James Page Barbican
- By James Page
- Cloud
Channel | Revision | Published | Runs on |
---|---|---|---|
latest/stable | 0 | 19 Mar 2021 |
juju deploy james-page-barbican
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
-
database | string
Default: barbican
Database name for Neutron (if enabled)
-
database-user | string
Default: barbican
Username for Neutron database access (if enabled)
-
debug | boolean
Enable debug logging
-
dns-ha | boolean
Use DNS HA with MAAS 2.0. Note if this is set do not set vip settings below.
-
haproxy-client-timeout | int
Client timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 90000ms is used.
-
haproxy-connect-timeout | int
Connect timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 9000ms is used.
-
haproxy-queue-timeout | int
Queue timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 9000ms is used.
-
haproxy-server-timeout | int
Server timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 90000ms is used.
-
hmac-key-length | int
Default: 32
The length for generating an HMAC
-
keystone-api-version | string
Default: 2
none, 2 or 3
-
label-hmac | string
Default: primaryhmac
This is the label for the primary HMAC (keyed-hash message authentication code) stored in the HSM that is used by Barbican to wrap other HMACs that are provided to projects. Note the assocated action 'generate-hmac' is used to create an HMAC when initialising a system.
-
label-mkek | string
Default: primarymkek
This is the label for the primary MKEK (Master Key Encryption Key) stored in the HSM that is used by Barbican to wrap other encryption keys that are provided to projects. Note the assocated action 'generate-mkek' is used to create an MKEK when initialising a system.
-
mkek-key-length | int
Default: 32
The length for generating an MKEK
-
openstack-origin | string
Default: distro
Repository from which to install. May be one of the following: distro (default), ppa:somecustom/ppa, a deb url sources entry, or a supported Cloud Archive release pocket. Supported Cloud Archive sources include: cloud:precise-folsom, cloud:precise-folsom/updates, cloud:precise-folsom/staging, cloud:precise-folsom/proposed. Note that updating this setting to a source that is known to provide a later version of OpenStack will trigger a software upgrade.
-
os-admin-hostname | string
The hostname or address of the admin endpoints created in the keystone identity provider. . This value will be used for admin endpoints. For example, an os-admin-hostname set to 'api-admin.example.com' with ssl enabled will create the following endpoint for neutron-api: . https://api-admin.example.com:9696/
-
os-admin-network | string
The IP address and netmask of the OpenStack Admin network (e.g., 192.168.0.0/24) . This network will be used for admin endpoints.
-
os-internal-hostname | string
The hostname or address of the internal endpoints created in the keystone identity provider. . This value will be used for internal endpoints. For example, an os-internal-hostname set to 'api-internal.example.com' with ssl enabled will create the following endpoint for neutron-api: . https://api-internal.example.com:9696/
-
os-internal-network | string
The IP address and netmask of the OpenStack Internal network (e.g., 192.168.0.0/24) . This network will be used for internal endpoints.
-
os-public-hostname | string
The hostname or address of the public endpoints created in the keystone identity provider. . This value will be used for public endpoints. For example, an os-public-hostname set to 'api-public.example.com' with ssl enabled will create the following endpoint for neutron-api: . https://api-public.example.com:9696/
-
os-public-network | string
The IP address and netmask of the OpenStack Public network (e.g., 192.168.0.0/24) . This network will be used for public endpoints.
-
rabbit-user | string
Default: barbican
Username used to access rabbitmq queue
-
rabbit-vhost | string
Default: openstack
Rabbitmq vhost
-
region | string
Default: RegionOne
OpenStack Region
-
require-hsm-plugin | boolean
If True (the default) then the barbcian-worker process won't be fully functional until an HSM is associated with the charm. The charm will remain in the blocked state until an HSM is available.
-
ssl_ca | string
SSL CA to use with the certificate and key provided - this is only required if you are providing a privately signed ssl_cert and ssl_key.
-
ssl_cert | string
SSL certificate to install and use for API ports. Setting this value and ssl_key will enable reverse proxying, point Glance's entry in the Keystone catalog to use https, and override any certficiate and key issued by Keystone (if it is configured to do so).
-
ssl_key | string
SSL key to use with certificate specified as ssl_cert.
-
use-internal-endpoints | boolean
Openstack mostly defaults to using public endpoints for internal communication between services. If set to True this option will configure services to use internal endpoints where possible.
-
use-syslog | boolean
Setting this to True will allow supporting services to log to syslog.
-
verbose | boolean
Enable verbose logging
-
vip | string
Virtual IP(s) to use to front API services in HA configuration. If multiple networks are being used, a VIP should be provided for each network, separated by spaces.
-
vip_cidr | int
Default: 24
Default CIDR netmask to use for HA vip when it cannot be automatically determined.
-
vip_iface | string
Default: eth0
Default network interface to use for HA vip when it cannot be automatically determined.
-
worker-multiplier | float
The CPU core multiplier to use when configuring worker processes. By default, the number of workers for each daemon is set to twice the number of CPU cores a service unit has. When deployed in a LXD container, this default value will be capped to 4 workers unless this configuration option is set.