131 lines
4.8 KiB
YAML
131 lines
4.8 KiB
YAML
options:
|
|
loadbalancer-topology:
|
|
type: string
|
|
default: SINGLE
|
|
description: |
|
|
Load balancer topology configuration.
|
|
.
|
|
Supported values are 'SINGLE' and 'ACTIVE_STANDBY'.
|
|
lb-mgmt-issuing-cacert:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Note that setting this configuration option is mandatory.
|
|
.
|
|
Certificate Authority Certificate used to issue new certificates stored
|
|
on the ``Amphora`` load balancer instances. The ``Amphorae`` use them to
|
|
authenticate themselves to the ``Octavia`` controller services.
|
|
.
|
|
Note due to security concerns it is important not use the same CA
|
|
certificate for both ``lb-mgmt-issuing-cacert`` and
|
|
``lb-mgmt-controller-cacert`` configuration options. Failing to keep
|
|
them separate may lead to abuse of certificate data to gain access to
|
|
other ``Amphora`` instances in the event one of them is compromised.
|
|
.
|
|
Note that these certificates are not used for any load balancer payload
|
|
data.
|
|
lb-mgmt-issuing-ca-private-key:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Note that setting this configuration option is mandatory.
|
|
.
|
|
Private key for the Certificate Authority set in ``lb-mgmt-issuing-ca``.
|
|
.
|
|
Note that these certificates are not used for any load balancer payload
|
|
data.
|
|
lb-mgmt-issuing-ca-key-passphrase:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Note that setting this configuration option is mandatory.
|
|
.
|
|
Passphrase for the key set in ``lb-mgmt-ca-private-key``.
|
|
.
|
|
NOTE: As of this writing Octavia requires the private key to be protected
|
|
with a passphrase.
|
|
.
|
|
Note that these certificates are not used for any load balancer payload
|
|
data.
|
|
lb-mgmt-controller-cacert:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Note that setting this configuration option is mandatory.
|
|
.
|
|
Certificate Authority Certificate installed on ``Amphorae`` with the
|
|
purpose of the ``Amphora`` agent using it to authenticate connections
|
|
from ``Octavia`` controller services.
|
|
.
|
|
Note due to security concerns it is important not use the same CA
|
|
certificate for both ``lb-mgmt-issuing-cacert`` and
|
|
``lb-mgmt-controller-cacert`` configuration options. Failing to keep
|
|
them separate may lead to abuse of certificate data to gain access to
|
|
other ``Amphora`` instances in the event one of them is compromised.
|
|
.
|
|
Note that these certificates are not used for any load balancer payload
|
|
data.
|
|
lb-mgmt-controller-cert:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Note that setting this configuration option is mandatory.
|
|
.
|
|
Certificate used by the ``Octavia`` controller to authenticate itself to
|
|
its ``Amphorae``.
|
|
.
|
|
Note that these certificates are not used for any load balancer payload
|
|
data.
|
|
custom-amp-flavor-id:
|
|
type: string
|
|
default:
|
|
description: |
|
|
ID of Nova flavor Octavia should use when launching ``Amphorae``
|
|
instances.
|
|
.
|
|
The default behaviour is to let the charm create and maintain the flavor.
|
|
create-mgmt-network:
|
|
type: boolean
|
|
default: True
|
|
description: |
|
|
The ``octavia`` charm utilizes Neutron Resource tags to locate networks,
|
|
security groups and ports for use with the service.
|
|
.
|
|
If none are found the default behaviour is to create the resources
|
|
required for management of the load balancer instances.
|
|
.
|
|
Set this to False if you want to be in control of creation and management
|
|
of these resources yourself. Please note that the service will not be
|
|
fully operational until they are available.
|
|
.
|
|
Refer to the documentation on https://jujucharms.com/octavia/ for a
|
|
complete list of resources required and how they should be tagged.
|
|
amp-image-tag:
|
|
type: string
|
|
default: octavia-amphora
|
|
description: |
|
|
Glance image tag for selection of Amphorae image to boot load balancer
|
|
instances.
|
|
amp-image-owner-id:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Restrict glance image selection to a specific owner ID. This is a
|
|
recommended security setting.
|
|
spare-pool-size:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Number of Amphora instances to hold in the spare pool to reduce spin-up
|
|
time for new load balancers.
|
|
.
|
|
The default behaviour is to not maintain any spare servers.
|
|
use-policyd-override:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
If True then use the resource file named 'policyd-override' to install
|
|
override YAML files in the service's policy.d directory. The resource
|
|
file should be a ZIP file containing at least one yaml file with a .yaml
|
|
or .yml extension. If False then remove the overrides.
|