Openstack Charmers Next Vault

  • By OpenStack Charmers - Testing Charms
  • Security
Channel Revision Published Runs on
latest/stable 160 09 Feb 2022
Ubuntu 21.10 Ubuntu 20.04
juju deploy openstack-charmers-next-vault
Show information

Learn to deploy on juju >

Platform:

Ubuntu
21.10 20.04

Learn about configurations >

  • auto-generate-root-ca-cert | boolean

    Once unsealed, automatically generate a self-signed root CA rather than waiting for an action to be called to either generate one or process a signing request to act as an intermediary CA. Note that this will use all default values for the root CA cert. If you want to adjust those values, you should use the generate-root-ca action instead.

  • channel | string

    Default: stable

    The snap channel to install from.

  • default-ca-ttl | string

    Default: 87599h

    Default TTL to use when generating CA certs.

  • default-ttl | string

    Default: 8759h

    Default TTL to use when generating certs.

  • disable-mlock | boolean

    Set this option only if you are deploying to an environment that does not support the mlock(2) system call. When this option is set, vault will be unable to prevent secrets from being paged out, so use it with extreme caution.

  • dns-ha-access-record | string

    DNS record to use for DNS HA with MAAS. Mutually exclusive with the vip config option or lb-provider relation.

  • hostname | string

    Hostname to be used for the API URL. This hostname should exist as a DNS record and be resolvable by the charms that will consume the relation with vault.

  • max-ttl | string

    Default: 87600h

    Max allowed TTL to use when generating certs (must be greater than the default).

  • nagios_context | string

    Default: juju

    A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.

  • nagios_servicegroups | string

    Comma separated list of nagios servicegroups for the service checks.

  • snapd_refresh | string

    How often snapd handles updates for installed snaps. The default (an empty string) is 4x per day. Set to "max" to check once per month based on the charm deployment date. You may also set a custom string as described in the 'refresh.timer' section here: https://forum.snapcraft.io/t/system-options/87

  • ssl-ca | string

    The SSL Root CA certificate, base64-encoded.

  • ssl-cert | string

    The SSL certificate, base64-encoded.

  • ssl-chain | string

    The SSL chain certificate, base64-encoded.

  • ssl-key | string

    The SSL key, base64-encoded.

  • totally-unsecure-auto-unlock | boolean

    FOR TESTING ONLY. Initialise vault after deployment and store the keys locally. Locally stored material can be displayed with: juju run --unit vault/0 leader-get

  • vip | string

    Virtual IP to use api traffic. You can provide up to two addresses configured on the access or external bindings. If neither binding is used then you can only provide one address that must be configured on the default space. Mutually exclusive with the dns-ha-access-record config option or lb-provider relation.