plc_config.xml

   1 <?xml version="1.0" encoding="utf-8"?>
   2
   3 <!--
   4 Default PLC configuration file
   5
   6 Mark Huang <mlhuang@cs.princeton.edu>
   7 Copyright (C) 2006 The Trustees of Princeton University
   8
   9 $Id: plc_config.xml,v 1.11 2006/04/24 18:04:25 mlhuang Exp $
  10 -->
  11
  12 <!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "plc_config.dtd">
  13
  14 <configuration>
  15   <variables>
  16     <category id="plc">
  17       <name>System</name>
  18       <description>Basic system variables. Be sure that the values of
  19       these variables are the same across all machines in your
  20       installation.</description>
  21
  22       <variablelist>
  23         <variable id="name" type="string">
  24           <name>Name</name>
  25           <value>PlanetLab Test</value>
  26           <description>The name of this PLC installation. It is used in
  27           the name of the default system site (e.g., PlanetLab Central)
  28           and in the names of various administrative entities (e.g.,
  29           PlanetLab Support).</description>
  30         </variable>
  31
  32         <variable id="slice_prefix" type="string">
  33           <name>Slice Prefix</name>
  34           <value>pl</value>
  35           <description>The abbreviated name of this PLC
  36           installation. It is used as the prefix for system slices
  37           (e.g., pl_conf). Warning: Currently, this variable should
  38           not be changed.</description>
  39         </variable>
  40
  41         <variable id="root_user" type="email">
  42           <name>Root Account</name>
  43           <value>root@localhost.localdomain</value>
  44           <description>The name of the initial administrative
  45           account. We recommend that this account be used only to create
  46           additional accounts associated with real
  47           administrators, then disabled.</description>
  48         </variable>
  49
  50         <variable id="root_password" type="password">
  51           <name>Root Password</name>
  52           <value>root</value>
  53           <description>The password of the initial administrative
  54           account. Also the password of the root account on the Boot
  55           CD.</description>
  56         </variable>
  57
  58         <!-- The following are not actually meant to be configurable
  59              as variables. The web interface should allow the file to
  60              be downloaded, or its contents replaced by a file upload,
  61              but the actual <value> shouldn't need to be changed.  -->
  62
  63         <variable id="root_ssh_key_pub" type="file">
  64           <name>Root SSH Public Key</name>
  65           <value>/etc/planetlab/root_ssh_key.pub</value>
  66           <description>The SSH public key used to access the root
  67           account on your nodes.</description>
  68         </variable>
  69
  70         <variable id="root_ssh_key" type="file">
  71           <name>Root SSH Private Key</name>
  72           <value>/etc/planetlab/root_ssh_key.rsa</value>
  73           <description>The SSH private key used to access the root
  74           account on your nodes.</description>
  75         </variable>
  76
  77         <variable id="debug_ssh_key_pub" type="file">
  78           <name>Debug SSH Public Key</name>
  79           <value>/etc/planetlab/debug_ssh_key.pub</value>
  80           <description>The SSH public key used to access the root
  81           account on your nodes when they are in Debug mode.</description>
  82         </variable>
  83
  84         <variable id="debug_ssh_key" type="file">
  85           <name>Debug SSH Private Key</name>
  86           <value>/etc/planetlab/debug_ssh_key.rsa</value>
  87           <description>The SSH private key used to access the root
  88           account on your nodes when they are in Debug mode.</description>
  89         </variable>
  90
  91         <variable id="root_gpg_key_pub" type="file">
  92           <name>Root GPG Public Keyring</name>
  93           <value>/etc/planetlab/pubring.gpg</value>
  94           <description>The GPG public keyring used to sign the Boot
  95           Manager and all node packages.</description>
  96         </variable>
  97
  98         <variable id="root_gpg_key" type="file">
  99           <name>Root GPG Private Keyring</name>
 100           <value>/etc/planetlab/secring.gpg</value>
 101           <description>The SSH private key used to access the root
 102           account on your nodes.</description>
 103         </variable>
 104       </variablelist>
 105     </category>
 106
 107     <category id="plc_net">
 108       <name>Network</name>
 109       <description>Network environment.</description>
 110
 111       <variablelist>
 112         <variable id="dns1" type="ip">
 113           <name>Primary DNS Server</name>
 114           <value>128.112.136.10</value>
 115           <description>Primary DNS server address.</description>
 116         </variable>
 117
 118         <variable id="dns2" type="ip">
 119           <name>Secondary DNS Server</name>
 120           <value>128.112.136.12</value>
 121           <description>Secondary DNS server address.</description>
 122         </variable>
 123       </variablelist>
 124     </category>
 125
 126     <category id="plc_mail">
 127       <name>Mail</name>
 128       <description>Many maintenance scripts, as well as the API and
 129       web site themselves, send e-mail notifications and
 130       warnings.</description>
 131
 132       <variablelist>
 133         <variable id="enabled" type="boolean">
 134           <name>Enable Mail</name>
 135           <value>false</value>
 136           <description>Set to false to suppress all e-mail notifications
 137           and warnings.</description>
 138         </variable>
 139
 140         <variable id="support_address" type="email">
 141           <name>Support Address</name>
 142           <value>root+support@localhost.localdomain</value>
 143           <description>This address is used for support
 144           requests. Support requests may include traffic complaints,
 145           security incident reporting, web site malfunctions, and
 146           general requests for information. We recommend that the
 147           address be aliased to a ticketing system such as Request
 148           Tracker.</description>
 149         </variable>
 150
 151         <variable id="boot_address" type="email">
 152           <name>Boot Messages Address</name>
 153           <value>root+install-msgs@localhost.localdomain</value>
 154           <description>The API will notify this address when a problem
 155           occurs during node installation or boot.</description>
 156         </variable>
 157
 158         <variable id="slice_address" type="email">
 159           <name>Slice Address</name>
 160           <value>root+SLICE@localhost.localdomain</value>
 161           <description>This address template is used for sending
 162           e-mail notifications to slices. SLICE will be replaced with
 163           the name of the slice.</description>
 164         </variable>
 165       </variablelist>
 166     </category>
 167
 168     <category id="plc_db">
 169       <name>Database Server</name>
 170       <description>Database server definitions.</description>
 171
 172       <variablelist>
 173         <variable id="enabled" type="boolean">
 174           <name>Enabled</name>
 175           <value>true</value>
 176           <description>Enable the database server on this
 177           machine.</description>
 178         </variable>
 179
 180         <variable id="type" type="string">
 181           <name>Type</name>
 182           <value>postgresql</value>
 183           <description>The type of database server. Currently, only
 184           postgresql is supported.</description>
 185         </variable>
 186
 187         <variable id="host" type="hostname">
 188           <name>Hostname</name>
 189           <value>localhost.localdomain</value>
 190           <description>The fully qualified hostname or IP address of
 191           the database server. This hostname must be resolvable and
 192           reachable by the rest of your installation.</description>
 193         </variable>
 194
 195         <variable id="port" type="int">
 196           <name>Port</name>
 197           <value>5432</value>
 198           <description>The TCP port number through which the database
 199           server should be accessed.</description>
 200         </variable>
 201
 202         <variable id="name" type="string">
 203           <name>Database Name</name>
 204           <value>planetlab3</value>
 205           <description>The name of the database to access.</description>
 206         </variable>
 207
 208         <variable id="user" type="string">
 209           <name>Database Username</name>
 210           <value>pgsqluser</value>
 211           <description>The username to use when accessing the
 212           database.</description>
 213         </variable>
 214
 215         <variable id="password" type="password">
 216           <name>Database Password</name>
 217           <value></value>
 218           <description>The password to use when accessing the
 219           database. If left blank, one will be
 220           generated.</description>
 221         </variable>
 222       </variablelist>
 223     </category>
 224
 225     <category id="plc_api">
 226       <name>API Server</name>
 227       <description>API (XML-RPC) server definitions.</description>
 228
 229       <variablelist>
 230         <variable id="enabled" type="boolean">
 231           <name>Enabled</name>
 232           <value>true</value>
 233           <description>Enable the API server on this
 234           machine.</description>
 235         </variable>
 236
 237         <variable id="debug" type="boolean">
 238           <name>Debug</name>
 239           <value>false</value>
 240           <description>Enable verbose API debugging. Do not enable on
 241           a production system!</description>
 242         </variable>
 243
 244         <variable id="host" type="hostname">
 245           <name>Hostname</name>
 246           <value>localhost.localdomain</value>
 247           <description>The fully qualified hostname or IP address of
 248           the API server. This hostname must be resolvable and
 249           reachable by the rest of your installation, as well as your
 250           nodes.</description>
 251         </variable>
 252
 253         <variable id="port" type="int">
 254           <name>Port</name>
 255           <value>80</value>
 256           <description>The TCP port number through which the API
 257           should be accessed. Warning: SSL (port 443) access is not
 258           fully supported by the website code yet. We recommend that
 259           port 80 be used for now and that the API server either run
 260           on the same machine as the web server, or that they both be
 261           on a secure wired network.</description>
 262         </variable>
 263
 264         <variable id="path" type="string">
 265           <name>Path</name>
 266           <value>/PLCAPI/</value>
 267           <description>The base path of the API URL.</description>
 268         </variable>
 269
 270         <variable id="maintenance_user" type="string">
 271           <name>Maintenance User</name>
 272           <value>maint@localhost.localdomain</value>
 273           <description>The username of the maintenance account. This
 274           account is used by local scripts that perform automated
 275           tasks, and cannot be used for normal logins.</description>
 276         </variable>
 277
 278         <variable id="maintenance_password" type="password">
 279           <name>Maintenance Password</name>
 280           <value></value>
 281           <description>The password of the maintenance account. If
 282           left blank, one will be generated. We recommend that the
 283           password be changed periodically.</description>
 284         </variable>
 285
 286         <variable id="maintenance_sources" type="hostname">
 287           <name>Authorized Hosts</name>
 288           <value></value>
 289           <description>A space-separated list of IP addresses allowed
 290           to access the API through the maintenance account. The value
 291           of this variable is set automatically to allow only the API,
 292           web, and boot servers, and should not be
 293           changed.</description>
 294         </variable>
 295
 296         <!-- The following are not actually meant to be configurable
 297              as variables. The web interface should allow the file to
 298              be downloaded, or its contents replaced by a file upload,
 299              but the actual <value> shouldn't need to be changed.  -->
 300
 301         <variable id="ssl_crt" type="file">
 302           <name>SSL Certificate</name>
 303           <value>/etc/planetlab/api_ssl.crt</value>
 304           <description>The signed SSL certificate to use for HTTPS
 305           access. If not specified or non-existent, a self-signed
 306           certificate will be generated.</description>
 307         </variable>
 308
 309         <variable id="ssl_key" type="file">
 310           <name>SSL Key</name>
 311           <value>/etc/planetlab/api_ssl.key</value>
 312           <description>The corresponding SSL private key used for
 313           signing the certificate, and for signing slice tickets. If
 314           not specified or non-existent, one will be
 315           generated.</description>
 316         </variable>
 317
 318         <variable id="ssl_key_pub" type="file">
 319           <name>SSL Key</name>
 320           <value>/etc/planetlab/api_ssl.pub</value>
 321           <description>The corresponding SSL public key. If not
 322           specified or non-existent, one will be
 323           generated.</description>
 324         </variable>
 325       </variablelist>
 326     </category>
 327
 328     <category id="plc_www">
 329       <name>Web Server</name>
 330       <description>Web server definitions.</description>
 331
 332       <variablelist>
 333         <variable id="enabled" type="boolean">
 334           <name>Enabled</name>
 335           <value>true</value>
 336           <description>Enable the web server on this
 337           machine.</description>
 338         </variable>
 339
 340         <variable id="debug" type="boolean">
 341           <name>Debug</name>
 342           <value>false</value>
 343           <description>Enable debugging output on web pages. Do not
 344           enable on a production system!</description>
 345         </variable>
 346
 347         <variable id="host" type="hostname">
 348           <name>Hostname</name>
 349           <value>localhost.localdomain</value>
 350           <description>The fully qualified hostname or IP address of
 351           the web server. This hostname must be resolvable and
 352           reachable by the rest of your installation, as well as your
 353           nodes.</description>
 354         </variable>
 355
 356         <variable id="port" type="int">
 357           <name>Port</name>
 358           <value>80</value>
 359           <description>The TCP port number through which the
 360           unprotected portions of the web site should be
 361           accessed.</description>
 362         </variable>
 363
 364         <variable id="ssl_port" type="int">
 365           <name>SSL Port</name>
 366           <value>443</value>
 367           <description>The TCP port number through which the protected
 368           portions of the web site should be accessed.</description>
 369         </variable>
 370
 371         <!-- The following are not actually meant to be configurable
 372              as variables. The web interface should allow the file to
 373              be downloaded, or its contents replaced by a file upload,
 374              but the actual <value> shouldn't need to be changed.  -->
 375
 376         <variable id="ssl_crt" type="file">
 377           <name>SSL Certificate</name>
 378           <value>/etc/planetlab/www_ssl.crt</value>
 379           <description>The signed SSL certificate to use for HTTPS
 380           access. If not specified or non-existent, a self-signed
 381           certificate will be generated.</description>
 382         </variable>
 383
 384         <variable id="ssl_key" type="file">
 385           <name>SSL Key</name>
 386           <value>/etc/planetlab/www_ssl.key</value>
 387           <description>The corresponding SSL private key. If not
 388           specified or non-existent, one will be
 389           generated.</description>
 390         </variable>
 391       </variablelist>
 392     </category>
 393
 394     <category id="plc_boot">
 395       <name>Boot Server</name>
 396       <description>Boot server definitions. Multiple boot servers
 397       may be brought up for load balancing, but we recommend that a
 398       single DNS round-robin system be implemented so that the
 399       following variables are the same across all of
 400       them.</description>
 401
 402       <variablelist>
 403         <variable id="enabled" type="boolean">
 404           <name>Enabled</name>
 405           <value>true</value>
 406           <description>Enable the boot server on this
 407           machine.</description>
 408         </variable>
 409
 410         <variable id="host" type="hostname">
 411           <name>Hostname</name>
 412           <value>localhost.localdomain</value>
 413           <description>The fully qualified hostname or IP address of
 414           the boot server. This hostname must be resolvable and
 415           reachable by the rest of your installation, as well as your
 416           nodes.</description>
 417         </variable>
 418
 419         <variable id="port" type="int">
 420           <name>Port</name>
 421           <value>80</value>
 422           <description>The TCP port number through which the
 423           unprotected portions of the boot server should be
 424           accessed.</description>
 425         </variable>
 426
 427         <variable id="ssl_port" type="int">
 428           <name>SSL Port</name>
 429           <value>443</value>
 430           <description>The TCP port number through which the protected
 431           portions of the boot server should be
 432           accessed.</description>
 433         </variable>
 434
 435         <!-- The following are not actually meant to be configurable
 436              as variables. The web interface should allow the file to
 437              be downloaded, or its contents replaced by a file upload,
 438              but the actual <value> shouldn't need to be changed.  -->
 439
 440         <variable id="ssl_crt" type="binary">
 441           <name>SSL Certificate</name>
 442           <value>/etc/planetlab/boot_ssl.crt</value>
 443           <description>The signed SSL certificate to use for HTTPS
 444           access. If not specified, or non-existent a self-signed
 445           certificate will be generated.</description>
 446         </variable>
 447
 448         <variable id="ssl_key" type="binary">
 449           <name>SSL Key</name>
 450           <value>/etc/planetlab/boot_ssl.key</value>
 451           <description>The corresponding SSL private key. If not
 452           specified or non-existent, one will be
 453           generated.</description>
 454         </variable>
 455       </variablelist>
 456     </category>
 457   </variables>
 458
 459   <comps>
 460     <group>
 461       <id>plc</id>
 462       <name>PlanetLab Central</name>
 463       <default>true</default>
 464       <description>PlanetLab Central Packages</description>
 465       <uservisible>true</uservisible>
 466       <packagelist>
 467         <!-- Basics -->
 468         <packagereq type="mandatory">dev</packagereq>
 469
 470         <!-- kernel-vserver is intended for the vserver-reference, but
 471              serves the same useful purpose for MyPLC, namely, to
 472              Provide: kernel without actually installing anything. -->
 473         <packagereq type="mandatory">kernel-vserver</packagereq>
 474
 475         <!-- Sending mail -->
 476         <packagereq type="mandatory">sendmail</packagereq>
 477         <packagereq type="mandatory">sendmail-cf</packagereq>
 478
 479         <!-- (Optional) Synchronizing with PLC -->
 480         <packagereq type="mandatory">rsync</packagereq>
 481
 482         <!-- Cron jobs -->
 483         <packagereq type="mandatory">vixie-cron</packagereq>
 484
 485         <!-- Other utilities -->
 486         <packagereq type="mandatory">cvs</packagereq>
 487         <packagereq type="mandatory">curl</packagereq>
 488         <packagereq type="mandatory">wget</packagereq>
 489         <packagereq type="mandatory">less</packagereq>
 490         <packagereq type="mandatory">gzip</packagereq>
 491         <packagereq type="mandatory">bzip2</packagereq>
 492         <packagereq type="mandatory">cpio</packagereq>
 493         <packagereq type="mandatory">tar</packagereq>
 494         <packagereq type="mandatory">diffutils</packagereq>
 495
 496         <!-- yum >=2.2 uses a new repository format -->
 497         <packagereq type="mandatory">createrepo</packagereq>
 498         <packagereq type="mandatory">yum</packagereq>
 499         <packagereq type="mandatory">rpm</packagereq>
 500
 501         <!-- For mkpasswd -->
 502         <packagereq type="mandatory">expect</packagereq>
 503
 504         <!-- For ssh-keygen -->
 505         <packagereq type="mandatory">openssh</packagereq>
 506
 507         <!-- Almost all scripts are written in Python -->
 508         <packagereq type="mandatory">python</packagereq>
 509
 510         <!-- For various Python scripts that access the API -->
 511         <packagereq type="mandatory">plcapilib</packagereq>
 512
 513         <!-- Database server -->
 514         <packagereq type="mandatory">postgresql</packagereq>
 515         <packagereq type="mandatory">postgresql-server</packagereq>
 516         <packagereq type="mandatory">postgresql-python</packagereq>
 517
 518         <!-- (Secure) web server -->
 519         <packagereq type="mandatory">httpd</packagereq>
 520         <packagereq type="mandatory">mod_ssl</packagereq>
 521
 522         <!-- Web pages are written primarily in PHP. A few pages still
 523              access the DB directly. -->
 524         <packagereq type="mandatory">php</packagereq>
 525         <packagereq type="mandatory">php-pgsql</packagereq>
 526         <packagereq type="mandatory">php-xmlrpc</packagereq>
 527
 528         <!-- Need GD for ImageCreate(), etc. -->
 529         <packagereq type="mandatory">gd</packagereq>
 530         <packagereq type="mandatory">php-gd</packagereq>
 531
 532         <!-- API server is implemented in mod_python -->
 533         <packagereq type="mandatory">mod_python</packagereq>
 534
 535         <!-- API server uses a few non-standard packages -->
 536         <packagereq type="mandatory">PyXML</packagereq>
 537
 538         <!-- API server uses SSL to sign tickets -->
 539         <packagereq type="mandatory">xmlsec1</packagereq>
 540         <packagereq type="mandatory">xmlsec1-openssl</packagereq>
 541         <packagereq type="mandatory">openssl</packagereq>
 542
 543         <!-- Customizable Boot CD and Boot Manager packages -->
 544         <packagereq type="mandatory">bootcd</packagereq>
 545         <packagereq type="mandatory">bootmanager</packagereq>
 546       </packagelist>
 547     </group>
 548
 549   </comps>
 550
 551 </configuration>