Service Configuration
OneCloud The platform supports modifying common service configurations based on the climc command.
Description
Please make sure the First Node node has been properly initialized with the climc tool, please see CLIMC tool
The generic configuration commands are as follows
The currently supported services for configuration are keystone, glance, region2, unionapi, common, etc.
Command mode
Type climc at the command line with the rated parameters to get the corresponding results.
### View the configuration information of the service
$ climc service-config-show <service_id>
# Modify the service's configuration information
$ climc service-config-edit <service_id>
# Modify or add configuration items
$ climc service-config <service_id> --config <key=value>
# Delete a configuration entry
$ climc service-config <service_id> --config <key=value> --remove
# Configure the service with a yaml file
$ climc service-config-yaml <service_id> <yaml_file>
Interactive mode
Enter climc directly in command line mode, without any arguments, to enter climc’s interactive mode.
### Enter interactive mode
$ climc
climc>
# View the configuration information of the service
climc> service-config-show <service_id>
# Modify the configuration information of the service
climc> service-config-edit <service_id>
# Modify or add configuration items
climc> service-config <service_id> --config <key=value>
# Delete a configuration entry
climc> service-config <service_id> --config <key=value> --remove
# Configure the service with a yaml file
climc> service-config-yaml <service_id> <yaml_file>
Common Service Configuration
After the service parameters are configured, you need to wait for about 5 minutes for them to take effect.
-
MFA Authentication: I.e. Multi-Factor Authentication, users need to pass two or more authentication methods to log in to the OneCloud platform, i.e. after users enter their username and password, they also need to enter a security code to log in to the OneCloud platform. Multiple authentication ensures the security of the OneCloud platform.
# Turn off MFA authentication $ climc service-config --config enable_totp=false yunionapi # Enable MFA authentication $ climc service-config --config enable_totp=true yunionapi -
Captcha: Captcha is required by default when signing in OneCloud platform, you can disable it or enable it with the following command.
# disable captcha $ climc service-config --config show_captcha=false yunionapi # Enable CAPTCHA $ climc service-config --config show_captcha=true yunionapi -
Modify the retention time of deleted hosts and disks in the Trash: By default, the retention time of deleted hosts and disks in the Trash is 3 days, and administrators can modify the retention time of hosts and disks according to their needs.
# Modify the retention time of hosts and disks for one week, the parameter value in s, 604800 = 7*24*60. $ climc service-config --config pending_delete_expire_seconds=604800 region2 -
Modify the deleted image retention time in the trash: by default, deleted images in the trash are not automatically deleted and need to be cleared manually by the administrator, who can set the image retention time to automatically clear the deleted images.
# modify the retention time of the image a week, the value of the parameter in s, 604800 = 7 * 24 * 60. $ climc service-config --config pending_delete_expire_seconds=604800 glance -
Three levels of permissions: The system is enabled by default after installation, that is, the platform contains only the default domain, and users can only create projects in the default domain. When the three-level permission is turned on, the system will support multiple domains and support the creation of projects in any domain. It is recommended that you do not turn off Three-level Resource Hierarchy after it is turned on.
# Enable level 3 privileges $ climc service-config --config non_default_domain_projects=true common # Turn off tertiary privileges, please do so with care $ climc service-config --config non_default_domain_projects=false common -
Set the default image for baremetal hosts conversion host: If you want to use the baremetal hosts conversion host feature, you need to configure the default image for baremetal hosts conversion host beforehand.
# Set the image id of the default image $ climc service-config --config convert_hypervisor_default_template=a9b67435-8c08-4063-8ea6-d885ea26aa79 region2
Brief introduction to service configuration parameters
common
{
"config":
{
"default":
{
"default_quota_value": "default",
"enable_rbac": true,
"non_default_domain_projects": "true", # level 3 permissions
"time_zone": "Asia/Shanghai"
}
}
}
region2
{
"config":
{
"default":
{
"admin_domain": "Default",
"auth_token_cache_size": 2048,
"auto_snapshot_day": 1,
"auto_snapshot_hour": 2,
"baremetal_server_reuse_host_ip": true, # Whether baremetal reuses the baremetal hosts IP
"calculate_quota_usage_interval_seconds": 900,
"cloud_auto_sync_interval_seconds": 30,
"cloud_sync_worker_count": 5,
"cloudaccount_health_status_check": "true",
"convert_kubelet_docker_volume_size": "256g",
"cron_job_worker_count": 4,
"debug_client": false,
"default_bandwidth": 1000,
"default_bucket_quota": 100,
"default_bw_quota": 2000000,
"default_cache_quota": 10,
"default_cpu_overcommit_bound": 8.000000, # CPU oversell ratio
"default_cpu_quota": 200,
"default_disk_size": 10240,
"default_ebw_quota": 4000,
"default_eip_quota": 10,
"default_eport_quota": 200,
"default_group_quota": 50,
"default_image_cache_dir": "image_cache",
"default_isolated_device_quota": 200,
"default_keypair_quota": 50,
"default_loadbalancer_quota": 10,
"default_max_manual_snapshot_count": 2,
"default_max_snapshot_count": 9,
"default_memory_overcommit_bound": 1.000000, # Memory oversell ratio
"default_memory_quota": 204800,
"default_mtu": 1500,
"default_object_cnt_quota": 5000,
"default_object_gb_quota": 500,
"default_port_quota": 200,
"default_quota_value": "default",
"default_rds_quota": 10,
"default_secgroup_quota": 50,
"default_security_rules": "allow any",
"default_server_quota": 50,
"default_snapshot_quota": 10,
"default_storage_overcommit_bound": 1.000000, # storage oversell ratio
"default_storage_quota": 12288000,
"default_sync_interval_seconds": 900,
"disconnected_cloud_account_retry_probe_interval_hours": 24, # How long to try to reconnect after losing connection with the cloud account
"enable_pending_delete": true,
"enable_rbac": true,
"expired_prepaid_max_clean_batch_size": 50,
"host_offline_detection_interval": 30,
"host_offline_max_seconds": 180,
"ignore_nonrunning_guests": true,
"image_cache_storage_policy": "least_used",
"loadbalancer_pending_delete_check_interval": 3600,
"max_cloud_account_error_count": 5,
"max_data_disk_count": 12,
"max_managed_nic_count": 1,
"max_normal_nic_count": 8,
"metrics_retention_days": 30,
"min_data_disk_count": 0,
"min_nic_count": 1,
"minimal_ip_addr_reused_interval_seconds": 30,
"minimal_sync_interval_seconds": 300,
"non_default_domain_projects": "true", # Whether third-level permission is on
"pending_delete_check_seconds": 3600,
"pending_delete_expire_seconds": "604800", # Retention time of server and disk in trash
"pending_delete_max_clean_batch_size": 50,
"prepaid_expire_check": false,
"prepaid_expire_check_seconds": 600,
"query_offset_optimization": false,
"rbac_debug": false,
"rbac_policy_sync_failed_retry_seconds": 30,
"rbac_policy_sync_period_seconds": 300,
"repeat_weekdays_limit": 7,
"request_worker_count": 4,
"retention_days_limit": 49,
"snapshot_create_disk_protocol": "fuse",
"sync_skus_day": 1,
"sync_skus_hour": 3,
"system_admin_quota_check": false,
"tenant_cache_expire_seconds": 900,
"time_points_limit": 1,
"time_zone": "Asia/Shanghai"
}
}
}
keystone
{
"config":
{
"default":
{
"auto_sync_interval_seconds": 30,
"bootstrap_admin_user_password": "gZ4WjcqqUMWXgxM2",
"calculate_quota_usage_interval_seconds": 900,
"cron_job_worker_count": 4,
"debug_client": false,
"default_quota_value": "default",
"default_sync_interval_seconds": 900,
"enable_rbac": true,
"fernet_key_repository": "/etc/yunion/keystone/fernet-keys",
"fetch_project_resource_count_interval_seconds": 900,
"non_default_domain_projects": "true", # Three levels of access
"password_error_lock_count": 0, # Password error several times locked
"password_expiration_seconds": 0, # Password expiration date
"password_minimal_length": 6, # Minimum password length
"password_unique_history_check": 0,
"query_offset_optimization": false,
"rbac_debug": false,
"rbac_policy_sync_failed_retry_seconds": 30,
"rbac_policy_sync_period_seconds": 300,
"request_worker_count": 4,
"reset_admin_user_password": false,
"setup_credential_keys": false,
"time_zone": "Asia/Shanghai",
"token_expiration_seconds": 86400
}
}
}
glance
{
"config":
{
"default":
{
"admin_domain": "Default",
"auth_token_cache_size": 2048,
"calculate_quota_usage_interval_seconds": 900,
"cron_job_worker_count": 4,
"debug_client": false,
"default_image_quota": 10,
"default_quota_value": "default",
"deploy_server_socket_path": "/var/run/deploy.sock",
"enable_pending_delete": true,
"enable_rbac": true,
"enable_torrent_service": false,
"filesystem_store_datadir": "/opt/cloud/workspace/data/glance/images",
"non_default_domain_projects": "true", # Three levels of access
"pending_delete_check_seconds": 3600,
"pending_delete_expire_seconds": "604800", # The length of time the image remains in the Trash
"pending_delete_max_clean_batch_size": 50,
"query_offset_optimization": false,
"rbac_debug": false,
"rbac_policy_sync_failed_retry_seconds": 30,
"rbac_policy_sync_period_seconds": 300,
"request_worker_count": 4,
"target_image_formats":
[
"qcow2",
"vmdk",
"vhd"
],
"tenant_cache_expire_seconds": 900,
"time_zone": "Asia/Shanghai",
"torrent_client_path": "/opt/yunion/bin/torrent",
"torrent_store_dir": "/opt/cloud/workspace/data/glance/torrents"
}
}
}
yunionapi
{
"config":
{
"default":
{
"admin_domain": "Default",
"auth_token_cache_size": 2048,
"calculate_quota_usage_interval_seconds": 900,
"cron_job_worker_count": 4,
"debug_client": false,
"default_quota_value": "default",
"disable_module_api_version": false,
"enable_rbac": true,
"enable_totp": false, # MFA
"non_default_domain_projects": "true", # Three levels of access
"rbac_debug": false,
"rbac_policy_sync_failed_retry_seconds": 30,
"rbac_policy_sync_period_seconds": 300,
"request_worker_count": 4,
"show_captcha": false,
"sqlite_path": "/etc/yunion/data/yunionapi.db",
"tenant_cache_expire_seconds": 900,
"time_zone": "Asia/Shanghai",
"timeout": 300,
"ws_port": 30443
}
}
}