diff --git a/tmpl/oned.conf b/tmpl/oned.conf index 381fc86..e0d097e 100644 --- a/tmpl/oned.conf +++ b/tmpl/oned.conf @@ -28,6 +28,7 @@ # scripts. # # PORT: Port where oned will listen for xmlrpc calls. +# LISTEN_ADDRESS: Host IP to listen on for xmlrpc calls (default: all IPs). # # DB: Configuration attributes for the database backend # backend : can be sqlite or mysql (default is sqlite) @@ -38,13 +39,16 @@ # passwd : (mysql) the password for user # db_name : (mysql) the database name # -# VNC_BASE_PORT: VNC ports for VMs can be automatically set to VNC_BASE_PORT + -# VMID +# VNC_PORTS: VNC port pool for automatic VNC port assignment, if possible the +# port will be set to ``START`` + ``VMID`` +# start : first port to assign +# reserved: comma separated list of ports # # LOG: Configuration for the logging system # system: defines the logging system: # file to log in the oned.log file # syslog to use the syslog facilities +# std to use the default log stream (stderr) to use with systemd # debug_level: 0 = ERROR, 1 = WARNING, 2 = INFO, 3 = DEBUG # # VM_SUBMIT_ON_HOLD: Forces VMs to be created on hold state instead of pending. @@ -52,11 +56,11 @@ #******************************************************************************* LOG = [ - system = "file", - debug_level = 3 + SYSTEM = "file", + DEBUG_LEVEL = 3 ] -#MANAGER_TIMER = 30 +#MANAGER_TIMER = 15 MONITORING_INTERVAL = 60 MONITORING_THREADS = 50 @@ -72,17 +76,14 @@ SCRIPTS_REMOTE_DIR=/var/tmp/one PORT = 2633 -DB = [ backend = "sqlite" ] +LISTEN_ADDRESS = "%%adresse_ip_eth0" -# Sample configuration for MySQL -# DB = [ backend = "mysql", -# server = "localhost", -# port = 0, -# user = "oneadmin", -# passwd = "oneadmin", -# db_name = "opennebula" ] +DB = [ BACKEND = "sqlite" ] -VNC_BASE_PORT = 5900 +VNC_PORTS = [ + START = 5901, + RESERVED = "5900" +] #VM_SUBMIT_ON_HOLD = "NO" @@ -103,11 +104,25 @@ VNC_BASE_PORT = 5900 #******************************************************************************* FEDERATION = [ - MODE = "STANDALONE", - ZONE_ID = 0, + MODE = "STANDALONE", + ZONE_ID = 0, MASTER_ONED = "" ] +#******************************************************************************* +# Default showback cost +#------------------------------------------------------------------------------- +# The following attributes define the default cost for Virtual Machines that +# don't have a CPU, MEMORY or DISK cost. This is used by the oneshowback +# calculate method. +#******************************************************************************* + +DEFAULT_COST = [ + CPU_COST = 0, + MEMORY_COST = 0, + DISK_COST = 0 +] + #******************************************************************************* # XML-RPC server configuration #------------------------------------------------------------------------------- @@ -127,13 +142,25 @@ FEDERATION = [ # a single connection # # TIMEOUT: Maximum time in seconds the server will wait for the client to -# do anything while processing an RPC +# do anything while processing an RPC. This timeout will be also used when +# proxy calls to the master in a federation. # # RPC_LOG: Create a separated log file for xml-rpc requests, in # "/var/log/one/one_xmlrpc.log". # -# MESSAGE_SIZE: Buffer size in bytes for XML-RPC responses. Only relevant for -# slave zones. +# MESSAGE_SIZE: Buffer size in bytes for XML-RPC responses. +# +# LOG_CALL_FORMAT: Format string to log XML-RPC calls. Interpreted strings: +# %i -- request id +# %m -- method name +# %u -- user id +# %U -- user name +# %l -- param list +# %p -- user password +# %g -- group id +# %G -- group name +# %a -- auth token +# %% -- % #******************************************************************************* #MAX_CONN = 15 @@ -143,6 +170,7 @@ FEDERATION = [ #TIMEOUT = 15 #RPC_LOG = NO #MESSAGE_SIZE = 1073741824 +#LOG_CALL_FORMAT = "Req:%i UID:%u %m invoked %l" #******************************************************************************* # Physical Networks configuration @@ -150,42 +178,55 @@ FEDERATION = [ # NETWORK_SIZE: Here you can define the default size for the virtual networks # # MAC_PREFIX: Default MAC prefix to be used to create the auto-generated MAC -# addresses is defined here (this can be overrided by the Virtual Network +# addresses is defined here (this can be overwritten by the Virtual Network # template) +# +# VLAN_IDS: VLAN ID pool for the automatic VLAN_ID assignment. This pool +# is for 802.1Q networks (Open vSwitch and 802.1Q drivers). The driver +# will try first to allocate VLAN_IDS[START] + VNET_ID +# start: First VLAN_ID to use +# reserved: Comma separated list of VLAN_IDs +# +# VXLAN_IDS: Automatic VXLAN Network ID (VNI) assignment. This is used +# for vxlan networks. +# start: First VNI to use +# NOTE: reserved is not supported by this pool #******************************************************************************* NETWORK_SIZE = 254 MAC_PREFIX = "02:00" +VLAN_IDS = [ + START = "2", + RESERVED = "0, 1, 4095" +] + +VXLAN_IDS = [ + START = "2" +] + #******************************************************************************* # DataStore Configuration #******************************************************************************* -# DATASTORE_LOCATION: *Default* Path for Datastores in the hosts. It IS the -# same for all the hosts in the cluster. DATASTORE_LOCATION IS ONLY FOR THE -# HOSTS AND *NOT* THE FRONT-END. It defaults to /var/lib/one/datastores (or -# $ONE_LOCATION/var/datastores in self-contained mode) -# -# You can define a different DATASTORE_LOCATION in each cluster by updating -# its properties with onecluster update. -# -# DATASTORE_BASE_PATH: This is the base path for the SOURCE attribute of -# the images registered in a Datastore. This is a default value, that can be -# changed when the datastore is created. +# DATASTORE_LOCATION: Path for Datastores. It IS the same for all the hosts +# and front-end. It defaults to /var/lib/one/datastores (in self-contained mode +# defaults to $ONE_LOCATION/var/datastores). Each datastore has its own +# directory (called BASE_PATH) in the form: $DATASTORE_LOCATION/ +# You can symlink this directory to any other path if needed. BASE_PATH is +# generated from this attribute each time oned is started. # # DATASTORE_CAPACITY_CHECK: Checks that there is enough capacity before -# creating a new imag. Defaults to Yes +# creating a new image. Defaults to Yes # # DEFAULT_IMAGE_TYPE: This can take values # OS Image file holding an operating system # CDROM Image file holding a CDROM -# DATABLOCK Image file holding a datablock, -# always created as an empty block +# DATABLOCK Image file holding a datablock, created as an empty block # # DEFAULT_DEVICE_PREFIX: This can be set to # hd IDE prefix # sd SCSI -# xvd XEN Virtual Disk # vd KVM virtual disk # # DEFAULT_CDROM_DEVICE_PREFIX: Same as above but for CDROM devices. @@ -193,12 +234,10 @@ MAC_PREFIX = "02:00" #DATASTORE_LOCATION = /var/lib/one/datastores -#DATASTORE_BASE_PATH = /var/lib/one/datastores - DATASTORE_CAPACITY_CHECK = "yes" DEFAULT_IMAGE_TYPE = "OS" -DEFAULT_DEVICE_PREFIX = "hd" +DEFAULT_DEVICE_PREFIX = "vd" DEFAULT_CDROM_DEVICE_PREFIX = "hd" @@ -220,23 +259,22 @@ DEFAULT_CDROM_DEVICE_PREFIX = "hd" #******************************************************************************* #------------------------------------------------------------------------------- -# Information Collector for KVM and Xen IM's. +# Information Collector for KVM IM's. #------------------------------------------------------------------------------- -# This driver CANNOT BE ASSIGNED TO A HOST, and needs to be used with KVM or -# Xen drivers +# This driver CANNOT BE ASSIGNED TO A HOST, and needs to be used with KVM # -h prints this help. -# -a Address to bind the collectd sockect (defults 0.0.0.0) +# -a Address to bind the collectd socket (default 0.0.0.0) # -p UDP port to listen for monitor information (default 4124) # -f Interval in seconds to flush collected information (default 5) -# -t Number of threads for the server (defult 50) +# -t Number of threads for the server (default 50) # -i Time in seconds of the monitorization push cycle. This parameter must # be smaller than MONITORING_INTERVAL, otherwise push monitorization will # not be effective. #------------------------------------------------------------------------------- IM_MAD = [ - name = "collectd", - executable = "collectd", - arguments = "-p 4124 -f 5 -t 50 -i 20" ] + NAME = "collectd", + EXECUTABLE = "collectd", + ARGUMENTS = "-p 4124 -f 5 -t 50 -i 20" ] #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- @@ -245,9 +283,10 @@ IM_MAD = [ # -t number of threads, i.e. number of hosts monitored at the same time #------------------------------------------------------------------------------- IM_MAD = [ - name = "kvm", - executable = "one_im_ssh", - arguments = "-r 3 -t 15 kvm" ] + NAME = "kvm", + SUNSTONE_NAME = "KVM", + EXECUTABLE = "one_im_ssh", + ARGUMENTS = "-r 3 -t 15 kvm" ] #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- @@ -256,73 +295,52 @@ IM_MAD = [ # -t number of threads, i.e. number of hosts monitored at the same time #------------------------------------------------------------------------------- # IM_MAD = [ -# name = "kvm", -# executable = "one_im_ssh", -# arguments = "-r 3 -t 15 kvm-probes" ] +# NAME = "kvm", +# SUNSTONE_NAME = "kvm-ssh", +# EXECUTABLE = "one_im_ssh", +# ARGUMENTS = "-r 3 -t 15 kvm-probes" ] #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- -# XEN UDP-push Information Driver Manager Configuration -# -r number of retries when monitoring a host -# -t number of threads, i.e. number of hosts monitored at the same time -#------------------------------------------------------------------------------- - -# Driver for Xen 3.x -#IM_MAD = [ -# name = "xen", -# executable = "one_im_ssh", -# arguments = "-r 3 -t 15 xen3" ] - -# Driver for Xen 4.x -#IM_MAD = [ -# name = "xen", -# executable = "one_im_ssh", -# arguments = "-r 3 -t 15 xen4" ] - -#------------------------------------------------------------------------------- -# XEN SSH-pull Information Driver Manager Configuration -# -r number of retries when monitoring a host -# -t number of threads, i.e. number of hosts monitored at the same time -#------------------------------------------------------------------------------- - -# Driver for Xen 3.x -#IM_MAD = [ -# name = "xen", -# executable = "one_im_ssh", -# arguments = "-r 0 -t 15 xen3-probes" ] - -# Driver for Xen 4.x -#IM_MAD = [ -# name = "xen", -# executable = "one_im_ssh", -# arguments = "-r 0 -t 15 xen4-probes" ] - -#------------------------------------------------------------------------------- - -#------------------------------------------------------------------------------- -# VMware Information Driver Manager Configuration +# vCenter Information Driver Manager Configuration # -r number of retries when monitoring a host # -t number of threads, i.e. number of hosts monitored at the same time #------------------------------------------------------------------------------- #IM_MAD = [ -# name = "vmware", -# executable = "one_im_sh", -# arguments = "-c -t 15 -r 0 vmware" ] +# NAME = "vcenter", +# SUNSTONE_NAME = "VMWare vCenter", +# EXECUTABLE = "one_im_sh", +# ARGUMENTS = "-c -t 15 -r 0 vcenter" ] #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- # EC2 Information Driver Manager Configuration +# -r number of retries when monitoring a host +# -t number of threads, i.e. number of hosts monitored at the same time #------------------------------------------------------------------------------- #IM_MAD = [ -# name = "ec2", -# executable = "one_im_sh", -# arguments = "-c -t 1 -r 0 ec2" ] +# NAME = "ec2", +# SUNSTONE_NAME = "Amazon EC2", +# EXECUTABLE = "one_im_sh", +# ARGUMENTS = "-c -t 1 -r 0 ec2" ] +#------------------------------------------------------------------------------- + +#------------------------------------------------------------------------------- +# Azure Information Driver Manager Configuration +# -r number of retries when monitoring a host +# -t number of threads, i.e. number of hosts monitored at the same time +#------------------------------------------------------------------------------- +#IM_MAD = [ +# NAME = "az", +# SUNSTONE_NAME = "Microsoft Azure", +# EXECUTABLE = "one_im_sh", +# ARGUMENTS = "-c -t 1 -r 0 az" ] #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- # Dummy Information Driver Manager Configuration #------------------------------------------------------------------------------- -#IM_MAD = [ name="dummy", executable="one_im_dummy"] +#IM_MAD = [ NAME="dummy", SUNSTONE_NAME="Testing", EXECUTABLE="one_im_dummy"] #------------------------------------------------------------------------------- #******************************************************************************* @@ -344,6 +362,37 @@ IM_MAD = [ # /etc/one/ if OpenNebula was installed in /) # # type : driver type, supported drivers: xen, kvm, xml +# +# keep_snapshots: do not remove snapshots on power on/off cycles and live +# migrations if the hypervisor supports that. +# +# imported_vms_actions : comma-separated list of actions supported +# for imported vms. The available actions are: +# migrate +# live-migrate +# terminate +# terminate-hard +# undeploy +# undeploy-hard +# hold +# release +# stop +# suspend +# resume +# delete +# delete-recreate +# reboot +# reboot-hard +# resched +# unresched +# poweroff +# poweroff-hard +# disk-attach +# disk-detach +# nic-attach +# nic-detach +# snap-create +# snap-delete #******************************************************************************* #------------------------------------------------------------------------------- @@ -354,57 +403,49 @@ IM_MAD = [ # overridden for each action. # Valid actions: deploy, shutdown, cancel, save, restore, migrate, poll # An example: "-l migrate=migrate_local,save" +# -p more than one action per host in parallel, needs support from hypervisor +# -s to execute remote commands, bash by default # # Note: You can use type = "qemu" to use qemu emulated guests, e.g. if your # CPU does not have virtualization extensions or use nested Qemu-KVM hosts #------------------------------------------------------------------------------- VM_MAD = [ - name = "kvm", - executable = "one_vmm_exec", - arguments = "-t 15 -r 0 kvm", - default = "vmm_exec/vmm_exec_kvm.conf", - type = "kvm" ] + NAME = "kvm", + SUNSTONE_NAME = "KVM", + EXECUTABLE = "one_vmm_exec", + ARGUMENTS = "-t 15 -r 0 kvm", + DEFAULT = "vmm_exec/vmm_exec_kvm.conf", + TYPE = "kvm", + KEEP_SNAPSHOTS = "no", + IMPORTED_VMS_ACTIONS = "terminate, terminate-hard, hold, release, suspend, + resume, delete, reboot, reboot-hard, resched, unresched, disk-attach, + disk-detach, nic-attach, nic-detach, snap-create, snap-delete" +] + #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- -# XEN Virtualization Driver Manager Configuration -# -r number of retries when monitoring a host -# -t number of threads, i.e. number of hosts monitored at the same time -# -l actions executed locally, command can be -# overridden for each action. -# Valid actions: deploy, shutdown, cancel, save, restore, migrate, poll -# An example: "-l migrate,save" -#------------------------------------------------------------------------------- - -# Driver for Xen 3.x -#VM_MAD = [ -# name = "xen", -# executable = "one_vmm_exec", -# arguments = "-t 15 -r 0 xen3", -# default = "vmm_exec/vmm_exec_xen3.conf", -# type = "xen" ] - -# Driver for Xen 4.x -#VM_MAD = [ -# name = "xen", -# executable = "one_vmm_exec", -# arguments = "-t 15 -r 0 xen4", -# default = "vmm_exec/vmm_exec_xen4.conf", -# type = "xen" ] - -#------------------------------------------------------------------------------- - -#------------------------------------------------------------------------------- -# VMware Virtualization Driver Manager Configuration +# vCenter Virtualization Driver Manager Configuration # -r number of retries when monitoring a host # -t number of threads, i.e. number of hosts monitored at the same time +# -p more than one action per host in parallel, needs support from hypervisor +# -s to execute commands, bash by default +# -d default snapshot strategy. It can be either 'detach' or 'suspend'. It +# defaults to 'suspend'. #------------------------------------------------------------------------------- #VM_MAD = [ -# name = "vmware", -# executable = "one_vmm_sh", -# arguments = "-t 15 -r 0 vmware -s sh", -# default = "vmm_exec/vmm_exec_vmware.conf", -# type = "vmware" ] +# NAME = "vcenter", +# SUNSTONE_NAME = "VMWare vCenter", +# EXECUTABLE = "one_vmm_sh", +# ARGUMENTS = "-p -t 15 -r 0 vcenter -s sh", +# DEFAULT = "vmm_exec/vmm_exec_vcenter.conf", +# TYPE = "xml", +# KEEP_SNAPSHOTS = "yes", +# IMPORTED_VMS_ACTIONS = "terminate, terminate-hard, hold, release, suspend, +# resume, delete, reboot, reboot-hard, resched, unresched, poweroff, +# poweroff-hard, disk-attach, disk-detach, nic-attach, nic-detach, +# snap-create, snap-delete" +#] #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- @@ -413,16 +454,43 @@ VM_MAD = [ # -t number of threads, i.e. number of actions performed at the same time #------------------------------------------------------------------------------- #VM_MAD = [ -# name = "ec2", -# executable = "one_vmm_sh", -# arguments = "-t 15 -r 0 ec2", -# type = "xml" ] +# NAME = "ec2", +# SUNSTONE_NAME = "Amazon EC2", +# EXECUTABLE = "one_vmm_sh", +# ARGUMENTS = "-t 15 -r 0 ec2", +# TYPE = "xml", +# KEEP_SNAPSHOTS = "no", +# IMPORTED_VMS_ACTIONS = "terminate, terminate-hard, hold, release, suspend, +# resume, delete, reboot, reboot-hard, resched, unresched, poweroff, +# poweroff-hard, disk-attach, disk-detach, nic-attach, nic-detach, +# snap-create, snap-delete" +#] +#------------------------------------------------------------------------------- + +#------------------------------------------------------------------------------- +# Azure Virtualization Driver Manager Configuration +# -r number of retries when monitoring a host +# -t number of threads, i.e. number of actions performed at the same time +#------------------------------------------------------------------------------- +#VM_MAD = [ +# NAME = "az", +# SUNSTONE_NAME = "Microsoft Azure", +# EXECUTABLE = "one_vmm_sh", +# ARGUMENTS = "-t 15 -r 0 az", +# TYPE = "xml", +# KEEP_SNAPSHOTS = "no", +# IMPORTED_VMS_ACTIONS = "terminate, terminate-hard, hold, release, suspend, +# resume, delete, reboot, reboot-hard, resched, unresched, poweroff, +# poweroff-hard, disk-attach, disk-detach, nic-attach, nic-detach, +# snap-create, snap-delete" +#] #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- # Dummy Virtualization Driver Configuration #------------------------------------------------------------------------------- -#VM_MAD = [ name="dummy", executable="one_vmm_dummy", type="xml" ] +#VM_MAD = [ NAME="dummy", SUNSTONE_NAME="Testing", EXECUTABLE="one_vmm_dummy", +# TYPE="xml" ] #------------------------------------------------------------------------------- #******************************************************************************* @@ -442,8 +510,8 @@ VM_MAD = [ #******************************************************************************* TM_MAD = [ - executable = "one_tm", - arguments = "-t 15 -d dummy,lvm,shared,fs_lvm,qcow2,ssh,vmfs,ceph" + EXECUTABLE = "one_tm", + ARGUMENTS = "-t 15 -d dummy,lvm,shared,fs_lvm,qcow2,ssh,ceph,dev,vcenter,iscsi_libvirt" ] #******************************************************************************* @@ -457,11 +525,30 @@ TM_MAD = [ # arguments : for the driver executable # -t number of threads, i.e. number of repo operations at the same time # -d datastore mads separated by commas +# -s system datastore tm drivers, used to monitor shared system ds. #******************************************************************************* DATASTORE_MAD = [ - executable = "one_datastore", - arguments = "-t 15 -d dummy,fs,vmfs,lvm,ceph" + EXECUTABLE = "one_datastore", + ARGUMENTS = "-t 15 -d dummy,fs,lvm,ceph,dev,iscsi_libvirt,vcenter -s shared,ssh,ceph,fs_lvm,qcow2" +] + +#******************************************************************************* +# Marketplace Driver Configuration +#******************************************************************************* +# Drivers to manage different marketplaces, specialized for the storage backend +# executable: path of the transfer driver executable, can be an +# absolute path or relative to $ONE_LOCATION/lib/mads (or +# /usr/lib/one/mads/ if OpenNebula was installed in /) +# +# arguments : for the driver executable +# -t number of threads, i.e. number of repo operations at the same time +# -m marketplace mads separated by commas +#******************************************************************************* + +MARKET_MAD = [ + EXECUTABLE = "one_market", + ARGUMENTS = "-t 15 -m http,s3,one" ] #******************************************************************************* @@ -492,7 +579,6 @@ DATASTORE_MAD = [ # - SHUTDOWN, after the VM is shutdown # - STOP, after the VM is stopped (including VM image transfers) # - DONE, after the VM is deleted or shutdown -# - FAILED, when the VM enters the failed state # - CUSTOM, user defined specific STATE and LCM_STATE combination # of states to trigger the hook. # command : path is relative to $ONE_LOCATION/var/remotes/hook @@ -543,6 +629,7 @@ DATASTORE_MAD = [ # - NO, The hook is executed in the OpenNebula server (default) # # Virtual Network (VNET_HOOK) +# Virtual Router (VROUTER_HOOK) # User (USER_HOOK) # Group (GROUP_HOOK) # Image (IMAGE_HOOK) @@ -562,39 +649,36 @@ DATASTORE_MAD = [ # arguments : for the hook. You can use the following Host information: # - $ID, the ID of the host # - $TEMPLATE, the vnet template in xml and base64 encoded +# +# Please note: In a Federation, User and Group hooks can only be defined in +# the master OpenNebula. #------------------------------------------------------------------------------- +HM_MAD = [ + EXECUTABLE = "one_hm" ] -VM_HOOK = [ - name = "open_ports", - on = "RUNNING", - command = "eole/graphicsfw", - arguments = "open $TEMPLATE", - remote = "YES" -] - -VM_HOOK = [ - name = "close_ports", - on = "DONE", - command = "eole/graphicsfw", - arguments = "close $TEMPLATE", - remote = "YES" -] - -VM_HOOK = [ - name = "close_ports", - on = "STOP", - command = "eole/graphicsfw", - arguments = "close $TEMPLATE", - remote = "YES" -] - -VM_HOOK = [ - name = "close_ports", - on = "SHUTDOWN", - command = "eole/graphicsfw", - arguments = "close $TEMPLATE", - remote = "YES" -] +#******************************************************************************* +# Fault Tolerance Hooks +#******************************************************************************* +# This hook is used to perform recovery actions when a host fails. +# Script to implement host failure tolerance +# It can be set to +# -m migrate VMs to another host. Only for images in shared storage +# -r recreate VMs running in the host. State will be lost. +# -d delete VMs running in the host +# Additional flags +# -f force resubmission of suspended VMs +# -p avoid resubmission if host comes +# back after n monitoring cycles +#******************************************************************************* +# +#HOST_HOOK = [ +# NAME = "error", +# ON = "ERROR", +# COMMAND = "ft/host_error.rb", +# ARGUMENTS = "$ID -m -p 5", +# REMOTE = "no" ] +#------------------------------------------------------------------------------- +# %if %%getVar('activer_hooks', 'non') == 'oui' #******************************************************************************* @@ -636,50 +720,7 @@ USER_HOOK = [ %end if %end if -HM_MAD = [ - executable = "one_hm" ] -#******************************************************************************* -# Fault Tolerance Hooks -#******************************************************************************* -# This hook is used to perform recovery actions when a host fails. -# Script to implement host failure tolerance -# It can be set to -# -r recreate VMs running in the host -# -d delete VMs running in the host -# Additional flags -# -f force resubmission of suspended VMs -# -p avoid resubmission if host comes -# back after n monitoring cycles -#******************************************************************************* -# -#HOST_HOOK = [ -# name = "error", -# on = "ERROR", -# command = "ft/host_error.rb", -# arguments = "$ID -r", -# remote = "no" ] -#------------------------------------------------------------------------------- -# These two hooks can be used to automatically delete or resubmit VMs that reach -# the "failed" state. This way, the administrator doesn't have to interact -# manually to release its resources or retry the deployment. -# -# -# Only one of them should be uncommented. -#------------------------------------------------------------------------------- -# -#VM_HOOK = [ -# name = "on_failure_delete", -# on = "FAILED", -# command = "/usr/bin/env onevm delete", -# arguments = "$ID" ] -# -#VM_HOOK = [ -# name = "on_failure_recreate", -# on = "FAILED", -# command = "/usr/bin/env onevm delete --recreate", -# arguments = "$ID" ] -#------------------------------------------------------------------------------- #******************************************************************************* # Auth Manager Configuration @@ -696,6 +737,13 @@ HM_MAD = [ # defined all the modules available will be enabled # authz : list of authentication modules separated by commas # +# DEFAULT_AUTH: The default authentication driver to use when OpenNebula does +# not know the user and needs to authenticate it externally. If you want to +# use "default" (not recommended, but supported for backwards compatibility +# reasons) make sure you create a symlink pointing to the actual authentication +# driver in /var/lib/one/remotes/auth, and add "default" to the 'auth' +# parameter in the 'AUTH_MAD' section. +# # SESSION_EXPIRATION_TIME: Time in seconds to keep an authenticated token as # valid. During this time, the driver is not used. Use 0 to disable session # caching @@ -708,15 +756,24 @@ HM_MAD = [ # Its format must be 3 octal digits. For example a umask of 137 will set # the new object's permissions to 640 "um- u-- ---" #******************************************************************************* -AUTH_MAD = [ - executable = "one_auth_mad", + + %if %%getVar('sunstone_auth_modes', 'non') == 'non' - authn = "server_cipher,default" -%else - authn = "server_cipher,default,%%getVar('sunstone_auth_modes','')" -%end if +AUTH_MAD = [ + EXECUTABLE = "one_auth_mad", + AUTHN = "ssh,x509,server_cipher,server_x509" ] +%else +AUTH_MAD = [ + EXECUTABLE = "one_auth_mad", + AUTHN = "ssh,x509,server_cipher,server_x509,%%getVar('sunstone_auth_modes','')" +] + +DEFAULT_AUTH = "ldap" +%end if + + SESSION_EXPIRATION_TIME = 900 #ENABLE_OTHER_PERMISSIONS = "YES" @@ -742,6 +799,22 @@ VM_RESTRICTED_ATTR = "CONTEXT/FILES" VM_RESTRICTED_ATTR = "NIC/MAC" VM_RESTRICTED_ATTR = "NIC/VLAN_ID" VM_RESTRICTED_ATTR = "NIC/BRIDGE" +VM_RESTRICTED_ATTR = "NIC_DEFAULT/MAC" +VM_RESTRICTED_ATTR = "NIC_DEFAULT/VLAN_ID" +VM_RESTRICTED_ATTR = "NIC_DEFAULT/BRIDGE" +VM_RESTRICTED_ATTR = "DISK/TOTAL_BYTES_SEC" +VM_RESTRICTED_ATTR = "DISK/READ_BYTES_SEC" +VM_RESTRICTED_ATTR = "DISK/WRITE_BYTES_SEC" +VM_RESTRICTED_ATTR = "DISK/TOTAL_IOPS_SEC" +VM_RESTRICTED_ATTR = "DISK/READ_IOPS_SEC" +VM_RESTRICTED_ATTR = "DISK/WRITE_IOPS_SEC" +#VM_RESTRICTED_ATTR = "DISK/SIZE" +VM_RESTRICTED_ATTR = "DISK/ORIGINAL_SIZE" +VM_RESTRICTED_ATTR = "CPU_COST" +VM_RESTRICTED_ATTR = "MEMORY_COST" +VM_RESTRICTED_ATTR = "DISK_COST" +VM_RESTRICTED_ATTR = "PCI" +VM_RESTRICTED_ATTR = "USER_INPUTS" #VM_RESTRICTED_ATTR = "RANK" #VM_RESTRICTED_ATTR = "SCHED_RANK" @@ -750,6 +823,21 @@ VM_RESTRICTED_ATTR = "NIC/BRIDGE" IMAGE_RESTRICTED_ATTR = "SOURCE" +#******************************************************************************* +# The following restricted attributes only apply to VNets that are a reservation. +# Normal VNets do not have restricted attributes. +#******************************************************************************* + +VNET_RESTRICTED_ATTR = "VN_MAD" +VNET_RESTRICTED_ATTR = "PHYDEV" +VNET_RESTRICTED_ATTR = "VLAN_ID" +VNET_RESTRICTED_ATTR = "BRIDGE" + +VNET_RESTRICTED_ATTR = "AR/VN_MAD" +VNET_RESTRICTED_ATTR = "AR/PHYDEV" +VNET_RESTRICTED_ATTR = "AR/VLAN_ID" +VNET_RESTRICTED_ATTR = "AR/BRIDGE" + #******************************************************************************* # Inherited Attributes Configuration #******************************************************************************* @@ -774,12 +862,31 @@ IMAGE_RESTRICTED_ATTR = "SOURCE" INHERIT_DATASTORE_ATTR = "CEPH_HOST" INHERIT_DATASTORE_ATTR = "CEPH_SECRET" INHERIT_DATASTORE_ATTR = "CEPH_USER" -INHERIT_DATASTORE_ATTR = "RBD_FORMAT" +INHERIT_DATASTORE_ATTR = "CEPH_CONF" +INHERIT_DATASTORE_ATTR = "POOL_NAME" + +INHERIT_DATASTORE_ATTR = "ISCSI_USER" +INHERIT_DATASTORE_ATTR = "ISCSI_USAGE" +INHERIT_DATASTORE_ATTR = "ISCSI_HOST" + +INHERIT_IMAGE_ATTR = "ISCSI_USER" +INHERIT_IMAGE_ATTR = "ISCSI_USAGE" +INHERIT_IMAGE_ATTR = "ISCSI_HOST" +INHERIT_IMAGE_ATTR = "ISCSI_IQN" INHERIT_DATASTORE_ATTR = "GLUSTER_HOST" INHERIT_DATASTORE_ATTR = "GLUSTER_VOLUME" +INHERIT_DATASTORE_ATTR = "DISK_TYPE" +INHERIT_DATASTORE_ATTR = "ADAPTER_TYPE" + +INHERIT_IMAGE_ATTR = "DISK_TYPE" +INHERIT_IMAGE_ATTR = "ADAPTER_TYPE" + INHERIT_VNET_ATTR = "VLAN_TAGGED_ID" +INHERIT_VNET_ATTR = "FILTER_IP_SPOOFING" +INHERIT_VNET_ATTR = "FILTER_MAC_SPOOFING" +INHERIT_VNET_ATTR = "MTU" #******************************************************************************* # Transfer Manager Driver Behavior Configuration @@ -801,36 +908,139 @@ INHERIT_VNET_ATTR = "VLAN_TAGGED_ID" # SYSTEM: The image will be cloned in the System datastore # shared : determines if the storage holding the system datastore is shared # among the different hosts or not. Valid values: "yes" or "no" +# ds_migrate : The driver allows migrations across datastores. Valid values: +# "yes" or "no". Note: THIS ONLY APPLIES TO SYSTEM DS. #******************************************************************************* TM_MAD_CONF = [ - name = "dummy", ln_target = "NONE", clone_target = "SYSTEM", shared = "yes" + NAME = "dummy", LN_TARGET = "NONE", CLONE_TARGET = "SYSTEM", SHARED = "YES", + DS_MIGRATE = "YES" ] TM_MAD_CONF = [ - name = "lvm", ln_target = "NONE", clone_target = "SELF", shared = "yes" + NAME = "lvm", LN_TARGET = "NONE", CLONE_TARGET = "SELF", SHARED = "YES" ] TM_MAD_CONF = [ - name = "shared", ln_target = "NONE", clone_target = "SYSTEM", shared = "yes" + NAME = "shared", LN_TARGET = "NONE", CLONE_TARGET = "SYSTEM", SHARED = "YES", + DS_MIGRATE = "YES" ] TM_MAD_CONF = [ - name = "fs_lvm", ln_target = "SYSTEM", clone_target = "SYSTEM", shared="yes" + NAME = "fs_lvm", LN_TARGET = "SYSTEM", CLONE_TARGET = "SYSTEM", SHARED="YES" ] TM_MAD_CONF = [ - name = "qcow2", ln_target = "NONE", clone_target = "SYSTEM", shared = "yes" + NAME = "qcow2", LN_TARGET = "NONE", CLONE_TARGET = "SYSTEM", SHARED = "YES" ] TM_MAD_CONF = [ - name = "ssh", ln_target = "SYSTEM", clone_target = "SYSTEM", shared = "no" + NAME = "ssh", LN_TARGET = "SYSTEM", CLONE_TARGET = "SYSTEM", SHARED = "NO", + DS_MIGRATE = "YES" ] TM_MAD_CONF = [ - name = "vmfs", ln_target = "NONE", clone_target= "SYSTEM", shared = "yes" + NAME = "ceph", LN_TARGET = "NONE", CLONE_TARGET = "SELF", SHARED = "YES", + DS_MIGRATE = "NO" ] TM_MAD_CONF = [ - name = "ceph", ln_target = "NONE", clone_target = "SELF", shared = "yes" + NAME = "iscsi_libvirt", LN_TARGET = "NONE", CLONE_TARGET = "SELF", SHARED = "YES", + DS_MIGRATE = "NO" +] + +TM_MAD_CONF = [ + NAME = "dev", LN_TARGET = "NONE", CLONE_TARGET = "NONE", SHARED = "YES" +] + +TM_MAD_CONF = [ + NAME = "vcenter", LN_TARGET = "NONE", CLONE_TARGET = "NONE", SHARED = "YES" +] + +#******************************************************************************* +# Datastore Manager Driver Behavior Configuration +#******************************************************************************* +# The configuration for each driver is defined in DS_MAD_CONF. These +# values are used when creating a new datastore and should not be modified +# since they define the datastore behavior. +# name : name of the transfer driver, listed in the -d option of the +# DS_MAD section +# required_attrs : comma separated list of required attributes in the DS +# template +# persistent_only: specifies whether the datastore can only manage persistent +# images +#******************************************************************************* + +DS_MAD_CONF = [ + NAME = "ceph", + REQUIRED_ATTRS = "DISK_TYPE,BRIDGE_LIST", + PERSISTENT_ONLY = "NO", + MARKETPLACE_ACTIONS = "export" +] + +DS_MAD_CONF = [ + NAME = "dev", REQUIRED_ATTRS = "DISK_TYPE", PERSISTENT_ONLY = "YES" +] + +DS_MAD_CONF = [ + NAME = "iscsi_libvirt", REQUIRED_ATTRS = "DISK_TYPE,ISCSI_HOST", + PERSISTENT_ONLY = "YES" +] + +DS_MAD_CONF = [ + NAME = "dummy", REQUIRED_ATTRS = "", PERSISTENT_ONLY = "NO" +] + +DS_MAD_CONF = [ + NAME = "fs", REQUIRED_ATTRS = "", PERSISTENT_ONLY = "NO", + MARKETPLACE_ACTIONS = "export" +] + +DS_MAD_CONF = [ + NAME = "lvm", REQUIRED_ATTRS = "DISK_TYPE,BRIDGE_LIST", + PERSISTENT_ONLY = "NO" +] + +DS_MAD_CONF = [ + NAME = "vcenter", REQUIRED_ATTRS = "VCENTER_CLUSTER", PERSISTENT_ONLY = "YES", + MARKETPLACE_ACTIONS = "export" +] + +#******************************************************************************* +# MarketPlace Driver Behavior Configuration +#******************************************************************************* +# The configuration for each driver is defined in MARKET_MAD_CONF. These +# values are used when creating a new marketplaces and should not be modified +# since they define the marketplace behavior. +# name : name of the market driver +# required_attrs : comma separated list of required attributes in the Market +# template +# app_actions: List of actions allowed for a MarketPlaceApp +# - monitor The apps of the marketplace will be monitored +# - create, the app in the marketplace +# - delete, the app from the marketplace +# public: set to yes for external marketplaces. A public marketplace can be +# removed even if it has registered apps. +#******************************************************************************* + +MARKET_MAD_CONF = [ + NAME = "one", + SUNSTONE_NAME = "OpenNebula.org Marketplace", + REQUIRED_ATTRS = "", + APP_ACTIONS = "monitor", + PUBLIC = "yes" +] + +MARKET_MAD_CONF = [ + NAME = "http", + SUNSTONE_NAME = "HTTP server", + REQUIRED_ATTRS = "BASE_URL,PUBLIC_DIR", + APP_ACTIONS = "create, delete, monitor" +] + +MARKET_MAD_CONF = [ + NAME = "s3", + SUNSTONE_NAME = "Amazon S3", + REQUIRED_ATTRS = "ACCESS_KEY_ID,SECRET_ACCESS_KEY,REGION,BUCKET", + APP_ACTIONS = "create, delete, monitor" ]