1 <?xml version="1.0" encoding="utf-8"?>
4 Default PLC configuration file
6 Mark Huang <mlhuang@cs.princeton.edu>
7 Copyright (C) 2006 The Trustees of Princeton University
11 <!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "plc_config.dtd">
17 <description>Basic system variables. Be sure that the values of
18 these variables are the same across all machines in your
19 installation.</description>
22 <variable id="name" type="string">
24 <value>PlanetLab Test</value>
25 <description>The name of this PLC installation. It is used in
26 the name of the default system site (e.g., PlanetLab Central)
27 and in the names of various administrative entities (e.g.,
28 PlanetLab Support).</description>
31 <variable id="shortname" type="string">
34 <description>The short name of this PLC installation. It is
35 mostly used in the web interface when displaying local
36 objects.</description>
39 <variable id="hrn_root" type="string">
40 <name>Root in Hierarchical Naming Space </name>
41 <value>planetlab.test</value>
42 <description> The root of this peer in the hierarchical federation naming space. if SFA services are setup on top of this PLC deplyment, the SFA_INTERFACE_HRN needs to be equal to PLC_HRN_ROOT</description>
45 <variable id="slice_prefix" type="string">
46 <name>Slice Prefix</name>
48 <description>The abbreviated name of this PLC
49 installation. It is used as the prefix for system slices
50 (e.g., pl_conf). Warning: Currently, this variable should
51 not be changed.</description>
54 <variable id="root_user" type="email">
55 <name>Root Account</name>
56 <value>root@localhost.localdomain</value>
57 <description>The name of the initial administrative
58 account. We recommend that this account be used only to create
59 additional accounts associated with real
60 administrators, then disabled.</description>
63 <variable id="root_password" type="password">
64 <name>Root Password</name>
66 <description>The password of the initial administrative
67 account. Also the password of the root account on the Boot
71 <!-- The following are not actually meant to be configurable
72 as variables. The web interface should allow the file to
73 be downloaded, or its contents replaced by a file upload,
74 but the actual <value> shouldn't need to be changed. -->
76 <variable id="root_ssh_key_pub" type="file">
77 <name>Root SSH Public Key</name>
78 <value>/etc/planetlab/root_ssh_key.pub</value>
79 <description>The SSH public key used to access the root
80 account on your nodes.</description>
83 <variable id="root_ssh_key" type="file">
84 <name>Root SSH Private Key</name>
85 <value>/etc/planetlab/root_ssh_key.rsa</value>
86 <description>The SSH private key used to access the root
87 account on your nodes.</description>
90 <variable id="debug_ssh_key_pub" type="file">
91 <name>Debug SSH Public Key</name>
92 <value>/etc/planetlab/debug_ssh_key.pub</value>
93 <description>The SSH public key used to access the root
94 account on your nodes when they are in Debug mode.</description>
97 <variable id="debug_ssh_key" type="file">
98 <name>Debug SSH Private Key</name>
99 <value>/etc/planetlab/debug_ssh_key.rsa</value>
100 <description>The SSH private key used to access the root
101 account on your nodes when they are in Debug mode.</description>
104 <variable id="root_gpg_key_pub" type="file">
105 <name>Root GPG Public Keyring</name>
106 <value>/etc/planetlab/pubring.gpg</value>
107 <description>The GPG public keyring used to sign the Boot
108 Manager and all node packages.</description>
111 <variable id="root_gpg_key" type="file">
112 <name>Root GPG Private Keyring</name>
113 <value>/etc/planetlab/secring.gpg</value>
114 <description>The SSH private key used to access the root
115 account on your nodes.</description>
121 <category id="plc_flavour">
122 <name>Flavours</name>
123 <description>Defaults for nodes and slices contents.</description>
126 <variable id="virt_map" type="string">
127 <value> f8,f12,f14,centos5,centos6:vs; default:lxc </value>
128 <description>Allows to compute a virtualization mechanism
129 from an fcdistro. Starting with 5.2 MyPLC has support for
130 either 'vs' or 'lxc', and this gives a correspondance from
131 the node's fcdistro to the right virtualization mechanism.
132 This information is essentially used by the BootManager for
133 getting the installation phase right like e.g. when
134 partitioning disks, and not to figure the contents of the
135 nodeimage that depend only on fcdistro, pldistro and of
136 course arch. This can be overridden by setting the vrt tag
137 on that particular node. </description>
140 <variable id="node_arch" type="string">
141 <name>arch for nodes</name>
142 <value>@ARCH@</value>
143 <description>The default 'arch' to use when installing nodes.
144 This is offered mostly for consistency with the rest of the
145 PLC_FLAVOUR category, but does not have much of a practical
146 interest. In any case, you need to have the corresponding
147 bootstrapfs images available for nodes.</description>
150 <variable id="node_fcdistro" type="string">
151 <name>fcdistro for nodes</name>
152 <value>@FCDISTRO@</value>
153 <description>THIS CURRENTLY HAS NO EFFECT.
154 The default 'fcdistro' to use when installing
155 nodes.You need to have the corresponding bootstrapfs images
156 available for nodes. THIS CURRENTLY HAS NO EFFECT.</description>
159 <variable id="node_pldistro" type="string">
160 <name>pldistro for nodes</name>
161 <value>@PLDISTRO@</value>
162 <description>The default 'pldistro' to use when installing
163 nodes. You need to have the corresponding bootstrapfs
164 images available for nodes.</description>
167 <variable id="slice_arch" type="string">
168 <name>arch for slivers</name>
169 <value>@ARCH@</value>
170 <description>The default 'arch' to use for slivers. This is
171 useful if you have heterogeneous nodes (i686 and x86_64),
172 but want slivers to be homogeneous. You need to have the
173 corresponding vserver variant rpm available for
177 <variable id="slice_fcdistro" type="string">
178 <name>fcdistro for slivers</name>
179 <value>@FCDISTRO@</value>
180 <description>The default 'fcdistro' to use for creating
181 slivers. You need to have the corresponding vserver variant
182 rpm available for nodes.</description>
185 <variable id="slice_pldistro" type="string">
186 <name>pldistro for slivers</name>
187 <value>@PLDISTRO@</value>
188 <description>The default 'pldistro' to use for creating
189 slivers. You need to have the corresponding vserver variant
190 rpm available for nodes.</description>
196 <category id="plc_net">
198 <description>Network environment.</description>
201 <variable id="dns1" type="ip">
202 <name>Primary DNS Server</name>
203 <value>127.0.0.1</value>
204 <description>Primary DNS server address.</description>
207 <variable id="dns2" type="ip">
208 <name>Secondary DNS Server</name>
210 <description>Secondary DNS server address.</description>
215 <category id="plc_dns">
217 <description>MyPLC can provide forward DNS resolution for itself
218 and for its nodes. To enable resolution for MyPLC itself, set
219 the Primary DNS Server address to 127.0.0.1 and provide external
220 IP addresses for the database, API, web, and boot servers
221 below. To enable resolution for nodes, use the external IP
222 address of this machine as the primary DNS server address for
223 each node.</description>
226 <variable id="enabled" type="boolean">
227 <name>Enable DNS</name>
229 <description>Enable the internal DNS server. The server does
230 not provide reverse resolution and is not a production
231 quality or scalable DNS solution. Use the internal DNS
232 server only for small deployments or for
233 testing.</description>
238 <category id="plc_hosts">
239 <name>/etc/hosts</name>
240 <description>MyPLC can setup /etc/hosts with the hostnames and
241 IP addresses specified for *_NAME and *_IP, or look up the IP
242 addresses if they are not specified in this configuration.
246 <variable id="enabled" type="boolean">
247 <name>Enable /etc/hosts configuration</name>
249 <description>Let PLC manage /etc/hosts</description>
254 <category id="plc_mail">
256 <description>Many maintenance scripts, as well as the API and
257 web site themselves, send e-mail notifications and
258 warnings.</description>
261 <variable id="enabled" type="boolean">
262 <name>Enable Mail</name>
264 <description>Set to false to suppress all e-mail notifications
265 and warnings.</description>
268 <variable id="support_address" type="email">
269 <name>Support Address</name>
270 <value>root+support@localhost.localdomain</value>
271 <description>This address is used for support
272 requests. Support requests may include traffic complaints,
273 security incident reporting, web site malfunctions, and
274 general requests for information. We recommend that the
275 address be aliased to a ticketing system such as Request
276 Tracker.</description>
279 <variable id="from_address" type="email">
280 <name>From Address</name>
281 <value>root@localhost.localdomain</value>
282 <description>All e-mail notifications and warnings will appear
283 to come from this address. Older versions used PLC_MAIL_SUPPORT_ADDRESS here.
284 Choosing a different address can be useful in a context where SPF is in place.
285 A good test is to try an enroll an account with a gmail account.
289 <variable id="boot_address" type="email">
290 <name>Boot Messages Address</name>
291 <value>root+install-msgs@localhost.localdomain</value>
292 <description>The API will notify this address when a problem
293 occurs during node installation or boot.</description>
296 <variable id="mom_list_address" type="email">
297 <name>Mom List Address</name>
298 <value>root+mom@localhost.localdomain</value>
299 <description>This address is used by operations staff
300 to monitor Mom (formerly pl_mom) messages indicating
301 excessive BW or memory usage by a slice. Mom messages sent
302 to slices will be cc'ed to this list so as not to clog
303 the Support Address list.</description>
306 <variable id="slice_address" type="email">
307 <name>Slice Address</name>
308 <value>root+SLICE@localhost.localdomain</value>
309 <description>This address template is used for sending
310 e-mail notifications to slices. SLICE will be replaced with
311 the name of the slice.</description>
316 <category id="plc_db">
317 <name>Database Server</name>
318 <description>Database server definitions.</description>
321 <variable id="enabled" type="boolean">
324 <description>Enable the database server on this
325 machine.</description>
328 <variable id="type" type="string">
330 <value>postgresql</value>
331 <description>The type of database server. Currently, only
332 postgresql is supported.</description>
335 <variable id="host" type="hostname">
336 <name>Hostname</name>
337 <value>localhost.localdomain</value>
338 <description>The fully qualified hostname of the database
339 server.</description>
342 <variable id="ip" type="ip">
343 <name>IP Address</name>
345 <description>The IP address of the database server, if not
346 resolvable.</description>
349 <variable id="port" type="int">
352 <description>The TCP port number through which the database
353 server should be accessed.</description>
356 <variable id="name" type="string">
357 <name>Database Name</name>
358 <value>planetlab5</value>
359 <description>The name of the database to access.</description>
362 <variable id="user" type="string">
363 <name>Database Username</name>
364 <value>pgsqluser</value>
365 <description>The username to use when accessing the
366 database.</description>
369 <variable id="password" type="password">
370 <name>Database Password</name>
372 <description>The password to use when accessing the
373 database. If left blank, one will be
374 generated.</description>
379 <category id="plc_api">
380 <name>API Server</name>
381 <description>API (XML-RPC) server definitions.</description>
384 <variable id="enabled" type="boolean">
387 <description>Enable the API server on this
388 machine.</description>
391 <variable id="debug" type="boolean">
394 <description>Enable verbose API debugging. Do not enable on
395 a production system!</description>
398 <variable id="host" type="hostname">
399 <name>Hostname</name>
400 <value>localhost.localdomain</value>
401 <description>The fully qualified hostname of the API
402 server.</description>
405 <variable id="ip" type="ip">
406 <name>IP Address</name>
408 <description>The IP address of the API server, if not
409 resolvable.</description>
412 <variable id="ipod_subnet" type="ip">
413 <name>IP Subnet</name>
414 <value>127.0.0.1</value>
415 <description>The IP Subnet for all API servers.
416 Used to identify IPoD packet senders.</description>
419 <variable id="ipod_mask" type="ip">
421 <value>255.255.255.255</value>
422 <description>The IP Mask that should be applied to incoming
423 packets to match the IP Subnet for IPoD packets.</description>
426 <variable id="port" type="int">
429 <description>The TCP port number through which the API
430 should be accessed.</description>
433 <variable id="path" type="string">
435 <value>/PLCAPI/</value>
436 <description>The base path of the API URL.</description>
439 <variable id="maintenance_user" type="string">
440 <name>Maintenance User</name>
441 <value>maint@localhost.localdomain</value>
442 <description>The username of the maintenance account. This
443 account is used by local scripts that perform automated
444 tasks, and cannot be used for normal logins.</description>
447 <variable id="maintenance_password" type="password">
448 <name>Maintenance Password</name>
450 <description>The password of the maintenance account. If
451 left blank, one will be generated. We recommend that the
452 password be changed periodically.</description>
455 <variable id="maintenance_sources" type="hostname">
456 <name>Authorized Hosts</name>
458 <description>A space-separated list of IP addresses allowed
459 to access the API through the maintenance account. The value
460 of this variable is set automatically to allow only the API,
461 web, and boot servers, and should not be
462 changed.</description>
465 <!-- The following are not actually meant to be configurable
466 as variables. The web interface should allow the file to
467 be downloaded, or its contents replaced by a file upload,
468 but the actual <value> shouldn't need to be changed. -->
470 <variable id="ssl_key" type="file">
471 <name>SSL Private Key</name>
472 <value>/etc/planetlab/api_ssl.key</value>
473 <description>The SSL private key to use for encrypting HTTPS
474 traffic. If non-existent, one will be
475 generated.</description>
478 <variable id="ssl_crt" type="file">
479 <name>SSL Public Certificate</name>
480 <value>/etc/planetlab/api_ssl.crt</value>
481 <description>The corresponding SSL public certificate. By
482 default, this certificate is self-signed. You may replace
483 the certificate later with one signed by a root
487 <variable id="ca_ssl_crt" type="file">
488 <name>Root CA SSL Public Certificate</name>
489 <value>/etc/planetlab/api_ca_ssl.crt</value>
490 <description>The certificate of the root CA, if any, that
491 signed your server certificate. If your server certificate is
492 self-signed, then this file is the same as your server
493 certificate.</description>
498 <category id="plc_www">
499 <name>Web Server</name>
500 <description>Web server definitions.</description>
503 <variable id="enabled" type="boolean">
506 <description>Enable the web server on this
507 machine.</description>
510 <variable id="debug" type="boolean">
513 <description>Enable debugging output on web pages. Do not
514 enable on a production system!</description>
517 <variable id="host" type="hostname">
518 <name>Hostname</name>
519 <value>localhost.localdomain</value>
520 <description>The fully qualified hostname of the web
521 server.</description>
524 <variable id="ip" type="ip">
525 <name>IP Address</name>
527 <description>The IP address of the web server, if not
528 resolvable.</description>
531 <variable id="port" type="int">
534 <description>The TCP port number through which the
535 unprotected portions of the web site should be
536 accessed.</description>
539 <variable id="ssl_port" type="int">
540 <name>SSL Port</name>
542 <description>The TCP port number through which the protected
543 portions of the web site should be accessed.</description>
546 <!-- The following are not actually meant to be configurable
547 as variables. The web interface should allow the file to
548 be downloaded, or its contents replaced by a file upload,
549 but the actual <value> shouldn't need to be changed. -->
551 <variable id="ssl_key" type="file">
552 <name>SSL Private Key</name>
553 <value>/etc/planetlab/www_ssl.key</value>
554 <description>The SSL private key to use for encrypting HTTPS
555 traffic. If non-existent, one will be
556 generated.</description>
559 <variable id="ssl_crt" type="file">
560 <name>SSL Public Certificate</name>
561 <value>/etc/planetlab/www_ssl.crt</value>
562 <description>The corresponding SSL public certificate for
563 the HTTP server. By default, this certificate is
564 self-signed. You may replace the certificate later with one
565 signed by a root CA.</description>
568 <variable id="ca_ssl_crt" type="file">
569 <name>Root CA SSL Public Certificate</name>
570 <value>/etc/planetlab/www_ca_ssl.crt</value>
571 <description>The certificate of the root CA, if any, that
572 signed your server certificate. If your server certificate is
573 self-signed, then this file is the same as your server
574 certificate.</description>
579 <category id="plc_boot">
580 <name>Boot Server</name>
581 <description>Boot server definitions. Multiple boot servers
582 may be brought up for load balancing, but we recommend that a
583 single DNS round-robin system be implemented so that the
584 following variables are the same across all of
588 <variable id="enabled" type="boolean">
591 <description>Enable the boot server on this
592 machine.</description>
595 <variable id="host" type="hostname">
596 <name>Hostname</name>
597 <value>localhost.localdomain</value>
598 <description>The fully qualified hostname of the boot
599 server.</description>
602 <variable id="ip" type="ip">
603 <name>IP Address</name>
605 <description>The IP address of the boot server, if not
606 resolvable.</description>
609 <variable id="port" type="int">
612 <description>The TCP port number through which the
613 unprotected portions of the boot server should be
614 accessed.</description>
617 <variable id="ssl_port" type="int">
618 <name>SSL Port</name>
620 <description>The TCP port number through which the protected
621 portions of the boot server should be
622 accessed.</description>
625 <!-- The following are not actually meant to be configurable
626 as variables. The web interface should allow the file to
627 be downloaded, or its contents replaced by a file upload,
628 but the actual <value> shouldn't need to be changed. -->
630 <variable id="ssl_key" type="file">
631 <name>SSL Private Key</name>
632 <value>/etc/planetlab/boot_ssl.key</value>
633 <description>The SSL private key to use for encrypting HTTPS
634 traffic.</description>
637 <variable id="ssl_crt" type="file">
638 <name>SSL Public Certificate</name>
639 <value>/etc/planetlab/boot_ssl.crt</value>
640 <description>The corresponding SSL public certificate for
641 the HTTP server. By default, this certificate is
642 self-signed. You may replace the certificate later with one
643 signed by a root CA.</description>
646 <variable id="ca_ssl_crt" type="file">
647 <name>Root CA SSL Public Certificate</name>
648 <value>/etc/planetlab/boot_ca_ssl.crt</value>
649 <description>The certificate of the root CA, if any, that
650 signed your server certificate. If your server certificate is
651 self-signed, then this file is the same as your server
652 certificate.</description>
657 <category id="plc_ratelimit">
658 <name>Planetlab Ratelimit Settings</name>
659 <description>Planetlab Ratelimit Settings</description>
661 <variable id="enabled" type="bolean">
662 <name>Enable Ratelimit</name>
664 <description>Enable Ratelimit for sites</description>
669 <category id="plc_omf">
670 <name>Planetlab - OMF Integration</name>
671 <description>Planetlab - OMF integration</description>
673 <variable id="enabled" type="boolean">
674 <name>OMF integration</name>
676 <description>Enable OMF integration.</description>
679 <!-- xmpp server configuration -->
680 <variable id="xmpp_server" type="string">
681 <name>XMPP server</name>
682 <value>localhost.localdomain</value>
683 <description>The fully qualified hostname of the XMPP server.</description>
689 <category id="plc_reservation">
690 <name> Reservable Nodes</name>
691 <description> Settings related to reservable nodes </description>
694 <variable id="granularity" type="int">
695 <name>Lease granularity</name>
697 <description>The smallest timeslot that can be allocated to
698 a node. All leases will be rounded to this granularity, so
699 e.g. if you set 3600 all leases will start and stop at round
705 <category id="plc_planetflow">
706 <name>PlanetFlow Service Configuration</name>
707 <description>Planetflow service definitions used in the netflow slice. </description>
710 <variable id="host" type="hostname">
711 <name>Hostname</name>
712 <value>localhost.localdomain</value>
713 <description>The fully qualified hostname.</description>
718 <category id="plc_monitor">
719 <name>Monitoring Service</name>
720 <description>The Monitor service that tracks node availablity and repair.</description>
722 <variable id="enabled" type="boolean">
725 <description>Enable on this machine.</description>
727 <variable id="host" type="hostname">
728 <name>Hostname</name>
729 <value>localhost.localdomain</value>
730 <description>The fully qualified hostname.</description>
732 <variable id="ip" type="ip">
733 <name>IP Address</name>
735 <description>The IP address of the monitor server.</description>
737 <variable id="from_email" type="email">
738 <name>Monitor Email Address</name>
739 <value>root+monitor@localhost.localdomain</value>
740 <description>All messages from Monitor will appear to come from this address.</description>
742 <variable id="cc_email" type="email">
743 <name>CC Email Address</name>
744 <value>root+monitor@localhost.localdomain</value>
745 <description>All messages from Monitor will be copied to this address.</description>
747 <variable id="rt_queue" type="email">
748 <name>Queue Name in RT for new messages</name>
749 <value>support</value>
750 <description>All messages from Monitor will be copied to this address.</description>
752 <variable id="dbhost" type="hostname">
753 <name>Database Hostname</name>
754 <value>localhost</value>
755 <description>The hostname for the monitor database.</description>
757 <variable id="dbuser" type="string">
758 <name>Database User</name>
759 <value>monitoruser</value>
760 <description>The username for connecting to the monitor database.</description>
762 <variable id="dbname" type="string">
763 <name>Database Name</name>
764 <value>monitor</value>
765 <description>Name of monitor database.</description>
767 <variable id="dbpassword" type="password">
768 <name>Database Password</name>
770 <description>The password to use when accessing the
771 database, Monitor user account in the local PLC.</description>
774 <variable id="ssl_key" type="file">
775 <name>SSL Private Key</name>
776 <value>/etc/planetlab/monitor_ssl.key</value>
777 <description>The SSL private key to use for encrypting HTTPS
778 traffic.</description>
781 <variable id="ssl_crt" type="file">
782 <name>SSL Public Certificate</name>
783 <value>/etc/planetlab/monitor_ssl.crt</value>
784 <description>The corresponding SSL public certificate for
785 the HTTP server. By default, this certificate is
786 self-signed. You may replace the certificate later with one
787 signed by a root CA.</description>
790 <variable id="ca_ssl_crt" type="file">
791 <name>Root CA SSL Public Certificate</name>
792 <value>/etc/planetlab/monitor_ca_ssl.crt</value>
793 <description>The certificate of the root CA, if any, that
794 signed your server certificate. If your server certificate is
795 self-signed, then this file is the same as your server
796 certificate.</description>
801 <category id="plc_rt">
802 <name>RT Configuration</name>
803 <description>RT</description>
805 <variable id="enabled" type="boolean">
808 <description>Enable on this machine.</description>
810 <variable id="host" type="hostname">
811 <name>Hostname</name>
812 <value>localhost.localdomain</value>
813 <description>The fully qualified hostname.</description>
815 <variable id="ip" type="ip">
816 <name>IP Address</name>
818 <description>The IP address of the RT server.</description>
820 <variable id="cc_address" type="email">
821 <name>CC Email Address</name>
822 <value>root+cclist@localhost.localdomain</value>
823 <description>All messages to and from PLCRT will be copied to this address.</description>
825 <variable id="web_user" type="string">
828 <description>Username of a privileged user in RT who can create
829 tickets for any RT Queue.</description>
831 <variable id="web_password" type="password">
832 <name>password</name>
833 <value>password</value>
834 <description>Password for RT web user.</description>
836 <variable id="dbpassword" type="password">
837 <name>Database Password</name>
839 <description>Password to use when accessing the RT database.</description>
844 <category id="myslice">
846 <description>MySlice configuration parameters</description>
848 <variable id="comon_url" type="string">
851 <description>The address of the CoMon url that provides information for this PLC's nodes (if not the default http://comon.cs.princeton.edu/)</description>
853 <variable id="comon_available" type="boolean">
856 <description>True, if comon data are available for this PLC's nodes</description>
858 <variable id="tophat_available" type="boolean">
861 <description>True, if tophat data are available for this PLC's nodes</description>
866 <category id="plc_vsys">
868 <description>Default values for the vsys tag</description>
870 <variable id="defaults" type="string">
871 <name>vsys tags set by default</name>
873 <description>Comma-separated list of vsys script names that all newly created slices will have as their vsys tags. For older slices, see the check-vsys-defaults.py script as part of the myplc package</description>
880 <!-- deprecated - not used anymore - use .lst files instead -->