Canonical Livepatch Onprem

Channel Revision Published
latest/stable 11 09 Apr 2024
latest/edge 11 09 Apr 2024
machine/stable 19 16 Oct 2024
machine/edge 20 16 Oct 2024
k8s/stable 18 27 Sep 2024
k8s/edge 17 27 Sep 2024
juju deploy canonical-livepatch-onprem
Show information

Platform:

Ubuntu

Learn about configurations >

  • default_log | string

    Default: global

    Default log

  • default_mode | string

    Default: http

    Default mode

  • default_options | string

    Default: httplog, dontlognull

    Default options

  • default_retries | int

    Default: 3

    Set the number of retries to perform on a server after a connection failure. It is important to understand that this value applies to the number of connection attempts, not full requests. When a connection has effectively been established to a server, there will be no more retry. In order to avoid immediate reconnections to a server which is restarting, a turn-around timer of 1 second is applied before a retry occurs.

  • default_timeouts | string

    Default: queue 20000, client 50000, connect 5000, server 50000

    Default timeouts

  • enable_monitoring | boolean

    Enable monitoring

  • global_debug | boolean

    Debug or not

  • global_default_bind_ciphers | string

    Default: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:!DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:!DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

    Sets the default string describing the list of cipher algorithms ("cipher suite") that are negotiated during the SSL/TLS handshake for all "bind" lines which do not explicitly define theirs. The format of the string is defined in "man 1 ciphers" from OpenSSL man pages, and can be for instance a string such as "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" (without quotes). Please check the "bind" keyword for more information. This config key will be ignored if the installed haproxy package has no SSL support.

  • global_default_bind_options | string

    Sets the default string describing the list of global SSL bind options. Use this to force or disable certain protocols like TLS 1.0 or SSL 3.0.

  • global_default_dh_param | int

    Default: 2048

    Sets the maximum size of the Diffie-Hellman parameters used for generating the ephemeral/temporary Diffie-Hellman key in case of DHE key exchange. Default value if 2048, higher values will increase the CPU load. Values greater than 1024 bits are not supported by Java 7 and earlier clients. This config key will be ignored if the installed haproxy package has no SSL support.

  • global_group | string

    Default: haproxy

    Group

  • global_hard_stop_after | string

    Tune HAProxy's hard-stop-after to prevent lingering HAProxy processes, e.g. 10m (LP:1874386).

  • global_log | string

    Default: /dev/log local0, /dev/log local1 notice

    Global log line ( multiples ... comma separated list )

  • global_maxconn | int

    Default: 4096

    Sets the maximum per-process number of concurrent connections to <number>.

  • global_quiet | boolean

    Quiet

  • global_spread_checks | int

    Sometimes it is desirable to avoid sending health checks to servers at exact intervals, for instance when many logical servers are located on the same physical server. With the help of this parameter, it becomes possible to add some randomness in the check interval between 0 and +/- 50%. A value between 2 and 5 seems to show good results.

  • global_stats_socket | boolean

    Whether to enable the stats UNIX socket.

  • global_user | string

    Default: haproxy

    User

  • key | string

    Key ID to import to the apt keyring to support use with arbitary source configuration from outside of Launchpad archives or PPA's.

  • logrotate_config | string

    Override package logrotate configuration. . Warning: Setting this value back to the empty string will leave the previous config in place on disk. . Example value: . /var/log/haproxy.log { weekly rotate 52 missingok notifempty compress delaycompress postrotate invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true endscript } .

  • metrics_prefix | string

    Default: dev.$UNIT.haproxy

    Prefix for metrics. Special value $UNIT can be used to include the name of the unit in the prefix.

  • metrics_sample_interval | int

    Default: 5

    Period for metrics cron job to run in minutes

  • metrics_target | string

    Destination for statsd-format metrics, format "host:port". If not present and valid, metrics disabled. Requires "enable_monitoring" to be set to true to work.

  • monitoring_allowed_cidr | string

    Default: 127.0.0.1/32

    CIDR allowed ( multiple CIDRs separated by space ) access to the monitoring interface.

  • monitoring_always_critical | boolean

    Default: True

    Report a service that is down always as critical. If False it will only report a warning if there is still at least one working backend for each proxy.

  • monitoring_password | string

    Default: changeme

    Password to the monitoring interface ( if "changeme", a new password will be generated and displayed in juju-log )

  • monitoring_port | int

    Default: 10000

    Default monitoring port

  • monitoring_stats_refresh | int

    Default: 3

    Monitoring interface refresh interval (in seconds)

  • monitoring_username | string

    Default: haproxy

    Monitoring username

  • nagios_context | string

    Default: juju

    Used by the nrpe-external-master subordinate charm. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-postgresql-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.

  • nagios_servicegroups | string

    A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup.

  • package_status | string

    Default: install

    The status of service-affecting packages will be set to this value in the dpkg database. Useful valid values are "install" and "hold".

  • peering_mode | string

    Default: active-passive

    Possible values : "active-passive", "active-active". This is only used if several units are spawned. In "active-passive" mode, all the units will forward traffic to the first working haproxy unit, which will then forward it to configured backends. In "active-active" mode, each unit will proxy the traffic directly to the backends. The "active-passive" mode gives a better control of the maximum connection that will be opened to a backend server.

  • services | string

    Default: - service_name: haproxy_service service_host: "0.0.0.0" service_port: 80 service_options: [balance leastconn, cookie SRVNAME insert] server_options: maxconn 100 cookie S{i} check

    Services definition(s). Although the variable type is a string, this is interpreted in the charm as yaml. To use multiple services within the same haproxy instance, specify all of the variables (service_name, service_host, service_port, service_options, server_options) with a "-" before the first variable, service_name, as above. Service options is a comma separated list, server options will be appended as a string to the individual server lines for a given listen stanza. If your web application serves dynamic content based on users' login sessions, a visitor will experience unexpected behaviour if each request is proxied to a different backend web server. Session stickiness ensures that a visitor 'sticks' to the backend web server which served their first request. This is made possible by tagging each backend server with a cookie. Session are sticky by default. To turn off sticky sessions, remove the 'cookie SRVNAME insert' and 'cookie S{i}' stanzas from `service_options` and `server_options`.

  • source | string

    Optional configuration to support use of additional sources such as: . - ppa:myteam/ppa - cloud:precise-proposed/folsom - http://my.archive.com/ubuntu main . The last option should be used in conjunction with the key configuration option.

  • ssl_cert | string

    base64 encoded default SSL certificate. If the keyword 'SELFSIGNED' is used, the certificate and key will be autogenerated as self-signed. This is the certificate used by services configured using keyword 'DEFAULT' as SSL certificate. This config key will be ignored if the installed haproxy package has no SSL support.

  • ssl_key | string

    base64 encoded private key for the default SSL certificate. If ssl_cert is specified as SELFSIGNED or the installed haproxy package has no SSL support, this will be ignored.

  • sysctl | string

    YAML-formatted list of sysctl values, e.g.: '{ net.ipv4.tcp_max_syn_backlog : 65536 }'

  • tls_crit_days | int

    Default: 14

    Number of days left for the TLS certificate to expire before alerting Critical in the NRPE check.

  • tls_warn_days | int

    Default: 30

    Number of days left for the TLS certificate to expire before warning in the nagios NRPE check.

  • userlists | string

    Userlists control access to services or stats by allowing only authenticated users. . For example . - list1: groups: - G1 users tiger,scott - G2 users xdb,scott users: - tiger password $6$k6y3o.eP$JlKBx9z... - scott insecure-password elgato - xdb insecure-password hello - list2: groups: - group1 users: - alice insecure-password foo groups group1 - bob insecure-password bar groups group1 . See http://cbonte.github.io/haproxy-dconv/1.6/configuration.html#3.4