diff --git a/tmpl/OpenNebulaNetwork.conf b/tmpl/OpenNebulaNetwork.conf index 4ee2c85..b0aefed 100644 --- a/tmpl/OpenNebulaNetwork.conf +++ b/tmpl/OpenNebulaNetwork.conf @@ -1,5 +1,5 @@ # -------------------------------------------------------------------------- # -# Copyright 2002-2014, OpenNebula Project (OpenNebula.org), C12G Labs # +# Copyright 2002-2017, OpenNebula Project, OpenNebula Systems # # # # Licensed under the Apache License, Version 2.0 (the "License"); you may # # not use this file except in compliance with the License. You may obtain # @@ -15,11 +15,22 @@ #--------------------------------------------------------------------------- # ################################################################################ -# General Options +# Overriding Options in Network Template ################################################################################ +# +# Option can be overridden or added per network using this format +# in the network template: +# +# CONF="vxlan_mc=239.0.100.0,test=false,validate_vlan_id=true" +# BRIDGE_CONF="sethello=6" +# IP_LINK_CONF="tos=10,udpcsum=,udp6zerocsumrx=__delete__" +# +# Options can have empty value when they don't need a parameter. Also the +# special value "__delete__" can be used to delete parameters set here. -# Configure the initial VLAN ID tag (corresponds to vnet ID = 0) -:start_vlan: 2 +# Set to true to check that no other vlans are connected to the bridge. +# Works with 802.1Q and VXLAN. +:validate_vlan_id: false ################################################################################ # Open vSwitch Options @@ -32,3 +43,44 @@ :arp_cache_poisoning: false %end if +################################################################################ +# 802.1Q Options +################################################################################ + +# Default MTU for the 802.1Q interface +:vlan_mtu: 1500 + +################################################################################ +# VXLAN Options +################################################################################ + +# Base multicast address for each VLAN. The mc address is :vxlan_mc + :vlan_id +:vxlan_mc: 239.0.0.0 +# Time To Live (TTL) should be > 1 in routed multicast networks (IGMP) +:vxlan_ttl: 16 +# Default MTU for the VXLAN interface +:vxlan_mtu: 1500 + + +################################################################################ +# Bridge and Interface Creation Options +################################################################################ + +# These options will execute brctl commands with these values. For example, +# this option will execute: +# +# brctl stp on +# +# :bridge_conf: +# :stp: on + + +# These options will be added to the ip link add command. For example: +# +# sudo ip link add lxcbr0.260 type vxlan id 260 group 239.0.101.4 \ +# ttl 16 dev lxcbr0 udp6zerocsumrx tos 3 +# +# :ip_link_conf: +# :udp6zerocsumrx: +# :tos: 3 + diff --git a/tmpl/oned.conf b/tmpl/oned.conf index bc78144..575d6de 100644 --- a/tmpl/oned.conf +++ b/tmpl/oned.conf @@ -42,7 +42,8 @@ # VNC_PORTS: VNC port pool for automatic VNC port assignment, if possible the # port will be set to ``START`` + ``VMID`` # start : first port to assign -# reserved: comma separated list of ports +# reserved: comma separated list of ports or ranges. Two numbers separated by +# a colon indicate a range. # # LOG: Configuration for the logging system # system: defines the logging system: @@ -80,15 +81,23 @@ LISTEN_ADDRESS = "127.0.0.1" DB = [ BACKEND = "sqlite" ] +# Sample configuration for MySQL +# DB = [ BACKEND = "mysql", +# SERVER = "localhost", +# PORT = 0, +# USER = "oneadmin", +# PASSWD = "oneadmin", +# DB_NAME = "opennebula" ] + VNC_PORTS = [ - START = 5901, - RESERVED = "5900" + START = 5900 +# RESERVED = "6800, 6801, 6810:6820, 9869" ] #VM_SUBMIT_ON_HOLD = "NO" #******************************************************************************* -# Federation configuration attributes +# Federation & HA configuration attributes #------------------------------------------------------------------------------- # Control the federation capabilities of oned. Operation in a federated setup # requires a special DB configuration. @@ -99,16 +108,70 @@ VNC_PORTS = [ # MASTER this oned is the master zone of the federation # SLAVE this oned is a slave zone # ZONE_ID: The zone ID as returned by onezone command +# SERVER_ID: ID identifying this server in the zone as returned by the +# onezone server-add command. This ID controls the HA configuration of +# OpenNebula: +# -1 (default) OpenNebula will operate in "solo" mode no HA +# Operate in HA (leader election and state replication) # MASTER_ONED: The xml-rpc endpoint of the master oned, e.g. # http://master.one.org:2633/RPC2 +# +# +# RAFT: Algorithm attributes +# LOG_RETENTION: Number of DB log records kept, it determines the +# synchronization window across servers and extra storage space needed. +# LOG_PURGE_TIMEOUT: How often applied records are purged according the log +# retention value. (in seconds) +# ELECTION_TIMEOUT_MS: Timeout to start a election process if no heartbeat +# or log is received from leader. +# BROADCAST_TIMEOUT_MS: How often heartbeats are sent to followers. +# XMLRPC_TIMEOUT_MS: To timeout raft related API calls +# +# RAFT_LEADER_HOOK: Executed when a server transits from follower->leader +# The purpose of this hook is to configure the Virtual IP. +# COMMAND: raft/vip.sh is a fully working script, this should not be changed +# ARGUMENTS: and must be replaced. For example +# ARGUMENTS = "leader ens1 10.0.0.2/24" +# +# RAFT_FOLLOWER_HOOK: Executed when a server transits from leader->follower +# The purpose of this hook is to configure the Virtual IP. +# COMMAND: raft/vip.sh is a fully working script, this should not be changed +# ARGUMENTS: and must be replaced. For example +# ARGUMENTS = "follower ens1 10.0.0.2/24" +# +# NOTE: Timeout tunning depends on the latency of the servers (network and load) +# as well as the max downtime tolerated by the system. Timeouts needs to be +# greater than 10ms +# #******************************************************************************* FEDERATION = [ - MODE = "STANDALONE", - ZONE_ID = 0, - MASTER_ONED = "" + MODE = "STANDALONE", + ZONE_ID = 0, + SERVER_ID = -1, + MASTER_ONED = "" ] +RAFT = [ + LOG_RETENTION = 500000, + LOG_PURGE_TIMEOUT = 600, + ELECTION_TIMEOUT_MS = 2500, + BROADCAST_TIMEOUT_MS = 500, + XMLRPC_TIMEOUT_MS = 2000 +] + +# Executed when a server transits from follower->leader +# RAFT_LEADER_HOOK = [ +# COMMAND = "raft/vip.sh", +# ARGUMENTS = "leader " +# ] + +# Executed when a server transits from leader->follower +# RAFT_FOLLOWER_HOOK = [ +# COMMAND = "raft/vip.sh", +# ARGUMENTS = "follower " +# ] + #******************************************************************************* # Default showback cost #------------------------------------------------------------------------------- @@ -185,12 +248,17 @@ DEFAULT_COST = [ # is for 802.1Q networks (Open vSwitch and 802.1Q drivers). The driver # will try first to allocate VLAN_IDS[START] + VNET_ID # start: First VLAN_ID to use -# reserved: Comma separated list of VLAN_IDs +# reserved: Comma separated list of VLAN_IDs or ranges. Two numbers +# separated by a colon indicate a range. # # VXLAN_IDS: Automatic VXLAN Network ID (VNI) assignment. This is used # for vxlan networks. # start: First VNI to use # NOTE: reserved is not supported by this pool +# +# PCI_PASSTHROUGH_BUS: Default bus to attach passthrough devices in the guest, +# in hex notation. It may be overwritten in the PCI device using the BUS +# attribute. #******************************************************************************* NETWORK_SIZE = 254 @@ -206,6 +274,8 @@ VXLAN_IDS = [ START = "2" ] +#PCI_PASSTHROUGH_BUS = "0x01" + #******************************************************************************* # DataStore Configuration #******************************************************************************* @@ -230,17 +300,27 @@ VXLAN_IDS = [ # vd KVM virtual disk # # DEFAULT_CDROM_DEVICE_PREFIX: Same as above but for CDROM devices. +# +# DEFAULT_IMAGE_PERSISTENT: Control the default value for the PERSISTENT +# attribute on image creation (oneimage clone, onevm disk-saveas). If blank +# images will inherit the persistent attribute from the base image. +# +# DEFAULT_IMAGE_PERSISTENT_NEW: Control the default value for the PERSISTENT +# attribute on image creation (oneimage create). By default images are no +# persistent if not set. #******************************************************************************* #DATASTORE_LOCATION = /var/lib/one/datastores DATASTORE_CAPACITY_CHECK = "yes" -DEFAULT_IMAGE_TYPE = "OS" -DEFAULT_DEVICE_PREFIX = "vd" - +DEFAULT_DEVICE_PREFIX = "vd" DEFAULT_CDROM_DEVICE_PREFIX = "hd" +DEFAULT_IMAGE_TYPE = "OS" +#DEFAULT_IMAGE_PERSISTENT = "" +#DEFAULT_IMAGE_PERSISTENT_NEW = "" + #******************************************************************************* # Information Driver Configuration #******************************************************************************* @@ -270,6 +350,7 @@ DEFAULT_CDROM_DEVICE_PREFIX = "hd" # -i Time in seconds of the monitorization push cycle. This parameter must # be smaller than MONITORING_INTERVAL, otherwise push monitorization will # not be effective. +# -w Timeout in seconds to execute external commands (default unlimited) #------------------------------------------------------------------------------- IM_MAD = [ NAME = "collectd", @@ -281,6 +362,7 @@ IM_MAD = [ # KVM UDP-push Information Driver Manager Configuration # -r number of retries when monitoring a host # -t number of threads, i.e. number of hosts monitored at the same time +# -w Timeout in seconds to execute external commands (default unlimited) #------------------------------------------------------------------------------- IM_MAD = [ NAME = "kvm", @@ -293,6 +375,7 @@ IM_MAD = [ # KVM SSH-pull Information Driver Manager Configuration # -r number of retries when monitoring a host # -t number of threads, i.e. number of hosts monitored at the same time +# -w Timeout in seconds to execute external commands (default unlimited) #------------------------------------------------------------------------------- # IM_MAD = [ # NAME = "kvm", @@ -305,30 +388,33 @@ IM_MAD = [ # vCenter Information Driver Manager Configuration # -r number of retries when monitoring a host # -t number of threads, i.e. number of hosts monitored at the same time +# -w Timeout in seconds to execute external commands (default unlimited) #------------------------------------------------------------------------------- -#IM_MAD = [ -# NAME = "vcenter", -# SUNSTONE_NAME = "VMWare vCenter", -# EXECUTABLE = "one_im_sh", -# ARGUMENTS = "-c -t 15 -r 0 vcenter" ] +IM_MAD = [ + NAME = "vcenter", + SUNSTONE_NAME = "VMWare vCenter", + EXECUTABLE = "one_im_sh", + ARGUMENTS = "-c -t 15 -r 0 vcenter" ] #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- # EC2 Information Driver Manager Configuration # -r number of retries when monitoring a host # -t number of threads, i.e. number of hosts monitored at the same time +# -w Timeout in seconds to execute external commands (default unlimited) #------------------------------------------------------------------------------- #IM_MAD = [ # NAME = "ec2", # SUNSTONE_NAME = "Amazon EC2", # EXECUTABLE = "one_im_sh", -# ARGUMENTS = "-c -t 1 -r 0 ec2" ] +# ARGUMENTS = "-c -t 1 -r 0 -w 600 ec2" ] #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- # Azure Information Driver Manager Configuration # -r number of retries when monitoring a host # -t number of threads, i.e. number of hosts monitored at the same time +# -w Timeout in seconds to execute external commands (default unlimited) #------------------------------------------------------------------------------- #IM_MAD = [ # NAME = "az", @@ -363,7 +449,7 @@ IM_MAD = [ # # type : driver type, supported drivers: xen, kvm, xml # -# keep_snapshots: do not remove snapshots on power on/off cycles and live +# keep_snapshots: do not remove snapshots on power on/off cycles and live # migrations if the hypervisor supports that. # # imported_vms_actions : comma-separated list of actions supported @@ -405,6 +491,7 @@ IM_MAD = [ # An example: "-l migrate=migrate_local,save" # -p more than one action per host in parallel, needs support from hypervisor # -s to execute remote commands, bash by default +# -w Timeout in seconds to execute external commands (default unlimited) # # Note: You can use type = "qemu" to use qemu emulated guests, e.g. if your # CPU does not have virtualization extensions or use nested Qemu-KVM hosts @@ -416,7 +503,7 @@ VM_MAD = [ ARGUMENTS = "-t 15 -r 0 kvm", DEFAULT = "vmm_exec/vmm_exec_kvm.conf", TYPE = "kvm", - KEEP_SNAPSHOTS = "no", + KEEP_SNAPSHOTS = "yes", IMPORTED_VMS_ACTIONS = "terminate, terminate-hard, hold, release, suspend, resume, delete, reboot, reboot-hard, resched, unresched, disk-attach, disk-detach, nic-attach, nic-detach, snap-create, snap-delete" @@ -432,32 +519,35 @@ VM_MAD = [ # -s to execute commands, bash by default # -d default snapshot strategy. It can be either 'detach' or 'suspend'. It # defaults to 'suspend'. +# -w Timeout in seconds to execute external commands (default unlimited) #------------------------------------------------------------------------------- -#VM_MAD = [ -# NAME = "vcenter", -# SUNSTONE_NAME = "VMWare vCenter", -# EXECUTABLE = "one_vmm_sh", -# ARGUMENTS = "-p -t 15 -r 0 vcenter -s sh", -# DEFAULT = "vmm_exec/vmm_exec_vcenter.conf", -# TYPE = "xml", -# KEEP_SNAPSHOTS = "yes", -# IMPORTED_VMS_ACTIONS = "terminate, terminate-hard, hold, release, suspend, -# resume, delete, reboot, reboot-hard, resched, unresched, poweroff, -# poweroff-hard, disk-attach, disk-detach, nic-attach, nic-detach, -# snap-create, snap-delete" -#] +VM_MAD = [ + NAME = "vcenter", + SUNSTONE_NAME = "VMWare vCenter", + EXECUTABLE = "one_vmm_sh", + ARGUMENTS = "-p -t 15 -r 0 vcenter -s sh", + DEFAULT = "vmm_exec/vmm_exec_vcenter.conf", + TYPE = "xml", + KEEP_SNAPSHOTS = "yes", + IMPORTED_VMS_ACTIONS = "terminate, terminate-hard, hold, release, suspend, + resume, delete, reboot, reboot-hard, resched, unresched, poweroff, + poweroff-hard, disk-attach, disk-detach, nic-attach, nic-detach, + snap-create, snap-delete" +] #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- # EC2 Virtualization Driver Manager Configuration # -r number of retries when monitoring a host # -t number of threads, i.e. number of actions performed at the same time +# -w Timeout in seconds to execute external commands (default unlimited) +# -p more than one action per host in parallel, needs support from hypervisor #------------------------------------------------------------------------------- #VM_MAD = [ # NAME = "ec2", # SUNSTONE_NAME = "Amazon EC2", # EXECUTABLE = "one_vmm_sh", -# ARGUMENTS = "-t 15 -r 0 ec2", +# ARGUMENTS = "-t 15 -r 0 -w 600 -p ec2", # TYPE = "xml", # KEEP_SNAPSHOTS = "no", # IMPORTED_VMS_ACTIONS = "terminate, terminate-hard, hold, release, suspend, @@ -471,6 +561,7 @@ VM_MAD = [ # Azure Virtualization Driver Manager Configuration # -r number of retries when monitoring a host # -t number of threads, i.e. number of actions performed at the same time +# -w Timeout in seconds to execute external commands (default unlimited) #------------------------------------------------------------------------------- #VM_MAD = [ # NAME = "az", @@ -507,6 +598,7 @@ VM_MAD = [ # -t: number of threads, i.e. number of transfers made at the same time # -d: list of transfer drivers separated by commas, if not defined all the # drivers available will be enabled +# -w: Timeout in seconds to execute external commands (default unlimited) #******************************************************************************* TM_MAD = [ @@ -526,11 +618,12 @@ TM_MAD = [ # -t number of threads, i.e. number of repo operations at the same time # -d datastore mads separated by commas # -s system datastore tm drivers, used to monitor shared system ds. +# -w Timeout in seconds to execute external commands (default unlimited) #******************************************************************************* DATASTORE_MAD = [ EXECUTABLE = "one_datastore", - ARGUMENTS = "-t 15 -d dummy,fs,lvm,ceph,dev,iscsi_libvirt,vcenter -s shared,ssh,ceph,fs_lvm,qcow2" + ARGUMENTS = "-t 15 -d dummy,fs,lvm,ceph,dev,iscsi_libvirt,vcenter -s shared,ssh,ceph,fs_lvm,qcow2,vcenter" ] #******************************************************************************* @@ -544,6 +637,8 @@ DATASTORE_MAD = [ # arguments : for the driver executable # -t number of threads, i.e. number of repo operations at the same time # -m marketplace mads separated by commas +# --proxy proxy address if required to access the internet +# -w Timeout in seconds to execute external commands (default unlimited) #******************************************************************************* MARKET_MAD = [ @@ -566,10 +661,9 @@ MARKET_MAD = [ IPAM_MAD = [ EXECUTABLE = "one_ipam", - ARGUMENTS = "-t 1 -i dummy" + ARGUMENTS = "-t 1 -i dummy" ] - #******************************************************************************* # Hook Manager Configuration #******************************************************************************* @@ -749,19 +843,34 @@ USER_HOOK = [ HM_MAD = [ EXECUTABLE = "one_hm" ] +#VNET_HOOK = [ +# name = "vcenter_net_create", +# on = "CREATE", +# command = "vcenter/create_vcenter_net.rb", +# arguments = "$ID $TEMPLATE"] + +#VNET_HOOK = [ +# name = "vcenter_net_delete", +# on = "REMOVE", +# command = "vcenter/delete_vcenter_net.rb", +# arguments = "$ID $TEMPLATE"] + #******************************************************************************* # Fault Tolerance Hooks #******************************************************************************* # This hook is used to perform recovery actions when a host fails. # Script to implement host failure tolerance -# It can be set to -# -m migrate VMs to another host. Only for images in shared storage +# One of the following modes must be chosen +# -m resched VMs to another host. (Only for images in shared storage!) # -r recreate VMs running in the host. State will be lost. # -d delete VMs running in the host +# # Additional flags -# -f force resubmission of suspended VMs -# -p avoid resubmission if host comes -# back after n monitoring cycles +# -f resubmit suspended and powered off VMs (only for recreate) +# -p avoid resubmission if host comes back after n monitoring +# cycles. 0 to disable it. Default is 2. +# -u disables fencing. Fencing is enabled by default. Don't disable it +# unless you are very sure about what you're doing #******************************************************************************* # #HOST_HOOK = [ @@ -771,7 +880,6 @@ HM_MAD = [ # ARGUMENTS = "$ID -m -p 5", # REMOTE = "no" ] #------------------------------------------------------------------------------- -# %if %%getVar('activer_hooks', 'non') == 'oui' #******************************************************************************* @@ -814,7 +922,6 @@ USER_HOOK = [ %end if - #******************************************************************************* # Auth Manager Configuration #******************************************************************************* @@ -850,38 +957,15 @@ USER_HOOK = [ # the new object's permissions to 640 "um- u-- ---" #******************************************************************************* - -%if %%getVar('sunstone_auth_modes', 'non') == 'non' AUTH_MAD = [ EXECUTABLE = "one_auth_mad", - AUTHN = "ssh,x509,server_cipher,server_x509" -] - -AUTH_MAD_CONF = [ - NAME = "core", - PASSWORD_CHANGE = "YES", - DRIVER_MANAGED_GROUPS = "NO", - MAX_TOKEN_TIME = "-1" -] -%else -AUTH_MAD = [ - EXECUTABLE = "one_auth_mad", - AUTHN = "ssh,x509,server_cipher,server_x509,%%getVar('sunstone_auth_modes','')" + AUTHN = "ssh,x509,ldap,server_cipher,server_x509" ] +%if %%getVar('sunstone_auth_modes','') == 'ldap' DEFAULT_AUTH = "ldap" - - %if %%getVar('sunstone_auth_modes','') == 'ldap' -AUTH_MAD_CONF = [ - NAME = "ldap", - PASSWORD_CHANGE = "YES", - DRIVER_MANAGED_GROUPS = "NO", - MAX_TOKEN_TIME = "86400" -] - %end if %end if - SESSION_EXPIRATION_TIME = 900 #ENABLE_OTHER_PERMISSIONS = "YES" @@ -897,6 +981,28 @@ DEFAULT_UMASK = 177 #ONEGATE_ENDPOINT = "http://frontend:5030" +#******************************************************************************* +# VM Operations Permissions +#****************************************************************************** +# The following parameters define the operations associated to the ADMIN, +# MANAGE and USE permissions. Note that some VM operations require additional +# permissions on other objects. Also some operations refers to a class of +# actions: +# - disk-snapshot, includes create, delete and revert actions +# - disk-attach, includes attach and detach actions +# - nic-attach, includes attach and detach actions +# - snapshot, includes create, delete and revert actions +# - resched, includes resched and unresched actions +#****************************************************************************** + +VM_ADMIN_OPERATIONS = "migrate, delete, recover, retry, deploy, resched" + +VM_MANAGE_OPERATIONS = "undeploy, hold, release, stop, suspend, resume, reboot, + poweroff, disk-attach, nic-attach, disk-snapshot, terminate, disk-resize, + snapshot, updateconf, rename, resize, update, disk-saveas" + +VM_USE_OPERATIONS = "" + #******************************************************************************* # Restricted Attributes Configuration #******************************************************************************* @@ -907,22 +1013,42 @@ VM_RESTRICTED_ATTR = "CONTEXT/FILES" VM_RESTRICTED_ATTR = "NIC/MAC" VM_RESTRICTED_ATTR = "NIC/VLAN_ID" VM_RESTRICTED_ATTR = "NIC/BRIDGE" +#VM_RESTRICTED_ATTR = "NIC/INBOUND_AVG_BW" +#VM_RESTRICTED_ATTR = "NIC/INBOUND_PEAK_BW" +#VM_RESTRICTED_ATTR = "NIC/INBOUND_PEAK_KB" +#VM_RESTRICTED_ATTR = "NIC/OUTBOUND_AVG_BW" +#VM_RESTRICTED_ATTR = "NIC/OUTBOUND_PEAK_BW" +#VM_RESTRICTED_ATTR = "NIC/OUTBOUND_PEAK_KB" +#VM_RESTRICTED_ATTR = "NIC/OPENNEBULA_MANAGED" +#VM_RESTRICTED_ATTR = "NIC/VCENTER_INSTANCE_ID" +#VM_RESTRICTED_ATTR = "NIC/VCENTER_NET_REF" +#VM_RESTRICTED_ATTR = "NIC/VCENTER_PORTGROUP_TYPE" VM_RESTRICTED_ATTR = "NIC_DEFAULT/MAC" VM_RESTRICTED_ATTR = "NIC_DEFAULT/VLAN_ID" VM_RESTRICTED_ATTR = "NIC_DEFAULT/BRIDGE" -VM_RESTRICTED_ATTR = "DISK/TOTAL_BYTES_SEC" -VM_RESTRICTED_ATTR = "DISK/READ_BYTES_SEC" -VM_RESTRICTED_ATTR = "DISK/WRITE_BYTES_SEC" -VM_RESTRICTED_ATTR = "DISK/TOTAL_IOPS_SEC" -VM_RESTRICTED_ATTR = "DISK/READ_IOPS_SEC" -VM_RESTRICTED_ATTR = "DISK/WRITE_IOPS_SEC" +#VM_RESTRICTED_ATTR = "DISK/TOTAL_BYTES_SEC" +#VM_RESTRICTED_ATTR = "DISK/READ_BYTES_SEC" +#VM_RESTRICTED_ATTR = "DISK/WRITE_BYTES_SEC" +#VM_RESTRICTED_ATTR = "DISK/TOTAL_IOPS_SEC" +#VM_RESTRICTED_ATTR = "DISK/READ_IOPS_SEC" +#VM_RESTRICTED_ATTR = "DISK/WRITE_IOPS_SEC" +#VM_RESTRICTED_ATTR = "DISK/OPENNEBULA_MANAGED" +#VM_RESTRICTED_ATTR = "DISK/VCENTER_DS_REF" +#VM_RESTRICTED_ATTR = "DISK/VCENTER_INSTANCE_ID" #VM_RESTRICTED_ATTR = "DISK/SIZE" -VM_RESTRICTED_ATTR = "DISK/ORIGINAL_SIZE" +#VM_RESTRICTED_ATTR = "DISK/ORIGINAL_SIZE" +#VM_RESTRICTED_ATTR = "DISK/SIZE_PREV" VM_RESTRICTED_ATTR = "CPU_COST" VM_RESTRICTED_ATTR = "MEMORY_COST" VM_RESTRICTED_ATTR = "DISK_COST" VM_RESTRICTED_ATTR = "PCI" -VM_RESTRICTED_ATTR = "USER_INPUTS" +VM_RESTRICTED_ATTR = "EMULATOR" +VM_RESTRICTED_ATTR = "RAW" +VM_RESTRICTED_ATTR = "USER_PRIORITY" +#VM_RESTRICTED_ATTR = "USER_INPUTS/CPU" +#VM_RESTRICTED_ATTR = "USER_INPUTS/MEMORY" +#VM_RESTRICTED_ATTR = "USER_INPUTS/VCPU" +#VM_RESTRICTED_ATTR = "TEMPLATE/VCENTER_VM_FOLDER" #VM_RESTRICTED_ATTR = "RANK" #VM_RESTRICTED_ATTR = "SCHED_RANK" @@ -930,6 +1056,7 @@ VM_RESTRICTED_ATTR = "USER_INPUTS" #VM_RESTRICTED_ATTR = "SCHED_REQUIREMENTS" IMAGE_RESTRICTED_ATTR = "SOURCE" +#IMAGE_RESTRICTED_ATTR = "TEMPLATE/VCENTER_IMPORTED" #******************************************************************************* # The following restricted attributes only apply to VNets that are a reservation. @@ -940,6 +1067,9 @@ VNET_RESTRICTED_ATTR = "VN_MAD" VNET_RESTRICTED_ATTR = "PHYDEV" VNET_RESTRICTED_ATTR = "VLAN_ID" VNET_RESTRICTED_ATTR = "BRIDGE" +VNET_RESTRICTED_ATTR = "CONF" +VNET_RESTRICTED_ATTR = "BRIDGE_CONF" +VNET_RESTRICTED_ATTR = "IP_LINK_CONF" VNET_RESTRICTED_ATTR = "AR/VN_MAD" VNET_RESTRICTED_ATTR = "AR/PHYDEV" @@ -969,6 +1099,7 @@ VNET_RESTRICTED_ATTR = "AR/BRIDGE" INHERIT_DATASTORE_ATTR = "CEPH_HOST" INHERIT_DATASTORE_ATTR = "CEPH_SECRET" +INHERIT_DATASTORE_ATTR = "CEPH_KEY" INHERIT_DATASTORE_ATTR = "CEPH_USER" INHERIT_DATASTORE_ATTR = "CEPH_CONF" INHERIT_DATASTORE_ATTR = "POOL_NAME" @@ -986,15 +1117,39 @@ INHERIT_DATASTORE_ATTR = "GLUSTER_HOST" INHERIT_DATASTORE_ATTR = "GLUSTER_VOLUME" INHERIT_DATASTORE_ATTR = "DISK_TYPE" -INHERIT_DATASTORE_ATTR = "ADAPTER_TYPE" +INHERIT_DATASTORE_ATTR = "ALLOW_ORPHANS" + +INHERIT_DATASTORE_ATTR = "VCENTER_ADAPTER_TYPE" +INHERIT_DATASTORE_ATTR = "VCENTER_DISK_TYPE" +INHERIT_DATASTORE_ATTR = "VCENTER_DS_REF" +INHERIT_DATASTORE_ATTR = "VCENTER_DS_IMAGE_DIR" +INHERIT_DATASTORE_ATTR = "VCENTER_DS_VOLATILE_DIR" +INHERIT_DATASTORE_ATTR = "VCENTER_INSTANCE_ID" INHERIT_IMAGE_ATTR = "DISK_TYPE" -INHERIT_IMAGE_ATTR = "ADAPTER_TYPE" +INHERIT_IMAGE_ATTR = "VCENTER_ADAPTER_TYPE" +INHERIT_IMAGE_ATTR = "VCENTER_DISK_TYPE" INHERIT_VNET_ATTR = "VLAN_TAGGED_ID" INHERIT_VNET_ATTR = "FILTER_IP_SPOOFING" INHERIT_VNET_ATTR = "FILTER_MAC_SPOOFING" INHERIT_VNET_ATTR = "MTU" +INHERIT_VNET_ATTR = "INBOUND_AVG_BW" +INHERIT_VNET_ATTR = "INBOUND_PEAK_BW" +INHERIT_VNET_ATTR = "INBOUND_PEAK_KB" +INHERIT_VNET_ATTR = "OUTBOUND_AVG_BW" +INHERIT_VNET_ATTR = "OUTBOUND_PEAK_BW" +INHERIT_VNET_ATTR = "OUTBOUND_PEAK_KB" +INHERIT_VNET_ATTR = "CONF" +INHERIT_VNET_ATTR = "BRIDGE_CONF" +INHERIT_VNET_ATTR = "IP_LINK_CONF" + +INHERIT_VNET_ATTR = "VCENTER_NET_REF" +INHERIT_VNET_ATTR = "VCENTER_SWITCH_NAME" +INHERIT_VNET_ATTR = "VCENTER_SWITCH_NPORTS" +INHERIT_VNET_ATTR = "VCENTER_PORTGROUP_TYPE" +INHERIT_VNET_ATTR = "VCENTER_CCR_REF" +INHERIT_VNET_ATTR = "VCENTER_INSTANCE_ID" #******************************************************************************* # Transfer Manager Driver Behavior Configuration @@ -1018,6 +1173,7 @@ INHERIT_VNET_ATTR = "MTU" # among the different hosts or not. Valid values: "yes" or "no" # ds_migrate : The driver allows migrations across datastores. Valid values: # "yes" or "no". Note: THIS ONLY APPLIES TO SYSTEM DS. +# allow_orphans: Snapshots can live without parents #******************************************************************************* TM_MAD_CONF = [ @@ -1035,11 +1191,13 @@ TM_MAD_CONF = [ ] TM_MAD_CONF = [ - NAME = "fs_lvm", LN_TARGET = "SYSTEM", CLONE_TARGET = "SYSTEM", SHARED="YES" + NAME = "fs_lvm", LN_TARGET = "SYSTEM", CLONE_TARGET = "SYSTEM", SHARED="YES", + DRIVER = "raw" ] TM_MAD_CONF = [ - NAME = "qcow2", LN_TARGET = "NONE", CLONE_TARGET = "SYSTEM", SHARED = "YES" + NAME = "qcow2", LN_TARGET = "NONE", CLONE_TARGET = "SYSTEM", SHARED = "YES", + DRIVER = "qcow2" ] TM_MAD_CONF = [ @@ -1049,7 +1207,7 @@ TM_MAD_CONF = [ TM_MAD_CONF = [ NAME = "ceph", LN_TARGET = "NONE", CLONE_TARGET = "SELF", SHARED = "YES", - DS_MIGRATE = "NO" + DS_MIGRATE = "NO", DRIVER = "raw", ALLOW_ORPHANS="yes" ] TM_MAD_CONF = [ @@ -1062,7 +1220,7 @@ TM_MAD_CONF = [ ] TM_MAD_CONF = [ - NAME = "vcenter", LN_TARGET = "NONE", CLONE_TARGET = "NONE", SHARED = "YES" + NAME = "vcenter", LN_TARGET = "NONE", CLONE_TARGET = "SYSTEM", SHARED = "YES" ] #******************************************************************************* @@ -1110,7 +1268,9 @@ DS_MAD_CONF = [ ] DS_MAD_CONF = [ - NAME = "vcenter", REQUIRED_ATTRS = "VCENTER_CLUSTER", PERSISTENT_ONLY = "YES", + NAME = "vcenter", + REQUIRED_ATTRS = "VCENTER_INSTANCE_ID, VCENTER_DS_REF, VCENTER_DC_REF", + PERSISTENT_ONLY = "NO", MARKETPLACE_ACTIONS = "export" ] @@ -1152,3 +1312,68 @@ MARKET_MAD_CONF = [ REQUIRED_ATTRS = "ACCESS_KEY_ID,SECRET_ACCESS_KEY,REGION,BUCKET", APP_ACTIONS = "create, delete, monitor" ] + +#******************************************************************************* +# Authentication Driver Behavior Definition +#******************************************************************************* +# The configuration for each driver is defined in AUTH_MAD_CONF. These +# values must not be modified since they define the driver behavior. +# name : name of the auth driver +# password_change : allow the end users to change their own password. Oneadmin +# can still change other user's passwords +# driver_managed_groups : allow the driver to set the user's group even after +# user creation. In this case addgroup, delgroup and chgrp +# will be disabled, with the exception of chgrp to one of +# the groups in the list of secondary groups +# max_token_time : limit the maximum token validity, in seconds. Use -1 for +# unlimited maximum, 0 to disable login tokens +#******************************************************************************* + +AUTH_MAD_CONF = [ + NAME = "core", + PASSWORD_CHANGE = "YES", + DRIVER_MANAGED_GROUPS = "NO", + MAX_TOKEN_TIME = "-1" +] + +AUTH_MAD_CONF = [ + NAME = "public", + PASSWORD_CHANGE = "NO", + DRIVER_MANAGED_GROUPS = "NO", + MAX_TOKEN_TIME = "-1" +] + +AUTH_MAD_CONF = [ + NAME = "ssh", + PASSWORD_CHANGE = "YES", + DRIVER_MANAGED_GROUPS = "NO", + MAX_TOKEN_TIME = "-1" +] + +AUTH_MAD_CONF = [ + NAME = "x509", + PASSWORD_CHANGE = "NO", + DRIVER_MANAGED_GROUPS = "NO", + MAX_TOKEN_TIME = "-1" +] + +AUTH_MAD_CONF = [ + NAME = "ldap", + PASSWORD_CHANGE = "YES", + DRIVER_MANAGED_GROUPS = "NO", + MAX_TOKEN_TIME = "86400" +] + +AUTH_MAD_CONF = [ + NAME = "server_cipher", + PASSWORD_CHANGE = "NO", + DRIVER_MANAGED_GROUPS = "NO", + MAX_TOKEN_TIME = "-1" +] + +AUTH_MAD_CONF = [ + NAME = "server_x509", + PASSWORD_CHANGE = "NO", + DRIVER_MANAGED_GROUPS = "NO", + MAX_TOKEN_TIME = "-1" +] diff --git a/tmpl/vmm_exec_kvm.conf b/tmpl/vmm_exec_kvm.conf index fa4af11..0bbbdb7 100644 --- a/tmpl/vmm_exec_kvm.conf +++ b/tmpl/vmm_exec_kvm.conf @@ -1,5 +1,5 @@ # -------------------------------------------------------------------------- # -# Copyright 2002-2013, OpenNebula Project (OpenNebula.org), C12G Labs # +# Copyright 2002-2017, OpenNebula Project, OpenNebula Systems # # # # Licensed under the Apache License, Version 2.0 (the "License"); you may # # not use this file except in compliance with the License. You may obtain # @@ -18,21 +18,22 @@ # (all domains will use these values as defaults). These values can # be overridden in each VM template. Valid atributes are: # - emulator -# - os [kernel,initrd,boot,root,kernel_cmd,arch] +# - os [kernel,initrd,boot,root,kernel_cmd,arch,machine] # - vcpu -# - features [acpi, pae] -# - disk [driver, cache, io] +# - features [acpi, pae, apic, hyperv, localtime, guest_agent, virtio_scsi_queues] +# - disk [driver, cache, io, discard, total_bytes_sec, total_iops_sec, read_bytes_sec, write_bytes_sec, read_iops_sec, write_iops_sec] # - nic [filter, model] # - raw +# - hyperv_options: options used for FEATURES = [ HYPERV = yes ] +# NOTE: raw attribute value is appended to that on the VM template -#EMULATOR = /usr/libexec/qemu-kvm +EMULATOR = /usr/bin/qemu-system-x86_64 #VCPU = 1 -OS = [ boot = "hd", arch = "x86_64" ] -FEATURES = [ PAE = "no", ACPI = "yes" ] - -NIC = [ model = "virtio" ] +OS = [ arch = "x86_64" ] +FEATURES = [ PAE = "no", ACPI = "yes", APIC = "no", HYPERV = "no", GUEST_AGENT = "no", + VIRTIO_SCSI_QUEUES = "0" ] %if %%getVar('activer_onesinglenode','non') == 'oui' %if %%getVar('one_disk_cache','non') == 'oui' @@ -44,3 +45,23 @@ DISK = [ driver = "qcow2" , cache = "none", DEV_PREFIX="vd" ] RAW = "" %end if %end if + +NIC = [ model = "virtio" ] + +#NIC = [ filter = "clean-traffic", model="virtio" ] +#RAW = "" + +HYPERV_OPTIONS="" + +SPICE_OPTIONS=" + + + + + + + + " +