[pve-cluster.git] / data / PVE / DataCenterConfig.pm

package PVE::DataCenterConfig;

use strict;
use warnings;

use PVE::JSONSchema;
use PVE::Tools;
use PVE::Cluster;

my $migration_format = {
    type => {
	default_key => 1,
	type => 'string',
	enum => ['secure', 'insecure'],
	description => "Migration traffic is encrypted using an SSH tunnel by " .
	  "default. On secure, completely private networks this can be " .
	  "disabled to increase performance.",
	default => 'secure',
    },
    network => {
	optional => 1,
	type => 'string', format => 'CIDR',
	format_description => 'CIDR',
	description => "CIDR of the (sub) network that is used for migration."
    },
};

my $ha_format = {
    shutdown_policy => {
	type => 'string',
	enum => ['freeze', 'failover', 'conditional', 'migrate'],
	description => "The policy for HA services on node shutdown. 'freeze' disables ".
	    "auto-recovery, 'failover' ensures recovery, 'conditional' recovers on ".
	    "poweroff and freezes on reboot. 'migrate' will migrate running services ".
	    "to other nodes, if possible. With 'freeze' or 'failover', HA Services will ".
	    "always get stopped first on shutdown.",
	verbose_description => "Describes the policy for handling HA services on poweroff ".
	    "or reboot of a node. Freeze will always freeze services which are still located ".
	    "on the node on shutdown, those services won't be recovered by the HA manager. ".
	    "Failover will not mark the services as frozen and thus the services will get ".
	    "recovered to other nodes, if the shutdown node does not come up again quickly ".
	    "(< 1min). 'conditional' chooses automatically depending on the type of shutdown, ".
	    "i.e., on a reboot the service will be frozen but on a poweroff the service will ".
	    "stay as is, and thus get recovered after about 2 minutes. ".
	    "Migrate will try to move all running services to another node on both, reboot".
	    "and shutdown. The poweroff process will only continue once no running services ".
	    "are located on the node anymore. If the node comes up again, the service will ".
	    "be moved back to the previously powered-off node, at least if no other migration, ".
	    "reloaction or recovery took place.",
	default => 'conditional',
    }
};

my $u2f_format = {
    appid => {
	type => 'string',
	description => "U2F AppId URL override. Defaults to the origin.",
	format_description => 'APPID',
	optional => 1,
    },
    origin => {
	type => 'string',
	description => "U2F Origin override. Mostly useful for single nodes with a single URL.",
	format_description => 'URL',
	optional => 1,
    },
};


PVE::JSONSchema::register_format('mac-prefix', \&pve_verify_mac_prefix);
sub pve_verify_mac_prefix {
    my ($mac_prefix, $noerr) = @_;

    if ($mac_prefix !~ m/^[a-f0-9][02468ace](?::[a-f0-9]{2}){0,2}:?$/i) {
	return undef if $noerr;
	die "value is not a valid unicast MAC address prefix\n";
    }
    return $mac_prefix;
}

my $datacenter_schema = {
    type => "object",
    additionalProperties => 0,
    properties => {
	keyboard => {
	    optional => 1,
	    type => 'string',
	    description => "Default keybord layout for vnc server.",
	    enum => PVE::Tools::kvmkeymaplist(),
	},
	language => {
	    optional => 1,
	    type => 'string',
	    description => "Default GUI language.",
	    enum => [
		'ca',
		'da',
		'de',
		'en',
		'es',
		'eu',
		'fa',
		'fr',
		'he',
		'it',
		'ja',
		'nb',
		'nn',
		'pl',
		'pt_BR',
		'ru',
		'sl',
		'sv',
		'tr',
		'zh_CN',
		'zh_TW',
	    ],
	},
	http_proxy => {
	    optional => 1,
	    type => 'string',
	    description => "Specify external http proxy which is used for downloads (example: 'http://username:password\@host:port/')",
	    pattern => "http://.*",
	},
	migration_unsecure => {
	    optional => 1,
	    type => 'boolean',
	    description => "Migration is secure using SSH tunnel by default. " .
	      "For secure private networks you can disable it to speed up " .
	      "migration. Deprecated, use the 'migration' property instead!",
	},
	migration => {
	    optional => 1,
	    type => 'string', format => $migration_format,
	    description => "For cluster wide migration settings.",
	},
	console => {
	    optional => 1,
	    type => 'string',
	    description => "Select the default Console viewer. You can either use the builtin java applet (VNC; deprecated and maps to html5), an external virt-viewer comtatible application (SPICE), an HTML5 based vnc viewer (noVNC), or an HTML5 based console client (xtermjs). If the selected viewer is not available (e.g. SPICE not activated for the VM), the fallback is noVNC.",
	    enum => ['applet', 'vv', 'html5', 'xtermjs'],
	},
	email_from => {
	    optional => 1,
	    type => 'string',
	    format => 'email-opt',
	    description => "Specify email address to send notification from (default is root@\$hostname)",
	},
	max_workers => {
	    optional => 1,
	    type => 'integer',
	    minimum => 1,
	    description => "Defines how many workers (per node) are maximal started ".
	      " on actions like 'stopall VMs' or task from the ha-manager.",
	},
	fencing => {
	    optional => 1,
	    type => 'string',
	    default => 'watchdog',
	    enum => [ 'watchdog', 'hardware', 'both' ],
	    description => "Set the fencing mode of the HA cluster. Hardware mode " .
	      "needs a valid configuration of fence devices in /etc/pve/ha/fence.cfg." .
	      " With both all two modes are used." .
	      "\n\nWARNING: 'hardware' and 'both' are EXPERIMENTAL & WIP",
	},
	ha => {
	    optional => 1,
	    type => 'string', format => $ha_format,
	    description => "Cluster wide HA settings.",
	},
	mac_prefix => {
	    optional => 1,
	    type => 'string',
	    format => 'mac-prefix',
	    description => 'Prefix for autogenerated MAC addresses.',
	},
	bwlimit => PVE::JSONSchema::get_standard_option('bwlimit'),
	u2f => {
	    optional => 1,
	    type => 'string',
	    format => $u2f_format,
	    description => 'u2f',
	},
    },
};

# make schema accessible from outside (for documentation)
sub get_datacenter_schema { return $datacenter_schema };

sub parse_datacenter_config {
    my ($filename, $raw) = @_;

    my $res = PVE::JSONSchema::parse_config($datacenter_schema, $filename, $raw // '');

    if (my $migration = $res->{migration}) {
	$res->{migration} = PVE::JSONSchema::parse_property_string($migration_format, $migration);
    }

    if (my $ha = $res->{ha}) {
	$res->{ha} = PVE::JSONSchema::parse_property_string($ha_format, $ha);
    }

    if (my $u2f = $res->{u2f}) {
	$res->{u2f} = PVE::JSONSchema::parse_property_string($u2f_format, $u2f);
    }

    # for backwards compatibility only, new migration property has precedence
    if (defined($res->{migration_unsecure})) {
	if (defined($res->{migration}->{type})) {
	    warn "deprecated setting 'migration_unsecure' and new 'migration: type' " .
	      "set at same time! Ignore 'migration_unsecure'\n";
	} else {
	    $res->{migration}->{type} = ($res->{migration_unsecure}) ? 'insecure' : 'secure';
	}
    }

    # for backwards compatibility only, applet maps to html5
    if (defined($res->{console}) && $res->{console} eq 'applet') {
	$res->{console} = 'html5';
    }

    return $res;
}

sub write_datacenter_config {
    my ($filename, $cfg) = @_;

    # map deprecated setting to new one
    if (defined($cfg->{migration_unsecure}) && !defined($cfg->{migration})) {
	my $migration_unsecure = delete $cfg->{migration_unsecure};
	$cfg->{migration}->{type} = ($migration_unsecure) ? 'insecure' : 'secure';
    }

    # map deprecated applet setting to html5
    if (defined($cfg->{console}) && $cfg->{console} eq 'applet') {
	$cfg->{console} = 'html5';
    }

    if (ref($cfg->{migration})) {
	my $migration = $cfg->{migration};
	$cfg->{migration} = PVE::JSONSchema::print_property_string($migration, $migration_format);
    }

    if (ref($cfg->{ha})) {
	my $ha = $cfg->{ha};
	$cfg->{ha} = PVE::JSONSchema::print_property_string($ha, $ha_format);
    }

    if (ref($cfg->{u2f})) {
	my $u2f = $cfg->{u2f};
	$cfg->{u2f} = PVE::JSONSchema::print_property_string($u2f, $u2f_format);
    }

    return PVE::JSONSchema::dump_config($datacenter_schema, $filename, $cfg);
}

PVE::Cluster::cfs_register_file('datacenter.cfg',
		  \&parse_datacenter_config,
		  \&write_datacenter_config);

1;
Commit	Line	Data
ab966729 FG	1	package PVE::DataCenterConfig;
	2
	3	use strict;
	4	use warnings;
	5
	6	use PVE::JSONSchema;
	7	use PVE::Tools;
	8	use PVE::Cluster;
	9
	10	my $migration_format = {
	11	type => {
	12	default_key => 1,
	13	type => 'string',
	14	enum => ['secure', 'insecure'],
	15	description => "Migration traffic is encrypted using an SSH tunnel by " .
	16	"default. On secure, completely private networks this can be " .
	17	"disabled to increase performance.",
	18	default => 'secure',
	19	},
	20	network => {
	21	optional => 1,
	22	type => 'string', format => 'CIDR',
	23	format_description => 'CIDR',
	24	description => "CIDR of the (sub) network that is used for migration."
	25	},
	26	};
	27
	28	my $ha_format = {
	29	shutdown_policy => {
	30	type => 'string',
28c22b8d TL	31	enum => ['freeze', 'failover', 'conditional', 'migrate'],
	32	description => "The policy for HA services on node shutdown. 'freeze' disables ".
	33	"auto-recovery, 'failover' ensures recovery, 'conditional' recovers on ".
	34	"poweroff and freezes on reboot. 'migrate' will migrate running services ".
	35	"to other nodes, if possible. With 'freeze' or 'failover', HA Services will ".
	36	"always get stopped first on shutdown.",
	37	verbose_description => "Describes the policy for handling HA services on poweroff ".
	38	"or reboot of a node. Freeze will always freeze services which are still located ".
	39	"on the node on shutdown, those services won't be recovered by the HA manager. ".
	40	"Failover will not mark the services as frozen and thus the services will get ".
	41	"recovered to other nodes, if the shutdown node does not come up again quickly ".
	42	"(< 1min). 'conditional' chooses automatically depending on the type of shutdown, ".
	43	"i.e., on a reboot the service will be frozen but on a poweroff the service will ".
1818509b TL	44	"stay as is, and thus get recovered after about 2 minutes. ".
	45	"Migrate will try to move all running services to another node on both, reboot".
	46	"and shutdown. The poweroff process will only continue once no running services ".
	47	"are located on the node anymore. If the node comes up again, the service will ".
	48	"be moved back to the previously powered-off node, at least if no other migration, ".
	49	"reloaction or recovery took place.",
ab966729 FG	50	default => 'conditional',
	51	}
	52	};
	53
bcfa5ac1	54	my $u2f_format = {
ab966729 FG	55	appid => {
	56	type => 'string',
	57	description => "U2F AppId URL override. Defaults to the origin.",
	58	format_description => 'APPID',
	59	optional => 1,
	60	},
	61	origin => {
	62	type => 'string',
	63	description => "U2F Origin override. Mostly useful for single nodes with a single URL.",
	64	format_description => 'URL',
	65	optional => 1,
	66	},
	67	};
	68
	69
	70	PVE::JSONSchema::register_format('mac-prefix', \&pve_verify_mac_prefix);
	71	sub pve_verify_mac_prefix {
	72	my ($mac_prefix, $noerr) = @_;
	73
	74	if ($mac_prefix !~ m/^[a-f0-9][02468ace](?::[a-f0-9]{2}){0,2}:?$/i) {
	75	return undef if $noerr;
	76	die "value is not a valid unicast MAC address prefix\n";
	77	}
	78	return $mac_prefix;
	79	}
	80
	81	my $datacenter_schema = {
	82	type => "object",
	83	additionalProperties => 0,
	84	properties => {
	85	keyboard => {
	86	optional => 1,
	87	type => 'string',
	88	description => "Default keybord layout for vnc server.",
	89	enum => PVE::Tools::kvmkeymaplist(),
	90	},
	91	language => {
	92	optional => 1,
	93	type => 'string',
	94	description => "Default GUI language.",
	95	enum => [
	96	'ca',
	97	'da',
	98	'de',
	99	'en',
	100	'es',
	101	'eu',
	102	'fa',
	103	'fr',
	104	'he',
	105	'it',
	106	'ja',
	107	'nb',
	108	'nn',
	109	'pl',
	110	'pt_BR',
	111	'ru',
	112	'sl',
	113	'sv',
	114	'tr',
	115	'zh_CN',
	116	'zh_TW',
	117	],
	118	},
119	http_proxy => {
120	optional => 1,
121	type => 'string',
122	description => "Specify external http proxy which is used for downloads (example: 'http://username:password\@host:port/')",
123	pattern => "http://.*",
124	},
125	migration_unsecure => {
126	optional => 1,
127	type => 'boolean',
128	description => "Migration is secure using SSH tunnel by default. " .
129	"For secure private networks you can disable it to speed up " .
130	"migration. Deprecated, use the 'migration' property instead!",
131	},
132	migration => {
133	optional => 1,
134	type => 'string', format => $migration_format,
135	description => "For cluster wide migration settings.",
136	},
137	console => {
138	optional => 1,
139	type => 'string',
140	description => "Select the default Console viewer. You can either use the builtin java applet (VNC; deprecated and maps to html5), an external virt-viewer comtatible application (SPICE), an HTML5 based vnc viewer (noVNC), or an HTML5 based console client (xtermjs). If the selected viewer is not available (e.g. SPICE not activated for the VM), the fallback is noVNC.",
141	enum => ['applet', 'vv', 'html5', 'xtermjs'],
142	},
143	email_from => {
144	optional => 1,
145	type => 'string',
146	format => 'email-opt',
147	description => "Specify email address to send notification from (default is root@\$hostname)",
148	},
149	max_workers => {
150	optional => 1,
151	type => 'integer',
152	minimum => 1,
153	description => "Defines how many workers (per node) are maximal started ".
154	" on actions like 'stopall VMs' or task from the ha-manager.",
155	},
156	fencing => {
157	optional => 1,
158	type => 'string',
159	default => 'watchdog',
160	enum => [ 'watchdog', 'hardware', 'both' ],
161	description => "Set the fencing mode of the HA cluster. Hardware mode " .
162	"needs a valid configuration of fence devices in /etc/pve/ha/fence.cfg." .
163	" With both all two modes are used." .
164	"\n\nWARNING: 'hardware' and 'both' are EXPERIMENTAL & WIP",
165	},
166	ha => {
167	optional => 1,
168	type => 'string', format => $ha_format,
169	description => "Cluster wide HA settings.",
170	},
171	mac_prefix => {
172	optional => 1,
173	type => 'string',
174	format => 'mac-prefix',
175	description => 'Prefix for autogenerated MAC addresses.',
176	},
177	bwlimit => PVE::JSONSchema::get_standard_option('bwlimit'),
178	u2f => {
179	optional => 1,
180	type => 'string',
181	format => $u2f_format,
182	description => 'u2f',
183	},
184	},
185	};
186
187	# make schema accessible from outside (for documentation)
188	sub get_datacenter_schema { return $datacenter_schema };
189
190	sub parse_datacenter_config {
191	my ($filename, $raw) = @_;
192
193	my $res = PVE::JSONSchema::parse_config($datacenter_schema, $filename, $raw // '');
194
195	if (my $migration = $res->{migration}) {
196	$res->{migration} = PVE::JSONSchema::parse_property_string($migration_format, $migration);
197	}
198
199	if (my $ha = $res->{ha}) {
200	$res->{ha} = PVE::JSONSchema::parse_property_string($ha_format, $ha);
201	}
202
bcfa5ac1 FG	203	if (my $u2f = $res->{u2f}) {
	204	$res->{u2f} = PVE::JSONSchema::parse_property_string($u2f_format, $u2f);
	205	}
	206
ab966729 FG	207	# for backwards compatibility only, new migration property has precedence
	208	if (defined($res->{migration_unsecure})) {
	209	if (defined($res->{migration}->{type})) {
	210	warn "deprecated setting 'migration_unsecure' and new 'migration: type' " .
	211	"set at same time! Ignore 'migration_unsecure'\n";
	212	} else {
	213	$res->{migration}->{type} = ($res->{migration_unsecure}) ? 'insecure' : 'secure';
	214	}
	215	}
	216
	217	# for backwards compatibility only, applet maps to html5
	218	if (defined($res->{console}) && $res->{console} eq 'applet') {
	219	$res->{console} = 'html5';
	220	}
	221
	222	return $res;
	223	}
	224
	225	sub write_datacenter_config {
	226	my ($filename, $cfg) = @_;
	227
	228	# map deprecated setting to new one
	229	if (defined($cfg->{migration_unsecure}) && !defined($cfg->{migration})) {
	230	my $migration_unsecure = delete $cfg->{migration_unsecure};
	231	$cfg->{migration}->{type} = ($migration_unsecure) ? 'insecure' : 'secure';
	232	}
	233
	234	# map deprecated applet setting to html5
	235	if (defined($cfg->{console}) && $cfg->{console} eq 'applet') {
	236	$cfg->{console} = 'html5';
	237	}
	238
	239	if (ref($cfg->{migration})) {
	240	my $migration = $cfg->{migration};
	241	$cfg->{migration} = PVE::JSONSchema::print_property_string($migration, $migration_format);
	242	}
	243
	244	if (ref($cfg->{ha})) {
	245	my $ha = $cfg->{ha};
	246	$cfg->{ha} = PVE::JSONSchema::print_property_string($ha, $ha_format);
	247	}
	248
bcfa5ac1 FG	249	if (ref($cfg->{u2f})) {
	250	my $u2f = $cfg->{u2f};
	251	$cfg->{u2f} = PVE::JSONSchema::print_property_string($u2f, $u2f_format);
	252	}
	253
ab966729 FG	254	return PVE::JSONSchema::dump_config($datacenter_schema, $filename, $cfg);
	255	}
	256
	257	PVE::Cluster::cfs_register_file('datacenter.cfg',
	258	\&parse_datacenter_config,
	259	\&write_datacenter_config);
	260
	261	1;