Added default example configs for libvirtd/qemu driver

This commit is contained in:
Daniel P. Berrange 2007-10-12 19:54:15 +00:00
parent 912c18afa3
commit 85ef19558c
5 changed files with 202 additions and 2 deletions

View File

@ -129,6 +129,8 @@ fi
%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/networks/autostart
%{_sysconfdir}/rc.d/init.d/libvirtd
%config(noreplace) %{_sysconfdir}/sysconfig/libvirtd
%config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf
%config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
%dir %{_datadir}/libvirt/
%dir %{_datadir}/libvirt/networks/
%{_datadir}/libvirt/networks/default.xml

View File

@ -4,6 +4,9 @@ UUID=$(shell uuidgen)
sbin_PROGRAMS = libvirtd
confdir = $(sysconfdir)/libvirt/
conf_DATA = libvirtd.conf
# Distribute the generated files so that rpcgen isn't required on the
# target machine (although almost any Unix machine will have it).
EXTRA_DIST = libvirtd.init.in libvirtd.sysconf default-network.xml \
@ -14,7 +17,8 @@ EXTRA_DIST = libvirtd.init.in libvirtd.sysconf default-network.xml \
remote_dispatch_prototypes.h \
remote_dispatch_localvars.h \
remote_dispatch_proc_switch.h \
mdns.c mdns.h
mdns.c mdns.h \
$(conf_DATA)
libvirtd_SOURCES = \
qemud.c internal.h \

141
qemud/libvirtd.conf Normal file
View File

@ -0,0 +1,141 @@
# Master libvirt daemon configuration file
#
# For further information consult http://libvirt.org/format.html
# Flag listening for secure TLS connections on the public TCP/IP port.
# NB, must pass the --listen flag to the libvirtd process for this to
# have any effect.
#
# It is neccessary to setup a CA and issue server certificates before
# using this capability.
#
# This is enabled by default, uncomment this to disable it
# listen_tls = 0
# Listen for unencrypted TCP connections on the public TCP/IP port.
# NB, must pass the --listen flag to the libvirtd process for this to
# have any effect.
#
# NB, this is insecure. Do not use except for development.
#
# This is disabled by default, uncomment this to enable it.
# listen_tcp = 1
# Override the port for accepting secure TLS connections
# This can be a port number, or service name
#
# tls_port = "16514"
# Override the port for accepting insecure TCP connections
# This can be a port number, or service name
#
# tcp_port = "16509"
# Flag toggling mDNS advertizement of the libvirt service.
#
# Alternatively can disable for all services on a host by
# stopping the Avahi daemon
#
# This is enabled by default, uncomment this to disable it
# mdns_adv = 0
# Override the default mDNS advertizement name. This must be
# unique on the immediate broadcast network.
#
# The default is "Virtualization Host HOSTNAME", where HOSTNAME
# is subsituted for the short hostname of the machine (without domain)
#
# mdns_name "Virtualization Host Joe Demo"
# Set the UNIX domain socket group ownership. This can be used to
# allow a 'trusted' set of users access to management capabilities
# without becoming root.
#
# This is restricted to 'root' by default.
# unix_sock_group "libvirt"
# Set the UNIX socket permissions for the R/O socket. This is used
# for monitoring VM status only
#
# Default allows any user. If setting group ownership may want to
# restrict this to:
# unix_sock_ro_perms "0777"
# Set the UNIX socket permissions for the R/W socket. This is used
# for full management of VMs
#
# Default allows only root. If setting group ownership may want to
# relax this to:
# unix_sock_rw_perms "octal-perms" "0770"
# Flag to disable verification of client certificates
#
# Client certificate verification is the primary authentication mechanism.
# Any client which does not present a certificate signed by the CA
# will be rejected.
#
# Default is to always verify. Uncommenting this will disable
# verification - make sure an IP whitelist is set
# tls_no_verify_certificate 1
# Flag to disable verification of client IP address
#
# Client IP address will be verified against the CommonName field
# of the x509 certificate. This has minimal security benefit since
# it is easy to spoof source IP.
#
# Uncommenting this will disable verification
# tls_no_verify_address 1
# Override the default server key file path
#
# key_file "/etc/pki/libvirt/private/serverkey.pem"
# Override the default server certificate file path
#
# cert_file "/etc/pki/libvirt/servercert.pem"
# Override the default CA certificate path
#
# ca_file "/etc/pki/CA/cacert.pem"
# Specify a certificate revocation list.
#
# Defaults to not using a CRL, uncomment to enable it
# crl_file "/etc/pki/CA/crl.pem"
# A whitelist of allowed x509 Distinguished Names
# This list may contain wildcards such as
#
# "C=GB,ST=London,L=London,O=Red Hat,CN=*"
#
# See the POSIX fnmatch function for the format of the wildcards.
#
# NB If this is an empty list, no client can connect, so comment out
# entirely rather than using empty list to disable these checks
#
# By default, no DN's are checked
# tls_allowed_dn_list ["DN1", "DN2"]
# A whitelist of allowed client IP addresses
#
# This list may contain wildcards such as 192.168.* See the POSIX fnmatch
# function for the format of the wildcards.
#
# NB If this is an empty list, no client can connect, so comment out
# entirely rather than using empty list to disable these checks
#
# By default, no IP's are checked. This can be IPv4 or IPv6 addresses
# tls_allowed_ip_list ["ip1", "ip2", "ip3"]

View File

@ -17,7 +17,11 @@ DEPS = libvirt.la
LDADDS = @STATIC_BINARIES@ $(WARN_CFLAGS) libvirt.la
VIRSH_LIBS = @VIRSH_LIBS@
EXTRA_DIST = libvirt_sym.version
confdir = $(sysconfdir)/libvirt/
conf_DATA = qemu.conf
EXTRA_DIST = libvirt_sym.version $(conf_DATA)
lib_LTLIBRARIES = libvirt.la
libvirt_la_LIBADD = $(LIBXML_LIBS) $(GNUTLS_LIBS)

49
src/qemu.conf Normal file
View File

@ -0,0 +1,49 @@
# Master configuration file for the QEMU driver.
# All settings described here are optional - if omitted, sensible
# defaults are used.
# VNC is configured to listen on 127.0.0.1 by default.
# To make it listen on all public interfaces, uncomment
# this next option.
#
# NB, strong recommendation to enable TLS + x509 certificate
# verification when allowing public access
#
# vnc_listen = "0.0.0.0"
# Enable use of TLS encryption on the VNC server. This requires
# a VNC client which supports the VeNCrypt protocol extension.
# Examples include vinagre, virt-viewer, virt-manager and vencrypt
# itself. UltraVNC, RealVNC, TightVNC do not support this
#
# It is neccessary to setup CA and issue a server certificate
# before enabling this.
#
# vnc_tls = 1
# Use of TLS requires that x509 certificates be issued. The
# default it to keep them in /etc/pki/libvirt-vnc. This directory
# must contain
#
# ca-cert.pem - the CA master certificate
# server-cert.pem - the server certificate signed with ca-cert.pem
# server-key.pem - the server private key
#
# This option allows the certificate directory to be changed
#
# vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
# The default TLS configuration only uses certificates for the server
# allowing the client to verify the server's identity and establish
# and encrypted channel.
#
# It is possible to use x509 certificates for authentication too, by
# issuing a x509 certificate to every client who needs to connect.
#
# Enabling this option will reject any client who does not have a
# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
#
# vnc_tls_x509_verify = 1