lp-signing

lp-signing

Channel Revision Published Runs on
latest/stable 17 14 Jan 2026
Ubuntu 24.04 Ubuntu 18.04
latest/stable 13 14 Jul 2025
Ubuntu 24.04 Ubuntu 18.04
juju deploy lp-signing
Show information

Learn to deploy on juju >

Platform:

Ubuntu
24.04 18.04

Learn about configurations >

  • active | boolean

    flag to de/activate service in the lb

  • build_label | string

    Build label to deploy (only used when fetching the payload rather than embedding it in the charm).

  • db_name | string

    database name

  • db_roles | string

    comma separated list of roles

  • debuglog | string

    If set to a writable path, application will write size/time constrained debug level logs to that path on the unit, see http://talisker.readthedocs.io/en/latest/logging.html#debug-logging for details.

  • env_extra | string

    Default: {}

    extra environment varibles to include in the process, as a python dict literal

  • environment | string

    Default: production

    production, staging, or devel

  • extra_packages | string

    Space separated list of extra deb packages to install.

  • haproxy_server_options | string

    Default: check inter 3000 rise 2 fall 3 maxconn 100

    haproxy server options

  • haproxy_service_options | string

    Default: - mode http - option httplog - option httpchk HEAD /_status/check - balance roundrobin - timeout client 5000 - timeout server 5000 - capture request header X-Request-Id len 36 - option forwardfor

    haproxy service options

  • install_keys | string

    List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.

  • install_sources | string

    List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.

  • key_storage_private_keys | string

    Default: []

    A JSON-encoded list of base64-encoded NaCl private keys for decrypting private keys held in the database. Currently only the first one is used, but this may change in future to permit rollover.

  • log_hosts_allow | string

    Hosts that should be allowed to rsync logs. Note that this relies on basenode.

  • nagios_context | string

    Used by the nrpe subordinate charms.

  • nagios_servicegroups | string

    A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup

  • package_status | string

    Default: install

    The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".

  • port | string

    Default: 8000

    port to run on

  • sentry_dsn | string

    DSN for configuration of Sentry's raven client. See https://<sentry_host>/sentry/snapdeltaservice/settings/keys/

  • service_private_keys | string

    Default: []

    A JSON-encoded list of base64-encoded private service keys. The first key in the list is the preferred one; older keys may follow, permitting rollover.

  • slow_query_timeout | string

    Default: -1

    Timeout (in ms) to log SQL queries

  • soft_request_timeout | string

    Default: -1

    Timeout (in ms) to report soft timeout errors to sentry.

  • statsd_dsn | string

    statsd url, see http://talisker.readthedocs.io/en/latest/statsd.html for details

  • swift_auth_url | string

    URL for authenticating against Keystone when fetching payloads from Swift.

  • swift_auth_version | string

    Default: 2

    Auth version, supported values: 2, 3.

  • swift_container_name | string

    Container to use when fetching payloads from Swift.

  • swift_password | string

    Password to use when fetching payloads from Swift.

  • swift_project_domain_name | string

    Default: default

    Openstack project domain name

  • swift_region_name | string

    Region to use when fetching payloads from Swift.

  • swift_storage_url | string

    URL for fetching payloads anonymously from Swift.

  • swift_tenant_name | string

    OpenStack tenant to use when fetching payloads from Swift.

  • swift_use_proxy | boolean

    use http{s} proxy, if defined in the environment variables: JUJU_CHARM_HTTP{S}_PROXY

  • swift_user_domain_name | string

    Default: default

    Openstack user domain name

  • swift_username | string

    Username to use when fetching payloads from Swift.

  • trusted_networks | string

    Space-separated list of networks with trusted access to this service.

  • wsgi_backlog | int

    Default: 2048

    The maximum number of pending connections.

  • wsgi_keep_alive | int

    Default: 2

    Keep alive time in seconds.

  • wsgi_logrotate_count | int

    Default: 7

    The number of rotated log files to retain.

  • wsgi_max_requests | int

    max requests for a worker to serve before being rebooted

  • wsgi_port | string

    Port to listen on. By default it is set to an empty string to indicate that the http layer port config option will be used. The default is usually desired, unless the application unit is expected to host some dedicated proxying software locally.

  • wsgi_restart_maxwait | int

    The max. number of seconds to wait before actually restarting/reloading

  • wsgi_reuse_port | boolean

    Default: True

    Set the SO_REUSEPORT flag on the listening socket.

  • wsgi_timeout | int

    Default: 30

    Timeout of a request in seconds.

  • wsgi_unix_socket_only | boolean

    Gunicorn will only bind and listen on a unix socket at /srv/gunicorn/run/gunicorn.sock.

  • wsgi_use_prometheus_multiproc | boolean

    Handles proper prometheus client setup for multiproc with gunicorn. NOTE: This requires the prometheus client from https://github.com/prometheus/client_python. Toggling this option results in a gunicorn restart. This will also set the PROMETHEUS_MULTIPROC_DIR (and lowercase version) env vars if set. This should not be set to true if using talisker-based services, as those should handle prometheus multiproc metrics properly.

  • wsgi_worker_class | string

    Default: sync

    Gunicorn worker_class setting.

  • wsgi_workers | int

    The number of worker process for handling requests. 0 for count(cpu) + 1