Manifest file reference ======================= This resource aims to provide a definitive structure of a deployment manifest file will all its supported keys. .. tip:: For a conceptual overview of manifests, see the :doc:`Deployment manifest ` page. .. code:: yaml core: config: # The identity section allows the configuration of different # identity providers. At this point, this section configures OpenID Connect # and SAML2 keystone federated providers. identity: # The SAML2 Service Provider x509 certificate and key. When enabling any SAML2 # IDP, this option becomes mandatory. saml2_x509: certificate: "/home/ubuntu/cert.pem" key: "/home/ubuntu/key.pem" # This section defines the providers we want to enable. profiles: # The name of the provider. This will be used as a provider ID when configured # in OpenStack. openid-example: # The provider type. There are several specific provider types and one generic # type. provider: entra | google | okta | canonical | generic # The federated identity protocol. The "canonical" provider type only supports # "openid" for now. protocol: openid | saml2 # Configuration options for the above mentioned provider/protocol pair. config: {} # Examples: # entra-saml2: # provider: entra # protocol: saml2 # config: # app-id: 82590875-2a9c-48cb-ba04-5125f0bed664 # microsoft-tenant: 86e92722-ba4c-4b8d-95f2-216e612a9bc3 # label: "Log in with Entra ID (SAML2)" # entra-openid: # provider: entra # protocol: openid # config: # client-id: "the-client-id-goes-here" # client-secret: "super-secret-client-secret" # microsoft-tenant: 86e92722-ba4c-4b8d-95f2-216e612a9bc3 # label: "Log in with Entra ID (OIDC)" # okta-saml2: # provider: okta # protocol: saml2 # config: # app-id: app-id-goes-here # okta-org: dev-123456 # label: "Log in with Okta (SAML2)" # okta-openid: # provider: okta # protocol: openid # config: # client-id: "the-client-id-goes-here" # client-secret: "super-secret-client-secret" # okta-org: dev-123456 # label: "Log in with Okta (OIDC)" # google-saml2: # provider: google # protocol: saml2 # config: # app-id: 82590875-2a9c-48cb-ba04-5125f0bed664 # label: "Log in with Google (SAML2)" # google-openid: # provider: google # protocol: openid # config: # client-id: "the-client-id-goes-here" # client-secret: "super-secret-client-secret" # label: "Log in with Google (OIDC)" # canonical-openid: # provider: canonical # protocol: openid # config: # # This is the offer for the oauth endpoint of the hydra deployment # # in canonical identity platform # oauth-offer: "iam.controller/iam.hydra" # # Optional: the offer for the CA certificate provider of the # # canonical identity platform. # cert-offer: iam.controller/iam.self-signed-certificates # generic-saml2: # provider: generic # protocol: saml2 # config: # metadata-url: https://saml2.example.com/app/sso/saml/metadata # # optional: The CA chain to validate the IDP. # ca-chain: /path/to/ca-chain.pem # label: "Log in with My-SAML2-IDP" # generic-openid: # provider: generic # protocol: openid # config: # client-id: "the-client-id-goes-here" # client-secret: "super-secret-client-secret" # issuer-url: https://oidc.example.com/.well-known/openid-configuration # label: "Log in with My-OIDC-IDP" # Use local network proxy to access external resources proxy: proxy_required: [true,false] # Proxy variables to use if 'true' is chosen above http_proxy: : https_proxy: : no_proxy: ,,... bootstrap: # Management networks shared by hosts management_cidr: ,,... # Example: # management_cidr: 192.168.29.0/24 # Enter database toplogy: single/multi (cannot be changed later) # This will configure number of databases, single for entire cluster or multiple databases with one per openstack service. database: single # Enter a region name (cannot be changed later) region: # Example: # region: RegionOne k8s-addons: # Load balancer ranges loadbalancer: ,,... user: # Populate OpenStack cloud with demo user, default images, flavors etc run_demo_setup: [true,false] # Username to use for access to OpenStack username: # Password to use for access to OpenStack password: # Network to use for initial project network cidr: # Nameservers that guests should use for DNS resolution nameservers: ... # Enable ping and SSH access to instances security_group_rules: [true,false] # Local or remote access to VMs # Local mode - single node only remote_access_location: [local,remote] # External networking external_network: nic: # deprecated nics: : # Examples: # sunbeam-1.localdomain: enp5s0 # sunbeam-2.localdomain: enp8s0 # sunbeam-3.localdomain: eno3 # CIDR of OpenStack external network cidr: # IP address of default gateway for external network gateway: # Start of IP allocation range start: # End of IP allocation range end: # Network type for access to external network network_type: [flat,vlan] # VLAN ID if 'vlan' is chosen above segmentation_id: # MicroCeph microceph_config: # Disks to attach to MicroCeph nodes : osd_devices: ,,... # Examples: # sunbeam-1.localdomain: # osd_devices: /dev/vdc,/dev/vdd # sunbeam-2.localdomain: # osd_devices: /dev/vdc,/dev/vdd # sunbeam-3.localdomain: # osd_devices: /dev/vdc,/dev/vdd traefik_endpoints: traefik: traefik-public: traefik-rgw: software: juju: bootstrap_args: - - - ... # Examples: # - --debug # - --agent-version=3.2.4 # - --model-default=test-mode=true # - --model-default=logging-config==INFO;unit=DEBUG charms: : channel: revision: config: