# IM - Infrastructure Manager # Copyright (C) 2011 - GRyCAP - Universitat Politecnica de Valencia # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . [im] # XML-RPC API Info ACTIVATE_XMLRPC = True # TCP/IP port where the XML-RPC server will be listening-in. XMLRCP_PORT = 8899 # Address where the XML-RPC server will be listening-in. # 0.0.0.0 will listen in all the IPs of the machine XMLRCP_ADDRESS = 0.0.0.0 # IM Boot mode # It can be: 0-Normal, 1-ReadOnly, 2-ReadDelete BOOT_MODE = 0 # Save IM data into a SQLite DB DATA_DB = sqlite:///etc/im/inf.dat # Save IM data into a MySQL DB #DATA_DB = mysql://username:password@server/db_name # Save IM data into a MongoDB #DATA_DB = mongodb://username:password@server/db_name #DATA_DB = mongodb://server1,server2/db_name?replicaSet=rsname # IM user DB. To restrict the users that can access the IM service. # Comment it or set a blank value to disable user check. USER_DB = # IM admin user. It will be able to manage all the infrastructures in the service. # But it should also provide correct credentials to access cloud providers. # ADMIN_USER = {"username": "user", "password": "pass"} # In case of OIDC users, use this format: # ADMIN_USER = {"username": "", "password": "https://some_issuer.com/user_sub", "token": ""} # Maximum number of simultaneous VM launch/delete operations # In some old versions of python (prior to 2.7.5 or 3.3.2) it can produce an error # See https://bugs.python.org/issue10015. In this case set this value to 1 MAX_SIMULTANEOUS_LAUNCHES = 5 # Max number of retries launching a VM (always > 0) MAX_VM_FAILS = 3 # Timeout to get a VM in running state WAIT_RUNNING_VM_TIMEOUT = 1800 # Timeout to check SSH access to the master VM (time to boot the VM) WAIT_SSH_ACCCESS_TIMEOUT = 300 # Timeout for a VM to get a public IP WAIT_PUBLIC_IP_TIMEOUT = 90 # Maximum frequency to update the VM info (in secs) VM_INFO_UPDATE_FREQUENCY = 10 # Maximum time that a VM status maintains the current status in case of connection failure with the # Cloud provider (in secs). If the time is over this value the status is set to 'unknown'. # This value must be always higher than VM_INFO_UPDATE_FREQUENCY. VM_INFO_UPDATE_ERROR_GRACE_PERIOD = 120 # Log File LOG_LEVEL = INFO LOG_FILE = /var/log/im/im.log LOG_FILE_MAX_SIZE = 10485760 # Default VM values DEFAULT_VM_MEMORY = 512 DEFAULT_VM_MEMORY_UNIT = M DEFAULT_VM_CPUS = 1 DEFAULT_VM_CPU_ARCH = x86_64 DEFAULT_VM_NAME = vnode-#N# DEFAULT_DOMAIN = localdomain # REST API Info ACTIVATE_REST = True REST_PORT = 8800 REST_ADDRESS = 0.0.0.0 # Contextualization data CONTEXTUALIZATION_DIR = /usr/share/im/contextualization RECIPES_DIR = %(CONTEXTUALIZATION_DIR)s/AnsibleRecipes RECIPES_DB_FILE = %(CONTEXTUALIZATION_DIR)s/recipes_ansible.db MAX_CONTEXTUALIZATION_TIME = 7200 REMOTE_CONF_DIR = /var/tmp/.im # Interval to update the state of the contextualization process in the VMs (in secs) CHECK_CTXT_PROCESS_INTERVAL = 10 # Interval to update the log output of the contextualization process in the VMs (in secs) UPDATE_CTXT_LOG_INTERVAL = 20 # Interval to update the state of the processes of the ConfManager (in secs) CONFMAMAGER_CHECK_STATE_INTERVAL = 5 # Max time expected to install Ansible in the master node ANSIBLE_INSTALL_TIMEOUT = 500 # Number of VMs in an infrastructure that will use the distributed version of the Ctxt Agent VM_NUM_USE_CTXT_DIST = 30 # Secure version of the XML-RPC XMLRCP_SSL = False XMLRCP_SSL_KEYFILE = /etc/im/pki/server-key.pem XMLRCP_SSL_CERTFILE = /etc/im/pki/server-cert.pem XMLRCP_SSL_CA_CERTS = /etc/im/pki/ca-chain.pem # Return the VM information of function GetVMInfo in RADL JSON instead of plain RADL VMINFO_JSON = False # Secure version of the REST API REST_SSL = False REST_SSL_KEYFILE = /etc/im/pki/server-key.pem REST_SSL_CERTFILE = /etc/im/pki/server-cert.pem REST_SSL_CA_CERTS = /etc/im/pki/ca-chain.pem # Number of retries of the Ansible playbooks in case of failure PLAYBOOK_RETRIES = 3 # List of networks assumed as private # It must be a coma separated string of the network definitions (without spaces) # This are the default values: # PRIVATE_NET_MASKS = 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16,100.64.0.0/10,192.0.0.0/24,198.18.0.0/15 # Flag to use the IM as interface to a single site (OpenNebula or OpenStack site) SINGLE_SITE = False # Set the type of the single site SINGLE_SITE_TYPE = OpenNebula # Set the host to be used in the auth line of the single site SINGLE_SITE_AUTH_HOST = http://server.com:2633 # Set the url prefix of the images of the single site SINGLE_SITE_IMAGE_URL_PREFIX = one://server.com/ # List of OIDC issuers supported OIDC_ISSUERS = https://aai.egi.eu/auth/realms/egi # If set the IM will check that the string defined here appear in the "aud" claim of the OpenID access token #OIDC_AUDIENCE = # OIDC client ID and secret of the IM service #OIDC_CLIENT_ID = #OIDC_CLIENT_SECRET = # List of scopes that must appear in the token request to access the IM service # Client ID and Secret must be provided to make it work #OIDC_SCOPES = # Paths to the userinfo and introspection OIDC #OIDC_USER_INFO_PATH = "/userinfo" #OIDC_INSTROSPECT_PATH = "/introspect" # Force the users to pass a valid OIDC token #FORCE_OIDC_AUTH = False # Time (in seconds) the IM service will maintain the information of an infrastructure # in memory. Only used in case of IM in HA mode. #INF_CACHE_TIME = 3600 # Verify SSL hosts in CloudConnectors connections # If you set it to True you must assure the CA certificates are installed correctly VERIFI_SSL = False # Activate SSH reverse tunnels SSH_REVERSE_TUNNELS = True # Variables to enable CORS ENABLE_CORS = False CORS_ORIGIN = * # Variables to configure Vault to get user credentials #VAULT_URL = #VAULT_PATH = #VAULT_MOUNT_POINT = #VAULT_ROLE = # Name of the tags that IM will add in the VMs with # username, infrastructure ID, URL of the IM service, and IM name # comment or leave empty not to set them VM_TAG_USERNAME = IM_USER VM_TAG_INF_ID = IM_INFRA_ID #VM_TAG_IM_URL = IM_URL #VM_TAG_IM = IM_TYPE [OpenNebula] # OpenNebula connector configuration values # Text to add to the CONTEXT section of the ONE template (except SSH_PUBLIC_KEY) TEMPLATE_CONTEXT = # Text to add to the ONE Template different to NAME, CPU, VCPU, MEMORY, OS, DISK and CONTEXT TEMPLATE_OTHER = GRAPHICS = [type="vnc",listen="0.0.0.0", keymap="es"] # Set the IMAGE_UNAME value in case of using the name of the disk image in the Template IMAGE_UNAME = oneadmin # URL of the OpenNebula TTS endpoint (https://www.gitbook.com/book/indigo-dc/token-translation-service) TTS_URL = https://localhost:8443