# -*- sh -*-## Xend configuration file.## This example configuration

1. # -*- sh -*-
2.  
3. #
4. # Xend configuration file.
5. #
6.  
7. # This example configuration is appropriate for an installation that
8. # utilizes a bridged network configuration. Access to xend via http
9. # is disabled.
10.  
11. # Commented out entries show the default for that entry, unless otherwise
12. # specified.
13.  
14. #(logfile /var/log/xen/xend.log)
15. #(loglevel DEBUG)
16.  
17. # Uncomment the line below. Set the value to flask, acm, or dummy to
18. # select a security module.
19.  
20. #(xsm_module_name dummy)
21.  
22. # The Xen-API server configuration.
23. #
24. # This value configures the ports, interfaces, and access controls for the
25. # Xen-API server. Each entry in the list starts with either unix, a port
26. # number, or an address:port pair. If this is "unix", then a UDP socket is
27. # opened, and this entry applies to that. If it is a port, then Xend will
28. # listen on all interfaces on that TCP port, and if it is an address:port
29. # pair, then Xend will listen on the specified port, using the interface with
30. # the specified address.
31. #
32. # The subsequent string configures the user-based access control for the
33. # listener in question. This can be one of "none" or "pam", indicating either
34. # that users should be allowed access unconditionally, or that the local
35. # Pluggable Authentication Modules configuration should be used. If this
36. # string is missing or empty, then "pam" is used.
37. #
38. # The final string gives the host-based access control for that listener. If
39. # this is missing or empty, then all connections are accepted. Otherwise,
40. # this should be a space-separated sequence of regular expressions; any host
41. # with a fully-qualified domain name or an IP address that matches one of
42. # these regular expressions will be accepted.
43. #
44. # Example: listen on TCP port 9363 on all interfaces, accepting connections
45. # only from machines in example.com or localhost, and allow access through
46. # the unix domain socket unconditionally:
47. #
48. # (xen-api-server ((9363 pam '^localhost$ example\\.com$')
49. # (unix none)))
50. #
51. # Optionally, the TCP Xen-API server can use SSL by specifying the private
52. # key and certificate location:
53. #
54. # (9367 pam '' xen-api.key xen-api.crt)
55. #
56. # Default:
57. # (xen-api-server ((unix)))
58.  
59.  
60. #(xend-http-server no)
61. #(xend-unix-server no)
62. #(xend-tcp-xmlrpc-server no)
63. #(xend-unix-xmlrpc-server yes)
64. #(xend-relocation-server no)
65. (xend-relocation-server yes)
66. #(xend-relocation-ssl-server no)
67. #(xend-udev-event-server no)
68.  
69. #(xend-unix-path /var/lib/xend/xend-socket)
70.  
71.  
72. # Address and port xend should use for the legacy TCP XMLRPC interface,
73. # if xend-tcp-xmlrpc-server is set.
74. #(xend-tcp-xmlrpc-server-address 'localhost')
75. #(xend-tcp-xmlrpc-server-port 8006)
76.  
77. # SSL key and certificate to use for the legacy TCP XMLRPC interface.
78. # Setting these will mean that this port serves only SSL connections as
79. # opposed to plaintext ones.
80. #(xend-tcp-xmlrpc-server-ssl-key-file xmlrpc.key)
81. #(xend-tcp-xmlrpc-server-ssl-cert-file xmlrpc.crt)
82.  
83.  
84. # Port xend should use for the HTTP interface, if xend-http-server is set.
85. #(xend-port 8000)
86.  
87. # Port xend should use for the relocation interface, if xend-relocation-server
88. # is set.
89. #(xend-relocation-port 8002)
90.  
91. # Port xend should use for the ssl relocation interface, if
92. # xend-relocation-ssl-server is set.
93. #(xend-relocation-ssl-port 8003)
94.  
95. # SSL key and certificate to use for the ssl relocation interface, if
96. # xend-relocation-ssl-server is set.
97. #(xend-relocation-server-ssl-key-file xmlrpc.key)
98. #(xend-relocation-server-ssl-cert-file xmlrpc.crt)
99.  
100. # Whether to use ssl as default when relocating.
101. #(xend-relocation-ssl no)
102.  
103. # Address xend should listen on for HTTP connections, if xend-http-server is
104. # set.
105. # Specifying 'localhost' prevents remote connections.
106. # Specifying the empty string '' (the default) allows all connections.
107. #(xend-address '')
108. #(xend-address localhost)
109.  
110. # Address xend should listen on for relocation-socket connections, if
111. # xend-relocation-server is set.
112. # Meaning and default as for xend-address above.
113. # Also, interface name is allowed (e.g. eth0) there to get the
114. # relocation address to be bound on.
115. #(xend-relocation-address '')
116.  
117. # The hosts allowed to talk to the relocation port. If this is empty (the
118. # default), then all connections are allowed (assuming that the connection
119. # arrives on a port and interface on which we are listening; see
120. # xend-relocation-port and xend-relocation-address above). Otherwise, this
121. # should be a space-separated sequence of regular expressions. Any host with
122. # a fully-qualified domain name or an IP address that matches one of these
123. # regular expressions will be accepted.
124. #
125. # For example:
126. # (xend-relocation-hosts-allow '^localhost$ ^.*\\.example\\.org$')
127. #
128. #(xend-relocation-hosts-allow '')
129. (xend-relocation-hosts-allow '^localhost$ ^localhost\\.localdomain$')
130.  
131. # The limit (in kilobytes) on the size of the console buffer
132. #(console-limit 1024)
133.  
134. ##
135. # To bridge network traffic, like this:
136. #
137. # dom0: ----------------- bridge -> real eth0 -> the network
138. # |
139. # domU: fake eth0 -> vifN.0 -+
140. #
141. # use
142. #
143. #(network-script network-bridge)
144. #
145. # Your default ethernet device is used as the outgoing interface, by default.
146. # To use a different one (e.g. eth1) use
147. #
148. # (network-script 'network-bridge netdev=eth1')
149. #
150. # The bridge is named eth0, by default (yes, really!)
151. #
152.  
153. # It is normally much better to create the bridge yourself in
154. # /etc/network/interfaces. network-bridge start does nothing if you
155. # already have a bridge, and network-bridge stop does nothing if the
156. # default bridge name (normally eth0) is not a bridge. See
157. # bridge-utils-interfaces(5) for full information on the syntax in
158. # /etc/network/interfaces, but you probably want something like this:
159. # iface xenbr0 inet static
160. # address [etc]
161. # netmask [etc]
162. # [etc]
163. # bridge_ports eth0
164. #
165. # To have network-bridge create a differently-named bridge, use:
166. # (network-script 'network-bridge bridge=<name>')
167. #
168. # It is possible to use the network-bridge script in more complicated
169. # scenarios, such as having two outgoing interfaces, with two bridges, and
170. # two fake interfaces per guest domain. To do things like this, write
171. # yourself a wrapper script, and call network-bridge from it, as appropriate.
172. #
173. (network-script network-bridge)
174.  
175. # The script used to control virtual interfaces. This can be overridden on a
176. # per-vif basis when creating a domain or a configuring a new vif. The
177. # vif-bridge script is designed for use with the network-bridge script, or
178. # similar configurations.
179. #
180. # If you have overridden the bridge name using
181. # (network-script 'network-bridge bridge=<name>') then you may wish to do the
182. # same here. The bridge name can also be set when creating a domain or
183. # configuring a new vif, but a value specified here would act as a default.
184. #
185. # If you are using only one bridge, the vif-bridge script will discover that,
186. # so there is no need to specify it explicitly. The default is to use
187. # the bridge which is listed first in the output from brctl.
188. #
189. (vif-script vif-bridge)
190.  
191.  
192. ## Use the following if network traffic is routed, as an alternative to the
193. # settings for bridged networking given above.
194. #(network-script network-route)
195. #(vif-script vif-route)
196.  
197.  
198. ## Use the following if network traffic is routed with NAT, as an alternative
199. # to the settings for bridged networking given above.
200. #(network-script network-nat)
201. #(vif-script vif-nat)
202.  
203. # dom0-min-mem is the lowest permissible memory level (in MB) for dom0.
204. # This is a minimum both for auto-ballooning (as enabled by
205. # enable-dom0-ballooning below) and for xm mem-set when applied to dom0.
206. (dom0-min-mem 196)
207.  
208. # Whether to enable auto-ballooning of dom0 to allow domUs to be created.
209. # If enable-dom0-ballooning = no, dom0 will never balloon out.
210. (enable-dom0-ballooning yes)
211.  
212. # 32-bit paravirtual domains can only consume physical
213. # memory below 168GB. On systems with memory beyond that address,
214. # they'll be confined to memory below 128GB.
215. # Using total_available_memory (in GB) to specify the amount of memory reserved
216. # in the memory pool exclusively for 32-bit paravirtual domains.
217. # Additionally you should use dom0_mem = <-Value> as a parameter in
218. # xen kernel to reserve the memory for 32-bit paravirtual domains, default
219. # is "0" (0GB).
220. (total_available_memory 0)
221.  
222. # In SMP system, dom0 will use dom0-cpus # of CPUS
223. # If dom0-cpus = 0, dom0 will take all cpus available
224. (dom0-cpus 0)
225.  
226. # Whether to enable core-dumps when domains crash.
227. #(enable-dump no)
228.  
229. # The tool used for initiating virtual TPM migration
230. #(external-migration-tool '')
231.  
232. # The interface for VNC servers to listen on. Defaults
233. # to 127.0.0.1 To restore old 'listen everywhere' behaviour
234. # set this to 0.0.0.0
235. (vnc-listen '0.0.0.0')
236.  
237. # The default password for VNC console on HVM domain.
238. # Empty string is no authentication.
239. (vncpasswd '')
240.  
241. # The VNC server can be told to negotiate a TLS session
242. # to encryption all traffic, and provide x509 cert to
243. # clients enabling them to verify server identity. The
244. # GTK-VNC widget, virt-viewer, virt-manager and VeNCrypt
245. # all support the VNC extension for TLS used in QEMU. The
246. # TightVNC/RealVNC/UltraVNC clients do not.
247. #
248. # To enable this create x509 certificates / keys in the
249. # directory ${XEN_CONFIG_DIR} + vnc
250. #
251. # ca-cert.pem - The CA certificate
252. # server-cert.pem - The Server certificate signed by the CA
253. # server-key.pem - The server private key
254. #
255. # and then uncomment this next line
256. # (vnc-tls 1)
257.  
258. # The certificate dir can be pointed elsewhere..
259. #
260. # (vnc-x509-cert-dir vnc)
261.  
262. # The server can be told to request & validate an x509
263. # certificate from the client. Only clients with a cert
264. # signed by the trusted CA will be able to connect. This
265. # is more secure the password auth alone. Passwd auth can
266. # used at the same time if desired. To enable client cert
267. # checking uncomment this:
268. #
269. # (vnc-x509-verify 1)
270.  
271. # The default keymap to use for the VM's virtual keyboard
272. # when not specififed in VM's configuration
273. #(keymap 'en-us')
274.  
275. # Script to run when the label of a resource has changed.
276. #(resource-label-change-script '')
277.  
278. # Rotation count of qemu-dm log file.
279. #(qemu-dm-logrotate-count 10)
280.  
281. # Path where persistent domain configuration is stored.
282. # Default is /var/lib/xend/domains/
283. #(xend-domains-path /var/lib/xend/domains)
284.  
285. # Number of seconds xend will wait for device creation and
286. # destruction
287. #(device-create-timeout 100)
288. #(device-destroy-timeout 100)
289.  
290. # When assigning device to HVM guest, we use the strict check for HVM guest by
291. # default. (For PV guest, we use loose check automatically if necessary.)
292. # When we assign device to HVM guest, if we meet with the co-assignment
293. # issues or the ACS issue, we could try changing the option to 'no' -- however,
294. # we have to realize this may incur security issue and we can't make sure the
295. # device assignment could really work properly even after we do this.
296. #(pci-passthrough-strict-check yes)
297.  
298. # If we have a very big scsi device configuration, start of xend is slow,
299. # because xend scans all the device paths to build its internal PSCSI device
300. # list. If we need only a few devices for assigning to a guest, we can reduce
301. # the scan to this device. Set list list of device paths in same syntax like in
302. # command lsscsi, e.g. ('16:0:0:0' '15:0')
303. # (pscsi-device-mask ('*'))