openstack/charm-swift-proxy
Code Issues Proposed changes
Files
59971e1c7d31a0d293ecaa513f319d1d0019e260
charm-swift-proxy/config.yaml
David Ames 4e9aa259b0 Update HAProxy default timeout values 
The default HAProxy timeout values are fairly strict. On a busy cloud
it is common to exceed one or more of these timeouts. The only
indication that HAProxy has exceeded a timeout and dropped the
connection is errors such as "BadStatusLine" or "EOF." These can be
very difficult to diagnose when intermittent.

This charm-helpers sync pulls in the change to update the default
timeout values to more real world settings. These values have been
extensively tested in ServerStack. Configured values will not be
overridden.

Partial Bug: #1736171

Change-Id: I0aefed05d7b06162d21bb5ded216fc32935ef52e
2017-12-11 11:37:39 -08:00

357 lines
12 KiB
YAML
Raw Blame History

options:
debug:
type: boolean
default: False
description: Enable debug level logging.
log-headers:
type: boolean
default: False
description: Enable logging of all request headers.
openstack-origin:
type: string
default: distro
description: |
Repository from which to install. May be one of the following:
distro (default), ppa:somecustom/ppa, a deb url sources entry,
or a supported Ubuntu Cloud Archive e.g.
.
cloud:<series>-<openstack-release>
cloud:<series>-<openstack-release>/updates
cloud:<series>-<openstack-release>/staging
cloud:<series>-<openstack-release>/proposed
.
See https://wiki.ubuntu.com/OpenStack/CloudArchive for info on which
cloud archives are available and supported.
.
NOTE: updating this setting to a source that is known to provide
a later version of OpenStack will trigger a software upgrade unless
action-managed-upgrade is set to True.
action-managed-upgrade:
type: boolean
default: False
description: |
If True enables openstack upgrades for this charm via juju actions.
You will still need to set openstack-origin to the new repository but
instead of an upgrade running automatically across all units, it will
wait for you to execute the openstack-upgrade action for this charm on
each unit. If False it will revert to existing behavior of upgrading
all units on config change.
harden:
type: string
default:
description: |
Apply system hardening. Supports a space-delimited list of modules
to run. Supported modules currently include os, ssh, apache and mysql.
# General Swift Proxy config
region:
type: string
default: RegionOne
description: OpenStack region that this swift-proxy supports.
bind-port:
type: int
default: 8080
description: TCP port to listen on.
workers:
type: int
default: 0
description: |
Number of TCP workers to launch (0 for the number of system cores).
operator-roles:
type: string
default: "Member,Admin"
description: Comma-separated list of Swift operator roles.
auth-type:
type: string
default: tempauth
description: Auth method to use, tempauth, swauth or keystone
swauth-admin-key:
type: string
default:
description: The secret key to use to authenticate as an swauth admin
delay-auth-decision:
type: boolean
default: true
description: Delay authentication to downstream WSGI services.
node-timeout:
type: int
default: 60
description: |
How long the proxy server will wait on responses from the
account/container/object servers.
recoverable-node-timeout:
type: int
default: 30
description: |
How long the proxy server will wait for an initial response and to read a
chunk of data from the object servers while serving GET / HEAD requests.
Timeouts from these requests can be recovered from so setting this to
something lower than node-timeout would provide quicker error recovery
while allowing for a longer timeout for non-recoverable requests (PUTs).
# Swift ring management config
partition-power:
type: int
default: 8
description: |
This value needs to be set according to the parameters of the cluster
being deployed. In order to achieve an optimal distribution of objects
within your cluster without over consuming system resources it is
important that this value not be too low or high but it must also be
high enough to account for future expansion of your cluster since it
cannot be changed once the rings have been built. A rough calculation
for this value should be no less than log2(total_disks * 100).
replicas:
type: int
default: 3
description: Minimum replicas for each object stored in the cluster.
min-hours:
type: int
default: 0
description: |
This is the Swift ring builder min_part_hours parameter. This
setting represents the amount of time in hours that Swift will wait
between subsequent ring re-balances in order to avoid large i/o loads as
data is re-balanced when new devices are added to the cluster. Once your
cluster has been built, you can set this to a higher value e.g. 1
(upstream default). Note that changing this value will result in an
attempt to re-balance and if successful, rings will be redistributed.
disable-ring-balance:
type: boolean
default: False
description: |
This provides similar support to min-hours but without having to modify
the builders. If True, any changes to the builders will not result in a
ring re-balance and sync until this value is set back to False.
zone-assignment:
type: string
default: "manual"
description: |
Which policy to use when assigning new storage nodes to zones.
.
manual - Allow swift-storage services to request zone membership.
auto - Assign new swift-storage units to zones automatically.
.
The configured replica minimum must be met by an equal number of storage
zones before the storage ring will be initially balance. Deployment
requirements differ based on the zone-assignment policy configured, see
this charm's README for details.
# Manual Keystone config
keystone-auth-host:
type: string
default:
description: Keystone authentication host
keystone-auth-port:
default: 35357
type: int
description: Keystone authentication port
keystone-auth-protocol:
default: http
type: string
description: Keystone authentication protocol
keystone-admin-tenant-name:
default: service
type: string
description: Keystone admin tenant name
keystone-admin-user:
type: string
default:
description: Keystone admin username
keystone-admin-password:
type: string
default:
description: Keystone admin password
# HA config
swift-hash:
type: string
default:
description: Hash to use across all swift-proxy servers - don't loose
dns-ha:
type: boolean
default: False
description: |
Use DNS HA with MAAS 2.0. Note if this is set do not set vip
settings below.
vip:
type: string
default:
description: |
Virtual IP(s) to use to front API services in HA configuration.
.
If multiple networks are being used, a VIP should be provided for each
network, separated by spaces.
ha-bindiface:
type: string
default: eth0
description: |
Default network interface on which HA cluster will bind to communication
with the other members of the HA Cluster.
ha-mcastport:
type: int
default: 5414
description: |
Default multicast port number that will be used to communicate between
HA Cluster nodes.
haproxy-server-timeout:
type: int
default:
description: |
Server timeout configuration in ms for haproxy, used in HA
configurations. If not provided, default value of 90000ms is used.
haproxy-client-timeout:
type: int
default:
description: |
Client timeout configuration in ms for haproxy, used in HA
configurations. If not provided, default value of 90000ms is used.
haproxy-queue-timeout:
type: int
default:
description: |
Queue timeout configuration in ms for haproxy, used in HA
configurations. If not provided, default value of 9000ms is used.
haproxy-connect-timeout:
type: int
default:
description: |
Connect timeout configuration in ms for haproxy, used in HA
configurations. If not provided, default value of 9000ms is used.
# Network config (by default all access is over 'private-address')
os-admin-network:
type: string
default:
description: |
The IP address and netmask of the OpenStack Admin network (e.g.
192.168.0.0/24)
.
This network will be used for admin endpoints.
os-internal-network:
type: string
default:
description: |
The IP address and netmask of the OpenStack Internal network (e.g.
192.168.0.0/24)
.
This network will be used for internal endpoints.
os-public-network:
type: string
default:
description: |
The IP address and netmask of the OpenStack Public network (e.g.,
192.168.0.0/24)
.
This network will be used for public endpoints.
os-public-hostname:
type: string
default:
description: |
The hostname or address of the public endpoints created for swift-proxy
in the keystone identity provider.
This value will be used for public endpoints. For example, an
os-public-hostname set to 'files.example.com' with will create
the following public endpoint for the swift-proxy:
https://files.example.com:80/swift/v1
os-internal-hostname:
type: string
default:
description: |
The hostname or address of the internal endpoints created for swift-proxy
in the keystone identity provider.
.
This value will be used for internal endpoints. For example, an
os-internal-hostname set to 'files.internal.example.com' with will create
the following internal endpoint for the swift-proxy:
.
https://files.internal.example.com:80/swift/v1
os-admin-hostname:
type: string
default:
description: |
The hostname or address of the admin endpoints created for swift-proxy
in the keystone identity provider.
.
This value will be used for admin endpoints. For example, an
os-admin-hostname set to 'files.admin.example.com' with will create
the following admin endpoint for the swift-proxy:
.
https://files.admin.example.com:80/swift/v1
prefer-ipv6:
type: boolean
default: False
description: |
If True enables IPv6 support. The charm will expect network interfaces
to be configured with an IPv6 address. If set to False (default) IPv4
is expected.
.
NOTE: these charms do not currently support IPv6 privacy extension. In
order for this charm to function correctly, the privacy extension must be
disabled and a non-temporary address must be configured/available on
your network interface.
ssl_cert:
type: string
default:
description: |
Base64 encoded SSL certificate to install and use for API ports.
.
juju set swift-proxy ssl_cert="$(cat cert | base64)" \
ssl_key="$(cat key | base64)"
.
Setting this value (and ssl_key) will enable reverse proxying, point
Swifts's entry in the Keystone catalog to use https, and override
any certficiate and key issued by Keystone (if it is configured to
do so).
ssl_key:
type: string
default:
description: |
Base64 encoded SSL key to use with certificate specified as ssl_cert.
ssl_ca:
type: string
default:
description: |
Base64-encoded SSL CA to use with the certificate and key provided - only
required if you are providing a privately signed ssl_cert and ssl_key.
# Monitoring config
nagios_context:
type: string
default: "juju"
description: |
Used by the nrpe-external-master subordinate charm. A string that will
be prepended to instance name to set the host name in nagios. So for
instance the hostname would be something like 'juju-myservice-0'. If
you are running multiple environments with the same services in them
this allows you to differentiate between them.
nagios_servicegroups:
type: string
default: ""
description: |
A comma-separated list of nagios servicegroups. If left empty, the
nagios_context will be used as the servicegroup.
rabbit-user:
type: string
default: swift
description: Username used to access rabbitmq queue.
rabbit-vhost:
type: string
default: openstack
description: Rabbitmq vhost name.
statsd-host:
default: ''
type: string
description: |
Enable statsd metrics to be sent to the specified host.
If this value is empty, statsd logging will be disabled.
statsd-port:
default: 3125
type: int
description: |
Destination port on the provided statsd host to send samples to.
Only takes effect if statsd-host is set.
statsd-sample-rate:
default: 1.0
type: float
description: |
Sample rate determines what percentage of the metric points a
client should send to the server.
Only takes effect if statsd-host is set.
View Git Blame Copy Permalink