]>
git.proxmox.com Git - pve-cluster.git/blob - data/PVE/DataCenterConfig.pm
1 package PVE
:: DataCenterConfig
;
6 use PVE
:: JSONSchema
qw(parse_property_string) ;
10 my $migration_format = {
14 enum
=> [ 'secure' , 'insecure' ],
15 description
=> "Migration traffic is encrypted using an SSH tunnel by " .
16 "default. On secure, completely private networks this can be " .
17 "disabled to increase performance." ,
22 type
=> 'string' , format
=> 'CIDR' ,
23 format_description
=> 'CIDR' ,
24 description
=> "CIDR of the (sub) network that is used for migration."
31 enum
=> [ 'freeze' , 'failover' , 'conditional' , 'migrate' ],
32 description
=> "The policy for HA services on node shutdown. 'freeze' disables " .
33 "auto-recovery, 'failover' ensures recovery, 'conditional' recovers on " .
34 "poweroff and freezes on reboot. 'migrate' will migrate running services " .
35 "to other nodes, if possible. With 'freeze' or 'failover', HA Services will " .
36 "always get stopped first on shutdown." ,
37 verbose_description
=> "Describes the policy for handling HA services on poweroff " .
38 "or reboot of a node. Freeze will always freeze services which are still located " .
39 "on the node on shutdown, those services won't be recovered by the HA manager. " .
40 "Failover will not mark the services as frozen and thus the services will get " .
41 "recovered to other nodes, if the shutdown node does not come up again quickly " .
42 "(< 1min). 'conditional' chooses automatically depending on the type of shutdown, " .
43 "i.e., on a reboot the service will be frozen but on a poweroff the service will " .
44 "stay as is, and thus get recovered after about 2 minutes. " .
45 "Migrate will try to move all running services to another node when a reboot or " .
46 "shutdown was triggered. The poweroff process will only continue once no running services " .
47 "are located on the node anymore. If the node comes up again, the service will " .
48 "be moved back to the previously powered-off node, at least if no other migration, " .
49 "reloaction or recovery took place." ,
50 default => 'conditional' ,
54 my $next_id_format = {
57 description
=> "Lower, inclusive boundary for free next-id API range." ,
59 max
=> 1000 * 1000 * 1000 - 1 ,
65 description
=> "Upper, inclusive boundary for free next-id API range." ,
67 max
=> 1000 * 1000 * 1000 - 1 ,
68 default => 1000 * 1000 , # lower than the maximum on purpose
76 description
=> "U2F AppId URL override. Defaults to the origin." ,
77 format_description
=> 'APPID' ,
82 description
=> "U2F Origin override. Mostly useful for single nodes with a single URL." ,
83 format_description
=> 'URL' ,
88 my $webauthn_format = {
92 'Relying party name. Any text identifier.'
93 . ' Changing this *may* break existing credentials.' ,
94 format_description
=> 'RELYING_PARTY' ,
100 'Site origin. Must be a `https://` URL (or `http://localhost`).'
101 . ' Should contain the address users type in their browsers to access'
102 . ' the web interface.'
103 . ' Changing this *may* break existing credentials.' ,
104 format_description
=> 'URL' ,
110 'Relying part ID. Must be the domain name without protocol, port or location.'
111 . ' Changing this *will* break existing credentials.' ,
112 format_description
=> 'DOMAINNAME' ,
117 PVE
:: JSONSchema
:: register_format
( 'mac-prefix' , \
& pve_verify_mac_prefix
);
118 sub pve_verify_mac_prefix
{
119 my ( $mac_prefix, $noerr ) = @_ ;
121 if ( $mac_prefix !~ m/^[a-f0-9][02468ace](?::[a-f0-9]{2}){0,2}:?$/i ) {
122 return undef if $noerr ;
123 die "value is not a valid unicast MAC address prefix \n " ;
128 my $datacenter_schema = {
130 additionalProperties
=> 0 ,
135 description
=> "Default keybord layout for vnc server." ,
136 enum
=> PVE
:: Tools
:: kvmkeymaplist
(),
141 description
=> "Default GUI language." ,
169 description
=> "Specify external http proxy which is used for downloads (example: 'http://username:password\ @host :port/')" ,
170 pattern
=> "http://.*" ,
172 # FIXME: remove with 8.0 (add check to pve7to8!), merged into "migration" since 4.3
173 migration_unsecure
=> {
176 description
=> "Migration is secure using SSH tunnel by default. " .
177 "For secure private networks you can disable it to speed up " .
178 "migration. Deprecated, use the 'migration' property instead!" ,
183 format
=> $next_id_format,
184 description
=> "Control the range for the free VMID auto-selection pool." ,
188 type
=> 'string' , format
=> $migration_format,
189 description
=> "For cluster wide migration settings." ,
194 description
=> "Select the default Console viewer. You can either use the builtin java"
195 . " applet (VNC; deprecated and maps to html5), an external virt-viewer comtatible application (SPICE), an HTML5 based vnc viewer (noVNC), or an HTML5 based console client (xtermjs). If the selected viewer is not available (e.g. SPICE not activated for the VM), the fallback is noVNC." ,
196 # FIXME: remove 'applet' with 8.0 (add pve7to8 check!)
197 enum
=> [ 'applet' , 'vv' , 'html5' , 'xtermjs' ],
202 format
=> 'email-opt' ,
203 description
=> "Specify email address to send notification from (default is root @\$hostname )" ,
209 description
=> "Defines how many workers (per node) are maximal started " .
210 " on actions like 'stopall VMs' or task from the ha-manager." ,
215 default => 'watchdog' ,
216 enum
=> [ 'watchdog' , 'hardware' , 'both' ],
217 description
=> "Set the fencing mode of the HA cluster. Hardware mode " .
218 "needs a valid configuration of fence devices in /etc/pve/ha/fence.cfg." .
219 " With both all two modes are used." .
220 " \n\n WARNING: 'hardware' and 'both' are EXPERIMENTAL & WIP" ,
224 type
=> 'string' , format
=> $ha_format,
225 description
=> "Cluster wide HA settings." ,
230 format
=> 'mac-prefix' ,
231 description
=> 'Prefix for autogenerated MAC addresses.' ,
233 bwlimit
=> PVE
:: JSONSchema
:: get_standard_option
( 'bwlimit' ),
237 format
=> $u2f_format,
238 description
=> 'u2f' ,
243 format
=> $webauthn_format,
244 description
=> 'webauthn configuration' ,
248 description
=> "Datacenter description. Shown in the web-interface datacenter notes panel."
249 . " This is saved as comment inside the configuration file." ,
250 maxLength
=> 64 * 1024 ,
256 # make schema accessible from outside (for documentation)
257 sub get_datacenter_schema
{ return $datacenter_schema };
259 sub parse_datacenter_config
{
260 my ( $filename, $raw ) = @_ ;
262 $raw = '' if ! defined ( $raw );
264 # description may be comment or key-value pair (or both)
266 for my $line ( split ( /\n/ , $raw )) {
267 if ( $line =~ /^\#(.*)$/ ) {
268 $comment .= PVE
:: Tools
:: decode_text
( $1 ) . " \n " ;
272 # parse_config ignores lines with # => use $raw
273 my $res = PVE
:: JSONSchema
:: parse_config
( $datacenter_schema, $filename, $raw );
275 $res ->{ description
} = $comment ;
277 if ( my $migration = $res ->{ migration
}) {
278 $res ->{ migration
} = parse_property_string
( $migration_format, $migration );
281 if ( my $next_id = $res ->{ 'next-id' }) {
282 $res ->{ 'next-id' } = parse_property_string
( $next_id_format, $next_id );
285 if ( my $ha = $res ->{ ha
}) {
286 $res ->{ ha
} = parse_property_string
( $ha_format, $ha );
289 if ( my $u2f = $res ->{ u2f
}) {
290 $res ->{ u2f
} = parse_property_string
( $u2f_format, $u2f );
293 if ( my $webauthn = $res ->{ webauthn
}) {
294 $res ->{ webauthn
} = parse_property_string
( $webauthn_format, $webauthn );
297 # for backwards compatibility only, new migration property has precedence
298 if ( defined ( $res ->{ migration_unsecure
})) {
299 if ( defined ( $res ->{ migration
}->{ type
})) {
300 warn "deprecated setting 'migration_unsecure' and new 'migration: type' " .
301 "set at same time! Ignore 'migration_unsecure' \n " ;
303 $res ->{ migration
}->{ type
} = ( $res ->{ migration_unsecure
}) ?
'insecure' : 'secure' ;
307 # for backwards compatibility only, applet maps to html5
308 if ( defined ( $res ->{ console
}) && $res ->{ console
} eq 'applet' ) {
309 $res ->{ console
} = 'html5' ;
315 sub write_datacenter_config
{
316 my ( $filename, $cfg ) = @_ ;
318 # map deprecated setting to new one
319 if ( defined ( $cfg ->{ migration_unsecure
}) && ! defined ( $cfg ->{ migration
})) {
320 my $migration_unsecure = delete $cfg ->{ migration_unsecure
};
321 $cfg ->{ migration
}->{ type
} = ( $migration_unsecure ) ?
'insecure' : 'secure' ;
324 # map deprecated applet setting to html5
325 if ( defined ( $cfg ->{ console
}) && $cfg ->{ console
} eq 'applet' ) {
326 $cfg ->{ console
} = 'html5' ;
329 if ( ref ( my $migration = $cfg ->{ migration
})) {
330 $cfg ->{ migration
} = PVE
:: JSONSchema
:: print_property_string
( $migration, $migration_format );
333 if ( defined ( my $next_id = $cfg ->{ 'next-id' })) {
334 $next_id = parse_property_string
( $next_id_format, $next_id ) if ! ref ( $next_id );
336 my $lower = int ( $next_id ->{ lower
} // $next_id_format ->{ lower
}->{ default });
337 my $upper = int ( $next_id ->{ upper
} // $next_id_format ->{ upper
}->{ default });
339 die "lower ( $lower ) <= upper ( $upper ) boundary rule broken \n " if $lower > $upper ;
341 $cfg ->{ 'next-id' } = PVE
:: JSONSchema
:: print_property_string
( $next_id, $next_id_format );
344 if ( ref ( my $ha = $cfg ->{ ha
})) {
345 $cfg ->{ ha
} = PVE
:: JSONSchema
:: print_property_string
( $ha, $ha_format );
348 if ( ref ( my $u2f = $cfg ->{ u2f
})) {
349 $cfg ->{ u2f
} = PVE
:: JSONSchema
:: print_property_string
( $u2f, $u2f_format );
352 if ( ref ( my $webauthn = $cfg ->{ webauthn
})) {
353 $cfg ->{ webauthn
} = PVE
:: JSONSchema
:: print_property_string
( $webauthn, $webauthn_format );
357 # add description as comment to top of file
358 my $description = $cfg ->{ description
} || '' ;
359 foreach my $line ( split ( /\n/ , $description )) {
360 $comment .= '#' . PVE
:: Tools
:: encode_text
( $line ) . " \n " ;
362 delete $cfg ->{ description
}; # add only as comment, no additional key-value pair
363 my $dump = PVE
:: JSONSchema
:: dump_config
( $datacenter_schema, $filename, $cfg );
365 return $comment . " \n " . $dump ;
368 PVE
:: Cluster
:: cfs_register_file
(
370 \
& parse_datacenter_config
,
371 \
& write_datacenter_config
,