# # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. # # This is Brooklyn's dot-properties file. # It should be located at "~/.brooklyn/brooklyn.properties" for automatic loading. It is # now deprecated, please refer to brooklyn.cfg on http://brooklyn.apache.org for more information. ################################## Welcome! ############################################ # It's great to have you here. # Getting Started options have been pulled to the top. There's a formatting guide at the # very bottom. ############################ Getting Started Options #################################### ## GUI Security ## NOTE: in production it is highly recommended to set up security. ## See http://brooklyn.apache.org/v/latest/ops/configuration/brooklyn_cfg.html#authentication ## Edit the name(s) and passwords as appropriate to your system, or even better generate ## a salt and sha256 of your password. # brooklyn.webconsole.security.users=admin,bob # brooklyn.webconsole.security.user.admin.password=password # brooklyn.webconsole.security.user.bob.password=bobsword ## If you prefer to run with https (on port 8443 by default), either configure this on the ## command line (see or http://brooklyn.apache.org/v/latest/ops/server-cli-reference.html#launch-command) ## or uncomment this: # brooklyn.webconsole.security.https.required=true ########################## Getting Started Complete! ################################### # That's it, although you may want to read through these options... ################################ Brooklyn Options ######################################## ## Brooklyn Management Base Directory: specify where management data should be stored on this server; ## ~/.brooklyn/ is the default but you could use something like /opt/brooklyn/state/ ## (provided this process has write permissions) # brooklyn.base.dir=~/.brooklyn/ ## Brooklyn On-Box Directory: specify where data should be stored on managed hosts; ## for most locations a directory off home is the default (but using /tmp/brooklyn-user/ on localhost), ## however you could specify something like /opt/brooklyn-managed-process/ (creation and permissions are handled) # onbox.base.dir=~/brooklyn-managed-process/ ## Additional security: Allow all - if you know what you are doing! ## (Or you can also plug in e.g. LDAP security etc here) # brooklyn.webconsole.security.provider = org.apache.brooklyn.rest.security.provider.AnyoneSecurityProvider ## Optionally disallow deployment to localhost (or any other location) # brooklyn.location.localhost.enabled=false ## Scripting Behaviour ## keep scripts around after running them (usually in /tmp) # brooklyn.ssh.config.noDeleteAfterExec = true ## Misc Cloud Settings ## brooklyn will fail a node if the cloud machine doesn't come up, but you can tell it to retry: # brooklyn.location.jclouds.machineCreateAttempts = 3 ## many cloud machines don't have sufficient entropy for lots of encrypted networking, so ## the default is to use /dev/urandom; disable that (to use /dev/random) by setting this to false: # brooklyn.location.jclouds.installDevUrandom=false ## Sets a minimium ram property for all jclouds locations. Recommended to avoid getting tiny machines! # brooklyn.location.jclouds.minRam = 2048 ## When setting up a new cloud machine Brooklyn creates a user with the same name as the user running ## Brooklyn on the management server, but you can force a different user here: # brooklyn.location.jclouds.user=brooklyn ## And you can force a password or key (by default it will use the keys in ~/.ssh/id_rsa{,.pub} # brooklyn.location.jclouds.password=s3cr3t ############################ Deploying to Localhost ##################################### ## Deploying to Localhost ## see: info on locations at http://brooklyn.apache.org/v/latest/locations/index.html#localhost ## ## Brooklyn defaults to using ~/.ssh/id_rsa, if it exists. # brooklyn.location.localhost.privateKeyFile = ~/.ssh/id_rsa ## Passphrases are supported, but not required # brooklyn.location.localhost.privateKeyPassphrase = s3cr3tpassphrase ################################## Geoscaling ########################################### ## Entities can retrieve their configuration from brooklyn.cfg. However, it is ## more common to set this configuration in the blueprint's YAML. ## The Geoscaling Service - used for the Global Web Fabric demo - can read the following ## configurat (see http://www.geoscaling.com/dns2/) # brooklyn.geoscaling.username = USERNAME # brooklyn.geoscaling.password = PASSWORD # brooklyn.geoscaling.primaryDomain = DOMAIN ############################# Locations Credentials ##################################### ## Best practice is to add locations to the catalog, rather than configuring locations ## in brooklyn.cfg. We also recommend using a proper credentials store, such as ## Vault. ## ## However, brooklyn.cfg is supported. Example configurations are shown below. ## Amazon EC2 Credentials ## These should be an "Access Key ID" and "Secret Access Key" for your account. ## See http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html # brooklyn.location.jclouds.aws-ec2.identity = AKA_YOUR_ACCESS_KEY_ID # brooklyn.location.jclouds.aws-ec2.credential = ## Beware of trailing spaces in your cloud credentials. This will cause unexpected ## 401: unauthorized responses. ## Using Other Clouds ## 1. Cast your eyes down this document to find your preferred cloud in the Named Locations ## section, and the examples. ## 2. Uncomment the relevant line(s) for your provider. ## 3. ADD -.identity and -.credential lines for your provider, similar to the AWS ones above, ## replacing 'aws-ec2' with jcloud's id for your cloud. ################################ Named Locations ######################################## ## Best practice is to add locations to the catalog, rather than using named locations in ## brooklyn.cfg. However, the latter approach is supported. Example configurations ## are shown below. ## Named locations appear in the web console. If using the command line or YAML it may be ## just as easy to use the jclouds: locations and specify additional properties there. ## Example: AWS Virginia using Rightscale 6.3 64bit Centos AMI and Large Instances # brooklyn.location.named.aws-va-centos-large = jclouds:aws-ec2:us-east-1 # brooklyn.location.named.aws-va-centos-large.imageId=us-east-1/ami-7d7bfc14 # brooklyn.location.named.aws-va-centos-large.user=brooklyn # brooklyn.location.named.aws-va-centos-large.minRam=4096 ## You can also nest these: # brooklyn.location.named.aws-acct-two = jclouds:aws-ec2 # brooklyn.location.named.aws-acct-two.identity = AKA_ACCT_TWO # brooklyn.location.named.aws-acct-two.credential = # brooklyn.location.named.aws-acct-two-singapore = named:aws-acct-two # brooklyn.location.named.aws-acct-two-singapore.region = ap-southeast-1 # brooklyn.location.named.aws-acct-two-singapore.displayName = AWS Singapore (Acct Two) # For convenience some common defaults: # brooklyn.location.named.aws-california = jclouds:aws-ec2:us-west-1 # brooklyn.location.named.aws-oregon = jclouds:aws-ec2:us-west-2 # brooklyn.location.named.aws-ireland = jclouds:aws-ec2:eu-west-1 # brooklyn.location.named.aws-tokyo = jclouds:aws-ec2:ap-northeast-1 ## Google Compute ## The credentials for GCE come from the "APIs & auth -> Credentials" page, ## creating a "Service Account" of type JSON, then extracting ## the client_email as the identity and private_key as the identity, ## keeping new lines as \n (exactly as in the JSON supplied) # brooklyn.location.jclouds.google-compute-engine.identity=1234567890-somet1mesArand0mU1Dhere@developer.gserviceaccount.com # brooklyn.location.jclouds.google-compute-engine.credential=-----BEGIN PRIVATE KEY----- \nMIIblahablahblah \nblahblahblah \n-----END PRIVATE KEY----- # brooklyn.location.named.Google\ US = jclouds:google-compute-engine # brooklyn.location.named.Google\ US.region=us-central1-a # brooklyn.location.named.Google\ EU = jclouds:google-compute-engine # brooklyn.location.named.Google\ EU.region=europe-west1-a ## the following flags for GCE are recommended ## specify the network to use - otherwise it creates new networks each time and you hit quotas pretty quickly ## you may have to manually create this network AND enable a firewall rule EG tcp:1-65535;udp:1-65535;icmp ## (fix for this is in progress) # brooklyn.location.jclouds.google-compute-engine.networkName=brooklyn-default-network ## gce images have bad entropy, this ensures they have noisy /dev/random (even if the "randomness" is not quite as random) # brooklyn.location.jclouds.google-compute-engine.installDevUrandom=true ## gce images often start with iptables turned on; turn it off unless your blueprints are iptables-aware # brooklyn.location.jclouds.google-compute-engine.stopIptables=true ## Softlayer - need a key from the gui, under "administrative -> user administration -> api-access # brooklyn.location.jclouds.softlayer.identity=username # brooklyn.location.jclouds.softlayer.credential= ## locations # brooklyn.location.named.Softlayer\ Dallas=jclouds:softlayer:dal05 # brooklyn.location.named.Softlayer\ Seattle=jclouds:softlayer:sea01 # brooklyn.location.named.Softlayer\ Washington\ DC=jclouds:softlayer:wdc01 # brooklyn.location.named.Softlayer\ Singapore\ 1=jclouds:softlayer:sng01 # brooklyn.location.named.Softlayer\ Amsterdam\ 1=jclouds:softlayer:ams01 ## Brooklyn uses the jclouds multi-cloud library to access many clouds. ## https://jclouds.apache.org/reference/providers/#compute ## Templates for many other clouds, but remember to add identity and credentials: # brooklyn.location.named.Bluelock = jclouds:bluelock-vcloud-zone01 # brooklyn.location.named.CloudSigma\ Nevada = jclouds:cloudsigma-lvs # brooklyn.location.named.CloudSigma\ Zurich = jclouds:cloudsigma-zrh # brooklyn.location.named.ElasticHosts\ London = jclouds:elastichosts-lon-p # brooklyn.location.named.ElasticHosts\ Texas = jclouds:elastichosts-sat-p # brooklyn.location.named.GleSYS = jclouds:glesys # brooklyn.location.named.Go2Cloud = jclouds:go2cloud-jhb1 # brooklyn.location.named.GoGrid = jclouds:gogrid # brooklyn.location.named.Green\ House\ Data = jclouds:greenhousedata-element-vcloud # brooklyn.location.named.Ninefold = jclouds:ninefold-compute # brooklyn.location.named.OpenHosting = jclouds:openhosting-east1 ## Rackspace (Next Gen) # brooklyn.location.named.Rackspace\ Chicago\ (ord) = jclouds:rackspace-cloudservers-us:ORD # brooklyn.location.named.Rackspace\ Dallas\ (dfw) = jclouds:rackspace-cloudservers-us:DFW # brooklyn.location.named.Rackspace\ Hong\ Kong\ (hkg) = jclouds:rackspace-cloudservers-us:HKG # brooklyn.location.named.Rackspace\ Northern\ Virginia\ (iad) = jclouds:rackspace-cloudservers-us:IAD # brooklyn.location.named.Rackspace\ Sydney\ (syd) = jclouds:rackspace-cloudservers-us:SYD ## For UK you will need a separate account with rackspace.co.uk # brooklyn.location.named.Rackspace\ London\ (lon) = jclouds:rackspace-cloudservers-uk:LON # brooklyn.location.jclouds.rackspace-cloudservers-us.identity = YOUR_USERNAME # brooklyn.location.jclouds.rackspace-cloudservers-us.credential = YOUR_API_KEY ## Separate account credentials for the UK # brooklyn.location.jclouds.rackspace-cloudservers-uk.identity = YOUR_USERNAME # brooklyn.location.jclouds.rackspace-cloudservers-uk.credential = YOUR_API_KEY ## Rackspace (First Gen) ## If you need to use Rackspace "first gen" API ## (note the "next gen" api configured above seems to be faster) # brooklyn.location.named.Rackspace\ US\ (First Gen) = jclouds:cloudservers-us # brooklyn.location.named.Rackspace\ UK\ (First Gen) = jclouds:cloudservers-uk # brooklyn.location.jclouds.cloudservers-us.identity = YOUR_USERNAME # brooklyn.location.jclouds.cloudservers-us.credential = YOUR_API_KEY ## Separate account credentials for the UK # brooklyn.location.jclouds.cloudservers-uk.identity = YOUR_USERNAME # brooklyn.location.jclouds.cloudservers-uk.credential = YOUR_API_KEY # brooklyn.location.named.SeverLove = jclouds:serverlove-z1-man # brooklyn.location.named.SkaliCloud = jclouds:skalicloud-sdg-my # brooklyn.location.named.Stratogen = jclouds:stratogen-vcloud-mycloud # brooklyn.location.named.TryStack\ (Openstack) = jclouds:trystack-nova ## Production pool of machines for my application (deploy to named:On-Prem\ Iron\ Example) # brooklyn.location.named.On-Prem\ Iron\ Example=byon:(hosts="10.9.1.1,10.9.1.2,produser2@10.9.2.{10,11,20-29}") # brooklyn.location.named.On-Prem\ Iron\ Example.user=produser1 # brooklyn.location.named.On-Prem\ Iron\ Example.privateKeyFile=~/.ssh/produser_id_rsa # brooklyn.location.named.On-Prem\ Iron\ Example.privateKeyPassphrase=s3cr3tpassphrase ## Various Private Clouds ## Example: OpenStack Nova ## openstack identity and credential are random strings of letters and numbers (TBC - still the case?) # brooklyn.location.named.My\ Openstack=jclouds:openstack-nova:https://9.9.9.9:9999/v2.0/ ## OpenStack Nova access information can be downloaded from the openstack web interface; for example, as openrc.sh file # brooklyn.location.named.My\ Openstack=jclouds:openstack-nova:keystone-url # brooklyn.location.named.My\ OpenStack.identity=your-tenant-name:your-user-name # brooklyn.location.named.My\ OpenStack.credential=your-password # brooklyn.location.named.My\ OpenStack.endpoint=your-keystone-url ## The ID of the image must be configured according to the local OpenStack settings ## Use the command nova image-list to list all the available images ## Use the command nova show to get more details # brooklyn.location.named.My\ OpenStack.imageId=the-region-name/the-image-id ## Virtual Machine flavors must match the ones created upfront according to the local OpenStack settings ## Use the command nova flavor-list to list all the available options ## Use the command nova flavor-show to get more details # brooklyn.location.named.My\ OpenStack.hardwareId=the-region-name/the-flavor-id ## (Optional) Configurations # brooklyn.location.named.My\ OpenStack.user=user-name-inside-the-instance ## The keyPair must by created upfront. Both the following two options are required at the same time. # brooklyn.location.named.My\ OpenStack.keyPair=the-key-pair-name # brooklyn.location.named.My\ OpenStack.loginUser.privateKeyFile=/path/to/keypair.pem ## Security groups must be created upfront (TBC - How to specify many security groups at one ?) # brooklyn.location.named.My\ OpenStack.securityGroups=universal # brooklyn.location.named.My\ OpenStack.openIptables=true # brooklyn.location.named.My\ OpenStack.selinux.disabled=true # brooklyn.location.named.My\ OpenStack.auto-create-floating-ips=true # brooklyn.location.named.My\ OpenStack.openstack-nova.auto-generate-keypairs=false ## cloudstack identity and credential are rather long random strings of letters and numbers ## you generate this in the cloudstack gui, under accounts, then "view users", then "generate key" ## use the "api key" as the identity and "secret key" as the credential # brooklyn.location.named.My\ Cloudstack=jclouds:cloudstack:http://9.9.9.9:9999/client/api/ ## abiquo identity and credential are your login username/passed # brooklyn.location.named.My\ Abiquo=jclouds:abiquo:http://demonstration.abiquo.com/api/ ############################### Formatting Guide ####################################### ## Both # and ! mark lines as comments # The follow syntax are ALL valid. # example_key example_value # example_key : example_value # example_key = example_value # example_key=example_value ## The backslash below tells Brooklyn to continue reading the value onto the next line. # example_key = A very \ # long string! ## Note all white space before 'long...' is ignored. Also '!' is kept as part of the string ## Keys with spaces should be escaped with backslashes. ## This is useful for named locations, as the name displayed in Brooklyn's web-console ## is derived from the key name. # key\ with\ spaces = some\ value ## Encoding for .properties must be ISO-8859-1, aka Latin-1. ## All non-latin1 characters must be entered using unicode escape characters # polish_pangram = P\u00F3jd\u017A\u017Ce, ki\u0144 \ # t\u0119 chmurno\u015B\u0107 w g\u0142\u0105b flaszy!