defs-cloudlab-wisc 19.5 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260
#
# This is an example definitions file for configure.
#
# This version has an entirely private address space; i.e., the servers
# and nodes cannot be accessed directly from the Internet.
# The control network looks like:
#
# Complete:            10.1.32/22
# "public" segment:      10.1.33/24
# "private" segment:     10.1.32/24
# "node control segment: 10.1.34/23 (aka: 10.1.34/24, 10.1.35/24)
#
# This configuration requires a router/firewall between the segments
# and providing access to the outside. The router interface addresses
# for each segment are 10.1.{32,33,34}.1.
#
# Use the --with-TBDEFS=filename to specify your own file.
# If you add a variable, be sure to go and update configure.in.
#
# ALL VARIABLES MUST BE DEFINED! DO NOT COMMENT OUT VARIABLES!
#

# The name of this installation
THISHOMEBASE=wisc.cloudlab.us

#
# Various domain and host names
#
# NOTE: If a fully qualified hostname is used as an example, then
# be sure to use a fully qualified hostname! Do not use an IP. 
#

# Fully-qualified hostname of the our web server.
# This name should resolve to boss's IP address - though it can be a CNAME
WWWHOST=www.wisc.cloudlab.us

# Fully-qualified hostname of the boss node
BOSSNODE=boss.wisc.cloudlab.us

# Fully-qualified hostname of the ops (also called users) node
USERNODE=ops.wisc.cloudlab.us

# Fully-qualified hostname of the fileserver (will typically be the same
# as the ops node; ops.example.emulab.net)
FSNODE=ops.wisc.cloudlab.us

#
# Minimum Unix uid and gid values for Emulab users.
# Emulab will create the initial user with these values and all additional
# users will have values greater than these.  It would be unwise to make
# these less than 1000 to avoid conflicts with "standard" BSD and Linux
# users.  These can also be tweaked to avoid pre-existing accounts on the
# fileserver machine.
#
MIN_UNIX_UID=10000
MIN_UNIX_GID=6000

# 
# Addresses to which email will be sent - These are expected to go to mailing
# lists. You can either host the lists on your ops node, send them off to
# some external server. If you chose to run them from the ops node, the
# ops-install script sets up empty lists for you.
#

# Main address for the 'operations staff' - Copies of error messages, etc. will
# get sent to this address, and in some cases users are directed to this
# address if they have questions and/or problems.
TBOPSEMAIL=testbed-ops@wisc.cloudlab.us

# Notification of new projects requests get sent to this address for approval.
# Should have a few admin-types on it.
TBAPPROVALEMAIL=testbed-approval@wisc.cloudlab.us

# Logs, such as experiment creation/deletion go to this address. Probably no
# more than one person needs to be on this one.
TBLOGSEMAIL=testbed-logs@wisc.cloudlab.us

# Various auditing message about account maintenance go here. Again, probably
# only needs one member.
TBAUDITEMAIL=testbed-audit@wisc.cloudlab.us

# Some web reports get sent to this one.
TBWWWEMAIL=testbed-www@wisc.cloudlab.us

# Our node state management daemon sends mail to this address. Someone should
# be on this list, and reporting persistent error messages to Utah would be a
# good idea.
TBSTATEDEMAIL=testbed-stated@wisc.cloudlab.us

# We have a test suite to test the front end. This email is for the results
# of the testsuite, but is not used yet.
TBTESTSUITEEMAIL=testbed-testsuite@wisc.cloudlab.us

# We dynamically create two email addresses for notifications to users - one
# for all testbed users, and one for all users whose projects have active
# experiments. These addresses are included in the above lists, with the
# intent that they can be used to archive all mail sent to them.
TBUSERSARCHIVE=testbed-users-archive@wisc.cloudlab.us
TBACTIVEARCHIVE=testbed-active-users-archive@wisc.cloudlab.us

#
# Real paths (no symlinks) to the directories that get exported from ops
#
# FSDIR_SCRATCH is optional.  The intent is that it provides per-project
# space that is not "guaranteed" (for the Utah Emulab that means we do
# not back it up to tape).  If defined, you would either set no quotas,
# or higher quotas than for FSDIR_PROJ, on this filesystem.  If you are
# not providing guarantees and are not doing quotas, you might as well
# just put all your space in /proj and leave FSDIR_SCRATCH= blank.
#
FSDIR_GROUPS=/groups
FSDIR_PROJ=/proj
FSDIR_USERS=/users
FSDIR_SHARE=/share
FSDIR_SCRATCH=

#
# Filesystems on which quotas should be enforced.
# Note that if multiple of the FSDIR_* vars above are on the same filesystem
# (e.g., /q/proj and /q/groups) then you should only specify the base of the
# common filesystem on which they all reside here (e.g., /q).
# Set to the empty string to turn off quota checking.
#
FS_WITH_QUOTAS=""

#
# SSL Certificate stuff. Used to customize config files in ssl directory.
# Note that OrganizationalUnit is set in the cnf file.
# CommonName is typically set to BOSSNODE and emailAddress to TBOPSEMAIL
#
# The Country *must* be a two letter abbreviation.
# See: http://sustainablesources.com/resources/country-abbreviations/
#
SSLCERT_COUNTRY="US"
SSLCERT_STATE="Wisconsin"
SSLCERT_LOCALITY="Madison"
SSLCERT_ORGNAME="University of Wisconsin"

#
# Control network configuration stuff.
#
# Used primarily to generate initial named and dhcpd config files.
# See doc/setup-network.txt for definitions of the private, public and
# control segments.
#

#
# Boss and users node IP addresses on the control network.
# For boss this is an address on the private segment of the control net.
# For users this is an address on the public segment of the control net.
#
BOSSNODE_IP=128.104.222.9
USERNODE_IP=128.104.222.8
FSNODE_IP=$USERNODE_IP

#
# If your boss/ops nodes are multihomed (and typically, one of the
# networks is a public routable network, and the other is an internal
# unroutable network), then define the the external addresses here (and
# the internal addresses above).
#
EXTERNAL_BOSSNODE_IP=$BOSSNODE_IP
EXTERNAL_USERNODE_IP=$USERNODE_IP
EXTERNAL_FSNODE_IP=$EXTERNAL_USERNODE_IP

#
# Network definitions - see doc/setup-network.txt for a description of how
# we recommend laying out your network
#

#
# The overall control network range - this subnet should cover the
# CONTROL, PRIVATE, and PUBLIC networks below.
#
# The name server on the boss node will only respond to queries from nodes
# in this range and will only provide info about nodes in this range.
#
TESTBED_NETWORK=128.104.222.0
TESTBED_NETMASK=255.255.254.0

# NOTE: In named confs at least, we've added custom rules to allow name
# resolution of the internal views to UW campus networks.

#
# As above, if you have internal and external networks, define the
# external network here, and the internal network above.
#
# The name server on the boss node will respond to queries from any node
# not in the testbed (i.e., not in TESTBED_NET{WORK,MASK}) and provide info
# about only nodes in this range. Thus if you want to advertise all nodes
# in your testbed to networks "upstream", define these the same as for
# TESTBED_NET{WORK,MASK}. If however you only want to expose your boss (ops)
# node, define it the same as PRIVATE_NET{WORK,MASK} (PUBLIC_NET{WORK,MASK}).
# 
EXTERNAL_TESTBED_NETWORK=$TESTBED_NETWORK
EXTERNAL_TESTBED_NETMASK=$TESTBED_NETMASK

#
# The node control network segment.
# The DHCP server on boss provides information about nodes in this range.
#
CONTROL_ROUTER_IP=128.104.222.1
CONTROL_NETWORK=128.104.222.0
CONTROL_NETMASK=255.255.254.0

# TODO: Separate out boss from the ops network?
# Or at least firewall it off from the rest of the compute nodes?
# 2015-02-25
# bpkroth

#
# The private network segment.
# Where boss lives.
#
PRIVATE_NETWORK=128.104.222.0
PRIVATE_ROUTER=128.104.222.1
PRIVATE_NETMASK=255.255.254.0

#
# The public network segment.
# Where ops (users) and fs live.
#
PUBLIC_NETWORK=128.104.222.0
PUBLIC_ROUTER=128.104.222.1
PUBLIC_NETMASK=255.255.254.0

# Borrowed from defs-apt.  Here's the network our LOMs are on.
# 2015-02-25
# bpkroth
MANAGEMENT_NETWORK=10.130.6.0
MANAGEMENT_NETMASK=255.255.254.0
MANAGEMENT_ROUTER=10.130.6.1

#
# A range of addresses within the node control network segment
# to use for new nodes being added to the testbed.
# You need at least one.
#
DHCPD_DYNRANGE="128.104.223.200 128.104.223.250"

# For our MANAGEMENT_NETWORK vlan interface:
# 2015-02-26
# bpkroth
DHCPD_EXTRAIFS="em1"

#
# Fill in the nameservers for your campus network here - the nameserver on boss
# will forward requests for domains other than your own to these nameservers
# OR
# Leave this variable empty to have boss ignore any local nameservers and go
# straight to the roots itself. This is NOT recommended, as you won't get the
# benefit of local caches, and may be blocked on some campuses.
#
NAMED_FORWARDERS="144.92.254.254 128.104.254.254"

# Borrowed from defs-apt.  Here's a couple of other IPs of the named slave on
# ops that we want to notify so that it will get the different views synced.
# 2015-02-25
# bpkroth
#NAMED_ALSONOTIFY="128.104.222.8 10.130.6.8 192.168.6.8"
261 262
NAMED_ALSONOTIFY="128.104.222.8 192.168.6.8 128.104.223.201 10.130.7.201 128.104.223.202 10.130.7.202 128.104.223.203 10.130.7.203"
NAMED_ALSONOTIFY="128.104.222.8 192.168.6.8 10.130.7.201 10.130.7.202 10.130.7.203"
263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523

#
# NTP server configuration:
#
# NTPSERVER: boss|ops|fs|<external-server-name-or-IP>
#   Default: "ops"
#   Normally, one of boss, ops, or fs is designated as a local NTP server
#   but this can be set to a fully qualified name of some other machine.
#   If NTPSERVER is set to an external server, then boss/ops/fs are made
#   clients of that server just as any testbed node is.
#
# EXTERNAL_NTPSERVER[1-4]: <external-server-name-or-IP>
#   Default: "[0-3].pool.ntp.org"
#   If NTPSERVER is one of boss/ops/fs, then these values are used as the
#   upstream servers for the local server. These can be changed to four of
#   your favorite NTP servers.
#
# NTPDRIFTFILE: <path>
#   Default: "/var/db/ntp.drift"
#   If NTPSERVER is one of boss/ops/fs, then this is the name of the drift
#   file for the local server.
#

# NOTE: We actually customized the ntp.conf files a bit on boss and ops as well
# as the ntp{1,2}.wisc.cloudlab.us DNS definitions so that boss and ops can
# both be used and they sync between each other so that we're at least
# internally consistent (via peer definitions).
# DONE: Though really we should move ntp{1,2,3}.wisc.cloudlab.us to physical
# hosts for better accuracy.
# 2015-02-25
# bpkroth

NTPSERVER="ntp1.wisc.cloudlab.us"
#EXTERNAL_NTPSERVER1="0.pool.ntp.org"
#EXTERNAL_NTPSERVER2="1.pool.ntp.org"
#EXTERNAL_NTPSERVER3="2.pool.ntp.org"
#EXTERNAL_NTPSERVER4="3.pool.ntp.org"
EXTERNAL_NTPSERVER1="ntp1.doit.wisc.edu"
EXTERNAL_NTPSERVER2="ntp2.doit.wisc.edu"
EXTERNAL_NTPSERVER3="ntp1.cae.wisc.edu"
EXTERNAL_NTPSERVER4="ntp2.cae.wisc.edu"
NTPDRIFTFILE="/var/db/ntp.drift"

#
# Windows support. Turn this on if you think you might want to use WindowsXP
# or Windows7 images on your experimental nodes. Note though, that Utah cannot
# provide those images to you (because of obvious licensing issues), so it
# will be up to you to generate an image yourself and install the Emulab
# client side that enables Windows to work inside your testbed. Turning on
# Windows support will install and enable Samba on your ops node, so there 
# are firewall issues to be aware of (you want to block the appropriate ports
# so that your ops samba server can be accessed from *only* your control
# subnet!).
#
WINSUPPORT=0

#
# Additional Windows7-related variables. See:
#     http://users.emulab.net/trac/emulab/wiki/WindowsImageCreation
# for details.
#
WINDOWS_ORGNAME="Some Organization"
WINDOWS_OWNER="Some Owner"
WINDOWS_TIMEZONE="Mountain Standard Time"
WINDOWS_KEY_7PRO_X86=""

# TODO: Given the comment, why is this disabled?
# 2015-02-25
# bpkroth

#
# Enable an NS verification path using a clean version of NS.
# There is no reason to disable this unless NS won't build on your ops node.
#
NSVERIFY=0

#
# Turn this on to disable exporting NFS filesystems to nodes.
# User home directories on all nodes will be local and unsynchronized in
# this case.  There will also be no access to a central /proj, /group or
# /share either.
#
NOSHAREDFS=0

#
# Set to one if you are using an NFS server that has an "exports race".
# FreeBSDs before 10.x have this condition. There is currently one workaround
# and one fix for this, both apply to the new NFS implementation and only
# in 9.x and 10.x as far as I know:
#
#  * The -S (suspend) option to mountd, integrated into 10.x (and 9.x
#    as of 11/2012), is a workaround that allows suspension of the NFS
#    server while the exports are changed.
#
#  * The new nfse (http://nfse.sourceforge.net/) atomic exports framework
#    for FreeBSD 10.
#
# Since we currently only support FreeBSD 8.x fileservers, we default this
# to one. Set it to zero if you are using one of the above.
#
NFSRACY=0

#
# Set to one if using the new DBI Perl interface to mysql. This should be
# set to one on all new installations involving FreeBSD 8.x and above.
# The packages associated with the emulab-boss-4.0 and beyond meta port
# install the necessary package for DBI support.
#
# Only set this to zero for old installations (emulab-boss-3.1 and before).
#
TBUSEDBI=1

#
# If set to one, this will serve tarballs, RPMs and blobs to be served
# from the web server on ops (aka, "fs" or "users") rather than from boss.
# This is more efficient since the tarballs/RPMs/blobs are stored on ops.
# This can be set to one for all emulab-stable and emulab-devel releases
# after 12/24/12.
#
SPEWFROMOPS=1

#
# Set the type of the console on nodes. This is used when customizing
# the MFSes at Emulab setup time and for customizing the image loaded
# on a node at experiment setup time.
#
# "sio"	 use the "com1" serial port
# "sio2" use the "com2" serial port
# "vga"  use the VGA device
# "null" don't use a console
#
NODECONSOLE="sio"

#
# Set this if you are running:
#	- Perl 5.8
#	- Perl 5.10 with SelfLoader version 1.18 or greater
#	- Perl 5.12 or beyond
# As of Jan 2011, this should include all Emulab installs (we apply a patch
# to Perl 5.10 and 5.12 to update the SelfLoader (patches/SelfLoader.patch).
# This enables serious runtime performance improvements.
#
SELFLOADER_DATA="__DATA__"

#
# Virtual node network configuration (if you don't want virtual nodes,
# just leave this as is).
#
# Needs at least a /16 network.  For a /16 the layout of an IP is:
#	X.Y.<pnode>.<vnode>
# where <pnode> is the physical host node and <vnode> is the virtual
# node on that host.  Both are between 1 and 254.  If you have more than
# 254 physical nodes then the assignment code will increment Y, meaning
# that you had better have larger than a /16 network.  If you are using
# the default 172.16/12, then you can have up to 16 * 254 physical hosts.
# If you want more than 254 vnodes per pnode, you are screwed.
#
# ********* DO NOT CHANGE THESE UNLESS YOU ASK UTAH FIRST! *********
#
VIRTNODE_NETWORK=172.16.0.0
VIRTNODE_NETMASK=255.240.0.0
# XXX compat
JAILIPBASE=$VIRTNODE_NETWORK
JAILIPMASK=$VIRTNODE_NETMASK

#
# Dynamic public addresses for virtual nodes.  Leave as "none" if you don't
# have public IP addresses to spare, otherwise define to an otherwise
# unused block of addresses that will be given out to virtual nodes asking
# for routable control net interfaces (instead of the VIRTNODE_NETWORK
# block they'd otherwise get).
#
VPUBADDR_BASE=none
VPUBADDR_BITLEN=none

#
# Selective disable of a couple of features.
#
# DISABLE_NAMED_SETUP	If you are not running a name server on your boss.
#			This will prevent you from using the virtual node
#			names (e.g., node1.eid.pid.<your-domain>).
#
# DISABLE_EXPORTS_SETUP	Prevent dynamic configuration of the exports file
#			on your "fs" node.  You will need to use this if
#			your fs node is not running FreeBSD or is otherwise
#			not under your control.  If you set this option, you
#			will need to ensure that ALL your Emulab filesystems
#			(e.g., /proj, /users) are exported to ALL your nodes.
#			This has obvious security implications and YOU REALLY
#			SHOULD NOT DO THIS. 
#
DISABLE_NAMED_SETUP=0
DISABLE_EXPORTS_SETUP=0

#
# Frisbee address/port parameters (and yes meant to spell it that way).
#
# FRISEBEEMCASTADDR	Starting multicast address to use. Each frisbeed
# 			download server instance gets a unique address.
# FRISEBEEMCASTPORT	Starting port for download and upload servers.
#			Each server gets a unique port number.
# FRISEBEENUMPORTS	When non-zero, limits the range of ports used for
# 			download/upload to MCASTPORT to MCASTPORT+NUMPORTS-1.
#			When zero, any port can be used.
#
FRISEBEEMCASTADDR="234.5.6"
FRISEBEEMCASTPORT=3564
FRISEBEENUMPORTS=0

#
# Some switches do not support the stack MIB. This means snmpit cannot
# set the port/duplex during swapin, so you are stuck at a particular
# bandwidth, and have to change them from the console. Set to 1 if
# your switch has no stack MIB.
#
NOSTACKMIB=0



#
ISOLATEADMINS=0

#
# Only supported on the Mother Ship (emulab.net) right now.
#
WIKISUPPORT=0
BUGDBSUPPORT=0
MAILMANSUPPORT=0
CVSSUPPORT=0
CHATSUPPORT=0
NFSTRACESUPPORT=0
OPSDBSUPPORT=0

#
# Deprecated and should always be zero.
#
ARCHIVESUPPORT=0
SFSSUPPORT=0
PELABSUPPORT=0
PLABSUPPORT=0
PLAB_ROOTBALL="plabroot-18.tar.bz2"

#
# You shouldn't have to change anything below this point
#

TBADMINGROUP=tbadmin
TBDBNAME=tbdb
IPBASE=10
DELAYCAPACITY=2
DISABLE_NSE=1

# Sometimes the main page is down in a directory on WWWHOST
# No trailing '/'!
#WWW=www.example.emulab.net/emulab-www

#
# Protogeni
#
PROTOGENI_SUPPORT=1
PROTOGENI_DOMAIN="cloudlab-wisc"
524 525 526
PROTOGENI_LOCALUSER=1
PROTOGENI_GENIWEBLOGIN=0
PROTOGENI_MAXSERVERLOAD=24
527
PROTOGENI_NONFSMOUNTS=0
528 529 530
# Portal for the Cloudlab Cluster.
CLUSTER_PORTAL="boss.emulab.net"
CLUSTER_PUBSUBD_PORT=16506
531 532 533

# Blockstores
BS_IQN_PREFIX=iqn.2015-04.us.cloudlab.wisconsin
534 535 536 537 538 539

#
# If enabled, needs setup, see:
#   http://users.emulab.net/trac/emulab/wiki/NodeUsageInstall
#
NODE_USAGE_SUPPORT=1
540 541 542 543

#
# Fancy new browser in the console support
#
544
BROWSER_CONSOLE_ENABLE=1
545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599

#
# Set if direct NFS mounts from vnodes to ops don't work
# e.g., due to firewalling on a segmented control network.
#
NOVIRTNFSMOUNTS=0

# Image versioning and deltas.
IMAGEPROVENANCE=1
IMAGEDELTAS=0

#
# ZFS
#
WITHZFS=1
ZFS_ROOT=z
ZFS_QUOTA_USER="1G"
ZFS_QUOTA_PROJECT="100G"
ZFS_QUOTA_GROUP="10G"
# We prefer to use NFSv4 for now.  amd/autofs doesn't generally have ghosting
# turned on, so it's hard to see what's available.
# 2015-04-04
# bpkroth
# Nevermind, that caused issues with emulab's ability to detect whether or not
# an export from ops was available (more specifically mounted) on boss since so
# far as we could tell FreeBSD doesn't have an equivalent to Linux's "cat
# /proc/mounts" in order to determine what NFSv4 submounts were currently
# mounted.
# 2015-04-13
# bpkroth
WITHAMD=1
AMD_ROOT=/.amd_mnt/ops.wisc.cloudlab.us
# Break a dependency loop where exports_setup on boss only instructs ops to
# generate exports for things that boss can see, but since those are mounted
# from ops, without this we can't see them to instruct ops to export them to us.
# That's really not the main purpose of the setting though.  Instead, it's
# meant to reduce the number of exports that mountd has to handle to only those
# that are active and necessary, rather than all of descendants of a
# z/{users,groups,proj,share} fs.  That's probably less necessary on our
# relatively smaller install than Utah's.
# 2015-04-04
# bpkroth
ZFS_NOEXPORT=1
# But that also adds an assumption that we've included Utah's incremental
# mountd update patches to FreeBSD, which we haven't.  So, add another flag to
# skip that.
# 2015-04-08
# bpkroth
# RT #543192
# NOTE: This option has since been taken upstream and renamed to
# INCREMENTAL_MOUNTD, which defaults to 0, since really only Utah has that hack
# right now.
# 2015-04-10
# bpkroth
WITHOUT_INCREMENTAL_MOUNTD_UPDATES=1