X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=plc_config.xml;h=5f17219dc68321c1686169c05a77012683b72acb;hb=refs%2Fheads%2Fmyplc-0_4-branch;hp=5d494a0f0ce76868f55f17dd8f77d916b0578c3b;hpb=9d2a2347afc198d02f4e0a8718f625665f7b0dcd;p=myplc.git

diff --git a/plc_config.xml b/plc_config.xml
index 5d494a0..5f17219 100644
--- a/plc_config.xml
+++ b/plc_config.xml
@@ -1,5 +1,15 @@
-<?xml version="1.0"?>
-<!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "configuration.dtd">
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+Default PLC configuration file
+
+Mark Huang <mlhuang@cs.princeton.edu>
+Copyright (C) 2006 The Trustees of Princeton University
+
+$Id: plc_config.xml,v 1.15 2006/07/10 21:04:17 mlhuang Exp $
+-->
+
+<!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "plc_config.dtd">
 
 <configuration>
   <variables>
@@ -28,9 +38,9 @@
 	  not be changed.</description>
 	</variable>
 
-	<variable id="root_user" type="password">
+	<variable id="root_user" type="email">
 	  <name>Root Account</name>
-	  <value>root@test.planet-lab.org</value>
+	  <value>root@localhost.localdomain</value>
 	  <description>The name of the initial administrative
 	  account. We recommend that this account be used only to create
 	  additional accounts associated with real
@@ -94,6 +104,66 @@
       </variablelist>
     </category>
 
+    <category id="plc_ma_sa">
+      <name>Management and Slice Authority</name>
+      <description>These variables control how your site interacts
+      with other PlanetLab sites as a Management Authority (MA) and/or
+      Slice Authority (SA).</description>
+
+      <variablelist>
+	<variable id="namespace" type="ip">
+	  <name>Namespace</name>
+	  <value>test</value>
+	  <description>The namespace of your MA/SA. This should be a
+	  globally unique value assigned by PlanetLab
+	  Central.</description>
+	</variable>
+
+	<variable id="ssl_key" type="file">
+	  <name>SSL Private Key</name>
+	  <value>/etc/planetlab/ma_sa_ssl.key</value>
+	  <description>The SSL private key used for signing documents
+	  with the signature of your MA/SA. If non-existent, one will
+	  be generated.</description>
+	</variable>
+
+	<variable id="ssl_crt" type="file">
+	  <name>SSL Public Certificate</name>
+	  <value>/etc/planetlab/ma_sa_ssl.crt</value>
+	  <description>The corresponding SSL public certificate. By
+	  default, this certificate is self-signed. You may replace
+	  the certificate later with one signed by the PLC root
+	  CA.</description>
+	</variable>
+
+	<variable id="ca_ssl_crt" type="file">
+	  <name>Root CA SSL Public Certificate</name>
+	  <value>/etc/planetlab/ma_sa_ca_ssl.crt</value>
+	  <description>If applicable, the certificate of the PLC root
+	  CA. If your MA/SA certificate is self-signed, then this file
+	  is the same as your MA/SA certificate.</description>
+	</variable>
+
+	<variable id="ca_ssl_key_pub" type="file">
+	  <name>Root CA SSL Public Key</name>
+	  <value>/etc/planetlab/ma_sa_ca_ssl.pub</value>
+	  <description>If applicable, the public key of the PLC root
+	  CA. If your MA/SA certificate is self-signed, then this file
+	  is the same as your MA/SA public key.</description>
+	</variable>
+
+	<variable id="api_crt" type="file">
+	  <name>API Certificate</name>
+	  <value>/etc/planetlab/ma_sa_api.xml</value>
+	  <description>The API Certificate is your MA/SA public key
+	  embedded in a digitally signed XML document. By default,
+	  this document is self-signed. You may replace this
+	  certificate later with one signed by the PLC root
+	  CA.</description>
+	</variable>
+      </variablelist>
+    </category>
+
     <category id="plc_net">
       <name>Network</name>
       <description>Network environment.</description>
@@ -101,18 +171,41 @@
       <variablelist>
 	<variable id="dns1" type="ip">
 	  <name>Primary DNS Server</name>
-	  <value>128.112.136.10</value>
+	  <value>127.0.0.1</value>
 	  <description>Primary DNS server address.</description>
 	</variable>
 
 	<variable id="dns2" type="ip">
 	  <name>Secondary DNS Server</name>
-	  <value>128.112.136.12</value>
+	  <value></value>
 	  <description>Secondary DNS server address.</description>
 	</variable>
       </variablelist>
     </category>
 
+    <category id="plc_dns">
+      <name>DNS</name>
+      <description>MyPLC can provide forward DNS resolution for itself
+      and for its nodes. To enable resolution for MyPLC itself, set
+      the Primary DNS Server address to 127.0.0.1 and provide external
+      IP addresses for the database, API, web, and boot servers
+      below. To enable resolution for nodes, use the external IP
+      address of this machine as the primary DNS server address for
+      each node.</description>
+
+      <variablelist>
+        <variable id="enabled" type="boolean">
+          <name>Enable DNS</name>
+          <value>true</value>
+          <description>Enable the internal DNS server. The server does
+          not provide reverse resolution and is not a production
+          quality or scalable DNS solution. Use the internal DNS
+          server only for small deployments or for
+          testing.</description>
+        </variable>
+      </variablelist>
+    </category>
+
     <category id="plc_mail">
       <name>Mail</name>
       <description>Many maintenance scripts, as well as the API and
@@ -127,9 +220,9 @@
 	  and warnings.</description>
 	</variable>
 
-	<variable id="support_address">
+	<variable id="support_address" type="email">
 	  <name>Support Address</name>
-	  <value>root@localhost</value>
+	  <value>root+support@localhost.localdomain</value>
 	  <description>This address is used for support
 	  requests. Support requests may include traffic complaints,
 	  security incident reporting, web site malfunctions, and
@@ -138,13 +231,19 @@
 	  Tracker.</description>
 	</variable>
 
-	<variable id="boot_address">
+	<variable id="boot_address" type="email">
 	  <name>Boot Messages Address</name>
-	  <value>root@localhost</value>
+	  <value>root+install-msgs@localhost.localdomain</value>
 	  <description>The API will notify this address when a problem
-	  occurs during node installation or boot. If a domain is not
-	  specified, the default system domain will be used
-	  name.</description>
+	  occurs during node installation or boot.</description>
+	</variable>
+
+	<variable id="slice_address" type="email">
+	  <name>Slice Address</name>
+	  <value>root+SLICE@localhost.localdomain</value>
+	  <description>This address template is used for sending
+	  e-mail notifications to slices. SLICE will be replaced with
+	  the name of the slice.</description>
 	</variable>
       </variablelist>
     </category>
@@ -170,10 +269,23 @@
 
 	<variable id="host" type="hostname">
 	  <name>Hostname</name>
-	  <value>localhost</value>
-	  <description>The fully qualified hostname or IP address of
-	  the database server. This hostname must be resolvable and
-	  reachable by the rest of your installation.</description>
+	  <value>localhost.localdomain</value>
+	  <description>The fully qualified hostname of the database
+	  server.</description>
+	</variable>
+
+        <variable id="ip" type="ip">
+          <name>IP Address</name>
+          <value>127.0.0.1</value>
+          <description>The IP address of the database server, if not
+          resolvable by the configured DNS servers.</description>
+        </variable>
+
+	<variable id="port" type="int">
+	  <name>Port</name>
+	  <value>5432</value>
+	  <description>The TCP port number through which the database
+	  server should be accessed.</description>
 	</variable>
 
 	<variable id="name" type="string">
@@ -220,13 +332,18 @@
 
 	<variable id="host" type="hostname">
 	  <name>Hostname</name>
-	  <value>localhost</value>
-	  <description>The fully qualified hostname or IP address of
-	  the API server. This hostname must be resolvable and
-	  reachable by the rest of your installation, as well as your
-	  nodes.</description>
+	  <value>localhost.localdomain</value>
+	  <description>The fully qualified hostname of the API
+	  server.</description>
 	</variable>
 
+        <variable id="ip" type="ip">
+          <name>IP Address</name>
+          <value>127.0.0.1</value>
+          <description>The IP address of the API server, if not
+          resolvable by the configured DNS servers.</description>
+        </variable>
+
 	<variable id="port" type="int">
 	  <name>Port</name>
 	  <value>80</value>
@@ -246,7 +363,7 @@
 
 	<variable id="maintenance_user" type="string">
 	  <name>Maintenance User</name>
-	  <value>maint@test.planet-lab.org</value>
+	  <value>maint@localhost.localdomain</value>
 	  <description>The username of the maintenance account. This
 	  account is used by local scripts that perform automated
 	  tasks, and cannot be used for normal logins.</description>
@@ -264,9 +381,10 @@
 	  <name>Authorized Hosts</name>
 	  <value></value>
 	  <description>A space-separated list of IP addresses allowed
-	  to access the API through the maintenance account. If left
-	  blank, the API, web, and boot servers are
-	  allowed.</description>
+	  to access the API through the maintenance account. The value
+	  of this variable is set automatically to allow only the API,
+	  web, and boot servers, and should not be
+	  changed.</description>
 	</variable>
 
 	<!-- The following are not actually meant to be configurable
@@ -274,29 +392,30 @@
 	     be downloaded, or its contents replaced by a file upload,
 	     but the actual <value> shouldn't need to be changed.  -->
 
-	<variable id="ssl_crt" type="file">
-	  <name>SSL Certificate</name>
-	  <value>/etc/planetlab/api_ssl.crt</value>
-	  <description>The signed SSL certificate to use for HTTPS
-	  access. If not specified or non-existent, a self-signed
-	  certificate will be generated.</description>
-	</variable>
-
 	<variable id="ssl_key" type="file">
-	  <name>SSL Key</name>
+	  <name>SSL Private Key</name>
 	  <value>/etc/planetlab/api_ssl.key</value>
-	  <description>The corresponding SSL private key used for
-	  signing the certificate, and for signing slice tickets. If
-	  not specified or non-existent, one will be
+	  <description>The SSL private key to use for encrypting HTTPS
+	  traffic. If non-existent, one will be
 	  generated.</description>
 	</variable>
 
-	<variable id="ssl_key_pub" type="file">
-	  <name>SSL Key</name>
-	  <value>/etc/planetlab/api_ssl.pub</value>
-	  <description>The corresponding SSL public key. If not
-	  specified or non-existent, one will be
-	  generated.</description>
+	<variable id="ssl_crt" type="file">
+	  <name>SSL Public Certificate</name>
+	  <value>/etc/planetlab/api_ssl.crt</value>
+	  <description>The corresponding SSL public certificate. By
+	  default, this certificate is self-signed. You may replace
+	  the certificate later with one signed by a root
+	  CA.</description>
+	</variable>
+
+	<variable id="ca_ssl_crt" type="file">
+	  <name>Root CA SSL Public Certificate</name>
+	  <value>/etc/planetlab/api_ca_ssl.crt</value>
+	  <description>The certificate of the root CA, if any, that
+	  signed your server certificate. If your server certificate is
+	  self-signed, then this file is the same as your server
+	  certificate.</description>
 	</variable>
       </variablelist>
     </category>
@@ -322,13 +441,18 @@
 
 	<variable id="host" type="hostname">
 	  <name>Hostname</name>
-	  <value>localhost</value>
-	  <description>The fully qualified hostname or IP address of
-	  the web server. This hostname must be resolvable and
-	  reachable by the rest of your installation, as well as your
-	  nodes.</description>
+	  <value>localhost.localdomain</value>
+	  <description>The fully qualified hostname of the web
+	  server.</description>
 	</variable>
 
+        <variable id="ip" type="ip">
+          <name>IP Address</name>
+          <value>127.0.0.1</value>
+          <description>The IP address of the web server, if not
+          resolvable by the configured DNS servers.</description>
+        </variable>
+
 	<variable id="port" type="int">
 	  <name>Port</name>
 	  <value>80</value>
@@ -349,20 +473,30 @@
 	     be downloaded, or its contents replaced by a file upload,
 	     but the actual <value> shouldn't need to be changed.  -->
 
+	<variable id="ssl_key" type="file">
+	  <name>SSL Private Key</name>
+	  <value>/etc/planetlab/www_ssl.key</value>
+	  <description>The SSL private key to use for encrypting HTTPS
+	  traffic. If non-existent, one will be
+	  generated.</description>
+	</variable>
+
 	<variable id="ssl_crt" type="file">
-	  <name>SSL Certificate</name>
+	  <name>SSL Public Certificate</name>
 	  <value>/etc/planetlab/www_ssl.crt</value>
-	  <description>The signed SSL certificate to use for HTTPS
-	  access. If not specified or non-existent, a self-signed
-	  certificate will be generated.</description>
+	  <description>The corresponding SSL public certificate for
+	  the HTTP server. By default, this certificate is
+	  self-signed. You may replace the certificate later with one
+	  signed by a root CA.</description>
 	</variable>
 
-	<variable id="ssl_key" type="file">
-	  <name>SSL Key</name>
-	  <value>/etc/planetlab/www_ssl.key</value>
-	  <description>The corresponding SSL private key. If not
-	  specified or non-existent, one will be
-	  generated.</description>
+	<variable id="ca_ssl_crt" type="file">
+	  <name>Root CA SSL Public Certificate</name>
+	  <value>/etc/planetlab/www_ca_ssl.crt</value>
+	  <description>The certificate of the root CA, if any, that
+	  signed your server certificate. If your server certificate is
+	  self-signed, then this file is the same as your server
+	  certificate.</description>
 	</variable>
       </variablelist>
     </category>
@@ -385,13 +519,18 @@
 
 	<variable id="host" type="hostname">
 	  <name>Hostname</name>
-	  <value>localhost</value>
-	  <description>The fully qualified hostname or IP address of
-	  the boot server. This hostname must be resolvable and
-	  reachable by the rest of your installation, as well as your
-	  nodes.</description>
+	  <value>localhost.localdomain</value>
+	  <description>The fully qualified hostname of the boot
+	  server.</description>
 	</variable>
 
+        <variable id="ip" type="ip">
+          <name>IP Address</name>
+          <value>127.0.0.1</value>
+          <description>The IP address of the boot server, if not
+          resolvable by the configured DNS servers.</description>
+        </variable>
+
 	<variable id="port" type="int">
 	  <name>Port</name>
 	  <value>80</value>
@@ -413,20 +552,29 @@
 	     be downloaded, or its contents replaced by a file upload,
 	     but the actual <value> shouldn't need to be changed.  -->
 
-	<variable id="ssl_crt" type="binary">
-	  <name>SSL Certificate</name>
+	<variable id="ssl_key" type="file">
+	  <name>SSL Private Key</name>
+	  <value>/etc/planetlab/boot_ssl.key</value>
+	  <description>The SSL private key to use for encrypting HTTPS
+	  traffic.</description>
+	</variable>
+
+	<variable id="ssl_crt" type="file">
+	  <name>SSL Public Certificate</name>
 	  <value>/etc/planetlab/boot_ssl.crt</value>
-	  <description>The signed SSL certificate to use for HTTPS
-	  access. If not specified, or non-existent a self-signed
-	  certificate will be generated.</description>
+	  <description>The corresponding SSL public certificate for
+	  the HTTP server. By default, this certificate is
+	  self-signed. You may replace the certificate later with one
+	  signed by a root CA.</description>
 	</variable>
 
-	<variable id="ssl_key" type="binary">
-	  <name>SSL Key</name>
-	  <value>/etc/planetlab/boot_ssl.key</value>
-	  <description>The corresponding SSL private key. If not
-	  specified or non-existent, one will be
-	  generated.</description>
+	<variable id="ca_ssl_crt" type="file">
+	  <name>Root CA SSL Public Certificate</name>
+	  <value>/etc/planetlab/boot_ca_ssl.crt</value>
+	  <description>The certificate of the root CA, if any, that
+	  signed your server certificate. If your server certificate is
+	  self-signed, then this file is the same as your server
+	  certificate.</description>
 	</variable>
       </variablelist>
     </category>
@@ -440,10 +588,21 @@
       <description>PlanetLab Central Packages</description>
       <uservisible>true</uservisible>
       <packagelist>
+	<!-- Basics -->
+	<packagereq type="mandatory">dev</packagereq>	
+
+	<!-- kernel-vserver is intended for the vserver-reference, but
+	     serves the same useful purpose for MyPLC, namely, to
+	     Provide: kernel without actually installing anything. -->
+	<packagereq type="mandatory">kernel-vserver</packagereq>	
+
 	<!-- Sending mail -->
 	<packagereq type="mandatory">sendmail</packagereq>
 	<packagereq type="mandatory">sendmail-cf</packagereq>
 
+	<!-- Caching DNS server -->
+	<packagereq type="mandatory">dnsmasq</packagereq>
+
 	<!-- (Optional) Synchronizing with PLC -->
 	<packagereq type="mandatory">rsync</packagereq>
 
@@ -454,13 +613,24 @@
 	<packagereq type="mandatory">cvs</packagereq>
 	<packagereq type="mandatory">curl</packagereq>
 	<packagereq type="mandatory">wget</packagereq>
+	<packagereq type="mandatory">less</packagereq>
+	<packagereq type="mandatory">gzip</packagereq>
+	<packagereq type="mandatory">bzip2</packagereq>
+	<packagereq type="mandatory">cpio</packagereq>
+	<packagereq type="mandatory">tar</packagereq>
+	<packagereq type="mandatory">diffutils</packagereq>
 
 	<!-- yum >=2.2 uses a new repository format -->
 	<packagereq type="mandatory">createrepo</packagereq>
+	<packagereq type="mandatory">yum</packagereq>
+	<packagereq type="mandatory">rpm</packagereq>
 
 	<!-- For mkpasswd -->
 	<packagereq type="mandatory">expect</packagereq>
 
+	<!-- For ssh-keygen -->
+	<packagereq type="mandatory">openssh</packagereq>
+
 	<!-- Almost all scripts are written in Python -->
 	<packagereq type="mandatory">python</packagereq>
 
@@ -491,20 +661,16 @@
 
 	<!-- API server uses a few non-standard packages -->
 	<packagereq type="mandatory">PyXML</packagereq>
+	<packagereq type="mandatory">PlanetLabAuth</packagereq>
 
 	<!-- API server uses SSL to sign tickets -->
 	<packagereq type="mandatory">xmlsec1</packagereq>
 	<packagereq type="mandatory">xmlsec1-openssl</packagereq>
 	<packagereq type="mandatory">openssl</packagereq>
 
-	<!-- bootcd is generated using mkisofs -->
-	<packagereq type="mandatory">mkisofs</packagereq>
-
-	<!-- bootcd and bootmanager images are signed using GPG -->
-	<packagereq type="mandatory">gnupg</packagereq>
-
-	<!-- bootmanager requires uuencode -->
-	<packagereq type="mandatory">sharutils</packagereq>
+	<!-- Customizable Boot CD and Boot Manager packages -->
+	<packagereq type="mandatory">bootcd</packagereq>
+	<packagereq type="mandatory">bootmanager</packagereq>
       </packagelist>
     </group>