1 <?xml version="1.0" encoding="utf-8"?>
4 Default PLC configuration file
6 Mark Huang <mlhuang@cs.princeton.edu>
7 Copyright (C) 2006 The Trustees of Princeton University
13 <!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "plc_config.dtd">
19 <description>Basic system variables. Be sure that the values of
20 these variables are the same across all machines in your
21 installation.</description>
24 <variable id="name" type="string">
26 <value>PlanetLab Test</value>
27 <description>The name of this PLC installation. It is used in
28 the name of the default system site (e.g., PlanetLab Central)
29 and in the names of various administrative entities (e.g.,
30 PlanetLab Support).</description>
33 <variable id="shortname" type="string">
36 <description>The short name of this PLC installation. It is
37 mostly used in the web interface when displaying local
38 objects.</description>
41 <variable id="hrn_root" type="string">
42 <name>Root in Hierarchical Naming Space </name>
43 <value>planetlab.test</value>
44 <description> The root of this peer in the hierarchical federation naming space.</description>
47 <variable id="slice_prefix" type="string">
48 <name>Slice Prefix</name>
50 <description>The abbreviated name of this PLC
51 installation. It is used as the prefix for system slices
52 (e.g., pl_conf). Warning: Currently, this variable should
53 not be changed.</description>
56 <variable id="root_user" type="email">
57 <name>Root Account</name>
58 <value>root@localhost.localdomain</value>
59 <description>The name of the initial administrative
60 account. We recommend that this account be used only to create
61 additional accounts associated with real
62 administrators, then disabled.</description>
65 <variable id="root_password" type="password">
66 <name>Root Password</name>
68 <description>The password of the initial administrative
69 account. Also the password of the root account on the Boot
73 <!-- The following are not actually meant to be configurable
74 as variables. The web interface should allow the file to
75 be downloaded, or its contents replaced by a file upload,
76 but the actual <value> shouldn't need to be changed. -->
78 <variable id="root_ssh_key_pub" type="file">
79 <name>Root SSH Public Key</name>
80 <value>/etc/planetlab/root_ssh_key.pub</value>
81 <description>The SSH public key used to access the root
82 account on your nodes.</description>
85 <variable id="root_ssh_key" type="file">
86 <name>Root SSH Private Key</name>
87 <value>/etc/planetlab/root_ssh_key.rsa</value>
88 <description>The SSH private key used to access the root
89 account on your nodes.</description>
92 <variable id="debug_ssh_key_pub" type="file">
93 <name>Debug SSH Public Key</name>
94 <value>/etc/planetlab/debug_ssh_key.pub</value>
95 <description>The SSH public key used to access the root
96 account on your nodes when they are in Debug mode.</description>
99 <variable id="debug_ssh_key" type="file">
100 <name>Debug SSH Private Key</name>
101 <value>/etc/planetlab/debug_ssh_key.rsa</value>
102 <description>The SSH private key used to access the root
103 account on your nodes when they are in Debug mode.</description>
106 <variable id="root_gpg_key_pub" type="file">
107 <name>Root GPG Public Keyring</name>
108 <value>/etc/planetlab/pubring.gpg</value>
109 <description>The GPG public keyring used to sign the Boot
110 Manager and all node packages.</description>
113 <variable id="root_gpg_key" type="file">
114 <name>Root GPG Private Keyring</name>
115 <value>/etc/planetlab/secring.gpg</value>
116 <description>The SSH private key used to access the root
117 account on your nodes.</description>
122 <category id="plc_flavour">
123 <name>Flavours</name>
124 <description>Defaults for nodes and slices contents.</description>
127 <variable id="slice_arch" type="string">
128 <name>arch for slivers</name>
129 <value>@ARCH@</value>
130 <description>The default 'arch' to use for slivers. This is
131 useful if you have heterogeneous nodes (i686 and x86_64),
132 but want slivers to be homogeneous. You need to have the
133 corresponding vserver variant rpm available for
137 <variable id="slice_fcdistro" type="string">
138 <name>fcdistro for slivers</name>
139 <value>@FCDISTRO@</value>
140 <description>The default 'fcdistro' to use for creating
141 slivers. You need to have the corresponding vserver variant
142 rpm available for nodes.</description>
145 <variable id="slice_pldistro" type="string">
146 <name>pldistro for slivers</name>
147 <value>@PLDISTRO@</value>
148 <description>The default 'pldistro' to use for creating
149 slivers. You need to have the corresponding vserver variant
150 rpm available for nodes.</description>
156 <category id="plc_net">
158 <description>Network environment.</description>
161 <variable id="dns1" type="ip">
162 <name>Primary DNS Server</name>
163 <value>127.0.0.1</value>
164 <description>Primary DNS server address.</description>
167 <variable id="dns2" type="ip">
168 <name>Secondary DNS Server</name>
170 <description>Secondary DNS server address.</description>
175 <category id="plc_dns">
177 <description>MyPLC can provide forward DNS resolution for itself
178 and for its nodes. To enable resolution for MyPLC itself, set
179 the Primary DNS Server address to 127.0.0.1 and provide external
180 IP addresses for the database, API, web, and boot servers
181 below. To enable resolution for nodes, use the external IP
182 address of this machine as the primary DNS server address for
183 each node.</description>
186 <variable id="enabled" type="boolean">
187 <name>Enable DNS</name>
189 <description>Enable the internal DNS server. The server does
190 not provide reverse resolution and is not a production
191 quality or scalable DNS solution. Use the internal DNS
192 server only for small deployments or for
193 testing.</description>
198 <category id="plc_hosts">
199 <name>/etc/hosts</name>
200 <description>MyPLC can setup /etc/hosts with the hostnames and
201 IP addresses specified for *_NAME and *_IP, or look up the IP
202 addresses if they are not specified in this configuration.
206 <variable id="enabled" type="boolean">
207 <name>Enable /etc/hosts configuration</name>
209 <description>Let PLC manage /etc/hosts</description>
214 <category id="plc_mail">
216 <description>Many maintenance scripts, as well as the API and
217 web site themselves, send e-mail notifications and
218 warnings.</description>
221 <variable id="enabled" type="boolean">
222 <name>Enable Mail</name>
224 <description>Set to false to suppress all e-mail notifications
225 and warnings.</description>
228 <variable id="support_address" type="email">
229 <name>Support Address</name>
230 <value>root+support@localhost.localdomain</value>
231 <description>This address is used for support
232 requests. Support requests may include traffic complaints,
233 security incident reporting, web site malfunctions, and
234 general requests for information. We recommend that the
235 address be aliased to a ticketing system such as Request
236 Tracker.</description>
239 <variable id="boot_address" type="email">
240 <name>Boot Messages Address</name>
241 <value>root+install-msgs@localhost.localdomain</value>
242 <description>The API will notify this address when a problem
243 occurs during node installation or boot.</description>
246 <variable id="mom_list_address" type="email">
247 <name>Mom List Address</name>
248 <value>root+mom@localhost.localdomain</value>
249 <description>This address is used by operations staff
250 to monitor Mom (formerly pl_mom) messages indicating
251 excessive BW or memory usage by a slice. Mom messages sent
252 to slices will be cc'ed to this list so as not to clog
253 the Support Address list.</description>
256 <variable id="slice_address" type="email">
257 <name>Slice Address</name>
258 <value>root+SLICE@localhost.localdomain</value>
259 <description>This address template is used for sending
260 e-mail notifications to slices. SLICE will be replaced with
261 the name of the slice.</description>
266 <category id="plc_db">
267 <name>Database Server</name>
268 <description>Database server definitions.</description>
271 <variable id="enabled" type="boolean">
274 <description>Enable the database server on this
275 machine.</description>
278 <variable id="type" type="string">
280 <value>postgresql</value>
281 <description>The type of database server. Currently, only
282 postgresql is supported.</description>
285 <variable id="host" type="hostname">
286 <name>Hostname</name>
287 <value>localhost.localdomain</value>
288 <description>The fully qualified hostname of the database
289 server.</description>
292 <variable id="ip" type="ip">
293 <name>IP Address</name>
295 <description>The IP address of the database server, if not
296 resolvable.</description>
299 <variable id="port" type="int">
302 <description>The TCP port number through which the database
303 server should be accessed.</description>
306 <variable id="name" type="string">
307 <name>Database Name</name>
308 <value>planetlab5</value>
309 <description>The name of the database to access.</description>
312 <variable id="user" type="string">
313 <name>Database Username</name>
314 <value>pgsqluser</value>
315 <description>The username to use when accessing the
316 database.</description>
319 <variable id="password" type="password">
320 <name>Database Password</name>
322 <description>The password to use when accessing the
323 database. If left blank, one will be
324 generated.</description>
329 <category id="plc_api">
330 <name>API Server</name>
331 <description>API (XML-RPC) server definitions.</description>
334 <variable id="enabled" type="boolean">
337 <description>Enable the API server on this
338 machine.</description>
341 <variable id="debug" type="boolean">
344 <description>Enable verbose API debugging. Do not enable on
345 a production system!</description>
348 <variable id="host" type="hostname">
349 <name>Hostname</name>
350 <value>localhost.localdomain</value>
351 <description>The fully qualified hostname of the API
352 server.</description>
355 <variable id="ip" type="ip">
356 <name>IP Address</name>
358 <description>The IP address of the API server, if not
359 resolvable.</description>
362 <variable id="ipod_subnet" type="ip">
363 <name>IP Subnet</name>
364 <value>127.0.0.1</value>
365 <description>The IP Subnet for all API servers.
366 Used to identify IPoD packet senders.</description>
369 <variable id="ipod_mask" type="ip">
371 <value>255.255.255.255</value>
372 <description>The IP Mask that should be applied to incoming
373 packets to match the IP Subnet for IPoD packets.</description>
376 <variable id="port" type="int">
379 <description>The TCP port number through which the API
380 should be accessed.</description>
383 <variable id="path" type="string">
385 <value>/PLCAPI/</value>
386 <description>The base path of the API URL.</description>
389 <variable id="maintenance_user" type="string">
390 <name>Maintenance User</name>
391 <value>maint@localhost.localdomain</value>
392 <description>The username of the maintenance account. This
393 account is used by local scripts that perform automated
394 tasks, and cannot be used for normal logins.</description>
397 <variable id="maintenance_password" type="password">
398 <name>Maintenance Password</name>
400 <description>The password of the maintenance account. If
401 left blank, one will be generated. We recommend that the
402 password be changed periodically.</description>
405 <variable id="maintenance_sources" type="hostname">
406 <name>Authorized Hosts</name>
408 <description>A space-separated list of IP addresses allowed
409 to access the API through the maintenance account. The value
410 of this variable is set automatically to allow only the API,
411 web, and boot servers, and should not be
412 changed.</description>
415 <!-- The following are not actually meant to be configurable
416 as variables. The web interface should allow the file to
417 be downloaded, or its contents replaced by a file upload,
418 but the actual <value> shouldn't need to be changed. -->
420 <variable id="ssl_key" type="file">
421 <name>SSL Private Key</name>
422 <value>/etc/planetlab/api_ssl.key</value>
423 <description>The SSL private key to use for encrypting HTTPS
424 traffic. If non-existent, one will be
425 generated.</description>
428 <variable id="ssl_crt" type="file">
429 <name>SSL Public Certificate</name>
430 <value>/etc/planetlab/api_ssl.crt</value>
431 <description>The corresponding SSL public certificate. By
432 default, this certificate is self-signed. You may replace
433 the certificate later with one signed by a root
437 <variable id="ca_ssl_crt" type="file">
438 <name>Root CA SSL Public Certificate</name>
439 <value>/etc/planetlab/api_ca_ssl.crt</value>
440 <description>The certificate of the root CA, if any, that
441 signed your server certificate. If your server certificate is
442 self-signed, then this file is the same as your server
443 certificate.</description>
448 <category id="plc_www">
449 <name>Web Server</name>
450 <description>Web server definitions.</description>
453 <variable id="enabled" type="boolean">
456 <description>Enable the web server on this
457 machine.</description>
460 <variable id="debug" type="boolean">
463 <description>Enable debugging output on web pages. Do not
464 enable on a production system!</description>
467 <variable id="host" type="hostname">
468 <name>Hostname</name>
469 <value>localhost.localdomain</value>
470 <description>The fully qualified hostname of the web
471 server.</description>
474 <variable id="ip" type="ip">
475 <name>IP Address</name>
477 <description>The IP address of the web server, if not
478 resolvable.</description>
481 <variable id="port" type="int">
484 <description>The TCP port number through which the
485 unprotected portions of the web site should be
486 accessed.</description>
489 <variable id="ssl_port" type="int">
490 <name>SSL Port</name>
492 <description>The TCP port number through which the protected
493 portions of the web site should be accessed.</description>
496 <!-- The following are not actually meant to be configurable
497 as variables. The web interface should allow the file to
498 be downloaded, or its contents replaced by a file upload,
499 but the actual <value> shouldn't need to be changed. -->
501 <variable id="ssl_key" type="file">
502 <name>SSL Private Key</name>
503 <value>/etc/planetlab/www_ssl.key</value>
504 <description>The SSL private key to use for encrypting HTTPS
505 traffic. If non-existent, one will be
506 generated.</description>
509 <variable id="ssl_crt" type="file">
510 <name>SSL Public Certificate</name>
511 <value>/etc/planetlab/www_ssl.crt</value>
512 <description>The corresponding SSL public certificate for
513 the HTTP server. By default, this certificate is
514 self-signed. You may replace the certificate later with one
515 signed by a root CA.</description>
518 <variable id="ca_ssl_crt" type="file">
519 <name>Root CA SSL Public Certificate</name>
520 <value>/etc/planetlab/www_ca_ssl.crt</value>
521 <description>The certificate of the root CA, if any, that
522 signed your server certificate. If your server certificate is
523 self-signed, then this file is the same as your server
524 certificate.</description>
529 <category id="plc_boot">
530 <name>Boot Server</name>
531 <description>Boot server definitions. Multiple boot servers
532 may be brought up for load balancing, but we recommend that a
533 single DNS round-robin system be implemented so that the
534 following variables are the same across all of
538 <variable id="enabled" type="boolean">
541 <description>Enable the boot server on this
542 machine.</description>
545 <variable id="host" type="hostname">
546 <name>Hostname</name>
547 <value>localhost.localdomain</value>
548 <description>The fully qualified hostname of the boot
549 server.</description>
552 <variable id="ip" type="ip">
553 <name>IP Address</name>
555 <description>The IP address of the boot server, if not
556 resolvable.</description>
559 <variable id="port" type="int">
562 <description>The TCP port number through which the
563 unprotected portions of the boot server should be
564 accessed.</description>
567 <variable id="ssl_port" type="int">
568 <name>SSL Port</name>
570 <description>The TCP port number through which the protected
571 portions of the boot server should be
572 accessed.</description>
575 <!-- The following are not actually meant to be configurable
576 as variables. The web interface should allow the file to
577 be downloaded, or its contents replaced by a file upload,
578 but the actual <value> shouldn't need to be changed. -->
580 <variable id="ssl_key" type="file">
581 <name>SSL Private Key</name>
582 <value>/etc/planetlab/boot_ssl.key</value>
583 <description>The SSL private key to use for encrypting HTTPS
584 traffic.</description>
587 <variable id="ssl_crt" type="file">
588 <name>SSL Public Certificate</name>
589 <value>/etc/planetlab/boot_ssl.crt</value>
590 <description>The corresponding SSL public certificate for
591 the HTTP server. By default, this certificate is
592 self-signed. You may replace the certificate later with one
593 signed by a root CA.</description>
596 <variable id="ca_ssl_crt" type="file">
597 <name>Root CA SSL Public Certificate</name>
598 <value>/etc/planetlab/boot_ca_ssl.crt</value>
599 <description>The certificate of the root CA, if any, that
600 signed your server certificate. If your server certificate is
601 self-signed, then this file is the same as your server
602 certificate.</description>
608 <category id="plc_planetflow">
609 <name>PlanetFlow Service Configuration</name>
610 <description>Planetflow service definitions used in the netflow slice. </description>
613 <variable id="host" type="hostname">
614 <name>Hostname</name>
615 <value>localhost.localdomain</value>
616 <description>The fully qualified hostname.</description>
620 <category id="plc_monitor">
621 <name>Monitoring Service</name>
622 <description>The Monitor service that tracks node availablity and repair.</description>
624 <variable id="enabled" type="boolean">
627 <description>Enable on this machine.</description>
629 <variable id="host" type="hostname">
630 <name>Hostname</name>
631 <value>localhost.localdomain</value>
632 <description>The fully qualified hostname.</description>
634 <variable id="ip" type="ip">
635 <name>IP Address</name>
637 <description>The IP address of the monitor server.</description>
639 <variable id="from_email" type="email">
640 <name>Monitor Email Address</name>
641 <value>root+monitor@localhost.localdomain</value>
642 <description>All messages from Monitor will appear to come from this address.</description>
644 <variable id="cc_email" type="email">
645 <name>CC Email Address</name>
646 <value>root+monitor@localhost.localdomain</value>
647 <description>All messages from Monitor will be copied to this address.</description>
649 <variable id="rt_queue" type="email">
650 <name>Queue Name in RT for new messages</name>
651 <value>support</value>
652 <description>All messages from Monitor will be copied to this address.</description>
654 <variable id="dbpassword" type="password">
655 <name>Database Password</name>
657 <description>The password to use when accessing the
658 database, Monitor user account in the local PLC.</description>
661 <variable id="ssl_key" type="file">
662 <name>SSL Private Key</name>
663 <value>/etc/planetlab/monitor_ssl.key</value>
664 <description>The SSL private key to use for encrypting HTTPS
665 traffic.</description>
668 <variable id="ssl_crt" type="file">
669 <name>SSL Public Certificate</name>
670 <value>/etc/planetlab/monitor_ssl.crt</value>
671 <description>The corresponding SSL public certificate for
672 the HTTP server. By default, this certificate is
673 self-signed. You may replace the certificate later with one
674 signed by a root CA.</description>
677 <variable id="ca_ssl_crt" type="file">
678 <name>Root CA SSL Public Certificate</name>
679 <value>/etc/planetlab/monitor_ca_ssl.crt</value>
680 <description>The certificate of the root CA, if any, that
681 signed your server certificate. If your server certificate is
682 self-signed, then this file is the same as your server
683 certificate.</description>
688 <category id="plc_rt">
689 <name>RT Configuration</name>
690 <description>RT</description>
692 <variable id="enabled" type="boolean">
695 <description>Enable on this machine.</description>
697 <variable id="host" type="hostname">
698 <name>Hostname</name>
699 <value>localhost.localdomain</value>
700 <description>The fully qualified hostname.</description>
702 <variable id="ip" type="ip">
703 <name>IP Address</name>
705 <description>The IP address of the RT server.</description>
707 <variable id="cc_address" type="email">
708 <name>CC Email Address</name>
709 <value>root+cclist@localhost.localdomain</value>
710 <description>All messages to and from PLCRT will be copied to this address.</description>
712 <variable id="web_user" type="string">
715 <description>Username of a privileged user in RT who can create
716 tickets for any RT Queue.</description>
718 <variable id="web_password" type="password">
719 <name>password</name>
720 <value>password</value>
721 <description>Password for RT web user.</description>
723 <variable id="dbpassword" type="password">
724 <name>Database Password</name>
726 <description>Password to use when accessing the RT database.</description>
733 <!-- deprecated - not used anymore - use .lst files instead -->