Nova

apiVersion: yaook.cloud/v1
kind: NovaDeployment
metadata:
  name: nova
spec:
  keystoneRef:
    name: keystone
  database:
    api:
      replicas: 1
      proxy: {}
      mysqlConfig:
        mysqld:
          max_connections: 1337
          max_heap_table_size: 64M
      backup:
        schedule: "0 * * * *"
    placement:
      replicas: 1
      proxy: {}
      mysqlConfig:
        mysqld:
          max_connections: 1337
          max_heap_table_size: 64M
      backup:
        schedule: "0 * * * *"
    cell0:
      replicas: 1
      proxy: {}
      mysqlConfig:
        galera:
          wsrep_slave_threads: 3
      backup:
        schedule: "0 * * * *"
    cell1:
      replicas: 1
      proxy: {}
      backup:
        schedule: "0 * * * *"
  messageQueue:
    cell1:
      replicas: 1
  memcached: {}
  api:
    replicas: 1
    ingress:
      fqdn: "nova.yaook.cloud"
      port: 32443
  conductor:
    replicas: 1
  placement:
    replicas: 1
    ingress:
      fqdn: "placement.yaook.cloud"
      port: 32443
  scheduler:
    replicas: 1
  consoleauth:
    replicas: 1
  vnc:
    ingress:
      fqdn: vnc.yaook.cloud
      port: 32443
    replicas: 1
  metadata:
    replicas: 1
  targetRelease: queens
  novaConfig:
    DEFAULT:
      debug: True
  policy:
    "context_is_admin": "role:admin"
  compute:
    configTemplates:
    - nodeSelectors:
      - matchLabels: {}
      novaComputeConfig:
        DEFAULT:
          debug: True
        keystone_authtoken:
          os_region_name: MyRegion
      volumeBackends:
        ceph:
          enabled: True
          keyringSecretName: cinder-client-key
          user: cinder
          uuid: "b3ab713d-912b-49ed-adaf-bd74368e567a"
          cephConfig: {}
    - nodeSelectors:
      - matchLabels:
          "compute.yaook.cloud/hypervisor-type": "qemu"
      novaComputeConfig:
        libvirt:
          virt_type: qemu
    - nodeSelectors:
      - matchLabels:
          "aggregate": "azandsomeproperties"
      hostAggregates:
        - aggregate-az-and-property
        - aggregate-dual-property
  issuerRef:
    name: ca-issuer
  region:
    name: MyRegion
  databaseCleanup:
    schedule: "0 0 * * *"
    deletionTimeRange: 60

Ceph Config

Note

To use ceph you need to specify the same uuid and the same secret name as it is in use for cinder. The usage of different keys/users is not supported by openstack.

Add vTPM to instance

To add a vTPM, the following prequisites are to be fullfilled.

1. Enable the swtpm settings in the nova-compute config for the nodes which are to provide the vTPM to the instance .. literalinclude:: nova-compute-vtpm.yaml As we specify the same user/group within the qemu config for swtpm we highly recommend to use nova:libvirt within the novacompute config.

2. Set the image or flavor specs to provide a vTPM if an instance is created with either of those. openstack flavor set $FLAVOR -property hw:tpm_version=2.0 –property hw:tpm_model=tpm-crb or openstack image set $IMAGE -property hw_tpm_version=2.0 –property hw_tpm_model=tpm-crb (reference https://docs.openstack.org/nova/latest/admin/emulated-tpm.html)

  1. Have barbican as secret manager present

  2. Nova (and compute) of atleast Victoria Release

  3. Make sure the novacompute keystone user has permissions to create(store) barbican secrets (and read them).

NovaHostAggregate

Availability-Zone and Properties are both optional. A computenode can only reside in a single Availability-Zone. If there is a mapping for aggregates with conflicting Availability-Zone values, no mapping will take place. (there will be an Exception for that)

Example of a NovaHostAggregate

apiVersion: compute.yaook.cloud/v1
kind: NovaHostAggregate
metadata:
  name: aggregate-az-and-property
  namespace: yaook
spec:
  novaRef:
    name: nova
  keystoneRef:
    name: keystone
  zone: southeast-asia-42
  properties:
    cake: lie
    foo: bar