Billy Olsen 460602489d Add dns-nameservers config option for upstream dns servers
Adds a dns-servers config option for specifying the forwarding
dns servers to be used by the dnsmasq services on the neutron
dhcp agent. This enables services using internal dns to also
specify the forwarding dns servers in order to resolve hosts
outside of the neutron network space.

Note: this option only takes effect when the
enable-local-dhcp-and-metadata flag is set to True.

Change-Id: I510d163dd9738477b15497b25266e73a50368539
Implements: blueprint internal-dns
Closes-Bug: #1713721
2017-08-31 09:24:01 -07:00

249 lines
9.2 KiB
YAML

options:
debug:
type: boolean
default: False
description: Enable debug logging.
verbose:
type: boolean
default: False
description: Enable verbose logging.
use-syslog:
type: boolean
default: False
description: |
Setting this to True will allow supporting services to log to syslog.
openstack-origin-git:
type: string
default:
description: |
Specifies a default OpenStack release name, or a YAML dictionary
listing the git repositories to install from.
.
The default Openstack release name may be one of the following, where
the corresponding OpenStack github branch will be used:
* liberty
* mitaka
* newton
* master
.
The YAML must minimally include requirements, neutron-fwaas,
neutron-lbaas, neutron-vpnaas, and neutron repositories, and may
also include repositories for other dependencies:
repositories:
- {name: requirements,
repository: 'git://github.com/openstack/requirements',
branch: master}
- {name: neutron-fwaas,
repository: 'git://github.com/openstack/neutron-fwaas',
branch: master}
- {name: neutron-lbaas,
repository: 'git://github.com/openstack/neutron-lbaas',
branch: master}
- {name: neutron-vpnaas,
repository: 'git://github.com/openstack/neutron-vpnaas',
branch: master}
- {name: neutron,
repository: 'git://github.com/openstack/neutron',
branch: master}
release: master
rabbit-user:
type: string
default: neutron
description: Username used to access RabbitMQ queue
rabbit-vhost:
type: string
default: openstack
description: RabbitMQ vhost
data-port:
type: string
default:
description: |
Space-delimited list of bridge:port mappings. Ports will be added to
their corresponding bridge. The bridges will allow usage of flat or
VLAN network types with Neutron and should match this defined in
bridge-mappings.
.
Ports provided can be the name or MAC address of the interface to be
added to the bridge. If MAC addresses are used, you may provide multiple
bridge:mac for the same bridge so as to be able to configure multiple
units. In this case the charm will run through the provided MAC addresses
for each bridge until it finds one it can resolve to an interface name.
Port can also be a linuxbridge bridge. In this case a veth pair will be
created, the ovs bridge and the linuxbridge bridge will be connected. It
can be useful to connect the ovs bridge to juju bridge.
disable-security-groups:
type: boolean
default: false
description: |
Disable neutron based security groups - setting this configuration option
will override any settings configured via the neutron-api charm.
.
BE CAREFUL - this option allows you to disable all port level security
within an OpenStack cloud.
bridge-mappings:
type: string
default: 'physnet1:br-data'
description: |
Space-delimited list of ML2 data bridge mappings with format
<provider>:<bridge>.
flat-network-providers:
type: string
default:
description: |
Space-delimited list of Neutron flat network providers.
vlan-ranges:
type: string
default: "physnet1:1000:2000"
description: |
Space-delimited list of <physical_network>:<vlan_min>:<vlan_max> or
<physical_network> specifying physical_network names usable for VLAN
provider and tenant networks, as well as ranges of VLAN tags on each
available for allocation to tenant networks.
firewall-driver:
type: string
default:
description: |
Firewall driver to use to support use of security groups with
instances; valid values include iptables_hybrid (default) and
openvswitch (>= Mitaka on Ubuntu 16.04 or later).
ext-port:
type: string
default:
description: |
Deprecated: Use bridge-mappings and data-port to create a network
which can be used for external connectivity. You can call the network
external and the bridge br-ex by convention, but neither is required
A space-separated list of external ports to use for routing of instance
traffic to the external public network. Valid values are either MAC
addresses (in which case only MAC addresses for interfaces without an IP
address already assigned will be used), or interfaces (eth0)
enable-local-dhcp-and-metadata:
type: boolean
default: false
description: |
Enable local Neutron DHCP and Metadata Agents. This is useful for
deployments which do not include a neutron-gateway (do not require l3,
lbaas or vpnaas services) and should only be used in-conjunction with
flat or VLAN provider networks configurations.
dnsmasq-flags:
type: string
default:
description: |
Comma-separated list of key=value config flags with the additional dhcp
options for neutron dnsmasq. Note, this option is only valid when
enable-local-dhcp-and-metadata option is set to True.
dns-servers:
type: string
default:
description: |
A comma-separated list of DNS servers which will be used by dnsmasq as
forwarders. This option only applies when the enable-local-dhcp-and-metadata
options is set to True.
prevent-arp-spoofing:
type: boolean
default: true
description: |
Enable suppression of ARP responses that don't match an IP address that
belongs to the port from which they originate.
.
Only supported in OpenStack Liberty or newer, which has the required
minimum version of Open vSwitch.
.
NOTE: this feature is deprecated and removed in Openstack >= Ocata. As of
that point the only way to disable protection will be via the port
security extension (see LP 1691080 for info).
enable-dpdk:
type: boolean
default: false
description: |
Enable DPDK fast userspace networking; this requires use of DPDK
supported network interface drivers and must be used in conjunction with
the data-port configuration option to configure each bridge with an
appropriate DPDK enabled network device.
dpdk-socket-memory:
type: int
default: 1024
description: |
Amount of hugepage memory in MB to allocate per NUMA socket in deployed
systems.
.
Only used when DPDK is enabled.
dpdk-socket-cores:
type: int
default: 1
description: |
Number of cores to allocate to DPDK per NUMA socket in deployed systems.
.
Only used when DPDK is enabled.
dpdk-driver:
type: string
default: uio_pci_generic
description: |
Kernel userspace device driver to use for DPDK devices, valid values
include:
.
vfio-pci
uio_pci_generic
.
Only used when DPDK is enabled.
enable-sriov:
type: boolean
default: false
description: |
Enable SR-IOV NIC agent on deployed units; use with sriov-device-mappings
to map SR-IOV devices to underlying provider networks. Enabling this
option allows instances to be plugged into directly into SR-IOV VF
devices connected to underlying provider networks alongside the default
Open vSwitch networking options.
sriov-device-mappings:
type: string
default:
description: |
Space-delimited list of SR-IOV device mappings with format
.
<provider>:<interface>
.
Multiple mappings can be provided, delimited by spaces.
sriov-numvfs:
type: string
default: auto
description: |
Number of VF's to configure each PF with; by default, each SR-IOV PF will
be configured with the maximum number of VF's it can support. Either use
a single integer to apply the same VF configuration to all detected
SR-IOV devices or use a per-device configuration in the following format
.
<device>:<numvfs>
.
Multiple devices can be configured by providing multi values delimited by
spaces.
.
NOTE: Changing this value will disrupt networking on all SR-IOV capable
interfaces for blanket configuration or listed interfaces when per-device
configuration is used.
worker-multiplier:
type: float
default:
description: |
The CPU core multiplier to use when configuring worker processes for
this services e.g. metadata-agent. By default, the number of workers for
each daemon is set to twice the number of CPU cores a service unit has.
When deployed in a LXD container, this default value will be capped to 4
workers unless this configuration option is set.
# Network config (by default all access is over 'private-address')
os-data-network:
type: string
default: ""
description: |
The IP address and netmask of the OpenStack Data network (e.g.,
192.168.0.0/24)
.
This network will be used for tenant network traffic in overlay
networks.
.
In order to support service zones spanning multiple network
segments, a space-delimited list of a.b.c.d/x can be provided
The address of the first network found to have an address
configured will be used.