OpenStack provider configuration¶
The OpenStack provider supports native Nova and Swift api usage, as an alternative to using the EC2 provider and the AWS compatibility apis.
Because OpenStack allows considerable flexibility to deployers in what components are used and how they are set up, the configuration options Juju needs varies across different clouds.
Common configuration¶
- type:
- 'openstack'
- admin-secret:
- A secret that will be generated for you when config is created.
- control-bucket:
- Name of a Swift container unique to the environment for metadata and charm storage. Also generated when config is created.
- juju-origin:
- Optionally defines where to install juju from.
- default-image-id:
- Machine image id as given by nova image-list for juju to use when creating instances. As there is currently no standard image service across different OpenStack deployments, this must always be supplied.
- default-instance-type:
- Flavor name as given by nova flavor-list for juju to use when creating instances. Setting constraints will serve the same purpose.
- default-series:
- Declares the Ubuntu series of the machine image. For instance, this should be precise for an Ubuntu 12.04 image.
OpenStack Configuration¶
- auth-mode:
Method used to authenticate with identity service.
- userpass:
- Standard authentication with Keystone, requires username, password and project-name to be given.
- keypair:
- Supported by HP cloud, uses access-key and secret-key as well as project-name and authorized-keys.
- legacy:
- Old way of authenticating directly with Nova, uses username and access-key only.
- rax:
- Rackspace specific method similar to userpass.
If possible, the mode will be determined from the form of the identity service url given as auth-url, otherwise it must be explictly provided.
- use-floating-ip:
- Boolean whether to assign a floating ip for each instance. As Juju expects a public address for all machines, this is required unless the deployment uses the auto_assign_floating_ip=True configuration.
OpenStack Credentials¶
Credentials can either be specified in environments.yaml as well or exported as environment variables. Both the new style OS_ and old style NOVA_ prefixes are accepted where they overlap, only the new forms are documented below if they are otherwise the same.
Not all the following values have to be specified, depending on the auth-mode used.
- auth-url:
- The identity service endpoint, used to obtain a description of the other services the OpenStack deployment provides and a token for authenticating with them. Can instead set one of OS_AUTH_URL or NOVA_URL.
- username:
- Account username, or set OS_USERNAME.
- password:
- Account password, or set OS_PASSWORD.
- project-name:
- Name of a project, also sometimes referred to as a tenant, associated with your user. Some deployments give both a name and a numeric id, the name is what is expected here. Can instead set OS_TENANT_NAME.
- region:
- Name of the region to use, if the deployment has multiple regions. Can also be set as OS_REGION_NAME.
- access-key:
- The public access key of the account, or set NOVA_API_KEY.
- secret-key:
- The secret access key of the account. Will be the same as is used with the EC2 compatibility interface, can be set as EC2_SECRET_KEY.
OpenStack S3 Provider¶
For deployments that do not include Swift, there is also an alternative provider that can use the S3 compability layer of nova-objectstore instead. However, due to security shortcomings, this should generally not be used.
- type:
- 'openstack_s3'
- s3-uri:
- The S3 endpoint, or set S3_URL.
- combined-key:
- The access key for the OpenStack/AWS compatibility layer. In typical configurations this will be a combination of the project name or id and the normal access key. Alternatively set EC2_ACCESS_KEY.