[Pkg-xen-changes] [xen] 36/36: Re-add copy of xend config
Bastian Blank
waldi at moszumanska.debian.org
Sun Dec 14 21:06:38 UTC 2014
This is an automated email from the git hooks/post-receive script.
waldi pushed a commit to branch feature/4.5.0-rc3
in repository xen.
commit 7085326f502793fe7f1d2772e3c0a0e760335a19
Author: Bastian Blank <waldi at debian.org>
Date: Sun Dec 14 21:32:27 2014 +0100
Re-add copy of xend config
---
debian/changelog | 1 +
.../tree/xen-utils-common/etc/xen/xend-config.sxp | 306 +++++++++++++++++++++
.../etc/xen/xend-pci-permissive.sxp | 27 ++
.../xen-utils-common/etc/xen/xend-pci-quirks.sxp | 96 +++++++
debian/xen-utils-common.install | 1 -
5 files changed, 430 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index d1c702b..3783940 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
xen (4.5.0~rc3-1) UNRELEASED; urgency=medium
* New upstream release candidate.
+ * Re-add xend config.
-- Bastian Blank <waldi at debian.org> Sun, 14 Dec 2014 18:58:02 +0100
diff --git a/debian/tree/xen-utils-common/etc/xen/xend-config.sxp b/debian/tree/xen-utils-common/etc/xen/xend-config.sxp
new file mode 100644
index 0000000..93a24fd
--- /dev/null
+++ b/debian/tree/xen-utils-common/etc/xen/xend-config.sxp
@@ -0,0 +1,306 @@
+# -*- sh -*-
+
+#
+# Xend configuration file.
+#
+
+# This example configuration is appropriate for an installation that
+# utilizes a bridged network configuration. Access to xend via http
+# is disabled.
+
+# Commented out entries show the default for that entry, unless otherwise
+# specified.
+
+#(logfile /var/log/xen/xend.log)
+#(loglevel DEBUG)
+
+# Uncomment the line below. Set the value to flask, acm, or dummy to
+# select a security module.
+
+#(xsm_module_name dummy)
+
+# The Xen-API server configuration.
+#
+# This value configures the ports, interfaces, and access controls for the
+# Xen-API server. Each entry in the list starts with either unix, a port
+# number, or an address:port pair. If this is "unix", then a UDP socket is
+# opened, and this entry applies to that. If it is a port, then Xend will
+# listen on all interfaces on that TCP port, and if it is an address:port
+# pair, then Xend will listen on the specified port, using the interface with
+# the specified address.
+#
+# The subsequent string configures the user-based access control for the
+# listener in question. This can be one of "none" or "pam", indicating either
+# that users should be allowed access unconditionally, or that the local
+# Pluggable Authentication Modules configuration should be used. If this
+# string is missing or empty, then "pam" is used.
+#
+# The final string gives the host-based access control for that listener. If
+# this is missing or empty, then all connections are accepted. Otherwise,
+# this should be a space-separated sequence of regular expressions; any host
+# with a fully-qualified domain name or an IP address that matches one of
+# these regular expressions will be accepted.
+#
+# Example: listen on TCP port 9363 on all interfaces, accepting connections
+# only from machines in example.com or localhost, and allow access through
+# the unix domain socket unconditionally:
+#
+# (xen-api-server ((9363 pam '^localhost$ example\\.com$')
+# (unix none)))
+#
+# Optionally, the TCP Xen-API server can use SSL by specifying the private
+# key and certificate location:
+#
+# (9367 pam '' xen-api.key xen-api.crt)
+#
+# Default:
+# (xen-api-server ((unix)))
+
+
+#(xend-http-server no)
+#(xend-unix-server no)
+#(xend-tcp-xmlrpc-server no)
+#(xend-unix-xmlrpc-server yes)
+#(xend-relocation-server no)
+#(xend-relocation-ssl-server no)
+#(xend-udev-event-server no)
+
+#(xend-unix-path /var/lib/xend/xend-socket)
+
+
+# Address and port xend should use for the legacy TCP XMLRPC interface,
+# if xend-tcp-xmlrpc-server is set.
+#(xend-tcp-xmlrpc-server-address 'localhost')
+#(xend-tcp-xmlrpc-server-port 8006)
+
+# SSL key and certificate to use for the legacy TCP XMLRPC interface.
+# Setting these will mean that this port serves only SSL connections as
+# opposed to plaintext ones.
+#(xend-tcp-xmlrpc-server-ssl-key-file xmlrpc.key)
+#(xend-tcp-xmlrpc-server-ssl-cert-file xmlrpc.crt)
+
+
+# Port xend should use for the HTTP interface, if xend-http-server is set.
+#(xend-port 8000)
+
+# Port xend should use for the relocation interface, if xend-relocation-server
+# is set.
+#(xend-relocation-port 8002)
+
+# Port xend should use for the ssl relocation interface, if
+# xend-relocation-ssl-server is set.
+#(xend-relocation-ssl-port 8003)
+
+# SSL key and certificate to use for the ssl relocation interface, if
+# xend-relocation-ssl-server is set.
+#(xend-relocation-server-ssl-key-file xmlrpc.key)
+#(xend-relocation-server-ssl-cert-file xmlrpc.crt)
+
+# Whether to use ssl as default when relocating.
+#(xend-relocation-ssl no)
+
+# Address xend should listen on for HTTP connections, if xend-http-server is
+# set.
+# Specifying 'localhost' prevents remote connections.
+# Specifying the empty string '' (the default) allows all connections.
+#(xend-address '')
+#(xend-address localhost)
+
+# Address xend should listen on for relocation-socket connections, if
+# xend-relocation-server is set.
+# Meaning and default as for xend-address above.
+# Also, interface name is allowed (e.g. eth0) there to get the
+# relocation address to be bound on.
+#(xend-relocation-address '')
+
+# The hosts allowed to talk to the relocation port. If this is empty (the
+# default), then all connections are allowed (assuming that the connection
+# arrives on a port and interface on which we are listening; see
+# xend-relocation-port and xend-relocation-address above). Otherwise, this
+# should be a space-separated sequence of regular expressions. Any host with
+# a fully-qualified domain name or an IP address that matches one of these
+# regular expressions will be accepted.
+#
+# For example:
+# (xend-relocation-hosts-allow '^localhost$ ^.*\\.example\\.org$')
+#
+#(xend-relocation-hosts-allow '')
+
+# The limit (in kilobytes) on the size of the console buffer
+#(console-limit 1024)
+
+##
+# NOTE:
+# Please read /usr/share/doc/xen-utils-common/README.Debian for Debian specific
+# informations about the network setup.
+
+##
+# To bridge network traffic, like this:
+#
+# dom0: ----------------- bridge -> real eth0 -> the network
+# |
+# domU: fake eth0 -> vifN.0 -+
+#
+# use
+#
+# (network-script network-bridge)
+#
+# Your default ethernet device is used as the outgoing interface, by default.
+# To use a different one (e.g. eth1) use
+#
+# (network-script 'network-bridge netdev=eth1')
+#
+# The bridge is named eth0, by default (yes, really!)
+#
+
+# It is normally much better to create the bridge yourself in
+# /etc/network/interfaces. network-bridge start does nothing if you
+# already have a bridge, and network-bridge stop does nothing if the
+# default bridge name (normally eth0) is not a bridge. See
+# bridge-utils-interfaces(5) for full information on the syntax in
+# /etc/network/interfaces, but you probably want something like this:
+# iface xenbr0 inet static
+# address [etc]
+# netmask [etc]
+# [etc]
+# bridge_ports eth0
+#
+# To have network-bridge create a differently-named bridge, use:
+# (network-script 'network-bridge bridge=<name>')
+#
+# It is possible to use the network-bridge script in more complicated
+# scenarios, such as having two outgoing interfaces, with two bridges, and
+# two fake interfaces per guest domain. To do things like this, write
+# yourself a wrapper script, and call network-bridge from it, as appropriate.
+#
+
+# The script used to control virtual interfaces. This can be overridden on a
+# per-vif basis when creating a domain or a configuring a new vif. The
+# vif-bridge script is designed for use with the network-bridge script, or
+# similar configurations.
+#
+# If you have overridden the bridge name using
+# (network-script 'network-bridge bridge=<name>') then you may wish to do the
+# same here. The bridge name can also be set when creating a domain or
+# configuring a new vif, but a value specified here would act as a default.
+#
+# If you are using only one bridge, the vif-bridge script will discover that,
+# so there is no need to specify it explicitly. The default is to use
+# the bridge which is listed first in the output from brctl.
+#
+(vif-script vif-bridge)
+
+
+## Use the following if network traffic is routed, as an alternative to the
+# settings for bridged networking given above.
+#(network-script network-route)
+#(vif-script vif-route)
+
+
+## Use the following if network traffic is routed with NAT, as an alternative
+# to the settings for bridged networking given above.
+#(network-script network-nat)
+#(vif-script vif-nat)
+
+# dom0-min-mem is the lowest permissible memory level (in MB) for dom0.
+# This is a minimum both for auto-ballooning (as enabled by
+# enable-dom0-ballooning below) and for xm mem-set when applied to dom0.
+(dom0-min-mem 196)
+
+# Whether to enable auto-ballooning of dom0 to allow domUs to be created.
+# If enable-dom0-ballooning = no, dom0 will never balloon out.
+(enable-dom0-ballooning yes)
+
+# 32-bit paravirtual domains can only consume physical
+# memory below 168GB. On systems with memory beyond that address,
+# they'll be confined to memory below 128GB.
+# Using total_available_memory (in GB) to specify the amount of memory reserved
+# in the memory pool exclusively for 32-bit paravirtual domains.
+# Additionally you should use dom0_mem = <-Value> as a parameter in
+# xen kernel to reserve the memory for 32-bit paravirtual domains, default
+# is "0" (0GB).
+(total_available_memory 0)
+
+# In SMP system, dom0 will use dom0-cpus # of CPUS
+# If dom0-cpus = 0, dom0 will take all cpus available
+(dom0-cpus 0)
+
+# Whether to enable core-dumps when domains crash.
+#(enable-dump no)
+
+# The tool used for initiating virtual TPM migration
+#(external-migration-tool '')
+
+# The interface for VNC servers to listen on. Defaults
+# to 127.0.0.1 To restore old 'listen everywhere' behaviour
+# set this to 0.0.0.0
+#(vnc-listen '127.0.0.1')
+
+# The default password for VNC console on HVM domain.
+# Empty string is no authentication.
+(vncpasswd '')
+
+# The VNC server can be told to negotiate a TLS session
+# to encryption all traffic, and provide x509 cert to
+# clients enabling them to verify server identity. The
+# GTK-VNC widget, virt-viewer, virt-manager and VeNCrypt
+# all support the VNC extension for TLS used in QEMU. The
+# TightVNC/RealVNC/UltraVNC clients do not.
+#
+# To enable this create x509 certificates / keys in the
+# directory ${XEN_CONFIG_DIR} + vnc
+#
+# ca-cert.pem - The CA certificate
+# server-cert.pem - The Server certificate signed by the CA
+# server-key.pem - The server private key
+#
+# and then uncomment this next line
+# (vnc-tls 1)
+
+# The certificate dir can be pointed elsewhere..
+#
+# (vnc-x509-cert-dir vnc)
+
+# The server can be told to request & validate an x509
+# certificate from the client. Only clients with a cert
+# signed by the trusted CA will be able to connect. This
+# is more secure the password auth alone. Passwd auth can
+# used at the same time if desired. To enable client cert
+# checking uncomment this:
+#
+# (vnc-x509-verify 1)
+
+# The default keymap to use for the VM's virtual keyboard
+# when not specififed in VM's configuration
+#(keymap 'en-us')
+
+# Script to run when the label of a resource has changed.
+#(resource-label-change-script '')
+
+# Rotation count of qemu-dm log file.
+#(qemu-dm-logrotate-count 10)
+
+# Path where persistent domain configuration is stored.
+# Default is /var/lib/xend/domains/
+#(xend-domains-path /var/lib/xend/domains)
+
+# Number of seconds xend will wait for device creation and
+# destruction
+#(device-create-timeout 100)
+#(device-destroy-timeout 100)
+
+# When assigning device to HVM guest, we use the strict check for HVM guest by
+# default. (For PV guest, we use loose check automatically if necessary.)
+# When we assign device to HVM guest, if we meet with the co-assignment
+# issues or the ACS issue, we could try changing the option to 'no' -- however,
+# we have to realize this may incur security issue and we can't make sure the
+# device assignment could really work properly even after we do this.
+#(pci-passthrough-strict-check yes)
+
+# If we have a very big scsi device configuration, start of xend is slow,
+# because xend scans all the device paths to build its internal PSCSI device
+# list. If we need only a few devices for assigning to a guest, we can reduce
+# the scan to this device. Set list list of device paths in same syntax like in
+# command lsscsi, e.g. ('16:0:0:0' '15:0')
+# (pscsi-device-mask ('*'))
+
diff --git a/debian/tree/xen-utils-common/etc/xen/xend-pci-permissive.sxp b/debian/tree/xen-utils-common/etc/xen/xend-pci-permissive.sxp
new file mode 100644
index 0000000..1a3fb90
--- /dev/null
+++ b/debian/tree/xen-utils-common/etc/xen/xend-pci-permissive.sxp
@@ -0,0 +1,27 @@
+###############################################################################
+# Configuration file for granting quiry PCI devices full write access to their
+# configuration space. This file should only be used when you are unable to
+# determine the exact registers required by your device. Even so, it should
+# be used only temporarily.
+#
+# SEND A MESSAGE TO xen-devel at lists.xensource.com IF YOU USE THIS FILE.
+#
+# Using this file should NOT be necessary. If you must use it to make some
+# device work, send a message to the above list with as much information about
+# your device as possible so the developers can make accomodations for it.
+# Once developers make the necessary updates you can remove the corresponding
+# entry for your device.
+###############################################################################
+# Entries are formated as follows: <vendor>:<device>[:<subvendor>:<subdevice>]
+#
+# Example: Appending to an existing list
+#
+# (unconstrained_dev_ids
+# ('XXXX:XXXX:XXXX:XXXX' # existing entry
+# 'YYYY:YYYY:YYYY:YYYY' # new entry 1
+# 'ZZZZ:ZZZZ') # new entry 2
+# )
+###############################################################################
+(unconstrained_dev_ids
+ #('0123:4567:89AB:CDEF')
+)
diff --git a/debian/tree/xen-utils-common/etc/xen/xend-pci-quirks.sxp b/debian/tree/xen-utils-common/etc/xen/xend-pci-quirks.sxp
new file mode 100644
index 0000000..6bce4b8
--- /dev/null
+++ b/debian/tree/xen-utils-common/etc/xen/xend-pci-quirks.sxp
@@ -0,0 +1,96 @@
+###############################################################################
+# Configuration file for quirky PCI devices that require write-access to
+# parts of the configuration space. Use this file to specific PCI device
+# IDs and the configuration space fields to which those devices must be
+# able to write.
+#
+# Length is important, so be sure to match new entries with the
+# lengths of comparable existing entries.
+#
+# Additions to this file take effect as soon as a new domain with a
+# matching device is started. However, to remove a field that was
+# previously applied to a device you must unbind the device from
+# pciback.
+###############################################################################
+# This is a bogus entry to show how a new device would be added to the list
+#
+# (new_quirky_dev_name
+# (pci_ids
+# ('0123:4567:890A:BCEF')
+# )
+#
+# (pci_config_space_fields
+# ('12345678:1:00000000')
+# )
+# )
+###############################################################################
+
+(tg3
+ (pci_ids
+ # Entries are formated as follows:
+ # <vendor>:<device>[:<subvendor>:<subdevice>]
+ ('14e4:1644' # Broadcom Tigon3 5700
+ '14e4:1645' # Broadcom Tigon3 5701
+ '14e4:1646' # Broadcom Tigon3 5702
+ '14e4:1647' # Broadcom Tigon3 5703
+ '14e4:1648' # Broadcom Tigon3 5704
+ '14e4:164d' # Broadcom Tigon3 5702FE
+ '14e4:1653' # Broadcom Tigon3 5705
+ '14e4:1654' # Broadcom Tigon3 5705_2
+ '14e4:165d' # Broadcom Tigon3 5705M
+ '14e4:165e' # Broadcom Tigon3 5705M_2
+ '14e4:16a6' # Broadcom Tigon3 5702X
+ '14e4:16a7' # Broadcom Tigon3 5703X
+ '14e4:16a8' # Broadcom Tigon3 5704S
+ '14e4:16c6' # Broadcom Tigon3 5702A3
+ '14e4:16c7' # Broadcom Tigon3 5703A3
+ '14e4:1696' # Broadcom Tigon3 5782
+ '14e4:169c' # Broadcom Tigon3 5788
+ '14e4:169d' # Broadcom Tigon3 5789
+ '14e4:170d' # Broadcom Tigon3 5901
+ '14e4:1649' # Broadcom Tigon3 5704S_2
+ '14e4:166e' # Broadcom Tigon3 5705F
+ '14e4:1658' # Broadcom Tigon3 5720
+ '14e4:1659' # Broadcom Tigon3 5721
+ '14e4:1676' # Broadcom Tigon3 5750
+ '14e4:1677' # Broadcom Tigon3 5751
+ '14e4:167c' # Broadcom Tigon3 5750M
+ '14e4:167d' # Broadcom Tigon3 5751M
+ '14e4:167e' # Broadcom Tigon3 5751F
+ '14e4:1600' # Broadcom Tigon3 5752
+ '14e4:1601' # Broadcom Tigon3 5752M
+ '14e4:16f7' # Broadcom Tigon3 5753
+ '14e4:16fd' # Broadcom Tigon3 5753M
+ '14e4:16fe' # Broadcom Tigon3 5753F
+ '14e4:1668' # Broadcom Tigon3 5714
+ '14e4:1678' # Broadcom Tigon3 5715
+ '14e4:166a' # Broadcom Tigon3 5780
+ '14e4:166b' # Broadcom Tigon3 5780S
+ '14e4:16dd' # Broadcom Tigon3 5781
+ '1148:4400' # Syskonnect 9DXX
+ '1148:4500' # Syskonnect 9MXX
+ '173b:03e8' # Altima AC1000
+ '173b:03e9' # Altima AC1001
+ '173b:03eb' # Altima AC1003
+ '173b:03ea' # Altima AC9100
+ '106b:1645') # Apple Tigon3
+ )
+
+ (pci_config_space_fields
+ # Entries are formated as follows:
+ # <register>:<size>:<mask>
+ # size is measured in bytes (1,2,4 are valid sizes)
+ # mask is currently unused; use all zero's
+ ('00000078:4:00000000' # TG3PCI_REG_BASE_ADDR
+ '0000007c:4:00000000' # TG3PCI_MEM_WIN_BASE_ADDR
+ '00000080:4:00000000' # TG3PCI_REG_DATA
+ '00000084:4:00000000' # TG3PCI_MEM_WIN_DATA
+ '00000090:4:00000000' # TG3PCI_MISC_LOCAL_CTRL
+ '00000068:4:00000000' # TG3PCI_MISC_HOST_CTRL
+ '0000009C:4:00000000' # TG3PCI_STD_RING_PROD_IDX + TG3_64BIT_REG_LOW
+ '00000098:4:00000000' # TG3PCI_STD_RING_PROD_IDX + TG3_64BIT_REG_HIGH
+ '000000a4:4:00000000' # TG3PCI_RCV_RET_RING_CON_IDX + TG3_64BIT_REG_LOW
+ '000000a0:4:00000000' # TG3PCI_RCV_RET_RING_CON_IDX + TG3_64BIT_REG_HIGH
+ '00000070:4:00000000') # TG3PCI_PCISTATE
+ )
+)
diff --git a/debian/xen-utils-common.install b/debian/xen-utils-common.install
index 57a95cc..3ea6597 100644
--- a/debian/xen-utils-common.install
+++ b/debian/xen-utils-common.install
@@ -4,4 +4,3 @@ lib/udev/rules.d/*.rules
usr/lib/xen-common
usr/sbin
../../tree/xen-utils-common/* /
-../../../tools/examples/xend*
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-xen/xen.git
More information about the Pkg-xen-changes
mailing list