98de623820
This patchset implements policy overrides for heat. It uses the code in charmhelpers. It also fixes a bug in the actions/domain-setup where it assumes that the python2 version of openstackclient should be installed, and corrects this via code in hooks/install and hooks/upgrade-charm. A sync of charm-helpers is included to bring the latest policyd changes through to the charm. func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/111 Change-Id: Ia607dc9120cfb03902efb019041b43cf12ade2d3 Closed-Bug: #1741723
265 lines
9.0 KiB
YAML
265 lines
9.0 KiB
YAML
options:
|
|
debug:
|
|
type: boolean
|
|
default: False
|
|
description: Enable debug logging.
|
|
verbose:
|
|
type: boolean
|
|
default: False
|
|
description: Enable verbose logging.
|
|
use-syslog:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
Setting this to True will allow supporting services to log to syslog.
|
|
openstack-origin:
|
|
type: string
|
|
default: distro
|
|
description: |
|
|
Repository from which to install. May be one of the following:
|
|
distro (default), ppa:somecustom/ppa, a deb url sources entry,
|
|
or a supported Ubuntu Cloud Archive e.g.
|
|
.
|
|
cloud:<series>-<openstack-release>
|
|
cloud:<series>-<openstack-release>/updates
|
|
cloud:<series>-<openstack-release>/staging
|
|
cloud:<series>-<openstack-release>/proposed
|
|
.
|
|
See https://wiki.ubuntu.com/OpenStack/CloudArchive for info on which
|
|
cloud archives are available and supported.
|
|
.
|
|
NOTE: updating this setting to a source that is known to provide
|
|
a later version of OpenStack will trigger a software upgrade unless
|
|
action-managed-upgrade is set to True.
|
|
action-managed-upgrade:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
If True enables openstack upgrades for this charm via juju actions.
|
|
You will still need to set openstack-origin to the new repository but
|
|
instead of an upgrade running automatically across all units, it will
|
|
wait for you to execute the openstack-upgrade action for this charm on
|
|
each unit. If False it will revert to existing behavior of upgrading
|
|
all units on config change.
|
|
harden:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Apply system hardening. Supports a space-delimited list of modules
|
|
to run. Supported modules currently include os, ssh, apache and mysql.
|
|
database-user:
|
|
default: heat
|
|
type: string
|
|
description: Username for database access
|
|
database:
|
|
default: heat
|
|
type: string
|
|
description: Database name
|
|
instance-user:
|
|
default:
|
|
type: string
|
|
description: |
|
|
The default user for new instances. This option is deprecated as of Juno.
|
|
If left empty, Heat will use the default user set up with your cloud
|
|
image (for OS::Nova::Server) or 'ec2-user' (for AWS::EC2::Instance).
|
|
region:
|
|
default: RegionOne
|
|
type: string
|
|
description: OpenStack Region
|
|
rabbit-user:
|
|
default: heat
|
|
type: string
|
|
description: Username to request access on rabbitmq-server.
|
|
rabbit-vhost:
|
|
default: openstack
|
|
type: string
|
|
description: RabbitMQ virtual host to request access on rabbitmq-server.
|
|
encryption-key:
|
|
default: ""
|
|
type: string
|
|
description: Encryption key used for authentication info in database.
|
|
config-flags:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Comma-separated list of key=value config flags. These values will be
|
|
placed in the heat.conf [DEFAULT] section.
|
|
worker-multiplier:
|
|
type: float
|
|
default:
|
|
description: |
|
|
The CPU core multiplier to use when configuring worker processes for
|
|
this service. By default, the number of workers for each daemon is
|
|
set to twice the number of CPU cores a service unit has. When deployed
|
|
in a LXD container, this default value will be capped to 4 workers
|
|
unless this configuration option is set.
|
|
# Network config (by default all access is over 'private-address')
|
|
os-admin-network:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The IP address and netmask of the OpenStack Admin network (e.g.
|
|
192.168.0.0/24)
|
|
.
|
|
This network will be used for admin endpoints.
|
|
os-internal-network:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The IP address and netmask of the OpenStack Internal network (e.g.
|
|
192.168.0.0/24)
|
|
.
|
|
This network will be used for internal endpoints.
|
|
os-public-network:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The IP address and netmask of the OpenStack Public network (e.g.
|
|
192.168.0.0/24)
|
|
.
|
|
This network will be used for public endpoints.
|
|
os-public-hostname:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The hostname or address of the public endpoints created for heat
|
|
in the keystone identity provider.
|
|
.
|
|
This value will be used for public endpoints. For example, an
|
|
os-public-hostname set to 'heat.example.com' with ssl enabled will
|
|
create the following public endpoints for ceilometer:
|
|
.
|
|
https://heat.example.com:8004/
|
|
os-internal-hostname:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The hostname or address of the internal endpoints created for heat
|
|
in the keystone identity provider.
|
|
.
|
|
This value will be used for internal endpoints. For example, an
|
|
os-internal-hostname set to 'heat.internal.example.com' with ssl enabled
|
|
will create the following internal endpoints for ceilometer:
|
|
.
|
|
https://heat.internal.example.com:8004/
|
|
os-admin-hostname:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The hostname or address of the admin endpoints created for heat
|
|
in the keystone identity provider.
|
|
.
|
|
This value will be used for admin endpoints. For example, an
|
|
os-admin-hostname set to 'heat.admin.example.com' with ssl enabled will
|
|
create the following admin endpoints for ceilometer:
|
|
.
|
|
https://heat.admin.example.com:8004/
|
|
prefer-ipv6:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
If True enables IPv6 support. The charm will expect network interfaces
|
|
to be configured with an IPv6 address. If set to False (default) IPv4
|
|
is expected.
|
|
.
|
|
NOTE: these charms do not currently support IPv6 privacy extension. In
|
|
order for this charm to function correctly, the privacy extension must be
|
|
disabled and a non-temporary address must be configured/available on
|
|
your network interface.
|
|
ssl_cert:
|
|
type: string
|
|
default:
|
|
description: |
|
|
SSL certificate to install and use for API ports. Setting this value
|
|
and ssl_key will enable reverse proxying, point Heat's entry in the
|
|
Keystone catalog to use https, and override any certificate and key
|
|
issued by Keystone (if it is configured to do so).
|
|
ssl_key:
|
|
type: string
|
|
default:
|
|
description: SSL key to use with certificate specified as ssl_cert.
|
|
ssl_ca:
|
|
type: string
|
|
default:
|
|
description: |
|
|
SSL CA to use with the certificate and key provided - this is only
|
|
required if you are providing a privately signed ssl_cert and ssl_key.
|
|
# HA config
|
|
dns-ha:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
Use DNS HA with MAAS 2.0. Note if this is set do not set vip settings
|
|
below.
|
|
vip:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Virtual IP(s) to use to front API services in HA configuration.
|
|
.
|
|
If multiple networks are being used, a VIP should be provided for each
|
|
network, separated by spaces.
|
|
vip_iface:
|
|
type: string
|
|
default: eth0
|
|
description: |
|
|
Default network interface to use for HA vip when it cannot be
|
|
automatically determined.
|
|
vip_cidr:
|
|
type: int
|
|
default: 24
|
|
description: |
|
|
Default CIDR netmask to use for HA vip when it cannot be automatically
|
|
determined.
|
|
ha-bindiface:
|
|
type: string
|
|
default: eth0
|
|
description: |
|
|
Default network interface on which HA cluster will bind to communication
|
|
with the other members of the HA Cluster.
|
|
ha-mcastport:
|
|
type: int
|
|
default: 5959
|
|
description: |
|
|
Default multicast port number that will be used to communicate between
|
|
HA Cluster nodes.
|
|
use-internal-endpoints:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
Openstack mostly defaults to using public endpoints for
|
|
internal communication between services. If set to True this option
|
|
will configure services to use internal endpoints where possible.
|
|
haproxy-server-timeout:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Server timeout configuration in ms for haproxy, used in HA
|
|
configurations. If not provided, default value of 90000ms is used.
|
|
haproxy-client-timeout:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Client timeout configuration in ms for haproxy, used in HA
|
|
configurations. If not provided, default value of 90000ms is used.
|
|
haproxy-queue-timeout:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Queue timeout configuration in ms for haproxy, used in HA
|
|
configurations. If not provided, default value of 9000ms is used.
|
|
haproxy-connect-timeout:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Connect timeout configuration in ms for haproxy, used in HA
|
|
configurations. If not provided, default value of 9000ms is used.
|
|
use-policyd-override:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
If True then use the resource file named 'policyd-override' to install
|
|
override YAML files in the service's policy.d directory. The resource
|
|
file should be a ZIP file containing at least one yaml file with a .yaml
|
|
or .yml extension. If False then remove the overrides.
|