|
Unix VPS
Support
FAQ
Network
Miscellaneous
|
| OVERLORD-SPEC(5) | FreeBSD File Formats Manual | OVERLORD-SPEC(5) |
NAME
overlord-spec —
Overlord specification for configuration files
CONFIGURATION
- serverid
- Path to a file containing the server identifier. Give all responsability to Overlord for generating this identifier, or in other words, do not manually change the contents of the file.
- port
- Specify the source port Overlord's API server should use.
- tls
- Configure the API server to listen on an alternate port for encrypted connections.
- tls.keyfile
- Private key filename.
- tls.certfile
- Certificate filename.
- tls.port
- Alternate port for listening to encrypted connections.
- debug
- Shorthand for several debug mode settings.
See also Application configuration
- compress_response
- If True, responses in textual formats will be compressed automatically.
See also Application configuration
- polling
- Polling configuration.
- polling.jail_stats
- How long to sleep after re-collecting rctl(4) statistics.
- polling.jail_info
- How much time to sleep after collecting information from the jails again.
- polling.projects
- How long to sleep afterwards to get the project list back.
- polling.jails
- How long to sleep afterwards to get the jail list back.
- polling.jail_extras
- How much time to sleep after collecting additional information from the jails again.
- polling.project_info
- How much time to sleep after collecting information from the projects again.
- polling.autoscale
- How much time to sleep after scaling the projects.
- polling.heartbeat
- How much time to sleep after checking the status of each chain.
If this parameter is not set, poll-heartbeat will not be executed.
- polling.skew
- After repeating the polling operation, a random number will be added to the previous numbers. The random number will be generated using the range specified in this parameter.
- polling.keywords
- Keywords to use to get information.
- polling.keywords.stats
- See the KEYWORDS section in appjail-limits(1) for details.
- polling.keywords.jail
- See the KEYWORDS section in appjail-jail(1) for details.
- polling.keywords.devfs
- See the KEYWORDS section in appjail-devfs(1) for details.
- polling.keywords.expose
- See the KEYWORDS section in appjail-expose(1) for details.
- polling.keywords.healthcheck
- See the KEYWORDS section in appjail-healthcheck(1) for details.
- polling.keywords.label
- See the KEYWORDS section in appjail-label(1) for details.
- polling.keywords.limits
- See the KEYWORDS section in appjail-limits(1) for details.
- polling.keywords.nat
- See the KEYWORDS section in appjail-nat(1) for details.
- polling.keywords.volume
- See the KEYWORDS section in appjail-volume(1) for details.
- polling.keywords.fstab
- See the KEYWORDS section in appjail-fstab(1) for details.
- memcache
- Configuration for the memcache client.
See also pymemcache.client.hash module
- memcache.connections
- An array of addresses pointing to memcache servers.
- memcache.max_pool_size
- maximum pool size to use.
See also pymemcache.client.base.PooledClient
- memcache.pool_idle_timeout
- pooled connections are discarded if they have been unused for this many
seconds. A value of 0 indicates that pooled connections are never
discarded.
See also pymemcache.client.base.PooledClient
- memcache.retry_attempts
- Amount of times a client should be tried before it is marked dead and
removed from the pool.
See also pymemcache.client.hash module
- memcache.retry_timeout
- Time in seconds that should pass between retry attempts.
Use 0 to use the default timeout, or -1 to disable it.
See also pymemcache.client.hash module
- memcache.dead_timeout
- Time in seconds before attempting to add a node back in the pool.
Use 0 to use the default timeout, or -1 to disable it.
See also pymemcache.client.hash module
- memcache.connect_timeout
- Seconds to wait for a connection to the memcached server.
Use 0 to use the default timeout, or -1 to disable it.
See also pymemcache.client.base.Client
- memcache.timeout
- Seconds to wait for send or recv calls on the socket connected to
memcached.
See also pymemcache.client.base.Client
- memcache.no_delay
- Set the
TCP_NODELAY
flag, which may help with performance in some cases.
See also pymemcache.client.base.Client
- secret_key
- Secret key for signing the JWT.
If this parameter is set, secret_keyfile will have no effect.
- secret_keyfile
- Like secret_key, but with some differences. First, this parameter points to a path where the secret key is stored, and second, the secret key is randomly generated. By default, since the secret_key parameter is not set, a random secret key is generated which is more secure than using a default (and insecure) secret key.
- log_config
- Logging configuration.
See also logging.conf.dictConfig
- chains
- Chain configuration.
- chains.chain.entrypoint
- URL to connect to.
- chains.chain.access_token
- Access token.
- chains.chain.disable
- Disable this chain. Useful for when the chain is temporarily unresponsive.
- chains.chain.timeout
- Timeout for all operations.
See also Timeouts
- chains.chain.read_timeout
- Specified the maximum duration to wait for a chunk of data to be received
(for example, a chunk of the response body). If HTTPX is unable to receive
data within this time frame), a
httpx.ReadTimeout
exception is raised.
See also Timeouts
- chains.chain.write_timeout
- Specifies the maximum duration to wait for a chunk of data to be sent (for
example, a chunk of the request body). If HTTPX is unable to send data
within this time frame, a
httpx.WriteTimeout
exception is raised.
See also Timeouts
- chains.chain.connect_timeout
- Specifies the maximum amount of time to wait until a socket connection to
the requested host is established. If HTTPX is unable to connect within
this time frame, a
httpx.ConnectTimeout
exception is raised.
See also Timeouts
- chains.chain.pool_timeout
- Specifies the maximum duration to wait for acquiring a connection from the
connection pool. If HTTPX is unable to acquire a connection within this
time frame, a PoolTimeout exception is raised. A related configuration
here is the maximum number of allowable connections in the connection
pool, which is configured by the limits argument.
See also Timeouts
- chains.chain.max_keepalive_connections
- Number of allowable keep-alive connections.
See also Resource Limits
- chains.chain.max_connections
- Maximum number of allowable connections.
- chains.chain.keepalive_expiry
- Time limit on idle keep-alive connections in seconds.
- chains.chain.cacert
- Certificate to verify the server when connecting to it.
- chains.chain.retry
- Retry policy.
- chains.chain.retry.total
- The maximum number of times to retry a request before giving up.
- chains.chain.retry.max_backoff_wait
- The maximum time in seconds to wait between retries.
- chains.chain.retry.backoff_factor
- The factor by which the wait time increases with each retry attempt.
- chains.chain.retry.respect_retry_after_header
- Whether to respect the Retry-After header in HTTP responses when deciding how long to wait before retrying.
- chains.chain.retry.backoff_jitter
- The amount of jitter to add to the backoff time, between 0 and 1.
- labels
- List of labels for the API server.
- director
- Director configuration.
- director.logs
- Path to the logs directory created by Director.
- appjail
- AppJail configuration.
- appjail.logs
- Path to the logs directory created by AppJail.
- appjail.images
- Location of AppJail images.
- appjail.jails
- Location of jails.
- components
- Where to store components used in some operations such as creating virtual machines.
- beanstalkd_addr
- Beanstalkd address to connect to. Use the unix: prefix to connect to a UNIX socket. If the port is not specified, 11300 will be used.
- execution_time
- Maximum time to execute a command or null to not set a timeout.
- dataplaneapi
- Data Plane API settings to configure HAProxy.
- dataplaneapi.auth
- Data Plane API authentication parameters.
- dataplaneapi.auth.username
- Data Plane API username.
- dataplaneapi.auth.password
- Data Plane API password.
- dataplaneapi.entrypoint
- dataplaneapi.timeout
- dataplaneapi.read_timeout
- dataplaneapi.write_timeout
- dataplaneapi.connect_timeout
- dataplaneapi.pool_timeout
- dataplaneapi.max_keepalive_connections
- dataplaneapi.max_connections
- dataplaneapi.keepalive_expiry
- dataplaneapi.cacert
- See chains.chain.* for details.
- skydns
- Configuration to manipulate the SkyDNS/coredns-etcd(7) plugin.
- skydns.path
- The path inside etcd.
- skydns.zone
- Authoritative zone.
- etcd
- Configuration to connect to etcd instances.
- etcd.host.port
- Port to connect to the etcd instance.
- etcd.host.protocol
- Protocol (or scheme).
- etcd.host.ca_cert
- Local cert to use as client side certificate.
- etcd.host.cert_key
- Private key.
- etcd.host.timeout
- Number of seconds to wait for the client to establish a connection to the etcd instance and to wait for the server to send a response.
- etcd.host.api_path
- The part that specifies the API version of etcd. Do not specify any if you want to leave the responsability of discovering the API version to the library.
- max_watch_projects
- Maximum number of jobs to wait in parallel to create or destroy projects, which must be greater than or equal to 1. By default, the number of available CPUs is used.
- max_watch_vm
- Like max_watch_projects but for virtual machines.
- metadata
- Metadata configuration parameters.
- metadata.location
- Path to a directory to store the metadata. If the specified directory doesn't exist, it will be created when writing any metadata.
- metadata.size
- Size of each metadata. If a user tries to create a metadata with a size greater than or equal to this parameter, an error occurs. By default this parameter is set to 1 MiB.
- autodisable
- Smart Timeouts is an Overlord feature that disables a chain that fails
until it comes back online.
Technically, this does not disable the chain, but the chain does not appear in the API server's list of chains, so a client will only see (with a probability) chains that are known to work (until they don't), ensuring more stability than showing the client an unnecessary failure (and also reducing performance due to constant timeouts).
- autodisable.enabled
- Enable or disable Smart Timeouts.
- autodisable.failures
- Maximum total number of failures to tolerate.
If the maximum total number of failures is greater than this number, the interval is checked.
- autodisable.interval
- The length of time a chain remains disabled.
- autodisable.increase
- This number affects the interval. When a comparison is made with the interval and the last failure time, this number is added to the interval, thus increasing the time a chain is disabled. The number adds to itself for each failure.
- autodisable.max-increase
- Maximum number for autodisable.increase.
- autodisable.strict
- Avoid connecting to backlisted chains.
- max_autoscale_logs
- Maximum number of logs to be kept in memory.
- autoscale_logs_expire_time
- Keep the logs in memcached for the specified seconds.
DEPLOYMENT
GLOBAL
- kind
- What kind of deployment is this file.
Valid choices are directorProject, metadata and vmJail.
- datacenters
- Servers to perform HTTP requests.
- datacenters.datacenter.entrypoint
- datacenters.datacenter.access_token
- datacenters.datacenter.timeout
- datacenters.datacenter.read_timeout
- datacenters.datacenter.write_timeout
- datacenters.datacenter.connect_timeout
- datacenters.datacenter.pool_timeout
- datacenters.datacenter.max_keepalive_connections
- datacenters.datacenter.max_connections
- datacenters.datacenter.keepalive_expiry
- See chains.chain.* in CONFIGURATION for details.
- deployIn
- Specify where to deploy.
- deployIn.entrypoints
- List of entry points to connect to that may have the chain with a syntax
such as
datacenter.{chainA}.{chainB}.
By default, when no entry point is specified, data centers will be used as the entry points.
- deployIn.labels
- Deploy to servers with these labels. When no labels are specified, the all label is used.
- deployIn.exclude
- Exclude servers matching the specified labels.
- maximumDeployments
- The maximum number of times to deploy a project.
metadata
Metadata allows simple text files to be created in the corresponding Overlord instances. Metadata is integrated with other Overlord parameters or subsystems, so it can be reused for multiple things.
- metadata
- A dictionary specifiying the metadata to be stored.
directorProject
Director is used for the creation of a project, a simple text file in YAML format that deploys one or more services (aka jails) on a single system.
- projectName
- Project name.
- projectFile
- Content of the project.
- projectFromMetadata
- Like projectFile but it obtains the content of the project from a metadata.
- environment
- A dictionary with each key-value environment. Both the key and the value must be a string.
- environFromMetadata
- Like environment but obtains a dictionary from a metadata in YAML format.
- datacentersEnvironment
- Each key must be a datacenter and its value a dictionary such as
environment specifying the environment to use depending
on the datacenter.
This parameter overrides any other environment-like option.
- chainsEnvironment
- Each key must be a chain and its value a dictionary such as
environment specifying the environment to use depending
on the chain.
This parameter overrides any other environment-like option except datacentersEnvironment.
A special key <root> can be used when a request is to be made to a datacenter but without specifiying a chain.
- labelsEnvironment
- Each key must be a label and its value a dictionary such as
environment specifying the environment to use depending
on whether the datacenter and its chain have a label that matches a key.
This parameter overrides any other environment-like option except datacentersEnvironment and chainsEnvironment.
- autoScale
- When at least one option of this parameter is set, a metadata named
overlord.autoscale.project is
created instead of simply deploying the project to the matching nodes. It
is assumed that the remote Overlord instance will read the metadata to
deploy and autoscale the project depending on how many chains it has.
The counterpart to destroying a project is to create another metadata named overlord.autoscale-cleanup.project. This is an indication to the Overlord instance not to deploy any more projects and to destroy the ones that are currently deployed.
If the overlord.autoscale.project metadata have at least one change, the project is redeployed to the nodes that have the project.
- autoScale.replicas
- Configuration parameters used to replicate the project.
- autoScale.replicas.min
- The minimum number of replicas this project will have. It depends on the number of matching and working chains.
- autoScale.replicas.max
- When scaling the project due to rctl(8) rules, this limits the number of deployments. By default, the number of matched and working chains calculated at runtime is used.
- autoScale.type
- When at least one
rctl(8)
rule is specified to scale the project based on the jail metrics, this
indicates how the metric should be evaluated.
- any-jail
- Fails if any of the jails have a metric greater than or equal to the specified limit.
- any-project
- Fails if the metric total for all jails in the same project is greater than or equal to the specified limit.
- average
- Calculates the average of the metric for all jails in the same project and fails if it is greater than or equal to the specified limit.
- percent-jail
- Calculates the percentage of the specified limit and fails if it is greater than or equal to the current metric. For example, if you define a rule as “vmemoryuse=512m” and a percentage of 60, the value will be 307 (rounded), so this test fails if the current metric is greater than or equal to 307.
- percent-project
- Like percent-jail, but first get the metric total for all jails in the same project
- autoScale.value
- If the type requires a value such as percent-jail or percent-project, this parameter must be used.
- autoScale.rules
- A dictionary specifying the rctl(8) rules. Each key-value must specify the rule and the limit, and if that limit is reached, more instances of the project will be created.
- autoScale.economy
- Like autoScale.rules but the comparison is as simple as
comparing the current server stats with the rules provided by this
parameter.
This by itself does not solve the noisy neighbor problem (limiting resource usage could solve this problem), but it can be useful for when you want to improve the latency response, so Overlord will throw away the project on an available chain.
- autoScale.labels
- See deployIn.labels for details.
readOnly
This deployment is only useful for use with the get-info command and can't be used with apply or destroy.
appConfig
Gets a Mako template from a metadata and substitutes variables, generating a new deployment file that can only be a directorProject or vmJail deployment. The resulting deployment file is temporary and is created each time the appConfig deployment is applied. Once the deployment file is created from the Mako template, it is applied.
Even if you have deployed the metadata in many chains, only the first match in an appConfig deployment is used.
See also Mako syntax
- appName
- Application name.
The variable ${appName} is automatically set and must be used in the Mako template, however this is not enforced in any way.
- appFrom
- Metadata to obtain the Mako template.
In addition to the parameters required for the specified deployment type, you must include at least the kind parameter. datacenters, deployIn and maximumDeployments parameters are set by Overlord when processing the appConfig deployment.
- appConfig
- A dictionary where each key represents the variable to be substituted when processing the Mako template.
vmJail
Deploy a new project that will create a new jail to then create a virtual machine. This kind of deployment integrates well with Overlord because the information it gets comes from the project and the jail.
A virtual disk is created and partitioned. This deployment file specifies the files to be installed on the root partition that must correspond to the FreeBSD installation. Once this process is complete, a new virtual machine will be up and running.
- vmName
- The name of the project, the jail and the virtual machine.
- makejail
- The Makejail to create the environment. This Makejail must install at least vm-bhyve(8) (stable or devel) for this kind of deployment to work properly. Apart from installing vm-bhyve(8) you must specify the network options of the jail, such as using Virtual Networks, configure the bridge, create the switch, and unhide the devices for bhyve(4) to work correctly.
- makejailFromMetadata
- Like makejail but it obtains the content of the Makejail from a metadata.
- template
- A dictionary where each key-value will be written as a
vm-bhyve(8)
template. The parameters disk0_type,
disk0_name, disk0_dev and
disk0_size will be written by Overlord
when creating the template.
disk0_type is whatever is specified in diskLayout.driver, disk0_name is disk0.img, disk0_dev is file and disk0_size is whatever is specified in diskLayout.size.
- diskLayout
- Configuration parameters for the virtual disk.
- diskLayout.driver
- The emulation type for the virtual disk.
Only nvme and virtio-blk are supported.
- diskLayout.size
- Size of the virtual disk.
- diskLayout.from
- Configuration parameters to determine how FreeBSD will be installed.
- diskLayout.from.type
- How to install FreeBSD. Depending on this parameter, some parameters may
or may not be valid.
Only appjailImage, components and iso are supported.
- diskLayout.from.isoFile
- The name of the ISO file containing the operating system to install. Due
to the nature of Overlord, which deploys jails and VMs
not necessarily on your local machine, you must use configure the VM
template for use with VNC.
See also UEFI Graphics (VNC)
This parameter is only valid for the iso type.
- diskLayout.from.installed
- A boolean to indicate whether the VM can be enabled and started for
persistent use. Or in other words, after installing the operating system,
you must modify your deployment file and include this parameter set to
true.
This parameter is only valid for the iso type.
- diskLayout.from.components
- A list of components to download and extract into the VM root partition.
This parameter is only valid for the components type.
- diskLayout.from.osVersion
- FreeBSD version.
This parameter is only valid for the components type.
- diskLayout.from.osArch
- FreeBSD architecture.
This parameter is only valid for the components type.
- diskLayout.from.downloadURL
- URL of the web site where the components will be downloaded. The special
strings
{ARCH}
and
{VERSION}
will be replaced by the values specified in the
osArch
and
osVersion
parameters.
This parameter is only valid for the components type.
- diskLayout.from.entrypoint
- Where and how to obtain the
appjail-ajspec(5)
file to then obtain the image to be extracted to the VM root partition.
This parameter is only valid for the appjailImage type.
- diskLayout.from.imageName
- Image name that does not necessarily correspond to the one specified in
the
appjail-ajspec(5)
file, although it is recommended to use the same value as the one
specified in the
name
parameter of that file.
This parameter is only valid for the appjailImage type.
- diskLayout.from.imageArch
- Obtain and use the image that matches this architecture.
This parameter is only valid for the appjailImage type.
- diskLayout.from.imageTag
- Obtain and use the image that matches this tag.
This parameter is only valid for the appjailImage type.
- diskLayout.disk
- Configuration parameters of virtual disk partitions, scheme and boot code.
- diskLayout.disk.scheme
- Specify the partitioning scheme to use.
- diskLayout.disk.partitions
- A list of dictionaries specifying the configuration parameters of the virtual disk partition.
- diskLayout.disk.partitions.partition.type
- Create a partition of type type.
- diskLayout.disk.partitions.partition.alignment
- If specified, then Overlord tries to align start offset and partition size to be multiple of alignment value.
- diskLayout.disk.partitions.partition.start
- The logical block address where the partition will begin.
- diskLayout.disk.partitions.partition.size
- Create a partition of size size.
- diskLayout.disk.partitions.partition.label
- The label attached to the partition. This option is only valid when used on partitioning schemes that support partition labels.
- diskLayout.disk.partitions.partition.format
- Configuration parameters for formatting the root partition.
If this parameter is set, the root partition is not only formatted, but also mounted and FreeBSD files are installed on it. You can specify this parameter multiple times, but only the first one will be mounted, although all partitions with this parameter will be formatted.
- diskLayout.disk.partitions.partition.format.flags
- newfs(8) flags.
- diskLayout.disk.bootcode
- Embed bootstrap code into the partitioning scheme's metadata on the root partition or write bootstrap code into a partition.
- diskLayout.disk.bootcode.bootcode
- Embed bootstrap code from the file bootcode into the partitioning scheme's metadata.
- diskLayout.disk.bootcode.partcode
- Write the bootstrap code from the file partcode into the root partition specified by diskLayout.disk.bootcode.index.
- diskLayout.disk.bootcode.index
- Specify the target partition for diskLayout.disk.bootcode.partcode.
- diskLayout.fstab
- Specifies the entries to create an fstab(5) file on the root partition.
- diskLayout.fstab.entry.device
- Special device or remote file system to be mounted.
- diskLayout.fstab.entry.mountpoint
- Mount point for the file system.
- diskLayout.fstab.entry.type
- Type of file system.
- diskLayout.fstab.entry.options
- Mount options associated with the file system.
- diskLayout.fstab.entry.dump
- Used for these file systems by the dump(8) command to determine which file systems need to be dumped.
- diskLayout.fstab.entry.pass
- Used by the fsck(8) and quotacheck(8) programs to determine the order in which file system and quota checks are done at reboot time.
- script
- A sh(1) script intended to further customize the virtual machine. The VM root partition is mounted on /mnt but inside the jail, however, the script runs in the jail directory not /mnt.
- metadata
- A list of metadata to be copied to the /metadata directory inside the jail. The metadata must be previously deployed or it is simply ignored.
- options
- Array of dictionaries where each dictionary (key and value) represents the
option used by
appjail-quick(1).
Keys are mandatory, but values are optional.
- script-environment
- Array of dictionaries where each dictionary (key and value) represents the
environment used by the script.
Environment variables are not loaded automatically, they must be loaded from the /metadata/environment file which is always created even if this parameter is not specified.
- start-environment
- Array of dictionaries where each dictionary (key and value) represents the environment used by the start stage.
- start-arguments
- Array of dictionaries where each dictionary (key and value) represents the arguments used by the start stage.
- build-environment
- Array of dictionaries where each dictionary (key and value) represents the environment used by the build stage.
- build-arguments
- Array of dictionaries where each dictionary (key and value) represents the arguments used by the build stage.
SEE ALSO
AUTHORS
Jesús Daniel Colmenares Oviedo <DtxdF@disroot.org>
| January 13, 2025 | FreeBSD 14.3-RELEASE |
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.