plc_config.xml

   1 <?xml version="1.0" encoding="utf-8"?>
   2
   3 <!--
   4 Default PLC configuration file
   5
   6 Mark Huang <mlhuang@cs.princeton.edu>
   7 Copyright (C) 2006 The Trustees of Princeton University
   8
   9 $Id: plc_config.xml,v 1.15 2006/07/10 21:04:17 mlhuang Exp $
  10 -->
  11
  12 <!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "plc_config.dtd">
  13
  14 <configuration>
  15   <variables>
  16     <category id="plc">
  17       <name>System</name>
  18       <description>Basic system variables. Be sure that the values of
  19       these variables are the same across all machines in your
  20       installation.</description>
  21
  22       <variablelist>
  23         <variable id="name" type="string">
  24           <name>Name</name>
  25           <value>PlanetLab Test</value>
  26           <description>The name of this PLC installation. It is used in
  27           the name of the default system site (e.g., PlanetLab Central)
  28           and in the names of various administrative entities (e.g.,
  29           PlanetLab Support).</description>
  30         </variable>
  31
  32         <variable id="slice_prefix" type="string">
  33           <name>Slice Prefix</name>
  34           <value>pl</value>
  35           <description>The abbreviated name of this PLC
  36           installation. It is used as the prefix for system slices
  37           (e.g., pl_conf). Warning: Currently, this variable should
  38           not be changed.</description>
  39         </variable>
  40
  41         <variable id="root_user" type="email">
  42           <name>Root Account</name>
  43           <value>root@localhost.localdomain</value>
  44           <description>The name of the initial administrative
  45           account. We recommend that this account be used only to create
  46           additional accounts associated with real
  47           administrators, then disabled.</description>
  48         </variable>
  49
  50         <variable id="root_password" type="password">
  51           <name>Root Password</name>
  52           <value>root</value>
  53           <description>The password of the initial administrative
  54           account. Also the password of the root account on the Boot
  55           CD.</description>
  56         </variable>
  57
  58         <!-- The following are not actually meant to be configurable
  59              as variables. The web interface should allow the file to
  60              be downloaded, or its contents replaced by a file upload,
  61              but the actual <value> shouldn't need to be changed.  -->
  62
  63         <variable id="root_ssh_key_pub" type="file">
  64           <name>Root SSH Public Key</name>
  65           <value>/etc/planetlab/root_ssh_key.pub</value>
  66           <description>The SSH public key used to access the root
  67           account on your nodes.</description>
  68         </variable>
  69
  70         <variable id="root_ssh_key" type="file">
  71           <name>Root SSH Private Key</name>
  72           <value>/etc/planetlab/root_ssh_key.rsa</value>
  73           <description>The SSH private key used to access the root
  74           account on your nodes.</description>
  75         </variable>
  76
  77         <variable id="debug_ssh_key_pub" type="file">
  78           <name>Debug SSH Public Key</name>
  79           <value>/etc/planetlab/debug_ssh_key.pub</value>
  80           <description>The SSH public key used to access the root
  81           account on your nodes when they are in Debug mode.</description>
  82         </variable>
  83
  84         <variable id="debug_ssh_key" type="file">
  85           <name>Debug SSH Private Key</name>
  86           <value>/etc/planetlab/debug_ssh_key.rsa</value>
  87           <description>The SSH private key used to access the root
  88           account on your nodes when they are in Debug mode.</description>
  89         </variable>
  90
  91         <variable id="root_gpg_key_pub" type="file">
  92           <name>Root GPG Public Keyring</name>
  93           <value>/etc/planetlab/pubring.gpg</value>
  94           <description>The GPG public keyring used to sign the Boot
  95           Manager and all node packages.</description>
  96         </variable>
  97
  98         <variable id="root_gpg_key" type="file">
  99           <name>Root GPG Private Keyring</name>
 100           <value>/etc/planetlab/secring.gpg</value>
 101           <description>The SSH private key used to access the root
 102           account on your nodes.</description>
 103         </variable>
 104       </variablelist>
 105     </category>
 106
 107     <category id="plc_ma_sa">
 108       <name>Management and Slice Authority</name>
 109       <description>These variables control how your site interacts
 110       with other PlanetLab sites as a Management Authority (MA) and/or
 111       Slice Authority (SA).</description>
 112
 113       <variablelist>
 114         <variable id="namespace" type="ip">
 115           <name>Namespace</name>
 116           <value>test</value>
 117           <description>The namespace of your MA/SA. This should be a
 118           globally unique value assigned by PlanetLab
 119           Central.</description>
 120         </variable>
 121
 122         <variable id="ssl_key" type="file">
 123           <name>SSL Private Key</name>
 124           <value>/etc/planetlab/ma_sa_ssl.key</value>
 125           <description>The SSL private key used for signing documents
 126           with the signature of your MA/SA. If non-existent, one will
 127           be generated.</description>
 128         </variable>
 129
 130         <variable id="ssl_crt" type="file">
 131           <name>SSL Public Certificate</name>
 132           <value>/etc/planetlab/ma_sa_ssl.crt</value>
 133           <description>The corresponding SSL public certificate. By
 134           default, this certificate is self-signed. You may replace
 135           the certificate later with one signed by the PLC root
 136           CA.</description>
 137         </variable>
 138
 139         <variable id="ca_ssl_crt" type="file">
 140           <name>Root CA SSL Public Certificate</name>
 141           <value>/etc/planetlab/ma_sa_ca_ssl.crt</value>
 142           <description>If applicable, the certificate of the PLC root
 143           CA. If your MA/SA certificate is self-signed, then this file
 144           is the same as your MA/SA certificate.</description>
 145         </variable>
 146
 147         <variable id="ca_ssl_key_pub" type="file">
 148           <name>Root CA SSL Public Key</name>
 149           <value>/etc/planetlab/ma_sa_ca_ssl.pub</value>
 150           <description>If applicable, the public key of the PLC root
 151           CA. If your MA/SA certificate is self-signed, then this file
 152           is the same as your MA/SA public key.</description>
 153         </variable>
 154
 155         <variable id="api_crt" type="file">
 156           <name>API Certificate</name>
 157           <value>/etc/planetlab/ma_sa_api.xml</value>
 158           <description>The API Certificate is your MA/SA public key
 159           embedded in a digitally signed XML document. By default,
 160           this document is self-signed. You may replace this
 161           certificate later with one signed by the PLC root
 162           CA.</description>
 163         </variable>
 164       </variablelist>
 165     </category>
 166
 167     <category id="plc_net">
 168       <name>Network</name>
 169       <description>Network environment.</description>
 170
 171       <variablelist>
 172         <variable id="dns1" type="ip">
 173           <name>Primary DNS Server</name>
 174           <value>127.0.0.1</value>
 175           <description>Primary DNS server address.</description>
 176         </variable>
 177
 178         <variable id="dns2" type="ip">
 179           <name>Secondary DNS Server</name>
 180           <value></value>
 181           <description>Secondary DNS server address.</description>
 182         </variable>
 183       </variablelist>
 184     </category>
 185
 186     <category id="plc_dns">
 187       <name>DNS</name>
 188       <description>MyPLC can provide forward DNS resolution for itself
 189       and for its nodes. To enable resolution for MyPLC itself, set
 190       the Primary DNS Server address to 127.0.0.1 and provide external
 191       IP addresses for the database, API, web, and boot servers
 192       below. To enable resolution for nodes, use the external IP
 193       address of this machine as the primary DNS server address for
 194       each node.</description>
 195
 196       <variablelist>
 197         <variable id="enabled" type="boolean">
 198           <name>Enable DNS</name>
 199           <value>true</value>
 200           <description>Enable the internal DNS server. The server does
 201           not provide reverse resolution and is not a production
 202           quality or scalable DNS solution. Use the internal DNS
 203           server only for small deployments or for
 204           testing.</description>
 205         </variable>
 206       </variablelist>
 207     </category>
 208
 209     <category id="plc_mail">
 210       <name>Mail</name>
 211       <description>Many maintenance scripts, as well as the API and
 212       web site themselves, send e-mail notifications and
 213       warnings.</description>
 214
 215       <variablelist>
 216         <variable id="enabled" type="boolean">
 217           <name>Enable Mail</name>
 218           <value>false</value>
 219           <description>Set to false to suppress all e-mail notifications
 220           and warnings.</description>
 221         </variable>
 222
 223         <variable id="support_address" type="email">
 224           <name>Support Address</name>
 225           <value>root+support@localhost.localdomain</value>
 226           <description>This address is used for support
 227           requests. Support requests may include traffic complaints,
 228           security incident reporting, web site malfunctions, and
 229           general requests for information. We recommend that the
 230           address be aliased to a ticketing system such as Request
 231           Tracker.</description>
 232         </variable>
 233
 234         <variable id="boot_address" type="email">
 235           <name>Boot Messages Address</name>
 236           <value>root+install-msgs@localhost.localdomain</value>
 237           <description>The API will notify this address when a problem
 238           occurs during node installation or boot.</description>
 239         </variable>
 240
 241         <variable id="slice_address" type="email">
 242           <name>Slice Address</name>
 243           <value>root+SLICE@localhost.localdomain</value>
 244           <description>This address template is used for sending
 245           e-mail notifications to slices. SLICE will be replaced with
 246           the name of the slice.</description>
 247         </variable>
 248       </variablelist>
 249     </category>
 250
 251     <category id="plc_db">
 252       <name>Database Server</name>
 253       <description>Database server definitions.</description>
 254
 255       <variablelist>
 256         <variable id="enabled" type="boolean">
 257           <name>Enabled</name>
 258           <value>true</value>
 259           <description>Enable the database server on this
 260           machine.</description>
 261         </variable>
 262
 263         <variable id="type" type="string">
 264           <name>Type</name>
 265           <value>postgresql</value>
 266           <description>The type of database server. Currently, only
 267           postgresql is supported.</description>
 268         </variable>
 269
 270         <variable id="host" type="hostname">
 271           <name>Hostname</name>
 272           <value>localhost.localdomain</value>
 273           <description>The fully qualified hostname of the database
 274           server.</description>
 275         </variable>
 276
 277         <variable id="ip" type="ip">
 278           <name>IP Address</name>
 279           <value>127.0.0.1</value>
 280           <description>The IP address of the database server, if not
 281           resolvable by the configured DNS servers.</description>
 282         </variable>
 283
 284         <variable id="port" type="int">
 285           <name>Port</name>
 286           <value>5432</value>
 287           <description>The TCP port number through which the database
 288           server should be accessed.</description>
 289         </variable>
 290
 291         <variable id="name" type="string">
 292           <name>Database Name</name>
 293           <value>planetlab3</value>
 294           <description>The name of the database to access.</description>
 295         </variable>
 296
 297         <variable id="user" type="string">
 298           <name>Database Username</name>
 299           <value>pgsqluser</value>
 300           <description>The username to use when accessing the
 301           database.</description>
 302         </variable>
 303
 304         <variable id="password" type="password">
 305           <name>Database Password</name>
 306           <value></value>
 307           <description>The password to use when accessing the
 308           database. If left blank, one will be
 309           generated.</description>
 310         </variable>
 311       </variablelist>
 312     </category>
 313
 314     <category id="plc_api">
 315       <name>API Server</name>
 316       <description>API (XML-RPC) server definitions.</description>
 317
 318       <variablelist>
 319         <variable id="enabled" type="boolean">
 320           <name>Enabled</name>
 321           <value>true</value>
 322           <description>Enable the API server on this
 323           machine.</description>
 324         </variable>
 325
 326         <variable id="debug" type="boolean">
 327           <name>Debug</name>
 328           <value>false</value>
 329           <description>Enable verbose API debugging. Do not enable on
 330           a production system!</description>
 331         </variable>
 332
 333         <variable id="host" type="hostname">
 334           <name>Hostname</name>
 335           <value>localhost.localdomain</value>
 336           <description>The fully qualified hostname of the API
 337           server.</description>
 338         </variable>
 339
 340         <variable id="ip" type="ip">
 341           <name>IP Address</name>
 342           <value>127.0.0.1</value>
 343           <description>The IP address of the API server, if not
 344           resolvable by the configured DNS servers.</description>
 345         </variable>
 346
 347         <variable id="port" type="int">
 348           <name>Port</name>
 349           <value>80</value>
 350           <description>The TCP port number through which the API
 351           should be accessed. Warning: SSL (port 443) access is not
 352           fully supported by the website code yet. We recommend that
 353           port 80 be used for now and that the API server either run
 354           on the same machine as the web server, or that they both be
 355           on a secure wired network.</description>
 356         </variable>
 357
 358         <variable id="path" type="string">
 359           <name>Path</name>
 360           <value>/PLCAPI/</value>
 361           <description>The base path of the API URL.</description>
 362         </variable>
 363
 364         <variable id="maintenance_user" type="string">
 365           <name>Maintenance User</name>
 366           <value>maint@localhost.localdomain</value>
 367           <description>The username of the maintenance account. This
 368           account is used by local scripts that perform automated
 369           tasks, and cannot be used for normal logins.</description>
 370         </variable>
 371
 372         <variable id="maintenance_password" type="password">
 373           <name>Maintenance Password</name>
 374           <value></value>
 375           <description>The password of the maintenance account. If
 376           left blank, one will be generated. We recommend that the
 377           password be changed periodically.</description>
 378         </variable>
 379
 380         <variable id="maintenance_sources" type="hostname">
 381           <name>Authorized Hosts</name>
 382           <value></value>
 383           <description>A space-separated list of IP addresses allowed
 384           to access the API through the maintenance account. The value
 385           of this variable is set automatically to allow only the API,
 386           web, and boot servers, and should not be
 387           changed.</description>
 388         </variable>
 389
 390         <!-- The following are not actually meant to be configurable
 391              as variables. The web interface should allow the file to
 392              be downloaded, or its contents replaced by a file upload,
 393              but the actual <value> shouldn't need to be changed.  -->
 394
 395         <variable id="ssl_key" type="file">
 396           <name>SSL Private Key</name>
 397           <value>/etc/planetlab/api_ssl.key</value>
 398           <description>The SSL private key to use for encrypting HTTPS
 399           traffic. If non-existent, one will be
 400           generated.</description>
 401         </variable>
 402
 403         <variable id="ssl_crt" type="file">
 404           <name>SSL Public Certificate</name>
 405           <value>/etc/planetlab/api_ssl.crt</value>
 406           <description>The corresponding SSL public certificate. By
 407           default, this certificate is self-signed. You may replace
 408           the certificate later with one signed by a root
 409           CA.</description>
 410         </variable>
 411
 412         <variable id="ca_ssl_crt" type="file">
 413           <name>Root CA SSL Public Certificate</name>
 414           <value>/etc/planetlab/api_ca_ssl.crt</value>
 415           <description>The certificate of the root CA, if any, that
 416           signed your server certificate. If your server certificate is
 417           self-signed, then this file is the same as your server
 418           certificate.</description>
 419         </variable>
 420       </variablelist>
 421     </category>
 422
 423     <category id="plc_www">
 424       <name>Web Server</name>
 425       <description>Web server definitions.</description>
 426
 427       <variablelist>
 428         <variable id="enabled" type="boolean">
 429           <name>Enabled</name>
 430           <value>true</value>
 431           <description>Enable the web server on this
 432           machine.</description>
 433         </variable>
 434
 435         <variable id="debug" type="boolean">
 436           <name>Debug</name>
 437           <value>false</value>
 438           <description>Enable debugging output on web pages. Do not
 439           enable on a production system!</description>
 440         </variable>
 441
 442         <variable id="host" type="hostname">
 443           <name>Hostname</name>
 444           <value>localhost.localdomain</value>
 445           <description>The fully qualified hostname of the web
 446           server.</description>
 447         </variable>
 448
 449         <variable id="ip" type="ip">
 450           <name>IP Address</name>
 451           <value>127.0.0.1</value>
 452           <description>The IP address of the web server, if not
 453           resolvable by the configured DNS servers.</description>
 454         </variable>
 455
 456         <variable id="port" type="int">
 457           <name>Port</name>
 458           <value>80</value>
 459           <description>The TCP port number through which the
 460           unprotected portions of the web site should be
 461           accessed.</description>
 462         </variable>
 463
 464         <variable id="ssl_port" type="int">
 465           <name>SSL Port</name>
 466           <value>443</value>
 467           <description>The TCP port number through which the protected
 468           portions of the web site should be accessed.</description>
 469         </variable>
 470
 471         <!-- The following are not actually meant to be configurable
 472              as variables. The web interface should allow the file to
 473              be downloaded, or its contents replaced by a file upload,
 474              but the actual <value> shouldn't need to be changed.  -->
 475
 476         <variable id="ssl_key" type="file">
 477           <name>SSL Private Key</name>
 478           <value>/etc/planetlab/www_ssl.key</value>
 479           <description>The SSL private key to use for encrypting HTTPS
 480           traffic. If non-existent, one will be
 481           generated.</description>
 482         </variable>
 483
 484         <variable id="ssl_crt" type="file">
 485           <name>SSL Public Certificate</name>
 486           <value>/etc/planetlab/www_ssl.crt</value>
 487           <description>The corresponding SSL public certificate for
 488           the HTTP server. By default, this certificate is
 489           self-signed. You may replace the certificate later with one
 490           signed by a root CA.</description>
 491         </variable>
 492
 493         <variable id="ca_ssl_crt" type="file">
 494           <name>Root CA SSL Public Certificate</name>
 495           <value>/etc/planetlab/www_ca_ssl.crt</value>
 496           <description>The certificate of the root CA, if any, that
 497           signed your server certificate. If your server certificate is
 498           self-signed, then this file is the same as your server
 499           certificate.</description>
 500         </variable>
 501       </variablelist>
 502     </category>
 503
 504     <category id="plc_boot">
 505       <name>Boot Server</name>
 506       <description>Boot server definitions. Multiple boot servers
 507       may be brought up for load balancing, but we recommend that a
 508       single DNS round-robin system be implemented so that the
 509       following variables are the same across all of
 510       them.</description>
 511
 512       <variablelist>
 513         <variable id="enabled" type="boolean">
 514           <name>Enabled</name>
 515           <value>true</value>
 516           <description>Enable the boot server on this
 517           machine.</description>
 518         </variable>
 519
 520         <variable id="host" type="hostname">
 521           <name>Hostname</name>
 522           <value>localhost.localdomain</value>
 523           <description>The fully qualified hostname of the boot
 524           server.</description>
 525         </variable>
 526
 527         <variable id="ip" type="ip">
 528           <name>IP Address</name>
 529           <value>127.0.0.1</value>
 530           <description>The IP address of the boot server, if not
 531           resolvable by the configured DNS servers.</description>
 532         </variable>
 533
 534         <variable id="port" type="int">
 535           <name>Port</name>
 536           <value>80</value>
 537           <description>The TCP port number through which the
 538           unprotected portions of the boot server should be
 539           accessed.</description>
 540         </variable>
 541
 542         <variable id="ssl_port" type="int">
 543           <name>SSL Port</name>
 544           <value>443</value>
 545           <description>The TCP port number through which the protected
 546           portions of the boot server should be
 547           accessed.</description>
 548         </variable>
 549
 550         <!-- The following are not actually meant to be configurable
 551              as variables. The web interface should allow the file to
 552              be downloaded, or its contents replaced by a file upload,
 553              but the actual <value> shouldn't need to be changed.  -->
 554
 555         <variable id="ssl_key" type="file">
 556           <name>SSL Private Key</name>
 557           <value>/etc/planetlab/boot_ssl.key</value>
 558           <description>The SSL private key to use for encrypting HTTPS
 559           traffic.</description>
 560         </variable>
 561
 562         <variable id="ssl_crt" type="file">
 563           <name>SSL Public Certificate</name>
 564           <value>/etc/planetlab/boot_ssl.crt</value>
 565           <description>The corresponding SSL public certificate for
 566           the HTTP server. By default, this certificate is
 567           self-signed. You may replace the certificate later with one
 568           signed by a root CA.</description>
 569         </variable>
 570
 571         <variable id="ca_ssl_crt" type="file">
 572           <name>Root CA SSL Public Certificate</name>
 573           <value>/etc/planetlab/boot_ca_ssl.crt</value>
 574           <description>The certificate of the root CA, if any, that
 575           signed your server certificate. If your server certificate is
 576           self-signed, then this file is the same as your server
 577           certificate.</description>
 578         </variable>
 579       </variablelist>
 580     </category>
 581   </variables>
 582
 583   <comps>
 584     <group>
 585       <id>plc</id>
 586       <name>PlanetLab Central</name>
 587       <default>true</default>
 588       <description>PlanetLab Central Packages</description>
 589       <uservisible>true</uservisible>
 590       <packagelist>
 591         <!-- Basics -->
 592         <packagereq type="mandatory">dev</packagereq>
 593
 594         <!-- kernel-vserver is intended for the vserver-reference, but
 595              serves the same useful purpose for MyPLC, namely, to
 596              Provide: kernel without actually installing anything. -->
 597         <packagereq type="mandatory">kernel-vserver</packagereq>
 598
 599         <!-- Sending mail -->
 600         <packagereq type="mandatory">sendmail</packagereq>
 601         <packagereq type="mandatory">sendmail-cf</packagereq>
 602
 603         <!-- Caching DNS server -->
 604         <packagereq type="mandatory">dnsmasq</packagereq>
 605
 606         <!-- (Optional) Synchronizing with PLC -->
 607         <packagereq type="mandatory">rsync</packagereq>
 608
 609         <!-- Cron jobs -->
 610         <packagereq type="mandatory">vixie-cron</packagereq>
 611
 612         <!-- Other utilities -->
 613         <packagereq type="mandatory">cvs</packagereq>
 614         <packagereq type="mandatory">curl</packagereq>
 615         <packagereq type="mandatory">wget</packagereq>
 616         <packagereq type="mandatory">less</packagereq>
 617         <packagereq type="mandatory">gzip</packagereq>
 618         <packagereq type="mandatory">bzip2</packagereq>
 619         <packagereq type="mandatory">cpio</packagereq>
 620         <packagereq type="mandatory">tar</packagereq>
 621         <packagereq type="mandatory">diffutils</packagereq>
 622
 623         <!-- yum >=2.2 uses a new repository format -->
 624         <packagereq type="mandatory">createrepo</packagereq>
 625         <packagereq type="mandatory">yum</packagereq>
 626         <packagereq type="mandatory">rpm</packagereq>
 627
 628         <!-- For mkpasswd -->
 629         <packagereq type="mandatory">expect</packagereq>
 630
 631         <!-- For ssh-keygen -->
 632         <packagereq type="mandatory">openssh</packagereq>
 633
 634         <!-- Almost all scripts are written in Python -->
 635         <packagereq type="mandatory">python</packagereq>
 636
 637         <!-- For various Python scripts that access the API -->
 638         <packagereq type="mandatory">plcapilib</packagereq>
 639
 640         <!-- Database server -->
 641         <packagereq type="mandatory">postgresql</packagereq>
 642         <packagereq type="mandatory">postgresql-server</packagereq>
 643         <packagereq type="mandatory">postgresql-python</packagereq>
 644
 645         <!-- (Secure) web server -->
 646         <packagereq type="mandatory">httpd</packagereq>
 647         <packagereq type="mandatory">mod_ssl</packagereq>
 648
 649         <!-- Web pages are written primarily in PHP. A few pages still
 650              access the DB directly. -->
 651         <packagereq type="mandatory">php</packagereq>
 652         <packagereq type="mandatory">php-pgsql</packagereq>
 653         <packagereq type="mandatory">php-xmlrpc</packagereq>
 654
 655         <!-- Need GD for ImageCreate(), etc. -->
 656         <packagereq type="mandatory">gd</packagereq>
 657         <packagereq type="mandatory">php-gd</packagereq>
 658
 659         <!-- API server is implemented in mod_python -->
 660         <packagereq type="mandatory">mod_python</packagereq>
 661
 662         <!-- API server uses a few non-standard packages -->
 663         <packagereq type="mandatory">PyXML</packagereq>
 664         <packagereq type="mandatory">PlanetLabAuth</packagereq>
 665
 666         <!-- API server uses SSL to sign tickets -->
 667         <packagereq type="mandatory">xmlsec1</packagereq>
 668         <packagereq type="mandatory">xmlsec1-openssl</packagereq>
 669         <packagereq type="mandatory">openssl</packagereq>
 670
 671         <!-- Customizable Boot CD and Boot Manager packages -->
 672         <packagereq type="mandatory">bootcd</packagereq>
 673         <packagereq type="mandatory">bootmanager</packagereq>
 674       </packagelist>
 675     </group>
 676
 677   </comps>
 678
 679 </configuration>