openstack
/
charm-swift-proxy
Code Issues Proposed changes
charm-swift-proxy/config.yaml

268 lines
9.0 KiB
YAML
Raw Permalink Blame History

options:
openstack-origin:
default: distro
type: string
description: |
Repository from which to install. May be one of the following:
distro (default), ppa:somecustom/ppa, a deb url sources entry,
or a supported Cloud Archive release pocket.
Supported Cloud Archive sources include:
cloud:<series>-<openstack-release>
cloud:<series>-<openstack-release>/updates
cloud:<series>-<openstack-release>/staging
cloud:<series>-<openstack-release>/proposed
For series=Precise we support cloud archives for openstack-release:
* icehouse
For series=Trusty we support cloud archives for openstack-release:
* juno
* kilo
* ...
NOTE: updating this setting to a source that is known to provide
a later version of OpenStack will trigger a software upgrade.
region:
default: RegionOne
type: string
description: OpenStack region that this swift-proxy supports.
# Ring configuration
partition-power:
default: 8
type: int
description: Partition power.
replicas:
default: 3
type: int
description: Minimum replicas.
min-hours:
default: 0
type: int
description: |
This is the Swift ring builder min_part_hours parameter. This
setting represents the amount of time in hours that Swift will wait
between subsequent ring re-balances in order to avoid large i/o loads as
data is re-balanced when new devices are added to the cluster. Once your
cluster has been built, you can set this to a higher value e.g. 1
(upstream default). Note that changing this value will result in an
attempt to re-balance and if successful, rings will be redistributed.
disable-ring-balance:
type: boolean
default: False
description: |
This provides similar support to min-hours but without having to modify
the builders. If True, any changes to the builders will not result in a
ring re-balance and sync until this value is set back to False.
zone-assignment:
default: "manual"
type: string
description: |
Which policy to use when assigning new storage nodes to zones.
manual - Allow swift-storage services to request zone membership.
auto - Assign new swift-storage units to zones automatically.
The configured replica minimum must be met by an equal number of storage
zones before the storage ring will be initially balance. Deployment
requirements differ based on the zone-assignment policy configured, see
this charm's README for details.
# User provided SSL cert and key
ssl_cert:
type: string
default:
description: |
Base64 encoded SSL certificate to install and use for API ports.
.
juju set swift-proxy ssl_cert="$(cat cert | base64)" \
ssl_key="$(cat key | base64)"
.
Setting this value (and ssl_key) will enable reverse proxying, point
Swifts's entry in the Keystone catalog to use https, and override
any certficiate and key issued by Keystone (if it is configured to
do so).
ssl_key:
type: string
default:
description: |
Base64 encoded SSL key to use with certificate specified as ssl_cert.
ssl_ca:
type: string
default:
description: |
Base64 encoded SSL CA to use with the certificate and key provided - only
required if you are providing a privately signed ssl_cert and ssl_key.
# General Swift Proxy configuration
bind-port:
default: 8080
type: int
description: TCP port to listen on
workers:
default: 0
type: int
description: |
Number of TCP workers to launch (0 for the number of system cores).
operator-roles:
default: "Member,Admin"
type: string
description: Comma-separated list of Swift operator roles.
auth-type:
default: tempauth
type: string
description: Auth method to use, tempauth or keystone
delay-auth-decision:
default: true
type: boolean
description: Delay authentication to downstream WSGI services.
node-timeout:
default: 60
type: int
description: |
How long the proxy server will wait on responses from the
account/container/object servers.
recoverable-node-timeout:
default: 30
type: int
description: |
How long the proxy server will wait for an initial response and to read a
chunk of data from the object servers while serving GET / HEAD requests.
Timeouts from these requests can be recovered from so setting this to
something lower than node-timeout would provide quicker error recovery
while allowing for a longer timeout for non-recoverable requests (PUTs).
# Logging configuration
debug:
default: False
type: boolean
description: Enable debug level logging.
log-headers:
default: False
type: boolean
description: Enable logging of all request headers.
# Manual Keystone configuration.
keystone-auth-host:
type: string
default:
description: Keystone authentication host
keystone-auth-port:
default: 35357
type: int
description: Keystone authentication port
keystone-auth-protocol:
default: http
type: string
description: Keystone authentication protocol
keystone-admin-tenant-name:
default: service
type: string
description: Keystone admin tenant name
keystone-admin-user:
type: string
default:
description: Keystone admin username
keystone-admin-password:
type: string
default:
description: Keystone admin password
# HA configuration settings
swift-hash:
type: string
default:
description: Hash to use across all swift-proxy servers - don't loose
vip:
type: string
default:
description: |
Virtual IP(s) to use to front API services in HA configuration.
.
If multiple networks are being used, a VIP should be provided for each
network, separated by spaces.
ha-bindiface:
type: string
default: eth0
description: |
Default network interface on which HA cluster will bind to communication
with the other members of the HA Cluster.
ha-mcastport:
type: int
default: 5414
description: |
Default multicast port number that will be used to communicate between
HA Cluster nodes.
# Network configuration options
# by default all access is over 'private-address'
os-admin-network:
type: string
default:
description: |
The IP address and netmask of the OpenStack Admin network (e.g.,
192.168.0.0/24)
.
This network will be used for admin endpoints.
os-internal-network:
type: string
default:
description: |
The IP address and netmask of the OpenStack Internal network (e.g.,
192.168.0.0/24)
.
This network will be used for internal endpoints.
os-public-network:
type: string
default:
description: |
The IP address and netmask of the OpenStack Public network (e.g.,
192.168.0.0/24)
.
This network will be used for public endpoints.
os-public-hostname:
type: string
default:
description: |
The hostname or address of the public endpoints created for swift-proxy
in the keystone identity provider.
This value will be used for public endpoints. For example, an
os-public-hostname set to 'files.example.com' with will create
the following public endpoint for the swift-proxy:
https://files.example.com:80/swift/v1
prefer-ipv6:
type: boolean
default: False
description: |
If True enables IPv6 support. The charm will expect network interfaces
to be configured with an IPv6 address. If set to False (default) IPv4
is expected.
NOTE: these charms do not currently support IPv6 privacy extension. In
order for this charm to function correctly, the privacy extension must be
disabled and a non-temporary address must be configured/available on
your network interface.
nagios_context:
default: "juju"
type: string
description: |
Used by the nrpe-external-master subordinate charm.
A string that will be prepended to instance name to set the host name
in nagios. So for instance the hostname would be something like:
juju-myservice-0
If you're running multiple environments with the same services in them
this allows you to differentiate between them.
nagios_servicegroups:
default: ""
type: string
description: |
A comma-separated list of nagios servicegroups.
If left empty, the nagios_context will be used as the servicegroup
action-managed-upgrade:
type: boolean
default: False
description: |
If True enables openstack upgrades for this charm via juju actions.
You will still need to set openstack-origin to the new repository but
instead of an upgrade running automatically across all units, it will
wait for you to execute the openstack-upgrade action for this charm on
each unit. If False it will revert to existing behavior of upgrading
all units on config change.
View Git Blame Copy Permalink