From fea33a45caccef4c114c9ed852fe39009ed85ba7 Mon Sep 17 00:00:00 2001
From: Mark Huang <mlhuang@cs.princeton.edu>
Date: Fri, 23 Jun 2006 20:31:09 +0000
Subject: [PATCH] - add PlanetLabAuth to MyPLC installation - add root CA
 variables - add MA/SA variables - clarify descriptions of various
 certificates - fix types of boot_ssl.crt and boot_ssl.key

---
 plc_config.xml | 142 ++++++++++++++++++++++++++++++++++---------------
 1 file changed, 100 insertions(+), 42 deletions(-)

diff --git a/plc_config.xml b/plc_config.xml
index aea09e0..dd5d7b1 100644
--- a/plc_config.xml
+++ b/plc_config.xml
@@ -6,7 +6,7 @@ Default PLC configuration file
 Mark Huang <mlhuang@cs.princeton.edu>
 Copyright (C) 2006 The Trustees of Princeton University
 
-$Id: plc_config.xml,v 1.12 2006/04/28 20:15:00 mlhuang Exp $
+$Id: plc_config.xml,v 1.13 2006/05/23 18:14:47 mlhuang Exp $
 -->
 
 <!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "plc_config.dtd">
@@ -101,6 +101,75 @@ $Id: plc_config.xml,v 1.12 2006/04/28 20:15:00 mlhuang Exp $
 	  <description>The SSH private key used to access the root
 	  account on your nodes.</description>
 	</variable>
+
+	<variable id="root_ca_ssl_key" type="file">
+	  <name>Root CA SSL Private Key</name>
+	  <value>/etc/planetlab/root_ca_ssl.key</value>
+	  <description>The SSL private key used for signing all other
+	  generated certificates. If non-existent, one will be
+	  generated.</description>
+	</variable>
+
+	<variable id="root_ca_ssl_key_pub" type="file">
+	  <name>Root CA SSL Public Key</name>
+	  <value>/etc/planetlab/root_ca_ssl.pub</value>
+	  <description>The corresponding SSL public key.</description>
+	</variable>
+
+	<variable id="root_ca_ssl_crt" type="file">
+	  <name>Root CA SSL Public Certificate</name>
+	  <value>/etc/planetlab/root_ca_ssl.crt</value>
+	  <description>The corresponding SSL public
+	  certificate.</description>
+	</variable>
+      </variablelist>
+    </category>
+
+    <category id="plc_ma_sa">
+      <name>Management and Slice Authority</name>
+      <description>These variables control how your site interacts
+      with other PlanetLab sites as a Management Authority (MA) and/or
+      Slice Authority (SA).</description>
+
+      <variablelist>
+	<variable id="namespace" type="ip">
+	  <name>Namespace</name>
+	  <value>test</value>
+	  <description>The namespace of your MA/SA. This should be a
+	  globally unique value assigned by PlanetLab
+	  Central.</description>
+	</variable>
+
+	<variable id="ssl_key" type="file">
+	  <name>SSL Private Key</name>
+	  <value>/etc/planetlab/ma_sa_ssl.key</value>
+	  <description>The SSL private key used for signing documents
+	  with the signature of your MA/SA. If non-existent, one will
+	  be generated.</description>
+	</variable>
+
+	<variable id="ssl_key_pub" type="file">
+	  <name>SSL Public Key</name>
+	  <value>/etc/planetlab/ma_sa_ssl.pub</value>
+	  <description>The corresponding SSL public key.</description>
+	</variable>
+
+	<variable id="ssl_crt" type="file">
+	  <name>SSL Public Certificate</name>
+	  <value>/etc/planetlab/ma_sa_ssl.crt</value>
+	  <description>The corresponding SSL public certificate,
+	  signed by the root CA.</description>
+	</variable>
+
+	<variable id="api_crt" type="file">
+	  <name>API Certificate</name>
+	  <value>/etc/planetlab/ma_sa_api.xml</value>
+	  <description>The API Certificate for your MA/SA is the SSL
+	  public key for your MA/SA embedded in an XML document and
+	  signed by the root CA SSL private key. The API Certificate
+	  can be used by any PlanetLab node managed by any MA, to
+	  verify that your MA/SA public key is valid.</description>
+	</variable>
       </variablelist>
     </category>
 
@@ -332,29 +401,19 @@ $Id: plc_config.xml,v 1.12 2006/04/28 20:15:00 mlhuang Exp $
 	     be downloaded, or its contents replaced by a file upload,
 	     but the actual <value> shouldn't need to be changed.  -->
 
-	<variable id="ssl_crt" type="file">
-	  <name>SSL Certificate</name>
-	  <value>/etc/planetlab/api_ssl.crt</value>
-	  <description>The signed SSL certificate to use for HTTPS
-	  access. If not specified or non-existent, a self-signed
-	  certificate will be generated.</description>
-	</variable>
-
 	<variable id="ssl_key" type="file">
-	  <name>SSL Key</name>
+	  <name>SSL Private Key</name>
 	  <value>/etc/planetlab/api_ssl.key</value>
-	  <description>The corresponding SSL private key used for
-	  signing the certificate, and for signing slice tickets. If
-	  not specified or non-existent, one will be
+	  <description>The SSL private key to use for encrypting HTTPS
+	  traffic. If non-existent, one will be
 	  generated.</description>
 	</variable>
 
-	<variable id="ssl_key_pub" type="file">
-	  <name>SSL Key</name>
-	  <value>/etc/planetlab/api_ssl.pub</value>
-	  <description>The corresponding SSL public key. If not
-	  specified or non-existent, one will be
-	  generated.</description>
+	<variable id="ssl_crt" type="file">
+	  <name>SSL Public Certificate</name>
+	  <value>/etc/planetlab/api_ssl.crt</value>
+	  <description>The corresponding SSL public certificate,
+	  signed by the root CA.</description>
 	</variable>
       </variablelist>
     </category>
@@ -412,21 +471,20 @@ $Id: plc_config.xml,v 1.12 2006/04/28 20:15:00 mlhuang Exp $
 	     be downloaded, or its contents replaced by a file upload,
 	     but the actual <value> shouldn't need to be changed.  -->
 
-	<variable id="ssl_crt" type="file">
-	  <name>SSL Certificate</name>
-	  <value>/etc/planetlab/www_ssl.crt</value>
-	  <description>The signed SSL certificate to use for HTTPS
-	  access. If not specified or non-existent, a self-signed
-	  certificate will be generated.</description>
-	</variable>
-
 	<variable id="ssl_key" type="file">
-	  <name>SSL Key</name>
+	  <name>SSL Private Key</name>
 	  <value>/etc/planetlab/www_ssl.key</value>
-	  <description>The corresponding SSL private key. If not
-	  specified or non-existent, one will be
+	  <description>The SSL private key to use for encrypting HTTPS
+	  traffic. If non-existent, one will be
 	  generated.</description>
 	</variable>
+
+	<variable id="ssl_crt" type="file">
+	  <name>SSL Public Certificate</name>
+	  <value>/etc/planetlab/www_ssl.crt</value>
+	  <description>The corresponding SSL public certificate,
+	  signed by the root CA.</description>
+	</variable>
       </variablelist>
     </category>
 
@@ -481,21 +539,20 @@ $Id: plc_config.xml,v 1.12 2006/04/28 20:15:00 mlhuang Exp $
 	     be downloaded, or its contents replaced by a file upload,
 	     but the actual <value> shouldn't need to be changed.  -->
 
-	<variable id="ssl_crt" type="binary">
-	  <name>SSL Certificate</name>
-	  <value>/etc/planetlab/boot_ssl.crt</value>
-	  <description>The signed SSL certificate to use for HTTPS
-	  access. If not specified, or non-existent a self-signed
-	  certificate will be generated.</description>
-	</variable>
-
-	<variable id="ssl_key" type="binary">
-	  <name>SSL Key</name>
+	<variable id="ssl_key" type="file">
+	  <name>SSL Private Key</name>
 	  <value>/etc/planetlab/boot_ssl.key</value>
-	  <description>The corresponding SSL private key. If not
-	  specified or non-existent, one will be
+	  <description>The SSL private key to use for encrypting HTTPS
+	  traffic. If non-existent, one will be
 	  generated.</description>
 	</variable>
+
+	<variable id="ssl_crt" type="file">
+	  <name>SSL Public Certificate</name>
+	  <value>/etc/planetlab/boot_ssl.crt</value>
+	  <description>The corresponding SSL public certificate,
+	  signed by the root CA.</description>
+	</variable>
       </variablelist>
     </category>
   </variables>
@@ -581,6 +638,7 @@ $Id: plc_config.xml,v 1.12 2006/04/28 20:15:00 mlhuang Exp $
 
 	<!-- API server uses a few non-standard packages -->
 	<packagereq type="mandatory">PyXML</packagereq>
+	<packagereq type="mandatory">PlanetLabAuth</packagereq>
 
 	<!-- API server uses SSL to sign tickets -->
 	<packagereq type="mandatory">xmlsec1</packagereq>
-- 
2.47.0