charm-octavia/src/config.yaml

options:
  loadbalancer-topology:
    type: string
    default: SINGLE
    description: |
      Load balancer topology configuration.
      .
      Supported values are 'SINGLE' and 'ACTIVE_STANDBY'.      
  lb-mgmt-issuing-cacert:
    type: string
    default:
    description: |
      Note that setting this configuration option is mandatory.
      .
      Certificate Authority Certificate used to issue new certificates stored
      on the ``Amphora`` load balancer instances.  The ``Amphorae`` use them to
      authenticate themselves to the ``Octavia`` controller services.
      .
      Note due to security concerns it is important not use the same CA
      certificate for both ``lb-mgmt-issuing-cacert`` and
      ``lb-mgmt-controller-cacert`` configuration options.  Failing to keep
      them separate may lead to abuse of certificate data to gain access to
      other ``Amphora`` instances in the event one of them is compromised.
      .
      Note that these certificates are not used for any load balancer payload
      data.      
  lb-mgmt-issuing-ca-private-key:
    type: string
    default:
    description: |
      Note that setting this configuration option is mandatory.
      .
      Private key for the Certificate Authority set in ``lb-mgmt-issuing-ca``.
      .
      Note that these certificates are not used for any load balancer payload
      data.      
  lb-mgmt-issuing-ca-key-passphrase:
    type: string
    default:
    description: |
      Note that setting this configuration option is mandatory.
      .
      Passphrase for the key set in ``lb-mgmt-ca-private-key``.
      .
      NOTE: As of this writing Octavia requires the private key to be protected
      with a passphrase.
      .
      Note that these certificates are not used for any load balancer payload
      data.      
  lb-mgmt-controller-cacert:
    type: string
    default:
    description: |
      Note that setting this configuration option is mandatory.
      .
      Certificate Authority Certificate installed on ``Amphorae`` with the
      purpose of the ``Amphora`` agent using it to authenticate connections
      from ``Octavia`` controller services.
      .
      Note due to security concerns it is important not use the same CA
      certificate for both ``lb-mgmt-issuing-cacert`` and
      ``lb-mgmt-controller-cacert`` configuration options.  Failing to keep
      them separate may lead to abuse of certificate data to gain access to
      other ``Amphora`` instances in the event one of them is compromised.
      .
      Note that these certificates are not used for any load balancer payload
      data.      
  lb-mgmt-controller-cert:
    type: string
    default:
    description: |
      Note that setting this configuration option is mandatory.
      .
      Certificate used by the ``Octavia`` controller to authenticate itself to
      its ``Amphorae``.
      .
      Note that these certificates are not used for any load balancer payload
      data.      
  custom-amp-flavor-id:
    type: string
    default:
    description: |
      ID of Nova flavor Octavia should use when launching ``Amphorae``
      instances.
      .
      The default behaviour is to let the charm create and maintain the flavor.      
  create-mgmt-network:
    type: boolean
    default: True
    description: |
      The ``octavia`` charm utilizes Neutron Resource tags to locate networks,
      security groups and ports for use with the service.
      .
      If none are found the default behaviour is to create the resources
      required for management of the load balancer instances.
      .
      Set this to False if you want to be in control of creation and management
      of these resources yourself.  Please note that the service will not be
      fully operational until they are available.
      .
      Refer to the documentation on https://jujucharms.com/octavia/ for a
      complete list of resources required and how they should be tagged.      
  amp-image-tag:
    type: string
    default: octavia-amphora
    description: |
      Glance image tag for selection of Amphorae image to boot load balancer
      instances.      
  amp-image-owner-id:
    type: string
    default:
    description: |
      Restrict glance image selection to a specific owner ID. This is a
      recommended security setting.      
  spare-pool-size:
    type: int
    default:
    description: |
      Number of Amphora instances to hold in the spare pool to reduce spin-up
      time for new load balancers.
      .
      The default behaviour is to not maintain any spare servers.      
  use-policyd-override:
    type: boolean
    default: False
    description: |
      If True then use the resource file named 'policyd-override' to install
      override YAML files in the service's policy.d directory.  The resource
      file should be a ZIP file containing at least one yaml file with a .yaml
      or .yml extension.  If False then remove the overrides.