From 696f08d4761c343548dc22ce2c362ef69609f29d Mon Sep 17 00:00:00 2001 From: James Adams Date: Fri, 26 Jan 2018 13:44:03 +0000 Subject: [PATCH] Add 17.12.0 documentation Built with `quattor-documentation-builder -c -m src/ -o output/ --info` with some cleanup and whitespace trimming. --- docs/CAF/Application.md | 4 +- docs/CAF/Exception.md | 57 +++ docs/CAF/FileWriter.md | 4 +- docs/CAF/Path.md | 39 +- docs/CAF/Process.md | 13 +- docs/CAF/TextRender.md | 2 +- docs/CCM/CacheManager::Element.md | 9 +- docs/CCM/Options.md | 6 +- docs/CCM/Path.md | 2 +- docs/CCM/TextRender.md | 30 +- docs/Unittesting/Quattor.md | 18 +- docs/Unittesting/Quattor::Doc.md | 2 +- docs/Unittesting/Quattor::TextRender.md | 2 +- docs/components-grid/condorconfig.md | 6 +- docs/components-grid/dpmlfc.md | 22 +- docs/components-grid/gip2.md | 6 +- docs/components-grid/glitestartup.md | 4 +- docs/components-grid/glitestartup::schema.md | 2 +- docs/components-grid/globuscfg.md | 58 +-- docs/components-grid/gridmapdir.md | 4 +- docs/components-grid/gsissh.md | 14 +- docs/components-grid/lbconfig.md | 12 +- docs/components-grid/lcgbdii.md | 14 +- docs/components-grid/lcgmonjob.md | 2 +- docs/components-grid/lcmaps.md | 8 +- docs/components-grid/maui.md | 6 +- docs/components-grid/mkgridmap.md | 18 +- docs/components-grid/myproxy.md | 2 +- docs/components-grid/pbsclient.md | 6 +- docs/components-grid/pbsknownhosts.md | 22 +- docs/components-grid/pbsknownhosts::schema.md | 2 +- docs/components-grid/pbsserver.md | 10 +- docs/components-grid/vomsclient.md | 22 +- docs/components-grid/wlconfig.md | 64 +-- docs/components-grid/wmsclient.md | 4 +- docs/components-grid/wmslb.md | 2 +- docs/components-grid/xrootd.md | 28 +- docs/components/Ceph::compare.md | 4 +- docs/components/FreeIPA::NSS.md | 2 +- docs/components/FreeIPA::Service.md | 2 +- docs/components/OpenNebula::AII.md | 4 +- docs/components/OpenNebula::Account.md | 2 +- docs/components/OpenNebula::Commands.md | 2 +- docs/components/OpenNebula::Image.md | 8 +- docs/components/OpenNebula::Network.md | 2 +- docs/components/OpenNebula::Server.md | 2 +- docs/components/OpenNebula::VM.md | 2 +- docs/components/accounts.md | 10 +- docs/components/aii::freeipa::schema.md | 2 +- docs/components/aii::opennebula::functions.md | 8 +- docs/components/aii::opennebula::schema.md | 37 +- docs/components/authconfig::sssd.md | 45 +- docs/components/authconfig::sssd::ipa.md | 8 +- docs/components/authconfig::sssd::ldap.md | 20 +- docs/components/authconfig::sssd::user.md | 37 +- docs/components/ccm::schema.md | 8 +- docs/components/ceph.md | 20 +- docs/components/ceph::schema-mds.md | 12 +- docs/components/ceph::schema-mon.md | 4 +- docs/components/ceph::schema-osd.md | 6 +- docs/components/ceph::schema-rgw.md | 6 +- docs/components/ceph::schema.md | 22 +- docs/components/chkconfig.md | 2 +- docs/components/cron::schema.md | 34 +- docs/components/cups.md | 10 +- docs/components/cups::schema.md | 73 +-- docs/components/download::schema.md | 4 + docs/components/filecopy.md | 6 +- docs/components/filesystems::schema.md | 2 +- docs/components/fmonagent.md | 2 +- docs/components/freeipa::schema.md | 26 +- docs/components/fstab::schema.md | 4 +- docs/components/ganglia.md | 2 +- docs/components/gmetad.md | 2 +- docs/components/grub::schema.md | 2 +- docs/components/iptables.md | 2 +- docs/components/ldconf.md | 4 +- docs/components/libvirtd.md | 8 +- docs/components/metaconfig::schema.md | 14 +- docs/components/network::core-schema.md | 30 +- docs/components/nfs.md | 4 +- docs/components/nfs::schema.md | 8 +- docs/components/nrpe.md | 81 --- docs/components/nrpe::schema.md | 25 +- docs/components/nsca.md | 2 +- docs/components/nscd.md | 2 +- docs/components/ntpd::schema.md | 18 +- docs/components/ofed::schema.md | 2 +- docs/components/openldap::schema.md | 6 +- docs/components/opennebula::schema.md | 70 +-- docs/components/openstack.md | 14 + docs/components/openstack::common.md | 210 ++++++++ docs/components/openstack::glance.md | 62 +++ docs/components/openstack::horizon.md | 462 ++++++++++++++++++ docs/components/openstack::keystone.md | 77 +++ docs/components/openstack::neutron.md | 164 +++++++ docs/components/openstack::nova.md | 160 ++++++ docs/components/openstack::schema.md | 38 ++ docs/components/pam::config.md | 5 + docs/components/pnp4nagios::schema.md | 12 +- docs/components/postfix::schema.md | 22 +- docs/components/postgresql::schema.md | 6 +- docs/components/profile.md | 2 +- docs/components/puppet.md | 12 +- docs/components/puppet::schema.md | 31 +- docs/components/resolver.md | 4 +- docs/components/spma::apt::schema.md | 4 +- docs/components/spma::ips::schema.md | 4 +- docs/components/spma::yum::schema.md | 2 +- docs/components/ssh::schema.md | 21 +- docs/components/sudo.md | 2 +- docs/components/sysctl.md | 2 +- docs/components/systemd::schema.md | 32 +- mkdocs.yml | 9 + 114 files changed, 1950 insertions(+), 653 deletions(-) create mode 100644 docs/CAF/Exception.md create mode 100644 docs/components/openstack.md create mode 100644 docs/components/openstack::common.md create mode 100644 docs/components/openstack::glance.md create mode 100644 docs/components/openstack::horizon.md create mode 100644 docs/components/openstack::keystone.md create mode 100644 docs/components/openstack::neutron.md create mode 100644 docs/components/openstack::nova.md create mode 100644 docs/components/openstack::schema.md diff --git a/docs/CAF/Application.md b/docs/CAF/Application.md index fcb7554..d23d579 100644 --- a/docs/CAF/Application.md +++ b/docs/CAF/Application.md @@ -43,7 +43,7 @@ Applications can extend or overwrite the default methods. - version(): string Returns the version number as defined in $self->{'VERSION'}, or - <unknown> if not defined. + if not defined. - hostname(): string @@ -64,7 +64,7 @@ Applications can extend or overwrite the default methods. Returns the option value coming from the command line and/or configuration file. Scalar can be a string, or a reference to a hash or an array containing the option's value. option() is a wrapper - on top of AppConfig->get($opt). + on top of AppConfig->get($opt). If the option doesn't exist, returns `undef`, except if the `default` argument has been specified: in this case this value is returned but diff --git a/docs/CAF/Exception.md b/docs/CAF/Exception.md new file mode 100644 index 0000000..0f4765a --- /dev/null +++ b/docs/CAF/Exception.md @@ -0,0 +1,57 @@ + +### NAME + +CAF::Exception - provides basic methods for failure and exception handling + +#### Private methods + +- \_get\_noaction + + Return NoAction setting: + + - Return 0 is `keeps_state` is true + + Any other value of `keeps_state` is ignored. (In particular, + you cannot use `keeps_state` to enable NoAction). + + - Return value of `noAction` method (when defined) + - `CAF::Object::NoAction` otherwise + + Supports an optional `msg` that is prefixed to reporter. + +- \_reset\_exception\_fail + + Reset previous fail attribute and/or exception. + + `msg` is a suffix when reporting the old `fail` attribute + and/or exception error (with debug level 1). + + `EC` is a `LC::Exception::Context` instance that is checked for an + existing error, which is set to ignore if it exists. + + Always returns SUCCESS. + +- \_function\_catch + + Execute function reference `funcref` with arrayref `$args` and hashref `$opts`. + + Method resets any existing fail attribute and error from `LC::Exception::Context` instance `EC`. + + When an exception thrown is thrown, it is catched and reset. No error is reported + and undef is returned in this case and the fail attribute is set with the exception + error text. + +- \_safe\_eval + + Run function reference `funcref` with arrayref `argsref` and hashref `optsref`. + + Return and set fail attribute with `failmsg` (`$@` is added when set) on die + or in case of an error (`undef` returned by `funcref`). + In case of success, report `msg` (stringified result is added unless `sensitive` attribute is set) + at verbose level. + + Note that `_safe_eval` doesn't work with functions + that don't return a defined value when they succeed. + + Resets previous fail attribute and or exceptions + (via the `LC::Exception::Context` instance `EC`). diff --git a/docs/CAF/FileWriter.md b/docs/CAF/FileWriter.md index 2a2b58b..45514aa 100644 --- a/docs/CAF/FileWriter.md +++ b/docs/CAF/FileWriter.md @@ -72,7 +72,9 @@ This is a wrapper class for `IO::String` with customised close based on - `backup` - Path for the backup file, if this one has to be re-written. + Create a backup file when the file already exists and will be modified. + The value is used as a suffix to create the backup filename + (e.g. `.old`). - `keeps_state` diff --git a/docs/CAF/Path.md b/docs/CAF/Path.md index 139b1d2..68a37fa 100644 --- a/docs/CAF/Path.md +++ b/docs/CAF/Path.md @@ -42,41 +42,6 @@ undef on failure and store the error message in the `fail` attribute. #### Methods -- \_get\_noaction - - Return NoAction setting: - - - Return 0 is `keeps_state` is true - - Any other value of `keeps_state` is ignored. (In particular, - you cannot use `keeps_state` to enable NoAction). - - - Return value of `CAF::Object::NoAction` otherwise. - - Supports an optional `msg` that is prefixed to reporter. - -- \_reset\_exception\_fail - - Reset previous exceptions and/or fail attribute. - -- \_function\_catch - - Execute function reference `funcref` with arrayref `$args` and hashref `$opts`. - - Method resets/ignores any existing errors and fail attribute, and catches any exception thrown. - No error is reported, it returns undef in this case and the fail attribute is set. - -- \_safe\_eval - - Run function reference `funcref` with arrayref `argsref` and hashref `optsref`. - - Return and set fail attribute with `failmsg` on die or an error (`undef` returned - by `funcref`), or print (at verbose level) `msg` on success (respectively $@ and - stringified result are appended). Note that `_safe_eval` doesn't work with functions - that don't return a defined value when they succeed. - - Resets previous exceptions and/or fail attribute - - LC\_Check Execute function `> with arrayref `$args` and hashref `$opts`. @@ -140,7 +105,7 @@ undef on failure and store the error message in the `fail` attribute. Returns CHANGED is something was cleaned-up, SUCCESS if nothing was done and undef on failure (and sets the fail attribute). - The <backup> is a suffix for `dest`. + The is a suffix for `dest`. If backup is undefined, use `backup` attribute. (Pass an empty string to disable backup with `backup` attribute defined) @@ -278,7 +243,7 @@ undef on failure and store the error message in the `fail` attribute. does not exist to start with, success is immediately returned, and no backup of `dest` is created). - The <backup> is a suffix for the cleanup of `dest` + The is a suffix for the cleanup of `dest` (and passed to `cleanup` method). (The basedir of `dest` is created using `directory` method.) diff --git a/docs/CAF/Process.md b/docs/CAF/Process.md index deddb98..67fc442 100644 --- a/docs/CAF/Process.md +++ b/docs/CAF/Process.md @@ -72,6 +72,17 @@ secure. By default, commands modify the state and thus `keeps_state` is false. + - `sensitive` + + A boolean specifying whether the arguments contain sensitive information + (like passwords). If `sensitive` is true, the commandline will not be reported + (by default when `log` option is used, the commandline is reported + with verbose level). + + This does not cover command output. If the output (stdout and/or stderr) contains + sensitve information, make sure to handle it yourself via `stdout` and/or `stderr` + options (or by using the `output` method). + These options will only be used by the execute method. - \_LC\_Process @@ -81,7 +92,7 @@ secure. `noaction_value` is is the value to return with `NoAction`. `msg` and `postmsg` are used to construct log message - `<\[ <postmsg>\]>>. + `<\[ \]>>. #### Public methods diff --git a/docs/CAF/TextRender.md b/docs/CAF/TextRender.md index 1691045..b70e7a7 100644 --- a/docs/CAF/TextRender.md +++ b/docs/CAF/TextRender.md @@ -53,7 +53,7 @@ This class simplyfies the generation of structured text like config files. .INI format (using `Config::Tiny`) - (Previously available module <general> was removed in 15.12. + (Previously available module was removed in 15.12. Component writers needing this functionality can use the **CCM::TextRender** subclass instead). diff --git a/docs/CCM/CacheManager::Element.md b/docs/CCM/CacheManager::Element.md index b946542..e4ae132 100644 --- a/docs/CCM/CacheManager::Element.md +++ b/docs/CCM/CacheManager::Element.md @@ -153,10 +153,17 @@ The class is a base class for - convert\_nlist Array ref of anonymous methods to convert the argument - (nlist of elements) to another representation/format. + (dict of elements) to another representation/format. Each element is already processed before the conversion. + - convert\_key + + Array ref of anonymous methods to convert the key(s) of the dicts + to another representation/format. + + At the end, a stringification of the result is used as key. + The arrayref of anonymous methods are applied as follows: convert methods `[a, b, c]` will produce `$new = c(b(a($old)))`. (An exception is thrown if these methods are not code references). diff --git a/docs/CCM/Options.md b/docs/CCM/Options.md index b58e410..0e832ce 100644 --- a/docs/CCM/Options.md +++ b/docs/CCM/Options.md @@ -57,11 +57,11 @@ Available convenience methods: Add actions defined in hashref to the supported actions. When creating a new module derived from EDG::WP4::CCM::Options, - add methods named "action\_<something>", and add then via this method + add methods named "action\_", and add then via this method to the \_actions hashref. This will create a commandline option "--something", if selected, - will execute the action\_<something> method. + will execute the action\_ method. The hashref key is the action name, the value is the help text. @@ -69,4 +69,4 @@ Available convenience methods: - action - Run first of the predefined actions via the action\_<actionname> methods + Run first of the predefined actions via the action\_ methods diff --git a/docs/CCM/Path.md b/docs/CCM/Path.md index c95b55f..70c2242 100644 --- a/docs/CCM/Path.md +++ b/docs/CCM/Path.md @@ -103,7 +103,7 @@ to manipulate absolute paths or compiled regular expressions. These child subpaths are safe to represent as their unescaped value - wrapped in `{}` when <toString> method is called (e.g. during stringification). + wrapped in `{}` when method is called (e.g. during stringification). Parent paths who have a safe-to escape parent path of their own should be added already escaped. diff --git a/docs/CCM/TextRender.md b/docs/CCM/TextRender.md index 3090a65..9e5e50b 100644 --- a/docs/CCM/TextRender.md +++ b/docs/CCM/TextRender.md @@ -32,31 +32,31 @@ difference the support of a `EDG::WP4::CCM::CacheManager::Element` instance as c - scalar converted in a single line - <key> <value> + - arrayref of scalars converted in multiple lines as follows - <key> <scalar element0> - <key> <scalar element1> + + ... - hashref generates a block with format <"key"> - <recursive rendering of the value> - </"key"> + + - arrayref of hashref generates series of blocks <"key"> - <recursive rendering of the element0> - </"key"> + + <"key"> - <recursive rendering of the element1> - </"key"> + + ... (Whitespace in the block name is enforced with double quotes.) @@ -149,6 +149,18 @@ difference the support of a `EDG::WP4::CCM::CacheManager::Element` instance as c Caveat: is preceded by `joincomma` option. + - unescapekey + + Unescape all dict keys. + + - lowerkey + + Convert all dict keys to lowercase. + + - upperkey + + Convert all dict keys to uppercase. + Other `getTree` options - depth diff --git a/docs/Unittesting/Quattor.md b/docs/Unittesting/Quattor.md index e54f5cf..6824c6d 100644 --- a/docs/Unittesting/Quattor.md +++ b/docs/Unittesting/Quattor.md @@ -121,6 +121,13 @@ that control the following variables: You can add paths using the `set_immutable` function. +- `%status` + + The content of this hash (keys are the absolute path names) indicates + current `CAF::Path::status` (`mode`, `mtime`, `owner` and/or `group`). + + You can add paths using the `set_status` function. + #### Redefined functions In order to achieve this, the following functions are redefined @@ -238,6 +245,10 @@ automatically: `remove_any` and store args in `caf_path` using `add_caf_path`. +- `CAF::Path::status` + + Set and compare status. + - `CAF::Path::_listdir` Mock underlying \_listdir method that does the actual opendir/readdir/closedir. @@ -256,6 +267,7 @@ The following functions are exported by default: - `set_file_contents` For file `$filename`, sets the initial `$contents` the component should see. + It also sets the default [FileWriter](../CAF/FileWriter.md) permissions (`mode` 644). Returns the contents on success, undef otherwise. @@ -342,7 +354,11 @@ The following functions are exported by default: - set\_immutable Make [path](../components/path.md) immutable. Pass a false `bool` to make the path mutable again - (not <undef>, default is to make the path immutable). + (not , default is to make the path immutable). + +- set\_status + + (Re)set status of [path](../components/path.md) to the options (`mode`, `mtime`, `owner` and/or `group`). - is\_mutable diff --git a/docs/Unittesting/Quattor::Doc.md b/docs/Unittesting/Quattor::Doc.md index 67f9a46..0385e1f 100644 --- a/docs/Unittesting/Quattor::Doc.md +++ b/docs/Unittesting/Quattor::Doc.md @@ -22,7 +22,7 @@ Should be used mainly as follows: Array reference of directories to test for podfiles. Default dirs are the relative paths `target/lib/perl` and `target/doc/pod` (use the exported `@DOC_TEST_PATHS` - list of defaults or resp. `$DOC_TARGET_PERL` and <$DOC\_TARGET\_POD>) + list of defaults or resp. `$DOC_TARGET_PERL` and <$DOC\_TARGET\_POD>) - podfiles diff --git a/docs/Unittesting/Quattor::TextRender.md b/docs/Unittesting/Quattor::TextRender.md index 847217e..506fa6b 100644 --- a/docs/Unittesting/Quattor::TextRender.md +++ b/docs/Unittesting/Quattor::TextRender.md @@ -86,7 +86,7 @@ Run tests based on gather\_tt results; returns nothing. #### gather\_pan -Same as Test::Quattor::Object `gather_pan`, but with <relpath> set +Same as Test::Quattor::Object `gather_pan`, but with set to the instance 'basepath'. (With `panpath` and `pannamespace` as arguments) #### make\_namespace diff --git a/docs/components-grid/condorconfig.md b/docs/components-grid/condorconfig.md index d5f1cdd..871b91d 100644 --- a/docs/components-grid/condorconfig.md +++ b/docs/components-grid/condorconfig.md @@ -1,8 +1,8 @@ ### NAME -The _condorconfig_ component manages the configuration file of -Condor. +The _condorconfig_ component manages the configuration file of +Condor. ### DESCRIPTION @@ -10,7 +10,7 @@ The _condorconfig_ component manages the configuration file (default is `/opt/condor/etc/condor.conf`) for Condor. All of the condor parameters are available with exactly the same name in Quattor. See the condor documentation for the names and descriptions of the -parameters. +parameters. ### RESOURCES diff --git a/docs/components-grid/dpmlfc.md b/docs/components-grid/dpmlfc.md index a2640b5..2c6364c 100644 --- a/docs/components-grid/dpmlfc.md +++ b/docs/components-grid/dpmlfc.md @@ -5,14 +5,14 @@ ncm-dpmlfc : NCM component to manage DPM and LFC configuration. ### DESCRIPTION -This component allows to manage configuration of DPM and LFC services, with the exception of DPM xrootd protocol which is managed by +This component allows to manage configuration of DPM and LFC services, with the exception of DPM xrootd protocol which is managed by the [xrootd](../components-grid/xrootd.md) configuration module. -Configuration module **ncm-dpmlfc** requires that the DPM and/or LFC configuration describes all nodes participating to the service and their respective +Configuration module **ncm-dpmlfc** requires that the DPM and/or LFC configuration describes all nodes participating to the service and their respective role (in term of daemon running on each node). Each daemon/host combination is called a daemon instance in this documentation. -Using the whole DPM and/or LFC description, **ncm-dpmlfc** takes care of action needed on every node to configure it as requested -(you MUST use the same configuration description on every node participating to DPM and/or LFC). This includes restarting +Using the whole DPM and/or LFC description, **ncm-dpmlfc** takes care of action needed on every node to configure it as requested +(you MUST use the same configuration description on every node participating to DPM and/or LFC). This includes restarting a service after configuration changes if needed. There are 2 sets of configuration options: @@ -49,31 +49,31 @@ DPM and LFC accept the same global options but there is a separate set for each - `/software/components/dpmlfc/options/PRODUCT/gridmapfile` - This option defines the local gridmap file used by products daemons. + This option defines the local gridmap file used by products daemons. Default: None (default configuration provided by RPM will be used) - `/software/components/dpmlfc/options/PRODUCT/gridmapdir` - This option defines the gridmap dir used by products daemons. + This option defines the gridmap dir used by products daemons. Default: None (default configuration provided by RPM will be used) - `/software/components/dpmlfc/options/PRODUCT/group` - This option defines the userid used by product daemons. + This option defines the userid used by product daemons. Default: None (default configuration provided by RPM will be used) - `/software/components/dpmlfc/options/PRODUCT/user` - This option defines the userid used by product daemons. + This option defines the userid used by product daemons. Default: dpmmgr for DPM, lfcmgr for LFC ### DATABASE CONNECTION OPTIONS (DPM and LFC) -DPM and LFC accepts the same set of options to describe the database connection. In the following option names, +DPM and LFC accepts the same set of options to describe the database connection. In the following option names, replace `PRODUCT` by either `dpm` or `lfc`. Both sets can coexist. - `/software/components/dpmlfc/options/PRODUCT/db/configfile` @@ -113,8 +113,8 @@ replace `PRODUCT` by either `dpm` or `lfc`. Both sets can coexist. - `/software/components/dpmlfc/options/PRODUCT/db/server` (string, optional) This option defines the server running the database. This component checks that - DPM and LFC database server run on different node (DPNS and LFC use the same database name). - `localhost` is considered different as DPNS and LFC are not allowed to run on the same node. + DPM and LFC database server run on different node (DPNS and LFC use the same database name). + `localhost` is considered different as DPNS and LFC are not allowed to run on the same node. Default : localhost. diff --git a/docs/components-grid/gip2.md b/docs/components-grid/gip2.md index 9afada1..7715d83 100644 --- a/docs/components-grid/gip2.md +++ b/docs/components-grid/gip2.md @@ -58,12 +58,12 @@ Default : none. ### LDIF entries : nlist (optional) -nlist of LDIF entries (key is the DN, value is a nlist of attribute/value pairs) to put in the resulting file +nlist of LDIF entries (key is the DN, value is a nlist of attribute/value pairs) to put in the resulting file if staticInfoCmd is not specified or sets of key value/pairs (key is the set name and and value is a nlist of key/value pairs). Key is interpreted as an escaped value. -If ommitted and confFile is defined, must be defined in `/software/components/gip2/ldifConfEntries` +If ommitted and confFile is defined, must be defined in `/software/components/gip2/ldifConfEntries` key matching confFile. Default : none. @@ -100,7 +100,7 @@ Default : none. #### `/software/components/gip2/staticInfoCmd` : string (optional) -Path of the command to execute to transform entries into a LDIF file if none is defined in the +Path of the command to execute to transform entries into a LDIF file if none is defined in the `/software/components/gip2/ldif` entry. It is here for backward compatibility but it is recommended to define it as part of the ldif entries. If undefined in both locations, the configuration file is read directly without any processing. diff --git a/docs/components-grid/glitestartup.md b/docs/components-grid/glitestartup.md index a127803..dd56812 100644 --- a/docs/components-grid/glitestartup.md +++ b/docs/components-grid/glitestartup.md @@ -68,14 +68,14 @@ List of paths where to look for a script matching service name. Default : `/opt/glite/etc/init.d` -#### `/software/components`/@COMP/services : nlist of string +#### `/software/components`/@COMP/services : nlist of string Nlist with one entry per service to start. Key is the service name, value is an optional nlist. This nlist can contain the following element: - args startup script arguments -Default : none +Default : none ### DEPENDENCIES diff --git a/docs/components-grid/glitestartup::schema.md b/docs/components-grid/glitestartup::schema.md index b39a184..13e5a63 100644 --- a/docs/components-grid/glitestartup::schema.md +++ b/docs/components-grid/glitestartup::schema.md @@ -5,7 +5,7 @@ - `/software/glitestartup/glitestartup_component_service/args` - Optional - Type: string - - Default value: + - Default value: - `/software/glitestartup/glitestartup_component_post_restart` - `/software/glitestartup/glitestartup_component_post_restart/cmd` - Optional diff --git a/docs/components-grid/globuscfg.md b/docs/components-grid/globuscfg.md index 52edf8b..370bb6f 100644 --- a/docs/components-grid/globuscfg.md +++ b/docs/components-grid/globuscfg.md @@ -5,7 +5,7 @@ globuscfg: Configure Globus services. ### DESCRIPTION -The _globuscfg_ component configures the globus services. It manages +The _globuscfg_ component configures the globus services. It manages the `/etc/sysconfig/globus` and globus configuration files. In addition, it will start the specified Globus services. @@ -26,12 +26,12 @@ addition, it will start the specified Globus services. - `/software/components/globuscfg/GLOBUS`\_CONFIG The full path to the Globus configuration file. Defaults to - `/etc/globus.conf`. + `/etc/globus.conf`. - `/software/components/globuscfg/globus`\_flavor\_name The globus "flavor" to use. There is no default. A typical value is - gcc32dbg. + gcc32dbg. - `/software/components/globuscfg/services` @@ -78,12 +78,12 @@ addition, it will start the specified Globus services. - `/software/components/globuscfg/mds/x509`\_user\_key The path to the certificate and key to use for MDS. Host credentials - will be used if not specified. + will be used if not specified. -- `/software/components/globuscfg/mds/gris/suffix` +- `/software/components/globuscfg/mds/gris/suffix` - The suffix to use for the GRISes. Defaults to "\\"Mds-Vo-name=local,o=grid\\"". - Double quotes MUST appear as part of the value. + The suffix to use for the GRISes. Defaults to "\\"Mds-Vo-name=local,o=grid\\"". + Double quotes MUST appear as part of the value. - `/software/components/globuscfg/mds/gris/provider` @@ -95,7 +95,7 @@ addition, it will start the specified Globus services. - - "xyz" will be taken, as the name of the executable. + "xyz" will be taken, as the name of the executable. You may optionally specify a fully-qualified executable name to override this default. The parameter to set is, for example, "provider\_edg" for the edg @@ -104,7 +104,7 @@ addition, it will start the specified Globus services. - `/software/components/globuscfg/mds/gris/registration` The _list_ of GIISes to which the GRISes should register, so it - has entries labelled with numbers. These entries are have + has entries labelled with numbers. These entries are have further entries like _regname_, _reghost_, _regport_, _regperiod_, and _ttl_. These are optional; default values of these parameters can be changed @@ -112,17 +112,17 @@ addition, it will start the specified Globus services. _ttl_ should be specified as a pair with _ttl_ at least twice that of _regperiod_. The name of the GIIS defaults entry _recordname_, which is obligatory for - every element. + every element. - `/software/components/globuscfg/mds/giis/allowedregs` The _list_ of local GIISes to run. As for lists, entries which represent GIISes have numbers as names. They have an obligatory - field (_recordname_), the identifier name of the entry. This - will be taken as the default value for _name_ parameter, but can be + field (_recordname_), the identifier name of the entry. This + will be taken as the default value for _name_ parameter, but can be overriden by specifying this one explicitly. See example. -- `/software/components/globuscfg/mds/giis/allowedregs`/<number>/allowreg +- `/software/components/globuscfg/mds/giis/allowedregs`//allowreg The list of allowed host:port pairs which may register to this giis. This is a sub-parameter of the giis. @@ -139,8 +139,8 @@ addition, it will start the specified Globus services. dummy entry and explicitly specifying the tag and _name_ parameters. - The _regperiod_ and _ttl_ should be specified as a pair with _ttl_ - at least twice that of _regperiod_. + The _regperiod_ and _ttl_ should be specified as a pair with _ttl_ + at least twice that of _regperiod_. - `/software/components/globuscfg/gridftp/globus`\_flavour\_name @@ -151,12 +151,12 @@ addition, it will start the specified Globus services. - `/software/components/globuscfg/gridftp/X509`\_USER\_KEY The path to the certificate and key to use for GridFTP. Host credentials - will be used if not specified. + will be used if not specified. - `/software/components/globuscfg/gridftp/ftpd` The full path to the GridFTP daemon. Normally this is not specified - as the default is usually correct. + as the default is usually correct. - `/software/components/globuscfg/gridftp/port` @@ -164,7 +164,7 @@ addition, it will start the specified Globus services. - `/software/components/globuscfg/gridftp/umask` - The umask to use for the GridFTP daemon. The default is 002. + The umask to use for the GridFTP daemon. The default is 002. - `/software/components/globuscfg/gridftp/log` @@ -200,7 +200,7 @@ addition, it will start the specified Globus services. - `/software/components/globuscfg/gatekeeper/port` The port to use for the gatekeeper. (This defaults to 2119 if not - specified.) + specified.) - `/software/components/globuscfg/gatekeeper/logfile` @@ -211,28 +211,28 @@ addition, it will start the specified Globus services. The _list_ of job managers to use for this gatekeeper. The fork job manager is required (and required to be the default), so only non-fork - job managers need to be specified. + job managers need to be specified. -- `/software/components/globuscfg/gatekeeper/jobmanagers`/<entryNo>/recordname +- `/software/components/globuscfg/gatekeeper/jobmanagers`//recordname Obligatory parameter, identifier string for a certain job manager. -- `/software/components/globuscfg/gatekeeper/jobmanagers`/<entryNo>/type +- `/software/components/globuscfg/gatekeeper/jobmanagers`//type Mandatory option giving the type of LRMS. E.g. pbs, lsf, etc. -- `/software/components/globuscfg/gatekeeper/jobmanagers`/<enrtyNo>/job\_manager +- `/software/components/globuscfg/gatekeeper/jobmanagers`//job\_manager Name of job manager executable. -- `/software/components/globuscfg/gatekeeper/jobmanagers`/<entryNo>/job\_manager\_path +- `/software/components/globuscfg/gatekeeper/jobmanagers`//job\_manager\_path Path to the job manager executable. Only needs to be specified if it is in a non-standard location. -- `/software/components/globuscfg/gatekeeper/jobmanagers`/<entryNo>/extra\_config +- `/software/components/globuscfg/gatekeeper/jobmanagers`//extra\_config - Extra configuration options needed by the job manager. + Extra configuration options needed by the job manager. ### EXAMPLE @@ -242,14 +242,14 @@ addition, it will start the specified Globus services. "/software/components/globuscfg/GLOBUS\_CONFIG" = "/etc/globus.conf"; -"/software/components/globuscfg/services" = +"/software/components/globuscfg/services" = list(" globus-mds", "globus-gridftp"); "/software/components/globuscfg/mds/user" = "mdsuser"; "/software/components/globuscfg/gris/provider/globus-gris" = ""; -"/software/components/globuscfg/gris/provider/othergrid" = +"/software/components/globuscfg/gris/provider/othergrid" = "/opt/othergrid/othergrid.info"; "/software/components/globuscfg/gris/registration/0/recordname" = "local"; @@ -264,7 +264,7 @@ list(" globus-mds", "globus-gridftp"); "/software/components/globuscfg/mds/giis/registration/remote/regname" = "somecountry"; -"/software/components/globuscfg/mds/giis/registration/remote/reghost" = +"/software/components/globuscfg/mds/giis/registration/remote/reghost" = "giis.someplace.com"; "/software/components/globuscfg/mds/giis/registration/remote/regport" = 2135; diff --git a/docs/components-grid/gridmapdir.md b/docs/components-grid/gridmapdir.md index d9acb56..e1c8176 100644 --- a/docs/components-grid/gridmapdir.md +++ b/docs/components-grid/gridmapdir.md @@ -13,14 +13,14 @@ mapping of pool accounts. #### gridmapdir (required) The location of the configuration file. Normally this should not be -changed. +changed. #### poolaccounts (required) An nlist with the pool account prefix as the name and a long as the size of the pool. -#### sharedGridmapdir : string (optional) +#### sharedGridmapdir : string (optional) If defined must indicate the path of a shared gridmapdir. In this case, gridmapdir as defined in 'gridmapdir' property is made a symlink of this directory. diff --git a/docs/components-grid/gsissh.md b/docs/components-grid/gsissh.md index fe729a6..4dcb21c 100644 --- a/docs/components-grid/gsissh.md +++ b/docs/components-grid/gsissh.md @@ -5,19 +5,19 @@ gsissh: NCM component to manage gsissh configuration file(s) ### DESCRIPTION -The _gsissh_ component writes manages the configuration for -both the client and server sides of the GSI-enabled SSH daemon. +The _gsissh_ component writes manages the configuration for +both the client and server sides of the GSI-enabled SSH daemon. ### RESOURCES #### `/software/components/gsissh/server` An optional nlist with the server-side configuration. If not -specified, then the server is not configured. +specified, then the server is not configured. ### `/software/components/gsissh/server/port` -The port to use for the daemon. This is mandatory. +The port to use for the daemon. This is mandatory. ### `/software/components/gsissh/server/options` @@ -29,14 +29,14 @@ yes/no values. #### `/software/components/gsissh/client/options` An optional nlist giving the client options to use. Typical options -are: GssapiAuthentication, GssapiKeyExchange, and +are: GssapiAuthentication, GssapiKeyExchange, and GssapiDelegateCredentials which take yes/no values. The client is -always configured even if there are no options. +always configured even if there are no options. ### EXAMPLE "/software/components/gsissh/server/port" = 1975; -"/software/components/gsissh/server/options" = +"/software/components/gsissh/server/options" = nlist("PermitRootLogin", "no", "RSAAuthentication", "no", "PubkeyAuthentication", "no", diff --git a/docs/components-grid/lbconfig.md b/docs/components-grid/lbconfig.md index f8fb362..3f7501a 100644 --- a/docs/components-grid/lbconfig.md +++ b/docs/components-grid/lbconfig.md @@ -1,20 +1,20 @@ ### NAME -ncm-lbconfig: NCM lbconfig component +ncm-lbconfig: NCM lbconfig component ### DESCRIPTION The _ncm-lbconfig_ component manages the configuration file of the WP1 lbserver. It creates the `/opt/edg/etc/edg`\_wl\_query\_index file with -the values saved in the machine profile. +the values saved in the machine profile. ### RESOURCES #### configFile (edg\_wl\_query\_index.conf) The name of the configuration file. It will be created in the -location EDG\_LOCATION/etc. +location EDG\_LOCATION/etc. #### type (system) @@ -22,12 +22,12 @@ The type of the resource. #### owner -The owner. +The owner. #### location -The location. +The location. #### destination -The destination. +The destination. diff --git a/docs/components-grid/lcgbdii.md b/docs/components-grid/lcgbdii.md index f854c09..bfaaf9e 100644 --- a/docs/components-grid/lcgbdii.md +++ b/docs/components-grid/lcgbdii.md @@ -1,7 +1,7 @@ ### NAME -The _lcgbdii_ component manages the configuration file of BDII service. +The _lcgbdii_ component manages the configuration file of BDII service. ### DESCRIPTION @@ -31,7 +31,7 @@ Default : no #### bind : string -The binding string. +The binding string. Default: "mds-vo-name=local,o=grid" @@ -49,7 +49,7 @@ Default: `/opt/bdii/etc/bdii.conf` #### dir -The base directory for the BDII code and configuration files. +The base directory for the BDII code and configuration files. Default: `/opt/bdii` @@ -97,7 +97,7 @@ Default: none #### portRead : port number -The port to read from (version <= 4). +The port to read from (version <= 4). Default: none @@ -128,7 +128,7 @@ Default: `/opt/bdii/etc/schemas` #### schemas : list of strings (optional) -List of file names for the schema files used. +List of file names for the schema files used. Default: none @@ -164,12 +164,12 @@ The URL for the update LDIF file. #### updateUrl -The URL for the update file. +The URL for the update file. #### urls (optional) A hash containing all of the update URLs. The keys are for -documentation purposes only. +documentation purposes only. This resource is required for BDII v4 and later. diff --git a/docs/components-grid/lcgmonjob.md b/docs/components-grid/lcgmonjob.md index 7c8f3eb..2162e99 100644 --- a/docs/components-grid/lcgmonjob.md +++ b/docs/components-grid/lcgmonjob.md @@ -8,7 +8,7 @@ lcgmonjob: NCM component to configure lcg-mon-job-status daemon The _lcgmonjob_ component manages the configuration for the lcg-mon-job-status daemon. It essentially just links the init.d script to the correct location and ensures that the -daemon is restarted when the configuration changes. +daemon is restarted when the configuration changes. ### RESOURCES diff --git a/docs/components-grid/lcmaps.md b/docs/components-grid/lcmaps.md index 1cf8650..7125bdf 100644 --- a/docs/components-grid/lcmaps.md +++ b/docs/components-grid/lcmaps.md @@ -7,7 +7,7 @@ lcmaps: NCM component to manage LCMAPS configuration file(s) The _lcmaps_ component writes the LCMAPS configuration file(s). The primary file is the LCMAPS database, listing the plugin modules -to be defines and the policies to describe (in the specific order +to be defines and the policies to describe (in the specific order as specified in the list in the CDB). ### RESOURCES @@ -52,9 +52,9 @@ List (ordered) of rulesets for this policy. "/software/components/lcmaps/dbpath" = "/opt/edg/etc/lcmaps/policy.conf"; "/software/components/lcmaps/modulepath" = "/opt/edg/lib/lcmaps/modules"; - "/software/components/lcmaps/module/localaccount/path" = + "/software/components/lcmaps/module/localaccount/path" = "lcmaps_localaccount.mod"; - "/software/components/lcmaps/module/localaccount/args" = + "/software/components/lcmaps/module/localaccount/args" = "-gridmapfile `/etc/grid`-security/grid-mapfile"; "/software/components/lcmaps/module/poolaccount/path" = "lcmaps_poolaccount.mod"; @@ -93,7 +93,7 @@ resources like "/software/components/lcmaps/dbpath" are ignored, and relocated, but similarly named ones in the array "/software/components/lcmaps/config\[\]" are used. Thus, multiple LCMAPS policy files can be written to support for example separate -services (gatekeeper, gridftp) on the same host. +services (gatekeeper, gridftp) on the same host. For example, the ".../dbpath" resource becomes: "/software/components/lcmaps/config/0/dbpath" = "/opt/edg/etc/lcmaps/policy.gridftp"; diff --git a/docs/components-grid/maui.md b/docs/components-grid/maui.md index 89487e4..b746238 100644 --- a/docs/components-grid/maui.md +++ b/docs/components-grid/maui.md @@ -7,13 +7,13 @@ maui: NCM component to configure Maui server. The _maui_ component manages the configuration for the maui scheduler. By default the configuration file resides in -`/var/spool/maui/maui.cfg`. +`/var/spool/maui/maui.cfg`. ### RESOURCES #### configPath (/var/spool/maui) -The absolute path for the maui configuration directory. +The absolute path for the maui configuration directory. #### configFile (maui.cfg) @@ -23,4 +23,4 @@ The file name for the maui configuration file. The full contents of the maui configuration file. The syntax is too complex to fully translate into pan. You must supply the complete -maui configuration file in this variable. +maui configuration file in this variable. diff --git a/docs/components-grid/mkgridmap.md b/docs/components-grid/mkgridmap.md index 1865f80..7517855 100644 --- a/docs/components-grid/mkgridmap.md +++ b/docs/components-grid/mkgridmap.md @@ -6,7 +6,7 @@ mkgridmap: NCM component to configure edg-mkgridmap.conf for mkgridmap. ### DESCRIPTION The _mkgridmap_ component manages the configuration file (e.g. `/opt/edg/etc/edg`-mkgridmap.conf) for mkgridmap. -It can handle several mapfiles and support two distinct mapfile format : +It can handle several mapfiles and support two distinct mapfile format : - edg : the traditional format associating DNs with pool accounts - lcgdm : a mapfile to associate DNs to VO name. It is used by LCG products like DPM and LFC to handle @@ -30,9 +30,9 @@ This list specifies the VO to process, and the order in which they will appear. ### LCMAPS RESOURCES -#### flavor : string +#### flavor : string -This property indicates LCMAPS gridmapfile/groupmafile format. It can be 'edg' or 'glite'. When format is 'glite', FQANs +This property indicates LCMAPS gridmapfile/groupmafile format. It can be 'edg' or 'glite'. When format is 'glite', FQANs are taken literally from configuration : they must be valid VOMS FQAN in standard format. When format is 'edg', FQANs in configuration are converted into EDG format (/VO=vo\_name/GROUP=.../ROLE=...). @@ -60,18 +60,18 @@ The location of the edg-mkgridmap.conf file, by default #### command The command to run to regenerate the gridmap file. If provided, this -command will be run whenever changes to the configuration occur. +command will be run whenever changes to the configuration occur. #### groups A list of group entries in the edg-mkgridmap.conf file. For each group -uri\_<group> and user\_<group> can be defined to specify the collection +uri\_ and user\_ can be defined to specify the collection of users at a URI that should be mapped to a particular user. #### auths A list of auth entries in the edg-mkgridmap.conf file. For each auth line -a uri\_<auth> should be defined. +a uri\_ should be defined. #### lcuser @@ -92,7 +92,7 @@ this. #### gmflocal One or more local grid-mapfile(s) to be imported in the generated grid-mapfile, where they will override -other entries. By default <edgcfg.location>/etc/grid-mapfile-local. The entry +other entries. By default /etc/grid-mapfile-local. The entry can be either a string (default), or a list of strings (in which case the existing entry will have to be null-ified beforehand). @@ -103,6 +103,6 @@ overwritten if it already exists. #### locals -A list for which each element has the values of cert\_<local> and -user\_<local>. This will add mappings to the (first) grid-mapfile-local defined +A list for which each element has the values of cert\_ and +user\_. This will add mappings to the (first) grid-mapfile-local defined above. diff --git a/docs/components-grid/myproxy.md b/docs/components-grid/myproxy.md index c813cc6..fa2a12d 100644 --- a/docs/components-grid/myproxy.md +++ b/docs/components-grid/myproxy.md @@ -6,7 +6,7 @@ myproxy: NCM component to configure MyProxy server. ### DESCRIPTION The _myproxy_ component manages the `/opt/edg/etc/edg`-myproxy.conf -file for the MyProxy server. +file for the MyProxy server. ### RESOURCES diff --git a/docs/components-grid/pbsclient.md b/docs/components-grid/pbsclient.md index c46e5d2..feefcd9 100644 --- a/docs/components-grid/pbsclient.md +++ b/docs/components-grid/pbsclient.md @@ -8,7 +8,7 @@ NCM::pbsclient - NCM pbsclient configuration component - Configure() Do the necessary configuration for an PBS client at CERN. The mail two configuration files - are `/var/spool/pbs/mom`\_priv/config and `/var/spool/pbs/server`\_name. The first one is the + are `/var/spool/pbs/mom`\_priv/config and `/var/spool/pbs/server`\_name. The first one is the default configuration file for PBS, the second one is used to hold the PBS server name. In case Torque behaviour is selected, the server\_name is contained in the config file as well. @@ -87,8 +87,8 @@ NCM::pbsclient - NCM pbsclient configuration component - `/software/components/pbsclient/checkpoint`\_run\_exe : string - `/software/components/pbsclient/configPath` : string - location of the PBS mom configuration file (default: - `/var/spool/pbs/mom`\_priv/config). Note that the server\_name file is + location of the PBS mom configuration file (default: + `/var/spool/pbs/mom`\_priv/config). Note that the server\_name file is written two directories up (thus by default in `/var/spool/pbs`). - `/software/components/pbsclient/behaviour` : string diff --git a/docs/components-grid/pbsknownhosts.md b/docs/components-grid/pbsknownhosts.md index cc38e35..6097124 100644 --- a/docs/components-grid/pbsknownhosts.md +++ b/docs/components-grid/pbsknownhosts.md @@ -2,36 +2,36 @@ ### NAME The _pbsknownhosts_ component manages the configuration file -for the edg-pbs-knownhosts script. +for the edg-pbs-knownhosts script. ### DESCRIPTION The _pbsknownhosts_ component manages the configuration file for the -edg-pbs-knownhosts script. +edg-pbs-knownhosts script. ### RESOURCES #### configfile (/opt/edg/etc/edg-pbs-knownhosts.conf) The location of the configuration file. Normally this should not be -changed. +changed. #### pbsbin (/usr/bin) -The path to the pbs executables. +The path to the pbs executables. #### nodes () Space-separated list of additional nodes to add to known hosts -configuration file. The default is the empty list. +configuration file. The default is the empty list. #### keytypes (rsa1,rsa,dsa) -The types of ssh keys to generate. +The types of ssh keys to generate. #### knownhosts (/etc/ssh/ssh\_known\_hosts) -The ssh known hosts file to update. +The ssh known hosts file to update. #### knownhostsscript (/opt/edg/sbin/edg-pbs-knownhosts) @@ -41,19 +41,19 @@ The script to run for generating the known hosts. Specify what configuration files should be generated. The default is to generate a configuration for edg-pbs-knownhosts only, but -is can be set to also - or alternatively - generate the +is can be set to also - or alternatively - generate the configuration for edg-pbs-shostsequiv. -The value is an array of strings that specify the disired +The value is an array of strings that specify the disired behaviour: "pbsknownhosts/targets" = list("pbsknownhosts") will -generate the edg-pbs-knownhosts config only; "pbsknownhosts/targets" = +generate the edg-pbs-knownhosts config only; "pbsknownhosts/targets" = list("shostsequiv") will generate edg-pbs-shostsequiv config only; and "pbsknownhosts/targets" = list("pbsknownhosts","shostsequiv") will generate both. #### shostsConfigFile (optional, `/opt/edg/etc/edg`-pbs-shostsequiv.conf) -The location of the shosts-script configuration file. Normally this +The location of the shosts-script configuration file. Normally this should not be changed. #### shosts (optional, `/etc/ssh/shosts.equiv`) diff --git a/docs/components-grid/pbsknownhosts::schema.md b/docs/components-grid/pbsknownhosts::schema.md index f6ae7f1..b325268 100644 --- a/docs/components-grid/pbsknownhosts::schema.md +++ b/docs/components-grid/pbsknownhosts::schema.md @@ -13,7 +13,7 @@ - `/software/pbsknownhosts/pbsknownhosts_component/nodes` - Optional - Type: string - - Default value: + - Default value: - `/software/pbsknownhosts/pbsknownhosts_component/keytypes` - Optional - Type: string diff --git a/docs/components-grid/pbsserver.md b/docs/components-grid/pbsserver.md index c40fb27..dd0dff7 100644 --- a/docs/components-grid/pbsserver.md +++ b/docs/components-grid/pbsserver.md @@ -5,25 +5,25 @@ pbsserver: NCM component to configure partially the pbs (torque) server. ### DESCRIPTION -The _pbsserver_ component configures the pbs (torque) server. +The _pbsserver_ component configures the pbs (torque) server. Unsetting attributes of nodes doesn't work (yet). ### RESOURCES #### pbsroot (/var/spool/pbs) -The absolute path to the pbs root directory. +The absolute path to the pbs root directory. #### binpath (/usr/bin) -The absolute path to the pbs binaries qmgr and pbsnodes. +The absolute path to the pbs binaries qmgr and pbsnodes. #### submitfilter The content of the submit filter. This file will be written to the file $pbsroot/submit\_filter and a reference to this put into the $pbsroot/torque.cfg file. If this is not specified, the reference to -the script will be removed. +the script will be removed. #### env @@ -33,7 +33,7 @@ and substitutes the environment defined in this file. Typical things to set are the PATH and LANG. Optionally for torque, the variable TORQUEKEEPCOMPLETED can be set to keep jobs in a "completed" state for 5 minutes after they complete. This is very useful for debugging -problems. +problems. #### "/software/components/pbsserver/server" ? pbs\_server diff --git a/docs/components-grid/vomsclient.md b/docs/components-grid/vomsclient.md index f5213e2..0da292c 100644 --- a/docs/components-grid/vomsclient.md +++ b/docs/components-grid/vomsclient.md @@ -8,7 +8,7 @@ vomsclient: NCM component to manage VOMS client configuration The _vomsclient_ component manages the configuration for the VOMS clients. This writes the VOMS server certificates to the vomsCertsDir directory and the VOMS server parameters to the vomsServersDir -directory. +directory. ### RESOURCES @@ -16,30 +16,30 @@ directory. The directory to write the VOMS server certificates into. If the directory doesn't exist, it is created. It will remove all managed -files and create new ones each time the configuration is done. +files and create new ones each time the configuration is done. #### `/software/components/vomsclient/vomsServersDir` (/opt/edg/etc/vomses) The directory to write the VOMS server parameters into. If the directory doesn't exist, it is created. It will remove all managed -file and create new ones each time the configuration is done. +file and create new ones each time the configuration is done. -#### `/software/components/vomsclient/vos` +#### `/software/components/vomsclient/vos` This is a named list of VOMS VO information. Each key should be the -VO name. The value is a list of nlist : each nlist describes one VOMS server +VO name. The value is a list of nlist : each nlist describes one VOMS server supporting the VO. Supported properties for each VOMS server are described below. #### VOMS server properties -Each VOMS server is described with a nlist. The following properties +Each VOMS server is described with a nlist. The following properties can be used to describe one VOMS server. ### name (optional, deprecated) The complete name of the VO, if the 'vos' key is an alias name. This -property is deprecated : it is recommended to use the complete name of the -VO as 'vos' key. +property is deprecated : it is recommended to use the complete name of the +VO as 'vos' key. ### host (required) @@ -51,12 +51,12 @@ The port number of the VOMS server. ### cert (required) -The certificate for the server. +The certificate for the server. ### oldcert (optional) The expiring certificate for the server. This allows smooth transition -between 2 certificates. +between 2 certificates. ### DN (optional) @@ -72,7 +72,7 @@ Use LSC format instead of certificate to configure vomsCertsDir ### EXAMPLE -"/software/components/vomsclient/vos" = npush("somevo.example.org", +"/software/components/vomsclient/vos" = npush("somevo.example.org", list(nlist( "host","vo.somevo.example.org", "port","20000", diff --git a/docs/components-grid/wlconfig.md b/docs/components-grid/wlconfig.md index 1cb4fbd..d919f0c 100644 --- a/docs/components-grid/wlconfig.md +++ b/docs/components-grid/wlconfig.md @@ -1,25 +1,25 @@ ### NAME -ncm-wlconfig: NCM wlconfig component +ncm-wlconfig: NCM wlconfig component ### DESCRIPTION The _ncm-wlconfig_ component manages the configuration files of the WP1 NetworkServer, LogMonitor, JobController, and WorkloadManager services. All of these services read the `/opt/edg/etc/edg`\_wl.conf -file. +file. ### RESOURCES #### configFile (edg\_wl.conf) The name of the configuration file. It will be created in the -location EDG\_LOCATION/etc. +location EDG\_LOCATION/etc. #### user (edguser) -The username to use to run the services. +The username to use to run the services. #### grisCache (1) @@ -51,7 +51,7 @@ The absolute filename of the condor\_release executable. ### submitFile The directory where the temporary files are created (CondorG submit -file and job wrapper scripts). +file and job wrapper scripts). ### outputFile @@ -64,16 +64,16 @@ The JobController input queue of requests. ### log/file -The absolute file name of the JobController log file. +The absolute file name of the JobController log file. ### log/level (5) -The level for the logging. +The level for the logging. ### container (1000) The number of jobs after which the JobController must re-read the -IdRepositoryName LogMonitor file. +IdRepositoryName LogMonitor file. #### LogMonitor @@ -85,7 +85,7 @@ log file. I.e. every jobsPerCondorLog jobs, the log file is changed. ### mainLoopDuration (10) It defines how often the LogMonitor reads the CondorG log file. -I.e. every mainLoopDuration seconds the LogMonitor reads these files. +I.e. every mainLoopDuration seconds the LogMonitor reads these files. ### condorLogDir @@ -94,30 +94,30 @@ The directory where the CondorG log file are created. ### condorRecycleDir The directory where the CondorG log files which have already been read -are stored. +are stored. ### internalMonitorDir The directory where some files needed by the LogMonitor service are -created and stored. +created and stored. ### idRepositoryName (irepository.dat) The name of the file used by the LogMonitor for internal purposes (the -storage of the jobID/CondorID correspondance). +storage of the jobID/CondorID correspondance). ### abortedJobsTimeout (600) The timeout (in seconds) to have a cancelled job forgotten by the -LogMonitor (useful when the job hangs in the CondorG queue). +LogMonitor (useful when the job hangs in the CondorG queue). ### log/file -The absolute file name of the JobController log file. +The absolute file name of the JobController log file. ### log/level (5) -The level for the logging. +The level for the logging. #### NetworkServer @@ -125,7 +125,7 @@ The level for the logging. The contact parameters for the II. The host must be defined by the user. The default values are 2135, "mds-vo-name=local, o=grid", and -30 for the iiPort, iiDN, and iiTimeout parameters, respectively. +30 for the iiPort, iiDN, and iiTimeout parameters, respectively. ### grisPort, grisDN, grisTimeout @@ -135,11 +135,11 @@ grisTimeout parameters, respectively. ### listeningPort (7772) -The port used by the NetworkServer to receive requests. +The port used by the NetworkServer to receive requests. ### masterThreads (8) -The maximum number of simultaneous connections with UserInterfaces. +The maximum number of simultaneous connections with UserInterfaces. ### dispatcherThreads (8) @@ -149,18 +149,18 @@ incoming requests) with the WorkloadManager. ### sandboxStagingPath The absolute pathname of the sandbox staging directory. It is also -the location where the .BrokerInfo file is stored. +the location where the .BrokerInfo file is stored. ### quotaManagement Boolean indicating whether the system should check file quotas for the -input sandboxes. +input sandboxes. ### quotaManagement, quotaSandboxSize The quotaManagement flag is a boolean indicating whether or not the quotas should be checked for the input sandboxes. The -quotaSandboxSize is the maximum size of a single input sandbox. +quotaSandboxSize is the maximum size of a single input sandbox. ### quotaAdjustment, quotaAdjustmentAmount @@ -168,28 +168,28 @@ The quotaAdjustment is a boolean indicating whether or not dynamic quotas should be used (i.e. the system administrator has not set a system quota). The adjustment amount is the value by which the dynamic quota is increased/decreased as jobs enter and leave the -system. +system. ### reservedDiskPercentage (2.0) Is a double representing the percentage of the disk (storing the sandboxes) which the administrator wants to keep unassigned. So if -the free space is less than this amount, no new jobs can be accepted. +the free space is less than this amount, no new jobs can be accepted. ### log/file -The absolute file name of the JobController log file. +The absolute file name of the JobController log file. ### log/level (5) -The level for the logging. +The level for the logging. #### WorkloadManager ### pipeDepth (1) The maximum size of the buffer between the dispatcher and worker -threads. +threads. ### workerThreads (1) @@ -197,26 +197,26 @@ The size of the workerThread pool. ### dispatcherType (filelist) -Defines the type of the input queue of requests. +Defines the type of the input queue of requests. ### inputFile -Input queue of the requests for the WorkloadManager. +Input queue of the requests for the WorkloadManager. ### maxRetryCount (10) The maximum number of times the WorkloadManager can try to re-schedule -and re-submit a job in case of system failures. +and re-submit a job in case of system failures. ### hostProxyFile This must be the same as the X509\_USER\_PROXY value specified in the -edg-wl-ns start up script. +edg-wl-ns start up script. ### log/file -The absolute file name of the JobController log file. +The absolute file name of the JobController log file. ### log/level (5) -The level for the logging. +The level for the logging. diff --git a/docs/components-grid/wmsclient.md b/docs/components-grid/wmsclient.md index baf716a..9e38536 100644 --- a/docs/components-grid/wmsclient.md +++ b/docs/components-grid/wmsclient.md @@ -28,7 +28,7 @@ Default : true (for a present variant). The base directory to use for generating VO-specific configuration file. It defaults to EDG\_LOCATION/etc (or `/opt/edg/etc` if EDG\_LOCATION is not defined) for EDG RB, and to GLITE\_LOCATION/etc (or `/opt/glite/etc` if GLITE\_LOCATION -is not defined) for gLite WMS. +is not defined) for gLite WMS. #### `/software/components/wmsclient/MW`\_VARIANT/defaultAttrs @@ -42,7 +42,7 @@ Default values should be appropriate. VO specific configuration is under `/system/vo` configuration path. There is one entry per VO. In the resource for each VO, this component uses the items described below. Except for VO full name, information is under 'services' -for EDG RB and under 'services/wms' for gLite WMS. +for EDG RB and under 'services/wms' for gLite WMS. ### `/system/vo`/\*/name diff --git a/docs/components-grid/wmslb.md b/docs/components-grid/wmslb.md index 3b73c19..4547fcb 100644 --- a/docs/components-grid/wmslb.md +++ b/docs/components-grid/wmslb.md @@ -5,7 +5,7 @@ wmslb : NCM component to configure gLite WMS and LB ### DESCRIPTION -This NCM component allows to configure gLite WMS and LB. +This NCM component allows to configure gLite WMS and LB. ### RESOURCES diff --git a/docs/components-grid/xrootd.md b/docs/components-grid/xrootd.md index 5c3fe8b..4027705 100644 --- a/docs/components-grid/xrootd.md +++ b/docs/components-grid/xrootd.md @@ -25,7 +25,7 @@ There are several subsets of options: These options are properties found directly under `/software/components/xrootd.` - Service-specific options They are options that apply to a specific service or component of Xrootd. Examples are the DPM/Xrootd -plugin, the token-based authentication, Xrootd instances. These subsets are resources located under +plugin, the token-based authentication, Xrootd instances. These subsets are resources located under `/software/components/xrootd.` Options can be required or optional. When they are required, if a default value is provided, it is not @@ -33,7 +33,7 @@ necessary to define them explicitly: the default value will be used if they are ### Xrootd hosts -This resource describes the hosts participating to the Xrootd cluster. They are specified as a +This resource describes the hosts participating to the Xrootd cluster. They are specified as a nlist where the key is the host name and the value is a nlist specifying host specific options. Valid properties in this nlist are: @@ -56,7 +56,7 @@ Default: none #### configDir: string (required) -This option described where the Xrootd configuration information is located. This can be either an +This option described where the Xrootd configuration information is located. This can be either an absolute path or a path related to installDir (see below). Default: etc/xrootd @@ -115,12 +115,12 @@ There are two main services in a Xrootd cluster: - xrootd Several instances of this service can coexist on the same host, one for each of its roles (disk, redirector, -federated redirector). Information about these instances are found under +federated redirector). Information about these instances are found under `/software/components/xrootd/options/xrootdInstances.` One xrootd instance must exist on every xrootd host. - cmsd There must be one cmsd instance for each federation the Xrootd is participated in (a cmsd instance must -exist matching each xrootd instance of type 'fedredir'). Information about these instances are found under +exist matching each xrootd instance of type 'fedredir'). Information about these instances are found under `/software/components/xrootd/options/cmsdInstances.` In both cases, the properties (options) available are the same. @@ -147,7 +147,7 @@ Default: none #### type: list of strings (required) -The type of the instance. Can be disk, redir and fedredir for xrootd service. And only fedredir for +The type of the instance. Can be disk, redir and fedredir for xrootd service. And only fedredir for cmsd service. Default: none @@ -155,7 +155,7 @@ Default: none ### DPM/Xrootd plugin options This set of options describes the configuration of the DPM Xrootd plugin. This set is optional and must -not be defined if the DPM/Xrootd plugin is not used. It is found under +not be defined if the DPM/Xrootd plugin is not used. It is found under `/software/components/xrootd/options/dpm.` Main options are described below. @@ -199,7 +199,7 @@ Default: none #### replacementPrefix: nlist of strings (optional) It allows to specify the actual path prefix to substitute (nlist value) to a user-specified path starting -by a string matching the nlist key. This option, if present, takes precedence over +by a string matching the nlist key. This option, if present, takes precedence over defaultPrefix (see above) if the path is matching. For example: replacementPrefix = nlist('/cms', '/dpm/example.com/home/cms'); @@ -211,7 +211,7 @@ Default: none ### Token-based authentication This set of options describes the configuration of token-based authorization. This set is optional and must -not be defined if token-based authentication is not enabled. It is found under +not be defined if token-based authentication is not enabled. It is found under `/software/components/xrootd/options/tokenAuthz.` Main options are described below. @@ -226,7 +226,7 @@ Each entry in the list is a nlist with the following required properties: - path The Xrootd path the rule apply to. This is a string, it must be present and has no default. - authenticated -Operations allowed for authenticated users. This is a list of string, it must be present and has +Operations allowed for authenticated users. This is a list of string, it must be present and has no default - unauthenticated Operations allowed for unauthenticated users. This is a list of string, it must be present and @@ -238,7 +238,7 @@ has no default - vo - A specific VO that must be presented by the user (in the token) for the rule to apply. + A specific VO that must be presented by the user (in the token) for the rule to apply. This is a string, it must be present and default to '\*' (no restriction based on VO). #### authzConf: string (required) @@ -266,9 +266,9 @@ Default: none #### exportedVOs: nlist (required) -List of VOs (retrieved from the token) allowed to access the XRootd cluster through token-based -authorization. It is specified as a nlist where the key is the VO name and the value an -optional nlist allowing to specify the path related to exportedPathRoot associated with the +List of VOs (retrieved from the token) allowed to access the XRootd cluster through token-based +authorization. It is specified as a nlist where the key is the VO name and the value an +optional nlist allowing to specify the path related to exportedPathRoot associated with the VO ('path' property). When empty, the VO name is used. Note that it is strongly recommended to export only one VO with token-based authorization. diff --git a/docs/components/Ceph::compare.md b/docs/components/Ceph::compare.md index cffd471..e299261 100644 --- a/docs/components/Ceph::compare.md +++ b/docs/components/Ceph::compare.md @@ -5,6 +5,6 @@ ncm-ceph: Configuration module for CEPH ### DESCRIPTION -Main module that compares the configuration inside -the templates with those on the machines and build structures +Main module that compares the configuration inside +the templates with those on the machines and build structures that the daemon and config module can handle to perform action diff --git a/docs/components/FreeIPA::NSS.md b/docs/components/FreeIPA::NSS.md index 5f92c17..ed985b7 100644 --- a/docs/components/FreeIPA::NSS.md +++ b/docs/components/FreeIPA::NSS.md @@ -57,7 +57,7 @@ NCM::Component::FreeIPA::NSS handles the certificates using `NSS`. Make a certificate request for `fqdn` and optional `dn`, return filename of the CSR. - (Used DN is `>>). + (Used DN is `>>). - ipa\_request\_cert diff --git a/docs/components/FreeIPA::Service.md b/docs/components/FreeIPA::Service.md index fd6ada1..1532232 100644 --- a/docs/components/FreeIPA::Service.md +++ b/docs/components/FreeIPA::Service.md @@ -13,7 +13,7 @@ NCM::Component::FreeIPA::Service adds service related methods to - add\_service\_host Add a per-host service `name` for host `host` - (actual service name will `<>>). + (actual service name will `<>>). Add host `host` to list of hosts that can manage this service. diff --git a/docs/components/OpenNebula::AII.md b/docs/components/OpenNebula::AII.md index 4ad0216..569a0d7 100644 --- a/docs/components/OpenNebula::AII.md +++ b/docs/components/OpenNebula::AII.md @@ -1,8 +1,8 @@ ### NAME -`NCM::Component::OpenNebula::AII` adds `AII` hook -to generate the required resources and templates +`NCM::Component::OpenNebula::AII` adds `AII` hook +to generate the required resources and templates to instantiate/create/remove VMs within an `OpenNebula` infrastructure. #### AII diff --git a/docs/components/OpenNebula::Account.md b/docs/components/OpenNebula::Account.md index 16dc9bf..21ec7bb 100644 --- a/docs/components/OpenNebula::Account.md +++ b/docs/components/OpenNebula::Account.md @@ -1,7 +1,7 @@ ### NAME -`NCM::Component::OpenNebula::Account` adds and modifies `OpenNebula` user +`NCM::Component::OpenNebula::Account` adds and modifies `OpenNebula` user and groups accounts. #### Public methods diff --git a/docs/components/OpenNebula::Commands.md b/docs/components/OpenNebula::Commands.md index a8f204e..34da983 100644 --- a/docs/components/OpenNebula::Commands.md +++ b/docs/components/OpenNebula::Commands.md @@ -8,7 +8,7 @@ Configuration module for OpenNebula. Executes the required ssh commands to enable the hosts to be used by the cloud server. -This component needs a 'oneadmin' user. +This component needs a 'oneadmin' user. The user should be able to run these commands with sudo without password: - `virsh secret-define --file `/var/lib/one/templates/secret/secret_ceph.xml`` diff --git a/docs/components/OpenNebula::Image.md b/docs/components/OpenNebula::Image.md index 179641c..bccb47d 100644 --- a/docs/components/OpenNebula::Image.md +++ b/docs/components/OpenNebula::Image.md @@ -1,7 +1,7 @@ ### NAME -`NCM::Component::OpenNebula::Image` adds `OpenNebula` `VM` images +`NCM::Component::OpenNebula::Image` adds `OpenNebula` `VM` images support to `NCM::Component::OpenNebula`. #### Public methods @@ -9,13 +9,13 @@ support to `NCM::Component::OpenNebula`. - get\_images Gets the image template from `TT` file - and gathers the image names (`>) + and gathers the image names (`>) and datastore names to store the new images. - remove\_or\_create\_vm\_images - Creates new `VM` images and it detects if the image is - already available or not. + Creates new `VM` images and it detects if the image is + already available or not. Also it removes images if the remove flag is set. - create\_vm\_images diff --git a/docs/components/OpenNebula::Network.md b/docs/components/OpenNebula::Network.md index f4d2df0..0204d55 100644 --- a/docs/components/OpenNebula::Network.md +++ b/docs/components/OpenNebula::Network.md @@ -1,7 +1,7 @@ ### NAME -`NCM::Component::OpenNebula::Network` adds `OpenNebula` `VirtualNetwork` +`NCM::Component::OpenNebula::Network` adds `OpenNebula` `VirtualNetwork` configuration support to [opennebula](../components/opennebula.md). #### Public methods diff --git a/docs/components/OpenNebula::Server.md b/docs/components/OpenNebula::Server.md index bc17246..16f80ef 100644 --- a/docs/components/OpenNebula::Server.md +++ b/docs/components/OpenNebula::Server.md @@ -1,7 +1,7 @@ ### NAME -`NCM::Component::OpenNebula::Server` adds `OpenNebula` service configuration +`NCM::Component::OpenNebula::Server` adds `OpenNebula` service configuration support to `NCM::Component::OpenNebula`. #### Public methods diff --git a/docs/components/OpenNebula::VM.md b/docs/components/OpenNebula::VM.md index d21a470..4cf62fd 100644 --- a/docs/components/OpenNebula::VM.md +++ b/docs/components/OpenNebula::VM.md @@ -1,7 +1,7 @@ ### NAME -`NCM::Component::OpenNebula::VM` adds `OpenNebula` `VMs` +`NCM::Component::OpenNebula::VM` adds `OpenNebula` `VMs` manage support to `NCM::Component::OpenNebula`. #### Public methods diff --git a/docs/components/accounts.md b/docs/components/accounts.md index 87820ca..ebfbc5b 100644 --- a/docs/components/accounts.md +++ b/docs/components/accounts.md @@ -79,7 +79,7 @@ It updates a structure\_accounts (return value may be assigned to Default: `/sof #### keep\_user\_group(user\_or\_group:string or list of string) This functions adds a user or group to the kept\_users or kept\_groups resources. The -argument can be a string or list of strings. The return value can be assigned to +argument can be a string or list of strings. The return value can be assigned to `/software/components/accounts/kept_users` or `/software/components/accounts/kept_groups`. ### RESOURCES @@ -128,7 +128,7 @@ mandatory. The available fields are: the shell for the user. If it is defined as an empty string, the current shell is preserved for an existing account (for a new account, it will remain undefined, - meaning that the default shell on the system will be used). + meaning that the default shell on the system will be used). Defaults to `/bin/bash.` @@ -175,7 +175,7 @@ name. At least one field must be specified. An optional list of users that must be added as member of the group. The users don't have to be local users, defined in the configuration. - Note 1: group members present in the `/etc/group` file but not defined in the current configuration + Note 1: group members present in the `/etc/group` file but not defined in the current configuration are removed by **ncm-accounts** if they are not required members. Note 2: for users defined in the configuration the preferred way to add them to groups is by defining @@ -232,7 +232,7 @@ default is false. The root account can never be removed. #### `/software/components/accounts/preserved_accounts` This property may have 3 values: 'none', 'system', 'dyn\_user\_group'. It controls -the accounts/groups that have to be preserved when `remove_unknown` is true +the accounts/groups that have to be preserved when `remove_unknown` is true (it has no effect when `remove_unknown=false`). The effect of each possible value is: @@ -248,7 +248,7 @@ The effect of each possible value is: all accounts/groups in the system range and in the range used for dynamic uid/gid allocation by useradd command, ie. all - accounts/groups with uid/gid less or equal to GID/UID\_MAX as defined in + accounts/groups with uid/gid less or equal to GID/UID\_MAX as defined in `/etc/login.defs`, are preserved. The exact list of accounts preserved depends on UID/GID\_MAX value. It is possible to use login\_defs/uid\_max and login\_defs/gid\_max properties to control the preserved ranges. Not that diff --git a/docs/components/aii::freeipa::schema.md b/docs/components/aii::freeipa::schema.md index 8409868..d001b70 100644 --- a/docs/components/aii::freeipa::schema.md +++ b/docs/components/aii::freeipa::schema.md @@ -19,7 +19,7 @@ ### Functions - validate_aii_freeipa_hooks - - Description: + - Description: a function to validate all freeipa hooks example usage: bind "/system/aii/hooks" = dict with validate_aii_freeipa_hooks('post_reboot') diff --git a/docs/components/aii::opennebula::functions.md b/docs/components/aii::opennebula::functions.md index 06eb6f9..73d735f 100644 --- a/docs/components/aii::opennebula::functions.md +++ b/docs/components/aii::opennebula::functions.md @@ -2,24 +2,24 @@ ### Functions - opennebula_ipv42mac - - Description: + - Description: This function generates OpenNebula MAC addresses from MAC_PREFIX + IPv4 Based on OpenNebula opennebula_ipv42mac function: https://github.com/OpenNebula/one/blob/master/share/router/vmcontext.rb -Syntax: +Syntax: mac_prefix:string ipv4:string mac_prefix hex:hex value used also by oned.conf (02:00 by default) ipv4 IP used by the VM - opennebula_replace_vm_mac - - Description: + - Description: This function replaces nic hwaddr using OpenNebula MAC function Use the same MAC_PREFIX for OpenNebula component (oned.conf) and AII -Syntax: +Syntax: mac_prefix:string mac_prefix hex:hex value used by oned.conf diff --git a/docs/components/aii::opennebula::schema.md b/docs/components/aii::opennebula::schema.md index 389236c..b3670eb 100644 --- a/docs/components/aii::opennebula::schema.md +++ b/docs/components/aii::opennebula::schema.md @@ -30,11 +30,11 @@ - `/software/opennebula/opennebula_vmtemplate_vnet` - `/software/opennebula/opennebula_vmtemplate_datastore` - `/software/opennebula/valid_interface_ignoremac` - - Description: + - Description: Type that checks if the network interface is available from the quattor tree - `/software/opennebula/opennebula_ignoremac` - - Description: + - Description: Type that sets which net interfaces/MACs will not include MAC values within ONE templates @@ -45,7 +45,7 @@ will not include MAC values within ONE templates - Optional - Type: valid_interface_ignoremac - `/software/opennebula/opennebula_permissions` - - Description: + - Description: Type that changes resources owner/group permissions. By default opennebula-aii generates all the resources as oneadmin owner/group. owner: OpenNebula user id or user name @@ -62,7 +62,7 @@ By default opennebula-aii generates all the resources as oneadmin owner/group. - Optional - Type: long - `/software/opennebula/opennebula_vmtemplate_pci` - - Description: + - Description: It is possible to discover PCI devices in the hosts and assign them to Virtual Machines for the KVM host. I/O MMU and SR-IOV must be supported and enabled by the host OS and BIOS. @@ -106,7 +106,7 @@ http://docs.opennebula.org/5.0/deployment/open_cloud_host_setup/pci_passthrough. - Optional - Type: long - `/software/opennebula/opennebula_placements` - - Description: + - Description: Type that sets placement constraints and preferences for the VM, valid for all hosts More info: http://docs.opennebula.org/5.0/operation/references/template.html#placement-section @@ -165,20 +165,39 @@ More info: http://docs.opennebula.org/5.0/operation/references/template.html#pla - Optional - Type: opennebula_vmtemplate_pci - `/software/opennebula/opennebula_vmtemplate/labels` - - Description: labels is a list of strings to group the VMs under a given name and filter them - in the admin and cloud views. It is also possible to include in the list + - Description: labels is a list of strings to group the VMs under a given name and filter them + in the admin and cloud views. It is also possible to include in the list sub-labels using a common slash: list("Name", "Name/SubName") - This feature is available since OpenNebula 5.x, below this version the change + This feature is available since OpenNebula 5.x, below this version the change does not take effect. - Optional - Type: string - `/software/opennebula/opennebula_vmtemplate/placements` - Optional - Type: opennebula_placements + - `/software/opennebula/opennebula_vmtemplate/memorybacking` + - Description: The optional memoryBacking element may contain several elements that influence + how virtual memory pages are backed by host pages. + hugepages: This tells the hypervisor that the guest should have its memory + allocated using hugepages instead of the normal native page size. + nosharepages: Instructs hypervisor to disable shared pages + (memory merge, KSM) for this domain. + locked: When set and supported by the hypervisor, memory pages belonging to the domain + will be locked in hosts memory and the host will not be allowed to swap them out, + which might be required for some workloads such as real-time. For QEMU/KVM guests, + the memory used by the QEMU process itself will be locked too: unlike guest memory, + this is an amount libvirt has no way of figuring out in advance, so it has to remove + the limit on locked memory altogether. Thus, enabling this option opens up to a + potential security risk: the host will be unable to reclaim the locked memory back + from the guest when its running out of memory, which means a malicious guest allocating + large amounts of locked memory could cause a denial-of-service attach on the host. + - Optional + - Type: string ### Functions - validate_aii_opennebula_hooks - - Description: + - Description: Function to validate all aii_opennebula hooks + - is_consistent_memorybacking diff --git a/docs/components/authconfig::sssd.md b/docs/components/authconfig::sssd.md index 5b1f7fc..6dcaba0 100644 --- a/docs/components/authconfig::sssd.md +++ b/docs/components/authconfig::sssd.md @@ -2,11 +2,15 @@ ### Types - `/software/authconfig/sssd_provider_string` - - Description: - Valid SSSD providers. For now we only implement ldap, simple and local + - Description: + Valid SSSD providers. + + - `/software/authconfig/sssd_auth_provider_string` + - Description: + Valid SSSD auth providers. - `/software/authconfig/authconfig_sssd_simple` - - Description: + - Description: Simple access provider for SSSD. See the sssd-simple man page. - `/software/authconfig/authconfig_sssd_simple/allow_users` @@ -26,7 +30,6 @@ - `/software/authconfig/sssd_global/debug_level` - Optional - Type: long - - Default value: 496 - `/software/authconfig/sssd_global/config_file_version` - Optional - Type: long @@ -37,7 +40,6 @@ - `/software/authconfig/sssd_global/reconnection_retries` - Optional - Type: long - - Default value: 3 - `/software/authconfig/sssd_global/re_expression` - Optional - Type: string @@ -47,7 +49,6 @@ - `/software/authconfig/sssd_global/try_inotify` - Optional - Type: boolean - - Default value: true - `/software/authconfig/sssd_global/krb5_rcache_dir` - Optional - Type: string @@ -58,67 +59,58 @@ - `/software/authconfig/sssd_pam/debug_level` - Optional - Type: long - - Default value: 496 + - `/software/authconfig/sssd_pam/reconnection_retries` + - Optional + - Type: long - `/software/authconfig/sssd_pam/offline_credentials_expiration` - Optional - Type: long - - Default value: 0 - `/software/authconfig/sssd_pam/offline_failed_login_attempts` - Optional - Type: long - - Default value: 0 - `/software/authconfig/sssd_pam/offline_failed_login_delay` - Optional - Type: long - - Default value: 5 - `/software/authconfig/sssd_pam/pam_verbosity` - Optional - Type: long - - Default value: 1 - `/software/authconfig/sssd_pam/pam_id_timeout` - Optional - Type: long - - Default value: 5 - `/software/authconfig/sssd_pam/pam_pwd_expiration_warning` - Optional - Type: long - - Default value: 0 - `/software/authconfig/sssd_pam/get_domains_timeout` - Optional - Type: long - - Default value: 60 - `/software/authconfig/sssd_nss` - `/software/authconfig/sssd_nss/debug_level` - Optional - Type: long - - Default value: 496 + - `/software/authconfig/sssd_nss/reconnection_retries` + - Optional + - Type: long - `/software/authconfig/sssd_nss/enum_cache_timeout` - Optional - Type: long - - Default value: 120 - `/software/authconfig/sssd_nss/entry_cache_nowait_percentage` - Optional - Type: long - `/software/authconfig/sssd_nss/entry_negative_timeout` - Optional - Type: long - - Default value: 15 - `/software/authconfig/sssd_nss/filter_users` - Optional - Type: string - - Default value: root - `/software/authconfig/sssd_nss/filter_users_in_groups` - Optional - Type: boolean - - Default value: true - `/software/authconfig/sssd_nss/filter_groups` - Optional - Type: string - - Default value: root - `/software/authconfig/sssd_nss/memcache_timeout` - Optional - Type: long - - Default value: 300 - `/software/authconfig/authconfig_sssd_local` - `/software/authconfig/authconfig_sssd_local/default_shell` - Optional @@ -152,6 +144,9 @@ - Optional - Type: string - `/software/authconfig/authconfig_sssd_domain` + - `/software/authconfig/authconfig_sssd_domain/reconnection_retries` + - Optional + - Type: long - `/software/authconfig/authconfig_sssd_domain/ldap` - Optional - Type: authconfig_sssd_ldap @@ -172,14 +167,13 @@ - Type: sssd_provider_string - `/software/authconfig/authconfig_sssd_domain/auth_provider` - Optional - - Type: sssd_provider_string + - Type: sssd_auth_provider_string - `/software/authconfig/authconfig_sssd_domain/chpass_provider` - Optional - - Type: sssd_provider_string + - Type: sssd_auth_provider_string - `/software/authconfig/authconfig_sssd_domain/debug_level` - Optional - Type: long - - Default value: 496 - `/software/authconfig/authconfig_sssd_domain/sudo_provider` - Optional - Type: string @@ -198,7 +192,6 @@ - `/software/authconfig/authconfig_sssd_domain/re_expression` - Optional - Type: string - - Default value: (?P[^@]+)@?(?P[^@]*$) - `/software/authconfig/authconfig_sssd_domain/full_name_format` - Optional - Type: string @@ -224,11 +217,9 @@ - `/software/authconfig/authconfig_sssd_domain/proxy_fast_alias` - Optional - Type: boolean - - Default value: false - `/software/authconfig/authconfig_sssd_domain/subdomain_homedir` - Optional - Type: string - - Default value: /home/%d/%u - `/software/authconfig/authconfig_sssd_domain/proxy_pam_target` - Optional - Type: string diff --git a/docs/components/authconfig::sssd::ipa.md b/docs/components/authconfig::sssd::ipa.md index 0ef90ce..c9eba14 100644 --- a/docs/components/authconfig::sssd::ipa.md +++ b/docs/components/authconfig::sssd::ipa.md @@ -2,7 +2,7 @@ ### Types - `/software/authconfig/authconfig_sssd_ipa_krb5` - - Description: + - Description: Kerberos settings for the IPA access provider - `/software/authconfig/authconfig_sssd_ipa_krb5/validate` @@ -21,7 +21,7 @@ - Optional - Type: absolute_file_path - `/software/authconfig/authconfig_sssd_ipa_dyndns` - - Description: + - Description: dyndns settings for the IPA access provider - `/software/authconfig/authconfig_sssd_ipa_dyndns/update` @@ -48,7 +48,7 @@ - Optional - Type: type_ip - `/software/authconfig/authconfig_sssd_ipa_search_base` - - Description: + - Description: search_base settings for the IPA access provider - `/software/authconfig/authconfig_sssd_ipa_search_base/hbac` @@ -70,7 +70,7 @@ - Optional - Type: string - `/software/authconfig/authconfig_sssd_ipa` - - Description: + - Description: IPA access provider for SSSD. See the sssd-ipa man page. - `/software/authconfig/authconfig_sssd_ipa/krb5` diff --git a/docs/components/authconfig::sssd::ldap.md b/docs/components/authconfig::sssd::ldap.md index 7b86e8f..80ccae5 100644 --- a/docs/components/authconfig::sssd::ldap.md +++ b/docs/components/authconfig::sssd::ldap.md @@ -6,7 +6,7 @@ - `/software/authconfig/ldap_deref` - `/software/authconfig/ldap_order` - `/software/authconfig/sssd_chpass` - - Description: + - Description: LDAP chpass fields - `/software/authconfig/sssd_chpass/uri` @@ -34,7 +34,7 @@ - Optional - Type: string - `/software/authconfig/sssd_netgroup` - - Description: + - Description: LDAP netgroup fields - `/software/authconfig/sssd_netgroup/object_class` @@ -65,7 +65,7 @@ - Optional - Type: string - `/software/authconfig/sssd_autofs` - - Description: + - Description: LDAP autofs fields - `/software/authconfig/sssd_autofs/map_object_class` @@ -92,7 +92,7 @@ - Optional - Type: string - `/software/authconfig/sssd_ldap_service` - - Description: + - Description: LDAP IP service fields - `/software/authconfig/sssd_ldap_service/object_class` @@ -115,7 +115,7 @@ - Optional - Type: string - `/software/authconfig/authconfig_sssd_ldap` - - Description: + - Description: LDAP access provider for SSSD. See the sssd-ldap man page. Timeouts are expressed in seconds. @@ -191,10 +191,6 @@ - Optional - Type: long - Default value: 900 - - `/software/authconfig/authconfig_sssd_ldap/deref` - - Optional - - Type: ldap_deref - - Default value: never - `/software/authconfig/authconfig_sssd_ldap/deref` - Optional - Type: string @@ -240,7 +236,6 @@ - `/software/authconfig/authconfig_sssd_ldap/ns_account_lock` - Optional - Type: string - - Default value: nsAccountLock - `/software/authconfig/authconfig_sssd_ldap/offline_timeout` - Optional - Type: long @@ -263,7 +258,6 @@ - `/software/authconfig/authconfig_sssd_ldap/referrals` - Optional - Type: boolean - - Default value: true - `/software/authconfig/authconfig_sssd_ldap/rootdse_last_usn` - Optional - Type: string @@ -271,10 +265,6 @@ - Optional - Type: long - Default value: 6 - - `/software/authconfig/authconfig_sssd_ldap/use_object_class` - - Optional - - Type: string - - Default value: posixAccount - `/software/authconfig/authconfig_sssd_ldap/account_expire_policy` - Optional - Type: string diff --git a/docs/components/authconfig::sssd::user.md b/docs/components/authconfig::sssd::user.md index 6308624..de4abc8 100644 --- a/docs/components/authconfig::sssd::user.md +++ b/docs/components/authconfig::sssd::user.md @@ -2,112 +2,94 @@ ### Types - `/software/authconfig/sssd_user` + - `/software/authconfig/sssd_user/object_class` + - Optional + - Type: string + - Default value: posixAccount - `/software/authconfig/sssd_user/uid_number` - Optional - Type: string - - Default value: uidNumber - `/software/authconfig/sssd_user/gid_number` - Optional - Type: string - - Default value: gidNumber + - `/software/authconfig/sssd_user/name` + - Optional + - Type: string - `/software/authconfig/sssd_user/gecos` - Optional - Type: string - - Default value: gecos - `/software/authconfig/sssd_user/home_directory` - Optional - Type: string - - Default value: homeDirectory - `/software/authconfig/sssd_user/shell` - Optional - Type: string - - Default value: loginShell - `/software/authconfig/sssd_user/uuid` - Optional - Type: string - - Default value: nsUniqueId - `/software/authconfig/sssd_user/objectsid` - Optional - Type: string - `/software/authconfig/sssd_user/modify_timestamp` - Optional - Type: string - - Default value: modifyTimestamp - `/software/authconfig/sssd_user/shadow_last_change` - Optional - Type: string - - Default value: shadowLastChange - `/software/authconfig/sssd_user/shadow_min` - Optional - Type: string - - Default value: shadowMin - `/software/authconfig/sssd_user/shadow_max` - Optional - Type: string - - Default value: shadowMax - `/software/authconfig/sssd_user/shadow_warning` - Optional - Type: string - - Default value: shadowWarning - `/software/authconfig/sssd_user/shadow_inactive` - Optional - Type: string - - Default value: shadowInactive - `/software/authconfig/sssd_user/shadow_expire` - Optional - Type: string - - Default value: shadowExpire - `/software/authconfig/sssd_user/krb_last_pwd_change` - Optional - Type: string - - Default value: krbLastPwdChange - `/software/authconfig/sssd_user/krb_password_expiration` - Optional - Type: string - - Default value: krbPasswordExpiration - `/software/authconfig/sssd_user/ad_account_expires` - Optional - Type: string - - Default value: accountExpires - `/software/authconfig/sssd_user/ad_user_account_control` - Optional - Type: string - - Default value: userAccountControl - `/software/authconfig/sssd_user/nds_login_disabled` - Optional - Type: string - - Default value: loginDisabled - `/software/authconfig/sssd_user/nds_login_expiration_time` - Optional - Type: string - - Default value: loginDisabled - `/software/authconfig/sssd_user/nds_login_allowed_time_map` - Optional - Type: string - - Default value: loginAllowedTimeMap - `/software/authconfig/sssd_user/principal` - Optional - Type: string - - Default value: krbPrincipalName - `/software/authconfig/sssd_user/ssh_public_key` - Optional - Type: string - `/software/authconfig/sssd_user/fullname` - Optional - Type: string - - Default value: cn - `/software/authconfig/sssd_user/member_of` - Optional - Type: string - - Default value: memberOf - `/software/authconfig/sssd_user/authorized_service` - Optional - Type: string - - Default value: authorizedService - `/software/authconfig/sssd_user/authorized_host` - Optional - Type: string - - Default value: host - `/software/authconfig/sssd_user/search_base` - Optional - Type: string @@ -126,26 +108,21 @@ - `/software/authconfig/sssd_group/gid_number` - Optional - Type: string - - Default value: gidNumber - `/software/authconfig/sssd_group/member` - Optional - Type: string - - Default value: memberuid - `/software/authconfig/sssd_group/uuid` - Optional - Type: string - - Default value: nsUniqueId - `/software/authconfig/sssd_group/objectsid` - Optional - Type: string - `/software/authconfig/sssd_group/modify_timestamp` - Optional - Type: string - - Default value: modifyTimestamp - `/software/authconfig/sssd_group/nesting_level` - Optional - Type: long - - Default value: 2 - `/software/authconfig/sssd_group/search_base` - Optional - Type: string diff --git a/docs/components/ccm::schema.md b/docs/components/ccm::schema.md index 89f9c19..3b72227 100644 --- a/docs/components/ccm::schema.md +++ b/docs/components/ccm::schema.md @@ -2,7 +2,7 @@ ### Types - `/software/ccm/kerberos_principal_string` - - Description: + - Description: kerberos_principal_string is a string with format `principal[/component1[/component2[...]]]@REALM` - `/software/ccm/ccm_component` @@ -27,7 +27,7 @@ - Range: 0..1 - Default value: 0 - `/software/ccm/ccm_component/force` - - Description: Force fetching of the machine profile. Turning this on ignores the modification times. Defaults to 0. + - Description: Force fetching of the machine profile. Turning this on ignores the modification times. Defaults to 0. - Optional - Type: long - Range: 0..1 @@ -89,7 +89,7 @@ - Optional - Type: string - `/software/ccm/ccm_component/world_readable` - - Description: Whether the profiles should be world-readable. Defaults to 0. + - Description: Whether the profiles should be world-readable. Defaults to 0. - Optional - Type: long - Range: 0..1 @@ -99,7 +99,7 @@ - Optional - Type: type_absoluteURI - `/software/ccm/ccm_component/dbformat` - - Description: Format of the local database, must be `DB_File`, `CDB_File` or `GDBM_File`. Defaults to `GDBM_File`. + - Description: Format of the local database, must be `DB_File`, `CDB_File` or `GDBM_File`. Defaults to `GDBM_File`. - Optional - Type: string - `/software/ccm/ccm_component/json_typed` diff --git a/docs/components/ceph.md b/docs/components/ceph.md index 71106a4..9dd0412 100644 --- a/docs/components/ceph.md +++ b/docs/components/ceph.md @@ -13,26 +13,26 @@ Features that are implemented at this moment: - Creating cluster (manual step involved) - Set admin hosts and push config -- Fine configuration control (per daemon and/or host) +- Fine configuration control (per daemon and/or host) - Tollerates unreachable new or marked-for-deletion hosts - Checking/adding/removing Monitors - Checking/adding/removing OSDs - Checking/adding/removing MDSs - Building up/changing a crushmap, with support for erasure code - OSD based objectstore -- Wildcard support in version numbers +- Wildcard support in version numbers The implementation keeps safety as top priority. Therefore: - The config of MON, OSD and MDSs are first checked completely. Only if no errors were found, the actual changes will be deployed. -- No removals of MONs, OSDs or MDSs are actually done at this moment. Instead of removing itself, it prints the commands to use. +- No removals of MONs, OSDs or MDSs are actually done at this moment. Instead of removing itself, it prints the commands to use. - Configfiles and decompiled crushmap files are saved into a git repo. This repo can be found in the 'ncm-ceph' folder in the home directory of the ceph user - When something is not right and returns an error, the whole component exits. - You can set the version of ceph and ceph-deploy in the Quattor scheme. The component will then only run if the versions of ceph and ceph-deploy match with those versions. ### INITIAL CREATION -\- The schema details are annotated in the schema file. +\- The schema details are annotated in the schema file. \- Example pan files are included in the examples folder and also in the test folders. @@ -41,9 +41,9 @@ To set up the initial cluster, some steps should be taken: - 1. First create a ceph user on all the hosts. - 2. The deployhost(s) should have passwordless ssh access to all the hosts of the cluster e.g. by distributing the public key(s) of the ceph-deploy host(s) over the cluster hosts - (As described in the ceph-deploy documentation: + (As described in the ceph-deploy documentation: http://ceph.com/docs/master/start/quick-start-preflight/) -- 3. Run the component a first time. +- 3. Run the component a first time. It shall fail, but you should get the initial command for your cluster - 4. Run this command - 5. Run the component again to start the configuration of the new cluster @@ -53,18 +53,18 @@ To set up the initial cluster, some steps should be taken: #### `/software/components/ceph` The configuration information for the component. Each field should -be described in this section. +be described in this section. ### DEPENDENCIES The component is tested with Ceph version 0.84-0.89 and ceph-deploy version 1.5.11 and 1.5.21. -Note: ceph-deploy versions 1.5.12-20 contain a bug where gatherkeys returned a wrong exitcode, which +Note: ceph-deploy versions 1.5.12-20 contain a bug where gatherkeys returned a wrong exitcode, which caused a wrong error message in ncm-ceph. This is solved again in 1.5.21 . Following package dependencies should be installed to run the component: -- perl-Data-Structure-Util -- perl-Config-Tiny +- perl-Data-Structure-Util +- perl-Config-Tiny - perl-Test-Deep - perl-Data-Compare >= 1.23 ! - perl-Git-Repository diff --git a/docs/components/ceph::schema-mds.md b/docs/components/ceph::schema-mds.md index 1d8ae24..907a015 100644 --- a/docs/components/ceph::schema-mds.md +++ b/docs/components/ceph::schema-mds.md @@ -2,7 +2,7 @@ ### Types - `/software/ceph/ceph_mds_config` - - Description: configuration options for a ceph mds daemon + - Description: configuration options for a ceph mds daemon - `/software/ceph/ceph_mds_config/mds_cache_size` - Optional - Type: long @@ -19,8 +19,16 @@ - Optional - Type: double - Default value: 0.5 + - `/software/ceph/ceph_mds_config/mds_log_max_expiring` + - Optional + - Type: long + - Default value: 20 + - `/software/ceph/ceph_mds_config/mds_log_max_segments` + - Optional + - Type: long + - Default value: 30 - `/software/ceph/ceph_mds` - - Description: ceph mds-specific type + - Description: ceph mds-specific type - `/software/ceph/ceph_mds/fqdn` - Optional - Type: type_fqdn diff --git a/docs/components/ceph::schema-mon.md b/docs/components/ceph::schema-mon.md index 22e0bb2..efb22a7 100644 --- a/docs/components/ceph::schema-mon.md +++ b/docs/components/ceph::schema-mon.md @@ -2,9 +2,9 @@ ### Types - `/software/ceph/ceph_mon_config` - - Description: configuration options for a ceph monitor daemon + - Description: configuration options for a ceph monitor daemon - `/software/ceph/ceph_monitor` - - Description: ceph monitor-specific type + - Description: ceph monitor-specific type - `/software/ceph/ceph_monitor/fqdn` - Optional - Type: type_fqdn diff --git a/docs/components/ceph::schema-osd.md b/docs/components/ceph::schema-osd.md index 5e13be5..e04ecd7 100644 --- a/docs/components/ceph::schema-osd.md +++ b/docs/components/ceph::schema-osd.md @@ -2,7 +2,7 @@ ### Types - `/software/ceph/ceph_osd_config` - - Description: configuration options for a ceph osd daemon + - Description: configuration options for a ceph osd daemon - `/software/ceph/ceph_osd_config/osd_deep_scrub_interval` - Optional - Type: double @@ -39,7 +39,7 @@ - Optional - Type: double - `/software/ceph/ceph_osd` - - Description: + - Description: ceph osd-specific type The key of the ceph_osd should be the path to the mounted disk. This can be an absolute path or a relative one to /var/lib/ceph/osd/ @@ -65,7 +65,7 @@ With labels osds can be grouped. This should also be defined in root. - Optional - Type: string - `/software/ceph/ceph_osd_host` - - Description: ceph osdhost-specific type, defining all osds on a host + - Description: ceph osdhost-specific type, defining all osds on a host - `/software/ceph/ceph_osd_host/fqdn` - Optional - Type: type_fqdn diff --git a/docs/components/ceph::schema-rgw.md b/docs/components/ceph::schema-rgw.md index 0dbe883..d0c20c0 100644 --- a/docs/components/ceph::schema-rgw.md +++ b/docs/components/ceph::schema-rgw.md @@ -3,7 +3,7 @@ - `/software/ceph/type_quoted_string` - `/software/ceph/ceph_radosgw_config` - - Description: configuration options for a ceph rados gateway instance + - Description: configuration options for a ceph rados gateway instance - `/software/ceph/ceph_radosgw_config/host` - Optional - Type: string @@ -13,7 +13,7 @@ - `/software/ceph/ceph_radosgw_config/rgw_socket_path` - Optional - Type: string - - Default value: + - Default value: - `/software/ceph/ceph_radosgw_config/log_file` - Optional - Type: string @@ -48,7 +48,7 @@ http://ceph.com/docs/master/radosgw/ - Optional - Type: ceph_radosgw_config - `/software/ceph/ceph_radosgwh` - - Description: ceph rados gateway host, defining all gateways on a host + - Description: ceph rados gateway host, defining all gateways on a host - `/software/ceph/ceph_radosgwh/fqdn` - Optional - Type: type_fqdn diff --git a/docs/components/ceph::schema.md b/docs/components/ceph::schema.md index 4cbc1a4..b696442 100644 --- a/docs/components/ceph::schema.md +++ b/docs/components/ceph::schema.md @@ -2,15 +2,15 @@ ### Types - `/software/ceph/ceph_daemon_config` - - Description: ceph daemon config parameters + - Description: ceph daemon config parameters - `/software/ceph/ceph_daemon` - - Description: type for a generic ceph daemon + - Description: type for a generic ceph daemon - `/software/ceph/ceph_daemon/up` - Optional - Type: boolean - Default value: true - `/software/ceph/ceph_cluster_config` - - Description: ceph cluster-wide config parameters + - Description: ceph cluster-wide config parameters - `/software/ceph/ceph_cluster_config/auth_client_required` - Optional - Type: string @@ -93,7 +93,7 @@ - Optional - Type: type_network_name - `/software/ceph/ceph_crushmap_bucket` - - Description: ceph crushmap bucket definition + - Description: ceph crushmap bucket definition - `/software/ceph/ceph_crushmap_bucket/name` - Optional - Type: string @@ -125,7 +125,7 @@ - Optional - Type: dict - `/software/ceph/ceph_crushmap_rule_choice` - - Description: ceph crushmap rule step + - Description: ceph crushmap rule step - `/software/ceph/ceph_crushmap_rule_choice/chtype` - Optional - Type: string @@ -137,7 +137,7 @@ - Optional - Type: string - `/software/ceph/ceph_crushmap_rule_step` - - Description: ceph crushmap rule step + - Description: ceph crushmap rule step - `/software/ceph/ceph_crushmap_rule_step/take` - Optional - Type: string @@ -151,7 +151,7 @@ - Optional - Type: ceph_crushmap_rule_choice - `/software/ceph/ceph_crushmap_rule` - - Description: ceph crushmap rule definition + - Description: ceph crushmap rule definition - `/software/ceph/ceph_crushmap_rule/name` - Optional - Type: string @@ -177,7 +177,7 @@ - Optional - Type: ceph_crushmap_rule_step - `/software/ceph/ceph_crushmap` - - Description: + - Description: ceph crushmap definition The crushmap defines some types of buckets, a hierarchical bucket structure, @@ -197,7 +197,7 @@ and tunables for magic numbers. - Optional - Type: long - `/software/ceph/ceph_cluster` - - Description: overarching ceph cluster type, with osds, mons and msds + - Description: overarching ceph cluster type, with osds, mons and msds - `/software/ceph/ceph_cluster/config` - Optional - Type: ceph_cluster_config @@ -220,7 +220,7 @@ and tunables for magic numbers. - Optional - Type: ceph_crushmap - `/software/ceph/ceph_localdaemons` - - Description: + - Description: Decentralized config feature: For use with dedicated pan code that builds the cluster info from remote templates. @@ -228,7 +228,7 @@ For use with dedicated pan code that builds the cluster info from remote templat - Optional - Type: ceph_osd - `/software/ceph/ceph_component` - - Description: ceph clusters + - Description: ceph clusters - `/software/ceph/ceph_component/clusters` - Optional - Type: ceph_cluster diff --git a/docs/components/chkconfig.md b/docs/components/chkconfig.md index d26cc6b..161e150 100644 --- a/docs/components/chkconfig.md +++ b/docs/components/chkconfig.md @@ -39,7 +39,7 @@ NCM::chkconfig - NCM chkconfig component - `/software/components/chkconfig/service//off : string ("[0-7]*")` - `/software/components/chkconfig/service//on : string ("[0-7]*")` - Sets the service <service> on/off on specified run levels. The run + Sets the service on/off on specified run levels. The run levels are specified as string of numbers, the same way as with `chkconfig`-command. If the string is empty, system default is taken (see `man chkconfig(8)` for exact details). diff --git a/docs/components/cron::schema.md b/docs/components/cron::schema.md index d9a0279..c573446 100644 --- a/docs/components/cron::schema.md +++ b/docs/components/cron::schema.md @@ -18,7 +18,7 @@ - Optional - Type: string - `/software/cron/structure_cron_log` - - Description: + - Description: Define specific attributes for cron log file. - `/software/cron/structure_cron_log/disabled` @@ -40,21 +40,27 @@ - Type: string - `/software/cron/structure_cron_timing` - `/software/cron/structure_cron_timing/minute` + - Description: minute of hour (0-59) - Optional - Type: string - `/software/cron/structure_cron_timing/hour` + - Description: hour of day (0-23) - Optional - Type: string - `/software/cron/structure_cron_timing/day` + - Description: day of month (1-31) - Optional - Type: string - `/software/cron/structure_cron_timing/month` + - Description: month of year (1-12 or three-letter abbreviated lowercase name) - Optional - Type: string - `/software/cron/structure_cron_timing/weekday` + - Description: day of week (0-7 or three-letter abbreviated lowercase name) - Optional - Type: string - `/software/cron/structure_cron_timing/smear` + - Description: Interval (in minutes) over which to randomly smear the start time of the job - Optional - Type: long - Range: 0..1440 @@ -133,6 +139,30 @@ ### Functions - structure_cron_log_valid - - Description: + - Description: Function to check that other log properties are not present when disabled is true + - valid_cron_timing + - Description: + Validate contents of cron timing fields (see CRONTAB(5) for details) + + Cron timing fields can contain complex expressions (e.g. "1,5,13-23/2"). Rather than validate these in + depth the aim here is to catch things that are obviously wrong, such as: + * characters which are not valid in cron fields + * out of range numbers (e.g. "35" in the hour field) + * names in the wrong field (e.g. "tue" in the day of month field) + + - valid_cron_minute + - Description: Convenience wrapper for validating cron minute field + - valid_cron_hour + - Description: Convenience wrapper for validating cron hour field + - valid_cron_day_of_month + - Description: Convenience wrapper for validating cron day of month field + - valid_cron_month + - Description: Convenience wrapper for validating cron month field + - valid_cron_day_of_week + - Description: Convenience wrapper for validating cron day of week field + - valid_cron_frequency + - Description: + Validate contents of cron frequency field + diff --git a/docs/components/cups.md b/docs/components/cups.md index 1ff582e..8b3aaf2 100644 --- a/docs/components/cups.md +++ b/docs/components/cups.md @@ -34,10 +34,18 @@ NCM component allowing to configure CUPS service and declare printers. Generally, options apply either to server configuration or to client configuration. There is one exception, `ServerName`, which applies to both. - **Note** : not all the options are currently implemented. If you get a message `unsupported option` when + **Note** : not all the CUPS options are currently implemented. If you get a message `unsupported option` when running this component, look at the comments at the beginning of component Perl source about how to add support for a new option. +- `/software/components/cups/options/ServerAlias` : list of string + + This option sets the `ServerAlias` option in cupsd configuration. It is interpreted as a list of string. + + Default : None + + Scope : server + - `/software/components/cups/options/ServerName` : string This option is a special case. It is used by both client and server. In the server configuration, if not defined diff --git a/docs/components/cups::schema.md b/docs/components/cups::schema.md index 8487a50..ad75433 100644 --- a/docs/components/cups::schema.md +++ b/docs/components/cups::schema.md @@ -1,96 +1,99 @@ ### Types - - `/software/cups/component_cups_printer` - - `/software/cups/component_cups_printer/server` + - `/software/cups/cups_component_printer` + - `/software/cups/cups_component_printer/server` - Optional - Type: string - - `/software/cups/component_cups_printer/protocol` + - `/software/cups/cups_component_printer/protocol` - Optional - Type: string - - `/software/cups/component_cups_printer/printer` + - `/software/cups/cups_component_printer/printer` - Optional - Type: string - - `/software/cups/component_cups_printer/uri` + - `/software/cups/cups_component_printer/uri` - Optional - Type: string - - `/software/cups/component_cups_printer/delete` + - `/software/cups/cups_component_printer/delete` - Optional - Type: boolean - - `/software/cups/component_cups_printer/enable` + - `/software/cups/cups_component_printer/enable` - Optional - Type: boolean - - `/software/cups/component_cups_printer/class` + - `/software/cups/cups_component_printer/class` - Optional - Type: string - - `/software/cups/component_cups_printer/description` + - `/software/cups/cups_component_printer/description` - Optional - Type: string - - `/software/cups/component_cups_printer/location` + - `/software/cups/cups_component_printer/location` - Optional - Type: string - - `/software/cups/component_cups_printer/model` + - `/software/cups/cups_component_printer/model` - Optional - Type: string - - `/software/cups/component_cups_printer/ppd` + - `/software/cups/cups_component_printer/ppd` - Optional - Type: string - - `/software/cups/component_cups_options` - - `/software/cups/component_cups_options/AutoPurgeJobs` + - `/software/cups/cups_component_options` + - `/software/cups/cups_component_options/AutoPurgeJobs` - Optional - Type: legacy_binary_affirmation_string - - `/software/cups/component_cups_options/Classification` + - `/software/cups/cups_component_options/Classification` - Optional - Type: string - - `/software/cups/component_cups_options/ClassifyOverride` + - `/software/cups/cups_component_options/ClassifyOverride` - Optional - Type: string - - `/software/cups/component_cups_options/DataDir` + - `/software/cups/cups_component_options/DataDir` - Optional - Type: string - - `/software/cups/component_cups_options/DefaultCharset` + - `/software/cups/cups_component_options/DefaultCharset` - Optional - Type: string - - `/software/cups/component_cups_options/Encryption` + - `/software/cups/cups_component_options/Encryption` - Optional - Type: string - - `/software/cups/component_cups_options/ErrorLog` + - `/software/cups/cups_component_options/ErrorLog` - Optional - Type: string - - `/software/cups/component_cups_options/LogLevel` + - `/software/cups/cups_component_options/LogLevel` - Optional - Type: string - - `/software/cups/component_cups_options/MaxCopies` + - `/software/cups/cups_component_options/MaxCopies` - Optional - Type: long - - `/software/cups/component_cups_options/MaxLogSize` + - `/software/cups/cups_component_options/MaxLogSize` - Optional - Type: long - - `/software/cups/component_cups_options/PreserveJobHistory` + - `/software/cups/cups_component_options/PreserveJobHistory` - Optional - Type: legacy_binary_affirmation_string - - `/software/cups/component_cups_options/PreserveJobFiles` + - `/software/cups/cups_component_options/PreserveJobFiles` - Optional - Type: legacy_binary_affirmation_string - - `/software/cups/component_cups_options/Printcap` + - `/software/cups/cups_component_options/Printcap` - Optional - Type: string - - `/software/cups/component_cups_options/ServerAdmin` + - `/software/cups/cups_component_options/ServerAdmin` - Optional - Type: string - - `/software/cups/component_cups_options/ServerName` + - `/software/cups/cups_component_options/ServerAlias` - Optional - Type: string - - `/software/cups/component_cups` - - `/software/cups/component_cups/defaultprinter` + - `/software/cups/cups_component_options/ServerName` - Optional - Type: string - - `/software/cups/component_cups/nodetype` + - `/software/cups/cups_component` + - `/software/cups/cups_component/defaultprinter` - Optional - Type: string - - `/software/cups/component_cups/options` + - `/software/cups/cups_component/nodetype` - Optional - - Type: component_cups_options - - `/software/cups/component_cups/printers` + - Type: string + - `/software/cups/cups_component/options` + - Optional + - Type: cups_component_options + - `/software/cups/cups_component/printers` - Optional - - Type: component_cups_printer + - Type: cups_component_printer diff --git a/docs/components/download::schema.md b/docs/components/download::schema.md index 5f0e18e..109072e 100644 --- a/docs/components/download::schema.md +++ b/docs/components/download::schema.md @@ -101,3 +101,7 @@ - Description: seconds, total timeout for fetch of file, can be overridden per file - Optional - Type: long + - `/software/download/download_component/kinit_args` + - Description: argumensts to be passed in kinit -k called in ncm-download + - Optional + - Type: string diff --git a/docs/components/filecopy.md b/docs/components/filecopy.md index c199bf6..b61fed0 100644 --- a/docs/components/filecopy.md +++ b/docs/components/filecopy.md @@ -9,7 +9,7 @@ The _filecopy_ component manages services which have configuration files that can be representated as strings in pan or built by copying a template already present on the machine (eg. provided by a RPM). A "restart" command can be given which will be run whenever the configuration -changes. +changes. Note: that this does not do any validation checking on the content of the service configuration. If this is desired, a service-specific @@ -25,7 +25,7 @@ component should be written. #### `/software/components/filecopy/forceRestart`: boolean (required) -A boolean that defines if the restart command (if any defined) of the file(s) +A boolean that defines if the restart command (if any defined) of the file(s) must be executed even though the files were up-to-date (default behaviour is to execute the restart command only if file content, permissions or owner/group has been changed). @@ -92,7 +92,7 @@ Default: none ### forceRestart: boolean (required) -A boolean that defines if the restart command (if any defined) +A boolean that defines if the restart command (if any defined) must be executed even though the file was up-to-date (default behaviour is to execute the restart command only if file content, permissions or owner/group has been changed). diff --git a/docs/components/filesystems::schema.md b/docs/components/filesystems::schema.md index 004803a..ed9f3a3 100644 --- a/docs/components/filesystems::schema.md +++ b/docs/components/filesystems::schema.md @@ -2,7 +2,7 @@ ### Types - `/software/filesystems/structure_component_filesystems` - - Description: + - Description: when manage_blockdevs is false, filesystems does same as fstab No other resources here: this component takes its configuration from fstab component, "/system/filesystems" and "/system/blockdevices" diff --git a/docs/components/fmonagent.md b/docs/components/fmonagent.md index 140641b..48aee75 100644 --- a/docs/components/fmonagent.md +++ b/docs/components/fmonagent.md @@ -9,7 +9,7 @@ NCM::fmonagent - NCM Lemon Monitoring Agent configuration component Creates configuration file(s) and restarts the lemon-agent service. In case of the single file configuration the files - is defined in the CDB template as file and in case of split file as + is defined in the CDB template as file and in case of split file as a directory where the following structure is expected: top_dir/general.conf diff --git a/docs/components/freeipa::schema.md b/docs/components/freeipa::schema.md index 0f29f9d..002ec2f 100644 --- a/docs/components/freeipa::schema.md +++ b/docs/components/freeipa::schema.md @@ -2,13 +2,13 @@ ### Types - `/software/freeipa/component_freeipa_member` - - Description: group members configuration + - Description: group members configuration - `/software/freeipa/component_freeipa_member/user` - Description: (minimal) user group members - Optional - Type: string - `/software/freeipa/component_freeipa_group` - - Description: group configuration + - Description: group configuration - `/software/freeipa/component_freeipa_group/gidnumber` - Description: group ID number - Optional @@ -19,7 +19,7 @@ - Optional - Type: component_freeipa_member - `/software/freeipa/component_freeipa_user` - - Description: service configuration + - Description: service configuration - `/software/freeipa/component_freeipa_user/uidnumber` - Description: user ID number - Optional @@ -54,14 +54,14 @@ - Optional - Type: string - `/software/freeipa/component_freeipa_service` - - Description: service configuration + - Description: service configuration - `/software/freeipa/component_freeipa_service/hosts` - Description: regular expressions to match known hosts; for each host, a service/host principal will be added and the host is allowed to retrieve the keytab - Optional - Type: string - `/software/freeipa/component_freeipa_host` - - Description: host configuration + - Description: host configuration - `/software/freeipa/component_freeipa_host/ip_address` - Description: host ip address (for DNS configuration only) - Optional @@ -71,7 +71,7 @@ - Optional - Type: string - `/software/freeipa/component_freeipa_dns` - - Description: DNS zone configuration + - Description: DNS zone configuration - `/software/freeipa/component_freeipa_dns/subnet` - Description: subnet to use, in A.B.C.D/MASK notation - Optional @@ -86,7 +86,7 @@ - Type: boolean - Default value: true - `/software/freeipa/component_freeipa_server` - - Description: Server configuration + - Description: Server configuration - `/software/freeipa/component_freeipa_server/dns` - Description: subnet name with DNSzone information - Optional @@ -108,7 +108,7 @@ - Optional - Type: component_freeipa_group - `/software/freeipa/component_freeipa_permission` - - Description: permission / ownership for keytabs and certificates + - Description: permission / ownership for keytabs and certificates - `/software/freeipa/component_freeipa_permission/mode` - Description: mode/permissions - Optional @@ -125,29 +125,29 @@ - Type: string - Default value: root - `/software/freeipa/component_freeipa_keytab` - - Description: keytab for service configuration + - Description: keytab for service configuration - `/software/freeipa/component_freeipa_keytab/service` - Description: service to retrieve keytab for (the pricipal service/fqdn is used if no component is specified) - Optional - Type: string - `/software/freeipa/component_freeipa_certificate` - - Description: + - Description: Certificate to request/retrieve. cert and/or key can be optionally extracted from NSSDB. Permissions are set on both cert and key, with certmode for the certificate. The nick is an alias for DN, and is unique (adding a 2nd nick for same, existing DN will result in adding a new entry with already existing nick). - `/software/freeipa/component_freeipa_certificate/cert` - - Description: certificate location to extract + - Description: certificate location to extract - Optional - Type: string - `/software/freeipa/component_freeipa_certificate/certmode` - - Description: certificate mode/permissions + - Description: certificate mode/permissions - Optional - Type: long - Default value: 292 - `/software/freeipa/component_freeipa_certificate/key` - - Description: (private) key location to extract + - Description: (private) key location to extract - Optional - Type: string - `/software/freeipa/component_freeipa_principal` diff --git a/docs/components/fstab::schema.md b/docs/components/fstab::schema.md index b8ee43b..64e8abe 100644 --- a/docs/components/fstab::schema.md +++ b/docs/components/fstab::schema.md @@ -2,7 +2,7 @@ ### Types - `/software/fstab/fstab_protected_entries` - - Description: + - Description: Protected mountpoints and filesystem types. mounts is looked for on the second field of fstab, fs_file fs_types is looked for on the third field of fstab, fs_vfstype @@ -16,7 +16,7 @@ protected_mounts field in the structure_component_fstab type - Optional - Type: string - `/software/fstab/structure_component_fstab` - - Description: + - Description: fstab component structure keep entries are always kept, but can be changed static entries can not be changed, but can be deleted diff --git a/docs/components/ganglia.md b/docs/components/ganglia.md index 99fb9fa..463aaae 100644 --- a/docs/components/ganglia.md +++ b/docs/components/ganglia.md @@ -12,4 +12,4 @@ ganglia #### `/software/components/ganglia` The configuration information for the component. Each field should -be described in this section. +be described in this section. diff --git a/docs/components/gmetad.md b/docs/components/gmetad.md index 5801c43..6a55d69 100644 --- a/docs/components/gmetad.md +++ b/docs/components/gmetad.md @@ -32,7 +32,7 @@ The schema for this component is very similar to the options in the configuratio - `/software/components/gmetad/scalability` : string - Optional flag to enable or disable scalability mode. + Optional flag to enable or disable scalability mode. Valid values are `on` and `off`. - `/software/components/gmetad/file` : string diff --git a/docs/components/grub::schema.md b/docs/components/grub::schema.md index 9c46ad1..3ad1746 100644 --- a/docs/components/grub::schema.md +++ b/docs/components/grub::schema.md @@ -2,7 +2,7 @@ ### Types - `/software/grub/type_grub_password` - - Description: + - Description: the crypted password can be supplied either in the password field OR, alternatively, within a file. this could be useful if putting the crypted password in the profile is undesirable. for this the file will be scanned diff --git a/docs/components/iptables.md b/docs/components/iptables.md index cf73e02..197e877 100644 --- a/docs/components/iptables.md +++ b/docs/components/iptables.md @@ -141,7 +141,7 @@ if the parameter is true. - The **"out\_interface"** defines the output interface for the packet. - The **"target"** defines the target for the packet: "log", "accept" or "drop". -#### \* function add\_rule(<table>, <rule>) +#### \* function add\_rule(, ) This function add a new entry rule to the resource list diff --git a/docs/components/ldconf.md b/docs/components/ldconf.md index 98fe0ce..7d0a2ba 100644 --- a/docs/components/ldconf.md +++ b/docs/components/ldconf.md @@ -15,8 +15,8 @@ this component. - `/software/components/ldconf/conffile` The configuration file to manage. Should be set to `/etc/ld.so.conf` - unless your doing something unusual. + unless your doing something unusual. - `/software/components/ldconf/paths` - List of paths to ensure are in the `ld.so.conf` configuration file. + List of paths to ensure are in the `ld.so.conf` configuration file. diff --git a/docs/components/libvirtd.md b/docs/components/libvirtd.md index f7b13b6..02f98de 100644 --- a/docs/components/libvirtd.md +++ b/docs/components/libvirtd.md @@ -10,7 +10,7 @@ The base path for all of the configuration parameters is `/software/components/libvirtd.` The following sections describe the elements that are permitted directly below this base path. With further parameters described in each section. All parameters are - optional. Except the configuration file location. + optional. Except the configuration file location. #### libvirtd\_config (R '/etc/libvirt/libvirtd.conf') @@ -48,7 +48,7 @@ This section contains the authentication parameters. #### tls -This section contains the parameters for TLS. +This section contains the parameters for TLS. - key\_file: full path to key file - cert\_file: full path to certificate file @@ -57,7 +57,7 @@ This section contains the parameters for TLS. #### authz -This section contains the authorization parameters. +This section contains the authorization parameters. - tls\_no\_verify\_certificate: 0 or 1, defaults to verification - tls\_allowed\_dn\_list: list of allowed DNs @@ -65,7 +65,7 @@ This section contains the authorization parameters. #### processing -This section contains the parameters used to control the processing. +This section contains the parameters used to control the processing. - max\_clients: maximum number of clients - min\_workers: minimum number of workers diff --git a/docs/components/metaconfig::schema.md b/docs/components/metaconfig::schema.md index 4abcf1a..f1a98bd 100644 --- a/docs/components/metaconfig::schema.md +++ b/docs/components/metaconfig::schema.md @@ -3,7 +3,7 @@ - `/software/metaconfig/metaconfig_extension` - `/software/metaconfig/metaconfig_textrender_convert` - - Description: + - Description: Convert value of certain types (e.g. boolean to string yes/no) (using the CCM::TextRender element options) @@ -39,6 +39,18 @@ - Description: Convert list to space-separated string - Optional - Type: boolean + - `/software/metaconfig/metaconfig_textrender_convert/unescapekey` + - Description: Unescape all dict keys + - Optional + - Type: boolean + - `/software/metaconfig/metaconfig_textrender_convert/lowerkey` + - Description: Convert all dict keys to lowercase + - Optional + - Type: boolean + - `/software/metaconfig/metaconfig_textrender_convert/upperkey` + - Description: Convert all dict keys to uppercase + - Optional + - Type: boolean - `/software/metaconfig/caf_service_action` - `/software/metaconfig/metaconfig_config` - `/software/metaconfig/metaconfig_config/mode` diff --git a/docs/components/network::core-schema.md b/docs/components/network::core-schema.md index 5a530e4..cff2706 100644 --- a/docs/components/network::core-schema.md +++ b/docs/components/network::core-schema.md @@ -2,7 +2,7 @@ ### Types - `/software/network/structure_route` - - Description: + - Description: Add route (IPv4 of IPv6) Presence of ':' in any of the values indicates this is IPv6 related. @@ -27,7 +27,7 @@ - Optional - Type: string - `/software/network/structure_rule` - - Description: + - Description: Add rule (IPv4 of IPv6) Presence of ':' in any of the values indicates this is IPv6 related. @@ -36,7 +36,7 @@ - Optional - Type: string - `/software/network/structure_interface_alias` - - Description: + - Description: Interface alias - `/software/network/structure_interface_alias/ip` @@ -52,7 +52,7 @@ - Optional - Type: type_fqdn - `/software/network/structure_bonding_options` - - Description: + - Description: Describes the bonding options for configuring channel bonding on EL5 and similar. - `/software/network/structure_bonding_options/mode` @@ -79,7 +79,7 @@ - Optional - Type: string - `/software/network/structure_bridging_options` - - Description: + - Description: describes the bridging options (the parameters for /sys/class/net/
/brport) @@ -108,7 +108,7 @@ - Optional - Type: long - `/software/network/structure_ethtool_offload` - - Description: + - Description: interface ethtool offload - `/software/network/structure_ethtool_offload/rx` @@ -125,7 +125,7 @@ - Optional - Type: string - `/software/network/structure_ethtool_ring` - - Description: + - Description: Set the ethernet transmit or receive buffer ring counts. See ethtool --show-ring for the values. @@ -142,7 +142,7 @@ - Optional - Type: long - `/software/network/structure_ethtool_wol` - - Description: + - Description: ethtool wol p|u|m|b|a|g|s|d... from the man page Sets Wake-on-LAN options. Not all devices support this. The argument to this option is a string @@ -157,7 +157,7 @@ d Disable (wake on nothing). This option clears all previous option - `/software/network/structure_ethtool` - - Description: + - Description: ethtool - `/software/network/structure_ethtool/wol` @@ -173,7 +173,7 @@ - Optional - Type: long - `/software/network/structure_interface_plugin_vxlan` - - Description: + - Description: interface plugin for vxlan support via initscripts-vxlan - `/software/network/structure_interface_plugin_vxlan/vni` @@ -203,7 +203,7 @@ - Optional - Type: boolean - `/software/network/structure_interface_plugin` - - Description: + - Description: interface plugin via custom ifup/down[-pre]-local hooks - `/software/network/structure_interface_plugin/vxlan` @@ -211,7 +211,7 @@ - Optional - Type: structure_interface_plugin_vxlan - `/software/network/structure_interface` - - Description: + - Description: interface - `/software/network/structure_interface/ip` @@ -380,11 +380,11 @@ - Optional - Type: structure_interface_plugin - `/software/network/structure_router` - - Description: + - Description: router - `/software/network/structure_ipv6` - - Description: + - Description: IPv6 global settings - `/software/network/structure_ipv6/enabled` @@ -397,7 +397,7 @@ - Optional - Type: valid_interface - `/software/network/structure_network` - - Description: + - Description: Host network configuration These values are used to generate /etc/sysconfig/network diff --git a/docs/components/nfs.md b/docs/components/nfs.md index 67da574..a4942e8 100644 --- a/docs/components/nfs.md +++ b/docs/components/nfs.md @@ -6,7 +6,7 @@ nfs: NCM component for `/etc/exports` and `/etc/fstab` ### DESCRIPTION The _nfs_ component manages entries for `NFS` in the `/etc/exports` -and/or `NFS`/`NFSv4`/`CephFS`/`PanFS`/`bind` mount in the `/etc/fstab` files. +and/or `NFS`/`NFSv4`/`Ceph`/`PanFS`/`bind` mount in the `/etc/fstab` files. ### Example @@ -78,7 +78,7 @@ and/or `NFS`/`NFSv4`/`CephFS`/`PanFS`/`bind` mount in the `/etc/fstab` files. The current managed entries are - - devices with filesystems `nfs`, `nfs4`, `panfs` or `cephfs`. + - devices with filesystems `nfs`, `nfs4`, `panfs` or [ceph](../components/ceph.md). - bind mounts (filesystem `none` and mount option `bind`) Method returns diff --git a/docs/components/nfs::schema.md b/docs/components/nfs::schema.md index 47e0592..afeb70d 100644 --- a/docs/components/nfs::schema.md +++ b/docs/components/nfs::schema.md @@ -48,7 +48,7 @@ If a path is listed more than once, then the last entry will be used to generate the exports file. - + - Optional - Type: structure_nfs_exports - `/software/nfs/nfs_component/mounts` @@ -65,6 +65,10 @@ If the mounts change, then the component will attempt to unmount any mounts which are removed and mount any new ones. If the options change, then the volume will be remounted. - + + If the list is empty, all supported mounts in fstab will be removed. + If you don't want ncm-nfs to modify /etc/fstab, do not set the mounts + attribute at all. + - Optional - Type: structure_nfs_mounts diff --git a/docs/components/nrpe.md b/docs/components/nrpe.md index 4c32788..a47a174 100644 --- a/docs/components/nrpe.md +++ b/docs/components/nrpe.md @@ -5,84 +5,3 @@ The _nrpe_ component manages the NRPE daemon, which executes Nagios plugins on remote hosts. The NRPE service can be run under xinetd or as a stand-alone daemon. This component only supports the stand-alone way. - -### COMPONENT STRUCTURE - -All fields are required (but most have sensible defaults unless otherwise stated). - -- `/software/components/nrpe/options/allowed_hosts : type_hostname[]` - - List of hosts allowed to order the NRPE daemon to run commands. - - Must be specified, no default is provided. - -- `/software/components/nrpe/options/command : string {}` - - Named list with the command lines to be run. It is indexed with the - command identifiers. Check Nagios' documentation for more information - on command definitions. - - Must be specified, no default is provided. - -- `/software/components/nrpe/options/log_facility : string` - - The syslog facility that should be used for logging purposes. - -- `/software/components/nrpe/options/pid_file : string` - - File in which the NRPE daemon should write it's process ID number. - -- `/software/components/nrpe/options/server_port : type_port` - - The port the daemon will listen to. - -- `/software/components/nrpe/options/server_address ? string` - - Address that nrpe should bind to if you do not want nrpe to bind on all interfaces. - - Optional field. - -- `/software/components/nrpe/options/nrpe_user : string` - - User the daemon will run as. For instance, 'nagios'. - -- `/software/components/nrpe/options/nrpe_group : string` - - Group the daemon will run as. For instance, 'nagios'. - -- `/software/components/nrpe/options/dont_blame_nrpe : boolean` - - Whether or not the remote hosts are allowed to pass arguments to the - commands offered by NRPE. It is false by default, so arguments are not - allowed for security reasons. - -- `/software/components/nrpe/options/command_prefix ? string` - - Optional prefix for every single command to be run. For instance, - `/usr/bin/sudo`. - - Optional field. - -- `/software/components/nrpe/options/debug : boolean` - - Whether or not debugging messages are logged to the syslog facility. - -- `/software/components/nrpe/options/command_timeout : long` - - Timeout for commands, in seconds. - -- `/software/components/nrpe/options/connection_timeout : long` - - Timeout for connections, in seconds. - -- `/software/components/nrpe/options/allow_weak_random_seed : boolean` - - Whether or not allow weak random number generation. - -- `/software/components/nrpe/options/include : string []` - - List of external file names that should be included. - -- `/software/components/nrpe/options/include_dir : string []` - - List of directory names that should be included. diff --git a/docs/components/nrpe::schema.md b/docs/components/nrpe::schema.md index 5eae957..2f62ccc 100644 --- a/docs/components/nrpe::schema.md +++ b/docs/components/nrpe::schema.md @@ -3,68 +3,87 @@ - `/software/nrpe/component_nrpe_options` - `/software/nrpe/component_nrpe_options/log_facility` + - Description: The syslog facility that should be used for logging purposes. - Optional - Type: string - Default value: daemon - `/software/nrpe/component_nrpe_options/pid_file` + - Description: File in which the NRPE daemon should write it's process ID number. - Optional - Type: string - Default value: /var/run/nrpe.pid - `/software/nrpe/component_nrpe_options/server_port` + - Description: The port the daemon will listen to. - Optional - Type: type_port - Default value: 5666 - `/software/nrpe/component_nrpe_options/server_address` + - Description: Address that nrpe should bind to if you do not want nrpe to bind on all interfaces. - Optional - Type: string - `/software/nrpe/component_nrpe_options/nrpe_user` + - Description: User the daemon will run as. - Optional - Type: string - Default value: nagios - `/software/nrpe/component_nrpe_options/nrpe_group` + - Description: Group the daemon will run as. - Optional - Type: string - Default value: nagios - `/software/nrpe/component_nrpe_options/allowed_hosts` + - Description: List of hosts allowed to order the NRPE daemon to run commands. - Optional - Type: type_hostname - `/software/nrpe/component_nrpe_options/dont_blame_nrpe` + - Description: Whether or not the remote hosts are allowed to pass arguments to the + commands offered by NRPE. - Optional - Type: boolean - Default value: false - `/software/nrpe/component_nrpe_options/command_prefix` + - Description: Optional prefix for every single command to be run (e.g. /usr/bin/sudo). - Optional - Type: string - `/software/nrpe/component_nrpe_options/debug` + - Description: Whether or not debugging messages are logged to the syslog facility. - Optional - Type: boolean - Default value: false - `/software/nrpe/component_nrpe_options/command_timeout` + - Description: Timeout for commands, in seconds. - Optional - Type: long - Default value: 60 - `/software/nrpe/component_nrpe_options/connection_timeout` + - Description: Timeout for connections, in seconds. - Optional - Type: long - Default value: 300 - `/software/nrpe/component_nrpe_options/allow_weak_random_seed` + - Description: Whether or not allow weak random number generation. - Optional - Type: boolean - Default value: false - `/software/nrpe/component_nrpe_options/command` + - Description: Dict with the command lines to be run. Keys are the + command identifiers. Check Nagios' documentation for more information + on command definitions. - Optional - Type: string - `/software/nrpe/component_nrpe_options/include` + - Description: List of external file names that should be included. - Optional - Type: string - `/software/nrpe/component_nrpe_options/include_dir` + - Description: List of directory names that should be included. - Optional - Type: string - - `/software/nrpe/structure_component_nrpe` - - `/software/nrpe/structure_component_nrpe/mode` + - `/software/nrpe/nrpe_component` + - `/software/nrpe/nrpe_component/mode` - Optional - Type: long - Default value: 416 - - `/software/nrpe/structure_component_nrpe/options` + - `/software/nrpe/nrpe_component/options` - Optional - Type: component_nrpe_options diff --git a/docs/components/nsca.md b/docs/components/nsca.md index 42043b9..96f7f53 100644 --- a/docs/components/nsca.md +++ b/docs/components/nsca.md @@ -7,7 +7,7 @@ In Nagios terms, they are known as passive check results (i.e. not initated by N ### COMPONENT STRUCTURE -This component can be used to configure an NSCA daemon and/or NSCA client. +This component can be used to configure an NSCA daemon and/or NSCA client. The daemon is only configured if its configuration exists under `/software/components/nsca/daemon`, the client part is configured if the configuration under `/software/components/nsca/send` is defined. diff --git a/docs/components/nscd.md b/docs/components/nscd.md index 0341a07..28e197e 100644 --- a/docs/components/nscd.md +++ b/docs/components/nscd.md @@ -7,7 +7,7 @@ NCM::nscd - NCM component to configure nscd. - Configure() - Configures the name service caching daemon (nscd). See the `nscd.conf(5)` man page + Configures the name service caching daemon (nscd). See the `nscd.conf(5)` man page or the CDB schema file for allowed options. Booleans have to be written as _yes_ or _no_ in the template, this is the way _nscd_ expects them. diff --git a/docs/components/ntpd::schema.md b/docs/components/ntpd::schema.md index a9d7da7..de5c876 100644 --- a/docs/components/ntpd::schema.md +++ b/docs/components/ntpd::schema.md @@ -9,7 +9,7 @@ - Optional - Type: type_ip - `/software/ntpd/ntpd_server_options` - - Description: + - Description: Server command options Refer to man ntp.conf for details. @@ -51,7 +51,7 @@ - Type: long - Range: 1..4 - `/software/ntpd/ntpd_restrict_options` - - Description: + - Description: Base restrict command options Refer to C<< man ntp_acc >> for more information or access control commands. @@ -99,12 +99,12 @@ - Type: long - Range: 1..4 - `/software/ntpd/ntpd_restrict_default` - - Description: + - Description: Default restrict command options. Default when none-defined: restrict default ignore. - `/software/ntpd/ntpd_server_definition` - - Description: + - Description: Server address with optional options and access restrictions Allows to configure timeservers with their own options. @@ -116,7 +116,7 @@ - Optional - Type: ntpd_server_options - `/software/ntpd/ntpd_tinker_options` - - Description: + - Description: Alter certain system variables used by the clock discipline algorithm - `/software/ntpd/ntpd_tinker_options/allan` @@ -141,7 +141,7 @@ - Optional - Type: long - `/software/ntpd/ntpd_system_options` - - Description: + - Description: System options that can be en/disabled. Flags not mentioned are unaffected. Note that all of these flags can be controlled remotely using @@ -173,7 +173,7 @@ - Optional - Type: boolean - `/software/ntpd/ntpd_logconfig` - - Description: + - Description: Log configuration arguments must be defined in a list of strings. Values for each argument must follow what is defined in ntp_misc manual. Refer to ntp_misc manpage for more details. @@ -185,7 +185,7 @@ "logconfig" = list("-syncstatus", "+sysevents"); - `/software/ntpd/ntpd_statistics` - - Description: + - Description: Monitoring/statistics options, see ntp_mon manpage. - `/software/ntpd/ntpd_statistics/clockstats` @@ -207,7 +207,7 @@ - Optional - Type: boolean - `/software/ntpd/ntpd_filegen` - - Description: + - Description: Monitoring/statistics options, see ntp_mon manpage. - `/software/ntpd/ntpd_filegen/name` diff --git a/docs/components/ofed::schema.md b/docs/components/ofed::schema.md index c4e0b9f..e5f0003 100644 --- a/docs/components/ofed::schema.md +++ b/docs/components/ofed::schema.md @@ -227,7 +227,7 @@ - Optional - Type: string - `/software/ofed/component_ofed_partition` - - Description: + - Description: Partition entry - `/software/ofed/component_ofed_partition/key` diff --git a/docs/components/openldap::schema.md b/docs/components/openldap::schema.md index 104fca9..d61bdf6 100644 --- a/docs/components/openldap::schema.md +++ b/docs/components/openldap::schema.md @@ -2,11 +2,11 @@ ### Types - `/software/openldap/long_pow2` - - Description: + - Description: power of 2 (up to 64k) - `/software/openldap/ldap_hash` - - Description: + - Description: Possible acceptable values - `/software/openldap/ldap_sizelimit` @@ -550,7 +550,7 @@ ### Functions - openldap_loglevels_to_long - - Description: + - Description: converts a list of named loglevels to its numeric value returns undef in case of unknown entry returns (whichever comes first in list) diff --git a/docs/components/opennebula::schema.md b/docs/components/opennebula::schema.md index 929199e..0882431 100644 --- a/docs/components/opennebula::schema.md +++ b/docs/components/opennebula::schema.md @@ -44,7 +44,7 @@ - `/software/opennebula/opennebula_federation/master_oned` - Optional - Type: string - - Default value: + - Default value: - `/software/opennebula/opennebula_im` - `/software/opennebula/opennebula_im/executable` - Optional @@ -152,7 +152,7 @@ - Optional - Type: boolean - `/software/opennebula/opennebula_ds_mad_conf` - - Description: + - Description: The configuration for each driver is defined in DS_MAD_CONF. These values are used when creating a new datastore and should not be modified since they defined the datastore behavior. @@ -175,7 +175,7 @@ since they defined the datastore behavior. - Optional - Type: string - `/software/opennebula/opennebula_market_mad_conf` - - Description: + - Description: The configuration for each driver is defined in MARKET_MAD_CONF. These values are used when creating a new marketplace and should not be modified since they define the marketplace behavior. @@ -195,7 +195,7 @@ A public marketplace can be removed even if it has registered apps. monitor: the apps of the marketplace will be monitored. create: the app in the marketplace. delete: the app from the marketplace. - + - Optional - Type: string - `/software/opennebula/opennebula_market_mad_conf/public` @@ -203,7 +203,7 @@ A public marketplace can be removed even if it has registered apps. - Optional - Type: boolean - `/software/opennebula/opennebula_default_cost` - - Description: + - Description: The following attributes define the default cost for Virtual Machines that don't have a CPU, MEMORY or DISK cost. This is used by the oneshowback calculate method. @@ -221,7 +221,7 @@ This is used by the oneshowback calculate method. - Type: long - Default value: 0 - `/software/opennebula/opennebula_vnc_ports` - - Description: + - Description: VNC_BASE_PORT is deprecated since OpenNebula 5.0 OpenNebula will automatically assign start + vmid, allowing to generate different ports for VMs so they do not collide. @@ -237,7 +237,7 @@ allowing to generate different ports for VMs so they do not collide. - Optional - Type: long - `/software/opennebula/opennebula_vlan_ids` - - Description: + - Description: LAN ID pool for the automatic VLAN_ID assignment. This pool is for 802.1Q networks (Open vSwitch and 802.1Q drivers). The driver will try first to allocate VLAN_IDS[START] + VNET_ID @@ -251,7 +251,7 @@ The driver will try first to allocate VLAN_IDS[START] + VNET_ID - Optional - Type: long - `/software/opennebula/opennebula_vxlan_ids` - - Description: + - Description: Automatic VXLAN Network ID (VNI) assignment. This is used or vxlan networks. NOTE: reserved is not supported by this pool @@ -262,14 +262,14 @@ NOTE: reserved is not supported by this pool - Type: long - Default value: 2 - `/software/opennebula/opennebula_market_mad` - - Description: + - Description: Drivers to manage different marketplaces, specialized for the storage backend. - `/software/opennebula/opennebula_market_mad/executable` - Description: path of the transfer driver executable, can be an absolute path or relative to $ONE_LOCATION/lib/mads (or /usr/lib/one/mads/ if OpenNebula was installed in /) - + - Optional - Type: string - Default value: one_market @@ -277,12 +277,12 @@ Drivers to manage different marketplaces, specialized for the storage backend. - Description: arguments for the driver executable: -t number of threads, i.e. number of repo operations at the same time -m marketplace mads separated by commas - + - Optional - Type: string - Default value: -t 15 -m http,s3,one - `/software/opennebula/opennebula_ceph_datastore` - - Description: + - Description: type for ceph datastore specific attributes. ceph_host, ceph_secret, ceph_user, ceph_user_key and pool_name are mandatory @@ -306,7 +306,7 @@ ceph_host, ceph_secret, ceph_user, ceph_user_key and pool_name are mandatory - Type: long - Range: 1..2 - `/software/opennebula/opennebula_ar` - - Description: + - Description: type for vnet ars specific attributes. type and size are mandatory @@ -330,7 +330,7 @@ type and size are mandatory - Optional - Type: string - `/software/opennebula/opennebula_datastore` - - Description: + - Description: type for an opennebula datastore. Defaults to a ceph datastore (ds_mad is ceph). shared DS is also supported @@ -438,7 +438,7 @@ shared DS is also supported - Optional - Type: opennebula_permissions - `/software/opennebula/opennebula_user` - - Description: + - Description: Set OpenNebula regular users and their primary groups. By default new users are assigned to the users group. @@ -458,7 +458,7 @@ By default new users are assigned to the users group. - Optional - Type: string - `/software/opennebula/opennebula_group` - - Description: + - Description: Set a group name and an optional decription - `/software/opennebula/opennebula_group/description` @@ -489,7 +489,7 @@ Set a group name and an optional decription - Optional - Type: string - `/software/opennebula/opennebula_oned` - - Description: + - Description: Type that sets the OpenNebula oned.conf file @@ -694,7 +694,7 @@ oned.conf file - Optional - Type: string - `/software/opennebula/opennebula_rpc_service` - - Description: + - Description: type for opennebula service common RPC attributes. - `/software/opennebula/opennebula_rpc_service/one_xmlrpc` @@ -708,7 +708,7 @@ type for opennebula service common RPC attributes. - Type: string - Default value: cipher - `/software/opennebula/opennebula_sunstone` - - Description: + - Description: Type that sets the OpenNebula sunstone_server.conf file @@ -767,11 +767,11 @@ sunstone_server.conf file - `/software/opennebula/opennebula_sunstone/vnc_proxy_cert` - Optional - Type: string - - Default value: + - Default value: - `/software/opennebula/opennebula_sunstone/vnc_proxy_key` - Optional - Type: string - - Default value: + - Default value: - `/software/opennebula/opennebula_sunstone/vnc_proxy_ipv6` - Optional - Type: boolean @@ -805,7 +805,7 @@ sunstone_server.conf file - Optional - Type: string - `/software/opennebula/opennebula_oneflow` - - Description: + - Description: Type that sets the OpenNebula oneflow-server.conf file @@ -833,7 +833,7 @@ oneflow-server.conf file - Description: default shutdown action terminate : OpenNebula >= 5.0.0 shutdown : OpenNebula < 5.0.0 - + - Optional - Type: string - Default value: terminate @@ -856,7 +856,7 @@ oneflow-server.conf file $SERVICE_NAME $ROLE_NAME $VM_NUMBER - + - Optional - Type: string - Default value: $ROLE_NAME_$VM_NUMBER_(service_$SERVICE_ID) @@ -866,13 +866,13 @@ oneflow-server.conf file 1 = WARNING 2 = INFO 3 = DEBUG - + - Optional - Type: long - Range: 0..3 - Default value: 2 - `/software/opennebula/opennebula_kvmrc` - - Description: + - Description: Type that sets the OpenNebula VMM kvmrc conf files @@ -911,7 +911,7 @@ VMM kvmrc conf files - Optional - Type: string - `/software/opennebula/opennebula_vnm_conf` - - Description: + - Description: Type that sets the OpenNebula VNM (Virtual Network Manager) configuration file on the nodes @@ -939,7 +939,7 @@ VNM (Virtual Network Manager) configuration file on the nodes - Type: long - Default value: 16 - `/software/opennebula/opennebula_rpc` - - Description: + - Description: Type that sets the OpenNebula conf to contact to ONE RPC server @@ -959,7 +959,7 @@ to contact to ONE RPC server - Optional - Type: string - `/software/opennebula/opennebula_untouchables` - - Description: + - Description: Type that sets the OpenNebula untouchable resources @@ -979,7 +979,7 @@ untouchable resources - Optional - Type: string - `/software/opennebula/component_opennebula` - - Description: + - Description: Type to define ONE basic resources datastores, vnets, hosts names, etc @@ -1026,7 +1026,7 @@ datastores, vnets, hosts names, etc - Type: boolean - Default value: true - `/software/opennebula/component_opennebula/cfg_group` - - Description: in some cases (such a Sunstone standalone configuration with apache), + - Description: in some cases (such a Sunstone standalone configuration with apache), some OpenNebula configuration files should be accessible by a different group (as apache). This variable sets the group name to change these files permissions. - Optional @@ -1046,21 +1046,21 @@ datastores, vnets, hosts names, etc shared: The storage area for the system datastore is a shared directory across the hosts. vmfs: A specialized version of the shared one to use the vmfs file system. ssh: Uses a local storage area from each host for the system datastore. - + - Optional - Type: string ### Functions - is_consistent_database - - Description: + - Description: check if a specific type of database has the right attributes - is_consistent_datastore - - Description: + - Description: check if a specific type of datastore has the right attributes - is_consistent_vnet - - Description: + - Description: check if a specific type of vnet has the right attributes diff --git a/docs/components/openstack.md b/docs/components/openstack.md new file mode 100644 index 0000000..fb911f7 --- /dev/null +++ b/docs/components/openstack.md @@ -0,0 +1,14 @@ + +### NAME + +ncm-openstack: Configuration module for OpenStack + +### DESCRIPTION + +ncm-openstack provides support for OpenStack configuration for: + +- Keystone +- Nova +- Glance +- Neutron +- Horizon diff --git a/docs/components/openstack::common.md b/docs/components/openstack::common.md new file mode 100644 index 0000000..6541412 --- /dev/null +++ b/docs/components/openstack::common.md @@ -0,0 +1,210 @@ + +### Types + + - `/software/openstack/type_storagebackend` + - `/software/openstack/type_neutrondriver` + - `/software/openstack/type_neutronextension` + - `/software/openstack/type_directory` + - `/software/openstack/openstack_domains_common` + - Description: + OpenStack common domains section + + - `/software/openstack/openstack_domains_common/project_domain_name` + - Description: Domain name containing project + - Optional + - Type: string + - Default value: Default + - `/software/openstack/openstack_domains_common/project_name` + - Description: Project name to scope to + - Optional + - Type: string + - Default value: service + - `/software/openstack/openstack_domains_common/auth_type` + - Description: The type of authentication credential to create. + Required if no context is passed to the credential factory + - Optional + - Type: string + - Default value: password + - `/software/openstack/openstack_domains_common/user_domain_name` + - Description: Users domain name + - Optional + - Type: string + - Default value: Default + - `/software/openstack/openstack_domains_common/auth_url` + - Description: Keystone authentication URL http(s)://host:port + - Optional + - Type: type_absoluteURI + - `/software/openstack/openstack_domains_common/username` + - Description: OpenStack service username + - Optional + - Type: string + - `/software/openstack/openstack_domains_common/password` + - Description: OpenStack service user password + - Optional + - Type: string + - `/software/openstack/openstack_database` + - Description: + The configuration options in the database Section + + - `/software/openstack/openstack_database/connection` + - Description: The SQLAlchemy connection string to use to connect to the database + - Optional + - Type: string + - `/software/openstack/openstack_oslo_concurrency` + - Description: + The configuration options in 'oslo_concurrency' Section. + + - `/software/openstack/openstack_oslo_concurrency/lock_path` + - Description: Directory to use for lock files. For security, the specified directory should + only be writable by the user running the processes that need locking. Defaults + to environment variable OSLO_LOCK_PATH. If external locks are used, a lock + path must be set + - Optional + - Type: type_directory + - `/software/openstack/openstack_DEFAULTS` + - Description: + The configuration options in the DEFAULTS Section + + - `/software/openstack/openstack_DEFAULTS/admin_token` + - Description: Using this feature is *NOT* recommended. Instead, use the "keystone-manage + bootstrap" command. The value of this option is treated as a "shared secret" + that can be used to bootstrap Keystone through the API. This "token" does not + represent a user (it has no identity), and carries no explicit authorization + (it effectively bypasses most authorization checks). If set to "None", the + value is ignored and the "admin_token" middleware is effectively disabled. + However, to completely disable "admin_token" in production (highly + recommended, as it presents a security risk), remove + AdminTokenAuthMiddleware (the "admin_token_auth" filter) from your paste + application pipelines (for example, in "keystone-paste.ini") + - Optional + - Type: string + - `/software/openstack/openstack_DEFAULTS/notifications` + - Optional + - Type: string + - `/software/openstack/openstack_DEFAULTS/debug` + - Description: From oslo.log + If set to true, the logging level will be set to DEBUG instead of the default + INFO level. + Note: This option can be changed without restarting + - Optional + - Type: boolean + - `/software/openstack/openstack_DEFAULTS/use_syslog` + - Description: Use syslog for logging. Existing syslog format is DEPRECATED and will be + changed later to honor RFC5424. This option is ignored if log_config_append + is set + - Optional + - Type: boolean + - `/software/openstack/openstack_DEFAULTS/syslog_log_facility` + - Description: Syslog facility to receive log lines. This option is ignored if + log_config_append is set + - Optional + - Type: string + - `/software/openstack/openstack_DEFAULTS/auth_strategy` + - Description: From nova.conf + This determines the strategy to use for authentication: keystone or noauth2. + "noauth2" is designed for testing only, as it does no actual credential + checking. "noauth2" provides administrative credentials only if "admin" is + specified as the username + - Optional + - Type: string + - Default value: keystone + - `/software/openstack/openstack_DEFAULTS/my_ip` + - Description: From nova.conf + The IP address which the host is using to connect to the management network. + Default is IPv4 address of this host + - Optional + - Type: type_ip + - `/software/openstack/openstack_DEFAULTS/enabled_apis` + - Description: From nova.conf + List of APIs to be enabled by default + - Optional + - Type: string + - `/software/openstack/openstack_DEFAULTS/transport_url` + - Description: From nova.conf + An URL representing the messaging driver to use and its full configuration. + Example: rabbit://openstack:@ + + - Optional + - Type: string + - `/software/openstack/openstack_DEFAULTS/rootwrap_config` + - Description: Path to the rootwrap configuration file. + + Goal of the root wrapper is to allow a service-specific unprivileged user to + run a number of actions as the root user in the safest manner possible. + The configuration file used here must match the one defined in the sudoers + entry. + + Be sure to include into sudoers these lines: + nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf * + more info https://wiki.openstack.org/wiki/Rootwrap + - Optional + - Type: absolute_file_path + - `/software/openstack/openstack_DEFAULTS/core_plugin` + - Description: From neutron.conf + The core plugin Neutron will use + - Optional + - Type: string + - Default value: ml2 + - `/software/openstack/openstack_DEFAULTS/service_plugins` + - Description: From neutron.conf + The service plugins Neutron will use + - Optional + - Type: string + - `/software/openstack/openstack_DEFAULTS/allow_overlapping_ips` + - Description: From neutron.conf + Allow overlapping IP support in Neutron. Attention: the following parameter + MUST be set to False if Neutron is being used in conjunction with Nova + security groups + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_DEFAULTS/notify_nova_on_port_status_changes` + - Description: From neutron.conf + Send notification to nova when port status changes + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_DEFAULTS/notify_nova_on_port_data_changes` + - Description: From neutron.conf + Send notification to nova when port data (fixed_ips/floatingip) changes so + nova can update its cache + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_DEFAULTS/interface_driver` + - Description: From Neutron l3_agent.ini and dhcp_agent.ini + The driver used to manage the virtual interface + - Optional + - Type: string + - Default value: linuxbridge + - `/software/openstack/openstack_DEFAULTS/dhcp_driver` + - Description: From Neutron dhcp_agent.ini + The driver used to manage the DHCP server + - Optional + - Type: string + - Default value: neutron.agent.linux.dhcp.Dnsmasq + - `/software/openstack/openstack_DEFAULTS/enable_isolated_metadata` + - Description: From Neutron dhcp_agent.ini + The DHCP server can assist with providing metadata support on isolated + networks. Setting this value to True will cause the DHCP server to append + specific host routes to the DHCP request. The metadata service will only be + activated when the subnet does not contain any router port. The guest + instance must be configured to request host routes via DHCP (Option 121). + This option does not have any effect when force_metadata is set to True + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_DEFAULTS/nova_metadata_ip` + - Description: From Neutron metadata_agent.ini + IP address or hostname used by Nova metadata server + - Optional + - Type: string + - `/software/openstack/openstack_DEFAULTS/metadata_proxy_shared_secret` + - Description: From Neutron metadata_agent.ini + When proxying metadata requests, Neutron signs the Instance-ID header with a + shared secret to prevent spoofing. You may select any string for a secret, + but it must match here and in the configuration used by the Nova Metadata + Server. NOTE: Nova uses the same config key, but in [neutron] section. + + - Optional + - Type: string diff --git a/docs/components/openstack::glance.md b/docs/components/openstack::glance.md new file mode 100644 index 0000000..f02f221 --- /dev/null +++ b/docs/components/openstack::glance.md @@ -0,0 +1,62 @@ + +### Types + + - `/software/openstack/openstack_glance_store` + - Description: + The Glance configuration options in the "glance_store" Section. + From glance.api + + - `/software/openstack/openstack_glance_store/stores` + - Description: List of enabled Glance stores. + Register the storage backends to use for storing disk images + as a comma separated list. The default stores enabled for + storing disk images with Glance are "file" and "http" + - Optional + - Type: type_storagebackend + - `/software/openstack/openstack_glance_store/default_store` + - Description: The default scheme to use for storing images. + Provide a string value representing the default scheme to use for + storing images. If not set, Glance uses ``file`` as the default + scheme to store images with the ``file`` store. + NOTE: The value given for this configuration option must be a valid + scheme for a store registered with the ``stores`` configuration + option. + - Optional + - Type: string + - Default value: file + - `/software/openstack/openstack_glance_store/filesystem_store_datadir` + - Description: Directory to which the filesystem backend store writes images. + Upon start up, Glance creates the directory if it does not already + exist and verifies write access to the user under which + "glance-api" runs. If the write access is not available, a + BadStoreConfiguration`` exception is raised and the filesystem + store may not be available for adding new images. + + NOTE: This directory is used only when filesystem store is used as a + storage backend. Either ``filesystem_store_datadir`` or + filesystem_store_datadirs`` option must be specified in + "glance-api.conf". If both options are specified, a + BadStoreConfiguration will be raised and the filesystem store + may not be available for adding new images + - Optional + - Type: type_directory + - Default value: /var/lib/glance/images/ + - `/software/openstack/openstack_glance_config` + - Description: + list of Glance configuration sections + + - `/software/openstack/openstack_glance_config/DEFAULT` + - Optional + - Type: openstack_DEFAULTS + - `/software/openstack/openstack_glance_config/database` + - Optional + - Type: openstack_database + - `/software/openstack/openstack_glance_config/keystone_authtoken` + - Optional + - Type: openstack_keystone_authtoken + - `/software/openstack/openstack_glance_config/paste_deploy` + - Optional + - Type: openstack_keystone_paste_deploy + - `/software/openstack/openstack_glance_config/glance_store` + - Optional + - Type: openstack_glance_store diff --git a/docs/components/openstack::horizon.md b/docs/components/openstack::horizon.md new file mode 100644 index 0000000..0cc661c --- /dev/null +++ b/docs/components/openstack::horizon.md @@ -0,0 +1,462 @@ + +### Types + + - `/software/openstack/openstack_horizon_caches` + - Description: + The Horizon configuration options in "caches" Section. + + - `/software/openstack/openstack_horizon_caches/backend` + - Description: We recommend you use memcached for development; otherwise after every reload + of the django development server, you will have to login again + - Optional + - Type: string + - Default value: django.core.cache.backends.memcached.MemcachedCache + - `/software/openstack/openstack_horizon_caches/location` + - Description: location format : + - Optional + - Type: type_hostport + - `/software/openstack/openstack_horizon_api_versions` + - Description: + The Horizon api versions section. + Overrides for OpenStack API versions. Use this setting to force the + OpenStack dashboard to use a specific API version for a given service API. + Versions specified here should be integers or floats, not strings. + NOTE: The version should be formatted as it appears in the URL for the + service API. For example, The identity service APIs have inconsistent + use of the decimal point, so valid options would be 2.0 or 3. + Minimum compute version to get the instance locked status is 2.9. + + - `/software/openstack/openstack_horizon_api_versions/identity` + - Optional + - Type: long + - Range: 1.. + - Default value: 3 + - `/software/openstack/openstack_horizon_api_versions/image` + - Optional + - Type: long + - Range: 1.. + - Default value: 2 + - `/software/openstack/openstack_horizon_api_versions/volume` + - Optional + - Type: long + - Range: 1.. + - Default value: 2 + - `/software/openstack/openstack_horizon_neutron_network` + - Description: + The Horizon "OPENSTACK_NEUTRON_NETWORK" settings can be used to enable optional + services provided by neutron. Options currently available are load + balancer service, security groups, quotas, VPN service. + + - `/software/openstack/openstack_horizon_neutron_network/enable_router` + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_horizon_neutron_network/enable_quotas` + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_horizon_neutron_network/enable_ipv6` + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_horizon_neutron_network/enable_distributed_router` + - Optional + - Type: boolean + - Default value: false + - `/software/openstack/openstack_horizon_neutron_network/enable_ha_router` + - Optional + - Type: boolean + - Default value: false + - `/software/openstack/openstack_horizon_neutron_network/enable_lb` + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_horizon_neutron_network/enable_firewall` + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_horizon_neutron_network/enable_vpn` + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_horizon_neutron_network/enable_fip_topology_check` + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_horizon_keystone_backend` + - Description: + The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the + capabilities of the auth backend for Keystone. + If Keystone has been configured to use LDAP as the auth backend then set + can_edit_user to False and name to 'ldap'. + TODO(tres): Remove these once Keystone has an API to identify auth backend. + + - `/software/openstack/openstack_horizon_keystone_backend/name` + - Optional + - Type: string + - Default value: native + - `/software/openstack/openstack_horizon_keystone_backend/can_edit_user` + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_horizon_keystone_backend/can_edit_group` + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_horizon_keystone_backend/can_edit_project` + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_horizon_keystone_backend/can_edit_domain` + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_horizon_keystone_backend/can_edit_role` + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_horizon_hypervisor_features` + - Description: + The Xen Hypervisor has the ability to set the mount point for volumes + attached to instances (other Hypervisors currently do not). Setting + can_set_mount_point to True will add the option to set the mount point + from the UI. + + - `/software/openstack/openstack_horizon_hypervisor_features/can_set_mount_point` + - Optional + - Type: boolean + - Default value: false + - `/software/openstack/openstack_horizon_hypervisor_features/can_set_password` + - Optional + - Type: boolean + - Default value: false + - `/software/openstack/openstack_horizon_hypervisor_features/requires_keypair` + - Optional + - Type: boolean + - Default value: false + - `/software/openstack/openstack_horizon_hypervisor_features/enable_quotas` + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_horizon_cinder_features` + - Description: + The OPENSTACK_CINDER_FEATURES settings can be used to enable optional + services provided by cinder that is not exposed by its extension API. + + - `/software/openstack/openstack_horizon_cinder_features/enable_backup` + - Optional + - Type: boolean + - Default value: false + - `/software/openstack/openstack_horizon_heat_stack` + - Description: + The OPENSTACK_HEAT_STACK settings can be used to disable password + field required while launching the stack. + + - `/software/openstack/openstack_horizon_heat_stack/enable_user_pass` + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_horizon_image_custom_titles` + - Description: + The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for + image custom property attributes that appear on image detail pages. + + - `/software/openstack/openstack_horizon_image_custom_titles/architecture` + - Optional + - Type: string + - Default value: Architecture + - `/software/openstack/openstack_horizon_image_custom_titles/kernel_id` + - Optional + - Type: string + - Default value: Kernel ID + - `/software/openstack/openstack_horizon_image_custom_titles/ramdisk_id` + - Optional + - Type: string + - Default value: Ramdisk ID + - `/software/openstack/openstack_horizon_image_custom_titles/image_state` + - Optional + - Type: string + - Default value: Euca2ools state + - `/software/openstack/openstack_horizon_image_custom_titles/project_id` + - Optional + - Type: string + - Default value: Project ID + - `/software/openstack/openstack_horizon_image_custom_titles/image_type` + - Optional + - Type: string + - Default value: Image Type + - `/software/openstack/openstack_horizon_logging_handlers` + - Description: + Dashboard handlers logging levels. + + - `/software/openstack/openstack_horizon_logging_handlers/level` + - Optional + - Type: string + - Default value: INFO + - `/software/openstack/openstack_horizon_logging_handlers/class` + - Optional + - Type: string + - Default value: logging.StreamHandler + - `/software/openstack/openstack_horizon_logging_handlers/formatter` + - Optional + - Type: string + - Default value: operation + - `/software/openstack/openstack_horizon_logging_loggers` + - Description: + Dashboard django loggers debug levels + + - `/software/openstack/openstack_horizon_logging_loggers/handlers` + - Optional + - Type: string + - Default value: console + - `/software/openstack/openstack_horizon_logging_loggers/level` + - Optional + - Type: string + - Default value: DEBUG + - `/software/openstack/openstack_horizon_logging_loggers/propagate` + - Optional + - Type: boolean + - Default value: false + - `/software/openstack/openstack_horizon_logging_formatters` + - Description: + Dashboard django logger formatters + + - `/software/openstack/openstack_horizon_logging_formatters/format` + - Description: The format of "%(message)s" is defined by + OPERATION_LOG_OPTIONS['format'] + - Optional + - Type: string + - Default value: %(asctime)s %(message)s + - `/software/openstack/openstack_horizon_logging` + - Description: + Horizon django logging options. + Logging from django.db.backends is VERY verbose, send to null + by default. + + - `/software/openstack/openstack_horizon_logging/version` + - Optional + - Type: long + - Range: 1.. + - Default value: 1 + - `/software/openstack/openstack_horizon_logging/disable_existing_loggers` + - Description: When set to True this will disable all logging except + for loggers specified in this configuration dictionary. Note that + if nothing is specified here and disable_existing_loggers is True, + django.db.backends will still log unless it is disabled explicitly + - Optional + - Type: boolean + - Default value: false + - `/software/openstack/openstack_horizon_logging/handlers` + - Optional + - Type: openstack_horizon_logging_handlers + - `/software/openstack/openstack_horizon_logging/loggers` + - Optional + - Type: openstack_horizon_logging_loggers + - `/software/openstack/openstack_horizon_logging/formatters` + - Optional + - Type: openstack_horizon_logging_formatters + - `/software/openstack/openstack_horizon_allowed_subnet` + - Description: + Dictionary used to restrict user private subnet cidr range. + An empty list means that user input will not be restricted + for a corresponding IP version. By default, there is + no restriction for IPv4 or IPv6. To restrict + user private subnet cidr range set ALLOWED_PRIVATE_SUBNET_CIDR + to something like: + 'ipv4': ['10.0.0.0/8', '192.168.0.0/16'], + 'ipv6': ['fc00::/7'], + + - `/software/openstack/openstack_horizon_allowed_subnet/ipv4` + - Optional + - Type: type_ip + - `/software/openstack/openstack_horizon_allowed_subnet/ipv6` + - Optional + - Type: type_ip + - `/software/openstack/openstack_horizon_security_group` + - Description: + "direction" should not be specified for all_tcp, udp or icmp. + + - `/software/openstack/openstack_horizon_security_group/name` + - Optional + - Type: string + - `/software/openstack/openstack_horizon_security_group/ip_protocol` + - Optional + - Type: string + - Default value: tcp + - `/software/openstack/openstack_horizon_security_group/from_port` + - Optional + - Type: long + - Range: -1..65535 + - `/software/openstack/openstack_horizon_security_group/to_port` + - Optional + - Type: long + - Range: -1..65535 + - `/software/openstack/openstack_horizon_config` + - Description: + list of Horizon service configuration sections + + - `/software/openstack/openstack_horizon_config/debug` + - Description: Set Horizon debug mode + - Optional + - Type: boolean + - Default value: false + - `/software/openstack/openstack_horizon_config/webroot` + - Description: WEBROOT is the location relative to Webserver root + should end with a slash + - Optional + - Type: string + - Default value: /dashboard/ + - `/software/openstack/openstack_horizon_config/allowed_hosts` + - Description: If horizon is running in production (DEBUG is False), set this + with the list of host/domain names that the application can serve. + For more information see: + https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts + - Optional + - Type: string + - `/software/openstack/openstack_horizon_config/session_engine` + - Description: Horizon uses Djangos sessions framework for handling session data. + There are numerous session backends available, which are selected + through the "SESSION_ENGINE" setting + - Optional + - Type: string + - Default value: django.contrib.sessions.backends.cache + - `/software/openstack/openstack_horizon_config/email_backend` + - Description: Send email to the console by default + - Optional + - Type: string + - Default value: django.core.mail.backends.console.EmailBackend + - `/software/openstack/openstack_horizon_config/caches` + - Description: External caching using an application such as memcached offers persistence + and shared storage, and can be very useful for small-scale deployment + and/or development + - Optional + - Type: openstack_horizon_caches + - `/software/openstack/openstack_horizon_config/openstack_keystone_url` + - Optional + - Type: type_absoluteURI + - `/software/openstack/openstack_horizon_config/openstack_keystone_default_role` + - Description: Set this to True if running on a multi-domain model. When this is enabled, it + will require the user to enter the Domain name in addition to the username + for login + - Optional + - Type: string + - Default value: user + - `/software/openstack/openstack_horizon_config/openstack_keystone_multidomain_support` + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_horizon_config/openstack_keystone_backend` + - Optional + - Type: openstack_horizon_keystone_backend + - `/software/openstack/openstack_horizon_config/openstack_api_versions` + - Optional + - Type: openstack_horizon_api_versions + - `/software/openstack/openstack_horizon_config/openstack_hypervisor_features` + - Optional + - Type: openstack_horizon_hypervisor_features + - `/software/openstack/openstack_horizon_config/openstack_cinder_features` + - Optional + - Type: openstack_horizon_cinder_features + - `/software/openstack/openstack_horizon_config/openstack_heat_stack` + - Optional + - Type: openstack_horizon_heat_stack + - `/software/openstack/openstack_horizon_config/image_custom_property_titles` + - Optional + - Type: openstack_horizon_image_custom_titles + - `/software/openstack/openstack_horizon_config/image_reserved_custom_properties` + - Description: The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image + custom properties should not be displayed in the Image Custom Properties + table + - Optional + - Type: string + - `/software/openstack/openstack_horizon_config/api_result_limit` + - Description: The number of objects (Swift containers/objects or images) to display + on a single page before providing a paging element (a "more" link) + to paginate results + - Optional + - Type: long + - Range: 1.. + - Default value: 1000 + - `/software/openstack/openstack_horizon_config/api_result_page_size` + - Optional + - Type: long + - Range: 1.. + - Default value: 20 + - `/software/openstack/openstack_horizon_config/swift_file_transfer_chunk_size` + - Description: The size of chunk in bytes for downloading objects from Swift + - Optional + - Type: long + - Range: 1.. + - Default value: 524288 + - `/software/openstack/openstack_horizon_config/instance_log_length` + - Description: The default number of lines displayed for instance console log + - Optional + - Type: long + - Range: 1.. + - Default value: 35 + - `/software/openstack/openstack_horizon_config/local_path` + - Optional + - Type: type_directory + - Default value: /tmp + - `/software/openstack/openstack_horizon_config/secret_key` + - Description: You can either set it to a specific value or you can let horizon generate a + default secret key that is unique on this machine, e.i. regardless of the + amount of Python WSGI workers (if used behind Apache+mod_wsgi): However, + there may be situations where you would want to set this explicitly, e.g. + when multiple dashboard instances are distributed on different machines + (usually behind a load-balancer). Either you have to make sure that a session + gets all requests routed to the same dashboard instance or you set the same + SECRET_KEY for all of them + - Optional + - Type: string + - `/software/openstack/openstack_horizon_config/openstack_keystone_default_domain` + - Description: Overrides the default domain used when running on single-domain model + with Keystone V3. All entities will be created in the default domain. + NOTE: This value must be the name of the default domain, NOT the ID. + Also, you will most likely have a value in the keystone policy file like this + "cloud_admin": "rule:admin_required and domain_id:" + This value must be the name of the domain whose ID is specified there + - Optional + - Type: string + - Default value: Default + - `/software/openstack/openstack_horizon_config/openstack_keystone_default_role` + - Description: Configure the default role for users that you create via the dashboard + - Optional + - Type: string + - Default value: user + - `/software/openstack/openstack_horizon_config/openstack_neutron_network` + - Optional + - Type: openstack_horizon_neutron_network + - `/software/openstack/openstack_horizon_config/time_zone` + - Description: The timezone of the server. This should correspond with the timezone + of your entire OpenStack installation, and hopefully be in UTC. + Example: "Europe/Brussels" + - Optional + - Type: string + - `/software/openstack/openstack_horizon_config/policy_files_path` + - Description: Path to directory containing policy.json files + - Optional + - Type: type_directory + - Default value: /etc/openstack-dashboard + - `/software/openstack/openstack_horizon_config/logging` + - Optional + - Type: openstack_horizon_logging + - `/software/openstack/openstack_horizon_config/rest_api_required_settings` + - Description: AngularJS requires some settings to be made available to + the client side. Some settings are required by in-tree / built-in horizon + features. These settings must be added to REST_API_REQUIRED_SETTINGS in the + form of ['SETTING_1','SETTING_2'], etc. + You may remove settings from this list for security purposes, but do so at + the risk of breaking a built-in horizon feature. These settings are required + for horizon to function properly. Only remove them if you know what you + are doing. These settings may in the future be moved to be defined within + the enabled panel configuration. + You should not add settings to this list for out of tree extensions + - Optional + - Type: string + - `/software/openstack/openstack_horizon_config/allowed_private_subnet_cidr` + - Optional + - Type: openstack_horizon_allowed_subnet + - `/software/openstack/openstack_horizon_config/security_group_files` + - Optional + - Type: openstack_horizon_security_group diff --git a/docs/components/openstack::keystone.md b/docs/components/openstack::keystone.md new file mode 100644 index 0000000..e38995b --- /dev/null +++ b/docs/components/openstack::keystone.md @@ -0,0 +1,77 @@ + +### Types + + - `/software/openstack/openstack_keystone_token` + - Description: + The Keystone "token" configuration section + + - `/software/openstack/openstack_keystone_token/provider` + - Description: Entry point for the token provider in the "keystone.token.provider" + namespace. The token provider controls the token construction, validation, + and revocation operations. Keystone includes "fernet" and "uuid" token + providers. "uuid" tokens must be persisted (using the backend specified in + the "[token] driver" option), but do not require any extra configuration or + setup. "fernet" tokens do not need to be persisted at all, but require that + you run "keystone-manage fernet_setup" (also see the "keystone-manage + fernet_rotate" command) + - Optional + - Type: string + - Default value: fernet + - `/software/openstack/openstack_keystone_token/driver` + - Description: Entry point for the token persistence backend driver in the + "keystone.token.persistence" namespace. Keystone provides "kvs" and "sql" + drivers. The "kvs" backend depends on the configuration in the "[kvs]" + section. The "sql" option (default) depends on the options in your + "[database]" section. If you are using the "fernet" "[token] provider", this + backend will not be utilized to persist tokens at all. (string value) + - Optional + - Type: string + - `/software/openstack/openstack_keystone_authtoken` + - Description: + The Keystone configuration options in the "authtoken" Section + + - `/software/openstack/openstack_keystone_authtoken/auth_uri` + - Description: Complete "public" Identity API endpoint. This endpoint should not be an + "admin" endpoint, as it should be accessible by all end users. Unauthenticated + clients are redirected to this endpoint to authenticate. Although this + endpoint should ideally be unversioned, client support in the wild varies. + If you are using a versioned v2 endpoint here, then this should *not* be the + same endpoint the service user utilizes for validating tokens, because normal + end users may not be able to reach that endpoint. http(s)://host:port + - Optional + - Type: type_absoluteURI + - `/software/openstack/openstack_keystone_authtoken/memcached_servers` + - Description: Optionally specify a list of memcached server(s) to use for caching. If left + undefined, tokens will instead be cached in-process ("host:port" list) + - Optional + - Type: type_hostport + - `/software/openstack/openstack_keystone_paste_deploy` + - Description: + The Keystone configuration options in the "paste_deploy" Section. + + - `/software/openstack/openstack_keystone_paste_deploy/flavor` + - Description: Deployment flavor to use in the server application pipeline. + Provide a string value representing the appropriate deployment + flavor used in the server application pipleline. This is typically + the partial name of a pipeline in the paste configuration file with + the service name removed. + + For example, if your paste section name in the paste configuration + file is [pipeline:glance-api-keystone], set "flavor" to + "keystone" + - Optional + - Type: string + - Default value: keystone + - `/software/openstack/openstack_keystone_config` + - Description: + The Keystone configuration sections + + - `/software/openstack/openstack_keystone_config/DEFAULT` + - Optional + - Type: openstack_DEFAULTS + - `/software/openstack/openstack_keystone_config/database` + - Optional + - Type: openstack_database + - `/software/openstack/openstack_keystone_config/token` + - Optional + - Type: openstack_keystone_token diff --git a/docs/components/openstack::neutron.md b/docs/components/openstack::neutron.md new file mode 100644 index 0000000..76e592f --- /dev/null +++ b/docs/components/openstack::neutron.md @@ -0,0 +1,164 @@ + +### Types + + - `/software/openstack/openstack_neutron_ml2` + - Description: + The Neutron configuration options in ml2_conf.ini "ml2" Section. + + - `/software/openstack/openstack_neutron_ml2/type_drivers` + - Description: WARNING: After you configure the ML2 plug-in, + removing values in the type_drivers option can lead to database inconsistency + - Optional + - Type: type_neutrondriver + - `/software/openstack/openstack_neutron_ml2/tenant_network_types` + - Description: Ordered list of network_types to allocate as tenant networks. The default + value "local" is useful for single-box testing but provides no connectivity + between hosts + - Optional + - Type: type_neutrondriver + - `/software/openstack/openstack_neutron_ml2/mechanism_drivers` + - Description: An ordered list of networking mechanism driver entrypoints to be loaded from + the neutron.ml2.mechanism_drivers namespace + - Optional + - Type: string + - `/software/openstack/openstack_neutron_ml2/extension_drivers` + - Description: An ordered list of extension driver entrypoints to be loaded from the + neutron.ml2.extension_drivers namespace + - Optional + - Type: type_neutronextension + - `/software/openstack/openstack_neutron_ml2_type_flat` + - Description: + The Neutron configuration options in ml2_conf.ini "ml2_type_flat" Section. + + - `/software/openstack/openstack_neutron_ml2_type_flat/flat_networks` + - Description: List of physical_network names with which flat networks can be created. Use + default "*" to allow flat networks with arbitrary physical_network names. Use + an empty list to disable flat networks + - Optional + - Type: string + - `/software/openstack/openstack_neutron_ml2_type_vxlan` + - Description: + The Neutron configuration options in ml2_conf.ini "ml2_type_vxlan" Section. + + - `/software/openstack/openstack_neutron_ml2_type_vxlan/vni_ranges` + - Description: Configure the VXLAN network identifier range for self-service networks + - Optional + - Type: string + - Default value: 1:1000 + - `/software/openstack/openstack_neutron_securitygroup` + - Description: + The Neutron configuration options in ml2_conf.ini "securitygroup" Section. + + - `/software/openstack/openstack_neutron_securitygroup/enable_ipset` + - Description: Use ipset to speed-up the iptables based security groups. Enabling ipset + support requires that ipset is installed on L2 agent node + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_neutron_securitygroup/enable_security_group` + - Description: Controls whether the neutron security group API is enabled in the server. It + should be false when using no security groups or using the nova security + group API + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_neutron_securitygroup/firewall_driver` + - Description: Driver for security groups + - Optional + - Type: string + - Default value: neutron.agent.linux.iptables_firewall.IptablesFirewallDriver + - `/software/openstack/openstack_neutron_vxlan` + - Description: + The Neutron configuration options in linuxbridge_agent.ini "vxlan" Section. + + - `/software/openstack/openstack_neutron_vxlan/enable_vxlan` + - Description: Enable VXLAN on the agent. Can be enabled when agent is managed by ml2 plugin + using linuxbridge mechanism driver + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_neutron_vxlan/local_ip` + - Description: IP address of local overlay (tunnel) network endpoint. Use either an IPv4 or + IPv6 address that resides on one of the host network interfaces. The IP + version of this value must match the value of the 'overlay_ip_version' option + in the ML2 plug-in configuration file on the neutron server node(s) + - Optional + - Type: type_ip + - `/software/openstack/openstack_neutron_vxlan/l2_population` + - Description: Extension to use alongside ml2 plugins l2population mechanism driver. It + enables the plugin to populate VXLAN forwarding table + - Optional + - Type: boolean + - Default value: true + - `/software/openstack/openstack_neutron_linux_bridge` + - Description: + The Neutron configuration options in linuxbridge_agent.ini "linux_bridge" Section. + + - `/software/openstack/openstack_neutron_linux_bridge/physical_interface_mappings` + - Description: Comma-separated list of : tuples + mapping physical network names to the agents node-specific physical network + interfaces to be used for flat and VLAN networks. All physical networks + listed in network_vlan_ranges on the server should have mappings to + appropriate interfaces on each agent. + https://docs.openstack.org/ocata/install-guide-rdo/environment-networking.html + - Optional + - Type: string + - `/software/openstack/openstack_neutron_common` + - Description: + list of Neutron common configuration sections + + - `/software/openstack/openstack_neutron_common/DEFAULT` + - Optional + - Type: openstack_DEFAULTS + - `/software/openstack/openstack_neutron_common/keystone_authtoken` + - Optional + - Type: openstack_keystone_authtoken + - `/software/openstack/openstack_neutron_common/oslo_concurrency` + - Optional + - Type: openstack_oslo_concurrency + - `/software/openstack/openstack_neutron_ml2_config` + - `/software/openstack/openstack_neutron_ml2_config/ml2` + - Optional + - Type: openstack_neutron_ml2 + - `/software/openstack/openstack_neutron_ml2_config/ml2_type_flat` + - Optional + - Type: openstack_neutron_ml2_type_flat + - `/software/openstack/openstack_neutron_ml2_config/ml2_type_vxlan` + - Optional + - Type: openstack_neutron_ml2_type_vxlan + - `/software/openstack/openstack_neutron_ml2_config/securitygroup` + - Optional + - Type: openstack_neutron_securitygroup + - `/software/openstack/openstack_neutron_linuxbridge_config` + - `/software/openstack/openstack_neutron_linuxbridge_config/linux_bridge` + - Optional + - Type: openstack_neutron_linux_bridge + - `/software/openstack/openstack_neutron_linuxbridge_config/vxlan` + - Optional + - Type: openstack_neutron_vxlan + - `/software/openstack/openstack_neutron_linuxbridge_config/securitygroup` + - Optional + - Type: openstack_neutron_securitygroup + - `/software/openstack/openstack_neutron_l3_config` + - `/software/openstack/openstack_neutron_l3_config/DEFAULT` + - Optional + - Type: openstack_DEFAULTS + - `/software/openstack/openstack_neutron_dhcp_config` + - `/software/openstack/openstack_neutron_dhcp_config/DEFAULT` + - Optional + - Type: openstack_DEFAULTS + - `/software/openstack/openstack_neutron_metadata_config` + - `/software/openstack/openstack_neutron_metadata_config/DEFAULT` + - Optional + - Type: openstack_DEFAULTS + - `/software/openstack/openstack_neutron_config` + - Description: + list of Neutron service configuration sections + + - `/software/openstack/openstack_neutron_config/database` + - Optional + - Type: openstack_database + - `/software/openstack/openstack_neutron_config/nova` + - Description: nova section has the same options than "keystone_authtoken" but with the nova user and passwod + - Optional + - Type: openstack_domains_common diff --git a/docs/components/openstack::nova.md b/docs/components/openstack::nova.md new file mode 100644 index 0000000..96e3e13 --- /dev/null +++ b/docs/components/openstack::nova.md @@ -0,0 +1,160 @@ + +### Types + + - `/software/openstack/openstack_nova_api_database` + - Description: + The Nova configuration options in "api_database" Section. + + - `/software/openstack/openstack_nova_api_database/connection` + - Description: The SQLAlchemy connection string to use to connect to the database. + Example (mysql): mysql+pymysql://nova:@/nova_api + + - Optional + - Type: string + - `/software/openstack/openstack_nova_vnc` + - Description: + The Nova configuration options in the "vnc" Section. + + - `/software/openstack/openstack_nova_vnc/vncserver_listen` + - Description: The IP address or hostname on which an instance should listen to for + incoming VNC connection requests on this node + - Optional + - Type: type_ip + - `/software/openstack/openstack_nova_vnc/vncserver_proxyclient_address` + - Description: Private, internal IP address or hostname of VNC console proxy. + The VNC proxy is an OpenStack component that enables compute service + users to access their instances through VNC clients. + This option sets the private address to which proxy clients, such as + "nova-xvpvncproxy", should connect to. + - Optional + - Type: type_ip + - `/software/openstack/openstack_nova_vnc/enabled` + - Description: Enable VNC related features. + Guests will get created with graphical devices to support this. Clients + (for example Horizon) can then establish a VNC connection to the guest + - Optional + - Type: boolean + - `/software/openstack/openstack_nova_vnc/novncproxy_base_url` + - Description: Public address of noVNC VNC console proxy. + The VNC proxy is an OpenStack component that enables compute service + users to access their instances through VNC clients. noVNC provides + VNC support through a websocket-based client. + + This option sets the public base URL to which client systems will + connect. noVNC clients can use this address to connect to the noVNC + instance and, by extension, the VNC sessions + - Optional + - Type: type_absoluteURI + - `/software/openstack/openstack_nova_glance` + - Description: + The Nova configuration options in the "glance" Section. + + - `/software/openstack/openstack_nova_glance/api_servers` + - Description: List of glance api servers endpoints available to nova. + https is used for ssl-based glance api servers. + + Possible values: + * A list of any fully qualified url of the form + "scheme://hostname:port[/path]" + (i.e. "http://10.0.1.0:9292" or "https://my.glance.server/image") + - Optional + - Type: type_absoluteURI + - `/software/openstack/openstack_nova_placement` + - Description: + The Nova configuration options in "placement" Section. + + - `/software/openstack/openstack_nova_placement/os_region_name` + - Description: Region name of this node. This is used when picking the URL in the service + catalog + - Optional + - Type: string + - Default value: RegionOne + - `/software/openstack/openstack_nova_libvirt` + - Description: + The Nova hypervisor configuration options in "libvirt" Section. + + - `/software/openstack/openstack_nova_libvirt/virt_type` + - Description: Describes the virtualization type (or so called domain type) libvirt should + use. + + The choice of this type must match the underlying virtualization strategy + you have chosen for the host + - Optional + - Type: string + - Default value: kvm + - `/software/openstack/openstack_nova_neutron` + - Description: + The Nova hypervisor configuration options in "neutron" Section. + + - `/software/openstack/openstack_nova_neutron/url` + - Description: Any valid URL that points to the Neutron API service is appropriate here. + This typically matches the URL returned for the 'network' service type + from the Keystone service catalog + - Optional + - Type: type_absoluteURI + - `/software/openstack/openstack_nova_neutron/region_name` + - Description: Region name for connecting to Neutron in admin context. + This option is used in multi-region setups. If there are two Neutron + servers running in two regions in two different machines, then two + services need to be created in Keystone with two different regions and + associate corresponding endpoints to those services. When requests are made + to Keystone, the Keystone service uses the region_name to determine the + region the request is coming from + - Optional + - Type: string + - Default value: RegionOne + - `/software/openstack/openstack_nova_neutron/metadata_proxy_shared_secret` + - Description: This option holds the shared secret string used to validate proxy requests to + Neutron metadata requests. In order to be used, the + "X-Metadata-Provider-Signature" header must be supplied in the request + - Optional + - Type: string + - `/software/openstack/openstack_nova_neutron/service_metadata_proxy` + - Description: When set to True, this option indicates that Neutron will be used to proxy + metadata requests and resolve instance ids. Otherwise, the instance ID must be + passed to the metadata request in the 'X-Instance-ID' header + - Optional + - Type: boolean + - `/software/openstack/openstack_nova_common` + - Description: + list of Nova common configuration sections + + - `/software/openstack/openstack_nova_common/DEFAULT` + - Optional + - Type: openstack_DEFAULTS + - `/software/openstack/openstack_nova_common/keystone_authtoken` + - Optional + - Type: openstack_keystone_authtoken + - `/software/openstack/openstack_nova_common/vnc` + - Optional + - Type: openstack_nova_vnc + - `/software/openstack/openstack_nova_common/glance` + - Optional + - Type: openstack_nova_glance + - `/software/openstack/openstack_nova_common/oslo_concurrency` + - Optional + - Type: openstack_oslo_concurrency + - `/software/openstack/openstack_nova_common/placement` + - Description: placement service is mandatory since Ocata release + - Optional + - Type: openstack_nova_placement + - `/software/openstack/openstack_nova_common/neutron` + - Optional + - Type: openstack_nova_neutron + - `/software/openstack/openstack_nova_config` + - Description: + list of Nova configuration sections + + - `/software/openstack/openstack_nova_config/database` + - Optional + - Type: openstack_database + - `/software/openstack/openstack_nova_config/api_database` + - Optional + - Type: openstack_nova_api_database + - `/software/openstack/openstack_nova_compute_config` + - Description: + list of Nova configuration sections + + - `/software/openstack/openstack_nova_compute_config/libvirt` + - Optional + - Type: openstack_nova_libvirt diff --git a/docs/components/openstack::schema.md b/docs/components/openstack::schema.md new file mode 100644 index 0000000..9ccc66b --- /dev/null +++ b/docs/components/openstack::schema.md @@ -0,0 +1,38 @@ + +### Types + + - `/software/openstack/openstack_component` + - Description: +Type to define OpenStack services +Keystone, Nova, Neutron, etc + + - `/software/openstack/openstack_component/keystone` + - Optional + - Type: openstack_keystone_config + - `/software/openstack/openstack_component/nova` + - Optional + - Type: openstack_nova_config + - `/software/openstack/openstack_component/nova_compute` + - Optional + - Type: openstack_nova_compute_config + - `/software/openstack/openstack_component/glance` + - Optional + - Type: openstack_glance_config + - `/software/openstack/openstack_component/neutron` + - Optional + - Type: openstack_neutron_config + - `/software/openstack/openstack_component/neutron_ml2` + - Optional + - Type: openstack_neutron_ml2_config + - `/software/openstack/openstack_component/neutron_linuxbridge` + - Optional + - Type: openstack_neutron_linuxbridge_config + - `/software/openstack/openstack_component/neutron_l3` + - Optional + - Type: openstack_neutron_l3_config + - `/software/openstack/openstack_component/neutron_dhcp` + - Optional + - Type: openstack_neutron_dhcp_config + - `/software/openstack/openstack_component/horizon` + - Optional + - Type: openstack_horizon_config diff --git a/docs/components/pam::config.md b/docs/components/pam::config.md index 09d0ef0..da21878 100644 --- a/docs/components/pam::config.md +++ b/docs/components/pam::config.md @@ -15,4 +15,9 @@ - pam_add_access_lastacl - pam_add_access_acl - pam_add_access_netgroup + - pam_add_access_group + - Description: helper function to add (unix) group to pam/access/ + - Arguments: + - key under components/pam/access to modify + - group, unix group to add to - pam_add_access_user diff --git a/docs/components/pnp4nagios::schema.md b/docs/components/pnp4nagios::schema.md index dfd97ea..f78f376 100644 --- a/docs/components/pnp4nagios::schema.md +++ b/docs/components/pnp4nagios::schema.md @@ -139,11 +139,11 @@ - `/software/pnp4nagios/pnp4nagios_php_config/graph_opt` - Optional - Type: string - - Default value: + - Default value: - `/software/pnp4nagios/pnp4nagios_php_config/pdf_graph_opt` - Optional - Type: string - - Default value: + - Default value: - `/software/pnp4nagios/pnp4nagios_php_config/rrdbase` - Optional - Type: string @@ -175,7 +175,7 @@ - `/software/pnp4nagios/pnp4nagios_php_config/multisite_site` - Optional - Type: string - - Default value: + - Default value: - `/software/pnp4nagios/pnp4nagios_php_config/auth_enabled` - Optional - Type: boolean @@ -187,11 +187,11 @@ - `/software/pnp4nagios/pnp4nagios_php_config/allowed_for_all_services` - Optional - Type: string - - Default value: + - Default value: - `/software/pnp4nagios/pnp4nagios_php_config/allowed_for_all_hosts` - Optional - Type: string - - Default value: + - Default value: - `/software/pnp4nagios/pnp4nagios_php_config/allowed_for_service_links` - Optional - Type: string @@ -254,7 +254,7 @@ - `/software/pnp4nagios/pnp4nagios_php_config/rrd_daemon_opts` - Optional - Type: string - - Default value: + - Default value: - `/software/pnp4nagios/pnp4nagios_php_config/template_dirs` - Optional - Type: string diff --git a/docs/components/postfix::schema.md b/docs/components/postfix::schema.md index e14bac5..280985a 100644 --- a/docs/components/postfix::schema.md +++ b/docs/components/postfix::schema.md @@ -2,23 +2,23 @@ ### Types - `/software/postfix/postfix_lookup_type_string` - - Description: + - Description: Types of lookup tables (databases) Postfix is capable to handle. - `/software/postfix/postfix_lookup` - - Description: + - Description: Definition of a lookup in Postfix - `/software/postfix/postfix_lookup/type` - - Description: The type of the database for this lookup + - Description: The type of the database for this lookup - Optional - Type: postfix_lookup_type_string - `/software/postfix/postfix_lookup/name` - - Description: The name of the lookup (DB connection, file name...) + - Description: The name of the lookup (DB connection, file name...) - Optional - Type: string - `/software/postfix/postfix_ldap_database` - - Description: + - Description: Description of a Postfix LDAP database. See http://www.postfix.org/ldap_table.5.html @@ -120,7 +120,7 @@ - Optional - Type: string - `/software/postfix/postfix_main` - - Description: + - Description: All fields available in main.cf. Nothing is mandatory here, since it all has default values. Time limits are expressed in SECONDS. Multiply by the appropriate constant above to simplify @@ -1702,7 +1702,7 @@ - Optional - Type: string - `/software/postfix/postfix_databases` - - Description: + - Description: Define multiple Postfix databases - `/software/postfix/postfix_databases/ldap` @@ -1710,7 +1710,7 @@ - Optional - Type: postfix_ldap_database - `/software/postfix/postfix_master` - - Description: + - Description: Entries in the master.cf file. See the master man page for more details. @@ -1745,14 +1745,14 @@ - Type: string - `/software/postfix/postfix_component` - `/software/postfix/postfix_component/main` - - Description: Contents of the main.cf file + - Description: Contents of the main.cf file - Optional - Type: postfix_main - `/software/postfix/postfix_component/master` - - Description: Contents of the master.cf file + - Description: Contents of the master.cf file - Optional - Type: postfix_master - `/software/postfix/postfix_component/databases` - - Description: Definition of Postfix databases + - Description: Definition of Postfix databases - Optional - Type: postfix_databases diff --git a/docs/components/postgresql::schema.md b/docs/components/postgresql::schema.md index f3d522f..af8e197 100644 --- a/docs/components/postgresql::schema.md +++ b/docs/components/postgresql::schema.md @@ -23,7 +23,7 @@ - Optional - Type: string - `/software/postgresql/postgresql_mainconfig` - - Description: + - Description: postgresql main configuration boolean -> yes / no int -> int @@ -615,7 +615,7 @@ - Optional - Type: string - `/software/postgresql/postgresql_db/lang` - - Description: sets the pg language for the db (using createlang), this runs after installfile. + - Description: sets the pg language for the db (using createlang), this runs after installfile. - Optional - Type: string - `/software/postgresql/postgresql_db/langfile` @@ -641,7 +641,7 @@ - Optional - Type: long - `/software/postgresql/postgresql_role_sql` - - Description: + - Description: The raw ALTER ROLE sql (cannot contain a ';'; use ENCRYPTED PASSWORD instead) - `/software/postgresql/component_postgresql` diff --git a/docs/components/profile.md b/docs/components/profile.md index b17b36a..3050f43 100644 --- a/docs/components/profile.md +++ b/docs/components/profile.md @@ -34,7 +34,7 @@ environment variables will be defined before the paths. - path - A structure defining (optionally) paths to define in default script. + A structure defining (optionally) paths to define in default script. It may contain prepend, append, and value elements. Each element is a list of strings. The prepended values will be prepended and the appended values diff --git a/docs/components/puppet.md b/docs/components/puppet.md index bb30ef2..f73d0a5 100644 --- a/docs/components/puppet.md +++ b/docs/components/puppet.md @@ -12,10 +12,10 @@ ncm-puppet: Component for running puppet standalone within quattor - `/software/components/puppet/puppetconf/main` - Each item is a parameter in the `[main]` section of the puppet.conf file. + Each item is a parameter in the `[main]` section of the puppet.conf file. The mandatory parameters are: - - `logdir` : + - `logdir` : Puppet log dir. Defaults to `/var/log/puppet`. @@ -25,8 +25,8 @@ ncm-puppet: Component for running puppet standalone within quattor - `/software/components/puppet/hieraconf` - Defines the configuration for hiera. Each item is a key definition in the `/etc/puppet/hiera.yaml` file. - The default is: + Defines the configuration for hiera. Each item is a key definition in the `/etc/puppet/hiera.yaml` file. + The default is: --- :backends: @@ -39,7 +39,7 @@ ncm-puppet: Component for running puppet standalone within quattor - `/software/components/puppet/nodefiles` Named list of node specific manifests. The component will run `puppet --apply `/etc/puppet/manifests`/` - for each item <file> of the nlist. The parameters of each item are: + for each item of the nlist. The parameters of each item are: - `contents` : string @@ -49,7 +49,7 @@ ncm-puppet: Component for running puppet standalone within quattor - `/software/components/puppet/hieradata` - Data to be passed to the hiera config. The data will be written in + Data to be passed to the hiera config. The data will be written in `/etc/puppet/hieradata/quattor.yaml`. Note: the nlist keys will be unescaped by the component. - `/software/components/puppet/modules` diff --git a/docs/components/puppet::schema.md b/docs/components/puppet::schema.md index 018d15a..5754d24 100644 --- a/docs/components/puppet::schema.md +++ b/docs/components/puppet::schema.md @@ -28,29 +28,48 @@ - Type: string - Default value: /etc/puppet/hieradata - `/software/puppet/puppet_hieraconf` - - `/software/puppet/puppet_hieraconf/_3abackends` + - `/software/puppet/puppet_hieradata` + - `/software/puppet/puppet_component` + - `/software/puppet/puppet_component/puppet_cmd` - Optional - Type: string - - `/software/puppet/puppet_hieraconf/_3ayaml` + - Default value: /usr/bin/puppet + - `/software/puppet/puppet_component/logfile` - Optional - - Type: puppet_hieraconf_yaml - - `/software/puppet/puppet_hieraconf/_3ahierarchy` + - Type: string + - Default value: /var/log/puppet/log + - `/software/puppet/puppet_component/modulepath` - Optional - Type: string - - `/software/puppet/puppet_hieradata` - - `/software/puppet/puppet_component` + - Default value: /etc/puppet/modules - `/software/puppet/puppet_component/modules` - Optional - Type: puppet_module - `/software/puppet/puppet_component/nodefiles` - Optional - Type: puppet_nodefile + - `/software/puppet/puppet_component/nodefiles_path` + - Optional + - Type: string + - Default value: /etc/puppet/manifests - `/software/puppet/puppet_component/puppetconf` - Optional - Type: puppet_puppetconf + - `/software/puppet/puppet_component/puppetconf_file` + - Optional + - Type: string + - Default value: /etc/puppet/puppet.conf - `/software/puppet/puppet_component/hieraconf` - Optional - Type: puppet_hieraconf + - `/software/puppet/puppet_component/hieraconf_file` + - Optional + - Type: string + - Default value: /etc/puppet/hiera.yaml - `/software/puppet/puppet_component/hieradata` - Optional - Type: puppet_hieradata + - `/software/puppet/puppet_component/hieradata_file` + - Optional + - Type: string + - Default value: /etc/puppet/hieradata/quattor.yaml diff --git a/docs/components/resolver.md b/docs/components/resolver.md index b8aaefc..1021ec7 100644 --- a/docs/components/resolver.md +++ b/docs/components/resolver.md @@ -25,7 +25,7 @@ NCM::resolver - NCM resolver configuration component - `/software/components/resolver/servers` : list list of server addresses or hostnames. If these are - hostnames, they will be resolved before the resolver + hostnames, they will be resolved before the resolver configuration is modified. - `/software/components/resolver/dnscache` : boolean @@ -33,7 +33,7 @@ NCM::resolver - NCM resolver configuration component If true, then configure dnscache with the server list and point resolv.conf at the localhost. This will cause dnscache to be restarted. This implies that - the dnscache package is available on the machine, + the dnscache package is available on the machine, but this component does not enforce that. ### FILES MODIFIED diff --git a/docs/components/spma::apt::schema.md b/docs/components/spma::apt::schema.md index 1836ceb..9699a50 100644 --- a/docs/components/spma::apt::schema.md +++ b/docs/components/spma::apt::schema.md @@ -3,12 +3,12 @@ - `/software/spma/component_spma_apt` - `/software/spma/component_spma_apt/userrepos` - - Description: Allow user defined (i.e. unmanaged) repositories to be present on the system + - Description: Allow user defined (i.e. unmanaged) repositories to be present on the system - Optional - Type: boolean - Default value: false - `/software/spma/component_spma_apt/userpkgs` - - Description: Allow user installed (i.e. unmanaged) packages to be present on the system + - Description: Allow user installed (i.e. unmanaged) packages to be present on the system - Optional - Type: boolean - Default value: false diff --git a/docs/components/spma::ips::schema.md b/docs/components/spma::ips::schema.md index c5f0bc7..f5fe19f 100644 --- a/docs/components/spma::ips::schema.md +++ b/docs/components/spma::ips::schema.md @@ -37,10 +37,10 @@ - Optional - Type: component_spma_ips_type - `/software/spma/component_spma_ips/run` - - Description: Run the SPMA after configuring it + - Description: Run the SPMA after configuring it - Optional - Type: legacy_binary_affirmation_string - `/software/spma/component_spma_ips/userpkgs` - - Description: Allow user installed (i.e. unmanaged) packages to be present on the system + - Description: Allow user installed (i.e. unmanaged) packages to be present on the system - Optional - Type: legacy_binary_affirmation_string diff --git a/docs/components/spma::yum::schema.md b/docs/components/spma::yum::schema.md index 75267a8..ff5b1a3 100644 --- a/docs/components/spma::yum::schema.md +++ b/docs/components/spma::yum::schema.md @@ -15,7 +15,7 @@ - Type: boolean - Default value: false - `/software/spma/spma_yum_main_options` - - Description: + - Description: Main configuration options for yum.conf. The cleanup_on_remove, obsoletes, reposdir and pluginpath are set internally. diff --git a/docs/components/ssh::schema.md b/docs/components/ssh::schema.md index 48a8143..489ce78 100644 --- a/docs/components/ssh::schema.md +++ b/docs/components/ssh::schema.md @@ -2,6 +2,14 @@ ### Types - `/software/ssh/ssh_preferred_authentication` + - `/software/ssh/ssh_ciphers` + - `/software/ssh/ssh_hostkeyalgorithms` + - `/software/ssh/ssh_kbdinteractivedevices` + - `/software/ssh/ssh_kexalgorithms` + - `/software/ssh/ssh_MACs` + - `/software/ssh/legacy_ssh_MACs` + - `/software/ssh/legacy_ssh_ciphers` + - `/software/ssh/legacy_ssh_kexalgorithm` - `/software/ssh/ssh_core_options_type` - `/software/ssh/ssh_core_options_type/AddressFamily` - Optional @@ -11,7 +19,7 @@ - Type: legacy_binary_affirmation_string - `/software/ssh/ssh_core_options_type/Ciphers` - Optional - - Type: string + - Type: legacy_ssh_ciphers - `/software/ssh/ssh_core_options_type/Compression` - Optional - Type: string @@ -35,7 +43,7 @@ - Type: string - `/software/ssh/ssh_core_options_type/MACs` - Optional - - Type: string + - Type: legacy_ssh_MACs - `/software/ssh/ssh_core_options_type/PasswordAuthentication` - Optional - Type: legacy_binary_affirmation_string @@ -60,6 +68,9 @@ - `/software/ssh/ssh_core_options_type/XAuthLocation` - Optional - Type: string + - `/software/ssh/ssh_core_options_type/KexAlgorithms` + - Optional + - Type: ssh_kexalgorithms - `/software/ssh/ssh_daemon_options_type` - `/software/ssh/ssh_daemon_options_type/AFSTokenPassing` - Optional @@ -304,3 +315,9 @@ - `/software/ssh/component_ssh_type/client` - Optional - Type: ssh_client_type + +### Functions + + - is_valid_ssh_MAC + - is_valid_ssh_cipher + - is_valid_ssh_kexalgorithm diff --git a/docs/components/sudo.md b/docs/components/sudo.md index b9379c8..d9ab0f0 100644 --- a/docs/components/sudo.md +++ b/docs/components/sudo.md @@ -104,7 +104,7 @@ And, as such, the type `structure privilege_line` has the following fields: - `/software/components/sudo/privilege_lines/[n]/user` : mandatory - The user allowed to run `sudo `. Can be an user, an + The user allowed to run `sudo `. Can be an user, an user\_alias, or a group (with a leading `%`). - `/software/components/sudo/privilege_lines/[n]/run_as` : mandatory diff --git a/docs/components/sysctl.md b/docs/components/sysctl.md index c1de903..e50c789 100644 --- a/docs/components/sysctl.md +++ b/docs/components/sysctl.md @@ -17,7 +17,7 @@ Add/modify variables into sysctl configuration file. - `/software/components/ncm-sysctl/compat-v1` : boolean (required) - This property is a boolean making sysctl accept variable definitions + This property is a boolean making sysctl accept variable definitions according to v1 of this component. This is deprecated. If you rely on this, you are advised to convert your configuration to v2 schema. diff --git a/docs/components/systemd::schema.md b/docs/components/systemd::schema.md index befc498..c692b59 100644 --- a/docs/components/systemd::schema.md +++ b/docs/components/systemd::schema.md @@ -2,15 +2,15 @@ ### Types - `/software/systemd/hwloc_location` - - Description: + - Description: hwloc (Portable Hardware Locality, hwloc(7)) location, e.g. node:1 for NUMAnode 1 - `/software/systemd/syslog_facility` - - Description: + - Description: syslog facility to use when logging to syslog - `/software/systemd/syslog_level` - - Description: + - Description: syslog level to use when logging to syslog or the kernel log buffer - `/software/systemd/systemd_skip` @@ -23,7 +23,7 @@ - `/software/systemd/systemd_unit_virtualization` - `/software/systemd/systemd_valid_unit` - `/software/systemd/systemd_unitfile_config_unit_condition` - - Description: + - Description: Condition/Assert entries in Unit section All lists can start with empty string to reset previously defined values. @@ -35,7 +35,7 @@ - Type: systemd_unit_architecture - `/software/systemd/systemd_unitfile_config_unit_condition/Capability` - Optional - - Type: string + - Type: linux_capability - `/software/systemd/systemd_unitfile_config_unit_condition/DirectoryNotEmpty` - Optional - Type: string @@ -82,7 +82,7 @@ - Optional - Type: systemd_unit_virtualization - `/software/systemd/systemd_unitfile_config_unit` - - Description: + - Description: the [Unit] section http://www.freedesktop.org/software/systemd/man/systemd.unit.html#%5BUnit%5D%20Section%20Options @@ -184,7 +184,7 @@ http://www.freedesktop.org/software/systemd/man/systemd.unit.html#%5BUnit%5D%20S - Optional - Type: systemd_valid_unit - `/software/systemd/systemd_unitfile_config_install` - - Description: + - Description: the [Install] section http://www.freedesktop.org/software/systemd/man/systemd.unit.html#%5BInstall%5D%20Section%20Options @@ -205,7 +205,7 @@ http://www.freedesktop.org/software/systemd/man/systemd.unit.html#%5BInstall%5D% - Type: systemd_valid_unit - `/software/systemd/systemd_unitfile_config_systemd_exec_stdouterr` - `/software/systemd/systemd_unitfile_config_systemd_kill` - - Description: + - Description: systemd.kill directives http://www.freedesktop.org/software/systemd/man/systemd.kill.html valid for [Service], [Socket], [Mount], or [Swap] sections @@ -223,7 +223,7 @@ valid for [Service], [Socket], [Mount], or [Swap] sections - Optional - Type: boolean - `/software/systemd/systemd_unitfile_config_systemd_exec` - - Description: + - Description: systemd.exec directives http://www.freedesktop.org/software/systemd/man/systemd.exec.html valid for [Service], [Socket], [Mount], or [Swap] sections @@ -381,16 +381,22 @@ valid for [Service], [Socket], [Mount], or [Swap] sections - Optional - Type: string - `/software/systemd/systemd_unitfile_config_service` - - Description: + - Description: the [Service] section http://www.freedesktop.org/software/systemd/man/systemd.service.html + - `/software/systemd/systemd_unitfile_config_service/AmbientCapabilities` + - Optional + - Type: linux_capability - `/software/systemd/systemd_unitfile_config_service/BusName` - Optional - Type: string - `/software/systemd/systemd_unitfile_config_service/BusPolicy` - Optional - Type: string + - `/software/systemd/systemd_unitfile_config_service/CapabilityBoundingSet` + - Optional + - Type: linux_capability - `/software/systemd/systemd_unitfile_config_service/ExecReload` - Optional - Type: string @@ -469,7 +475,7 @@ http://www.freedesktop.org/software/systemd/man/systemd.service.html - Type: long - Range: 0.. - `/software/systemd/systemd_unitfile_config` - - Description: + - Description: Unit configuration sections includes, unit and install are type agnostic unit and install are mandatory, but not enforced by schema (possible issues in case of replace=true) @@ -490,7 +496,7 @@ Unit configuration sections - Optional - Type: systemd_unitfile_config_unit - `/software/systemd/systemd_unitfile_custom` - - Description: + - Description: Custom unit configuration to allow inserting computed configuration data It overrides the data defined in the regular config schema, so do not forget to set those as well (can be dummy value). @@ -503,7 +509,7 @@ so do not forget to set those as well (can be dummy value). - Optional - Type: hwloc_location - `/software/systemd/systemd_unitfile` - - Description: + - Description: Unit file configuration - `/software/systemd/systemd_unitfile/config` diff --git a/mkdocs.yml b/mkdocs.yml index 8c9ed13..bc972ea 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -145,6 +145,14 @@ pages: - opennebula::schema: components/opennebula::schema.md - OpenNebula::Server: components/OpenNebula::Server.md - OpenNebula::VM: components/OpenNebula::VM.md + - openstack: components/openstack.md + - openstack::common: components/openstack::common.md + - openstack::glance: components/openstack::glance.md + - openstack::horizon: components/openstack::horizon.md + - openstack::keystone: components/openstack::keystone.md + - openstack::neutron: components/openstack::neutron.md + - openstack::nova: components/openstack::nova.md + - openstack::schema: components/openstack::schema.md - openvpn: components/openvpn.md - openvpn::schema: components/openvpn::schema.md - pam: components/pam.md @@ -211,6 +219,7 @@ pages: - CAF: - Application: CAF/Application.md - Download::LWP: CAF/Download::LWP.md + - Exception: CAF/Exception.md - FileEditor: CAF/FileEditor.md - FileReader: CAF/FileReader.md - FileWriter: CAF/FileWriter.md