openstack
/
charm-neutron-gateway
Code Issues Proposed changes
charm-neutron-gateway/config.yaml

404 lines
15 KiB
YAML
Raw Permalink Blame History

options:
debug:
type: boolean
default: False
description: Enable debug logging.
verbose:
type: boolean
default: False
description: Enable verbose logging.
use-syslog:
type: boolean
default: False
description: |
Setting this to True will allow supporting services to log to syslog.
openstack-origin:
type: string
default: bobcat
description: |
Repository from which to install. May be one of the following:
distro (default), ppa:somecustom/ppa, a deb url sources entry,
or a supported Ubuntu Cloud Archive, e.g.
.
cloud:<series>-<openstack-release>
cloud:<series>-<openstack-release>/updates
cloud:<series>-<openstack-release>/staging
cloud:<series>-<openstack-release>/proposed
.
See https://wiki.ubuntu.com/OpenStack/CloudArchive for info on which
cloud archives are available and supported.
.
NOTE: updating this setting to a source that is known to provide
a later version of OpenStack will trigger a software upgrade unless
action-managed-upgrade is set to True.
action-managed-upgrade:
type: boolean
default: False
description: |
If True enables openstack upgrades for this charm via juju actions.
You will still need to set openstack-origin to the new repository but
instead of an upgrade running automatically across all units, it will
wait for you to execute the openstack-upgrade action for this charm on
each unit. If False it will revert to existing behavior of upgrading
all units on config change.
harden:
type: string
default:
description: |
Apply system hardening. Supports a space-delimited list of modules
to run. Supported modules currently include os, ssh, apache and mysql.
rabbit-user:
type: string
description: RabbitMQ user
default: neutron
rabbit-vhost:
type: string
description: RabbitMQ Virtual Host
default: openstack
nova-rabbit-user:
type: string
description: RabbitMQ Nova user
default: nova
nova-rabbit-vhost:
type: string
description: RabbitMQ Nova Virtual Host
default: openstack
plugin:
type: string
default: ovs
description: |
Network configuration plugin to use for quantum.
Supported values include:
.
ovs - ML2 + Open vSwitch
nsx - VMware NSX
n1kv - Cisco N1kv
ovs-odl - ML2 + Open vSwitch with OpenDayLight Controller
ext-port:
type: string
default:
description: |
[DEPRECATED] Use bridge-mappings and data-port to create a network
which can be used for external connectivity. You can call the network
external and the bridge br-ex by convention, but neither is required.
.
Space-delimited list of external ports to use for routing of instance
traffic to the external public network. Valid values are either MAC
addresses (in which case only MAC addresses for interfaces without an IP
address already assigned will be used), or interfaces (eth0)
.
Note that if data-port is used then this config item is ignored, a
warning is logged, and the unit is marked as blocked in order to indicate
that the charm is misconfigured.
data-port:
type: string
default:
description: |
Space-delimited list of bridge:port mappings. Specified ports will be
added to their corresponding specified bridge. The bridges will allow
usage of flat or VLAN network types with Neutron and should match this
defined in bridge-mappings.
.
Ports can be specified through the name or MAC address of the interface
to be added to the bridge. If MAC addresses are used, you may provide
multiple bridge:mac for the same bridge so as to be able to configure
multiple units. In this case the charm will run through the provided MAC
addresses for each bridge until it finds one it can resolve to an
interface name.
.
Any changes (subsequent to the initial setting) made to the value of this
option will merely add the new values along with the existing ones. If
removal of old values is desired, they have to be done manually through
the command "ovs-vsctl" in the affected units. If the new values conflict
with the previous ones, it may cause a network outage as seen in bug
https://pad.lv/1915967
run-internal-router:
type: string
default: all
description: |
Optional configuration to support how the L3 agent option
handle_internal_only_routers is configured.
all => Set to be true everywhere
none => Set to be false everywhere
leader => Set to be true on one node (the leader) and false everywhere
else.
Use leader and none when configuring multiple floating pools
external-network-id:
type: string
default:
description: |
Optional configuration to set the external-network-id. Only needed when
configuring multiple external networks and should be used in conjunction
with run-internal-router.
instance-mtu:
type: int
default:
description: |
Configure DHCP services to provide MTU configuration to instances
within the cloud. This is useful in deployments where its not
possible to increase MTU on switches and physical servers to
accommodate the packet overhead of using GRE tunnels.
dnsmasq-flags:
type: string
default:
description: |
Comma-separated list of key=value config flags with the additional
dhcp options for neutron dnsmasq.
dns-servers:
type: string
default:
description: |
A comma-separated list of DNS servers which will be used by dnsmasq as
forwarders.
enable-l3-agent:
type: boolean
default: True
description: |
Optional configuration to support use of linux router
Note that this is used only for Cisco n1kv plugin.
worker-multiplier:
type: float
default:
description: |
The CPU core multiplier to use when configuring worker processes for
this service. By default, the number of workers for each daemon is
set to twice the number of CPU cores a service unit has. This default
value will be capped to 4 workers unless this configuration option
is set.
bridge-mappings:
type: string
default: 'physnet1:br-data'
description: |
Space-separated list of ML2 data bridge mappings with format
<provider>:<bridge>.
flat-network-providers:
type: string
default:
description: |
Space-delimited list of Neutron flat network providers.
vlan-ranges:
type: string
default: "physnet1:1000:2000"
description: |
Space-delimited list of <physical_network>:<vlan_min>:<vlan_max> or
<physical_network> specifying physical_network names usable for VLAN
provider and tenant networks, as well as ranges of VLAN tags on each
available for allocation to tenant networks.
aa-profile-mode:
type: string
default: 'disable'
description: |
Experimental enable apparmor profile. Valid settings: 'complain',
'enforce' or 'disable'. AA disabled by default.
enable-metadata-network:
type: boolean
default: False
description: |
The metadata network is used by solutions which do not leverage the l3
agent for providing access to the metadata service.
enable-isolated-metadata:
type: boolean
default: False
description: |
Enable metadata on an isolated network (no router ports).
sysctl:
type: string
default: |
{ net.ipv4.neigh.default.gc_thresh1 : 128,
net.ipv4.neigh.default.gc_thresh2 : 28672,
net.ipv4.neigh.default.gc_thresh3 : 32768,
net.ipv6.neigh.default.gc_thresh1 : 128,
net.ipv6.neigh.default.gc_thresh2 : 28672,
net.ipv6.neigh.default.gc_thresh3 : 32768,
net.nf_conntrack_max : 1000000,
net.netfilter.nf_conntrack_buckets : 204800,
net.netfilter.nf_conntrack_max : 1000000 }
description: |
YAML-formatted associative array of sysctl key/value pairs to be set
persistently e.g. '{ kernel.pid_max : 4194303 }'.
kernel-modules:
type: string
default: "nf_conntrack"
description: |
A space-separated list of kernel modules to load before sysctl
options are applied by the charm and system boot.
This ensures the sysctl options exist and can be set correctly.
# Network config (by default all access is over 'private-address')
os-data-network:
type: string
default:
description: |
The IP address and netmask of the OpenStack Data network (e.g.
192.168.0.0/24)
.
This network will be used for tenant network traffic in overlay
networks.
# Legacy (Icehouse) HA
ha-legacy-mode:
type: boolean
default: False
description: |
If True will enable Pacemaker to monitor the neutron-ha-monitor daemon
on every neutron-gateway unit, which detects neutron agents status and
reschedule resources hosting on failed agents, detects local errors and
release resources when network is unreachable or do necessary recover
tasks. This feature targets to < Juno which doesn't natively support HA
in Neutron itself.
ha-bindiface:
type: string
default: eth0
description: |
Default network interface on which HA cluster will bind to communicate
with the other members of the HA Cluster.
ha-mcastport:
type: int
default: 5409
description: |
Default multicast port number that will be used to communicate between
HA Cluster nodes.
# Monitoring config
nagios_context:
type: string
default: "juju"
description: |
Used by the nrpe-external-master subordinate charm.
A string that will be prepended to instance name to set the host name
in Nagios. So for instance the hostname would be something like:
juju-myservice-0
If you're running multiple environments with the same services in them
this allows you to differentiate between them.
nagios_servicegroups:
type: string
default: ""
description: |
A comma-separated list of Nagios service groups.
If left empty, the nagios_context will be used as the servicegroup
ipfix-target:
type: string
default:
description: |
IPFIX target wit the format "IP_Address:Port". This will enable IPFIX
exporting on all OVS bridges to the target, including br-int and br-ext.
vendor-data:
type: string
default:
description: |
A JSON-formatted string that will serve as vendor metadata
(via "StaticJSON" provider) to all VM's within an OpenStack deployment,
regardless of project or domain. For deployments of Rocky or later
this value is ignored. Please set the corresponding value in the
nova-cloud-controller charm.
vendor-data-url:
type: string
default:
description: |
A URL serving JSON-formatted data that will serve as vendor metadata
(via "DynamicJSON" provider) to all VM's within an OpenStack deployment,
regardless of project or domain.
.
Only supported in OpenStack Newton and higher. For deployments of Rocky or
later this value is ignored. Please set the corresponding value in the
nova-cloud-controller charm.
default-availability-zone:
type: string
default: 'nova'
description: |
Default availability zone to use for agents (l3, dhcp) on this machine.
If this option is not set, the default availability zone 'nova' is used.
If customize-failure-domain is set to True, it will override this option
only if an AZ is set by the Juju provider. If JUJU_AVAILABILITY_ZONE is
not set, the value specified by this option will be used regardless of
customize-failure-domain's setting.
.
NOTE: Router and Network objects have a property called
availability_zone_hints which can be used to restrict dnsmasq
and router namespace placement by DHCP and L3 agents to specific
neutron availability zones. Neutron AZs are not tied to Nova AZs but
their names can match.
.
customize-failure-domain:
type: boolean
default: False
description: |
Juju propagates availability zone information to charms from the
underlying machine provider such as MAAS and this option allows the
charm to use JUJU_AVAILABILITY_ZONE to set default_availability_zone
for Neutron agents (DHCP and L3 agents). This option overrides the
default-availability-zone charm config setting only when the Juju
provider sets JUJU_AVAILABILITY_ZONE.
firewall-driver:
type: string
default:
description: |
Firewall driver to use to support use of security groups with
instances; valid values include iptables_hybrid (default) and
openvswitch. This config option is ignored for < Queens.
firewall-group-log-output-base:
type: string
default:
description: |
This option allows setting a path for Firewall Group logs.
A valid file system path must be provided. If this option is not
provided Neutron will use syslog as a destination.
(Available from Stein)
firewall-group-log-rate-limit:
type: int
default:
description: |
Log entries are queued for writing to a log file when a packet rate
exceeds the limit set by this option.
Possible values: null (no rate limitation), integer values greater than 100.
WARNING: Should be NOT LESS than 100, if set (if null logging will not be
rate limited).
(Available from Stein)
firewall-group-log-burst-limit:
type: int
default: 25
description: |
This option sets the maximum queue size for log entries.
Can be used to avoid excessive memory consumption.
WARNING: Should be NOT LESS than 25.
(Available from Stein)
ovsdb-timeout:
type: int
default:
description: |
Timeout in seconds for ovsdb commands.
(Available from Queens)
ovs-use-veth:
type: string
default:
description: |
"True" or "False" string value. It is safe to leave this option unset.
This option allows the DHCP agent to use a veth interface for OVS in
order to support kernels with limited namespace support. i.e. Trusty.
Changing the value after neutron DHCP agents are created will break
access. The charm will go into a blocked state if this is attempted.
disable-neutron-lbaas:
type: boolean
default: False
description: |
Manually disable lbaas services. Set this option to True if Octavia
is used with neutron. This option is ignored for Train+ OpenStack.
keepalived-healthcheck-interval:
type: int
default: 0
description: |
Specifies the frequency (in seconds) at which HA routers will check
their external network gateway by performing an ICMP ping between the
virtual routers. When the ping check fails, this will trigger the HA
routers to failover to another node. A value of 0 will disable this
check. This setting only applies when using l3ha and dvr_snat.
.
WARNING: Enabling the health checks should be done with caution as it
may lead to rapid failovers of HA routers. ICMP pings are low priority
and may be dropped or take longer than the 1 second afforded by neutron,
which leads to routers failing over to other nodes.
enable-auto-restarts:
type: boolean
default: True
description: |
Allow the charm and packages to restart services automatically when
required.
View Git Blame Copy Permalink