Eucalyptus弹性计算云平台配置文件和xen配置文件(centos)

view plaincopy to clipboardprint?
#  
# Eucalyptus configuration.   
####  
# These are to instruct the init.d script on what to start.  
####  
# This variable points to where eucalyptus has been installed.  
EUCALYPTUS="/" 
# This is the username that you would like eucalyptus to run as  
EUCA_USER="eucalyptus" 
# Uncomment this field if you do not plan on using the dynamic block  
# store functionality of Eucalyptus  
# DISABLE_EBS="Y"  
# Uncomment this field if you do not plan on using the dynamic DNS  
# functionality of Eucalyptus  
DISABLE_DNS="Y" 
# This variable controls whether ws-security is enabled between  
# eucalyptus components.  The default settings provide secure  
# connections between the Cloud, Cluster, and Node Controllers and we  
# recommend that this feature remains enabled.  If you wish to disable security,  
# you must change this variable to "N" and manually configure the  
# services.xml for both Cluster and Node Controllers (see documentation  
# for more details).  
ENABLE_WS_SECURITY="Y" 
# This variable controls the level of logging output that appears in  
# various eucalyptus log files.  The options are, in descending order  
# of verbosity, 'DEBUG, INFO, WARN, ERROR, and  
# FATAL'. The default is DEBUG (everything).  
LOGLEVEL="DEBUG" 
####  
# These following are Cluster Controller configuration options.  
####  
# This is the port the Cluster Controller will be listening on.  
CC_PORT="8774" 
# This option configures the Cluster Controller's scheduling policy.  
# Currently, this option can be set to GREEDY (first node that is  
# found that can run the VM will be chosen), ROUNDROBIN (nodes are  
# selected one after another until one is found that can run the VM),  
# or POWERSAVE (nodes are put to sleep when they are not running VMs,  
# and reawakened when new resources are required.  VMs will be placed  
# on the first awake machine, followed by machines that are asleep).  
SCHEDPOLICY="ROUNDROBIN" 
# Powersave options.  POWER_IDLETHRESH is the number of seconds that a  
# node can remain idle (i.e. no running VMs) before a powerdown is  
# attempted.  POWER_WAKETHRESH is the number of seconds that  
# Eucalyptus should wait after attempting a node wake-up before it  
# will consider the node actually down (and not waking up).  
POWER_IDLETHRESH="300" 
POWER_WAKETHRESH="300" 
# The list of Node Controllers the Cluster Controller will communicate with.   
#  
# If you are running Rocks, you can run "rocks list host" to  
# find out the list of machines available to you (in our case we are  
# interested in the VM Container kind).  
NODES=" 192.168.1.151" 
# The name of the Node Controller service. Change this if you want  
# to plug in your own Node Controller service.  
NC_SERVICE="axis2/services/EucalyptusNC" 
####  
# The following are Node Controller configuration options.  
####  
# This is the port the Node Controller will be listening on.   
NC_PORT="8775" 
# The hypervisor that the Node Controller will interact with in order  
# to manage virtual machines.  Currently, supported values are 'kvm'  
# and 'xen'.  
HYPERVISOR="xen" 
# The maximum amount of memory Eucalyptus is allowed to use on the node:  
# if you leave this commented out, Eucalyptus will use all available  
# memory, otherwise it will use at most this value for ALL running instances.  
# MAX_MEM=2048  
# The maximum number of CPU/cores Eucalyptus is allowed to use on the  
# node (at the moment we don't differentiate between cores and CPU). If  
# you leave this commented out, Eucalyptus will use all available  
# CPU/cores it can find.   
# MAX_CORES="2"  
# The size of the swap partition, in MB, for each instance started on the   
# node (default is 512MB).  If the maximum disk allowed for the instance   
# is not big enough to accommodate the swap together with the root partition,   
# then no swap is allocated.  If there is extra room left, then an "ephemeral"   
# partition will be created, available as /dev/sda3 inside the VM.  
# SWAP_SIZE=512  
# Setting this to 1 disables the cleanup of instance files (root, kernel,  
# ramdisk) for failed and terminated instances.  This is not   
# recommended for normal use, but it can be useful in debugging VM startup.  
# MANUAL_INSTANCES_CLEANUP=0  
####  
# The following are options for image storage on the Node Controller  
####  
# This variable points to a directory which is used by the Node Controller  
# to store images of running instances as well as local cached copies of  
# images.  The running images will be deleted after the instance is  
# terminated, but the cached copies will persist, subject to LRU cache  
# replacement and the NC_CACHE_SIZE size limit, below.  So, this  
# partition should be at least as big as the cache size (or the maximum  
# space needed by all images, whichever is bigger) plus the maximum space  
# needed by the maximum number of instances allowed on the node.  
# This directory should be local to the Node Controller (as  
# opposed to a NFS share) for performance reasons.  
INSTANCE_PATH="/usr/local/eucalyptus/" 
# The maximum amount of disk space, in Megabytes, that Eucalyptus is   
# allowed to use in the cache directory (INSTANCES_PATH/eucalyptus/cache).  
# A generous size is recommended.  Setting this to zero disables caching.  
# NC_CACHE_SIZE=99999  
####  
# The following are networking options  
####  
# The 2 variable  VNET_PRIVINTERFACE and VNET_PUBINTERFACE specify the  
# local physical ethernet interfaces that eucalyptus should use to manage  
# the VM network.  On the front-end, VNET_PRIVINTERFACE should be set to  
# the device that is attached to the same ethernet network as your nodes.  
# - VNET_PUBINTERFACE should be set to the device which is connected to  
# the 'public' network.  If you have only one interface, these should  
# be set to the same value.  On the nodes, both should be set to  
# either the name of the bridge that has been set up by Xen (xenbr0,  
# eth0, etc), or the physical ethernet device that is attached to the  
# xen bridge (peth0, peth1, etc), depending on your xen configuration.  
VNET_PUBINTERFACE="eth0" 
VNET_PRIVINTERFACE="eth0" 
# (node setting only) VNET_BRIDGE should be set to the name of the  
# bridge that xen has configured.  This is typically named 'xenbr0,  
# xenbr1, etc' on older Xen versions, and 'eth0, eth1, etc' on newer  
# Xen versions.  The command 'brctl show' will give you more  
# information on your local bridge setup.  
#VNET_BRIDGE="xenbr0"  
# This indicates where we have a dhcp server binary. We use it to provide  
# the images with IPs: Eucalyptus provides its own configuration per  
# instance.   
VNET_DHCPDAEMON="/usr/sbin/dhcpd" 
# Some systems have their DHCP daemon configured to run as a non-root  
# user.  If this is the case, set the name of that user here (by  
# default, Eucalyptus will set up DHCPD configuration files and  
# directories as owned by root).  
#VNET_DHCPUSER="root"  
# Following are example eucalyptus VM networking configurations.  
# There are four modes to choose from (MANAGED, MANAGED-NOVLAN,  
# SYSTEM, or STATIC) and each has its own sub-options.  The first  
# modes (MANAGED, MANAGED-NOVLAN) configure eucalyptus to fully manage  
# the VM networks, and enables the ability to use security groups and  
# dynamic public IP assignment (with and without vlan tagging of  
# security group networks, respectively).  VNET_SUBNET should be set  
# to an IP subnet that is free for eucalyptus to use (i.e. no other  
# system connected to your network directly is configured with  
# addresses from this subnet).  VNET_NETMASK defines the size of the  
# subnet.  VNET_DNS should be set to a DNS server that your systems  
# use (usually safe to use the same DNS that is configured on the  
# front-end).  VNET_ADDRSPERNET can be used to limit the number of  
# instances that can be attached to each named security group  
# simultaneously.  Finally, VNET_PUBLICIPS should be set to any public  
# IPs, that are currently unused, that can be dynamically assigned to  
# VMs.  Of these options, only VNET_PUBLICIPS can be left blank or  
# undefined.  If you are running in multi-cluster mode (more than one  
# CC), you should uncomment VNET_LOCALIP and set it to the local IP of  
# the CC that is accessible by all other CCs in the system.  If  
# VNET_LOCALIP is unset, the CC will try to determine the list of all  
# IPs currently assigned to the machine at CC run time.  If your CC  
# and CLC are on different machines, uncomment VNET_CLOUDIP and set it  
# to your cloud-contoller's IP address (must be an address that can be  
# reached by the CC).  
#VNET_MODE="MANAGED"  
#VNET_SUBNET="192.168.0.0"  
#VNET_NETMASK="255.255.0.0"  
#VNET_DNS="your-dns-server-ip"  
#VNET_ADDRSPERNET="32"  
#VNET_PUBLICIPS="your-free-public-ip-1 your-free-public-ip-2 ..."  
#VNET_LOCALIP="your-public-interface's-ip"  
#VNET_CLOUDIP="your-cloud-controller's-ip"  
# If you would like eucalyptus to not manage the VM network at all,  
# you can set VNET_MODE to SYSTEM.  In this mode, VM interfaces are  
# attached directly to your physical ethernet, at which point they  
# will typically invoke a DHCP client to aquire an IP address.  Use  
# this mode if you wish to manage VM IPs yourself, or allow the VMs to  
# pick up an IP from a non-eucalyptus managed DHCP server.  
VNET_MODE="SYSTEM" 
# If VNET_MODE is set to STATIC, you can manually configure a set of  
# IP addresses that will be allocated to VMs at boot time in a first  
# come, first served manner.  VNET_SUBNET, VNET_NETMASK, and  
# VNET_BROADCAST define your subnet (front-end must have an interface  
# configured on this subnet).  VNET_ROUTER defines the subnet's  
# gateway.  VNET_DNS is a nameserver address.  It is usually safe to  
# get these settings by examining your front-end network settings and  
# duplicating them here.  VNET_MACMAP is a list of mac address/IP  
# address mappings that you would like to be allocated to VMs at run  
# time (see example below for the format of this list).  
#VNET_MODE="STATIC"  
#VNET_SUBNET="192.168.1.0"  
#VNET_NETMASK="255.255.255.0"  
#VNET_BROADCAST="192.168.1.255"  
#VNET_ROUTER="192.168.1.1"  
#VNET_DNS="192.168.1.1"  
#VNET_MACMAP="AA:DD:11:CE:FF:ED=192.168.1.2 AA:DD:11:CE:FF:EE=192.168.1.3" 
#
# Eucalyptus configuration.
####
# These are to instruct the init.d script on what to start.
####
# This variable points to where eucalyptus has been installed.
EUCALYPTUS="/"
# This is the username that you would like eucalyptus to run as
EUCA_USER="eucalyptus"
# Uncomment this field if you do not plan on using the dynamic block
# store functionality of Eucalyptus
# DISABLE_EBS="Y"
# Uncomment this field if you do not plan on using the dynamic DNS
# functionality of Eucalyptus
DISABLE_DNS="Y"
# This variable controls whether ws-security is enabled between
# eucalyptus components.  The default settings provide secure
# connections between the Cloud, Cluster, and Node Controllers and we
# recommend that this feature remains enabled.  If you wish to disable security,
# you must change this variable to "N" and manually configure the
# services.xml for both Cluster and Node Controllers (see documentation
# for more details).
ENABLE_WS_SECURITY="Y"
# This variable controls the level of logging output that appears in
# various eucalyptus log files.  The options are, in descending order
# of verbosity, 'DEBUG, INFO, WARN, ERROR, and
# FATAL'. The default is DEBUG (everything).
LOGLEVEL="DEBUG"
####
# These following are Cluster Controller configuration options.
####
# This is the port the Cluster Controller will be listening on.
CC_PORT="8774"
# This option configures the Cluster Controller's scheduling policy.
# Currently, this option can be set to GREEDY (first node that is
# found that can run the VM will be chosen), ROUNDROBIN (nodes are
# selected one after another until one is found that can run the VM),
# or POWERSAVE (nodes are put to sleep when they are not running VMs,
# and reawakened when new resources are required.  VMs will be placed
# on the first awake machine, followed by machines that are asleep).
SCHEDPOLICY="ROUNDROBIN"
# Powersave options.  POWER_IDLETHRESH is the number of seconds that a
# node can remain idle (i.e. no running VMs) before a powerdown is
# attempted.  POWER_WAKETHRESH is the number of seconds that
# Eucalyptus should wait after attempting a node wake-up before it
# will consider the node actually down (and not waking up).
POWER_IDLETHRESH="300"
POWER_WAKETHRESH="300"
# The list of Node Controllers the Cluster Controller will communicate with.
#
# If you are running Rocks, you can run "rocks list host" to
# find out the list of machines available to you (in our case we are
# interested in the VM Container kind).
NODES=" 192.168.1.151"
# The name of the Node Controller service. Change this if you want
# to plug in your own Node Controller service.
NC_SERVICE="axis2/services/EucalyptusNC"
####
# The following are Node Controller configuration options.
####
# This is the port the Node Controller will be listening on.
NC_PORT="8775"
# The hypervisor that the Node Controller will interact with in order
# to manage virtual machines.  Currently, supported values are 'kvm'
# and 'xen'.
HYPERVISOR="xen"
# The maximum amount of memory Eucalyptus is allowed to use on the node:
# if you leave this commented out, Eucalyptus will use all available
# memory, otherwise it will use at most this value for ALL running instances.
# MAX_MEM=2048
# The maximum number of CPU/cores Eucalyptus is allowed to use on the
# node (at the moment we don't differentiate between cores and CPU). If
# you leave this commented out, Eucalyptus will use all available
# CPU/cores it can find.
# MAX_CORES="2"
# The size of the swap partition, in MB, for each instance started on the
# node (default is 512MB).  If the maximum disk allowed for the instance
# is not big enough to accommodate the swap together with the root partition,
# then no swap is allocated.  If there is extra room left, then an "ephemeral"
# partition will be created, available as /dev/sda3 inside the VM.
# SWAP_SIZE=512
# Setting this to 1 disables the cleanup of instance files (root, kernel,
# ramdisk) for failed and terminated instances.  This is not
# recommended for normal use, but it can be useful in debugging VM startup.
# MANUAL_INSTANCES_CLEANUP=0
####
# The following are options for image storage on the Node Controller
####
# This variable points to a directory which is used by the Node Controller
# to store images of running instances as well as local cached copies of
# images.  The running images will be deleted after the instance is
# terminated, but the cached copies will persist, subject to LRU cache
# replacement and the NC_CACHE_SIZE size limit, below.  So, this
# partition should be at least as big as the cache size (or the maximum
# space needed by all images, whichever is bigger) plus the maximum space
# needed by the maximum number of instances allowed on the node.
# This directory should be local to the Node Controller (as
# opposed to a NFS share) for performance reasons.
INSTANCE_PATH="/usr/local/eucalyptus/"
# The maximum amount of disk space, in Megabytes, that Eucalyptus is
# allowed to use in the cache directory (INSTANCES_PATH/eucalyptus/cache).
# A generous size is recommended.  Setting this to zero disables caching.
# NC_CACHE_SIZE=99999
####
# The following are networking options
####
# The 2 variable  VNET_PRIVINTERFACE and VNET_PUBINTERFACE specify the
# local physical ethernet interfaces that eucalyptus should use to manage
# the VM network.  On the front-end, VNET_PRIVINTERFACE should be set to
# the device that is attached to the same ethernet network as your nodes.
# - VNET_PUBINTERFACE should be set to the device which is connected to
# the 'public' network.  If you have only one interface, these should
# be set to the same value.  On the nodes, both should be set to
# either the name of the bridge that has been set up by Xen (xenbr0,
# eth0, etc), or the physical ethernet device that is attached to the
# xen bridge (peth0, peth1, etc), depending on your xen configuration.
VNET_PUBINTERFACE="eth0"
VNET_PRIVINTERFACE="eth0"
# (node setting only) VNET_BRIDGE should be set to the name of the
# bridge that xen has configured.  This is typically named 'xenbr0,
# xenbr1, etc' on older Xen versions, and 'eth0, eth1, etc' on newer
# Xen versions.  The command 'brctl show' will give you more
# information on your local bridge setup.
#VNET_BRIDGE="xenbr0"
# This indicates where we have a dhcp server binary. We use it to provide
# the images with IPs: Eucalyptus provides its own configuration per
# instance.
VNET_DHCPDAEMON="/usr/sbin/dhcpd"
# Some systems have their DHCP daemon configured to run as a non-root
# user.  If this is the case, set the name of that user here (by
# default, Eucalyptus will set up DHCPD configuration files and
# directories as owned by root).
#VNET_DHCPUSER="root"
# Following are example eucalyptus VM networking configurations.
# There are four modes to choose from (MANAGED, MANAGED-NOVLAN,
# SYSTEM, or STATIC) and each has its own sub-options.  The first
# modes (MANAGED, MANAGED-NOVLAN) configure eucalyptus to fully manage
# the VM networks, and enables the ability to use security groups and
# dynamic public IP assignment (with and without vlan tagging of
# security group networks, respectively).  VNET_SUBNET should be set
# to an IP subnet that is free for eucalyptus to use (i.e. no other
# system connected to your network directly is configured with
# addresses from this subnet).  VNET_NETMASK defines the size of the
# subnet.  VNET_DNS should be set to a DNS server that your systems
# use (usually safe to use the same DNS that is configured on the
# front-end).  VNET_ADDRSPERNET can be used to limit the number of
# instances that can be attached to each named security group
# simultaneously.  Finally, VNET_PUBLICIPS should be set to any public
# IPs, that are currently unused, that can be dynamically assigned to
# VMs.  Of these options, only VNET_PUBLICIPS can be left blank or
# undefined.  If you are running in multi-cluster mode (more than one
# CC), you should uncomment VNET_LOCALIP and set it to the local IP of
# the CC that is accessible by all other CCs in the system.  If
# VNET_LOCALIP is unset, the CC will try to determine the list of all
# IPs currently assigned to the machine at CC run time.  If your CC
# and CLC are on different machines, uncomment VNET_CLOUDIP and set it
# to your cloud-contoller's IP address (must be an address that can be
# reached by the CC).
#VNET_MODE="MANAGED"
#VNET_SUBNET="192.168.0.0"
#VNET_NETMASK="255.255.0.0"
#VNET_DNS="your-dns-server-ip"
#VNET_ADDRSPERNET="32"
#VNET_PUBLICIPS="your-free-public-ip-1 your-free-public-ip-2 ..."
#VNET_LOCALIP="your-public-interface's-ip"
#VNET_CLOUDIP="your-cloud-controller's-ip"
# If you would like eucalyptus to not manage the VM network at all,
# you can set VNET_MODE to SYSTEM.  In this mode, VM interfaces are
# attached directly to your physical ethernet, at which point they
# will typically invoke a DHCP client to aquire an IP address.  Use
# this mode if you wish to manage VM IPs yourself, or allow the VMs to
# pick up an IP from a non-eucalyptus managed DHCP server.
VNET_MODE="SYSTEM"
# If VNET_MODE is set to STATIC, you can manually configure a set of
# IP addresses that will be allocated to VMs at boot time in a first
# come, first served manner.  VNET_SUBNET, VNET_NETMASK, and
# VNET_BROADCAST define your subnet (front-end must have an interface
# configured on this subnet).  VNET_ROUTER defines the subnet's
# gateway.  VNET_DNS is a nameserver address.  It is usually safe to
# get these settings by examining your front-end network settings and
# duplicating them here.  VNET_MACMAP is a list of mac address/IP
# address mappings that you would like to be allocated to VMs at run
# time (see example below for the format of this list).
#VNET_MODE="STATIC"
#VNET_SUBNET="192.168.1.0"
#VNET_NETMASK="255.255.255.0"
#VNET_BROADCAST="192.168.1.255"
#VNET_ROUTER="192.168.1.1"
#VNET_DNS="192.168.1.1"
#VNET_MACMAP="AA:DD:11:CE:FF:ED=192.168.1.2 AA:DD:11:CE:FF:EE=192.168.1.3"

xend-config.sxp文件：

view plaincopy to clipboardprint?
# -*- sh -*-  
#  
# Xend configuration file.  
#  
# This example configuration is appropriate for an installation that   
# utilizes a bridged network configuration. Access to xend via http  
# is disabled.    
# Commented out entries show the default for that entry, unless otherwise  
# specified.  
#(logfile /var/log/xen/xend.log)  
#(loglevel DEBUG)  
(xend-http-server yes)  
(xend-unix-server yes)  
#(xend-tcp-xmlrpc-server no)  
#(xend-unix-xmlrpc-server yes)  
#(xend-relocation-server no)  
# The relocation server should be kept desactivated unless using a trusted  
# network, the domain virtual memory will be exchanged in raw form without  
# encryption of the communication. See also xend-relocation-hosts-allow option  
(xend-unix-path /var/lib/xend/xend-socket)  
# Port xend should use for the HTTP interface, if xend-http-server is set.  
#(xend-port            8000)  
# Port xend should use for the relocation interface, if xend-relocation-server  
# is set.  
#(xend-relocation-port 8002)  
# Address xend should listen on for HTTP connections, if xend-http-server is  
# set.  
# Specifying 'localhost' prevents remote connections.  
# Specifying the empty string '' (the default) allows all connections.  
#(xend-address '')  
(xend-address localhost)  
# Address xend should listen on for relocation-socket connections, if  
# xend-relocation-server is set.  
# Meaning and default as for xend-address above.  
#(xend-relocation-address '')  
# The hosts allowed to talk to the relocation port.  If this is empty (the  
# default), then all connections are allowed (assuming that the connection  
# arrives on a port and interface on which we are listening; see  
# xend-relocation-port and xend-relocation-address above).  Otherwise, this  
# should be a space-separated sequence of regular expressions.  Any host with  
# a fully-qualified domain name or an IP address that matches one of these  
# regular expressions will be accepted.  
#  
# For example:  
#  (xend-relocation-hosts-allow '^localhost$ ^.*/.example/.org$')  
#  
#(xend-relocation-hosts-allow '')  
(xend-relocation-hosts-allow '^localhost$ ^localhost//.localdomain$')  
# The limit (in kilobytes) on the size of the console buffer  
#(console-limit 1024)  
##  
# To bridge network traffic, like this:  
#  
# dom0: fake eth0 -> vif0.0 -+  
#                            |  
#                          bridge -> real eth0 -> the network  
#                            |  
# domU: fake eth0 -> vifN.0 -+  
#  
# use  
#  
 (network-script network-bridge)  
#  
# Your default ethernet device is used as the outgoing interface, by default.   
# To use a different one (e.g. eth1) use  
#  
# (network-script 'network-bridge netdev=eth1')  
#  
# The bridge is named xenbr0, by default.  To rename the bridge, use  
#  
# (network-script 'network-bridge bridge=<name>')  
#  
# It is possible to use the network-bridge script in more complicated  
# scenarios, such as having two outgoing interfaces, with two bridges, and  
# two fake interfaces per guest domain.  To do things like this, write  
# yourself a wrapper script, and call network-bridge from it, as appropriate.  
#  
#(network-script network-bridge)  
# The script used to control virtual interfaces.  This can be overridden on a  
# per-vif basis when creating a domain or a configuring a new vif.  The  
# vif-bridge script is designed for use with the network-bridge script, or  
# similar configurations.  
#  
# If you have overridden the bridge name using  
# (network-script 'network-bridge bridge=<name>') then you may wish to do the  
# same here.  The bridge name can also be set when creating a domain or  
# configuring a new vif, but a value specified here would act as a default.  
#  
# If you are using only one bridge, the vif-bridge script will discover that,  
# so there is no need to specify it explicitly.  
#  
(vif-script vif-bridge)  
 
## Use the following if network traffic is routed, as an alternative to the  
# settings for bridged networking given above.  
#(network-script network-route)  
#(vif-script     vif-route)  
 
## Use the following if network traffic is routed with NAT, as an alternative  
# to the settings for bridged networking given above.  
#(network-script network-nat)  
#(vif-script     vif-nat)  
 
# Dom0 will balloon out when needed to free memory for domU.  
# dom0-min-mem is the lowest memory level (in MB) dom0 will get down to.  
# If dom0-min-mem=0, dom0 will never balloon out.  
(dom0-min-mem 196)  
# In SMP system, dom0 will use dom0-cpus # of CPUS  
# If dom0-cpus = 0, dom0 will take all cpus available  
(dom0-cpus 0)  
# Whether to enable core-dumps when domains crash.  
#(enable-dump no)  
# The tool used for initiating virtual TPM migration  
#(external-migration-tool '')  
# The interface for VNC servers to listen on. Defaults  
# to 127.0.0.1  To restore old 'listen everywhere' behaviour  
# set this to 0.0.0.0  
#(vnc-listen '127.0.0.1')  
    
# The default password for VNC console on HVM domain.  
# Empty string is no authentication.  
(vncpasswd '')  
# The default keymap to use for the VM's virtual keyboard  
# when not specified in VM's configuration  
(keymap 'en-us')  
# The VNC server can be told to negotiate a TLS session  
# to encryption all traffic, and provide x509 cert to   
# clients enalbing them to verify server identity. The  
# GTK-VNC widget, virt-viewer, virt-manager and VeNCrypt  
# all support the VNC extension for TLS used in QEMU. The  
# TightVNC/RealVNC/UltraVNC clients do not.  
#  
# To enable this create x509 certificates / keys in the  
# directory /etc/xen/vnc  
#  
#  ca-cert.pem       - The CA certificate  
#  server-cert.pem   - The Server certificate signed by the CA  
#  server-key.pem    - The server private key  
#  
# and then uncomment this next line  
# (vnc-tls 1)  
#  
# The certificate dir can be pointed elsewhere..  
#  
# (vnc-x509-cert-dir /etc/xen/vnc)  
#   
# The server can be told to request & validate an x509  
# certificate from the client. Only clients with a cert  
# signed by the trusted CA will be able to connect. This  
# is more secure the password auth alone. Passwd auth can  
# used at the same time if desired. To enable client cert  
# checking uncomment this:  
#  
# (vnc-x509-verify 1)  
# Allow probing of disk image file format.  This is insecure!  It lets  
# a malicious domU read any file in dom0.  Applies only to fully  
# virtual domUs.  Required for using formats other than raw.  
#(enable-image-format-probing no)  
# Number of seconds xend will wait for device creation  
#(device-create-timeout 100)  
# Strict checking when doing PCI passthrough; enabled by default  
#(pci-dev-assign-strict-check yes) 

 

本文来自CSDN博客，转载请标明出处：http://blog.csdn.net/cctt_1/archive/2009/12/28/5091127.aspx