185 lines
7.1 KiB
YAML
185 lines
7.1 KiB
YAML
options:
|
|
loadbalancer-topology:
|
|
type: string
|
|
default: SINGLE
|
|
description: |
|
|
Load balancer topology configuration.
|
|
.
|
|
Supported values are 'SINGLE' and 'ACTIVE_STANDBY'.
|
|
lb-mgmt-issuing-cacert:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Note that setting this configuration option is mandatory, unless the
|
|
``enable-amphora`` configuration option is set to 'False'.
|
|
.
|
|
Certificate Authority Certificate used to issue new certificates stored
|
|
on the ``Amphora`` load balancer instances. The ``Amphorae`` use them to
|
|
authenticate themselves to the ``Octavia`` controller services.
|
|
.
|
|
Note due to security concerns it is important not use the same CA
|
|
certificate for both ``lb-mgmt-issuing-cacert`` and
|
|
``lb-mgmt-controller-cacert`` configuration options. Failing to keep
|
|
them separate may lead to abuse of certificate data to gain access to
|
|
other ``Amphora`` instances in the event one of them is compromised.
|
|
.
|
|
Note that these certificates are not used for any load balancer payload
|
|
data.
|
|
lb-mgmt-issuing-ca-private-key:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Note that setting this configuration option is mandatory, unless the
|
|
``enable-amphora`` configuration option is set to 'False'.
|
|
.
|
|
Private key for the Certificate Authority set in ``lb-mgmt-issuing-ca``.
|
|
.
|
|
Note that these certificates are not used for any load balancer payload
|
|
data.
|
|
lb-mgmt-issuing-ca-key-passphrase:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Note that setting this configuration option is mandatory, unless the
|
|
``enable-amphora`` configuration option is set to 'False'.
|
|
.
|
|
Passphrase for the key set in ``lb-mgmt-ca-private-key``.
|
|
.
|
|
NOTE: As of this writing Octavia requires the private key to be protected
|
|
with a passphrase.
|
|
.
|
|
Note that these certificates are not used for any load balancer payload
|
|
data.
|
|
lb-mgmt-controller-cacert:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Note that setting this configuration option is mandatory, unless the
|
|
``enable-amphora`` configuration option is set to 'False'.
|
|
.
|
|
Certificate Authority Certificate installed on ``Amphorae`` with the
|
|
purpose of the ``Amphora`` agent using it to authenticate connections
|
|
from ``Octavia`` controller services.
|
|
.
|
|
Note due to security concerns it is important not use the same CA
|
|
certificate for both ``lb-mgmt-issuing-cacert`` and
|
|
``lb-mgmt-controller-cacert`` configuration options. Failing to keep
|
|
them separate may lead to abuse of certificate data to gain access to
|
|
other ``Amphora`` instances in the event one of them is compromised.
|
|
.
|
|
Note that these certificates are not used for any load balancer payload
|
|
data.
|
|
lb-mgmt-controller-cert:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Note that setting this configuration option is mandatory, unless the
|
|
``enable-amphora`` configuration option is set to 'False'.
|
|
.
|
|
Certificate used by the ``Octavia`` controller to authenticate itself to
|
|
its ``Amphorae``.
|
|
.
|
|
Note that these certificates are not used for any load balancer payload
|
|
data.
|
|
custom-amp-flavor-id:
|
|
type: string
|
|
default:
|
|
description: |
|
|
ID of Nova flavor Octavia should use when launching ``Amphorae``
|
|
instances.
|
|
.
|
|
The default behaviour is to let the charm create and maintain the flavor.
|
|
create-mgmt-network:
|
|
type: boolean
|
|
default: True
|
|
description: |
|
|
The ``octavia`` charm utilizes Neutron Resource tags to locate networks,
|
|
security groups and ports for use with the service.
|
|
.
|
|
If none are found the default behaviour is to create the resources
|
|
required for management of the load balancer instances.
|
|
.
|
|
Set this to False if you want to be in control of creation and management
|
|
of these resources yourself. Please note that the service will not be
|
|
fully operational until they are available.
|
|
.
|
|
Refer to the documentation on https://jujucharms.com/octavia/ for a
|
|
complete list of resources required and how they should be tagged.
|
|
amp-image-tag:
|
|
type: string
|
|
default: octavia-amphora
|
|
description: |
|
|
Glance image tag for selection of Amphorae image to boot load balancer
|
|
instances.
|
|
amp-image-owner-id:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Restrict glance image selection to a specific owner ID. This is a
|
|
recommended security setting.
|
|
spare-pool-size:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Number of Amphora instances to hold in the spare pool to reduce spin-up
|
|
time for new load balancers.
|
|
.
|
|
The default behaviour is to not maintain any spare servers.
|
|
.
|
|
NOTE: As of OpenStack Victoria this configuration option is DEPRECATED
|
|
and support for the feature will be removed from Octavia in the
|
|
OpenStack X release.
|
|
use-policyd-override:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
If True then use the resource file named 'policyd-override' to install
|
|
override YAML files in the service's policy.d directory. The resource
|
|
file should be a ZIP file containing at least one yaml file with a .yaml
|
|
or .yml extension. If False then remove the overrides.
|
|
amp-ssh-key-name:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Name of nova key to use to provide ssh access to Amphora VMs. Note that
|
|
this key must be visible to the project used by Octavia.
|
|
amp-ssh-pub-key:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Base64 encoded public ssh key. This will be used when creating the key
|
|
named by amp-ssh-key-name. Note that once the key is created it cannot be
|
|
modified and the only way to do so is to delete it and have the charm
|
|
create a new one.
|
|
nagios_context:
|
|
default: "juju"
|
|
type: string
|
|
description: |
|
|
A string that will be prepended to instance name to set the host name
|
|
in nagios. So for instance the hostname would be something like:
|
|
juju-myservice-0
|
|
If you're running multiple environments with the same services in them
|
|
this allows you to differentiate between them.
|
|
nagios_servicegroups:
|
|
default: "juju"
|
|
type: string
|
|
description: |
|
|
Comma separated list of nagios servicegroups for the graphite check
|
|
anti-affinity-policy:
|
|
default: auto
|
|
type: string
|
|
description: |
|
|
Sets the anti-affinity policy for Nova. Possible values are
|
|
anti-affinity, soft-anti-affinity, auto or disable.
|
|
|
|
When set to auto, the charm will choose between disabling anti-affinity
|
|
entirely or using soft-anti-affinity depending if loadbalancer-topology
|
|
is set to SINGLE or ACTIVE_STANDBY respectively.
|
|
enable-amphora:
|
|
default: True
|
|
type: boolean
|
|
description: |
|
|
Octavia supports multiple provider drivers. The reference Amphora
|
|
provider driver is distributed as part of the Octavia software, and is
|
|
enabled by default, unless you set this configuration option to 'False'.
|