charm-swift-proxy/config.yaml

options:
  openstack-origin:
    default: distro
    type: string
    description: |
      Repository from which to install.  May be one of the following:
      distro (default), ppa:somecustom/ppa, a deb url sources entry,
      or a supported Cloud Archive release pocket.

      Supported Cloud Archive sources include:

      cloud:<series>-<openstack-release>
      cloud:<series>-<openstack-release>/updates
      cloud:<series>-<openstack-release>/staging
      cloud:<series>-<openstack-release>/proposed

      For series=Precise we support cloud archives for openstack-release:
         * icehouse

      For series=Trusty we support cloud archives for openstack-release:
         * juno
         * kilo
         * ...

      NOTE: updating this setting to a source that is known to provide
      a later version of OpenStack will trigger a software upgrade.      
  region:
    default: RegionOne
    type: string
    description: OpenStack region that this swift-proxy supports.
  # Ring configuration
  partition-power:
    default: 8
    type: int
    description: Partition power.
  replicas:
    default: 3
    type: int
    description: Minimum replicas.
  min-hours:
    default: 0
    type: int
    description: |
      This is the Swift ring builder min_part_hours parameter. This
      setting represents the amount of time in hours that Swift will wait
      between subsequent ring re-balances in order to avoid large i/o loads as
      data is re-balanced when new devices are added to the cluster. Once your
      cluster has been built, you can set this to a higher value e.g. 1
      (upstream default). Note that changing this value will result in an
      attempt to re-balance and if successful, rings will be redistributed.      
  disable-ring-balance:
    type: boolean
    default: False
    description: |
      This provides similar support to min-hours but without having to modify
      the builders. If True, any changes to the builders will not result in a
      ring re-balance and sync until this value is set back to False.      
  zone-assignment:
    default: "manual"
    type: string
    description: |
      Which policy to use when assigning new storage nodes to zones.

        manual - Allow swift-storage services to request zone membership.
        auto - Assign new swift-storage units to zones automatically.

      The configured replica minimum must be met by an equal number of storage
      zones before the storage ring will be initially balance.  Deployment
      requirements differ based on the zone-assignment policy configured, see
      this charm's README for details.      
  # User provided SSL cert and key
  ssl_cert:
    type: string
    default:
    description: |
      Base64 encoded SSL certificate to install and use for API ports.
      .
         juju set swift-proxy ssl_cert="$(cat cert | base64)" \
                              ssl_key="$(cat key | base64)"
      .
      Setting this value (and ssl_key) will enable reverse proxying, point
      Swifts's entry in the Keystone catalog to use https, and override
      any certficiate and key issued by Keystone (if it is configured to
      do so).      
  ssl_key:
    type: string
    default:
    description: |
      Base64 encoded SSL key to use with certificate specified as ssl_cert.      
  ssl_ca:
    type: string
    default:
    description: |
      Base64 encoded SSL CA to use with the certificate and key provided - only
      required if you are providing a privately signed ssl_cert and ssl_key.      
  # General Swift Proxy configuration
  bind-port:
    default: 8080
    type: int
    description: TCP port to listen on
  workers:
    default: 0
    type: int
    description: |
      Number of TCP workers to launch (0 for the number of system cores).      
  operator-roles:
    default: "Member,Admin"
    type: string
    description: Comma-separated list of Swift operator roles.
  auth-type:
    default: tempauth
    type: string
    description: Auth method to use, tempauth or keystone
  delay-auth-decision:
    default: true
    type: boolean
    description: Delay authentication to downstream WSGI services.
  node-timeout:
    default: 60
    type: int
    description: |
      How long the proxy server will wait on responses from the
      account/container/object servers.      
  recoverable-node-timeout:
    default: 30
    type: int
    description: |
      How long the proxy server will wait for an initial response and to read a
      chunk of data from the object servers while serving GET / HEAD requests.
      Timeouts from these requests can be recovered from so setting this to
      something lower than node-timeout would provide quicker error recovery
      while allowing for a longer timeout for non-recoverable requests (PUTs).      
  # Logging configuration
  debug:
    default: False
    type: boolean
    description: Enable debug level logging.
  log-headers:
    default: False
    type: boolean
    description: Enable logging of all request headers.
  # Manual Keystone configuration.
  keystone-auth-host:
    type: string
    default:
    description: Keystone authentication host
  keystone-auth-port:
    default: 35357
    type: int
    description: Keystone authentication port
  keystone-auth-protocol:
    default: http
    type: string
    description: Keystone authentication protocol
  keystone-admin-tenant-name:
    default: service
    type: string
    description: Keystone admin tenant name
  keystone-admin-user:
    type: string
    default:
    description: Keystone admin username
  keystone-admin-password:
    type: string
    default:
    description: Keystone admin password
  # HA configuration settings
  swift-hash:
    type: string
    default:
    description: Hash to use across all swift-proxy servers - don't loose
  vip:
    type: string
    default:
    description: |
      Virtual IP(s) to use to front API services in HA configuration.
      .
      If multiple networks are being used, a VIP should be provided for each
      network, separated by spaces.      
  ha-bindiface:
    type: string
    default: eth0
    description: |
      Default network interface on which HA cluster will bind to communication
      with the other members of the HA Cluster.      
  ha-mcastport:
    type: int
    default: 5414
    description: |
      Default multicast port number that will be used to communicate between
      HA Cluster nodes.      
  # Network configuration options
  # by default all access is over 'private-address'
  os-admin-network:
    type: string
    default:
    description: |
      The IP address and netmask of the OpenStack Admin network (e.g.,
      192.168.0.0/24)
      .
      This network will be used for admin endpoints.      
  os-internal-network:
    type: string
    default:
    description: |
      The IP address and netmask of the OpenStack Internal network (e.g.,
      192.168.0.0/24)
      .
      This network will be used for internal endpoints.      
  os-public-network:
    type: string
    default:
    description: |
      The IP address and netmask of the OpenStack Public network (e.g.,
      192.168.0.0/24)
      .
      This network will be used for public endpoints.      
  os-public-hostname:
    type: string
    default:
    description: |
      The hostname or address of the public endpoints created for swift-proxy
      in the keystone identity provider.

      This value will be used for public endpoints. For example, an
      os-public-hostname set to 'files.example.com' with will create
      the following public endpoint for the swift-proxy:

      https://files.example.com:80/swift/v1      
  prefer-ipv6:
    type: boolean
    default: False
    description: |
      If True enables IPv6 support. The charm will expect network interfaces
      to be configured with an IPv6 address. If set to False (default) IPv4
      is expected.

      NOTE: these charms do not currently support IPv6 privacy extension. In
      order for this charm to function correctly, the privacy extension must be
      disabled and a non-temporary address must be configured/available on
      your network interface.      
  nagios_context:
    default: "juju"
    type: string
    description: |
      Used by the nrpe-external-master subordinate charm.
      A string that will be prepended to instance name to set the host name
      in nagios. So for instance the hostname would be something like:
          juju-myservice-0
      If you're running multiple environments with the same services in them
      this allows you to differentiate between them.      
  nagios_servicegroups:
    default: ""
    type: string
    description: |
      A comma-separated list of nagios servicegroups.
      If left empty, the nagios_context will be used as the servicegroup      
  action-managed-upgrade:
    type: boolean
    default: False
    description: |
      If True enables openstack upgrades for this charm via juju actions.
      You will still need to set openstack-origin to the new repository but
      instead of an upgrade running automatically across all units, it will
      wait for you to execute the openstack-upgrade action for this charm on
      each unit. If False it will revert to existing behavior of upgrading
      all units on config change.