[DEFAULT]
# concurrent live migrations are more likely to fail and are slower
# overall then serializing live migrations so set this to 1 explictly
max_concurrent_live_migrations=1
state_path = /var/lib/nova
# enable log rotation in oslo config by default
max_logfile_count=1
max_logfile_size_mb=20
log_rotation_type=size
debug=true
compute_driver = libvirt.LibvirtDriver
# ensure safe defaults for new hosts
initial_cpu_allocation_ratio=4.0
initial_ram_allocation_ratio=1.0
initial_disk_allocation_ratio=0.9
force_config_drive=True
mkisofs_cmd=/usr/bin/mkisofs
transport_url=rabbit://default_user_Olm-u25gtr-g5WE1qaY:x_yICqD8wQ-B7tjgM4Fkq_1e0hEx338E@rabbitmq-cell1.openstack.svc:5671/?ssl=1

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[oslo_messaging_rabbit]
amqp_durable_queues=false
amqp_auto_delete=false
# we should consider using quorum queues instead
# rabbit_quorum_queue=true
heartbeat_in_pthread=false

[api]
# for compatibility with older release we override the default
# to be the empty string. This ensures no domain suffix is added
# to the instance name.
dhcp_domain = ''

[oslo_messaging_notifications]
driver = noop

[vnc]
enabled = True
novncproxy_base_url = https://nova-novncproxy-cell1-public-openstack.apps-crc.testing/vnc_lite.html
server_listen = "::0"
# note we may want to use console_host instead of my_ip however it wont be resolved via
# dns currently so we need to use my_ip for now.
# https://docs.openstack.org/nova/latest/configuration/config.html#DEFAULT.console_host
server_proxyclient_address = "$my_ip"

[cache]
# always enable caching
enabled = True
# on compute nodes or where memcache is not deployed we should use an in memory
# dict cache
backend = oslo_cache.dict

[workarounds]
enable_qemu_monitor_announce_self=true
reserve_disk_resource_for_image_cache=true
# NOTE(gibi): We need this as live migration does not work with
# cpu_mode=host-model . See https://bugs.launchpad.net/nova/+bug/2039803
skip_cpu_compare_on_dest = true

[libvirt]
live_migration_permit_post_copy=true
live_migration_permit_auto_converge=true
live_migration_timeout_action=force_complete
cpu_mode=host-model
hw_machine_type=x86_64=q35
sysinfo_serial=unique
num_pcie_ports=24
images_type=qcow2
rx_queue_size=512
tx_queue_size=512
swtpm_enabled=True
volume_use_multipath=true
live_migration_uri = qemu+ssh://nova@%s/system?keyfile=/var/lib/nova/.ssh/ssh-privatekey
# We can only re-enable it when the following Jiras are fixed:
# https://issues.redhat.com/browse/OSPRH-8806
# https://issues.redhat.com/browse/OSPRH-8712
cpu_power_management=false

[keystone_authtoken]
auth_url =  https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 12345678
region_name = regionOne
# This is part of hardening related to CVE-2023-2088
# https://docs.openstack.org/nova/latest/configuration/config.html#keystone_authtoken.service_token_roles_required
# when enabled the service token user must have the service role to be considered valid.
service_token_roles_required = true

[placement]
auth_url =  https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 12345678
region_name = regionOne
valid_interfaces = internal

[glance]
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 12345678
region_name = regionOne
valid_interfaces = internal

[neutron]
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 12345678
region_name = regionOne
valid_interfaces = internal
service_metadata_proxy = true

[cinder]
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 12345678
region_name = regionOne
catalog_info = volumev3:cinderv3:internalURL

[barbican]
auth_url =  https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 12345678
region_name = regionOne
barbican_endpoint_type = internal

[service_user]
send_service_user_token = true
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 12345678

[oslo_limit]
system_scope = all
endpoint_interface = internal
endpoint_service_type = compute
endpoint_region_name = regionOne
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
user_domain_name = Default
username = nova
password = 12345678

[upgrade_levels]
compute = auto

[oslo_reports]
# api services need file based GMR trigger as apache disables signal handling
file_event_handler=/var/lib/nova