58a4c980bb
We're enabling the audit middleware for the following API services:
* cinder
* nova
* neutron
* glance
* heat
* barbican
* octavia
* gnocchi
* config.verbose was deprecated a long time ago and Gnocchi doesn't
support a separate "logging.conf" file
* as such, Gnocchi can't be configured to use "info" level logging
* the audit logs will only be emitted in debug mode
* cf001e8428/gnocchi/service.py (L72-L79)
* newly defined audit map (the other services had already existing
definitions, which were updated):
* aodh
* designate
* magnum
* masakari
* updated wsgi log configuration
The following services do not support the audit middleware,
the support for api paste was dropped:
* placement
* watcher
* keystone (has its own pycadf audit implementation)
* emits notifications using oslo.notifications
* configurable driver, possible options include "messagingv2" and "log"
* we can't just use the log driver since the user may request amqp
notifications using:
"juju config keystone enable-telemetry-notifications=True"
* we'll listen for amqp notifications using a separate service
Reference:
* audit middleware configuration: https://docs.openstack.org/keystonemiddleware/latest/audit.html
* api map samples: https://opendev.org/openstack/pycadf/src/tag/3.1.1/etc/pycadf
Change-Id: I28a261b85067704221d6ab3d949c5d2a27a4a9d7
heat-k8s
Description
heat-k8s is an operator to manage the orchestration services heat api, heat api cfn and heat engine on a Kubernetes based environment.
Usage
Deployment
heat-k8s is deployed using below command:
juju deploy heat-k8s heat --trust
Now connect the heat operator to existing database, keystone identity, keystone ops and rabbitmq operators:
juju relate mysql:database heat:database
juju relate keystone:identity-service heat:identity-service
juju relate keystone:identity-ops heat:identity-ops
juju relate rabbitmq:amqp heat:amqp
heat-api-cfn is deployed as separate instance of charm using below command:
juju deploy heat-k8s heat-cfn --trust --config api_service=heat-api-cfn
Configuration
This section covers common and/or important configuration options. See file
config.yaml for the full list of options, along with their descriptions and
default values. See the Juju documentation for details
on configuring applications.
api_service
The api_service option determines whether to act as heat-api service or
heat-api-cfn service. Accepted values are heat-api or heat-api-service
and defaults to heat-api.
Actions
This section covers Juju actions supported by the charm.
Actions allow specific operations to be performed on a per-unit basis. To
display action descriptions run juju actions heat. If the charm is not
deployed then see file actions.yaml.
Relations
heat-k8s requires the following relations:
database: To connect to MySQL
identity-service: To register endpoints in Keystone
identity-ops: To create heat stack domain and users
ingress-internal: To expose service on underlying internal network
ingress-public: To expose service on public network
amqp: To connect to Rabbitmq
OCI Images
The charm by default uses following images:
ghcr.io/canonical/heat-consolidated:2025.1
Contributing
Please see the Juju SDK docs for guidelines on enhancements to this charm following best practice guidelines, and CONTRIBUTING.md for developer guidance.
Bugs
Please report bugs on Launchpad.