# Copyright 2017-2020 Canonical Ltd. All rights reserved. # Foundation HyperConverged # series: bionic variables: # https://wiki.ubuntu.com/OpenStack/CloudArchive # packages for an LTS release come in a form of SRUs # do not use cloud: for an LTS version as # installation hooks will fail. Example: openstack-origin: &openstack-origin cloud:bionic-stein openstack-region: &openstack-region RegionOne # !> Important virtual core ratio to use in the Nova scheduler. # Note: This option affects the whole cloud. # Increase it for achieving more density in the cloud. cpu-allocation-ratio: &cpu-allocation-ratio 16 # Configure RAM allocation params for nova. For hyperconverged # nodes, we need to have plenty reserves for service containers, # Ceph OSDs, and swift-storage daemons. Those processes will not # only directly allocate RAM but also indirectly via pagecache, file # system caches, system buffers usage. Adjust for higher density # clouds, e.g. high OSD/host ratio or when running >2 service # containers/host adapt appropriately. reserved-host-memory: &reserved-host-memory 16384 ram-allocation-ratio: &ram-allocation-ratio 1.0 # Configure the data-port by replacing FCE_TEMPLATE with the # correct value. Do not change 'br-data'. This port will be used by # neutron-gateway and possibly neutron-openvswitch to provide connectivity # to a physical network, therefore, do not configure an IP address for this # port in MAAS. You have two choices of configuration: # 1) A raw bond interface for neutron-gateway and neutron-openvswitch charms, # i.e: data-port: br-data:bond0 # bridge-mappings: dcfabric:br-data # flat-network-providers: #left intentionally blank # vlan-ranges: dcfabric # Note 1.1) No vlan range specified - only a physnet which means no vlan # tenant networks and all vlan networks are provider networks created by # admin user with a specific segmentation ID. Physnets correspond to # fabrics in MAAS. Each fabric has its own set of independant VLANs # from 1-4094. # Note 1.2) Allows for dynamic addition of vlan provider networks # Note 1.3) For Neutron-API, make sure that the vlan-ranges matches. # 2) flat provider networks with bonds for the data-port, # i.e: data-port: br-100:bond0.100 br-101:bond0.101 # bridge-mappings: physnetvlan100:br-100 physnetvlan101:br-101 # flat-network-providers: physnetvlan100 physnetvlan101 # vlan-ranges: '' #Charm default cleared # Note 2.1) A VLAN port can be used here (e.g. configured via MAAS) # but note that in this case a provider network must be # configured as 'flat' not as 'VLAN' as there will # be two 802.1q headers appended - one by the OVS itself and one # by the kernel 802.1q module which will result in the lack of # connectivity for no apparent reason. # Note 2.2) This does not allow a dynamic addition of new provider networks # with different VLANs. data-port: &data-port "br-losec:bondE.x br-hisec:bondE.y" bridge-mappings: &bridge-mappings "physnet-losec:br-losec physnet-hisec:br-hisec" flat-network-providers: &flat-network-providers "physnet-losec physnet-hisec" vlan-ranges: &vlan-ranges "" # This is Management network, unrelated to OpenStack and other applications # OAM - Operations, Administration and Maintenance oam-space: &oam-space oam-space # This is OpenStack Admin network; for adminURL endpoints admin-space: &admin-space oam-space # This is OpenStack Public network; for publicURL endpoints public-space: &public-space public-space public-network-cidr: &public-network-cidr x.x.20.0/25 public-network-gateway: &public-network-gateway x.x.20.1 # DNS access space that should include DNS access VLANs separate # from public API VLANs, see lp:1804057 dns-access-space: &dns-access-space oam-space # This is OpenStack Internal network; for internalURL endpoints internal-space: &internal-space internal-space # This is the overlay network overlay-space: &overlay-space overlay-space # iSCSI networking for PureStorage iscsi-space: &iscsi-space iscsi-space # Hi/Lo Security External Networks losec-space: &losec-space losec-space hisec-space: &hisec-space hisec-space # Workaround for 'only one default binding supported' oam-space-constr: &oam-space-constr spaces=oam-space combi-access-constr: &combi-access-constr spaces=oam-space # Customize-failure-domains is a dangerous option in the Ceph-MON and Ceph-OSD # charms. Never set this 'true' unless you have multiple zones configured in # MAAS which correlate to racks in the data center. Setting this option inappropriately # will result in a broken crush map but a valid Juju status which is both difficult # to diagnose and fix without a redeployment. #1764492 customize-failure-domain: &customize-failure-domain True # Baseline CPU model across the cloud. # On x86 the CPU model maps to a baseline CPUID mask, and the flags can be # used to then toggle bits in the mask on or off. When expanding nova-compute # services across a cloud that has multiple CPU models, it is required for # live-migration of VMs from newer cpu compute hosts to older cpu compute # hosts to determine and configure a baseline CPU model which will allow VMs # to migrate to any node in the cloud. # CPU model can be determined by executing # "virsh capabilities | awk '//,/<\/cpu>/' | awk '//,/<\/model>/'" # on each compute. Then, you'll need to find out a oldest CPU model in the # cloud by comparing outputs and replace the following config value with that. # For example, given "Broadwell-Server-IBRS" and "Skylake-Server-IBRS" # in the same cloud, Broadwell should be selected as a baseline. cpu-model: &cpu-model FCE_TEMPLATE # XXX: LP #1673547 # DNS configuration # This configuration for overlay networks. Usually domain should be set to something # like "openstack.customername.lan." (notice . at the end), while cidr is for PTR # records, so in most cases 24 is just fine (16 is another option) dns-domain: &dns-domain "openstack.customername.lan." dns-cidr: &dns-cidr 24 # DNS servers should generally be the upstream corporate DNS servers or the Designate bind # servers depending on the scenario. See document "Neutron DNS and Designate Overview and # Best Practices" on Google Drive for more information. Using # Designate bind servers here require additional modifications (recursion, etc.) covered # in that document. dns-servers: &dns-servers "x y" # nagios-context should be bootstack-customerA-locationB-cloudname nagios-context: &nagios-context nagios ephemeral-device: &ephemeral-device '' # Octavia loadbalancer image cloud archive series # Octavia management certs # These should be specified relative to the bundle with include-base64 # ex: include-base64://../certs/controller_ca.pem lb-mgmt-issuing-cacert: &lb-mgmt-issuing-cacert include-base64://../certs/controller_ca.pem lb-mgmt-issuing-ca-private-key: &lb-mgmt-issuing-ca-private-key include-base64://../certs/controller_ca_key.pem lb-mgmt-issuing-ca-key-passphrase: &lb-mgmt-issuing-ca-key-passphrase foobar lb-mgmt-controller-cacert: &lb-mgmt-controller-cacert include-base64://../certs/controller_ca.pem lb-mgmt-controller-cert: &lb-mgmt-controller-cert include-base64://../certs/controller_cert_bundle.pem retrofit-uca-pocket: &retrofit-uca-pocket stein # Various VIPs aodh-vip: &aodh-vip "x.x.1.102 x.x.19.102 x.x.20.102" ceilometer-vip: &ceilometer-vip "x.x.1.103 x.x.19.103 x.x.20.103" cinder-vip: &cinder-vip "x.x.1.104 x.x.19.104 x.x.20.104" dashboard-vip: &dashboard-vip "x.x.1.105 x.x.19.105 x.x.20.105" designate-vip: &designate-vip "x.x.1.106 x.x.19.106 x.x.20.106" glance-vip: &glance-vip "x.x.1.107 x.x.19.107 x.x.20.107" gnocchi-vip: &gnocchi-vip "x.x.1.108 x.x.19.108 x.x.20.108" heat-vip: &heat-vip "x.x.1.109 x.x.19.109 x.x.20.109" keystone-vip: &keystone-vip "x.x.1.110 x.x.19.110 x.x.20.110" mysql-vip: &mysql-vip "x.x.1.111 x.x.19.111" neutron-api-vip: &neutron-api-vip "x.x.1.112 x.x.19.112 x.x.20.112" nova-cc-vip: &nova-cc-vip "x.x.1.113 x.x.19.113 x.x.20.113" octavia-vip: &octavia-vip "x.x.1.95 x.x.19.95 x.x.20.95" barbican-vip: &barbican-vip "x.x.1.114 x.x.19.114 x.x.20.114" vault-vip: &vault-vip "x.x.1.115" mysql-vault-vip: &mysql-vault-vip "x.x.1.94" # NTP configuration ntp-source: &ntp-source "x y" # designate nameservers designate-nameservers: &designate-nameservers "ns1.example.com." machines: # Baremetals "1000": constraints: tags=foundation-nodes "1001": constraints: tags=foundation-nodes "1002": constraints: tags=foundation-nodes "1003": constraints: tags=foundation-nodes "1004": constraints: tags=foundation-nodes "1005": constraints: tags=foundation-nodes "1006": constraints: tags=foundation-nodes "1007": constraints: tags=foundation-nodes "1008": constraints: tags=foundation-nodes # infra VMs "1010": constraints: tags=vault-os "1011": constraints: tags=vault-os "1012": constraints: tags=vault-os "1013": constraints: tags=etcd-os "1014": constraints: tags=etcd-os "1015": constraints: tags=etcd-os "1016": constraints: tags=easyrsa-os "1017": constraints: tags=mysql-os "1018": constraints: tags=mysql-os "1019": constraints: tags=mysql-os applications: # HAcluster hacluster-aodh: charm: cs:hacluster hacluster-cinder: charm: cs:hacluster hacluster-glance: charm: cs:hacluster hacluster-gnocchi: charm: cs:hacluster hacluster-horizon: charm: cs:hacluster hacluster-keystone: charm: cs:hacluster hacluster-neutron: charm: cs:hacluster hacluster-nova: charm: cs:hacluster hacluster-mysql: charm: cs:hacluster hacluster-designate: charm: cs:hacluster hacluster-heat: charm: cs:hacluster hacluster-ceilometer: charm: cs:hacluster hacluster-octavia: charm: cs:hacluster hacluster-barbican: charm: cs:hacluster hacluster-vault: charm: cs:hacluster hacluster-mysql-vault: charm: cs:hacluster # OpenStack aodh: charm: cs:aodh num_units: 3 bindings: "": *oam-space public: *public-space admin: *admin-space internal: *internal-space shared-db: *internal-space options: worker-multiplier: *worker-multiplier openstack-origin: *openstack-origin region: *openstack-region vip: *aodh-vip use-internal-endpoints: True os-internal-hostname: aodh-internal.customer.domain os-admin-hostname: aodh-admin.customer.domain os-public-hostname: aodh.customer.domain to: - lxd:1003 - lxd:1005 - lxd:1006 gnocchi: charm: cs:gnocchi num_units: 3 bindings: "": *oam-space public: *public-space admin: *admin-space internal: *internal-space shared-db: *internal-space coordinator-memcached: *internal-space options: worker-multiplier: *worker-multiplier openstack-origin: *openstack-origin region: *openstack-region vip: *gnocchi-vip use-internal-endpoints: True os-internal-hostname: gnocchi-internal.customer.domain os-admin-hostname: gnocchi-admin.customer.domain os-public-hostname: gnocchi.customer.domain to: - lxd:1003 - lxd:1005 - lxd:1006 cinder: charm: cs:cinder num_units: 3 constraints: *combi-access-constr bindings: "": *oam-space public: *public-space admin: *admin-space internal: *internal-space shared-db: *internal-space storage-backend: *iscsi-space options: worker-multiplier: *worker-multiplier openstack-origin: *openstack-origin block-device: None glance-api-version: 2 vip: *cinder-vip use-internal-endpoints: True region: *openstack-region os-internal-hostname: cinder-internal.customer.domain os-admin-hostname: cinder-admin.customer.domain os-public-hostname: cinder.customer.domain to: - lxd:1000 - lxd:1001 - lxd:1002 cinder-purestorage: charm: cs:cinder-purestorage num_units: 0 bindings: "": *oam-space certificates: *public-space storage-backend: *iscsi-space options: driver-source: ppa:openstack-charmers/purestorage-stable san-ip: 10.16.192.114 pure-api-token: 4f2c6257-3224-ad68-2f1e-92635c8159e6 volume-backend-name: pure-iscsi glance: # charm: cs:glance charm: /home/ubuntu/2020-05-29-ACI-O7k-K8s-OP-157513/charms/glance series: bionic constraints: *combi-access-constr bindings: "": *oam-space public: *public-space admin: *admin-space internal: *internal-space shared-db: *internal-space storage-backend: *iscsi-space options: worker-multiplier: *worker-multiplier openstack-origin: *openstack-origin vip: *glance-vip use-internal-endpoints: True region: *openstack-region os-internal-hostname: glance-internal.customer.domain os-admin-hostname: glance-admin.customer.domain os-public-hostname: glance.customer.domain num_units: 3 to: - lxd:1000 - lxd:1001 - lxd:1002 fstab-config: charm: cs:~bootstack-charmers/fstab-config num_units: 3 options: extra_packages: nfs-common configmap: |- - filesystem: x.x.15.4:/apcnfsds01 mountpoint: /var/lib/glance/images type: nfs options: defaults dump: 0 pass: 0 to: - glance/0 - glance/1 - glance/2 keystone: charm: cs:keystone num_units: 3 bindings: "": *oam-space public: *public-space admin: *admin-space internal: *internal-space shared-db: *internal-space options: worker-multiplier: *worker-multiplier openstack-origin: *openstack-origin vip: *keystone-vip region: *openstack-region preferred-api-version: 3 token-provider: 'fernet' # override default token timeout to 24hr (86400 seconds) to address # LP: #1856876 namnely to fix long-running live migration issues and # horizon re-auth. token-expiration: 86400 os-internal-hostname: keystone-internal.customer.domain os-admin-hostname: keystone-admin.customer.domain os-public-hostname: keystone.customer.domain to: - lxd:1000 - lxd:1001 - lxd:1002 logrotate: charm: cs:~logrotate-charmers/logrotate-charm num_units: 0 options: logrotate-retention: 60 mysql: charm: cs:percona-cluster num_units: 3 bindings: "": *oam-space cluster: *internal-space shared-db: *internal-space ha: *internal-space db: *internal-space db-admin: *internal-space options: source: *openstack-origin innodb-buffer-pool-size: *mysql-innodb-buffer-pool-size vip: *mysql-vip #root-password: password #sst-password: password wait-timeout: *mysql-wait-timeout min-cluster-size: 3 enable-binlogs: True performance-schema: True max-connections: *mysql-connections tuning-level: *mysql-tuning-level to: - lxd:1000 - lxd:1001 - lxd:1002 neutron-api: charm: cs:neutron-api num_units: 3 bindings: "": *oam-space public: *public-space admin: *admin-space internal: *internal-space shared-db: *internal-space options: worker-multiplier: *worker-multiplier openstack-origin: *openstack-origin region: *openstack-region # configure physical-network-mtus for every physnet mentioned in # ***flat-network-providers*** flat-network-providers: *flat-network-providers # configure physical-network-mtus for every physnet mentioned in # ***vlan-ranges*** # When provider networks are used directly, Designate-generated # records will only be created for vlans ***outside*** the range # specified in this option # :: vlan-ranges: *vlan-ranges neutron-security-groups: True overlay-network-type: vxlan gre use-internal-endpoints: True vip: *neutron-api-vip enable-l3ha: True dhcp-agents-per-network: 2 enable-ml2-port-security: True default-tenant-network-type: vxlan l2-population: True enable-ml2-dns: True enable-dvr: True dns-domain: *dns-domain reverse-dns-lookup: True ipv4-ptr-zone-prefix-size: *dns-cidr # set MTU settings to achieve 1500 MTU on instance interfaces in # the overlay network. This will only work provided that the VTEP # VLANs (overlay-space) are configured to have MTU larger than # 1550 (jumbo frames) which is documented in the prerequisites doc global-physnet-mtu: 9050 path-mtu: 9050 # Space-delimited list of : pairs specifying # MTU for individual physical networks # i.e: dcfabric:1500 physical-network-mtus: "physnet-losec:9000 physnet-hisec:9000" os-internal-hostname: neutron-internal.customer.domain os-admin-hostname: neutron-admin.customer.domain os-public-hostname: neutron.customer.domain to: - lxd:1003 - lxd:1005 - lxd:1006 neutron-openvswitch: charm: cs:neutron-openvswitch num_units: 0 bindings: # XXX: review bindings "": *oam-space data: *overlay-space options: worker-multiplier: *worker-multiplier bridge-mappings: *bridge-mappings prevent-arp-spoofing: True firewall-driver: openvswitch dns-servers: *dns-servers data-port: *data-port bridge-mappings: *bridge-mappings enable-local-dhcp-and-metadata: True nova-cloud-controller: charm: cs:nova-cloud-controller num_units: 3 bindings: "": *oam-space public: *public-space admin: *admin-space internal: *internal-space shared-db: *internal-space memcache: *internal-space options: worker-multiplier: *worker-multiplier openstack-origin: *openstack-origin network-manager: Neutron region: *openstack-region vip: *nova-cc-vip console-access-protocol: spice console-proxy-ip: local use-internal-endpoints: True cpu-allocation-ratio: *cpu-allocation-ratio ram-allocation-ratio: *ram-allocation-ratio os-internal-hostname: nova-cc-internal.customer.domain os-admin-hostname: nova-cc-admin.customer.domain os-public-hostname: nova-cc.customer.domain to: - lxd:1003 - lxd:1005 - lxd:1006 nova-compute: charm: cs:nova-compute num_units: 9 bindings: "": *oam-space internal: *internal-space secrets-storage: *public-space options: openstack-origin: *openstack-origin enable-live-migration: True enable-resize: True migration-auth-type: ssh use-internal-endpoints: True libvirt-image-backend: qcow2 aa-profile-mode: enforce virt-type: kvm customize-failure-domain: *customize-failure-domain reserved-host-memory: *reserved-host-memory worker-multiplier: *worker-multiplier encrypt: true ephemeral-device: *ephemeral-device cpu-mode: custom cpu-model: *cpu-model to: - 1000 - 1001 - 1002 - 1003 - 1004 - 1005 - 1006 - 1007 - 1008 ntp: charm: cs:ntp num_units: 0 options: source: *ntp-source openstack-dashboard: charm: cs:openstack-dashboard num_units: 3 constraints: *oam-space-constr bindings: "": *public-space shared-db: *internal-space options: openstack-origin: *openstack-origin webroot: "/" secret: "encryptcookieswithme" vip: *dashboard-vip neutron-network-l3ha: True neutron-network-lb: True neutron-network-firewall: False cinder-backup: False password-retrieve: True endpoint-type: publicURL os-public-hostname: openstack-dashboard.customer.domain to: - lxd:1003 - lxd:1005 - lxd:1006 rabbitmq-server: charm: cs:rabbitmq-server bindings: "": *oam-space amqp: *internal-space cluster: *internal-space options: source: *openstack-origin min-cluster-size: 3 num_units: 3 to: - lxd:1003 - lxd:1005 - lxd:1006 heat: charm: cs:heat num_units: 3 bindings: "": *oam-space public: *public-space admin: *admin-space internal: *internal-space shared-db: *internal-space options: worker-multiplier: *worker-multiplier openstack-origin: *openstack-origin region: *openstack-region vip: *heat-vip use-internal-endpoints: True os-internal-hostname: heat-internal.customer.domain os-admin-hostname: heat-admin.customer.domain os-public-hostname: heat.customer.domain to: - lxd:1000 - lxd:1001 - lxd:1002 designate: charm: cs:designate num_units: 3 bindings: "": *oam-space public: *public-space admin: *admin-space internal: *internal-space shared-db: *internal-space dns-backend: *internal-space coordinator-memcached: *internal-space options: openstack-origin: *openstack-origin region: *openstack-region vip: *designate-vip use-internal-endpoints: True nameservers: *designate-nameservers os-internal-hostname: designate-internal.customer.domain os-admin-hostname: designate-admin.customer.domain os-public-hostname: designate.customer.domain to: - lxd:1003 - lxd:1005 - lxd:1006 memcached: charm: cs:memcached num_units: 2 constraints: *oam-space-constr bindings: "": *internal-space cache: *internal-space options: allow-ufw-ip6-softfail: True to: # - designate-bind/0 # - designate-bind/1 - lxd:1006 - lxd:1007 ceilometer: charm: cs:ceilometer num_units: 3 bindings: "": *oam-space public: *public-space admin: *admin-space internal: *internal-space options: openstack-origin: *openstack-origin region: *openstack-region vip: *ceilometer-vip use-internal-endpoints: True os-internal-hostname: ceilometer-internal.customer.domain os-admin-hostname: ceilometer-admin.customer.domain os-public-hostname: ceilometer.customer.domain to: - lxd:1003 - lxd:1005 - lxd:1006 ceilometer-agent: charm: cs:ceilometer-agent num_units: 0 options: use-internal-endpoints: True neutron-openvswitch-octavia: charm: cs:neutron-openvswitch options: firewall-driver: openvswitch prevent-arp-spoofing: false bindings: "": *oam-space data: *overlay-space num_units: 0 octavia: charm: cs:octavia num_units: 3 bindings: "": *oam-space neutron-openvswitch: *overlay-space shared-db: *internal-space ha: *internal-space certificates: *public-space identity-service: *internal-space amqp: *internal-space options: openstack-origin: *openstack-origin region: *openstack-region use-internal-endpoints: True lb-mgmt-issuing-cacert: *lb-mgmt-issuing-cacert lb-mgmt-issuing-ca-private-key: *lb-mgmt-issuing-ca-private-key lb-mgmt-issuing-ca-key-passphrase: *lb-mgmt-issuing-ca-key-passphrase lb-mgmt-controller-cacert: *lb-mgmt-controller-cacert lb-mgmt-controller-cert: *lb-mgmt-controller-cert loadbalancer-topology: ACTIVE_STANDBY ssl_ca: include-base64://../certs/vault_ca.pem spare-pool-size: 4 amp-ssh-key-name: maas-key amp-ssh-pub-key: |- customer key os-internal-hostname: octavia-internal.customer.domain os-admin-hostname: octavia-admin.customer.domain os-public-hostname: octavia.customer.domain vip: *octavia-vip to: - lxd:1004 - lxd:1007 - lxd:1008 octavia-dashboard: charm: cs:octavia-dashboard num_units: 0 octavia-diskimage-retrofit: charm: cs:octavia-diskimage-retrofit options: retrofit-uca-pocket: *retrofit-uca-pocket amp-image-tag: octavia-amphora retrofit-series: bionic barbican: charm: cs:barbican num_units: 3 bindings: "": *oam-space shared-db: *internal-space ha: *internal-space certificates: *public-space identity-service: *internal-space amqp: *internal-space secrets: *public-space options: openstack-origin: *openstack-origin os-internal-hostname: barbican-internal.customer.domain os-admin-hostname: barbican-admin.customer.domain os-public-hostname: barbican.customer.domain vip: *barbican-vip to: - lxd:1004 - lxd:1007 - lxd:1008 barbican-vault: charm: cs:barbican-vault bindings: "": *oam-space glance-simplestreams-sync: charm: cs:glance-simplestreams-sync num_units: 1 options: source: ppa:simplestreams-dev/trunk run: false bindings: "": *oam-space amqp: *internal-space to: - lxd:1005 # XXX: LP: #1829150 - since juju won't setup additional # routes from MAAS, we have to use this policy-routing # charm to configure the gateway for the public network. public-policy-routing: charm: cs:~canonical-bootstack/policy-routing options: cidr: *public-network-cidr gateway: *public-network-gateway filebeat: charm: cs:filebeat options: logpath: "/var/log/*.log /var/log/*/*.log /var/log/syslog" install_keys: |- - | -----BEGIN PGP PUBLIC KEY BLOCK----- Version: SKS 1.1.6 Comment: Hostname: keyserver.ubuntu.com mQENBFI3HsoBCADXDtbNJnxbPqB1vDNtCsqhe49vFYsZN9IOZsZXgp7aHjh6CJBDA+bGFOwy hbd7at35jQjWAw1O3cfYsKAmFy+Ar3LHCMkV3oZspJACTIgCrwnkic/9CUliQe324qvObU2Q RtP4Fl0zWcfb/S8UYzWXWIFuJqMvE9MaRY1bwUBvzoqavLGZj3SF1SPO+TB5QrHkrQHBsmX+ Jda6d4Ylt8/t6CvMwgQNlrlzIO9WT+YN6zS+sqHd1YK/aY5qhoLNhp9G/HxhcSVCkLq8SStj 1ZZ1S9juBPoXV1ZWNbxFNGwOh/NYGldD2kmBf3YgCqeLzHahsAEpvAm8TBa7Q9W21C8vABEB AAG0RUVsYXN0aWNzZWFyY2ggKEVsYXN0aWNzZWFyY2ggU2lnbmluZyBLZXkpIDxkZXZfb3Bz QGVsYXN0aWNzZWFyY2gub3JnPokBOAQTAQIAIgUCUjceygIbAwYLCQgHAwIGFQgCCQoLBBYC AwECHgECF4AACgkQ0n1mbNiOQrRzjAgAlTUQ1mgo3nK6BGXbj4XAJvuZDG0HILiUt+pPnz75 nsf0NWhqR4yGFlmpuctgCmTD+HzYtV9fp9qW/bwVuJCNtKXk3sdzYABY+Yl0Cez/7C2GuGCO lbn0luCNT9BxJnh4mC9h/cKI3y5jvZ7wavwe41teqG14V+EoFSn3NPKmTxcDTFrV7SmVPxCB cQze00cJhprKxkuZMPPVqpBS+JfDQtzUQD/LSFfhHj9eD+Xe8d7sw+XvxB2aN4gnTlRzjL1n TRp0h2/IOGkqYfIG9rWmSLNlxhB2t+c0RsjdGM4/eRlPWylFbVMc5pmDpItrkWSnzBfkmXL3 vO2X3WvwmSFiQbkBDQRSNx7KAQgA5JUlzcMW5/cuyZR8alSacKqhSbvoSqqbzHKcUQZmlzNM KGTABFG1yRx9r+wa/fvqP6OTRzRDvVS/cycws8YX7Ddum7x8uI95b9ye1/Xy5noPEm8cD+hp lnpU+PBQZJ5XJ2I+1l9Nixx47wPGXeClLqcdn0ayd+v+Rwf3/XUJrvccG2YZUiQ4jWZkoxsA 07xx7Bj+Lt8/FKG7sHRFvePFU0ZS6JFx9GJqjSBbHRRkam+4emW3uWgVfZxuwcUCn1ayNgRt KiFv9jQrg2TIWEvzYx9tywTCxc+FFMWAlbCzi+m4WD+QUWWfDQ009U/WM0ks0KwwEwSk/UDu ToxGnKU2dQARAQABiQEfBBgBAgAJBQJSNx7KAhsMAAoJENJ9ZmzYjkK0c3MIAIE9hAR20mqJ WLcsxLtrRs6uNF1VrpB+4n/55QU7oxA1iVBO6IFu4qgsF12JTavnJ5MLaETlggXY+zDef9sy TPXoQctpzcaNVDmedwo1SiL03uMoblOvWpMR/Y0j6rm7IgrMWUDXDPvoPGjMl2q1iTeyHkMZ EyUJ8SKsaHh4jV9wp9KmC8C+9CwMukL7vM5w8cgvJoAwsp3Fn59AxWthN3XJYcnMfStkIuWg R7U2r+a210W6vnUxU4oN0PmMcursYPyeV0NX/KQeUeNMwGTFB6QHS/anRaGQewijkrYYoTNt fllxIu9XYmiBERQ/qPDlGRlOgVTd9xUfHFkzB52c70E= =92oX -----END PGP PUBLIC KEY BLOCK----- install_sources: | - 'deb https://artifacts.elastic.co/packages/5.x/apt stable main' openstack-service-checks: charm: cs:~canonical-bootstack/openstack-service-checks constraints: *oam-space-constr bindings: "": *public-space identity-credentials: *internal-space options: trusted_ssl_ca: include-base64://../certs/vault_ca.pem num_units: 1 to: - lxd:1000 nrpe-host: charm: cs:nrpe bindings: monitors: *oam-space options: nagios_hostname_type: "host" nagios_host_context: *nagios-context xfs_errors: "30" nrpe-container: charm: cs:nrpe bindings: monitors: *oam-space options: nagios_hostname_type: unit nagios_host_context: *nagios-context disk_root: '' load: '' swap: '' swap_activity: '' mem: '' landscape-client: charm: cs:landscape-client options: disable-unattended-upgrades: True account-name: "standalone" # registration-key must much the landscape application's # registration_key option set in master.yaml registration-key: customer-key url: https://x.x.1.9/message-system ping-url: https://x.x.1.9/ping #ssl-public-key: FCE_TEMPLATE prometheus-openstack-exporter: charm: cs:prometheus-openstack-exporter constraints: *oam-space-constr bindings: "": *public-space identity-credentials: *internal-space prometheus-openstack-exporter-service: *oam-space options: cpu-allocation-ratio: *cpu-allocation-ratio ram-allocation-ratio: *ram-allocation-ratio num_units: 1 to: - lxd:1002 telegraf: charm: cs:telegraf options: install_sources: | - 'deb http://ppa.launchpad.net/telegraf-devs/ppa/ubuntu bionic main' install_keys: |- - | -----BEGIN PGP PUBLIC KEY BLOCK----- Version: SKS 1.1.6 Comment: Hostname: keyserver.ubuntu.com mQINBFcVSuIBEAC80aj0tAQ6+NhGV/bkSwu6Oj+BpDR50Be3uBv7ttdtvChL5zHTnaxjdK3h LKSyrDLlmSOkffQ2uO7CxvqeF09MsHhyvrDDx0EY54//xxoAB++PoB2OQqmqldg3Al5Hp4Dz rllV5CIX5PD8NGX8UpO3HXk5wEwn9G81l8cia3vPveU82EIkHMiJGpk6+L86OMlwXzxkSI3M xXgNFKQc+ELDYLvGSseYC9vPN3kdmFoo/UjznPPE4fxr4bXit3N8Abl1jYjBa0x6SWkK1BAb s8w3BXtvyk90z9Oyme69wPD4zAYfFp+kN2nDmTDBMtNCyMu9oatdI5SukMNK4Lcm8eAE6VNs 04j7BKvGk9+17M8WP9Pw8nIisOwScS9gUlJlLUpnBaJ+sxoOvGQ4mzZxYMKzJh0E58aEX3bS AyzQfsae8bZLNOTcgotyzzIDJFF9npzu3wmKjeOt/706p4LiDqKUbQK6cI+QcJ/y80ZUK8pB M043ttSHWLmTBFX2drp6zQGae9+02fX89ZD+5c+MPlubJMYCCKkvQT4OssHfC+dVDQ66rwUy OObrzsVgikdpIxQVitL3J+Dms56xAkdFfoo+qdxxdv9S/eakc5mfavc/4WVvmFDaJiqJnJRR Ryw1zApRtuweEEdVn8niy1mahoKpWaw1pTI4AazjWI6xJH1JyQARAQABtB9MYXVuY2hwYWQg UFBBIGZvciBUZWxlZ3JhZiBEZXZziQI4BBMBAgAiBQJXFUriAhsDBgsJCAcDAgYVCAIJCgsE FgIDAQIeAQIXgAAKCRDxDL4ByUQG9UgbEACa4IzdeYxH/S5I6MrZfvWNo/JTZ/MZWDD+QlMW 60ThAemCUSE+NJvZZ1q7ovGFpYnHJT9GQXOwJAX1quDUqyM1uXNmLlOyIVNnmjUTINoLhw2V iC8E7dMWC9w4Na2fKezmNHH00kNl43ncstIjjZ3pLnDGYm1y0ItiCUcTRgHhx2cUZ/vStz1S Pdqj4P3i8vuspoYJ2T3VPlM/0G+u9Yjuy3Uzu9RugOyO3UJPoi3+4O2VTNosSBy5MILVCp49 eigyFVGpq5sT/c86qd1zqmsNWEubrlzDfETS4LMj9epr46ZKPXGQkeryt1m2Oe0HkIdNZ+IQ 5p+i9fnEy7/1uKTXWQYsg2UWsLA2PvTvwY8JxxMhUFgv12q2w7STntqJyi9PLItYNtbtKoS3 XZCCMqQLCWMXHY+2ol6rRSfs06H/wzlR8LjDaEXkDVuDmqMtcbgTboZYblsGxst7I/Y4Wgfi J52uiIyobQ69uJbG0XeRTLZ3WyrBkopEsTX/+sQjVqbADXYU4hBVDgnCf2uN/5dcwSEvDj8/ +WsToAfEJkscRBsQjTLVzf+eFqHLrbqz/yoYIqBc//IJMBSbxIf5mrOHHLdbOuMCB6PVwpTI vLFOSDNPuVDX+S1goA8KJTnXpm8jWDynn3XaXx3AlYw4iZ0ETSgQLQLRd6JuPOEGXsGdBA== =ufaX -----END PGP PUBLIC KEY BLOCK----- bindings: # overrides private-address exposed to prometheus prometheus-client: *oam-space telegraf-prometheus: charm: cs:telegraf bindings: # overrides private-address exposed to prometheus prometheus-client: *oam-space lldpd: charm: cs:lldpd-4 # XXX https://github.com/CanonicalLtd/charm-lldpd/issues/4 options: interfaces-regex: 'en*' canonical-livepatch: charm: cs:canonical-livepatch # vault easyrsa: charm: cs:~containers/easyrsa num_units: 1 bindings: "": *oam-space to: - 1016 etcd: charm: cs:etcd num_units: 3 constraints: spaces=oam-space bindings: "": *oam-space options: channel: 3.2/stable to: - 1013 - 1014 - 1015 mysql-vault: charm: cs:percona-cluster num_units: 3 bindings: "": *oam-space options: source: *openstack-origin innodb-buffer-pool-size: *mysql-innodb-buffer-pool-size vip: *mysql-vault-vip wait-timeout: *mysql-wait-timeout min-cluster-size: 3 enable-binlogs: True performance-schema: True max-connections: *mysql-connections tuning-level: *mysql-tuning-level to: - lxd:1017 - lxd:1018 - lxd:1019 vault: charm: cs:vault num_units: 3 bindings: "": *oam-space options: vip: *vault-vip hostname: vault-os.customer.domain auto-generate-root-ca-cert: true to: - 1010 - 1011 - 1012 relations: # openstack - [ aodh, mysql ] - [ aodh, keystone ] - [ "aodh:amqp", "rabbitmq-server:amqp" ] - [ aodh, nrpe-container ] - [ aodh, landscape-client ] - [ aodh, telegraf ] - [ aodh, filebeat ] - [ aodh, logrotate ] # - [ keystone, keystone-ldap ] - [ nova-compute, ntp ] # - [ neutron-gateway, ntp ] - [ nova-compute, lldpd ] # - [ neutron-gateway, lldpd ] - [ nova-compute, canonical-livepatch ] # - [ neutron-gateway, canonical-livepatch ] - [ mysql, hacluster-mysql ] - [ keystone, hacluster-keystone ] - [ aodh, hacluster-aodh ] - [ glance, hacluster-glance ] - [ gnocchi, hacluster-gnocchi ] - [ cinder, hacluster-cinder ] - [ designate, hacluster-designate ] - [ neutron-api, hacluster-neutron ] - [ nova-cloud-controller, hacluster-nova ] - [ openstack-dashboard, hacluster-horizon ] - [ heat, hacluster-heat ] - [ keystone, mysql ] - [ "ceilometer:identity-credentials", "keystone:identity-credentials" ] - [ "ceilometer:amqp", "rabbitmq-server:amqp" ] - [ ceilometer, hacluster-ceilometer ] - [ cinder, mysql ] - [ cinder, keystone ] - [ "cinder:amqp", "rabbitmq-server:amqp" ] - [ designate, mysql ] # - [ designate, designate-bind ] - [ designate, keystone ] - [ "designate:amqp", "rabbitmq-server:amqp" ] - [ designate, memcached ] - [ glance, mysql ] - [ glance, keystone ] - [ "glance:amqp", "rabbitmq-server:amqp" ] - [ gnocchi, mysql ] - [ "gnocchi:amqp", "rabbitmq-server:amqp" ] - [ gnocchi, keystone ] - [ gnocchi, memcached ] - [ gnocchi, ceilometer ] - [ gnocchi, filebeat ] - [ gnocchi, logrotate ] - [ gnocchi, telegraf ] - [ gnocchi, nrpe-container ] - [ gnocchi, landscape-client ] - [ heat, mysql ] - [ heat, keystone ] - [ "heat:amqp", "rabbitmq-server:amqp" ] - [ "nova-cloud-controller:shared-db", "mysql:shared-db" ] - [ "nova-cloud-controller:amqp", "rabbitmq-server:amqp" ] - [ nova-cloud-controller, keystone ] - [ nova-cloud-controller, glance ] - [ "nova-cloud-controller:memcache", "memcached:cache" ] - [ neutron-api, mysql ] - [ "neutron-api:amqp", "rabbitmq-server:amqp" ] - [ neutron-api, nova-cloud-controller ] - [ neutron-api, keystone ] # - [ neutron-gateway, nova-cloud-controller ] # - [ "neutron-gateway:amqp", "rabbitmq-server:amqp" ] # - [ "neutron-gateway:neutron-plugin-api", "neutron-api:neutron-plugin-api" ] - [ "neutron-openvswitch:amqp", "rabbitmq-server:amqp" ] - [ neutron-openvswitch, neutron-api ] - [ "nova-compute:amqp", "rabbitmq-server:amqp" ] - [ nova-compute, glance ] - [ nova-compute, neutron-openvswitch ] - [ nova-compute, nova-cloud-controller ] - [ "openstack-dashboard:identity-service", "keystone:identity-service" ] - [ openstack-dashboard, mysql ] - [ ceilometer-agent, nova-compute ] - [ ceilometer-agent, ceilometer ] - [ "ceilometer-agent:amqp", "rabbitmq-server:amqp" ] - [ nova-compute, filebeat ] - [ nova-compute, logrotate ] - [ nova-compute, nrpe-host ] - [ "nova-compute:juju-info", "telegraf:juju-info" ] - [ nova-compute, landscape-client ] # - [ neutron-gateway, filebeat ] # - [ neutron-gateway, logrotate ] # - [ neutron-gateway, nrpe-host ] # - [ "neutron-gateway:juju-info", "telegraf:juju-info" ] # - [ neutron-gateway, landscape-client ] - [ cinder, filebeat ] - [ cinder, logrotate ] - [ cinder, nrpe-container ] - [ "cinder:juju-info", "telegraf:juju-info" ] - [ cinder, landscape-client ] - [ "glance:image-service", "cinder:image-service" ] - [ glance, filebeat ] - [ glance, logrotate ] - [ glance, nrpe-container ] - [ "glance:juju-info", "telegraf:juju-info" ] - [ glance, landscape-client ] - [ keystone, filebeat ] - [ keystone, logrotate ] - [ keystone, nrpe-container ] - [ "keystone:juju-info", "telegraf:juju-info" ] - [ keystone, landscape-client ] - [ mysql, filebeat ] - [ mysql, logrotate ] - [ mysql, nrpe-container ] - [ "mysql:juju-info", "telegraf:juju-info" ] - [ mysql, landscape-client ] - [ neutron-api, filebeat ] - [ neutron-api, logrotate ] - [ neutron-api, nrpe-container ] - [ "neutron-api:juju-info", "telegraf:juju-info" ] - [ neutron-api, landscape-client ] - [ nova-cloud-controller, filebeat ] - [ nova-cloud-controller, logrotate ] - [ nova-cloud-controller, nrpe-container ] - [ "nova-cloud-controller:juju-info", "telegraf:juju-info" ] - [ nova-cloud-controller, landscape-client ] - [ openstack-dashboard, filebeat ] - [ openstack-dashboard, logrotate ] - [ openstack-dashboard, nrpe-container ] - [ "openstack-dashboard:juju-info", "telegraf:juju-info" ] - [ openstack-dashboard, landscape-client ] - [ rabbitmq-server, filebeat ] - [ rabbitmq-server, logrotate ] - [ rabbitmq-server, nrpe-container ] - [ "rabbitmq-server:juju-info", "telegraf:juju-info" ] - [ rabbitmq-server, landscape-client ] - [ heat, filebeat ] - [ heat, logrotate ] - [ heat, nrpe-container ] - [ "heat:juju-info", "telegraf:juju-info" ] - [ heat, landscape-client ] - [ designate, filebeat ] - [ designate, logrotate ] - [ designate, nrpe-container ] - [ "designate:juju-info", "telegraf:juju-info" ] - [ designate, neutron-api ] - [ designate, landscape-client ] # - [ designate-bind, filebeat ] # - [ designate-bind, logrotate ] # - [ designate-bind, nrpe-container ] # - [ "designate-bind:juju-info", "telegraf:juju-info" ] # - [ designate-bind, landscape-client ] - [ ceilometer, filebeat ] - [ ceilometer, logrotate ] - [ ceilometer, nrpe-container ] - [ "ceilometer:juju-info", "telegraf:juju-info" ] - [ ceilometer, landscape-client ] - [ barbican, filebeat ] - [ barbican, logrotate ] - [ barbican, nrpe-container ] - [ "barbican:juju-info", "telegraf:juju-info" ] - [ barbican, landscape-client ] - [ octavia, filebeat ] - [ octavia, logrotate ] - [ octavia, nrpe-container ] - [ "octavia:juju-info", "telegraf:juju-info" ] - [ octavia, landscape-client ] - [ "graylog:beats", "filebeat:logstash" ] - [ "nagios:monitors", "nrpe-container:monitors" ] - [ "nagios:monitors", "nrpe-host:monitors" ] - [ "prometheus-target:target", "telegraf:prometheus-client" ] - [ "prometheus-target:target", "telegraf-prometheus:prometheus-client" ] - [ openstack-service-checks, nrpe-container ] - [ openstack-service-checks, telegraf ] - [ openstack-service-checks, filebeat ] - [ openstack-service-checks, logrotate ] - [ openstack-service-checks, landscape-client ] - [ glance-simplestreams-sync, keystone ] - [ glance-simplestreams-sync, nrpe-container ] - [ glance-simplestreams-sync, telegraf ] - [ glance-simplestreams-sync, logrotate ] - [ glance-simplestreams-sync, landscape-client ] - [ "openstack-service-checks:identity-credentials", "keystone:identity-credentials" ] - [ "openstack-service-checks:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "prometheus-openstack-exporter:identity-credentials", "keystone:identity-credentials" ] - [ "prometheus-openstack-exporter:juju-info", "landscape-client:container" ] - [ "prometheus-openstack-exporter:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "prometheus-openstack-exporter:prometheus-openstack-exporter-service", "prometheus-target:target" ] - [ prometheus-openstack-exporter, filebeat ] - [ prometheus-openstack-exporter, logrotate ] - [ prometheus-openstack-exporter, "telegraf:juju-info" ] - [ cinder, cinder-purestorage ] # Additional relationship requirements - [ telegraf, prometheus-openstack-exporter ] - [ "ceilometer:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "cinder:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "glance:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "hacluster-aodh:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "hacluster-ceilometer:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "hacluster-cinder:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "hacluster-designate:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "hacluster-glance:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "hacluster-gnocchi:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "hacluster-heat:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "hacluster-horizon:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "hacluster-keystone:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "hacluster-mysql:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "hacluster-neutron:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "hacluster-nova:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "keystone:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "mysql:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "neutron-api:nrpe-external-master", "nrpe-container:nrpe-external-master" ] # - [ "neutron-gateway:nrpe-external-master", "nrpe-host:nrpe-external-master" ] - [ "nova-cloud-controller:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "nova-compute:nrpe-external-master", "nrpe-host:nrpe-external-master" ] - [ "openstack-dashboard:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "rabbitmq-server:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ vault, hacluster-vault ] - [ mysql-vault, hacluster-mysql-vault ] - [ "vault:shared-db", "mysql-vault:shared-db"] - [ "etcd:certificates", "easyrsa:client" ] - [ "etcd:db", "vault:etcd" ] - [ vault, landscape-client ] - [ mysql-vault, landscape-client ] - [ etcd, landscape-client ] - [ easyrsa, landscape-client ] - [ telegraf, vault ] - [ telegraf, mysql-vault ] - [ telegraf, etcd ] - [ telegraf, easyrsa ] - [ filebeat, vault ] - [ filebeat, mysql-vault ] - [ filebeat, etcd ] - [ filebeat, easyrsa ] - [ nrpe-host, easyrsa ] - [ nrpe-host, etcd ] - [ nrpe-host, vault ] - [ nrpe-host, mysql-vault ] - [ ntp, vault ] - [ ntp, mysql-vault ] - [ ntp, etcd ] - [ ntp, easyrsa ] - [ canonical-livepatch, etcd ] - [ canonical-livepatch, vault ] - [ canonical-livepatch, mysql-vault ] # Public policy-routing relations - ["public-policy-routing:juju-info", "aodh:juju-info"] - ["public-policy-routing:juju-info", "ceilometer:juju-info"] - ["public-policy-routing:juju-info", "cinder:juju-info"] - ["public-policy-routing:juju-info", "designate:juju-info"] # - ["public-policy-routing:juju-info", "designate-bind:juju-info"] - ["public-policy-routing:juju-info", "glance:juju-info"] - ["public-policy-routing:juju-info", "gnocchi:juju-info"] - ["public-policy-routing:juju-info", "heat:juju-info"] - ["public-policy-routing:juju-info", "keystone:juju-info"] - ["public-policy-routing:juju-info", "neutron-api:juju-info"] - ["public-policy-routing:juju-info", "nova-cloud-controller:juju-info"] - ["public-policy-routing:juju-info", "openstack-dashboard:juju-info"] - ["public-policy-routing:juju-info", "barbican:juju-info"] - ["public-policy-routing:juju-info", "octavia:juju-info"] - ["public-policy-routing:juju-info", "memcached:juju-info"] # vault - ["aodh:certificates", "vault-certificates:certificates"] - ["ceilometer:certificates", "vault-certificates:certificates"] - ["cinder:certificates", "vault-certificates:certificates"] - ["openstack-dashboard:certificates", "vault-certificates:certificates"] - ["designate:certificates", "vault-certificates:certificates"] - ["glance:certificates", "vault-certificates:certificates"] - ["gnocchi:certificates", "vault-certificates:certificates"] - ["heat:certificates", "vault-certificates:certificates"] - ["keystone:certificates", "vault-certificates:certificates"] - ["neutron-api:certificates", "vault-certificates:certificates"] - ["nova-cloud-controller:certificates", "vault-certificates:certificates"] # - ["rabbitmq-server:certificates", "vault-certificates:certificates"] - ["nova-compute:secrets-storage", "vault:secrets"] - ["octavia:certificates", "vault-certificates:certificates"] - ["cinder-purestorage:certificates", "vault-certificates:certificates"] # octavia - [hacluster-octavia, octavia] - ["mysql:shared-db", "barbican:shared-db"] - ["keystone:identity-service", "barbican:identity-service"] - ["rabbitmq-server:amqp", "barbican:amqp"] - ["barbican-vault:secrets", "barbican:secrets"] - ["vault:secrets", "barbican-vault:secrets-storage"] - ["octavia:amqp", "rabbitmq-server:amqp"] - ["octavia:shared-db", "mysql:shared-db"] - ["octavia:identity-service", "keystone:identity-service"] - ["octavia:neutron-api", "neutron-api:neutron-load-balancer"] - ["octavia:neutron-openvswitch", "neutron-openvswitch-octavia:neutron-plugin"] - ["octavia-diskimage-retrofit", "glance-simplestreams-sync"] - ["octavia-diskimage-retrofit", "keystone"] - ["octavia-dashboard", "openstack-dashboard"] - ["neutron-openvswitch-octavia:neutron-plugin-api", "neutron-api:neutron-plugin-api"] - ["neutron-openvswitch-octavia:amqp", "rabbitmq-server:amqp"] - [hacluster-barbican, barbican] saas: grafana: url: foundations-maas:admin/lma.grafana vault-certificates: url: foundations-maas:admin/vault.vault-certificates graylog: url: foundations-maas:admin/lma.graylog nagios: url: foundations-maas:admin/lma.nagios prometheus-target: url: foundations-maas:admin/lma.prometheus-target prometheus-jobs: url: foundations-maas:admin/lma.prometheus-jobs