ArcRaven/archipel.conf

## archipel.conf
#
# archipel.conf
#
# Copyright (C) 2010 Antoine Mercadal <antoine.mercadal@inframonde.eu>
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.


###############################################################################
###############################################################################


#
# General configuration. You should just need to edit these values
#
[DEFAULT]

# the default XMPP server to user
xmpp_server                 = FQDN_EJABBERD_SERVER

# archipel's data folder
archipel_folder_lib         = /var/lib/archipel/

# this UUID will be used to identify the hypervisor
# internally. It MUST be different foreach one over
# your platform. You can generate a new one using
# uuidgen command
archipel_general_uuid       = a933cf21-d64a-3f9b-929e-449ac88fc353

# the base working folder, where virtual machine related
# stuff will be stored
archipel_folder_data        = /vm/


###############################################################################
###############################################################################


#
# This is the main configuration parameters
#
[GLOBAL]

# jid of the xmpp pubsub server
xmpp_pubsub_server          = pubsub.%(xmpp_server)s

# jid of the root administrator
archipel_root_admin         = admin@%(xmpp_server)s

# the ip of this machine. It can be :
# - auto : the IP if found using a Internet request.
# - X.X.X.X : manual ip
machine_ip                  = auto

# if set to True, XMPP layer uses avatars
use_avatar                  = True

# Folder of the avatars
machine_avatar_directory    = %(archipel_folder_lib)s/avatars

# the uri of hypervisor
libvirt_uri                 = qemu:///system


#
# The hypervisor configuration
#
[HYPERVISOR]

# the JID of this hypervisor.
# If this account not exists, it will be created on the fly
hypervisor_xmpp_jid         = hypervisor@%(xmpp_server)s

# the XMPP password of this hypervisor
hypervisor_xmpp_password    = password

# the vCard name of hypervisor. if set to "auto"
# the hostname is used
hypervisor_name             = auto

# the sqlite3 db file to store hypervirso informations
hypervisor_database_path    = %(archipel_folder_lib)s/hypervisor.sqlite3

# the default avatar to use for hypervisor, relative to
# GLOBAL:machine_avatar_directory and if GLOBAL:use_avatar is set to True
hypervisor_default_avatar   = defaulthypervisor.png

# the file contaning auto generated names for virtual machine creation
# must be a text file containing one name per line
name_generation_file        = %(archipel_folder_lib)s/names.txt

# the database file for storing permissions (full path required)
hypervisor_permissions_database_path = %(archipel_folder_lib)s/permissions.sqlite3


#
# The virtual machines configuration
#
[VIRTUALMACHINE]

# the base folder to use to store virtual machine's own
# informations (drives, etc...)
vm_base_path                = %(archipel_folder_data)s/drives

# the default avatar to use for virtual machine, relative to
# GLOBAL:machine_avatar_directory and if GLOBAL:use_avatar is set to True
vm_default_avatar           = defaultvm.png

# the size of the random generated XMPP password
xmpp_password_size          = 32

# the maximum lifetime of a lock (in seconds)
maximum_lock_time           = 1

# use this certificate fail for VNC screen connection.
# For unsecure connection, use "None". To quickly generate a certificate:
# openssl req -new -x509 -days 365 -nodes -out vnc.pem -keyout vnc.pem
vnc_certificate_file        = /etc/ssl/cert/server.pem

# if set to True, vnc server will not accept any non secure connection
vnc_only_ssl        = True

# the database file for storing permissions (relative path required)
vm_permissions_database_path    = /permissions.sqlite3


#
# Logging configuration
#
[LOGGING]

# minimal log level. it can be in order:
# - debug
# - info
# - warning
# - error
# - critical
logging_level               = debug

# max life time of a log node in the pubsub
log_pubsub_item_expire      = 3600

# max number of stored log in the pubsub log node
log_pubsub_max_items        = 1000

# the path of file to store logs
logging_file_path           = /var/log/archipel/archipel.log

# max size in bytes of a log file before rotation
logging_max_bytes           = 5000000

# number of log backup file to keep
logging_backup_count        = 5

# the date format to use in log file.
# See http://docs.python.org/library/logging.html#formatter-objects
logging_date_format         = %Y-%m-%d %H:%M:%S

# the date format to use in log file.
# See http://docs.python.org/library/datetime.html?highlight=date#strftime-and-strptime-behavior
logging_formatter           = %(levelname)s::%(asctime)s::%(filename)s:%(lineno)s::%(message)s


#
# This allows to choose wich modules to load.
# the name of the parameter is the name the module dir.
# If the value is set to True, the module will be loaded
#
[MODULES]

hypervisor_health           = True
hypervisor_network          = True
vm_media_management         = True
geolocalization             = True
vmcasting                   = True
snapshoting                 = True
oom_killer                  = True
actions_scheduler           = True
xmppserver                  = True
iphone_appnotification      = False


###############################################################################
#                           MODULES CONFIGURATION                             #
###############################################################################


#
# HypervisorHealth module configuration
#
[HEALTH]

# the sqlite3 db file to store health informations
health_database_path        = %(archipel_folder_lib)s/statscollection.sqlite3

# data collection interval in seconds
health_collection_interval  = 5

# max datarow to store in number of data collection
# (5s * 50000collections ~ 70 hours)
max_rows_before_purge       = 50000

# number of row to store memory before saving into database
max_cached_rows             = 200


#
# Medias module configuration
#
[MEDIAS]

# the filesystem path to the shared ISO file usable
# by virtual machines
iso_base_path               = %(archipel_folder_data)s/iso


#
# Geolocalization module configuration
#
[GEOLOCALIZATION]

# set the way the hypervisor localize itself.
# can be "manual" or "auto"
localization_mode                           = auto

# manual latitude
# ignored if localization_mode=auto, mandatory if localization_mode=manual
localization_latitude                       = 0.0

# manual longitude
# ignored if localization_mode=auto, mandatory if localization_mode=manual
localization_longitude                      = 0.0

# the url of geolocalization service
# ignored if localization_mode=manual, mandatory if localization_mode=auto
localization_service_url                    = ipinfodb.com

# the query of geolocalization service
# ignored if localization_mode=manual, mandatory if localization_mode=auto
localization_service_request                = /ip_query.php

# the HTTP method of geolocalization service
# ignored if localization_mode=manual, mandatory if localization_mode=auto
localization_service_method                 = GET

# the base XML tag of geolocalization service
# must contains <latitude> and <longitude> tags
# ignored if localization_mode=manual, mandatory if localization_mode=auto
localization_service_response_root_node     = Response


#
# VMCasting module configuration
#
[VMCASTING]

# the sqlite3 db file to store vmcatsting informations
vmcasting_database_path     = %(archipel_folder_lib)s/vmcasting.sqlite3

# the folder where downloaded appliances are placed
repository_path             = %(archipel_folder_data)s/repo

# working path
temp_path                   = %(archipel_folder_data)s/tmp

# the name of vmcast
own_vmcast_name             = Local VM casts of $HOSTAME

# vmcast description
own_vmcast_description      = This is the own vmcast feed of the hypervisor $HOSTAME

# hypervisor VMCast UUID (must be unique for entire plateform)
own_vmcast_uuid             = %(archipel_general_uuid)s

# the url to access the vmcast
own_vmcast_url              = http://127.0.0.1:8088/vmcasts/

# the file to GET
own_vmcast_file_name        = rss.xml

# the langage of vmcast
own_vmcast_lang             = en-us

# file system folder of vmcast
own_vmcast_path             = %(archipel_folder_data)s/vmcasts/

# interval in second to refresh the content of the cast
own_vmcast_refresh_interval = 60

# supported disk extensions, separated by ";" containing the "."
# for example .qcow;.qcow2
disks_extensions            = .qcow2;.qcow;.img;.iso


#
# iPhone Notification module configuration
#
[IPHONENOTIFICATION]

# put the credentials of users that will receive push notification right from your iPhone
# Credentials can be found at https://www.appnotifications.com/account/rest_api
# application can be buy at http://2apn.com/
# separate keys with double coma ",,"
credentials_key             = YOUR CRED HERE


#
# OOM module configuration
#
[OOMKILLER]

# the sqlite3 db file to store OOM prevention informations
database                    = %(archipel_folder_lib)s/oom.sqlite3


#
# Scheduler module configuration
#
[SCHEDULER]

# the sqlite3 db file to store scheduler informations
database                    = %(archipel_folder_lib)s/scheduler.sqlite3


#
# XMPP Server module configuration
# This module needs to have two ejabberd modules :
#   - mod_admin_extra
#   - ejabberd_xmlrpc
#
[XMPPSERVER]

# the ejabberd XMLRPC server host
xmlrpc_host         = %(xmpp_server)s

# the ejabberd XMLRPC server port
xmlrpc_port         = 4560

# the ejabberd XMLRPC server admin account
xmlrpc_user         = admin

# the ejabberd XMLRPC server admin password
xmlrpc_password     = password

## ejabberd.cfg
%%%
%%%               ejabberd configuration file
%%%

%%% The parameters used in this configuration file are explained in more detail
%%% in the ejabberd Installation and Operation Guide.
%%% Please consult the Guide in case of doubts, it is included in
%%% your copy of ejabberd, and is also available online at
%%% http://www.process-one.net/en/ejabberd/docs/

%%% This configuration file contains Erlang terms.
%%% In case you want to understand the syntax, here are the concepts:
%%%
%%%  - The character to comment a line is %
%%%
%%%  - Each term ends in a dot, for example:
%%%      override_global.
%%%
%%%  - A tuple has a fixed definition, its elements are
%%%    enclosed in {}, and separated with commas:
%%%      {loglevel, 4}.
%%%
%%%  - A list can have as many elements as you want,
%%%    and is enclosed in [], for example:
%%%      [http_poll, web_admin, tls]
%%%
%%%  - A keyword of ejabberd is a word in lowercase.
%%%    The strings are enclosed in "" and can have spaces, dots...
%%%      {language, "en"}.
%%%      {ldap_jab.n, "dc=example,dc=com"}.
%%%
%%%  - This term includes a tuple, a keyword, a list and two strings:
%%%      {hosts, ["jabber.example.net", "im.example.com"]}.
%%%


%%%   =======================
%%%   OVERRIDE STORED OPTIONS

%%
%% loglevel: Verbosity of log files generated by ejabberd.
%% 0: No ejabberd log at all (not recommended)
%% 1: Critical
%% 2: Error
%% 3: Warning
%% 4: Info
%% 5: Debug
%%
{loglevel, 3}.

%%%   ================
%%%   SERVED HOSTNAMES

%%
%% hosts: Domains served by ejabberd.
%% You can define one or several, for example:
%% {hosts, ["example.net", "example.com", "example.org"]}.
%%
{hosts, ["FQDN"]}.

%%
%% route_subdomains: Delegate subdomains to other Jabber server.
%% For example, if this ejabberd serves example.org and you want
%% to allow communication with a Jabber server called im.example.org.
%%
{route_subdomains, s2s}.

%%%   ===============
%%%   LISTENING PORTS

%%
%% listen: Which ports will ejabberd listen, which service handles it
%% and what options to start it with.
%%
{listen,
 [
  {4560, ejabberd_xmlrpc, []},

  {5222, ejabberd_c2s, [
            starttls, {certfile, "/etc/ssl/cert/server.pem"},
            {access, c2s},
            {max_stanza_size, 65536000}
               ]},
  {5269, ejabberd_s2s_in, [
               {max_stanza_size, 65536000}

              ]},
  {5280, ejabberd_http, [
             http_bind,
             http_poll,
             web_admin
            ]}

 ]}.

%%
%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
%% Allowed values are: true or false.
%% You must specify a certificate file.
%%
{s2s_use_starttls, true}.

%%
%% S2S whitelist or blacklist
%%
%% Default s2s policy for undefined hosts.
%%
{s2s_default_policy, allow}.

%%
%% Allow or deny communication with specific servers.
%%
%%{{s2s_host, "goodhost.org"}, allow}.
%%{{s2s_host, "badhost.org"}, deny}.


%%%   ==============
%%%   AUTHENTICATION

%%
%% auth_method: Method used to authenticate the users.
%% The default method is the internal.
%% If you want to use a different method,
%% comment this line and enable the correct ones.
%%
{auth_method, internal}.


%%%   ===============
%%%   TRAFFIC SHAPERS

%%
%% The "normal" shaper limits traffic speed to 1.000 B/s
%%
{shaper, normal, {maxrate, 1000}}.

%%
%% The "fast" shaper limits traffic speed to 50.000 B/s
%%
{shaper, fast, {maxrate, 50000}}.


%%%   ====================
%%%   ACCESS CONTROL LISTS

%%
%% The 'admin' ACL grants administrative privileges to Jabber accounts.
%% You can put as many accounts as you want.
%%
{acl, admin, {user, "admin", "FQDN"}}.

%%
%% Local users: don't modify this line.
%%
{acl, local, {user_regexp, ""}}.

%%%   ============
%%%   ACCESS RULES

%% Define the maximum number of time a single user is allowed to connect:
{access, max_user_sessions, [{10, all}]}.

%% This rule allows access only for local users:
{access, local, [{allow, local}]}.

%% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
           {allow, all}]}.

%% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
              {normal, all}]}.

%% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.

%% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.

%% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.

%% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.

%% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.
{access, muc_create, [{allow, local}]}.

%% Everybody can create pubsub nodes
{access, pubsub_createnode, [{allow, all}]}.


%%%   ================
%%%   DEFAULT LANGUAGE

%%
%% language: Default language used for server messages.
%%
{language, "en"}.


%%%   =======
%%%   REGISTRATION

%% In-band registration
{access, register, [{allow, all}]}.

%% In-band registration interval (needs to be not restricted to allow to create rapidly VM)
{registration_timeout, infinity}.

%%%   =======
%%%   MODULES

%%
%% Modules enabled in all ejabberd virtual hosts.
%%
{modules,
 [
  {mod_adhoc,    []},
  {mod_announce, [{access, announce}]}, % requires mod_adhoc
  {mod_caps,     []},
  {mod_configure,[]},
  {mod_disco,    []},
  {mod_http_bind,[]},
  {mod_irc,      []},
  {mod_last,     []},
  {mod_muc,      [
          {access, muc},
          {access_create, muc_create},
          {access_persistent, muc_create},
          {access_admin, muc_admin}
         ]},
  {mod_offline,  []},
  {mod_privacy,  []},
  {mod_private,  []},
  {mod_pubsub,   [ % requires mod_caps
          {access_createnode, pubsub_createnode},
          {ignore_pep_from_offline, true},
          {last_item_cache, false},
          {plugins, ["flat", "hometree", "pep"]},
          {max_items_node, 1000}
         ]},
  {mod_register, [
          {access, register}
         ]},
  {mod_roster,   []},
  {mod_shared_roster,[]},
  {mod_time,     []},
  {mod_vcard,    []},
  {mod_version,  []},
  {mod_admin_extra, []}
 ]}.

## logfile
INFO    ::2011-02-09 22:55:30::__init__.py:80::TNArchipelHypervisor.check_acp (hypervisor@host/hostname)::acp received: from: admin@host/ArchipelController, type: get, namespace: archipel:hypervisor:health, action: logs
INFO    ::2011-02-09 22:55:31::__init__.py:80::TNArchipelHypervisor.check_perm (hypervisor@host/hostname)::checking permission for action health_logs asked by admin@host/ArchipelController
INFO    ::2011-02-09 22:55:31::__init__.py:80::TNArchipelHypervisor.check_acp (hypervisor@host/hostname)::acp received: from: admin@host/ArchipelController, type: get, namespace: archipel:hypervisor:health, action: info
INFO    ::2011-02-09 22:55:31::__init__.py:80::TNArchipelHypervisor.check_perm (hypervisor@host/hostname)::checking permission for action health_info asked by admin@host/ArchipelController
DEBUG   ::2011-02-09 22:55:31::archipelStatsCollector.py:91::Retrieving last 1 recorded stats data for sending
INFO    ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.connect_xmpp (uuid@host/hypervisor)::sucessfully connected
INFO    ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.auth_xmpp (uuid@host/hypervisor)::trying to authentify the client
INFO    ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.auth_xmpp (uuid@host/hypervisor)::sucessfully authenticated
INFO    ::2011-02-09 22:55:33::pubsub.py:175::PUBSUB: pubsub node /archipel/uuid@host/events has been configured
INFO    ::2011-02-09 22:55:33::pubsub.py:175::PUBSUB: pubsub node /archipel/uuid@host/logs has been configured
INFO    ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.register_handler (uuid@host/hypervisor)::handlers registred
INFO    ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.get_vcard (uuid@host/hypervisor)::asking for own vCard
DEBUG   ::2011-02-09 22:55:33::__init__.py:78::TNArchipelVirtualMachine.perform_all_registered_auth_actions (uuid@host/hypervisor)::going to perform action to perform on auth: [{'persistant': True, 'args': None, 'name': 'manage_trigger_persistance'}, {'persistant': True, 'args': None, 'name': 'connect_domain'}, {'persistant': True, 'args': [], 'name': 'set_vcard'}, {'persistant': False, 'args': <xmpp.protocol.JID instance at 0x1bdcf38>, 'name': 'add_jid'}]
DEBUG   ::2011-02-09 22:55:33::__init__.py:78::TNArchipelVirtualMachine.perform_all_registered_auth_actions (uuid@host/hypervisor)::performing action {'persistant': True, 'args': None, 'name': 'manage_trigger_persistance'}
INFO    ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.manage_trigger_persistance (uuid@host/hypervisor)::populating trigger database if not exists
INFO    ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.manage_trigger_persistance (uuid@host/hypervisor)::recovring trigger libvirt_run
INFO    ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.process_presence (uuid@host/hypervisor)::presence stanza received from uuid@host/hypervisor: None
INFO    ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.did_receive_vcard (uuid@host/hypervisor)::own vcard retrieved
INFO    ::2011-02-09 22:55:33::pubsub.py:175::PUBSUB: pubsub node /archipel/trigger/uuid@host/libvirt_run has been configured
DEBUG   ::2011-02-09 22:55:33::__init__.py:78::TNArchipelVirtualMachine.perform_all_registered_auth_actions (uuid@host/hypervisor)::performing action {'persistant': True, 'args': None, 'name': 'connect_domain'}
ERROR   ::2011-02-09 22:55:33::__init__.py:84::TNArchipelVirtualMachine.connect_domain (uuid@host/hypervisor)::can't connect to libvirt : Domain not found: no domain with matching uuid 'uuid'
INFO    ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.change_presence (uuid@host/hypervisor)::status change: Not defined show:xa
DEBUG   ::2011-02-09 22:55:33::__init__.py:78::TNArchipelVirtualMachine.perform_all_registered_auth_actions (uuid@host/hypervisor)::performing action {'persistant': True, 'args': [], 'name': 'set_vcard'}
INFO    ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.set_vcard (uuid@host/hypervisor)::vcard making started
ERROR   ::2011-02-09 22:55:33::__init__.py:84::TNArchipelVirtualMachine.loop (uuid@host/hypervisor)::LOOP EXCEPTION : Disconnected from server. Trying to reconnect in 5 five seconds
ERROR   ::2011-02-09 22:55:33::__init__.py:84::TNArchipelVirtualMachine.loop (uuid@host/hypervisor)::TRACEBACK: [('/usr/lib/python2.6/threading.py', 504, '__bootstrap', 'self.__bootstrap_inner()'), ('/usr/lib/python2.6/threading.py', 532, '__bootstrap_inner', 'self.run()'), ('/usr/local/lib/python2.6/dist-packages/archipel_agent-1.0.8beta-py2.6.egg/archipel/core/archipelHypervisor.py', 84, 'run', 'self.xmppvm.loop()'), ('/usr/local/lib/python2.6/dist-packages/archipel_agent-1.0.8beta-py2.6.egg/archipel/core/archipelEntity.py', 1359, 'loop', 'self.log.error("TRACEBACK: %s" % traceback.extract_stack())')]
	#
	# archipel.conf
	#
	# Copyright (C) 2010 Antoine Mercadal <antoine.mercadal@inframonde.eu>
	# This program is free software: you can redistribute it and/or modify
	# it under the terms of the GNU Affero General Public License as
	# published by the Free Software Foundation, either version 3 of the
	# License, or (at your option) any later version.
	#
	# This program is distributed in the hope that it will be useful,
	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	# GNU Affero General Public License for more details.
	#
	# You should have received a copy of the GNU Affero General Public License
	# along with this program. If not, see <http://www.gnu.org/licenses/>.



	###############################################################################
	###############################################################################



	#
	# General configuration. You should just need to edit these values
	#
	[DEFAULT]

	# the default XMPP server to user
	xmpp_server = FQDN_EJABBERD_SERVER

	# archipel's data folder
	archipel_folder_lib = /var/lib/archipel/

	# this UUID will be used to identify the hypervisor
	# internally. It MUST be different foreach one over
	# your platform. You can generate a new one using
	# uuidgen command
	archipel_general_uuid = a933cf21-d64a-3f9b-929e-449ac88fc353

	# the base working folder, where virtual machine related
	# stuff will be stored
	archipel_folder_data = /vm/



	###############################################################################
	###############################################################################



	#
	# This is the main configuration parameters
	#
	[GLOBAL]

	# jid of the xmpp pubsub server
	xmpp_pubsub_server = pubsub.%(xmpp_server)s

	# jid of the root administrator
	archipel_root_admin = admin@%(xmpp_server)s

	# the ip of this machine. It can be :
	# - auto : the IP if found using a Internet request.
	# - X.X.X.X : manual ip
	machine_ip = auto

	# if set to True, XMPP layer uses avatars
	use_avatar = True

	# Folder of the avatars
	machine_avatar_directory = %(archipel_folder_lib)s/avatars

	# the uri of hypervisor
	libvirt_uri = qemu:///system



	#
	# The hypervisor configuration
	#
	[HYPERVISOR]

	# the JID of this hypervisor.
	# If this account not exists, it will be created on the fly
	hypervisor_xmpp_jid = hypervisor@%(xmpp_server)s

	# the XMPP password of this hypervisor
	hypervisor_xmpp_password = password

	# the vCard name of hypervisor. if set to "auto"
	# the hostname is used
	hypervisor_name = auto

	# the sqlite3 db file to store hypervirso informations
	hypervisor_database_path = %(archipel_folder_lib)s/hypervisor.sqlite3

	# the default avatar to use for hypervisor, relative to
	# GLOBAL:machine_avatar_directory and if GLOBAL:use_avatar is set to True
	hypervisor_default_avatar = defaulthypervisor.png

	# the file contaning auto generated names for virtual machine creation
	# must be a text file containing one name per line
	name_generation_file = %(archipel_folder_lib)s/names.txt

	# the database file for storing permissions (full path required)
	hypervisor_permissions_database_path = %(archipel_folder_lib)s/permissions.sqlite3



	#
	# The virtual machines configuration
	#
	[VIRTUALMACHINE]

	# the base folder to use to store virtual machine's own
	# informations (drives, etc...)
	vm_base_path = %(archipel_folder_data)s/drives

	# the default avatar to use for virtual machine, relative to
	# GLOBAL:machine_avatar_directory and if GLOBAL:use_avatar is set to True
	vm_default_avatar = defaultvm.png

	# the size of the random generated XMPP password
	xmpp_password_size = 32

	# the maximum lifetime of a lock (in seconds)
	maximum_lock_time = 1

	# use this certificate fail for VNC screen connection.
	# For unsecure connection, use "None". To quickly generate a certificate:
	# openssl req -new -x509 -days 365 -nodes -out vnc.pem -keyout vnc.pem
	vnc_certificate_file = /etc/ssl/cert/server.pem

	# if set to True, vnc server will not accept any non secure connection
	vnc_only_ssl = True

	# the database file for storing permissions (relative path required)
	vm_permissions_database_path = /permissions.sqlite3



	#
	# Logging configuration
	#
	[LOGGING]

	# minimal log level. it can be in order:
	# - debug
	# - info
	# - warning
	# - error
	# - critical
	logging_level = debug

	# max life time of a log node in the pubsub
	log_pubsub_item_expire = 3600

	# max number of stored log in the pubsub log node
	log_pubsub_max_items = 1000

	# the path of file to store logs
	logging_file_path = /var/log/archipel/archipel.log

	# max size in bytes of a log file before rotation
	logging_max_bytes = 5000000

	# number of log backup file to keep
	logging_backup_count = 5

	# the date format to use in log file.
	# See http://docs.python.org/library/logging.html#formatter-objects
	logging_date_format = %Y-%m-%d %H:%M:%S

	# the date format to use in log file.
	# See http://docs.python.org/library/datetime.html?highlight=date#strftime-and-strptime-behavior
	logging_formatter = %(levelname)s::%(asctime)s::%(filename)s:%(lineno)s::%(message)s



	#
	# This allows to choose wich modules to load.
	# the name of the parameter is the name the module dir.
	# If the value is set to True, the module will be loaded
	#
	[MODULES]

	hypervisor_health = True
	hypervisor_network = True
	vm_media_management = True
	geolocalization = True
	vmcasting = True
	snapshoting = True
	oom_killer = True
	actions_scheduler = True
	xmppserver = True
	iphone_appnotification = False



	###############################################################################
	# MODULES CONFIGURATION #
	###############################################################################



	#
	# HypervisorHealth module configuration
	#
	[HEALTH]

	# the sqlite3 db file to store health informations
	health_database_path = %(archipel_folder_lib)s/statscollection.sqlite3

	# data collection interval in seconds
	health_collection_interval = 5

	# max datarow to store in number of data collection
	# (5s * 50000collections ~ 70 hours)
	max_rows_before_purge = 50000

	# number of row to store memory before saving into database
	max_cached_rows = 200



	#
	# Medias module configuration
	#
	[MEDIAS]

	# the filesystem path to the shared ISO file usable
	# by virtual machines
	iso_base_path = %(archipel_folder_data)s/iso



	#
	# Geolocalization module configuration
	#
	[GEOLOCALIZATION]

	# set the way the hypervisor localize itself.
	# can be "manual" or "auto"
	localization_mode = auto

	# manual latitude
	# ignored if localization_mode=auto, mandatory if localization_mode=manual
	localization_latitude = 0.0

	# manual longitude
	# ignored if localization_mode=auto, mandatory if localization_mode=manual
	localization_longitude = 0.0

	# the url of geolocalization service
	# ignored if localization_mode=manual, mandatory if localization_mode=auto
	localization_service_url = ipinfodb.com

	# the query of geolocalization service
	# ignored if localization_mode=manual, mandatory if localization_mode=auto
	localization_service_request = /ip_query.php

	# the HTTP method of geolocalization service
	# ignored if localization_mode=manual, mandatory if localization_mode=auto
	localization_service_method = GET

	# the base XML tag of geolocalization service
	# must contains <latitude> and <longitude> tags
	# ignored if localization_mode=manual, mandatory if localization_mode=auto
	localization_service_response_root_node = Response



	#
	# VMCasting module configuration
	#
	[VMCASTING]

	# the sqlite3 db file to store vmcatsting informations
	vmcasting_database_path = %(archipel_folder_lib)s/vmcasting.sqlite3

	# the folder where downloaded appliances are placed
	repository_path = %(archipel_folder_data)s/repo

	# working path
	temp_path = %(archipel_folder_data)s/tmp

	# the name of vmcast
	own_vmcast_name = Local VM casts of $HOSTAME

	# vmcast description
	own_vmcast_description = This is the own vmcast feed of the hypervisor $HOSTAME

	# hypervisor VMCast UUID (must be unique for entire plateform)
	own_vmcast_uuid = %(archipel_general_uuid)s

	# the url to access the vmcast
	own_vmcast_url = http://127.0.0.1:8088/vmcasts/

	# the file to GET
	own_vmcast_file_name = rss.xml

	# the langage of vmcast
	own_vmcast_lang = en-us

	# file system folder of vmcast
	own_vmcast_path = %(archipel_folder_data)s/vmcasts/

	# interval in second to refresh the content of the cast
	own_vmcast_refresh_interval = 60

	# supported disk extensions, separated by ";" containing the "."
	# for example .qcow;.qcow2
	disks_extensions = .qcow2;.qcow;.img;.iso



	#
	# iPhone Notification module configuration
	#
	[IPHONENOTIFICATION]

	# put the credentials of users that will receive push notification right from your iPhone
	# Credentials can be found at https://www.appnotifications.com/account/rest_api
	# application can be buy at http://2apn.com/
	# separate keys with double coma ",,"
	credentials_key = YOUR CRED HERE



	#
	# OOM module configuration
	#
	[OOMKILLER]

	# the sqlite3 db file to store OOM prevention informations
	database = %(archipel_folder_lib)s/oom.sqlite3



	#
	# Scheduler module configuration
	#
	[SCHEDULER]

	# the sqlite3 db file to store scheduler informations
	database = %(archipel_folder_lib)s/scheduler.sqlite3



	#
	# XMPP Server module configuration
	# This module needs to have two ejabberd modules :
	# - mod_admin_extra
	# - ejabberd_xmlrpc
	#
	[XMPPSERVER]

	# the ejabberd XMLRPC server host
	xmlrpc_host = %(xmpp_server)s

	# the ejabberd XMLRPC server port
	xmlrpc_port = 4560

	# the ejabberd XMLRPC server admin account
	xmlrpc_user = admin

	# the ejabberd XMLRPC server admin password
	xmlrpc_password = password
	%%%
	%%% ejabberd configuration file
	%%%

	%%% The parameters used in this configuration file are explained in more detail
	%%% in the ejabberd Installation and Operation Guide.
	%%% Please consult the Guide in case of doubts, it is included in
	%%% your copy of ejabberd, and is also available online at
	%%% http://www.process-one.net/en/ejabberd/docs/

	%%% This configuration file contains Erlang terms.
	%%% In case you want to understand the syntax, here are the concepts:
	%%%
	%%% - The character to comment a line is %
	%%%
	%%% - Each term ends in a dot, for example:
	%%% override_global.
	%%%
	%%% - A tuple has a fixed definition, its elements are
	%%% enclosed in {}, and separated with commas:
	%%% {loglevel, 4}.
	%%%
	%%% - A list can have as many elements as you want,
	%%% and is enclosed in [], for example:
	%%% [http_poll, web_admin, tls]
	%%%
	%%% - A keyword of ejabberd is a word in lowercase.
	%%% The strings are enclosed in "" and can have spaces, dots...
	%%% {language, "en"}.
	%%% {ldap_jab.n, "dc=example,dc=com"}.
	%%%
	%%% - This term includes a tuple, a keyword, a list and two strings:
	%%% {hosts, ["jabber.example.net", "im.example.com"]}.
	%%%


	%%% =======================
	%%% OVERRIDE STORED OPTIONS

	%%
	%% loglevel: Verbosity of log files generated by ejabberd.
	%% 0: No ejabberd log at all (not recommended)
	%% 1: Critical
	%% 2: Error
	%% 3: Warning
	%% 4: Info
	%% 5: Debug
	%%
	{loglevel, 3}.

	%%% ================
	%%% SERVED HOSTNAMES

	%%
	%% hosts: Domains served by ejabberd.
	%% You can define one or several, for example:
	%% {hosts, ["example.net", "example.com", "example.org"]}.
	%%
	{hosts, ["FQDN"]}.

	%%
	%% route_subdomains: Delegate subdomains to other Jabber server.
	%% For example, if this ejabberd serves example.org and you want
	%% to allow communication with a Jabber server called im.example.org.
	%%
	{route_subdomains, s2s}.

	%%% ===============
	%%% LISTENING PORTS

	%%
	%% listen: Which ports will ejabberd listen, which service handles it
	%% and what options to start it with.
	%%
	{listen,
	[
	{4560, ejabberd_xmlrpc, []},

	{5222, ejabberd_c2s, [
	starttls, {certfile, "/etc/ssl/cert/server.pem"},
	{access, c2s},
	{max_stanza_size, 65536000}
	]},
	{5269, ejabberd_s2s_in, [
	{max_stanza_size, 65536000}

	]},
	{5280, ejabberd_http, [
	http_bind,
	http_poll,
	web_admin
	]}

	]}.

	%%
	%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
	%% Allowed values are: true or false.
	%% You must specify a certificate file.
	%%
	{s2s_use_starttls, true}.

	%%
	%% S2S whitelist or blacklist
	%%
	%% Default s2s policy for undefined hosts.
	%%
	{s2s_default_policy, allow}.

	%%
	%% Allow or deny communication with specific servers.
	%%
	%%{{s2s_host, "goodhost.org"}, allow}.
	%%{{s2s_host, "badhost.org"}, deny}.


	%%% ==============
	%%% AUTHENTICATION

	%%
	%% auth_method: Method used to authenticate the users.
	%% The default method is the internal.
	%% If you want to use a different method,
	%% comment this line and enable the correct ones.
	%%
	{auth_method, internal}.


	%%% ===============
	%%% TRAFFIC SHAPERS

	%%
	%% The "normal" shaper limits traffic speed to 1.000 B/s
	%%
	{shaper, normal, {maxrate, 1000}}.

	%%
	%% The "fast" shaper limits traffic speed to 50.000 B/s
	%%
	{shaper, fast, {maxrate, 50000}}.


	%%% ====================
	%%% ACCESS CONTROL LISTS

	%%
	%% The 'admin' ACL grants administrative privileges to Jabber accounts.
	%% You can put as many accounts as you want.
	%%
	{acl, admin, {user, "admin", "FQDN"}}.

	%%
	%% Local users: don't modify this line.
	%%
	{acl, local, {user_regexp, ""}}.

	%%% ============
	%%% ACCESS RULES

	%% Define the maximum number of time a single user is allowed to connect:
	{access, max_user_sessions, [{10, all}]}.

	%% This rule allows access only for local users:
	{access, local, [{allow, local}]}.

	%% Only non-blocked users can use c2s connections:
	{access, c2s, [{deny, blocked},
	{allow, all}]}.

	%% For all users except admins used "normal" shaper
	{access, c2s_shaper, [{none, admin},
	{normal, all}]}.

	%% For all S2S connections used "fast" shaper
	{access, s2s_shaper, [{fast, all}]}.

	%% Only admins can send announcement messages:
	{access, announce, [{allow, admin}]}.

	%% Only admins can use configuration interface:
	{access, configure, [{allow, admin}]}.

	%% Admins of this server are also admins of MUC service:
	{access, muc_admin, [{allow, admin}]}.

	%% All users are allowed to use MUC service:
	{access, muc, [{allow, all}]}.
	{access, muc_create, [{allow, local}]}.

	%% Everybody can create pubsub nodes
	{access, pubsub_createnode, [{allow, all}]}.


	%%% ================
	%%% DEFAULT LANGUAGE

	%%
	%% language: Default language used for server messages.
	%%
	{language, "en"}.


	%%% =======
	%%% REGISTRATION

	%% In-band registration
	{access, register, [{allow, all}]}.

	%% In-band registration interval (needs to be not restricted to allow to create rapidly VM)
	{registration_timeout, infinity}.

	%%% =======
	%%% MODULES

	%%
	%% Modules enabled in all ejabberd virtual hosts.
	%%
	{modules,
	[
	{mod_adhoc, []},
	{mod_announce, [{access, announce}]}, % requires mod_adhoc
	{mod_caps, []},
	{mod_configure,[]},
	{mod_disco, []},
	{mod_http_bind,[]},
	{mod_irc, []},
	{mod_last, []},
	{mod_muc, [
	{access, muc},
	{access_create, muc_create},
	{access_persistent, muc_create},
	{access_admin, muc_admin}
	]},
	{mod_offline, []},
	{mod_privacy, []},
	{mod_private, []},
	{mod_pubsub, [ % requires mod_caps
	{access_createnode, pubsub_createnode},
	{ignore_pep_from_offline, true},
	{last_item_cache, false},
	{plugins, ["flat", "hometree", "pep"]},
	{max_items_node, 1000}
	]},
	{mod_register, [
	{access, register}
	]},
	{mod_roster, []},
	{mod_shared_roster,[]},
	{mod_time, []},
	{mod_vcard, []},
	{mod_version, []},
	{mod_admin_extra, []}
	]}.
	INFO ::2011-02-09 22:55:30::__init__.py:80::TNArchipelHypervisor.check_acp (hypervisor@host/hostname)::acp received: from: admin@host/ArchipelController, type: get, namespace: archipel:hypervisor:health, action: logs
	INFO ::2011-02-09 22:55:31::__init__.py:80::TNArchipelHypervisor.check_perm (hypervisor@host/hostname)::checking permission for action health_logs asked by admin@host/ArchipelController
	INFO ::2011-02-09 22:55:31::__init__.py:80::TNArchipelHypervisor.check_acp (hypervisor@host/hostname)::acp received: from: admin@host/ArchipelController, type: get, namespace: archipel:hypervisor:health, action: info
	INFO ::2011-02-09 22:55:31::__init__.py:80::TNArchipelHypervisor.check_perm (hypervisor@host/hostname)::checking permission for action health_info asked by admin@host/ArchipelController
	DEBUG ::2011-02-09 22:55:31::archipelStatsCollector.py:91::Retrieving last 1 recorded stats data for sending
	INFO ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.connect_xmpp (uuid@host/hypervisor)::sucessfully connected
	INFO ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.auth_xmpp (uuid@host/hypervisor)::trying to authentify the client
	INFO ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.auth_xmpp (uuid@host/hypervisor)::sucessfully authenticated
	INFO ::2011-02-09 22:55:33::pubsub.py:175::PUBSUB: pubsub node /archipel/uuid@host/events has been configured
	INFO ::2011-02-09 22:55:33::pubsub.py:175::PUBSUB: pubsub node /archipel/uuid@host/logs has been configured
	INFO ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.register_handler (uuid@host/hypervisor)::handlers registred
	INFO ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.get_vcard (uuid@host/hypervisor)::asking for own vCard
	DEBUG ::2011-02-09 22:55:33::__init__.py:78::TNArchipelVirtualMachine.perform_all_registered_auth_actions (uuid@host/hypervisor)::going to perform action to perform on auth: [{'persistant': True, 'args': None, 'name': 'manage_trigger_persistance'}, {'persistant': True, 'args': None, 'name': 'connect_domain'}, {'persistant': True, 'args': [], 'name': 'set_vcard'}, {'persistant': False, 'args': <xmpp.protocol.JID instance at 0x1bdcf38>, 'name': 'add_jid'}]
	DEBUG ::2011-02-09 22:55:33::__init__.py:78::TNArchipelVirtualMachine.perform_all_registered_auth_actions (uuid@host/hypervisor)::performing action {'persistant': True, 'args': None, 'name': 'manage_trigger_persistance'}
	INFO ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.manage_trigger_persistance (uuid@host/hypervisor)::populating trigger database if not exists
	INFO ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.manage_trigger_persistance (uuid@host/hypervisor)::recovring trigger libvirt_run
	INFO ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.process_presence (uuid@host/hypervisor)::presence stanza received from uuid@host/hypervisor: None
	INFO ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.did_receive_vcard (uuid@host/hypervisor)::own vcard retrieved
	INFO ::2011-02-09 22:55:33::pubsub.py:175::PUBSUB: pubsub node /archipel/trigger/uuid@host/libvirt_run has been configured
	DEBUG ::2011-02-09 22:55:33::__init__.py:78::TNArchipelVirtualMachine.perform_all_registered_auth_actions (uuid@host/hypervisor)::performing action {'persistant': True, 'args': None, 'name': 'connect_domain'}
	ERROR ::2011-02-09 22:55:33::__init__.py:84::TNArchipelVirtualMachine.connect_domain (uuid@host/hypervisor)::can't connect to libvirt : Domain not found: no domain with matching uuid 'uuid'
	INFO ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.change_presence (uuid@host/hypervisor)::status change: Not defined show:xa
	DEBUG ::2011-02-09 22:55:33::__init__.py:78::TNArchipelVirtualMachine.perform_all_registered_auth_actions (uuid@host/hypervisor)::performing action {'persistant': True, 'args': [], 'name': 'set_vcard'}
	INFO ::2011-02-09 22:55:33::__init__.py:80::TNArchipelVirtualMachine.set_vcard (uuid@host/hypervisor)::vcard making started
	ERROR ::2011-02-09 22:55:33::__init__.py:84::TNArchipelVirtualMachine.loop (uuid@host/hypervisor)::LOOP EXCEPTION : Disconnected from server. Trying to reconnect in 5 five seconds
	ERROR ::2011-02-09 22:55:33::__init__.py:84::TNArchipelVirtualMachine.loop (uuid@host/hypervisor)::TRACEBACK: [('/usr/lib/python2.6/threading.py', 504, '__bootstrap', 'self.__bootstrap_inner()'), ('/usr/lib/python2.6/threading.py', 532, '__bootstrap_inner', 'self.run()'), ('/usr/local/lib/python2.6/dist-packages/archipel_agent-1.0.8beta-py2.6.egg/archipel/core/archipelHypervisor.py', 84, 'run', 'self.xmppvm.loop()'), ('/usr/local/lib/python2.6/dist-packages/archipel_agent-1.0.8beta-py2.6.egg/archipel/core/archipelEntity.py', 1359, 'loop', 'self.log.error("TRACEBACK: %s" % traceback.extract_stack())')]