default_config.xml

   1 <?xml version="1.0" encoding="utf-8"?>
   2
   3 <!--
   4 Default PLC configuration file
   5
   6 Mark Huang <mlhuang@cs.princeton.edu>
   7 Copyright (C) 2006 The Trustees of Princeton University
   8
   9 $Id$
  10 $URL$
  11 -->
  12
  13 <!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "plc_config.dtd">
  14
  15 <configuration>
  16   <variables>
  17     <category id="plc">
  18       <name>System</name>
  19       <description>Basic system variables. Be sure that the values of
  20       these variables are the same across all machines in your
  21       installation.</description>
  22
  23       <variablelist>
  24         <variable id="name" type="string">
  25           <name>Name</name>
  26           <value>PlanetLab Test</value>
  27           <description>The name of this PLC installation. It is used in
  28           the name of the default system site (e.g., PlanetLab Central)
  29           and in the names of various administrative entities (e.g.,
  30           PlanetLab Support).</description>
  31         </variable>
  32
  33         <variable id="shortname" type="string">
  34           <name>Shortame</name>
  35           <value>Tlab</value>
  36           <description>The short name of this PLC installation. It is
  37           mostly used in the web interface when displaying local
  38           objects.</description>
  39         </variable>
  40
  41         <variable id="hrn_root" type="string">
  42           <name>Root in Hierarchical Naming Space </name>
  43           <value>planetlab.test</value>
  44           <description> The root of this peer in the hierarchical federation naming space.</description>
  45         </variable>
  46
  47         <variable id="slice_prefix" type="string">
  48           <name>Slice Prefix</name>
  49           <value>pl</value>
  50           <description>The abbreviated name of this PLC
  51           installation. It is used as the prefix for system slices
  52           (e.g., pl_conf). Warning: Currently, this variable should
  53           not be changed.</description>
  54         </variable>
  55
  56         <variable id="root_user" type="email">
  57           <name>Root Account</name>
  58           <value>root@localhost.localdomain</value>
  59           <description>The name of the initial administrative
  60           account. We recommend that this account be used only to create
  61           additional accounts associated with real
  62           administrators, then disabled.</description>
  63         </variable>
  64
  65         <variable id="root_password" type="password">
  66           <name>Root Password</name>
  67           <value>root</value>
  68           <description>The password of the initial administrative
  69           account. Also the password of the root account on the Boot
  70           CD.</description>
  71         </variable>
  72
  73         <!-- The following are not actually meant to be configurable
  74              as variables. The web interface should allow the file to
  75              be downloaded, or its contents replaced by a file upload,
  76              but the actual <value> shouldn't need to be changed.  -->
  77
  78         <variable id="root_ssh_key_pub" type="file">
  79           <name>Root SSH Public Key</name>
  80           <value>/etc/planetlab/root_ssh_key.pub</value>
  81           <description>The SSH public key used to access the root
  82           account on your nodes.</description>
  83         </variable>
  84
  85         <variable id="root_ssh_key" type="file">
  86           <name>Root SSH Private Key</name>
  87           <value>/etc/planetlab/root_ssh_key.rsa</value>
  88           <description>The SSH private key used to access the root
  89           account on your nodes.</description>
  90         </variable>
  91
  92         <variable id="debug_ssh_key_pub" type="file">
  93           <name>Debug SSH Public Key</name>
  94           <value>/etc/planetlab/debug_ssh_key.pub</value>
  95           <description>The SSH public key used to access the root
  96           account on your nodes when they are in Debug mode.</description>
  97         </variable>
  98
  99         <variable id="debug_ssh_key" type="file">
 100           <name>Debug SSH Private Key</name>
 101           <value>/etc/planetlab/debug_ssh_key.rsa</value>
 102           <description>The SSH private key used to access the root
 103           account on your nodes when they are in Debug mode.</description>
 104         </variable>
 105
 106         <variable id="root_gpg_key_pub" type="file">
 107           <name>Root GPG Public Keyring</name>
 108           <value>/etc/planetlab/pubring.gpg</value>
 109           <description>The GPG public keyring used to sign the Boot
 110           Manager and all node packages.</description>
 111         </variable>
 112
 113         <variable id="root_gpg_key" type="file">
 114           <name>Root GPG Private Keyring</name>
 115           <value>/etc/planetlab/secring.gpg</value>
 116           <description>The SSH private key used to access the root
 117           account on your nodes.</description>
 118         </variable>
 119       </variablelist>
 120     </category>
 121
 122     <category id="plc_net">
 123       <name>Network</name>
 124       <description>Network environment.</description>
 125
 126       <variablelist>
 127         <variable id="dns1" type="ip">
 128           <name>Primary DNS Server</name>
 129           <value>127.0.0.1</value>
 130           <description>Primary DNS server address.</description>
 131         </variable>
 132
 133         <variable id="dns2" type="ip">
 134           <name>Secondary DNS Server</name>
 135           <value></value>
 136           <description>Secondary DNS server address.</description>
 137         </variable>
 138       </variablelist>
 139     </category>
 140
 141     <category id="plc_dns">
 142       <name>DNS</name>
 143       <description>MyPLC can provide forward DNS resolution for itself
 144       and for its nodes. To enable resolution for MyPLC itself, set
 145       the Primary DNS Server address to 127.0.0.1 and provide external
 146       IP addresses for the database, API, web, and boot servers
 147       below. To enable resolution for nodes, use the external IP
 148       address of this machine as the primary DNS server address for
 149       each node.</description>
 150
 151       <variablelist>
 152         <variable id="enabled" type="boolean">
 153           <name>Enable DNS</name>
 154           <value>true</value>
 155           <description>Enable the internal DNS server. The server does
 156           not provide reverse resolution and is not a production
 157           quality or scalable DNS solution. Use the internal DNS
 158           server only for small deployments or for
 159           testing.</description>
 160         </variable>
 161       </variablelist>
 162     </category>
 163
 164     <category id="plc_hosts">
 165       <name>/etc/hosts</name>
 166       <description>MyPLC can setup /etc/hosts with the hostnames and
 167       IP addresses specified for *_NAME and *_IP, or look up the IP
 168       addresses if they are not specified in this configuration.
 169       </description>
 170
 171       <variablelist>
 172         <variable id="enabled" type="boolean">
 173           <name>Enable /etc/hosts configuration</name>
 174           <value>true</value>
 175           <description>Let PLC manage /etc/hosts</description>
 176         </variable>
 177       </variablelist>
 178     </category>
 179
 180     <category id="plc_mail">
 181       <name>Mail</name>
 182       <description>Many maintenance scripts, as well as the API and
 183       web site themselves, send e-mail notifications and
 184       warnings.</description>
 185
 186       <variablelist>
 187         <variable id="enabled" type="boolean">
 188           <name>Enable Mail</name>
 189           <value>false</value>
 190           <description>Set to false to suppress all e-mail notifications
 191           and warnings.</description>
 192         </variable>
 193
 194         <variable id="support_address" type="email">
 195           <name>Support Address</name>
 196           <value>root+support@localhost.localdomain</value>
 197           <description>This address is used for support
 198           requests. Support requests may include traffic complaints,
 199           security incident reporting, web site malfunctions, and
 200           general requests for information. We recommend that the
 201           address be aliased to a ticketing system such as Request
 202           Tracker.</description>
 203         </variable>
 204
 205         <variable id="boot_address" type="email">
 206           <name>Boot Messages Address</name>
 207           <value>root+install-msgs@localhost.localdomain</value>
 208           <description>The API will notify this address when a problem
 209           occurs during node installation or boot.</description>
 210         </variable>
 211
 212         <variable id="mom_list_address" type="email">
 213           <name>Mom List Address</name>
 214           <value>root+mom@localhost.localdomain</value>
 215           <description>This address is used by operations staff
 216           to monitor Mom (formerly pl_mom) messages indicating
 217           excessive BW or memory usage by a slice.  Mom messages sent
 218           to slices will be cc'ed to this list so as not to clog
 219           the Support Address list.</description>
 220         </variable>
 221
 222         <variable id="slice_address" type="email">
 223           <name>Slice Address</name>
 224           <value>root+SLICE@localhost.localdomain</value>
 225           <description>This address template is used for sending
 226           e-mail notifications to slices. SLICE will be replaced with
 227           the name of the slice.</description>
 228         </variable>
 229       </variablelist>
 230     </category>
 231
 232     <category id="plc_db">
 233       <name>Database Server</name>
 234       <description>Database server definitions.</description>
 235
 236       <variablelist>
 237         <variable id="enabled" type="boolean">
 238           <name>Enabled</name>
 239           <value>true</value>
 240           <description>Enable the database server on this
 241           machine.</description>
 242         </variable>
 243
 244         <variable id="type" type="string">
 245           <name>Type</name>
 246           <value>postgresql</value>
 247           <description>The type of database server. Currently, only
 248           postgresql is supported.</description>
 249         </variable>
 250
 251         <variable id="host" type="hostname">
 252           <name>Hostname</name>
 253           <value>localhost.localdomain</value>
 254           <description>The fully qualified hostname of the database
 255           server.</description>
 256         </variable>
 257
 258         <variable id="ip" type="ip">
 259           <name>IP Address</name>
 260           <value/>
 261           <description>The IP address of the database server, if not
 262           resolvable.</description>
 263         </variable>
 264
 265         <variable id="port" type="int">
 266           <name>Port</name>
 267           <value>5432</value>
 268           <description>The TCP port number through which the database
 269           server should be accessed.</description>
 270         </variable>
 271
 272         <variable id="name" type="string">
 273           <name>Database Name</name>
 274           <value>planetlab5</value>
 275           <description>The name of the database to access.</description>
 276         </variable>
 277
 278         <variable id="user" type="string">
 279           <name>Database Username</name>
 280           <value>pgsqluser</value>
 281           <description>The username to use when accessing the
 282           database.</description>
 283         </variable>
 284
 285         <variable id="password" type="password">
 286           <name>Database Password</name>
 287           <value></value>
 288           <description>The password to use when accessing the
 289           database. If left blank, one will be
 290           generated.</description>
 291         </variable>
 292       </variablelist>
 293     </category>
 294
 295     <category id="plc_api">
 296       <name>API Server</name>
 297       <description>API (XML-RPC) server definitions.</description>
 298
 299       <variablelist>
 300         <variable id="enabled" type="boolean">
 301           <name>Enabled</name>
 302           <value>true</value>
 303           <description>Enable the API server on this
 304           machine.</description>
 305         </variable>
 306
 307         <variable id="debug" type="boolean">
 308           <name>Debug</name>
 309           <value>false</value>
 310           <description>Enable verbose API debugging. Do not enable on
 311           a production system!</description>
 312         </variable>
 313
 314         <variable id="host" type="hostname">
 315           <name>Hostname</name>
 316           <value>localhost.localdomain</value>
 317           <description>The fully qualified hostname of the API
 318           server.</description>
 319         </variable>
 320
 321         <variable id="ip" type="ip">
 322           <name>IP Address</name>
 323           <value/>
 324           <description>The IP address of the API server, if not
 325           resolvable.</description>
 326         </variable>
 327
 328         <variable id="ipod_subnet" type="ip">
 329           <name>IP Subnet</name>
 330           <value>127.0.0.1</value>
 331           <description>The IP Subnet for all API servers.
 332           Used to identify IPoD packet senders.</description>
 333         </variable>
 334
 335         <variable id="ipod_mask" type="ip">
 336           <name>IP Mask</name>
 337           <value>255.255.255.255</value>
 338           <description>The IP Mask that should be applied to incoming
 339           packets to match the IP Subnet for IPoD packets.</description>
 340         </variable>
 341
 342         <variable id="port" type="int">
 343           <name>Port</name>
 344           <value>443</value>
 345           <description>The TCP port number through which the API
 346           should be accessed.</description>
 347         </variable>
 348
 349         <variable id="path" type="string">
 350           <name>Path</name>
 351           <value>/PLCAPI/</value>
 352           <description>The base path of the API URL.</description>
 353         </variable>
 354
 355         <variable id="maintenance_user" type="string">
 356           <name>Maintenance User</name>
 357           <value>maint@localhost.localdomain</value>
 358           <description>The username of the maintenance account. This
 359           account is used by local scripts that perform automated
 360           tasks, and cannot be used for normal logins.</description>
 361         </variable>
 362
 363         <variable id="maintenance_password" type="password">
 364           <name>Maintenance Password</name>
 365           <value></value>
 366           <description>The password of the maintenance account. If
 367           left blank, one will be generated. We recommend that the
 368           password be changed periodically.</description>
 369         </variable>
 370
 371         <variable id="maintenance_sources" type="hostname">
 372           <name>Authorized Hosts</name>
 373           <value></value>
 374           <description>A space-separated list of IP addresses allowed
 375           to access the API through the maintenance account. The value
 376           of this variable is set automatically to allow only the API,
 377           web, and boot servers, and should not be
 378           changed.</description>
 379         </variable>
 380
 381         <!-- The following are not actually meant to be configurable
 382              as variables. The web interface should allow the file to
 383              be downloaded, or its contents replaced by a file upload,
 384              but the actual <value> shouldn't need to be changed.  -->
 385
 386         <variable id="ssl_key" type="file">
 387           <name>SSL Private Key</name>
 388           <value>/etc/planetlab/api_ssl.key</value>
 389           <description>The SSL private key to use for encrypting HTTPS
 390           traffic. If non-existent, one will be
 391           generated.</description>
 392         </variable>
 393
 394         <variable id="ssl_crt" type="file">
 395           <name>SSL Public Certificate</name>
 396           <value>/etc/planetlab/api_ssl.crt</value>
 397           <description>The corresponding SSL public certificate. By
 398           default, this certificate is self-signed. You may replace
 399           the certificate later with one signed by a root
 400           CA.</description>
 401         </variable>
 402
 403         <variable id="ca_ssl_crt" type="file">
 404           <name>Root CA SSL Public Certificate</name>
 405           <value>/etc/planetlab/api_ca_ssl.crt</value>
 406           <description>The certificate of the root CA, if any, that
 407           signed your server certificate. If your server certificate is
 408           self-signed, then this file is the same as your server
 409           certificate.</description>
 410         </variable>
 411       </variablelist>
 412     </category>
 413
 414     <category id="plc_www">
 415       <name>Web Server</name>
 416       <description>Web server definitions.</description>
 417
 418       <variablelist>
 419         <variable id="enabled" type="boolean">
 420           <name>Enabled</name>
 421           <value>true</value>
 422           <description>Enable the web server on this
 423           machine.</description>
 424         </variable>
 425
 426         <variable id="debug" type="boolean">
 427           <name>Debug</name>
 428           <value>false</value>
 429           <description>Enable debugging output on web pages. Do not
 430           enable on a production system!</description>
 431         </variable>
 432
 433         <variable id="host" type="hostname">
 434           <name>Hostname</name>
 435           <value>localhost.localdomain</value>
 436           <description>The fully qualified hostname of the web
 437           server.</description>
 438         </variable>
 439
 440         <variable id="ip" type="ip">
 441           <name>IP Address</name>
 442           <value/>
 443           <description>The IP address of the web server, if not
 444           resolvable.</description>
 445         </variable>
 446
 447         <variable id="port" type="int">
 448           <name>Port</name>
 449           <value>80</value>
 450           <description>The TCP port number through which the
 451           unprotected portions of the web site should be
 452           accessed.</description>
 453         </variable>
 454
 455         <variable id="ssl_port" type="int">
 456           <name>SSL Port</name>
 457           <value>443</value>
 458           <description>The TCP port number through which the protected
 459           portions of the web site should be accessed.</description>
 460         </variable>
 461
 462         <!-- The following are not actually meant to be configurable
 463              as variables. The web interface should allow the file to
 464              be downloaded, or its contents replaced by a file upload,
 465              but the actual <value> shouldn't need to be changed.  -->
 466
 467         <variable id="ssl_key" type="file">
 468           <name>SSL Private Key</name>
 469           <value>/etc/planetlab/www_ssl.key</value>
 470           <description>The SSL private key to use for encrypting HTTPS
 471           traffic. If non-existent, one will be
 472           generated.</description>
 473         </variable>
 474
 475         <variable id="ssl_crt" type="file">
 476           <name>SSL Public Certificate</name>
 477           <value>/etc/planetlab/www_ssl.crt</value>
 478           <description>The corresponding SSL public certificate for
 479           the HTTP server. By default, this certificate is
 480           self-signed. You may replace the certificate later with one
 481           signed by a root CA.</description>
 482         </variable>
 483
 484         <variable id="ca_ssl_crt" type="file">
 485           <name>Root CA SSL Public Certificate</name>
 486           <value>/etc/planetlab/www_ca_ssl.crt</value>
 487           <description>The certificate of the root CA, if any, that
 488           signed your server certificate. If your server certificate is
 489           self-signed, then this file is the same as your server
 490           certificate.</description>
 491         </variable>
 492       </variablelist>
 493     </category>
 494
 495     <category id="plc_boot">
 496       <name>Boot Server</name>
 497       <description>Boot server definitions. Multiple boot servers
 498       may be brought up for load balancing, but we recommend that a
 499       single DNS round-robin system be implemented so that the
 500       following variables are the same across all of
 501       them.</description>
 502
 503       <variablelist>
 504         <variable id="enabled" type="boolean">
 505           <name>Enabled</name>
 506           <value>true</value>
 507           <description>Enable the boot server on this
 508           machine.</description>
 509         </variable>
 510
 511         <variable id="host" type="hostname">
 512           <name>Hostname</name>
 513           <value>localhost.localdomain</value>
 514           <description>The fully qualified hostname of the boot
 515           server.</description>
 516         </variable>
 517
 518         <variable id="ip" type="ip">
 519           <name>IP Address</name>
 520           <value/>
 521           <description>The IP address of the boot server, if not
 522           resolvable.</description>
 523         </variable>
 524
 525         <variable id="port" type="int">
 526           <name>Port</name>
 527           <value>80</value>
 528           <description>The TCP port number through which the
 529           unprotected portions of the boot server should be
 530           accessed.</description>
 531         </variable>
 532
 533         <variable id="ssl_port" type="int">
 534           <name>SSL Port</name>
 535           <value>443</value>
 536           <description>The TCP port number through which the protected
 537           portions of the boot server should be
 538           accessed.</description>
 539         </variable>
 540
 541         <!-- The following are not actually meant to be configurable
 542              as variables. The web interface should allow the file to
 543              be downloaded, or its contents replaced by a file upload,
 544              but the actual <value> shouldn't need to be changed.  -->
 545
 546         <variable id="ssl_key" type="file">
 547           <name>SSL Private Key</name>
 548           <value>/etc/planetlab/boot_ssl.key</value>
 549           <description>The SSL private key to use for encrypting HTTPS
 550           traffic.</description>
 551         </variable>
 552
 553         <variable id="ssl_crt" type="file">
 554           <name>SSL Public Certificate</name>
 555           <value>/etc/planetlab/boot_ssl.crt</value>
 556           <description>The corresponding SSL public certificate for
 557           the HTTP server. By default, this certificate is
 558           self-signed. You may replace the certificate later with one
 559           signed by a root CA.</description>
 560         </variable>
 561
 562         <variable id="ca_ssl_crt" type="file">
 563           <name>Root CA SSL Public Certificate</name>
 564           <value>/etc/planetlab/boot_ca_ssl.crt</value>
 565           <description>The certificate of the root CA, if any, that
 566           signed your server certificate. If your server certificate is
 567           self-signed, then this file is the same as your server
 568           certificate.</description>
 569         </variable>
 570       </variablelist>
 571     </category>
 572
 573
 574     <category id="plc_planetflow">
 575       <name>PlanetFlow Service Configuration</name>
 576       <description>Planetflow service definitions used in the netflow slice. </description>
 577
 578       <variablelist>
 579         <variable id="host" type="hostname">
 580                 <name>Hostname</name>
 581                 <value>localhost.localdomain</value>
 582                 <description>The fully qualified hostname.</description>
 583         </variable>
 584       </variablelist>
 585     </category>
 586     <category id="plc_monitor">
 587       <name>Monitoring Service</name>
 588       <description>The Monitor service that tracks node availablity and repair.</description>
 589       <variablelist>
 590         <variable id="enabled" type="boolean">
 591           <name>Enabled</name>
 592           <value>false</value>
 593           <description>Enable on this machine.</description>
 594         </variable>
 595         <variable id="host" type="hostname">
 596           <name>Hostname</name>
 597           <value>localhost.localdomain</value>
 598           <description>The fully qualified hostname.</description>
 599         </variable>
 600         <variable id="ip" type="ip">
 601           <name>IP Address</name>
 602           <value></value>
 603           <description>The IP address of the monitor server.</description>
 604         </variable>
 605         <variable id="from_email" type="email">
 606           <name>Monitor Email Address</name>
 607           <value>root+monitor@localhost.localdomain</value>
 608           <description>All messages from Monitor will appear to come from this address.</description>
 609         </variable>
 610         <variable id="cc_email" type="email">
 611           <name>CC Email Address</name>
 612           <value>root+monitor@localhost.localdomain</value>
 613           <description>All messages from Monitor will be copied to this address.</description>
 614         </variable>
 615         <variable id="rt_queue" type="email">
 616           <name>Queue Name in RT for new messages</name>
 617           <value>support</value>
 618           <description>All messages from Monitor will be copied to this address.</description>
 619         </variable>
 620         <variable id="dbpassword" type="password">
 621           <name>Database Password</name>
 622           <value></value>
 623           <description>The password to use when accessing the
 624           database, Monitor user account in the local PLC.</description>
 625         </variable>
 626
 627             <variable id="ssl_key" type="file">
 628                   <name>SSL Private Key</name>
 629                   <value>/etc/planetlab/monitor_ssl.key</value>
 630                   <description>The SSL private key to use for encrypting HTTPS
 631                   traffic.</description>
 632                 </variable>
 633
 634                 <variable id="ssl_crt" type="file">
 635                   <name>SSL Public Certificate</name>
 636                   <value>/etc/planetlab/monitor_ssl.crt</value>
 637                   <description>The corresponding SSL public certificate for
 638                   the HTTP server. By default, this certificate is
 639                   self-signed. You may replace the certificate later with one
 640                   signed by a root CA.</description>
 641                 </variable>
 642
 643                 <variable id="ca_ssl_crt" type="file">
 644                   <name>Root CA SSL Public Certificate</name>
 645                   <value>/etc/planetlab/monitor_ca_ssl.crt</value>
 646                   <description>The certificate of the root CA, if any, that
 647                   signed your server certificate. If your server certificate is
 648                   self-signed, then this file is the same as your server
 649                   certificate.</description>
 650                 </variable>
 651
 652       </variablelist>
 653     </category>
 654     <category id="plc_rt">
 655       <name>RT Configuration</name>
 656       <description>RT</description>
 657       <variablelist>
 658         <variable id="enabled" type="boolean">
 659           <name>Enabled</name>
 660           <value>false</value>
 661           <description>Enable on this machine.</description>
 662         </variable>
 663         <variable id="host" type="hostname">
 664           <name>Hostname</name>
 665           <value>localhost.localdomain</value>
 666           <description>The fully qualified hostname.</description>
 667         </variable>
 668         <variable id="ip" type="ip">
 669           <name>IP Address</name>
 670           <value/>
 671           <description>The IP address of the RT server.</description>
 672         </variable>
 673         <variable id="cc_address" type="email">
 674           <name>CC Email Address</name>
 675           <value>root+cclist@localhost.localdomain</value>
 676           <description>All messages to and from PLCRT will be copied to this address.</description>
 677         </variable>
 678         <variable id="web_user" type="string">
 679           <name>root</name>
 680           <value>root</value>
 681           <description>Username of a privileged user in RT who can create
 682                   tickets for any RT Queue.</description>
 683         </variable>
 684         <variable id="web_password" type="password">
 685           <name>password</name>
 686           <value>password</value>
 687           <description>Password for RT web user.</description>
 688         </variable>
 689         <variable id="dbpassword" type="password">
 690           <name>Database Password</name>
 691           <value></value>
 692           <description>Password to use when accessing the RT database.</description>
 693         </variable>
 694       </variablelist>
 695     </category>
 696   </variables>
 697
 698   <comps>
 699     <!-- deprecated - not used anymore - use .lst files instead -->
 700   </comps>
 701
 702 </configuration>