Libvirt¶
There are various customizations you can do to tailor the deployment of OpenStack Libvirt. You can find those below.
General Parameters¶
ceph_client.configmap
Type: string
Description:
“ceph-etc”
ceph_client.user_secret_name
Type: string
Description:
“pvc-ceph-client-key”
conf.ceph.admin_keyring
Type: string
Description:
nil
conf.ceph.cinder.external_ceph.enabled
Type: bool
Description:
false
conf.ceph.cinder.external_ceph.secret_uuid
Type: string
Description:
nil
conf.ceph.cinder.external_ceph.user
Type: string
Description:
nil
conf.ceph.cinder.external_ceph.user_secret_name
Type: string
Description:
nil
conf.ceph.cinder.keyring
Type: string
Description:
nil
conf.ceph.cinder.secret_uuid
Type: string
Description:
“457eb676-33da-42ec-9a8c-9293d545c337”
conf.ceph.cinder.user
Type: string
Description:
“cinder”
conf.ceph.enabled
Type: bool
Description:
true
conf.dynamic_options.libvirt.listen_address
Type: string
Description:
“127.0.0.1”
conf.dynamic_options.libvirt.listen_interface
Type: string
Description:
nil
conf.dynamic_options.script
Type: string
Description:
#!/bin/bash set -ex LIBVIRT_CONF_PATH=/tmp/pod-shared/libvirtd.conf {{- if .Values.conf.dynamic_options.libvirt.listen_interface }} LISTEN_INTERFACE=\"{{ .Values.conf.dynamic_options.libvirt.listen_interface }}\" LISTEN_IP_ADDRESS=$(ip address show $LISTEN_INTERFACE | grep 'inet ' | awk '{print $2}' | awk -F \"/\" '{print $1}') {{- else if .Values.conf.dynamic_options.libvirt.listen_address }} LISTEN_IP_ADDRESS={{ .Values.conf.dynamic_options.libvirt.listen_address }} {{- end }} if [[ -z $LISTEN_IP_ADDRESS ]]; then echo \"LISTEN_IP_ADDRESS is not set.\" exit 1 fi tee > ${LIBVIRT_CONF_PATH} << EOF {{ include \"libvirt.utils.to_libvirt_conf\" .Values.conf.libvirt }} EOFconf.init_modules.enabled
Type: bool
Description:
false
conf.init_modules.script
Type: string
Description:
#!/bin/bash set -ex export HOME=/tmp KVM_QEMU_CONF_HOST=\"/etc/modprobe.d_host/qemu-system-x86.conf\" if [[ ! -f \"${KVM_QEMU_CONF_HOST}\" ]]; then if grep vmx /proc/cpuinfo; then cat << EOF > ${KVM_QEMU_CONF_HOST} options kvm_intel nested=1 options kvm_intel enable_apicv=1 options kvm_intel ept=1 EOF modprobe -r kvm_intel || true modprobe kvm_intel nested=1 elif grep svm /proc/cpuinfo; then cat << EOF > ${KVM_QEMU_CONF_HOST} options kvm_amd nested=1 EOF modprobe -r kvm_amd || true modprobe kvm_amd nested=1 else echo \"Nested virtualization is not supported\" fi ficonf.kubernetes.cgroup
Type: string
Description:
“kubepods.slice”
conf.kubernetes.cgroup_controllers[0]
Type: string
Description:
“blkio”
conf.kubernetes.cgroup_controllers[10]
Type: string
Description:
“pids”
conf.kubernetes.cgroup_controllers[1]
Type: string
Description:
“cpu”
conf.kubernetes.cgroup_controllers[2]
Type: string
Description:
“devices”
conf.kubernetes.cgroup_controllers[3]
Type: string
Description:
“freezer”
conf.kubernetes.cgroup_controllers[4]
Type: string
Description:
“hugetlb”
conf.kubernetes.cgroup_controllers[5]
Type: string
Description:
“memory”
conf.kubernetes.cgroup_controllers[6]
Type: string
Description:
“net_cls”
conf.kubernetes.cgroup_controllers[7]
Type: string
Description:
“perf_event”
conf.kubernetes.cgroup_controllers[8]
Type: string
Description:
“rdma”
conf.kubernetes.cgroup_controllers[9]
Type: string
Description:
“misc”
conf.libvirt.auth_tcp
Type: string
Description:
“none”
conf.libvirt.auth_unix_rw
Type: string
Description:
“none”
conf.libvirt.ca_file
Type: string
Description:
“/etc/pki/CA/cacert.pem”
conf.libvirt.cert_file
Type: string
Description:
“/etc/pki/libvirt/servercert.pem”
conf.libvirt.key_file
Type: string
Description:
“/etc/pki/libvirt/private/serverkey.pem”
conf.libvirt.listen_addr
Type: string
Description:
“${LISTEN_IP_ADDRESS}”
conf.libvirt.listen_tcp
Type: string
Description:
“1”
conf.libvirt.listen_tls
Type: string
Description:
“0”
conf.libvirt.log_level
Type: string
Description:
“3”
conf.libvirt.log_outputs
Type: string
Description:
“1:file:/var/log/libvirt/libvirtd.log”
conf.qemu.group
Type: string
Description:
“kvm”
conf.qemu.stdio_handler
Type: string
Description:
“file”
conf.qemu.user
Type: string
Description:
“nova”
conf.qemu.vnc_tls
Type: string
Description:
“0”
conf.qemu.vnc_tls_x509_verify
Type: string
Description:
“0”
conf.vencrypt.cert_init_sh
Type: string
Description:
#!/bin/bash set -x HOSTNAME_FQDN=$(hostname --fqdn) # Script to create certs for each libvirt pod based on pod IP (by default). cat <<EOF | kubectl apply -f - apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: ${POD_NAME}-${TYPE} namespace: ${POD_NAMESPACE} ownerReferences: - apiVersion: v1 kind: Pod name: ${POD_NAME} uid: ${POD_UID} spec: secretName: ${POD_NAME}-${TYPE} commonName: ${POD_IP} usages: - client auth - server auth dnsNames: - ${HOSTNAME} - ${HOSTNAME_FQDN} ipAddresses: - ${POD_IP} issuerRef: kind: ${ISSUER_KIND} name: ${ISSUER_NAME} EOF kubectl -n ${POD_NAMESPACE} wait --for=condition=Ready --timeout=300s \\ certificate/${POD_NAME}-${TYPE} # NOTE(mnaser): cert-manager does not clean-up the secrets when the certificate # is deleted, so we should add an owner reference to the secret # to ensure that it is cleaned up when the pod is deleted. kubectl -n ${POD_NAMESPACE} patch secret ${POD_NAME}-${TYPE} \\ --type=json -p='[{\"op\": \"add\", \"path\": \"/metadata/ownerReferences\", \"value\": [{\"apiVersion\": \"v1\", \"kind\": \"Pod\", \"name\": \"'${POD_NAME}'\", \"uid\": \"'${POD_UID}'\"}]}]' kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.tls\\.crt}' | base64 -d > /tmp/${TYPE}.crt kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.tls\\.key}' | base64 -d > /tmp/${TYPE}.key kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.ca\\.crt}' | base64 -d > /tmp/${TYPE}-ca.crtconf.vencrypt.issuer.kind
Type: string
Description:
“ClusterIssuer”
conf.vencrypt.issuer.name
Type: string
Description:
“ca-clusterissuer”
dependencies.dynamic.common.local_image_registry.jobs[0]
Type: string
Description:
“libvirt-image-repo-sync”
dependencies.dynamic.common.local_image_registry.services[0].endpoint
Type: string
Description:
“node”
dependencies.dynamic.common.local_image_registry.services[0].service
Type: string
Description:
“local_image_registry”
dependencies.dynamic.targeted.linuxbridge.libvirt.pod[0].labels.application
Type: string
Description:
“neutron”
dependencies.dynamic.targeted.linuxbridge.libvirt.pod[0].labels.component
Type: string
Description:
“neutron-lb-agent”
dependencies.dynamic.targeted.linuxbridge.libvirt.pod[0].requireSameNode
Type: bool
Description:
true
dependencies.dynamic.targeted.openvswitch.libvirt.pod[0].labels.application
Type: string
Description:
“neutron”
dependencies.dynamic.targeted.openvswitch.libvirt.pod[0].labels.component
Type: string
Description:
“neutron-ovs-agent”
dependencies.dynamic.targeted.openvswitch.libvirt.pod[0].requireSameNode
Type: bool
Description:
true
dependencies.dynamic.targeted.ovn.libvirt.pod[0].labels.application
Type: string
Description:
“ovn”
dependencies.dynamic.targeted.ovn.libvirt.pod[0].labels.component
Type: string
Description:
“ovn-controller”
dependencies.dynamic.targeted.ovn.libvirt.pod[0].requireSameNode
Type: bool
Description:
true
dependencies.dynamic.targeted.sriov.libvirt.pod[0].labels.application
Type: string
Description:
“neutron”
dependencies.dynamic.targeted.sriov.libvirt.pod[0].labels.component
Type: string
Description:
“neutron-sriov-agent”
dependencies.dynamic.targeted.sriov.libvirt.pod[0].requireSameNode
Type: bool
Description:
true
dependencies.static.image_repo_sync.services[0].endpoint
Type: string
Description:
“internal”
dependencies.static.image_repo_sync.services[0].service
Type: string
Description:
“local_image_registry”
dependencies.static.libvirt.services
Type: string
Description:
nil
endpoints.cluster_domain_suffix
Type: string
Description:
“cluster.local”
endpoints.libvirt_exporter.port.metrics.default
Type: int
Description:
9474
endpoints.local_image_registry.host_fqdn_override.default
Type: string
Description:
nil
endpoints.local_image_registry.hosts.default
Type: string
Description:
“localhost”
endpoints.local_image_registry.hosts.internal
Type: string
Description:
“docker-registry”
endpoints.local_image_registry.hosts.node
Type: string
Description:
“localhost”
endpoints.local_image_registry.name
Type: string
Description:
“docker-registry”
endpoints.local_image_registry.namespace
Type: string
Description:
“docker-registry”
endpoints.local_image_registry.port.registry.node
Type: int
Description:
5000
endpoints.oci_image_registry.auth.enabled
Type: bool
Description:
false
endpoints.oci_image_registry.auth.libvirt.password
Type: string
Description:
“password”
endpoints.oci_image_registry.auth.libvirt.username
Type: string
Description:
“libvirt”
endpoints.oci_image_registry.host_fqdn_override.default
Type: string
Description:
nil
endpoints.oci_image_registry.hosts.default
Type: string
Description:
“localhost”
endpoints.oci_image_registry.name
Type: string
Description:
“oci-image-registry”
endpoints.oci_image_registry.namespace
Type: string
Description:
“oci-image-registry”
endpoints.oci_image_registry.port.registry.default
Type: string
Description:
nil
images.local_registry.active
Type: bool
Description:
false
images.local_registry.exclude[0]
Type: string
Description:
“dep_check”
images.local_registry.exclude[1]
Type: string
Description:
“image_repo_sync”
images.pull_policy
Type: string
Description:
“IfNotPresent”
images.tags.ceph_config_helper
Type: string
Description:
“docker.io/openstackhelm/ceph-config-helper:ubuntu_jammy_19.2.1-1-20250207”
images.tags.dep_check
Type: string
Description:
“quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal”
images.tags.image_repo_sync
Type: string
Description:
“docker.io/library/docker:17.07.0”
images.tags.kubectl
Type: string
Description:
“docker.io/bitnami/kubectl:latest”
images.tags.libvirt
Type: string
Description:
“docker.io/openstackhelm/libvirt:latest-ubuntu_focal”
images.tags.libvirt_exporter
Type: string
Description:
“vexxhost/libvirtd-exporter:latest”
labels.agent.libvirt.node_selector_key
Type: string
Description:
“openstack-compute-node”
labels.agent.libvirt.node_selector_value
Type: string
Description:
“enabled”
manifests.configmap_bin
Type: bool
Description:
true
manifests.configmap_etc
Type: bool
Description:
true
manifests.daemonset_libvirt
Type: bool
Description:
true
manifests.job_image_repo_sync
Type: bool
Description:
true
manifests.network_policy
Type: bool
Description:
false
manifests.role_cert_manager
Type: bool
Description:
false
manifests.secret_registry
Type: bool
Description:
true
network.backend[0]
Type: string
Description:
“openvswitch”
network_policy.libvirt.egress[0]
Type: object
Description:
{}
network_policy.libvirt.ingress[0]
Type: object
Description:
{}
pod.affinity.anti.topologyKey.default
Type: string
Description:
“kubernetes.io/hostname”
pod.affinity.anti.type.default
Type: string
Description:
“preferredDuringSchedulingIgnoredDuringExecution”
pod.affinity.anti.weight.default
Type: int
Description:
10
pod.dns_policy
Type: string
Description:
“ClusterFirstWithHostNet”
pod.lifecycle.upgrades.daemonsets.libvirt.enabled
Type: bool
Description:
true
pod.lifecycle.upgrades.daemonsets.libvirt.max_unavailable
Type: int
Description:
1
pod.lifecycle.upgrades.daemonsets.libvirt.min_ready_seconds
Type: int
Description:
0
pod.lifecycle.upgrades.daemonsets.pod_replacement_strategy
Type: string
Description:
“RollingUpdate”
pod.mounts.libvirt.init_container
Type: string
Description:
nil
pod.mounts.libvirt.libvirt
Type: string
Description:
nil
pod.probes.libvirt.libvirt.liveness.enabled
Type: bool
Description:
true
pod.probes.libvirt.libvirt.liveness.params.initialDelaySeconds
Type: int
Description:
30
pod.probes.libvirt.libvirt.liveness.params.periodSeconds
Type: int
Description:
60
pod.probes.libvirt.libvirt.liveness.params.timeoutSeconds
Type: int
Description:
5
pod.probes.libvirt.libvirt.readiness.enabled
Type: bool
Description:
true
pod.probes.libvirt.libvirt.readiness.params.initialDelaySeconds
Type: int
Description:
15
pod.probes.libvirt.libvirt.readiness.params.periodSeconds
Type: int
Description:
60
pod.probes.libvirt.libvirt.readiness.params.timeoutSeconds
Type: int
Description:
5
pod.resources.enabled
Type: bool
Description:
false
pod.resources.jobs.image_repo_sync.limits.cpu
Type: string
Description:
“2000m”
pod.resources.jobs.image_repo_sync.limits.memory
Type: string
Description:
“1024Mi”
pod.resources.jobs.image_repo_sync.requests.cpu
Type: string
Description:
“100m”
pod.resources.jobs.image_repo_sync.requests.memory
Type: string
Description:
“128Mi”
pod.resources.libvirt.limits.cpu
Type: string
Description:
“2000m”
pod.resources.libvirt.limits.memory
Type: string
Description:
“1024Mi”
pod.resources.libvirt.requests.cpu
Type: string
Description:
“100m”
pod.resources.libvirt.requests.memory
Type: string
Description:
“128Mi”
pod.resources.libvirt_exporter.limits.cpu
Type: string
Description:
“500m”
pod.resources.libvirt_exporter.limits.memory
Type: string
Description:
“256Mi”
pod.resources.libvirt_exporter.requests.cpu
Type: string
Description:
“100m”
pod.resources.libvirt_exporter.requests.memory
Type: string
Description:
“128Mi”
pod.security_context.libvirt.container.ceph_admin_keyring_placement.readOnlyRootFilesystem
Type: bool
Description:
false
pod.security_context.libvirt.container.ceph_keyring_placement.readOnlyRootFilesystem
Type: bool
Description:
false
pod.security_context.libvirt.container.init_dynamic_options.allowPrivilegeEscalation
Type: bool
Description:
false
pod.security_context.libvirt.container.init_dynamic_options.capabilities.drop[0]
Type: string
Description:
“ALL”
pod.security_context.libvirt.container.init_dynamic_options.readOnlyRootFilesystem
Type: bool
Description:
true
pod.security_context.libvirt.container.init_dynamic_options.runAsNonRoot
Type: bool
Description:
true
pod.security_context.libvirt.container.init_dynamic_options.runAsUser
Type: int
Description:
65534
pod.security_context.libvirt.container.libvirt.privileged
Type: bool
Description:
true
pod.security_context.libvirt.container.libvirt.readOnlyRootFilesystem
Type: bool
Description:
false
pod.security_context.libvirt.container.libvirt_exporter.privileged
Type: bool
Description:
true
pod.security_context.libvirt.container.libvirt_init_modules.capabilities.drop[0]
Type: string
Description:
“ALL”
pod.security_context.libvirt.container.libvirt_init_modules.privileged
Type: bool
Description:
true
pod.security_context.libvirt.container.libvirt_init_modules.readOnlyRootFilesystem
Type: bool
Description:
true
pod.security_context.libvirt.pod.runAsUser
Type: int
Description:
0
pod.sidecars.libvirt_exporter
Type: bool
Description:
false
pod.tolerations.libvirt.enabled
Type: bool
Description:
false
pod.tolerations.libvirt.tolerations[0].effect
Type: string
Description:
“NoSchedule”
pod.tolerations.libvirt.tolerations[0].key
Type: string
Description:
“node-role.kubernetes.io/master”
pod.tolerations.libvirt.tolerations[0].operator
Type: string
Description:
“Exists”
pod.tolerations.libvirt.tolerations[1].effect
Type: string
Description:
“NoSchedule”
pod.tolerations.libvirt.tolerations[1].key
Type: string
Description:
“node-role.kubernetes.io/control-plane”
pod.tolerations.libvirt.tolerations[1].operator
Type: string
Description:
“Exists”
release_group
Type: string
Description:
nil
secrets.oci_image_registry.libvirt
Type: string
Description:
“libvirt-oci-image-registry-key”
secrets.tls.client
Type: string
Description:
“libvirt-tls-client”
secrets.tls.server
Type: string
Description:
“libvirt-tls-server”
