plc_config.xml

   1 <?xml version="1.0"?>
   2 <!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "configuration.dtd">
   3
   4 <configuration>
   5   <variables>
   6     <category id="plc">
   7       <name>System</name>
   8       <description>Basic system variables. Be sure that the values of
   9       these variables are the same across all machines in your
  10       installation.</description>
  11
  12       <variablelist>
  13         <variable id="name" type="string">
  14           <name>Name</name>
  15           <value>PlanetLab Test</value>
  16           <description>The name of this PLC installation. It is used in
  17           the name of the default system site (e.g., PlanetLab Central)
  18           and in the names of various administrative entities (e.g.,
  19           PlanetLab Support).</description>
  20         </variable>
  21
  22         <variable id="slice_prefix" type="string">
  23           <name>Slice Prefix</name>
  24           <value>pl</value>
  25           <description>The abbreviated name of this PLC
  26           installation. It is used as the prefix for system slices
  27           (e.g., pl_conf). Warning: Currently, this variable should
  28           not be changed once set.</description>
  29         </variable>
  30
  31         <variable id="root_user" type="password">
  32           <name>Root Account</name>
  33           <value>root@test.planet-lab.org</value>
  34           <description>The name of the initial administrative
  35           account. We recommend that this account be used only to create
  36           additional accounts associated with real
  37           administrators, then disabled.</description>
  38         </variable>
  39
  40         <variable id="root_password" type="password">
  41           <name>Root Password</name>
  42           <value>root</value>
  43           <description>The password of the initial administrative
  44           account. Also the password of the root account on the Boot
  45           CD.</description>
  46         </variable>
  47
  48         <!-- The following are not actually meant to be configurable
  49              as variables. The web interface should allow the file to
  50              be downloaded, or its contents replaced by a file upload,
  51              but the actual <value> shouldn't need to be changed.  -->
  52
  53         <variable id="root_ssh_key_pub" type="file">
  54           <name>Root SSH Public Key</name>
  55           <value>/etc/planetlab/root_ssh_key.pub</value>
  56           <description>The SSH public key used to access the root
  57           account on your nodes.</description>
  58         </variable>
  59
  60         <variable id="root_ssh_key" type="file">
  61           <name>Root SSH Private Key</name>
  62           <value>/etc/planetlab/root_ssh_key.rsa</value>
  63           <description>The SSH private key used to access the root
  64           account on your nodes.</description>
  65         </variable>
  66
  67         <variable id="debug_ssh_key_pub" type="file">
  68           <name>Debug SSH Public Key</name>
  69           <value>/etc/planetlab/debug_ssh_key.pub</value>
  70           <description>The SSH public key used to access the root
  71           account on your nodes when they are in Debug mode.</description>
  72         </variable>
  73
  74         <variable id="debug_ssh_key" type="file">
  75           <name>Debug SSH Private Key</name>
  76           <value>/etc/planetlab/debug_ssh_key.rsa</value>
  77           <description>The SSH private key used to access the root
  78           account on your nodes when they are in Debug mode.</description>
  79         </variable>
  80
  81         <variable id="root_gpg_key_pub" type="file">
  82           <name>Root GPG Public Keyring</name>
  83           <value>/etc/planetlab/pubring.gpg</value>
  84           <description>The GPG public keyring used to sign the Boot
  85           Manager and all node packages.</description>
  86         </variable>
  87
  88         <variable id="root_gpg_key" type="file">
  89           <name>Root GPG Private Keyring</name>
  90           <value>/etc/planetlab/secring.gpg</value>
  91           <description>The SSH private key used to access the root
  92           account on your nodes.</description>
  93         </variable>
  94       </variablelist>
  95     </category>
  96
  97     <category id="plc_net">
  98       <name>Network</name>
  99       <description>Network environment.</description>
 100
 101       <variablelist>
 102         <variable id="dns1" type="ip">
 103           <name>Primary DNS Server</name>
 104           <value>128.112.136.10</value>
 105           <description>Primary DNS server address.</description>
 106         </variable>
 107
 108         <variable id="dns2" type="ip">
 109           <name>Secondary DNS Server</name>
 110           <value>128.112.136.12</value>
 111           <description>Secondary DNS server address.</description>
 112         </variable>
 113       </variablelist>
 114     </category>
 115
 116     <category id="plc_mail">
 117       <name>Mail</name>
 118       <description>Many maintenance scripts, as well as the API and
 119       web site themselves, send e-mail notifications and
 120       warnings.</description>
 121
 122       <variablelist>
 123         <variable id="enabled" type="boolean">
 124           <name>Enable Mail</name>
 125           <value>false</value>
 126           <description>Set to false to suppress all e-mail notifications
 127           and warnings.</description>
 128         </variable>
 129
 130         <variable id="support_address">
 131           <name>Support Address</name>
 132           <value>root@localhost</value>
 133           <description>This address is used for support
 134           requests. Support requests may include traffic complaints,
 135           security incident reporting, web site malfunctions, and
 136           general requests for information. We recommend that the
 137           address be aliased to a ticketing system such as Request
 138           Tracker.</description>
 139         </variable>
 140
 141         <variable id="boot_address">
 142           <name>Boot Messages Address</name>
 143           <value>root@localhost</value>
 144           <description>The API will notify this address when a problem
 145           occurs during node installation or boot. If a domain is not
 146           specified, the default system domain will be used
 147           name.</description>
 148         </variable>
 149       </variablelist>
 150     </category>
 151
 152     <category id="plc_db">
 153       <name>Database Server</name>
 154       <description>Database server definitions.</description>
 155
 156       <variablelist>
 157         <variable id="enabled" type="boolean">
 158           <name>Enabled</name>
 159           <value>true</value>
 160           <description>Enable the database server on this
 161           machine.</description>
 162         </variable>
 163
 164         <variable id="type" type="string">
 165           <name>Type</name>
 166           <value>postgresql</value>
 167           <description>The type of database server. Currently, only
 168           postgresql is supported.</description>
 169         </variable>
 170
 171         <variable id="host" type="hostname">
 172           <name>Hostname</name>
 173           <value>localhost</value>
 174           <description>The fully qualified hostname or IP address of
 175           the database server. This hostname must be resolvable and
 176           reachable by the rest of your installation.</description>
 177         </variable>
 178
 179         <variable id="name" type="string">
 180           <name>Database Name</name>
 181           <value>planetlab3</value>
 182           <description>The name of the database to access.</description>
 183         </variable>
 184
 185         <variable id="user" type="string">
 186           <name>Database Username</name>
 187           <value>pgsqluser</value>
 188           <description>The username to use when accessing the
 189           database.</description>
 190         </variable>
 191
 192         <variable id="password" type="password">
 193           <name>Database Password</name>
 194           <value></value>
 195           <description>The password to use when accessing the
 196           database. If left blank, one will be
 197           generated.</description>
 198         </variable>
 199       </variablelist>
 200     </category>
 201
 202     <category id="plc_api">
 203       <name>API Server</name>
 204       <description>API (XML-RPC) server definitions.</description>
 205
 206       <variablelist>
 207         <variable id="enabled" type="boolean">
 208           <name>Enabled</name>
 209           <value>true</value>
 210           <description>Enable the API server on this
 211           machine.</description>
 212         </variable>
 213
 214         <variable id="debug" type="boolean">
 215           <name>Debug</name>
 216           <value>false</value>
 217           <description>Enable verbose API debugging. Do not enable on
 218           a production system!</description>
 219         </variable>
 220
 221         <variable id="host" type="hostname">
 222           <name>Hostname</name>
 223           <value>localhost</value>
 224           <description>The fully qualified hostname or IP address of
 225           the API server. This hostname must be resolvable and
 226           reachable by the rest of your installation, as well as your
 227           nodes.</description>
 228         </variable>
 229
 230         <variable id="ssl_port" type="int">
 231           <name>Port</name>
 232           <value>80</value>
 233           <description>The TCP port number through which the API
 234           should be accessed. Warning: SSL (port 443) access is not
 235           fully supported by the website code yet. We recommend that
 236           port 80 be used for now and that the API server either run
 237           on the same machine as the web server, or that they both be
 238           on a secure wired network.</description>
 239         </variable>
 240
 241         <variable id="path" type="string">
 242           <name>Path</name>
 243           <value>/PLCAPI/</value>
 244           <description>The base path of the API URL.</description>
 245         </variable>
 246
 247         <variable id="maintenance_user" type="string">
 248           <name>Maintenance User</name>
 249           <value>maint@test.planet-lab.org</value>
 250           <description>The username of the maintenance account. This
 251           account is used by local scripts that perform automated
 252           tasks, and cannot be used for normal logins.</description>
 253         </variable>
 254
 255         <variable id="maintenance_password" type="password">
 256           <name>Maintenance Password</name>
 257           <value></value>
 258           <description>The password of the maintenance account. If
 259           left blank, one will be generated. We recommend that the
 260           password be changed periodically.</description>
 261         </variable>
 262
 263         <variable id="maintenance_sources" type="hostname">
 264           <name>Authorized Hosts</name>
 265           <value></value>
 266           <description>A space-separated list of IP addresses allowed
 267           to access the API through the maintenance account. If left
 268           blank, the API, web, and boot servers are
 269           allowed.</description>
 270         </variable>
 271
 272         <!-- The following are not actually meant to be configurable
 273              as variables. The web interface should allow the file to
 274              be downloaded, or its contents replaced by a file upload,
 275              but the actual <value> shouldn't need to be changed.  -->
 276
 277         <variable id="ssl_crt" type="file">
 278           <name>SSL Certificate</name>
 279           <value>/etc/planetlab/api_ssl.crt</value>
 280           <description>The signed SSL certificate to use for HTTPS
 281           access. If not specified or non-existent, a self-signed
 282           certificate will be generated.</description>
 283         </variable>
 284
 285         <variable id="ssl_key" type="file">
 286           <name>SSL Key</name>
 287           <value>/etc/planetlab/api_ssl.key</value>
 288           <description>The corresponding SSL private key. If not
 289           specified or non-existent, a self-signed certificate will be
 290           generated.</description>
 291         </variable>
 292
 293         <variable id="ticket_key" type="file">
 294           <name>Slice Ticket Private Key</name>
 295           <value>/etc/planetlab/slice-ticket-key-nopass.pem</value>
 296           <description>The private PEM key file used to sign slice
 297           tickets.</description>
 298         </variable>
 299
 300         <variable id="ticket_key_pub" type="file">
 301           <name>Slice Ticket Public Key</name>
 302           <value>/etc/planetlab/slice-ticket-key-public.pem</value>
 303           <description>The public PEM key file used to verify signed
 304           slice tickets.</description>
 305         </variable>
 306       </variablelist>
 307     </category>
 308
 309     <category id="plc_www">
 310       <name>Web Server</name>
 311       <description>Web server definitions.</description>
 312
 313       <variablelist>
 314         <variable id="enabled" type="boolean">
 315           <name>Enabled</name>
 316           <value>true</value>
 317           <description>Enable the web server on this
 318           machine.</description>
 319         </variable>
 320
 321         <variable id="debug" type="boolean">
 322           <name>Debug</name>
 323           <value>false</value>
 324           <description>Enable debugging output on web pages. Do not
 325           enable on a production system!</description>
 326         </variable>
 327
 328         <variable id="host" type="hostname">
 329           <name>Hostname</name>
 330           <value>localhost</value>
 331           <description>The fully qualified hostname or IP address of
 332           the web server. This hostname must be resolvable and
 333           reachable by the rest of your installation, as well as your
 334           nodes.</description>
 335         </variable>
 336
 337         <variable id="port" type="int">
 338           <name>Port</name>
 339           <value>80</value>
 340           <description>The TCP port number through which the
 341           unprotected portions of the web site should be
 342           accessed.</description>
 343         </variable>
 344
 345         <variable id="ssl_port" type="int">
 346           <name>SSL Port</name>
 347           <value>443</value>
 348           <description>The TCP port number through which the protected
 349           portions of the web site should be accessed.</description>
 350         </variable>
 351
 352         <!-- The following are not actually meant to be configurable
 353              as variables. The web interface should allow the file to
 354              be downloaded, or its contents replaced by a file upload,
 355              but the actual <value> shouldn't need to be changed.  -->
 356
 357         <variable id="ssl_crt" type="file">
 358           <name>SSL Certificate</name>
 359           <value>/etc/planetlab/www_ssl.crt</value>
 360           <description>The signed SSL certificate to use for HTTPS
 361           access. If not specified or non-existent, a self-signed
 362           certificate will be generated.</description>
 363         </variable>
 364
 365         <variable id="ssl_key" type="file">
 366           <name>SSL Key</name>
 367           <value>/etc/planetlab/www_ssl.key</value>
 368           <description>The corresponding SSL private key. If not
 369           specified or non-existent, a self-signed certificate will be
 370           generated.</description>
 371         </variable>
 372       </variablelist>
 373     </category>
 374
 375     <category id="plc_boot">
 376       <name>Boot Server</name>
 377       <description>Boot server definitions. Multiple boot servers
 378       may be brought up for load balancing, but we recommend that a
 379       single DNS round-robin system be implemented so that the
 380       following variables are the same across all of
 381       them.</description>
 382
 383       <variablelist>
 384         <variable id="enabled" type="boolean">
 385           <name>Enabled</name>
 386           <value>true</value>
 387           <description>Enable the boot server on this
 388           machine.</description>
 389         </variable>
 390
 391         <variable id="host" type="hostname">
 392           <name>Hostname</name>
 393           <value>localhost</value>
 394           <description>The fully qualified hostname or IP address of
 395           the boot server. This hostname must be resolvable and
 396           reachable by the rest of your installation, as well as your
 397           nodes.</description>
 398         </variable>
 399
 400         <variable id="port" type="int">
 401           <name>Port</name>
 402           <value>80</value>
 403           <description>The TCP port number through which the
 404           unprotected portions of the boot server should be
 405           accessed.</description>
 406         </variable>
 407
 408         <variable id="ssl_port" type="int">
 409           <name>SSL Port</name>
 410           <value>443</value>
 411           <description>The TCP port number through which the protected
 412           portions of the boot server should be
 413           accessed.</description>
 414         </variable>
 415
 416         <!-- The following are not actually meant to be configurable
 417              as variables. The web interface should allow the file to
 418              be downloaded, or its contents replaced by a file upload,
 419              but the actual <value> shouldn't need to be changed.  -->
 420
 421         <variable id="ssl_crt" type="binary">
 422           <name>SSL Certificate</name>
 423           <value>/etc/planetlab/boot_ssl.crt</value>
 424           <description>The signed SSL certificate to use for HTTPS
 425           access. If not specified, or non-existent a self-signed
 426           certificate will be generated.</description>
 427         </variable>
 428
 429         <variable id="ssl_key" type="binary">
 430           <name>SSL Key</name>
 431           <value>/etc/planetlab/boot_ssl.key</value>
 432           <description>The corresponding SSL private key. If not
 433           specified or non-existent, a self-signed certificate will be
 434           generated.</description>
 435         </variable>
 436       </variablelist>
 437     </category>
 438   </variables>
 439
 440   <comps>
 441     <group>
 442       <id>plc</id>
 443       <name>PlanetLab Central</name>
 444       <default>true</default>
 445       <description>PlanetLab Central Packages</description>
 446       <uservisible>true</uservisible>
 447       <packagelist>
 448         <!-- Sending mail -->
 449         <packagereq type="mandatory">sendmail</packagereq>
 450         <packagereq type="mandatory">sendmail-cf</packagereq>
 451
 452         <!-- (Optional) Synchronizing with PLC -->
 453         <packagereq type="mandatory">rsync</packagereq>
 454
 455         <!-- Cron jobs -->
 456         <packagereq type="mandatory">vixie-cron</packagereq>
 457
 458         <!-- Other utilities -->
 459         <packagereq type="mandatory">cvs</packagereq>
 460         <packagereq type="mandatory">curl</packagereq>
 461         <packagereq type="mandatory">wget</packagereq>
 462
 463         <!-- yum >=2.2 uses a new repository format -->
 464         <packagereq type="mandatory">createrepo</packagereq>
 465
 466         <!-- For mkpasswd -->
 467         <packagereq type="mandatory">expect</packagereq>
 468
 469         <!-- Almost all scripts are written in Python -->
 470         <packagereq type="mandatory">python</packagereq>
 471
 472         <!-- For various Python scripts that access the API -->
 473         <packagereq type="mandatory">plcapilib</packagereq>
 474
 475         <!-- Database server -->
 476         <packagereq type="mandatory">postgresql</packagereq>
 477         <packagereq type="mandatory">postgresql-server</packagereq>
 478         <packagereq type="mandatory">postgresql-python</packagereq>
 479
 480         <!-- (Secure) web server -->
 481         <packagereq type="mandatory">httpd</packagereq>
 482         <packagereq type="mandatory">mod_ssl</packagereq>
 483
 484         <!-- Web pages are written primarily in PHP. A few pages still
 485              access the DB directly. -->
 486         <packagereq type="mandatory">php</packagereq>
 487         <packagereq type="mandatory">php-pgsql</packagereq>
 488         <packagereq type="mandatory">php-xmlrpc</packagereq>
 489
 490         <!-- Need GD for ImageCreate(), etc. -->
 491         <packagereq type="mandatory">gd</packagereq>
 492         <packagereq type="mandatory">php-gd</packagereq>
 493
 494         <!-- API server is implemented in mod_python -->
 495         <packagereq type="mandatory">mod_python</packagereq>
 496
 497         <!-- API server uses a few non-standard packages -->
 498         <packagereq type="mandatory">PyXML</packagereq>
 499
 500         <!-- API server uses SSL to sign tickets -->
 501         <packagereq type="mandatory">xmlsec1</packagereq>
 502         <packagereq type="mandatory">xmlsec1-openssl</packagereq>
 503         <packagereq type="mandatory">openssl</packagereq>
 504
 505         <!-- bootcd is generated using mkisofs -->
 506         <packagereq type="mandatory">mkisofs</packagereq>
 507
 508         <!-- bootcd and bootmanager images are signed using GPG -->
 509         <packagereq type="mandatory">gnupg</packagereq>
 510
 511         <!-- bootmanager requires uuencode -->
 512         <packagereq type="mandatory">sharutils</packagereq>
 513       </packagelist>
 514     </group>
 515
 516   </comps>
 517
 518 </configuration>