1 <?xml version="1.0" encoding="utf-8"?>
4 Default PLC configuration file
6 Mark Huang <mlhuang@cs.princeton.edu>
7 Copyright (C) 2006 The Trustees of Princeton University
9 $Id: plc_config.xml,v 1.14 2006/06/23 20:31:09 mlhuang Exp $
12 <!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "plc_config.dtd">
18 <description>Basic system variables. Be sure that the values of
19 these variables are the same across all machines in your
20 installation.</description>
23 <variable id="name" type="string">
25 <value>PlanetLab Test</value>
26 <description>The name of this PLC installation. It is used in
27 the name of the default system site (e.g., PlanetLab Central)
28 and in the names of various administrative entities (e.g.,
29 PlanetLab Support).</description>
32 <variable id="slice_prefix" type="string">
33 <name>Slice Prefix</name>
35 <description>The abbreviated name of this PLC
36 installation. It is used as the prefix for system slices
37 (e.g., pl_conf). Warning: Currently, this variable should
38 not be changed.</description>
41 <variable id="root_user" type="email">
42 <name>Root Account</name>
43 <value>root@localhost.localdomain</value>
44 <description>The name of the initial administrative
45 account. We recommend that this account be used only to create
46 additional accounts associated with real
47 administrators, then disabled.</description>
50 <variable id="root_password" type="password">
51 <name>Root Password</name>
53 <description>The password of the initial administrative
54 account. Also the password of the root account on the Boot
58 <!-- The following are not actually meant to be configurable
59 as variables. The web interface should allow the file to
60 be downloaded, or its contents replaced by a file upload,
61 but the actual <value> shouldn't need to be changed. -->
63 <variable id="root_ssh_key_pub" type="file">
64 <name>Root SSH Public Key</name>
65 <value>/etc/planetlab/root_ssh_key.pub</value>
66 <description>The SSH public key used to access the root
67 account on your nodes.</description>
70 <variable id="root_ssh_key" type="file">
71 <name>Root SSH Private Key</name>
72 <value>/etc/planetlab/root_ssh_key.rsa</value>
73 <description>The SSH private key used to access the root
74 account on your nodes.</description>
77 <variable id="debug_ssh_key_pub" type="file">
78 <name>Debug SSH Public Key</name>
79 <value>/etc/planetlab/debug_ssh_key.pub</value>
80 <description>The SSH public key used to access the root
81 account on your nodes when they are in Debug mode.</description>
84 <variable id="debug_ssh_key" type="file">
85 <name>Debug SSH Private Key</name>
86 <value>/etc/planetlab/debug_ssh_key.rsa</value>
87 <description>The SSH private key used to access the root
88 account on your nodes when they are in Debug mode.</description>
91 <variable id="root_gpg_key_pub" type="file">
92 <name>Root GPG Public Keyring</name>
93 <value>/etc/planetlab/pubring.gpg</value>
94 <description>The GPG public keyring used to sign the Boot
95 Manager and all node packages.</description>
98 <variable id="root_gpg_key" type="file">
99 <name>Root GPG Private Keyring</name>
100 <value>/etc/planetlab/secring.gpg</value>
101 <description>The SSH private key used to access the root
102 account on your nodes.</description>
107 <category id="plc_ma_sa">
108 <name>Management and Slice Authority</name>
109 <description>These variables control how your site interacts
110 with other PlanetLab sites as a Management Authority (MA) and/or
111 Slice Authority (SA).</description>
114 <variable id="namespace" type="ip">
115 <name>Namespace</name>
117 <description>The namespace of your MA/SA. This should be a
118 globally unique value assigned by PlanetLab
119 Central.</description>
122 <variable id="ssl_key" type="file">
123 <name>SSL Private Key</name>
124 <value>/etc/planetlab/ma_sa_ssl.key</value>
125 <description>The SSL private key used for signing documents
126 with the signature of your MA/SA. If non-existent, one will
127 be generated.</description>
130 <variable id="ssl_crt" type="file">
131 <name>SSL Public Certificate</name>
132 <value>/etc/planetlab/ma_sa_ssl.crt</value>
133 <description>The corresponding SSL public certificate. By
134 default, this certificate is self-signed. You may replace
135 the certificate later with one signed by the PLC root
139 <variable id="ca_ssl_crt" type="file">
140 <name>Root CA SSL Public Certificate</name>
141 <value>/etc/planetlab/ma_sa_ca_ssl.crt</value>
142 <description>If applicable, the certificate of the PLC root
143 CA. If your MA/SA certificate is self-signed, then this file
144 is the same as your MA/SA certificate.</description>
147 <variable id="ca_ssl_key_pub" type="file">
148 <name>Root CA SSL Public Key</name>
149 <value>/etc/planetlab/ma_sa_ca_ssl.pub</value>
150 <description>If applicable, the public key of the PLC root
151 CA. If your MA/SA certificate is self-signed, then this file
152 is the same as your MA/SA public key.</description>
155 <variable id="api_crt" type="file">
156 <name>API Certificate</name>
157 <value>/etc/planetlab/ma_sa_api.xml</value>
158 <description>The API Certificate is your MA/SA public key
159 embedded in a digitally signed XML document. By default,
160 this document is self-signed. You may replace this
161 certificate later with one signed by the PLC root
167 <category id="plc_net">
169 <description>Network environment.</description>
172 <variable id="dns1" type="ip">
173 <name>Primary DNS Server</name>
174 <value>127.0.0.1</value>
175 <description>Primary DNS server address.</description>
178 <variable id="dns2" type="ip">
179 <name>Secondary DNS Server</name>
181 <description>Secondary DNS server address.</description>
186 <category id="plc_dns">
188 <description>MyPLC can provide forward DNS resolution for itself
189 and for its nodes. To enable resolution for MyPLC itself, set
190 the Primary DNS Server address to 127.0.0.1 and provide external
191 IP addresses for the database, API, web, and boot servers
192 below. To enable resolution for nodes, use the external IP
193 address of this machine as the primary DNS server address for
194 each node.</description>
197 <variable id="enabled" type="boolean">
198 <name>Enable DNS</name>
200 <description>Enable the internal DNS server. The server does
201 not provide reverse resolution and is not a production
202 quality or scalable DNS solution. Use the internal DNS
203 server only for small deployments or for
204 testing.</description>
209 <category id="plc_mail">
211 <description>Many maintenance scripts, as well as the API and
212 web site themselves, send e-mail notifications and
213 warnings.</description>
216 <variable id="enabled" type="boolean">
217 <name>Enable Mail</name>
219 <description>Set to false to suppress all e-mail notifications
220 and warnings.</description>
223 <variable id="support_address" type="email">
224 <name>Support Address</name>
225 <value>root+support@localhost.localdomain</value>
226 <description>This address is used for support
227 requests. Support requests may include traffic complaints,
228 security incident reporting, web site malfunctions, and
229 general requests for information. We recommend that the
230 address be aliased to a ticketing system such as Request
231 Tracker.</description>
234 <variable id="boot_address" type="email">
235 <name>Boot Messages Address</name>
236 <value>root+install-msgs@localhost.localdomain</value>
237 <description>The API will notify this address when a problem
238 occurs during node installation or boot.</description>
241 <variable id="slice_address" type="email">
242 <name>Slice Address</name>
243 <value>root+SLICE@localhost.localdomain</value>
244 <description>This address template is used for sending
245 e-mail notifications to slices. SLICE will be replaced with
246 the name of the slice.</description>
251 <category id="plc_db">
252 <name>Database Server</name>
253 <description>Database server definitions.</description>
256 <variable id="enabled" type="boolean">
259 <description>Enable the database server on this
260 machine.</description>
263 <variable id="type" type="string">
265 <value>postgresql</value>
266 <description>The type of database server. Currently, only
267 postgresql is supported.</description>
270 <variable id="host" type="hostname">
271 <name>Hostname</name>
272 <value>localhost.localdomain</value>
273 <description>The fully qualified hostname of the database
274 server.</description>
277 <variable id="ip" type="ip">
278 <name>IP Address</name>
279 <value>127.0.0.1</value>
280 <description>The IP address of the database server, if not
281 resolvable by the configured DNS servers.</description>
284 <variable id="port" type="int">
287 <description>The TCP port number through which the database
288 server should be accessed.</description>
291 <variable id="name" type="string">
292 <name>Database Name</name>
293 <value>planetlab3</value>
294 <description>The name of the database to access.</description>
297 <variable id="user" type="string">
298 <name>Database Username</name>
299 <value>pgsqluser</value>
300 <description>The username to use when accessing the
301 database.</description>
304 <variable id="password" type="password">
305 <name>Database Password</name>
307 <description>The password to use when accessing the
308 database. If left blank, one will be
309 generated.</description>
314 <category id="plc_api">
315 <name>API Server</name>
316 <description>API (XML-RPC) server definitions.</description>
319 <variable id="enabled" type="boolean">
322 <description>Enable the API server on this
323 machine.</description>
326 <variable id="debug" type="boolean">
329 <description>Enable verbose API debugging. Do not enable on
330 a production system!</description>
333 <variable id="host" type="hostname">
334 <name>Hostname</name>
335 <value>localhost.localdomain</value>
336 <description>The fully qualified hostname of the API
337 server.</description>
340 <variable id="ip" type="ip">
341 <name>IP Address</name>
342 <value>127.0.0.1</value>
343 <description>The IP address of the API server, if not
344 resolvable by the configured DNS servers.</description>
347 <variable id="port" type="int">
350 <description>The TCP port number through which the API
351 should be accessed. Warning: SSL (port 443) access is not
352 fully supported by the website code yet. We recommend that
353 port 80 be used for now and that the API server either run
354 on the same machine as the web server, or that they both be
355 on a secure wired network.</description>
358 <variable id="path" type="string">
360 <value>/PLCAPI/</value>
361 <description>The base path of the API URL.</description>
364 <variable id="maintenance_user" type="string">
365 <name>Maintenance User</name>
366 <value>maint@localhost.localdomain</value>
367 <description>The username of the maintenance account. This
368 account is used by local scripts that perform automated
369 tasks, and cannot be used for normal logins.</description>
372 <variable id="maintenance_password" type="password">
373 <name>Maintenance Password</name>
375 <description>The password of the maintenance account. If
376 left blank, one will be generated. We recommend that the
377 password be changed periodically.</description>
380 <variable id="maintenance_sources" type="hostname">
381 <name>Authorized Hosts</name>
383 <description>A space-separated list of IP addresses allowed
384 to access the API through the maintenance account. The value
385 of this variable is set automatically to allow only the API,
386 web, and boot servers, and should not be
387 changed.</description>
390 <!-- The following are not actually meant to be configurable
391 as variables. The web interface should allow the file to
392 be downloaded, or its contents replaced by a file upload,
393 but the actual <value> shouldn't need to be changed. -->
395 <variable id="ssl_key" type="file">
396 <name>SSL Private Key</name>
397 <value>/etc/planetlab/api_ssl.key</value>
398 <description>The SSL private key to use for encrypting HTTPS
399 traffic. If non-existent, one will be
400 generated.</description>
403 <variable id="ssl_crt" type="file">
404 <name>SSL Public Certificate</name>
405 <value>/etc/planetlab/api_ssl.crt</value>
406 <description>The corresponding SSL public certificate. By
407 default, this certificate is self-signed. You may replace
408 the certificate later with one signed by a root
412 <variable id="ca_ssl_crt" type="file">
413 <name>Root CA SSL Public Certificate</name>
414 <value>/etc/planetlab/api_ca_ssl.crt</value>
415 <description>The certificate of the root CA, if any, that
416 signed your server certificate. If your server certificate is
417 self-signed, then this file is the same as your server
418 certificate.</description>
423 <category id="plc_www">
424 <name>Web Server</name>
425 <description>Web server definitions.</description>
428 <variable id="enabled" type="boolean">
431 <description>Enable the web server on this
432 machine.</description>
435 <variable id="debug" type="boolean">
438 <description>Enable debugging output on web pages. Do not
439 enable on a production system!</description>
442 <variable id="host" type="hostname">
443 <name>Hostname</name>
444 <value>localhost.localdomain</value>
445 <description>The fully qualified hostname of the web
446 server.</description>
449 <variable id="ip" type="ip">
450 <name>IP Address</name>
451 <value>127.0.0.1</value>
452 <description>The IP address of the web server, if not
453 resolvable by the configured DNS servers.</description>
456 <variable id="port" type="int">
459 <description>The TCP port number through which the
460 unprotected portions of the web site should be
461 accessed.</description>
464 <variable id="ssl_port" type="int">
465 <name>SSL Port</name>
467 <description>The TCP port number through which the protected
468 portions of the web site should be accessed.</description>
471 <!-- The following are not actually meant to be configurable
472 as variables. The web interface should allow the file to
473 be downloaded, or its contents replaced by a file upload,
474 but the actual <value> shouldn't need to be changed. -->
476 <variable id="ssl_key" type="file">
477 <name>SSL Private Key</name>
478 <value>/etc/planetlab/www_ssl.key</value>
479 <description>The SSL private key to use for encrypting HTTPS
480 traffic. If non-existent, one will be
481 generated.</description>
484 <variable id="ssl_crt" type="file">
485 <name>SSL Public Certificate</name>
486 <value>/etc/planetlab/www_ssl.crt</value>
487 <description>The corresponding SSL public certificate for
488 the HTTP server. By default, this certificate is
489 self-signed. You may replace the certificate later with one
490 signed by a root CA.</description>
493 <variable id="ca_ssl_crt" type="file">
494 <name>Root CA SSL Public Certificate</name>
495 <value>/etc/planetlab/www_ca_ssl.crt</value>
496 <description>The certificate of the root CA, if any, that
497 signed your server certificate. If your server certificate is
498 self-signed, then this file is the same as your server
499 certificate.</description>
504 <category id="plc_boot">
505 <name>Boot Server</name>
506 <description>Boot server definitions. Multiple boot servers
507 may be brought up for load balancing, but we recommend that a
508 single DNS round-robin system be implemented so that the
509 following variables are the same across all of
513 <variable id="enabled" type="boolean">
516 <description>Enable the boot server on this
517 machine.</description>
520 <variable id="host" type="hostname">
521 <name>Hostname</name>
522 <value>localhost.localdomain</value>
523 <description>The fully qualified hostname of the boot
524 server.</description>
527 <variable id="ip" type="ip">
528 <name>IP Address</name>
529 <value>127.0.0.1</value>
530 <description>The IP address of the boot server, if not
531 resolvable by the configured DNS servers.</description>
534 <variable id="port" type="int">
537 <description>The TCP port number through which the
538 unprotected portions of the boot server should be
539 accessed.</description>
542 <variable id="ssl_port" type="int">
543 <name>SSL Port</name>
545 <description>The TCP port number through which the protected
546 portions of the boot server should be
547 accessed.</description>
550 <!-- The following are not actually meant to be configurable
551 as variables. The web interface should allow the file to
552 be downloaded, or its contents replaced by a file upload,
553 but the actual <value> shouldn't need to be changed. -->
555 <variable id="ssl_key" type="file">
556 <name>SSL Private Key</name>
557 <value>/etc/planetlab/boot_ssl.key</value>
558 <description>The SSL private key to use for encrypting HTTPS
559 traffic.</description>
562 <variable id="ssl_crt" type="file">
563 <name>SSL Public Certificate</name>
564 <value>/etc/planetlab/boot_ssl.crt</value>
565 <description>The corresponding SSL public certificate for
566 the HTTP server. By default, this certificate is
567 self-signed. You may replace the certificate later with one
568 signed by a root CA.</description>
571 <variable id="ca_ssl_crt" type="file">
572 <name>Root CA SSL Public Certificate</name>
573 <value>/etc/planetlab/boot_ca_ssl.crt</value>
574 <description>The certificate of the root CA, if any, that
575 signed your server certificate. If your server certificate is
576 self-signed, then this file is the same as your server
577 certificate.</description>
586 <name>PlanetLab Central</name>
587 <default>true</default>
588 <description>PlanetLab Central Packages</description>
589 <uservisible>true</uservisible>
592 <packagereq type="mandatory">dev</packagereq>
594 <!-- kernel-vserver is intended for the vserver-reference, but
595 serves the same useful purpose for MyPLC, namely, to
596 Provide: kernel without actually installing anything. -->
597 <packagereq type="mandatory">kernel-vserver</packagereq>
599 <!-- Sending mail -->
600 <packagereq type="mandatory">sendmail</packagereq>
601 <packagereq type="mandatory">sendmail-cf</packagereq>
603 <!-- Caching DNS server -->
604 <packagereq type="mandatory">dnsmasq</packagereq>
606 <!-- (Optional) Synchronizing with PLC -->
607 <packagereq type="mandatory">rsync</packagereq>
610 <packagereq type="mandatory">vixie-cron</packagereq>
612 <!-- Other utilities -->
613 <packagereq type="mandatory">cvs</packagereq>
614 <packagereq type="mandatory">curl</packagereq>
615 <packagereq type="mandatory">wget</packagereq>
616 <packagereq type="mandatory">less</packagereq>
617 <packagereq type="mandatory">gzip</packagereq>
618 <packagereq type="mandatory">bzip2</packagereq>
619 <packagereq type="mandatory">cpio</packagereq>
620 <packagereq type="mandatory">tar</packagereq>
621 <packagereq type="mandatory">diffutils</packagereq>
623 <!-- yum >=2.2 uses a new repository format -->
624 <packagereq type="mandatory">createrepo</packagereq>
625 <packagereq type="mandatory">yum</packagereq>
626 <packagereq type="mandatory">rpm</packagereq>
628 <!-- For mkpasswd -->
629 <packagereq type="mandatory">expect</packagereq>
631 <!-- For ssh-keygen -->
632 <packagereq type="mandatory">openssh</packagereq>
634 <!-- Almost all scripts are written in Python -->
635 <packagereq type="mandatory">python</packagereq>
637 <!-- For various Python scripts that access the API -->
638 <packagereq type="mandatory">plcapilib</packagereq>
640 <!-- Database server -->
641 <packagereq type="mandatory">postgresql</packagereq>
642 <packagereq type="mandatory">postgresql-server</packagereq>
643 <packagereq type="mandatory">postgresql-python</packagereq>
645 <!-- (Secure) web server -->
646 <packagereq type="mandatory">httpd</packagereq>
647 <packagereq type="mandatory">mod_ssl</packagereq>
649 <!-- Web pages are written primarily in PHP. A few pages still
650 access the DB directly. -->
651 <packagereq type="mandatory">php</packagereq>
652 <packagereq type="mandatory">php-pgsql</packagereq>
653 <packagereq type="mandatory">php-xmlrpc</packagereq>
655 <!-- Need GD for ImageCreate(), etc. -->
656 <packagereq type="mandatory">gd</packagereq>
657 <packagereq type="mandatory">php-gd</packagereq>
659 <!-- API server is implemented in mod_python -->
660 <packagereq type="mandatory">mod_python</packagereq>
662 <!-- API server uses a few non-standard packages -->
663 <packagereq type="mandatory">PyXML</packagereq>
664 <packagereq type="mandatory">PlanetLabAuth</packagereq>
666 <!-- API server uses SSL to sign tickets -->
667 <packagereq type="mandatory">xmlsec1</packagereq>
668 <packagereq type="mandatory">xmlsec1-openssl</packagereq>
669 <packagereq type="mandatory">openssl</packagereq>
671 <!-- Customizable Boot CD and Boot Manager packages -->
672 <packagereq type="mandatory">bootcd</packagereq>
673 <packagereq type="mandatory">bootmanager</packagereq>