-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathdevconfig.proto
201 lines (167 loc) · 7.69 KB
/
devconfig.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
// Copyright(c) 2017-2022 Zededa, Inc.
// All rights reserved.
syntax = "proto3";
package org.lfedge.eve.config;
option go_package = "github.com/lf-edge/eve-api/go/config";
option java_package = "org.lfedge.eve.config";
import "google/protobuf/timestamp.proto";
import "evecommon/acipherinfo.proto";
import "config/appconfig.proto";
import "config/baseosconfig.proto";
import "config/edge_node_cluster.proto";
import "config/devcommon.proto";
import "config/devmodel.proto";
import "config/netconfig.proto";
import "config/netinst.proto";
import "config/storage.proto";
import "config/edgeview.proto";
import "config/patch_envelope.proto";
import "certs/certs.proto";
import "auth/auth.proto";
message LOCConfig {
// If set indicates URL of the Local Operator Console (LOC)
string loc_url = 1;
}
// This is the response to a GET /api/v1/edgeDevice/config
// The EdgeDevConfig message carries all of the device's configuration from
// the controller to the device.
// The device will request these messages either periodically or as a result
// of some TBD notification.
// The message is assumed to be protected by a TLS session bound to the
// device certificate.
message EdgeDevConfig {
UUIDandVersion id = 1;
// deprecated = 2;
// deprecated = 3;
repeated AppInstanceConfig apps = 4;
repeated NetworkConfig networks = 5;
repeated DatastoreConfig datastores = 6;
// deprecated 7; DeviceLispDetails lispInfo = 7
// OBSOLETE - base. Use baseos instead. Controller should fill this for
// backward compatibility till all the Older Eve images are no longer
// supported.
repeated BaseOSConfig base = 8; // BaseOSImage config block
DeviceOpsCmd reboot = 9;
DeviceOpsCmd backup = 10;
repeated ConfigItem configItems = 11;
// systemAdapterList - List of DeviceNetworkAdapters. Only Network
// adapters ( Ex: eth0, wlan1 etc ) have a corresponding SystemAdapter.
// non-Network adapters do not have systemadapters.
repeated SystemAdapter systemAdapterList = 12;
// deviceIoList - List of Physical Adapters. Includes both Network
// Adapters and Non-Network Adapters ( USB / Com etc )
repeated PhysicalIO deviceIoList = 13;
// Override dmidecode info if set
string manufacturer = 14;
string productName = 15;
repeated NetworkInstanceConfig networkInstances = 16;
// deprecated 17;
// deprecated 18;
// controller supplies a list of cipher contexts,
// containing certificate and other details, to be
// used for sensitive data decryption
repeated org.lfedge.eve.common.CipherContext cipherContexts = 19;
// These images aka ContentTrees and Volumes should be created by EVE
// independently of any application usage.
// Application instances will refer to the volumes.
repeated ContentTree contentInfo = 20;
repeated Volume volumes = 21;
// This field is used by the device to detect when it needs to re-download
// the controller certs using the /certs API endpoint.
// The controller just needs to ensure this value changes when it wants the
// device to re-fetch the controller certs, for instance by having it
// be a hash of all of the controller certificates.
string controllercert_confighash = 22;
// deprecated 23;
// If maintence_mode is set the device will operate in a limited mode e.g.,
// not start applications etc as to enable inspection of its state and
// recover from bad state.
bool maintenance_mode = 24;
// controller_epoch indicates current epoch of config
// if we set new epoch, EVE sends all info messages to controller
// it captures when a new controller takes over and needs all the info be resent
int64 controller_epoch = 25;
// Baseos Config Block
BaseOS baseos = 26;
// global_profile, if set, controls set of applications which will run.
// The Activate=true app instances which have this profile in their profile_list
// will run. If the global_profile is not set, then the profile_list is not
// used to gate the application instances.
string global_profile = 27;
// local_profile_server, if set, indicates a hostname/IPv4/IPv6 address and
// optional port number at which EVE will request for a local profile.
// If such a local profile is retrieved, it will override the global_profile.
// The syntax follows the usual URL server name syntax thus the following
// are example valid strings:
// [fe80::1]:1234
// 10.1.1.1:1234
// hostname:1234
// [fe80::1]
// 10.1.1.1
// hostname
// If the port number is not specified, it will default to 8888
string local_profile_server = 28;
// Together with a local_profile_server one can specify a
// profile_server_token. EVE must verify that the response from the
// local_profile_server contains this token.
string profile_server_token = 29;
// A list of VLAN sub-interfaces configured for EVE management traffic and
// for local network instances.
repeated VlanAdapter vlans = 30;
// A list of bond interfaces (LAGs) aggregating physical network adapters.
repeated BondAdapter bonds = 31;
// edge-view configuration
EdgeViewConfig edgeview = 32;
// disks configuration
DisksConfig disks = 33;
// Graceful shutdown of all app instances on the edge node.
// Any local profile server is shut down after all the other app instances
// have halted.
// Note that this does not power off the edge node since there is no remote
// power on capability; power off can be done locally using the Local Profile
// Server API.
DeviceOpsCmd shutdown = 34;
string device_name = 35;
string project_name = 36;
string project_id = 37;
string enterprise_name = 38;
string enterprise_id = 39;
// Timestamp updated by controller whenever device config is modified.
// Used by EVE to properly order configurations that originate at the same controller
// but get submitted to device through different ways:
// /config API vs. initial config for bootstrapping vs. USB-based config override etc.
// This ensures that device will not accidentally revert back to an older configuration.
// Does not apply to legacy override.json and usb.json mechanisms.
google.protobuf.Timestamp config_timestamp = 40;
// Configuration of the Local Operator Console (LOC)
LOCConfig loc_config = 41;
repeated EvePatchEnvelope patchEnvelopes = 42;
// cluster configuration
EdgeNodeCluster cluster = 43;
}
message ConfigRequest {
string configHash = 1;
bytes integrity_token = 2; // value provided by controller during remote attestation
}
message ConfigResponse {
EdgeDevConfig config = 1;
string configHash = 2;
}
// BootstrapConfig is used to carry initial device configuration, baked into a "single-use"
// EVE installer prepared for a specific device to bootstrap, i.e. to establish the initial
// connectivity with the controller and onboard. This is useful if the default network
// configuration (i.e. Ethernet connectivity with DHCP) is not applicable for access
// to the controller.
message BootstrapConfig {
// Device configuration to use for bootstrapping.
// Should be signed by the controller using AuthContainer (see OBJECT_SIGNING.md).
// Put **protobuf-encoded** (not json) EdgeDevConfig under AuthContainer.protectedPayload.
// Instead of AuthContainer.senderCert, use controller_certs attribute below to include
// the signing certificate and all intermediate certificates needed for signature
// verification against root_certificate. However, the corresponding hash of the signing
// certificate is still expected to be included in AuthContainer (senderCertHash attribute).
org.lfedge.eve.auth.AuthContainer signed_config = 1;
// Signing certificate (CERT_TYPE_CONTROLLER_SIGNING) and intermediate certificates
// (CERT_TYPE_CONTROLLER_INTERMEDIATE).
repeated org.lfedge.eve.certs.ZCert controller_certs = 2;
}