1
by Adam Gandelman
init |
1 |
options: |
2 |
debug: |
|
3 |
default: "false" |
|
4 |
type: string |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
5 |
description: Enable verbose logging. |
1
by Adam Gandelman
init |
6 |
verbose: |
7 |
default: "false" |
|
8 |
type: string |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
9 |
description: Enable debug logging. |
10 |
use-syslog: |
|
11 |
type: boolean |
|
12 |
default: False |
|
13 |
description: | |
|
14 |
Setting this to True will allow supporting services to log to syslog.
|
|
34.1.5
by Adam Gandelman
Rename config option for consistency across charms: keystone-release -> openstack-origin. |
15 |
openstack-origin: |
16 |
default: distro |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
17 |
type: string |
34.1.5
by Adam Gandelman
Rename config option for consistency across charms: keystone-release -> openstack-origin. |
18 |
description: | |
19 |
Repository from which to install. May be one of the following:
|
|
20 |
distro (default), ppa:somecustom/ppa, a deb url sources entry,
|
|
21 |
or a supported Cloud Archive release pocket.
|
|
22 |
||
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
23 |
Supported Cloud Archive sources include:
|
24 |
||
25 |
cloud:<series>-<openstack-release>
|
|
26 |
cloud:<series>-<openstack-release>/updates
|
|
27 |
cloud:<series>-<openstack-release>/staging
|
|
28 |
cloud:<series>-<openstack-release>/proposed
|
|
29 |
||
30 |
For series=Precise we support cloud archives for openstack-release:
|
|
31 |
* icehouse
|
|
32 |
||
33 |
For series=Trusty we support cloud archives for openstack-release:
|
|
34 |
* juno
|
|
35 |
* kilo
|
|
36 |
* ...
|
|
37 |
||
38 |
NOTE: updating this setting to a source that is known to provide
|
|
39 |
a later version of OpenStack will trigger a software upgrade.
|
|
40 |
||
41 |
NOTE: when openstack-origin-git is specified, openstack specific
|
|
42 |
packages will be installed from source rather than from the
|
|
43 |
openstack-origin repository.
|
|
88.4.2
by Corey Bryant
Enable deployment from git. |
44 |
openstack-origin-git: |
88.4.46
by Corey Bryant
Simplify openstack-origin-git default |
45 |
default: |
88.4.15
by Corey Bryant
Update openstack-origin-git to take a YAML-formatted two-dimensional array |
46 |
type: string |
88.4.2
by Corey Bryant
Enable deployment from git. |
47 |
description: | |
88.4.30
by Corey Bryant
minor config.yaml update |
48 |
Specifies a YAML-formatted dictionary listing the git
|
88.4.27
by Corey Bryant
Minor config.yaml updates |
49 |
repositories and branches from which to install OpenStack and
|
88.4.30
by Corey Bryant
minor config.yaml update |
50 |
its dependencies.
|
88.4.15
by Corey Bryant
Update openstack-origin-git to take a YAML-formatted two-dimensional array |
51 |
|
52 |
Note that the installed config files will be determined based on
|
|
53 |
the OpenStack release of the openstack-origin option.
|
|
54 |
||
55 |
For more details see README.md.
|
|
1
by Adam Gandelman
init |
56 |
config-file: |
57 |
default: "/etc/keystone/keystone.conf" |
|
58 |
type: string |
|
6
by Adam Gandelman
Update config.yaml |
59 |
description: "Location of keystone configuration file" |
38.4.2
by Adam Gandelman
Allow setting log-level via config, drop horrid config parsing in favor of ConfigParser use. |
60 |
log-level: |
61 |
default: WARNING |
|
62 |
type: string |
|
63 |
description: Log level (WARNING, INFO, DEBUG, ERROR) |
|
1
by Adam Gandelman
init |
64 |
service-port: |
65 |
default: 5000 |
|
66 |
type: int |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
67 |
description: Port the bind the API server to. |
1
by Adam Gandelman
init |
68 |
admin-port: |
69 |
default: 35357 |
|
70 |
type: int |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
71 |
description: Port the bind the Admin API server to. |
1
by Adam Gandelman
init |
72 |
keystone-admin-role: |
73 |
default: "Admin" |
|
74 |
type: string |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
75 |
description: Role that allows admin operations (access to all operations). |
1
by Adam Gandelman
init |
76 |
keystone-service-admin-role: |
77 |
default: "KeystoneServiceAdmin" |
|
78 |
type: string |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
79 |
description: Role that allows acting as service admin. |
1
by Adam Gandelman
init |
80 |
admin-user: |
81 |
default: admin |
|
82 |
type: string |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
83 |
description: Default admin user to create and manage. |
6
by Adam Gandelman
Update config.yaml |
84 |
admin-password: |
85 |
default: None |
|
86 |
type: string |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
87 |
description: | |
88 |
Admin password. To be used *for testing only*. Randomly generated by
|
|
89 |
default.
|
|
13
by Adam Gandelman
Optional config parameter: admin-token |
90 |
admin-token: |
91 |
default: None |
|
92 |
type: string |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
93 |
description: | |
94 |
Admin token. If set, this token will be used for all services instead of
|
|
95 |
being generated per service.
|
|
26
by Adam Gandelman
Generate credentials in addition to token for new services |
96 |
admin-role: |
97 |
default: 'Admin' |
|
98 |
type: string |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
99 |
description: Admin role to be associated with admin and service users |
137.1.1
by Liam Young
Add token-expiration to allow the time a token should remain valid (in seconds) to be set. Remove token-expiry which seems unused |
100 |
token-expiration: |
101 |
default: 3600 |
|
102 |
type: int |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
103 |
description: Amount of time a token should remain valid (in seconds). |
26
by Adam Gandelman
Generate credentials in addition to token for new services |
104 |
service-tenant: |
105 |
default: "services" |
|
106 |
type: string |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
107 |
description: Name of tenant to associate service credentials. |
88.1.1
by Edward Hope-Morley
[hopem,r=] |
108 |
service-admin-prefix: |
109 |
type: string |
|
88.1.3
by Edward Hope-Morley
fix default value |
110 |
default: |
88.1.1
by Edward Hope-Morley
[hopem,r=] |
111 |
description: | |
112 |
When service relations are joined they provide a name used to create a
|
|
113 |
service admin_username in keystone. The name used may be too crude for
|
|
114 |
some situations e.g. pre-populated LDAP identity backend. If set, this
|
|
115 |
option will be prepended to each service admin_username.
|
|
1
by Adam Gandelman
init |
116 |
# Database settings used to request access via shared-db-relation-* relations
|
117 |
database: |
|
118 |
default: "keystone" |
|
119 |
type: string |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
120 |
description: Keystone database name. |
1
by Adam Gandelman
init |
121 |
database-user: |
122 |
default: "keystone" |
|
123 |
type: string |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
124 |
description: Username used for connecting to the Keystone database. |
38.2.10
by James Page
Add support for multi-region configuration |
125 |
region: |
126 |
default: RegionOne |
|
127 |
type: string |
|
53.1.1
by yolanda.robla at canonical
adding syslog functionality |
128 |
description: | |
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
129 |
Space-separated list of Openstack regions.
|
65.2.2
by Yaguang Tang
Support ldap identity backend |
130 |
identity-backend: |
131 |
type: string |
|
82
by james.page at ubuntu
[trivial] Tidy charm proof warnings in config.yaml |
132 |
default: "sql" |
162.1.2
by Corey Bryant
Fix lint error in config.yaml |
133 |
description: | |
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
134 |
Keystone identity backend, valid options are: sql, ldap, kvs, pam.
|
65.2.2
by Yaguang Tang
Support ldap identity backend |
135 |
assignment-backend: |
136 |
type: string |
|
137 |
default: "sql" |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
138 |
description: | |
139 |
Keystone assignment backend, valid options are sql, ldap, kvs.
|
|
65.2.2
by Yaguang Tang
Support ldap identity backend |
140 |
ldap-server: |
141 |
type: string |
|
142 |
default: None |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
143 |
description: Ldap server address for keystone identity backend. |
65.2.2
by Yaguang Tang
Support ldap identity backend |
144 |
ldap-user: |
145 |
type: string |
|
146 |
default: None |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
147 |
description: Username of the ldap identity server. |
65.2.2
by Yaguang Tang
Support ldap identity backend |
148 |
ldap-password: |
149 |
type: string |
|
150 |
default: None |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
151 |
description: Password of the ldap identity server. |
65.2.2
by Yaguang Tang
Support ldap identity backend |
152 |
ldap-suffix: |
153 |
type: string |
|
154 |
default: None |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
155 |
description: Ldap server suffix to be used by keystone. |
65.2.2
by Yaguang Tang
Support ldap identity backend |
156 |
ldap-config-flags: |
157 |
type: string |
|
158 |
default: None |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
159 |
description: comma sperated options for ldap configuration. |
65.2.3
by Yaguang Tang
Support using ldap identity backend |
160 |
ldap-readonly: |
161 |
type: boolean |
|
162 |
default: True |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
163 |
description: Ldap identity server backend readonly to keystone. |
34.2.5
by James Page
Initial cut of ha support |
164 |
# HA configuration settings
|
165 |
vip: |
|
166 |
type: string |
|
82
by james.page at ubuntu
[trivial] Tidy charm proof warnings in config.yaml |
167 |
default: |
68.2.18
by james.page at ubuntu
Align ha-joined hook with other charms |
168 |
description: | |
169 |
Virtual IP(s) to use to front API services in HA configuration.
|
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
170 |
|
68.2.18
by james.page at ubuntu
Align ha-joined hook with other charms |
171 |
If multiple networks are being used, a VIP should be provided for each
|
172 |
network, separated by spaces.
|
|
87.4.1
by james.page at ubuntu
Provide fallback config options for HA VIP iface and cidr when it cannot be automatically determined |
173 |
vip_iface: |
174 |
type: string |
|
175 |
default: eth0 |
|
176 |
description: | |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
177 |
Default network interface to use for HA vip when it cannot be
|
178 |
automatically determined.
|
|
87.4.1
by james.page at ubuntu
Provide fallback config options for HA VIP iface and cidr when it cannot be automatically determined |
179 |
vip_cidr: |
180 |
type: int |
|
181 |
default: 24 |
|
182 |
description: | |
|
183 |
Default CIDR netmask to use for HA vip when it cannot be automatically
|
|
184 |
determined.
|
|
34.2.7
by Andres Rodriguez
Add support for HA - hacluster relation and related |
185 |
ha-bindiface: |
186 |
type: string |
|
187 |
default: eth0 |
|
188 |
description: | |
|
189 |
Default network interface on which HA cluster will bind to communication
|
|
190 |
with the other members of the HA Cluster.
|
|
191 |
ha-mcastport: |
|
192 |
type: int |
|
106.1.1
by Liam Young
Move default multicast port to avoid clash |
193 |
default: 5434 |
34.2.7
by Andres Rodriguez
Add support for HA - hacluster relation and related |
194 |
description: | |
195 |
Default multicast port number that will be used to communicate between
|
|
196 |
HA Cluster nodes.
|
|
38.4.3
by Adam Gandelman
Add placeholder for PKI configuration, default to UUID for now. |
197 |
# PKI enablement and configuration (Grizzly and beyond)
|
198 |
enable-pki: |
|
199 |
default: "false" |
|
200 |
type: string |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
201 |
description: Enable PKI token signing (>= Grizzly). |
39.1.1
by Adam Gandelman
First pass single-node ssl master. |
202 |
https-service-endpoints: |
203 |
default: "False" |
|
204 |
type: string |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
205 |
description: Manage SSL certificates for all service endpoints. |
55
by Ante Karamatic
Rewrite charm to get it more in line with other OpenStack charms. |
206 |
use-https: |
55.1.20
by Ante Karamatic
Judging by hooks/charmhelpers/contrib/hahelpers/cluster.py, |
207 |
default: "no" |
208 |
type: string |
|
161
by Edward Hope-Morley
[trivial] Cleanup config.yaml |
209 |
description: Use SSL for Keystone itself. Set to 'yes' to enable it. |
55.1.8
by James Page
Add standard options for ssl_cert and key |
210 |
ssl_cert: |
211 |
type: string |
|
82
by james.page at ubuntu
[trivial] Tidy charm proof warnings in config.yaml |
212 |
default: |
55.1.8
by James Page
Add standard options for ssl_cert and key |
213 |
description: | |
214 |
SSL certificate to install and use for API ports. Setting this value
|
|
215 |
and ssl_key will enable reverse proxying, point Keystone's entry in the
|
|
216 |
Keystone catalog to use https, and override any certficiate and key
|
|
217 |
issued by Keystone (if it is configured to do so).
|
|
218 |
ssl_key: |
|
219 |
type: string |
|
82
by james.page at ubuntu
[trivial] Tidy charm proof warnings in config.yaml |
220 |
default: |
55.1.8
by James Page
Add standard options for ssl_cert and key |
221 |
description: SSL key to use with certificate specified as ssl_cert. |
55.1.13
by James Page
Add ssl_ca config option |
222 |
ssl_ca: |
223 |
type: string |
|
82
by james.page at ubuntu
[trivial] Tidy charm proof warnings in config.yaml |
224 |
default: |
55.1.13
by James Page
Add ssl_ca config option |
225 |
description: | |
226 |
SSL CA to use with the certificate and key provided - this is only
|
|
227 |
required if you are providing a privately signed ssl_cert and ssl_key.
|
|
68.2.1
by james.page at ubuntu
Add support for multiple networks |
228 |
# Network configuration options
|
229 |
# by default all access is over 'private-address'
|
|
68.2.4
by james.page at ubuntu
Add extra admin-network configuration |
230 |
os-admin-network: |
231 |
type: string |
|
82
by james.page at ubuntu
[trivial] Tidy charm proof warnings in config.yaml |
232 |
default: |
68.2.4
by james.page at ubuntu
Add extra admin-network configuration |
233 |
description: | |
234 |
The IP address and netmask of the OpenStack Admin network (e.g.,
|
|
235 |
192.168.0.0/24)
|
|
236 |
.
|
|
237 |
This network will be used for admin endpoints.
|
|
68.2.1
by james.page at ubuntu
Add support for multiple networks |
238 |
os-internal-network: |
239 |
type: string |
|
82
by james.page at ubuntu
[trivial] Tidy charm proof warnings in config.yaml |
240 |
default: |
68.2.1
by james.page at ubuntu
Add support for multiple networks |
241 |
description: | |
242 |
The IP address and netmask of the OpenStack Internal network (e.g.,
|
|
243 |
192.168.0.0/24)
|
|
244 |
.
|
|
68.2.4
by james.page at ubuntu
Add extra admin-network configuration |
245 |
This network will be used for internal endpoints.
|
68.2.1
by james.page at ubuntu
Add support for multiple networks |
246 |
os-public-network: |
247 |
type: string |
|
82
by james.page at ubuntu
[trivial] Tidy charm proof warnings in config.yaml |
248 |
default: |
68.2.1
by james.page at ubuntu
Add support for multiple networks |
249 |
description: | |
250 |
The IP address and netmask of the OpenStack Public network (e.g.,
|
|
251 |
192.168.0.0/24)
|
|
252 |
.
|
|
253 |
This network will be used for public endpoints.
|
|
150.2.2
by Billy Olsen
Change config option to os-public-hostname |
254 |
os-public-hostname: |
150.2.1
by Billy Olsen
[wolsen,r=] Add support for overriding public endpoint addresses. |
255 |
type: string |
256 |
default: |
|
257 |
description: | |
|
258 |
The hostname or address of the public endpoints created for keystone
|
|
154
by Corey Bryant
[billy-olsen,r=corey.bryant] Provide support for user-specified public endpoint hostname. |
259 |
in the keystone identity provider (itself).
|
150.2.1
by Billy Olsen
[wolsen,r=] Add support for overriding public endpoint addresses. |
260 |
.
|
261 |
This value will be used for public endpoints. For example, an
|
|
150.2.2
by Billy Olsen
Change config option to os-public-hostname |
262 |
os-public-hostname set to 'keystone.example.com' with ssl enabled will
|
150.2.1
by Billy Olsen
[wolsen,r=] Add support for overriding public endpoint addresses. |
263 |
create a public endpoint for keystone as:
|
264 |
.
|
|
265 |
https://keystone.example.com:5000/v2.0
|
|
73.2.1
by Hui Xiang
Support Keystone for IPv6. |
266 |
prefer-ipv6: |
267 |
type: boolean |
|
73.2.29
by Edward Hope-Morley
[hopem] |
268 |
default: False |
269 |
description: | |
|
270 |
If True enables IPv6 support. The charm will expect network interfaces
|
|
271 |
to be configured with an IPv6 address. If set to False (default) IPv4
|
|
272 |
is expected.
|
|
273 |
.
|
|
274 |
NOTE: these charms do not currently support IPv6 privacy extension. In
|
|
73.2.30
by Edward Hope-Morley
Fixed minor typo in config.yaml |
275 |
order for this charm to function correctly, the privacy extension must be
|
73.2.29
by Edward Hope-Morley
[hopem] |
276 |
disabled and a non-temporary address must be configured/available on
|
277 |
your network interface.
|
|
85.1.1
by james.page at ubuntu
Add support for worker process configuration |
278 |
worker-multiplier: |
279 |
type: int |
|
280 |
default: 2 |
|
281 |
description: | |
|
282 |
The CPU core multiplier to use when configuring worker processes for
|
|
283 |
Keystone. By default, the number of workers for each daemon is set to
|
|
284 |
twice the number of CPU cores a service unit has.
|
|
87.3.1
by root
[bradm] initial nrpe checks |
285 |
nagios_context: |
286 |
default: "juju" |
|
287 |
type: string |
|
288 |
description: | |
|
289 |
Used by the nrpe-external-master subordinate charm.
|
|
290 |
A string that will be prepended to instance name to set the host name
|
|
291 |
in nagios. So for instance the hostname would be something like:
|
|
292 |
juju-myservice-0
|
|
293 |
If you're running multiple environments with the same services in them
|
|
294 |
this allows you to differentiate between them.
|
|
114.3.6
by Brad Marshall
[bradm] Add nagios_servicegroups config option |
295 |
nagios_servicegroups: |
296 |
default: "" |
|
297 |
type: string |
|
298 |
description: | |
|
299 |
A comma-separated list of nagios servicegroups.
|
|
300 |
If left empty, the nagios_context will be used as the servicegroup
|
|
87.3.1
by root
[bradm] initial nrpe checks |
301 |