1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
options:
openstack-origin:
default: distro
type: string
description: |
Repository from which to install. May be one of the following:
distro (default), ppa:somecustom/ppa, a deb url sources entry,
or a supported Cloud Archive release pocket.
.
Supported Cloud Archive sources include:
- cloud:precise-folsom,
- cloud:precise-folsom/updates
- cloud:precise-folsom/staging
- cloud:precise-folsom/proposed
.
Note that updating this setting to a source that is known to
provide a later version of OpenStack will trigger a software
upgrade.
region:
default: RegionOne
type: string
description: OpenStack region that this swift-proxy supports.
# Ring configuration
partition-power:
default: 8
type: int
description: Partition power.
replicas:
default: 3
type: int
description: Minimum replicas.
min-hours:
default: 1
type: int
description: Minimum hours between balances
zone-assignment:
default: "manual"
type: string
description: |
Which policy to use when assigning new storage nodes to zones.
.
manual - Allow swift-storage services to request zone membership.
auto - Assign new swift-storage units to zones automatically.
.
The configured replica minimum must be met by an equal number of storage
zones before the storage ring will be initially balance. Deployment
requirements differ based on the zone-assignment policy configured, see
this charm's README for details.
# User provided SSL cert and key
ssl_cert:
type: string
description: |
Base64 encoded SSL certificate to install and use for API ports.
.
juju set swift-proxy ssl_cert="$(cat cert | base64)" \
ssl_key="$(cat key | base64)"
.
Setting this value (and ssl_key) will enable reverse proxying, point
Swifts's entry in the Keystone catalog to use https, and override
any certficiate and key issued by Keystone (if it is configured to
do so).
ssl_key:
type: string
description: |
Base64 encoded SSL key to use with certificate specified as ssl_cert.
# General Swift Proxy configuration
bind-port:
default: 8080
type: int
description: TCP port to listen on
workers:
default: 0
type: int
description: Number of TCP workers to launch (0 for the number of system cores)
operator-roles:
default: "Member,Admin"
type: string
description: Comma-separated list of Swift operator roles.
auth-type:
default: tempauth
type: string
description: Auth method to use, tempauth or keystone
delay-auth-decision:
default: true
type: boolean
description: Delay authentication to downstream WSGI services.
node-timeout:
default: 60
type: int
description: How long the proxy server will wait on responses from the a/c/o servers.
recoverable-node-timeout:
default: 30
type: int
description: |
How long the proxy server will wait for an initial response and to read a
chunk of data from the object servers while serving GET / HEAD requests.
Timeouts from these requests can be recovered from so setting this to
something lower than node-timeout would provide quicker error recovery
while allowing for a longer timeout for non-recoverable requests (PUTs).
# Manual Keystone configuration.
keystone-auth-host:
type: string
description: Keystone authentication host
keystone-auth-port:
default: 35357
type: int
description: Keystone authentication port
keystone-auth-protocol:
default: http
type: string
description: Keystone authentication protocol
keystone-admin-tenant-name:
default: service
type: string
description: Keystone admin tenant name
keystone-admin-user:
type: string
description: Keystone admin username
keystone-admin-password:
type: string
description: Keystone admin password
# HA configuration settings
swift-hash:
type: string
description: Hash to use across all swift-proxy servers - don't loose
vip:
type: string
description: |
Virtual IP(s) to use to front API services in HA configuration.
.
If multiple networks are being used, a VIP should be provided for each
network, separated by spaces.
ha-bindiface:
type: string
default: eth0
description: |
Default network interface on which HA cluster will bind to communication
with the other members of the HA Cluster.
ha-mcastport:
type: int
default: 5414
description: |
Default multicast port number that will be used to communicate between
HA Cluster nodes.
# Network configuration options
# by default all access is over 'private-address'
os-admin-network:
type: string
description: |
The IP address and netmask of the OpenStack Admin network (e.g.,
192.168.0.0/24)
.
This network will be used for admin endpoints.
os-internal-network:
type: string
description: |
The IP address and netmask of the OpenStack Internal network (e.g.,
192.168.0.0/24)
.
This network will be used for internal endpoints.
os-public-network:
type: string
description: |
The IP address and netmask of the OpenStack Public network (e.g.,
192.168.0.0/24)
.
This network will be used for public endpoints.
prefer-ipv6:
type: boolean
default: False
description: |
If True enables IPv6 support. The charm will expect network interfaces
to be configured with an IPv6 address. If set to False (default) IPv4
is expected.
.
NOTE: these charms do not currently support IPv6 privacy extension. In
order for this charm to function correctly, the privacy extension must be
disabled and a non-temporary address must be configured/available on
your network interface.
|