Subversion Repositories configs

# Master libvirt daemon configuration file

#

#################################################################

#

# Network connectivity controls

#

# Flag listening for secure TLS connections on the public TCP/IP port.

# NB, must pass the --listen flag to the virtproxyd process for this to

# have any effect.

#

# This setting is not required or honoured if using systemd socket

# activation.

#

# It is necessary to setup a CA and issue server certificates before

# using this capability.

#

# This is enabled by default, uncomment this to disable it

#listen_tls = 0

# Listen for unencrypted TCP connections on the public TCP/IP port.

# NB, must pass the --listen flag to the virtproxyd process for this to

# have any effect.

#

# This setting is not required or honoured if using systemd socket

# activation.

#

# Using the TCP socket requires SASL authentication by default. Only

# SASL mechanisms which support data encryption are allowed. This is

# DIGEST_MD5 and GSSAPI (Kerberos5)

#

# This is disabled by default, uncomment this to enable it.

#listen_tcp = 1

# Override the port for accepting secure TLS connections

# This can be a port number, or service name

#

# This setting is not required or honoured if using systemd socket

# activation with systemd version >= 227

#

#tls_port = "16514"

# Override the port for accepting insecure TCP connections

# This can be a port number, or service name

#

# This setting is not required or honoured if using systemd socket

# activation with systemd version >= 227

#

#tcp_port = "16509"

# Override the default configuration which binds to all network

# interfaces. This can be a numeric IPv4/6 address, or hostname

#

# This setting is not required or honoured if using systemd socket

# activation.

#

# If the virtproxyd service is started in parallel with network

# startup (e.g. with systemd), binding to addresses other than

# the wildcards (0.0.0.0/::) might not be available yet.

#

#listen_addr = "192.168.0.1"

#################################################################

#

# UNIX socket access controls

#

# Set the UNIX domain socket group ownership. This can be used to

# allow a 'trusted' set of users access to management capabilities

# without becoming root.

#

# This setting is not required or honoured if using systemd socket

# activation.

#

# This is restricted to 'root' by default.

#unix_sock_group = "libvirt"

# Set the UNIX socket permissions for the R/O socket. This is used

# for monitoring VM status only

#

# This setting is not required or honoured if using systemd socket

# activation.

#

# Default allows any user. If setting group ownership, you may want to

# restrict this too.

#unix_sock_ro_perms = "0777"

# Set the UNIX socket permissions for the R/W socket. This is used

# for full management of VMs

#

# This setting is not required or honoured if using systemd socket

# activation.

#

# Default allows only root. If PolicyKit is enabled on the socket,

# the default will change to allow everyone (eg, 0777)

#

# If not using PolicyKit and setting group ownership for access

# control, then you may want to relax this too.

#unix_sock_rw_perms = "0770"

# Set the UNIX socket permissions for the admin interface socket.

#

# This setting is not required or honoured if using systemd socket

# activation.

#

# Default allows only owner (root), do not change it unless you are

# sure to whom you are exposing the access to.

#unix_sock_admin_perms = "0700"

# Set the name of the directory in which sockets will be found/created.

#

# This setting is not required or honoured if using systemd socket

# activation with systemd version >= 227

#

#unix_sock_dir = "/run/libvirt"

#################################################################

#

# Authentication.

#

# There are the following choices available:

#

#  - none: do not perform auth checks. If you can connect to the

#          socket you are allowed. This is suitable if there are

#          restrictions on connecting to the socket (eg, UNIX

#          socket permissions), or if there is a lower layer in

#          the network providing auth (eg, TLS/x509 certificates)

#

#  - sasl: use SASL infrastructure. The actual auth scheme is then

#          controlled from /etc/sasl2/libvirt.conf. For the TCP

#          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.

#          For non-TCP or TLS sockets, any scheme is allowed.

#

#  - polkit: use PolicyKit to authenticate. This is only suitable

#            for use on the UNIX sockets. The default policy will

#            require a user to supply their own password to gain

#            full read/write access (aka sudo like), while anyone

#            is allowed read/only access.

#

# Set an authentication scheme for UNIX read-only sockets

#

# By default socket permissions allow anyone to connect

#

# If libvirt was compiled without support for 'polkit', then

# no access control checks are done, but libvirt still only

# allows execution of APIs which don't change state.

#

# If libvirt was compiled with support for 'polkit', then

# the libvirt socket will perform a check with polkit after

# connections. The default policy still allows any local

# user access.

#

# To restrict monitoring of domains you may wish to either

# enable 'sasl' here, or change the polkit policy definition.

#auth_unix_ro = "polkit"

# Set an authentication scheme for UNIX read-write sockets.

#

# If libvirt was compiled without support for 'polkit', then

# the systemd .socket files will use SocketMode=0600 by default

# thus only allowing root user to connect, and 'auth_unix_rw'

# will default to 'none'.

#

# If libvirt was compiled with support for 'polkit', then

# the systemd .socket files will use SocketMode=0666 which

# allows any user to connect and 'auth_unix_rw' will default

# to 'polkit'. If you disable use of 'polkit' here, then it

# is essential to change the systemd SocketMode parameter

# back to 0600, to avoid an insecure configuration.

#

#auth_unix_rw = "polkit"

# Change the authentication scheme for TCP sockets.

#

# If you don't enable SASL, then all TCP traffic is cleartext.

# Don't do this outside of a dev/test scenario. For real world

# use, always enable SASL and use the GSSAPI or DIGEST-MD5

# mechanism in /etc/sasl2/libvirt.conf

#auth_tcp = "sasl"

# Change the authentication scheme for TLS sockets.

#

# TLS sockets already have encryption provided by the TLS

# layer, and limited authentication is done by certificates

#

# It is possible to make use of any SASL authentication

# mechanism as well, by using 'sasl' for this option

#auth_tls = "none"

# Enforce a minimum SSF value for TCP sockets

#

# The default minimum is currently 56 (single-DES) which will

# be raised to 112 in the future.

#

# This option can be used to set values higher than 112

#tcp_min_ssf = 112

# Change the API access control scheme

#

# By default an authenticated user is allowed access

# to all APIs. Access drivers can place restrictions

# on this. By default the 'nop' driver is enabled,

# meaning no access control checks are done once a

# client has authenticated with virtproxyd

#

#access_drivers = [ "polkit" ]

#################################################################

#

# TLS x509 certificate configuration

#

# Use of TLS requires that x509 certificates be issued. The default locations

# for the certificate files is as follows:

#

#   /etc/pki/CA/cacert.pem - The CA master certificate

#   /etc/pki/libvirt/servercert.pem - The server certificate signed by cacert.pem

#   /etc/pki/libvirt/private/serverkey.pem - The server private key

#

# It is possible to override the default locations by altering the 'key_file',

# 'cert_file', and 'ca_file' values and uncommenting them below.

#

# NB, overriding the default of one location requires uncommenting and

# possibly additionally overriding the other settings.

#

# Override the default server key file path

#

#key_file = "/etc/pki/libvirt/private/serverkey.pem"

# Override the default server certificate file path

#

#cert_file = "/etc/pki/libvirt/servercert.pem"

# Override the default CA certificate path

#

#ca_file = "/etc/pki/CA/cacert.pem"

# Specify a certificate revocation list.

#

# Defaults to not using a CRL, uncomment to enable it

#crl_file = "/etc/pki/CA/crl.pem"

#################################################################

#

# Authorization controls

#

# Flag to disable verification of our own server certificates

#

# When virtproxyd starts it performs some sanity checks against

# its own certificates.

#

# Default is to always run sanity checks. Uncommenting this

# will disable sanity checks which is not a good idea

#tls_no_sanity_certificate = 1

# Flag to disable verification of client certificates

#

# Client certificate verification is the primary authentication mechanism.

# Any client which does not present a certificate signed by the CA

# will be rejected.

#

# Default is to always verify. Uncommenting this will disable

# verification.

#tls_no_verify_certificate = 1

# An access control list of allowed x509 Distinguished Names

# This list may contain wildcards such as

#

#    "C=GB,ST=London,L=London,O=Red Hat,CN=*"

#

# Any * matches any number of consecutive spaces, like a simplified glob(7).

#

# The format of the DN for a particular certificate can be queried

# using:

#

#    virt-pki-query-dn clientcert.pem

#

# NB If this is an empty list, no client can connect, so comment out

# entirely rather than using empty list to disable these checks

#

# By default, no DN's are checked

#tls_allowed_dn_list = ["DN1", "DN2"]

# Override the compile time default TLS priority string. The

# default is usually "NORMAL" unless overridden at build time.

# Only set this is it is desired for libvirt to deviate from

# the global default settings.

#

#tls_priority="NORMAL"

# An access control list of allowed SASL usernames. The format for username

# depends on the SASL authentication mechanism. Kerberos usernames

# look like username@REALM

#

# This list may contain wildcards such as

#

#    "*@EXAMPLE.COM"

#

# See the g_pattern_match function for the format of the wildcards.

#

# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html

#

# NB If this is an empty list, no client can connect, so comment out

# entirely rather than using empty list to disable these checks

#

# By default, no Username's are checked

#sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ]

#################################################################

#

# Processing controls

#

# The maximum number of concurrent client connections to allow

# over all sockets combined.

#max_clients = 5000

# The maximum length of queue of connections waiting to be

# accepted by the daemon. Note, that some protocols supporting

# retransmission may obey this so that a later reattempt at

# connection succeeds.

#max_queued_clients = 1000

# The maximum length of queue of accepted but not yet

# authenticated clients. The default value is 20. Set this to

# zero to turn this feature off.

#max_anonymous_clients = 20

# The minimum limit sets the number of workers to start up

# initially. If the number of active clients exceeds this,

# then more threads are spawned, up to max_workers limit.

# Typically you'd want max_workers to equal maximum number

# of clients allowed

#min_workers = 5

#max_workers = 20

# The number of priority workers. If all workers from above

# pool are stuck, some calls marked as high priority

# (notably domainDestroy) can be executed in this pool.

#prio_workers = 5

# Limit on concurrent requests from a single client

# connection. To avoid one client monopolizing the server

# this should be a small fraction of the global max_workers

# parameter.

#max_client_requests = 5

# Same processing controls, but this time for the admin interface.

# For description of each option, be so kind to scroll few lines

# upwards.

#admin_min_workers = 1

#admin_max_workers = 5

#admin_max_clients = 5

#admin_max_queued_clients = 5

#admin_max_client_requests = 5

#################################################################

#

# Logging controls

#

# Logging level: 4 errors, 3 warnings, 2 information, 1 debug

# basically 1 will log everything possible

#

# WARNING: USE OF THIS IS STRONGLY DISCOURAGED.

#

# WARNING: It outputs too much information to practically read.

# WARNING: The "log_filters" setting is recommended instead.

#

# WARNING: Journald applies rate limiting of messages and so libvirt

# WARNING: will limit "log_level" to only allow values 3 or 4 if

# WARNING: journald is the current output.

#

# WARNING: USE OF THIS IS STRONGLY DISCOURAGED.

#log_level = 3

# Logging filters:

# A filter allows to select a different logging level for a given category

# of logs. The format for a filter is:

#

#    level:match

#

# where 'match' is a string which is matched against the category

# given in the VIR_LOG_INIT() at the top of each libvirt source

# file, e.g., "remote", "qemu", or "util.json". The 'match' in the

# filter matches using shell wildcard syntax (see 'man glob(7)').

# The 'match' is always treated as a substring match. IOW a match

# string 'foo' is equivalent to '*foo*'.

#

# 'level' is the minimal level where matching messages should

#  be logged:

#

#    1: DEBUG

#    2: INFO

#    3: WARNING

#    4: ERROR

#

# Multiple filters can be defined in a single @log_filters, they just need

# to be separated by spaces. Note that libvirt performs "first" match, i.e.

# if there are concurrent filters, the first one that matches will be applied,

# given the order in @log_filters.

#

# A typical need is to capture information from a hypervisor driver,

# public API entrypoints and some of the utility code. Some utility

# code is very verbose and is generally not desired. Taking the QEMU

# hypervisor as an example, a suitable filter string for debugging

# might be to turn off object, json & event logging, but enable the

# rest of the util code:

#

#log_filters="1:qemu 1:libvirt 4:object 4:json 4:event 1:util"

# Logging outputs:

# An output is one of the places to save logging information

# The format for an output can be:

#    level:stderr

#      output goes to stderr

#    level:syslog:name

#      use syslog for the output and use the given name as the ident

#    level:file:file_path

#      output to a file, with the given filepath

#    level:journald

#      output to journald logging system

# In all cases 'level' is the minimal priority, acting as a filter

#    1: DEBUG

#    2: INFO

#    3: WARNING

#    4: ERROR

#

# Multiple outputs can be defined, they just need to be separated by spaces.

# e.g. to log all warnings and errors to syslog under the virtproxyd ident:

#log_outputs="3:syslog:virtproxyd"

##################################################################

#

# Auditing

#

# This setting allows usage of the auditing subsystem to be altered:

#

#   audit_level == 0  -> disable all auditing

#   audit_level == 1  -> enable auditing, only if enabled on host (default)

#   audit_level == 2  -> enable auditing, and exit if disabled on host

#

#audit_level = 2

#

# If set to 1, then audit messages will also be sent

# via libvirt logging infrastructure. Defaults to 0

#

#audit_logging = 1

###################################################################

# UUID of the host:

# Host UUID is read from one of the sources specified in host_uuid_source.

#

# - 'smbios': fetch the UUID from 'dmidecode -s system-uuid'

# - 'machine-id': fetch the UUID from /etc/machine-id

#

# The host_uuid_source default is 'smbios'. If 'dmidecode' does not provide

# a valid UUID a temporary UUID will be generated.

#

# Another option is to specify host UUID in host_uuid.

#

# Keep the format of the example UUID below. UUID must not have all digits

# be the same.

# NB This default all-zeros UUID will not work. Replace

# it with the output of the 'uuidgen' command and then

# uncomment this entry

#host_uuid = "00000000-0000-0000-0000-000000000000"

#host_uuid_source = "smbios"

###################################################################

# Keepalive protocol:

# This allows virtproxyd to detect broken client connections or even

# dead clients.  A keepalive message is sent to a client after

# keepalive_interval seconds of inactivity to check if the client is

# still responding; keepalive_count is a maximum number of keepalive

# messages that are allowed to be sent to the client without getting

# any response before the connection is considered broken.  In other

# words, the connection is automatically closed approximately after

# keepalive_interval * (keepalive_count + 1) seconds since the last

# message received from the client.  If keepalive_interval is set to

# -1, virtproxyd will never send keepalive requests; however clients

# can still send them and the daemon will send responses.  When

# keepalive_count is set to 0, connections will be automatically

# closed after keepalive_interval seconds of inactivity without

# sending any keepalive messages.

#

#keepalive_interval = 5

#keepalive_count = 5

#

# These configuration options are no longer used.  There is no way to

# restrict such clients from connecting since they first need to

# connect in order to ask for keepalive.

#

#keepalive_required = 1

#admin_keepalive_required = 1

# Keepalive settings for the admin interface

#admin_keepalive_interval = 5

#admin_keepalive_count = 5

###################################################################

# Open vSwitch:

# This allows to specify a timeout for openvswitch calls made by

# libvirt. The ovs-vsctl utility is used for the configuration and

# its timeout option is set by default to 5 seconds to avoid

# potential infinite waits blocking libvirt.

#

#ovs_timeout = 5