This repository has been archived by the owner on Sep 23, 2020. It is now read-only.
/
images.conf
129 lines (100 loc) · 4.69 KB
/
images.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
[images]
# local image repository directory
# - If a relative path is specified at the cmd line, this is the root dir
# where the program begins to look for the image to instantiate
# - It only makes sense to put read-only images here since multiple clients
# could specify the same image to use simultaneously (unless there is
# coordination at a higher level or via service authz callout).
# - if this setting is a relative path, it will be resolved from the
# workspace-control specific var directory (see "dirs.conf")
localdir: images
# secure propagation directory
# - this directory is where instance specific images that have been
# retrieved with the propagation code are placed
# - this must be separate from localdir to ensure that a random Nimbus user
# can not specify any image that has been propagated to this node (localdir
# intent is more for an admin to test with or for caching read-only images)
# - if this setting is a relative path, it will be resolved from the
# workspace-control specific var directory (see "dirs.conf")
securelocaldir: secureimages
# blankspace partition directory
# - this directory is where instance specific images that use blankspace
# will create their partition
# - this can be the same or separate from the securelocaldir for performance
# - if this setting is a relative path, it will be resolved from the
# workspace-control specific var directory (see "dirs.conf")
blankspacedir: secureimages
# blankcreate script
# - this is called when making a blankspace partition. This is not called
# under sudo. It's just separated into a script for easier replacement or
# customization.
# - if left blank if will default to the securelocaldir location
# - if this setting is a relative path, it will be resolved from the
# workspace-control specific libexec directory (see "dirs.conf")
# - if this setting is missing or blank, the blankspace functionality will
# be disabled
blankcreate: blankcreate.sh
# the image cache directory
# - this is the directory where images are cached. When an image is
# propagated it is put in this cache. Prior to propagation (and if
# the --cachecksum option is used) the cache is checked to see
# if the image is already local.
# - this directory has the same constraints as securelocaldir
# - this directory can not be a path on a network file system
# - the max size (in bytes) of the cache can be set, 0 (default) sets it
# to unlimited
#cachedir: imagecache
#cache_size: 0
# -------------------------------------------------------------------------
[tmplease]
# *Experimental*
#
# Enabling this preliminary feature lets you configure a list of physical
# partitions to "lease" to incoming VMs.
#
# *WARNING* Configure the list of physical partitions carefully. They are
# formatted every time they are used!
#
# The partition list path is configured directly at the top of the
# "tmp-lease-alter.py" script since it is sensitive information that
# should not be passed in by an unprivileged user.
#
# When enabled is 'true' the feature is enabled.
enabled:
# This is the partition or disk to 'present' to every VM for tmp space if this
# feature is enabled. Must use the 4 letter version, e.g. "sda2", for Xen, and
# the 3 letter version, e.g. "hdb", for KVM.
vmpartition: sda2
# Control if you want the program to fail entirely if a request already
# has a partition target that would make the 'vmpartition' injection
# impossible. When set to 'true', it will reject requests. Any other
# setting and it will just NOT cause the temp space to be leased or mounted,
# it will just log a warning.
fail_if_present: false
# This is called via sudo to adjust the physical partitions if this feature
# is enabled.
#
# It is called under sudo. A relevant entry for it must be configured in the
# sudoers file, for example:
#
# nimbus ALL=(root) NOPASSWD: /opt/nimbus/libexec/workspace-control/tmp-lease.sh
#
# Because it is called under sudo, that program, these conf files, and all
# enclosing directories should be owned by root.
#
# If this setting is a relative path, it will be resolved from the
# workspace-control specific libexec directory (see "dirs.conf")
tmplease: tmp-lease.sh
# -------------------------------------------------------------------------
[cow]
# *Experimental*
#
# Enabling this preliminary feature lets you store VM disk writes in
# copy-on-write files, which can speed up propagation by bypassing image
# transfer or copy.
#
# Copy-on-write images need to be created using the qemu-img tool. This
# setting is the path to the qemu-img tool as it is installed on your system.
#
# When 'qemu_img' is set, the feature is enabled.
#qemu_img: /usr/bin/qemu-img