Affected by 
Documentation
¶
Index ¶
- Variables
- type Config
- func (c *Config) ACME() (domain string, email string, caURL string, agreeTOS bool)
- func (c *Config) AuthSecretExpiry() string
- func (c *Config) BGPASN() int64
- func (c *Config) BackupsCompressionAlgorithm() string
- func (c *Config) ClusterHealingThreshold() time.Duration
- func (c *Config) ClusterJoinTokenExpiry() string
- func (c *Config) ClusterUUID() string
- func (c *Config) Dump() map[string]string
- func (c *Config) HTTPSAllowedCredentials() bool
- func (c *Config) HTTPSAllowedHeaders() string
- func (c *Config) HTTPSAllowedMethods() string
- func (c *Config) HTTPSAllowedOrigin() string
- func (c *Config) HTTPSTrustedProxy() string
- func (c *Config) ImagesAutoUpdateCached() bool
- func (c *Config) ImagesAutoUpdateIntervalHours() int64
- func (c *Config) ImagesCompressionAlgorithm() string
- func (c *Config) ImagesDefaultArchitecture() string
- func (c *Config) ImagesMinimalReplica() int64
- func (c *Config) ImagesRemoteCacheExpiryDays() int64
- func (c *Config) InstancesMigrationStateful() bool
- func (c *Config) InstancesNICHostname() string
- func (c *Config) LokiServer() (apiURL string, authUsername string, authPassword string, apiCACert string, ...)
- func (c *Config) MaxStandBy() int64
- func (c *Config) MaxVoters() int64
- func (c *Config) MetricsAuthentication() bool
- func (c *Config) NetworkOVNIntegrationBridge() string
- func (c *Config) NetworkOVNNorthboundConnection() string
- func (c *Config) NetworkOVNSSL() (caCert string, clientCert string, clientKey string)
- func (c *Config) OIDCServer() (issuer string, clientID string, clientSecret string, scopes []string, ...)
- func (c *Config) OIDCSessionExpiry() (expiry string)
- func (c *Config) OfflineThreshold() time.Duration
- func (c *Config) Patch(tx *db.ClusterTx, patch map[string]string) (map[string]string, error)
- func (c *Config) ProxyHTTP() string
- func (c *Config) ProxyHTTPS() string
- func (c *Config) ProxyIgnoreHosts() string
- func (c *Config) RemoteTokenExpiry() string
- func (c *Config) Replace(tx *db.ClusterTx, values map[string]string) (map[string]string, error)
- func (c *Config) ShutdownTimeout() time.Duration
- func (c *Config) TrustCACertificates() bool
- func (c *Config) UserMicrocloud() bool
Constants ¶
This section is empty.
Variables ¶
var ConfigSchema = config.Schema{ Types: map[string]config.Key{ "acme.ca_url": {Validator: validate.Optional(validate.IsHTTPSURL)}, "acme.domain": {}, "acme.email": {}, "acme.agree_tos": {Type: config.Bool, Default: "false"}, "backups.compression_algorithm": {Default: "gzip", Validator: validate.IsCompressionAlgorithm}, "cluster.offline_threshold": {Type: config.Int64, Default: offlineThresholdDefault(), Validator: offlineThresholdValidator}, "cluster.images_minimal_replica": {Type: config.Int64, Default: "3", Validator: imageMinimalReplicaValidator}, "cluster.healing_threshold": {Type: config.Int64, Default: "0"}, "cluster.join_token_expiry": {Type: config.String, Default: "3H", Validator: expiryValidator}, "cluster.max_voters": {Type: config.Int64, Default: "3", Validator: maxVotersValidator}, "cluster.max_standby": {Type: config.Int64, Default: "2", Validator: maxStandByValidator}, "core.metrics_authentication": {Type: config.Bool, Default: "true"}, "core.bgp_asn": {Type: config.Int64, Default: "0", Validator: validate.Optional(validate.IsInRange(0, 4294967294))}, "core.https_allowed_headers": {}, "core.https_allowed_methods": {}, "core.https_allowed_origin": {}, "core.https_allowed_credentials": {Type: config.Bool, Default: "false"}, "core.https_trusted_proxy": {}, "core.proxy_http": {}, "core.proxy_https": {}, "core.proxy_ignore_hosts": {}, "core.remote_token_expiry": {Type: config.String, Default: "15d", Validator: expiryValidator}, "core.shutdown_timeout": {Type: config.Int64, Default: "5"}, "core.trust_ca_certificates": {Type: config.Bool, Default: "false"}, "core.auth_secret_expiry": {Type: config.String, Default: "1m", Validator: func(s string) error { now := time.Now().UTC() exp, err := shared.GetExpiry(now, s) if err != nil { return err } if exp.Sub(now) < 24*time.Hour { return errors.New("Auth secret expiry cannot be set to less than one day") } return nil }}, "images.auto_update_cached": {Type: config.Bool, Default: "true"}, "images.auto_update_interval": {Type: config.Int64, Default: "6"}, "images.compression_algorithm": {Default: "gzip", Validator: validate.IsCompressionAlgorithm}, "images.default_architecture": {Validator: validate.Optional(validate.IsArchitecture)}, "images.remote_cache_expiry": {Type: config.Int64, Default: "10"}, "instances.nic.host_name": {Validator: validate.Optional(validate.IsOneOf("random", "mac"))}, "instances.migration.stateful": {Type: config.Bool, Default: "false"}, "loki.auth.username": {}, "loki.auth.password": {}, "loki.api.ca_cert": {}, "loki.api.url": {}, "loki.instance": {}, "loki.labels": {}, "loki.loglevel": {Validator: logLevelValidator, Default: logrus.InfoLevel.String()}, "loki.types": {Validator: validate.Optional(validate.IsListOf(validate.IsOneOf( api.EventTypeLifecycle, api.EventTypeLogging, api.EventTypeOVN, api.EventTypeSecurity, ))), Default: "lifecycle,logging"}, "oidc.client.id": {}, "oidc.client.secret": {}, "oidc.issuer": {}, "oidc.audience": {}, "oidc.scopes": { Default: strings.Join([]string{oidc.ScopeOpenID, oidc.ScopeEmail, oidc.ScopeOfflineAccess, oidc.ScopeProfile}, " "), Validator: validate.Optional(func(value string) error { scopes := strings.Fields(value) if !slices.Contains(scopes, oidc.ScopeOpenID) || !slices.Contains(scopes, oidc.ScopeEmail) { return fmt.Errorf("oidc.scopes requires the %q and %q OpenID Connect scopes", oidc.ScopeOpenID, oidc.ScopeEmail) } return nil }), }, "oidc.groups.claim": {}, "oidc.session.expiry": {Default: "1w", Validator: func(s string) error { now := time.Now().UTC() exp, err := shared.GetExpiry(now, s) if err != nil { return err } if exp.Sub(now) < time.Hour { return errors.New("OIDC session expiry cannot be set to less than one hour") } return nil }}, "network.ovn.integration_bridge": {Default: "br-int"}, "network.ovn.northbound_connection": {Default: ""}, "network.ovn.ca_cert": {Default: ""}, "network.ovn.client_cert": {Default: ""}, "network.ovn.client_key": {Default: ""}, "volatile.uuid": {}, }, }
ConfigSchema defines available server configuration keys.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// contains filtered or unexported fields
}
Config holds cluster-wide configuration values.
func Load ¶
Load loads a new Config object with the current cluster configuration values fetched from the database.
func (*Config) AuthSecretExpiry ¶
AuthSecretExpiry returns the time after which an core secret is invalid.
func (*Config) BackupsCompressionAlgorithm ¶
BackupsCompressionAlgorithm returns the compression algorithm to use for backups.
func (*Config) ClusterHealingThreshold ¶
ClusterHealingThreshold returns the configured healing threshold, i.e. the number of seconds after which an offline node will be evacuated automatically. If the config key is set but its value is lower than cluster.offline_threshold it returns the value of cluster.offline_threshold instead. If this feature is disabled, it returns 0.
func (*Config) ClusterJoinTokenExpiry ¶
ClusterJoinTokenExpiry returns the cluster join token expiry.
func (*Config) ClusterUUID ¶
ClusterUUID returns the static cluster UUID.
func (*Config) Dump ¶
Dump current configuration keys and their values. Keys with values matching their defaults are omitted.
func (*Config) HTTPSAllowedCredentials ¶
HTTPSAllowedCredentials returns the relevant CORS setting.
func (*Config) HTTPSAllowedHeaders ¶
HTTPSAllowedHeaders returns the relevant CORS setting.
func (*Config) HTTPSAllowedMethods ¶
HTTPSAllowedMethods returns the relevant CORS setting.
func (*Config) HTTPSAllowedOrigin ¶
HTTPSAllowedOrigin returns the relevant CORS setting.
func (*Config) HTTPSTrustedProxy ¶
HTTPSTrustedProxy returns the configured HTTPS trusted proxy setting, if any.
func (*Config) ImagesAutoUpdateCached ¶
ImagesAutoUpdateCached returns whether or not to auto update cached images.
func (*Config) ImagesAutoUpdateIntervalHours ¶
ImagesAutoUpdateIntervalHours returns interval in hours at which to look for update to cached images.
func (*Config) ImagesCompressionAlgorithm ¶
ImagesCompressionAlgorithm returns the compression algorithm to use for images.
func (*Config) ImagesDefaultArchitecture ¶
ImagesDefaultArchitecture returns the default architecture.
func (*Config) ImagesMinimalReplica ¶
ImagesMinimalReplica returns the numbers of nodes for cluster images replication.
func (*Config) ImagesRemoteCacheExpiryDays ¶
ImagesRemoteCacheExpiryDays returns the number of days after which an unused cached remote image will be flushed.
func (*Config) InstancesMigrationStateful ¶
InstancesMigrationStateful returns the whether or not to auto enable migration.stateful for all VM instances.
func (*Config) InstancesNICHostname ¶
InstancesNICHostname returns hostname mode to use for instance NICs.
func (*Config) LokiServer ¶
func (c *Config) LokiServer() (apiURL string, authUsername string, authPassword string, apiCACert string, instance string, logLevel string, labels []string, types []string)
LokiServer returns all the Loki settings needed to connect to a server.
func (*Config) MaxStandBy ¶
MaxStandBy returns the maximum number of standby members in a cluster that will be assigned the stand-by role.
func (*Config) MaxVoters ¶
MaxVoters returns the maximum number of members in a cluster that will be assigned the voter role.
func (*Config) MetricsAuthentication ¶
MetricsAuthentication checks whether metrics API requires authentication.
func (*Config) NetworkOVNIntegrationBridge ¶
NetworkOVNIntegrationBridge returns the integration OVS bridge to use for OVN networks.
func (*Config) NetworkOVNNorthboundConnection ¶
NetworkOVNNorthboundConnection returns the OVN northbound database connection string for OVN networks.
func (*Config) NetworkOVNSSL ¶
NetworkOVNSSL returns all three SSL configuration keys needed for a connection.
func (*Config) OIDCServer ¶
func (c *Config) OIDCServer() (issuer string, clientID string, clientSecret string, scopes []string, audience string, groupsClaim string)
OIDCServer returns all the OpenID Connect settings needed to connect to a server.
func (*Config) OIDCSessionExpiry ¶
OIDCSessionExpiry returns the expiry of an OIDC session. This is separate from OIDCServer as it is passed into the session manager via a function that gets the value as necessary, so we don't need to refresh the oidc.Verifier each time this changes.
func (*Config) OfflineThreshold ¶
OfflineThreshold returns the configured heartbeat threshold, i.e. the number of seconds before after which an unresponsive node is considered offline..
func (*Config) Patch ¶
Patch changes only the configuration keys in the given map.
Return what has actually changed.
func (*Config) ProxyHTTPS ¶
ProxyHTTPS returns the configured HTTPS proxy, if any.
func (*Config) ProxyIgnoreHosts ¶
ProxyIgnoreHosts returns the configured ignore-hosts proxy setting, if any.
func (*Config) RemoteTokenExpiry ¶
RemoteTokenExpiry returns the time after which a remote add token expires.
func (*Config) Replace ¶
Replace the current configuration with the given values.
Return what has actually changed.
func (*Config) ShutdownTimeout ¶
ShutdownTimeout returns the number of minutes to wait for running operation to complete before LXD server shut down.
func (*Config) TrustCACertificates ¶
TrustCACertificates returns whether client certificates are checked against a CA.
func (*Config) UserMicrocloud ¶
UserMicrocloud returns whether the user.microcloud key is set.
Source Files