From: "Daniel P. Berrange" <berrange@xxxxxxxxxx> Instead of doing # example_config use #example_config so it is possible to programatically uncomment example config options, as distinct from their comment/descriptions Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> --- daemon/libvirtd.conf | 13 +++++----- src/lxc/lxc.conf | 8 +++--- src/qemu/qemu.conf | 66 +++++++++++++++++++++++++------------------------- 3 files changed, 43 insertions(+), 44 deletions(-) diff --git a/daemon/libvirtd.conf b/daemon/libvirtd.conf index 50eda1b..aa3fa2e 100644 --- a/daemon/libvirtd.conf +++ b/daemon/libvirtd.conf @@ -303,10 +303,9 @@ # Multiple filter can be defined in a single @filters, they just need to be # separated by spaces. # -# e.g: -# log_filters="3:remote 4:event" -# to only get warning or errors from the remote layer and only errors from -# the event layer. +# e.g: to only get warning or errors from the remote layer and only errors +# from the event layer +#log_filters="3:remote 4:event" # Logging outputs: # An output is one of the places to save logging information @@ -324,9 +323,9 @@ # 4: ERROR # # Multiple output can be defined, they just need to be separated by spaces. -# e.g.: -# log_outputs="3:syslog:libvirtd" -# to log all warnings and errors to syslog under the libvirtd ident +# e.g. to log all warnings and errors to syslog under the libvirtd ident: +#log_outputs="3:syslog:libvirtd" +# # Log debug buffer size: default 64 # The daemon keeps an internal debug log buffer which will be dumped in case diff --git a/src/lxc/lxc.conf b/src/lxc/lxc.conf index 09dc95f..8df4601 100644 --- a/src/lxc/lxc.conf +++ b/src/lxc/lxc.conf @@ -10,7 +10,7 @@ # # This is disabled by default, uncomment below to enable it. # -# log_with_libvirtd = 1 +#log_with_libvirtd = 1 # The default security driver is SELinux. If SELinux is disabled @@ -19,13 +19,13 @@ # leaving SELinux enabled for the host in general, then set this # to 'none' instead. # -# security_driver = "selinux" +#security_driver = "selinux" # If set to non-zero, then the default security labeling # will make guests confined. If set to zero, then guests # will be unconfined by default. Defaults to 0. -# security_default_confined = 1 +#security_default_confined = 1 # If set to non-zero, then attempts to create unconfined # guests will be blocked. Defaults to 0. -# security_require_confined = 1 +#security_require_confined = 1 diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index cb87728..c78d551 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -9,7 +9,7 @@ # NB, strong recommendation to enable TLS + x509 certificate # verification when allowing public access # -# vnc_listen = "0.0.0.0" +#vnc_listen = "0.0.0.0" # Enable this option to have VNC served over an automatically created # unix socket. This prevents unprivileged access from users on the @@ -19,7 +19,7 @@ # a hardcoded 'listen' or 'socket' value. This setting takes preference # over vnc_listen. # -# vnc_auto_unix_socket = 1 +#vnc_auto_unix_socket = 1 # Enable use of TLS encryption on the VNC server. This requires # a VNC client which supports the VeNCrypt protocol extension. @@ -29,7 +29,7 @@ # It is necessary to setup CA and issue a server certificate # before enabling this. # -# vnc_tls = 1 +#vnc_tls = 1 # Use of TLS requires that x509 certificates be issued. The @@ -42,7 +42,7 @@ # # This option allows the certificate directory to be changed # -# vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" +#vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" # The default TLS configuration only uses certificates for the server @@ -55,7 +55,7 @@ # Enabling this option will reject any client who does not have a # certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem # -# vnc_tls_x509_verify = 1 +#vnc_tls_x509_verify = 1 # The default VNC password. Only 8 letters are significant for @@ -66,7 +66,7 @@ # effectively preventing any use of VNC. Obviously change this # example here before you set this. # -# vnc_password = "XYZ12345" +#vnc_password = "XYZ12345" # Enable use of SASL encryption on the VNC server. This requires @@ -77,7 +77,7 @@ # It is necessary to configure /etc/sasl2/qemu.conf to choose # the desired SASL plugin (eg, GSSPI for Kerberos) # -# vnc_sasl = 1 +#vnc_sasl = 1 # The default SASL configuration file is located in /etc/sasl2/ @@ -85,7 +85,7 @@ # override the configs in this location. Set this parameter to # point to the directory, and create a qemu.conf in that location # -# vnc_sasl_dir = "/some/directory/sasl2" +#vnc_sasl_dir = "/some/directory/sasl2" @@ -96,7 +96,7 @@ # NB, strong recommendation to enable TLS + x509 certificate # verification when allowing public access # -# spice_listen = "0.0.0.0" +#spice_listen = "0.0.0.0" # Enable use of TLS encryption on the SPICE server. @@ -104,7 +104,7 @@ # It is necessary to setup CA and issue a server certificate # before enabling this. # -# spice_tls = 1 +#spice_tls = 1 # Use of TLS requires that x509 certificates be issued. The @@ -117,7 +117,7 @@ # # This option allows the certificate directory to be changed. # -# spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice" +#spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice" # The default SPICE password. This parameter is only used if the @@ -127,7 +127,7 @@ # QEMU, effectively preventing any use of SPICE. Obviously change # this example here before you set this. # -# spice_password = "XYZ12345" +#spice_password = "XYZ12345" # The default security driver is SELinux. If SELinux is disabled @@ -136,16 +136,16 @@ # leaving SELinux enabled for the host in general, then set this # to 'none' instead. # -# security_driver = "selinux" +#security_driver = "selinux" # If set to non-zero, then the default security labeling # will make guests confined. If set to zero, then guests # will be unconfined by default. Defaults to 1. -# security_default_confined = 1 +#security_default_confined = 1 # If set to non-zero, then attempts to create unconfined # guests will be blocked. Defaults to 0. -# security_require_confined = 1 +#security_require_confined = 1 # The user ID for QEMU processes run by the system instance. #user = "root" @@ -178,7 +178,7 @@ # can be mounted in different locations. libvirt will detect # where they are located. # -# cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ] +#cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ] # This is the basic set of devices allowed / required by # all virtual machines. @@ -193,7 +193,7 @@ # "/dev/null", "/dev/full", "/dev/zero", # "/dev/random", "/dev/urandom", # "/dev/ptmx", "/dev/kvm", "/dev/kqemu", -# "/dev/rtc", "/dev/hpet", +# "/dev/rtc","/dev/hpet" #] @@ -215,14 +215,14 @@ # the requested compression program can't be found, this falls # back to "raw" compression. # -# save_image_format = "raw" -# dump_image_format = "raw" +#save_image_format = "raw" +#dump_image_format = "raw" # When a domain is configured to be auto-dumped when libvirtd receives a # watchdog event from qemu guest, libvirtd will save dump files in directory # specified by auto_dump_path. Default value is /var/lib/libvirt/qemu/dump # -# auto_dump_path = "/var/lib/libvirt/qemu/dump" +#auto_dump_path = "/var/lib/libvirt/qemu/dump" # When a domain is configured to be auto-dumped, enabling this flag # has the same effect as using the VIR_DUMP_BYPASS_CACHE flag with the @@ -230,7 +230,7 @@ # file system cache while writing the dump file, but may cause # slower operation. # -# auto_dump_bypass_cache = 0 +#auto_dump_bypass_cache = 0 # When a domain is configured to be auto-started, enabling this flag # has the same effect as using the VIR_DOMAIN_START_BYPASS_CACHE flag @@ -238,7 +238,7 @@ # avoid using the file system cache when restoring any managed state # file, but may cause slower operation. # -# auto_start_bypass_cache = 0 +#auto_start_bypass_cache = 0 # If provided by the host and a hugetlbfs mount point is configured, # a guest may request huge page backing. When this mount point is @@ -250,20 +250,20 @@ # NB, within this mount point, guests will create memory backing files # in a location of $MOUNTPOINT/libvirt/qemu # -# hugetlbfs_mount = "/dev/hugepages" +#hugetlbfs_mount = "/dev/hugepages" # mac_filter enables MAC addressed based filtering on bridge ports. # This currently requires ebtables to be installed. # -# mac_filter = 1 +#mac_filter = 1 # By default, PCI devices below non-ACS switch are not allowed to be assigned # to guests. By setting relaxed_acs_check to 1 such devices will be allowed to # be assigned to guests. # -# relaxed_acs_check = 1 +#relaxed_acs_check = 1 # QEMU implements an extension for providing audio over a VNC connection, @@ -273,7 +273,7 @@ # permissions issues. Enabling this option will make libvirtd honor the # QEMU_AUDIO_DRV environment variable when using VNC. # -# vnc_allow_host_audio = 0 +#vnc_allow_host_audio = 0 # If clear_emulator_capabilities is enabled, libvirt will drop all @@ -283,7 +283,7 @@ # Warning: Disabling this option means that a compromised guest can # exploit the privileges and possibly do damage to the host. # -# clear_emulator_capabilities = 1 +#clear_emulator_capabilities = 1 # If allow_disk_format_probing is enabled, libvirt will probe disk @@ -295,7 +295,7 @@ # guest XML <disk> elements to include <driver type='XXXX'/> # elements instead of enabling this option. # -# allow_disk_format_probing = 1 +#allow_disk_format_probing = 1 # If enabled, libvirt will have QEMU set its process name to @@ -305,7 +305,7 @@ # its process title, so the complete QEMU command (emulator and # its arguments) appear in process listings. # -# set_process_name = 1 +#set_process_name = 1 # If max_processes is set to a positive integer, libvirt will use @@ -314,21 +314,21 @@ # The same applies to max_files which sets the limit on the maximum # number of opened files. # -# max_processes = 0 -# max_files = 0 +#max_processes = 0 +#max_files = 0 # To enable 'Sanlock' project based locking of the file # content (to prevent two VMs writing to the same # disk), uncomment this # -# lock_manager = "sanlock" +#lock_manager = "sanlock" # Set limit of maximum APIs queued on one domain. All other APIs # over this threshold will fail on acquiring job lock. Specially, # setting to zero turns this feature off. # Note, that job lock is per domain. # -# max_queued = 0 +#max_queued = 0 ################################################################### # Keepalive protocol: -- 1.7.10.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list