Index: drbl-virt/conf/client_xend-config.sxp =================================================================== --- drbl-virt/conf/client_xend-config.sxp (revision 170) +++ drbl-virt/conf/client_xend-config.sxp (revision 170) @@ -0,0 +1,228 @@ +# -*- sh -*- + +# +# Xend configuration file. +# + +# This example configuration is appropriate for an installation that +# utilizes a bridged network configuration. Access to xend via http +# is disabled. + +# Commented out entries show the default for that entry, unless otherwise +# specified. + +#(logfile /var/log/xen/xend.log) +#(loglevel DEBUG) + + +# The Xen-API server configuration. (Please note that this server is +# available as an UNSUPPORTED PREVIEW in Xen 3.0.4, and should not be relied +# upon). +# +# This value configures the ports, interfaces, and access controls for the +# Xen-API server. Each entry in the list starts with either unix, a port +# number, or an address:port pair. If this is "unix", then a UDP socket is +# opened, and this entry applies to that. If it is a port, then Xend will +# listen on all interfaces on that TCP port, and if it is an address:port +# pair, then Xend will listen on the specified port, using the interface with +# the specified address. +# +# The subsequent string configures the user-based access control for the +# listener in question. This can be one of "none" or "pam", indicating either +# that users should be allowed access unconditionally, or that the local +# Pluggable Authentication Modules configuration should be used. If this +# string is missing or empty, then "pam" is used. +# +# The final string gives the host-based access control for that listener. If +# this is missing or empty, then all connections are accepted. Otherwise, +# this should be a space-separated sequence of regular expressions; any host +# with a fully-qualified domain name or an IP address that matches one of +# these regular expressions will be accepted. +# +# Example: listen on TCP port 9363 on all interfaces, accepting connections +# only from machines in example.com or localhost, and allow access through +# the unix domain socket unconditionally: +# +# (xen-api-server ((9363 pam '^localhost$ example\\.com$') +# (unix none))) +# +# Optionally, the TCP Xen-API server can use SSL by specifying the private +# key and certificate location: +# +# (9367 pam '' /etc/xen/xen-api.key /etc/xen/xen-api.crt) +# +# Default: +# (xen-api-server ((unix))) + + +(xend-http-server yes) +(xend-unix-server yes) +(xend-tcp-xmlrpc-server no) +#(xend-unix-xmlrpc-server yes) +(xend-relocation-server yes) + +(xend-unix-path /var/lib/xend/xend-socket) + + +# Address and port xend should use for the legacy TCP XMLRPC interface, +# if xen-tcp-xmlrpc-server is set. +#(xen-tcp-xmlrpc-server-address 'localhost') +(xen-tcp-xmlrpc-server-port 8006) + +# SSL key and certificate to use for the legacy TCP XMLRPC interface. +# Setting these will mean that this port serves only SSL connections as +# opposed to plaintext ones. +#(xend-tcp-xmlrpc-server-ssl-key-file /etc/xen/xmlrpc.key) +#(xend-tcp-xmlrpc-server-ssl-cert-file /etc/xen/xmlrpc.crt) + + +# Port xend should use for the HTTP interface, if xend-http-server is set. +(xend-port 8000) + +# Port xend should use for the relocation interface, if xend-relocation-server +# is set. +(xend-relocation-port 8002) + +# Address xend should listen on for HTTP connections, if xend-http-server is +# set. +# Specifying 'localhost' prevents remote connections. +# Specifying the empty string '' (the default) allows all connections. +#(xend-address '') +(xend-address localhost) + +# Address xend should listen on for relocation-socket connections, if +# xend-relocation-server is set. +# Meaning and default as for xend-address above. +#(xend-relocation-address '') + +# The hosts allowed to talk to the relocation port. If this is empty (the +# default), then all connections are allowed (assuming that the connection +# arrives on a port and interface on which we are listening; see +# xend-relocation-port and xend-relocation-address above). Otherwise, this +# should be a space-separated sequence of regular expressions. Any host with +# a fully-qualified domain name or an IP address that matches one of these +# regular expressions will be accepted. +# +# For example: +# (xend-relocation-hosts-allow '^localhost$ ^.*\\.example\\.org$') +# +(xend-relocation-hosts-allow '') + +# The limit (in kilobytes) on the size of the console buffer +#(console-limit 1024) + +## +# To bridge network traffic, like this: +# +# dom0: ----------------- bridge -> real eth0 -> the network +# | +# domU: fake eth0 -> vifN.0 -+ +# +# use +# +# (network-script network-bridge) +# +# Your default ethernet device is used as the outgoing interface, by default. +# To use a different one (e.g. eth1) use +# +# (network-script 'network-bridge netdev=eth0') +# +# The bridge is named xenbr0, by default. To rename the bridge, use +# +# (network-script 'network-bridge bridge=') +# +# It is possible to use the network-bridge script in more complicated +# scenarios, such as having two outgoing interfaces, with two bridges, and +# two fake interfaces per guest domain. To do things like this, write +# yourself a wrapper script, and call network-bridge from it, as appropriate. +# +(network-script network-dummy) + +# The script used to control virtual interfaces. This can be overridden on a +# per-vif basis when creating a domain or a configuring a new vif. The +# vif-bridge script is designed for use with the network-bridge script, or +# similar configurations. +# +# If you have overridden the bridge name using +# (network-script 'network-bridge bridge=') then you may wish to do the +# same here. The bridge name can also be set when creating a domain or +# configuring a new vif, but a value specified here would act as a default. +# +# If you are using only one bridge, the vif-bridge script will discover that, +# so there is no need to specify it explicitly. +# +(vif-script vif-bridge) + + +## Use the following if network traffic is routed, as an alternative to the +# settings for bridged networking given above. +#(network-script network-route) +#(vif-script vif-route) + + +## Use the following if network traffic is routed with NAT, as an alternative +# to the settings for bridged networking given above. +#(network-script network-nat) +#(vif-script vif-nat) + + +# Dom0 will balloon out when needed to free memory for domU. +# dom0-min-mem is the lowest memory level (in MB) dom0 will get down to. +# If dom0-min-mem=0, dom0 will never balloon out. +(dom0-min-mem 196) + +# In SMP system, dom0 will use dom0-cpus # of CPUS +# If dom0-cpus = 0, dom0 will take all cpus available +(dom0-cpus 0) + +# Whether to enable core-dumps when domains crash. +#(enable-dump no) + +# The tool used for initiating virtual TPM migration +#(external-migration-tool '') + +# The interface for VNC servers to listen on. Defaults +# to 127.0.0.1 To restore old 'listen everywhere' behaviour +# set this to 0.0.0.0 +#(vnc-listen '127.0.0.1') + +# The default password for VNC console on HVM domain. +# Empty string is no authentication. +(vncpasswd '') + +# The VNC server can be told to negotiate a TLS session +# to encryption all traffic, and provide x509 cert to +# clients enalbing them to verify server identity. The +# GTK-VNC widget, virt-viewer, virt-manager and VeNCrypt +# all support the VNC extension for TLS used in QEMU. The +# TightVNC/RealVNC/UltraVNC clients do not. +# +# To enable this create x509 certificates / keys in the +# directory /etc/xen/vnc +# +# ca-cert.pem - The CA certificate +# server-cert.pem - The Server certificate signed by the CA +# server-key.pem - The server private key +# +# and then uncomment this next line +# (vnc-tls 1) + +# The certificate dir can be pointed elsewhere.. +# +# (vnc-x509-cert-dir /etc/xen/vnc) + +# The server can be told to request & validate an x509 +# certificate from the client. Only clients with a cert +# signed by the trusted CA will be able to connect. This +# is more secure the password auth alone. Passwd auth can +# used at the same time if desired. To enable client cert +# checking uncomment this: +# +# (vnc-x509-verify 1) + +# The default keymap to use for the VM's virtual keyboard +# when not specififed in VM's configuration +#(keymap 'en-us') + +# Script to run when the label of a resource has changed. +#(resource-label-change-script '') Index: drbl-virt/conf/initrd_bin/network-bridge =================================================================== --- drbl-virt/conf/initrd_bin/network-bridge (revision 170) +++ drbl-virt/conf/initrd_bin/network-bridge (revision 170) @@ -0,0 +1,301 @@ +#!/bin/bash +#============================================================================ +# Default Xen network start/stop script. +# Xend calls a network script when it starts. +# The script name to use is defined in /etc/xen/xend-config.sxp +# in the network-script field. +# +# This script creates a bridge (default ${netdev}), adds a device +# (defaults to the device on the default gateway route) to it, copies +# the IP addresses from the device to the bridge and adjusts the routes +# accordingly. +# +# If all goes well, this should ensure that networking stays up. +# However, some configurations are upset by this, especially +# NFS roots. If the bridged setup does not meet your needs, +# configure a different script, for example using routing instead. +# +# Usage: +# +# network-bridge (start|stop|status) {VAR=VAL}* +# +# Vars: +# +# bridge The bridge to use (default ${netdev}). +# netdev The interface to add to the bridge (default gateway device). +# antispoof Whether to use iptables to prevent spoofing (default no). +# +# Internal Vars: +# pdev="p${netdev}" +# tdev=tmpbridge +# +# start: +# Creates the bridge as tdev +# Copies the IP and MAC addresses from pdev to bridge +# Renames netdev to be pdev +# Renames tdev to bridge +# Enslaves pdev to bridge +# +# stop: +# Removes pdev from the bridge +# Transfers addresses, routes from bridge to pdev +# Renames bridge to tdev +# Renames pdev to netdev +# Deletes tdev +# +# status: +# Print addresses, interfaces, routes +# +#============================================================================ + + +dir=/sbin +. "$dir/xen-script-common.sh" +. "$dir/xen-network-common.sh" + +findCommand "$@" +evalVariables "$@" + +modprobe netloop > /dev/null 2>&1 || true + +is_network_root () { + local rootfs=$(awk '{ if ($1 !~ /^[ \t]*#/ && $2 == "/") { print $3; }}' /etc/mtab) + local rootopts=$(awk '{ if ($1 !~ /^[ \t]*#/ && $2 == "/") { print $4; }}' /etc/mtab) + + [[ "$rootfs" =~ "^nfs" ]] || [[ "$rootopts" =~ "_netdev" ]] && return 0 || return 1 +} + +find_alt_device () { + local interf=$1 + local prefix=${interf%[[:digit:]]} + local ifs=$(ip link show | grep " $prefix" |\ + gawk '{ printf ("%s",substr($2,1,length($2)-1)) }' |\ + sed s/$interf//) + echo "$ifs" +} + +netdev=${netdev:-$(ip route list 0.0.0.0/0 | \ + sed 's/.*dev \([a-z]\+[0-9]\+\).*$/\1/')} +if is_network_root ; then + altdevs=$(find_alt_device $netdev) + for netdev in $altdevs; do break; done + if [ -z "$netdev" ]; then + [ -x /usr/bin/logger ] && /usr/bin/logger "network-bridge: bridging not supported on network root; not starting" + exit + fi +fi +netdev=${netdev:-eth0} +bridge=${bridge:-${netdev}} +antispoof=${antispoof:-no} + +pdev="p${netdev}" +tdev=tmpbridge + +get_ip_info() { + addr_pfx=`ip addr show dev $1 | grep -E '^ *inet' | sed -e 's/ *inet //' -e 's/ .*//'` + gateway=`ip route show dev $1 | fgrep default | sed 's/default via //'` +} + +do_ifup() { + if ! ifup $1 ; then + if [ -n "$addr_pfx" ] ; then + # use the info from get_ip_info() + ip addr flush $1 + ip addr add ${addr_pfx} dev $1 + ip link set dev $1 up + [ -n "$gateway" ] && ip route add default via ${gateway} + fi + fi +} + +# Usage: transfer_addrs src dst +# Copy all IP addresses (including aliases) from device $src to device $dst. +transfer_addrs () { + local src=$1 + local dst=$2 + # Don't bother if $dst already has IP addresses. + if ip addr show dev ${dst} | grep -E -q '^ *inet ' ; then + return + fi + # Address lines start with 'inet' and have the device in them. + # Replace 'inet' with 'ip addr add' and change the device name $src + # to 'dev $src'. + ip addr show dev ${src} | grep -E '^ *inet ' | sed -e " +s/inet/ip addr add/ +s@\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+/[0-9]\+\)@\1@ +s/${src}/dev ${dst} label ${dst}/ +s/secondary// +" | sh -e + # Remove automatic routes on destination device + ip route list | sed -ne " +/dev ${dst}\( \|$\)/ { + s/^/ip route del / + p +}" | sh -e +} + +# Usage: transfer_routes src dst +# Get all IP routes to device $src, delete them, and +# add the same routes to device $dst. +# The original routes have to be deleted, otherwise adding them +# for $dst fails (duplicate routes). +transfer_routes () { + local src=$1 + local dst=$2 + # List all routes and grep the ones with $src in. + # Stick 'ip route del' on the front to delete. + # Change $src to $dst and use 'ip route add' to add. + ip route list | sed -ne " +/dev ${src}\( \|$\)/ { + h + s/^/ip route del / + P + g + s/${src}/${dst}/ + s/^/ip route add / + P + d +}" | sh -e +} + + +## +# link_exists interface +# +# Returns 0 if the interface named exists (whether up or down), 1 otherwise. +# +link_exists() +{ + if ip link show "$1" >/dev/null 2>/dev/null + then + return 0 + else + return 1 + fi +} + +# Set the default forwarding policy for $dev to drop. +# Allow forwarding to the bridge. +antispoofing () { + iptables -P FORWARD DROP + iptables -F FORWARD + iptables -A FORWARD -m physdev --physdev-in ${pdev} -j ACCEPT +} + +# Usage: show_status dev bridge +# Print ifconfig and routes. +show_status () { + local dev=$1 + local bridge=$2 + + echo '============================================================' + ip addr show ${dev} + ip addr show ${bridge} + echo ' ' + brctl show ${bridge} + echo ' ' + ip route list + echo ' ' + route -n + echo '============================================================' +} + +op_start () { + if [ "${bridge}" = "null" ] ; then + return + fi + + if link_exists "$pdev"; then + # The device is already up. + return + fi + + create_bridge ${tdev} + + preiftransfer ${netdev} + transfer_addrs ${netdev} ${tdev} + if ! ifdown ${netdev}; then + # If ifdown fails, remember the IP details. + get_ip_info ${netdev} + ip link set ${netdev} down + ip addr flush ${netdev} + fi + ip link set ${netdev} name ${pdev} + ip link set ${tdev} name ${bridge} + + setup_bridge_port ${pdev} + + add_to_bridge2 ${bridge} ${pdev} + do_ifup ${bridge} + + if [ ${antispoof} = 'yes' ] ; then + antispoofing + fi +} + +op_stop () { + if [ "${bridge}" = "null" ]; then + return + fi + if ! link_exists "$bridge"; then + return + fi + + transfer_addrs ${bridge} ${pdev} + if ! ifdown ${bridge}; then + get_ip_info ${bridge} + fi + ip link set ${pdev} down + ip addr flush ${bridge} + + brctl delif ${bridge} ${pdev} + ip link set ${bridge} down + + ip link set ${bridge} name ${tdev} + ip link set ${pdev} name ${netdev} + do_ifup ${netdev} + + brctl delbr ${tdev} +} + +# adds $dev to $bridge but waits for $dev to be in running state first +add_to_bridge2() { + local bridge=$1 + local dev=$2 + local maxtries=10 + + echo -n "Waiting for ${dev} to negotiate link." + ip link set ${dev} up + for i in `seq ${maxtries}` ; do + if ifconfig ${dev} | grep -q RUNNING ; then + break + else + echo -n '.' + sleep 1 + fi + done + + if [ ${i} -eq ${maxtries} ] ; then echo -n '(link isnt in running state)' ; fi + echo + + add_to_bridge ${bridge} ${dev} +} + +case "$command" in + start) + op_start + ;; + + stop) + op_stop + ;; + + status) + show_status ${netdev} ${bridge} + ;; + + *) + echo "Unknown command: $command" >&2 + echo 'Valid commands are: start, stop, status' >&2 + exit 1 +esac Index: drbl-virt/conf/initrd_bin/xen-network-common.sh =================================================================== --- drbl-virt/conf/initrd_bin/xen-network-common.sh (revision 170) +++ drbl-virt/conf/initrd_bin/xen-network-common.sh (revision 170) @@ -0,0 +1,128 @@ +# +# Copyright (c) 2005 XenSource Ltd. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of version 2.1 of the GNU Lesser General Public +# License as published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + + +# On SuSE it is necessary to run a command before transfering addresses and +# routes from the physical interface to the virtual. This command creates a +# variable $HWD_CONFIG_0 that specifies the appropriate configuration for +# ifup. + +# Gentoo doesn't have ifup/ifdown, so we define appropriate alternatives. + +# Other platforms just use ifup / ifdown directly. + +## +# preiftransfer +# +# @param $1 The current name for the physical device, which is also the name +# that the virtual device will take once the physical device has +# been renamed. + +if [ -e /etc/SuSE-release ] +then + preiftransfer() + { + eval `/sbin/getcfg -d /etc/sysconfig/network/ -f ifcfg- -- $1` + } + ifup() + { + /sbin/ifup ${HWD_CONFIG_0} $1 + } +elif ! which ifup >/dev/null 2>/dev/null +then + preiftransfer() + { + true + } + ifup() + { + false + } + ifdown() + { + false + } +else + preiftransfer() + { + true + } +fi + + +first_file() +{ + t="$1" + shift + for file in $@ + do + if [ "$t" "$file" ] + then + echo "$file" + return + fi + done +} + +find_dhcpd_conf_file() +{ + first_file -f /etc/dhcp3/dhcpd.conf /etc/dhcpd.conf +} + + +find_dhcpd_init_file() +{ + first_file -x /etc/init.d/{dhcp3-server,dhcp,dhcpd} +} + +# configure interfaces which act as pure bridge ports: +setup_bridge_port() { + local dev="$1" + + # take interface down ... + ip link set ${dev} down + + # ... and configure it + ip addr flush ${dev} +} + +# Usage: create_bridge bridge +create_bridge () { + local bridge=$1 + + # Don't create the bridge if it already exists. + if [ ! -e "/sys/class/net/${bridge}/bridge" ]; then + brctl addbr ${bridge} + brctl stp ${bridge} off + brctl setfd ${bridge} 0 + fi +} + +# Usage: add_to_bridge bridge dev +add_to_bridge () { + local bridge=$1 + local dev=$2 + + # Don't add $dev to $bridge if it's already on a bridge. + if [ -e "/sys/class/net/${bridge}/brif/${dev}" ]; then + ip link set ${dev} up || true + return + fi + brctl addif ${bridge} ${dev} + ip link set ${dev} up +} + Index: drbl-virt/conf/initrd_bin/xen-script-common.sh =================================================================== --- drbl-virt/conf/initrd_bin/xen-script-common.sh (revision 170) +++ drbl-virt/conf/initrd_bin/xen-script-common.sh (revision 170) @@ -0,0 +1,44 @@ +# +# Copyright (c) 2005 XenSource Ltd. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of version 2.1 of the GNU Lesser General Public +# License as published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + + +set -e + + +evalVariables() +{ + for arg in "$@" + do + if expr 'index' "$arg" '=' '>' '1' >/dev/null + then + eval "$arg" + fi + done +} + + +findCommand() +{ + for arg in "$@" + do + if ! expr 'index' "$arg" '=' >/dev/null + then + command="$arg" + return + fi + done +} Index: drbl-virt/conf/xend-config.sxp =================================================================== --- drbl-virt/conf/xend-config.sxp (revision 169) +++ (revision ) @@ -1,228 +1,0 @@ -# -*- sh -*- - -# -# Xend configuration file. -# - -# This example configuration is appropriate for an installation that -# utilizes a bridged network configuration. Access to xend via http -# is disabled. - -# Commented out entries show the default for that entry, unless otherwise -# specified. - -#(logfile /var/log/xen/xend.log) -#(loglevel DEBUG) - - -# The Xen-API server configuration. (Please note that this server is -# available as an UNSUPPORTED PREVIEW in Xen 3.0.4, and should not be relied -# upon). -# -# This value configures the ports, interfaces, and access controls for the -# Xen-API server. Each entry in the list starts with either unix, a port -# number, or an address:port pair. If this is "unix", then a UDP socket is -# opened, and this entry applies to that. If it is a port, then Xend will -# listen on all interfaces on that TCP port, and if it is an address:port -# pair, then Xend will listen on the specified port, using the interface with -# the specified address. -# -# The subsequent string configures the user-based access control for the -# listener in question. This can be one of "none" or "pam", indicating either -# that users should be allowed access unconditionally, or that the local -# Pluggable Authentication Modules configuration should be used. If this -# string is missing or empty, then "pam" is used. -# -# The final string gives the host-based access control for that listener. If -# this is missing or empty, then all connections are accepted. Otherwise, -# this should be a space-separated sequence of regular expressions; any host -# with a fully-qualified domain name or an IP address that matches one of -# these regular expressions will be accepted. -# -# Example: listen on TCP port 9363 on all interfaces, accepting connections -# only from machines in example.com or localhost, and allow access through -# the unix domain socket unconditionally: -# -# (xen-api-server ((9363 pam '^localhost$ example\\.com$') -# (unix none))) -# -# Optionally, the TCP Xen-API server can use SSL by specifying the private -# key and certificate location: -# -# (9367 pam '' /etc/xen/xen-api.key /etc/xen/xen-api.crt) -# -# Default: -# (xen-api-server ((unix))) - - -(xend-http-server yes) -(xend-unix-server yes) -(xend-tcp-xmlrpc-server no) -#(xend-unix-xmlrpc-server yes) -(xend-relocation-server yes) - -(xend-unix-path /var/lib/xend/xend-socket) - - -# Address and port xend should use for the legacy TCP XMLRPC interface, -# if xen-tcp-xmlrpc-server is set. -#(xen-tcp-xmlrpc-server-address 'localhost') -(xen-tcp-xmlrpc-server-port 8006) - -# SSL key and certificate to use for the legacy TCP XMLRPC interface. -# Setting these will mean that this port serves only SSL connections as -# opposed to plaintext ones. -#(xend-tcp-xmlrpc-server-ssl-key-file /etc/xen/xmlrpc.key) -#(xend-tcp-xmlrpc-server-ssl-cert-file /etc/xen/xmlrpc.crt) - - -# Port xend should use for the HTTP interface, if xend-http-server is set. -(xend-port 8000) - -# Port xend should use for the relocation interface, if xend-relocation-server -# is set. -(xend-relocation-port 8002) - -# Address xend should listen on for HTTP connections, if xend-http-server is -# set. -# Specifying 'localhost' prevents remote connections. -# Specifying the empty string '' (the default) allows all connections. -#(xend-address '') -(xend-address localhost) - -# Address xend should listen on for relocation-socket connections, if -# xend-relocation-server is set. -# Meaning and default as for xend-address above. -#(xend-relocation-address '') - -# The hosts allowed to talk to the relocation port. If this is empty (the -# default), then all connections are allowed (assuming that the connection -# arrives on a port and interface on which we are listening; see -# xend-relocation-port and xend-relocation-address above). Otherwise, this -# should be a space-separated sequence of regular expressions. Any host with -# a fully-qualified domain name or an IP address that matches one of these -# regular expressions will be accepted. -# -# For example: -# (xend-relocation-hosts-allow '^localhost$ ^.*\\.example\\.org$') -# -(xend-relocation-hosts-allow '') - -# The limit (in kilobytes) on the size of the console buffer -#(console-limit 1024) - -## -# To bridge network traffic, like this: -# -# dom0: ----------------- bridge -> real eth0 -> the network -# | -# domU: fake eth0 -> vifN.0 -+ -# -# use -# -# (network-script network-bridge) -# -# Your default ethernet device is used as the outgoing interface, by default. -# To use a different one (e.g. eth1) use -# - (network-script 'network-bridge netdev=eth0') -# -# The bridge is named xenbr0, by default. To rename the bridge, use -# -# (network-script 'network-bridge bridge=') -# -# It is possible to use the network-bridge script in more complicated -# scenarios, such as having two outgoing interfaces, with two bridges, and -# two fake interfaces per guest domain. To do things like this, write -# yourself a wrapper script, and call network-bridge from it, as appropriate. -# -#(network-script network-dummy) - -# The script used to control virtual interfaces. This can be overridden on a -# per-vif basis when creating a domain or a configuring a new vif. The -# vif-bridge script is designed for use with the network-bridge script, or -# similar configurations. -# -# If you have overridden the bridge name using -# (network-script 'network-bridge bridge=') then you may wish to do the -# same here. The bridge name can also be set when creating a domain or -# configuring a new vif, but a value specified here would act as a default. -# -# If you are using only one bridge, the vif-bridge script will discover that, -# so there is no need to specify it explicitly. -# -(vif-script vif-bridge) - - -## Use the following if network traffic is routed, as an alternative to the -# settings for bridged networking given above. -#(network-script network-route) -#(vif-script vif-route) - - -## Use the following if network traffic is routed with NAT, as an alternative -# to the settings for bridged networking given above. -#(network-script network-nat) -#(vif-script vif-nat) - - -# Dom0 will balloon out when needed to free memory for domU. -# dom0-min-mem is the lowest memory level (in MB) dom0 will get down to. -# If dom0-min-mem=0, dom0 will never balloon out. -(dom0-min-mem 196) - -# In SMP system, dom0 will use dom0-cpus # of CPUS -# If dom0-cpus = 0, dom0 will take all cpus available -(dom0-cpus 0) - -# Whether to enable core-dumps when domains crash. -#(enable-dump no) - -# The tool used for initiating virtual TPM migration -#(external-migration-tool '') - -# The interface for VNC servers to listen on. Defaults -# to 127.0.0.1 To restore old 'listen everywhere' behaviour -# set this to 0.0.0.0 -#(vnc-listen '127.0.0.1') - -# The default password for VNC console on HVM domain. -# Empty string is no authentication. -(vncpasswd '') - -# The VNC server can be told to negotiate a TLS session -# to encryption all traffic, and provide x509 cert to -# clients enalbing them to verify server identity. The -# GTK-VNC widget, virt-viewer, virt-manager and VeNCrypt -# all support the VNC extension for TLS used in QEMU. The -# TightVNC/RealVNC/UltraVNC clients do not. -# -# To enable this create x509 certificates / keys in the -# directory /etc/xen/vnc -# -# ca-cert.pem - The CA certificate -# server-cert.pem - The Server certificate signed by the CA -# server-key.pem - The server private key -# -# and then uncomment this next line -# (vnc-tls 1) - -# The certificate dir can be pointed elsewhere.. -# -# (vnc-x509-cert-dir /etc/xen/vnc) - -# The server can be told to request & validate an x509 -# certificate from the client. Only clients with a cert -# signed by the trusted CA will be able to connect. This -# is more secure the password auth alone. Passwd auth can -# used at the same time if desired. To enable client cert -# checking uncomment this: -# -# (vnc-x509-verify 1) - -# The default keymap to use for the VM's virtual keyboard -# when not specififed in VM's configuration -#(keymap 'en-us') - -# Script to run when the label of a resource has changed. -#(resource-label-change-script '')