Mark Huang <mlhuang@cs.princeton.edu>
Copyright (C) 2006 The Trustees of Princeton University
-$Id: plc_config.xml,v 1.13 2006/05/23 18:14:47 mlhuang Exp $
+$Id: plc_config.xml,v 1.17 2006/11/10 19:03:48 mlhuang Exp $
-->
<!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "plc_config.dtd">
<description>The SSH private key used to access the root
account on your nodes.</description>
</variable>
-
- <variable id="root_ca_ssl_key" type="file">
- <name>Root CA SSL Private Key</name>
- <value>/etc/planetlab/root_ca_ssl.key</value>
- <description>The SSL private key used for signing all other
- generated certificates. If non-existent, one will be
- generated.</description>
- </variable>
-
- <variable id="root_ca_ssl_key_pub" type="file">
- <name>Root CA SSL Public Key</name>
- <value>/etc/planetlab/root_ca_ssl.pub</value>
- <description>The corresponding SSL public key.</description>
- </variable>
-
- <variable id="root_ca_ssl_crt" type="file">
- <name>Root CA SSL Public Certificate</name>
- <value>/etc/planetlab/root_ca_ssl.crt</value>
- <description>The corresponding SSL public
- certificate.</description>
- </variable>
- </variablelist>
- </category>
-
- <category id="plc_ma_sa">
- <name>Management and Slice Authority</name>
- <description>These variables control how your site interacts
- with other PlanetLab sites as a Management Authority (MA) and/or
- Slice Authority (SA).</description>
-
- <variablelist>
- <variable id="namespace" type="ip">
- <name>Namespace</name>
- <value>test</value>
- <description>The namespace of your MA/SA. This should be a
- globally unique value assigned by PlanetLab
- Central.</description>
- </variable>
-
- <variable id="ssl_key" type="file">
- <name>SSL Private Key</name>
- <value>/etc/planetlab/ma_sa_ssl.key</value>
- <description>The SSL private key used for signing documents
- with the signature of your MA/SA. If non-existent, one will
- be generated.</description>
- </variable>
-
- <variable id="ssl_key_pub" type="file">
- <name>SSL Public Key</name>
- <value>/etc/planetlab/ma_sa_ssl.pub</value>
- <description>The corresponding SSL public key.</description>
- </variable>
-
- <variable id="ssl_crt" type="file">
- <name>SSL Public Certificate</name>
- <value>/etc/planetlab/ma_sa_ssl.crt</value>
- <description>The corresponding SSL public certificate,
- signed by the root CA.</description>
- </variable>
-
- <variable id="api_crt" type="file">
- <name>API Certificate</name>
- <value>/etc/planetlab/ma_sa_api.xml</value>
- <description>The API Certificate for your MA/SA is the SSL
- public key for your MA/SA embedded in an XML document and
- signed by the root CA SSL private key. The API Certificate
- can be used by any PlanetLab node managed by any MA, to
- verify that your MA/SA public key is valid.</description>
- </variable>
</variablelist>
</category>
<variable id="name" type="string">
<name>Database Name</name>
- <value>planetlab3</value>
+ <value>planetlab4</value>
<description>The name of the database to access.</description>
</variable>
<variable id="port" type="int">
<name>Port</name>
- <value>80</value>
+ <value>443</value>
<description>The TCP port number through which the API
- should be accessed. Warning: SSL (port 443) access is not
- fully supported by the website code yet. We recommend that
- port 80 be used for now and that the API server either run
- on the same machine as the web server, or that they both be
- on a secure wired network.</description>
+ should be accessed.</description>
</variable>
<variable id="path" type="string">
<variable id="ssl_crt" type="file">
<name>SSL Public Certificate</name>
<value>/etc/planetlab/api_ssl.crt</value>
- <description>The corresponding SSL public certificate,
- signed by the root CA.</description>
+ <description>The corresponding SSL public certificate. By
+ default, this certificate is self-signed. You may replace
+ the certificate later with one signed by a root
+ CA.</description>
+ </variable>
+
+ <variable id="ca_ssl_crt" type="file">
+ <name>Root CA SSL Public Certificate</name>
+ <value>/etc/planetlab/api_ca_ssl.crt</value>
+ <description>The certificate of the root CA, if any, that
+ signed your server certificate. If your server certificate is
+ self-signed, then this file is the same as your server
+ certificate.</description>
</variable>
</variablelist>
</category>
<variable id="ssl_crt" type="file">
<name>SSL Public Certificate</name>
<value>/etc/planetlab/www_ssl.crt</value>
- <description>The corresponding SSL public certificate,
- signed by the root CA.</description>
+ <description>The corresponding SSL public certificate for
+ the HTTP server. By default, this certificate is
+ self-signed. You may replace the certificate later with one
+ signed by a root CA.</description>
+ </variable>
+
+ <variable id="ca_ssl_crt" type="file">
+ <name>Root CA SSL Public Certificate</name>
+ <value>/etc/planetlab/www_ca_ssl.crt</value>
+ <description>The certificate of the root CA, if any, that
+ signed your server certificate. If your server certificate is
+ self-signed, then this file is the same as your server
+ certificate.</description>
</variable>
</variablelist>
</category>
<name>SSL Private Key</name>
<value>/etc/planetlab/boot_ssl.key</value>
<description>The SSL private key to use for encrypting HTTPS
- traffic. If non-existent, one will be
- generated.</description>
+ traffic.</description>
</variable>
<variable id="ssl_crt" type="file">
<name>SSL Public Certificate</name>
<value>/etc/planetlab/boot_ssl.crt</value>
- <description>The corresponding SSL public certificate,
- signed by the root CA.</description>
+ <description>The corresponding SSL public certificate for
+ the HTTP server. By default, this certificate is
+ self-signed. You may replace the certificate later with one
+ signed by a root CA.</description>
+ </variable>
+
+ <variable id="ca_ssl_crt" type="file">
+ <name>Root CA SSL Public Certificate</name>
+ <value>/etc/planetlab/boot_ca_ssl.crt</value>
+ <description>The certificate of the root CA, if any, that
+ signed your server certificate. If your server certificate is
+ self-signed, then this file is the same as your server
+ certificate.</description>
</variable>
</variablelist>
</category>
<!-- Almost all scripts are written in Python -->
<packagereq type="mandatory">python</packagereq>
- <!-- For various Python scripts that access the API -->
- <packagereq type="mandatory">plcapilib</packagereq>
-
<!-- Database server -->
<packagereq type="mandatory">postgresql</packagereq>
<packagereq type="mandatory">postgresql-server</packagereq>
access the DB directly. -->
<packagereq type="mandatory">php</packagereq>
<packagereq type="mandatory">php-pgsql</packagereq>
- <packagereq type="mandatory">php-xmlrpc</packagereq>
+ <!-- PLCAPI replaces php-xmlrpc -->
+ <!-- <packagereq type="mandatory">php-xmlrpc</packagereq> -->
<!-- Need GD for ImageCreate(), etc. -->
<packagereq type="mandatory">gd</packagereq>
<packagereq type="mandatory">mod_python</packagereq>
<!-- API server uses a few non-standard packages -->
+ <packagereq type="mandatory">PLCAPI</packagereq>
<packagereq type="mandatory">PyXML</packagereq>
- <packagereq type="mandatory">PlanetLabAuth</packagereq>
<!-- API server uses SSL to sign tickets -->
<packagereq type="mandatory">xmlsec1</packagereq>