Author: Not specified Language: text
Description: Not specified Timestamp: 2010-05-26 12:00:16 -0400
View raw paste Reply
  1. # Master configuration file for the QEMU driver.
  2. # All settings described here are optional - if omitted, sensible
  3. # defaults are used.
  4.  
  5. # VNC is configured to listen on 127.0.0.1 by default.
  6. # To make it listen on all public interfaces, uncomment
  7. # this next option.
  8. #
  9. # NB, strong recommendation to enable TLS + x509 certificate
  10. # verification when allowing public access
  11. #
  12. # vnc_listen = "0.0.0.0"
  13.  
  14.  
  15. # Enable use of TLS encryption on the VNC server. This requires
  16. # a VNC client which supports the VeNCrypt protocol extension.
  17. # Examples include vinagre, virt-viewer, virt-manager and vencrypt
  18. # itself. UltraVNC, RealVNC, TightVNC do not support this
  19. #
  20. # It is necessary to setup CA and issue a server certificate
  21. # before enabling this.
  22. #
  23. # vnc_tls = 1
  24.  
  25.  
  26. # Use of TLS requires that x509 certificates be issued. The
  27. # default it to keep them in /etc/pki/libvirt-vnc. This directory
  28. # must contain
  29. #
  30. #  ca-cert.pem - the CA master certificate
  31. #  server-cert.pem - the server certificate signed with ca-cert.pem
  32. #  server-key.pem  - the server private key
  33. #
  34. # This option allows the certificate directory to be changed
  35. #
  36. # vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
  37.  
  38.  
  39. # The default TLS configuration only uses certificates for the server
  40. # allowing the client to verify the server's identity and establish
  41. # and encrypted channel.
  42. #
  43. # It is possible to use x509 certificates for authentication too, by
  44. # issuing a x509 certificate to every client who needs to connect.
  45. #
  46. # Enabling this option will reject any client who does not have a
  47. # certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
  48. #
  49. # vnc_tls_x509_verify = 1
  50.  
  51.  
  52. # The default VNC password. Only 8 letters are significant for
  53. # VNC passwords. This parameter is only used if the per-domain
  54. # XML config does not already provide a password. To allow
  55. # access without passwords, leave this commented out. An empty
  56. # string will still enable passwords, but be rejected by QEMU
  57. # effectively preventing any use of VNC. Obviously change this
  58. # example here before you set this
  59. #
  60. # vnc_password = "XYZ12345"
  61.  
  62.  
  63. # Enable use of SASL encryption on the VNC server. This requires
  64. # a VNC client which supports the SASL protocol extension.
  65. # Examples include vinagre, virt-viewer and virt-manager
  66. # itself. UltraVNC, RealVNC, TightVNC do not support this
  67. #
  68. # It is necessary to configure /etc/sasl2/qemu.conf to choose
  69. # the desired SASL plugin (eg, GSSPI for Kerberos)
  70. #
  71. # vnc_sasl = 1
  72.  
  73.  
  74. # The default SASL configuration file is located in /etc/sasl2/
  75. # When running libvirtd unprivileged, it may be desirable to
  76. # override the configs in this location. Set this parameter to
  77. # point to the directory, and create a qemu.conf in that location
  78. #
  79. # vnc_sasl_dir = "/some/directory/sasl2"
  80.  
  81.  
  82.  
  83.  
  84. # The default security driver is SELinux. If SELinux is disabled
  85. # on the host, then the security driver will automatically disable
  86. # itself. If you wish to disable QEMU SELinux security driver while
  87. # leaving SELinux enabled for the host in general, then set this
  88. # to 'none' instead
  89. #
  90. # security_driver = "selinux"
  91. security_driver = "none"
  92.  
  93.  
  94. # The user ID for QEMU processes run by the system instance
  95. #user = "libvirt-qemu"
  96. user = "root"
  97.  
  98. # The group ID for QEMU processes run by the system instance
  99. #group = "kvm"
  100. group = "root"
  101.  
  102.  
  103. # What cgroup controllers to make use of with QEMU guests
  104. #
  105. #  - 'cpu' - use for schedular tunables
  106. #  - 'devices' - use for device whitelisting
  107. #
  108. # NB, even if configured here, they won't be used unless
  109. # the adminsitrator has mounted cgroups. eg
  110. #
  111. #  mkdir /dev/cgroup
  112. #  mount -t cgroup -o devices,cpu none /dev/cgroup
  113. #
  114. # They can be mounted anywhere, and different controlers
  115. # can be mounted in different locations. libvirt will detect
  116. # where they are located.
  117. #
  118. # cgroup_controllers = [ "cpu", "devices" ]
  119.  
  120. # This is the basic set of devices allowed / required by
  121. # all virtual machines.
  122. #
  123. # As well as this, any configured block backed disks,
  124. # all sound device, and all PTY devices are allowed.
  125. #
  126. # This will only need setting if newer QEMU suddenly
  127. # wants some device we don't already know a bout.
  128. #
  129. #cgroup_device_acl = [
  130. #    "/dev/null", "/dev/full", "/dev/zero",
  131. #    "/dev/random", "/dev/urandom",
  132. #    "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
  133. #    "/dev/rtc", "/dev/hpet", "/dev/net/tun",
  134. #]
  135.  
  136. # The default format for Qemu/KVM guest save images is raw; that is, the
  137. # memory from the domain is dumped out directly to a file.  If you have
  138. # guests with a large amount of memory, however, this can take up quite
  139. # a bit of space.  If you would like to compress the images while they
  140. # are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz"
  141. # for save_image_format.  Note that this means you slow down the process of
  142. # saving a domain in order to save disk space; the list above is in descending
  143. # order by performance and ascending order by compression ratio.
  144. #
  145. # save_image_format = "raw"
  146.  
  147. # If provided by the host and a hugetlbfs mount point is configured,
  148. # a guest may request huge page backing.  When this mount point is
  149. # unspecified here, determination of a host mount point in /proc/mounts
  150. # will be attempted.  Specifying an explicit mount overrides detection
  151. # of the same in /proc/mounts.  Setting the mount point to "" will
  152. # disable guest hugepage backing.
  153. #
  154. # NB, within this mount point, guests will create memory backing files
  155. # in a location of  $MOUNTPOINT/libvirt/qemu
  156.  
  157. # hugetlbfs_mount = "/dev/hugepages"
  158.  
  159. # mac_filter enables MAC addressed based filtering on bridge ports.
  160. # This currently requires ebtables to be installed.
  161. #
  162. # mac_filter = 1
View raw paste Reply