Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # -*- sh -*-
- #
- # Xend configuration file.
- #
- # This example configuration is appropriate for an installation that
- # utilizes a bridged network configuration. Access to xend via http
- # is disabled.
- # Commented out entries show the default for that entry, unless otherwise
- # specified.
- #(logfile /var/log/xen/xend.log)
- #(loglevel DEBUG)
- #(xend-http-server no)
- (xend-unix-server yes)
- #(xend-tcp-xmlrpc-server no)
- #(xend-unix-xmlrpc-server yes)
- #(xend-relocation-server no)
- # The relocation server should be kept desactivated unless using a trusted
- # network, the domain virtual memory will be exchanged in raw form without
- # encryption of the communication. See also xend-relocation-hosts-allow option
- (xend-unix-path /var/lib/xend/xend-socket)
- # Port xend should use for the HTTP interface, if xend-http-server is set.
- #(xend-port 8000)
- # Port xend should use for the relocation interface, if xend-relocation-server
- # is set.
- #(xend-relocation-port 8002)
- # Address xend should listen on for HTTP connections, if xend-http-server is
- # set.
- # Specifying 'localhost' prevents remote connections.
- # Specifying the empty string '' (the default) allows all connections.
- #(xend-address '')
- #(xend-address localhost)
- # Address xend should listen on for relocation-socket connections, if
- # xend-relocation-server is set.
- # Meaning and default as for xend-address above.
- # Also, interface name is allowed (e.g. eth0) there to get the
- # relocation address to be bound on.
- #(xend-relocation-address '')
- # The hosts allowed to talk to the relocation port. If this is empty (the
- # default), then all connections are allowed (assuming that the connection
- # arrives on a port and interface on which we are listening; see
- # xend-relocation-port and xend-relocation-address above). Otherwise, this
- # should be a space-separated sequence of regular expressions. Any host with
- # a fully-qualified domain name or an IP address that matches one of these
- # regular expressions will be accepted.
- #
- # For example:
- # (xend-relocation-hosts-allow '^localhost$ ^.*\.example\.org$')
- #
- #(xend-relocation-hosts-allow '')
- (xend-relocation-hosts-allow '^localhost$ ^localhost\\.localdomain$')
- # The limit (in kilobytes) on the size of the console buffer
- #(console-limit 1024)
- ##
- # To bridge network traffic, like this:
- #
- # dom0: fake eth0 -> vif0.0 -+
- # |
- # bridge -> real eth0 -> the network
- # |
- # domU: fake eth0 -> vifN.0 -+
- #
- # use
- #
- # (network-script network-bridge)
- #
- # Your default ethernet device is used as the outgoing interface, by default.
- # To use a different one (e.g. eth1) use
- #
- # (network-script 'network-bridge netdev=eth1')
- #
- # The bridge is named xenbr0, by default. To rename the bridge, use
- #
- # (network-script 'network-bridge bridge=<name>')
- #
- # It is possible to use the network-bridge script in more complicated
- # scenarios, such as having two outgoing interfaces, with two bridges, and
- # two fake interfaces per guest domain. To do things like this, write
- # yourself a wrapper script, and call network-bridge from it, as appropriate.
- #
- (network-script network-bridge)
- # The script used to control virtual interfaces. This can be overridden on a
- # per-vif basis when creating a domain or a configuring a new vif. The
- # vif-bridge script is designed for use with the network-bridge script, or
- # similar configurations.
- #
- # If you have overridden the bridge name using
- # (network-script 'network-bridge bridge=<name>') then you may wish to do the
- # same here. The bridge name can also be set when creating a domain or
- # configuring a new vif, but a value specified here would act as a default.
- #
- # If you are using only one bridge, the vif-bridge script will discover that,
- # so there is no need to specify it explicitly.
- #
- (vif-script vif-bridge)
- ## Use the following if network traffic is routed, as an alternative to the
- # settings for bridged networking given above.
- #(network-script network-route)
- #(vif-script vif-route)
- ## Use the following if network traffic is routed with NAT, as an alternative
- # to the settings for bridged networking given above.
- #(network-script network-nat)
- #(vif-script vif-nat)
- # Dom0 will balloon out when needed to free memory for domU.
- # dom0-min-mem is the lowest memory level (in MB) dom0 will get down to.
- # If dom0-min-mem=0, dom0 will never balloon out.
- (dom0-min-mem 256)
- # In SMP system, dom0 will use dom0-cpus # of CPUS
- # If dom0-cpus = 0, dom0 will take all cpus available
- (dom0-cpus 0)
- # Whether to enable core-dumps when domains crash.
- #(enable-dump no)
- # The tool used for initiating virtual TPM migration
- #(external-migration-tool '')
- # The interface for VNC servers to listen on. Defaults
- # to 127.0.0.1 To restore old 'listen everywhere' behaviour
- # set this to 0.0.0.0
- #(vnc-listen '127.0.0.1')
- # The default password for VNC console on HVM domain.
- # Empty string is no authentication.
- (vncpasswd '')
- # The default keymap to use for the VM's virtual keyboard
- # when not specified in VM's configuration
- (keymap 'en-us')
- # The VNC server can be told to negotiate a TLS session
- # to encryption all traffic, and provide x509 cert to
- # clients enalbing them to verify server identity. The
- # GTK-VNC widget, virt-viewer, virt-manager and VeNCrypt
- # all support the VNC extension for TLS used in QEMU. The
- # TightVNC/RealVNC/UltraVNC clients do not.
- #
- # To enable this create x509 certificates / keys in the
- # directory /etc/xen/vnc
- #
- # ca-cert.pem - The CA certificate
- # server-cert.pem - The Server certificate signed by the CA
- # server-key.pem - The server private key
- #
- # and then uncomment this next line
- # (vnc-tls 1)
- #
- # The certificate dir can be pointed elsewhere..
- #
- # (vnc-x509-cert-dir /etc/xen/vnc)
- #
- # The server can be told to request & validate an x509
- # certificate from the client. Only clients with a cert
- # signed by the trusted CA will be able to connect. This
- # is more secure the password auth alone. Passwd auth can
- # used at the same time if desired. To enable client cert
- # checking uncomment this:
- #
- # (vnc-x509-verify 1)
- # Allow probing of disk image file format. This is insecure! It lets
- # a malicious domU read any file in dom0. Applies only to fully
- # virtual domUs. Required for using formats other than raw.
- #(enable-image-format-probing no)
- # Number of seconds xend will wait for device creation
- #(device-create-timeout 100)
- # Number of second xend will wait for device destroy
- #(device-destroy-timeout 100)
- # Strict checking when doing PCI passthrough; enabled by default
- #(pci-dev-assign-strict-check yes)
- # Automatically balloon dom0 down if try to balloon domU up for more memory
- # that is free.
- # (auto-balloon-dom0 no)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement