charm-ceph-osd/config.yaml
Edward Hope-Morley 62cc614573 Add hardening support
Add charmhelpers.contrib.hardening and calls to install,
config-changed, upgrade-charm and update-status hooks. Also
add new config option to allow one or more hardening
modules to be applied at runtime.

Change-Id: Ic417d678d3b0f7bfda5b393628a67297d7e79107
2016-03-24 11:14:47 +00:00

182 lines
6.3 KiB
YAML

options:
loglevel:
default: 1
type: int
description: OSD debug level. Max is 20.
osd-devices:
type: string
default: /dev/vdb
description: |
The devices to format and set up as osd volumes.
These devices are the range of devices that will be checked for and
used across all service units.
For ceph >= 0.56.6 these can also be directories instead of devices - the
charm assumes anything not starting with /dev is a directory instead.
osd-journal:
type: string
default:
description: |
The device to use as a shared journal drive for all OSD's. By default
no journal device will be used.
Only supported with ceph >= 0.48.3.
osd-journal-size:
type: int
default: 1024
description: |
Ceph osd journal size. The journal size should be at least twice the
product of the expected drive speed multiplied by filestore max sync
interval. However, the most common practice is to partition the journal
drive (often an SSD), and mount it such that Ceph uses the entire
partition for the journal.
Only supported with ceph >= 0.48.3.
osd-format:
type: string
default: xfs
description: |
Format of filesystem to use for OSD devices; supported formats include:
xfs (Default >= 0.48.3)
ext4 (Only option < 0.48.3)
btrfs (experimental and not recommended)
Only supported with ceph >= 0.48.3.
osd-reformat:
type: string
default:
description: |
By default, the charm will not re-format a device that already looks
as if it might be an OSD device. This is a safeguard to try to
prevent data loss.
Specifying this option (any value) forces a reformat of any OSD devices
found which are not already mounted.
osd-encrypt:
type: boolean
default: False
description: |
By default, the charm will not encrypt Ceph OSD devices; however, by
setting osd-encrypt to True, Ceph's dmcrypt support will be used to
encrypt OSD devices.
Specifying this option on a running Ceph OSD node will have no effect
until new disks are added, at which point new disks will be encrypted.
ignore-device-errors:
type: boolean
default: False
description: |
By default, the charm will raise errors if a whitelisted device is found,
but for some reason the charm is unable to initialize the device for use
by Ceph.
Setting this option to 'True' will result in the charm classifying such
problems as warnings only and will not result in a hook error.
ephemeral-unmount:
type: string
default:
description: |
Cloud instances provider ephermeral storage which is normally mounted
on /mnt.
Providing this option will force an unmount of the ephemeral device
so that it can be used as a OSD storage device. This is useful for
testing purposes (cloud deployment is not a typical use case).
source:
type: string
default:
description: |
Optional configuration to support use of additional sources such as:
- ppa:myteam/ppa
- cloud:trusty-proposed/kilo
- http://my.archive.com/ubuntu main
The last option should be used in conjunction with the key configuration
option.
Note that a minimum ceph version of 0.48.2 is required for use with this
charm which is NOT provided by the packages in the main Ubuntu archive
for precise but is provided in the Ubuntu cloud archive.
key:
type: string
default:
description: |
Key ID to import to the apt keyring to support use with arbitary source
configuration from outside of Launchpad archives or PPA's.
use-syslog:
type: boolean
default: False
description: |
If set to True, supporting services will log to syslog.
ceph-public-network:
type: string
default:
description: |
The IP address and netmask of the public (front-side) network (e.g.,
192.168.0.0/24)
.
If multiple networks are to be used, a space-delimited list of a.b.c.d/x
can be provided.
ceph-cluster-network:
type: string
default:
description: |
The IP address and netmask of the cluster (back-side) network (e.g.,
192.168.0.0/24)
.
If multiple networks are to be used, a space-delimited list of a.b.c.d/x
can be provided.
prefer-ipv6:
type: boolean
default: False
description: |
If True enables IPv6 support. The charm will expect network interfaces
to be configured with an IPv6 address. If set to False (default) IPv4
is expected.
.
NOTE: these charms do not currently support IPv6 privacy extension. In
order for this charm to function correctly, the privacy extension must be
disabled and a non-temporary address must be configured/available on
your network interface.
sysctl:
type: string
default: '{ kernel.pid_max : 2097152, vm.max_map_count : 524288,
kernel.threads-max: 2097152 }'
description: |
YAML-formatted associative array of sysctl key/value pairs to be set
persistently. By default we set pid_max, max_map_count and
threads-max to a high value to avoid problems with large numbers (>20)
of OSDs recovering. very large clusters should set those values even
higher (e.g. max for kernel.pid_max is 4194303).
nagios_context:
type: string
default: "juju"
type: string
description: |
Used by the nrpe-external-master subordinate charm.
A string that will be prepended to instance name to set the host name
in nagios. So for instance the hostname would be something like:
juju-myservice-0
If you're running multiple environments with the same services in them
this allows you to differentiate between them.
nagios_servicegroups:
default: ""
type: string
description: |
A comma-separated list of nagios servicegroups.
If left empty, the nagios_context will be used as the servicegroup
use-direct-io:
default: True
type: boolean
description: Configure use of direct IO for OSD journals.
harden:
default:
type: string
description: |
Apply system hardening. Supports a space-delimited list of modules
to run. Supported modules currently include os, ssh, apache and mysql.