e782363c56
Clusters created with the option cloud_provider_enabled or registry_enabled set to true, or volumer_driver set to 'cinder' need this flag set to True as well to instruct Magnum to assign trust to the cluster user. This option defaults to False due to security concerns (see https://bugs.launchpad.net/bugs/cve/2016-7404 ) [0] https://docs.openstack.org/magnum/latest/user/index.html#cloud-provider-enabled Related-Bug: #1996237 Change-Id: Ia3eea4f2a9565cf9ffd48889b9fc14e83c551644
38 lines
1.3 KiB
YAML
38 lines
1.3 KiB
YAML
options:
|
|
cluster-user-trust:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
Controls whether to assign a trust to the cluster user or not. You will
|
|
need to set it to True for clusters with volume_driver=cinder or
|
|
registry_enabled=true in the underlying cluster template to work. This is
|
|
a potential security risk since the trust gives instances OpenStack API
|
|
access to the cluster's project. Note that this setting does not affect
|
|
per-cluster trusts assigned to the Magnum service user.
|
|
debug:
|
|
default: False
|
|
description: Enable debug logging.
|
|
type: boolean
|
|
os-admin-hostname:
|
|
default: magnum.juju
|
|
description: |
|
|
The hostname or address of the admin endpoints that should be advertised
|
|
in the glance image provider.
|
|
type: string
|
|
os-internal-hostname:
|
|
default: magnum.juju
|
|
description: |
|
|
The hostname or address of the internal endpoints that should be advertised
|
|
in the glance image provider.
|
|
type: string
|
|
os-public-hostname:
|
|
default: magnum.juju
|
|
description: |
|
|
The hostname or address of the internal endpoints that should be advertised
|
|
in the glance image provider.
|
|
type: string
|
|
region:
|
|
default: RegionOne
|
|
description: Space delimited list of OpenStack regions
|
|
type: string
|