# -*- sh -*-## Xend configuration file.## This example configuration

1. # -*- sh -*-
2.  
3. #
4. # Xend configuration file.
5. #
6.  
7. # This example configuration is appropriate for an installation that
8. # utilizes a bridged network configuration. Access to xend via http
9. # is disabled.  
10.  
11. # Commented out entries show the default for that entry, unless otherwise
12. # specified.
13.  
14. #(logfile /var/log/xen/xend.log)
15. #(loglevel DEBUG)
16.  
17. #(xend-http-server no)
18. (xend-unix-server yes)
19. #(xend-tcp-xmlrpc-server no)
20. #(xend-unix-xmlrpc-server yes)
21. #(xend-relocation-server no)
22. # The relocation server should be kept desactivated unless using a trusted
23. # network, the domain virtual memory will be exchanged in raw form without
24. # encryption of the communication. See also xend-relocation-hosts-allow option
25.  
26. (xend-unix-path /var/lib/xend/xend-socket)
27.  
28. # Port xend should use for the HTTP interface, if xend-http-server is set.
29. #(xend-port            8000)
30.  
31. # Port xend should use for the relocation interface, if xend-relocation-server
32. # is set.
33. #(xend-relocation-port 8002)
34.  
35. # Address xend should listen on for HTTP connections, if xend-http-server is
36. # set.
37. # Specifying 'localhost' prevents remote connections.
38. # Specifying the empty string '' (the default) allows all connections.
39. #(xend-address '')
40. #(xend-address localhost)
41.  
42. # Address xend should listen on for relocation-socket connections, if
43. # xend-relocation-server is set.
44. # Meaning and default as for xend-address above.
45. # Also, interface name is allowed (e.g. eth0) there to get the
46. # relocation address to be bound on.
47. #(xend-relocation-address '')
48.  
49. # The hosts allowed to talk to the relocation port.  If this is empty (the
50. # default), then all connections are allowed (assuming that the connection
51. # arrives on a port and interface on which we are listening; see
52. # xend-relocation-port and xend-relocation-address above).  Otherwise, this
53. # should be a space-separated sequence of regular expressions.  Any host with
54. # a fully-qualified domain name or an IP address that matches one of these
55. # regular expressions will be accepted.
56. #
57. # For example:
58. #  (xend-relocation-hosts-allow '^localhost$ ^.*\.example\.org$')
59. #
60. #(xend-relocation-hosts-allow '')
61. (xend-relocation-hosts-allow '^localhost$ ^localhost\\.localdomain$')
62.  
63. # The limit (in kilobytes) on the size of the console buffer
64. #(console-limit 1024)
65.  
66. ##
67. # To bridge network traffic, like this:
68. #
69. # dom0: fake eth0 -> vif0.0 -+
70. #                            |
71. #                          bridge -> real eth0 -> the network
72. #                            |
73. # domU: fake eth0 -> vifN.0 -+
74. #
75. # use
76. #
77. # (network-script network-bridge)
78. #
79. # Your default ethernet device is used as the outgoing interface, by default.
80. # To use a different one (e.g. eth1) use
81. #
82. # (network-script 'network-bridge netdev=eth1')
83. #
84. # The bridge is named xenbr0, by default.  To rename the bridge, use
85. #
86. # (network-script 'network-bridge bridge=<name>')
87. #
88. # It is possible to use the network-bridge script in more complicated
89. # scenarios, such as having two outgoing interfaces, with two bridges, and
90. # two fake interfaces per guest domain.  To do things like this, write
91. # yourself a wrapper script, and call network-bridge from it, as appropriate.
92. #
93. (network-script network-bridge)
94.  
95. # The script used to control virtual interfaces.  This can be overridden on a
96. # per-vif basis when creating a domain or a configuring a new vif.  The
97. # vif-bridge script is designed for use with the network-bridge script, or
98. # similar configurations.
99. #
100. # If you have overridden the bridge name using
101. # (network-script 'network-bridge bridge=<name>') then you may wish to do the
102. # same here.  The bridge name can also be set when creating a domain or
103. # configuring a new vif, but a value specified here would act as a default.
104. #
105. # If you are using only one bridge, the vif-bridge script will discover that,
106. # so there is no need to specify it explicitly.
107. #
108. (vif-script vif-bridge)
109.  
110.  
111. ## Use the following if network traffic is routed, as an alternative to the
112. # settings for bridged networking given above.
113. #(network-script network-route)
114. #(vif-script     vif-route)
115.  
116.  
117. ## Use the following if network traffic is routed with NAT, as an alternative
118. # to the settings for bridged networking given above.
119. #(network-script network-nat)
120. #(vif-script     vif-nat)
121.  
122.  
123. # Dom0 will balloon out when needed to free memory for domU.
124. # dom0-min-mem is the lowest memory level (in MB) dom0 will get down to.
125. # If dom0-min-mem=0, dom0 will never balloon out.
126. (dom0-min-mem 256)
127.  
128. # In SMP system, dom0 will use dom0-cpus # of CPUS
129. # If dom0-cpus = 0, dom0 will take all cpus available
130. (dom0-cpus 0)
131.  
132. # Whether to enable core-dumps when domains crash.
133. #(enable-dump no)
134.  
135. # The tool used for initiating virtual TPM migration
136. #(external-migration-tool '')
137.  
138. # The interface for VNC servers to listen on. Defaults
139. # to 127.0.0.1  To restore old 'listen everywhere' behaviour
140. # set this to 0.0.0.0
141. #(vnc-listen '127.0.0.1')
142.  
143. # The default password for VNC console on HVM domain.
144. # Empty string is no authentication.
145. (vncpasswd '')
146.  
147. # The default keymap to use for the VM's virtual keyboard
148. # when not specified in VM's configuration
149. (keymap 'en-us')
150.  
151. # The VNC server can be told to negotiate a TLS session
152. # to encryption all traffic, and provide x509 cert to
153. # clients enalbing them to verify server identity. The
154. # GTK-VNC widget, virt-viewer, virt-manager and VeNCrypt
155. # all support the VNC extension for TLS used in QEMU. The
156. # TightVNC/RealVNC/UltraVNC clients do not.
157. #
158. # To enable this create x509 certificates / keys in the
159. # directory /etc/xen/vnc
160. #
161. #  ca-cert.pem       - The CA certificate
162. #  server-cert.pem   - The Server certificate signed by the CA
163. #  server-key.pem    - The server private key
164. #
165. # and then uncomment this next line
166. # (vnc-tls 1)
167. #
168. # The certificate dir can be pointed elsewhere..
169. #
170. # (vnc-x509-cert-dir /etc/xen/vnc)
171. #
172. # The server can be told to request & validate an x509
173. # certificate from the client. Only clients with a cert
174. # signed by the trusted CA will be able to connect. This
175. # is more secure the password auth alone. Passwd auth can
176. # used at the same time if desired. To enable client cert
177. # checking uncomment this:
178. #
179. # (vnc-x509-verify 1)
180.  
181. # Allow probing of disk image file format.  This is insecure!  It lets
182. # a malicious domU read any file in dom0.  Applies only to fully
183. # virtual domUs.  Required for using formats other than raw.
184. #(enable-image-format-probing no)
185.  
186. # Number of seconds xend will wait for device creation
187. #(device-create-timeout 100)
188.  
189. # Number of second xend will wait for device destroy
190. #(device-destroy-timeout 100)
191.  
192. # Strict checking when doing PCI passthrough; enabled by default
193. #(pci-dev-assign-strict-check yes)
194.  
195. # Automatically balloon dom0 down if try to balloon domU up for more memory
196. # that is free.
197. # (auto-balloon-dom0 no)