openstack/charm-swift-storage
Code Issues Proposed changes
381297204c
charm-swift-storage/config.yaml
James Page 591c084532 Add support for block device encryption 
Add new secrets-storage relation to vault, supporting the
use of block device encryption using dm-crypt/vaultlocker.

Prepared devices are now recorded in the local unit kv
store; this information is used to provide a list of
configured block devices to the swift-proxy charm,
rather than the previous best guess provided by
determine_block_devices.  This allows us to use the
dm-crypt device name, rather than the underlying
block device.

Encrypted block devices are unlocked on boot using
vaultlocker-decrypt systemd units (enabled by vaultlocker);
/etc/fstab entries for such devices make use of a
x-systemd.requires option to ensure that the block device
is unlocked prior to attempting to mount it.

Add new storage binding to allow charm to be used with
Juju storage.

Add new ephemeral-unmount configuration option to allow
cloud ephemeral storage to be used for testing purposes;
update functional testing to use this option.  The behaviour
of 'overwrite' was changed to accomodate the use of
encrypted block devices.

Change-Id: I9b3f8cd2de412ee96e0139dba4d4abdf998ecaf2
2018-05-08 12:52:37 +01:00

209 lines
7.4 KiB
YAML
Raw Blame History

options:
openstack-origin:
default: distro
type: string
description: |
Repository from which to install. May be one of the following:
distro (default), ppa:somecustom/ppa, a deb url sources entry,
or a supported Cloud Archive release pocket.
Supported Cloud Archive sources include:
cloud:<series>-<openstack-release>
cloud:<series>-<openstack-release>/updates
cloud:<series>-<openstack-release>/staging
cloud:<series>-<openstack-release>/proposed
For series=Precise we support cloud archives for openstack-release:
* icehouse
For series=Trusty we support cloud archives for openstack-release:
* juno
* kilo
* ...
NOTE: updating this setting to a source that is known to provide
a later version of OpenStack will trigger a software upgrade.
block-device:
default: sdb
type: string
description: |
Device to be used to back Swift storage. May be any valid block
device or a path and size to a local file (/path/to/file.img|$sizeG),
which will be created and used as a loopback device (for testing only).
Multiple devices may be specified as a space-separated list of devices.
If set to "guess", the charm will attempt to format and mount all extra
block devices (this is currently experimental and potentially dangerous).
overwrite:
default: "false"
type: string
description: |
If true, charm will attempt to unmount and overwrite existing and in-use
block-devices (WARNING).
ephemeral-unmount:
type: string
default:
description: |
Cloud instances provide ephermeral storage which is normally mounted
on /mnt.
.
Setting this option to the path of the ephemeral mountpoint will force
an unmount of the corresponding device so that it can be used as a swift
storage device. This is useful for testing purposes (cloud deployment
is not a typical use case).
zone:
default: 1
type: int
description: |
Swift storage zone to request membership. Relevant only when the
swift-proxy charm has been configured for manual zone assignment
(the default). This should be changed for every service unit.
object-server-port:
default: 6000
type: int
description: Listening port of the swift-object-server.
container-server-port:
default: 6001
type: int
description: Listening port of the swift-container-server.
account-server-port:
default: 6002
type: int
description: Listening port of the swift-account-server.
worker-multiplier:
default: 1.0
type: float
description: |
The CPU multiplier to use when configuring worker processes for the
account, container and object server processes.
object-server-threads-per-disk:
default: 4
type: int
description: |
Size of the per-disk thread pool used for performing disk I/O. 0 means
to not use a per-disk thread pool. It is recommended to keep this value
small, as large values can result in high read latencies due to large
queue depths. A good starting point is 4 threads per disk.
prefer-ipv6:
type: boolean
default: False
description: |
If True enables IPv6 support. The charm will expect network interfaces
to be configured with an IPv6 address. If set to False (default) IPv4
is expected.
NOTE: these charms do not currently support IPv6 privacy extension. In
order for this charm to function correctly, the privacy extension must be
disabled and a non-temporary address must be configured/available on
your network interface.
account-max-connections:
default: 2
type: int
description: |
Number of connections allowed to the account rsync stanza.
container-max-connections:
default: 2
type: int
description: |
Number of connections allowed to the container rsync stanza.
object-max-connections:
default: 2
type: int
description: |
Number of connections allowed to the object rsync stanza.
object-replicator-concurrency:
default: 1
type: int
description: |
Number of replication workers to spawn.
object-rsync-timeout:
default: 900
type: int
description: |
Max duration of a partition rsync (in seconds).
nagios-check-params:
default: "-m -r 60 180 10 20"
type: string
description: String appended to nagios check
nagios_context:
default: "juju"
type: string
description: |
Used by the nrpe-external-master subordinate charm.
A string that will be prepended to instance name to set the host name
in nagios. So for instance the hostname would be something like:
juju-myservice-0
If you're running multiple environments with the same services in them
this allows you to differentiate between them.
nagios_servicegroups:
default: ""
type: string
description: |
A comma-separated list of nagios servicegroups.
If left empty, the nagios_context will be used as the servicegroup
action-managed-upgrade:
type: boolean
default: False
description: |
If True enables openstack upgrades for this charm via juju actions.
You will still need to set openstack-origin to the new repository but
instead of an upgrade running automatically across all units, it will
wait for you to execute the openstack-upgrade action for this charm on
each unit. If False it will revert to existing behavior of upgrading
all units on config change.
harden:
default:
type: string
description: |
Apply system hardening. Supports a space-delimited list of modules
to run. Supported modules currently include os, ssh, apache and mysql.
sysctl:
type: string
default:
description: |
YAML formatted associative array of sysctl values, e.g.:
'{ kernel.pid_max : 4194303 }'
statsd-host:
default: ''
type: string
description: |
Enable statsd metrics to be sent to the specified host.
If this value is empty, statsd logging will be disabled.
statsd-port:
default: 3125
type: int
description: |
Destination port on the provided statsd host to send samples to.
Only takes effect if statsd-host is set.
statsd-sample-rate:
default: 1.0
type: float
description: |
Sample rate determines what percentage of the metric points a
client should send to the server.
Only takes effect if statsd-host is set.
enable-firewall:
type: boolean
default: True
description: |
By default the swift-storage charm will use the UFW firewall to
protect storage daemons. This option allows the administrator to
disable this feature.
allow-ufw-ip6-softfail:
description: |
When this option is set to True the charm will disable the IPv6
support in ufw in case ip6tables couldn't be activated, situations
where this could happen is in a LXC container running on top of a
host that doesn't have loaded the ip6_tables.
If this option is False (the default) and ip6_tables module couldn't
be loaded, the charm will fail to install.
type: boolean
default: False
encrypt:
default: false
type: boolean
description: |
Encrypt block devices used by swift using dm-crypt, making use of
vault for encryption key management; requires a relation to vault.
View Git Blame Copy Permalink