-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathconfig.yaml
403 lines (402 loc) · 15.4 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
options:
debug:
type: boolean
default: False
description: Enable debug logging.
verbose:
type: boolean
default: False
description: Enable verbose logging.
use-syslog:
type: boolean
default: False
description: |
Setting this to True will allow supporting services to log to syslog.
openstack-origin:
type: string
default: caracal
description: |
Repository from which to install. May be one of the following:
distro (default), ppa:somecustom/ppa, a deb url sources entry,
or a supported Ubuntu Cloud Archive, e.g.
.
cloud:<series>-<openstack-release>
cloud:<series>-<openstack-release>/updates
cloud:<series>-<openstack-release>/staging
cloud:<series>-<openstack-release>/proposed
.
See https://wiki.ubuntu.com/OpenStack/CloudArchive for info on which
cloud archives are available and supported.
.
NOTE: updating this setting to a source that is known to provide
a later version of OpenStack will trigger a software upgrade unless
action-managed-upgrade is set to True.
action-managed-upgrade:
type: boolean
default: False
description: |
If True enables openstack upgrades for this charm via juju actions.
You will still need to set openstack-origin to the new repository but
instead of an upgrade running automatically across all units, it will
wait for you to execute the openstack-upgrade action for this charm on
each unit. If False it will revert to existing behavior of upgrading
all units on config change.
harden:
type: string
default:
description: |
Apply system hardening. Supports a space-delimited list of modules
to run. Supported modules currently include os, ssh, apache and mysql.
rabbit-user:
type: string
description: RabbitMQ user
default: neutron
rabbit-vhost:
type: string
description: RabbitMQ Virtual Host
default: openstack
nova-rabbit-user:
type: string
description: RabbitMQ Nova user
default: nova
nova-rabbit-vhost:
type: string
description: RabbitMQ Nova Virtual Host
default: openstack
plugin:
type: string
default: ovs
description: |
Network configuration plugin to use for quantum.
Supported values include:
.
ovs - ML2 + Open vSwitch
nsx - VMware NSX
n1kv - Cisco N1kv
ovs-odl - ML2 + Open vSwitch with OpenDayLight Controller
ext-port:
type: string
default:
description: |
[DEPRECATED] Use bridge-mappings and data-port to create a network
which can be used for external connectivity. You can call the network
external and the bridge br-ex by convention, but neither is required.
.
Space-delimited list of external ports to use for routing of instance
traffic to the external public network. Valid values are either MAC
addresses (in which case only MAC addresses for interfaces without an IP
address already assigned will be used), or interfaces (eth0)
.
Note that if data-port is used then this config item is ignored, a
warning is logged, and the unit is marked as blocked in order to indicate
that the charm is misconfigured.
data-port:
type: string
default:
description: |
Space-delimited list of bridge:port mappings. Specified ports will be
added to their corresponding specified bridge. The bridges will allow
usage of flat or VLAN network types with Neutron and should match this
defined in bridge-mappings.
.
Ports can be specified through the name or MAC address of the interface
to be added to the bridge. If MAC addresses are used, you may provide
multiple bridge:mac for the same bridge so as to be able to configure
multiple units. In this case the charm will run through the provided MAC
addresses for each bridge until it finds one it can resolve to an
interface name.
.
Any changes (subsequent to the initial setting) made to the value of this
option will merely add the new values along with the existing ones. If
removal of old values is desired, they have to be done manually through
the command "ovs-vsctl" in the affected units. If the new values conflict
with the previous ones, it may cause a network outage as seen in bug
https://pad.lv/1915967
run-internal-router:
type: string
default: all
description: |
Optional configuration to support how the L3 agent option
handle_internal_only_routers is configured.
all => Set to be true everywhere
none => Set to be false everywhere
leader => Set to be true on one node (the leader) and false everywhere
else.
Use leader and none when configuring multiple floating pools
external-network-id:
type: string
default:
description: |
Optional configuration to set the external-network-id. Only needed when
configuring multiple external networks and should be used in conjunction
with run-internal-router.
instance-mtu:
type: int
default:
description: |
Configure DHCP services to provide MTU configuration to instances
within the cloud. This is useful in deployments where its not
possible to increase MTU on switches and physical servers to
accommodate the packet overhead of using GRE tunnels.
dnsmasq-flags:
type: string
default:
description: |
Comma-separated list of key=value config flags with the additional
dhcp options for neutron dnsmasq.
dns-servers:
type: string
default:
description: |
A comma-separated list of DNS servers which will be used by dnsmasq as
forwarders.
enable-l3-agent:
type: boolean
default: True
description: |
Optional configuration to support use of linux router
Note that this is used only for Cisco n1kv plugin.
worker-multiplier:
type: float
default:
description: |
The CPU core multiplier to use when configuring worker processes for
this service. By default, the number of workers for each daemon is
set to twice the number of CPU cores a service unit has. This default
value will be capped to 4 workers unless this configuration option
is set.
bridge-mappings:
type: string
default: 'physnet1:br-data'
description: |
Space-separated list of ML2 data bridge mappings with format
<provider>:<bridge>.
flat-network-providers:
type: string
default:
description: |
Space-delimited list of Neutron flat network providers.
vlan-ranges:
type: string
default: "physnet1:1000:2000"
description: |
Space-delimited list of <physical_network>:<vlan_min>:<vlan_max> or
<physical_network> specifying physical_network names usable for VLAN
provider and tenant networks, as well as ranges of VLAN tags on each
available for allocation to tenant networks.
aa-profile-mode:
type: string
default: 'disable'
description: |
Experimental enable apparmor profile. Valid settings: 'complain',
'enforce' or 'disable'. AA disabled by default.
enable-metadata-network:
type: boolean
default: False
description: |
The metadata network is used by solutions which do not leverage the l3
agent for providing access to the metadata service.
enable-isolated-metadata:
type: boolean
default: False
description: |
Enable metadata on an isolated network (no router ports).
sysctl:
type: string
default: |
{ net.ipv4.neigh.default.gc_thresh1 : 128,
net.ipv4.neigh.default.gc_thresh2 : 28672,
net.ipv4.neigh.default.gc_thresh3 : 32768,
net.ipv6.neigh.default.gc_thresh1 : 128,
net.ipv6.neigh.default.gc_thresh2 : 28672,
net.ipv6.neigh.default.gc_thresh3 : 32768,
net.nf_conntrack_max : 1000000,
net.netfilter.nf_conntrack_buckets : 204800,
net.netfilter.nf_conntrack_max : 1000000 }
description: |
YAML-formatted associative array of sysctl key/value pairs to be set
persistently e.g. '{ kernel.pid_max : 4194303 }'.
kernel-modules:
type: string
default: "nf_conntrack"
description: |
A space-separated list of kernel modules to load before sysctl
options are applied by the charm and system boot.
This ensures the sysctl options exist and can be set correctly.
# Network config (by default all access is over 'private-address')
os-data-network:
type: string
default:
description: |
The IP address and netmask of the OpenStack Data network (e.g.
192.168.0.0/24)
.
This network will be used for tenant network traffic in overlay
networks.
# Legacy (Icehouse) HA
ha-legacy-mode:
type: boolean
default: False
description: |
If True will enable Pacemaker to monitor the neutron-ha-monitor daemon
on every neutron-gateway unit, which detects neutron agents status and
reschedule resources hosting on failed agents, detects local errors and
release resources when network is unreachable or do necessary recover
tasks. This feature targets to < Juno which doesn't natively support HA
in Neutron itself.
ha-bindiface:
type: string
default: eth0
description: |
Default network interface on which HA cluster will bind to communicate
with the other members of the HA Cluster.
ha-mcastport:
type: int
default: 5409
description: |
Default multicast port number that will be used to communicate between
HA Cluster nodes.
# Monitoring config
nagios_context:
type: string
default: "juju"
description: |
Used by the nrpe-external-master subordinate charm.
A string that will be prepended to instance name to set the host name
in Nagios. So for instance the hostname would be something like:
juju-myservice-0
If you're running multiple environments with the same services in them
this allows you to differentiate between them.
nagios_servicegroups:
type: string
default: ""
description: |
A comma-separated list of Nagios service groups.
If left empty, the nagios_context will be used as the servicegroup
ipfix-target:
type: string
default:
description: |
IPFIX target wit the format "IP_Address:Port". This will enable IPFIX
exporting on all OVS bridges to the target, including br-int and br-ext.
vendor-data:
type: string
default:
description: |
A JSON-formatted string that will serve as vendor metadata
(via "StaticJSON" provider) to all VM's within an OpenStack deployment,
regardless of project or domain. For deployments of Rocky or later
this value is ignored. Please set the corresponding value in the
nova-cloud-controller charm.
vendor-data-url:
type: string
default:
description: |
A URL serving JSON-formatted data that will serve as vendor metadata
(via "DynamicJSON" provider) to all VM's within an OpenStack deployment,
regardless of project or domain.
.
Only supported in OpenStack Newton and higher. For deployments of Rocky or
later this value is ignored. Please set the corresponding value in the
nova-cloud-controller charm.
default-availability-zone:
type: string
default: 'nova'
description: |
Default availability zone to use for agents (l3, dhcp) on this machine.
If this option is not set, the default availability zone 'nova' is used.
If customize-failure-domain is set to True, it will override this option
only if an AZ is set by the Juju provider. If JUJU_AVAILABILITY_ZONE is
not set, the value specified by this option will be used regardless of
customize-failure-domain's setting.
.
NOTE: Router and Network objects have a property called
availability_zone_hints which can be used to restrict dnsmasq
and router namespace placement by DHCP and L3 agents to specific
neutron availability zones. Neutron AZs are not tied to Nova AZs but
their names can match.
.
customize-failure-domain:
type: boolean
default: False
description: |
Juju propagates availability zone information to charms from the
underlying machine provider such as MAAS and this option allows the
charm to use JUJU_AVAILABILITY_ZONE to set default_availability_zone
for Neutron agents (DHCP and L3 agents). This option overrides the
default-availability-zone charm config setting only when the Juju
provider sets JUJU_AVAILABILITY_ZONE.
firewall-driver:
type: string
default:
description: |
Firewall driver to use to support use of security groups with
instances; valid values include iptables_hybrid (default) and
openvswitch. This config option is ignored for < Queens.
firewall-group-log-output-base:
type: string
default:
description: |
This option allows setting a path for Firewall Group logs.
A valid file system path must be provided. If this option is not
provided Neutron will use syslog as a destination.
(Available from Stein)
firewall-group-log-rate-limit:
type: int
default:
description: |
Log entries are queued for writing to a log file when a packet rate
exceeds the limit set by this option.
Possible values: null (no rate limitation), integer values greater than 100.
WARNING: Should be NOT LESS than 100, if set (if null logging will not be
rate limited).
(Available from Stein)
firewall-group-log-burst-limit:
type: int
default: 25
description: |
This option sets the maximum queue size for log entries.
Can be used to avoid excessive memory consumption.
WARNING: Should be NOT LESS than 25.
(Available from Stein)
ovsdb-timeout:
type: int
default:
description: |
Timeout in seconds for ovsdb commands.
(Available from Queens)
ovs-use-veth:
type: string
default:
description: |
"True" or "False" string value. It is safe to leave this option unset.
This option allows the DHCP agent to use a veth interface for OVS in
order to support kernels with limited namespace support. i.e. Trusty.
Changing the value after neutron DHCP agents are created will break
access. The charm will go into a blocked state if this is attempted.
disable-neutron-lbaas:
type: boolean
default: False
description: |
Manually disable lbaas services. Set this option to True if Octavia
is used with neutron. This option is ignored for Train+ OpenStack.
keepalived-healthcheck-interval:
type: int
default: 0
description: |
Specifies the frequency (in seconds) at which HA routers will check
their external network gateway by performing an ICMP ping between the
virtual routers. When the ping check fails, this will trigger the HA
routers to failover to another node. A value of 0 will disable this
check. This setting only applies when using l3ha and dvr_snat.
.
WARNING: Enabling the health checks should be done with caution as it
may lead to rapid failovers of HA routers. ICMP pings are low priority
and may be dropped or take longer than the 1 second afforded by neutron,
which leads to routers failing over to other nodes.
enable-auto-restarts:
type: boolean
default: True
description: |
Allow the charm and packages to restart services automatically when
required.