29260ddf8a
Clusters created with the option cloud_provider_enabled or registry_enabled set to true, or volumer_driver set to 'cinder' need this flag set to True as well to instruct Magnum to assign trust to the cluster user. This option defaults to False due to security concerns (see https://bugs.launchpad.net/bugs/cve/2016-7404 ) [0] https://docs.openstack.org/magnum/latest/user/index.html#cloud-provider-enabled Closes-Bug: #1996237 Change-Id: I393030fa0da244ba5928482c8ef4e75e53f1a7b3
71 lines
2.2 KiB
YAML
71 lines
2.2 KiB
YAML
options:
|
|
openstack-origin:
|
|
default: bobcat
|
|
type: string
|
|
description: |
|
|
Repository from which to install. May be one of the following:
|
|
distro (default), ppa:somecustom/ppa, a deb url sources entry,
|
|
or a supported Cloud Archive release pocket.
|
|
|
|
Supported Cloud Archive sources include: cloud:precise-folsom,
|
|
cloud:precise-folsom/updates, cloud:precise-folsom/staging,
|
|
cloud:precise-folsom/proposed.
|
|
|
|
Note that updating this setting to a source that is known to
|
|
provide a later version of OpenStack will trigger a software
|
|
upgrade.
|
|
rabbit-user:
|
|
default: magnum
|
|
type: string
|
|
description: Username used to access rabbitmq queue
|
|
rabbit-vhost:
|
|
default: openstack
|
|
type: string
|
|
description: Rabbitmq vhost
|
|
database-user:
|
|
default: magnum
|
|
type: string
|
|
description: Username for Magnum database access
|
|
database:
|
|
default: magnum
|
|
type: string
|
|
description: Database name for Magnum
|
|
debug:
|
|
default: False
|
|
type: boolean
|
|
description: Enable debug logging
|
|
verbose:
|
|
default: False
|
|
type: boolean
|
|
description: Enable verbose logging
|
|
region:
|
|
default: RegionOne
|
|
type: string
|
|
description: OpenStack Region
|
|
trustee-domain:
|
|
type: string
|
|
default: magnum
|
|
description: Domain used for COE
|
|
trustee-admin:
|
|
type: string
|
|
default: magnum_domain_admin
|
|
description: Domain admin for the trustee-domain
|
|
cluster-user-trust:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
Controls whether to assign a trust to the cluster user or not. You will
|
|
need to set it to True for clusters with volume_driver=cinder or
|
|
registry_enabled=true in the underlying cluster template to work. This is
|
|
a potential security risk since the trust gives instances OpenStack API
|
|
access to the cluster's project. Note that this setting does not affect
|
|
per-cluster trusts assigned to the Magnum service user.
|
|
cert-manager-type:
|
|
type: string
|
|
default: barbican
|
|
description: |
|
|
Certificate Manager plugin. Use barbican in production. Requires barbican
|
|
to be present in your OpenStack deployment. Choices are:
|
|
* x509keypair
|
|
* barbican
|