X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=plc_config.xml;h=567babe5c545b1524ee55edfe9e494209cc20116;hb=6d79b6f68d7ab17fa65be6c92698cb51075e43e3;hp=aea09e09f78fdc2fb104b8456f78ccd223552bd0;hpb=3744d8581747239659f62a85013ec6248ef5b733;p=myplc.git

diff --git a/plc_config.xml b/plc_config.xml
index aea09e0..567babe 100644
--- a/plc_config.xml
+++ b/plc_config.xml
@@ -6,7 +6,7 @@ Default PLC configuration file
 Mark Huang <mlhuang@cs.princeton.edu>
 Copyright (C) 2006 The Trustees of Princeton University
 
-$Id: plc_config.xml,v 1.12 2006/04/28 20:15:00 mlhuang Exp $
+$Id: plc_config.xml,v 1.16 2006/10/27 20:26:49 mlhuang Exp $
 -->
 
 <!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "plc_config.dtd">
@@ -104,6 +104,66 @@ $Id: plc_config.xml,v 1.12 2006/04/28 20:15:00 mlhuang Exp $
       </variablelist>
     </category>
 
+    <category id="plc_ma_sa">
+      <name>Management and Slice Authority</name>
+      <description>These variables control how your site interacts
+      with other PlanetLab sites as a Management Authority (MA) and/or
+      Slice Authority (SA).</description>
+
+      <variablelist>
+	<variable id="namespace" type="ip">
+	  <name>Namespace</name>
+	  <value>test</value>
+	  <description>The namespace of your MA/SA. This should be a
+	  globally unique value assigned by PlanetLab
+	  Central.</description>
+	</variable>
+
+	<variable id="ssl_key" type="file">
+	  <name>SSL Private Key</name>
+	  <value>/etc/planetlab/ma_sa_ssl.key</value>
+	  <description>The SSL private key used for signing documents
+	  with the signature of your MA/SA. If non-existent, one will
+	  be generated.</description>
+	</variable>
+
+	<variable id="ssl_crt" type="file">
+	  <name>SSL Public Certificate</name>
+	  <value>/etc/planetlab/ma_sa_ssl.crt</value>
+	  <description>The corresponding SSL public certificate. By
+	  default, this certificate is self-signed. You may replace
+	  the certificate later with one signed by the PLC root
+	  CA.</description>
+	</variable>
+
+	<variable id="ca_ssl_crt" type="file">
+	  <name>Root CA SSL Public Certificate</name>
+	  <value>/etc/planetlab/ma_sa_ca_ssl.crt</value>
+	  <description>If applicable, the certificate of the PLC root
+	  CA. If your MA/SA certificate is self-signed, then this file
+	  is the same as your MA/SA certificate.</description>
+	</variable>
+
+	<variable id="ca_ssl_key_pub" type="file">
+	  <name>Root CA SSL Public Key</name>
+	  <value>/etc/planetlab/ma_sa_ca_ssl.pub</value>
+	  <description>If applicable, the public key of the PLC root
+	  CA. If your MA/SA certificate is self-signed, then this file
+	  is the same as your MA/SA public key.</description>
+	</variable>
+
+	<variable id="api_crt" type="file">
+	  <name>API Certificate</name>
+	  <value>/etc/planetlab/ma_sa_api.xml</value>
+	  <description>The API Certificate is your MA/SA public key
+	  embedded in a digitally signed XML document. By default,
+	  this document is self-signed. You may replace this
+	  certificate later with one signed by the PLC root
+	  CA.</description>
+	</variable>
+      </variablelist>
+    </category>
+
     <category id="plc_net">
       <name>Network</name>
       <description>Network environment.</description>
@@ -230,7 +290,7 @@ $Id: plc_config.xml,v 1.12 2006/04/28 20:15:00 mlhuang Exp $
 
 	<variable id="name" type="string">
 	  <name>Database Name</name>
-	  <value>planetlab3</value>
+	  <value>planetlab4</value>
 	  <description>The name of the database to access.</description>
 	</variable>
 
@@ -286,13 +346,9 @@ $Id: plc_config.xml,v 1.12 2006/04/28 20:15:00 mlhuang Exp $
 
 	<variable id="port" type="int">
 	  <name>Port</name>
-	  <value>80</value>
+	  <value>443</value>
 	  <description>The TCP port number through which the API
-	  should be accessed. Warning: SSL (port 443) access is not
-	  fully supported by the website code yet. We recommend that
-	  port 80 be used for now and that the API server either run
-	  on the same machine as the web server, or that they both be
-	  on a secure wired network.</description>
+	  should be accessed.</description>
 	</variable>
 
 	<variable id="path" type="string">
@@ -332,29 +388,30 @@ $Id: plc_config.xml,v 1.12 2006/04/28 20:15:00 mlhuang Exp $
 	     be downloaded, or its contents replaced by a file upload,
 	     but the actual <value> shouldn't need to be changed.  -->
 
-	<variable id="ssl_crt" type="file">
-	  <name>SSL Certificate</name>
-	  <value>/etc/planetlab/api_ssl.crt</value>
-	  <description>The signed SSL certificate to use for HTTPS
-	  access. If not specified or non-existent, a self-signed
-	  certificate will be generated.</description>
-	</variable>
-
 	<variable id="ssl_key" type="file">
-	  <name>SSL Key</name>
+	  <name>SSL Private Key</name>
 	  <value>/etc/planetlab/api_ssl.key</value>
-	  <description>The corresponding SSL private key used for
-	  signing the certificate, and for signing slice tickets. If
-	  not specified or non-existent, one will be
+	  <description>The SSL private key to use for encrypting HTTPS
+	  traffic. If non-existent, one will be
 	  generated.</description>
 	</variable>
 
-	<variable id="ssl_key_pub" type="file">
-	  <name>SSL Key</name>
-	  <value>/etc/planetlab/api_ssl.pub</value>
-	  <description>The corresponding SSL public key. If not
-	  specified or non-existent, one will be
-	  generated.</description>
+	<variable id="ssl_crt" type="file">
+	  <name>SSL Public Certificate</name>
+	  <value>/etc/planetlab/api_ssl.crt</value>
+	  <description>The corresponding SSL public certificate. By
+	  default, this certificate is self-signed. You may replace
+	  the certificate later with one signed by a root
+	  CA.</description>
+	</variable>
+
+	<variable id="ca_ssl_crt" type="file">
+	  <name>Root CA SSL Public Certificate</name>
+	  <value>/etc/planetlab/api_ca_ssl.crt</value>
+	  <description>The certificate of the root CA, if any, that
+	  signed your server certificate. If your server certificate is
+	  self-signed, then this file is the same as your server
+	  certificate.</description>
 	</variable>
       </variablelist>
     </category>
@@ -412,20 +469,30 @@ $Id: plc_config.xml,v 1.12 2006/04/28 20:15:00 mlhuang Exp $
 	     be downloaded, or its contents replaced by a file upload,
 	     but the actual <value> shouldn't need to be changed.  -->
 
+	<variable id="ssl_key" type="file">
+	  <name>SSL Private Key</name>
+	  <value>/etc/planetlab/www_ssl.key</value>
+	  <description>The SSL private key to use for encrypting HTTPS
+	  traffic. If non-existent, one will be
+	  generated.</description>
+	</variable>
+
 	<variable id="ssl_crt" type="file">
-	  <name>SSL Certificate</name>
+	  <name>SSL Public Certificate</name>
 	  <value>/etc/planetlab/www_ssl.crt</value>
-	  <description>The signed SSL certificate to use for HTTPS
-	  access. If not specified or non-existent, a self-signed
-	  certificate will be generated.</description>
+	  <description>The corresponding SSL public certificate for
+	  the HTTP server. By default, this certificate is
+	  self-signed. You may replace the certificate later with one
+	  signed by a root CA.</description>
 	</variable>
 
-	<variable id="ssl_key" type="file">
-	  <name>SSL Key</name>
-	  <value>/etc/planetlab/www_ssl.key</value>
-	  <description>The corresponding SSL private key. If not
-	  specified or non-existent, one will be
-	  generated.</description>
+	<variable id="ca_ssl_crt" type="file">
+	  <name>Root CA SSL Public Certificate</name>
+	  <value>/etc/planetlab/www_ca_ssl.crt</value>
+	  <description>The certificate of the root CA, if any, that
+	  signed your server certificate. If your server certificate is
+	  self-signed, then this file is the same as your server
+	  certificate.</description>
 	</variable>
       </variablelist>
     </category>
@@ -481,20 +548,29 @@ $Id: plc_config.xml,v 1.12 2006/04/28 20:15:00 mlhuang Exp $
 	     be downloaded, or its contents replaced by a file upload,
 	     but the actual <value> shouldn't need to be changed.  -->
 
-	<variable id="ssl_crt" type="binary">
-	  <name>SSL Certificate</name>
+	<variable id="ssl_key" type="file">
+	  <name>SSL Private Key</name>
+	  <value>/etc/planetlab/boot_ssl.key</value>
+	  <description>The SSL private key to use for encrypting HTTPS
+	  traffic.</description>
+	</variable>
+
+	<variable id="ssl_crt" type="file">
+	  <name>SSL Public Certificate</name>
 	  <value>/etc/planetlab/boot_ssl.crt</value>
-	  <description>The signed SSL certificate to use for HTTPS
-	  access. If not specified, or non-existent a self-signed
-	  certificate will be generated.</description>
+	  <description>The corresponding SSL public certificate for
+	  the HTTP server. By default, this certificate is
+	  self-signed. You may replace the certificate later with one
+	  signed by a root CA.</description>
 	</variable>
 
-	<variable id="ssl_key" type="binary">
-	  <name>SSL Key</name>
-	  <value>/etc/planetlab/boot_ssl.key</value>
-	  <description>The corresponding SSL private key. If not
-	  specified or non-existent, one will be
-	  generated.</description>
+	<variable id="ca_ssl_crt" type="file">
+	  <name>Root CA SSL Public Certificate</name>
+	  <value>/etc/planetlab/boot_ca_ssl.crt</value>
+	  <description>The certificate of the root CA, if any, that
+	  signed your server certificate. If your server certificate is
+	  self-signed, then this file is the same as your server
+	  certificate.</description>
 	</variable>
       </variablelist>
     </category>
@@ -554,9 +630,6 @@ $Id: plc_config.xml,v 1.12 2006/04/28 20:15:00 mlhuang Exp $
 	<!-- Almost all scripts are written in Python -->
 	<packagereq type="mandatory">python</packagereq>
 
-	<!-- For various Python scripts that access the API -->
-	<packagereq type="mandatory">plcapilib</packagereq>
-
 	<!-- Database server -->
 	<packagereq type="mandatory">postgresql</packagereq>
 	<packagereq type="mandatory">postgresql-server</packagereq>
@@ -570,7 +643,8 @@ $Id: plc_config.xml,v 1.12 2006/04/28 20:15:00 mlhuang Exp $
 	     access the DB directly. -->
 	<packagereq type="mandatory">php</packagereq>
 	<packagereq type="mandatory">php-pgsql</packagereq>
-	<packagereq type="mandatory">php-xmlrpc</packagereq>
+	<!-- PLCAPI replaces php-xmlrpc -->
+	<!-- <packagereq type="mandatory">php-xmlrpc</packagereq> -->
 
 	<!-- Need GD for ImageCreate(), etc. -->
 	<packagereq type="mandatory">gd</packagereq>	
@@ -580,7 +654,9 @@ $Id: plc_config.xml,v 1.12 2006/04/28 20:15:00 mlhuang Exp $
 	<packagereq type="mandatory">mod_python</packagereq>
 
 	<!-- API server uses a few non-standard packages -->
+	<packagereq type="mandatory">PLCAPI</packagereq>
 	<packagereq type="mandatory">PyXML</packagereq>
+	<packagereq type="mandatory">PlanetLabAuth</packagereq>
 
 	<!-- API server uses SSL to sign tickets -->
 	<packagereq type="mandatory">xmlsec1</packagereq>