Update OpenNebula configuration to match 5.4.1

Ref: #21703
This commit is contained in:
Daniel Dehennin 2017-10-16 15:37:28 +02:00
parent 97b8edde6b
commit 05d37c6569
3 changed files with 394 additions and 96 deletions

View File

@ -1,5 +1,5 @@
# -------------------------------------------------------------------------- # # -------------------------------------------------------------------------- #
# Copyright 2002-2014, OpenNebula Project (OpenNebula.org), C12G Labs # # Copyright 2002-2017, OpenNebula Project, OpenNebula Systems #
# # # #
# Licensed under the Apache License, Version 2.0 (the "License"); you may # # Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain # # not use this file except in compliance with the License. You may obtain #
@ -15,11 +15,22 @@
#--------------------------------------------------------------------------- # #--------------------------------------------------------------------------- #
################################################################################ ################################################################################
# General Options # Overriding Options in Network Template
################################################################################ ################################################################################
#
# Option can be overridden or added per network using this format
# in the network template:
#
# CONF="vxlan_mc=239.0.100.0,test=false,validate_vlan_id=true"
# BRIDGE_CONF="sethello=6"
# IP_LINK_CONF="tos=10,udpcsum=,udp6zerocsumrx=__delete__"
#
# Options can have empty value when they don't need a parameter. Also the
# special value "__delete__" can be used to delete parameters set here.
# Configure the initial VLAN ID tag (corresponds to vnet ID = 0) # Set to true to check that no other vlans are connected to the bridge.
:start_vlan: 2 # Works with 802.1Q and VXLAN.
:validate_vlan_id: false
################################################################################ ################################################################################
# Open vSwitch Options # Open vSwitch Options
@ -32,3 +43,44 @@
:arp_cache_poisoning: false :arp_cache_poisoning: false
%end if %end if
################################################################################
# 802.1Q Options
################################################################################
# Default MTU for the 802.1Q interface
:vlan_mtu: 1500
################################################################################
# VXLAN Options
################################################################################
# Base multicast address for each VLAN. The mc address is :vxlan_mc + :vlan_id
:vxlan_mc: 239.0.0.0
# Time To Live (TTL) should be > 1 in routed multicast networks (IGMP)
:vxlan_ttl: 16
# Default MTU for the VXLAN interface
:vxlan_mtu: 1500
################################################################################
# Bridge and Interface Creation Options
################################################################################
# These options will execute brctl commands with these values. For example,
# this option will execute:
#
# brctl stp <bridge name> on
#
# :bridge_conf:
# :stp: on
# These options will be added to the ip link add command. For example:
#
# sudo ip link add lxcbr0.260 type vxlan id 260 group 239.0.101.4 \
# ttl 16 dev lxcbr0 udp6zerocsumrx tos 3
#
# :ip_link_conf:
# :udp6zerocsumrx:
# :tos: 3

View File

@ -42,7 +42,8 @@
# VNC_PORTS: VNC port pool for automatic VNC port assignment, if possible the # VNC_PORTS: VNC port pool for automatic VNC port assignment, if possible the
# port will be set to ``START`` + ``VMID`` # port will be set to ``START`` + ``VMID``
# start : first port to assign # start : first port to assign
# reserved: comma separated list of ports # reserved: comma separated list of ports or ranges. Two numbers separated by
# a colon indicate a range.
# #
# LOG: Configuration for the logging system # LOG: Configuration for the logging system
# system: defines the logging system: # system: defines the logging system:
@ -80,15 +81,23 @@ LISTEN_ADDRESS = "127.0.0.1"
DB = [ BACKEND = "sqlite" ] DB = [ BACKEND = "sqlite" ]
# Sample configuration for MySQL
# DB = [ BACKEND = "mysql",
# SERVER = "localhost",
# PORT = 0,
# USER = "oneadmin",
# PASSWD = "oneadmin",
# DB_NAME = "opennebula" ]
VNC_PORTS = [ VNC_PORTS = [
START = 5901, START = 5900
RESERVED = "5900" # RESERVED = "6800, 6801, 6810:6820, 9869"
] ]
#VM_SUBMIT_ON_HOLD = "NO" #VM_SUBMIT_ON_HOLD = "NO"
#******************************************************************************* #*******************************************************************************
# Federation configuration attributes # Federation & HA configuration attributes
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
# Control the federation capabilities of oned. Operation in a federated setup # Control the federation capabilities of oned. Operation in a federated setup
# requires a special DB configuration. # requires a special DB configuration.
@ -99,16 +108,70 @@ VNC_PORTS = [
# MASTER this oned is the master zone of the federation # MASTER this oned is the master zone of the federation
# SLAVE this oned is a slave zone # SLAVE this oned is a slave zone
# ZONE_ID: The zone ID as returned by onezone command # ZONE_ID: The zone ID as returned by onezone command
# SERVER_ID: ID identifying this server in the zone as returned by the
# onezone server-add command. This ID controls the HA configuration of
# OpenNebula:
# -1 (default) OpenNebula will operate in "solo" mode no HA
# <id> Operate in HA (leader election and state replication)
# MASTER_ONED: The xml-rpc endpoint of the master oned, e.g. # MASTER_ONED: The xml-rpc endpoint of the master oned, e.g.
# http://master.one.org:2633/RPC2 # http://master.one.org:2633/RPC2
#
#
# RAFT: Algorithm attributes
# LOG_RETENTION: Number of DB log records kept, it determines the
# synchronization window across servers and extra storage space needed.
# LOG_PURGE_TIMEOUT: How often applied records are purged according the log
# retention value. (in seconds)
# ELECTION_TIMEOUT_MS: Timeout to start a election process if no heartbeat
# or log is received from leader.
# BROADCAST_TIMEOUT_MS: How often heartbeats are sent to followers.
# XMLRPC_TIMEOUT_MS: To timeout raft related API calls
#
# RAFT_LEADER_HOOK: Executed when a server transits from follower->leader
# The purpose of this hook is to configure the Virtual IP.
# COMMAND: raft/vip.sh is a fully working script, this should not be changed
# ARGUMENTS: <interface> and <ip_cidr> must be replaced. For example
# ARGUMENTS = "leader ens1 10.0.0.2/24"
#
# RAFT_FOLLOWER_HOOK: Executed when a server transits from leader->follower
# The purpose of this hook is to configure the Virtual IP.
# COMMAND: raft/vip.sh is a fully working script, this should not be changed
# ARGUMENTS: <interface> and <ip_cidr> must be replaced. For example
# ARGUMENTS = "follower ens1 10.0.0.2/24"
#
# NOTE: Timeout tunning depends on the latency of the servers (network and load)
# as well as the max downtime tolerated by the system. Timeouts needs to be
# greater than 10ms
#
#******************************************************************************* #*******************************************************************************
FEDERATION = [ FEDERATION = [
MODE = "STANDALONE", MODE = "STANDALONE",
ZONE_ID = 0, ZONE_ID = 0,
SERVER_ID = -1,
MASTER_ONED = "" MASTER_ONED = ""
] ]
RAFT = [
LOG_RETENTION = 500000,
LOG_PURGE_TIMEOUT = 600,
ELECTION_TIMEOUT_MS = 2500,
BROADCAST_TIMEOUT_MS = 500,
XMLRPC_TIMEOUT_MS = 2000
]
# Executed when a server transits from follower->leader
# RAFT_LEADER_HOOK = [
# COMMAND = "raft/vip.sh",
# ARGUMENTS = "leader <interface> <ip_cidr>"
# ]
# Executed when a server transits from leader->follower
# RAFT_FOLLOWER_HOOK = [
# COMMAND = "raft/vip.sh",
# ARGUMENTS = "follower <interface> <ip_cidr>"
# ]
#******************************************************************************* #*******************************************************************************
# Default showback cost # Default showback cost
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
@ -185,12 +248,17 @@ DEFAULT_COST = [
# is for 802.1Q networks (Open vSwitch and 802.1Q drivers). The driver # is for 802.1Q networks (Open vSwitch and 802.1Q drivers). The driver
# will try first to allocate VLAN_IDS[START] + VNET_ID # will try first to allocate VLAN_IDS[START] + VNET_ID
# start: First VLAN_ID to use # start: First VLAN_ID to use
# reserved: Comma separated list of VLAN_IDs # reserved: Comma separated list of VLAN_IDs or ranges. Two numbers
# separated by a colon indicate a range.
# #
# VXLAN_IDS: Automatic VXLAN Network ID (VNI) assignment. This is used # VXLAN_IDS: Automatic VXLAN Network ID (VNI) assignment. This is used
# for vxlan networks. # for vxlan networks.
# start: First VNI to use # start: First VNI to use
# NOTE: reserved is not supported by this pool # NOTE: reserved is not supported by this pool
#
# PCI_PASSTHROUGH_BUS: Default bus to attach passthrough devices in the guest,
# in hex notation. It may be overwritten in the PCI device using the BUS
# attribute.
#******************************************************************************* #*******************************************************************************
NETWORK_SIZE = 254 NETWORK_SIZE = 254
@ -206,6 +274,8 @@ VXLAN_IDS = [
START = "2" START = "2"
] ]
#PCI_PASSTHROUGH_BUS = "0x01"
#******************************************************************************* #*******************************************************************************
# DataStore Configuration # DataStore Configuration
#******************************************************************************* #*******************************************************************************
@ -230,17 +300,27 @@ VXLAN_IDS = [
# vd KVM virtual disk # vd KVM virtual disk
# #
# DEFAULT_CDROM_DEVICE_PREFIX: Same as above but for CDROM devices. # DEFAULT_CDROM_DEVICE_PREFIX: Same as above but for CDROM devices.
#
# DEFAULT_IMAGE_PERSISTENT: Control the default value for the PERSISTENT
# attribute on image creation (oneimage clone, onevm disk-saveas). If blank
# images will inherit the persistent attribute from the base image.
#
# DEFAULT_IMAGE_PERSISTENT_NEW: Control the default value for the PERSISTENT
# attribute on image creation (oneimage create). By default images are no
# persistent if not set.
#******************************************************************************* #*******************************************************************************
#DATASTORE_LOCATION = /var/lib/one/datastores #DATASTORE_LOCATION = /var/lib/one/datastores
DATASTORE_CAPACITY_CHECK = "yes" DATASTORE_CAPACITY_CHECK = "yes"
DEFAULT_IMAGE_TYPE = "OS"
DEFAULT_DEVICE_PREFIX = "vd" DEFAULT_DEVICE_PREFIX = "vd"
DEFAULT_CDROM_DEVICE_PREFIX = "hd" DEFAULT_CDROM_DEVICE_PREFIX = "hd"
DEFAULT_IMAGE_TYPE = "OS"
#DEFAULT_IMAGE_PERSISTENT = ""
#DEFAULT_IMAGE_PERSISTENT_NEW = ""
#******************************************************************************* #*******************************************************************************
# Information Driver Configuration # Information Driver Configuration
#******************************************************************************* #*******************************************************************************
@ -270,6 +350,7 @@ DEFAULT_CDROM_DEVICE_PREFIX = "hd"
# -i Time in seconds of the monitorization push cycle. This parameter must # -i Time in seconds of the monitorization push cycle. This parameter must
# be smaller than MONITORING_INTERVAL, otherwise push monitorization will # be smaller than MONITORING_INTERVAL, otherwise push monitorization will
# not be effective. # not be effective.
# -w Timeout in seconds to execute external commands (default unlimited)
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
IM_MAD = [ IM_MAD = [
NAME = "collectd", NAME = "collectd",
@ -281,6 +362,7 @@ IM_MAD = [
# KVM UDP-push Information Driver Manager Configuration # KVM UDP-push Information Driver Manager Configuration
# -r number of retries when monitoring a host # -r number of retries when monitoring a host
# -t number of threads, i.e. number of hosts monitored at the same time # -t number of threads, i.e. number of hosts monitored at the same time
# -w Timeout in seconds to execute external commands (default unlimited)
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
IM_MAD = [ IM_MAD = [
NAME = "kvm", NAME = "kvm",
@ -293,6 +375,7 @@ IM_MAD = [
# KVM SSH-pull Information Driver Manager Configuration # KVM SSH-pull Information Driver Manager Configuration
# -r number of retries when monitoring a host # -r number of retries when monitoring a host
# -t number of threads, i.e. number of hosts monitored at the same time # -t number of threads, i.e. number of hosts monitored at the same time
# -w Timeout in seconds to execute external commands (default unlimited)
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
# IM_MAD = [ # IM_MAD = [
# NAME = "kvm", # NAME = "kvm",
@ -305,30 +388,33 @@ IM_MAD = [
# vCenter Information Driver Manager Configuration # vCenter Information Driver Manager Configuration
# -r number of retries when monitoring a host # -r number of retries when monitoring a host
# -t number of threads, i.e. number of hosts monitored at the same time # -t number of threads, i.e. number of hosts monitored at the same time
# -w Timeout in seconds to execute external commands (default unlimited)
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
#IM_MAD = [ IM_MAD = [
# NAME = "vcenter", NAME = "vcenter",
# SUNSTONE_NAME = "VMWare vCenter", SUNSTONE_NAME = "VMWare vCenter",
# EXECUTABLE = "one_im_sh", EXECUTABLE = "one_im_sh",
# ARGUMENTS = "-c -t 15 -r 0 vcenter" ] ARGUMENTS = "-c -t 15 -r 0 vcenter" ]
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
# EC2 Information Driver Manager Configuration # EC2 Information Driver Manager Configuration
# -r number of retries when monitoring a host # -r number of retries when monitoring a host
# -t number of threads, i.e. number of hosts monitored at the same time # -t number of threads, i.e. number of hosts monitored at the same time
# -w Timeout in seconds to execute external commands (default unlimited)
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
#IM_MAD = [ #IM_MAD = [
# NAME = "ec2", # NAME = "ec2",
# SUNSTONE_NAME = "Amazon EC2", # SUNSTONE_NAME = "Amazon EC2",
# EXECUTABLE = "one_im_sh", # EXECUTABLE = "one_im_sh",
# ARGUMENTS = "-c -t 1 -r 0 ec2" ] # ARGUMENTS = "-c -t 1 -r 0 -w 600 ec2" ]
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
# Azure Information Driver Manager Configuration # Azure Information Driver Manager Configuration
# -r number of retries when monitoring a host # -r number of retries when monitoring a host
# -t number of threads, i.e. number of hosts monitored at the same time # -t number of threads, i.e. number of hosts monitored at the same time
# -w Timeout in seconds to execute external commands (default unlimited)
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
#IM_MAD = [ #IM_MAD = [
# NAME = "az", # NAME = "az",
@ -405,6 +491,7 @@ IM_MAD = [
# An example: "-l migrate=migrate_local,save" # An example: "-l migrate=migrate_local,save"
# -p more than one action per host in parallel, needs support from hypervisor # -p more than one action per host in parallel, needs support from hypervisor
# -s <shell> to execute remote commands, bash by default # -s <shell> to execute remote commands, bash by default
# -w Timeout in seconds to execute external commands (default unlimited)
# #
# Note: You can use type = "qemu" to use qemu emulated guests, e.g. if your # Note: You can use type = "qemu" to use qemu emulated guests, e.g. if your
# CPU does not have virtualization extensions or use nested Qemu-KVM hosts # CPU does not have virtualization extensions or use nested Qemu-KVM hosts
@ -416,7 +503,7 @@ VM_MAD = [
ARGUMENTS = "-t 15 -r 0 kvm", ARGUMENTS = "-t 15 -r 0 kvm",
DEFAULT = "vmm_exec/vmm_exec_kvm.conf", DEFAULT = "vmm_exec/vmm_exec_kvm.conf",
TYPE = "kvm", TYPE = "kvm",
KEEP_SNAPSHOTS = "no", KEEP_SNAPSHOTS = "yes",
IMPORTED_VMS_ACTIONS = "terminate, terminate-hard, hold, release, suspend, IMPORTED_VMS_ACTIONS = "terminate, terminate-hard, hold, release, suspend,
resume, delete, reboot, reboot-hard, resched, unresched, disk-attach, resume, delete, reboot, reboot-hard, resched, unresched, disk-attach,
disk-detach, nic-attach, nic-detach, snap-create, snap-delete" disk-detach, nic-attach, nic-detach, snap-create, snap-delete"
@ -432,32 +519,35 @@ VM_MAD = [
# -s <shell> to execute commands, bash by default # -s <shell> to execute commands, bash by default
# -d default snapshot strategy. It can be either 'detach' or 'suspend'. It # -d default snapshot strategy. It can be either 'detach' or 'suspend'. It
# defaults to 'suspend'. # defaults to 'suspend'.
# -w Timeout in seconds to execute external commands (default unlimited)
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
#VM_MAD = [ VM_MAD = [
# NAME = "vcenter", NAME = "vcenter",
# SUNSTONE_NAME = "VMWare vCenter", SUNSTONE_NAME = "VMWare vCenter",
# EXECUTABLE = "one_vmm_sh", EXECUTABLE = "one_vmm_sh",
# ARGUMENTS = "-p -t 15 -r 0 vcenter -s sh", ARGUMENTS = "-p -t 15 -r 0 vcenter -s sh",
# DEFAULT = "vmm_exec/vmm_exec_vcenter.conf", DEFAULT = "vmm_exec/vmm_exec_vcenter.conf",
# TYPE = "xml", TYPE = "xml",
# KEEP_SNAPSHOTS = "yes", KEEP_SNAPSHOTS = "yes",
# IMPORTED_VMS_ACTIONS = "terminate, terminate-hard, hold, release, suspend, IMPORTED_VMS_ACTIONS = "terminate, terminate-hard, hold, release, suspend,
# resume, delete, reboot, reboot-hard, resched, unresched, poweroff, resume, delete, reboot, reboot-hard, resched, unresched, poweroff,
# poweroff-hard, disk-attach, disk-detach, nic-attach, nic-detach, poweroff-hard, disk-attach, disk-detach, nic-attach, nic-detach,
# snap-create, snap-delete" snap-create, snap-delete"
#] ]
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
# EC2 Virtualization Driver Manager Configuration # EC2 Virtualization Driver Manager Configuration
# -r number of retries when monitoring a host # -r number of retries when monitoring a host
# -t number of threads, i.e. number of actions performed at the same time # -t number of threads, i.e. number of actions performed at the same time
# -w Timeout in seconds to execute external commands (default unlimited)
# -p more than one action per host in parallel, needs support from hypervisor
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
#VM_MAD = [ #VM_MAD = [
# NAME = "ec2", # NAME = "ec2",
# SUNSTONE_NAME = "Amazon EC2", # SUNSTONE_NAME = "Amazon EC2",
# EXECUTABLE = "one_vmm_sh", # EXECUTABLE = "one_vmm_sh",
# ARGUMENTS = "-t 15 -r 0 ec2", # ARGUMENTS = "-t 15 -r 0 -w 600 -p ec2",
# TYPE = "xml", # TYPE = "xml",
# KEEP_SNAPSHOTS = "no", # KEEP_SNAPSHOTS = "no",
# IMPORTED_VMS_ACTIONS = "terminate, terminate-hard, hold, release, suspend, # IMPORTED_VMS_ACTIONS = "terminate, terminate-hard, hold, release, suspend,
@ -471,6 +561,7 @@ VM_MAD = [
# Azure Virtualization Driver Manager Configuration # Azure Virtualization Driver Manager Configuration
# -r number of retries when monitoring a host # -r number of retries when monitoring a host
# -t number of threads, i.e. number of actions performed at the same time # -t number of threads, i.e. number of actions performed at the same time
# -w Timeout in seconds to execute external commands (default unlimited)
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
#VM_MAD = [ #VM_MAD = [
# NAME = "az", # NAME = "az",
@ -507,6 +598,7 @@ VM_MAD = [
# -t: number of threads, i.e. number of transfers made at the same time # -t: number of threads, i.e. number of transfers made at the same time
# -d: list of transfer drivers separated by commas, if not defined all the # -d: list of transfer drivers separated by commas, if not defined all the
# drivers available will be enabled # drivers available will be enabled
# -w: Timeout in seconds to execute external commands (default unlimited)
#******************************************************************************* #*******************************************************************************
TM_MAD = [ TM_MAD = [
@ -526,11 +618,12 @@ TM_MAD = [
# -t number of threads, i.e. number of repo operations at the same time # -t number of threads, i.e. number of repo operations at the same time
# -d datastore mads separated by commas # -d datastore mads separated by commas
# -s system datastore tm drivers, used to monitor shared system ds. # -s system datastore tm drivers, used to monitor shared system ds.
# -w Timeout in seconds to execute external commands (default unlimited)
#******************************************************************************* #*******************************************************************************
DATASTORE_MAD = [ DATASTORE_MAD = [
EXECUTABLE = "one_datastore", EXECUTABLE = "one_datastore",
ARGUMENTS = "-t 15 -d dummy,fs,lvm,ceph,dev,iscsi_libvirt,vcenter -s shared,ssh,ceph,fs_lvm,qcow2" ARGUMENTS = "-t 15 -d dummy,fs,lvm,ceph,dev,iscsi_libvirt,vcenter -s shared,ssh,ceph,fs_lvm,qcow2,vcenter"
] ]
#******************************************************************************* #*******************************************************************************
@ -544,6 +637,8 @@ DATASTORE_MAD = [
# arguments : for the driver executable # arguments : for the driver executable
# -t number of threads, i.e. number of repo operations at the same time # -t number of threads, i.e. number of repo operations at the same time
# -m marketplace mads separated by commas # -m marketplace mads separated by commas
# --proxy proxy address if required to access the internet
# -w Timeout in seconds to execute external commands (default unlimited)
#******************************************************************************* #*******************************************************************************
MARKET_MAD = [ MARKET_MAD = [
@ -569,7 +664,6 @@ IPAM_MAD = [
ARGUMENTS = "-t 1 -i dummy" ARGUMENTS = "-t 1 -i dummy"
] ]
#******************************************************************************* #*******************************************************************************
# Hook Manager Configuration # Hook Manager Configuration
#******************************************************************************* #*******************************************************************************
@ -749,19 +843,34 @@ USER_HOOK = [
HM_MAD = [ HM_MAD = [
EXECUTABLE = "one_hm" ] EXECUTABLE = "one_hm" ]
#VNET_HOOK = [
# name = "vcenter_net_create",
# on = "CREATE",
# command = "vcenter/create_vcenter_net.rb",
# arguments = "$ID $TEMPLATE"]
#VNET_HOOK = [
# name = "vcenter_net_delete",
# on = "REMOVE",
# command = "vcenter/delete_vcenter_net.rb",
# arguments = "$ID $TEMPLATE"]
#******************************************************************************* #*******************************************************************************
# Fault Tolerance Hooks # Fault Tolerance Hooks
#******************************************************************************* #*******************************************************************************
# This hook is used to perform recovery actions when a host fails. # This hook is used to perform recovery actions when a host fails.
# Script to implement host failure tolerance # Script to implement host failure tolerance
# It can be set to # One of the following modes must be chosen
# -m migrate VMs to another host. Only for images in shared storage # -m resched VMs to another host. (Only for images in shared storage!)
# -r recreate VMs running in the host. State will be lost. # -r recreate VMs running in the host. State will be lost.
# -d delete VMs running in the host # -d delete VMs running in the host
#
# Additional flags # Additional flags
# -f force resubmission of suspended VMs # -f resubmit suspended and powered off VMs (only for recreate)
# -p <n> avoid resubmission if host comes # -p <n> avoid resubmission if host comes back after n monitoring
# back after n monitoring cycles # cycles. 0 to disable it. Default is 2.
# -u disables fencing. Fencing is enabled by default. Don't disable it
# unless you are very sure about what you're doing
#******************************************************************************* #*******************************************************************************
# #
#HOST_HOOK = [ #HOST_HOOK = [
@ -771,7 +880,6 @@ HM_MAD = [
# ARGUMENTS = "$ID -m -p 5", # ARGUMENTS = "$ID -m -p 5",
# REMOTE = "no" ] # REMOTE = "no" ]
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
#
%if %%getVar('activer_hooks', 'non') == 'oui' %if %%getVar('activer_hooks', 'non') == 'oui'
#******************************************************************************* #*******************************************************************************
@ -814,7 +922,6 @@ USER_HOOK = [
%end if %end if
#******************************************************************************* #*******************************************************************************
# Auth Manager Configuration # Auth Manager Configuration
#******************************************************************************* #*******************************************************************************
@ -850,37 +957,14 @@ USER_HOOK = [
# the new object's permissions to 640 "um- u-- ---" # the new object's permissions to 640 "um- u-- ---"
#******************************************************************************* #*******************************************************************************
%if %%getVar('sunstone_auth_modes', 'non') == 'non'
AUTH_MAD = [ AUTH_MAD = [
EXECUTABLE = "one_auth_mad", EXECUTABLE = "one_auth_mad",
AUTHN = "ssh,x509,server_cipher,server_x509" AUTHN = "ssh,x509,ldap,server_cipher,server_x509"
] ]
AUTH_MAD_CONF = [
NAME = "core",
PASSWORD_CHANGE = "YES",
DRIVER_MANAGED_GROUPS = "NO",
MAX_TOKEN_TIME = "-1"
]
%else
AUTH_MAD = [
EXECUTABLE = "one_auth_mad",
AUTHN = "ssh,x509,server_cipher,server_x509,%%getVar('sunstone_auth_modes','')"
]
DEFAULT_AUTH = "ldap"
%if %%getVar('sunstone_auth_modes','') == 'ldap' %if %%getVar('sunstone_auth_modes','') == 'ldap'
AUTH_MAD_CONF = [ DEFAULT_AUTH = "ldap"
NAME = "ldap",
PASSWORD_CHANGE = "YES",
DRIVER_MANAGED_GROUPS = "NO",
MAX_TOKEN_TIME = "86400"
]
%end if %end if
%end if
SESSION_EXPIRATION_TIME = 900 SESSION_EXPIRATION_TIME = 900
@ -897,6 +981,28 @@ DEFAULT_UMASK = 177
#ONEGATE_ENDPOINT = "http://frontend:5030" #ONEGATE_ENDPOINT = "http://frontend:5030"
#*******************************************************************************
# VM Operations Permissions
#******************************************************************************
# The following parameters define the operations associated to the ADMIN,
# MANAGE and USE permissions. Note that some VM operations require additional
# permissions on other objects. Also some operations refers to a class of
# actions:
# - disk-snapshot, includes create, delete and revert actions
# - disk-attach, includes attach and detach actions
# - nic-attach, includes attach and detach actions
# - snapshot, includes create, delete and revert actions
# - resched, includes resched and unresched actions
#******************************************************************************
VM_ADMIN_OPERATIONS = "migrate, delete, recover, retry, deploy, resched"
VM_MANAGE_OPERATIONS = "undeploy, hold, release, stop, suspend, resume, reboot,
poweroff, disk-attach, nic-attach, disk-snapshot, terminate, disk-resize,
snapshot, updateconf, rename, resize, update, disk-saveas"
VM_USE_OPERATIONS = ""
#******************************************************************************* #*******************************************************************************
# Restricted Attributes Configuration # Restricted Attributes Configuration
#******************************************************************************* #*******************************************************************************
@ -907,22 +1013,42 @@ VM_RESTRICTED_ATTR = "CONTEXT/FILES"
VM_RESTRICTED_ATTR = "NIC/MAC" VM_RESTRICTED_ATTR = "NIC/MAC"
VM_RESTRICTED_ATTR = "NIC/VLAN_ID" VM_RESTRICTED_ATTR = "NIC/VLAN_ID"
VM_RESTRICTED_ATTR = "NIC/BRIDGE" VM_RESTRICTED_ATTR = "NIC/BRIDGE"
#VM_RESTRICTED_ATTR = "NIC/INBOUND_AVG_BW"
#VM_RESTRICTED_ATTR = "NIC/INBOUND_PEAK_BW"
#VM_RESTRICTED_ATTR = "NIC/INBOUND_PEAK_KB"
#VM_RESTRICTED_ATTR = "NIC/OUTBOUND_AVG_BW"
#VM_RESTRICTED_ATTR = "NIC/OUTBOUND_PEAK_BW"
#VM_RESTRICTED_ATTR = "NIC/OUTBOUND_PEAK_KB"
#VM_RESTRICTED_ATTR = "NIC/OPENNEBULA_MANAGED"
#VM_RESTRICTED_ATTR = "NIC/VCENTER_INSTANCE_ID"
#VM_RESTRICTED_ATTR = "NIC/VCENTER_NET_REF"
#VM_RESTRICTED_ATTR = "NIC/VCENTER_PORTGROUP_TYPE"
VM_RESTRICTED_ATTR = "NIC_DEFAULT/MAC" VM_RESTRICTED_ATTR = "NIC_DEFAULT/MAC"
VM_RESTRICTED_ATTR = "NIC_DEFAULT/VLAN_ID" VM_RESTRICTED_ATTR = "NIC_DEFAULT/VLAN_ID"
VM_RESTRICTED_ATTR = "NIC_DEFAULT/BRIDGE" VM_RESTRICTED_ATTR = "NIC_DEFAULT/BRIDGE"
VM_RESTRICTED_ATTR = "DISK/TOTAL_BYTES_SEC" #VM_RESTRICTED_ATTR = "DISK/TOTAL_BYTES_SEC"
VM_RESTRICTED_ATTR = "DISK/READ_BYTES_SEC" #VM_RESTRICTED_ATTR = "DISK/READ_BYTES_SEC"
VM_RESTRICTED_ATTR = "DISK/WRITE_BYTES_SEC" #VM_RESTRICTED_ATTR = "DISK/WRITE_BYTES_SEC"
VM_RESTRICTED_ATTR = "DISK/TOTAL_IOPS_SEC" #VM_RESTRICTED_ATTR = "DISK/TOTAL_IOPS_SEC"
VM_RESTRICTED_ATTR = "DISK/READ_IOPS_SEC" #VM_RESTRICTED_ATTR = "DISK/READ_IOPS_SEC"
VM_RESTRICTED_ATTR = "DISK/WRITE_IOPS_SEC" #VM_RESTRICTED_ATTR = "DISK/WRITE_IOPS_SEC"
#VM_RESTRICTED_ATTR = "DISK/OPENNEBULA_MANAGED"
#VM_RESTRICTED_ATTR = "DISK/VCENTER_DS_REF"
#VM_RESTRICTED_ATTR = "DISK/VCENTER_INSTANCE_ID"
#VM_RESTRICTED_ATTR = "DISK/SIZE" #VM_RESTRICTED_ATTR = "DISK/SIZE"
VM_RESTRICTED_ATTR = "DISK/ORIGINAL_SIZE" #VM_RESTRICTED_ATTR = "DISK/ORIGINAL_SIZE"
#VM_RESTRICTED_ATTR = "DISK/SIZE_PREV"
VM_RESTRICTED_ATTR = "CPU_COST" VM_RESTRICTED_ATTR = "CPU_COST"
VM_RESTRICTED_ATTR = "MEMORY_COST" VM_RESTRICTED_ATTR = "MEMORY_COST"
VM_RESTRICTED_ATTR = "DISK_COST" VM_RESTRICTED_ATTR = "DISK_COST"
VM_RESTRICTED_ATTR = "PCI" VM_RESTRICTED_ATTR = "PCI"
VM_RESTRICTED_ATTR = "USER_INPUTS" VM_RESTRICTED_ATTR = "EMULATOR"
VM_RESTRICTED_ATTR = "RAW"
VM_RESTRICTED_ATTR = "USER_PRIORITY"
#VM_RESTRICTED_ATTR = "USER_INPUTS/CPU"
#VM_RESTRICTED_ATTR = "USER_INPUTS/MEMORY"
#VM_RESTRICTED_ATTR = "USER_INPUTS/VCPU"
#VM_RESTRICTED_ATTR = "TEMPLATE/VCENTER_VM_FOLDER"
#VM_RESTRICTED_ATTR = "RANK" #VM_RESTRICTED_ATTR = "RANK"
#VM_RESTRICTED_ATTR = "SCHED_RANK" #VM_RESTRICTED_ATTR = "SCHED_RANK"
@ -930,6 +1056,7 @@ VM_RESTRICTED_ATTR = "USER_INPUTS"
#VM_RESTRICTED_ATTR = "SCHED_REQUIREMENTS" #VM_RESTRICTED_ATTR = "SCHED_REQUIREMENTS"
IMAGE_RESTRICTED_ATTR = "SOURCE" IMAGE_RESTRICTED_ATTR = "SOURCE"
#IMAGE_RESTRICTED_ATTR = "TEMPLATE/VCENTER_IMPORTED"
#******************************************************************************* #*******************************************************************************
# The following restricted attributes only apply to VNets that are a reservation. # The following restricted attributes only apply to VNets that are a reservation.
@ -940,6 +1067,9 @@ VNET_RESTRICTED_ATTR = "VN_MAD"
VNET_RESTRICTED_ATTR = "PHYDEV" VNET_RESTRICTED_ATTR = "PHYDEV"
VNET_RESTRICTED_ATTR = "VLAN_ID" VNET_RESTRICTED_ATTR = "VLAN_ID"
VNET_RESTRICTED_ATTR = "BRIDGE" VNET_RESTRICTED_ATTR = "BRIDGE"
VNET_RESTRICTED_ATTR = "CONF"
VNET_RESTRICTED_ATTR = "BRIDGE_CONF"
VNET_RESTRICTED_ATTR = "IP_LINK_CONF"
VNET_RESTRICTED_ATTR = "AR/VN_MAD" VNET_RESTRICTED_ATTR = "AR/VN_MAD"
VNET_RESTRICTED_ATTR = "AR/PHYDEV" VNET_RESTRICTED_ATTR = "AR/PHYDEV"
@ -969,6 +1099,7 @@ VNET_RESTRICTED_ATTR = "AR/BRIDGE"
INHERIT_DATASTORE_ATTR = "CEPH_HOST" INHERIT_DATASTORE_ATTR = "CEPH_HOST"
INHERIT_DATASTORE_ATTR = "CEPH_SECRET" INHERIT_DATASTORE_ATTR = "CEPH_SECRET"
INHERIT_DATASTORE_ATTR = "CEPH_KEY"
INHERIT_DATASTORE_ATTR = "CEPH_USER" INHERIT_DATASTORE_ATTR = "CEPH_USER"
INHERIT_DATASTORE_ATTR = "CEPH_CONF" INHERIT_DATASTORE_ATTR = "CEPH_CONF"
INHERIT_DATASTORE_ATTR = "POOL_NAME" INHERIT_DATASTORE_ATTR = "POOL_NAME"
@ -986,15 +1117,39 @@ INHERIT_DATASTORE_ATTR = "GLUSTER_HOST"
INHERIT_DATASTORE_ATTR = "GLUSTER_VOLUME" INHERIT_DATASTORE_ATTR = "GLUSTER_VOLUME"
INHERIT_DATASTORE_ATTR = "DISK_TYPE" INHERIT_DATASTORE_ATTR = "DISK_TYPE"
INHERIT_DATASTORE_ATTR = "ADAPTER_TYPE" INHERIT_DATASTORE_ATTR = "ALLOW_ORPHANS"
INHERIT_DATASTORE_ATTR = "VCENTER_ADAPTER_TYPE"
INHERIT_DATASTORE_ATTR = "VCENTER_DISK_TYPE"
INHERIT_DATASTORE_ATTR = "VCENTER_DS_REF"
INHERIT_DATASTORE_ATTR = "VCENTER_DS_IMAGE_DIR"
INHERIT_DATASTORE_ATTR = "VCENTER_DS_VOLATILE_DIR"
INHERIT_DATASTORE_ATTR = "VCENTER_INSTANCE_ID"
INHERIT_IMAGE_ATTR = "DISK_TYPE" INHERIT_IMAGE_ATTR = "DISK_TYPE"
INHERIT_IMAGE_ATTR = "ADAPTER_TYPE" INHERIT_IMAGE_ATTR = "VCENTER_ADAPTER_TYPE"
INHERIT_IMAGE_ATTR = "VCENTER_DISK_TYPE"
INHERIT_VNET_ATTR = "VLAN_TAGGED_ID" INHERIT_VNET_ATTR = "VLAN_TAGGED_ID"
INHERIT_VNET_ATTR = "FILTER_IP_SPOOFING" INHERIT_VNET_ATTR = "FILTER_IP_SPOOFING"
INHERIT_VNET_ATTR = "FILTER_MAC_SPOOFING" INHERIT_VNET_ATTR = "FILTER_MAC_SPOOFING"
INHERIT_VNET_ATTR = "MTU" INHERIT_VNET_ATTR = "MTU"
INHERIT_VNET_ATTR = "INBOUND_AVG_BW"
INHERIT_VNET_ATTR = "INBOUND_PEAK_BW"
INHERIT_VNET_ATTR = "INBOUND_PEAK_KB"
INHERIT_VNET_ATTR = "OUTBOUND_AVG_BW"
INHERIT_VNET_ATTR = "OUTBOUND_PEAK_BW"
INHERIT_VNET_ATTR = "OUTBOUND_PEAK_KB"
INHERIT_VNET_ATTR = "CONF"
INHERIT_VNET_ATTR = "BRIDGE_CONF"
INHERIT_VNET_ATTR = "IP_LINK_CONF"
INHERIT_VNET_ATTR = "VCENTER_NET_REF"
INHERIT_VNET_ATTR = "VCENTER_SWITCH_NAME"
INHERIT_VNET_ATTR = "VCENTER_SWITCH_NPORTS"
INHERIT_VNET_ATTR = "VCENTER_PORTGROUP_TYPE"
INHERIT_VNET_ATTR = "VCENTER_CCR_REF"
INHERIT_VNET_ATTR = "VCENTER_INSTANCE_ID"
#******************************************************************************* #*******************************************************************************
# Transfer Manager Driver Behavior Configuration # Transfer Manager Driver Behavior Configuration
@ -1018,6 +1173,7 @@ INHERIT_VNET_ATTR = "MTU"
# among the different hosts or not. Valid values: "yes" or "no" # among the different hosts or not. Valid values: "yes" or "no"
# ds_migrate : The driver allows migrations across datastores. Valid values: # ds_migrate : The driver allows migrations across datastores. Valid values:
# "yes" or "no". Note: THIS ONLY APPLIES TO SYSTEM DS. # "yes" or "no". Note: THIS ONLY APPLIES TO SYSTEM DS.
# allow_orphans: Snapshots can live without parents
#******************************************************************************* #*******************************************************************************
TM_MAD_CONF = [ TM_MAD_CONF = [
@ -1035,11 +1191,13 @@ TM_MAD_CONF = [
] ]
TM_MAD_CONF = [ TM_MAD_CONF = [
NAME = "fs_lvm", LN_TARGET = "SYSTEM", CLONE_TARGET = "SYSTEM", SHARED="YES" NAME = "fs_lvm", LN_TARGET = "SYSTEM", CLONE_TARGET = "SYSTEM", SHARED="YES",
DRIVER = "raw"
] ]
TM_MAD_CONF = [ TM_MAD_CONF = [
NAME = "qcow2", LN_TARGET = "NONE", CLONE_TARGET = "SYSTEM", SHARED = "YES" NAME = "qcow2", LN_TARGET = "NONE", CLONE_TARGET = "SYSTEM", SHARED = "YES",
DRIVER = "qcow2"
] ]
TM_MAD_CONF = [ TM_MAD_CONF = [
@ -1049,7 +1207,7 @@ TM_MAD_CONF = [
TM_MAD_CONF = [ TM_MAD_CONF = [
NAME = "ceph", LN_TARGET = "NONE", CLONE_TARGET = "SELF", SHARED = "YES", NAME = "ceph", LN_TARGET = "NONE", CLONE_TARGET = "SELF", SHARED = "YES",
DS_MIGRATE = "NO" DS_MIGRATE = "NO", DRIVER = "raw", ALLOW_ORPHANS="yes"
] ]
TM_MAD_CONF = [ TM_MAD_CONF = [
@ -1062,7 +1220,7 @@ TM_MAD_CONF = [
] ]
TM_MAD_CONF = [ TM_MAD_CONF = [
NAME = "vcenter", LN_TARGET = "NONE", CLONE_TARGET = "NONE", SHARED = "YES" NAME = "vcenter", LN_TARGET = "NONE", CLONE_TARGET = "SYSTEM", SHARED = "YES"
] ]
#******************************************************************************* #*******************************************************************************
@ -1110,7 +1268,9 @@ DS_MAD_CONF = [
] ]
DS_MAD_CONF = [ DS_MAD_CONF = [
NAME = "vcenter", REQUIRED_ATTRS = "VCENTER_CLUSTER", PERSISTENT_ONLY = "YES", NAME = "vcenter",
REQUIRED_ATTRS = "VCENTER_INSTANCE_ID, VCENTER_DS_REF, VCENTER_DC_REF",
PERSISTENT_ONLY = "NO",
MARKETPLACE_ACTIONS = "export" MARKETPLACE_ACTIONS = "export"
] ]
@ -1152,3 +1312,68 @@ MARKET_MAD_CONF = [
REQUIRED_ATTRS = "ACCESS_KEY_ID,SECRET_ACCESS_KEY,REGION,BUCKET", REQUIRED_ATTRS = "ACCESS_KEY_ID,SECRET_ACCESS_KEY,REGION,BUCKET",
APP_ACTIONS = "create, delete, monitor" APP_ACTIONS = "create, delete, monitor"
] ]
#*******************************************************************************
# Authentication Driver Behavior Definition
#*******************************************************************************
# The configuration for each driver is defined in AUTH_MAD_CONF. These
# values must not be modified since they define the driver behavior.
# name : name of the auth driver
# password_change : allow the end users to change their own password. Oneadmin
# can still change other user's passwords
# driver_managed_groups : allow the driver to set the user's group even after
# user creation. In this case addgroup, delgroup and chgrp
# will be disabled, with the exception of chgrp to one of
# the groups in the list of secondary groups
# max_token_time : limit the maximum token validity, in seconds. Use -1 for
# unlimited maximum, 0 to disable login tokens
#*******************************************************************************
AUTH_MAD_CONF = [
NAME = "core",
PASSWORD_CHANGE = "YES",
DRIVER_MANAGED_GROUPS = "NO",
MAX_TOKEN_TIME = "-1"
]
AUTH_MAD_CONF = [
NAME = "public",
PASSWORD_CHANGE = "NO",
DRIVER_MANAGED_GROUPS = "NO",
MAX_TOKEN_TIME = "-1"
]
AUTH_MAD_CONF = [
NAME = "ssh",
PASSWORD_CHANGE = "YES",
DRIVER_MANAGED_GROUPS = "NO",
MAX_TOKEN_TIME = "-1"
]
AUTH_MAD_CONF = [
NAME = "x509",
PASSWORD_CHANGE = "NO",
DRIVER_MANAGED_GROUPS = "NO",
MAX_TOKEN_TIME = "-1"
]
AUTH_MAD_CONF = [
NAME = "ldap",
PASSWORD_CHANGE = "YES",
DRIVER_MANAGED_GROUPS = "NO",
MAX_TOKEN_TIME = "86400"
]
AUTH_MAD_CONF = [
NAME = "server_cipher",
PASSWORD_CHANGE = "NO",
DRIVER_MANAGED_GROUPS = "NO",
MAX_TOKEN_TIME = "-1"
]
AUTH_MAD_CONF = [
NAME = "server_x509",
PASSWORD_CHANGE = "NO",
DRIVER_MANAGED_GROUPS = "NO",
MAX_TOKEN_TIME = "-1"
]

View File

@ -1,5 +1,5 @@
# -------------------------------------------------------------------------- # # -------------------------------------------------------------------------- #
# Copyright 2002-2013, OpenNebula Project (OpenNebula.org), C12G Labs # # Copyright 2002-2017, OpenNebula Project, OpenNebula Systems #
# # # #
# Licensed under the Apache License, Version 2.0 (the "License"); you may # # Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain # # not use this file except in compliance with the License. You may obtain #
@ -18,21 +18,22 @@
# (all domains will use these values as defaults). These values can # (all domains will use these values as defaults). These values can
# be overridden in each VM template. Valid atributes are: # be overridden in each VM template. Valid atributes are:
# - emulator # - emulator
# - os [kernel,initrd,boot,root,kernel_cmd,arch] # - os [kernel,initrd,boot,root,kernel_cmd,arch,machine]
# - vcpu # - vcpu
# - features [acpi, pae] # - features [acpi, pae, apic, hyperv, localtime, guest_agent, virtio_scsi_queues]
# - disk [driver, cache, io] # - disk [driver, cache, io, discard, total_bytes_sec, total_iops_sec, read_bytes_sec, write_bytes_sec, read_iops_sec, write_iops_sec]
# - nic [filter, model] # - nic [filter, model]
# - raw # - raw
# - hyperv_options: options used for FEATURES = [ HYPERV = yes ]
# NOTE: raw attribute value is appended to that on the VM template
#EMULATOR = /usr/libexec/qemu-kvm EMULATOR = /usr/bin/qemu-system-x86_64
#VCPU = 1 #VCPU = 1
OS = [ boot = "hd", arch = "x86_64" ] OS = [ arch = "x86_64" ]
FEATURES = [ PAE = "no", ACPI = "yes" ] FEATURES = [ PAE = "no", ACPI = "yes", APIC = "no", HYPERV = "no", GUEST_AGENT = "no",
VIRTIO_SCSI_QUEUES = "0" ]
NIC = [ model = "virtio" ]
%if %%getVar('activer_onesinglenode','non') == 'oui' %if %%getVar('activer_onesinglenode','non') == 'oui'
%if %%getVar('one_disk_cache','non') == 'oui' %if %%getVar('one_disk_cache','non') == 'oui'
@ -44,3 +45,23 @@ DISK = [ driver = "qcow2" , cache = "none", DEV_PREFIX="vd" ]
RAW = "<devices><video><model type='%%one_video_driver' heads='1'/></video></devices>" RAW = "<devices><video><model type='%%one_video_driver' heads='1'/></video></devices>"
%end if %end if
%end if %end if
NIC = [ model = "virtio" ]
#NIC = [ filter = "clean-traffic", model="virtio" ]
#RAW = "<devices><serial type=\"pty\"><source path=\"/dev/pts/5\"/><target port=\"0\"/></serial><console type=\"pty\" tty=\"/dev/pts/5\"><source path=\"/dev/pts/5\"/><target port=\"0\"/></console></devices>"
HYPERV_OPTIONS="<relaxed state='on'/><vapic state='on'/><spinlocks state='on' retries='4096'/>"
SPICE_OPTIONS="
<video>
<model type='qxl' heads='1'/>
</video>
<sound model='ich6' />
<channel type='spicevmc'>
<target type='virtio' name='com.redhat.spice.0'/>
</channel>
<redirdev bus='usb' type='spicevmc'/>
<redirdev bus='usb' type='spicevmc'/>
<redirdev bus='usb' type='spicevmc'/>"