268 lines
8.8 KiB
YAML
268 lines
8.8 KiB
YAML
options:
|
||
debug:
|
||
default: "false"
|
||
type: string
|
||
description: "Enable verbose logging"
|
||
verbose:
|
||
default: "false"
|
||
type: string
|
||
description: "Enable debug logging"
|
||
openstack-origin:
|
||
default: distro
|
||
type: "string"
|
||
description: |
|
||
Repository from which to install. May be one of the following:
|
||
distro (default), ppa:somecustom/ppa, a deb url sources entry,
|
||
or a supported Cloud Archive release pocket.
|
||
|
||
Supported Cloud Archive sources include: cloud:precise-folsom,
|
||
cloud:precise-folsom/updates, cloud:precise-folsom/staging,
|
||
cloud:precise-folsom/proposed.
|
||
|
||
Note that updating this setting to a source that is known to
|
||
provide a later version of OpenStack will trigger a software
|
||
upgrade.
|
||
|
||
Note that when openstack-origin-git is specified, the packages
|
||
configured for that option will be installed from git rather
|
||
than from the openstack-origin repository.
|
||
openstack-origin-git:
|
||
default: None
|
||
type: "string"
|
||
description: |
|
||
Specifies a YAML file which lists the git repositories and branches
|
||
from which to install OpenStack. See config/git-*.yaml for a
|
||
starting point.
|
||
|
||
Note that the config files that are installed will be determined
|
||
based on the OpenStack release in the openstack-origin option.
|
||
|
||
Note that updating this setting after deployment will do nothing.
|
||
config-file:
|
||
default: "/etc/keystone/keystone.conf"
|
||
type: string
|
||
description: "Location of keystone configuration file"
|
||
log-level:
|
||
default: WARNING
|
||
type: string
|
||
description: Log level (WARNING, INFO, DEBUG, ERROR)
|
||
service-port:
|
||
default: 5000
|
||
type: int
|
||
description: "Port the bind the API server to"
|
||
admin-port:
|
||
default: 35357
|
||
type: int
|
||
description: "Port the bind the Admin API server to"
|
||
keystone-admin-role:
|
||
default: "Admin"
|
||
type: string
|
||
description: "Role that allows admin operations (access to all operations)"
|
||
keystone-service-admin-role:
|
||
default: "KeystoneServiceAdmin"
|
||
type: string
|
||
description: "Role that allows acting as service admin"
|
||
admin-user:
|
||
default: admin
|
||
type: string
|
||
description: "Default admin user to create and manage"
|
||
admin-password:
|
||
default: None
|
||
type: string
|
||
description: "Admin password. To be used *for testing only*. Randomly generated by default."
|
||
admin-token:
|
||
default: None
|
||
type: string
|
||
description: "Admin token. If set, this token will be used for all services instead of being generated per service."
|
||
admin-role:
|
||
default: 'Admin'
|
||
type: string
|
||
description: 'Admin role to be associated with admin and service users'
|
||
token-expiry:
|
||
default: "2017-02-05T00:00"
|
||
type: string
|
||
description: "Expiration date of generated admin tokens"
|
||
service-tenant:
|
||
default: "services"
|
||
type: string
|
||
description: "Name of tenant to associate service credentials."
|
||
service-admin-prefix:
|
||
type: string
|
||
default:
|
||
description: |
|
||
When service relations are joined they provide a name used to create a
|
||
service admin_username in keystone. The name used may be too crude for
|
||
some situations e.g. pre-populated LDAP identity backend. If set, this
|
||
option will be prepended to each service admin_username.
|
||
# Database settings used to request access via shared-db-relation-* relations
|
||
database:
|
||
default: "keystone"
|
||
type: string
|
||
description: "Database name"
|
||
database-user:
|
||
default: "keystone"
|
||
type: string
|
||
description: "Database username"
|
||
region:
|
||
default: RegionOne
|
||
type: string
|
||
description: "OpenStack Region(s) - separate multiple regions with single space"
|
||
use-syslog:
|
||
type: boolean
|
||
default: False
|
||
description: |
|
||
By default, all services will log into their corresponding log files.
|
||
Setting this to True will force all services to log to the syslog.
|
||
identity-backend:
|
||
type: string
|
||
default: "sql"
|
||
description: "Keystone identity backend, valid options are:sql,ldap,kvs,pam"
|
||
assignment-backend:
|
||
type: string
|
||
default: "sql"
|
||
description: "Keystone assignment backend, valid options are sql,ldap,kvs"
|
||
ldap-server:
|
||
type: string
|
||
default: None
|
||
description: "Ldap server address for keystone identity backend"
|
||
ldap-user:
|
||
type: string
|
||
default: None
|
||
description: "Username of the ldap identity server"
|
||
ldap-password:
|
||
type: string
|
||
default: None
|
||
description: "Password of the ldap identity server"
|
||
ldap-suffix:
|
||
type: string
|
||
default: None
|
||
description: "Ldap server suffix to be used by keystone"
|
||
ldap-config-flags:
|
||
type: string
|
||
default: None
|
||
description: "comma sperated options for ldap configuration"
|
||
ldap-readonly:
|
||
type: boolean
|
||
default: True
|
||
description: "Ldap identity server backend readonly to keystone"
|
||
# HA configuration settings
|
||
vip:
|
||
type: string
|
||
default:
|
||
description: |
|
||
Virtual IP(s) to use to front API services in HA configuration.
|
||
.
|
||
If multiple networks are being used, a VIP should be provided for each
|
||
network, separated by spaces.
|
||
vip_iface:
|
||
type: string
|
||
default: eth0
|
||
description: |
|
||
Default network interface to use for HA vip when it cannot be automatically
|
||
determined.
|
||
vip_cidr:
|
||
type: int
|
||
default: 24
|
||
description: |
|
||
Default CIDR netmask to use for HA vip when it cannot be automatically
|
||
determined.
|
||
ha-bindiface:
|
||
type: string
|
||
default: eth0
|
||
description: |
|
||
Default network interface on which HA cluster will bind to communication
|
||
with the other members of the HA Cluster.
|
||
ha-mcastport:
|
||
type: int
|
||
default: 5403
|
||
description: |
|
||
Default multicast port number that will be used to communicate between
|
||
HA Cluster nodes.
|
||
# PKI enablement and configuration (Grizzly and beyond)
|
||
enable-pki:
|
||
default: "false"
|
||
type: string
|
||
description: "Enable PKI token signing (Grizzly and beyond)"
|
||
https-service-endpoints:
|
||
default: "False"
|
||
type: string
|
||
description: "Manage SSL certificates for all service endpoints."
|
||
use-https:
|
||
default: "no"
|
||
type: string
|
||
description: "Use SSL for Keystone itself. Set to 'yes' to enable it."
|
||
ssl_cert:
|
||
type: string
|
||
default:
|
||
description: |
|
||
SSL certificate to install and use for API ports. Setting this value
|
||
and ssl_key will enable reverse proxying, point Keystone's entry in the
|
||
Keystone catalog to use https, and override any certficiate and key
|
||
issued by Keystone (if it is configured to do so).
|
||
ssl_key:
|
||
type: string
|
||
default:
|
||
description: SSL key to use with certificate specified as ssl_cert.
|
||
ssl_ca:
|
||
type: string
|
||
default:
|
||
description: |
|
||
SSL CA to use with the certificate and key provided - this is only
|
||
required if you are providing a privately signed ssl_cert and ssl_key.
|
||
# Network configuration options
|
||
# by default all access is over 'private-address'
|
||
os-admin-network:
|
||
type: string
|
||
default:
|
||
description: |
|
||
The IP address and netmask of the OpenStack Admin network (e.g.,
|
||
192.168.0.0/24)
|
||
.
|
||
This network will be used for admin endpoints.
|
||
os-internal-network:
|
||
type: string
|
||
default:
|
||
description: |
|
||
The IP address and netmask of the OpenStack Internal network (e.g.,
|
||
192.168.0.0/24)
|
||
.
|
||
This network will be used for internal endpoints.
|
||
os-public-network:
|
||
type: string
|
||
default:
|
||
description: |
|
||
The IP address and netmask of the OpenStack Public network (e.g.,
|
||
192.168.0.0/24)
|
||
.
|
||
This network will be used for public endpoints.
|
||
prefer-ipv6:
|
||
type: boolean
|
||
default: False
|
||
description: |
|
||
If True enables IPv6 support. The charm will expect network interfaces
|
||
to be configured with an IPv6 address. If set to False (default) IPv4
|
||
is expected.
|
||
.
|
||
NOTE: these charms do not currently support IPv6 privacy extension. In
|
||
order for this charm to function correctly, the privacy extension must be
|
||
disabled and a non-temporary address must be configured/available on
|
||
your network interface.
|
||
worker-multiplier:
|
||
type: int
|
||
default: 2
|
||
description: |
|
||
The CPU core multiplier to use when configuring worker processes for
|
||
Keystone. By default, the number of workers for each daemon is set to
|
||
twice the number of CPU cores a service unit has.
|
||
nagios_context:
|
||
default: "juju"
|
||
type: string
|
||
description: |
|
||
Used by the nrpe-external-master subordinate charm.
|
||
A string that will be prepended to instance name to set the host name
|
||
in nagios. So for instance the hostname would be something like:
|
||
juju-myservice-0
|
||
If you're running multiple environments with the same services in them
|
||
this allows you to differentiate between them.
|
||
|