| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # |
| # This is Brooklyn's dot-properties file. |
| # It should be located at "~/.brooklyn/brooklyn.properties" for automatic loading, |
| # or can be specified as a CLI option with --localProperties /path/to/these.properties. |
| |
| ################################## Welcome! ############################################ |
| |
| # It's great to have you here. |
| |
| # Getting Started options have been pulled to the top. There's a formatting guide at the |
| # very bottom. |
| |
| ############################ Getting Started Options #################################### |
| |
| ## GUI Security |
| |
| ## NOTE: in production it is highly recommended to set up security. |
| ## See http://brooklyn.apache.org/v/latest/ops/brooklyn_properties.html#authentication |
| |
| ## Edit the name(s) and passwords as appropriate to your system, or even better generate |
| ## a salt and sha256 of your password. |
| |
| # brooklyn.webconsole.security.users=admin,bob |
| # brooklyn.webconsole.security.user.admin.password=password |
| # brooklyn.webconsole.security.user.bob.password=bobsword |
| |
| ## If you prefer to run with https (on port 8443 by default), either configure this on the |
| ## command line (see or http://brooklyn.apache.org/v/latest/ops/server-cli-reference.html#launch-command) |
| ## or uncomment this: |
| |
| # brooklyn.webconsole.security.https.required=true |
| |
| |
| ########################## Getting Started Complete! ################################### |
| |
| # That's it, although you may want to read through these options... |
| |
| |
| ################################ Brooklyn Options ######################################## |
| |
| ## Brooklyn Management Base Directory: specify where management data should be stored on this server; |
| ## ~/.brooklyn/ is the default but you could use something like /opt/brooklyn/state/ |
| ## (provided this process has write permissions) |
| # brooklyn.base.dir=~/.brooklyn/ |
| |
| ## Brooklyn On-Box Directory: specify where data should be stored on managed hosts; |
| ## for most locations a directory off home is the default (but using /tmp/brooklyn-user/ on localhost), |
| ## however you could specify something like /opt/brooklyn-managed-process/ (creation and permissions are handled) |
| # onbox.base.dir=~/brooklyn-managed-process/ |
| |
| ## Additional security: Allow all - if you know what you are doing! |
| ## (Or you can also plug in e.g. LDAP security etc here) |
| # brooklyn.webconsole.security.provider = org.apache.brooklyn.rest.security.provider.AnyoneSecurityProvider |
| |
| ## Optionally disallow deployment to localhost (or any other location) |
| # brooklyn.location.localhost.enabled=false |
| |
| ## Scripting Behaviour |
| |
| ## keep scripts around after running them (usually in /tmp) |
| # brooklyn.ssh.config.noDeleteAfterExec = true |
| |
| ## Misc Cloud Settings |
| ## brooklyn will fail a node if the cloud machine doesn't come up, but you can tell it to retry: |
| # brooklyn.location.jclouds.machineCreateAttempts = 3 |
| ## many cloud machines don't have sufficient entropy for lots of encrypted networking, so |
| ## the default is to use /dev/urandom; disable that (to use /dev/random) by setting this to false: |
| # brooklyn.location.jclouds.installDevUrandom=false |
| |
| ## Sets a minimium ram property for all jclouds locations. Recommended to avoid getting tiny machines! |
| # brooklyn.location.jclouds.minRam = 2048 |
| |
| ## When setting up a new cloud machine Brooklyn creates a user with the same name as the user running |
| ## Brooklyn on the management server, but you can force a different user here: |
| # brooklyn.location.jclouds.user=brooklyn |
| ## And you can force a password or key (by default it will use the keys in ~/.ssh/id_rsa{,.pub} |
| # brooklyn.location.jclouds.password=s3cr3t |
| |
| |
| ############################ Deploying to Localhost ##################################### |
| |
| ## Deploying to Localhost |
| ## see: info on locations at http://brooklyn.apache.org/v/latest/ops/locations/index.html#localhost |
| ## |
| ## Brooklyn defaults to using ~/.ssh/id_rsa, if it exists. |
| # brooklyn.location.localhost.privateKeyFile = ~/.ssh/id_rsa |
| ## Passphrases are supported, but not required |
| # brooklyn.location.localhost.privateKeyPassphrase = s3cr3tpassphrase |
| |
| |
| ################################## Geoscaling ########################################### |
| |
| ## Entities can retrieve their configuration from brooklyn.properties. However, it is |
| ## more common to set this configuration in the blueprint's YAML. |
| |
| ## The Geoscaling Service - used for the Global Web Fabric demo - can read the following |
| ## configurat (see http://www.geoscaling.com/dns2/) |
| # brooklyn.geoscaling.username = USERNAME |
| # brooklyn.geoscaling.password = PASSWORD |
| # brooklyn.geoscaling.primaryDomain = DOMAIN |
| |
| |
| ############################# Locations Credentials ##################################### |
| |
| ## Best practice is to add locations to the catalog, rather than configuring locations |
| ## in brooklyn.properties. We also recommend using a proper credentials store, such as |
| ## Vault. |
| ## |
| ## However, brooklyn.properties is supported. Example configurations are shown below. |
| |
| ## Amazon EC2 Credentials |
| ## These should be an "Access Key ID" and "Secret Access Key" for your account. |
| ## See http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html |
| # brooklyn.location.jclouds.aws-ec2.identity = AKA_YOUR_ACCESS_KEY_ID |
| # brooklyn.location.jclouds.aws-ec2.credential = <access-key-hex-digits> |
| |
| ## Beware of trailing spaces in your cloud credentials. This will cause unexpected |
| ## 401: unauthorized responses. |
| |
| ## Using Other Clouds |
| ## 1. Cast your eyes down this document to find your preferred cloud in the Named Locations |
| ## section, and the examples. |
| ## 2. Uncomment the relevant line(s) for your provider. |
| ## 3. ADD -.identity and -.credential lines for your provider, similar to the AWS ones above, |
| ## replacing 'aws-ec2' with jcloud's id for your cloud. |
| |
| |
| ################################ Named Locations ######################################## |
| |
| ## Best practice is to add locations to the catalog, rather than using named locations in |
| ## brooklyn.properties. However, the latter approach is supported. Example configurations |
| ## are shown below. |
| |
| ## Named locations appear in the web console. If using the command line or YAML it may be |
| ## just as easy to use the jclouds:<provider> locations and specify additional properties there. |
| |
| ## Example: AWS Virginia using Rightscale 6.3 64bit Centos AMI and Large Instances |
| # brooklyn.location.named.aws-va-centos-large = jclouds:aws-ec2:us-east-1 |
| # brooklyn.location.named.aws-va-centos-large.imageId=us-east-1/ami-7d7bfc14 |
| # brooklyn.location.named.aws-va-centos-large.user=brooklyn |
| # brooklyn.location.named.aws-va-centos-large.minRam=4096 |
| |
| ## You can also nest these: |
| # brooklyn.location.named.aws-acct-two = jclouds:aws-ec2 |
| # brooklyn.location.named.aws-acct-two.identity = AKA_ACCT_TWO |
| # brooklyn.location.named.aws-acct-two.credential = <access-key-hex-digits> |
| # brooklyn.location.named.aws-acct-two-singapore = named:aws-acct-two |
| # brooklyn.location.named.aws-acct-two-singapore.region = ap-southeast-1 |
| # brooklyn.location.named.aws-acct-two-singapore.displayName = AWS Singapore (Acct Two) |
| |
| # For convenience some common defaults: |
| # brooklyn.location.named.aws-california = jclouds:aws-ec2:us-west-1 |
| # brooklyn.location.named.aws-oregon = jclouds:aws-ec2:us-west-2 |
| # brooklyn.location.named.aws-ireland = jclouds:aws-ec2:eu-west-1 |
| # brooklyn.location.named.aws-tokyo = jclouds:aws-ec2:ap-northeast-1 |
| |
| ## Google Compute |
| ## The credentials for GCE come from the "APIs & auth -> Credentials" page, |
| ## creating a "Service Account" of type JSON, then extracting |
| ## the client_email as the identity and private_key as the identity, |
| ## keeping new lines as \n (exactly as in the JSON supplied) |
| # brooklyn.location.jclouds.google-compute-engine.identity=1234567890-somet1mesArand0mU1Dhere@developer.gserviceaccount.com |
| # brooklyn.location.jclouds.google-compute-engine.credential=-----BEGIN PRIVATE KEY----- \nMIIblahablahblah \nblahblahblah \n-----END PRIVATE KEY----- |
| # brooklyn.location.named.Google\ US = jclouds:google-compute-engine |
| # brooklyn.location.named.Google\ US.region=us-central1-a |
| # brooklyn.location.named.Google\ EU = jclouds:google-compute-engine |
| # brooklyn.location.named.Google\ EU.region=europe-west1-a |
| ## the following flags for GCE are recommended |
| ## specify the network to use - otherwise it creates new networks each time and you hit quotas pretty quickly |
| ## you may have to manually create this network AND enable a firewall rule EG tcp:1-65535;udp:1-65535;icmp |
| ## (fix for this is in progress) |
| # brooklyn.location.jclouds.google-compute-engine.networkName=brooklyn-default-network |
| ## gce images have bad entropy, this ensures they have noisy /dev/random (even if the "randomness" is not quite as random) |
| # brooklyn.location.jclouds.google-compute-engine.installDevUrandom=true |
| ## gce images often start with iptables turned on; turn it off unless your blueprints are iptables-aware |
| # brooklyn.location.jclouds.google-compute-engine.stopIptables=true |
| |
| ## Softlayer - need a key from the gui, under "administrative -> user administration -> api-access |
| # brooklyn.location.jclouds.softlayer.identity=username |
| # brooklyn.location.jclouds.softlayer.credential=<private-key-hex-digits> |
| ## locations |
| # brooklyn.location.named.Softlayer\ Dallas=jclouds:softlayer:dal05 |
| # brooklyn.location.named.Softlayer\ Seattle=jclouds:softlayer:sea01 |
| # brooklyn.location.named.Softlayer\ Washington\ DC=jclouds:softlayer:wdc01 |
| # brooklyn.location.named.Softlayer\ Singapore\ 1=jclouds:softlayer:sng01 |
| # brooklyn.location.named.Softlayer\ Amsterdam\ 1=jclouds:softlayer:ams01 |
| |
| |
| ## Brooklyn uses the jclouds multi-cloud library to access many clouds. |
| ## https://jclouds.apache.org/reference/providers/#compute |
| |
| ## Templates for many other clouds, but remember to add identity and credentials: |
| |
| # brooklyn.location.named.Bluelock = jclouds:bluelock-vcloud-zone01 |
| |
| # brooklyn.location.named.CloudSigma\ Nevada = jclouds:cloudsigma-lvs |
| # brooklyn.location.named.CloudSigma\ Zurich = jclouds:cloudsigma-zrh |
| |
| # brooklyn.location.named.ElasticHosts\ London = jclouds:elastichosts-lon-p |
| # brooklyn.location.named.ElasticHosts\ Texas = jclouds:elastichosts-sat-p |
| |
| # brooklyn.location.named.GleSYS = jclouds:glesys |
| |
| # brooklyn.location.named.Go2Cloud = jclouds:go2cloud-jhb1 |
| |
| # brooklyn.location.named.GoGrid = jclouds:gogrid |
| |
| # brooklyn.location.named.Green\ House\ Data = jclouds:greenhousedata-element-vcloud |
| |
| # brooklyn.location.named.Ninefold = jclouds:ninefold-compute |
| |
| # brooklyn.location.named.OpenHosting = jclouds:openhosting-east1 |
| |
| ## Rackspace (Next Gen) |
| # brooklyn.location.named.Rackspace\ Chicago\ (ord) = jclouds:rackspace-cloudservers-us:ORD |
| # brooklyn.location.named.Rackspace\ Dallas\ (dfw) = jclouds:rackspace-cloudservers-us:DFW |
| # brooklyn.location.named.Rackspace\ Hong\ Kong\ (hkg) = jclouds:rackspace-cloudservers-us:HKG |
| # brooklyn.location.named.Rackspace\ Northern\ Virginia\ (iad) = jclouds:rackspace-cloudservers-us:IAD |
| # brooklyn.location.named.Rackspace\ Sydney\ (syd) = jclouds:rackspace-cloudservers-us:SYD |
| |
| ## For UK you will need a separate account with rackspace.co.uk |
| # brooklyn.location.named.Rackspace\ London\ (lon) = jclouds:rackspace-cloudservers-uk:LON |
| |
| # brooklyn.location.jclouds.rackspace-cloudservers-us.identity = YOUR_USERNAME |
| # brooklyn.location.jclouds.rackspace-cloudservers-us.credential = YOUR_API_KEY |
| |
| ## Separate account credentials for the UK |
| # brooklyn.location.jclouds.rackspace-cloudservers-uk.identity = YOUR_USERNAME |
| # brooklyn.location.jclouds.rackspace-cloudservers-uk.credential = YOUR_API_KEY |
| |
| ## Rackspace (First Gen) |
| ## If you need to use Rackspace "first gen" API |
| ## (note the "next gen" api configured above seems to be faster) |
| # brooklyn.location.named.Rackspace\ US\ (First Gen) = jclouds:cloudservers-us |
| # brooklyn.location.named.Rackspace\ UK\ (First Gen) = jclouds:cloudservers-uk |
| |
| # brooklyn.location.jclouds.cloudservers-us.identity = YOUR_USERNAME |
| # brooklyn.location.jclouds.cloudservers-us.credential = YOUR_API_KEY |
| |
| ## Separate account credentials for the UK |
| # brooklyn.location.jclouds.cloudservers-uk.identity = YOUR_USERNAME |
| # brooklyn.location.jclouds.cloudservers-uk.credential = YOUR_API_KEY |
| |
| # brooklyn.location.named.SeverLove = jclouds:serverlove-z1-man |
| |
| # brooklyn.location.named.SkaliCloud = jclouds:skalicloud-sdg-my |
| |
| # brooklyn.location.named.Stratogen = jclouds:stratogen-vcloud-mycloud |
| |
| # brooklyn.location.named.TryStack\ (Openstack) = jclouds:trystack-nova |
| |
| |
| ## Production pool of machines for my application (deploy to named:On-Prem\ Iron\ Example) |
| # brooklyn.location.named.On-Prem\ Iron\ Example=byon:(hosts="10.9.1.1,10.9.1.2,produser2@10.9.2.{10,11,20-29}") |
| # brooklyn.location.named.On-Prem\ Iron\ Example.user=produser1 |
| # brooklyn.location.named.On-Prem\ Iron\ Example.privateKeyFile=~/.ssh/produser_id_rsa |
| # brooklyn.location.named.On-Prem\ Iron\ Example.privateKeyPassphrase=s3cr3tpassphrase |
| |
| ## Various Private Clouds |
| |
| ## Example: OpenStack Nova |
| |
| ## openstack identity and credential are random strings of letters and numbers (TBC - still the case?) |
| # brooklyn.location.named.My\ Openstack=jclouds:openstack-nova:https://9.9.9.9:9999/v2.0/ |
| |
| ## OpenStack Nova access information can be downloaded from the openstack web interface; for example, as openrc.sh file |
| # brooklyn.location.named.My\ Openstack=jclouds:openstack-nova:keystone-url |
| # brooklyn.location.named.My\ OpenStack.identity=your-tenant-name:your-user-name |
| # brooklyn.location.named.My\ OpenStack.credential=your-password |
| # brooklyn.location.named.My\ OpenStack.endpoint=your-keystone-url |
| |
| ## The ID of the image must be configured according to the local OpenStack settings |
| ## Use the command nova image-list to list all the available images |
| ## Use the command nova show <image-name> to get more details |
| # brooklyn.location.named.My\ OpenStack.imageId=the-region-name/the-image-id |
| |
| ## Virtual Machine flavors must match the ones created upfront according to the local OpenStack settings |
| ## Use the command nova flavor-list to list all the available options |
| ## Use the command nova flavor-show <flavor-name> to get more details |
| # brooklyn.location.named.My\ OpenStack.hardwareId=the-region-name/the-flavor-id |
| |
| ## (Optional) Configurations |
| |
| # brooklyn.location.named.My\ OpenStack.user=user-name-inside-the-instance |
| |
| ## The keyPair must by created upfront. Both the following two options are required at the same time. |
| # brooklyn.location.named.My\ OpenStack.keyPair=the-key-pair-name |
| # brooklyn.location.named.My\ OpenStack.loginUser.privateKeyFile=/path/to/keypair.pem |
| |
| ## Security groups must be created upfront (TBC - How to specify many security groups at one ?) |
| # brooklyn.location.named.My\ OpenStack.securityGroups=universal |
| |
| # brooklyn.location.named.My\ OpenStack.openIptables=true |
| # brooklyn.location.named.My\ OpenStack.selinux.disabled=true |
| # brooklyn.location.named.My\ OpenStack.auto-create-floating-ips=true |
| # brooklyn.location.named.My\ OpenStack.openstack-nova.auto-generate-keypairs=false |
| |
| ## cloudstack identity and credential are rather long random strings of letters and numbers |
| ## you generate this in the cloudstack gui, under accounts, then "view users", then "generate key" |
| ## use the "api key" as the identity and "secret key" as the credential |
| # brooklyn.location.named.My\ Cloudstack=jclouds:cloudstack:http://9.9.9.9:9999/client/api/ |
| |
| ## abiquo identity and credential are your login username/passed |
| # brooklyn.location.named.My\ Abiquo=jclouds:abiquo:http://demonstration.abiquo.com/api/ |
| |
| |
| ############################### Formatting Guide ####################################### |
| |
| ## Both # and ! mark lines as comments |
| # The follow syntax are ALL valid. |
| # example_key example_value |
| # example_key : example_value |
| # example_key = example_value |
| # example_key=example_value |
| |
| ## The backslash below tells Brooklyn to continue reading the value onto the next line. |
| # example_key = A very \ |
| # long string! |
| ## Note all white space before 'long...' is ignored. Also '!' is kept as part of the string |
| |
| |
| ## Keys with spaces should be escaped with backslashes. |
| ## This is useful for named locations, as the name displayed in Brooklyn's web-console |
| ## is derived from the key name. |
| # key\ with\ spaces = some\ value |
| |
| ## Encoding for .properties must be ISO-8859-1, aka Latin-1. |
| ## All non-latin1 characters must be entered using unicode escape characters |
| # polish_pangram = P\u00F3jd\u017A\u017Ce, ki\u0144 \ |
| # t\u0119 chmurno\u015B\u0107 w g\u0142\u0105b flaszy! |