ia64/xen-unstable

view tools/examples/xend-config.sxp @ 19835:edfdeb150f27

Fix buildsystem to detect udev > version 124

udev removed the udevinfo symlink from versions higher than 123 and
xen's build-system could not detect if udev is in place and has the
required version.

Signed-off-by: Marc-A. Dahlhaus <mad@wol.de>
author Keir Fraser <keir.fraser@citrix.com>
date Thu Jun 25 13:02:37 2009 +0100 (2009-06-25)
parents 62ec6aae4ba9
children
line source
1 # -*- sh -*-
3 #
4 # Xend configuration file.
5 #
7 # This example configuration is appropriate for an installation that
8 # utilizes a bridged network configuration. Access to xend via http
9 # is disabled.
11 # Commented out entries show the default for that entry, unless otherwise
12 # specified.
14 #(logfile /var/log/xen/xend.log)
15 #(loglevel DEBUG)
17 # Uncomment the line below. Set the value to flask, acm, or dummy to
18 # select a security module.
20 #(xsm_module_name dummy)
22 # The Xen-API server configuration.
23 #
24 # This value configures the ports, interfaces, and access controls for the
25 # Xen-API server. Each entry in the list starts with either unix, a port
26 # number, or an address:port pair. If this is "unix", then a UDP socket is
27 # opened, and this entry applies to that. If it is a port, then Xend will
28 # listen on all interfaces on that TCP port, and if it is an address:port
29 # pair, then Xend will listen on the specified port, using the interface with
30 # the specified address.
31 #
32 # The subsequent string configures the user-based access control for the
33 # listener in question. This can be one of "none" or "pam", indicating either
34 # that users should be allowed access unconditionally, or that the local
35 # Pluggable Authentication Modules configuration should be used. If this
36 # string is missing or empty, then "pam" is used.
37 #
38 # The final string gives the host-based access control for that listener. If
39 # this is missing or empty, then all connections are accepted. Otherwise,
40 # this should be a space-separated sequence of regular expressions; any host
41 # with a fully-qualified domain name or an IP address that matches one of
42 # these regular expressions will be accepted.
43 #
44 # Example: listen on TCP port 9363 on all interfaces, accepting connections
45 # only from machines in example.com or localhost, and allow access through
46 # the unix domain socket unconditionally:
47 #
48 # (xen-api-server ((9363 pam '^localhost$ example\\.com$')
49 # (unix none)))
50 #
51 # Optionally, the TCP Xen-API server can use SSL by specifying the private
52 # key and certificate location:
53 #
54 # (9367 pam '' /etc/xen/xen-api.key /etc/xen/xen-api.crt)
55 #
56 # Default:
57 # (xen-api-server ((unix)))
60 #(xend-http-server no)
61 #(xend-unix-server no)
62 #(xend-tcp-xmlrpc-server no)
63 #(xend-unix-xmlrpc-server yes)
64 #(xend-relocation-server no)
65 (xend-relocation-server yes)
66 #(xend-relocation-ssl-server no)
67 #(xend-udev-event-server no)
69 #(xend-unix-path /var/lib/xend/xend-socket)
72 # Address and port xend should use for the legacy TCP XMLRPC interface,
73 # if xend-tcp-xmlrpc-server is set.
74 #(xend-tcp-xmlrpc-server-address 'localhost')
75 #(xend-tcp-xmlrpc-server-port 8006)
77 # SSL key and certificate to use for the legacy TCP XMLRPC interface.
78 # Setting these will mean that this port serves only SSL connections as
79 # opposed to plaintext ones.
80 #(xend-tcp-xmlrpc-server-ssl-key-file /etc/xen/xmlrpc.key)
81 #(xend-tcp-xmlrpc-server-ssl-cert-file /etc/xen/xmlrpc.crt)
84 # Port xend should use for the HTTP interface, if xend-http-server is set.
85 #(xend-port 8000)
87 # Port xend should use for the relocation interface, if xend-relocation-server
88 # is set.
89 #(xend-relocation-port 8002)
91 # Port xend should use for the ssl relocation interface, if
92 # xend-relocation-ssl-server is set.
93 #(xend-relocation-ssl-port 8003)
95 # SSL key and certificate to use for the ssl relocation interface, if
96 # xend-relocation-ssl-server is set.
97 #(xend-relocation-server-ssl-key-file /etc/xen/xmlrpc.key)
98 #(xend-relocation-server-ssl-cert-file /etc/xen/xmlrpc.crt)
100 # Whether to use ssl as default when relocating.
101 #(xend-relocation-ssl no)
103 # Address xend should listen on for HTTP connections, if xend-http-server is
104 # set.
105 # Specifying 'localhost' prevents remote connections.
106 # Specifying the empty string '' (the default) allows all connections.
107 #(xend-address '')
108 #(xend-address localhost)
110 # Address xend should listen on for relocation-socket connections, if
111 # xend-relocation-server is set.
112 # Meaning and default as for xend-address above.
113 #(xend-relocation-address '')
115 # The hosts allowed to talk to the relocation port. If this is empty (the
116 # default), then all connections are allowed (assuming that the connection
117 # arrives on a port and interface on which we are listening; see
118 # xend-relocation-port and xend-relocation-address above). Otherwise, this
119 # should be a space-separated sequence of regular expressions. Any host with
120 # a fully-qualified domain name or an IP address that matches one of these
121 # regular expressions will be accepted.
122 #
123 # For example:
124 # (xend-relocation-hosts-allow '^localhost$ ^.*\\.example\\.org$')
125 #
126 #(xend-relocation-hosts-allow '')
127 (xend-relocation-hosts-allow '^localhost$ ^localhost\\.localdomain$')
129 # The limit (in kilobytes) on the size of the console buffer
130 #(console-limit 1024)
132 ##
133 # To bridge network traffic, like this:
134 #
135 # dom0: ----------------- bridge -> real eth0 -> the network
136 # |
137 # domU: fake eth0 -> vifN.0 -+
138 #
139 # use
140 #
141 # (network-script network-bridge)
142 #
143 # Your default ethernet device is used as the outgoing interface, by default.
144 # To use a different one (e.g. eth1) use
145 #
146 # (network-script 'network-bridge netdev=eth1')
147 #
148 # The bridge is named xenbr0, by default. To rename the bridge, use
149 #
150 # (network-script 'network-bridge bridge=<name>')
151 #
152 # It is possible to use the network-bridge script in more complicated
153 # scenarios, such as having two outgoing interfaces, with two bridges, and
154 # two fake interfaces per guest domain. To do things like this, write
155 # yourself a wrapper script, and call network-bridge from it, as appropriate.
156 #
157 (network-script network-bridge)
159 # The script used to control virtual interfaces. This can be overridden on a
160 # per-vif basis when creating a domain or a configuring a new vif. The
161 # vif-bridge script is designed for use with the network-bridge script, or
162 # similar configurations.
163 #
164 # If you have overridden the bridge name using
165 # (network-script 'network-bridge bridge=<name>') then you may wish to do the
166 # same here. The bridge name can also be set when creating a domain or
167 # configuring a new vif, but a value specified here would act as a default.
168 #
169 # If you are using only one bridge, the vif-bridge script will discover that,
170 # so there is no need to specify it explicitly.
171 #
172 (vif-script vif-bridge)
175 ## Use the following if network traffic is routed, as an alternative to the
176 # settings for bridged networking given above.
177 #(network-script network-route)
178 #(vif-script vif-route)
181 ## Use the following if network traffic is routed with NAT, as an alternative
182 # to the settings for bridged networking given above.
183 #(network-script network-nat)
184 #(vif-script vif-nat)
186 # dom0-min-mem is the lowest permissible memory level (in MB) for dom0.
187 # This is a minimum both for auto-ballooning (as enabled by
188 # enable-dom0-ballooning below) and for xm mem-set when applied to dom0.
189 (dom0-min-mem 196)
191 # Whether to enable auto-ballooning of dom0 to allow domUs to be created.
192 # If enable-dom0-ballooning = no, dom0 will never balloon out.
193 (enable-dom0-ballooning yes)
195 # In SMP system, dom0 will use dom0-cpus # of CPUS
196 # If dom0-cpus = 0, dom0 will take all cpus available
197 (dom0-cpus 0)
199 # Whether to enable core-dumps when domains crash.
200 #(enable-dump no)
202 # The tool used for initiating virtual TPM migration
203 #(external-migration-tool '')
205 # The interface for VNC servers to listen on. Defaults
206 # to 127.0.0.1 To restore old 'listen everywhere' behaviour
207 # set this to 0.0.0.0
208 #(vnc-listen '127.0.0.1')
210 # The default password for VNC console on HVM domain.
211 # Empty string is no authentication.
212 (vncpasswd '')
214 # The VNC server can be told to negotiate a TLS session
215 # to encryption all traffic, and provide x509 cert to
216 # clients enalbing them to verify server identity. The
217 # GTK-VNC widget, virt-viewer, virt-manager and VeNCrypt
218 # all support the VNC extension for TLS used in QEMU. The
219 # TightVNC/RealVNC/UltraVNC clients do not.
220 #
221 # To enable this create x509 certificates / keys in the
222 # directory /etc/xen/vnc
223 #
224 # ca-cert.pem - The CA certificate
225 # server-cert.pem - The Server certificate signed by the CA
226 # server-key.pem - The server private key
227 #
228 # and then uncomment this next line
229 # (vnc-tls 1)
231 # The certificate dir can be pointed elsewhere..
232 #
233 # (vnc-x509-cert-dir /etc/xen/vnc)
235 # The server can be told to request & validate an x509
236 # certificate from the client. Only clients with a cert
237 # signed by the trusted CA will be able to connect. This
238 # is more secure the password auth alone. Passwd auth can
239 # used at the same time if desired. To enable client cert
240 # checking uncomment this:
241 #
242 # (vnc-x509-verify 1)
244 # The default keymap to use for the VM's virtual keyboard
245 # when not specififed in VM's configuration
246 #(keymap 'en-us')
248 # Script to run when the label of a resource has changed.
249 #(resource-label-change-script '')
251 # Rotation count of qemu-dm log file.
252 #(qemu-dm-logrotate-count 10)
254 # Path where persistent domain configuration is stored.
255 # Default is /var/lib/xend/domains/
256 #(xend-domains-path /var/lib/xend/domains)
258 # Number of seconds xend will wait for device creation and
259 # destruction
260 #(device-create-timeout 100)
261 #(device-destroy-timeout 100)