default_config.xml

   1 <?xml version="1.0" encoding="utf-8"?>
   2
   3 <!--
   4 Default PLC configuration file
   5
   6 Mark Huang <mlhuang@cs.princeton.edu>
   7 Copyright (C) 2006 The Trustees of Princeton University
   8
   9 $Id$
  10 -->
  11
  12 <!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "plc_config.dtd">
  13
  14 <configuration>
  15   <variables>
  16     <category id="plc">
  17       <name>System</name>
  18       <description>Basic system variables. Be sure that the values of
  19       these variables are the same across all machines in your
  20       installation.</description>
  21
  22       <variablelist>
  23         <variable id="name" type="string">
  24           <name>Name</name>
  25           <value>PlanetLab Test</value>
  26           <description>The name of this PLC installation. It is used in
  27           the name of the default system site (e.g., PlanetLab Central)
  28           and in the names of various administrative entities (e.g.,
  29           PlanetLab Support).</description>
  30         </variable>
  31
  32         <variable id="slice_prefix" type="string">
  33           <name>Slice Prefix</name>
  34           <value>pl</value>
  35           <description>The abbreviated name of this PLC
  36           installation. It is used as the prefix for system slices
  37           (e.g., pl_conf). Warning: Currently, this variable should
  38           not be changed.</description>
  39         </variable>
  40
  41         <variable id="root_user" type="email">
  42           <name>Root Account</name>
  43           <value>root@localhost.localdomain</value>
  44           <description>The name of the initial administrative
  45           account. We recommend that this account be used only to create
  46           additional accounts associated with real
  47           administrators, then disabled.</description>
  48         </variable>
  49
  50         <variable id="root_password" type="password">
  51           <name>Root Password</name>
  52           <value>root</value>
  53           <description>The password of the initial administrative
  54           account. Also the password of the root account on the Boot
  55           CD.</description>
  56         </variable>
  57
  58         <!-- The following are not actually meant to be configurable
  59              as variables. The web interface should allow the file to
  60              be downloaded, or its contents replaced by a file upload,
  61              but the actual <value> shouldn't need to be changed.  -->
  62
  63         <variable id="root_ssh_key_pub" type="file">
  64           <name>Root SSH Public Key</name>
  65           <value>/etc/planetlab/root_ssh_key.pub</value>
  66           <description>The SSH public key used to access the root
  67           account on your nodes.</description>
  68         </variable>
  69
  70         <variable id="root_ssh_key" type="file">
  71           <name>Root SSH Private Key</name>
  72           <value>/etc/planetlab/root_ssh_key.rsa</value>
  73           <description>The SSH private key used to access the root
  74           account on your nodes.</description>
  75         </variable>
  76
  77         <variable id="debug_ssh_key_pub" type="file">
  78           <name>Debug SSH Public Key</name>
  79           <value>/etc/planetlab/debug_ssh_key.pub</value>
  80           <description>The SSH public key used to access the root
  81           account on your nodes when they are in Debug mode.</description>
  82         </variable>
  83
  84         <variable id="debug_ssh_key" type="file">
  85           <name>Debug SSH Private Key</name>
  86           <value>/etc/planetlab/debug_ssh_key.rsa</value>
  87           <description>The SSH private key used to access the root
  88           account on your nodes when they are in Debug mode.</description>
  89         </variable>
  90
  91         <variable id="root_gpg_key_pub" type="file">
  92           <name>Root GPG Public Keyring</name>
  93           <value>/etc/planetlab/pubring.gpg</value>
  94           <description>The GPG public keyring used to sign the Boot
  95           Manager and all node packages.</description>
  96         </variable>
  97
  98         <variable id="root_gpg_key" type="file">
  99           <name>Root GPG Private Keyring</name>
 100           <value>/etc/planetlab/secring.gpg</value>
 101           <description>The SSH private key used to access the root
 102           account on your nodes.</description>
 103         </variable>
 104       </variablelist>
 105     </category>
 106
 107     <category id="plc_net">
 108       <name>Network</name>
 109       <description>Network environment.</description>
 110
 111       <variablelist>
 112         <variable id="dns1" type="ip">
 113           <name>Primary DNS Server</name>
 114           <value>127.0.0.1</value>
 115           <description>Primary DNS server address.</description>
 116         </variable>
 117
 118         <variable id="dns2" type="ip">
 119           <name>Secondary DNS Server</name>
 120           <value></value>
 121           <description>Secondary DNS server address.</description>
 122         </variable>
 123       </variablelist>
 124     </category>
 125
 126     <category id="plc_dns">
 127       <name>DNS</name>
 128       <description>MyPLC can provide forward DNS resolution for itself
 129       and for its nodes. To enable resolution for MyPLC itself, set
 130       the Primary DNS Server address to 127.0.0.1 and provide external
 131       IP addresses for the database, API, web, and boot servers
 132       below. To enable resolution for nodes, use the external IP
 133       address of this machine as the primary DNS server address for
 134       each node.</description>
 135
 136       <variablelist>
 137         <variable id="enabled" type="boolean">
 138           <name>Enable DNS</name>
 139           <value>true</value>
 140           <description>Enable the internal DNS server. The server does
 141           not provide reverse resolution and is not a production
 142           quality or scalable DNS solution. Use the internal DNS
 143           server only for small deployments or for
 144           testing.</description>
 145         </variable>
 146       </variablelist>
 147     </category>
 148
 149     <category id="plc_mail">
 150       <name>Mail</name>
 151       <description>Many maintenance scripts, as well as the API and
 152       web site themselves, send e-mail notifications and
 153       warnings.</description>
 154
 155       <variablelist>
 156         <variable id="enabled" type="boolean">
 157           <name>Enable Mail</name>
 158           <value>false</value>
 159           <description>Set to false to suppress all e-mail notifications
 160           and warnings.</description>
 161         </variable>
 162
 163         <variable id="support_address" type="email">
 164           <name>Support Address</name>
 165           <value>root+support@localhost.localdomain</value>
 166           <description>This address is used for support
 167           requests. Support requests may include traffic complaints,
 168           security incident reporting, web site malfunctions, and
 169           general requests for information. We recommend that the
 170           address be aliased to a ticketing system such as Request
 171           Tracker.</description>
 172         </variable>
 173
 174         <variable id="boot_address" type="email">
 175           <name>Boot Messages Address</name>
 176           <value>root+install-msgs@localhost.localdomain</value>
 177           <description>The API will notify this address when a problem
 178           occurs during node installation or boot.</description>
 179         </variable>
 180
 181         <variable id="slice_address" type="email">
 182           <name>Slice Address</name>
 183           <value>root+SLICE@localhost.localdomain</value>
 184           <description>This address template is used for sending
 185           e-mail notifications to slices. SLICE will be replaced with
 186           the name of the slice.</description>
 187         </variable>
 188       </variablelist>
 189     </category>
 190
 191     <category id="plc_db">
 192       <name>Database Server</name>
 193       <description>Database server definitions.</description>
 194
 195       <variablelist>
 196         <variable id="enabled" type="boolean">
 197           <name>Enabled</name>
 198           <value>true</value>
 199           <description>Enable the database server on this
 200           machine.</description>
 201         </variable>
 202
 203         <variable id="type" type="string">
 204           <name>Type</name>
 205           <value>postgresql</value>
 206           <description>The type of database server. Currently, only
 207           postgresql is supported.</description>
 208         </variable>
 209
 210         <variable id="host" type="hostname">
 211           <name>Hostname</name>
 212           <value>localhost.localdomain</value>
 213           <description>The fully qualified hostname of the database
 214           server.</description>
 215         </variable>
 216
 217         <variable id="ip" type="ip">
 218           <name>IP Address</name>
 219           <value>127.0.0.1</value>
 220           <description>The IP address of the database server, if not
 221           resolvable by the configured DNS servers.</description>
 222         </variable>
 223
 224         <variable id="port" type="int">
 225           <name>Port</name>
 226           <value>5432</value>
 227           <description>The TCP port number through which the database
 228           server should be accessed.</description>
 229         </variable>
 230
 231         <variable id="name" type="string">
 232           <name>Database Name</name>
 233           <value>planetlab4</value>
 234           <description>The name of the database to access.</description>
 235         </variable>
 236
 237         <variable id="user" type="string">
 238           <name>Database Username</name>
 239           <value>pgsqluser</value>
 240           <description>The username to use when accessing the
 241           database.</description>
 242         </variable>
 243
 244         <variable id="password" type="password">
 245           <name>Database Password</name>
 246           <value></value>
 247           <description>The password to use when accessing the
 248           database. If left blank, one will be
 249           generated.</description>
 250         </variable>
 251       </variablelist>
 252     </category>
 253
 254     <category id="plc_api">
 255       <name>API Server</name>
 256       <description>API (XML-RPC) server definitions.</description>
 257
 258       <variablelist>
 259         <variable id="enabled" type="boolean">
 260           <name>Enabled</name>
 261           <value>true</value>
 262           <description>Enable the API server on this
 263           machine.</description>
 264         </variable>
 265
 266         <variable id="debug" type="boolean">
 267           <name>Debug</name>
 268           <value>false</value>
 269           <description>Enable verbose API debugging. Do not enable on
 270           a production system!</description>
 271         </variable>
 272
 273         <variable id="host" type="hostname">
 274           <name>Hostname</name>
 275           <value>localhost.localdomain</value>
 276           <description>The fully qualified hostname of the API
 277           server.</description>
 278         </variable>
 279
 280         <variable id="ip" type="ip">
 281           <name>IP Address</name>
 282           <value>127.0.0.1</value>
 283           <description>The IP address of the API server, if not
 284           resolvable by the configured DNS servers.</description>
 285         </variable>
 286
 287         <variable id="port" type="int">
 288           <name>Port</name>
 289           <value>443</value>
 290           <description>The TCP port number through which the API
 291           should be accessed.</description>
 292         </variable>
 293
 294         <variable id="path" type="string">
 295           <name>Path</name>
 296           <value>/PLCAPI/</value>
 297           <description>The base path of the API URL.</description>
 298         </variable>
 299
 300         <variable id="maintenance_user" type="string">
 301           <name>Maintenance User</name>
 302           <value>maint@localhost.localdomain</value>
 303           <description>The username of the maintenance account. This
 304           account is used by local scripts that perform automated
 305           tasks, and cannot be used for normal logins.</description>
 306         </variable>
 307
 308         <variable id="maintenance_password" type="password">
 309           <name>Maintenance Password</name>
 310           <value></value>
 311           <description>The password of the maintenance account. If
 312           left blank, one will be generated. We recommend that the
 313           password be changed periodically.</description>
 314         </variable>
 315
 316         <variable id="maintenance_sources" type="hostname">
 317           <name>Authorized Hosts</name>
 318           <value></value>
 319           <description>A space-separated list of IP addresses allowed
 320           to access the API through the maintenance account. The value
 321           of this variable is set automatically to allow only the API,
 322           web, and boot servers, and should not be
 323           changed.</description>
 324         </variable>
 325
 326         <!-- The following are not actually meant to be configurable
 327              as variables. The web interface should allow the file to
 328              be downloaded, or its contents replaced by a file upload,
 329              but the actual <value> shouldn't need to be changed.  -->
 330
 331         <variable id="ssl_key" type="file">
 332           <name>SSL Private Key</name>
 333           <value>/etc/planetlab/api_ssl.key</value>
 334           <description>The SSL private key to use for encrypting HTTPS
 335           traffic. If non-existent, one will be
 336           generated.</description>
 337         </variable>
 338
 339         <variable id="ssl_crt" type="file">
 340           <name>SSL Public Certificate</name>
 341           <value>/etc/planetlab/api_ssl.crt</value>
 342           <description>The corresponding SSL public certificate. By
 343           default, this certificate is self-signed. You may replace
 344           the certificate later with one signed by a root
 345           CA.</description>
 346         </variable>
 347
 348         <variable id="ca_ssl_crt" type="file">
 349           <name>Root CA SSL Public Certificate</name>
 350           <value>/etc/planetlab/api_ca_ssl.crt</value>
 351           <description>The certificate of the root CA, if any, that
 352           signed your server certificate. If your server certificate is
 353           self-signed, then this file is the same as your server
 354           certificate.</description>
 355         </variable>
 356       </variablelist>
 357     </category>
 358
 359     <category id="plc_www">
 360       <name>Web Server</name>
 361       <description>Web server definitions.</description>
 362
 363       <variablelist>
 364         <variable id="enabled" type="boolean">
 365           <name>Enabled</name>
 366           <value>true</value>
 367           <description>Enable the web server on this
 368           machine.</description>
 369         </variable>
 370
 371         <variable id="debug" type="boolean">
 372           <name>Debug</name>
 373           <value>false</value>
 374           <description>Enable debugging output on web pages. Do not
 375           enable on a production system!</description>
 376         </variable>
 377
 378         <variable id="host" type="hostname">
 379           <name>Hostname</name>
 380           <value>localhost.localdomain</value>
 381           <description>The fully qualified hostname of the web
 382           server.</description>
 383         </variable>
 384
 385         <variable id="ip" type="ip">
 386           <name>IP Address</name>
 387           <value>127.0.0.1</value>
 388           <description>The IP address of the web server, if not
 389           resolvable by the configured DNS servers.</description>
 390         </variable>
 391
 392         <variable id="port" type="int">
 393           <name>Port</name>
 394           <value>80</value>
 395           <description>The TCP port number through which the
 396           unprotected portions of the web site should be
 397           accessed.</description>
 398         </variable>
 399
 400         <variable id="ssl_port" type="int">
 401           <name>SSL Port</name>
 402           <value>443</value>
 403           <description>The TCP port number through which the protected
 404           portions of the web site should be accessed.</description>
 405         </variable>
 406
 407         <!-- The following are not actually meant to be configurable
 408              as variables. The web interface should allow the file to
 409              be downloaded, or its contents replaced by a file upload,
 410              but the actual <value> shouldn't need to be changed.  -->
 411
 412         <variable id="ssl_key" type="file">
 413           <name>SSL Private Key</name>
 414           <value>/etc/planetlab/www_ssl.key</value>
 415           <description>The SSL private key to use for encrypting HTTPS
 416           traffic. If non-existent, one will be
 417           generated.</description>
 418         </variable>
 419
 420         <variable id="ssl_crt" type="file">
 421           <name>SSL Public Certificate</name>
 422           <value>/etc/planetlab/www_ssl.crt</value>
 423           <description>The corresponding SSL public certificate for
 424           the HTTP server. By default, this certificate is
 425           self-signed. You may replace the certificate later with one
 426           signed by a root CA.</description>
 427         </variable>
 428
 429         <variable id="ca_ssl_crt" type="file">
 430           <name>Root CA SSL Public Certificate</name>
 431           <value>/etc/planetlab/www_ca_ssl.crt</value>
 432           <description>The certificate of the root CA, if any, that
 433           signed your server certificate. If your server certificate is
 434           self-signed, then this file is the same as your server
 435           certificate.</description>
 436         </variable>
 437       </variablelist>
 438     </category>
 439
 440     <category id="plc_boot">
 441       <name>Boot Server</name>
 442       <description>Boot server definitions. Multiple boot servers
 443       may be brought up for load balancing, but we recommend that a
 444       single DNS round-robin system be implemented so that the
 445       following variables are the same across all of
 446       them.</description>
 447
 448       <variablelist>
 449         <variable id="enabled" type="boolean">
 450           <name>Enabled</name>
 451           <value>true</value>
 452           <description>Enable the boot server on this
 453           machine.</description>
 454         </variable>
 455
 456         <variable id="host" type="hostname">
 457           <name>Hostname</name>
 458           <value>localhost.localdomain</value>
 459           <description>The fully qualified hostname of the boot
 460           server.</description>
 461         </variable>
 462
 463         <variable id="ip" type="ip">
 464           <name>IP Address</name>
 465           <value>127.0.0.1</value>
 466           <description>The IP address of the boot server, if not
 467           resolvable by the configured DNS servers.</description>
 468         </variable>
 469
 470         <variable id="port" type="int">
 471           <name>Port</name>
 472           <value>80</value>
 473           <description>The TCP port number through which the
 474           unprotected portions of the boot server should be
 475           accessed.</description>
 476         </variable>
 477
 478         <variable id="ssl_port" type="int">
 479           <name>SSL Port</name>
 480           <value>443</value>
 481           <description>The TCP port number through which the protected
 482           portions of the boot server should be
 483           accessed.</description>
 484         </variable>
 485
 486         <!-- The following are not actually meant to be configurable
 487              as variables. The web interface should allow the file to
 488              be downloaded, or its contents replaced by a file upload,
 489              but the actual <value> shouldn't need to be changed.  -->
 490
 491         <variable id="ssl_key" type="file">
 492           <name>SSL Private Key</name>
 493           <value>/etc/planetlab/boot_ssl.key</value>
 494           <description>The SSL private key to use for encrypting HTTPS
 495           traffic.</description>
 496         </variable>
 497
 498         <variable id="ssl_crt" type="file">
 499           <name>SSL Public Certificate</name>
 500           <value>/etc/planetlab/boot_ssl.crt</value>
 501           <description>The corresponding SSL public certificate for
 502           the HTTP server. By default, this certificate is
 503           self-signed. You may replace the certificate later with one
 504           signed by a root CA.</description>
 505         </variable>
 506
 507         <variable id="ca_ssl_crt" type="file">
 508           <name>Root CA SSL Public Certificate</name>
 509           <value>/etc/planetlab/boot_ca_ssl.crt</value>
 510           <description>The certificate of the root CA, if any, that
 511           signed your server certificate. If your server certificate is
 512           self-signed, then this file is the same as your server
 513           certificate.</description>
 514         </variable>
 515       </variablelist>
 516     </category>
 517   </variables>
 518
 519   <comps>
 520     <!-- xxx should be deprecated - not used anymore xxx -->
 521     <group>
 522       <id>plc</id>
 523       <name>PlanetLab Central</name>
 524       <default>true</default>
 525       <description>PlanetLab Central Packages</description>
 526       <uservisible>true</uservisible>
 527       <packagelist>
 528         <!-- Basics -->
 529         <packagereq type="mandatory">dev</packagereq>
 530         <packagereq type="mandatory">findutils</packagereq>
 531
 532
 533         <!-- kernel-vserver is intended for the vserver-reference, but
 534              serves the same useful purpose for MyPLC, namely, to
 535              Provide: kernel without actually installing anything. -->
 536         <packagereq type="mandatory">kernel-vserver</packagereq>
 537
 538         <!-- Sending mail -->
 539         <packagereq type="mandatory">sendmail</packagereq>
 540         <packagereq type="mandatory">sendmail-cf</packagereq>
 541
 542         <!-- Caching DNS server -->
 543         <packagereq type="mandatory">dnsmasq</packagereq>
 544
 545         <!-- (Optional) Synchronizing with PLC -->
 546         <packagereq type="mandatory">rsync</packagereq>
 547
 548         <!-- Cron jobs -->
 549         <packagereq type="mandatory">vixie-cron</packagereq>
 550
 551         <!-- Other utilities -->
 552         <packagereq type="mandatory">cvs</packagereq>
 553         <packagereq type="mandatory">curl</packagereq>
 554         <packagereq type="mandatory">wget</packagereq>
 555         <packagereq type="mandatory">less</packagereq>
 556         <packagereq type="mandatory">gzip</packagereq>
 557         <packagereq type="mandatory">bzip2</packagereq>
 558         <packagereq type="mandatory">cpio</packagereq>
 559         <packagereq type="mandatory">tar</packagereq>
 560         <packagereq type="mandatory">diffutils</packagereq>
 561
 562         <!-- yum >=2.2 uses a new repository format -->
 563         <packagereq type="mandatory">createrepo</packagereq>
 564         <packagereq type="mandatory">yum</packagereq>
 565         <packagereq type="mandatory">rpm</packagereq>
 566
 567         <!-- For mkpasswd -->
 568         <packagereq type="mandatory">expect</packagereq>
 569
 570         <!-- For ssh-keygen -->
 571         <packagereq type="mandatory">openssh</packagereq>
 572
 573         <!-- Almost all scripts are written in Python -->
 574         <packagereq type="mandatory">python</packagereq>
 575         <packagereq type="mandatory">python-devel</packagereq>
 576
 577         <!-- Database server -->
 578         <packagereq type="mandatory">postgresql</packagereq>
 579         <packagereq type="mandatory">postgresql-server</packagereq>
 580         <packagereq type="mandatory">postgresql-python</packagereq>
 581
 582         <!-- (Secure) web server -->
 583         <packagereq type="mandatory">httpd</packagereq>
 584         <packagereq type="mandatory">mod_ssl</packagereq>
 585
 586         <!-- Web pages are written primarily in PHP. A few pages still
 587              access the DB directly. -->
 588         <packagereq type="mandatory">php</packagereq>
 589         <packagereq type="mandatory">php-pgsql</packagereq>
 590         <!-- PLCAPI replaces php-xmlrpc -->
 591         <!-- <packagereq type="mandatory">php-xmlrpc</packagereq> -->
 592
 593         <!-- Need GD for ImageCreate(), etc. -->
 594         <packagereq type="mandatory">gd</packagereq>
 595         <packagereq type="mandatory">php-gd</packagereq>
 596         <packagereq type="mandatory">perl-GD</packagereq>
 597
 598         <!-- API server is implemented in mod_python -->
 599         <packagereq type="mandatory">mod_python</packagereq>
 600
 601         <!-- API server uses a few non-standard packages -->
 602         <packagereq type="mandatory">PLCAPI</packagereq>
 603         <packagereq type="mandatory">SOAPpy</packagereq>
 604         <packagereq type="mandatory">PyXML</packagereq>
 605
 606         <!-- API server uses SSL to sign tickets -->
 607         <packagereq type="mandatory">xmlsec1</packagereq>
 608         <packagereq type="mandatory">xmlsec1-openssl</packagereq>
 609         <packagereq type="mandatory">openssl</packagereq>
 610
 611         <!-- Customizable Boot CD and Boot Manager packages -->
 612         <packagereq type="mandatory">bootcd</packagereq>
 613         <packagereq type="mandatory">bootmanager</packagereq>
 614
 615         <!-- PLCWWW now packaged separately from myplc -->
 616         <packagereq type="mandatory">plcwww</packagereq>
 617
 618         <!-- apache user needs root access for building node-dependent images -->
 619         <packagereq type="mandatory">sudo</packagereq>
 620
 621         <!-- OneLab specifics - for convenience -->
 622         <packagereq type="mandatory">vim-minimal</packagereq>
 623         <packagereq type="mandatory">python-imaging</packagereq>
 624
 625       </packagelist>
 626     </group>
 627
 628   </comps>
 629
 630 </configuration>