kvm: set additional route to reach global ipv4 network
[slapos.git] / software / kvm / instance-kvm.cfg.jinja2
1 #############################
2 #
3 # Instanciate kvm
4 #
5 #############################
6 [buildout]
7 parts =
8   certificate-authority
9   publish-connection-information
10   kvm-vnc-promise
11   kvm-disk-image-corruption-promise
12   websockify-sighandler
13   novnc-promise
14 #  kvm-monitor
15   cron
16 #  cron-entry-monitor
17   frontend-promise
18
19 eggs-directory = {{ eggs_directory }}
20 develop-eggs-directory = {{ develop_eggs_directory }}
21 offline = true
22
23 [directory]
24 recipe = slapos.cookbook:mkdirectory
25 etc = ${buildout:directory}/etc
26 bin = ${buildout:directory}/bin
27 srv = ${buildout:directory}/srv
28 var = ${buildout:directory}/var
29 log = ${:var}/log
30 scripts = ${:etc}/run
31 services = ${:etc}/service
32 promises = ${:etc}/promise
33 novnc-conf = ${:etc}/novnc
34 run = ${:var}/run
35 ca-dir = ${:srv}/ssl
36 cron-entries = ${:etc}/cron.d
37 crontabs = ${:etc}/crontabs
38 cronstamps = ${:etc}/cronstamps
39
40 [create-mac]
41 recipe = slapos.cookbook:generate.mac
42 storage-path = ${directory:srv}/mac
43
44 [create-tap-mac]
45 recipe = slapos.cookbook:generate.mac
46 storage-path = ${directory:srv}/tap_mac
47
48 [gen-passwd]
49 recipe = slapos.cookbook:generate.password
50 storage-path = ${directory:srv}/passwd
51 bytes = 8
52
53
54 [kvm-instance]
55 # XXX-Cedric: change "KVM" recipe to simple "create wrappers". No need for this
56 # Specific code. It needs Jinja.
57 recipe = slapos.cookbook:kvm
58
59 vnc-passwd = ${gen-passwd:passwd}
60
61 ipv4 = ${slap-network-information:local-ipv4}
62 ipv6 = ${slap-network-information:global-ipv6}
63 vnc-ip = ${:ipv4}
64
65 vnc-port = 5901
66
67 # XXX-Cedric: should be named "default-cdrom-iso"
68 default-disk-image = {{ debian_amd64_netinst_location }}
69 nbd-host = ${slap-parameter:nbd-host}
70 nbd-port = ${slap-parameter:nbd-port}
71 nbd2-host = ${slap-parameter:nbd2-host}
72 nbd2-port = ${slap-parameter:nbd2-port}
73
74 tap-interface = ${slap-network-information:network-interface}
75
76 disk-path = ${directory:srv}/virtual.qcow2
77 disk-size = ${slap-parameter:disk-size}
78 disk-type = ${slap-parameter:disk-type}
79
80 socket-path = ${directory:var}/qmp_socket
81 pid-file-path = ${directory:run}/pid_file
82
83 smp-count = ${slap-parameter:cpu-count}
84 smp-options = ${slap-parameter:cpu-options}
85 ram-size = ${slap-parameter:ram-size}
86 numa = ${slap-parameter:numa}
87 mac-address = ${create-mac:mac-address}
88 tap-mac-address = ${create-tap-mac:mac-address}
89
90 # XXX-Cedric: should be named runner-wrapper-path and controller-wrapper-path
91 runner-path = ${directory:services}/kvm
92 controller-path = ${directory:scripts}/kvm_controller
93
94 use-tap = ${slap-parameter:use-tap}
95 use-nat = ${slap-parameter:use-nat}
96 nat-rules = ${slap-parameter:nat-rules}
97 6tunnel-wrapper-path = ${directory:services}/6tunnel
98
99 virtual-hard-drive-url = ${slap-parameter:virtual-hard-drive-url}
100 virtual-hard-drive-md5sum = ${slap-parameter:virtual-hard-drive-md5sum}
101 virtual-hard-drive-gzipped = ${slap-parameter:virtual-hard-drive-gzipped}
102
103 shell-path = {{ dash_executable_location }}
104 qemu-path =  {{ qemu_executable_location }}
105 qemu-img-path = {{ qemu_img_executable_location }}
106 6tunnel-path = {{ sixtunnel_executable_location }}
107
108 etc-directory = ${directory:etc}
109 disk-storage-list = 
110 {% for key, path in storage_dict.items() -%}
111 {{ '  ' ~ key ~ ' ' ~ path }}
112 {% endfor -%}
113 external-disk-number = ${slap-parameter:external-disk-number}
114 external-disk-size = ${slap-parameter:external-disk-size}
115 external-disk-format = ${slap-parameter:external-disk-format}
116
117 [kvm-vnc-promise]
118 recipe = slapos.cookbook:check_port_listening
119 path = ${directory:promises}/vnc_promise
120 hostname = ${kvm-instance:vnc-ip}
121 port = ${kvm-instance:vnc-port}
122
123 [kvm-disk-image-corruption-promise]
124 # Check that disk image is not corrupted
125 recipe = collective.recipe.template
126 input = inline:#!/bin/sh
127   # Return code 0 is "OK"
128   # Return code 3 is "found leaks, but image is OK"
129   # http://git.qemu.org/?p=qemu.git;a=blob;f=qemu-img.c;h=4e9a7f5741c9cb863d978225829e68fefcae3947;hb=HEAD#l702
130   ${kvm-instance:qemu-img-path} check ${kvm-instance:disk-path}
131   RETURN_CODE=$?
132   if [ $RETURN_CODE -eq 0 ] || [ $RETURN_CODE -eq 3 ]; then
133     exit 0
134   else
135     exit 1
136   fi
137 output = ${directory:promises}/kvm-disk-image-corruption
138 mode = 700
139
140
141 [novnc-instance]
142 recipe = slapos.cookbook:novnc
143 path = ${ca-novnc:executable}
144 ip = ${slap-network-information:global-ipv6}
145 port = 6080
146 vnc-ip = ${kvm-instance:vnc-ip}
147 vnc-port = ${kvm-instance:vnc-port}
148 novnc-location = {{ novnc_location }}
149 websockify-path = {{ websockify_executable_location }}
150 ssl-key-path = ${ca-novnc:key-file}
151 ssl-cert-path = ${ca-novnc:cert-file}
152
153 [websockify-sighandler]
154 recipe = slapos.cookbook:signalwrapper
155 wrapper-path = ${directory:services}/websockify
156 wrapped-path = ${novnc-instance:path}
157
158 [certificate-authority]
159 recipe = slapos.cookbook:certificate_authority
160 openssl-binary = {{ openssl_executable_location }}
161 ca-dir = ${directory:ca-dir}
162 requests-directory = ${cadirectory:requests}
163 wrapper = ${directory:services}/certificate_authority
164 ca-private = ${cadirectory:private}
165 ca-certs = ${cadirectory:certs}
166 ca-newcerts = ${cadirectory:newcerts}
167 ca-crl = ${cadirectory:crl}
168
169 [cadirectory]
170 recipe = slapos.cookbook:mkdirectory
171 requests = ${directory:ca-dir}/requests/
172 private = ${directory:ca-dir}/private/
173 certs = ${directory:ca-dir}/certs/
174 newcerts = ${directory:ca-dir}/newcerts/
175 crl = ${directory:ca-dir}/crl/
176
177 [ca-novnc]
178 <= certificate-authority
179 recipe = slapos.cookbook:certificate_authority.request
180 key-file = ${directory:novnc-conf}/novnc.key
181 cert-file = ${directory:novnc-conf}/novnc.crt
182 executable = ${directory:bin}/novnc
183 wrapper = ${directory:bin}/websockify
184
185 [novnc-promise]
186 recipe = slapos.cookbook:check_port_listening
187 path = ${directory:promises}/novnc_promise
188 hostname = ${novnc-instance:ip}
189 port = ${novnc-instance:port}
190
191
192 #----------------
193 #--
194 #-- Deploy cron.
195
196 [cron]
197 recipe = slapos.cookbook:cron
198 dcrond-binary = {{ dcron_executable_location }}
199 cron-entries = ${directory:cron-entries}
200 crontabs = ${directory:crontabs}
201 cronstamps = ${directory:cronstamps}
202 catcher = ${cron-simplelogger:wrapper}
203 binary = ${directory:services}/crond
204
205 [cron-simplelogger]
206 recipe = slapos.cookbook:simplelogger
207 wrapper = ${directory:bin}/cron_simplelogger
208 log = ${directory:log}/crond.log
209
210 #----------------
211 #--
212 #-- Deploy frontend.
213
214 [request-slave-frontend]
215 recipe = slapos.cookbook:requestoptional
216 software-url = ${slap-parameter:frontend-software-url}
217 server-url = ${slap-connection:server-url}
218 key-file = ${slap-connection:key-file}
219 cert-file = ${slap-connection:cert-file}
220 computer-id = ${slap-connection:computer-id}
221 partition-id = ${slap-connection:partition-id}
222 name = ${slap-parameter:frontend-instance-name}
223 software-type = ${slap-parameter:frontend-software-type}
224 slave = true
225 config-host = ${novnc-instance:ip}
226 config-port = ${novnc-instance:port}
227 return = url resource port domainname
228 sla-instance_guid = ${slap-parameter:frontend-instance-guid}
229
230 [frontend-promise]
231 recipe = slapos.cookbook:check_url_available
232 path = ${directory:promises}/frontend_promise
233 url = ${publish-connection-information:url}
234 dash_path = {{ dash_executable_location }}
235 curl_path = {{ curl_executable_location }}
236
237
238 [publish-connection-information]
239 recipe = slapos.cookbook:publish
240 ipv6 = ${slap-network-information:global-ipv6}
241 backend-url = https://[${novnc-instance:ip}]:${novnc-instance:port}/vnc_auto.html?host=[${novnc-instance:ip}]&port=${novnc-instance:port}&encrypt=1&password=${kvm-instance:vnc-passwd}
242 url = ${request-slave-frontend:connection-url}/vnc_auto.html?host=${request-slave-frontend:connection-domainname}&port=${request-slave-frontend:connection-port}&encrypt=1&path=${request-slave-frontend:connection-resource}&password=${kvm-instance:vnc-passwd}
243 {% set iface = 'eth0' -%}
244 {% if slapparameter_dict.get('use-nat', 'True') == 'True' -%}
245 {%   set iface = 'eth1' -%}
246 # Publish NAT port mapping status
247 # XXX: hardcoded value from [slap-parameter]
248 {%   set nat_rule_list = slapparameter_dict.get('nat-rules', '22 80 443') %}
249 {%   for port in nat_rule_list.split(' ') -%}
250 {%     set external_port = 10000 + port|int() -%}
251 nat-rule-port-{{port}} = ${slap-network-information:global-ipv6} : {{external_port}}
252 {%     if slapparameter_dict.get('publish-nat-url', False) -%}
253 nat-rule-url-{{port}} = [${slap-network-information:global-ipv6}]:{{external_port}}
254 {%     endif -%}
255 {%   endfor -%}
256 {% endif -%}
257 {% if slapparameter_dict.get('use-tap', 'False') == 'True' and tap_network_dict.has_key('ipv4') -%}
258 1_info = Use these configurations below to configure interface {{ iface }} in your VM.
259 2_info = ifconfig {{ iface }} ${slap-network-information:tap-ipv4} netmask ${slap-network-information:tap-netmask}
260 3_info = route add ${slap-network-information:tap-gateway} dev {{ iface }}
261 4_info = route add -net ${slap-network-information:tap-network} netmask ${slap-network-information:tap-netmask} gw ${slap-network-information:tap-gateway}
262 {%   if iface == 'eth0' -%}
263 5_info = route add default gw ${slap-network-information:tap-gateway}
264 {%   elif global_ipv4_prefix -%}
265 5_info = ip route add {{ global_ipv4_prefix }} via ${slap-network-information:tap-gateway} dev {{ iface }} src ${slap-network-information:tap-ipv4}
266 {%   endif -%}
267 {% endif -%}
268
269
270 [slap-parameter]
271 # Default values if not specified
272 frontend-software-type = frontend
273 frontend-software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/refs/tags/slapos-0.92:/software/kvm/software.cfg
274 frontend-instance-guid =
275 frontend-instance-name = VNC Frontend
276 nbd-port = 1024
277 nbd-host =
278 nbd2-port = 1024
279 nbd2-host =
280
281 ram-size = 1024
282 disk-size = 10
283 disk-type = virtio
284
285 cpu-count = 1
286 # cpu-option is a string: [cores=cores][,threads=threads][,sockets=sockets][,maxcpus=maxcpus]
287 cpu-options = 
288 # list of numa options separate by space: node,nodeid=1,cpus=9-15 node,nodeid=2,cpus=1,3,7
289 numa = 
290
291 nat-rules = 22 80 443
292 use-nat = True
293 use-tap = False
294
295 virtual-hard-drive-url =
296 virtual-hard-drive-md5sum =
297 virtual-hard-drive-gzipped = False
298
299 external-disk-number = 0
300 external-disk-size = 20
301 external-disk-format = qcow2