8 Default: PlanetLab Test</para>
9 <para>The name of this PLC installation. It is used in
10 the name of the default system site (e.g., PlanetLab Central)
11 and in the names of various administrative entities (e.g.,
12 PlanetLab Support).</para>
16 <term>PLC_SLICE_PREFIX</term>
22 <para>The abbreviated name of this PLC
23 installation. It is used as the prefix for system slices
24 (e.g., pl_conf). Warning: Currently, this variable should
25 not be changed.</para>
29 <term>PLC_ROOT_USER</term>
34 Default: root@localhost.localdomain</para>
35 <para>The name of the initial administrative
36 account. We recommend that this account be used only to create
37 additional accounts associated with real
38 administrators, then disabled.</para>
42 <term>PLC_ROOT_PASSWORD</term>
48 <para>The password of the initial administrative
49 account. Also the password of the root account on the Boot
54 <term>PLC_ROOT_SSH_KEY_PUB</term>
59 Default: /etc/planetlab/root_ssh_key.pub</para>
60 <para>The SSH public key used to access the root
61 account on your nodes.</para>
65 <term>PLC_ROOT_SSH_KEY</term>
70 Default: /etc/planetlab/root_ssh_key.rsa</para>
71 <para>The SSH private key used to access the root
72 account on your nodes.</para>
76 <term>PLC_DEBUG_SSH_KEY_PUB</term>
81 Default: /etc/planetlab/debug_ssh_key.pub</para>
82 <para>The SSH public key used to access the root
83 account on your nodes when they are in Debug mode.</para>
87 <term>PLC_DEBUG_SSH_KEY</term>
92 Default: /etc/planetlab/debug_ssh_key.rsa</para>
93 <para>The SSH private key used to access the root
94 account on your nodes when they are in Debug mode.</para>
98 <term>PLC_ROOT_GPG_KEY_PUB</term>
103 Default: /etc/planetlab/pubring.gpg</para>
104 <para>The GPG public keyring used to sign the Boot
105 Manager and all node packages.</para>
109 <term>PLC_ROOT_GPG_KEY</term>
114 Default: /etc/planetlab/secring.gpg</para>
115 <para>The SSH private key used to access the root
116 account on your nodes.</para>
120 <term>PLC_MA_SA_NAMESPACE</term>
126 <para>The namespace of your MA/SA. This should be a
127 globally unique value assigned by PlanetLab
132 <term>PLC_MA_SA_SSL_KEY</term>
137 Default: /etc/planetlab/ma_sa_ssl.key</para>
138 <para>The SSL private key used for signing documents
139 with the signature of your MA/SA. If non-existent, one will
144 <term>PLC_MA_SA_SSL_CRT</term>
149 Default: /etc/planetlab/ma_sa_ssl.crt</para>
150 <para>The corresponding SSL public certificate. By
151 default, this certificate is self-signed. You may replace
152 the certificate later with one signed by the PLC root
157 <term>PLC_MA_SA_CA_SSL_CRT</term>
162 Default: /etc/planetlab/ma_sa_ca_ssl.crt</para>
163 <para>If applicable, the certificate of the PLC root
164 CA. If your MA/SA certificate is self-signed, then this file
165 is the same as your MA/SA certificate.</para>
169 <term>PLC_MA_SA_CA_SSL_KEY_PUB</term>
174 Default: /etc/planetlab/ma_sa_ca_ssl.pub</para>
175 <para>If applicable, the public key of the PLC root
176 CA. If your MA/SA certificate is self-signed, then this file
177 is the same as your MA/SA public key.</para>
181 <term>PLC_MA_SA_API_CRT</term>
186 Default: /etc/planetlab/ma_sa_api.xml</para>
187 <para>The API Certificate is your MA/SA public key
188 embedded in a digitally signed XML document. By default,
189 this document is self-signed. You may replace this
190 certificate later with one signed by the PLC root
195 <term>PLC_NET_DNS1</term>
200 Default: 127.0.0.1</para>
201 <para>Primary DNS server address.</para>
205 <term>PLC_NET_DNS2</term>
211 <para>Secondary DNS server address.</para>
215 <term>PLC_DNS_ENABLED</term>
221 <para>Enable the internal DNS server. The server does
222 not provide reverse resolution and is not a production
223 quality or scalable DNS solution. Use the internal DNS
224 server only for small deployments or for
229 <term>PLC_MAIL_ENABLED</term>
234 Default: false</para>
235 <para>Set to false to suppress all e-mail notifications
240 <term>PLC_MAIL_SUPPORT_ADDRESS</term>
245 Default: root+support@localhost.localdomain</para>
246 <para>This address is used for support
247 requests. Support requests may include traffic complaints,
248 security incident reporting, web site malfunctions, and
249 general requests for information. We recommend that the
250 address be aliased to a ticketing system such as Request
255 <term>PLC_MAIL_BOOT_ADDRESS</term>
260 Default: root+install-msgs@localhost.localdomain</para>
261 <para>The API will notify this address when a problem
262 occurs during node installation or boot.</para>
266 <term>PLC_MAIL_SLICE_ADDRESS</term>
271 Default: root+SLICE@localhost.localdomain</para>
272 <para>This address template is used for sending
273 e-mail notifications to slices. SLICE will be replaced with
274 the name of the slice.</para>
278 <term>PLC_DB_ENABLED</term>
284 <para>Enable the database server on this
289 <term>PLC_DB_TYPE</term>
294 Default: postgresql</para>
295 <para>The type of database server. Currently, only
296 postgresql is supported.</para>
300 <term>PLC_DB_HOST</term>
303 Type: hostname</para>
305 Default: localhost.localdomain</para>
306 <para>The fully qualified hostname of the database
311 <term>PLC_DB_IP</term>
316 Default: 127.0.0.1</para>
317 <para>The IP address of the database server, if not
318 resolvable by the configured DNS servers.</para>
322 <term>PLC_DB_PORT</term>
328 <para>The TCP port number through which the database
329 server should be accessed.</para>
333 <term>PLC_DB_NAME</term>
338 Default: planetlab3</para>
339 <para>The name of the database to access.</para>
343 <term>PLC_DB_USER</term>
348 Default: pgsqluser</para>
349 <para>The username to use when accessing the
354 <term>PLC_DB_PASSWORD</term>
357 Type: password</para>
360 <para>The password to use when accessing the
361 database. If left blank, one will be
366 <term>PLC_API_ENABLED</term>
372 <para>Enable the API server on this
377 <term>PLC_API_DEBUG</term>
382 Default: false</para>
383 <para>Enable verbose API debugging. Do not enable on
384 a production system!</para>
388 <term>PLC_API_HOST</term>
391 Type: hostname</para>
393 Default: localhost.localdomain</para>
394 <para>The fully qualified hostname of the API
399 <term>PLC_API_IP</term>
404 Default: 127.0.0.1</para>
405 <para>The IP address of the API server, if not
406 resolvable by the configured DNS servers.</para>
410 <term>PLC_API_PORT</term>
416 <para>The TCP port number through which the API
417 should be accessed. Warning: SSL (port 443) access is not
418 fully supported by the website code yet. We recommend that
419 port 80 be used for now and that the API server either run
420 on the same machine as the web server, or that they both be
421 on a secure wired network.</para>
425 <term>PLC_API_PATH</term>
430 Default: /PLCAPI/</para>
431 <para>The base path of the API URL.</para>
435 <term>PLC_API_MAINTENANCE_USER</term>
440 Default: maint@localhost.localdomain</para>
441 <para>The username of the maintenance account. This
442 account is used by local scripts that perform automated
443 tasks, and cannot be used for normal logins.</para>
447 <term>PLC_API_MAINTENANCE_PASSWORD</term>
450 Type: password</para>
453 <para>The password of the maintenance account. If
454 left blank, one will be generated. We recommend that the
455 password be changed periodically.</para>
459 <term>PLC_API_MAINTENANCE_SOURCES</term>
462 Type: hostname</para>
465 <para>A space-separated list of IP addresses allowed
466 to access the API through the maintenance account. The value
467 of this variable is set automatically to allow only the API,
468 web, and boot servers, and should not be
473 <term>PLC_API_SSL_KEY</term>
478 Default: /etc/planetlab/api_ssl.key</para>
479 <para>The SSL private key to use for encrypting HTTPS
480 traffic. If non-existent, one will be
485 <term>PLC_API_SSL_CRT</term>
490 Default: /etc/planetlab/api_ssl.crt</para>
491 <para>The corresponding SSL public certificate. By
492 default, this certificate is self-signed. You may replace
493 the certificate later with one signed by a root
498 <term>PLC_API_CA_SSL_CRT</term>
503 Default: /etc/planetlab/api_ca_ssl.crt</para>
504 <para>The certificate of the root CA, if any, that
505 signed your server certificate. If your server certificate is
506 self-signed, then this file is the same as your server
511 <term>PLC_WWW_ENABLED</term>
517 <para>Enable the web server on this
522 <term>PLC_WWW_DEBUG</term>
527 Default: false</para>
528 <para>Enable debugging output on web pages. Do not
529 enable on a production system!</para>
533 <term>PLC_WWW_HOST</term>
536 Type: hostname</para>
538 Default: localhost.localdomain</para>
539 <para>The fully qualified hostname of the web
544 <term>PLC_WWW_IP</term>
549 Default: 127.0.0.1</para>
550 <para>The IP address of the web server, if not
551 resolvable by the configured DNS servers.</para>
555 <term>PLC_WWW_PORT</term>
561 <para>The TCP port number through which the
562 unprotected portions of the web site should be
567 <term>PLC_WWW_SSL_PORT</term>
573 <para>The TCP port number through which the protected
574 portions of the web site should be accessed.</para>
578 <term>PLC_WWW_SSL_KEY</term>
583 Default: /etc/planetlab/www_ssl.key</para>
584 <para>The SSL private key to use for encrypting HTTPS
585 traffic. If non-existent, one will be
590 <term>PLC_WWW_SSL_CRT</term>
595 Default: /etc/planetlab/www_ssl.crt</para>
596 <para>The corresponding SSL public certificate for
597 the HTTP server. By default, this certificate is
598 self-signed. You may replace the certificate later with one
599 signed by a root CA.</para>
603 <term>PLC_WWW_CA_SSL_CRT</term>
608 Default: /etc/planetlab/www_ca_ssl.crt</para>
609 <para>The certificate of the root CA, if any, that
610 signed your server certificate. If your server certificate is
611 self-signed, then this file is the same as your server
616 <term>PLC_BOOT_ENABLED</term>
622 <para>Enable the boot server on this
627 <term>PLC_BOOT_HOST</term>
630 Type: hostname</para>
632 Default: localhost.localdomain</para>
633 <para>The fully qualified hostname of the boot
638 <term>PLC_BOOT_IP</term>
643 Default: 127.0.0.1</para>
644 <para>The IP address of the boot server, if not
645 resolvable by the configured DNS servers.</para>
649 <term>PLC_BOOT_PORT</term>
655 <para>The TCP port number through which the
656 unprotected portions of the boot server should be
661 <term>PLC_BOOT_SSL_PORT</term>
667 <para>The TCP port number through which the protected
668 portions of the boot server should be
673 <term>PLC_BOOT_SSL_KEY</term>
678 Default: /etc/planetlab/boot_ssl.key</para>
679 <para>The SSL private key to use for encrypting HTTPS
684 <term>PLC_BOOT_SSL_CRT</term>
689 Default: /etc/planetlab/boot_ssl.crt</para>
690 <para>The corresponding SSL public certificate for
691 the HTTP server. By default, this certificate is
692 self-signed. You may replace the certificate later with one
693 signed by a root CA.</para>
697 <term>PLC_BOOT_CA_SSL_CRT</term>
702 Default: /etc/planetlab/boot_ca_ssl.crt</para>
703 <para>The certificate of the root CA, if any, that
704 signed your server certificate. If your server certificate is
705 self-signed, then this file is the same as your server