# Skydive config file
# host_id is used to reference the agent, by default set to hostname
# host_id:
tls:
# File path to X509 Certificate and Private Key to enable TLS communication
# Unique certificate per agent is recommended
# client_cert: /etc/ssl/certs/agent.domain.com.crt
# client_key: /etc/ssl/certs/agent.domain.com.key
# server_cert: /etc/ssl/certs/analyzer.domain.com.crt
# server_key: /etc/ssl/certs/analyzer.domain.com.key
# ca_cert: /etc/ssl/certs/ca.domain.com.crt
http:
# define the Cookie HTTP Request Header
cookie:
# <name1>: <value1>
# <name2>: <value2>
rest:
# log the HTTP client request and response (to log level DEBUG)
# debug: false
ws:
# WebSocket delay between two pings.
# ping_delay: 2
# WebSocket Ping/Pong timeout in second.
# pong_timeout: 5
# maximum number of topology aggregated messages before sending
# bulk_maxmsgs: 100
# duration in seconds before flushing topology aggregated messages
# bulk_maxdelay: 2
# Maximum size of the message queue
# queue_size: 10000
# enable write compression
# enable_write_compression: true
analyzer:
# address and port for the analyzer API, Format: addr:port.
# Default addr is 127.0.0.1
# listen: :8082
auth:
# auth section for API request
api:
# Specify the name of the auth backend definition, see auth section.
# backend: noauth
cluster:
# Specify the name of the auth backend definition, see auth section.
# backend: noauth
# Specify username, password for cluster authentication. Used for analyzer/analyzer communication.
# username: admin
# password: password
# Section defining things to be invoked on startup
startup:
# By default no capturing, set filter to capture from selected nodes
# from the beginning automatically
# capture_gremlin: "G.V().has('Name', NE('lo'))"
# capture_bpf: "port 80"
# By default (capture_type: "") the capture type is chosen automatically;
# or set here to one of pcap, afpacket, ebpf, sflow, pcapsocket, ovsmirror,
# dpdk, ovssflow, or ovsnetflow.
# capture_type: ""
# Flow storage engine
flow:
# Storage backend name: myelasticsearch, myorientdb
# backend: myelasticsearch
# Max number of flows in write buffer (after which all flows accumulated are dropped)
# max_buffer_size: 100000
topology:
# Storage backend name: mymemory, myelasticsearch, myorientdb
# backend: mymemory
# Define static interfaces and links updating Skydive topology
# Can be useful to define external resources like : TOR, Router, etc.
#
# A description language similar to the dot language is used to define
# interfaces and links. An arrow (->) is used to define a link between
# two interfaces (parent -> child). An arrow with a single dash will
# create an OwnerShip and a L2 link between the parent and the child.
# An arrow with two dashes (-->) will only create a L2 link between the
# parent and the child.
#
# Square brackets after the arrow is used to define additional metadata
# of the link (->[key=value,..]). Each interface described will be
# created in the topology excepted interfaces with the local prefix.
# In that specific case the interface of the local host will be used.
# Attributes of interfaces are declared using square brackets ([]).
# The following example creates a TOR node linked to TOR_PORT1 linked
# (l2 only) to TOR1_PORT1 linked to the TOR1 node, linked to TOR1_PORT2,
# which is linked to the local interface eth0, with an l2 only link.
fabric:
# - TOR[Name=tor] -> TOR_PORT1[Name=port1]
# - TOR1[Name=tor1] -> TOR1_PORT1[Name=port1]
# - TOR1[Name=tor1] -> [color=red] TOR1_PORT2[Name=port2, MTU=1500]
# - TOR_PORT1 --> TOR1_PORT1
# - TOR1_PORT2 --> *[Type=host]/eth0
# list of probes used by the analyzers
probes:
# - k8s
# - istio
# - ovn
k8s:
# kubeconfig resolution order:
# - if config_file param is defined then use it;
# - else if $KUBECONFIG environment is define then use it;
# - else if $HOME/.kube/config file exists then use it;
# - else use empty configuration (for accessing from within the k8s cluster).
# specify the path of k8s configuration YAML file.
# config_file: /etc/skydive/kubeconfig
# list of (sub) probes comprising k8s probe.
# if list is empty then will resolve to all existing (sub) probes.
probes:
- cluster
- configmap
- container
- cronjob
- daemonset
- deployment
- endpoints
- ingress
- job
- namespace
- networkpolicy
- node
- persistentvolume
- persistentvolumeclaim
- pod
- replicaset
- replicationcontroller
- secret
- service
- statefulset
- storageclass
# cluster_name: "MyClusterName"
istio:
# specify the path of istio configuration YAML file.
# config_file: /etc/skydive/kubeconfig
# EXPERIMENTAL: istio probe is still under development and should not be used
# on production systems
probes:
- destinationrule
- gateway
- quotaspec
- quotaspecbinding
- serviceentry
- virtualservice
ovn:
# OVN northbound address. Format can be either:
# * tcp:addr:port
# * unix:/var/run/ovn/ovnnb_db.sock
# address: unix:/var/run/ovn/ovnnb_db.sock
# Specify client, key and CA certificate files for TLS authentication.
# cert: /myovnnbcert
# key: /myovnkey
# cacert: /myovncacert
replication:
# debug: false
# list of analyzers used by analyzers and agents
analyzers:
- 127.0.0.1:8082
agent:
# address and port for the agent API, Format: addr:port.
# Default addr is 127.0.0.1
# listen: :8081
auth:
# auth section for API request
api:
# Specify the name of the auth backend definition, see auth section.
# backend: noauth
cluster:
# Specify username, password for cluster authentication. Used for agent/analyzer communication.
# username: admin
# password: password
topology:
# Probes used to capture topology information like interfaces,
# bridges, namespaces, etc...
# Available: blockdev, ovsdb, docker, neutron, opencontrail, socketinfo, lxd, lldp, libvirt, runc
probes:
# - blockdev
# - ovsdb
# - docker
# - neutron
# - opencontrail
# - socketinfo
# - lxd
# - lldp
# - libvirt
# - runc
# - vpp
docker:
# url: unix:///var/run/docker.sock
netns:
# allow to specify where the docker probe is watching network namespaces
# run_path: /var/run/docker/netns
netlink:
# delay in seconds between two metric updates
# metrics_update: 30
netns:
# allow to specify where the netns probe is watching network namespace
# run_path: /var/run/netns
# Define OpenStack Neutron credentials and the enpoint type
# used by the neutron probe
neutron:
# auth_url:
# username: neutron
# password: secret
# tenant_name: service
# region_name: RegionOne
# domain_name: Default
# ssl_insecure: false
# The endpoint_type value must be 'public', 'internal' or 'admin'
# endpoint_type: public
lldp:
# Interfaces to listen for LLDP frames. If no list is specified,
# use all interfaces
interfaces:
# - eth0
libvirt:
# url: qemu:///system
runc:
run_path:
# - /var/run/runc
# - /run/runc-ctrs
vpp:
# VPP API segment prefix connection, default : "" is equivalent to "/dev/shm"
# could be use when vpp and skydive are isolated in different container
# connect: ""
flow:
sflow:
# Default listening address is 127.0.0.1
# bind_address: 127.0.0.1
# Port min/max used when starting a sflow probe, an agent will be started
# with a port from this range
# port_min: 6345
# port_max: 6355
pcapsocket:
# Default listening address is 127.0.0.1
# bind_address: 127.0.0.1
# Port min/max used when starting a pcapsocket probe
# port_min: 8100
# port_max: 8132
netflow:
# Default listening address is 127.0.0.1
# bind_address: 127.0.0.1
# Port min/max used when starting a netflow probe, an agent will be started
# with a port from this range
# port_min: 6365
# port_max: 6375
ebpf:
# Rate of flows to poll per second from the kernel
# polling_rate: 16000
capture:
# Period in second to get capture stats from the probe. Note this
# stats_update: 1
# Add metadata to the host node
metadata_config:
# list of files which can be used to fill the metadata.
# Supported types json, toml, ini, yaml, yml, properties, props, prop
# the selector path (dot notation) is used to retrieve the value. The value will be stored
# in the host node `Config` section using the `name` parameter as key.
files:
# - path: /etc/ex.yml
# type: ini
# name: metadata_key_name
# selector: path.of.config.key
metadata:
# info: This is compute node
dpdk:
# DPDK port listening flows from
ports:
# - 0
# - 1
# nb workers per port
# workers: 4
# debug message every n seconds
# debug: 1
ovs:
# ovsdb connection, Format supported :
# * addr:port
# * tcp://addr:port
# * unix:///var/run/openvswitch/db.sock
# If you use the tcp connection you need to authorize connexion to ovsdb agent
# at least locally
# % sudo ovs-appctl -t ovsdb-server ovsdb-server/add-remote ptcp:6400:127.0.0.1
# ovsdb: unix:///var/run/openvswitch/db.sock
# enable_stats: false
oflow:
# Enable the parsing of openflow rules (disabled by default)
# enable: false
# Use OpenFlow protocol instead of ovs-ofctl
# native: false
# Openflow versions used by ovs-ofctl when queries are made to the
# switch. 1.0 should always be supported. 1.3 gives a nicer output and
# it is recommended to add it if it is supported.
# 1.4 can be broken on some switch, 1.5 and 1.6 are still considered
# as experimental.
# openflow_versions:
# - OpenFlow10
# The probe can connect to remote bridge over TLS (ssl url).
# The default value is empty for those options.
# Path to the private key file (TLS connection)
# key: /etc/ssl/private/agent.key
# Path to the certificate associated to the key (TLS connection)
# cert: /etc/ssl/certs/agent.crt
# Path to certificate authority validating bridge connections (TLS connection)
# ca: /etc/ssl/certs/ca.crt
address:
# Map translating bridge names into URL for remote connection
# bridge: ssl:xxx.yyy.zzz.ttt:port
netns:
# allow to specify where the netns probe is watching network namespace
# run_path: /var/run/netns
opencontrail:
# Host address of the OpenContrail vrouter agent
# host: localhost
# TCP port of the OpenContrail vrouter agent
# port: 8086
# UDP dest port for MPLS traffic
# mpls_udp_port: 51234
storage:
# Elasticsearch backend information.
myelasticsearch:
# driver: elasticsearch
# hosts:
# - http://127.0.0.1:9200
# Disable TLS certificate verification
# Default: false
# ssl_insecure: true
# Basic auth
# auth:
# username: user
# password: secret
# Define the maximum delay before flushing document
# bulk_maxdelay: 5
# If a limit is specified, when the index reaches it, it is rolled.
# index_entries_limit specifies the maximum number of entries allowed in an index.
# index_age_limit specifies the maximum age (in minutes) allowed for an index.
# For both limits, a value of 0 specifies that there is no limitation.
# index_entries_limit: 0
# index_age_limit: 0
# The number of indices to keep before deleting.
# A value of 0 specifies no limit (i.e. indices will never be deleted)
# indices_to_keep: 0
# Total fields limit. Maps to index.mapping.total_fields.limit setting.
# Set it to to the desired value or 0 if you don't want any limit (be careful)
# total_fields_limit: 1000
# Fields to exclude to avoid mapping explosion.
# exclude_from_mapping:
# - Metadata.*.Extra
# - Metadata.Container.Labels
# - Metadata.Container.Hosts.ByIP
# - Metadata.K8s.Labels
# - Metadata.Actions
# - Metadata.Filters
# - Metadata.LXD.Config
# - Metadata.LXD.Devices
# - Metadata.OVN.ExtID
# - Metadata.OVN.Options
# - Metadata.OVN.IPv6RAConfigs
# Use flatten mapping type for fields specified by 'exclude_from_mapping'
# use_flattened: true
# Ignore flattened fields whose length is above the specified value
# flattened_ignore_above: 32768
# Snif Nodes Info API to get all the nodes in the cluster
# See https://pkg.go.dev/gopkg.in/olivere/elastic.v2?tab=doc#NewClient
# Default: false
# disable_sniffing: true
# Disable health check
# Default: false
# disable_healthcheck: true
# Debug queries
# debug: false
# OrientDB backend information.
myorientdb:
# driver: orientdb
# addr: http://127.0.0.1:2480
# database: Skydive
# username: root
# password: hello
# Memory backend
mymemory:
# driver: memory
logging:
# level: INFO
# Default backend used: stderr
backends:
# - stderr
# - stdout
# - file
# - syslog
# configuration of the 'file' backend
file:
# path: /var/log/skydive.log
# configuration encoder could be for all backends or for specific one
# encoder: json
# color: false
auth:
mybasic:
# Define a basic auth authentication backend
# type: basic
# Specify the htpassword file to be used
# file: /etc/skydive/htpasswd
# Users can be declared in this section instead of using a file.
users:
# user1: secret1
# user2: secret2
mykeystone:
# Define a basic auth authentication backend
# type: keystone
# auth_url: http://xxx.xxx.xxx.xxx:5000/v3
# define the tenant and the domain that the users have to belong to
# tenant_name: admin
# domain_name: Default
# define which role an authenticated user will have. Only used for API authentication.
# two roles are predefined, admin and guest.
# role: admin
etcd:
# server parameters
# when 'embedded' is set to true, the analyzer will start an embedded etcd server
# embedded: true
# listen: 0.0.0.0:12379
# maximum number of WAL and snapshot files. 0 means unlimited
# max_wal_files: 5
# max_snap_files: 5
# path where the etcd files will be stored.
# data_dir: /var/lib/skydive/etcd
# client parameters
servers:
# - http://127.0.0.1:12379
# name to use for clustering, by default it is set to the host id
# name: analyzer1
# list of peers for etcd clustering between analyzers
# each entry is composed of the peer name and the endpoints for this peer
peers:
# analyzer1: http://172.17.0.2:12380
# analyzer2: http://172.17.0.3:12380
# client_timeout: 5
flow:
# Without any new packets, a flow expires after flow.expire
# seconds
# expire: 600
# Seconds between flow updates (metrics, enhancements,...)
# update: 60
# Protocol to use to send flows to the analyzer: websocket or udp
# protocol: udp
# Maximum size of the flow table in userspace
# max_entries: 500000
# Define the layer key mode used by default for captures. The key mode defines
# the layers used to identify a unique flow.
# * L2, this mode includes layer 2 and beyond.
# * L3, this mode includes layer 3 and beyond and takes layer 2 if there is no layer 3.
# default_layer_key_mode: L2
# Set the application field according to the following port mapping
application_ports:
tcp:
# 80: HTTP
# 8080: HTTP
# 443: HTTPS
# 1194: OPENVPN
udp:
# 1194: OPENVPN
# application specific flow timeout, in seconds
# this timeout is enforced in addition to the general flow.expire timeout
application_timeout:
# - arp: 10
# - dns: 10
ui:
# Specify the extra assets folder. Javascript and CSS files present in this
# folder will be added to the WebUI.
# extra_assets: /usr/share/skydive/assets
# select between light, dark themes
# theme: dark
# Settings specific to the topology view
topology:
# Pre-defined Gremlin expression used in the WebUI for Filtering and Highlighting.
# Note: Key should be in lower case
favorites:
# namespaces: "g.V().Has('Type', 'netns').OutE().BothV()"
# layer2: "g.E().Has('RelationType', 'layer2')"
# Highlight Gremlin expression used by default and applied on WebUI load.
# default_highlight: "layer2"
# Filter Gremlin expression used by default and applied on WebUI load.
# default_filter: "layer2"
# update rate of links in seconds
bandwidth_update_rate: 5
# 'absolute' - thresholds in Kbit
# 'relative' - thresholds in % relative to link speed reported by netlink
bandwidth_threshold: absolute
bandwidth_absolute_active: 1
bandwidth_absolute_warning: 10
bandwidth_absolute_alert: 100
bandwidth_relative_active: 0.1
bandwidth_relative_warning: 0.4
bandwidth_relative_alert: 0.8
# Enable/disable ssh to hosts
# ssh_enabled: false
# Enable/disable k8s related elements
# k8s_enabled: false
bpf:
# Pre-defined BPF filters
favorites:
# filter1: ip broadcast
# filter2: ip multicast
rbac:
model:
# RBAC model
# request_definition:
# - sub, obj, act
# policy_definition:
# - sub, obj, act, eft
# role_definition:
# - _, _
# policy_effect:
# - some(where (p_eft == allow)) && !some(where (p_eft == deny))
# matchers:
# - g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
policy:
# additional RBAC policy:
# - p, myuser, capture, write, deny
# - g, myuser, myrole