fb2f757494
RADOS Gateway supports setting keystone operator and admin roles. RADOS Gateway requires admin roles for keystone users to change their user quota. Regular operator/member roles are not allowed to do so. The lack of this config option prevents swift users with admin roles from being able to set their quotas. Therefore, a config option 'admin-roles' is now added to the charm to map to 'rgw keystone accepted admin roles' RADOS Gateway config. Please note that this is only effective from Luminous Ceph Release. Change-Id: Ic0b9aa39eef9fbc6c43eb4e66ab72d90787c2017 Closes-Bug: #1831577
320 lines
12 KiB
YAML
320 lines
12 KiB
YAML
options:
|
|
loglevel:
|
|
type: int
|
|
default: 1
|
|
description: RadosGW debug level. Max is 20.
|
|
source:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Optional repository from which to install. May be one of the following:
|
|
distro (default), ppa:somecustom/ppa, a deb url sources entry,
|
|
or a supported Ubuntu Cloud Archive e.g.
|
|
.
|
|
cloud:<series>-<openstack-release>
|
|
cloud:<series>-<openstack-release>/updates
|
|
cloud:<series>-<openstack-release>/staging
|
|
cloud:<series>-<openstack-release>/proposed
|
|
.
|
|
See https://wiki.ubuntu.com/OpenStack/CloudArchive for info on which
|
|
cloud archives are available and supported.
|
|
.
|
|
Note that a minimum ceph version of 0.48.2 is required for use with this
|
|
charm which is NOT provided by the packages in the main Ubuntu archive
|
|
for precise but is provided in the Ubuntu cloud archive.
|
|
key:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Key ID to import to the apt keyring to support use with arbitary source
|
|
configuration from outside of Launchpad archives or PPA's.
|
|
harden:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Apply system hardening. Supports a space-delimited list of modules
|
|
to run. Supported modules currently include os, ssh, apache and mysql.
|
|
config-flags:
|
|
type: string
|
|
default:
|
|
description: |
|
|
User provided Ceph configuration. Supports a string representation of
|
|
a python dictionary where each top-level key represents a section in
|
|
the ceph.conf template. You may only use sections supported in the
|
|
template.
|
|
.
|
|
WARNING: this is not the recommended way to configure the underlying
|
|
services that this charm installs and is used at the user's own risk.
|
|
This option is mainly provided as a stop-gap for users that either
|
|
want to test the effect of modifying some config or who have found
|
|
a critical bug in the way the charm has configured their services
|
|
and need it fixed immediately. We ask that whenever this is used,
|
|
that the user consider opening a bug on this charm at
|
|
http://bugs.launchpad.net/charms providing an explanation of why the
|
|
config was needed so that we may consider it for inclusion as a
|
|
natively supported config in the charm.
|
|
port:
|
|
type: int
|
|
default: 80
|
|
description: |
|
|
The port that the RADOS Gateway will listen on.
|
|
prefer-ipv6:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
If True enables IPv6 support. The charm will expect network interfaces
|
|
to be configured with an IPv6 address. If set to False (default) IPv4
|
|
is expected.
|
|
.
|
|
NOTE: these charms do not currently support IPv6 privacy extension. In
|
|
order for this charm to function correctly, the privacy extension must be
|
|
disabled and a non-temporary address must be configured/available on
|
|
your network interface.
|
|
pool-prefix:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The rados gateway stores objects in many different pools. If you would
|
|
like to have multiple rados gateways each pointing to a separate set of
|
|
pools set this prefix. The charm will then set up a new set of pools.
|
|
If your prefix has a dash in it that will be used to split the prefix
|
|
into region and zone. Please read the documentation on federated rados
|
|
gateways for more information on region and zone.
|
|
restrict-ceph-pools:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
Optionally restrict Ceph key permissions to access pools as required.
|
|
ceph-osd-replication-count:
|
|
type: int
|
|
default: 3
|
|
description: |
|
|
This value dictates the number of replicas ceph must make of any object
|
|
it stores within RGW pools. Note that once the RGW pools have been
|
|
created, changing this value will not have any effect (although it can be
|
|
changed in ceph by manually configuring your ceph cluster).
|
|
rgw-buckets-pool-weight:
|
|
type: int
|
|
default: 20
|
|
description: |
|
|
Defines a relative weighting of the pool as a percentage of the total
|
|
amount of data in the Ceph cluster. This effectively weights the number
|
|
of placement groups for the pool created to be appropriately portioned
|
|
to the amount of data expected. For example, if the amount of data loaded
|
|
into the RADOS Gateway/S3 interface is expected to be reserved for or
|
|
consume 20% of the data in the Ceph cluster, then this value would be
|
|
specified as 20.
|
|
rgw-lightweight-pool-pg-num:
|
|
type: int
|
|
default: -1
|
|
description: |
|
|
When the Rados Gatway is installed it, by default, creates pools with
|
|
pg_num 8 which, in the majority of cases is suboptimal. A few rgw pools
|
|
tend to carry more data than others e.g. .rgw.buckets tends to be larger
|
|
than most. So, for pools with greater requirements than others the charm
|
|
will apply the optimal value i.e. corresponding to the number of OSDs
|
|
up+in the cluster at the time the pool is created. For others it will use
|
|
this value which can be altered depending on how big you cluster is. Note
|
|
that once a pool has been created, changes to this setting will be
|
|
ignored. Setting this value to -1, enables the number of placement
|
|
groups to be calculated based on the Ceph placement group calculator.
|
|
# Keystone integration
|
|
operator-roles:
|
|
type: string
|
|
default: "Member"
|
|
description: |
|
|
Comma-separated list of Swift operator roles; used when integrating with
|
|
OpenStack Keystone.
|
|
admin-roles:
|
|
type: string
|
|
default: "Admin"
|
|
description: |
|
|
Comma-separated list of Swift admin roles; used when integrating with
|
|
OpenStack Keystone. Admin roles can set the user quota amount.
|
|
region:
|
|
type: string
|
|
default: RegionOne
|
|
description: |
|
|
OpenStack region that the RADOS gateway supports; used when integrating
|
|
with OpenStack Keystone.
|
|
cache-size:
|
|
type: int
|
|
default: 500
|
|
description: Number of keystone tokens to hold in local cache.
|
|
# HA config
|
|
use-syslog:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
If set to True, supporting services will log to syslog.
|
|
dns-ha:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
Use DNS HA with MAAS 2.0. Note if this is set do not set vip
|
|
settings below.
|
|
vip:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Virtual IP(s) to use to front API services in HA configuration.
|
|
.
|
|
If multiple networks are being used, a VIP should be provided for each
|
|
network, separated by spaces.
|
|
ha-bindiface:
|
|
type: string
|
|
default: eth0
|
|
description: |
|
|
Default network interface on which HA cluster will bind to communication
|
|
with the other members of the HA Cluster.
|
|
ha-mcastport:
|
|
type: int
|
|
default: 5414
|
|
description: |
|
|
Default multicast port number that will be used to communicate between
|
|
HA Cluster nodes.
|
|
# Network config (by default all access is over 'private-address')
|
|
os-admin-network:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The IP address and netmask of the OpenStack Admin network (e.g.
|
|
192.168.0.0/24)
|
|
.
|
|
This network will be used for admin endpoints.
|
|
os-internal-network:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The IP address and netmask of the OpenStack Internal network (e.g.
|
|
192.168.0.0/24)
|
|
.
|
|
This network will be used for internal endpoints.
|
|
os-public-network:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The IP address and netmask of the OpenStack Public network (e.g.
|
|
192.168.0.0/24)
|
|
.
|
|
This network will be used for public endpoints.
|
|
os-public-hostname:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The hostname or address of the public endpoints created for ceph-radosgw
|
|
in the keystone identity provider.
|
|
.
|
|
This value will be used for public endpoints. For example, an
|
|
os-public-hostname set to 'files.example.com' with will create
|
|
the following public endpoint for the ceph-radosgw:
|
|
.
|
|
https://files.example.com:80/swift/v1
|
|
os-internal-hostname:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The hostname or address of the internal endpoints created for
|
|
ceph-radosgw in the keystone identity provider.
|
|
.
|
|
This value will be used for internal endpoints. For example, an
|
|
os-internal-hostname set to 'files.internal.example.com' with will create
|
|
the following internal endpoint for the ceph-radosgw:
|
|
.
|
|
https://files.internal.example.com:80/swift/v1
|
|
os-admin-hostname:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The hostname or address of the admin endpoints created for ceph-radosgw
|
|
in the keystone identity provider.
|
|
.
|
|
This value will be used for admin endpoints. For example, an
|
|
os-admin-hostname set to 'files.admin.example.com' with will create
|
|
the following admin endpoint for the ceph-radosgw:
|
|
.
|
|
https://files.admin.example.com:80/swift/v1
|
|
# Monitoring config
|
|
nagios_context:
|
|
type: string
|
|
default: "juju"
|
|
description: |
|
|
Used by the nrpe-external-master subordinate charm.
|
|
A string that will be prepended to instance name to set the host name
|
|
in nagios. So for instance the hostname would be something like:
|
|
.
|
|
juju-myservice-0
|
|
.
|
|
If you're running multiple environments with the same services in them
|
|
this allows you to differentiate between them.
|
|
nagios_servicegroups:
|
|
type: string
|
|
default: ""
|
|
description: |
|
|
A comma-separated list of nagios servicegroups. If left empty,
|
|
the nagios_context will be used as the servicegroup
|
|
# HAProxy Parameters
|
|
haproxy-server-timeout:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Server timeout configuration in ms for haproxy, used in HA
|
|
configurations. If not provided, default value of 90000ms is used.
|
|
haproxy-client-timeout:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Client timeout configuration in ms for haproxy, used in HA
|
|
configurations. If not provided, default value of 90000ms is used.
|
|
haproxy-queue-timeout:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Queue timeout configuration in ms for haproxy, used in HA
|
|
configurations. If not provided, default value of 9000ms is used.
|
|
haproxy-connect-timeout:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Connect timeout configuration in ms for haproxy, used in HA
|
|
configurations. If not provided, default value of 9000ms is used.
|
|
|
|
# External SSL Parameters
|
|
ssl_cert:
|
|
type: string
|
|
default:
|
|
description: |
|
|
SSL certificate to install and use for API ports. Setting this value
|
|
and ssl_key will enable reverse proxying, point Glance's entry in the
|
|
Keystone catalog to use https, and override any certificate and key
|
|
issued by Keystone (if it is configured to do so).
|
|
ssl_key:
|
|
type: string
|
|
default:
|
|
description: SSL key to use with certificate specified as ssl_cert.
|
|
ssl_ca:
|
|
type: string
|
|
default:
|
|
description: |
|
|
SSL CA to use with the certificate and key provided - this is only
|
|
required if you are providing a privately signed ssl_cert and ssl_key.
|
|
# Multi Site Options
|
|
realm:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Name of RADOS Gateway Realm to create for multi-site replication. Setting
|
|
this option will enable support for multi-site replication, at which
|
|
point the zonegroup and zone options must also be provided.
|
|
zonegroup:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Name of RADOS Gateway Zone Group to create for multi-site replication.
|
|
zone:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Name of RADOS Gateway Zone to create for multi-site replication. This
|
|
option must be specific to the local site e.g. us-west or us-east.
|