NODED_USER = _autoconf.NODED_USER
NODED_GROUP = _autoconf.NODED_GROUP
+# cpu pinning separators and constants
+CPU_PINNING_SEP = ":"
+CPU_PINNING_ALL = "all"
+# internal representation of "all"
+CPU_PINNING_ALL_VAL = -1
+# one "all" entry in a CPU list means CPU pinning is off
+CPU_PINNING_OFF = [CPU_PINNING_ALL_VAL]
+
+# A Xen-specific implementation detail - there is no way to actually say
+# "use any cpu for pinning" in a Xen configuration file, as opposed to the
+# command line, where you can say "xm vcpu-pin <domain> <vcpu> all".
+# The workaround used in Xen is "0-63" (see source code function
+# xm_vcpu_pin in <xen-source>/tools/python/xen/xm/main.py).
+# To support future changes, the following constant is treated as a
+# blackbox string that simply means use-any-cpu-for-pinning-under-xen.
+CPU_PINNING_ALL_XEN = "0-63"
+
+# A KVM-specific implementation detail - the following value is used
+# to set CPU affinity to all processors (#0 through #31), per taskset
+# man page.
+CPU_PINNING_ALL_KVM = 0xFFFFFFFF
# Wipe
DD_CMD = "dd"
-WIPE_BLOCK_SIZE = 1024**2
+WIPE_BLOCK_SIZE = 1024 ** 2
MAX_WIPE_CHUNK = 1024 # 1GB
MIN_WIPE_CHUNK_PERCENT = 10
ADOPTABLE_BLOCKDEV_ROOT = "/dev/disk/"
# keep RUN_GANETI_DIR first here, to make sure all get created when the node
# daemon is started (this takes care of RUN_DIR being tmpfs)
-SUB_RUN_DIRS = [ RUN_GANETI_DIR, BDEV_CACHE_DIR, DISK_LINKS_DIR ]
+SUB_RUN_DIRS = [
+ RUN_GANETI_DIR,
+ BDEV_CACHE_DIR,
+ DISK_LINKS_DIR,
+ ]
LOCK_DIR = _autoconf.LOCALSTATEDIR + "/lock"
SSCONF_LOCK_FILE = LOCK_DIR + "/ganeti-ssconf.lock"
# User-id pool lock directory
NODED_CERT_FILE = DATA_DIR + "/server.pem"
RAPI_CERT_FILE = DATA_DIR + "/rapi.pem"
CONFD_HMAC_KEY = DATA_DIR + "/hmac.key"
+SPICE_CERT_FILE = DATA_DIR + "/spice.pem"
+SPICE_CACERT_FILE = DATA_DIR + "/spice-ca.pem"
CLUSTER_DOMAIN_SECRET_FILE = DATA_DIR + "/cluster-domain-secret"
INSTANCE_STATUS_FILE = RUN_GANETI_DIR + "/instance-status"
SSH_KNOWN_HOSTS_FILE = DATA_DIR + "/known_hosts"
#: File containing Unix timestamp until which watcher should be paused
WATCHER_PAUSEFILE = DATA_DIR + "/watcher.pause"
-ALL_CERT_FILES = frozenset([NODED_CERT_FILE, RAPI_CERT_FILE])
+ALL_CERT_FILES = frozenset([
+ NODED_CERT_FILE,
+ RAPI_CERT_FILE,
+ SPICE_CERT_FILE,
+ SPICE_CACERT_FILE,
+ ])
MASTER_SOCKET = SOCKET_DIR + "/ganeti-master"
#: Console as VNC server
CONS_VNC = "vnc"
+#: Console as SPICE server
+CONS_SPICE = "spice"
+
#: Display a message for console access
CONS_MESSAGE = "msg"
#: All console types
-CONS_ALL = frozenset([CONS_SSH, CONS_VNC, CONS_MESSAGE])
+CONS_ALL = frozenset([CONS_SSH, CONS_VNC, CONS_SPICE, CONS_MESSAGE])
# For RSA keys more bits are better, but they also make operations more
# expensive. NIST SP 800-131 recommends a minimum of 2048 bits from the year
IP6_ADDRESS_ANY = "::"
IP4_VERSION = 4
IP6_VERSION = 6
+VALID_IP_VERSIONS = frozenset([IP4_VERSION, IP6_VERSION])
TCP_PING_TIMEOUT = 10
GANETI_RUNAS = "root"
DEFAULT_VG = "xenvg"
VTYPE_INT,
])
+# Constant representing that the user does not specify any IP version
+IFACE_NO_IP_VERSION_SPECIFIED = 0
+
# HV parameter names (global namespace)
HV_BOOT_ORDER = "boot_order"
HV_CDROM_IMAGE_PATH = "cdrom_image_path"
HV_VNC_TLS = "vnc_tls"
HV_VNC_X509 = "vnc_x509_path"
HV_VNC_X509_VERIFY = "vnc_x509_verify"
+HV_KVM_SPICE_BIND = "spice_bind"
+HV_KVM_SPICE_IP_VERSION = "spice_ip_version"
+HV_KVM_SPICE_PASSWORD_FILE = "spice_password_file"
+HV_KVM_SPICE_LOSSLESS_IMG_COMPR = "spice_image_compression"
+HV_KVM_SPICE_JPEG_IMG_COMPR = "spice_jpeg_wan_compression"
+HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR = "spice_zlib_glz_wan_compression"
+HV_KVM_SPICE_STREAMING_VIDEO_DETECTION = "spice_streaming_video"
+HV_KVM_SPICE_AUDIO_COMPR = "spice_playback_compression"
+HV_KVM_SPICE_USE_TLS = "spice_use_tls"
+HV_KVM_SPICE_TLS_CIPHERS = "spice_tls_ciphers"
+HV_KVM_SPICE_USE_VDAGENT = "spice_use_vdagent"
HV_ACPI = "acpi"
HV_PAE = "pae"
HV_USE_BOOTLOADER = "use_bootloader"
HV_VNC_TLS: VTYPE_BOOL,
HV_VNC_X509: VTYPE_STRING,
HV_VNC_X509_VERIFY: VTYPE_BOOL,
+ HV_KVM_SPICE_BIND: VTYPE_STRING,
+ HV_KVM_SPICE_IP_VERSION: VTYPE_INT,
+ HV_KVM_SPICE_PASSWORD_FILE: VTYPE_STRING,
+ HV_KVM_SPICE_LOSSLESS_IMG_COMPR: VTYPE_STRING,
+ HV_KVM_SPICE_JPEG_IMG_COMPR: VTYPE_STRING,
+ HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR: VTYPE_STRING,
+ HV_KVM_SPICE_STREAMING_VIDEO_DETECTION: VTYPE_STRING,
+ HV_KVM_SPICE_AUDIO_COMPR: VTYPE_BOOL,
+ HV_KVM_SPICE_USE_TLS: VTYPE_BOOL,
+ HV_KVM_SPICE_TLS_CIPHERS: VTYPE_STRING,
+ HV_KVM_SPICE_USE_VDAGENT: VTYPE_BOOL,
HV_ACPI: VTYPE_BOOL,
HV_PAE: VTYPE_BOOL,
HV_USE_BOOTLOADER: VTYPE_BOOL,
HVS_PARAMETERS = frozenset(HVS_PARAMETER_TYPES.keys())
+# Migration statuses
+HV_MIGRATION_COMPLETED = "completed"
+HV_MIGRATION_ACTIVE = "active"
+HV_MIGRATION_FAILED = "failed"
+HV_MIGRATION_CANCELLED = "cancelled"
+
+HV_MIGRATION_VALID_STATUSES = frozenset([
+ HV_MIGRATION_COMPLETED,
+ HV_MIGRATION_ACTIVE,
+ HV_MIGRATION_FAILED,
+ HV_MIGRATION_CANCELLED,
+ ])
+
+HV_MIGRATION_FAILED_STATUSES = frozenset([
+ HV_MIGRATION_FAILED,
+ HV_MIGRATION_CANCELLED,
+ ])
+
+# KVM-specific statuses
+HV_KVM_MIGRATION_VALID_STATUSES = HV_MIGRATION_VALID_STATUSES
+
# Backend parameter names
BE_MEMORY = "memory"
BE_VCPUS = "vcpus"
HT_BO_NETWORK
])
+# SPICE lossless image compression options
+HT_KVM_SPICE_LOSSLESS_IMG_COMPR_AUTO_GLZ = "auto_glz"
+HT_KVM_SPICE_LOSSLESS_IMG_COMPR_AUTO_LZ = "auto_lz"
+HT_KVM_SPICE_LOSSLESS_IMG_COMPR_QUIC = "quic"
+HT_KVM_SPICE_LOSSLESS_IMG_COMPR_GLZ = "glz"
+HT_KVM_SPICE_LOSSLESS_IMG_COMPR_LZ = "lz"
+HT_KVM_SPICE_LOSSLESS_IMG_COMPR_OFF = "off"
+
+HT_KVM_SPICE_VALID_LOSSLESS_IMG_COMPR_OPTIONS = frozenset([
+ HT_KVM_SPICE_LOSSLESS_IMG_COMPR_AUTO_GLZ,
+ HT_KVM_SPICE_LOSSLESS_IMG_COMPR_AUTO_LZ,
+ HT_KVM_SPICE_LOSSLESS_IMG_COMPR_QUIC,
+ HT_KVM_SPICE_LOSSLESS_IMG_COMPR_GLZ,
+ HT_KVM_SPICE_LOSSLESS_IMG_COMPR_LZ,
+ HT_KVM_SPICE_LOSSLESS_IMG_COMPR_OFF,
+ ])
+
+# SPICE lossy image compression options (valid for both jpeg and zlib-glz)
+HT_KVM_SPICE_LOSSY_IMG_COMPR_AUTO = "auto"
+HT_KVM_SPICE_LOSSY_IMG_COMPR_NEVER = "never"
+HT_KVM_SPICE_LOSSY_IMG_COMPR_ALWAYS = "always"
+
+HT_KVM_SPICE_VALID_LOSSY_IMG_COMPR_OPTIONS = frozenset([
+ HT_KVM_SPICE_LOSSY_IMG_COMPR_AUTO,
+ HT_KVM_SPICE_LOSSY_IMG_COMPR_NEVER,
+ HT_KVM_SPICE_LOSSY_IMG_COMPR_ALWAYS,
+ ])
+
+# SPICE video stream detection
+HT_KVM_SPICE_VIDEO_STREAM_DETECTION_OFF = "off"
+HT_KVM_SPICE_VIDEO_STREAM_DETECTION_ALL = "all"
+HT_KVM_SPICE_VIDEO_STREAM_DETECTION_FILTER = "filter"
+
+HT_KVM_SPICE_VALID_VIDEO_STREAM_DETECTION_OPTIONS = frozenset([
+ HT_KVM_SPICE_VIDEO_STREAM_DETECTION_OFF,
+ HT_KVM_SPICE_VIDEO_STREAM_DETECTION_ALL,
+ HT_KVM_SPICE_VIDEO_STREAM_DETECTION_FILTER,
+ ])
+
# Security models
HT_SM_NONE = "none"
HT_SM_USER = "user"
JOB_QUEUE_DIRS_MODE = SECURE_DIR_MODE
JOB_ID_TEMPLATE = r"\d+"
+JOB_FILE_RE = re.compile(r"^job-(%s)$" % JOB_ID_TEMPLATE)
# unchanged job return
JOB_NOTCHANGED = "nochange"
#: Dictionary with special field cases and their verbose/terse formatting
RSS_DESCRIPTION = {
RS_UNKNOWN: ("(unknown)", "??"),
- RS_NODATA: ("(nodata)", "?"),
+ RS_NODATA: ("(nodata)", "?"),
RS_OFFLINE: ("(offline)", "*"),
RS_UNAVAIL: ("(unavail)", "-"),
}
SS_UID_POOL = "uid_pool"
SS_NODEGROUPS = "nodegroups"
+SS_FILE_PERMS = 0444
+
# cluster wide default parameters
DEFAULT_ENABLED_HYPERVISOR = HT_XEN_PVM
HV_MIGRATION_MODE: HT_MIGRATION_LIVE,
HV_BLOCKDEV_PREFIX: "sd",
HV_REBOOT_BEHAVIOR: INSTANCE_REBOOT_ALLOWED,
+ HV_CPU_MASK: CPU_PINNING_ALL,
},
HT_XEN_HVM: {
HV_BOOT_ORDER: "cd",
HV_USE_LOCALTIME: False,
HV_BLOCKDEV_PREFIX: "hd",
HV_REBOOT_BEHAVIOR: INSTANCE_REBOOT_ALLOWED,
+ HV_CPU_MASK: CPU_PINNING_ALL,
},
HT_KVM: {
HV_KERNEL_PATH: "/boot/vmlinuz-2.6-kvmU",
HV_VNC_X509: "",
HV_VNC_X509_VERIFY: False,
HV_VNC_PASSWORD_FILE: "",
+ HV_KVM_SPICE_BIND: "",
+ HV_KVM_SPICE_IP_VERSION: IFACE_NO_IP_VERSION_SPECIFIED,
+ HV_KVM_SPICE_PASSWORD_FILE: "",
+ HV_KVM_SPICE_LOSSLESS_IMG_COMPR: "",
+ HV_KVM_SPICE_JPEG_IMG_COMPR: "",
+ HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR: "",
+ HV_KVM_SPICE_STREAMING_VIDEO_DETECTION: "",
+ HV_KVM_SPICE_AUDIO_COMPR: True,
+ HV_KVM_SPICE_USE_TLS: False,
+ HV_KVM_SPICE_TLS_CIPHERS: OPENSSL_CIPHERS,
+ HV_KVM_SPICE_USE_VDAGENT: True,
HV_KVM_FLOPPY_IMAGE_PATH: "",
HV_CDROM_IMAGE_PATH: "",
HV_KVM_CDROM2_IMAGE_PATH: "",
HV_KVM_USE_CHROOT: False,
HV_MEM_PATH: "",
HV_REBOOT_BEHAVIOR: INSTANCE_REBOOT_ALLOWED,
+ HV_CPU_MASK: CPU_PINNING_ALL,
},
HT_FAKE: {
},
# User-id pool minimum/maximum acceptable user-ids.
UIDPOOL_UID_MIN = 0
-UIDPOOL_UID_MAX = 2**32-1 # Assuming 32 bit user-ids
+UIDPOOL_UID_MAX = 2 ** 32 - 1 # Assuming 32 bit user-ids
# Name or path of the pgrep command
PGREP = "pgrep"