1 <?xml version="1.0" encoding="utf-8"?>
4 Default PLC configuration file
6 Mark Huang <mlhuang@cs.princeton.edu>
7 Copyright (C) 2006 The Trustees of Princeton University
12 <!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "plc_config.dtd">
18 <description>Basic system variables. Be sure that the values of
19 these variables are the same across all machines in your
20 installation.</description>
23 <variable id="name" type="string">
25 <value>PlanetLab Test</value>
26 <description>The name of this PLC installation. It is used in
27 the name of the default system site (e.g., PlanetLab Central)
28 and in the names of various administrative entities (e.g.,
29 PlanetLab Support).</description>
32 <variable id="shortname" type="string">
35 <description>The short name of this PLC installation. It is
36 mostly used in the web interface when displaying local
37 objects.</description>
40 <variable id="slice_prefix" type="string">
41 <name>Slice Prefix</name>
43 <description>The abbreviated name of this PLC
44 installation. It is used as the prefix for system slices
45 (e.g., pl_conf). Warning: Currently, this variable should
46 not be changed.</description>
49 <variable id="root_user" type="email">
50 <name>Root Account</name>
51 <value>root@localhost.localdomain</value>
52 <description>The name of the initial administrative
53 account. We recommend that this account be used only to create
54 additional accounts associated with real
55 administrators, then disabled.</description>
58 <variable id="root_password" type="password">
59 <name>Root Password</name>
61 <description>The password of the initial administrative
62 account. Also the password of the root account on the Boot
66 <!-- The following are not actually meant to be configurable
67 as variables. The web interface should allow the file to
68 be downloaded, or its contents replaced by a file upload,
69 but the actual <value> shouldn't need to be changed. -->
71 <variable id="root_ssh_key_pub" type="file">
72 <name>Root SSH Public Key</name>
73 <value>/etc/planetlab/root_ssh_key.pub</value>
74 <description>The SSH public key used to access the root
75 account on your nodes.</description>
78 <variable id="root_ssh_key" type="file">
79 <name>Root SSH Private Key</name>
80 <value>/etc/planetlab/root_ssh_key.rsa</value>
81 <description>The SSH private key used to access the root
82 account on your nodes.</description>
85 <variable id="debug_ssh_key_pub" type="file">
86 <name>Debug SSH Public Key</name>
87 <value>/etc/planetlab/debug_ssh_key.pub</value>
88 <description>The SSH public key used to access the root
89 account on your nodes when they are in Debug mode.</description>
92 <variable id="debug_ssh_key" type="file">
93 <name>Debug SSH Private Key</name>
94 <value>/etc/planetlab/debug_ssh_key.rsa</value>
95 <description>The SSH private key used to access the root
96 account on your nodes when they are in Debug mode.</description>
99 <variable id="root_gpg_key_pub" type="file">
100 <name>Root GPG Public Keyring</name>
101 <value>/etc/planetlab/pubring.gpg</value>
102 <description>The GPG public keyring used to sign the Boot
103 Manager and all node packages.</description>
106 <variable id="root_gpg_key" type="file">
107 <name>Root GPG Private Keyring</name>
108 <value>/etc/planetlab/secring.gpg</value>
109 <description>The SSH private key used to access the root
110 account on your nodes.</description>
115 <category id="plc_net">
117 <description>Network environment.</description>
120 <variable id="dns1" type="ip">
121 <name>Primary DNS Server</name>
122 <value>127.0.0.1</value>
123 <description>Primary DNS server address.</description>
126 <variable id="dns2" type="ip">
127 <name>Secondary DNS Server</name>
129 <description>Secondary DNS server address.</description>
134 <category id="plc_dns">
136 <description>MyPLC can provide forward DNS resolution for itself
137 and for its nodes. To enable resolution for MyPLC itself, set
138 the Primary DNS Server address to 127.0.0.1 and provide external
139 IP addresses for the database, API, web, and boot servers
140 below. To enable resolution for nodes, use the external IP
141 address of this machine as the primary DNS server address for
142 each node.</description>
145 <variable id="enabled" type="boolean">
146 <name>Enable DNS</name>
148 <description>Enable the internal DNS server. The server does
149 not provide reverse resolution and is not a production
150 quality or scalable DNS solution. Use the internal DNS
151 server only for small deployments or for
152 testing.</description>
157 <category id="plc_mail">
159 <description>Many maintenance scripts, as well as the API and
160 web site themselves, send e-mail notifications and
161 warnings.</description>
164 <variable id="enabled" type="boolean">
165 <name>Enable Mail</name>
167 <description>Set to false to suppress all e-mail notifications
168 and warnings.</description>
171 <variable id="support_address" type="email">
172 <name>Support Address</name>
173 <value>root+support@localhost.localdomain</value>
174 <description>This address is used for support
175 requests. Support requests may include traffic complaints,
176 security incident reporting, web site malfunctions, and
177 general requests for information. We recommend that the
178 address be aliased to a ticketing system such as Request
179 Tracker.</description>
182 <variable id="boot_address" type="email">
183 <name>Boot Messages Address</name>
184 <value>root+install-msgs@localhost.localdomain</value>
185 <description>The API will notify this address when a problem
186 occurs during node installation or boot.</description>
189 <variable id="mom_list_address" type="email">
190 <name>Mom List Address</name>
191 <value>root+mom@localhost.localdomain</value>
192 <description>This address is used by operations staff
193 to monitor Mom (formerly pl_mom) messages indicating
194 excessive BW or memory usage by a slice. Mom messages sent
195 to slices will be cc'ed to this list so as not to clog
196 the Support Address list.</description>
199 <variable id="slice_address" type="email">
200 <name>Slice Address</name>
201 <value>root+SLICE@localhost.localdomain</value>
202 <description>This address template is used for sending
203 e-mail notifications to slices. SLICE will be replaced with
204 the name of the slice.</description>
209 <category id="plc_db">
210 <name>Database Server</name>
211 <description>Database server definitions.</description>
214 <variable id="enabled" type="boolean">
217 <description>Enable the database server on this
218 machine.</description>
221 <variable id="type" type="string">
223 <value>postgresql</value>
224 <description>The type of database server. Currently, only
225 postgresql is supported.</description>
228 <variable id="host" type="hostname">
229 <name>Hostname</name>
230 <value>localhost.localdomain</value>
231 <description>The fully qualified hostname of the database
232 server.</description>
235 <variable id="ip" type="ip">
236 <name>IP Address</name>
238 <description>The IP address of the database server, if not
239 resolvable.</description>
242 <variable id="port" type="int">
245 <description>The TCP port number through which the database
246 server should be accessed.</description>
249 <variable id="name" type="string">
250 <name>Database Name</name>
251 <value>planetlab5</value>
252 <description>The name of the database to access.</description>
255 <variable id="user" type="string">
256 <name>Database Username</name>
257 <value>pgsqluser</value>
258 <description>The username to use when accessing the
259 database.</description>
262 <variable id="password" type="password">
263 <name>Database Password</name>
265 <description>The password to use when accessing the
266 database. If left blank, one will be
267 generated.</description>
272 <category id="plc_api">
273 <name>API Server</name>
274 <description>API (XML-RPC) server definitions.</description>
277 <variable id="enabled" type="boolean">
280 <description>Enable the API server on this
281 machine.</description>
284 <variable id="debug" type="boolean">
287 <description>Enable verbose API debugging. Do not enable on
288 a production system!</description>
291 <variable id="host" type="hostname">
292 <name>Hostname</name>
293 <value>localhost.localdomain</value>
294 <description>The fully qualified hostname of the API
295 server.</description>
298 <variable id="ip" type="ip">
299 <name>IP Address</name>
301 <description>The IP address of the API server, if not
302 resolvable.</description>
305 <variable id="ipod_subnet" type="ip">
306 <name>IP Subnet</name>
307 <value>127.0.0.1</value>
308 <description>The IP Subnet for all API servers.
309 Used to identify IPoD packet senders.</description>
312 <variable id="ipod_mask" type="ip">
314 <value>255.255.255.255</value>
315 <description>The IP Mask that should be applied to incoming
316 packets to match the IP Subnet for IPoD packets.</description>
319 <variable id="port" type="int">
322 <description>The TCP port number through which the API
323 should be accessed.</description>
326 <variable id="path" type="string">
328 <value>/PLCAPI/</value>
329 <description>The base path of the API URL.</description>
332 <variable id="maintenance_user" type="string">
333 <name>Maintenance User</name>
334 <value>maint@localhost.localdomain</value>
335 <description>The username of the maintenance account. This
336 account is used by local scripts that perform automated
337 tasks, and cannot be used for normal logins.</description>
340 <variable id="maintenance_password" type="password">
341 <name>Maintenance Password</name>
343 <description>The password of the maintenance account. If
344 left blank, one will be generated. We recommend that the
345 password be changed periodically.</description>
348 <variable id="maintenance_sources" type="hostname">
349 <name>Authorized Hosts</name>
351 <description>A space-separated list of IP addresses allowed
352 to access the API through the maintenance account. The value
353 of this variable is set automatically to allow only the API,
354 web, and boot servers, and should not be
355 changed.</description>
358 <!-- The following are not actually meant to be configurable
359 as variables. The web interface should allow the file to
360 be downloaded, or its contents replaced by a file upload,
361 but the actual <value> shouldn't need to be changed. -->
363 <variable id="ssl_key" type="file">
364 <name>SSL Private Key</name>
365 <value>/etc/planetlab/api_ssl.key</value>
366 <description>The SSL private key to use for encrypting HTTPS
367 traffic. If non-existent, one will be
368 generated.</description>
371 <variable id="ssl_crt" type="file">
372 <name>SSL Public Certificate</name>
373 <value>/etc/planetlab/api_ssl.crt</value>
374 <description>The corresponding SSL public certificate. By
375 default, this certificate is self-signed. You may replace
376 the certificate later with one signed by a root
380 <variable id="ca_ssl_crt" type="file">
381 <name>Root CA SSL Public Certificate</name>
382 <value>/etc/planetlab/api_ca_ssl.crt</value>
383 <description>The certificate of the root CA, if any, that
384 signed your server certificate. If your server certificate is
385 self-signed, then this file is the same as your server
386 certificate.</description>
391 <category id="plc_www">
392 <name>Web Server</name>
393 <description>Web server definitions.</description>
396 <variable id="enabled" type="boolean">
399 <description>Enable the web server on this
400 machine.</description>
403 <variable id="debug" type="boolean">
406 <description>Enable debugging output on web pages. Do not
407 enable on a production system!</description>
410 <variable id="host" type="hostname">
411 <name>Hostname</name>
412 <value>localhost.localdomain</value>
413 <description>The fully qualified hostname of the web
414 server.</description>
417 <variable id="ip" type="ip">
418 <name>IP Address</name>
420 <description>The IP address of the web server, if not
421 resolvable.</description>
424 <variable id="port" type="int">
427 <description>The TCP port number through which the
428 unprotected portions of the web site should be
429 accessed.</description>
432 <variable id="ssl_port" type="int">
433 <name>SSL Port</name>
435 <description>The TCP port number through which the protected
436 portions of the web site should be accessed.</description>
439 <!-- The following are not actually meant to be configurable
440 as variables. The web interface should allow the file to
441 be downloaded, or its contents replaced by a file upload,
442 but the actual <value> shouldn't need to be changed. -->
444 <variable id="ssl_key" type="file">
445 <name>SSL Private Key</name>
446 <value>/etc/planetlab/www_ssl.key</value>
447 <description>The SSL private key to use for encrypting HTTPS
448 traffic. If non-existent, one will be
449 generated.</description>
452 <variable id="ssl_crt" type="file">
453 <name>SSL Public Certificate</name>
454 <value>/etc/planetlab/www_ssl.crt</value>
455 <description>The corresponding SSL public certificate for
456 the HTTP server. By default, this certificate is
457 self-signed. You may replace the certificate later with one
458 signed by a root CA.</description>
461 <variable id="ca_ssl_crt" type="file">
462 <name>Root CA SSL Public Certificate</name>
463 <value>/etc/planetlab/www_ca_ssl.crt</value>
464 <description>The certificate of the root CA, if any, that
465 signed your server certificate. If your server certificate is
466 self-signed, then this file is the same as your server
467 certificate.</description>
472 <category id="plc_boot">
473 <name>Boot Server</name>
474 <description>Boot server definitions. Multiple boot servers
475 may be brought up for load balancing, but we recommend that a
476 single DNS round-robin system be implemented so that the
477 following variables are the same across all of
481 <variable id="enabled" type="boolean">
484 <description>Enable the boot server on this
485 machine.</description>
488 <variable id="host" type="hostname">
489 <name>Hostname</name>
490 <value>localhost.localdomain</value>
491 <description>The fully qualified hostname of the boot
492 server.</description>
495 <variable id="ip" type="ip">
496 <name>IP Address</name>
498 <description>The IP address of the boot server, if not
499 resolvable.</description>
502 <variable id="port" type="int">
505 <description>The TCP port number through which the
506 unprotected portions of the boot server should be
507 accessed.</description>
510 <variable id="ssl_port" type="int">
511 <name>SSL Port</name>
513 <description>The TCP port number through which the protected
514 portions of the boot server should be
515 accessed.</description>
518 <!-- The following are not actually meant to be configurable
519 as variables. The web interface should allow the file to
520 be downloaded, or its contents replaced by a file upload,
521 but the actual <value> shouldn't need to be changed. -->
523 <variable id="ssl_key" type="file">
524 <name>SSL Private Key</name>
525 <value>/etc/planetlab/boot_ssl.key</value>
526 <description>The SSL private key to use for encrypting HTTPS
527 traffic.</description>
530 <variable id="ssl_crt" type="file">
531 <name>SSL Public Certificate</name>
532 <value>/etc/planetlab/boot_ssl.crt</value>
533 <description>The corresponding SSL public certificate for
534 the HTTP server. By default, this certificate is
535 self-signed. You may replace the certificate later with one
536 signed by a root CA.</description>
539 <variable id="ca_ssl_crt" type="file">
540 <name>Root CA SSL Public Certificate</name>
541 <value>/etc/planetlab/boot_ca_ssl.crt</value>
542 <description>The certificate of the root CA, if any, that
543 signed your server certificate. If your server certificate is
544 self-signed, then this file is the same as your server
545 certificate.</description>
551 <category id="plc_planetflow">
552 <name>PlanetFlow Service Configuration</name>
553 <description>Planetflow service definitions used in the netflow slice. </description>
556 <variable id="host" type="hostname">
557 <name>Hostname</name>
558 <value>localhost.localdomain</value>
559 <description>The fully qualified hostname.</description>
563 <category id="plc_monitor">
564 <name>Monitoring Service</name>
565 <description>The Monitor service that tracks node availablity and repair.</description>
567 <variable id="enabled" type="boolean">
570 <description>Enable on this machine.</description>
572 <variable id="host" type="hostname">
573 <name>Hostname</name>
574 <value>localhost.localdomain</value>
575 <description>The fully qualified hostname.</description>
577 <variable id="ip" type="ip">
578 <name>IP Address</name>
580 <description>The IP address of the monitor server.</description>
582 <variable id="email" type="email">
583 <name>Monitor Email Address</name>
584 <value>root+monitor@localhost.localdomain</value>
585 <description>The source address for all out-going messages from Monitor.</description>
587 <variable id="dbpassword" type="password">
588 <name>Database Password</name>
590 <description>The password to use when accessing the
591 database, Monitor user account in the local PLC.</description>
598 <!-- deprecated - not used anymore - use .lst files instead -->