OneFlow Configuration

OneFlow orchestrates multi-VM services as a whole, interacts with the OpenNebula Daemon to manage the Virtual Machines (starts, stops), and can be controlled via the Sunstone GUI or over CLI. It’s a dedicated daemon installed by default as part of the Single Front-end Installation, but can be deployed independently on a different machine. The server is distributed as an operating system package opennebula-flow with the system service opennebula-flow.

Read more in Multi-VM Service Management.

Configuration

The OneFlow configuration file can be found in /etc/one/oneflow-server.conf on your Front-end. It uses YAML syntax with following parameters:

Note

After a configuration change, the OneFlow server must be restarted to take effect.

Parameter

Description

Server Configuration

:one_xmlrpc

Endpoint of OpenNebula XML-RPC API

:subscriber_endpoint

Endpoint for ZeroMQ subscriptions

:autoscaler_interval

Time in seconds between each evaluation of elasticity rules

:host

Host/IP where OneFlow will listen

:port

Port where OneFlow will listen

:force_deletion

Force deletion of VMs on terminate signal

:retries

Retries in case of aborting call due to authentication issue

Defaults

:default_cooldown

Default cooldown period after a scale operation, in seconds

:wait_timeout

Default time to wait for VMs state changes, in seconds

:concurrency

Number of threads to make actions with flows

:shutdown_action

Default shutdown action. Values: shutdown, shutdown-hard

:action_number :action_period

Default number of virtual machines (:action_number) that will receive the given call in each interval (:action_period), when an action is performed on a Role.

:vm_name_template

Default name for the Virtual Machines created by Oneflow. You can use any of the following placeholders: $SERVICE_ID, $SERVICE_NAME, $ROLE_NAME, $VM_NUMBER.

:page_size

Default page size when purging DONE services

Authentication

:core_auth

Authentication driver to communicate with OpenNebula core

  • cipher for symmetric cipher encryption of tokens

  • x509 for X.509 certificate encryption of tokens

For more information, visit the Cloud Server Authentication reference.

Logging

:debug_level

Logging level. Values: 0 for ERROR level, 1 for WARNING level, 2 for INFO level, 3 for DEBUG level

:expire_delta

Default interval for timestamps. Tokens will be generated using the same timestamp for this interval of time. THIS VALUE CANNOT BE LOWER THAN EXPIRE_MARGIN.

:expire_margin

Tokens will be generated if time > EXPIRE_TIME - EXPIRE_MARGIN

In the default configuration, the OneFlow server will only listen to requests coming from localhost (which is enough to control OneFlow over Sunstone running on the same host). If you want to control OneFlow over API/CLI remotely, you need to change :host parameter in /etc/one/oneflow-server.conf to a public IP of your Front-end host or to 0.0.0.0 (to work on all IP addresses configured on Host).

Configure Sunstone

Sunstone GUI enables end-users to access the OneFlow from the UI and it directly connects to OneFlow on their behalf. Sunstone has configured the OneFlow endpoint it connects to in /etc/one/fireedge-server.conf in parameter :oneflow_server. When OneFlow is running on a different host than Sunstone, the endpoint in Sunstone must be configured appropriately.

Sunstone tabs for OneFlow (Services and Service Templates) are enabled in Sunstone by default. To customize visibility for different types of users, follow the Sunstone Views documentation.

Configure CLI

OneFlow CLI (oneflow and oneflow-template) uses same credentials as other command-line tools. The login and password are taken from the file referenced by environment variable $ONE_AUTH (defaults to $HOME/.one/one_auth). Remote endpoint and (optionally) distinct user/password access to the above is configured in environment variable $ONEFLOW_URL (defaults to http://localhost:2474), $ONEFLOW_USER and $ONEFLOW_PASSWORD.

Example:

ONEFLOW_URL=http://one.example.com:2474 oneflow list

See more in Managing Users documentation.

Service Control and Logs

Change the server running state by managing the operating system service opennebula-flow.

To start, restart or stop the server, execute one of:

systemctl start   opennebula-flow
systemctl restart opennebula-flow
systemctl stop    opennebula-flow

To enable or disable automatic start on Host boot, execute one of:

systemctl enable  opennebula-flow
systemctl disable opennebula-flow

Server logs are located in /var/log/one in following files:

  • /var/log/one/oneflow.log

  • /var/log/one/oneflow.error

Logs of individual multi-VM Services managed by OneFlow can be found in

  • /var/log/one/oneflow/$ID.log where $ID identifies the service

Other logs are also available in Journald. Use the following command to show:

journalctl -u opennebula-flow.service

Advanced Setup

Permission to Create Services

Documents are special types of resources in OpenNebula used by OneFlow to store Service Templates and information about Services. When a new user Group is created, you can decide if you want to allow/deny its users to create Documents (and also OneFlow Services). By default, new groups are allowed to create Document resources.