6ab28b3639
Add charmhelpers.contrib.hardening and calls to install, config-changed, upgrade-charm and update-status hooks. Also add new config option to allow one or more hardening modules to be applied at runtime. Change-Id: If0d1e10b58ed506e0aca659f30120b8d5c96c04f
144 lines
5.2 KiB
YAML
144 lines
5.2 KiB
YAML
options:
|
|
openstack-origin:
|
|
default: distro
|
|
type: string
|
|
description: |
|
|
Repository from which to install. May be one of the following:
|
|
distro (default), ppa:somecustom/ppa, a deb url sources entry,
|
|
or a supported Cloud Archive release pocket.
|
|
|
|
Supported Cloud Archive sources include:
|
|
|
|
cloud:<series>-<openstack-release>
|
|
cloud:<series>-<openstack-release>/updates
|
|
cloud:<series>-<openstack-release>/staging
|
|
cloud:<series>-<openstack-release>/proposed
|
|
|
|
For series=Precise we support cloud archives for openstack-release:
|
|
* icehouse
|
|
|
|
For series=Trusty we support cloud archives for openstack-release:
|
|
* juno
|
|
* kilo
|
|
* ...
|
|
|
|
NOTE: updating this setting to a source that is known to provide
|
|
a later version of OpenStack will trigger a software upgrade.
|
|
block-device:
|
|
default: sdb
|
|
type: string
|
|
description: |
|
|
Device to be used to back Swift storage. May be any valid block
|
|
device or a path and size to a local file (/path/to/file.img|$sizeG),
|
|
which will be created and used as a loopback device (for testing only).
|
|
Multiple devices may be specified as a space-separated list of devices.
|
|
If set to "guess", the charm will attempt to format and mount all extra
|
|
block devices (this is currently experimental and potentially dangerous).
|
|
overwrite:
|
|
default: "false"
|
|
type: string
|
|
description: |
|
|
If true, charm will attempt to unmount and overwrite existing and in-use
|
|
block-devices (WARNING).
|
|
zone:
|
|
default: 1
|
|
type: int
|
|
description: |
|
|
Swift storage zone to request membership. Relevant only when the
|
|
swift-proxy charm has been configured for manual zone assignment
|
|
(the default). This should be changed for every service unit.
|
|
object-server-port:
|
|
default: 6000
|
|
type: int
|
|
description: Listening port of the swift-object-server.
|
|
container-server-port:
|
|
default: 6001
|
|
type: int
|
|
description: Listening port of the swift-container-server.
|
|
account-server-port:
|
|
default: 6002
|
|
type: int
|
|
description: Listening port of the swift-account-server.
|
|
worker-multiplier:
|
|
default: 1
|
|
type: int
|
|
description: |
|
|
The CPU multiplier to use when configuring worker processes for the
|
|
account, container and object server processes.
|
|
object-server-threads-per-disk:
|
|
default: 4
|
|
type: int
|
|
description: |
|
|
Size of the per-disk thread pool used for performing disk I/O. 0 means
|
|
to not use a per-disk thread pool. It is recommended to keep this value
|
|
small, as large values can result in high read latencies due to large
|
|
queue depths. A good starting point is 4 threads per disk.
|
|
prefer-ipv6:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
If True enables IPv6 support. The charm will expect network interfaces
|
|
to be configured with an IPv6 address. If set to False (default) IPv4
|
|
is expected.
|
|
|
|
NOTE: these charms do not currently support IPv6 privacy extension. In
|
|
order for this charm to function correctly, the privacy extension must be
|
|
disabled and a non-temporary address must be configured/available on
|
|
your network interface.
|
|
account-max-connections:
|
|
default: 2
|
|
type: int
|
|
description: |
|
|
Number of connections allowed to the account rsync stanza.
|
|
container-max-connections:
|
|
default: 2
|
|
type: int
|
|
description: |
|
|
Number of connections allowed to the container rsync stanza.
|
|
object-max-connections:
|
|
default: 2
|
|
type: int
|
|
description: |
|
|
Number of connections allowed to the object rsync stanza.
|
|
object-replicator-concurrency:
|
|
default: 1
|
|
type: int
|
|
description: |
|
|
Number of replication workers to spawn.
|
|
nagios-check-params:
|
|
default: "-m -r 60 180 10 20"
|
|
type: string
|
|
description: String appended to nagios check
|
|
nagios_context:
|
|
default: "juju"
|
|
type: string
|
|
description: |
|
|
Used by the nrpe-external-master subordinate charm.
|
|
A string that will be prepended to instance name to set the host name
|
|
in nagios. So for instance the hostname would be something like:
|
|
juju-myservice-0
|
|
If you're running multiple environments with the same services in them
|
|
this allows you to differentiate between them.
|
|
nagios_servicegroups:
|
|
default: ""
|
|
type: string
|
|
description: |
|
|
A comma-separated list of nagios servicegroups.
|
|
If left empty, the nagios_context will be used as the servicegroup
|
|
action-managed-upgrade:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
If True enables openstack upgrades for this charm via juju actions.
|
|
You will still need to set openstack-origin to the new repository but
|
|
instead of an upgrade running automatically across all units, it will
|
|
wait for you to execute the openstack-upgrade action for this charm on
|
|
each unit. If False it will revert to existing behavior of upgrading
|
|
all units on config change.
|
|
harden:
|
|
default:
|
|
type: string
|
|
description: |
|
|
Apply system hardening. Supports a space-delimited list of modules
|
|
to run. Supported modules currently include os, ssh, apache and mysql.
|