424 lines
14 KiB
YAML
424 lines
14 KiB
YAML
options:
|
|
debug:
|
|
default: False
|
|
type: boolean
|
|
description: Enable debug logging.
|
|
verbose:
|
|
default: False
|
|
type: boolean
|
|
description: Enable verbose logging.
|
|
use-syslog:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
Setting this to True will allow supporting services to log to syslog.
|
|
openstack-origin:
|
|
default: distro
|
|
type: string
|
|
description: |
|
|
Repository from which to install. May be one of the following:
|
|
distro (default), ppa:somecustom/ppa, a deb url sources entry,
|
|
or a supported Cloud Archive release pocket.
|
|
|
|
Supported Cloud Archive sources include:
|
|
|
|
cloud:<series>-<openstack-release>
|
|
cloud:<series>-<openstack-release>/updates
|
|
cloud:<series>-<openstack-release>/staging
|
|
cloud:<series>-<openstack-release>/proposed
|
|
|
|
For series=Precise we support cloud archives for openstack-release:
|
|
* icehouse
|
|
|
|
For series=Trusty we support cloud archives for openstack-release:
|
|
* juno
|
|
* kilo
|
|
* ...
|
|
|
|
NOTE: updating this setting to a source that is known to provide
|
|
a later version of OpenStack will trigger a software upgrade.
|
|
openstack-origin-git:
|
|
default:
|
|
type: string
|
|
description: |
|
|
Specifies a default OpenStack release name, or a YAML dictionary
|
|
listing the git repositories to install from.
|
|
|
|
The default Openstack release name may be one of the following, where
|
|
the corresponding OpenStack github branch will be used:
|
|
* liberty
|
|
* mitaka
|
|
* master
|
|
|
|
The YAML must minimally include requirements, neutron, and nova
|
|
repositories, and may also include repositories for other dependencies:
|
|
repositories:
|
|
- {name: requirements,
|
|
repository: 'git://github.com/openstack/requirements',
|
|
branch: master}
|
|
- {name: neutron,
|
|
repository: 'git://github.com/openstack/neutron',
|
|
branch: master}
|
|
- {name: nova,
|
|
repository: 'git://github.com/openstack/nova',
|
|
branch: master}
|
|
release: master
|
|
rabbit-user:
|
|
default: nova
|
|
type: string
|
|
description: Username used to access rabbitmq queue
|
|
rabbit-vhost:
|
|
default: openstack
|
|
type: string
|
|
description: Rabbitmq vhost
|
|
database-user:
|
|
default: nova
|
|
type: string
|
|
description: Username for database access
|
|
database:
|
|
default: nova
|
|
type: string
|
|
description: Database name
|
|
nova-alchemy-flags:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Comma-separated list of key=value sqlalchemy related config flags to be
|
|
set in nova.conf [database] section.
|
|
network-manager:
|
|
default: FlatDHCPManager
|
|
type: string
|
|
description: |
|
|
Network manager for the cloud; supports the following options:
|
|
|
|
FlatDHCPManager (nova-network) (default)
|
|
FlatManager (nova-network)
|
|
Neutron (Full SDN solution)
|
|
|
|
When using the Neutron option you will most likely want to use
|
|
the neutron-gateway charm to provide L3 routing and DHCP Services.
|
|
bridge-interface:
|
|
default: br100
|
|
type: string
|
|
description: Bridge interface to be configured
|
|
bridge-ip:
|
|
default: 11.0.0.1
|
|
type: string
|
|
description: IP to be assigned to bridge interface
|
|
bridge-netmask:
|
|
default: 255.255.255.0
|
|
type: string
|
|
description: Netmask to be assigned to bridge interface
|
|
neutron-external-network:
|
|
type: string
|
|
default: ext_net
|
|
description: |
|
|
Name of the external network for floating IP addresses provided by
|
|
Neutron.
|
|
config-flags:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Comma-separated list of key=value config flags. These values will be
|
|
placed in the nova.conf [DEFAULT] section.
|
|
region:
|
|
default: RegionOne
|
|
type: string
|
|
description: OpenStack Region
|
|
use-internal-endpoints:
|
|
default: False
|
|
type: boolean
|
|
description: |
|
|
Openstack mostly defaults to using public endpoints for
|
|
internal communication between services. If set to True this option will
|
|
configure services to use internal endpoints where possible.
|
|
# HA configuration settings
|
|
dns-ha:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
Use DNS HA with MAAS 2.0. Note if this is set do not set vip
|
|
settings below.
|
|
vip:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Virtual IP(s) to use to front API services in HA configuration.
|
|
.
|
|
If multiple networks are being used, a VIP should be provided for each
|
|
network, separated by spaces.
|
|
vip_iface:
|
|
type: string
|
|
default: eth0
|
|
description: |
|
|
Default network interface to use for HA vip when it cannot be
|
|
automatically determined.
|
|
vip_cidr:
|
|
type: int
|
|
default: 24
|
|
description: |
|
|
Default CIDR netmask to use for HA vip when it cannot be automatically
|
|
determined.
|
|
ha-bindiface:
|
|
type: string
|
|
default: eth0
|
|
description: |
|
|
Default network interface on which HA cluster will bind to communication
|
|
with the other members of the HA Cluster.
|
|
ha-mcastport:
|
|
type: int
|
|
default: 5404
|
|
description: |
|
|
Default multicast port number that will be used to communicate between
|
|
HA Cluster nodes.
|
|
haproxy-server-timeout:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Server timeout configuration in ms for haproxy, used in HA
|
|
configurations. If not provided, default value of 30000ms is used.
|
|
haproxy-client-timeout:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Client timeout configuration in ms for haproxy, used in HA
|
|
configurations. If not provided, default value of 30000ms is used.
|
|
haproxy-queue-timeout:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Queue timeout configuration in ms for haproxy, used in HA
|
|
configurations. If not provided, default value of 5000ms is used.
|
|
haproxy-connect-timeout:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Connect timeout configuration in ms for haproxy, used in HA
|
|
configurations. If not provided, default value of 5000ms is used.
|
|
ssl_cert:
|
|
type: string
|
|
default:
|
|
description: |
|
|
SSL certificate to install and use for API ports. Setting this value
|
|
and ssl_key will enable reverse proxying, point Nova's entry in the
|
|
Keystone catalog to use https, and override any certificate and key
|
|
issued by Keystone (if it is configured to do so).
|
|
ssl_key:
|
|
type: string
|
|
default:
|
|
description: SSL key to use with certificate specified as ssl_cert.
|
|
ssl_ca:
|
|
type: string
|
|
default:
|
|
description: |
|
|
SSL CA to use with the certificate and key provided - this is only
|
|
required if you are providing a privately signed ssl_cert and ssl_key.
|
|
# Network configuration options
|
|
# by default all access is over 'private-address'
|
|
os-admin-network:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The IP address and netmask of the OpenStack Admin network (e.g.
|
|
192.168.0.0/24)
|
|
|
|
This network will be used for admin endpoints.
|
|
os-internal-network:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The IP address and netmask of the OpenStack Internal network (e.g.
|
|
192.168.0.0/24)
|
|
|
|
This network will be used for internal endpoints.
|
|
os-public-network:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The IP address and netmask of the OpenStack Public network (e.g.
|
|
192.168.0.0/24)
|
|
|
|
This network will be used for public endpoints.
|
|
os-public-hostname:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The hostname or address of the public endpoints provided by the
|
|
nova-cloud-controller in the keystone identity provider.
|
|
|
|
This value will be used for public endpoints. For example, an
|
|
os-public-hostname set to 'ncc.example.com' with ssl enabled will
|
|
create public endpoints such as:
|
|
|
|
https://ncc.example.com:8775/v2/$(tenant_id)s
|
|
os-internal-hostname:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The hostname or address of the internal endpoints provided by the
|
|
nova-cloud-controller in the keystone identity provider.
|
|
|
|
This value will be used for internal endpoints. For example, an
|
|
os-internal-hostname set to 'ncc.internal.example.com' with ssl
|
|
enabled will create a internal endpoint as:
|
|
|
|
https://ncc.internal.example.com:8775/v2/$(tenant_id)s
|
|
os-admin-hostname:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The hostname or address of the admin endpoints provided by the
|
|
nova-cloud-controller in the keystone identity provider.
|
|
|
|
This value will be used for admin endpoints. For example, an
|
|
os-admin-hostname set to 'ncc.admin.example.com' with ssl enabled
|
|
will create a admin endpoint for as:
|
|
|
|
https://ncc.admin.example.com:8775/v2/$(tenant_id)s
|
|
service-guard:
|
|
type: boolean
|
|
default: false
|
|
description: |
|
|
Ensure required relations are made and complete before allowing services
|
|
to be started
|
|
|
|
By default, services may be up and accepting API request from install
|
|
onwards.
|
|
|
|
Enabling this flag ensures that services will not be started until the
|
|
minimum 'core relations' have been made between this charm and other
|
|
charms.
|
|
|
|
For this charm the following relations must be made:
|
|
|
|
* shared-db or (pgsql-nova-db, pgsql-neutron-db)
|
|
* amqp
|
|
* identity-service
|
|
console-access-protocol:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Protocol to use when accessing virtual machine console. Supported types
|
|
are None, spice, xvpvnc, novnc and vnc (for both xvpvnc and novnc)
|
|
console-proxy-ip:
|
|
type: string
|
|
default: local
|
|
description: |
|
|
If console-access-protocol != None then this is the ip published to
|
|
clients for access to console proxy. Set to local for the ip address of
|
|
the nova-cloud-controller serving the request to be used
|
|
console-keymap:
|
|
type: string
|
|
default: 'en-us'
|
|
description: |
|
|
Console keymap
|
|
console-ssl-cert:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Used for encrypted console connections. This differs from the SSL
|
|
certificate used for API endpoints and is used for console sessions only.
|
|
Setting this value along with console-ssl-key will enable encrypted
|
|
console sessions. This has nothing to do with Nova API SSL and can be
|
|
used independently. This can be used in conjunction when
|
|
console-access-protocol is set to 'novnc' or 'spice'.
|
|
console-ssl-key:
|
|
type: string
|
|
default:
|
|
description: SSL key to use with certificate specified as console-ssl-cert.
|
|
worker-multiplier:
|
|
type: float
|
|
default: 2.0
|
|
description: |
|
|
The CPU core multiplier to use when configuring worker processes for
|
|
Nova and Neutron. By default, the number of workers for each daemon
|
|
is set to twice the number of CPU cores a service unit has.
|
|
cpu-allocation-ratio:
|
|
type: float
|
|
default: 16.0
|
|
description: |
|
|
The per physical core -> virtual core ratio to use in the Nova scheduler.
|
|
.
|
|
Increasing this value will increase instance density on compute nodes
|
|
at the expense of instance performance.
|
|
ram-allocation-ratio:
|
|
type: float
|
|
default: 1.5
|
|
description: |
|
|
The physical ram -> virtual ram ratio to use in the Nova scheduler.
|
|
|
|
Increasing this value will increase instance density on compute nodes
|
|
at the potential expense of instance performance.
|
|
prefer-ipv6:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
If True enables IPv6 support. The charm will expect network interfaces
|
|
to be configured with an IPv6 address. If set to False (default) IPv4
|
|
is expected.
|
|
|
|
NOTE: these charms do not currently support IPv6 privacy extension. In
|
|
order for this charm to function correctly, the privacy extension must be
|
|
disabled and a non-temporary address must be configured/available on
|
|
your network interface.
|
|
nagios_context:
|
|
default: "juju"
|
|
type: string
|
|
description: |
|
|
Used by the nrpe-external-master subordinate charm.
|
|
A string that will be prepended to instance name to set the host name
|
|
in nagios. So for instance the hostname would be something like:
|
|
|
|
juju-myservice-0
|
|
|
|
If you're running multiple environments with the same services in them
|
|
this allows you to differentiate between them.
|
|
nagios_servicegroups:
|
|
default: ""
|
|
type: string
|
|
description: |
|
|
A comma-separated list of nagios servicegroups. If left empty, the
|
|
nagios_context will be used as the servicegroup.
|
|
single-nova-consoleauth:
|
|
type: boolean
|
|
default: true
|
|
description: |
|
|
When this configuration is set to True, a single instance of
|
|
nova-consoleauth service will be running, this allows users to always
|
|
authenticate against the same instance and avoid authentications issues
|
|
when the token used was stored in a different instance.
|
|
|
|
If memcached is being used to store the tokens, then it's recommended to
|
|
change this configuration to False.
|
|
action-managed-upgrade:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
If True enables openstack upgrades for this charm via juju actions.
|
|
You will still need to set openstack-origin to the new repository but
|
|
instead of an upgrade running automatically across all units, it will
|
|
wait for you to execute the openstack-upgrade action for this charm on
|
|
each unit. If False it will revert to existing behavior of upgrading
|
|
all units on config change.
|
|
scheduler-default-filters:
|
|
type: string
|
|
default: "RetryFilter,AvailabilityZoneFilter,CoreFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter"
|
|
description: |
|
|
List of filter class names to use for filtering hosts when not specified in
|
|
the request.
|
|
api-rate-limit-rules:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The API rate-limit rules to use for the deployed nova API, if any.
|
|
Contents of this config options will be inserted in the api-paste.ini file
|
|
under the "filter:ratelimit" section as "limits". The syntax for these
|
|
rules is documented at
|
|
http://docs.openstack.org/kilo/config-reference/content/configuring-compute-API.html
|
|
harden:
|
|
default:
|
|
type: string
|
|
description: |
|
|
Apply system hardening. Supports a space-delimited list of modules
|
|
to run. Supported modules currently include os, ssh, apache and mysql.
|