volume
access
required: false
scopable: true
candidates: rwo, roo, rwx, rox
default: rwo
The access mode of the volume.
rwois Read Write Onceroois Read Only Oncerwxis Read Write Manyroxis Read Only Many
rox and rwx modes are served by flex volume services.
blocking_post_provision
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors interrupt the action.
blocking_post_start
required: false
scopable: true
A command or script to execute after the resource start action.
Errors interrupt the action.
blocking_post_stop
required: false
scopable: true
A command or script to execute after the resource stop action.
Errors interrupt the action.
blocking_post_unprovision
required: false
scopable: true
A command or script to execute after the resource unprovision action.
Errors interrupt the action.
blocking_pre_provision
required: false
scopable: true
A command or script to execute before the resource provision action.
Errors interrupt the action.
blocking_pre_start
required: false
scopable: true
A command or script to execute before the resource start action.
Errors interrupt the action.
blocking_pre_stop
required: false
scopable: true
A command or script to execute before the resource stop action.
Errors interrupt the action.
blocking_pre_unprovision
required: false
scopable: true
A command or script to execute before the resource unprovision action.
Errors interrupt the action.
comment
required: false
scopable: false
Comments help the users understand the role of the object and its resources.
configs
required: false
scopable: true
convert: shlex
Example:
configs = conf/mycnf:/etc/mysql/my.cnf:ro conf/sysctl:/etc/sysctl.d/01-db.conf
The whitespace-separated list of
<config name>/<key>:<volume relative path>:<options>.
directories
required: false
scopable: true
convert: list
Example:
directories = a/b/c d /e
The whitespace-separated list of directories to create in the vol head.
dirperm
required: false
scopable: true
default: 700
convert: file-mode
Example:
dirperm = 750
The permissions, in octal notation, to apply to the volume root and installed directories.
disable
required: false
scopable: true
convert: bool
A disabled resource will be ignored on start, stop, provision and
unprovision actions.
A disabled resource status is n/a.
If set in the DEFAULT section of an object, the object is disabled and
ignores start, stop, shutdown, provision and unprovision actions.
These actions immediately return success.
om <path> disable sets DEFAULT.disable=true.
om <path> enable sets DEFAULT.disable=false.
Note: The
enableanddisableactions preserve the individual resourcedisablestate.
encap
required: false
scopable: false
convert: bool
Set to true to ignore this resource in the nodes context and consider it in the encapnodes context. The resource is thus handled by agents deployed in the service containers.
format
required: false
scopable: true
default: true
convert: bool
If true, the pool's vol configuration producer will include a fs
resource layered over the disk resource.
group
required: false
scopable: true
Example:
group = 1001
The group name or id that will own the volume root and installed files and directories.
monitor
required: false
scopable: true
convert: bool
A resource with monitor=true will trigger the monitor_action
(crash or reboot the node, freezestop or switch the service) if:
-
The resource is
down. -
The instance has
local_expect=startedin its daemon monitor data, which means the daemon considers this instance is and should remain started. -
All restart tentatives failed.
name
required: false
scopable: true
default: {name}-vol-{rindex}
The vol name.
An object can only reference a vol in the same namespace.
nodes
required: false
scopable: true
default: {.nodes}
convert: nodes
A node selector expression filtering the creator nodes to determine the volume nodes.
If not set, all the creator nodes will be volume nodes.
optional
required: false
scopable: true
convert: bool
Action errors on optional resources are logged but do not interrupt the action sequence.
The status of optional resources is not included in the instance availability status but is considered in the overall status.
The status of task and sync resources is always included in the overall status, regardless of whether they are marked as optional.
Resources tagged as noaction are considered optional by default.
Dump filesystems are a typical use case for optional=true.
perm
required: false
scopable: true
convert: file-mode
Example:
perm = 660
The permissions, in octal notation, to apply to the installed files.
pg_blkio_weight
required: false
scopable: true
Example:
pg_blkio_weight = 50
Block IO relative weight. Value: between 10 and 1000.
The kernel default is 1000.
pg_cpu_quota
required: false
scopable: true
Example:
pg_cpu_quota = 50%@all
The kernel default value is used, which usually is 1024 shares.
In a cpu-bound situation, this setting ensures the service does not use more than its share of cpu resource. The actual percentile depends on shares allowed to other services.
pg_cpu_shares
required: false
scopable: true
convert: size
Example:
pg_cpu_shares = 512
The kernel default value is used, which usually is 1024 shares.
In a cpu-bound situation, this setting ensures the service does not use more than its share of cpu resource. The actual percentile depends on shares allowed to other services.
pg_cpus
required: false
scopable: true
depends: create_pg=true
Example:
pg_cpus = 0-2
Allow service process to bind only the specified cpus.
Cpus are specified as list or range : 0,1,2 or 0-2.
pg_mem_limit
required: false
scopable: true
convert: size
Example:
pg_mem_limit = 512m
Ensures the service does not use more than specified memory (in bytes).
The Out-Of-Memory killer is triggered in case of tresspassing.
pg_mem_oom_control
required: false
scopable: true
Example:
pg_mem_oom_control = 1
A flag (0 or 1) that enables or disables the Out of Memory killer for the processes of the group.
- If enabled (0), tasks that attempt to consume more memory than they are allowed are immediately killed by the OOM killer.
- If disabled (1), tasks are allowed to continue to try allocating memory, stressing the system.
The OOM killer is enabled by default in every cgroup using the memory controller.
pg_mem_swappiness
required: false
scopable: true
Example:
pg_mem_swappiness = 40
Set a swappiness percentile value for the process group.
pg_mems
required: false
scopable: true
Example:
pg_mems = 0-2
Allow service process to bind only the specified memory nodes.
Memory nodes are specified as list or range : 0,1,2 or 0-2.
pg_vmem_limit
required: false
scopable: true
convert: size
Example:
pg_vmem_limit = 1g
Ensures the service does not use more than specified memory+swap (in bytes).
The Out-Of-Memory killer is triggered in case of tresspassing.
The specified value must be greater than pg_mem_limit.
pool
required: false
scopable: true
The name of the pool to allocate from.
post_provision
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
post_start
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
post_stop
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
post_unprovision
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
pre_provision
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
pre_start
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
pre_stop
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
pre_unprovision
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
provision
required: false
scopable: false
default: true
convert: bool
Set to false to ignore the provision and unprovision actions on the
resource.
Warning:
provisionandunprovisionuse data-destructive operations like formatting.
It is recommended to set provision=false on long-lived critical objects,
to force administrators to remove this setting when they really want to
destroy data.
provision_requires
required: false
scopable: false
Example:
provision_requires = ip#0 fs#0(down,stdby down)
A whitespace-separated list of conditions to meet to accept a 'provision' action.
A condition is expressed as <rid>(<state>,...).
If states are omitted, up,stdby up is used as the default expected states.
provision_timeout
required: false
scopable: true
convert: duration
Example:
provision_timeout = 1m30s
Wait for <duration> before declaring the action a failure.
Takes precedence over timeout.
restart
required: false
scopable: true
default: 0
convert: int
The daemon will try to restart a resource if:
-
The resource is
down,stdby downorwarn. -
The instance has
local_expect=startedin its daemon monitor data, which means the daemon considers this instance is and should remain started. -
The node is not frozen
-
The instance is not frozen
In this case, the daemon try restart=<n> times before falling back to the
monitor action.
The restart_delay keyword sets the interval after a failed restart before
the next tentative.
Resources with standby=true have restart forced to a minimum of 2, to
increase chances of a restart success.
restart_delay
required: false
scopable: true
default: 500ms
convert: duration
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
secrets
required: false
scopable: true
convert: shlex
Example:
secrets = cert/pem:server.pem cert/key:server.key
The whitespace-separated list of
<secret name>/<key>:<volume relative path>:<options>.
shared
required: false
scopable: true
convert: bool
If true, the resource will be considered shared during provision and
unprovision actions.
A shared resource driver can implement a different behaviour depending on weither it is run from the leader instance, or not:
-
When
--leaderis set, the driver creates and configures the system objects. For example the disk.disk driver allocates a SAN disk and discover its block devices. -
When
--leaderis not set, the driver does not redo the actions already done by the leader, but may do some. For example, the disk.disk driver skips the SAN disk allocation, but discovers the block devices.
The daemon takes care of setting the --leader flags on the commands
it submits during deploy, purge, provision and unprovision
orchestrations.
Warning: If admins want to submit
--localprovision or unprovision commands themselves, they have to set the--leaderflag correctly.
Flex objects usually don't use shared resources. But if they do, only
the flex primary gets --leader commands.
Warning: All resources depending on a shared resource must also be flagged as shared.
signal
required: false
scopable: true
Example:
signal = hup:container#1
A <signal>:<target> whitespace-separated list, where <signal> is a signal
name or number (ex. 1, hup or sighup), and target is the comma-separated
list of resource ids to send the signal to (ex: container#1,container#2).
If only the signal is specified, all candidate resources will be signaled.
This keyword is typically used to reload daemons on certificate or configuration files changes.
size
required: false
scopable: true
convert: size
The size to allocate in the pool.
standby
required: false
scopable: true
convert: bool
If true, always start the resource, even on non-started instances.
The daemon is responsible for starting standby resources.
A resource can be set standby on a subset of nodes using keyword scoping.
A typical use-case is a synchronized filesystem on non-shared disks. The remote filesystem must be mounted to not overflow the underlying filesystem.
Warning: In most situation, don't set shared resources standby, a non-clustered fs on shared disks for example.
start_requires
required: false
scopable: false
Example:
start_requires = ip#0 fs#0(down,stdby down)
A whitespace-separated list of conditions to meet to accept a 'start' action.
A condition is expressed as <rid>(<state>,...).
If states are omitted, up,stdby up is used as the default expected states.
start_timeout
required: false
scopable: true
convert: duration
Example:
start_timeout = 1m30s
Wait for <duration> before declaring the action a failure.
Takes precedence over timeout.
stat_timeout
required: false
scopable: true
convert: duration
The fs resources status evaluation includes a stat syscall test. This keyword defines the maximum wait time for those stat calls to respond.
When expired, the resource status is degraded is to warn, which can trigger a monitor action (reboot or crash the node) if the resource is monitored.
status_timeout
required: false
scopable: true
default: 1m
convert: duration
Example:
status_timeout = 10s
The maximum duration of the instance status evaluation.
For example, the total start action duration is constrained by different timeouts:
-
the
start_timeoutLimiting the start action duration. -
the
stop_timeoutLimiting the start rollback duration triggered by start errors. -
the
status_timeoutLimiting the post-start instance status evaluation duration.
stop_requires
required: false
scopable: false
Example:
stop_requires = ip#0 fs#0(down,stdby down)
A whitespace-separated list of conditions to meet to accept a 'stop' action.
A condition is expressed as <rid>(<state>,...).
If states are omitted, up,stdby up is used as the default expected states.
stop_timeout
required: false
scopable: true
convert: duration
Example:
stop_timeout = 1m30s
Wait for <duration> before declaring the action a failure.
Takes precedence over timeout.
subset
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
sync_timeout
required: false
scopable: true
convert: duration
Example:
sync_timeout = 1m30s
Wait for <duration> before declaring the action a failure.
Takes precedence over timeout.
tags
required: false
scopable: true
convert: set
A whitespace-separated list of tags.
Tags can be used for resource selection by tag.
Some tags can influence the driver behaviour:
-
noactionSkip any state changing action on the resource and imply
optional=true. -
nostatusForce the status
n/a.
timeout
required: false
scopable: true
default: 1h
convert: duration
Example:
timeout = 2h
Wait for <duration> before declaring a state-changing action a failure.
A per-action <action>_timeout can override this value.
type
required: false
scopable: true
The type of the pool to allocate the vol from.
The selected pool will be the one matching type and capabilities and with
the maximum available space.
unprovision
required: false
scopable: false
default: true
convert: bool
Set to false to ignore the unprovision action on the resource.
Warning:
unprovisionuse data-destructive operations like formatting.
It is recommended to set provision=false on long-lived critical objects,
to force administrators to remove this setting when they really want to
destroy data.
unprovision_requires
required: false
scopable: false
Example:
unprovision_requires = ip#0 fs#0(down,stdby down)
A whitespace-separated list of conditions to meet to accept a 'unprovision' action.
A condition is expressed as <rid>(<state>,...).
If states are omitted, up,stdby up is used as the default expected states.
unprovision_timeout
required: false
scopable: true
convert: duration
Example:
unprovision_timeout = 1m30s
Wait for <duration> before declaring the action a failure.
Takes precedence over timeout.
user
required: false
scopable: true
Example:
user = 1001
The user name or id that will own the volume root and installed files and directories.