1 <?xml version="1.0" encoding="utf-8"?>
4 Default PLC configuration file
6 Mark Huang <mlhuang@cs.princeton.edu>
7 Copyright (C) 2006 The Trustees of Princeton University
9 $Id: plc_config.xml,v 1.13 2006/05/23 18:14:47 mlhuang Exp $
12 <!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "plc_config.dtd">
18 <description>Basic system variables. Be sure that the values of
19 these variables are the same across all machines in your
20 installation.</description>
23 <variable id="name" type="string">
25 <value>PlanetLab Test</value>
26 <description>The name of this PLC installation. It is used in
27 the name of the default system site (e.g., PlanetLab Central)
28 and in the names of various administrative entities (e.g.,
29 PlanetLab Support).</description>
32 <variable id="slice_prefix" type="string">
33 <name>Slice Prefix</name>
35 <description>The abbreviated name of this PLC
36 installation. It is used as the prefix for system slices
37 (e.g., pl_conf). Warning: Currently, this variable should
38 not be changed.</description>
41 <variable id="root_user" type="email">
42 <name>Root Account</name>
43 <value>root@localhost.localdomain</value>
44 <description>The name of the initial administrative
45 account. We recommend that this account be used only to create
46 additional accounts associated with real
47 administrators, then disabled.</description>
50 <variable id="root_password" type="password">
51 <name>Root Password</name>
53 <description>The password of the initial administrative
54 account. Also the password of the root account on the Boot
58 <!-- The following are not actually meant to be configurable
59 as variables. The web interface should allow the file to
60 be downloaded, or its contents replaced by a file upload,
61 but the actual <value> shouldn't need to be changed. -->
63 <variable id="root_ssh_key_pub" type="file">
64 <name>Root SSH Public Key</name>
65 <value>/etc/planetlab/root_ssh_key.pub</value>
66 <description>The SSH public key used to access the root
67 account on your nodes.</description>
70 <variable id="root_ssh_key" type="file">
71 <name>Root SSH Private Key</name>
72 <value>/etc/planetlab/root_ssh_key.rsa</value>
73 <description>The SSH private key used to access the root
74 account on your nodes.</description>
77 <variable id="debug_ssh_key_pub" type="file">
78 <name>Debug SSH Public Key</name>
79 <value>/etc/planetlab/debug_ssh_key.pub</value>
80 <description>The SSH public key used to access the root
81 account on your nodes when they are in Debug mode.</description>
84 <variable id="debug_ssh_key" type="file">
85 <name>Debug SSH Private Key</name>
86 <value>/etc/planetlab/debug_ssh_key.rsa</value>
87 <description>The SSH private key used to access the root
88 account on your nodes when they are in Debug mode.</description>
91 <variable id="root_gpg_key_pub" type="file">
92 <name>Root GPG Public Keyring</name>
93 <value>/etc/planetlab/pubring.gpg</value>
94 <description>The GPG public keyring used to sign the Boot
95 Manager and all node packages.</description>
98 <variable id="root_gpg_key" type="file">
99 <name>Root GPG Private Keyring</name>
100 <value>/etc/planetlab/secring.gpg</value>
101 <description>The SSH private key used to access the root
102 account on your nodes.</description>
105 <variable id="root_ca_ssl_key" type="file">
106 <name>Root CA SSL Private Key</name>
107 <value>/etc/planetlab/root_ca_ssl.key</value>
108 <description>The SSL private key used for signing all other
109 generated certificates. If non-existent, one will be
110 generated.</description>
113 <variable id="root_ca_ssl_key_pub" type="file">
114 <name>Root CA SSL Public Key</name>
115 <value>/etc/planetlab/root_ca_ssl.pub</value>
116 <description>The corresponding SSL public key.</description>
119 <variable id="root_ca_ssl_crt" type="file">
120 <name>Root CA SSL Public Certificate</name>
121 <value>/etc/planetlab/root_ca_ssl.crt</value>
122 <description>The corresponding SSL public
123 certificate.</description>
128 <category id="plc_ma_sa">
129 <name>Management and Slice Authority</name>
130 <description>These variables control how your site interacts
131 with other PlanetLab sites as a Management Authority (MA) and/or
132 Slice Authority (SA).</description>
135 <variable id="namespace" type="ip">
136 <name>Namespace</name>
138 <description>The namespace of your MA/SA. This should be a
139 globally unique value assigned by PlanetLab
140 Central.</description>
143 <variable id="ssl_key" type="file">
144 <name>SSL Private Key</name>
145 <value>/etc/planetlab/ma_sa_ssl.key</value>
146 <description>The SSL private key used for signing documents
147 with the signature of your MA/SA. If non-existent, one will
148 be generated.</description>
151 <variable id="ssl_key_pub" type="file">
152 <name>SSL Public Key</name>
153 <value>/etc/planetlab/ma_sa_ssl.pub</value>
154 <description>The corresponding SSL public key.</description>
157 <variable id="ssl_crt" type="file">
158 <name>SSL Public Certificate</name>
159 <value>/etc/planetlab/ma_sa_ssl.crt</value>
160 <description>The corresponding SSL public certificate,
161 signed by the root CA.</description>
164 <variable id="api_crt" type="file">
165 <name>API Certificate</name>
166 <value>/etc/planetlab/ma_sa_api.xml</value>
167 <description>The API Certificate for your MA/SA is the SSL
168 public key for your MA/SA embedded in an XML document and
169 signed by the root CA SSL private key. The API Certificate
170 can be used by any PlanetLab node managed by any MA, to
171 verify that your MA/SA public key is valid.</description>
176 <category id="plc_net">
178 <description>Network environment.</description>
181 <variable id="dns1" type="ip">
182 <name>Primary DNS Server</name>
183 <value>127.0.0.1</value>
184 <description>Primary DNS server address.</description>
187 <variable id="dns2" type="ip">
188 <name>Secondary DNS Server</name>
190 <description>Secondary DNS server address.</description>
195 <category id="plc_dns">
197 <description>MyPLC can provide forward DNS resolution for itself
198 and for its nodes. To enable resolution for MyPLC itself, set
199 the Primary DNS Server address to 127.0.0.1 and provide external
200 IP addresses for the database, API, web, and boot servers
201 below. To enable resolution for nodes, use the external IP
202 address of this machine as the primary DNS server address for
203 each node.</description>
206 <variable id="enabled" type="boolean">
207 <name>Enable DNS</name>
209 <description>Enable the internal DNS server. The server does
210 not provide reverse resolution and is not a production
211 quality or scalable DNS solution. Use the internal DNS
212 server only for small deployments or for
213 testing.</description>
218 <category id="plc_mail">
220 <description>Many maintenance scripts, as well as the API and
221 web site themselves, send e-mail notifications and
222 warnings.</description>
225 <variable id="enabled" type="boolean">
226 <name>Enable Mail</name>
228 <description>Set to false to suppress all e-mail notifications
229 and warnings.</description>
232 <variable id="support_address" type="email">
233 <name>Support Address</name>
234 <value>root+support@localhost.localdomain</value>
235 <description>This address is used for support
236 requests. Support requests may include traffic complaints,
237 security incident reporting, web site malfunctions, and
238 general requests for information. We recommend that the
239 address be aliased to a ticketing system such as Request
240 Tracker.</description>
243 <variable id="boot_address" type="email">
244 <name>Boot Messages Address</name>
245 <value>root+install-msgs@localhost.localdomain</value>
246 <description>The API will notify this address when a problem
247 occurs during node installation or boot.</description>
250 <variable id="slice_address" type="email">
251 <name>Slice Address</name>
252 <value>root+SLICE@localhost.localdomain</value>
253 <description>This address template is used for sending
254 e-mail notifications to slices. SLICE will be replaced with
255 the name of the slice.</description>
260 <category id="plc_db">
261 <name>Database Server</name>
262 <description>Database server definitions.</description>
265 <variable id="enabled" type="boolean">
268 <description>Enable the database server on this
269 machine.</description>
272 <variable id="type" type="string">
274 <value>postgresql</value>
275 <description>The type of database server. Currently, only
276 postgresql is supported.</description>
279 <variable id="host" type="hostname">
280 <name>Hostname</name>
281 <value>localhost.localdomain</value>
282 <description>The fully qualified hostname of the database
283 server.</description>
286 <variable id="ip" type="ip">
287 <name>IP Address</name>
288 <value>127.0.0.1</value>
289 <description>The IP address of the database server, if not
290 resolvable by the configured DNS servers.</description>
293 <variable id="port" type="int">
296 <description>The TCP port number through which the database
297 server should be accessed.</description>
300 <variable id="name" type="string">
301 <name>Database Name</name>
302 <value>planetlab3</value>
303 <description>The name of the database to access.</description>
306 <variable id="user" type="string">
307 <name>Database Username</name>
308 <value>pgsqluser</value>
309 <description>The username to use when accessing the
310 database.</description>
313 <variable id="password" type="password">
314 <name>Database Password</name>
316 <description>The password to use when accessing the
317 database. If left blank, one will be
318 generated.</description>
323 <category id="plc_api">
324 <name>API Server</name>
325 <description>API (XML-RPC) server definitions.</description>
328 <variable id="enabled" type="boolean">
331 <description>Enable the API server on this
332 machine.</description>
335 <variable id="debug" type="boolean">
338 <description>Enable verbose API debugging. Do not enable on
339 a production system!</description>
342 <variable id="host" type="hostname">
343 <name>Hostname</name>
344 <value>localhost.localdomain</value>
345 <description>The fully qualified hostname of the API
346 server.</description>
349 <variable id="ip" type="ip">
350 <name>IP Address</name>
351 <value>127.0.0.1</value>
352 <description>The IP address of the API server, if not
353 resolvable by the configured DNS servers.</description>
356 <variable id="port" type="int">
359 <description>The TCP port number through which the API
360 should be accessed. Warning: SSL (port 443) access is not
361 fully supported by the website code yet. We recommend that
362 port 80 be used for now and that the API server either run
363 on the same machine as the web server, or that they both be
364 on a secure wired network.</description>
367 <variable id="path" type="string">
369 <value>/PLCAPI/</value>
370 <description>The base path of the API URL.</description>
373 <variable id="maintenance_user" type="string">
374 <name>Maintenance User</name>
375 <value>maint@localhost.localdomain</value>
376 <description>The username of the maintenance account. This
377 account is used by local scripts that perform automated
378 tasks, and cannot be used for normal logins.</description>
381 <variable id="maintenance_password" type="password">
382 <name>Maintenance Password</name>
384 <description>The password of the maintenance account. If
385 left blank, one will be generated. We recommend that the
386 password be changed periodically.</description>
389 <variable id="maintenance_sources" type="hostname">
390 <name>Authorized Hosts</name>
392 <description>A space-separated list of IP addresses allowed
393 to access the API through the maintenance account. The value
394 of this variable is set automatically to allow only the API,
395 web, and boot servers, and should not be
396 changed.</description>
399 <!-- The following are not actually meant to be configurable
400 as variables. The web interface should allow the file to
401 be downloaded, or its contents replaced by a file upload,
402 but the actual <value> shouldn't need to be changed. -->
404 <variable id="ssl_key" type="file">
405 <name>SSL Private Key</name>
406 <value>/etc/planetlab/api_ssl.key</value>
407 <description>The SSL private key to use for encrypting HTTPS
408 traffic. If non-existent, one will be
409 generated.</description>
412 <variable id="ssl_crt" type="file">
413 <name>SSL Public Certificate</name>
414 <value>/etc/planetlab/api_ssl.crt</value>
415 <description>The corresponding SSL public certificate,
416 signed by the root CA.</description>
421 <category id="plc_www">
422 <name>Web Server</name>
423 <description>Web server definitions.</description>
426 <variable id="enabled" type="boolean">
429 <description>Enable the web server on this
430 machine.</description>
433 <variable id="debug" type="boolean">
436 <description>Enable debugging output on web pages. Do not
437 enable on a production system!</description>
440 <variable id="host" type="hostname">
441 <name>Hostname</name>
442 <value>localhost.localdomain</value>
443 <description>The fully qualified hostname of the web
444 server.</description>
447 <variable id="ip" type="ip">
448 <name>IP Address</name>
449 <value>127.0.0.1</value>
450 <description>The IP address of the web server, if not
451 resolvable by the configured DNS servers.</description>
454 <variable id="port" type="int">
457 <description>The TCP port number through which the
458 unprotected portions of the web site should be
459 accessed.</description>
462 <variable id="ssl_port" type="int">
463 <name>SSL Port</name>
465 <description>The TCP port number through which the protected
466 portions of the web site should be accessed.</description>
469 <!-- The following are not actually meant to be configurable
470 as variables. The web interface should allow the file to
471 be downloaded, or its contents replaced by a file upload,
472 but the actual <value> shouldn't need to be changed. -->
474 <variable id="ssl_key" type="file">
475 <name>SSL Private Key</name>
476 <value>/etc/planetlab/www_ssl.key</value>
477 <description>The SSL private key to use for encrypting HTTPS
478 traffic. If non-existent, one will be
479 generated.</description>
482 <variable id="ssl_crt" type="file">
483 <name>SSL Public Certificate</name>
484 <value>/etc/planetlab/www_ssl.crt</value>
485 <description>The corresponding SSL public certificate,
486 signed by the root CA.</description>
491 <category id="plc_boot">
492 <name>Boot Server</name>
493 <description>Boot server definitions. Multiple boot servers
494 may be brought up for load balancing, but we recommend that a
495 single DNS round-robin system be implemented so that the
496 following variables are the same across all of
500 <variable id="enabled" type="boolean">
503 <description>Enable the boot server on this
504 machine.</description>
507 <variable id="host" type="hostname">
508 <name>Hostname</name>
509 <value>localhost.localdomain</value>
510 <description>The fully qualified hostname of the boot
511 server.</description>
514 <variable id="ip" type="ip">
515 <name>IP Address</name>
516 <value>127.0.0.1</value>
517 <description>The IP address of the boot server, if not
518 resolvable by the configured DNS servers.</description>
521 <variable id="port" type="int">
524 <description>The TCP port number through which the
525 unprotected portions of the boot server should be
526 accessed.</description>
529 <variable id="ssl_port" type="int">
530 <name>SSL Port</name>
532 <description>The TCP port number through which the protected
533 portions of the boot server should be
534 accessed.</description>
537 <!-- The following are not actually meant to be configurable
538 as variables. The web interface should allow the file to
539 be downloaded, or its contents replaced by a file upload,
540 but the actual <value> shouldn't need to be changed. -->
542 <variable id="ssl_key" type="file">
543 <name>SSL Private Key</name>
544 <value>/etc/planetlab/boot_ssl.key</value>
545 <description>The SSL private key to use for encrypting HTTPS
546 traffic. If non-existent, one will be
547 generated.</description>
550 <variable id="ssl_crt" type="file">
551 <name>SSL Public Certificate</name>
552 <value>/etc/planetlab/boot_ssl.crt</value>
553 <description>The corresponding SSL public certificate,
554 signed by the root CA.</description>
563 <name>PlanetLab Central</name>
564 <default>true</default>
565 <description>PlanetLab Central Packages</description>
566 <uservisible>true</uservisible>
569 <packagereq type="mandatory">dev</packagereq>
571 <!-- kernel-vserver is intended for the vserver-reference, but
572 serves the same useful purpose for MyPLC, namely, to
573 Provide: kernel without actually installing anything. -->
574 <packagereq type="mandatory">kernel-vserver</packagereq>
576 <!-- Sending mail -->
577 <packagereq type="mandatory">sendmail</packagereq>
578 <packagereq type="mandatory">sendmail-cf</packagereq>
580 <!-- Caching DNS server -->
581 <packagereq type="mandatory">dnsmasq</packagereq>
583 <!-- (Optional) Synchronizing with PLC -->
584 <packagereq type="mandatory">rsync</packagereq>
587 <packagereq type="mandatory">vixie-cron</packagereq>
589 <!-- Other utilities -->
590 <packagereq type="mandatory">cvs</packagereq>
591 <packagereq type="mandatory">curl</packagereq>
592 <packagereq type="mandatory">wget</packagereq>
593 <packagereq type="mandatory">less</packagereq>
594 <packagereq type="mandatory">gzip</packagereq>
595 <packagereq type="mandatory">bzip2</packagereq>
596 <packagereq type="mandatory">cpio</packagereq>
597 <packagereq type="mandatory">tar</packagereq>
598 <packagereq type="mandatory">diffutils</packagereq>
600 <!-- yum >=2.2 uses a new repository format -->
601 <packagereq type="mandatory">createrepo</packagereq>
602 <packagereq type="mandatory">yum</packagereq>
603 <packagereq type="mandatory">rpm</packagereq>
605 <!-- For mkpasswd -->
606 <packagereq type="mandatory">expect</packagereq>
608 <!-- For ssh-keygen -->
609 <packagereq type="mandatory">openssh</packagereq>
611 <!-- Almost all scripts are written in Python -->
612 <packagereq type="mandatory">python</packagereq>
614 <!-- For various Python scripts that access the API -->
615 <packagereq type="mandatory">plcapilib</packagereq>
617 <!-- Database server -->
618 <packagereq type="mandatory">postgresql</packagereq>
619 <packagereq type="mandatory">postgresql-server</packagereq>
620 <packagereq type="mandatory">postgresql-python</packagereq>
622 <!-- (Secure) web server -->
623 <packagereq type="mandatory">httpd</packagereq>
624 <packagereq type="mandatory">mod_ssl</packagereq>
626 <!-- Web pages are written primarily in PHP. A few pages still
627 access the DB directly. -->
628 <packagereq type="mandatory">php</packagereq>
629 <packagereq type="mandatory">php-pgsql</packagereq>
630 <packagereq type="mandatory">php-xmlrpc</packagereq>
632 <!-- Need GD for ImageCreate(), etc. -->
633 <packagereq type="mandatory">gd</packagereq>
634 <packagereq type="mandatory">php-gd</packagereq>
636 <!-- API server is implemented in mod_python -->
637 <packagereq type="mandatory">mod_python</packagereq>
639 <!-- API server uses a few non-standard packages -->
640 <packagereq type="mandatory">PyXML</packagereq>
641 <packagereq type="mandatory">PlanetLabAuth</packagereq>
643 <!-- API server uses SSL to sign tickets -->
644 <packagereq type="mandatory">xmlsec1</packagereq>
645 <packagereq type="mandatory">xmlsec1-openssl</packagereq>
646 <packagereq type="mandatory">openssl</packagereq>
648 <!-- Customizable Boot CD and Boot Manager packages -->
649 <packagereq type="mandatory">bootcd</packagereq>
650 <packagereq type="mandatory">bootmanager</packagereq>
git://git.onelab.eu / myplc.git / blob