source: drbl-virt/conf/debian-lenny_xend-config.sxp @ 221

Last change on this file since 221 was 179, checked in by rock, 14 years ago

Add: Create DRBL PV-VM

File size: 7.9 KB
RevLine 
[170]1# -*- sh -*-
2
3#
4# Xend configuration file.
5#
6
7# This example configuration is appropriate for an installation that
8# utilizes a bridged network configuration. Access to xend via http
9# is disabled. 
10
11# Commented out entries show the default for that entry, unless otherwise
12# specified.
13
14#(logfile /var/log/xen/xend.log)
15#(loglevel DEBUG)
16
17
18# The Xen-API server configuration.  (Please note that this server is
19# available as an UNSUPPORTED PREVIEW in Xen 3.0.4, and should not be relied
20# upon).
21#
22# This value configures the ports, interfaces, and access controls for the
23# Xen-API server.  Each entry in the list starts with either unix, a port
24# number, or an address:port pair.  If this is "unix", then a UDP socket is
25# opened, and this entry applies to that.  If it is a port, then Xend will
26# listen on all interfaces on that TCP port, and if it is an address:port
27# pair, then Xend will listen on the specified port, using the interface with
28# the specified address.
29#
30# The subsequent string configures the user-based access control for the
31# listener in question.  This can be one of "none" or "pam", indicating either
32# that users should be allowed access unconditionally, or that the local
33# Pluggable Authentication Modules configuration should be used.  If this
34# string is missing or empty, then "pam" is used.
35#
36# The final string gives the host-based access control for that listener. If
37# this is missing or empty, then all connections are accepted.  Otherwise,
38# this should be a space-separated sequence of regular expressions; any host
39# with a fully-qualified domain name or an IP address that matches one of
40# these regular expressions will be accepted.
41#
42# Example: listen on TCP port 9363 on all interfaces, accepting connections
43# only from machines in example.com or localhost, and allow access through
44# the unix domain socket unconditionally:
45#
46#   (xen-api-server ((9363 pam '^localhost$ example\\.com$')
47#                    (unix none)))
48#
49# Optionally, the TCP Xen-API server can use SSL by specifying the private
50# key and certificate location:
51#
52#                    (9367 pam '' /etc/xen/xen-api.key /etc/xen/xen-api.crt)
53#
54# Default:
55#   (xen-api-server ((unix)))
56
57
58(xend-http-server yes)
59(xend-unix-server yes)
60(xend-tcp-xmlrpc-server no)
61#(xend-unix-xmlrpc-server yes)
62(xend-relocation-server yes)
63
64(xend-unix-path /var/lib/xend/xend-socket)
65
66
67# Address and port xend should use for the legacy TCP XMLRPC interface,
68# if xen-tcp-xmlrpc-server is set.
69#(xen-tcp-xmlrpc-server-address 'localhost')
70(xen-tcp-xmlrpc-server-port 8006)
71
72# SSL key and certificate to use for the legacy TCP XMLRPC interface.
73# Setting these will mean that this port serves only SSL connections as
74# opposed to plaintext ones.
75#(xend-tcp-xmlrpc-server-ssl-key-file  /etc/xen/xmlrpc.key)
76#(xend-tcp-xmlrpc-server-ssl-cert-file /etc/xen/xmlrpc.crt)
77
78
79# Port xend should use for the HTTP interface, if xend-http-server is set.
80(xend-port            8000)
81
82# Port xend should use for the relocation interface, if xend-relocation-server
83# is set.
84(xend-relocation-port 8002)
85
86# Address xend should listen on for HTTP connections, if xend-http-server is
87# set.
88# Specifying 'localhost' prevents remote connections.
89# Specifying the empty string '' (the default) allows all connections.
90#(xend-address '')
91(xend-address localhost)
92
93# Address xend should listen on for relocation-socket connections, if
94# xend-relocation-server is set.
95# Meaning and default as for xend-address above.
96#(xend-relocation-address '')
97
98# The hosts allowed to talk to the relocation port.  If this is empty (the
99# default), then all connections are allowed (assuming that the connection
100# arrives on a port and interface on which we are listening; see
101# xend-relocation-port and xend-relocation-address above).  Otherwise, this
102# should be a space-separated sequence of regular expressions.  Any host with
103# a fully-qualified domain name or an IP address that matches one of these
104# regular expressions will be accepted.
105#
106# For example:
107#  (xend-relocation-hosts-allow '^localhost$ ^.*\\.example\\.org$')
108#
109(xend-relocation-hosts-allow '')
110
111# The limit (in kilobytes) on the size of the console buffer
112#(console-limit 1024)
113
114##
115# To bridge network traffic, like this:
116#
117# dom0: ----------------- bridge -> real eth0 -> the network
118#                            |
119# domU: fake eth0 -> vifN.0 -+
120#
121# use
122#
123# (network-script network-bridge)
124#
125# Your default ethernet device is used as the outgoing interface, by default.
126# To use a different one (e.g. eth1) use
127#
128# (network-script 'network-bridge netdev=eth0')
129#
130# The bridge is named xenbr0, by default.  To rename the bridge, use
131#
132# (network-script 'network-bridge bridge=<name>')
133#
134# It is possible to use the network-bridge script in more complicated
135# scenarios, such as having two outgoing interfaces, with two bridges, and
136# two fake interfaces per guest domain.  To do things like this, write
137# yourself a wrapper script, and call network-bridge from it, as appropriate.
138#
139(network-script network-dummy)
140
141# The script used to control virtual interfaces.  This can be overridden on a
142# per-vif basis when creating a domain or a configuring a new vif.  The
143# vif-bridge script is designed for use with the network-bridge script, or
144# similar configurations.
145#
146# If you have overridden the bridge name using
147# (network-script 'network-bridge bridge=<name>') then you may wish to do the
148# same here.  The bridge name can also be set when creating a domain or
149# configuring a new vif, but a value specified here would act as a default.
150#
151# If you are using only one bridge, the vif-bridge script will discover that,
152# so there is no need to specify it explicitly.
153#
154(vif-script vif-bridge)
155
156
157## Use the following if network traffic is routed, as an alternative to the
158# settings for bridged networking given above.
159#(network-script network-route)
160#(vif-script     vif-route)
161
162
163## Use the following if network traffic is routed with NAT, as an alternative
164# to the settings for bridged networking given above.
165#(network-script network-nat)
166#(vif-script     vif-nat)
167
168
169# Dom0 will balloon out when needed to free memory for domU.
170# dom0-min-mem is the lowest memory level (in MB) dom0 will get down to.
171# If dom0-min-mem=0, dom0 will never balloon out.
172(dom0-min-mem 196)
173
174# In SMP system, dom0 will use dom0-cpus # of CPUS
175# If dom0-cpus = 0, dom0 will take all cpus available
176(dom0-cpus 0)
177
178# Whether to enable core-dumps when domains crash.
179#(enable-dump no)
180
181# The tool used for initiating virtual TPM migration
182#(external-migration-tool '')
183
184# The interface for VNC servers to listen on. Defaults
185# to 127.0.0.1  To restore old 'listen everywhere' behaviour
186# set this to 0.0.0.0
187#(vnc-listen '127.0.0.1')
188
189# The default password for VNC console on HVM domain.
190# Empty string is no authentication.
191(vncpasswd '')
192
193# The VNC server can be told to negotiate a TLS session
194# to encryption all traffic, and provide x509 cert to
195# clients enalbing them to verify server identity. The
196# GTK-VNC widget, virt-viewer, virt-manager and VeNCrypt
197# all support the VNC extension for TLS used in QEMU. The
198# TightVNC/RealVNC/UltraVNC clients do not.
199#
200# To enable this create x509 certificates / keys in the
201# directory /etc/xen/vnc
202#
203#  ca-cert.pem       - The CA certificate
204#  server-cert.pem   - The Server certificate signed by the CA
205#  server-key.pem    - The server private key
206#
207# and then uncomment this next line
208# (vnc-tls 1)
209
210# The certificate dir can be pointed elsewhere..
211#
212# (vnc-x509-cert-dir /etc/xen/vnc)
213
214# The server can be told to request & validate an x509
215# certificate from the client. Only clients with a cert
216# signed by the trusted CA will be able to connect. This
217# is more secure the password auth alone. Passwd auth can
218# used at the same time if desired. To enable client cert
219# checking uncomment this:
220#
221# (vnc-x509-verify 1)
222
223# The default keymap to use for the VM's virtual keyboard
224# when not specififed in VM's configuration
225#(keymap 'en-us')
226
227# Script to run when the label of a resource has changed.
228#(resource-label-change-script '')
Note: See TracBrowser for help on using the repository browser.