shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-01-25 06:03:36 +03:00
Code Releases Wiki Activity
one/share/etc/oned.conf
Ruben S. Montero e433ccb85b
F #5516: New backup interface for OpenNebula 
co-authored-by: Frederick Borges <fborges@opennebula.io>
co-authored-by: Neal Hansen <nhansen@opennebula.io>
co-authored-by: Daniel Clavijo Coca <dclavijo@opennebula.io>
co-authored-by: Pavel Czerný <pczerny@opennebula.systems>

BACKUP INTERFACE
=================

* Backups are exposed through a a special Datastore (BACKUP_DS) and
  Image (BACKUP) types. These new types can only be used for backup'ing
  up VMs. This approach allows to:

  - Implement tier based backup policies (backups made on different
    locations).

  - Leverage access control and quota systems

  - Support differnt storage and backup technologies

* Backup interface for the VMs:

  - VM configures backups with BACKUP_CONFIG. This attribute can be set
    in the VM template or updated with updateconf API call. It can include:

    + BACKUP_VOLATILE: To backup or not volatile disks

    + FS_FREEZE: How the FS is freeze for running VMs (qemu-agent,
      suspend or none). When possible backups are crash consistent.

    + KEEP_LAST: keep only a given number of backups.

  - Backups are initiated by the one.vm.backup API call that requires
    the target Datastore to perform the backup (one-shot). This is
    exposed by the onevm backup command.

  - Backups can be periodic through scheduled actions.

  - Backup configuration is updated with one.vm.updateconf API call.

* Restore interface:

  - Restores are initiated by the one.image.restore API call. This is
    exposed by oneimage restore command.

  - Restore include configurable options for the VM template

    + NO_IP: to not preserve IP addresses (but keep the NICs and network
      mapping)

    + NO_NIC: to not preserve network mappings

  - Other template attributes:

    + Clean PCI devices, including network configuration in case of TYPE=NIC
    attributes. By default it removes SHORT_ADDRESS and leave the "auto"
    selection attributes.

    + Clean NUMA_NODE, removes node id and cpu sets. It keeps the NUMA node

  - It is possible to restore single files stored in the repository by
    using the backup specific URL.

* Sunstone (Ruby version) has been updated to expose this feautres.

BACKUP DRIVERS & IMPLEMENTATION
===============================

* Backup operation is implemented by a combination of 3 driver operations:

  - VMM. New (internal oned <-> one_vmm_exec.rb) to orchestrate
    backups for RUNNING VMs.

  - TM. This commit introduces 2 new operations (and their
    corresponding _live variants):

    + pre_backup(_live): Prepares the disks to be back'ed up in the
      repository. It is specific to the driver: (i) ceph uses the export
      operation; (ii) qcow2/raw uses snapshot-create-as and fs_freeze as
      needed.
    + post_backup(_live): Performs cleanning operations, i.e. KVM
      snapshots or tmp dirs.

  - DATASTORE. Each backup technology is represented by its
    corresponfing driver, that needs to implement:

    + backup: it takes the VM disks in file (qcow2) format and stores it
      the backup repository.

    + restore: it takes a backup image and restores the associated disks
      and VM template.

    + monitor: to gather available space in the repository

    + rm: to remove existing backups

    + stat: to return the "restored" size of a disk stored in a backup

    + downloader pseudo-URL handler: in the form
      <backup_proto>://<driver_snapshot_id>/<disk filename>

BACKUP MANAGEMENT
=================

Backup actions may potentially take some time, leaving some vmm_exec threads in
use for a long time, stucking other vmm operations. Backups are planned
by the scheduler through the sched action interface.

Two attributes has been added to sched.conf:
  * MAX_BACKUPS max active backup operations in the cloud. No more
    backups will be started beyond this limit.

  * MAX_BACKUPS_HOST max number of backups per host

* Fix onevm CLI to properly show and manage schedule actions. --schedule
  supports now, as well as relative times +<seconds_from_stime>

  onvm backup --schedule now -d 100 63

* Backup is added as VM_ADMIN_ACTIONS in oned.conf. Regular users needs
  to use the batch interface or request specific permissions

Internal restructure of Scheduler:

- All sched_actions interface is now in SchedActionsXML class and files.
  This class uses references to VM XML, and MUST be used in the same
  lifetime scope.

- XMLRPC API calls for sched actions has been moved to ScheduledActionXML.cc as
  static functions.

- VirtualMachineActionPool includes counters for active backups (total
  and per host).

SUPPORTED PLATFORMS
====================
* hypervisor: KVM
* TM: qcow2/shared/ssh, ceph
* backup: restic, rsync

Notes on Ceph

* Ceph backups are performed in the following steps:
    1. A snapshot of each disk is taken (group snapshots cannot be used as
       it seems we cannot export the disks afterwards)
    2. Disks are export to a file
    3. File is converted to qcow2 format
    4. Disk files are upload to the backup repo

TODO:
  * Confirm crash consistent snapshots cannot be used in Ceph

TODO:
  * Check if using VM dir instead of full path is better to accomodate
    DS migrations i.e.:
    - Current path: /var/lib/one/datastores/100/53/backup/disk.0
    - Proposal: 53/backup/disk.0

RESTIC DRIVER
=============
Developed together with this feature is part of the EE edtion.

* It supports the SFTP protocol, the following attributes are
  supported:

  - RESTIC_SFTP_SERVER
  - RESTIC_SFTP_USER: only if different from oneadmin
  - RESTIC_PASSWORD
  - RESTIC_IONICE: Run restic under a given ionice priority (class 2)
  - RESTIC_NICE: Run restic under a given nice
  - RESTIC_BWLIMIT: Limit restic upload/download BW
  - RESTIC_COMPRESSION: Restic 0.14 implements compression (three modes:
    off, auto, max). This requires repositories version 2. By default,
    auto is used (average compression without to much CPU usage)
  - RESTIC_CONNECTIONS: Sets the number of concurrent connections to a
    backend (5 by default). For high-latency backends this number can be
    increased.

* downloader URL: restic://<datastore_id>/<snapshot_id>/<file_name>
  snapshot_id is the restic snapshot hash. To recover single disk images
  from a backup. This URLs support:

  - RESTIC_CONNECTIONS
  - RESTIC_BWLIMIT
  - RESTIC_IONICE
  - RESTIC_NICE

  These options needs to be defined in the associated datastore.

RSYNC DRIVER
=============
A rsync driver is included as part of the CE distribution. It uses the
rsync tool to store backups in a remote server through SSH:

* The following attributes are supported to configure the backup
  datastore:

  - RSYNC_HOST
  - RSYNC_USER
  - RSYNC_ARGS: Arguments to perform the rsync operatin (-aS by default)

* downloader URL: rsync://<ds_id>/<vmid>/<hash>/<file> can be used to recover
  single files from an existing backup. (RSYNC_HOST and RSYN_USER needs
  to be set in ds_id

EMULATOR_CPUS
=============

This commit includes a non related backup feature:

* Add EMULATOR_CPUS (KVM). This host (or cluster attribute) defines the
  CPU IDs where the emulator threads will be pinned. If this value is
  not defined the allocated CPU wll be used when using a PIN policy.

(cherry picked from commit a9e6a8e000e9a5a2f56f80ce622ad9ffc9fa032b)

F OpenNebula/one#5516: adding rsync backup driver

(cherry picked from commit fb52edf5d009dc02b071063afb97c6519b9e8305)

F OpenNebula/one#5516: update install.sh, add vmid to source, some polish

Signed-off-by: Neal Hansen <nhansen@opennebula.io>
(cherry picked from commit 6fc6f8a67e435f7f92d5c40fdc3d1c825ab5581d)

F OpenNebula/one#5516: cleanup

Signed-off-by: Neal Hansen <nhansen@opennebula.io>
(cherry picked from commit 12f4333b833f23098142cd4762eb9e6c505e1340)

F OpenNebula/one#5516: update downloader, default args, size check

Signed-off-by: Neal Hansen <nhansen@opennebula.io>
(cherry picked from commit 510124ef2780a4e2e8c3d128c9a42945be38a305)

LL

(cherry picked from commit d4fcd134dc293f2b862086936db4d552792539fa)
2022-10-07 22:01:37 +02:00

1502 lines
58 KiB
Plaintext
Raw Blame History

#*******************************************************************************
# OpenNebula Configuration file
#*******************************************************************************
#*******************************************************************************
# Daemon configuration attributes
#-------------------------------------------------------------------------------
# MANAGER_TIMER: Time in seconds the core uses to evaluate periodical functions.
# MONITORING_INTERVALS cannot have a smaller value than MANAGER_TIMER.
#
# MONITORING_INTERVAL_MARKET: Time in seconds between market monitorization.
# MONITORING_INTERVAL_DATASTORE: Time in seconds between image monitorization.
# MONITORING_INTERVAL_DB_UPDATE: Time in seconds between DB writes of VM
# monitoring information. -1 to disable DB updating and 0 to write every update
#
# DS_MONITOR_VM_DISK: Number of MONIROTING_INTERVAL_DATASTORE intervals to monitor
# VM disks. 0 to disable. Only applies to fs and fs_lvm datastores
#
# SCRIPTS_REMOTE_DIR: Remote path to store the monitoring and VM management
# scripts.
#
# DB: Configuration attributes for the database backend
# backend : can be sqlite or mysql (default is sqlite)
# server : (mysql) host name or an IP address for the MySQL server
# port : (mysql) port for the connection to the server.
# If set to 0, the default port is used.
# user : (mysql) user's MySQL login ID
# passwd : (mysql) the password for user
# db_name : (mysql) the database name
# connections: (mysql) number of max. connections to mysql server
# compare_binary: (mysql) compare strings using BINARY clause
# makes name searches case sensitive.
# encoding: charset to use for the db connections
# timeout : (sqlite) timeout in ms for acquiring lock to DB,
# should be at least 100 ms
# errors_limit : number of consecutive DB errors to stop oned node in HA
# default 25, use -1 to disable this feature
#
# VNC_PORTS: VNC port pool for automatic VNC port assignment, if possible the
# port will be set to ``START`` + ``VMID``
# start : first port to assign
# reserved: comma separated list of ports or ranges. Two numbers separated by
# a colon indicate a range.
#
# LOG: Configuration for the logging system
# system: defines the logging system:
# file to log in the oned.log file
# syslog to use the syslog facilities
# std to use the default log stream (stderr) to use with systemd
# debug_level:
# 0 = ERROR
# 1 = WARNING
# 2 = INFO
# 3 = DEBUG
# 4 = DDEBUG
# 5 = DDDEBUG
# use_vms_location: defines if store VM logs in VMS_LOCATION
#
#*******************************************************************************
LOG = [
SYSTEM = "file",
DEBUG_LEVEL = 3,
USE_VMS_LOCATION = "NO"
]
#MANAGER_TIMER = 15
MONITORING_INTERVAL_DATASTORE = 300
MONITORING_INTERVAL_MARKET = 600
MONITORING_INTERVAL_DB_UPDATE = 0
#DS_MONITOR_VM_DISK = 10
SCRIPTS_REMOTE_DIR=/var/tmp/one
DB = [ BACKEND = "sqlite",
TIMEOUT = 2500 ]
# Sample configuration for MySQL
# DB = [ BACKEND = "mysql",
# SERVER = "localhost",
# PORT = 0,
# USER = "oneadmin",
# PASSWD = "oneadmin",
# DB_NAME = "opennebula",
# CONNECTIONS = 25,
# COMPARE_BINARY = "no" ]
VNC_PORTS = [
START = 5900,
RESERVED = "32768:65536"
# RESERVED = "6800, 6801, 6810:6820, 9869"
]
#*******************************************************************************
# Server network and connection
#-------------------------------------------------------------------------------
# PORT: Port where oned will listen for xmlrpc calls.
#
# LISTEN_ADDRESS: Host IP to listen on for xmlrpc calls (default: all IPs).
#
# HOSTNAME: This Hostname is used by OpenNebula daemon to connect to the
# frontend during drivers operations. If this variable is not set, OpenNebula
# will auto detect it. It can be in FQDN format, hostname or an IP
PORT = 2633
LISTEN_ADDRESS = "0.0.0.0"
# HOSTNAME = "one-hostname"
#*******************************************************************************
# API configuration attributes
#-------------------------------------------------------------------------------
# VM_SUBMIT_ON_HOLD: Forces VMs to be created on hold state instead of pending.
# Values: YES or NO.
# API_LIST_ORDER: Sets order (by ID) of elements in list API calls.
# Values: ASC (ascending order) or DESC (descending order)
#*******************************************************************************
#
#API_LIST_ORDER = "DESC"
#VM_SUBMIT_ON_HOLD = "NO"
#*******************************************************************************
# Federation & HA configuration attributes
#-------------------------------------------------------------------------------
# Control the federation capabilities of oned. Operation in a federated setup
# requires a special DB configuration.
#
# FEDERATION: Federation attributes
# MODE: Operation mode of this oned.
# STANDALONE no federated.This is the default operational mode
# MASTER this oned is the master zone of the federation
# SLAVE this oned is a slave zone
# ZONE_ID: The zone ID as returned by onezone command
# SERVER_ID: ID identifying this server in the zone as returned by the
# onezone server-add command. This ID controls the HA configuration of
# OpenNebula:
# -1 (default) OpenNebula will operate in "solo" mode no HA
# <id> Operate in HA (leader election and state replication)
# MASTER_ONED: The xml-rpc endpoint of the master oned, e.g.
# http://master.one.org:2633/RPC2
#
#
# RAFT: Algorithm attributes
# LIMIT_PURGE: Number of logs that will be deleted on each purge.
# LOG_RETENTION: Number of DB log records kept, it determines the
# synchronization window across servers and extra storage space needed.
# LOG_PURGE_TIMEOUT: How often applied records are purged according the log
# retention value. (in seconds)
# ELECTION_TIMEOUT_MS: Timeout to start a election process if no heartbeat
# or log is received from leader.
# BROADCAST_TIMEOUT_MS: How often heartbeats are sent to followers.
# XMLRPC_TIMEOUT_MS: To timeout raft related API calls. To set an infinite
# timeout set this value to 0.
#
# RAFT_LEADER_HOOK: Executed when a server transits from follower->leader
# The purpose of this hook is to configure the Virtual IP.
# COMMAND: raft/vip.sh is a fully working script, this should not be changed
# ARGUMENTS: <interface> and <ip_cidr> must be replaced. For example
# ARGUMENTS = "leader ens1 10.0.0.2/24"
#
# RAFT_FOLLOWER_HOOK: Executed when a server transits from leader->follower
# The purpose of this hook is to configure the Virtual IP.
# COMMAND: raft/vip.sh is a fully working script, this should not be changed
# ARGUMENTS: <interface> and <ip_cidr> must be replaced. For example
# ARGUMENTS = "follower ens1 10.0.0.2/24"
#
# NOTE: Timeout tunning depends on the latency of the servers (network and load)
# as well as the max downtime tolerated by the system. Timeouts needs to be
# greater than 10ms
#
#*******************************************************************************
FEDERATION = [
MODE = "STANDALONE",
ZONE_ID = 0,
SERVER_ID = -1,
MASTER_ONED = ""
]
RAFT = [
LIMIT_PURGE = 100000,
LOG_RETENTION = 250000,
LOG_PURGE_TIMEOUT = 60,
ELECTION_TIMEOUT_MS = 5000,
BROADCAST_TIMEOUT_MS = 500,
XMLRPC_TIMEOUT_MS = 1000
]
# Executed when a server transits from follower->leader
# RAFT_LEADER_HOOK = [
# COMMAND = "raft/vip.sh",
# ARGUMENTS = "leader interface ip_cidr [interface ip_cidr ...]"
# ]
# Executed when a server transits from leader->follower
# RAFT_FOLLOWER_HOOK = [
# COMMAND = "raft/vip.sh",
# ARGUMENTS = "follower interface ip_cidr [interface ip_cidr ...]"
# ]
#*******************************************************************************
# Default showback cost
#-------------------------------------------------------------------------------
# The following attributes define the default cost for Virtual Machines that
# don't have a CPU, MEMORY or DISK cost. This is used by the oneshowback
# calculate method.
#*******************************************************************************
DEFAULT_COST = [
CPU_COST = 0,
MEMORY_COST = 0,
DISK_COST = 0
]
# Should showback calculation count only running VMs.
# If 'no' showback will inlcude also reserved CPU and MEMORY, e.g. VM states
# POWEROFF or SUSPENDED
SHOWBACK_ONLY_RUNNING = "no"
#*******************************************************************************
# XML-RPC server configuration
#-------------------------------------------------------------------------------
# These are configuration parameters for oned's xmlrpc-c server
#
# MAX_CONN: Maximum number of simultaneous TCP connections the server
# will maintain
#
# MAX_CONN_BACKLOG: Maximum number of TCP connections the operating system
# will accept on the server's behalf without the server accepting them from
# the operating system
#
# KEEPALIVE_TIMEOUT: Maximum time in seconds that the server allows a
# connection to be open between RPCs
#
# KEEPALIVE_MAX_CONN: Maximum number of RPCs that the server will execute on
# a single connection
#
# TIMEOUT: Maximum time in seconds the server will wait for the client to
# do anything while processing an RPC. This timeout will be also used when
# proxy calls to the master in a federation.
#
# RPC_LOG: Create a separated log file for xml-rpc requests, in
# "/var/log/one/one_xmlrpc.log".
#
# MESSAGE_SIZE: Buffer size in bytes for XML-RPC responses.
#
# LOG_CALL_FORMAT: Format string to log XML-RPC calls. Interpreted strings:
# %i -- request id
# %m -- method name
# %u -- user id
# %U -- user name
# %l[number] -- param list and number of characters (optional) to print
# each parameter, default is 20. Example: %l300
# %p -- user password
# %g -- group id
# %G -- group name
# %a -- auth token
# %A -- client IP address (only IPv4 supported)
# %P -- client TCP port
# %% -- %
#*******************************************************************************
#MAX_CONN = 15
#MAX_CONN_BACKLOG = 15
#KEEPALIVE_TIMEOUT = 15
#KEEPALIVE_MAX_CONN = 30
#TIMEOUT = 15
#RPC_LOG = NO
#MESSAGE_SIZE = 1073741824
#LOG_CALL_FORMAT = "Req:%i UID:%u IP:%A %m invoked %l20"
#*******************************************************************************
# Physical Networks configuration
#*******************************************************************************
# NETWORK_SIZE: Here you can define the default size for the virtual networks
#
# MAC_PREFIX: Default MAC prefix to be used to create the auto-generated MAC
# addresses is defined here (this can be overwritten by the Virtual Network
# template)
#
# VLAN_IDS: VLAN ID pool for the automatic VLAN_ID assignment. This pool
# is for 802.1Q networks (Open vSwitch and 802.1Q drivers). The driver
# will try first to allocate VLAN_IDS[START] + VNET_ID
# start: First VLAN_ID to use
# reserved: Comma separated list of VLAN_IDs or ranges. Two numbers
# separated by a colon indicate a range.
#
# VXLAN_IDS: Automatic VXLAN Network ID (VNI) assignment. This is used
# for vxlan networks.
# start: First VNI to use
# NOTE: reserved is not supported by this pool
#
# PCI_PASSTHROUGH_BUS: Default bus to attach passthrough devices in the guest,
# in hex notation. It may be overwritten in the PCI device using the BUS
# attribute.
#*******************************************************************************
NETWORK_SIZE = 254
MAC_PREFIX = "02:00"
VLAN_IDS = [
START = "2",
RESERVED = "0, 1, 4095"
]
VXLAN_IDS = [
START = "2"
]
#PCI_PASSTHROUGH_BUS = "0x01"
#*******************************************************************************
# DataStore Configuration
#*******************************************************************************
# DATASTORE_LOCATION: Path for Datastores. It IS the same for all the hosts
# and front-end. It defaults to /var/lib/one/datastores (in self-contained mode
# defaults to $ONE_LOCATION/var/datastores). Each datastore has its own
# directory (called BASE_PATH) in the form: $DATASTORE_LOCATION/<datastore_id>
# You can symlink this directory to any other path if needed. BASE_PATH is
# generated from this attribute each time oned is started.
#
# DATASTORE_CAPACITY_CHECK: Checks that there is enough capacity before
# creating a new image. Defaults to Yes
#
# DEFAULT_IMAGE_TYPE: This can take values
# OS Image file holding an operating system
# CDROM Image file holding a CDROM
# DATABLOCK Image file holding a datablock, created as an empty block
#
# DEFAULT_DEVICE_PREFIX: This can be set to
# hd IDE prefix
# sd SCSI
# vd KVM virtual disk
#
# DEFAULT_CDROM_DEVICE_PREFIX: Same as above but for CDROM devices.
#
# DEFAULT_IMAGE_PERSISTENT: Control the default value for the PERSISTENT
# attribute on image creation (oneimage clone, onevm disk-saveas). If blank
# images will inherit the persistent attribute from the base image.
#
# DEFAULT_IMAGE_PERSISTENT_NEW: Control the default value for the PERSISTENT
# attribute on image creation (oneimage create). By default images are no
# persistent if not set.
#
# VM_SNAPSHOT_FACTOR: How much disk size is counted as disk snapshot
# size. Default value 0 (0%) (Use 0.1 means 10%)
#*******************************************************************************
#DATASTORE_LOCATION = /var/lib/one/datastores
DATASTORE_CAPACITY_CHECK = "yes"
DEFAULT_DEVICE_PREFIX = "sd"
DEFAULT_CDROM_DEVICE_PREFIX = "hd"
DEFAULT_IMAGE_TYPE = "OS"
#DEFAULT_IMAGE_PERSISTENT = ""
#DEFAULT_IMAGE_PERSISTENT_NEW = ""
VM_SNAPSHOT_FACTOR = "0"
#*******************************************************************************
# Monitor Daemon
#*******************************************************************************
# Monitor daemon, specific monitor drivers can be added in the monitord
# configuration file (monitord.conf)
#
# name : OpenNebula name for the daemon
#
# executable : path of the information driver executable, can be an
# absolute path or relative to $ONE_LOCATION/lib/mads (or
# /usr/lib/one/mads/ if OpenNebula was installed in /)
#
# arguments : for the monitor daemon
# -c : configuration file (monitord.conf by default)
#
# threads : number of threads used to process messages from monitor daemon
#*******************************************************************************
IM_MAD = [
NAME = "monitord",
EXECUTABLE = "onemonitord",
ARGUMENTS = "-c monitord.conf",
THREADS = 8 ]
#*******************************************************************************
# Virtualization Driver Configuration
#*******************************************************************************
# You can add more virtualization managers with different configurations but
# make sure it has different names.
#
# name : name of the virtual machine manager driver
#
# executable: path of the virtualization driver executable, can be an
# absolute path or relative to $ONE_LOCATION/lib/mads (or
# /usr/lib/one/mads/ if OpenNebula was installed in /)
#
# arguments : for the driver executable
#
# default : default values and configuration parameters for the driver, can
# be an absolute path or relative to $ONE_LOCATION/etc (or
# /etc/one/ if OpenNebula was installed in /)
#
# type : driver type, supported drivers: xen, kvm, xml
#
# keep_snapshots: do not remove snapshots on power on/off cycles and live
# migrations if the hypervisor supports that.
#
# live_resize: [yes|no] Hypervisor supports hotplug VCPU and memory
#
# support_shareable: [yes|no] Hypervisor supports shareable disks
#
# imported_vms_actions : comma-separated list of actions supported
# for imported vms. The available actions are:
# migrate
# live-migrate
# terminate
# terminate-hard
# undeploy
# undeploy-hard
# hold
# release
# stop
# suspend
# resume
# delete
# delete-recreate
# reboot
# reboot-hard
# resched
# unresched
# poweroff
# poweroff-hard
# disk-attach
# disk-detach
# nic-attach
# nic-detach
# disk-snapshot-create
# disk-snapshot-delete
# disk-snapshot-rename
# disk-snapshot-revert
# disk-resize
# disk-saveas
# resize
# update
# updateconf
# snapshot-create
# snapshot-delete
# snapshot-revert
# recover
# retry
#*******************************************************************************
#-------------------------------------------------------------------------------
# KVM Virtualization Driver Manager Configuration
# -r number of retries when monitoring a host
# -t number of threads, i.e. number of hosts monitored at the same time
# -l <actions[=command_name]> actions executed locally, command can be
# overridden for each action.
# Valid actions: deploy, shutdown, cancel, save, restore, migrate, poll
# An example: "-l migrate=migrate_local,save"
# -d <actions> comma separated list of actions which forward SSH agent
# from frontend to remote host (default migrate)
# -p more than one action per host in parallel, needs support from hypervisor
# -s <shell> to execute remote commands, bash by default
# -w Timeout in seconds to execute external commands (default unlimited)
#
# Note: You can use type = "qemu" to use qemu emulated guests, e.g. if your
# CPU does not have virtualization extensions or use nested Qemu-KVM hosts
#-------------------------------------------------------------------------------
VM_MAD = [
NAME = "kvm",
SUNSTONE_NAME = "KVM",
EXECUTABLE = "one_vmm_exec",
ARGUMENTS = "-t 15 -r 0 kvm -p",
DEFAULT = "vmm_exec/vmm_exec_kvm.conf",
TYPE = "kvm",
KEEP_SNAPSHOTS = "yes",
LIVE_RESIZE = "yes",
SUPPORT_SHAREABLE = "yes",
IMPORTED_VMS_ACTIONS = "terminate, terminate-hard, hold, release, suspend,
resume, delete, reboot, reboot-hard, resched, unresched, disk-attach,
disk-detach, nic-attach, nic-detach, snapshot-create, snapshot-delete,
resize, updateconf, update"
]
# This variant should be used for nested virtualization
VM_MAD = [
NAME = "qemu",
SUNSTONE_NAME = "QEMU",
EXECUTABLE = "one_vmm_exec",
ARGUMENTS = "-t 15 -r 0 kvm",
DEFAULT = "vmm_exec/vmm_exec_kvm.conf",
TYPE = "qemu",
KEEP_SNAPSHOTS = "yes",
LIVE_RESIZE = "yes",
SUPPORT_SHAREABLE = "yes",
IMPORTED_VMS_ACTIONS = "terminate, terminate-hard, hold, release, suspend,
resume, delete, reboot, reboot-hard, resched, unresched, disk-attach,
disk-detach, nic-attach, nic-detach, snapshot-create, snapshot-delete,
resize, updateconf, update"
]
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
# LXD Virtualization Driver Manager Configuration
# -r number of retries when monitoring a host
# -t number of threads, i.e. number of hosts monitored at the same time
# -l <actions[=command_name]> actions executed locally, command can be
# overridden for each action.
# Valid actions: deploy, shutdown, cancel, save, restore, migrate, poll
# An example: "-l migrate=migrate_local,save"
# -d <actions> comma separated list of actions which forward SSH agent
# from frontend to remote host (default migrate)
# -p more than one action per host in parallel, needs support from hypervisor
# -s <shell> to execute remote commands, bash by default
# -w Timeout in seconds to execute external commands (default unlimited)
#
#-------------------------------------------------------------------------------
VM_MAD = [
NAME = "lxd",
SUNSTONE_NAME = "LXD",
EXECUTABLE = "one_vmm_exec",
ARGUMENTS = "-t 15 -r 0 lxd",
# DEFAULT = "vmm_exec/vmm_exec_lxd.conf",
TYPE = "xml",
KEEP_SNAPSHOTS = "no",
IMPORTED_VMS_ACTIONS = "terminate, terminate-hard, reboot, reboot-hard,
poweroff, poweroff-hard, suspend, resume, stop, delete, nic-attach,
nic-detach, resize, updateconf, update"
]
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
# LXC Virtualization Driver Manager Configuration
# -r number of retries when monitoring a host
# -t number of threads, i.e. number of hosts monitored at the same time
# -l <actions[=command_name]> actions executed locally, command can be
# overridden for each action.
# Valid actions: deploy, shutdown, cancel, save, restore, migrate, poll
# An example: "-l migrate=migrate_local,save"
# -d <actions> comma separated list of actions which forward SSH agent
# from frontend to remote host (default migrate)
# -p more than one action per host in parallel, needs support from hypervisor
# -s <shell> to execute remote commands, bash by default
# -w Timeout in seconds to execute external commands (default unlimited)
#
#-------------------------------------------------------------------------------
VM_MAD = [
NAME = "lxc",
SUNSTONE_NAME = "LXC",
EXECUTABLE = "one_vmm_exec",
ARGUMENTS = "-t 15 -r 0 lxc",
# DEFAULT = "vmm_exec/vmm_exec_lxc.conf",
TYPE = "xml",
KEEP_SNAPSHOTS = "no",
IMPORTED_VMS_ACTIONS = "terminate, terminate-hard, reboot, reboot-hard,
poweroff, poweroff-hard, suspend, resume, stop, delete, nic-attach,
nic-detach, resize, updateconf, update"
]
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
# Firecracker Virtualization Driver Manager Configuration
# -r number of retries when monitoring a host
# -t number of threads, i.e. number of hosts monitored at the same time
# -l <actions[=command_name]> actions executed locally, command can be
# overridden for each action.
# Valid actions: deploy, shutdown, cancel, save, restore, migrate, poll
# An example: "-l migrate=migrate_local,save"
# -d <actions> comma separated list of actions which forward SSH agent
# from frontend to remote host (default migrate)
# -p more than one action per host in parallel, needs support from hypervisor
# -s <shell> to execute remote commands, bash by default
# -w Timeout in seconds to execute external commands (default unlimited)
#-------------------------------------------------------------------------------
VM_MAD = [
NAME = "firecracker",
SUNSTONE_NAME = "Firecracker",
EXECUTABLE = "one_vmm_exec",
ARGUMENTS = "-t 15 -r 0 firecracker",
TYPE = "xml",
KEEP_SNAPSHOTS = "no"
]
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
# vCenter Virtualization Driver Manager Configuration
# -r number of retries when monitoring a host
# -t number of threads, i.e. number of hosts monitored at the same time
# -p more than one action per host in parallel, needs support from hypervisor
# -s <shell> to execute commands, bash by default
# -w Timeout in seconds to execute external commands (default unlimited)
#-------------------------------------------------------------------------------
VM_MAD = [
NAME = "vcenter",
SUNSTONE_NAME = "VMWare vCenter",
EXECUTABLE = "one_vmm_sh",
ARGUMENTS = "-p -t 15 -r 0 -s sh vcenter",
TYPE = "xml",
KEEP_SNAPSHOTS = "yes",
DS_LIVE_MIGRATION = "yes",
COLD_NIC_ATTACH = "yes",
LIVE_RESIZE = "yes",
IMPORTED_VMS_ACTIONS = "terminate, terminate-hard, hold, release, suspend,
resume, delete, reboot, reboot-hard, resched, unresched, poweroff,
poweroff-hard, disk-attach, disk-detach, disk-resize, nic-attach,
nic-detach, snapshot-create, snapshot-delete, snapshot-revert, migrate,
live-migrate, resize, updateconf, update, recover"
]
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
# Dummy Virtualization Driver Configuration
#-------------------------------------------------------------------------------
#VM_MAD = [ NAME="dummy", SUNSTONE_NAME="Testing", EXECUTABLE="one_vmm_dummy",
# TYPE="xml" ]
#-------------------------------------------------------------------------------
#*******************************************************************************
# Transfer Manager Driver Configuration
#*******************************************************************************
# You can add more transfer managers with different configurations but make
# sure it has different names.
# name : name for this transfer driver
#
# executable: path of the transfer driver executable, can be an
# absolute path or relative to $ONE_LOCATION/lib/mads (or
# /usr/lib/one/mads/ if OpenNebula was installed in /)
# arguments :
# -t: number of threads, i.e. number of transfers made at the same time
# -d: list of transfer drivers separated by commas, if not defined all the
# drivers available will be enabled
# -w: Timeout in seconds to execute external commands (default unlimited)
#*******************************************************************************
TM_MAD = [
EXECUTABLE = "one_tm",
ARGUMENTS = "-t 15 -d dummy,lvm,shared,fs_lvm,fs_lvm_ssh,qcow2,ssh,ceph,dev,vcenter,iscsi_libvirt"
]
#*******************************************************************************
# Datastore Driver Configuration
#*******************************************************************************
# Drivers to manage the datastores, specialized for the storage backend
# executable: path of the transfer driver executable, can be an
# absolute path or relative to $ONE_LOCATION/lib/mads (or
# /usr/lib/one/mads/ if OpenNebula was installed in /)
#
# arguments : for the driver executable
# -t number of threads, i.e. number of repo operations at the same time
# -d datastore mads separated by commas
# -s system datastore tm drivers, used to monitor shared system ds.
# -b backup datastore drivers
# -w Timeout in seconds to execute external commands (default unlimited)
#*******************************************************************************
DATASTORE_MAD = [
EXECUTABLE = "one_datastore",
ARGUMENTS = "-t 15 -d dummy,fs,lvm,ceph,dev,iscsi_libvirt,vcenter,restic -s shared,ssh,ceph,fs_lvm,fs_lvm_ssh,qcow2,vcenter"
]
#*******************************************************************************
# Marketplace Driver Configuration
#*******************************************************************************
# Drivers to manage different marketplaces, specialized for the storage backend
# executable: path of the transfer driver executable, can be an
# absolute path or relative to $ONE_LOCATION/lib/mads (or
# /usr/lib/one/mads/ if OpenNebula was installed in /)
#
# arguments : for the driver executable
# -t number of threads, i.e. number of repo operations at the same time
# -m marketplace mads separated by commas
# --proxy proxy address if required to access the internet
# -w Timeout in seconds to execute external commands (default unlimited)
#*******************************************************************************
MARKET_MAD = [
EXECUTABLE = "one_market",
ARGUMENTS = "-t 15 -m http,s3,one,linuxcontainers,turnkeylinux,dockerhub,docker_registry"
]
#*******************************************************************************
# IPAM Driver Configuration
#*******************************************************************************
# Drivers to manage different IPAMs
# executable: path of the IPAM driver executable, can be an
# absolute path or relative to $ONE_LOCATION/lib/mads (or
# /usr/lib/one/mads/ if OpenNebula was installed in /)
#
# arguments : for the driver executable
# -t number of threads, i.e. number of operations at the same time
# -i IPAM mads separated by commas
#*******************************************************************************
IPAM_MAD = [
EXECUTABLE = "one_ipam",
ARGUMENTS = "-t 1 -i dummy,aws,equinix,vultr"
]
#*******************************************************************************
# Hook Manager Configuration
#*******************************************************************************
# The Driver (HM_MAD)
# -----------------------------------------------
#
# Used to execute the Hooks:
# executable: path of the hook driver executable, can be an
# absolute path or relative to $ONE_LOCATION/lib/mads (or
# /usr/lib/one/mads/ if OpenNebula was installed in /)
#
# arguments : for the driver executable, can be an absolute path or relative
# to $ONE_LOCATION/etc (or /etc/one/ if OpenNebula was installed
# in /)
#
HM_MAD = [
EXECUTABLE = "one_hm",
ARGUMENTS = "-p 2101 -l 2102 -b 127.0.0.1"]
#*******************************************************************************
# Hook Log Configuration
#*******************************************************************************
#
# LOG_RETENTION: Number of execution records saved in the database for each hook.
#
HOOK_LOG_CONF = [
LOG_RETENTION = 20 ]
#*******************************************************************************
# Auth Manager Configuration
#*******************************************************************************
# AUTH_MAD: The Driver that will be used to authenticate (authn) and
# authorize (authz) OpenNebula requests. If defined OpenNebula will use the
# built-in auth policies.
#
# executable: path of the auth driver executable, can be an
# absolute path or relative to $ONE_LOCATION/lib/mads (or
# /usr/lib/one/mads/ if OpenNebula was installed in /)
#
# authn : list of authentication modules separated by commas, if not
# defined all the modules available will be enabled
# authz : list of authentication modules separated by commas
#
# DEFAULT_AUTH: The default authentication driver to use when OpenNebula does
# not know the user and needs to authenticate it externally. If you want to
# use "default" (not recommended, but supported for backwards compatibility
# reasons) make sure you create a symlink pointing to the actual authentication
# driver in /var/lib/one/remotes/auth, and add "default" to the 'auth'
# parameter in the 'AUTH_MAD' section.
#
# SESSION_EXPIRATION_TIME: Time in seconds to keep an authenticated token as
# valid. During this time, the driver is not used. Use 0 to disable session
# caching
#
# ENABLE_OTHER_PERMISSIONS: Whether or not users can set the permissions for
# 'other', so publishing or sharing resources with others. Users in the oneadmin
# group will still be able to change these permissions. Values: YES or NO.
#
# DEFAULT_UMASK: Similar to Unix umask, sets the default resources permissions.
# Its format must be 3 octal digits. For example a umask of 137 will set
# the new object's permissions to 640 "um- u-- ---"
#*******************************************************************************
AUTH_MAD = [
EXECUTABLE = "one_auth_mad",
AUTHN = "ssh,x509,ldap,server_cipher,server_x509"
]
#DEFAULT_AUTH = "default"
SESSION_EXPIRATION_TIME = 900
#ENABLE_OTHER_PERMISSIONS = "YES"
DEFAULT_UMASK = 177
#*******************************************************************************
# OneGate
# ONEGATE_ENDPOINT: The URL for the onegate server (the Gate to OpenNebula for
# VMs). The onegate server is started using a separate command. The endpoint
# MUST be consistent with the values in onegate-server.conf
#*******************************************************************************
#ONEGATE_ENDPOINT = "http://frontend:5030"
#*******************************************************************************
# VM Operations Permissions
#******************************************************************************
# The following parameters define the operations associated to the ADMIN,
# MANAGE and USE permissions. Note that some VM operations require additional
# permissions on other objects. Also some operations refers to a class of
# actions:
# - disk-snapshot, includes create, delete and revert actions
# - disk-attach, includes attach and detach actions
# - nic-attach, includes attach and detach actions
# - snapshot, includes create, delete and revert actions
# - resched, includes resched and unresched actions
#******************************************************************************
VM_ADMIN_OPERATIONS = "migrate, delete, recover, retry, deploy, resched, backup"
VM_MANAGE_OPERATIONS = "undeploy, hold, release, stop, suspend, resume, reboot,
poweroff, disk-attach, nic-attach, disk-snapshot, terminate, disk-resize,
snapshot, updateconf, rename, resize, update, disk-saveas"
VM_USE_OPERATIONS = ""
#*******************************************************************************
# Default Permissions for VDC ACL rules
#*******************************************************************************
# Default ACL rules created when resource is added to a VDC. The following
# attributes configures the permissions granted to the VDC group for each
# resource types:
# DEFAULT_VDC_HOST_ACL: permissions granted on hosts added to a VDC.
# DEFAULT_VDC_NET_ACL: permissions granted on vnets added to a VDC.
# DEFAULT_VDC_DATASTORE_ACL: permissions granted on datastores to a VDC.
#
# DEFAULT_VDC_CLUSTER_HOST_ACL: permissions granted to cluster hosts when a
# cluster is added to the VDC.
# DEFAULT_VDC_CLUSTER_NET_ACL: permissions granted to cluster vnets when a
# cluster is added to the VDC.
# DEFAULT_VDC_CLUSTER_DATASTORE_ACL: permissions granted to cluster datastores
# when a cluster is added to the VDC.
#
# When defining the permissions you can use "" or "-" to not add any rule to
# that specific resource. Also you can combine several permissions with "+",
# for exampl "MANAGE+USE". Valid permissions are USE, MANAGE or ADMIN.
#
# Example:
# DEFAULT_VDC_HOST_ACL = "MANAGE"
# Adds @<gid> HOST/#<hid> MANAGE #<zid> when a host is added to the VDC,
# eg. onevdc addhost <vdc> <zid> <hid>
#
# DEFAULT_VDC_VNET_ACL = "USE"
# Adds @<gid> NET/#<vnetid> USE #<zid> when a vnet is added to the VDC,
# eg. onevdc addvnet <vdc> <zid> <vnetid>
#
# DEFAULT_VDC_DATASTORE_ACL = "USE"
# Adds @<gid> DATASTORE/#<dsid> USE #<zid> when a vnet is added to the VDC,
# eg. onevdc adddatastore <vdc> <zid> <dsid>
#
# DEFAULT_VDC_CLUSTER_HOST_ACL = "MANAGE"
# DEFAULT_VDC_CLUSTER_NET_ACL = "USE"
# DEFAULT_VDC_CLUSTER_DATASTORE_ACL = "USE"
# Adds:
# @<gid> HOST/%<cid> MANAGE #<zid>
# @<gid> DATASTORE+NET/%<cid> USE #<zid>
# when a cluster is added to the VDC, e.g. onevdc addcluster <vdc> <zid> <cid>
#*******************************************************************************
DEFAULT_VDC_HOST_ACL = "MANAGE"
DEFAULT_VDC_VNET_ACL = "USE"
DEFAULT_VDC_DATASTORE_ACL = "USE"
DEFAULT_VDC_CLUSTER_HOST_ACL = "MANAGE"
DEFAULT_VDC_CLUSTER_NET_ACL = "USE"
DEFAULT_VDC_CLUSTER_DATASTORE_ACL = "USE"
#*******************************************************************************
# Restricted Attributes Configuration
#*******************************************************************************
# The following attributes are restricted to users outside the oneadmin group
#*******************************************************************************
VM_RESTRICTED_ATTR = "CONTEXT/FILES"
VM_RESTRICTED_ATTR = "NIC/MAC"
VM_RESTRICTED_ATTR = "NIC/VLAN_ID"
VM_RESTRICTED_ATTR = "NIC/BRIDGE"
VM_RESTRICTED_ATTR = "NIC/FILTER"
VM_RESTRICTED_ATTR = "NIC/FILTER_IP_SPOOFING"
VM_RESTRICTED_ATTR = "NIC/FILTER_MAC_SPOOFING"
VM_RESTRICTED_ATTR = "NIC/INBOUND_AVG_BW"
VM_RESTRICTED_ATTR = "NIC/INBOUND_PEAK_BW"
VM_RESTRICTED_ATTR = "NIC/INBOUND_PEAK_KB"
VM_RESTRICTED_ATTR = "NIC/OUTBOUND_AVG_BW"
VM_RESTRICTED_ATTR = "NIC/OUTBOUND_PEAK_BW"
VM_RESTRICTED_ATTR = "NIC/OUTBOUND_PEAK_KB"
VM_RESTRICTED_ATTR = "NIC/OPENNEBULA_MANAGED"
VM_RESTRICTED_ATTR = "NIC/VCENTER_INSTANCE_ID"
VM_RESTRICTED_ATTR = "NIC/VCENTER_NET_REF"
VM_RESTRICTED_ATTR = "NIC/VCENTER_PORTGROUP_TYPE"
VM_RESTRICTED_ATTR = "NIC/EXTERNAL"
VM_RESTRICTED_ATTR = "NIC_ALIAS/MAC"
VM_RESTRICTED_ATTR = "NIC_ALIAS/VLAN_ID"
VM_RESTRICTED_ATTR = "NIC_ALIAS/BRIDGE"
VM_RESTRICTED_ATTR = "NIC_ALIAS/INBOUND_AVG_BW"
VM_RESTRICTED_ATTR = "NIC_ALIAS/INBOUND_PEAK_BW"
VM_RESTRICTED_ATTR = "NIC_ALIAS/INBOUND_PEAK_KB"
VM_RESTRICTED_ATTR = "NIC_ALIAS/OUTBOUND_AVG_BW"
VM_RESTRICTED_ATTR = "NIC_ALIAS/OUTBOUND_PEAK_BW"
VM_RESTRICTED_ATTR = "NIC_ALIAS/OUTBOUND_PEAK_KB"
VM_RESTRICTED_ATTR = "NIC_ALIAS/OPENNEBULA_MANAGED"
VM_RESTRICTED_ATTR = "NIC_ALIAS/VCENTER_INSTANCE_ID"
VM_RESTRICTED_ATTR = "NIC_ALIAS/VCENTER_NET_REF"
VM_RESTRICTED_ATTR = "NIC_ALIAS/VCENTER_PORTGROUP_TYPE"
VM_RESTRICTED_ATTR = "NIC_DEFAULT/MAC"
VM_RESTRICTED_ATTR = "NIC_DEFAULT/VLAN_ID"
VM_RESTRICTED_ATTR = "NIC_DEFAULT/BRIDGE"
VM_RESTRICTED_ATTR = "NIC_DEFAULT/FILTER"
VM_RESTRICTED_ATTR = "NIC_DEFAULT/EXTERNAL"
VM_RESTRICTED_ATTR = "DISK/TOTAL_BYTES_SEC"
VM_RESTRICTED_ATTR = "DISK/TOTAL_BYTES_SEC_MAX_LENGTH"
VM_RESTRICTED_ATTR = "DISK/TOTAL_BYTES_SEC_MAX"
VM_RESTRICTED_ATTR = "DISK/READ_BYTES_SEC"
VM_RESTRICTED_ATTR = "DISK/READ_BYTES_SEC_MAX_LENGTH"
VM_RESTRICTED_ATTR = "DISK/READ_BYTES_SEC_MAX"
VM_RESTRICTED_ATTR = "DISK/WRITE_BYTES_SEC"
VM_RESTRICTED_ATTR = "DISK/WRITE_BYTES_SEC_MAX_LENGTH"
VM_RESTRICTED_ATTR = "DISK/WRITE_BYTES_SEC_MAX"
VM_RESTRICTED_ATTR = "DISK/TOTAL_IOPS_SEC"
VM_RESTRICTED_ATTR = "DISK/TOTAL_IOPS_SEC_MAX_LENGTH"
VM_RESTRICTED_ATTR = "DISK/TOTAL_IOPS_SEC_MAX"
VM_RESTRICTED_ATTR = "DISK/READ_IOPS_SEC"
VM_RESTRICTED_ATTR = "DISK/READ_IOPS_SEC_MAX_LENGTH"
VM_RESTRICTED_ATTR = "DISK/READ_IOPS_SEC_MAX"
VM_RESTRICTED_ATTR = "DISK/WRITE_IOPS_SEC"
VM_RESTRICTED_ATTR = "DISK/WRITE_IOPS_SEC_MAX_LENGTH"
VM_RESTRICTED_ATTR = "DISK/WRITE_IOPS_SEC_MAX"
VM_RESTRICTED_ATTR = "DISK/SIZE_IOPS_SEC"
VM_RESTRICTED_ATTR = "DISK/OPENNEBULA_MANAGED"
VM_RESTRICTED_ATTR = "DISK/VCENTER_DS_REF"
VM_RESTRICTED_ATTR = "DISK/VCENTER_INSTANCE_ID"
#VM_RESTRICTED_ATTR = "DISK/SIZE"
VM_RESTRICTED_ATTR = "DISK/ORIGINAL_SIZE"
VM_RESTRICTED_ATTR = "DISK/SIZE_PREV"
VM_RESTRICTED_ATTR = "DEPLOY_ID"
VM_RESTRICTED_ATTR = "CPU_COST"
VM_RESTRICTED_ATTR = "MEMORY_COST"
VM_RESTRICTED_ATTR = "DISK_COST"
VM_RESTRICTED_ATTR = "PCI"
VM_RESTRICTED_ATTR = "EMULATOR"
VM_RESTRICTED_ATTR = "RAW"
VM_RESTRICTED_ATTR = "USER_PRIORITY"
VM_RESTRICTED_ATTR = "USER_INPUTS/CPU"
VM_RESTRICTED_ATTR = "USER_INPUTS/MEMORY"
VM_RESTRICTED_ATTR = "USER_INPUTS/VCPU"
VM_RESTRICTED_ATTR = "VCENTER_VM_FOLDER"
VM_RESTRICTED_ATTR = "VCENTER_ESX_HOST"
VM_RESTRICTED_ATTR = "TOPOLOGY/PIN_POLICY"
VM_RESTRICTED_ATTR = "TOPOLOGY/HUGEPAGE_SIZE"
#VM_RESTRICTED_ATTR = "RANK"
#VM_RESTRICTED_ATTR = "SCHED_RANK"
#VM_RESTRICTED_ATTR = "REQUIREMENTS"
#VM_RESTRICTED_ATTR = "SCHED_REQUIREMENTS"
IMAGE_RESTRICTED_ATTR = "SOURCE"
IMAGE_RESTRICTED_ATTR = "VCENTER_IMPORTED"
#*******************************************************************************
# The following restricted attributes only apply to VNets that are a reservation.
# Normal VNets do not have restricted attributes.
#*******************************************************************************
VNET_RESTRICTED_ATTR = "VN_MAD"
VNET_RESTRICTED_ATTR = "PHYDEV"
VNET_RESTRICTED_ATTR = "VLAN_ID"
VNET_RESTRICTED_ATTR = "CVLANS"
VNET_RESTRICTED_ATTR = "QINQ_TYPE"
VNET_RESTRICTED_ATTR = "BRIDGE"
VNET_RESTRICTED_ATTR = "CONF"
VNET_RESTRICTED_ATTR = "BRIDGE_CONF"
VNET_RESTRICTED_ATTR = "OVS_BRIDGE_CONF"
VNET_RESTRICTED_ATTR = "IP_LINK_CONF"
VNET_RESTRICTED_ATTR = "FILTER"
VNET_RESTRICTED_ATTR = "FILTER_IP_SPOOFING"
VNET_RESTRICTED_ATTR = "FILTER_MAC_SPOOFING"
VNET_RESTRICTED_ATTR = "AR/VN_MAD"
VNET_RESTRICTED_ATTR = "AR/PHYDEV"
VNET_RESTRICTED_ATTR = "AR/VLAN_ID"
VNET_RESTRICTED_ATTR = "AR/BRIDGE"
VNET_RESTRICTED_ATTR = "AR/FILTER"
VNET_RESTRICTED_ATTR = "AR/FILTER_IP_SPOOFING"
VNET_RESTRICTED_ATTR = "AR/FILTER_MAC_SPOOFING"
VNET_RESTRICTED_ATTR = "CLUSTER_IDS"
VNET_RESTRICTED_ATTR = "EXTERNAL"
USER_RESTRICTED_ATTR = "VM_USE_OPERATIONS"
USER_RESTRICTED_ATTR = "VM_MANAGE_OPERATIONS"
USER_RESTRICTED_ATTR = "VM_ADMIN_OPERATIONS"
GROUP_RESTRICTED_ATTR = "VM_USE_OPERATIONS"
GROUP_RESTRICTED_ATTR = "VM_MANAGE_OPERATIONS"
GROUP_RESTRICTED_ATTR = "VM_ADMIN_OPERATIONS"
#*******************************************************************************
# Encrypted Attributes Configuration
#*******************************************************************************
# The following attributes are encrypted. OpenNebula objects that support
# encrypted attributes are:
# - CLUSTER_ENCRYPTED_ATTR
# - VM_ENCRYPTED_ATTR
# - HOST_ENCRYPTED_ATTR
# - VNET_ENCRYPTED_ATTR
# - USER_ENCRYPTED_ATTR
# - DATASTORE_ENCRYPTED_ATTR
# - IMAGE_ENCRYPTED_ATTR
# - DOCUMENT_ENCRYPTED_ATTR
#*******************************************************************************
HOST_ENCRYPTED_ATTR = "EC2_ACCESS"
HOST_ENCRYPTED_ATTR = "EC2_SECRET"
HOST_ENCRYPTED_ATTR = "AZ_SUB"
HOST_ENCRYPTED_ATTR = "AZ_CLIENT"
HOST_ENCRYPTED_ATTR = "AZ_SECRET"
HOST_ENCRYPTED_ATTR = "AZ_TENANT"
HOST_ENCRYPTED_ATTR = "VCENTER_PASSWORD"
HOST_ENCRYPTED_ATTR = "NSX_PASSWORD"
HOST_ENCRYPTED_ATTR = "ONE_PASSWORD"
VM_ENCRYPTED_ATTR = "CONTEXT/PASSWORD"
IMAGE_ENCRYPTED_ATTR = "LUKS_PASSWORD"
# Encrypted attrs for Edge Cluster documents
DOCUMENT_ENCRYPTED_ATTR = "PROVISION_BODY"
USER_ENCRYPTED_ATTR = "SSH_PRIVATE_KEY"
USER_ENCRYPTED_ATTR = "SSH_PASSPHRASE"
# CLUSTER_ENCRYPTED_ATTR = ""
# VNET_ENCRYPTED_ATTR = ""
DATASTORE_ENCRYPTED_ATTR = "RESTIC_PASSWORD"
#*******************************************************************************
# Inherited Attributes Configuration
#*******************************************************************************
# The following attributes will be copied from the resource template to the
# instantiated VMs. More than one attribute can be defined.
#
# INHERIT_IMAGE_ATTR: Attribute to be copied from the Image template
# to each VM/DISK.
#
# INHERIT_DATASTORE_ATTR: Attribute to be copied from the Datastore template
# to each VM/DISK.
#
# INHERIT_VNET_ATTR: Attribute to be copied from the Network template
# to each VM/NIC.
#*******************************************************************************
#INHERIT_IMAGE_ATTR = "EXAMPLE"
#INHERIT_IMAGE_ATTR = "SECOND_EXAMPLE"
#INHERIT_DATASTORE_ATTR = "COLOR"
#INHERIT_VNET_ATTR = "BANDWIDTH_THROTTLING"
INHERIT_DATASTORE_ATTR = "CEPH_HOST"
INHERIT_DATASTORE_ATTR = "CEPH_SECRET"
INHERIT_DATASTORE_ATTR = "CEPH_KEY"
INHERIT_DATASTORE_ATTR = "CEPH_USER"
INHERIT_DATASTORE_ATTR = "CEPH_CONF"
INHERIT_DATASTORE_ATTR = "CEPH_TRASH"
INHERIT_DATASTORE_ATTR = "POOL_NAME"
INHERIT_DATASTORE_ATTR = "ISCSI_USER"
INHERIT_DATASTORE_ATTR = "ISCSI_USAGE"
INHERIT_DATASTORE_ATTR = "ISCSI_HOST"
INHERIT_IMAGE_ATTR = "ISCSI_USER"
INHERIT_IMAGE_ATTR = "ISCSI_USAGE"
INHERIT_IMAGE_ATTR = "ISCSI_HOST"
INHERIT_IMAGE_ATTR = "ISCSI_IQN"
INHERIT_IMAGE_ATTR = "LUKS_SECRET"
INHERIT_DATASTORE_ATTR = "GLUSTER_HOST"
INHERIT_DATASTORE_ATTR = "GLUSTER_VOLUME"
INHERIT_DATASTORE_ATTR = "DISK_TYPE"
INHERIT_DATASTORE_ATTR = "ALLOW_ORPHANS"
INHERIT_DATASTORE_ATTR = "VCENTER_ADAPTER_TYPE"
INHERIT_DATASTORE_ATTR = "VCENTER_DISK_TYPE"
INHERIT_DATASTORE_ATTR = "VCENTER_DS_REF"
INHERIT_DATASTORE_ATTR = "VCENTER_DS_IMAGE_DIR"
INHERIT_DATASTORE_ATTR = "VCENTER_DS_VOLATILE_DIR"
INHERIT_DATASTORE_ATTR = "VCENTER_INSTANCE_ID"
INHERIT_IMAGE_ATTR = "DISK_TYPE"
INHERIT_IMAGE_ATTR = "VCENTER_ADAPTER_TYPE"
INHERIT_IMAGE_ATTR = "VCENTER_DISK_TYPE"
INHERIT_VNET_ATTR = "VLAN_TAGGED_ID"
INHERIT_VNET_ATTR = "FILTER"
INHERIT_VNET_ATTR = "FILTER_IP_SPOOFING"
INHERIT_VNET_ATTR = "FILTER_MAC_SPOOFING"
INHERIT_VNET_ATTR = "MTU"
INHERIT_VNET_ATTR = "METRIC"
INHERIT_VNET_ATTR = "IP6_METRIC"
INHERIT_VNET_ATTR = "METHOD"
INHERIT_VNET_ATTR = "IP6_METHOD"
INHERIT_VNET_ATTR = "INBOUND_AVG_BW"
INHERIT_VNET_ATTR = "INBOUND_PEAK_BW"
INHERIT_VNET_ATTR = "INBOUND_PEAK_KB"
INHERIT_VNET_ATTR = "OUTBOUND_AVG_BW"
INHERIT_VNET_ATTR = "OUTBOUND_PEAK_BW"
INHERIT_VNET_ATTR = "OUTBOUND_PEAK_KB"
INHERIT_VNET_ATTR = "CONF"
INHERIT_VNET_ATTR = "BRIDGE_CONF"
INHERIT_VNET_ATTR = "OVS_BRIDGE_CONF"
INHERIT_VNET_ATTR = "IP_LINK_CONF"
INHERIT_VNET_ATTR = "EXTERNAL_IP"
INHERIT_VNET_ATTR = "AWS_ALLOCATION_ID"
INHERIT_VNET_ATTR = "VULTR_IP_ID"
INHERIT_VNET_ATTR = "GATEWAY"
INHERIT_VNET_ATTR = "VXLAN_MODE"
INHERIT_VNET_ATTR = "VXLAN_TEP"
INHERIT_VNET_ATTR = "VXLAN_MC"
INHERIT_VNET_ATTR = "CVLANS"
INHERIT_VNET_ATTR = "QINQ_TYPE"
INHERIT_VNET_ATTR = "TRUST"
INHERIT_VNET_ATTR = "SPOOFCHK"
INHERIT_VNET_ATTR = "VCENTER_NET_REF"
INHERIT_VNET_ATTR = "VCENTER_SWITCH_NAME"
INHERIT_VNET_ATTR = "VCENTER_SWITCH_NPORTS"
INHERIT_VNET_ATTR = "VCENTER_PORTGROUP_TYPE"
INHERIT_VNET_ATTR = "VCENTER_CCR_REF"
INHERIT_VNET_ATTR = "VCENTER_INSTANCE_ID"
#*******************************************************************************
# Transfer Manager Driver Behavior Configuration
#*******************************************************************************
# The configuration for each driver is defined in TM_MAD_CONF. These
# values are used when creating a new datastore and should not be modified
# since they define the datastore behavior.
# name : name of the transfer driver, listed in the -d option of the
# TM_MAD section
# ln_target : determines how the persistent images will be cloned when
# a new VM is instantiated.
# NONE: The image will be linked and no more storage capacity will be used
# SELF: The image will be cloned in the Images datastore
# SYSTEM: The image will be cloned in the System datastore
# clone_target : determines how the non persistent images will be
# cloned when a new VM is instantiated.
# NONE: The image will be linked and no more storage capacity will be used
# SELF: The image will be cloned in the Images datastore
# SYSTEM: The image will be cloned in the System datastore
# shared : determines if the storage holding the system datastore is shared
# among the different hosts or not. Valid values: "yes" or "no"
# ds_migrate : The driver allows migrations across datastores. Valid values:
# "yes" or "no". Note: THIS ONLY APPLIES TO SYSTEM DS.
# allow_orphans: Snapshots can live without parents. Suported values:
# YES: Children can be orphan (no parent snapshot)
# |- snap_1
# |- snap_2
# |- snap_3
# NO: New snapshots are set active and child of the previous one
# |- snap_1
# |- snap_2
# |- snap_3
# MIXED: Snapshots are children of last snapshot reverted to
# |- snap_1 (<--- revert)
# |- snap_3
# |- snap_4
# |- snap_2
#*******************************************************************************
TM_MAD_CONF = [
NAME = "dummy", LN_TARGET = "NONE", CLONE_TARGET = "SYSTEM", SHARED = "YES",
DS_MIGRATE = "YES"
]
TM_MAD_CONF = [
NAME = "lvm", LN_TARGET = "NONE", CLONE_TARGET = "SELF", SHARED = "YES",
DRIVER = "raw"
]
TM_MAD_CONF = [
NAME = "shared", LN_TARGET = "NONE", CLONE_TARGET = "SYSTEM", SHARED = "YES",
DS_MIGRATE = "YES", TM_MAD_SYSTEM = "ssh", LN_TARGET_SSH = "SYSTEM",
CLONE_TARGET_SSH = "SYSTEM", DISK_TYPE_SSH = "FILE", ALLOW_ORPHANS="FORMAT"
]
TM_MAD_CONF = [
NAME = "fs_lvm", LN_TARGET = "SYSTEM", CLONE_TARGET = "SYSTEM", SHARED="YES",
DRIVER = "raw"
]
TM_MAD_CONF = [
NAME = "fs_lvm_ssh", LN_TARGET = "SYSTEM", CLONE_TARGET = "SYSTEM", SHARED="YES",
DRIVER = "raw"
]
TM_MAD_CONF = [
NAME = "qcow2", LN_TARGET = "NONE", CLONE_TARGET = "SYSTEM", SHARED = "YES",
DS_MIGRATE = "YES", TM_MAD_SYSTEM = "ssh", LN_TARGET_SSH = "SYSTEM",
CLONE_TARGET_SSH = "SYSTEM", DISK_TYPE_SSH = "FILE", DRIVER = "qcow2",
ALLOW_ORPHANS="FORMAT"
]
TM_MAD_CONF = [
NAME = "ssh", LN_TARGET = "SYSTEM", CLONE_TARGET = "SYSTEM", SHARED = "NO",
DS_MIGRATE = "YES", ALLOW_ORPHANS="YES"
]
TM_MAD_CONF = [
NAME = "ceph", LN_TARGET = "NONE", CLONE_TARGET = "SELF", SHARED = "YES",
DS_MIGRATE = "NO", DRIVER = "raw", ALLOW_ORPHANS="mixed",
TM_MAD_SYSTEM = "ssh,shared", LN_TARGET_SSH = "SYSTEM", CLONE_TARGET_SSH = "SYSTEM",
DISK_TYPE_SSH = "FILE", LN_TARGET_SHARED = "NONE",
CLONE_TARGET_SHARED = "SELF", DISK_TYPE_SHARED = "RBD"
]
TM_MAD_CONF = [
NAME = "iscsi_libvirt", LN_TARGET = "NONE", CLONE_TARGET = "SELF", SHARED = "YES",
DS_MIGRATE = "NO", DRIVER = "raw"
]
TM_MAD_CONF = [
NAME = "dev", LN_TARGET = "NONE", CLONE_TARGET = "NONE", SHARED = "YES",
TM_MAD_SYSTEM = "ssh,shared",
LN_TARGET_SSH = "SYSTEM", LN_TARGET_SHARED = "NONE",
DISK_TYPE_SSH = "FILE", DISK_TYPE_SHARED = "FILE",
CLONE_TARGET_SSH = "SYSTEM", CLONE_TARGET_SHARED = "SELF",
DRIVER = "raw"
]
TM_MAD_CONF = [
NAME = "vcenter", LN_TARGET = "NONE", CLONE_TARGET = "SYSTEM", SHARED = "YES"
]
#*******************************************************************************
# Datastore Manager Driver Behavior Configuration
#*******************************************************************************
# The configuration for each driver is defined in DS_MAD_CONF. These
# values are used when creating a new datastore and should not be modified
# since they define the datastore behavior.
# name : name of the transfer driver, listed in the -d option of the
# DS_MAD section
# required_attrs : comma separated list of required attributes in the DS
# template
# persistent_only: specifies whether the datastore can only manage persistent
# images
#*******************************************************************************
DS_MAD_CONF = [
NAME = "ceph",
REQUIRED_ATTRS = "DISK_TYPE,BRIDGE_LIST",
PERSISTENT_ONLY = "NO",
MARKETPLACE_ACTIONS = "export"
]
DS_MAD_CONF = [
NAME = "dev", REQUIRED_ATTRS = "DISK_TYPE", PERSISTENT_ONLY = "YES"
]
DS_MAD_CONF = [
NAME = "iscsi_libvirt", REQUIRED_ATTRS = "DISK_TYPE,ISCSI_HOST",
PERSISTENT_ONLY = "YES"
]
DS_MAD_CONF = [
NAME = "dummy", REQUIRED_ATTRS = "", PERSISTENT_ONLY = "NO"
]
DS_MAD_CONF = [
NAME = "fs", REQUIRED_ATTRS = "", PERSISTENT_ONLY = "NO",
MARKETPLACE_ACTIONS = "export"
]
DS_MAD_CONF = [
NAME = "lvm", REQUIRED_ATTRS = "DISK_TYPE,BRIDGE_LIST",
PERSISTENT_ONLY = "NO"
]
DS_MAD_CONF = [
NAME = "vcenter",
REQUIRED_ATTRS = "VCENTER_INSTANCE_ID,VCENTER_DS_REF,VCENTER_DC_REF",
PERSISTENT_ONLY = "NO",
MARKETPLACE_ACTIONS = "export"
]
DS_MAD_CONF = [
NAME = "restic", REQUIRED_ATTRS = "RESTIC_PASSWORD", PERSISTENT_ONLY = "YES"
]
#*******************************************************************************
# MarketPlace Driver Behavior Configuration
#*******************************************************************************
# The configuration for each driver is defined in MARKET_MAD_CONF. These
# values are used when creating a new marketplaces and should not be modified
# since they define the marketplace behavior.
# name : name of the market driver
# required_attrs : comma separated list of required attributes in the Market
# template
# app_actions: List of actions allowed for a MarketPlaceApp
# - monitor The apps of the marketplace will be monitored
# - create, the app in the marketplace
# - delete, the app from the marketplace
# public: set to yes for external marketplaces. A public marketplace can be
# removed even if it has registered apps.
#*******************************************************************************
MARKET_MAD_CONF = [
NAME = "one",
SUNSTONE_NAME = "OpenNebula.org Marketplace",
REQUIRED_ATTRS = "",
APP_ACTIONS = "monitor",
PUBLIC = "yes"
]
MARKET_MAD_CONF = [
NAME = "http",
SUNSTONE_NAME = "HTTP server",
REQUIRED_ATTRS = "BASE_URL,PUBLIC_DIR",
APP_ACTIONS = "create, delete, monitor"
]
MARKET_MAD_CONF = [
NAME = "s3",
SUNSTONE_NAME = "Amazon S3",
REQUIRED_ATTRS = "ACCESS_KEY_ID,SECRET_ACCESS_KEY,REGION,BUCKET",
APP_ACTIONS = "create, delete, monitor"
]
MARKET_MAD_CONF = [
NAME = "linuxcontainers",
SUNSTONE_NAME = "LinuxContainers.org",
REQUIRED_ATTRS = "",
APP_ACTIONS = "monitor",
PUBLIC = "yes"
]
MARKET_MAD_CONF = [
NAME = "turnkeylinux",
SUNSTONE_NAME = "TurnkeyLinux",
REQUIRED_ATTRS = "",
APP_ACTIONS = "monitor",
PUBLIC = "yes"
]
MARKET_MAD_CONF = [
NAME = "dockerhub",
SUNSTONE_NAME = "DockerHub",
REQUIRED_ATTRS = "",
APP_ACTIONS = "monitor",
PUBLIC = "yes"
]
MARKET_MAD_CONF = [
NAME = "docker_registry",
SUNSTONE_NAME = "DockerRegistry",
REQUIRED_ATTRS = "BASE_URL",
APP_ACTIONS = "monitor"
]
#*******************************************************************************
# Authentication Driver Behavior Definition
#*******************************************************************************
# The configuration for each driver is defined in AUTH_MAD_CONF. These
# values must not be modified since they define the driver behavior.
# name : name of the auth driver
#
# password_change : allow the end users to change their own password. Oneadmin
# can still change other user's passwords
#
# driver_managed_groups : allow the driver to set the user's group even after
# user creation. In this case addgroup, delgroup and chgrp
# will be disabled, with the exception of chgrp to one of
# the groups in the list of secondary groups
#
# driver_managed_group_admin : when set to "NO" user needs to manage group
# admin membership manually; when "YES" group admin
# membership is managed by the auth driver
# (see ldap_auth.conf)
#
# max_token_time : limit the maximum token validity, in seconds. Use -1 for
# unlimited maximum, 0 to disable login tokens
#*******************************************************************************
AUTH_MAD_CONF = [
NAME = "core",
PASSWORD_CHANGE = "YES",
DRIVER_MANAGED_GROUPS = "NO",
DRIVER_MANAGED_GROUP_ADMIN = "NO",
MAX_TOKEN_TIME = "-1"
]
AUTH_MAD_CONF = [
NAME = "public",
PASSWORD_CHANGE = "NO",
DRIVER_MANAGED_GROUPS = "NO",
DRIVER_MANAGED_GROUP_ADMIN = "NO",
MAX_TOKEN_TIME = "-1"
]
AUTH_MAD_CONF = [
NAME = "ssh",
PASSWORD_CHANGE = "YES",
DRIVER_MANAGED_GROUPS = "NO",
DRIVER_MANAGED_GROUP_ADMIN = "NO",
MAX_TOKEN_TIME = "-1"
]
AUTH_MAD_CONF = [
NAME = "x509",
PASSWORD_CHANGE = "NO",
DRIVER_MANAGED_GROUPS = "NO",
DRIVER_MANAGED_GROUP_ADMIN = "NO",
MAX_TOKEN_TIME = "-1"
]
AUTH_MAD_CONF = [
NAME = "ldap",
PASSWORD_CHANGE = "YES",
DRIVER_MANAGED_GROUPS = "YES",
DRIVER_MANAGED_GROUP_ADMIN = "YES",
MAX_TOKEN_TIME = "86400"
]
AUTH_MAD_CONF = [
NAME = "server_cipher",
PASSWORD_CHANGE = "NO",
DRIVER_MANAGED_GROUPS = "NO",
DRIVER_MANAGED_GROUP_ADMIN = "NO",
MAX_TOKEN_TIME = "-1"
]
AUTH_MAD_CONF = [
NAME = "server_x509",
PASSWORD_CHANGE = "NO",
DRIVER_MANAGED_GROUPS = "NO",
DRIVER_MANAGED_GROUP_ADMIN = "NO",
MAX_TOKEN_TIME = "-1"
]
#*******************************************************************************
# Virtual Network Driver Behavior Definition
#*******************************************************************************
# The configuration for each driver is defined in VN_MAD_CONF. These
# values must not be modified since they define the driver behavior.
# name : name of the auth driver
# BRIDGE_TYPE : define the technology used by the driver
#*******************************************************************************
VN_MAD_CONF = [
NAME = "dummy",
BRIDGE_TYPE = "linux"
]
VN_MAD_CONF = [
NAME = "802.1Q",
BRIDGE_TYPE = "linux"
]
VN_MAD_CONF = [
NAME = "ebtables",
BRIDGE_TYPE = "linux"
]
VN_MAD_CONF = [
NAME = "fw",
BRIDGE_TYPE = "linux"
]
VN_MAD_CONF = [
NAME = "ovswitch",
BRIDGE_TYPE = "openvswitch"
#openvswitch or openvswitch_dpdk
]
VN_MAD_CONF = [
NAME = "vxlan",
BRIDGE_TYPE = "linux"
]
VN_MAD_CONF = [
NAME = "vcenter",
BRIDGE_TYPE = "vcenter_port_groups"
]
VN_MAD_CONF = [
NAME = "ovswitch_vxlan",
BRIDGE_TYPE = "openvswitch"
]
VN_MAD_CONF = [
NAME = "bridge",
BRIDGE_TYPE = "linux"
]
VN_MAD_CONF = [
NAME = "elastic",
BRIDGE_TYPE = "linux"
]
VN_MAD_CONF = [
NAME = "nodeport",
BRIDGE_TYPE = "linux"
]
View Git Blame Copy Permalink