Octavia

Learn about configurations >

• action-managed-upgrade | boolean

  If True enables openstack upgrades for this charm via juju actions. You will still need to set openstack-origin to the new repository but instead of an upgrade running automatically across all units, it will wait for you to execute the openstack-upgrade action for this charm on each unit. If False it will revert to existing behavior of upgrading all units on config change.

• active-connection-max-retries | int

  Default: 15

  Retry threshold for connecting to an active amphora.

• active-connection-retry-interval | int

  Default: 2

  Retry timeout between connection attempts in seconds for active amphora.

• amp-image-owner-id | string

  Restrict glance image selection to a specific owner ID. This is a recommended security setting.

• amp-image-tag | string

  Default: octavia-amphora

  Glance image tag for selection of Amphorae image to boot load balancer instances.

• amp-ssh-key-name | string

  Name of nova key to use to provide ssh access to Amphora VMs. Note that this key must be visible to the project used by Octavia.

• amp-ssh-pub-key | string

  Base64 encoded public ssh key. This will be used when creating the key named by amp-ssh-key-name. Note that once the key is created it cannot be modified and the only way to do so is to delete it and have the charm create a new one.

• anti-affinity-policy | string

  Default: auto

  Sets the anti-affinity policy for Nova. Possible values are anti-affinity, soft-anti-affinity, auto or disable.

  When set to auto, the charm will choose between disabling anti-affinity entirely or using soft-anti-affinity depending if loadbalancer-topology is set to SINGLE or ACTIVE_STANDBY respectively.

• connection-max-retries | int

  Default: 120

  Retry threshold for connecting to amphorae. This is used when waiting for a new amphora to become available as well as during a failover.

• connection-retry-interval | int

  Default: 5

  Retry timeout between connection attempts in seconds. This is used when waiting for a new amphora to become available as well as during a failover.

• create-mgmt-network | boolean

  Default: True

  The octavia charm utilizes Neutron Resource tags to locate networks, security groups and ports for use with the service. . If none are found the default behaviour is to create the resources required for management of the load balancer instances. . Set this to False if you want to be in control of creation and management of these resources yourself. Please note that the service will not be fully operational until they are available. . Refer to the documentation on https://jujucharms.com/octavia/ for a complete list of resources required and how they should be tagged.

• custom-amp-flavor-id | string

  ID of Nova flavor Octavia should use when launching Amphorae instances. . The default behaviour is to let the charm create and maintain the flavor.

• debug | boolean

  Enable debug logging

• dns-ha | boolean

  Use DNS HA with MAAS 2.0. Note if this is set do not set vip settings below.

• enable-amphora | boolean

  Default: True

  Octavia supports multiple provider drivers. The reference Amphora provider driver is distributed as part of the Octavia software, and is enabled by default, unless you set this configuration option to 'False'.

• haproxy-client-timeout | int

  Client timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 90000ms is used.

• haproxy-connect-timeout | int

  Connect timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 9000ms is used.

• haproxy-queue-timeout | int

  Queue timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 9000ms is used.

• haproxy-server-timeout | int

  Server timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 90000ms is used.

• lb-mgmt-controller-cacert | string

  Note that setting this configuration option is mandatory, unless the enable-amphora configuration option is set to 'False'. . Certificate Authority Certificate installed on Amphorae with the purpose of the Amphora agent using it to authenticate connections from Octavia controller services. . Note due to security concerns it is important not use the same CA certificate for both lb-mgmt-issuing-cacert and lb-mgmt-controller-cacert configuration options. Failing to keep them separate may lead to abuse of certificate data to gain access to other Amphora instances in the event one of them is compromised. . Note that these certificates are not used for any load balancer payload data.

• lb-mgmt-controller-cert | string

  Note that setting this configuration option is mandatory, unless the enable-amphora configuration option is set to 'False'. . Certificate used by the Octavia controller to authenticate itself to its Amphorae. . Note that these certificates are not used for any load balancer payload data.

• lb-mgmt-issuing-ca-key-passphrase | string

  Note that setting this configuration option is mandatory, unless the enable-amphora configuration option is set to 'False'. . Passphrase for the key set in lb-mgmt-ca-private-key. . NOTE: As of this writing Octavia requires the private key to be protected with a passphrase. . Note that these certificates are not used for any load balancer payload data.

• lb-mgmt-issuing-ca-private-key | string

  Note that setting this configuration option is mandatory, unless the enable-amphora configuration option is set to 'False'. . Private key for the Certificate Authority set in lb-mgmt-issuing-ca. . Note that these certificates are not used for any load balancer payload data.

• lb-mgmt-issuing-cacert | string

  Note that setting this configuration option is mandatory, unless the enable-amphora configuration option is set to 'False'. . Certificate Authority Certificate used to issue new certificates stored on the Amphora load balancer instances. The Amphorae use them to authenticate themselves to the Octavia controller services. . Note due to security concerns it is important not use the same CA certificate for both lb-mgmt-issuing-cacert and lb-mgmt-controller-cacert configuration options. Failing to keep them separate may lead to abuse of certificate data to gain access to other Amphora instances in the event one of them is compromised. . Note that these certificates are not used for any load balancer payload data.

• loadbalancer-topology | string

  Default: SINGLE

  Load balancer topology configuration. . Supported values are 'SINGLE' and 'ACTIVE_STANDBY'.

• nagios_context | string

  Default: juju

  A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.

• nagios_servicegroups | string

  Default: juju

  Comma separated list of nagios servicegroups for the graphite check

• openstack-origin | string

  Default: yoga

  Repository from which to install OpenStack.

  May be one of the following:

  distro (default) ppa:somecustom/ppa (PPA name must include OpenStack Release) deb url sources entry|key id or a supported Ubuntu Cloud Archive pocket.

  Supported Ubuntu Cloud Archive pockets include:

  cloud:trusty-liberty cloud:trusty-juno cloud:trusty-kilo cloud:trusty-liberty cloud:trusty-mitaka

  Note that updating this setting to a source that is known to provide a later version of OpenStack will trigger a software upgrade.

• os-admin-hostname | string

  The hostname or address of the admin endpoints created in the keystone identity provider. . This value will be used for admin endpoints. For example, an os-admin-hostname set to 'api-admin.example.com' with ssl enabled will create the following endpoint for neutron-api: . https://api-admin.example.com:9696/

• os-admin-network | string

  The IP address and netmask of the OpenStack Admin network (e.g., 192.168.0.0/24) . This network will be used for admin endpoints.

• os-internal-hostname | string

  The hostname or address of the internal endpoints created in the keystone identity provider. . This value will be used for internal endpoints. For example, an os-internal-hostname set to 'api-internal.example.com' with ssl enabled will create the following endpoint for neutron-api: . https://api-internal.example.com:9696/

• os-internal-network | string

  The IP address and netmask of the OpenStack Internal network (e.g., 192.168.0.0/24) . This network will be used for internal endpoints.

• os-public-hostname | string

  The hostname or address of the public endpoints created in the keystone identity provider. . This value will be used for public endpoints. For example, an os-public-hostname set to 'api-public.example.com' with ssl enabled will create the following endpoint for neutron-api: . https://api-public.example.com:9696/

• os-public-network | string

  The IP address and netmask of the OpenStack Public network (e.g., 192.168.0.0/24) . This network will be used for public endpoints.

• region | string

  Default: RegionOne

  OpenStack Region

• spare-pool-size | int

  Number of Amphora instances to hold in the spare pool to reduce spin-up time for new load balancers. . The default behaviour is to not maintain any spare servers. . NOTE: As of OpenStack Victoria this configuration option is DEPRECATED and support for the feature will be removed from Octavia in the OpenStack X release.

• ssl_ca | string

  TLS CA to use to communicate with other components in a deployment. . NOTE: This configuration option will take precedence over any certificates received over the certificates relation.

• ssl_cert | string

  TLS certificate to install and use for any listening services. . NOTE: This configuration option will take precedence over any certificates received over the certificates relation.

• ssl_key | string

  TLS key to use with certificate specified as ssl_cert. . NOTE: This configuration option will take precedence over any certificates received over the certificates relation.

• tls_crit_days | int

  Default: 14

  Number of days left for the Octavia certificates, used for secure communication between the controller and the amphora instances, to expire before raising a Critical alert.

• tls_warn_days | int

  Default: 30

  Number of days left for the Octavia certificates, used for secure communication between the controller and the amphora instances, to expire before raising a Warning alert.

• use-internal-endpoints | boolean

  Openstack mostly defaults to using public endpoints for internal communication between services. If set to True this option will configure services to use internal endpoints where possible.

• use-policyd-override | boolean

  If True then use the resource file named 'policyd-override' to install override YAML files in the service's policy.d directory. The resource file should be a ZIP file containing at least one yaml file with a .yaml or .yml extension. If False then remove the overrides.

• vip | string

  Virtual IP(s) to use to front API services in HA configuration.

  If multiple networks are being used, a VIP should be provided for each network, separated by spaces.

• vip_cidr | int

  Default: 24

  Default CIDR netmask to use for HA vip when it cannot be automatically determined.

• vip_iface | string

  Default: eth0

  Default network interface to use for HA vip when it cannot be automatically determined.

• worker-multiplier | float

  The CPU core multiplier to use when configuring worker processes. By default, the number of workers for each daemon is set to twice the number of CPU cores a service unit has. This default value will be capped to 4 workers unless this configuration option is set.