# Skydive config file # host_id is used to reference the agent, by default set to hostname # host_id: tls: # File path to X509 Certificate and Private Key to enable TLS communication # Unique certificate per agent is recommended # client_cert: /etc/ssl/certs/agent.domain.com.crt # client_key: /etc/ssl/certs/agent.domain.com.key # server_cert: /etc/ssl/certs/analyzer.domain.com.crt # server_key: /etc/ssl/certs/analyzer.domain.com.key # ca_cert: /etc/ssl/certs/ca.domain.com.crt http: # define the Cookie HTTP Request Header cookie: # : # : rest: # log the HTTP client request and response (to log level DEBUG) # debug: false ws: # WebSocket delay between two pings. # ping_delay: 2 # WebSocket Ping/Pong timeout in second. # pong_timeout: 5 # maximum number of topology aggregated messages before sending # bulk_maxmsgs: 100 # duration in seconds before flushing topology aggregated messages # bulk_maxdelay: 2 # Maximum size of the message queue # queue_size: 10000 # enable write compression # enable_write_compression: true analyzer: # address and port for the analyzer API, Format: addr:port. # Default addr is 127.0.0.1 # listen: :8082 auth: # auth section for API request api: # Specify the name of the auth backend definition, see auth section. # backend: noauth cluster: # Specify the name of the auth backend definition, see auth section. # backend: noauth # Specify username, password for cluster authentication. Used for analyzer/analyzer communication. # username: admin # password: password # Section defining things to be invoked on startup startup: # By default no capturing, set filter to capture from selected nodes # from the beginning automatically # capture_gremlin: "G.V().has('Name', NE('lo'))" # capture_bpf: "port 80" # By default (capture_type: "") the capture type is chosen automatically; # or set here to one of pcap, afpacket, ebpf, sflow, pcapsocket, ovsmirror, # dpdk, ovssflow, or ovsnetflow. # capture_type: "" # Flow storage engine flow: # Storage backend name: myelasticsearch, myorientdb # backend: myelasticsearch # Max number of flows in write buffer (after which all flows accumulated are dropped) # max_buffer_size: 100000 topology: # Storage backend name: mymemory, myelasticsearch, myorientdb # backend: mymemory # Define static interfaces and links updating Skydive topology # Can be useful to define external resources like : TOR, Router, etc. # # A description language similar to the dot language is used to define # interfaces and links. An arrow (->) is used to define a link between # two interfaces (parent -> child). An arrow with a single dash will # create an OwnerShip and a L2 link between the parent and the child. # An arrow with two dashes (-->) will only create a L2 link between the # parent and the child. # # Square brackets after the arrow is used to define additional metadata # of the link (->[key=value,..]). Each interface described will be # created in the topology excepted interfaces with the local prefix. # In that specific case the interface of the local host will be used. # Attributes of interfaces are declared using square brackets ([]). # The following example creates a TOR node linked to TOR_PORT1 linked # (l2 only) to TOR1_PORT1 linked to the TOR1 node, linked to TOR1_PORT2, # which is linked to the local interface eth0, with an l2 only link. fabric: # - TOR[Name=tor] -> TOR_PORT1[Name=port1] # - TOR1[Name=tor1] -> TOR1_PORT1[Name=port1] # - TOR1[Name=tor1] -> [color=red] TOR1_PORT2[Name=port2, MTU=1500] # - TOR_PORT1 --> TOR1_PORT1 # - TOR1_PORT2 --> *[Type=host]/eth0 # list of probes used by the analyzers probes: # - k8s # - istio # - ovn k8s: # kubeconfig resolution order: # - if config_file param is defined then use it; # - else if $KUBECONFIG environment is define then use it; # - else if $HOME/.kube/config file exists then use it; # - else use empty configuration (for accessing from within the k8s cluster). # specify the path of k8s configuration YAML file. # config_file: /etc/skydive/kubeconfig # list of (sub) probes comprising k8s probe. # if list is empty then will resolve to all existing (sub) probes. probes: - cluster - configmap - container - cronjob - daemonset - deployment - endpoints - ingress - job - namespace - networkpolicy - node - persistentvolume - persistentvolumeclaim - pod - replicaset - replicationcontroller - secret - service - statefulset - storageclass # cluster_name: "MyClusterName" istio: # specify the path of istio configuration YAML file. # config_file: /etc/skydive/kubeconfig # EXPERIMENTAL: istio probe is still under development and should not be used # on production systems probes: - destinationrule - gateway - quotaspec - quotaspecbinding - serviceentry - virtualservice ovn: # OVN northbound address. Format can be either: # * tcp:addr:port # * unix:/var/run/ovn/ovnnb_db.sock # address: unix:/var/run/ovn/ovnnb_db.sock # Specify client, key and CA certificate files for TLS authentication. # cert: /myovnnbcert # key: /myovnkey # cacert: /myovncacert replication: # debug: false # list of analyzers used by analyzers and agents analyzers: - 127.0.0.1:8082 agent: # address and port for the agent API, Format: addr:port. # Default addr is 127.0.0.1 # listen: :8081 auth: # auth section for API request api: # Specify the name of the auth backend definition, see auth section. # backend: noauth cluster: # Specify username, password for cluster authentication. Used for agent/analyzer communication. # username: admin # password: password topology: # Probes used to capture topology information like interfaces, # bridges, namespaces, etc... # Available: blockdev, ovsdb, docker, neutron, opencontrail, socketinfo, lxd, lldp, libvirt, runc probes: # - blockdev # - ovsdb # - docker # - neutron # - opencontrail # - socketinfo # - lxd # - lldp # - libvirt # - runc # - vpp docker: # url: unix:///var/run/docker.sock netns: # allow to specify where the docker probe is watching network namespaces # run_path: /var/run/docker/netns netlink: # delay in seconds between two metric updates # metrics_update: 30 netns: # allow to specify where the netns probe is watching network namespace # run_path: /var/run/netns # Define OpenStack Neutron credentials and the enpoint type # used by the neutron probe neutron: # auth_url: # username: neutron # password: secret # tenant_name: service # region_name: RegionOne # domain_name: Default # ssl_insecure: false # The endpoint_type value must be 'public', 'internal' or 'admin' # endpoint_type: public lldp: # Interfaces to listen for LLDP frames. If no list is specified, # use all interfaces interfaces: # - eth0 libvirt: # url: qemu:///system runc: run_path: # - /var/run/runc # - /run/runc-ctrs vpp: # VPP API segment prefix connection, default : "" is equivalent to "/dev/shm" # could be use when vpp and skydive are isolated in different container # connect: "" flow: sflow: # Default listening address is 127.0.0.1 # bind_address: 127.0.0.1 # Port min/max used when starting a sflow probe, an agent will be started # with a port from this range # port_min: 6345 # port_max: 6355 pcapsocket: # Default listening address is 127.0.0.1 # bind_address: 127.0.0.1 # Port min/max used when starting a pcapsocket probe # port_min: 8100 # port_max: 8132 netflow: # Default listening address is 127.0.0.1 # bind_address: 127.0.0.1 # Port min/max used when starting a netflow probe, an agent will be started # with a port from this range # port_min: 6365 # port_max: 6375 ebpf: # Rate of flows to poll per second from the kernel # polling_rate: 16000 capture: # Period in second to get capture stats from the probe. Note this # stats_update: 1 # Add metadata to the host node metadata_config: # list of files which can be used to fill the metadata. # Supported types json, toml, ini, yaml, yml, properties, props, prop # the selector path (dot notation) is used to retrieve the value. The value will be stored # in the host node `Config` section using the `name` parameter as key. files: # - path: /etc/ex.yml # type: ini # name: metadata_key_name # selector: path.of.config.key metadata: # info: This is compute node dpdk: # DPDK port listening flows from ports: # - 0 # - 1 # nb workers per port # workers: 4 # debug message every n seconds # debug: 1 ovs: # ovsdb connection, Format supported : # * addr:port # * tcp://addr:port # * unix:///var/run/openvswitch/db.sock # If you use the tcp connection you need to authorize connexion to ovsdb agent # at least locally # % sudo ovs-appctl -t ovsdb-server ovsdb-server/add-remote ptcp:6400:127.0.0.1 # ovsdb: unix:///var/run/openvswitch/db.sock # enable_stats: false oflow: # Enable the parsing of openflow rules (disabled by default) # enable: false # Use OpenFlow protocol instead of ovs-ofctl # native: false # Openflow versions used by ovs-ofctl when queries are made to the # switch. 1.0 should always be supported. 1.3 gives a nicer output and # it is recommended to add it if it is supported. # 1.4 can be broken on some switch, 1.5 and 1.6 are still considered # as experimental. # openflow_versions: # - OpenFlow10 # The probe can connect to remote bridge over TLS (ssl url). # The default value is empty for those options. # Path to the private key file (TLS connection) # key: /etc/ssl/private/agent.key # Path to the certificate associated to the key (TLS connection) # cert: /etc/ssl/certs/agent.crt # Path to certificate authority validating bridge connections (TLS connection) # ca: /etc/ssl/certs/ca.crt address: # Map translating bridge names into URL for remote connection # bridge: ssl:xxx.yyy.zzz.ttt:port netns: # allow to specify where the netns probe is watching network namespace # run_path: /var/run/netns opencontrail: # Host address of the OpenContrail vrouter agent # host: localhost # TCP port of the OpenContrail vrouter agent # port: 8086 # UDP dest port for MPLS traffic # mpls_udp_port: 51234 storage: # Elasticsearch backend information. myelasticsearch: # driver: elasticsearch # hosts: # - http://127.0.0.1:9200 # Disable TLS certificate verification # Default: false # ssl_insecure: true # Basic auth # auth: # username: user # password: secret # Define the maximum delay before flushing document # bulk_maxdelay: 5 # If a limit is specified, when the index reaches it, it is rolled. # index_entries_limit specifies the maximum number of entries allowed in an index. # index_age_limit specifies the maximum age (in minutes) allowed for an index. # For both limits, a value of 0 specifies that there is no limitation. # index_entries_limit: 0 # index_age_limit: 0 # The number of indices to keep before deleting. # A value of 0 specifies no limit (i.e. indices will never be deleted) # indices_to_keep: 0 # Total fields limit. Maps to index.mapping.total_fields.limit setting. # Set it to to the desired value or 0 if you don't want any limit (be careful) # total_fields_limit: 1000 # Fields to exclude to avoid mapping explosion. # exclude_from_mapping: # - Metadata.*.Extra # - Metadata.Container.Labels # - Metadata.Container.Hosts.ByIP # - Metadata.K8s.Labels # - Metadata.Actions # - Metadata.Filters # - Metadata.LXD.Config # - Metadata.LXD.Devices # - Metadata.OVN.ExtID # - Metadata.OVN.Options # - Metadata.OVN.IPv6RAConfigs # Use flatten mapping type for fields specified by 'exclude_from_mapping' # use_flattened: true # Ignore flattened fields whose length is above the specified value # flattened_ignore_above: 32768 # Snif Nodes Info API to get all the nodes in the cluster # See https://pkg.go.dev/gopkg.in/olivere/elastic.v2?tab=doc#NewClient # Default: false # disable_sniffing: true # Disable health check # Default: false # disable_healthcheck: true # Debug queries # debug: false # OrientDB backend information. myorientdb: # driver: orientdb # addr: http://127.0.0.1:2480 # database: Skydive # username: root # password: hello # Memory backend mymemory: # driver: memory logging: # level: INFO # Default backend used: stderr backends: # - stderr # - stdout # - file # - syslog # configuration of the 'file' backend file: # path: /var/log/skydive.log # configuration encoder could be for all backends or for specific one # encoder: json # color: false auth: mybasic: # Define a basic auth authentication backend # type: basic # Specify the htpassword file to be used # file: /etc/skydive/htpasswd # Users can be declared in this section instead of using a file. users: # user1: secret1 # user2: secret2 mykeystone: # Define a basic auth authentication backend # type: keystone # auth_url: http://xxx.xxx.xxx.xxx:5000/v3 # define the tenant and the domain that the users have to belong to # tenant_name: admin # domain_name: Default # define which role an authenticated user will have. Only used for API authentication. # two roles are predefined, admin and guest. # role: admin etcd: # server parameters # when 'embedded' is set to true, the analyzer will start an embedded etcd server # embedded: true # listen: 0.0.0.0:12379 # maximum number of WAL and snapshot files. 0 means unlimited # max_wal_files: 5 # max_snap_files: 5 # path where the etcd files will be stored. # data_dir: /var/lib/skydive/etcd # client parameters servers: # - http://127.0.0.1:12379 # name to use for clustering, by default it is set to the host id # name: analyzer1 # list of peers for etcd clustering between analyzers # each entry is composed of the peer name and the endpoints for this peer peers: # analyzer1: http://172.17.0.2:12380 # analyzer2: http://172.17.0.3:12380 # client_timeout: 5 flow: # Without any new packets, a flow expires after flow.expire # seconds # expire: 600 # Seconds between flow updates (metrics, enhancements,...) # update: 60 # Protocol to use to send flows to the analyzer: websocket or udp # protocol: udp # Maximum size of the flow table in userspace # max_entries: 500000 # Define the layer key mode used by default for captures. The key mode defines # the layers used to identify a unique flow. # * L2, this mode includes layer 2 and beyond. # * L3, this mode includes layer 3 and beyond and takes layer 2 if there is no layer 3. # default_layer_key_mode: L2 # Set the application field according to the following port mapping application_ports: tcp: # 80: HTTP # 8080: HTTP # 443: HTTPS # 1194: OPENVPN udp: # 1194: OPENVPN # application specific flow timeout, in seconds # this timeout is enforced in addition to the general flow.expire timeout application_timeout: # - arp: 10 # - dns: 10 ui: # Specify the extra assets folder. Javascript and CSS files present in this # folder will be added to the WebUI. # extra_assets: /usr/share/skydive/assets # select between light, dark themes # theme: dark # Settings specific to the topology view topology: # Pre-defined Gremlin expression used in the WebUI for Filtering and Highlighting. # Note: Key should be in lower case favorites: # namespaces: "g.V().Has('Type', 'netns').OutE().BothV()" # layer2: "g.E().Has('RelationType', 'layer2')" # Highlight Gremlin expression used by default and applied on WebUI load. # default_highlight: "layer2" # Filter Gremlin expression used by default and applied on WebUI load. # default_filter: "layer2" # update rate of links in seconds bandwidth_update_rate: 5 # 'absolute' - thresholds in Kbit # 'relative' - thresholds in % relative to link speed reported by netlink bandwidth_threshold: absolute bandwidth_absolute_active: 1 bandwidth_absolute_warning: 10 bandwidth_absolute_alert: 100 bandwidth_relative_active: 0.1 bandwidth_relative_warning: 0.4 bandwidth_relative_alert: 0.8 # Enable/disable ssh to hosts # ssh_enabled: false # Enable/disable k8s related elements # k8s_enabled: false bpf: # Pre-defined BPF filters favorites: # filter1: ip broadcast # filter2: ip multicast rbac: model: # RBAC model # request_definition: # - sub, obj, act # policy_definition: # - sub, obj, act, eft # role_definition: # - _, _ # policy_effect: # - some(where (p_eft == allow)) && !some(where (p_eft == deny)) # matchers: # - g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act policy: # additional RBAC policy: # - p, myuser, capture, write, deny # - g, myuser, myrole