4 # Xend configuration file.
7 # This example configuration is appropriate for an installation that
8 # utilizes a bridged network configuration. Access to xend via http
11 # Commented out entries show the default for that entry, unless otherwise
14 #(logfile /var/log/xen/xend.log)
18 # The Xen-API server configuration.
20 # This value configures the ports, interfaces, and access controls for the
21 # Xen-API server. Each entry in the list starts with either unix, a port
22 # number, or an address:port pair. If this is "unix", then a UDP socket is
23 # opened, and this entry applies to that. If it is a port, then Xend will
24 # listen on all interfaces on that TCP port, and if it is an address:port
25 # pair, then Xend will listen on the specified port, using the interface with
26 # the specified address.
28 # The subsequent string configures the user-based access control for the
29 # listener in question. This can be one of "none" or "pam", indicating either
30 # that users should be allowed access unconditionally, or that the local
31 # Pluggable Authentication Modules configuration should be used. If this
32 # string is missing or empty, then "pam" is used.
34 # The final string gives the host-based access control for that listener. If
35 # this is missing or empty, then all connections are accepted. Otherwise,
36 # this should be a space-separated sequence of regular expressions; any host
37 # with a fully-qualified domain name or an IP address that matches one of
38 # these regular expressions will be accepted.
40 # Example: listen on TCP port 9363 on all interfaces, accepting connections
41 # only from machines in example.com or localhost, and allow access through
42 # the unix domain socket unconditionally:
44 # (xen-api-server ((9363 pam '^localhost$ example\\.com$')
47 # Optionally, the TCP Xen-API server can use SSL by specifying the private
48 # key and certificate location:
50 # (9367 pam '' /etc/xen/xen-api.key /etc/xen/xen-api.crt)
53 # (xen-api-server ((unix)))
56 #(xend-http-server no)
57 #(xend-unix-server no)
58 #(xend-tcp-xmlrpc-server no)
59 #(xend-unix-xmlrpc-server yes)
60 #(xend-relocation-server no)
61 (xend-relocation-server yes)
62 #(xend-relocation-ssl-server no)
64 #(xend-unix-path /var/lib/xend/xend-socket)
67 # Address and port xend should use for the legacy TCP XMLRPC interface,
68 # if xend-tcp-xmlrpc-server is set.
69 #(xend-tcp-xmlrpc-server-address 'localhost')
70 #(xend-tcp-xmlrpc-server-port 8006)
72 # SSL key and certificate to use for the legacy TCP XMLRPC interface.
73 # Setting these will mean that this port serves only SSL connections as
74 # opposed to plaintext ones.
75 #(xend-tcp-xmlrpc-server-ssl-key-file /etc/xen/xmlrpc.key)
76 #(xend-tcp-xmlrpc-server-ssl-cert-file /etc/xen/xmlrpc.crt)
79 # Port xend should use for the HTTP interface, if xend-http-server is set.
82 # Port xend should use for the relocation interface, if xend-relocation-server
84 #(xend-relocation-port 8002)
86 # Port xend should use for the ssl relocation interface, if
87 # xend-relocation-ssl-server is set.
88 #(xend-relocation-ssl-port 8003)
90 # SSL key and certificate to use for the ssl relocation interface, if
91 # xend-relocation-ssl-server is set.
92 #(xend-relocation-server-ssl-key-file /etc/xen/xmlrpc.key)
93 #(xend-relocation-server-ssl-cert-file /etc/xen/xmlrpc.crt)
95 # Whether to use ssl as default when relocating.
96 #(xend-relocation-ssl no)
98 # Address xend should listen on for HTTP connections, if xend-http-server is
100 # Specifying 'localhost' prevents remote connections.
101 # Specifying the empty string '' (the default) allows all connections.
103 #(xend-address localhost)
105 # Address xend should listen on for relocation-socket connections, if
106 # xend-relocation-server is set.
107 # Meaning and default as for xend-address above.
108 #(xend-relocation-address '')
110 # The hosts allowed to talk to the relocation port. If this is empty (the
111 # default), then all connections are allowed (assuming that the connection
112 # arrives on a port and interface on which we are listening; see
113 # xend-relocation-port and xend-relocation-address above). Otherwise, this
114 # should be a space-separated sequence of regular expressions. Any host with
115 # a fully-qualified domain name or an IP address that matches one of these
116 # regular expressions will be accepted.
119 # (xend-relocation-hosts-allow '^localhost$ ^.*\\.example\\.org$')
121 #(xend-relocation-hosts-allow '')
122 (xend-relocation-hosts-allow '^localhost$ ^localhost\\.localdomain$')
124 # The limit (in kilobytes) on the size of the console buffer
125 #(console-limit 1024)
128 # To bridge network traffic, like this:
130 # dom0: ----------------- bridge -> real eth0 -> the network
132 # domU: fake eth0 -> vifN.0 -+
136 # (network-script network-bridge)
138 # Your default ethernet device is used as the outgoing interface, by default.
139 # To use a different one (e.g. eth1) use
141 # (network-script 'network-bridge netdev=eth1')
143 # The bridge is named xenbr0, by default. To rename the bridge, use
145 # (network-script 'network-bridge bridge=<name>')
147 # It is possible to use the network-bridge script in more complicated
148 # scenarios, such as having two outgoing interfaces, with two bridges, and
149 # two fake interfaces per guest domain. To do things like this, write
150 # yourself a wrapper script, and call network-bridge from it, as appropriate.
152 (network-script scripts-network-bridge)
154 # The script used to control virtual interfaces. This can be overridden on a
155 # per-vif basis when creating a domain or a configuring a new vif. The
156 # vif-bridge script is designed for use with the network-bridge script, or
157 # similar configurations.
159 # If you have overridden the bridge name using
160 # (network-script 'network-bridge bridge=<name>') then you may wish to do the
161 # same here. The bridge name can also be set when creating a domain or
162 # configuring a new vif, but a value specified here would act as a default.
164 # If you are using only one bridge, the vif-bridge script will discover that,
165 # so there is no need to specify it explicitly.
167 (vif-script vif-bridge)
170 ## Use the following if network traffic is routed, as an alternative to the
171 # settings for bridged networking given above.
172 #(network-script network-route)
173 #(vif-script vif-route)
176 ## Use the following if network traffic is routed with NAT, as an alternative
177 # to the settings for bridged networking given above.
178 #(network-script network-nat)
179 #(vif-script vif-nat)
181 # dom0-min-mem is the lowest permissible memory level (in MB) for dom0.
182 # This is a minimum both for auto-ballooning (as enabled by
183 # enable-dom0-ballooning below) and for xm mem-set when applied to dom0.
186 # Whether to enable auto-ballooning of dom0 to allow domUs to be created.
187 # If enable-dom0-ballooning = no, dom0 will never balloon out.
188 (enable-dom0-ballooning yes)
190 # In SMP system, dom0 will use dom0-cpus # of CPUS
191 # If dom0-cpus = 0, dom0 will take all cpus available
194 # Whether to enable core-dumps when domains crash.
197 # The tool used for initiating virtual TPM migration
198 #(external-migration-tool '')
200 # The interface for VNC servers to listen on. Defaults
201 # to 127.0.0.1 To restore old 'listen everywhere' behaviour
202 # set this to 0.0.0.0
203 #(vnc-listen '127.0.0.1')
205 # The default password for VNC console on HVM domain.
206 # Empty string is no authentication.
209 # The VNC server can be told to negotiate a TLS session
210 # to encryption all traffic, and provide x509 cert to
211 # clients enalbing them to verify server identity. The
212 # GTK-VNC widget, virt-viewer, virt-manager and VeNCrypt
213 # all support the VNC extension for TLS used in QEMU. The
214 # TightVNC/RealVNC/UltraVNC clients do not.
216 # To enable this create x509 certificates / keys in the
217 # directory /etc/xen/vnc
219 # ca-cert.pem - The CA certificate
220 # server-cert.pem - The Server certificate signed by the CA
221 # server-key.pem - The server private key
223 # and then uncomment this next line
226 # The certificate dir can be pointed elsewhere..
228 # (vnc-x509-cert-dir /etc/xen/vnc)
230 # The server can be told to request & validate an x509
231 # certificate from the client. Only clients with a cert
232 # signed by the trusted CA will be able to connect. This
233 # is more secure the password auth alone. Passwd auth can
234 # used at the same time if desired. To enable client cert
235 # checking uncomment this:
237 # (vnc-x509-verify 1)
239 # The default keymap to use for the VM's virtual keyboard
240 # when not specififed in VM's configuration
243 # Script to run when the label of a resource has changed.
244 #(resource-label-change-script '')
246 # Rotation count of qemu-dm log file.
247 #(qemu-dm-logrotate-count 10)
249 # Path where persistent domain configuration is stored.
250 # Default is /var/lib/xend/domains/
251 #(xend-domains-path /var/lib/xend/domains)