IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This feature let's cloud admin to proxy VM connections to any service through the hypervisor. VMs uses a link local IP that is forwarded to a local proxy. This simplifies VM network requirements, e.g. to access gateway, vaults, configuration services etc...
Implementation:
- Use network namespaces to isolate VNET networking. ip netns command is executed through a wrapper to limit sudo access to commands.
- Add tproxy.rb app to manage a group of daemons on HV nodes.
- Use unix sockets for communication between proxy peers. "Inner" proxy runs in the netns without any network access. "Outer" proxy handles HV connections to services.
- Use OpenNebulaNetwork.conf + 'onehost sync -f' for configuration. Proxy can be defined per network.
This commit implements a transparent proxy for OneGate service (as well as any other TCP service)
* #6281: Disable legacy OneGateProxy
* Implement OneGateProxy in VN drivers
- Fix LXC linuxcontainers monitor action (error setting header)
- Update context packages URL reference to point to the new location
- Add lxc marketplace utility to sudoers file (removed in a previous
commit)
- Remove CentOS from supported OS list in LXC marketplace
(CentOS9_Stream includes some failures that need further debugging)
* Revert "F #5328: Update logrotate behavior to avoid long restarts (#2275)". This reverts commit 6b1127f180.
* B #5328: Don't wait for log compressing
* B #6034: Don't overwrite logs
While having already `copytruncate` in logroate we don't need to implement signaling and re-openning files.
* L #-: Linting
When (for whatever reason) opennebula-ssh-agent gets killed
it leaves existing socket and following start fails with
opennebula-ssh-agent[2333]: unix_listener: cannot bind to path /var/run/one/ssh-agent.sock: Address already in use
- CVLANs to 1dotq-tunnel
- QINQ_TYPE defaults to 802.1q
- Addts support fot MTU set of OVS ports
co-authored-by: Mikhail Samoylov <msamoylov@opennebula.io>
* F #5257: Remove econe server
Also, disable hybrid section by default in Sunstone
* F #5257: Revert onecfg change
* remove amazon-ec2 unneeded gem
* remove file no longer present from install.sh
Enforce logrotate before the start of any opennebula's supervisor
service - as is done similarly in the systemd services.
Signed-off-by: Petr Ospalý <pospaly@opennebula.io>
Each supervisord service (where missing or usable) can use its own
config file which will be sourced. Thanks to this services do not rely
on properly populated environment with all needed variables.
Useful when supervisord is run like this:
% env -i /usr/bin/supervisord
Signed-off-by: Petr Ospalý <pospaly@opennebula.io>
* Public IP no longer uses NAT'ing
* Improved handle of host collections and indexes
* Update of ansible roles and playbooks
Co-authored-by: Ruben S. Montero <rsmontero@opennebula.org>
This commit solves issues with creating new VM images based on the
docker images inside a container environment.
If fuse2fs command is present then prefer its use instead of the default
mount command which will work only under root or otherwise privileged
user.
This commit solves the mounting issue inside the rootless container
environment.
Also add a new environment file to the oned supervisord service so we
can start oned process with some additional env. variables - notably
DOCKER_HOST.
Signed-off-by: Petr Ospalý <pospaly@opennebula.io>
- New supervisord service containerd
- New supervisord service docker
- Small fix in function.sh to pick up also socket files
Signed-off-by: Petr Ospalý <pospaly@opennebula.io>
By default supervisord waits only 10s before it sends SIGKILL to its
services. This commit raises this limit to 90s in all services -
matching the default in systemd (DefaultTimeoutStopSec).
Signed-off-by: Petr Ospalý <pospaly@opennebula.io>
