James Page Barbican

Learn about configurations >

• database | string

  Default: barbican

  Database name for Neutron (if enabled)

• database-user | string

  Default: barbican

  Username for Neutron database access (if enabled)

• debug | boolean

  Enable debug logging

• dns-ha | boolean

  Use DNS HA with MAAS 2.0. Note if this is set do not set vip settings below.

• haproxy-client-timeout | int

  Client timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 90000ms is used.

• haproxy-connect-timeout | int

  Connect timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 9000ms is used.

• haproxy-queue-timeout | int

  Queue timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 9000ms is used.

• haproxy-server-timeout | int

  Server timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 90000ms is used.

• hmac-key-length | int

  Default: 32

  The length for generating an HMAC

• keystone-api-version | string

  Default: 2

  none, 2 or 3

• label-hmac | string

  Default: primaryhmac

  This is the label for the primary HMAC (keyed-hash message authentication code) stored in the HSM that is used by Barbican to wrap other HMACs that are provided to projects. Note the assocated action 'generate-hmac' is used to create an HMAC when initialising a system.

• label-mkek | string

  Default: primarymkek

  This is the label for the primary MKEK (Master Key Encryption Key) stored in the HSM that is used by Barbican to wrap other encryption keys that are provided to projects. Note the assocated action 'generate-mkek' is used to create an MKEK when initialising a system.

• mkek-key-length | int

  Default: 32

  The length for generating an MKEK

• openstack-origin | string

  Default: distro

  Repository from which to install. May be one of the following: distro (default), ppa:somecustom/ppa, a deb url sources entry, or a supported Cloud Archive release pocket. Supported Cloud Archive sources include: cloud:precise-folsom, cloud:precise-folsom/updates, cloud:precise-folsom/staging, cloud:precise-folsom/proposed. Note that updating this setting to a source that is known to provide a later version of OpenStack will trigger a software upgrade.

• os-admin-hostname | string

  The hostname or address of the admin endpoints created in the keystone identity provider. . This value will be used for admin endpoints. For example, an os-admin-hostname set to 'api-admin.example.com' with ssl enabled will create the following endpoint for neutron-api: . https://api-admin.example.com:9696/

• os-admin-network | string

  The IP address and netmask of the OpenStack Admin network (e.g., 192.168.0.0/24) . This network will be used for admin endpoints.

• os-internal-hostname | string

  The hostname or address of the internal endpoints created in the keystone identity provider. . This value will be used for internal endpoints. For example, an os-internal-hostname set to 'api-internal.example.com' with ssl enabled will create the following endpoint for neutron-api: . https://api-internal.example.com:9696/

• os-internal-network | string

  The IP address and netmask of the OpenStack Internal network (e.g., 192.168.0.0/24) . This network will be used for internal endpoints.

• os-public-hostname | string

  The hostname or address of the public endpoints created in the keystone identity provider. . This value will be used for public endpoints. For example, an os-public-hostname set to 'api-public.example.com' with ssl enabled will create the following endpoint for neutron-api: . https://api-public.example.com:9696/

• os-public-network | string

  The IP address and netmask of the OpenStack Public network (e.g., 192.168.0.0/24) . This network will be used for public endpoints.

• rabbit-user | string

  Default: barbican

  Username used to access rabbitmq queue

• rabbit-vhost | string

  Default: openstack

  Rabbitmq vhost

• region | string

  Default: RegionOne

  OpenStack Region

• require-hsm-plugin | boolean

  If True (the default) then the barbcian-worker process won't be fully functional until an HSM is associated with the charm. The charm will remain in the blocked state until an HSM is available.

• ssl_ca | string

  SSL CA to use with the certificate and key provided - this is only required if you are providing a privately signed ssl_cert and ssl_key.

• ssl_cert | string

  SSL certificate to install and use for API ports. Setting this value and ssl_key will enable reverse proxying, point Glance's entry in the Keystone catalog to use https, and override any certficiate and key issued by Keystone (if it is configured to do so).

• ssl_key | string

  SSL key to use with certificate specified as ssl_cert.

• use-internal-endpoints | boolean

  Openstack mostly defaults to using public endpoints for internal communication between services. If set to True this option will configure services to use internal endpoints where possible.

• use-syslog | boolean

  Setting this to True will allow supporting services to log to syslog.

• verbose | boolean

  Enable verbose logging

• vip | string

  Virtual IP(s) to use to front API services in HA configuration. If multiple networks are being used, a VIP should be provided for each network, separated by spaces.

• vip_cidr | int

  Default: 24

  Default CIDR netmask to use for HA vip when it cannot be automatically determined.

• vip_iface | string

  Default: eth0

  Default network interface to use for HA vip when it cannot be automatically determined.

• worker-multiplier | float

  The CPU core multiplier to use when configuring worker processes. By default, the number of workers for each daemon is set to twice the number of CPU cores a service unit has. When deployed in a LXD container, this default value will be capped to 4 workers unless this configuration option is set.