[pve-cluster.git] / data / PVE / DataCenterConfig.pm

package PVE::DataCenterConfig;

use strict;
use warnings;

use PVE::JSONSchema;
use PVE::Tools;
use PVE::Cluster;

my $migration_format = {
    type => {
	default_key => 1,
	type => 'string',
	enum => ['secure', 'insecure'],
	description => "Migration traffic is encrypted using an SSH tunnel by " .
	  "default. On secure, completely private networks this can be " .
	  "disabled to increase performance.",
	default => 'secure',
    },
    network => {
	optional => 1,
	type => 'string', format => 'CIDR',
	format_description => 'CIDR',
	description => "CIDR of the (sub) network that is used for migration."
    },
};

my $ha_format = {
    shutdown_policy => {
	type => 'string',
	enum => ['freeze', 'failover', 'conditional', 'migrate'],
	description => "The policy for HA services on node shutdown. 'freeze' disables ".
	    "auto-recovery, 'failover' ensures recovery, 'conditional' recovers on ".
	    "poweroff and freezes on reboot. 'migrate' will migrate running services ".
	    "to other nodes, if possible. With 'freeze' or 'failover', HA Services will ".
	    "always get stopped first on shutdown.",
	verbose_description => "Describes the policy for handling HA services on poweroff ".
	    "or reboot of a node. Freeze will always freeze services which are still located ".
	    "on the node on shutdown, those services won't be recovered by the HA manager. ".
	    "Failover will not mark the services as frozen and thus the services will get ".
	    "recovered to other nodes, if the shutdown node does not come up again quickly ".
	    "(< 1min). 'conditional' chooses automatically depending on the type of shutdown, ".
	    "i.e., on a reboot the service will be frozen but on a poweroff the service will ".
	    "stay as is, and thus get recovered after about 2 minutes.",
	default => 'conditional',
    }
};

my $u2f_format = {
    appid => {
	type => 'string',
	description => "U2F AppId URL override. Defaults to the origin.",
	format_description => 'APPID',
	optional => 1,
    },
    origin => {
	type => 'string',
	description => "U2F Origin override. Mostly useful for single nodes with a single URL.",
	format_description => 'URL',
	optional => 1,
    },
};


PVE::JSONSchema::register_format('mac-prefix', \&pve_verify_mac_prefix);
sub pve_verify_mac_prefix {
    my ($mac_prefix, $noerr) = @_;

    if ($mac_prefix !~ m/^[a-f0-9][02468ace](?::[a-f0-9]{2}){0,2}:?$/i) {
	return undef if $noerr;
	die "value is not a valid unicast MAC address prefix\n";
    }
    return $mac_prefix;
}

my $datacenter_schema = {
    type => "object",
    additionalProperties => 0,
    properties => {
	keyboard => {
	    optional => 1,
	    type => 'string',
	    description => "Default keybord layout for vnc server.",
	    enum => PVE::Tools::kvmkeymaplist(),
	},
	language => {
	    optional => 1,
	    type => 'string',
	    description => "Default GUI language.",
	    enum => [
		'ca',
		'da',
		'de',
		'en',
		'es',
		'eu',
		'fa',
		'fr',
		'he',
		'it',
		'ja',
		'nb',
		'nn',
		'pl',
		'pt_BR',
		'ru',
		'sl',
		'sv',
		'tr',
		'zh_CN',
		'zh_TW',
	    ],
	},
	http_proxy => {
	    optional => 1,
	    type => 'string',
	    description => "Specify external http proxy which is used for downloads (example: 'http://username:password\@host:port/')",
	    pattern => "http://.*",
	},
	migration_unsecure => {
	    optional => 1,
	    type => 'boolean',
	    description => "Migration is secure using SSH tunnel by default. " .
	      "For secure private networks you can disable it to speed up " .
	      "migration. Deprecated, use the 'migration' property instead!",
	},
	migration => {
	    optional => 1,
	    type => 'string', format => $migration_format,
	    description => "For cluster wide migration settings.",
	},
	console => {
	    optional => 1,
	    type => 'string',
	    description => "Select the default Console viewer. You can either use the builtin java applet (VNC; deprecated and maps to html5), an external virt-viewer comtatible application (SPICE), an HTML5 based vnc viewer (noVNC), or an HTML5 based console client (xtermjs). If the selected viewer is not available (e.g. SPICE not activated for the VM), the fallback is noVNC.",
	    enum => ['applet', 'vv', 'html5', 'xtermjs'],
	},
	email_from => {
	    optional => 1,
	    type => 'string',
	    format => 'email-opt',
	    description => "Specify email address to send notification from (default is root@\$hostname)",
	},
	max_workers => {
	    optional => 1,
	    type => 'integer',
	    minimum => 1,
	    description => "Defines how many workers (per node) are maximal started ".
	      " on actions like 'stopall VMs' or task from the ha-manager.",
	},
	fencing => {
	    optional => 1,
	    type => 'string',
	    default => 'watchdog',
	    enum => [ 'watchdog', 'hardware', 'both' ],
	    description => "Set the fencing mode of the HA cluster. Hardware mode " .
	      "needs a valid configuration of fence devices in /etc/pve/ha/fence.cfg." .
	      " With both all two modes are used." .
	      "\n\nWARNING: 'hardware' and 'both' are EXPERIMENTAL & WIP",
	},
	ha => {
	    optional => 1,
	    type => 'string', format => $ha_format,
	    description => "Cluster wide HA settings.",
	},
	mac_prefix => {
	    optional => 1,
	    type => 'string',
	    format => 'mac-prefix',
	    description => 'Prefix for autogenerated MAC addresses.',
	},
	bwlimit => PVE::JSONSchema::get_standard_option('bwlimit'),
	u2f => {
	    optional => 1,
	    type => 'string',
	    format => $u2f_format,
	    description => 'u2f',
	},
    },
};

# make schema accessible from outside (for documentation)
sub get_datacenter_schema { return $datacenter_schema };

sub parse_datacenter_config {
    my ($filename, $raw) = @_;

    my $res = PVE::JSONSchema::parse_config($datacenter_schema, $filename, $raw // '');

    if (my $migration = $res->{migration}) {
	$res->{migration} = PVE::JSONSchema::parse_property_string($migration_format, $migration);
    }

    if (my $ha = $res->{ha}) {
	$res->{ha} = PVE::JSONSchema::parse_property_string($ha_format, $ha);
    }

    if (my $u2f = $res->{u2f}) {
	$res->{u2f} = PVE::JSONSchema::parse_property_string($u2f_format, $u2f);
    }

    # for backwards compatibility only, new migration property has precedence
    if (defined($res->{migration_unsecure})) {
	if (defined($res->{migration}->{type})) {
	    warn "deprecated setting 'migration_unsecure' and new 'migration: type' " .
	      "set at same time! Ignore 'migration_unsecure'\n";
	} else {
	    $res->{migration}->{type} = ($res->{migration_unsecure}) ? 'insecure' : 'secure';
	}
    }

    # for backwards compatibility only, applet maps to html5
    if (defined($res->{console}) && $res->{console} eq 'applet') {
	$res->{console} = 'html5';
    }

    return $res;
}

sub write_datacenter_config {
    my ($filename, $cfg) = @_;

    # map deprecated setting to new one
    if (defined($cfg->{migration_unsecure}) && !defined($cfg->{migration})) {
	my $migration_unsecure = delete $cfg->{migration_unsecure};
	$cfg->{migration}->{type} = ($migration_unsecure) ? 'insecure' : 'secure';
    }

    # map deprecated applet setting to html5
    if (defined($cfg->{console}) && $cfg->{console} eq 'applet') {
	$cfg->{console} = 'html5';
    }

    if (ref($cfg->{migration})) {
	my $migration = $cfg->{migration};
	$cfg->{migration} = PVE::JSONSchema::print_property_string($migration, $migration_format);
    }

    if (ref($cfg->{ha})) {
	my $ha = $cfg->{ha};
	$cfg->{ha} = PVE::JSONSchema::print_property_string($ha, $ha_format);
    }

    if (ref($cfg->{u2f})) {
	my $u2f = $cfg->{u2f};
	$cfg->{u2f} = PVE::JSONSchema::print_property_string($u2f, $u2f_format);
    }

    return PVE::JSONSchema::dump_config($datacenter_schema, $filename, $cfg);
}

PVE::Cluster::cfs_register_file('datacenter.cfg',
		  \&parse_datacenter_config,
		  \&write_datacenter_config);

1;
Commit	Line	Data
ab966729 FG	1	package PVE::DataCenterConfig;
	2
	3	use strict;
	4	use warnings;
	5
	6	use PVE::JSONSchema;
	7	use PVE::Tools;
	8	use PVE::Cluster;
	9
	10	my $migration_format = {
	11	type => {
	12	default_key => 1,
	13	type => 'string',
	14	enum => ['secure', 'insecure'],
	15	description => "Migration traffic is encrypted using an SSH tunnel by " .
	16	"default. On secure, completely private networks this can be " .
	17	"disabled to increase performance.",
	18	default => 'secure',
	19	},
	20	network => {
	21	optional => 1,
	22	type => 'string', format => 'CIDR',
	23	format_description => 'CIDR',
	24	description => "CIDR of the (sub) network that is used for migration."
	25	},
	26	};
	27
	28	my $ha_format = {
	29	shutdown_policy => {
	30	type => 'string',
28c22b8d TL	31	enum => ['freeze', 'failover', 'conditional', 'migrate'],
	32	description => "The policy for HA services on node shutdown. 'freeze' disables ".
	33	"auto-recovery, 'failover' ensures recovery, 'conditional' recovers on ".
	34	"poweroff and freezes on reboot. 'migrate' will migrate running services ".
	35	"to other nodes, if possible. With 'freeze' or 'failover', HA Services will ".
	36	"always get stopped first on shutdown.",
	37	verbose_description => "Describes the policy for handling HA services on poweroff ".
	38	"or reboot of a node. Freeze will always freeze services which are still located ".
	39	"on the node on shutdown, those services won't be recovered by the HA manager. ".
	40	"Failover will not mark the services as frozen and thus the services will get ".
	41	"recovered to other nodes, if the shutdown node does not come up again quickly ".
	42	"(< 1min). 'conditional' chooses automatically depending on the type of shutdown, ".
	43	"i.e., on a reboot the service will be frozen but on a poweroff the service will ".
	44	"stay as is, and thus get recovered after about 2 minutes.",
ab966729 FG	45	default => 'conditional',
	46	}
	47	};
	48
bcfa5ac1	49	my $u2f_format = {
ab966729 FG	50	appid => {
	51	type => 'string',
	52	description => "U2F AppId URL override. Defaults to the origin.",
	53	format_description => 'APPID',
	54	optional => 1,
	55	},
	56	origin => {
	57	type => 'string',
	58	description => "U2F Origin override. Mostly useful for single nodes with a single URL.",
	59	format_description => 'URL',
	60	optional => 1,
	61	},
	62	};
	63
	64
	65	PVE::JSONSchema::register_format('mac-prefix', \&pve_verify_mac_prefix);
	66	sub pve_verify_mac_prefix {
	67	my ($mac_prefix, $noerr) = @_;
	68
	69	if ($mac_prefix !~ m/^[a-f0-9][02468ace](?::[a-f0-9]{2}){0,2}:?$/i) {
	70	return undef if $noerr;
	71	die "value is not a valid unicast MAC address prefix\n";
	72	}
	73	return $mac_prefix;
	74	}
	75
	76	my $datacenter_schema = {
	77	type => "object",
	78	additionalProperties => 0,
	79	properties => {
	80	keyboard => {
	81	optional => 1,
	82	type => 'string',
	83	description => "Default keybord layout for vnc server.",
	84	enum => PVE::Tools::kvmkeymaplist(),
	85	},
	86	language => {
	87	optional => 1,
	88	type => 'string',
	89	description => "Default GUI language.",
	90	enum => [
	91	'ca',
	92	'da',
	93	'de',
	94	'en',
	95	'es',
	96	'eu',
	97	'fa',
	98	'fr',
	99	'he',
	100	'it',
	101	'ja',
	102	'nb',
	103	'nn',
	104	'pl',
	105	'pt_BR',
	106	'ru',
	107	'sl',
	108	'sv',
	109	'tr',
	110	'zh_CN',
	111	'zh_TW',
	112	],
	113	},
114	http_proxy => {
115	optional => 1,
116	type => 'string',
117	description => "Specify external http proxy which is used for downloads (example: 'http://username:password\@host:port/')",
118	pattern => "http://.*",
119	},
120	migration_unsecure => {
121	optional => 1,
122	type => 'boolean',
123	description => "Migration is secure using SSH tunnel by default. " .
124	"For secure private networks you can disable it to speed up " .
125	"migration. Deprecated, use the 'migration' property instead!",
126	},
127	migration => {
128	optional => 1,
129	type => 'string', format => $migration_format,
130	description => "For cluster wide migration settings.",
131	},
132	console => {
133	optional => 1,
134	type => 'string',
135	description => "Select the default Console viewer. You can either use the builtin java applet (VNC; deprecated and maps to html5), an external virt-viewer comtatible application (SPICE), an HTML5 based vnc viewer (noVNC), or an HTML5 based console client (xtermjs). If the selected viewer is not available (e.g. SPICE not activated for the VM), the fallback is noVNC.",
136	enum => ['applet', 'vv', 'html5', 'xtermjs'],
137	},
138	email_from => {
139	optional => 1,
140	type => 'string',
141	format => 'email-opt',
142	description => "Specify email address to send notification from (default is root@\$hostname)",
143	},
144	max_workers => {
145	optional => 1,
146	type => 'integer',
147	minimum => 1,
148	description => "Defines how many workers (per node) are maximal started ".
149	" on actions like 'stopall VMs' or task from the ha-manager.",
150	},
151	fencing => {
152	optional => 1,
153	type => 'string',
154	default => 'watchdog',
155	enum => [ 'watchdog', 'hardware', 'both' ],
156	description => "Set the fencing mode of the HA cluster. Hardware mode " .
157	"needs a valid configuration of fence devices in /etc/pve/ha/fence.cfg." .
158	" With both all two modes are used." .
159	"\n\nWARNING: 'hardware' and 'both' are EXPERIMENTAL & WIP",
160	},
161	ha => {
162	optional => 1,
163	type => 'string', format => $ha_format,
164	description => "Cluster wide HA settings.",
165	},
166	mac_prefix => {
167	optional => 1,
168	type => 'string',
169	format => 'mac-prefix',
170	description => 'Prefix for autogenerated MAC addresses.',
171	},
172	bwlimit => PVE::JSONSchema::get_standard_option('bwlimit'),
173	u2f => {
174	optional => 1,
175	type => 'string',
176	format => $u2f_format,
177	description => 'u2f',
178	},
179	},
180	};
181
182	# make schema accessible from outside (for documentation)
183	sub get_datacenter_schema { return $datacenter_schema };
184
185	sub parse_datacenter_config {
186	my ($filename, $raw) = @_;
187
188	my $res = PVE::JSONSchema::parse_config($datacenter_schema, $filename, $raw // '');
189
190	if (my $migration = $res->{migration}) {
191	$res->{migration} = PVE::JSONSchema::parse_property_string($migration_format, $migration);
192	}
193
194	if (my $ha = $res->{ha}) {
195	$res->{ha} = PVE::JSONSchema::parse_property_string($ha_format, $ha);
196	}
197
bcfa5ac1 FG	198	if (my $u2f = $res->{u2f}) {
	199	$res->{u2f} = PVE::JSONSchema::parse_property_string($u2f_format, $u2f);
	200	}
	201
ab966729 FG	202	# for backwards compatibility only, new migration property has precedence
	203	if (defined($res->{migration_unsecure})) {
	204	if (defined($res->{migration}->{type})) {
	205	warn "deprecated setting 'migration_unsecure' and new 'migration: type' " .
	206	"set at same time! Ignore 'migration_unsecure'\n";
	207	} else {
	208	$res->{migration}->{type} = ($res->{migration_unsecure}) ? 'insecure' : 'secure';
	209	}
	210	}
	211
	212	# for backwards compatibility only, applet maps to html5
	213	if (defined($res->{console}) && $res->{console} eq 'applet') {
	214	$res->{console} = 'html5';
	215	}
	216
	217	return $res;
	218	}
	219
	220	sub write_datacenter_config {
	221	my ($filename, $cfg) = @_;
	222
	223	# map deprecated setting to new one
	224	if (defined($cfg->{migration_unsecure}) && !defined($cfg->{migration})) {
	225	my $migration_unsecure = delete $cfg->{migration_unsecure};
	226	$cfg->{migration}->{type} = ($migration_unsecure) ? 'insecure' : 'secure';
	227	}
	228
	229	# map deprecated applet setting to html5
	230	if (defined($cfg->{console}) && $cfg->{console} eq 'applet') {
	231	$cfg->{console} = 'html5';
	232	}
	233
	234	if (ref($cfg->{migration})) {
	235	my $migration = $cfg->{migration};
	236	$cfg->{migration} = PVE::JSONSchema::print_property_string($migration, $migration_format);
	237	}
	238
	239	if (ref($cfg->{ha})) {
	240	my $ha = $cfg->{ha};
	241	$cfg->{ha} = PVE::JSONSchema::print_property_string($ha, $ha_format);
	242	}
	243
bcfa5ac1 FG	244	if (ref($cfg->{u2f})) {
	245	my $u2f = $cfg->{u2f};
	246	$cfg->{u2f} = PVE::JSONSchema::print_property_string($u2f, $u2f_format);
	247	}
	248
ab966729 FG	249	return PVE::JSONSchema::dump_config($datacenter_schema, $filename, $cfg);
	250	}
	251
	252	PVE::Cluster::cfs_register_file('datacenter.cfg',
	253	\&parse_datacenter_config,
	254	\&write_datacenter_config);
	255
	256	1;