[pve-cluster.git] / data / PVE / DataCenterConfig.pm

package PVE::DataCenterConfig;

use strict;
use warnings;

use PVE::JSONSchema qw(parse_property_string);
use PVE::Tools;
use PVE::Cluster;

my $migration_format = {
    type => {
	default_key => 1,
	type => 'string',
	enum => ['secure', 'insecure'],
	description => "Migration traffic is encrypted using an SSH tunnel by " .
	  "default. On secure, completely private networks this can be " .
	  "disabled to increase performance.",
	default => 'secure',
    },
    network => {
	optional => 1,
	type => 'string', format => 'CIDR',
	format_description => 'CIDR',
	description => "CIDR of the (sub) network that is used for migration."
    },
};

my $ha_format = {
    shutdown_policy => {
	type => 'string',
	enum => ['freeze', 'failover', 'conditional', 'migrate'],
	description => "The policy for HA services on node shutdown. 'freeze' disables ".
	    "auto-recovery, 'failover' ensures recovery, 'conditional' recovers on ".
	    "poweroff and freezes on reboot. 'migrate' will migrate running services ".
	    "to other nodes, if possible. With 'freeze' or 'failover', HA Services will ".
	    "always get stopped first on shutdown.",
	verbose_description => "Describes the policy for handling HA services on poweroff ".
	    "or reboot of a node. Freeze will always freeze services which are still located ".
	    "on the node on shutdown, those services won't be recovered by the HA manager. ".
	    "Failover will not mark the services as frozen and thus the services will get ".
	    "recovered to other nodes, if the shutdown node does not come up again quickly ".
	    "(< 1min). 'conditional' chooses automatically depending on the type of shutdown, ".
	    "i.e., on a reboot the service will be frozen but on a poweroff the service will ".
	    "stay as is, and thus get recovered after about 2 minutes. ".
	    "Migrate will try to move all running services to another node when a reboot or ".
	    "shutdown was triggered. The poweroff process will only continue once no running services ".
	    "are located on the node anymore. If the node comes up again, the service will ".
	    "be moved back to the previously powered-off node, at least if no other migration, ".
	    "reloaction or recovery took place.",
	default => 'conditional',
    }
};

my $next_id_format = {
    lower => {
	type => 'integer',
	description => "Lower, inclusive boundary for free next-id API range.",
	min => 100,
	max => 1000 * 1000 * 1000 - 1,
	default => 100,
	optional => 1,
    },
    upper => {
	type => 'integer',
	description => "Upper, inclusive boundary for free next-id API range.",
	min => 100,
	max => 1000 * 1000 * 1000 - 1,
	default => 1000 * 1000, # lower than the maximum on purpose
	optional => 1,
    },
};

my $u2f_format = {
    appid => {
	type => 'string',
	description => "U2F AppId URL override. Defaults to the origin.",
	format_description => 'APPID',
	optional => 1,
    },
    origin => {
	type => 'string',
	description => "U2F Origin override. Mostly useful for single nodes with a single URL.",
	format_description => 'URL',
	optional => 1,
    },
};

my $webauthn_format = {
    rp => {
	type => 'string',
	description =>
	    'Relying party name. Any text identifier.'
	    .' Changing this *may* break existing credentials.',
	format_description => 'RELYING_PARTY',
	optional => 1,
    },
    origin => {
	type => 'string',
	description =>
	    'Site origin. Must be a `https://` URL (or `http://localhost`).'
	    .' Should contain the address users type in their browsers to access'
	    .' the web interface.'
	    .' Changing this *may* break existing credentials.',
	format_description => 'URL',
	optional => 1,
    },
    id => {
	type => 'string',
	description =>
	    'Relying part ID. Must be the domain name without protocol, port or location.'
	    .' Changing this *will* break existing credentials.',
	format_description => 'DOMAINNAME',
	optional => 1,
    },
};

PVE::JSONSchema::register_format('mac-prefix', \&pve_verify_mac_prefix);
sub pve_verify_mac_prefix {
    my ($mac_prefix, $noerr) = @_;

    if ($mac_prefix !~ m/^[a-f0-9][02468ace](?::[a-f0-9]{2}){0,2}:?$/i) {
	return undef if $noerr;
	die "value is not a valid unicast MAC address prefix\n";
    }
    return $mac_prefix;
}

my $datacenter_schema = {
    type => "object",
    additionalProperties => 0,
    properties => {
	keyboard => {
	    optional => 1,
	    type => 'string',
	    description => "Default keybord layout for vnc server.",
	    enum => PVE::Tools::kvmkeymaplist(),
	},
	language => {
	    optional => 1,
	    type => 'string',
	    description => "Default GUI language.",
	    enum => [
		'ca',
		'da',
		'de',
		'en',
		'es',
		'eu',
		'fa',
		'fr',
		'he',
		'it',
		'ja',
		'nb',
		'nn',
		'pl',
		'pt_BR',
		'ru',
		'sl',
		'sv',
		'tr',
		'zh_CN',
		'zh_TW',
	    ],
	},
	http_proxy => {
	    optional => 1,
	    type => 'string',
	    description => "Specify external http proxy which is used for downloads (example: 'http://username:password\@host:port/')",
	    pattern => "http://.*",
	},
	# FIXME: remove with 8.0 (add check to pve7to8!), merged into "migration" since 4.3
	migration_unsecure => {
	    optional => 1,
	    type => 'boolean',
	    description => "Migration is secure using SSH tunnel by default. " .
	      "For secure private networks you can disable it to speed up " .
	      "migration. Deprecated, use the 'migration' property instead!",
	},
	'next-id' => {
	    optional => 1,
	    type => 'string',
	    format => $next_id_format,
	    description => "Control the range for the free VMID auto-selection pool.",
	},
	migration => {
	    optional => 1,
	    type => 'string', format => $migration_format,
	    description => "For cluster wide migration settings.",
	},
	console => {
	    optional => 1,
	    type => 'string',
	    description => "Select the default Console viewer. You can either use the builtin java"
	        ." applet (VNC; deprecated and maps to html5), an external virt-viewer comtatible application (SPICE), an HTML5 based vnc viewer (noVNC), or an HTML5 based console client (xtermjs). If the selected viewer is not available (e.g. SPICE not activated for the VM), the fallback is noVNC.",
	    # FIXME: remove 'applet' with 8.0 (add pve7to8 check!)
	    enum => ['applet', 'vv', 'html5', 'xtermjs'],
	},
	email_from => {
	    optional => 1,
	    type => 'string',
	    format => 'email-opt',
	    description => "Specify email address to send notification from (default is root@\$hostname)",
	},
	max_workers => {
	    optional => 1,
	    type => 'integer',
	    minimum => 1,
	    description => "Defines how many workers (per node) are maximal started ".
	      " on actions like 'stopall VMs' or task from the ha-manager.",
	},
	fencing => {
	    optional => 1,
	    type => 'string',
	    default => 'watchdog',
	    enum => [ 'watchdog', 'hardware', 'both' ],
	    description => "Set the fencing mode of the HA cluster. Hardware mode " .
	      "needs a valid configuration of fence devices in /etc/pve/ha/fence.cfg." .
	      " With both all two modes are used." .
	      "\n\nWARNING: 'hardware' and 'both' are EXPERIMENTAL & WIP",
	},
	ha => {
	    optional => 1,
	    type => 'string', format => $ha_format,
	    description => "Cluster wide HA settings.",
	},
	mac_prefix => {
	    optional => 1,
	    type => 'string',
	    format => 'mac-prefix',
	    description => 'Prefix for autogenerated MAC addresses.',
	},
	bwlimit => PVE::JSONSchema::get_standard_option('bwlimit'),
	u2f => {
	    optional => 1,
	    type => 'string',
	    format => $u2f_format,
	    description => 'u2f',
	},
	webauthn => {
	    optional => 1,
	    type => 'string',
	    format => $webauthn_format,
	    description => 'webauthn configuration',
	},
	description => {
	    type => 'string',
	    description => "Datacenter description. Shown in the web-interface datacenter notes panel."
		." This is saved as comment inside the configuration file.",
	    maxLength => 64 * 1024,
	    optional => 1,
	},
    },
};

# make schema accessible from outside (for documentation)
sub get_datacenter_schema { return $datacenter_schema };

sub parse_datacenter_config {
    my ($filename, $raw) = @_;

    $raw = '' if !defined($raw);

    # description may be comment or key-value pair (or both)
    my $comment = '';
    for my $line (split(/\n/, $raw)) {
	if ($line =~ /^\#(.*)$/) {
	    $comment .= PVE::Tools::decode_text($1) . "\n";
	}
    }

    # parse_config ignores lines with # => use $raw
    my $res = PVE::JSONSchema::parse_config($datacenter_schema, $filename, $raw);

    $res->{description} = $comment;

    if (my $migration = $res->{migration}) {
	$res->{migration} = parse_property_string($migration_format, $migration);
    }

    if (my $next_id = $res->{'next-id'}) {
	$res->{'next-id'} = parse_property_string($next_id_format, $next_id);
    }

    if (my $ha = $res->{ha}) {
	$res->{ha} = parse_property_string($ha_format, $ha);
    }

    if (my $u2f = $res->{u2f}) {
	$res->{u2f} = parse_property_string($u2f_format, $u2f);
    }

    if (my $webauthn = $res->{webauthn}) {
	$res->{webauthn} = parse_property_string($webauthn_format, $webauthn);
    }

    # for backwards compatibility only, new migration property has precedence
    if (defined($res->{migration_unsecure})) {
	if (defined($res->{migration}->{type})) {
	    warn "deprecated setting 'migration_unsecure' and new 'migration: type' " .
	      "set at same time! Ignore 'migration_unsecure'\n";
	} else {
	    $res->{migration}->{type} = ($res->{migration_unsecure}) ? 'insecure' : 'secure';
	}
    }

    # for backwards compatibility only, applet maps to html5
    if (defined($res->{console}) && $res->{console} eq 'applet') {
	$res->{console} = 'html5';
    }

    return $res;
}

sub write_datacenter_config {
    my ($filename, $cfg) = @_;

    # map deprecated setting to new one
    if (defined($cfg->{migration_unsecure}) && !defined($cfg->{migration})) {
	my $migration_unsecure = delete $cfg->{migration_unsecure};
	$cfg->{migration}->{type} = ($migration_unsecure) ? 'insecure' : 'secure';
    }

    # map deprecated applet setting to html5
    if (defined($cfg->{console}) && $cfg->{console} eq 'applet') {
	$cfg->{console} = 'html5';
    }

    if (ref(my $migration = $cfg->{migration})) {
	$cfg->{migration} = PVE::JSONSchema::print_property_string($migration, $migration_format);
    }

    if (defined(my $next_id = $cfg->{'next-id'})) {
        $next_id = parse_property_string($next_id_format, $next_id) if !ref($next_id);

	my $lower = int($next_id->{lower} // $next_id_format->{lower}->{default});
	my $upper = int($next_id->{upper} // $next_id_format->{upper}->{default});

	die "lower ($lower) <= upper ($upper) boundary rule broken" if $lower > $upper;

	$cfg->{'next-id'} = PVE::JSONSchema::print_property_string($next_id, $next_id_format);
    }

    if (ref(my $ha = $cfg->{ha})) {
	$cfg->{ha} = PVE::JSONSchema::print_property_string($ha, $ha_format);
    }

    if (ref(my $u2f = $cfg->{u2f})) {
	$cfg->{u2f} = PVE::JSONSchema::print_property_string($u2f, $u2f_format);
    }

    if (ref(my $webauthn = $cfg->{webauthn})) {
	$cfg->{webauthn} = PVE::JSONSchema::print_property_string($webauthn, $webauthn_format);
    }

    my $comment = '';
    # add description as comment to top of file
    my $description = $cfg->{description} || '';
    foreach my $line (split(/\n/, $description)) {
	$comment .= '#' .  PVE::Tools::encode_text($line) . "\n";
    }
    delete $cfg->{description}; # add only as comment, no additional key-value pair
    my $dump = PVE::JSONSchema::dump_config($datacenter_schema, $filename, $cfg);

    return $comment . "\n" . $dump;
}

PVE::Cluster::cfs_register_file(
    'datacenter.cfg',
    \&parse_datacenter_config,
    \&write_datacenter_config,
);

1;
Commit	Line	Data
ab966729 FG	1	package PVE::DataCenterConfig;
	2
	3	use strict;
	4	use warnings;
	5
51866274	6	use PVE::JSONSchema qw(parse_property_string);
ab966729 FG	7	use PVE::Tools;
	8	use PVE::Cluster;
	9
	10	my $migration_format = {
	11	type => {
	12	default_key => 1,
	13	type => 'string',
	14	enum => ['secure', 'insecure'],
	15	description => "Migration traffic is encrypted using an SSH tunnel by " .
	16	"default. On secure, completely private networks this can be " .
	17	"disabled to increase performance.",
	18	default => 'secure',
	19	},
	20	network => {
	21	optional => 1,
	22	type => 'string', format => 'CIDR',
	23	format_description => 'CIDR',
	24	description => "CIDR of the (sub) network that is used for migration."
	25	},
	26	};
	27
	28	my $ha_format = {
	29	shutdown_policy => {
	30	type => 'string',
28c22b8d TL	31	enum => ['freeze', 'failover', 'conditional', 'migrate'],
	32	description => "The policy for HA services on node shutdown. 'freeze' disables ".
	33	"auto-recovery, 'failover' ensures recovery, 'conditional' recovers on ".
	34	"poweroff and freezes on reboot. 'migrate' will migrate running services ".
	35	"to other nodes, if possible. With 'freeze' or 'failover', HA Services will ".
	36	"always get stopped first on shutdown.",
	37	verbose_description => "Describes the policy for handling HA services on poweroff ".
	38	"or reboot of a node. Freeze will always freeze services which are still located ".
	39	"on the node on shutdown, those services won't be recovered by the HA manager. ".
	40	"Failover will not mark the services as frozen and thus the services will get ".
	41	"recovered to other nodes, if the shutdown node does not come up again quickly ".
	42	"(< 1min). 'conditional' chooses automatically depending on the type of shutdown, ".
	43	"i.e., on a reboot the service will be frozen but on a poweroff the service will ".
1818509b	44	"stay as is, and thus get recovered after about 2 minutes. ".
dc43b8a4 TL	45	"Migrate will try to move all running services to another node when a reboot or ".
dc43b8a4 TL	46	"shutdown was triggered. The poweroff process will only continue once no running services ".
1818509b TL	47	"are located on the node anymore. If the node comes up again, the service will ".
	48	"be moved back to the previously powered-off node, at least if no other migration, ".
	49	"reloaction or recovery took place.",
ab966729 FG	50	default => 'conditional',
	51	}
	52	};
	53
75e5d02e TL	54	my $next_id_format = {
	55	lower => {
	56	type => 'integer',
	57	description => "Lower, inclusive boundary for free next-id API range.",
	58	min => 100,
	59	max => 1000 * 1000 * 1000 - 1,
	60	default => 100,
	61	optional => 1,
	62	},
	63	upper => {
	64	type => 'integer',
	65	description => "Upper, inclusive boundary for free next-id API range.",
	66	min => 100,
	67	max => 1000 * 1000 * 1000 - 1,
	68	default => 1000 * 1000, # lower than the maximum on purpose
	69	optional => 1,
	70	},
	71	};
	72
bcfa5ac1	73	my $u2f_format = {
ab966729 FG	74	appid => {
	75	type => 'string',
	76	description => "U2F AppId URL override. Defaults to the origin.",
	77	format_description => 'APPID',
	78	optional => 1,
	79	},
	80	origin => {
	81	type => 'string',
	82	description => "U2F Origin override. Mostly useful for single nodes with a single URL.",
	83	format_description => 'URL',
	84	optional => 1,
	85	},
	86	};
	87
8545a705 WB	88	my $webauthn_format = {
	89	rp => {
	90	type => 'string',
	91	description =>
	92	'Relying party name. Any text identifier.'
	93	.' Changing this may break existing credentials.',
	94	format_description => 'RELYING_PARTY',
	95	optional => 1,
	96	},
	97	origin => {
	98	type => 'string',
	99	description =>
	100	'Site origin. Must be a `https://` URL (or `http://localhost`).'
	101	.' Should contain the address users type in their browsers to access'
	102	.' the web interface.'
	103	.' Changing this may break existing credentials.',
	104	format_description => 'URL',
	105	optional => 1,
	106	},
	107	id => {
	108	type => 'string',
	109	description =>
	110	'Relying part ID. Must be the domain name without protocol, port or location.'
	111	.' Changing this will break existing credentials.',
	112	format_description => 'DOMAINNAME',
	113	optional => 1,
	114	},
	115	};
ab966729 FG	116
	117	PVE::JSONSchema::register_format('mac-prefix', \&pve_verify_mac_prefix);
	118	sub pve_verify_mac_prefix {
	119	my ($mac_prefix, $noerr) = @_;
	120
	121	if ($mac_prefix !~ m/^[a-f0-9][02468ace](?::[a-f0-9]{2}){0,2}:?$/i) {
	122	return undef if $noerr;
	123	die "value is not a valid unicast MAC address prefix\n";
	124	}
	125	return $mac_prefix;
	126	}
	127
	128	my $datacenter_schema = {
	129	type => "object",
	130	additionalProperties => 0,
	131	properties => {
	132	keyboard => {
	133	optional => 1,
	134	type => 'string',
	135	description => "Default keybord layout for vnc server.",
	136	enum => PVE::Tools::kvmkeymaplist(),
	137	},
	138	language => {
	139	optional => 1,
	140	type => 'string',
	141	description => "Default GUI language.",
	142	enum => [
	143	'ca',
	144	'da',
	145	'de',
	146	'en',
	147	'es',
	148	'eu',
	149	'fa',
	150	'fr',
	151	'he',
	152	'it',
	153	'ja',
	154	'nb',
	155	'nn',
	156	'pl',
	157	'pt_BR',
	158	'ru',
	159	'sl',
	160	'sv',
	161	'tr',
	162	'zh_CN',
	163	'zh_TW',
	164	],
	165	},
	166	http_proxy => {
	167	optional => 1,
	168	type => 'string',
	169	description => "Specify external http proxy which is used for downloads (example: 'http://username:password\@host:port/')",
	170	pattern => "http://.*",
	171	},
0cc6e737	172	# FIXME: remove with 8.0 (add check to pve7to8!), merged into "migration" since 4.3
ab966729 FG	173	migration_unsecure => {
	174	optional => 1,
	175	type => 'boolean',
	176	description => "Migration is secure using SSH tunnel by default. " .
	177	"For secure private networks you can disable it to speed up " .
	178	"migration. Deprecated, use the 'migration' property instead!",
	179	},
75e5d02e TL	180	'next-id' => {
	181	optional => 1,
	182	type => 'string',
	183	format => $next_id_format,
	184	description => "Control the range for the free VMID auto-selection pool.",
	185	},
ab966729 FG	186	migration => {
	187	optional => 1,
	188	type => 'string', format => $migration_format,
	189	description => "For cluster wide migration settings.",
	190	},
	191	console => {
	192	optional => 1,
	193	type => 'string',
0cc6e737 TL	194	description => "Select the default Console viewer. You can either use the builtin java"
	195	." applet (VNC; deprecated and maps to html5), an external virt-viewer comtatible application (SPICE), an HTML5 based vnc viewer (noVNC), or an HTML5 based console client (xtermjs). If the selected viewer is not available (e.g. SPICE not activated for the VM), the fallback is noVNC.",
	196	# FIXME: remove 'applet' with 8.0 (add pve7to8 check!)
ab966729 FG	197	enum => ['applet', 'vv', 'html5', 'xtermjs'],
	198	},
	199	email_from => {
	200	optional => 1,
	201	type => 'string',
	202	format => 'email-opt',
	203	description => "Specify email address to send notification from (default is root@\$hostname)",
	204	},
	205	max_workers => {
	206	optional => 1,
	207	type => 'integer',
	208	minimum => 1,
	209	description => "Defines how many workers (per node) are maximal started ".
	210	" on actions like 'stopall VMs' or task from the ha-manager.",
	211	},
	212	fencing => {
	213	optional => 1,
	214	type => 'string',
	215	default => 'watchdog',
	216	enum => [ 'watchdog', 'hardware', 'both' ],
	217	description => "Set the fencing mode of the HA cluster. Hardware mode " .
	218	"needs a valid configuration of fence devices in /etc/pve/ha/fence.cfg." .
	219	" With both all two modes are used." .
	220	"\n\nWARNING: 'hardware' and 'both' are EXPERIMENTAL & WIP",
	221	},
	222	ha => {
	223	optional => 1,
	224	type => 'string', format => $ha_format,
	225	description => "Cluster wide HA settings.",
	226	},
	227	mac_prefix => {
	228	optional => 1,
	229	type => 'string',
	230	format => 'mac-prefix',
	231	description => 'Prefix for autogenerated MAC addresses.',
	232	},
	233	bwlimit => PVE::JSONSchema::get_standard_option('bwlimit'),
	234	u2f => {
	235	optional => 1,
	236	type => 'string',
	237	format => $u2f_format,
	238	description => 'u2f',
	239	},
8545a705 WB	240	webauthn => {
	241	optional => 1,
	242	type => 'string',
	243	format => $webauthn_format,
	244	description => 'webauthn configuration',
	245	},
2ae1c0bb DJ	246	description => {
	247	type => 'string',
	248	description => "Datacenter description. Shown in the web-interface datacenter notes panel."
	249	." This is saved as comment inside the configuration file.",
	250	maxLength => 64 * 1024,
	251	optional => 1,
	252	},
ab966729 FG	253	},
	254	};
	255
	256	# make schema accessible from outside (for documentation)
	257	sub get_datacenter_schema { return $datacenter_schema };
	258
	259	sub parse_datacenter_config {
	260	my ($filename, $raw) = @_;
	261
b5e2b244 TL	262	$raw = '' if !defined($raw);
b5e2b244 TL	263
2ae1c0bb DJ	264	# description may be comment or key-value pair (or both)
2ae1c0bb DJ	265	my $comment = '';
459f6084	266	for my $line (split(/\n/, $raw)) {
09b99550	267	if ($line =~ /^\#(.*)$/) {
2ae1c0bb DJ	268	$comment .= PVE::Tools::decode_text($1) . "\n";
	269	}
	270	}
	271
	272	# parse_config ignores lines with # => use $raw
b5e2b244	273	my $res = PVE::JSONSchema::parse_config($datacenter_schema, $filename, $raw);
ab966729	274
2ae1c0bb DJ	275	$res->{description} = $comment;
2ae1c0bb DJ	276
ab966729	277	if (my $migration = $res->{migration}) {
51866274	278	$res->{migration} = parse_property_string($migration_format, $migration);
ab966729 FG	279	}
ab966729 FG	280
75e5d02e TL	281	if (my $next_id = $res->{'next-id'}) {
	282	$res->{'next-id'} = parse_property_string($next_id_format, $next_id);
	283	}
	284
ab966729	285	if (my $ha = $res->{ha}) {
51866274	286	$res->{ha} = parse_property_string($ha_format, $ha);
ab966729 FG	287	}
ab966729 FG	288
bcfa5ac1	289	if (my $u2f = $res->{u2f}) {
51866274	290	$res->{u2f} = parse_property_string($u2f_format, $u2f);
bcfa5ac1 FG	291	}
bcfa5ac1 FG	292
8545a705	293	if (my $webauthn = $res->{webauthn}) {
51866274	294	$res->{webauthn} = parse_property_string($webauthn_format, $webauthn);
8545a705 WB	295	}
8545a705 WB	296
ab966729 FG	297	# for backwards compatibility only, new migration property has precedence
	298	if (defined($res->{migration_unsecure})) {
	299	if (defined($res->{migration}->{type})) {
	300	warn "deprecated setting 'migration_unsecure' and new 'migration: type' " .
	301	"set at same time! Ignore 'migration_unsecure'\n";
	302	} else {
	303	$res->{migration}->{type} = ($res->{migration_unsecure}) ? 'insecure' : 'secure';
	304	}
	305	}
	306
	307	# for backwards compatibility only, applet maps to html5
	308	if (defined($res->{console}) && $res->{console} eq 'applet') {
	309	$res->{console} = 'html5';
	310	}
	311
	312	return $res;
	313	}
	314
	315	sub write_datacenter_config {
	316	my ($filename, $cfg) = @_;
	317
	318	# map deprecated setting to new one
	319	if (defined($cfg->{migration_unsecure}) && !defined($cfg->{migration})) {
	320	my $migration_unsecure = delete $cfg->{migration_unsecure};
	321	$cfg->{migration}->{type} = ($migration_unsecure) ? 'insecure' : 'secure';
	322	}
	323
	324	# map deprecated applet setting to html5
	325	if (defined($cfg->{console}) && $cfg->{console} eq 'applet') {
	326	$cfg->{console} = 'html5';
	327	}
	328
5b576e26	329	if (ref(my $migration = $cfg->{migration})) {
ab966729 FG	330	$cfg->{migration} = PVE::JSONSchema::print_property_string($migration, $migration_format);
	331	}
	332
75e5d02e TL	333	if (defined(my $next_id = $cfg->{'next-id'})) {
	334	$next_id = parse_property_string($next_id_format, $next_id) if !ref($next_id);
	335
	336	my $lower = int($next_id->{lower} // $next_id_format->{lower}->{default});
	337	my $upper = int($next_id->{upper} // $next_id_format->{upper}->{default});
	338
	339	die "lower ($lower) <= upper ($upper) boundary rule broken" if $lower > $upper;
	340
	341	$cfg->{'next-id'} = PVE::JSONSchema::print_property_string($next_id, $next_id_format);
	342	}
	343
5b576e26	344	if (ref(my $ha = $cfg->{ha})) {
ab966729 FG	345	$cfg->{ha} = PVE::JSONSchema::print_property_string($ha, $ha_format);
	346	}
	347
5b576e26	348	if (ref(my $u2f = $cfg->{u2f})) {
bcfa5ac1 FG	349	$cfg->{u2f} = PVE::JSONSchema::print_property_string($u2f, $u2f_format);
	350	}
	351
5b576e26	352	if (ref(my $webauthn = $cfg->{webauthn})) {
8545a705 WB	353	$cfg->{webauthn} = PVE::JSONSchema::print_property_string($webauthn, $webauthn_format);
	354	}
	355
2ae1c0bb DJ	356	my $comment = '';
	357	# add description as comment to top of file
	358	my $description = $cfg->{description} \|\| '';
	359	foreach my $line (split(/\n/, $description)) {
	360	$comment .= '#' . PVE::Tools::encode_text($line) . "\n";
	361	}
	362	delete $cfg->{description}; # add only as comment, no additional key-value pair
	363	my $dump = PVE::JSONSchema::dump_config($datacenter_schema, $filename, $cfg);
	364
	365	return $comment . "\n" . $dump;
ab966729 FG	366	}
ab966729 FG	367
02ce710f TL	368	PVE::Cluster::cfs_register_file(
	369	'datacenter.cfg',
	370	\&parse_datacenter_config,
	371	\&write_datacenter_config,
	372	);
ab966729 FG	373
ab966729 FG	374	1;