eryph references: specification files

Specification files (specs) are used to declare eryph resources in text files.
This allows them to be managed like code or generated from code (Infrastructure as Code).

Currently eryph supports 3 types of specification files:

Catlets and fodder specs
Catlet specifications declare how a catlet should be build.
Fodder specifications are standalone fodder specifications on the genepool that can be consumed by other fodder or catlet specifications.
Project networks specs
Project networks specifications declare how a project's virtual networks should be built.
They provide an abstraction between the physical network structure (declared in network providers) and the networks visible in the project.

Specifications can be created in YAML as well as in JSON format.
JSON specifications are designed for use by automation and machine-to-machine communication. The YAML format is optimized for human readability.

Both formats use snake case for property names. Some YAML properties contain short versions (see YAML short format in settings below).
These are not supported for the JSON format, which always requires a nested object to be specified as a JSON object.

Catlet specification

Catlet specifications declare how a catlet should be built (we call this breeding and feeding).

When a catlet is created, it is bred by inheriting all attributes from it's parent and the parent's parent(s). Then it is fed with all the fodder defined in parents and it's own fodder configuration.
When breeding, catlets can mutate the attributes inherited from their parents, which means they can change or be removed.

The feeding is done only once. Other attributes like cpu and memory can also be changed for existing catlets.

Catlet settings

Setting	Description
version	Version of the specification file format. If missing default version will be assumed, which is currently 1.0.
name	Name of the catlet. Has to be unique within a project and environment.
parent	Name of the catlet parent in geneset reference format. A geneset reference has to be specified in format `<org>/<geneset>/<optional tag>`. If `<optional tag>` is missing tag "latest" will be used. The catlet will inherits all settings of the parent if not specified otherwise in the catlet (either by overwrites or mutations, see also below for mutations on capabilities, disks and fodder).
project	Name of the project to which the catlet will be assigned. If omitted, the default project is used. Projects are used to isolate catlets in terms of security requirements, network access, and storage. Catlets between different projects cannot reach each other when overlay networks are used. Even at the storage level, catlets can only access volumes from the same project.
location	Catlet name on storage level. Has to be unique within a project and environment. Set the location if you would like to have human readable name also on file system level. Default is a time dependend generated value (aka storage identifier).
hostname	Hostname of the catlet. If missing the catlet name will be used as hostname.
environment	The catlet's environment. If missing the environment "default" will be used. Environments can be used to place catlets with the same specification on different networks and datastore paths. A typical use case is to separate production and staging environments. Catlets in different environments can reach each other on the network, but are separated by subdomains (in the case of overlay networks).
store	Catlet datastore name, as configured in the agent settings. If missing the datastore "default" will be used. Datastores can be used to separate volumes and configurations according to your needs, for example, one storage with SSDs and another with HDDs. The datastore declared here will be used for catlet configuration files and not for disks.

CPU settings

settings group name: cpu
setting type: object
YAML short format: cpu: <count>

Setting	Description
count	Number of vCPUs assigned to the catlet.

Memory settings

settings group name: memory
setting type: object
YAML short format: memory: <startup mem in MiB>

Setting	Description
startup	Memory of the catlet in MiB (Megabytes) This is the memory the catlet will be started with. If dynamic memory is not used, it will keep this setting. Otherwise memory will be changed by usage between minimum and maximum memory.
minimum	Minimum memory of the catlet in MiB (Megabytes)
maximum	Maximum memory of the catlet in MiB (Megabytes)

Remarks

Setting either minimum or maximum more will automatically enable the capability "dynamic_memory" for the catlet.

Drive settings

settings group name: drive
setting type: list of named objects

Setting	Description
name	Name of the drive in unix device name format (sda, sdb, etc..). sda will be first disk, sdb second and so on. You can use a human readable name here, however in this case the disk controller position is no longer stable. Notice The name of the disk will also be used for the disk name on the file system. However, in case of a differential disk, it will also contain a generation number like sda_g2.vhdx to make it unique in case the entire catlet VM is exported together with it's parents disks.
mutation	Optional setting on how parent disks should be inherited. One of: merge, overwrite, remove The default is `merge`, which means that settings on child catlets will overwrite parent settings for disks with the same name. Catlet disk will be a differencial disk. With the value `overwrite` no parent settings are considered including the disk data (see source). With `remove` parent disk will be removed completely.
location	Disk location name on storage. Set the location if you want to reference or create a disk in a known location. If omitted, the catlet's location will be used. This is useful if you want to use an existing disk or share the disk with other catlets. See also `type` for shared disks.
store	Disk datastore name, as configured in the agent settings. Datastores can be used to separate volumes and configurations according to your needs, for example, one storage with SSDs and another with HDDs.
source	The disk source can be either a file path or a gene reference. As a gene reference it has to be of format: `gene:<org>/<geneset>/<optional tag>:<gene>`, which will reference a gene from specified geneset on the genepool. As a file path the disk path has to be accessable from the host agent / eryph-zero (not the client). If disk type (see below) is DVD a ISO file is expected, otherwise a vhdx file. The catlet disk will be created as differencial disk with source as parent. If source is empty a empty disk volume will be create.
size	Size of the disk in GiB (Gigabyte). Will be ignored for for DVD drives and if smaller then source disk.
type	Type of disk to be created. One of: VHD, SharedVHD, PHD, DVD, VHDSet If omitted, the type VHD is used. SharedVHD and VHDSets are only supported on Windows servers with shared storage. Both cause the VHD to be copied from the source and not created as a differencial disk regardless of other settings. You have to set `location` for shared disks, as without it, each catlet will use its own location so they never map to same shared disk. DVD will create a DVD disk with can consume a ISO file for a CD/DVD image. PHD is reserved for future use (physical disk, LUN) and will not work.

Network adapter settings

settings group name: network_adapters
setting type: list of named objects

Setting Description

name Name of the adapter in clasic unix name format (eth0, eth1, etc..). eth0 will be first adapter, eth1 second and so on.

Setting	Description
name	Name of the adapter in clasic unix name format (eth0, eth1, etc..). eth0 will be first adapter, eth1 second and so on.
mutation	Optional setting on how parent adapters should be inherited. One of: merge, overwrite, remove The default is `merge`, which means that settings on child catlets will overwrite parent settings for network adapters with the same name. With the value `overwrite` no parent settings are considered. With `remove` parent network adapter will be removed completely.
mac_address	Explicit configuration of a mac address for the adapter. If not specified a random mac address will be generated.

mutation

Optional setting on how parent adapters should be inherited.
One of: merge, overwrite, remove

The default is merge, which means that settings on child catlets will overwrite parent settings for network adapters with the same name. With the value overwrite no parent settings are considered.
With remove parent network adapter will be removed completely.

mac_address Explicit configuration of a mac address for the adapter.
If not specified a random mac address will be generated.

Capabilities settings

Capabilities are used to control features that either require special hardware, host versions, and/or are only supported if the catlet is built with support for them. Capabilities declared at the catlet level are opt-in or opt-out declarations of the catlet. For some capabilities, the host must also opt-in to the capability. Only if both match can the catlet be built on the host.

settings group name: capabilities
setting type: list of named objects

Setting Description

name Name of the capability. See below for a list of current capabilities supported.

Setting	Description
name	Name of the capability. See below for a list of current capabilities supported.
mutation	Optional setting on how parent capabilities should be inherited. One of: merge, overwrite, remove The default is `merge`, which means that settings on child catlets will overwrite parent settings for capabilities with the same name. With the value `overwrite` no parent settings are considered for the capability. With `remove` parent capability configuration will be removed.
details	A string array with additional detail settings for the capabilities, see capability list.

mutation

Optional setting on how parent capabilities should be inherited.
One of: merge, overwrite, remove

The default is merge, which means that settings on child catlets will overwrite parent settings for capabilities with the same name. With the value overwrite no parent settings are considered for the capability.
With remove parent capability configuration will be removed.

details A string array with additional detail settings for the capabilities, see capability list.

Supported capabilities with eryph 0.1

Capability

Description

dynamic_memory

Configures dynamic memory settings of the catlet.

Detail value	Description
enabled	Enables dynamic memory. Default if capability is specified or minimum and maximum values are set in memory settings.
disabled	Disables dynamic memory. Disabling the capability will disable dynamic memory always regardless of memory settings.

secure_boot

Configures secure boot settings of the catlet.

Detail value	Description
enabled	Enables secure boot. Default if capability is specified.
disabled	Disables secure boot.
template:[Name]	Sets the secure boot template to the template name [Name]. Template names have to be one of the Hyper-V secure boot template names without spaces!. Default value is template:MicrosoftWindows

nested_virtualization

Configures nested virtualization settings of the catlet.

Detail value	Description
enabled	Enables nested virtualization. Default if capability is specified.
disabled	Disables nested virtualization.

Networks settings

settings group name: networks
setting type: list of named objects

Setting	Description
name	Name of the network to configure. This references to the network name within the project. For the default project the network name is "default" if not configured otherwise.
mutation	Optional setting on how parent networks should be inherited. One of: merge, overwrite, remove The default is `merge`, which means that settings on child catlets will overwrite parent settings for networks with the same name. With the value `overwrite` no parent settings are considered for the network. With `remove` parent network configuration will be removed.
adapter_name	Name of the network adapter this network will be bound to. If not specified this will be auto assigned in the order of networks (eth0, eth1, etc.). If not enough adapters exists for each network new adapters will be created.
subnet_v4	IPv4 subnet configuration of the network. See networks/subnet_v4 settings for details.
subnet_v6	IPv6 subnet configuration of the network. Reserved for future use - currently not implemented.

settings group name: networks/subnet_v4
setting type: object

Setting	Description
name	Name of the subnet be used from the projects network. Value is "default" if not configured otherwise.
ip_pool	Name of the ip pool in the projects subnet. Value is "default" if not configured otherwise.

Catlet fodder settings

settings group name: fodder
setting type: list of named objects

Same format as fodder settings in fodder specifications. See below for details.

Variables settings

Variables declared on the catlet can be used for binding dynamic values into fodder content and in referenced fodder variables. See fodder specification on details how to use variables in fodder.

Variables cannot be used in other catlet settings. However, since catlet specifications are just text files, you can always search and replace variable contents even in catlets. However, this must always be done on the client side.

settings group name: variables
setting type: list of named objects

Same format as variables settings in fodder specifications. See below for details.

Fodder specification

A fodder specification is a standalone specification file that can be reused in catlet specs or other fodder specs. Unlike catlets, fodder specifications can only be consumed from the genepool and not from the client.

Like catlet specs they can be referenced from the genepool by the gene reference syntax gene:<org>/<geneset>/<optional tag>:[gene] where [gene] is the name of the fodder gene.

Both fodder genes and catlet genes can contain a fodder settings section with same features as below.

Fodder gene settings

Setting	Description
version	Version of the specification file format. If missing default version will be assumed, which is currently 1.0.
name	Name of the fodder gene.

Variables settings

Variables declared on the fodder can be used for binding dynamic values into fodder content and in referenced fodder variables.

settings group name: variables
setting type: list of named objects

Setting	Description
name	Name of the variable
type	Variable type. One of: string, boolean, number
value	Default value of the variable. Can always be a string. For boolean values also true/false and for number values even numbers are allowed without quotes.
secret	Consider value as secret which will protect the variable as a secret for input (masking input in clients).
required	Marks a variable as required. Client should ask for variables which are required, otherwise catlet deployment will fail.

Fodder settings

settings group name: fodder
setting type: list of named objects

Setting	Description
name	Name of the fodder
source	A gene reference to a fodder configuration in gene reference format: `gene:<org>/<geneset>/<optional tag>:<gene>` If no name is given, all fodder is inherited from the referenced fodder gene. If a name is given, only fodder with the requested name will be used.
remove	Removes referenced fodder inherits from parent catlet or referenced fodder gene that matches name.
type	Fodder content type. Currently same as cloud-init supported user data formats. One of: include-url, include-once-url,cloud-config-archive,upstart-job,cloud-config,part-handler,shellscript,cloud-boothook If missing "cloud-init" is used. Windows Limitations On windows, cloud-init features are limited. Our base catlets use cloudbase-init, which is a fork of cloud-init that supports not all features of cloud-init. Only types cloud-init and shellscript should be used on windows.
secret	Considers content as secret which will cause the content to be removed from cloud-init data 15 minutes after start of catlet.
content	Fodder content. Can be both specified as multiline string with \| `content: \| multiline content as string` or directly in yaml in case content is also YAML content like cloud-init configuration. `content: package_update: true` You can use variables within the fodder content like this: `{{ variable_name }}` Where `variable_name` is the name of a variable declared above (in fodder/catlet gene spec). `content: package_update: '{{ updatePackages }}'` Content size Please consider file restrictions on fodder content, as each fodder and catlet spec cannot be larger then 2 MB. You should therefore not use the fodder content for large files encoded as base64. If you have such requirements please consider a configuration management tool like ansible/chef/puppet or use remote access for further configuration.
filename	Fodder filename for cloud-init.
variables	This setting is used to set variable values of referenced genes. You can also use it to rebind variable values to a variable from the current gene. To set a variable you must specify the name of the referenced variable and the value of the variable. You can use a fixed value here or again a variable but this time from the current gene spec. `variables: - name: spec_password required: true secret: true fodder: - source: gene:dbosoft/starter-food:linux-starter variables: - name: password value: "{{ spec_password }}"`

Project network specification

Project networks define how the virtual networks are build for a project.
When using overlay networks, project networks can overlap because each project network is invisible to other project networks.

When a project is created, a default overlay network is created that should be sufficient for many use cases:

default network 10.0.0.0/20
An IP pool with up to 140 IP addresses.
Default dns server settings with quad9 and google as dns providers.

version: 1.0
networks:
- name: default
  address: 10.0.0.0/20
  subnets:
  - name: default
    ip_pools:
    - name: default
      first_ip: 10.0.0.100
      last_ip: 10.0.0.240
    dns_servers:
    - 9.9.9.9
    - 8.8.8.8
    mtu: 1400

Project networks settings

Setting	Description
version	Version of the specification file format. If missing default version will be assumed, which is currently 1.0.
project	Name of the project. This value is currently only used when project network config is generated from eryph. As it is no longer not used when building the project network it may be removed in future.
networks	List of networks declared in the project. Any network declared here can be used by catlets in the project. You should always define a "default" network, as this network will be used by all catlets that don't change the network explicitly.

Networks settings

These settings define the networks in the project.
Please note that eryph always creates a virtual router to route traffic between all overlay networks declared in the project. This includes networks in different environments. Therefore, networks in a project should not overlap.

settings group name: networks
setting type: list of named objects

Setting	Description
name	Name of the network
environment	Optional setting of network environment. If the environment is missing, the default environment is used. If you set the environment for a network, catlets with the corresponding environment will use this network if both the network name and the environment match. Environment allows you to separate catlets, but still allow them to communicate with each other (see domain default below). Typical use cases for environments are staging and production environments that define the same services.
provider	Network provider name or settings. If omitted, the network provider "default" is used. This setting configures which network provider from the network providers configuration should be used.
address	IPv4 network address in CIDR notation.
subnets	List of subnets declared in the network. A network must contain at least one subnet. See below for subnet settings. For overlay networks, you should always define a "default" subnet, as this subnet will be used by all catlets that don't explicitly change the subnet. Flat networks don't use this setting, but the subnet settings of the network provider.

settings group name: networks/provider
setting type: object
YAML short format: provider: <name>

Setting	Description
name	Name of the network provider The network provider that should be used for the network. If you specify a flat network here, the network will use the settings of the network provider for subnets and ip pools of the project network. Otherwise it will use network provider subnets and ip pools to route and NAT traffic between the virtual network and the provider network.
subnet	Subnet of network provider to use If omitted, the network provider subnet "default" is used.
ip_pool	Ip pool of network provider to use If omitted, the network provider ip pool "default" is used.

Setting

Description

name

Name of the network provider
The network provider that should be used for the network.

If you specify a flat network here, the network will use the settings of the network provider for subnets and ip pools of the project network.
Otherwise it will use network provider subnets and ip pools to route and NAT traffic between the virtual network and the provider network.

subnet

Subnet of network provider to use
If omitted, the network provider subnet "default" is used.

ip_pool

Ip pool of network provider to use
If omitted, the network provider ip pool "default" is used.

settings group name: networks/subnets
setting type: list of named objects

Setting	Description
name	Name of the subnet
address	IPv4 network address of the subnet in CIDR notation. If missing, entire network address will be used for this subnet.
ip_pools	List of ip pools declared in the network. A subnet has to contain at least one ip pool. See below for ip pool settings. Ip pools provide a range of IPs that will be used by the virtual networking to assign ip addresses to the catlet network ports. You should always define a "default" ip pool, as this ip pool will be used by all catlets that don't change the ip pool explicitly.
dns_servers	A array of string values with dns servers for this subnet. The dns servers listed here will be used to resolve external IP addresses. Internal network addresses will be resolved with these dns servers, however you always have to configure one.
dns_domain	Dns domain name for this subnet. The default value is home.arpa for the default environment and [environment].home.arpa for other environments. If you configure a custom value for the dns domain, be aware that hostnames in different environments may overlap.
mtu	MTU for the network This setting configures which MTU value is provided in the catlet network configuration. The default is 1400 for overlay networks. Changing the mtu is recommended because virtual networking works with xvlan, which requires additional space on the IP header. 1400 is not the optimal MTU value, but was chosen for maximum compatibility with even consumer-grade networking devices.

settings group name: networks/subnets/ip_pools
setting type: list of named objects

Setting	Description
name	The name of the IP pool.
first_ip	The first IP address in the pool.
last_ip	Last IP address in the pool.
next_ip	Next IP address in the pool. Normally you don't need to change this setting, as it is only used to initialize the IP pool in case the current IP pool position is unavailable.