: unmap
1466 upgrade_levels:
1467 compute: auto
1468 cache:
1469 enabled: true
1470 backend: dogpile.cache.memcached
1471 wsgi:
1472 api_paste_config: /etc/nova/api-paste.ini
1473 oslo_messaging_notifications:
1474 driver: messagingv2
1475 oslo_messaging_rabbit:
1476 rabbit_ha_queues: true
1477 placement:
1478 auth_type: password
1479 auth_version: v3
1480 logging:
1481 loggers:
1482 keys:
1483 - root
1484 - nova
1485 - os.brick
1486 handlers:
1487 keys:
1488 - stdout
1489 - stderr
1490 - "null"
1491 formatters:
1492 keys:
1493 - context
1494 - default
1495 logger_root:
1496 level: WARNING
1497 handlers: 'null'
1498 logger_nova:
1499 level: INFO
1500 handlers:
1501 - stdout
1502 qualname: nova
1503 logger_os.brick:
1504 level: INFO
1505 handlers:
1506 - stdout
1507 qualname: os.brick
1508 logger_amqp:
1509 level: WARNING
1510 handlers: stderr
1511 qualname: amqp
1512 logger_amqplib:
1513 level: WARNING
1514 handlers: stderr
1515 qualname: amqplib
1516 logger_eventletwsgi:
1517 level: WARNING
1518 handlers: stderr
1519 qualname: eventlet.wsgi.server
1520 logger_sqlalchemy:
1521 level: WARNING
1522 handlers: stderr
1523 qualname: sqlalchemy
1524 logger_boto:
1525 level: WARNING
1526 handlers: stderr
1527 qualname: boto
1528 handler_null:
1529 class: logging.NullHandler
1530 formatter: default
1531 args: ()
1532 handler_stdout:
1533 class: StreamHandler
1534 args: (sys.stdout,)
1535 formatter: context
1536 handler_stderr:
1537 class: StreamHandler
1538 args: (sys.stderr,)
1539 formatter: context
1540 formatter_context:
1541 class: oslo_log.formatters.ContextFormatter
1542 datefmt: "%Y-%m-%d %H:%M:%S"
1543 formatter_default:
1544 format: "%(message)s"
1545 datefmt: "%Y-%m-%d %H:%M:%S"
1546 rabbitmq:
1547 # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
1548 policies:
1549 - vhost: "nova"
1550 name: "ha_ttl_nova"
1551 definition:
1552 # mirror messges to other nodes in rmq cluster
1553 ha-mode: "all"
1554 ha-sync-mode: "automatic"
1555 # 70s
1556 message-ttl: 70000
1557 priority: 0
1558 apply-to: all
1559 pattern: '^(?!(amq\.|reply_)).*'
1560 enable_iscsi: false
1561 archive_deleted_rows:
1562 purge_deleted_rows: false
1563 until_completion: true
1564 all_cells: false
1565 max_rows:
1566 enabled: False
1567 rows: 1000
1568 before:
1569 enabled: false
1570 date: 'nil'
Mohammed Naser69247252023-09-26 22:23:46 -0400[diff] [blame]1571 nova_api_uwsgi:
1572 uwsgi:
1573 add-header: "Connection: close"
1574 buffer-size: 65535
1575 die-on-term: true
1576 enable-threads: true
1577 exit-on-reload: false
1578 hook-master-start: unix_signal:15 gracefully_kill_them_all
1579 lazy-apps: true
1580 log-x-forwarded-for: true
1581 master: true
1582 procname-prefix-spaced: "nova-api:"
1583 route-user-agent: '^kube-probe.* donotlog:'
1584 thunder-lock: true
1585 worker-reload-mercy: 80
1586 wsgi-file: /var/lib/openstack/bin/nova-api-wsgi
1587 nova_metadata_uwsgi:
1588 uwsgi:
1589 add-header: "Connection: close"
1590 buffer-size: 65535
1591 die-on-term: true
1592 enable-threads: true
1593 exit-on-reload: false
1594 hook-master-start: unix_signal:15 gracefully_kill_them_all
1595 lazy-apps: true
1596 log-x-forwarded-for: true
1597 master: true
1598 procname-prefix-spaced: "nova-metadata:"
1599 route-user-agent: '^kube-probe.* donotlog:'
1600 thunder-lock: true
1601 worker-reload-mercy: 80
1602 wsgi-file: /var/lib/openstack/bin/nova-metadata-wsgi
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1603
1604# Names of secrets used by bootstrap and environmental checks
1605secrets:
1606 identity:
1607 admin: nova-keystone-admin
1608 nova: nova-keystone-user
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1609 test: nova-keystone-test
1610 oslo_db:
1611 admin: nova-db-admin
1612 nova: nova-db-user
1613 oslo_db_api:
1614 admin: nova-db-api-admin
1615 nova: nova-db-api-user
1616 oslo_db_cell0:
1617 admin: nova-db-cell0-admin
1618 nova: nova-db-cell0-user
1619 oslo_messaging:
1620 admin: nova-rabbitmq-admin
1621 nova: nova-rabbitmq-user
1622 tls:
1623 compute:
1624 osapi:
1625 public: nova-tls-public
1626 internal: nova-tls-api
1627 compute_novnc_proxy:
1628 novncproxy:
1629 public: nova-novncproxy-tls-public
1630 internal: nova-novncproxy-tls-proxy
okozachenko1203ea639e72023-08-30 23:25:38 +1000[diff] [blame]1631 vencrypt:
1632 internal: nova-novncproxy-vencrypt
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1633 compute_metadata:
1634 metadata:
1635 public: metadata-tls-public
1636 internal: metadata-tls-metadata
1637 compute_spice_proxy:
1638 spiceproxy:
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]1639 public: nova-spiceproxy-tls-public
1640 internal: nova-spiceproxy-tls-proxy
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]1641 oci_image_registry:
1642 nova: nova-oci-image-registry
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1643
1644# typically overridden by environmental
1645# values, but should include all endpoints
1646# required by this chart
1647endpoints:
1648 cluster_domain_suffix: cluster.local
1649 local_image_registry:
1650 name: docker-registry
1651 namespace: docker-registry
1652 hosts:
1653 default: localhost
1654 internal: docker-registry
1655 node: localhost
1656 host_fqdn_override:
1657 default: null
1658 port:
1659 registry:
1660 node: 5000
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]1661 oci_image_registry:
1662 name: oci-image-registry
1663 namespace: oci-image-registry
1664 auth:
1665 enabled: false
1666 nova:
1667 username: nova
1668 password: password
1669 hosts:
1670 default: localhost
1671 host_fqdn_override:
1672 default: null
1673 port:
1674 registry:
1675 default: null
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1676 oslo_db:
1677 auth:
1678 admin:
1679 username: root
1680 password: password
1681 secret:
1682 tls:
1683 internal: mariadb-tls-direct
1684 nova:
1685 username: nova
1686 password: password
1687 hosts:
1688 default: mariadb
1689 host_fqdn_override:
1690 default: null
1691 path: /nova
1692 scheme: mysql+pymysql
1693 port:
1694 mysql:
1695 default: 3306
1696 oslo_db_api:
1697 auth:
1698 admin:
1699 username: root
1700 password: password
1701 nova:
1702 username: nova
1703 password: password
1704 hosts:
1705 default: mariadb
1706 host_fqdn_override:
1707 default: null
1708 path: /nova_api
1709 scheme: mysql+pymysql
1710 port:
1711 mysql:
1712 default: 3306
1713 oslo_db_cell0:
1714 auth:
1715 admin:
1716 username: root
1717 password: password
1718 nova:
1719 username: nova
1720 password: password
1721 hosts:
1722 default: mariadb
1723 host_fqdn_override:
1724 default: null
1725 path: /nova_cell0
1726 scheme: mysql+pymysql
1727 port:
1728 mysql:
1729 default: 3306
1730 oslo_messaging:
1731 auth:
1732 admin:
1733 username: rabbitmq
1734 password: password
1735 secret:
1736 tls:
1737 internal: rabbitmq-tls-direct
1738 nova:
1739 username: nova
1740 password: password
1741 statefulset:
1742 replicas: 2
1743 name: rabbitmq-rabbitmq
1744 hosts:
1745 default: rabbitmq
1746 host_fqdn_override:
1747 default: null
1748 path: /nova
1749 scheme: rabbit
1750 port:
1751 amqp:
1752 default: 5672
1753 http:
1754 default: 15672
1755 oslo_cache:
1756 auth:
1757 # NOTE(portdirect): this is used to define the value for keystone
1758 # authtoken cache encryption key, if not set it will be populated
1759 # automatically with a random value, but to take advantage of
1760 # this feature all services should be set to use the same key,
1761 # and memcache service.
1762 memcache_secret_key: null
1763 hosts:
1764 default: memcached
1765 host_fqdn_override:
1766 default: null
1767 port:
1768 memcache:
1769 default: 11211
1770 identity:
1771 name: keystone
1772 auth:
1773 admin:
1774 region_name: RegionOne
1775 username: admin
1776 password: password
1777 project_name: admin
1778 user_domain_name: default
1779 project_domain_name: default
1780 nova:
okozachenko1203567fc082023-08-21 22:50:02 +1000[diff] [blame]1781 role: admin,service
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1782 region_name: RegionOne
1783 username: nova
1784 password: password
1785 project_name: service
1786 user_domain_name: service
1787 project_domain_name: service
1788 # NOTE(portdirect): the neutron user is not managed by the nova chart
1789 # these values should match those set in the neutron chart.
1790 neutron:
1791 region_name: RegionOne
1792 project_name: service
1793 user_domain_name: service
1794 project_domain_name: service
1795 username: neutron
1796 password: password
1797 # NOTE(portdirect): the ironic user is not managed by the nova chart
1798 # these values should match those set in the ironic chart.
1799 ironic:
1800 auth_type: password
1801 auth_version: v3
1802 region_name: RegionOne
1803 project_name: service
1804 user_domain_name: service
1805 project_domain_name: service
1806 username: ironic
1807 password: password
1808 placement:
1809 role: admin
1810 region_name: RegionOne
1811 username: placement
1812 password: password
1813 project_name: service
1814 user_domain_name: service
1815 project_domain_name: service
okozachenko1203567fc082023-08-21 22:50:02 +1000[diff] [blame]1816 cinder:
1817 role: admin,service
1818 region_name: RegionOne
1819 username: cinder
1820 password: password
1821 project_name: service
1822 user_domain_name: service
1823 project_domain_name: service
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1824 test:
1825 role: admin
1826 region_name: RegionOne
1827 username: nova-test
1828 password: password
1829 project_name: test
1830 user_domain_name: service
1831 project_domain_name: service
1832 hosts:
1833 default: keystone
1834 internal: keystone-api
1835 host_fqdn_override:
1836 default: null
1837 path:
1838 default: /v3
1839 scheme:
1840 default: http
1841 port:
1842 api:
1843 default: 80
1844 internal: 5000
1845 image:
1846 name: glance
1847 hosts:
1848 default: glance-api
1849 public: glance
1850 host_fqdn_override:
1851 default: null
1852 path:
1853 default: null
1854 scheme:
1855 default: http
1856 port:
1857 api:
1858 default: 9292
1859 public: 80
1860 compute:
1861 name: nova
1862 hosts:
1863 default: nova-api
1864 public: nova
1865 host_fqdn_override:
1866 default: null
1867 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
1868 # endpoints using the following format:
1869 # public:
1870 # host: null
1871 # tls:
1872 # crt: null
1873 # key: null
1874 path:
1875 default: "/v2.1/%(tenant_id)s"
1876 scheme:
1877 default: 'http'
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]1878 service: 'http'
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1879 port:
1880 api:
1881 default: 8774
1882 public: 80
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]1883 service: 8774
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1884 novncproxy:
1885 default: 6080
1886 compute_metadata:
1887 name: nova
1888 ip:
1889 # IF blank, set clusterIP and metadata_host dynamically
1890 ingress: null
1891 hosts:
1892 default: nova-metadata
1893 public: metadata
1894 host_fqdn_override:
1895 default: null
1896 path:
1897 default: /
1898 scheme:
1899 default: 'http'
1900 port:
1901 metadata:
1902 default: 8775
1903 public: 80
1904 compute_novnc_proxy:
1905 name: nova
1906 hosts:
1907 default: nova-novncproxy
1908 public: novncproxy
1909 host_fqdn_override:
1910 default: null
1911 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
1912 # endpoints using the following format:
1913 # public:
1914 # host: null
1915 # tls:
1916 # crt: null
1917 # key: null
1918 path:
1919 default: /vnc_auto.html
1920 scheme:
1921 default: 'http'
1922 port:
1923 novnc_proxy:
1924 default: 6080
1925 public: 80
okozachenko1203ea639e72023-08-30 23:25:38 +1000[diff] [blame]1926 # This endpoint is only to allow configuring the cert used specifically for
1927 # vencrypt. Specifically, the same CA/issuer needs to be used to sign both
1928 # this cert, and the libvirt/qemu certs.
1929 compute_novnc_vencrypt:
1930 hosts:
1931 default: nova-novncproxy
1932 host_fqdn_override:
1933 default:
1934 commonName: nova-novncproxy
1935 usages:
1936 - client auth
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1937 compute_spice_proxy:
1938 name: nova
1939 hosts:
1940 default: nova-spiceproxy
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]1941 public: spiceproxy
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1942 host_fqdn_override:
1943 default: null
1944 path:
1945 default: /spice_auto.html
1946 scheme:
1947 default: 'http'
1948 port:
1949 spice_proxy:
1950 default: 6082
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]1951 public: 80
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1952 placement:
1953 name: placement
1954 hosts:
1955 default: placement-api
1956 public: placement
1957 host_fqdn_override:
1958 default: null
1959 path:
1960 default: /
1961 scheme:
1962 default: 'http'
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]1963 service: 'http'
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1964 port:
1965 api:
1966 default: 8778
1967 public: 80
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]1968 service: 8778
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1969 network:
1970 name: neutron
1971 hosts:
1972 default: neutron-server
1973 public: neutron
1974 host_fqdn_override:
1975 default: null
1976 path:
1977 default: null
1978 scheme:
1979 default: 'http'
1980 port:
1981 api:
1982 default: 9696
1983 public: 80
1984 baremetal:
1985 name: ironic
1986 hosts:
1987 default: ironic-api
1988 public: ironic
1989 host_fqdn_override:
1990 default: null
1991 path:
1992 default: null
1993 scheme:
1994 default: http
1995 port:
1996 api:
1997 default: 6385
1998 public: 80
1999 fluentd:
2000 namespace: null
2001 name: fluentd
2002 hosts:
2003 default: fluentd-logging
2004 host_fqdn_override:
2005 default: null
2006 path:
2007 default: null
2008 scheme: 'http'
2009 port:
2010 service:
2011 default: 24224
2012 metrics:
2013 default: 24220
2014 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
2015 # They are using to enable the Egress K8s network policy.
2016 kube_dns:
2017 namespace: kube-system
2018 name: kubernetes-dns
2019 hosts:
2020 default: kube-dns
2021 host_fqdn_override:
2022 default: null
2023 path:
2024 default: null
2025 scheme: http
2026 port:
2027 dns:
2028 default: 53
2029 protocol: UDP
2030 ingress:
2031 namespace: null
2032 name: ingress
2033 hosts:
2034 default: ingress
2035 port:
2036 ingress:
2037 default: 80
2038
2039pod:
Dong Ma68cb6c62025-02-11 16:47:00 +0000[diff] [blame^]2040 priorityClassName:
2041 nova_compute: null
2042 nova_api_metadata: null
2043 nova_api_osapi: null
2044 nova_conductor: null
2045 nova_novncproxy: null
2046 nova_scheduler: null
2047 nova_spiceproxy: null
2048 nova_archive_deleted_rows: null
2049 nova_cell_setup: null
2050 nova_service_cleaner: null
2051 nova_compute_ironic: null
2052 nova_tests: null
2053 db_sync: null
2054 runtimeClassName:
2055 nova_compute: null
2056 nova_api_metadata: null
2057 nova_api_osapi: null
2058 nova_conductor: null
2059 nova_novncproxy: null
2060 nova_scheduler: null
2061 nova_spiceproxy: null
2062 nova_archive_deleted_rows: null
2063 nova_cell_setup: null
2064 nova_service_cleaner: null
2065 nova_compute_ironic: null
2066 nova_tests: null
2067 db_sync: null
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2068 probes:
2069 rpc_timeout: 60
2070 rpc_retries: 2
2071 compute:
2072 default:
2073 liveness:
2074 enabled: True
2075 params:
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2076 periodSeconds: 90
2077 timeoutSeconds: 70
2078 readiness:
2079 enabled: True
2080 params:
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2081 periodSeconds: 90
2082 timeoutSeconds: 70
Oleksandr K177a7ae2023-12-28 14:22:03 +0100[diff] [blame]2083 startup:
2084 enabled: True
2085 params:
2086 failureThreshold: 120
2087 periodSeconds: 10
2088 successThreshold: 1
2089 timeoutSeconds: 70
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2090 api-metadata:
2091 default:
2092 liveness:
2093 enabled: True
2094 params:
Mohammed Naser69247252023-09-26 22:23:46 -0400[diff] [blame]2095 initialDelaySeconds: 5
2096 periodSeconds: 10
2097 timeoutSeconds: 5
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2098 readiness:
2099 enabled: True
2100 params:
Mohammed Naser69247252023-09-26 22:23:46 -0400[diff] [blame]2101 initialDelaySeconds: 5
2102 periodSeconds: 10
2103 timeoutSeconds: 5
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2104 api-osapi:
2105 default:
2106 liveness:
2107 enabled: True
2108 params:
Mohammed Naser69247252023-09-26 22:23:46 -0400[diff] [blame]2109 initialDelaySeconds: 5
2110 periodSeconds: 10
2111 timeoutSeconds: 5
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2112 readiness:
2113 enabled: True
2114 params:
Mohammed Naser69247252023-09-26 22:23:46 -0400[diff] [blame]2115 initialDelaySeconds: 5
2116 periodSeconds: 10
2117 timeoutSeconds: 5
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2118 conductor:
2119 default:
2120 liveness:
2121 enabled: True
2122 params:
2123 initialDelaySeconds: 120
2124 periodSeconds: 90
2125 timeoutSeconds: 70
2126 readiness:
2127 enabled: True
2128 params:
2129 initialDelaySeconds: 80
2130 periodSeconds: 90
2131 timeoutSeconds: 70
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2132 novncproxy:
2133 default:
2134 liveness:
2135 enabled: True
2136 params:
2137 initialDelaySeconds: 30
2138 periodSeconds: 60
2139 timeoutSeconds: 15
2140 readiness:
2141 enabled: True
2142 params:
2143 initialDelaySeconds: 30
2144 periodSeconds: 60
2145 timeoutSeconds: 15
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2146 scheduler:
2147 default:
2148 liveness:
2149 enabled: True
2150 params:
2151 initialDelaySeconds: 120
2152 periodSeconds: 90
2153 timeoutSeconds: 70
2154 readiness:
2155 enabled: True
2156 params:
2157 initialDelaySeconds: 80
2158 periodSeconds: 90
2159 timeoutSeconds: 70
2160 compute-spice-proxy:
2161 default:
2162 liveness:
2163 enabled: True
2164 params:
2165 initialDelaySeconds: 30
2166 periodSeconds: 60
2167 timeoutSeconds: 15
2168 readiness:
2169 enabled: True
2170 params:
2171 initialDelaySeconds: 30
2172 periodSeconds: 60
2173 timeoutSeconds: 15
2174 security_context:
2175 nova:
2176 pod:
2177 runAsUser: 42424
2178 container:
2179 nova_compute_init:
2180 readOnlyRootFilesystem: true
2181 runAsUser: 0
2182 tungstenfabric_compute_init:
2183 readOnlyRootFilesystem: true
2184 allowPrivilegeEscalation: false
2185 ceph_perms:
2186 readOnlyRootFilesystem: true
2187 runAsUser: 0
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2188 nova_compute_vnc_init:
2189 readOnlyRootFilesystem: true
2190 allowPrivilegeEscalation: false
2191 nova_compute_spice_init:
2192 readOnlyRootFilesystem: true
2193 allowPrivilegeEscalation: false
2194 nova_compute:
2195 readOnlyRootFilesystem: true
2196 privileged: true
2197 nova_compute_ssh:
2198 privileged: true
2199 runAsUser: 0
2200 nova_compute_ssh_init:
2201 runAsUser: 0
2202 nova_api_metadata_init:
2203 readOnlyRootFilesystem: true
2204 allowPrivilegeEscalation: false
2205 nova_api:
2206 readOnlyRootFilesystem: true
2207 allowPrivilegeEscalation: false
2208 nova_osapi:
2209 readOnlyRootFilesystem: true
2210 allowPrivilegeEscalation: false
2211 nova_conductor:
2212 readOnlyRootFilesystem: true
2213 allowPrivilegeEscalation: false
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2214 nova_novncproxy_init:
2215 readOnlyRootFilesystem: true
2216 allowPrivilegeEscalation: false
2217 nova_novncproxy_init_assests:
2218 readOnlyRootFilesystem: true
2219 allowPrivilegeEscalation: false
2220 nova_novncproxy:
2221 readOnlyRootFilesystem: true
2222 allowPrivilegeEscalation: false
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2223 nova_scheduler:
2224 readOnlyRootFilesystem: true
2225 allowPrivilegeEscalation: false
2226 nova_spiceproxy_init:
2227 readOnlyRootFilesystem: true
2228 allowPrivilegeEscalation: false
2229 nova_spiceproxy_init_assets:
2230 readOnlyRootFilesystem: true
2231 allowPrivilegeEscalation: false
2232 nova_spiceproxy:
2233 readOnlyRootFilesystem: true
2234 allowPrivilegeEscalation: false
2235 bootstrap:
2236 pod:
2237 runAsUser: 42424
2238 container:
2239 nova_wait_for_computes_init:
2240 readOnlyRootFilesystem: true
2241 allowPrivilegeEscalation: false
2242 bootstrap:
2243 readOnlyRootFilesystem: true
2244 allowPrivilegeEscalation: false
2245 nova_cell_setup:
2246 pod:
2247 runAsUser: 42424
2248 container:
2249 nova_wait_for_computes_init:
2250 readOnlyRootFilesystem: true
2251 allowPrivilegeEscalation: false
2252 nova_cell_setup_init:
2253 readOnlyRootFilesystem: true
2254 allowPrivilegeEscalation: false
2255 nova_cell_setup:
2256 readOnlyRootFilesystem: true
2257 allowPrivilegeEscalation: false
2258 archive_deleted_rows:
2259 pod:
2260 runAsUser: 42424
2261 container:
2262 nova_archive_deleted_rows_init:
2263 readOnlyRootFilesystem: true
2264 allowPrivilegeEscalation: false
2265 nova_archive_deleted_rows:
2266 readOnlyRootFilesystem: true
2267 allowPrivilegeEscalation: false
2268 cell_setup:
2269 pod:
2270 runAsUser: 42424
2271 container:
2272 nova_cell_setup:
2273 readOnlyRootFilesystem: true
2274 allowPrivilegeEscalation: false
2275 service_cleaner:
2276 pod:
2277 runAsUser: 42424
2278 container:
2279 nova_service_cleaner:
2280 readOnlyRootFilesystem: true
2281 allowPrivilegeEscalation: false
2282 use_fqdn:
2283 # NOTE: If the option "host" is not specified in nova.conf, the host name
2284 # shown in the hypervisor host is defaulted to the short name of the host.
2285 # Setting the option here to true will cause use $(hostname --fqdn) as the
2286 # host name by default. If the short name is desired $(hostname --short),
2287 # set the option to false. Specifying a host in the nova.conf via the conf:
2288 # section will supersede the value of this option.
2289 compute: true
2290 affinity:
2291 anti:
2292 type:
2293 default: preferredDuringSchedulingIgnoredDuringExecution
2294 topologyKey:
2295 default: kubernetes.io/hostname
2296 weight:
2297 default: 10
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]2298 tolerations:
2299 nova:
2300 enabled: false
2301 tolerations:
2302 - key: node-role.kubernetes.io/master
2303 operator: Exists
2304 effect: NoSchedule
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]2305 - key: node-role.kubernetes.io/control-plane
2306 operator: Exists
2307 effect: NoSchedule
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2308 mounts:
2309 nova_compute:
2310 init_container: null
2311 nova_compute:
2312 volumeMounts:
2313 volumes:
2314 nova_compute_ironic:
2315 init_container: null
2316 nova_compute_ironic:
2317 volumeMounts:
2318 volumes:
2319 nova_api_metadata:
2320 init_container: null
2321 nova_api_metadata:
2322 volumeMounts:
2323 volumes:
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2324 nova_api_osapi:
2325 init_container: null
2326 nova_api_osapi:
2327 volumeMounts:
2328 volumes:
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2329 nova_conductor:
2330 init_container: null
2331 nova_conductor:
2332 volumeMounts:
2333 volumes:
2334 nova_scheduler:
2335 init_container: null
2336 nova_scheduler:
2337 volumeMounts:
2338 volumes:
2339 nova_bootstrap:
2340 init_container: null
2341 nova_bootstrap:
2342 volumeMounts:
2343 volumes:
2344 nova_tests:
2345 init_container: null
2346 nova_tests:
2347 volumeMounts:
2348 volumes:
2349 nova_novncproxy:
2350 init_novncproxy: null
2351 nova_novncproxy:
2352 volumeMounts:
2353 volumes:
2354 nova_spiceproxy:
2355 init_spiceproxy: null
2356 nova_spiceproxy:
2357 volumeMounts:
2358 volumes:
2359 nova_db_sync:
2360 nova_db_sync:
2361 volumeMounts:
2362 volumes:
2363 useHostNetwork:
2364 novncproxy: true
2365 replicas:
2366 api_metadata: 1
2367 compute_ironic: 1
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2368 osapi: 1
2369 conductor: 1
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2370 scheduler: 1
2371 novncproxy: 1
2372 spiceproxy: 1
2373 lifecycle:
2374 upgrades:
2375 deployments:
2376 revision_history: 3
2377 pod_replacement_strategy: RollingUpdate
2378 rolling_update:
2379 max_unavailable: 1
2380 max_surge: 3
2381 daemonsets:
2382 pod_replacement_strategy: RollingUpdate
2383 compute:
2384 enabled: true
2385 min_ready_seconds: 0
2386 max_unavailable: 1
2387 disruption_budget:
2388 metadata:
2389 min_available: 0
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2390 osapi:
2391 min_available: 0
2392 termination_grace_period:
2393 metadata:
2394 timeout: 30
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2395 osapi:
2396 timeout: 30
2397 resources:
2398 enabled: false
2399 compute:
2400 requests:
2401 memory: "128Mi"
2402 cpu: "100m"
2403 limits:
2404 memory: "1024Mi"
2405 cpu: "2000m"
2406 compute_ironic:
2407 requests:
2408 memory: "128Mi"
2409 cpu: "100m"
2410 limits:
2411 memory: "1024Mi"
2412 cpu: "2000m"
2413 api_metadata:
2414 requests:
2415 memory: "128Mi"
2416 cpu: "100m"
2417 limits:
2418 memory: "1024Mi"
2419 cpu: "2000m"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2420 api:
2421 requests:
2422 memory: "128Mi"
2423 cpu: "100m"
2424 limits:
2425 memory: "1024Mi"
2426 cpu: "2000m"
2427 conductor:
2428 requests:
2429 memory: "128Mi"
2430 cpu: "100m"
2431 limits:
2432 memory: "1024Mi"
2433 cpu: "2000m"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2434 scheduler:
2435 requests:
2436 memory: "128Mi"
2437 cpu: "100m"
2438 limits:
2439 memory: "1024Mi"
2440 cpu: "2000m"
2441 ssh:
2442 requests:
2443 memory: "128Mi"
2444 cpu: "100m"
2445 limits:
2446 memory: "1024Mi"
2447 cpu: "2000m"
2448 novncproxy:
2449 requests:
2450 memory: "128Mi"
2451 cpu: "100m"
2452 limits:
2453 memory: "1024Mi"
2454 cpu: "2000m"
2455 spiceproxy:
2456 requests:
2457 memory: "128Mi"
2458 cpu: "100m"
2459 limits:
2460 memory: "1024Mi"
2461 cpu: "2000m"
2462 jobs:
2463 bootstrap:
2464 requests:
2465 memory: "128Mi"
2466 cpu: "100m"
2467 limits:
2468 memory: "1024Mi"
2469 cpu: "2000m"
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]2470 storage_init:
2471 requests:
2472 memory: "128Mi"
2473 cpu: "100m"
2474 limits:
2475 memory: "1024Mi"
2476 cpu: "2000m"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2477 db_init:
2478 requests:
2479 memory: "128Mi"
2480 cpu: "100m"
2481 limits:
2482 memory: "1024Mi"
2483 cpu: "2000m"
2484 rabbit_init:
2485 requests:
2486 memory: "128Mi"
2487 cpu: "100m"
2488 limits:
2489 memory: "1024Mi"
2490 cpu: "2000m"
2491 db_sync:
2492 requests:
2493 memory: "128Mi"
2494 cpu: "100m"
2495 limits:
2496 memory: "1024Mi"
2497 cpu: "2000m"
2498 archive_deleted_rows:
2499 requests:
2500 memory: "128Mi"
2501 cpu: "100m"
2502 limits:
2503 memory: "1024Mi"
2504 cpu: "2000m"
2505 db_drop:
2506 requests:
2507 memory: "128Mi"
2508 cpu: "100m"
2509 limits:
2510 memory: "1024Mi"
2511 cpu: "2000m"
2512 ks_endpoints:
2513 requests:
2514 memory: "128Mi"
2515 cpu: "100m"
2516 limits:
2517 memory: "1024Mi"
2518 cpu: "2000m"
2519 ks_service:
2520 requests:
2521 memory: "128Mi"
2522 cpu: "100m"
2523 limits:
2524 memory: "1024Mi"
2525 cpu: "2000m"
2526 ks_user:
2527 requests:
2528 memory: "128Mi"
2529 cpu: "100m"
2530 limits:
2531 memory: "1024Mi"
2532 cpu: "2000m"
2533 tests:
2534 requests:
2535 memory: "128Mi"
2536 cpu: "100m"
2537 limits:
2538 memory: "1024Mi"
2539 cpu: "2000m"
2540 cell_setup:
2541 requests:
2542 memory: "128Mi"
2543 cpu: "100m"
2544 limits:
2545 memory: "1024Mi"
2546 cpu: "2000m"
2547 service_cleaner:
2548 requests:
2549 memory: "128Mi"
2550 cpu: "100m"
2551 limits:
2552 memory: "1024Mi"
2553 cpu: "2000m"
2554 image_repo_sync:
2555 requests:
2556 memory: "128Mi"
2557 cpu: "100m"
2558 limits:
2559 memory: "1024Mi"
2560 cpu: "2000m"
2561
2562network_policy:
2563 nova:
2564 # TODO(lamt): Need to tighten this ingress for security.
2565 ingress:
2566 - {}
2567 egress:
2568 - {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2569
2570# NOTE(helm_hook): helm_hook might break for helm2 binary.
2571# set helm3_hook: false when using the helm2 binary.
2572helm3_hook: true
2573
2574health_probe:
2575 logging:
2576 level: ERROR
2577
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]2578tls:
2579 identity: false
2580 oslo_messaging: false
2581 oslo_db: false
2582
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2583manifests:
2584 certificates: false
2585 configmap_bin: true
2586 configmap_etc: true
2587 cron_job_cell_setup: true
2588 cron_job_service_cleaner: true
2589 cron_job_archive_deleted_rows: false
2590 daemonset_compute: true
2591 deployment_api_metadata: true
2592 deployment_api_osapi: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2593 deployment_conductor: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2594 deployment_novncproxy: true
2595 deployment_spiceproxy: true
2596 deployment_scheduler: true
2597 ingress_metadata: true
2598 ingress_novncproxy: true
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]2599 ingress_spiceproxy: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2600 ingress_osapi: true
2601 job_bootstrap: true
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]2602 job_storage_init: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2603 job_db_init: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2604 job_db_sync: true
2605 job_db_drop: false
2606 job_image_repo_sync: true
2607 job_rabbit_init: true
2608 job_ks_endpoints: true
2609 job_ks_service: true
2610 job_ks_user: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2611 job_cell_setup: true
2612 pdb_metadata: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2613 pdb_osapi: true
2614 pod_rally_test: true
2615 network_policy: false
2616 secret_db_api: true
2617 secret_db_cell0: true
2618 secret_db: true
2619 secret_ingress_tls: true
2620 secret_keystone: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2621 secret_rabbitmq: true
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]2622 secret_registry: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2623 service_ingress_metadata: true
2624 service_ingress_novncproxy: true
vexxhost-bot42e72f12025-01-04 07:34:42 -0500[diff] [blame]2625 service_ingress_spiceproxy: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2626 service_ingress_osapi: true
2627 service_metadata: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2628 service_novncproxy: true
2629 service_spiceproxy: true
2630 service_osapi: true
2631 statefulset_compute_ironic: false
2632...