debuggers.hg

view tools/examples/xend-config.sxp @ 0:7d21f7218375

Exact replica of unstable on 051908 + README-this
author Mukesh Rathor
date Mon May 19 15:34:57 2008 -0700 (2008-05-19)
parents
children 5c0bf00e371d
line source
1 # -*- sh -*-
3 #
4 # Xend configuration file.
5 #
7 # This example configuration is appropriate for an installation that
8 # utilizes a bridged network configuration. Access to xend via http
9 # is disabled.
11 # Commented out entries show the default for that entry, unless otherwise
12 # specified.
14 #(logfile /var/log/xen/xend.log)
15 #(loglevel DEBUG)
18 # The Xen-API server configuration.
19 #
20 # This value configures the ports, interfaces, and access controls for the
21 # Xen-API server. Each entry in the list starts with either unix, a port
22 # number, or an address:port pair. If this is "unix", then a UDP socket is
23 # opened, and this entry applies to that. If it is a port, then Xend will
24 # listen on all interfaces on that TCP port, and if it is an address:port
25 # pair, then Xend will listen on the specified port, using the interface with
26 # the specified address.
27 #
28 # The subsequent string configures the user-based access control for the
29 # listener in question. This can be one of "none" or "pam", indicating either
30 # that users should be allowed access unconditionally, or that the local
31 # Pluggable Authentication Modules configuration should be used. If this
32 # string is missing or empty, then "pam" is used.
33 #
34 # The final string gives the host-based access control for that listener. If
35 # this is missing or empty, then all connections are accepted. Otherwise,
36 # this should be a space-separated sequence of regular expressions; any host
37 # with a fully-qualified domain name or an IP address that matches one of
38 # these regular expressions will be accepted.
39 #
40 # Example: listen on TCP port 9363 on all interfaces, accepting connections
41 # only from machines in example.com or localhost, and allow access through
42 # the unix domain socket unconditionally:
43 #
44 # (xen-api-server ((9363 pam '^localhost$ example\\.com$')
45 # (unix none)))
46 #
47 # Optionally, the TCP Xen-API server can use SSL by specifying the private
48 # key and certificate location:
49 #
50 # (9367 pam '' /etc/xen/xen-api.key /etc/xen/xen-api.crt)
51 #
52 # Default:
53 # (xen-api-server ((unix)))
56 #(xend-http-server no)
57 #(xend-unix-server no)
58 #(xend-tcp-xmlrpc-server no)
59 #(xend-unix-xmlrpc-server yes)
60 #(xend-relocation-server no)
61 (xend-relocation-server yes)
63 #(xend-unix-path /var/lib/xend/xend-socket)
66 # Address and port xend should use for the legacy TCP XMLRPC interface,
67 # if xend-tcp-xmlrpc-server is set.
68 #(xend-tcp-xmlrpc-server-address 'localhost')
69 #(xend-tcp-xmlrpc-server-port 8006)
71 # SSL key and certificate to use for the legacy TCP XMLRPC interface.
72 # Setting these will mean that this port serves only SSL connections as
73 # opposed to plaintext ones.
74 #(xend-tcp-xmlrpc-server-ssl-key-file /etc/xen/xmlrpc.key)
75 #(xend-tcp-xmlrpc-server-ssl-cert-file /etc/xen/xmlrpc.crt)
78 # Port xend should use for the HTTP interface, if xend-http-server is set.
79 #(xend-port 8000)
81 # Port xend should use for the relocation interface, if xend-relocation-server
82 # is set.
83 #(xend-relocation-port 8002)
85 # Whether to use tls when relocating.
86 #(xend-relocation-tls no)
88 # SSL key and certificate to use for the relocation interface.
89 # Setting these will mean that this port serves only SSL connections as
90 # opposed to plaintext ones.
91 #(xend-relocation-server-ssl-key-file /etc/xen/xmlrpc.key)
92 #(xend-relocation-server-ssl-cert-file /etc/xen/xmlrpc.crt)
94 # Address xend should listen on for HTTP connections, if xend-http-server is
95 # set.
96 # Specifying 'localhost' prevents remote connections.
97 # Specifying the empty string '' (the default) allows all connections.
98 #(xend-address '')
99 #(xend-address localhost)
101 # Address xend should listen on for relocation-socket connections, if
102 # xend-relocation-server is set.
103 # Meaning and default as for xend-address above.
104 #(xend-relocation-address '')
106 # The hosts allowed to talk to the relocation port. If this is empty (the
107 # default), then all connections are allowed (assuming that the connection
108 # arrives on a port and interface on which we are listening; see
109 # xend-relocation-port and xend-relocation-address above). Otherwise, this
110 # should be a space-separated sequence of regular expressions. Any host with
111 # a fully-qualified domain name or an IP address that matches one of these
112 # regular expressions will be accepted.
113 #
114 # For example:
115 # (xend-relocation-hosts-allow '^localhost$ ^.*\\.example\\.org$')
116 #
117 #(xend-relocation-hosts-allow '')
118 (xend-relocation-hosts-allow '^localhost$ ^localhost\\.localdomain$')
120 # The limit (in kilobytes) on the size of the console buffer
121 #(console-limit 1024)
123 ##
124 # To bridge network traffic, like this:
125 #
126 # dom0: ----------------- bridge -> real eth0 -> the network
127 # |
128 # domU: fake eth0 -> vifN.0 -+
129 #
130 # use
131 #
132 # (network-script network-bridge)
133 #
134 # Your default ethernet device is used as the outgoing interface, by default.
135 # To use a different one (e.g. eth1) use
136 #
137 # (network-script 'network-bridge netdev=eth1')
138 #
139 # The bridge is named xenbr0, by default. To rename the bridge, use
140 #
141 # (network-script 'network-bridge bridge=<name>')
142 #
143 # It is possible to use the network-bridge script in more complicated
144 # scenarios, such as having two outgoing interfaces, with two bridges, and
145 # two fake interfaces per guest domain. To do things like this, write
146 # yourself a wrapper script, and call network-bridge from it, as appropriate.
147 #
148 (network-script network-bridge)
150 # The script used to control virtual interfaces. This can be overridden on a
151 # per-vif basis when creating a domain or a configuring a new vif. The
152 # vif-bridge script is designed for use with the network-bridge script, or
153 # similar configurations.
154 #
155 # If you have overridden the bridge name using
156 # (network-script 'network-bridge bridge=<name>') then you may wish to do the
157 # same here. The bridge name can also be set when creating a domain or
158 # configuring a new vif, but a value specified here would act as a default.
159 #
160 # If you are using only one bridge, the vif-bridge script will discover that,
161 # so there is no need to specify it explicitly.
162 #
163 (vif-script vif-bridge)
166 ## Use the following if network traffic is routed, as an alternative to the
167 # settings for bridged networking given above.
168 #(network-script network-route)
169 #(vif-script vif-route)
172 ## Use the following if network traffic is routed with NAT, as an alternative
173 # to the settings for bridged networking given above.
174 #(network-script network-nat)
175 #(vif-script vif-nat)
177 # dom0-min-mem is the lowest permissible memory level (in MB) for dom0.
178 # This is a minimum both for auto-ballooning (as enabled by
179 # enable-dom0-ballooning below) and for xm mem-set when applied to dom0.
180 (dom0-min-mem 196)
182 # Whether to enable auto-ballooning of dom0 to allow domUs to be created.
183 # If enable-dom0-ballooning = no, dom0 will never balloon out.
184 (enable-dom0-ballooning yes)
186 # In SMP system, dom0 will use dom0-cpus # of CPUS
187 # If dom0-cpus = 0, dom0 will take all cpus available
188 (dom0-cpus 0)
190 # Whether to enable core-dumps when domains crash.
191 #(enable-dump no)
193 # The tool used for initiating virtual TPM migration
194 #(external-migration-tool '')
196 # The interface for VNC servers to listen on. Defaults
197 # to 127.0.0.1 To restore old 'listen everywhere' behaviour
198 # set this to 0.0.0.0
199 #(vnc-listen '127.0.0.1')
201 # The default password for VNC console on HVM domain.
202 # Empty string is no authentication.
203 (vncpasswd '')
205 # The VNC server can be told to negotiate a TLS session
206 # to encryption all traffic, and provide x509 cert to
207 # clients enalbing them to verify server identity. The
208 # GTK-VNC widget, virt-viewer, virt-manager and VeNCrypt
209 # all support the VNC extension for TLS used in QEMU. The
210 # TightVNC/RealVNC/UltraVNC clients do not.
211 #
212 # To enable this create x509 certificates / keys in the
213 # directory /etc/xen/vnc
214 #
215 # ca-cert.pem - The CA certificate
216 # server-cert.pem - The Server certificate signed by the CA
217 # server-key.pem - The server private key
218 #
219 # and then uncomment this next line
220 # (vnc-tls 1)
222 # The certificate dir can be pointed elsewhere..
223 #
224 # (vnc-x509-cert-dir /etc/xen/vnc)
226 # The server can be told to request & validate an x509
227 # certificate from the client. Only clients with a cert
228 # signed by the trusted CA will be able to connect. This
229 # is more secure the password auth alone. Passwd auth can
230 # used at the same time if desired. To enable client cert
231 # checking uncomment this:
232 #
233 # (vnc-x509-verify 1)
235 # The default keymap to use for the VM's virtual keyboard
236 # when not specififed in VM's configuration
237 #(keymap 'en-us')
239 # Script to run when the label of a resource has changed.
240 #(resource-label-change-script '')