608 lines
20 KiB
YAML
Executable File
608 lines
20 KiB
YAML
Executable File
options:
|
|
debug:
|
|
default: False
|
|
type: boolean
|
|
description: Enable debug logging.
|
|
verbose:
|
|
default: False
|
|
type: boolean
|
|
description: Enable verbose logging.
|
|
use-syslog:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
Setting this to True will allow supporting services to log to syslog.
|
|
openstack-origin:
|
|
default: distro
|
|
type: string
|
|
description: |
|
|
Repository from which to install. May be one of the following:
|
|
distro (default), ppa:somecustom/ppa, a deb url sources entry,
|
|
or a supported Cloud Archive release pocket.
|
|
|
|
Supported Cloud Archive sources include:
|
|
|
|
cloud:<series>-<openstack-release>
|
|
cloud:<series>-<openstack-release>/updates
|
|
cloud:<series>-<openstack-release>/staging
|
|
cloud:<series>-<openstack-release>/proposed
|
|
|
|
For series=Precise we support cloud archives for openstack-release:
|
|
* icehouse
|
|
|
|
For series=Trusty we support cloud archives for openstack-release:
|
|
* juno
|
|
* kilo
|
|
* ...
|
|
|
|
NOTE: updating this setting to a source that is known to provide
|
|
a later version of OpenStack will trigger a software upgrade.
|
|
|
|
NOTE: when openstack-origin-git is specified, openstack specific
|
|
packages will be installed from source rather than from the
|
|
openstack-origin repository.
|
|
openstack-origin-git:
|
|
default:
|
|
type: string
|
|
description: |
|
|
Specifies a default OpenStack release name, or a YAML dictionary
|
|
listing the git repositories to install from.
|
|
|
|
The default Openstack release name may be one of the following, where
|
|
the corresponding OpenStack github branch will be used:
|
|
* icehouse
|
|
* kilo
|
|
* liberty
|
|
* mitaka
|
|
* master
|
|
|
|
The YAML must minimally include requirements, neutron-fwaas,
|
|
neutron-lbaas, neutron-vpnaas, and neutron repositories, and may
|
|
also include repositories for other dependencies:
|
|
repositories:
|
|
- {name: requirements,
|
|
repository: 'git://github.com/openstack/requirements',
|
|
branch: master}
|
|
- {name: neutron-fwaas,
|
|
repository: 'git://github.com/openstack/neutron-fwaas',
|
|
branch: master}
|
|
- {name: neutron-lbaas,
|
|
repository: 'git://github.com/openstack/neutron-lbaas',
|
|
branch: master}
|
|
- {name: neutron-vpnaas,
|
|
repository: 'git://github.com/openstack/neutron-vpnaas',
|
|
branch: master}
|
|
- {name: neutron,
|
|
repository: 'git://github.com/openstack/neutron',
|
|
branch: master}
|
|
|
|
Note that the installed config files will be determined based on
|
|
the OpenStack release of the openstack-origin option.
|
|
rabbit-user:
|
|
default: neutron
|
|
type: string
|
|
description: Username used to access rabbitmq queue
|
|
rabbit-vhost:
|
|
default: openstack
|
|
type: string
|
|
description: Rabbitmq vhost
|
|
database-user:
|
|
default: neutron
|
|
type: string
|
|
description: Username for Neutron database access (if enabled)
|
|
database:
|
|
default: neutron
|
|
type: string
|
|
description: Database name for Neutron (if enabled)
|
|
region:
|
|
default: RegionOne
|
|
type: string
|
|
description: OpenStack Region
|
|
use-internal-endpoints:
|
|
default: False
|
|
type: boolean
|
|
description: |
|
|
Openstack mostly defaults to using public endpoints for
|
|
internal communication between services. If set to True this option will
|
|
configure services to use internal endpoints where possible.
|
|
neutron-security-groups:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
Use quantum for security group management.
|
|
neutron-external-network:
|
|
type: string
|
|
default: ext_net
|
|
description: |
|
|
Name of the external network for floating IP addresses provided by
|
|
Neutron.
|
|
network-device-mtu:
|
|
type: int
|
|
default:
|
|
description: |
|
|
The MTU size for interfaces managed by neutron. If unset or set to
|
|
0, no value will be applied. This value will be provided to
|
|
neutron-plugin-api relations.
|
|
neutron-plugin:
|
|
default: ovs
|
|
type: string
|
|
description: |
|
|
Neutron plugin to use for network management; supports
|
|
.
|
|
ovs - OpenvSwitch Plugin
|
|
vsp - Nuage Networks VSP
|
|
nsx - VMWare NSX
|
|
Calico - Project Calico Networking
|
|
midonet - MidoNet
|
|
plumgrid - PLUMgrid
|
|
.
|
|
overlay-network-type:
|
|
default: gre
|
|
type: string
|
|
description: |
|
|
Overlay network types to use, valid options include:
|
|
.
|
|
gre
|
|
vxlan
|
|
.
|
|
Multiple types can be provided - field is space delimited.
|
|
flat-network-providers:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Space-delimited list of Neutron flat network providers.
|
|
vlan-ranges:
|
|
type: string
|
|
default: "physnet1:1000:2000"
|
|
description: |
|
|
Space-delimited list of <physical_network>:<vlan_min>:<vlan_max> or
|
|
<physical_network> specifying physical_network names usable for VLAN
|
|
provider and tenant networks, as well as ranges of VLAN tags on each
|
|
available for allocation to tenant networks.
|
|
vni-ranges:
|
|
type: string
|
|
default: "1001:2000"
|
|
description: |
|
|
Space-delimited list of <vxlan_min>:<vxlan_max> for VXLAN provider.
|
|
# Quota configuration settings
|
|
quota-security-group:
|
|
default: 10
|
|
type: int
|
|
description: |
|
|
Number of security groups allowed per tenant. A negative value means
|
|
unlimited.
|
|
quota-security-group-rule:
|
|
default: 100
|
|
type: int
|
|
description: |
|
|
Number of security group rules allowed per tenant. A negative value means
|
|
unlimited
|
|
quota-network:
|
|
default: 10
|
|
type: int
|
|
description: |
|
|
Number of networks allowed per tenant. A negative value means unlimited.
|
|
quota-subnet:
|
|
default: 10
|
|
type: int
|
|
description: |
|
|
Number of subnets allowed per tenant. A negative value means unlimited.
|
|
quota-port:
|
|
default: 50
|
|
type: int
|
|
description: |
|
|
Number of ports allowed per tenant. A negative value means unlimited.
|
|
quota-vip:
|
|
default: 10
|
|
type: int
|
|
description: |
|
|
Number of vips allowed per tenant. A negative value means unlimited.
|
|
quota-pool:
|
|
default: 10
|
|
type: int
|
|
description: |
|
|
Number of pools allowed per tenant. A negative value means unlimited.
|
|
quota-member:
|
|
default: -1
|
|
type: int
|
|
description: |
|
|
Number of pool members allowed per tenant. A negative value means
|
|
unlimited. The default is unlimited because a member is not a real
|
|
resource consumer on Openstack. However, on back-end, a member is a
|
|
resource consumer and that is the reason why quota is possible.
|
|
quota-health-monitors:
|
|
default: -1
|
|
type: int
|
|
description: |
|
|
Number of health monitors allowed per tenant. A negative value means
|
|
unlimited.
|
|
The default is unlimited because a health monitor is not a real resource
|
|
consumer on Openstack. However, on back-end, a member is a resource
|
|
consumer and that is the reason why quota is possible.
|
|
quota-router:
|
|
default: 10
|
|
type: int
|
|
description: |
|
|
Number of routers allowed per tenant. A negative value means unlimited.
|
|
quota-floatingip:
|
|
default: 50
|
|
type: int
|
|
description: |
|
|
Number of floating IPs allowed per tenant. A negative value means
|
|
unlimited.
|
|
# HA configuration settings
|
|
dns-ha:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
Use DNS HA with MAAS 2.0. Note if this is set do not set vip
|
|
settings below.
|
|
vip:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Virtual IP(s) to use to front API services in HA configuration.
|
|
.
|
|
If multiple networks are being used, a VIP should be provided for each
|
|
network, separated by spaces.
|
|
vip_iface:
|
|
type: string
|
|
default: eth0
|
|
description: |
|
|
Default network interface to use for HA vip when it cannot be
|
|
automatically determined.
|
|
vip_cidr:
|
|
type: int
|
|
default: 24
|
|
description: |
|
|
Default CIDR netmask to use for HA vip when it cannot be automatically
|
|
determined.
|
|
ha-bindiface:
|
|
type: string
|
|
default: eth0
|
|
description: |
|
|
Default network interface on which HA cluster will bind to communication
|
|
with the other members of the HA Cluster.
|
|
ha-mcastport:
|
|
type: int
|
|
default: 5424
|
|
description: |
|
|
Default multicast port number that will be used to communicate between
|
|
HA Cluster nodes.
|
|
# Network configuration options
|
|
# by default all access is over 'private-address'
|
|
os-admin-network:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The IP address and netmask of the OpenStack Admin network (e.g.,
|
|
192.168.0.0/24)
|
|
.
|
|
This network will be used for admin endpoints.
|
|
os-internal-network:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The IP address and netmask of the OpenStack Internal network (e.g.,
|
|
192.168.0.0/24)
|
|
.
|
|
This network will be used for internal endpoints.
|
|
os-public-network:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The IP address and netmask of the OpenStack Public network (e.g.,
|
|
192.168.0.0/24)
|
|
.
|
|
This network will be used for public endpoints.
|
|
os-public-hostname:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The hostname or address of the public endpoints created for neutron-api
|
|
in the keystone identity provider.
|
|
.
|
|
This value will be used for public endpoints. For example, an
|
|
os-public-hostname set to 'neutron-api.example.com' with ssl enabled
|
|
will create the following endpoint for neutron-api:
|
|
.
|
|
https://neutron-api.example.com:9696/
|
|
os-internal-hostname:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The hostname or address of the internal endpoints created for neutron-api
|
|
in the keystone identity provider.
|
|
.
|
|
This value will be used for internal endpoints. For example, an
|
|
os-internal-hostname set to 'neutron-api.internal.example.com' with ssl
|
|
enabled will create a internal endpoint for neutron-api:
|
|
.
|
|
https://neutron-api.internal.example.com:9696/
|
|
os-admin-hostname:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The hostname or address of the admin endpoints created for neutron-api
|
|
in the keystone identity provider.
|
|
.
|
|
This value will be used for admin endpoints. For example, an
|
|
os-admin-hostname set to 'neutron-api.admin.example.com' with ssl enabled
|
|
will create a internal endpoint for neutron-api:
|
|
.
|
|
https://neutron-api.admin.example.com:9696/
|
|
ssl_cert:
|
|
type: string
|
|
default:
|
|
description: |
|
|
SSL certificate to install and use for API ports. Setting this value
|
|
and ssl_key will enable reverse proxying, point Neutron's entry in the
|
|
Keystone catalog to use https, and override any certficiate and key
|
|
issued by Keystone (if it is configured to do so).
|
|
ssl_key:
|
|
type: string
|
|
default:
|
|
description: SSL key to use with certificate specified as ssl_cert.
|
|
ssl_ca:
|
|
type: string
|
|
default:
|
|
description: |
|
|
SSL CA to use with the certificate and key provided - this is only
|
|
required if you are providing a privately signed ssl_cert and ssl_key.
|
|
# Neutron Nuage plugin (VSD) configuration
|
|
nuage-packages:
|
|
type: string
|
|
default: "nuage-openstack-neutron nuagenetlib"
|
|
description: |
|
|
Its [nuage-openstack-neutron nuagenetlib] for Nuage VSP >=3.2R4 & KILO
|
|
and [nuage-neutron python-nuagenetlib] of Nuage VSP <=3.0 & JUNO
|
|
vsd-cms-id:
|
|
type: string
|
|
default:
|
|
description: |
|
|
CMS ID is used as an authentication token from VSD to CMS.
|
|
This value is being generated via nuage scripts and can be set pre/post deployment.
|
|
vsd-cms-name:
|
|
type: string
|
|
default:
|
|
description: |
|
|
This is required only for 3.2 R4 and above releases of Nuage and Kilo.
|
|
Please give Maas env id so that it is unique per openstack cluster.
|
|
This name is used to create th CMS ID on Nuage-VSD which should be unique per OSP cluster.
|
|
Your Deployment will fail if this config is not provided.
|
|
vsd-server:
|
|
type: string
|
|
default:
|
|
description: Nuage VSD Server
|
|
vsd-auth:
|
|
type: string
|
|
default: "csproot:csproot"
|
|
description: Username Password to connect to Nuage VSD Server
|
|
vsd-organization:
|
|
type: string
|
|
default: csp
|
|
description: Name of the organization in Nuage VSD
|
|
vsd-auth-ssl:
|
|
type: boolean
|
|
default: True
|
|
description: SSL authentication of the Nuage VSD Server
|
|
vsd-base-uri:
|
|
type: string
|
|
default: "/nuage/api/v3_0"
|
|
description: Nuage VSD API endpoint URI
|
|
vsd-auth-resource:
|
|
type: string
|
|
default: "/me"
|
|
description: Nuage VSD authentication resource
|
|
vsd-netpart-name:
|
|
type: string
|
|
default: juju-enterprise
|
|
description: Name of the Organization or Enterprise to create in Nuage VSD
|
|
# end of Nuage VSD configuration
|
|
l2-population:
|
|
type: boolean
|
|
default: True
|
|
description: |
|
|
Populate the forwarding tables of virtual switches (LinuxBridge or OVS),
|
|
to decrease broadcast traffics inside the physical networks fabric while
|
|
using overlays networks (VXLan, GRE).
|
|
prefer-ipv6:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
If True enables IPv6 support. The charm will expect network interfaces
|
|
to be configured with an IPv6 address. If set to False (default) IPv4
|
|
is expected.
|
|
.
|
|
NOTE: these charms do not currently support IPv6 privacy extension. In
|
|
order for this charm to function correctly, the privacy extension must be
|
|
disabled and a non-temporary address must be configured/available on
|
|
your network interface.
|
|
worker-multiplier:
|
|
type: int
|
|
default: 2
|
|
description: |
|
|
The CPU core multiplier to use when configuring worker processes for
|
|
Neutron. By default, the number of workers for each daemon is set to
|
|
twice the number of CPU cores a service unit has.
|
|
# VMware NSX plugin configuration
|
|
nsx-controllers:
|
|
type: string
|
|
default:
|
|
description: Space delimited addresses of NSX controllers
|
|
nsx-username:
|
|
type: string
|
|
default: admin
|
|
description: Username to connect to NSX controllers with
|
|
nsx-password:
|
|
type: string
|
|
default: admin
|
|
description: Password to connect to NSX controllers with
|
|
nsx-tz-uuid:
|
|
type: string
|
|
default:
|
|
description: |
|
|
This is uuid of the default NSX Transport zone that will be used for
|
|
creating tunneled isolated Quantum networks. It needs to be created
|
|
in NSX before starting Quantum with the nsx plugin.
|
|
nsx-l3-uuid:
|
|
type: string
|
|
default:
|
|
description: |
|
|
This is uuid of the default NSX L3 Gateway Service.
|
|
# end of NSX configuration
|
|
nagios_context:
|
|
default: "juju"
|
|
type: string
|
|
description: |
|
|
Used by the nrpe-external-master subordinate charm.
|
|
A string that will be prepended to instance name to set the host name
|
|
in nagios. So for instance the hostname would be something like:
|
|
juju-myservice-0
|
|
If you're running multiple environments with the same services in them
|
|
this allows you to differentiate between them.
|
|
enable-dvr:
|
|
default: False
|
|
type: boolean
|
|
description: |
|
|
Enable Distributed Virtual Routing (juno and above).
|
|
enable-l3ha:
|
|
default: False
|
|
type: boolean
|
|
description: |
|
|
Enable L3 HA (juno and above).
|
|
max-l3-agents-per-router:
|
|
default: 2
|
|
type: int
|
|
description: |
|
|
Maximum number of l3 agents to host a router. Only used when enable-l3ha
|
|
is True
|
|
min-l3-agents-per-router:
|
|
default: 2
|
|
type: int
|
|
description: |
|
|
Minimum number of l3 agents to host a router. Only used when enable-l3ha
|
|
is True
|
|
dhcp-agents-per-network:
|
|
default: 1
|
|
type: int
|
|
description: |
|
|
The number of dhcp agents to be deployed per network. Note that if the
|
|
Calico plugin is being used, this option has no effect.
|
|
nagios_servicegroups:
|
|
default: ""
|
|
type: string
|
|
description: |
|
|
A comma-separated list of nagios servicegroups.
|
|
If left empty, the nagios_context will be used as the servicegroup
|
|
# PLUMgrid Plugin configuration
|
|
plumgrid-username:
|
|
default: plumgrid
|
|
type: string
|
|
description: Username to access PLUMgrid Director
|
|
plumgrid-password:
|
|
default: plumgrid
|
|
type: string
|
|
description: Password to access PLUMgrid Director
|
|
plumgrid-virtual-ip:
|
|
default:
|
|
type: string
|
|
description: IP address of PLUMgrid Director
|
|
# end of PLUMgrid configuration
|
|
manage-neutron-plugin-legacy-mode:
|
|
type: boolean
|
|
default: True
|
|
description: |
|
|
If True neutron-server will install neutron packages for the plugin
|
|
configured.
|
|
# Additional software source configuration
|
|
extra-key:
|
|
type: string
|
|
default:
|
|
description: Optional key for archive containing additional packages.
|
|
extra-source:
|
|
type: string
|
|
default:
|
|
description: Optional source for archive containing additional packages.
|
|
|
|
# Calico plugin configuration
|
|
calico-origin:
|
|
default:
|
|
type: string
|
|
description: |
|
|
Repository from which to install Calico packages. If set, must be
|
|
a PPA URL, of the form ppa:somecustom/ppa. Changing this value
|
|
after installation will force an immediate software upgrade.
|
|
# End of Calico plugin configuration
|
|
action-managed-upgrade:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
If True enables openstack upgrades for this charm via juju actions.
|
|
You will still need to set openstack-origin to the new repository but
|
|
instead of an upgrade running automatically across all units, it will
|
|
wait for you to execute the openstack-upgrade action for this charm on
|
|
each unit. If False it will revert to existing behavior of upgrading
|
|
all units on config change.
|
|
enable-ml2-port-security:
|
|
type: boolean
|
|
default: False
|
|
description: Enable port security extension for ML2 plugin (>= kilo).
|
|
haproxy-server-timeout:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Server timeout configuration in ms for haproxy, used in HA
|
|
configurations. If not provided, default value of 30000ms is used.
|
|
haproxy-client-timeout:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Client timeout configuration in ms for haproxy, used in HA
|
|
configurations. If not provided, default value of 30000ms is used.
|
|
haproxy-queue-timeout:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Queue timeout configuration in ms for haproxy, used in HA
|
|
configurations. If not provided, default value of 5000ms is used.
|
|
haproxy-connect-timeout:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Connect timeout configuration in ms for haproxy, used in HA
|
|
configurations. If not provided, default value of 5000ms is used.
|
|
enable-sriov:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
Enable SR-IOV networking support across Neutron and Nova.
|
|
midonet-origin:
|
|
default: midonet-2015.06
|
|
type: string
|
|
description: |
|
|
'mem-1.8', 'mem-1.9',
|
|
'midonet-2015.06'
|
|
|
|
NOTE: updating this setting to a source that is known to provide a later
|
|
version of MidoNet (do not change between MEM and MidoNet) will
|
|
trigger a software upgrade.
|
|
mem-username:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The Midokura Enterprise MidoNet username credentials to access the
|
|
repository.
|
|
mem-password:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The Midokura Enterprise MidoNet password credentials to access the
|
|
repository.
|
|
harden:
|
|
default:
|
|
type: string
|
|
description: |
|
|
Apply system hardening. Supports a space-delimited list of modules
|
|
to run. Supported modules currently include os, ssh, apache and mysql.
|