NODED_USER = _autoconf.NODED_USER
NODED_GROUP = _autoconf.NODED_GROUP
+# cpu pinning separators and constants
+CPU_PINNING_SEP = ":"
+CPU_PINNING_ALL = "all"
+# internal representation of "all"
+CPU_PINNING_ALL_VAL = -1
+# one "all" entry in a CPU list means CPU pinning is off
+CPU_PINNING_OFF = [CPU_PINNING_ALL_VAL]
+
+# A Xen-specific implementation detail - there is no way to actually say
+# "use any cpu for pinning" in a Xen configuration file, as opposed to the
+# command line, where you can say "xm vcpu-pin <domain> <vcpu> all".
+# The workaround used in Xen is "0-63" (see source code function
+# xm_vcpu_pin in <xen-source>/tools/python/xen/xm/main.py).
+# To support future changes, the following constant is treated as a
+# blackbox string that simply means use-any-cpu-for-pinning-under-xen.
+CPU_PINNING_ALL_XEN = "0-63"
+
+# A KVM-specific implementation detail - the following value is used
+# to set CPU affinity to all processors (#0 through #31), per taskset
+# man page.
+CPU_PINNING_ALL_KVM = 0xFFFFFFFF
# Wipe
DD_CMD = "dd"
-WIPE_BLOCK_SIZE = 1024**2
+WIPE_BLOCK_SIZE = 1024 ** 2
MAX_WIPE_CHUNK = 1024 # 1GB
MIN_WIPE_CHUNK_PERCENT = 10
ADOPTABLE_BLOCKDEV_ROOT = "/dev/disk/"
# keep RUN_GANETI_DIR first here, to make sure all get created when the node
# daemon is started (this takes care of RUN_DIR being tmpfs)
-SUB_RUN_DIRS = [ RUN_GANETI_DIR, BDEV_CACHE_DIR, DISK_LINKS_DIR ]
+SUB_RUN_DIRS = [
+ RUN_GANETI_DIR,
+ BDEV_CACHE_DIR,
+ DISK_LINKS_DIR,
+ ]
LOCK_DIR = _autoconf.LOCALSTATEDIR + "/lock"
SSCONF_LOCK_FILE = LOCK_DIR + "/ganeti-ssconf.lock"
# User-id pool lock directory
NODED_CERT_FILE = DATA_DIR + "/server.pem"
RAPI_CERT_FILE = DATA_DIR + "/rapi.pem"
CONFD_HMAC_KEY = DATA_DIR + "/hmac.key"
+SPICE_CERT_FILE = DATA_DIR + "/spice.pem"
+SPICE_CACERT_FILE = DATA_DIR + "/spice-ca.pem"
CLUSTER_DOMAIN_SECRET_FILE = DATA_DIR + "/cluster-domain-secret"
-WATCHER_STATEFILE = DATA_DIR + "/watcher.data"
-WATCHER_PAUSEFILE = DATA_DIR + "/watcher.pause"
INSTANCE_STATUS_FILE = RUN_GANETI_DIR + "/instance-status"
SSH_KNOWN_HOSTS_FILE = DATA_DIR + "/known_hosts"
RAPI_USERS_FILE = DATA_DIR + "/rapi/users"
TOOLSDIR = _autoconf.TOOLSDIR
CONF_DIR = SYSCONFDIR + "/ganeti"
-ALL_CERT_FILES = frozenset([NODED_CERT_FILE, RAPI_CERT_FILE])
+#: Lock file for watcher, locked in shared mode by watcher; lock in exclusive
+# mode to block watcher (see L{cli._RunWhileClusterStoppedHelper.Call}
+WATCHER_LOCK_FILE = LOCK_DIR + "/ganeti-watcher.lock"
+
+#: Status file for per-group watcher, locked in exclusive mode by watcher
+WATCHER_GROUP_STATE_FILE = DATA_DIR + "/watcher.%s.data"
+
+#: File for per-group instance status, merged into L{INSTANCE_STATUS_FILE} by
+#: per-group processes
+WATCHER_GROUP_INSTANCE_STATUS_FILE = DATA_DIR + "/watcher.%s.instance-status"
+
+#: File containing Unix timestamp until which watcher should be paused
+WATCHER_PAUSEFILE = DATA_DIR + "/watcher.pause"
+
+ALL_CERT_FILES = frozenset([
+ NODED_CERT_FILE,
+ RAPI_CERT_FILE,
+ SPICE_CERT_FILE,
+ SPICE_CACERT_FILE,
+ ])
MASTER_SOCKET = SOCKET_DIR + "/ganeti-master"
#: Console as VNC server
CONS_VNC = "vnc"
+#: Console as SPICE server
+CONS_SPICE = "spice"
+
#: Display a message for console access
CONS_MESSAGE = "msg"
#: All console types
-CONS_ALL = frozenset([CONS_SSH, CONS_VNC, CONS_MESSAGE])
+CONS_ALL = frozenset([CONS_SSH, CONS_VNC, CONS_SPICE, CONS_MESSAGE])
# For RSA keys more bits are better, but they also make operations more
# expensive. NIST SP 800-131 recommends a minimum of 2048 bits from the year
IP6_ADDRESS_ANY = "::"
IP4_VERSION = 4
IP6_VERSION = 6
+VALID_IP_VERSIONS = frozenset([IP4_VERSION, IP6_VERSION])
TCP_PING_TIMEOUT = 10
GANETI_RUNAS = "root"
DEFAULT_VG = "xenvg"
DISK_TRANSFER_CONNECT_TIMEOUT = 60
# Disk index separator
DISK_SEPARATOR = _autoconf.DISK_SEPARATOR
+IP_COMMAND_PATH = _autoconf.IP_PATH
#: Key for job IDs in opcode result
JOB_IDS_KEY = "jobs"
VTYPE_INT,
])
+# Constant representing that the user does not specify any IP version
+IFACE_NO_IP_VERSION_SPECIFIED = 0
+
# HV parameter names (global namespace)
HV_BOOT_ORDER = "boot_order"
HV_CDROM_IMAGE_PATH = "cdrom_image_path"
HV_VNC_TLS = "vnc_tls"
HV_VNC_X509 = "vnc_x509_path"
HV_VNC_X509_VERIFY = "vnc_x509_verify"
+HV_KVM_SPICE_BIND = "spice_bind"
+HV_KVM_SPICE_IP_VERSION = "spice_ip_version"
+HV_KVM_SPICE_PASSWORD_FILE = "spice_password_file"
+HV_KVM_SPICE_LOSSLESS_IMG_COMPR = "spice_image_compression"
+HV_KVM_SPICE_JPEG_IMG_COMPR = "spice_jpeg_wan_compression"
+HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR = "spice_zlib_glz_wan_compression"
+HV_KVM_SPICE_STREAMING_VIDEO_DETECTION = "spice_streaming_video"
+HV_KVM_SPICE_AUDIO_COMPR = "spice_playback_compression"
+HV_KVM_SPICE_USE_TLS = "spice_use_tls"
+HV_KVM_SPICE_TLS_CIPHERS = "spice_tls_ciphers"
+HV_KVM_SPICE_USE_VDAGENT = "spice_use_vdagent"
HV_ACPI = "acpi"
HV_PAE = "pae"
HV_USE_BOOTLOADER = "use_bootloader"
HV_VNC_TLS: VTYPE_BOOL,
HV_VNC_X509: VTYPE_STRING,
HV_VNC_X509_VERIFY: VTYPE_BOOL,
+ HV_KVM_SPICE_BIND: VTYPE_STRING,
+ HV_KVM_SPICE_IP_VERSION: VTYPE_INT,
+ HV_KVM_SPICE_PASSWORD_FILE: VTYPE_STRING,
+ HV_KVM_SPICE_LOSSLESS_IMG_COMPR: VTYPE_STRING,
+ HV_KVM_SPICE_JPEG_IMG_COMPR: VTYPE_STRING,
+ HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR: VTYPE_STRING,
+ HV_KVM_SPICE_STREAMING_VIDEO_DETECTION: VTYPE_STRING,
+ HV_KVM_SPICE_AUDIO_COMPR: VTYPE_BOOL,
+ HV_KVM_SPICE_USE_TLS: VTYPE_BOOL,
+ HV_KVM_SPICE_TLS_CIPHERS: VTYPE_STRING,
+ HV_KVM_SPICE_USE_VDAGENT: VTYPE_BOOL,
HV_ACPI: VTYPE_BOOL,
HV_PAE: VTYPE_BOOL,
HV_USE_BOOTLOADER: VTYPE_BOOL,
HT_BO_NETWORK
])
+# SPICE lossless image compression options
+HT_KVM_SPICE_LOSSLESS_IMG_COMPR_AUTO_GLZ = "auto_glz"
+HT_KVM_SPICE_LOSSLESS_IMG_COMPR_AUTO_LZ = "auto_lz"
+HT_KVM_SPICE_LOSSLESS_IMG_COMPR_QUIC = "quic"
+HT_KVM_SPICE_LOSSLESS_IMG_COMPR_GLZ = "glz"
+HT_KVM_SPICE_LOSSLESS_IMG_COMPR_LZ = "lz"
+HT_KVM_SPICE_LOSSLESS_IMG_COMPR_OFF = "off"
+
+HT_KVM_SPICE_VALID_LOSSLESS_IMG_COMPR_OPTIONS = frozenset([
+ HT_KVM_SPICE_LOSSLESS_IMG_COMPR_AUTO_GLZ,
+ HT_KVM_SPICE_LOSSLESS_IMG_COMPR_AUTO_LZ,
+ HT_KVM_SPICE_LOSSLESS_IMG_COMPR_QUIC,
+ HT_KVM_SPICE_LOSSLESS_IMG_COMPR_GLZ,
+ HT_KVM_SPICE_LOSSLESS_IMG_COMPR_LZ,
+ HT_KVM_SPICE_LOSSLESS_IMG_COMPR_OFF,
+ ])
+
+# SPICE lossy image compression options (valid for both jpeg and zlib-glz)
+HT_KVM_SPICE_LOSSY_IMG_COMPR_AUTO = "auto"
+HT_KVM_SPICE_LOSSY_IMG_COMPR_NEVER = "never"
+HT_KVM_SPICE_LOSSY_IMG_COMPR_ALWAYS = "always"
+
+HT_KVM_SPICE_VALID_LOSSY_IMG_COMPR_OPTIONS = frozenset([
+ HT_KVM_SPICE_LOSSY_IMG_COMPR_AUTO,
+ HT_KVM_SPICE_LOSSY_IMG_COMPR_NEVER,
+ HT_KVM_SPICE_LOSSY_IMG_COMPR_ALWAYS,
+ ])
+
+# SPICE video stream detection
+HT_KVM_SPICE_VIDEO_STREAM_DETECTION_OFF = "off"
+HT_KVM_SPICE_VIDEO_STREAM_DETECTION_ALL = "all"
+HT_KVM_SPICE_VIDEO_STREAM_DETECTION_FILTER = "filter"
+
+HT_KVM_SPICE_VALID_VIDEO_STREAM_DETECTION_OPTIONS = frozenset([
+ HT_KVM_SPICE_VIDEO_STREAM_DETECTION_OFF,
+ HT_KVM_SPICE_VIDEO_STREAM_DETECTION_ALL,
+ HT_KVM_SPICE_VIDEO_STREAM_DETECTION_FILTER,
+ ])
+
# Security models
HT_SM_NONE = "none"
HT_SM_USER = "user"
])
IALLOCATOR_MODE_ALLOC = "allocate"
IALLOCATOR_MODE_RELOC = "relocate"
-IALLOCATOR_MODE_MEVAC = "multi-evacuate"
IALLOCATOR_MODE_CHG_GROUP = "change-group"
IALLOCATOR_MODE_NODE_EVAC = "node-evacuate"
VALID_IALLOCATOR_MODES = frozenset([
IALLOCATOR_MODE_ALLOC,
IALLOCATOR_MODE_RELOC,
- IALLOCATOR_MODE_MEVAC,
IALLOCATOR_MODE_CHG_GROUP,
IALLOCATOR_MODE_NODE_EVAC,
])
JOB_QUEUE_DIRS_MODE = SECURE_DIR_MODE
JOB_ID_TEMPLATE = r"\d+"
+JOB_FILE_RE = re.compile(r"^job-(%s)$" % JOB_ID_TEMPLATE)
# unchanged job return
JOB_NOTCHANGED = "nochange"
#: Dictionary with special field cases and their verbose/terse formatting
RSS_DESCRIPTION = {
RS_UNKNOWN: ("(unknown)", "??"),
- RS_NODATA: ("(nodata)", "?"),
+ RS_NODATA: ("(nodata)", "?"),
RS_OFFLINE: ("(offline)", "*"),
RS_UNAVAIL: ("(unavail)", "-"),
}
SS_UID_POOL = "uid_pool"
SS_NODEGROUPS = "nodegroups"
+SS_FILE_PERMS = 0444
+
# cluster wide default parameters
DEFAULT_ENABLED_HYPERVISOR = HT_XEN_PVM
HV_MIGRATION_MODE: HT_MIGRATION_LIVE,
HV_BLOCKDEV_PREFIX: "sd",
HV_REBOOT_BEHAVIOR: INSTANCE_REBOOT_ALLOWED,
+ HV_CPU_MASK: CPU_PINNING_ALL,
},
HT_XEN_HVM: {
HV_BOOT_ORDER: "cd",
HV_USE_LOCALTIME: False,
HV_BLOCKDEV_PREFIX: "hd",
HV_REBOOT_BEHAVIOR: INSTANCE_REBOOT_ALLOWED,
+ HV_CPU_MASK: CPU_PINNING_ALL,
},
HT_KVM: {
HV_KERNEL_PATH: "/boot/vmlinuz-2.6-kvmU",
HV_VNC_X509: "",
HV_VNC_X509_VERIFY: False,
HV_VNC_PASSWORD_FILE: "",
+ HV_KVM_SPICE_BIND: "",
+ HV_KVM_SPICE_IP_VERSION: IFACE_NO_IP_VERSION_SPECIFIED,
+ HV_KVM_SPICE_PASSWORD_FILE: "",
+ HV_KVM_SPICE_LOSSLESS_IMG_COMPR: "",
+ HV_KVM_SPICE_JPEG_IMG_COMPR: "",
+ HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR: "",
+ HV_KVM_SPICE_STREAMING_VIDEO_DETECTION: "",
+ HV_KVM_SPICE_AUDIO_COMPR: True,
+ HV_KVM_SPICE_USE_TLS: False,
+ HV_KVM_SPICE_TLS_CIPHERS: OPENSSL_CIPHERS,
+ HV_KVM_SPICE_USE_VDAGENT: True,
HV_KVM_FLOPPY_IMAGE_PATH: "",
HV_CDROM_IMAGE_PATH: "",
HV_KVM_CDROM2_IMAGE_PATH: "",
HV_KVM_USE_CHROOT: False,
HV_MEM_PATH: "",
HV_REBOOT_BEHAVIOR: INSTANCE_REBOOT_ALLOWED,
+ HV_CPU_MASK: CPU_PINNING_ALL,
},
HT_FAKE: {
},
# User-id pool minimum/maximum acceptable user-ids.
UIDPOOL_UID_MIN = 0
-UIDPOOL_UID_MAX = 2**32-1 # Assuming 32 bit user-ids
+UIDPOOL_UID_MAX = 2 ** 32 - 1 # Assuming 32 bit user-ids
# Name or path of the pgrep command
PGREP = "pgrep"