supd-conf
description: Learn how to configure supd.conf in Avassa with detailed reference documentation on settings, parameters, and usage.
supd.conf
This section defines the file format of the supd daemon config file
supd.conf. It is a YAML file with the following structure:
The top level object in the file
| Name | Type | Description |
|---|---|---|
host-id | host-id | An identifier for a host that is unique within the site provider network. The value of host-id is used to identify hosts in asite definition, and to identify hosts when the call home to form a cluster. If not set, the System Serial Number from the System Management BIOS (SMBIOS) is used, if it exists. Otherwise, the System UUID from SMBIOS is used, if it exists. Otherwise, the local host name is used. In Linux, the SMBIOS interface is accessed via DMI. If the value of host-id is on the form DMI:<key>, the value of<key> from the Linux DMI interface is used. For example, touse the Chassis Serial Number, set this parameter to DMI:chassis_serial.The SMBIOS data on linux can be read through the files in /sys/class/dmi/id. Note that the System Serial Number iscalled product_serial in linux, and the System UUID is calledproduct_uuid. |
nameservers ORresolve-config | array of ip-address ORenumeration
| DNS nameservers that supd should forward dns queries to. By default supd will use the host configuration, but it is possible to provide a list of IP addresses that should be used instead. If resolve-config is set to none then supd will act as arecursive resolver and lookup names from authoritative servers (requires Internet access).The default value is resolve-config. |
initial-site-config | Objectsee initial-site-config | Defines the host's initial site config. This config is only used on the first start of the host. |
The initial-site-config Object
| Name | Type | Description |
|---|---|---|
call-home ORtop-site-config | Object see call-home ORObject see top-site-config | call-home must be set for edge sites, and top-site-configmust be set for the top site (Control Tower). |
network | Objectsee network | Specify IPv4 allocation pools either in form of a single pool or specifically for different purposes. If no configuration is specified, then the configuration propagated from the parent is used. If no explicit configuration is set on the parent, then the default is to allocate from 172.16.0.0/12 block. |
userns | Objectsee userns | |
standalone | boolean | Controls if the supd daemon should work in standalone mode, i.e., without control over docker and network. This means that it cannot launch containers, configure local network etc. When running the daemon inside, for example, Kubernetes, this setting should be trueThe default value is false. |
The call-home Object
| Name | Type | Description |
|---|---|---|
call-home-servers | array of host | The address(es) of the servers to call home to. i.e., the servers in the parent site. |
parent-proxy-ips | array of ip-address | The IP address(es) of the parent site proxy servers to forward data to and from the parent site. |
parent-proxy-call-home-port | port-number | The port number used by the proxy servers to forward data to and from the parent site for the initial call home process. Used in call home host-init and report-host-ips. |
parent-proxy-api-port | port-number | The port number used by the proxy servers to forward data to and from the parent site for api requests. Also used in call home host-hello requests. |
parent-proxy-registry-port | port-number | The port number used by the proxy servers to forward data to and from the parent site while fetching images. |
parent-proxy-volga-port | port-number | The port number used by the proxy servers to forward data to and from the parent site for Volga connections. |
api-ca-cert | ca-cert | One or more root certificates in PEM format. The API CA certificate for the sites in the site provider network. This is used to verify the identity of the call home servers in the initial call home. |
parent-ca-cert | ca-cert | One or more root certificates in PEM format. |
The network Object
| Name | Type | Description |
|---|---|---|
ipv4-address-blocks ORspecific-pools | array of ipv4-prefix ORObject see specific-pools | IPv4 addressing space used for various needs within the limits of one host or one site. These addresses are never routed outside one site, hence a private address range works fine. It also means that these address blocks can be reused in different sites. However, it will not be possible to reach the sites or the services they are running from the allocated subnets, so these blocks should not be reused in other parts of the site provider network. This configuration must be the same for all hosts within a single site, otherwise the behaviour is undefined. This configuration is automatically propagated to children sites during initial call-home unless explicitly configured in a child site. This means that a value configured in the Control Tower will be used globally by default. The default value on the Control Tower is 172.16.0.0/12. |
The userns Object
| Name | Type | Description |
|---|---|---|
disable | empty | When Podman is used as the container engine, disable userns mapping at host initialization. It can later be enabled via diagnostics set-userns-mode action. With Docker thisparameter is not in effect, the userns mode is configured in Docker's daemon.conf instead. |
The specific-pools Object
| Name | Type | Description |
|---|---|---|
site-overlay-network | ipv4-prefix | Prefix to be used for allocating addresses on the site overlay network between hosts in a site. The size of the prefix defines the limit on the maximum number of hosts within the site. This configuration must be the same for all hosts within a single site. |
common-application-network | ipv4-prefix | Prefix to be used for allocating addresses on application networks. This prefix is reused for each application network, which can be done because the networks are fully isolated. The size of the prefix defines the maximum number of service instances in all applications connected to the same shared application network and the maximum number of service instances within a single application connected to a private application network. This configuration must be the same for all hosts within a single site. |
gateway-networks | array of ipv4-prefix | List of prefixes available for allocation of gateway network prefixes on this host. Each gateway network must have a unique prefix within a host. The addresses on this network are however never routed outside the host. The total size of the configured prefixes defines the maximum number of applications that may be scheduled on this host. |
The top-site-config Object
Initial config parameters for the Control Tower site.
Once the cluster is up and running, the configuration for this site can be modified (e.g., add new hosts) like any other config through the REST API or Web UI.
The following files must be present in the state dir:
dist-ca.pem(CA cert for this cluster)dist-ca.key(key for the CA cert for this cluster)
Note that when supd has successfully started, it will store the
private CA key in strongbox, and delete the file dist-ca.key
from the state dir.
| Name | Type | Description |
|---|---|---|
name | name | The name of the site. |
domain | domain-name | The domain to use for this site, and all sites added to this Control Tower. The default value is site.test. |
registry | Objectsee registry | |
hosts | array of Objectsee host |
The registry Object
| Name | Type | Description |
|---|---|---|
http | boolean | By default the registry http server uses https, but by setting http to true it will also use cleartext http (on a different port). The default value is false. |
The host Object
| Name | Type | Description |
|---|---|---|
hostname | domain-name | The hostname of the host where supd is running. |
ip-addresses | array of ip-address | An optional list of ip addresses that can be used for communication between the hosts in the cluster. If the hostname resolves to one or more ip addresses on all hosts in the cluster, this list does not have to be populated. |
controller | boolean |