charm-swift-storage/config.yaml
David Ames 5368af6302 Swift storage ACLs
Ensure that only the swift-proxy units and swift-storage peers have
access to direct communication with swift storage daemons.

Charm-helpers sync to include ufw module and the ingress_address and
iter_units_for_relation_name functions.

Please review and merge first:
https://github.com/juju/charm-helpers/pull/35

Closes-Bug: #1727463

Change-Id: Id5677edbc40b0b891cbe66867d39d076a94c5436
2017-11-07 10:24:53 -08:00

185 lines
6.5 KiB
YAML

options:
openstack-origin:
default: distro
type: string
description: |
Repository from which to install. May be one of the following:
distro (default), ppa:somecustom/ppa, a deb url sources entry,
or a supported Cloud Archive release pocket.
Supported Cloud Archive sources include:
cloud:<series>-<openstack-release>
cloud:<series>-<openstack-release>/updates
cloud:<series>-<openstack-release>/staging
cloud:<series>-<openstack-release>/proposed
For series=Precise we support cloud archives for openstack-release:
* icehouse
For series=Trusty we support cloud archives for openstack-release:
* juno
* kilo
* ...
NOTE: updating this setting to a source that is known to provide
a later version of OpenStack will trigger a software upgrade.
block-device:
default: sdb
type: string
description: |
Device to be used to back Swift storage. May be any valid block
device or a path and size to a local file (/path/to/file.img|$sizeG),
which will be created and used as a loopback device (for testing only).
Multiple devices may be specified as a space-separated list of devices.
If set to "guess", the charm will attempt to format and mount all extra
block devices (this is currently experimental and potentially dangerous).
overwrite:
default: "false"
type: string
description: |
If true, charm will attempt to unmount and overwrite existing and in-use
block-devices (WARNING).
zone:
default: 1
type: int
description: |
Swift storage zone to request membership. Relevant only when the
swift-proxy charm has been configured for manual zone assignment
(the default). This should be changed for every service unit.
object-server-port:
default: 6000
type: int
description: Listening port of the swift-object-server.
container-server-port:
default: 6001
type: int
description: Listening port of the swift-container-server.
account-server-port:
default: 6002
type: int
description: Listening port of the swift-account-server.
worker-multiplier:
default: 1.0
type: float
description: |
The CPU multiplier to use when configuring worker processes for the
account, container and object server processes.
object-server-threads-per-disk:
default: 4
type: int
description: |
Size of the per-disk thread pool used for performing disk I/O. 0 means
to not use a per-disk thread pool. It is recommended to keep this value
small, as large values can result in high read latencies due to large
queue depths. A good starting point is 4 threads per disk.
prefer-ipv6:
type: boolean
default: False
description: |
If True enables IPv6 support. The charm will expect network interfaces
to be configured with an IPv6 address. If set to False (default) IPv4
is expected.
NOTE: these charms do not currently support IPv6 privacy extension. In
order for this charm to function correctly, the privacy extension must be
disabled and a non-temporary address must be configured/available on
your network interface.
account-max-connections:
default: 2
type: int
description: |
Number of connections allowed to the account rsync stanza.
container-max-connections:
default: 2
type: int
description: |
Number of connections allowed to the container rsync stanza.
object-max-connections:
default: 2
type: int
description: |
Number of connections allowed to the object rsync stanza.
object-replicator-concurrency:
default: 1
type: int
description: |
Number of replication workers to spawn.
object-rsync-timeout:
default: 900
type: int
description: |
Max duration of a partition rsync (in seconds).
nagios-check-params:
default: "-m -r 60 180 10 20"
type: string
description: String appended to nagios check
nagios_context:
default: "juju"
type: string
description: |
Used by the nrpe-external-master subordinate charm.
A string that will be prepended to instance name to set the host name
in nagios. So for instance the hostname would be something like:
juju-myservice-0
If you're running multiple environments with the same services in them
this allows you to differentiate between them.
nagios_servicegroups:
default: ""
type: string
description: |
A comma-separated list of nagios servicegroups.
If left empty, the nagios_context will be used as the servicegroup
action-managed-upgrade:
type: boolean
default: False
description: |
If True enables openstack upgrades for this charm via juju actions.
You will still need to set openstack-origin to the new repository but
instead of an upgrade running automatically across all units, it will
wait for you to execute the openstack-upgrade action for this charm on
each unit. If False it will revert to existing behavior of upgrading
all units on config change.
harden:
default:
type: string
description: |
Apply system hardening. Supports a space-delimited list of modules
to run. Supported modules currently include os, ssh, apache and mysql.
sysctl:
type: string
default:
description: |
YAML formatted associative array of sysctl values, e.g.:
'{ kernel.pid_max : 4194303 }'
statsd-host:
default: ''
type: string
description: |
Enable statsd metrics to be sent to the specified host.
If this value is empty, statsd logging will be disabled.
statsd-port:
default: 3125
type: int
description: |
Destination port on the provided statsd host to send samples to.
Only takes effect if statsd-host is set.
statsd-sample-rate:
default: 1.0
type: float
description: |
Sample rate determines what percentage of the metric points a
client should send to the server.
Only takes effect if statsd-host is set.
allow-ufw-ip6-softfail:
description: |
When this option is set to True the charm will disable the IPv6
support in ufw in case ip6tables couldn't be activated, situations
where this could happen is in a LXC container running on top of a
host that doesn't have loaded the ip6_tables.
If this option is False (the default) and ip6_tables module couldn't
be loaded, the charm will fail to install.
type: boolean
default: False