# # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. # # This is Brooklyn's dot-properties file. # It should be located at "~/.brooklyn/brooklyn.properties" for automatic loading, # or can be specified as a CLI option with --localProperties /path/to/these.properties. ################################## Welcome! ############################################ # It's great to have you here. # Getting Started options have been pulled to the top. There's a formatting guide at the # very bottom. ############################ Getting Started Options #################################### ## GUI Security ## NOTE: in production it is highly recommended to set this, as otherwise it will not require login, ## not will it be encrypted (though for safety if security is not set it will only bind to loopback) ## Edit the name(s) and passwords as appropriate to your system: # brooklyn.webconsole.security.users=admin,bob # brooklyn.webconsole.security.user.admin.password=password # brooklyn.webconsole.security.user.bob.password=bobsword ## If you prefer to run with https (on port 8443 by default), uncomment this: # brooklyn.webconsole.security.https.required=true # By default we have AWS set up (but with invalid credentials!). Many, many other # providers are supported. ## Amazon EC2 Credentials # These should be an "Access Key ID" and "Secret Access Key" for your account. # This is configured at https://console.aws.amazon.com/iam/home?#security_credential . brooklyn.location.jclouds.aws-ec2.identity = AKA_YOUR_ACCESS_KEY_ID brooklyn.location.jclouds.aws-ec2.credential = # Beware of trailing spaces in your cloud credentials. This will cause unexpected # 401: unauthorized responses. ## Using Other Clouds # 1. Cast your eyes down this document to find your preferred cloud in the Named Locations # section, and the examples. # 2. Uncomment the relevant line(s) for your provider. # 3. ADD -.identity and -.credential lines for your provider, similar to the AWS ones above, # replacing 'aws-ec2' with jcloud's id for your cloud. ## Deploying to Localhost ## see: info on locations at brooklyn.io # ## ~/.ssh/id_rsa is Brooklyn's default location # brooklyn.location.localhost.privateKeyFile = ~/.ssh/id_rsa ## Passphrases are supported, but not required # brooklyn.location.localhost.privateKeyPassphrase = s3cr3tpassphrase ## Geoscaling Service - used for the Global Web Fabric demo ## see: the global web example at brooklyn.io ## https://www.geoscaling.com/dns2/ ## other services may take similar configuration similarly; or can usually be set in YAML # brooklyn.geoscaling.username = USERNAME # brooklyn.geoscaling.password = PASSWORD # brooklyn.geoscaling.primaryDomain = DOMAIN ########################## Getting Started Complete! ################################### # That's it, although you may want to read through these options... ################################ Brooklyn Options ######################################## ## Brooklyn Management Base Directory: specify where management data should be stored on this server; ## ~/.brooklyn/ is the default but you could use something like /opt/brooklyn/state/ ## (provided this process has write permissions) # brooklyn.base.dir=~/.brooklyn/ ## Brooklyn On-Box Directory: specify where data should be stored on managed hosts; ## for most locations a directory off home is the default (but using /tmp/brooklyn-user/ on localhost), ## however you could specify something like /opt/brooklyn-managed-process/ (creation and permissions are handled) # onbox.base.dir=~/brooklyn-managed-process/ ## Additional security: Allow all - if you know what you are doing! ## (Or you can also plug in e.g. LDAP security etc here) # brooklyn.webconsole.security.provider = brooklyn.rest.security.provider.AnyoneSecurityProvider ## Optionally disallow deployment to localhost (or any other location) # brooklyn.location.localhost.enabled=false ## Scripting Behaviour ## keep scripts around after running them (usually in /tmp) # brooklyn.ssh.config.noDeleteAfterExec = true ## Misc Cloud Settings ## brooklyn will fail a node if the cloud machine doesn't come up, but you can tell it to retry: # brooklyn.location.jclouds.machineCreateAttempts = 3 ## many cloud machines don't have sufficient entropy for lots of encrypted networking, so fake it: # brooklyn.location.jclouds.installDevUrandom=true ## Sets a minimium ram property for all jclouds locations. Recommended to avoid getting m1.micros on AWS! brooklyn.location.jclouds.minRam = 2048 ## When setting up a new cloud machine Brooklyn creates a user with the same name as the user running ## Brooklyn on the management server, but you can force a different user here: # brooklyn.location.jclouds.user=brooklyn ## And you can force a password or key (by default it will use the keys in ~/.ssh/id_rsa{,.pub} # brooklyn.location.jclouds.password=s3cr3t ################################ Named Locations ######################################## # Named locations appear in the web console. If using the command line or YAML it may be # just as easy to use the jclouds: locations and specify additional properties there. ## Example: AWS Virginia using Rightscale 6.3 64bit Centos AMI and Large Instances # brooklyn.location.named.aws-va-centos-large = jclouds:aws-ec2:us-east-1 # brooklyn.location.named.aws-va-centos-large.imageId=us-east-1/ami-7d7bfc14 # brooklyn.location.named.aws-va-centos-large.user=brooklyn # brooklyn.location.named.aws-va-centos-large.minRam=4096 ## You can also nest these: # brooklyn.location.named.aws-acct-two = jclouds:aws-ec2 # brooklyn.location.named.aws-acct-two.identity = AKA_ACCT_TWO # brooklyn.location.named.aws-acct-two.credential = # brooklyn.location.named.aws-acct-two-singapore = named:aws-acct-two # brooklyn.location.named.aws-acct-two-singapore.region = ap-southeast-1 # brooklyn.location.named.aws-acct-two-singapore.displayName = AWS Singapore (Acct Two) # For convenience some common defaults: brooklyn.location.named.aws-california = jclouds:aws-ec2:us-west-1 brooklyn.location.named.aws-oregon = jclouds:aws-ec2:us-west-2 brooklyn.location.named.aws-ireland = jclouds:aws-ec2:eu-west-1 brooklyn.location.named.aws-tokyo = jclouds:aws-ec2:ap-northeast-1 ## Google Compute ## Note at present you have to create and download the P12 key from the Google "APIs & auth -> Registered Apps" interface, ## then convert to PEM private key format using `openssl pkcs12 -in Certificates.p12 -out Certificates.pem -nodes` ## then embed that on one line as the 'credential, replacing new lines with \n as below ## (hopefully this will be improved in jclouds in the future) # brooklyn.location.jclouds.google-compute-engine.identity=1234567890-somet1mesArand0mU1Dhere@developer.gserviceaccount.com # brooklyn.location.jclouds.google-compute-engine.credential=-----BEGIN PRIVATE KEY----- \nMIIblahablahblah \nblahblahblah \n-----END PRIVATE KEY----- # brooklyn.location.named.Google\ US = jclouds:google-compute-engine # brooklyn.location.named.Google\ US.region=us-central1-a # brooklyn.location.named.Google\ EU = jclouds:google-compute-engine # brooklyn.location.named.Google\ EU.region=europe-west1-a ## the following flags for GCE are recommended ## specify the network to use - otherwise it creates new networks each time and you hit quotas pretty quickly ## you may have to manually create this network AND enable a firewall rule EG tcp:1-65535;udp:1-65535;icmp ## (fix for this is in progress) # brooklyn.location.jclouds.google-compute-engine.networkName=brooklyn-default-network ## gce images have bad entropy, this ensures they have noisy /dev/random (even if the "randomness" is not quite as random) # brooklyn.location.jclouds.google-compute-engine.installDevUrandom=true ## gce images often start with iptables turned on; turn it off # brooklyn.location.jclouds.google-compute-engine.stopIptables=true ## HP Cloud - also Ubuntu 12.04 LTS ## You specify your HP Credentials like this: # brooklyn.location.jclouds.hpcloud-compute.identity = projectname:username # brooklyn.location.jclouds.hpcloud-compute.credential = password ## where username and password are the same as logging in to the web console, and ## projectname can be found here: https://account.hpcloud.com/projects #�brooklyn.location.named.HP\ Cloud\ Arizona-1 = jclouds:hpcloud-compute:az-1.region-a.geo-1 # brooklyn.location.named.HP\ Cloud\ Arizona-1.imageId = az-1.region-a.geo-1/75845 # brooklyn.location.named.HP\ Cloud\ Arizona-1.user = ubuntu ## Softlayer - need a key from the gui, under "administrative -> user administration -> api-access # brooklyn.location.jclouds.softlayer.identity=username # brooklyn.location.jclouds.softlayer.credential= ## locations # brooklyn.location.named.Softlayer\ Dallas=jclouds:softlayer:dal05 # brooklyn.location.named.Softlayer\ Seattle=jclouds:softlayer:sea01 # brooklyn.location.named.Softlayer\ Washington\ DC=jclouds:softlayer:wdc01 # brooklyn.location.named.Softlayer\ Singapore\ 1=jclouds:softlayer:sng01 # brooklyn.location.named.Softlayer\ Amsterdam\ 1=jclouds:softlayer:ams01 ## Brooklyn uses the jclouds multi-cloud library to access many clouds. ## http://www.jclouds.org/documentation/reference/supported-providers/ ## Templates for many other clouds, but remember to add identity and credentials: # brooklyn.location.named.Bluelock = jclouds:bluelock-vcloud-zone01 # brooklyn.location.named.CloudSigma\ Nevada = jclouds:cloudsigma-lvs # brooklyn.location.named.CloudSigma\ Zurich = jclouds:cloudsigma-zrh # brooklyn.location.named.ElasticHosts\ London = jclouds:elastichosts-lon-p # brooklyn.location.named.ElasticHosts\ Texas = jclouds:elastichosts-sat-p # brooklyn.location.named.GleSYS = jclouds:glesys # brooklyn.location.named.Go2Cloud = jclouds:go2cloud-jhb1 # brooklyn.location.named.GoGrid = jclouds:gogrid # brooklyn.location.named.Green\ House\ Data = jclouds:greenhousedata-element-vcloud # brooklyn.location.named.Ninefold = jclouds:ninefold-compute # brooklyn.location.named.OpenHosting = jclouds:openhosting-east1 # brooklyn.location.named.Rackspace\ Chicago\ (ord) = jclouds:rackspace-cloudservers-us:ORD # brooklyn.location.named.Rackspace\ Dallas\ (dfw) = jclouds:rackspace-cloudservers-us:DFW # brooklyn.location.named.Rackspace\ Hong\ Kong\ (hkg) = jclouds:rackspace-cloudservers-us:HKG # brooklyn.location.named.Rackspace\ Northern\ Virginia\ (iad) = jclouds:rackspace-cloudservers-us:IAD # brooklyn.location.named.Rackspace\ Sydney\ (syd) = jclouds:rackspace-cloudservers-us:SYD ## for UK you will need a separate account with rackspace.co.uk # brooklyn.location.named.Rackspace\ London\ (lon) = jclouds:rackspace-cloudservers-uk ## if you need to use Rackspace "first gen" API ## (note the "next gen" api configured above seems to be faster) # brooklyn.location.jclouds.cloudservers-us.identity = YOURAPIKEY # brooklyn.location.jclouds.cloudservers-us.credential = YOURSECRETKEY # brooklyn.location.named.Rackspace\ US\ (First Gen) = jclouds:cloudservers-us ## and as with next gen, first gen requires a separate acct for the UK: # brooklyn.location.jclouds.cloudservers-uk.identity = YOURAPIKEY # brooklyn.location.jclouds.cloudservers-uk.credential = YOURSECRETKEY # brooklyn.location.named.Rackspace\ UK\ (First Gen) = jclouds:cloudservers-uk # brooklyn.location.named.SeverLove = jclouds:serverlove-z1-man # brooklyn.location.named.SkaliCloud = jclouds:skalicloud-sdg-my # brooklyn.location.named.Stratogen = jclouds:stratogen-vcloud-mycloud # brooklyn.location.named.TryStack\ (Openstack) = jclouds:trystack-nova ## Production pool of machines for my application (deploy to named:On-Prem\ Iron\ Example) # brooklyn.location.named.On-Prem\ Iron\ Example=byon:(hosts="10.9.1.1,10.9.1.2,produser2@10.9.2.{10,11,20-29}") # brooklyn.location.named.On-Prem\ Iron\ Example.user=produser1 # brooklyn.location.named.On-Prem\ Iron\ Example.privateKeyFile=~/.ssh/produser_id_rsa # brooklyn.location.named.On-Prem\ Iron\ Example.privateKeyPassphrase=s3cr3tpassphrase ## Various Private Clouds ## Example: OpenStack Nova ## openstack identity and credential are random strings of letters and numbers (TBC - still the case?) # brooklyn.location.named.My\ Openstack=jclouds:openstack-nova:https://9.9.9.9:9999/v2.0/ ## OpenStack Nova access information can be downloaded from the openstack web interface; for example, as openrc.sh file # brooklyn.location.named.My\ Openstack=jclouds:openstack-nova:keystone-url # brooklyn.location.named.My\ OpenStack.identity=your-tenant-name:your-user-name # brooklyn.location.named.My\ OpenStack.credential=your-password # brooklyn.location.named.My\ OpenStack.endpoint=your-keystone-url ## The ID of the image must be configured according to the local OpenStack settings ## Use the command nova image-list to list all the available images ## Use the command nova show to get more details # brooklyn.location.named.My\ OpenStack.imageId=the-region-name/the-image-id ## Virtual Machine flavors must match the ones created upfront according to the local OpenStack settings ## Use the command nova flavor-list to list all the available options ## Use the command nova flavor-show to get more details # brooklyn.location.named.My\ OpenStack.hardwareId=the-region-name/the-flavor-id ## (Optional) Configurations # brooklyn.location.named.My\ OpenStack.user=user-name-inside-the-instance ## The keyPair must by created upfront. Both the following two options are required at the same time. # brooklyn.location.named.My\ OpenStack.keyPair=the-key-pair-name # brooklyn.location.named.My\ OpenStack.loginUser.privateKeyFile=/path/to/keypair.pem ## Security groups must be created upfront (TBC - How to specify many security groups at one ?) # brooklyn.location.named.My\ OpenStack.securityGroups=universal # brooklyn.location.named.My\ OpenStack.openIptables=true # brooklyn.location.named.My\ OpenStack.selinux.disabled=true # brooklyn.location.named.My\ OpenStack.auto-create-floating-ips=true # brooklyn.location.named.My\ OpenStack.openstack-nova.auto-generate-keypairs=false ## cloudstack identity and credential are rather long random strings of letters and numbers ## you generate this in the cloudstack gui, under accounts, then "view users", then "generate key" ## use the "api key" as the identity and "secret key" as the credential # brooklyn.location.named.My\ Cloudstack=jclouds:cloudstack:http://9.9.9.9:9999/client/api/ ## abiquo identity and credential are your login username/passed # brooklyn.location.named.My\ Abiquo=jclouds:abiquo:http://demonstration.abiquo.com/api/ ############################### Formatting Guide ####################################### ! Both # and ! mark lines as comments # The follow syntax are ALL valid. # example_key example_value # example_key : example_value # example_key = example_value # example_key=example_value # The backslash below tells Brooklyn to continue reading the value onto the next line. # example_key = A very \ # long string! # Note all white space before 'long...' is ignored. Also '!' is kept as part of the string # Keys with spaces should be escaped with backslashes. # This is useful for named locations, as the name displayed in Brooklyn's web # interface is derived from the key name. # key\ with\ spaces = some\ value # Encoding for .properties must be ISO-8859-1, aka Latin-1. # All non-latin1 characters must be entered using unicode escape characters # polish_pangram = P\u00F3jd\u017A\u017Ce, ki\u0144 \ # t\u0119 chmurno\u015B\u0107 w g\u0142\u0105b flaszy!