http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/f42520a5/en-US/prepare-linux-template.xml ---------------------------------------------------------------------- diff --git a/en-US/prepare-linux-template.xml b/en-US/prepare-linux-template.xml deleted file mode 100755 index 84c2cde..0000000 --- a/en-US/prepare-linux-template.xml +++ /dev/null @@ -1,190 +0,0 @@ -<?xml version='1.0' encoding='utf-8' ?> -<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ -<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> -%BOOK_ENTITIES; -]> - -<!-- Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<section id="prepare-linux-template"> - <title>System preparation for Linux</title> - <para>The following steps will prepare a basic Linux installation for templating.</para> - - <orderedlist> - <listitem> - <para><emphasis role="bold">Installation</emphasis></para> - <para>It is good practice to name your VM something generic during installation, this will ensure components such as LVM do not appear unique to a machine. It is recommended that the name of "localhost" is used for installation.</para> - <warning><para>For CentOS, it is necessary to take unique identification out of the interface configuration file, for this edit /etc/sysconfig/network-scripts/ifcfg-eth0 and change the content to the following.</para> - <programlisting> - DEVICE=eth0 - TYPE=Ethernet - BOOTPROTO=dhcp - ONBOOT=yes - </programlisting> - </warning> - <para>The next steps updates the packages on the Template Master.</para> - <itemizedlist> - <listitem> - <para>Ubuntu</para> - <programlisting> - sudo -i - apt-get update - apt-get upgrade -y - apt-get install -y acpid ntp - reboot - </programlisting> - </listitem> - <listitem> - <para>CentOS</para> - <programlisting> - ifup eth0 - yum update -y - reboot - </programlisting> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para><emphasis role="bold">Password management</emphasis></para> - <note><para>If preferred, custom users (such as ones created during the Ubuntu installation) should be removed. First ensure the root user account is enabled by giving it a password and then login as root to continue.</para> - <programlisting> - sudo passwd root - logout - </programlisting> - <para>As root, remove any custom user accounts created during the installation process.</para> - <programlisting> - deluser myuser --remove-home - </programlisting> - </note> - <para>See <xref linkend="add-password-management-to-templates"/> for instructions to setup the password management script, this will allow &PRODUCT; to change your root password from the web interface.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Hostname Management</emphasis></para> - <para>CentOS configures the hostname by default on boot. Unfortunately Ubuntu does not have this functionality, for Ubuntu installations use the following steps.</para> - <itemizedlist> - <listitem> - <para>Ubuntu</para> - <para>The hostname of a Templated VM is set by a custom script in /etc/dhcp/dhclient-exit-hooks.d, this script first checks if the current hostname is localhost, if true, it will get the host-name, domain-name and fixed-ip from the DHCP lease file and use those values to set the hostname and append the /etc/hosts file for local hostname resolution. Once this script, or a user has changed the hostname from localhost, it will no longer adjust system files regardless of it's new hostname. The script also recreates openssh-server keys, which should have been deleted before templating (shown below). Save the following script to /etc/dhcp/dhclient-exit-hooks.d/sethostname, and adjust the permissions. - </para> - <programlisting> - #!/bin/sh - # dhclient change hostname script for Ubuntu - oldhostname=$(hostname -s) - if [ $oldhostname = 'localhost' ] - then - sleep 10 # Wait for configuration to be written to disk - hostname=$(cat /var/lib/dhcp/dhclient.eth0.leases | awk ' /host-name/ { host = $3 } END { printf host } ' | sed 's/[";]//g' ) - fqdn="$hostname.$(cat /var/lib/dhcp/dhclient.eth0.leases | awk ' /domain-name/ { domain = $3 } END { printf domain } ' | sed 's/[";]//g')" - ip=$(cat /var/lib/dhcp/dhclient.eth0.leases | awk ' /fixed-address/ { lease = $2 } END { printf lease } ' | sed 's/[";]//g') - echo "cloudstack-hostname: Hostname _localhost_ detected. Changing hostname and adding hosts." - echo " Hostname: $hostname \n FQDN: $fqdn \n IP: $ip" - # Update /etc/hosts - awk -v i="$ip" -v f="$fqdn" -v h="$hostname" "/^127/{x=1} !/^127/ && x { x=0; print i,f,h; } { print $0; }" /etc/hosts > /etc/hosts.dhcp.tmp - mv /etc/hosts /etc/hosts.dhcp.bak - mv /etc/hosts.dhcp.tmp /etc/hosts - # Rename Host - echo $hostname > /etc/hostname - hostname $hostname - # Recreate SSH2 - dpkg-reconfig openssh-server - fi - ### End of Script ### - - chmod 774 /etc/dhcp/dhclient-exit-hooks.d/sethostname - </programlisting> - </listitem> - </itemizedlist> - - <warning><para>The following steps should be run when you are ready to template your Template Master. If the Template Master is rebooted during these steps you will have to run all the steps again. At the end of this process the Template Master should be shutdown and the template created in order to create and deploy the final template.</para></warning> - </listitem> - <listitem> - <para><emphasis role="bold">Remove the udev persistent device rules</emphasis></para> - <para>This step removes information unique to your Template Master such as network MAC addresses, lease files and CD block devices, the files are automatically generated on next boot.</para> - <itemizedlist> - <listitem> - <para>Ubuntu</para> - <programlisting> - rm -f /etc/udev/rules.d/70* - rm -f /var/lib/dhcp/dhclient.* - </programlisting> - </listitem> - <listitem> - <para>CentOS</para> - <programlisting> - rm -f /etc/udev/rules.d/70* - rm -f /var/lib/dhclient/* - </programlisting> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para><emphasis role="bold">Remove SSH Keys</emphasis></para> - <para>This step is to ensure all your Templated VMs do not have the same SSH keys, which would decrease the security of the machines dramatically.</para> - <programlisting> - rm -f /etc/ssh/*key* - </programlisting> - </listitem> - <listitem> - <para><emphasis role="bold">Cleaning log files</emphasis></para> - <para>It is good practice to remove old logs from the Template Master.</para> - <programlisting> - cat /dev/null > /var/log/audit/audit.log 2>/dev/null - cat /dev/null > /var/log/wtmp 2>/dev/null - logrotate -f /etc/logrotate.conf 2>/dev/null - rm -f /var/log/*-* /var/log/*.gz 2>/dev/null - </programlisting> - </listitem> - <listitem> - <para><emphasis role="bold">Setting hostname</emphasis></para> - <para>In order for the Ubuntu DHCP script to function and the CentOS dhclient to set the VM hostname they both require the Template Master's hostname to be "localhost", run the following commands to change the hostname.</para> - <programlisting> - hostname localhost - echo "localhost" > /etc/hostname - </programlisting> - </listitem> - <listitem> - <para><emphasis role="bold">Set user password to expire</emphasis></para> - <para>This step forces the user to change the password of the VM after the template has been deployed.</para> - <programlisting> - passwd --expire root - </programlisting> - </listitem> - <listitem> - <para><emphasis role="bold">Clearing User History</emphasis></para> - <para>The next step clears the bash commands you have just run.</para> - <programlisting> - history -c - unset HISTFILE - </programlisting> - </listitem> - <listitem> - <para><emphasis role="bold">Shutdown the VM</emphasis></para> - <para>Your now ready to shutdown your Template Master and create a template!</para> - <programlisting> - halt -p - </programlisting> - </listitem> - <listitem> - <para><emphasis role="bold">Create the template!</emphasis></para> - <para>You are now ready to create the template, for more information see <xref linkend="create-template-from-existing-vm"/>.</para> - </listitem> - </orderedlist> - <note><para>Templated VMs for both Ubuntu and CentOS may require a reboot after provisioning in order to pickup the hostname.</para></note> - - -</section>
http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/f42520a5/en-US/prepare-system-vm-template.xml ---------------------------------------------------------------------- diff --git a/en-US/prepare-system-vm-template.xml b/en-US/prepare-system-vm-template.xml deleted file mode 100644 index 37a151a..0000000 --- a/en-US/prepare-system-vm-template.xml +++ /dev/null @@ -1,79 +0,0 @@ -<?xml version='1.0' encoding='utf-8' ?> -<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ -<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> -%BOOK_ENTITIES; -]> - -<!-- Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<section id="prepare-system-vm-template"> - <title>Prepare the System VM Template</title> - <para>Secondary storage must be seeded with a template that is used for &PRODUCT; system VMs. - Citrix provides you with the necessary binary package of the system VM.</para> - <note> - <para>When copying and pasting a command, ensure that the command has pasted as a single line - before executing. Some document viewers may introduce unwanted line breaks in copied - text.</para> - </note> - <orderedlist> - <listitem> - <para>If you are using a separate NFS server, mount the secondary storage on your Management - Server. Replace the example NFS server name and NFS share paths below with your own.</para> - <programlisting># mount -t nfs nfsservername:/nfs/share/secondary /mnt/secondary</programlisting> - <para>If your secondary storage mount point is not named /mnt/secondary, substitute your own - mount point name.</para> - </listitem> - <listitem> - <para>On the Management Server, run one or more of the following cloud-install-sys-tmplt - commands to retrieve and decompress the system VM template. Run the command for each - hypervisor type that you expect end users to run in this Zone.</para> - <para>If you set the &PRODUCT; database encryption type to "web" when you set up the database, - you must now add the parameter -s <management-server-secret-key>. See <xref - linkend="about-password-encryption"/>.</para> - <para>This process will require approximately 5 GB of free space on the local file system and - up to 30 minutes each time it runs.</para> - <itemizedlist> - <listitem> - <para>For XenServer:</para> - <programlisting># /usr/lib64/cloud/common/scripts/storage/secondary/cloud-install-sys-tmplt -m /mnt/secondary -u http://download.cloud.com/templates/4.2/systemvmtemplate-2013-07-12-master-xen.vhd.bz2 -h xenserver -s <optional-management-server-secret-key> -F</programlisting> - </listitem> - <listitem> - <para>For vSphere:</para> - <programlisting># /usr/lib64/cloud/common/scripts/storage/secondary/cloud-install-sys-tmplt -m /mnt/secondary -u http://download.cloud.com/templates/4.2/systemvmtemplate-4.2-vh7.ova -h vmware -s <optional-management-server-secret-key> -F</programlisting> - </listitem> - <listitem> - <para>For KVM:</para> - <programlisting># /usr/lib64/cloud/common/scripts/storage/secondary/cloud-install-sys-tmplt -m /mnt/secondary -u http://download.cloud.com/templates/4.2/systemvmtemplate-2013-06-12-master-kvm.qcow2.bz2 -h kvm -s <optional-management-server-secret-key> -F</programlisting> - </listitem> - <listitem> - <para>For LXC:</para> - <programlisting># /usr/lib64/cloud/common/scripts/storage/secondary/cloud-install-sys-tmplt -m /mnt/secondary -u http://download.cloud.com/templates/acton/acton-systemvm-02062012.qcow2.bz2 -h lxc -s <optional-management-server-secret-key> -F</programlisting> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para>When the script has finished, unmount secondary storage and remove the created - directory.</para> - <programlisting># umount /mnt/secondary -# rmdir /mnt/secondary</programlisting> - </listitem> - <listitem> - <para>Repeat these steps for each secondary storage server.</para> - </listitem> - </orderedlist> -</section> http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/f42520a5/en-US/primary-storage-add.xml ---------------------------------------------------------------------- diff --git a/en-US/primary-storage-add.xml b/en-US/primary-storage-add.xml deleted file mode 100644 index ccf3d47..0000000 --- a/en-US/primary-storage-add.xml +++ /dev/null @@ -1,284 +0,0 @@ -<?xml version='1.0' encoding='utf-8' ?> -<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ -<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> -%BOOK_ENTITIES; -]> - -<!-- Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<section id="primary-storage-add"> - <title>Add Primary Storage</title> - <section id="sys-require-primary-storage"> - <title>System Requirements for Primary Storage</title> - <para>Hardware requirements:</para> - <itemizedlist> - <listitem> - <para>Any standards-compliant iSCSI, SMB, or NFS server that is supported by the underlying - hypervisor.</para> - </listitem> - <listitem> - <para>The storage server should be a machine with a large number of disks. The disks should - ideally be managed by a hardware RAID controller.</para> - </listitem> - <listitem> - <para>Minimum required capacity depends on your needs.</para> - </listitem> - </itemizedlist> - <para>When setting up primary storage, follow these restrictions:</para> - <itemizedlist> - <listitem> - <para>Primary storage cannot be added until a host has been added to the cluster.</para> - </listitem> - <listitem> - <para>If you do not provision shared primary storage, you must set the global configuration - parameter system.vm.local.storage.required to true, or else you will not be able to start - VMs.</para> - </listitem> - </itemizedlist> - </section> - <section id="adding-primary-storage"> - <title>Adding Primary Storage</title> - <para>When you create a new zone, the first primary storage is added as part of that procedure. - You can add primary storage servers at any time, such as when adding a new cluster or adding - more servers to an existing cluster.</para> - <warning> - <para>When using preallocated storage for primary storage, be sure there is nothing on the - storage (ex. you have an empty SAN volume or an empty NFS share). Adding the storage to - &PRODUCT; will destroy any existing data.</para> - </warning> - <para></para> - <note> - <para>Primary storage can also be added at the zone level through the &PRODUCT; API (adding - zone-level primary storage is not yet supported through the &PRODUCT; UI).</para> - <para>Once primary storage has been added at the zone level, it can be managed through the - &PRODUCT; UI.</para> - </note> - <para></para> - <orderedlist> - <listitem> - <para>Log in to the &PRODUCT; UI (see <xref linkend="log-in"/>).</para> - </listitem> - <listitem> - <para>In the left navigation, choose Infrastructure. In Zones, click View More, then click - the zone in which you want to add the primary storage.</para> - </listitem> - <listitem> - <para>Click the Compute tab.</para> - </listitem> - <listitem> - <para>In the Primary Storage node of the diagram, click View All.</para> - </listitem> - <listitem> - <para>Click Add Primary Storage.</para> - </listitem> - <listitem> - <para>Provide the following information in the dialog. The information required varies - depending on your choice in Protocol.</para> - <itemizedlist> - <listitem> - <para><emphasis role="bold">Scope.</emphasis> Indicate whether the storage is available - to all hosts in the zone or only to hosts in a single cluster.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Pod.</emphasis> (Visible only if you choose Cluster in the - Scope field.) The pod for the storage device.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Cluster.</emphasis> (Visible only if you choose Cluster in - the Scope field.) The cluster for the storage device.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Name.</emphasis> The name of the storage device.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Protocol.</emphasis> For XenServer, choose either NFS, - iSCSI, or PreSetup. For KVM, choose NFS or SharedMountPoint. For vSphere choose either - VMFS (iSCSI or FiberChannel) or NFS. For Hyper-V, choose SMB.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Server (for NFS, iSCSI, or PreSetup).</emphasis> The IP - address or DNS name of the storage device.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Server (for VMFS).</emphasis> The IP address or DNS name of - the vCenter server.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Path (for NFS).</emphasis> In NFS this is the exported path - from the server.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Path (for VMFS).</emphasis> In vSphere this is a combination - of the datacenter name and the datastore name. The format is "/" datacenter name "/" - datastore name. For example, "/cloud.dc.VM/cluster1datastore".</para> - </listitem> - <listitem> - <para><emphasis role="bold">Path (for SharedMountPoint).</emphasis> With KVM this is the - path on each host that is where this primary storage is mounted. For example, - "/mnt/primary".</para> - </listitem> - <listitem> - <para><emphasis role="bold">SMB Username</emphasis> (for SMB/CIFS): Applicable only if you - select SMB/CIFS provider. The username of the account which has the necessary - permissions to the SMB shares. The user must be part of the Hyper-V administrator - group.</para> - </listitem> - <listitem> - <para><emphasis role="bold">SMB Password</emphasis> (for SMB/CIFS): Applicable only if you - select SMB/CIFS provider. The password associated with the account.</para> - </listitem> - <listitem> - <para><emphasis role="bold">SMB Domain</emphasis>(for SMB/CIFS): Applicable only if you - select SMB/CIFS provider. The Active Directory domain that the SMB share is a part - of.</para> - </listitem> - <listitem> - <para><emphasis role="bold">SR Name-Label (for PreSetup).</emphasis> Enter the - name-label of the SR that has been set up outside &PRODUCT;.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Target IQN (for iSCSI).</emphasis> In iSCSI this is the IQN - of the target. For example, iqn.1986-03.com.sun:02:01ec9bb549-1271378984.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Lun # (for iSCSI).</emphasis> In iSCSI this is the LUN - number. For example, 3.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Tags (optional).</emphasis> The comma-separated list of tags - for this storage device. It should be an equivalent set or superset of the tags on - your disk offerings..</para> - </listitem> - </itemizedlist> - <para>The tag sets on primary storage across clusters in a Zone must be identical. For - example, if cluster A provides primary storage that has tags T1 and T2, all other clusters - in the Zone must also provide primary storage that has tags T1 and T2.</para> - </listitem> - <listitem> - <para>Click OK.</para> - </listitem> - </orderedlist> - </section> - <section> - <title>Configuring a Storage Plug-in</title> - <note> - <para>Primary storage that is based on a custom plug-in (ex. SolidFire) must be added through - the &PRODUCT; API (described later in this section). There is no support at this time - through the &PRODUCT; UI to add this type of primary storage (although most of its features - are available through the &PRODUCT; UI).</para> - </note> - <note> - <para>At this time, a custom storage plug-in, such as the SolidFire storage plug-in, can only - be leveraged for data disks (through Disk Offerings).</para> - </note> - <note> - <para>The SolidFire storage plug-in for &PRODUCT; is part of the standard &PRODUCT; install. - There is no additional work required to add this component.</para> - </note> - <para>Adding primary storage that is based on the SolidFire plug-in enables &PRODUCT; to provide - hard quality-of-service (QoS) guarantees.</para> - <para>When used with Disk Offerings, an administrator is able to build an environment in which a - data disk that a user creates leads to the dynamic creation of a SolidFire volume, which has - guaranteed performance. Such a SolidFire volume is associated with one (and only ever one) - &PRODUCT; volume, so performance of the &PRODUCT; volume does not vary depending on how - heavily other tenants are using the system.</para> - <para>The createStoragePool API has been augmented to support plugable storage providers. The - following is a list of parameters to use when adding storage to &PRODUCT; that is based on the - SolidFire plug-in:</para> - <itemizedlist> - <listitem> - <para>command=createStoragePool</para> - </listitem> - <listitem> - <para>scope=zone</para> - </listitem> - <listitem> - <para>zoneId=[your zone id]</para> - </listitem> - <listitem> - <para>name=[name for primary storage]</para> - </listitem> - <listitem> - <para>hypervisor=Any</para> - </listitem> - <listitem> - <para>provider=SolidFire</para> - </listitem> - <listitem> - <para>capacityIops=[whole number of IOPS from the SAN to give to &PRODUCT;]</para> - </listitem> - <listitem> - <para>capacityBytes=[whole number of bytes from the SAN to give to &PRODUCT;]</para> - </listitem> - </itemizedlist> - <para>The url parameter is somewhat unique in that its value can contain additional key/value - pairs.</para> - <itemizedlist> - <para>url=[key/value pairs detailed below (values are URL encoded; for example, '=' is - represented as '%3D')]</para> - <listitem> - <para>MVIP%3D[Management Virtual IP Address] (can be suffixed with :[port number])</para> - </listitem> - <listitem> - <para>SVIP%3D[Storage Virtual IP Address] (can be suffixed with :[port number])</para> - </listitem> - <listitem> - <para>clusterAdminUsername%3D[cluster admin's username]</para> - </listitem> - <listitem> - <para>clusterAdminPassword%3D[cluster admin's password]</para> - </listitem> - <listitem> - <para>clusterDefaultMinIops%3D[Min IOPS (whole number) to set for a volume; used if Min IOPS - is not specified by administrator or user]</para> - </listitem> - <listitem> - <para>clusterDefaultMaxIops%3D[Max IOPS (whole number) to set for a volume; used if Max IOPS - is not specified by administrator or user]</para> - </listitem> - <listitem> - <para>clusterDefaultBurstIopsPercentOfMaxIops%3D[Burst IOPS is determined by (Min IOPS * - clusterDefaultBurstIopsPercentOfMaxIops parameter) (can be a decimal value)]</para> - </listitem> - </itemizedlist> - <para>Example URL to add primary storage to &PRODUCT; based on the SolidFire plug-in (note that - URL encoding is used with the value of the url key, so '%3A' equals ':','%3B' equals ';' (';' - is a key/value pair delimiter for the url field) and '%3D' equals '='):</para> - <para>http://127.0.0.1:8080/client/api?</para> - <para>command=createStoragePool</para> - <para>&scope=zone</para> - <para>&zoneId=cf4e6ddf-8ae7-4194-8270-d46733a52b55</para> - <para>&name=SolidFire_121258566</para> - <para>&url=</para> - <para>MVIP%3D192.168.138.180%3A443</para> - <para>%3BSVIP%3D192.168.56.7</para> - <para>%3BclusterAdminUsername%3Dadmin</para> - <para>%3BclusterAdminPassword%3Dpassword</para> - <para>%3BclusterDefaultMinIops%3D200</para> - <para>%3BclusterDefaultMaxIops%3D300</para> - <para>%3BclusterDefaultBurstIopsPercentOfMaxIops%3D2.5</para> - <para>&provider=SolidFire</para> - <para>&tags=SolidFire_SAN_1</para> - <para>&capacityIops=4000000</para> - <para>&capacityBytes=2251799813685248</para> - <para>&hypervisor=Any</para> - <para>&response=json</para> - <para>&apiKey=VrrkiZQWFFgSdA6k3DYtoKLcrgQJjZXoSWzicHXt8rYd9Bl47p8L39p0p8vfDpiljtlcMLn_jatMSqCWv5Cs-Q</para> - <para>&signature=wqf8KzcPpY2JmT1Sxk%2F%2BWbgX3l8%3D</para> - </section> -</section> http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/f42520a5/en-US/primary-storage-outage-and-data-loss.xml ---------------------------------------------------------------------- diff --git a/en-US/primary-storage-outage-and-data-loss.xml b/en-US/primary-storage-outage-and-data-loss.xml deleted file mode 100644 index ce9fdff..0000000 --- a/en-US/primary-storage-outage-and-data-loss.xml +++ /dev/null @@ -1,37 +0,0 @@ -<?xml version='1.0' encoding='utf-8' ?> -<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "file:///C:/Program%20Files%20(x86)/Publican/DocBook_DTD/docbookx.dtd" [ -<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> -%BOOK_ENTITIES; -]> -<!-- Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<section id="primary-storage-outage-and-data-loss"> - <title>Primary Storage Outage and Data Loss</title> - <para>When a primary storage outage occurs, all hosts in that cluster are rebooted. This ensures - that affected VMs running on the hypervisor are appropriately marked as stopped. Guests that are - marked for HA will be restarted as soon as practical when the primary storage comes back on - line. With NFS, the hypervisor may allow the virtual machines to continue running depending on - the nature of the issue. For example, an NFS hang will cause the guest VMs to be suspended until - storage connectivity is restored. Primary storage is not designed to be backed up. Individual - volumes in primary storage can be backed up using snapshots.</para> - <note> - <para>If there are multiple primary storage servers in a cluster and only one goes down, VMs - using a healthy primary storage will also be affected, because all hosts are rebooted.</para> - </note> - <para/> -</section> http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/f42520a5/en-US/primary-storage.xml ---------------------------------------------------------------------- diff --git a/en-US/primary-storage.xml b/en-US/primary-storage.xml deleted file mode 100644 index 4ab37ef..0000000 --- a/en-US/primary-storage.xml +++ /dev/null @@ -1,34 +0,0 @@ -<?xml version='1.0' encoding='utf-8' ?> -<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ -<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> -%BOOK_ENTITIES; -]> - -<!-- Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> - -<section id="primary-storage"> - <title>Primary Storage</title> - <para>This section gives concepts and technical details about &PRODUCT; primary storage. For information about how to install and configure primary storage through the &PRODUCT; UI, see the Installation Guide.</para> - <para><xref linkend="about-primary-storage"/></para> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="best-practices-primary-storage.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="runtime-behavior-of-primary-storage.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="hypervisor-support-for-primarystorage.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="storage-tags.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="maintenance-mode-for-primary-storage.xml"/> -</section> http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/f42520a5/en-US/private-public-template.xml ---------------------------------------------------------------------- diff --git a/en-US/private-public-template.xml b/en-US/private-public-template.xml deleted file mode 100644 index 8556583..0000000 --- a/en-US/private-public-template.xml +++ /dev/null @@ -1,30 +0,0 @@ -<?xml version='1.0' encoding='utf-8' ?> -<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ -<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> -%BOOK_ENTITIES; -]> - -<!-- Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> - -<section id="private-public-template"> - <title>Private and Public Templates</title> - <para>When a user creates a template, it can be designated private or public.</para> - <para>Private templates are only available to the user who created them. By default, an uploaded template is private.</para> - <para>When a user marks a template as âpublic,â the template becomes available to all users in all accounts in the user's domain, as well as users in any other domains that have access to the Zone where the template is stored. This depends on whether the Zone, in turn, was defined as private or public. A private Zone is assigned to a single domain, and a public Zone is accessible to any domain. If a public template is created in a private Zone, it is available only to users in the domain assigned to that Zone. If a public template is created in a public Zone, it is available to all users in all domains.</para> -</section> http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/f42520a5/en-US/projects-overview.xml ---------------------------------------------------------------------- diff --git a/en-US/projects-overview.xml b/en-US/projects-overview.xml deleted file mode 100644 index 4f9a833..0000000 --- a/en-US/projects-overview.xml +++ /dev/null @@ -1,31 +0,0 @@ -<?xml version='1.0' encoding='utf-8' ?> -<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ -<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> -%BOOK_ENTITIES; -]> - -<!-- Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<section id="projects-overview"> - <title>Overview of Projects</title> - <para>Projects are used to organize people and resources. &PRODUCT; users within a single domain can group themselves into project teams so they can collaborate and share virtual resources such as VMs, snapshots, templates, data disks, and IP addresses. &PRODUCT; tracks resource usage per project as well as per user, so the usage can be billed to either a user account or a project. For example, a private cloud within a software company might have all members of the QA department assigned to one project, so the company can track the resources used in testing while the project members can more easily isolate their efforts from other users of the same cloud</para> - <para>You can configure &PRODUCT; to allow any user to create a new project, or you can restrict that ability to just &PRODUCT; administrators. Once you have created a project, you become that projectâs administrator, and you can add others within your domain to the project. &PRODUCT; can be set up either so that you can add people directly to a project, or so that you have to send an invitation which the recipient must accept. Project members can view and manage all virtual resources created by anyone in the project (for example, share VMs). A user can be a member of any number of projects and can switch views in the &PRODUCT; UI to show only project-related information, such as project VMs, fellow project members, project-related alerts, and so on.</para> - <para>The project administrator can pass on the role to another project member. The project administrator can also add more members, remove members from the project, set new resource limits (as long as they are below the global defaults set by the &PRODUCT; administrator), and delete the project. When the administrator removes a member from the project, resources created by that user, such as VM instances, remain with the project. This brings us to the subject of resource ownership and which resources can be used by a project.</para> - <para>Resources created within a project are owned by the project, not by any particular &PRODUCT; account, and they can be used only within the project. A user who belongs to one or more projects can still create resources outside of those projects, and those resources belong to the userâs account; they will not be counted against the projectâs usage or resource limits. You can create project-level networks to isolate traffic within the project and provide network services such as port forwarding, load balancing, VPN, and static NAT. A project can also make use of certain types of resources from outside the project, if those resources are shared. For example, a shared network or public template is available to any project in the domain. A project can get access to a private template if the templateâs owner will grant permission. A project can use any service offering or disk offering available in its domain; however, you can not create private service and disk offerings a t the project level..</para> -</section> - http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/f42520a5/en-US/projects.xml ---------------------------------------------------------------------- diff --git a/en-US/projects.xml b/en-US/projects.xml deleted file mode 100644 index 39ce96b..0000000 --- a/en-US/projects.xml +++ /dev/null @@ -1,35 +0,0 @@ -<?xml version='1.0' encoding='utf-8' ?> -<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ -<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> -%BOOK_ENTITIES; -]> - -<!-- Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> - -<chapter id="projects"> - <title>Using Projects to Organize Users and Resources</title> - <xi:include href="projects-overview.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="configuring-projects.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="create-new-projects.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="add-members-to-projects.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="accept-membership-invite.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="suspend-project.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="use-project-view.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> -</chapter> - http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/f42520a5/en-US/provisioning-auth-api.xml ---------------------------------------------------------------------- diff --git a/en-US/provisioning-auth-api.xml b/en-US/provisioning-auth-api.xml deleted file mode 100644 index 0f28b1f..0000000 --- a/en-US/provisioning-auth-api.xml +++ /dev/null @@ -1,29 +0,0 @@ -<?xml version='1.0' encoding='utf-8' ?> -<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ -<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> -%BOOK_ENTITIES; -]> - -<!-- Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> - -<section id="provisioning-auth-api"> - <title>Provisioning and Authentication API</title> - <para>&PRODUCT; expects that a customer will have their own user provisioning infrastructure. It provides APIs to integrate with these existing systems where the systems call out to &PRODUCT; to add/remove users..</para> - <para>&PRODUCT; supports pluggable authenticators. By default, &PRODUCT; assumes it is provisioned with the userâs password, and as a result authentication is done locally. However, external authentication is possible as well. For example, see Using an LDAP Server for User Authentication.</para> -</section> http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/f42520a5/en-US/provisioning-steps-overview.xml ---------------------------------------------------------------------- diff --git a/en-US/provisioning-steps-overview.xml b/en-US/provisioning-steps-overview.xml deleted file mode 100644 index 5fb6196..0000000 --- a/en-US/provisioning-steps-overview.xml +++ /dev/null @@ -1,45 +0,0 @@ -<?xml version='1.0' encoding='utf-8' ?> -<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ -<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> -%BOOK_ENTITIES; -]> - -<!-- Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<section id="provisioning-steps-overview"> - <title>Overview of Provisioning Steps</title> - <para>After the Management Server is installed and running, you can add the compute resources for it to manage. For an overview of how a &PRODUCT; cloud infrastructure is organized, see <xref linkend="cloud-infrastructure-overview" />.</para> - <para>To provision the cloud infrastructure, or to scale it up at any time, follow these procedures:</para> - <orderedlist> - <listitem><para>Define regions (optional). See <xref linkend="region-add"/>.</para></listitem> - <listitem><para>Add a zone to the region. See <xref linkend="zone-add" />.</para></listitem> - <listitem><para>Add more pods to the zone (optional). See <xref linkend="pod-add" />.</para></listitem> - <listitem><para>Add more clusters to the pod (optional). See <xref linkend="cluster-add" />.</para></listitem> - <listitem><para>Add more hosts to the cluster (optional). See <xref linkend="host-add" />.</para></listitem> - <listitem><para>Add primary storage to the cluster. See <xref linkend="primary-storage-add" />.</para></listitem> - <listitem><para>Add secondary storage to the zone. See <xref linkend="secondary-storage-add" />.</para></listitem> - <listitem><para>Initialize and test the new cloud. See <xref linkend="initialize-and-test" />.</para></listitem> - </orderedlist> - <para>When you have finished these steps, you will have a deployment with the following basic structure:</para> - <mediaobject> - <imageobject> - <imagedata fileref="./images/provisioning-overview.png" /> - </imageobject> - <textobject><phrase>provisioning-overview.png: Conceptual overview of a basic deployment</phrase></textobject> - </mediaobject> -</section> http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/f42520a5/en-US/provisioning-steps.xml ---------------------------------------------------------------------- diff --git a/en-US/provisioning-steps.xml b/en-US/provisioning-steps.xml deleted file mode 100644 index 04ece13..0000000 --- a/en-US/provisioning-steps.xml +++ /dev/null @@ -1,36 +0,0 @@ -<?xml version='1.0' encoding='utf-8' ?> -<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ -<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> -%BOOK_ENTITIES; -]> - -<!-- Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<chapter id="provisioning-steps"> - <title>Steps to Provisioning Your Cloud Infrastructure</title> - <para>This section tells how to add regions, zones, pods, clusters, hosts, storage, and networks to your cloud. If you are unfamiliar with these entities, please begin by looking through <xref linkend="cloud-infrastructure-concepts" />.</para> - <xi:include href="provisioning-steps-overview.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="region-add.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="zone-add.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="pod-add.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="cluster-add.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="host-add.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="primary-storage-add.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="secondary-storage-add.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="initialize-and-test.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> -</chapter> http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/f42520a5/en-US/pvlan.xml ---------------------------------------------------------------------- diff --git a/en-US/pvlan.xml b/en-US/pvlan.xml deleted file mode 100644 index 38b2531..0000000 --- a/en-US/pvlan.xml +++ /dev/null @@ -1,247 +0,0 @@ -<?xml version='1.0' encoding='utf-8' ?> -<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ -<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> -%BOOK_ENTITIES; -]> - -<!-- Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<section id="pvlan"> - <title>Isolation in Advanced Zone Using Private VLAN</title> - <para>Isolation of guest traffic in shared networks can be achieved by using Private VLANs - (PVLAN). PVLANs provide Layer 2 isolation between ports within the same VLAN. In a PVLAN-enabled - shared network, a user VM cannot reach other user VM though they can reach the DHCP server and - gateway, this would in turn allow users to control traffic within a network and help them deploy - multiple applications without communication between application as well as prevent communication - with other usersâ VMs.</para> - <itemizedlist> - <listitem> - <para>Isolate VMs in a shared networks by using Private VLANs.</para> - </listitem> - <listitem> - <para>Supported on KVM, XenServer, and VMware hypervisors</para> - </listitem> - <listitem> - <para>PVLAN-enabled shared network can be a part of multiple networks of a guest VM.</para> - </listitem> - </itemizedlist> - <section id="about-pvlan"> - <title>About Private VLAN</title> - <para>In an Ethernet switch, a VLAN is a broadcast domain where hosts can establish direct - communication with each another at Layer 2. Private VLAN is designed as an extension of VLAN - standard to add further segmentation of the logical broadcast domain. A regular VLAN is a - single broadcast domain, whereas a private VLAN partitions a larger VLAN broadcast domain into - smaller sub-domains. A sub-domain is represented by a pair of VLANs: a Primary VLAN and a - Secondary VLAN. The original VLAN that is being divided into smaller groups is called Primary, - which implies that all VLAN pairs in a private VLAN share the same Primary VLAN. All the - secondary VLANs exist only inside the Primary. Each Secondary VLAN has a specific VLAN ID - associated to it, which differentiates one sub-domain from another. </para> - <para>Three types of ports exist in a private VLAN domain, which essentially determine the - behaviour of the participating hosts. Each ports will have its own unique set of rules, which - regulate a connected host's ability to communicate with other connected host within the same - private VLAN domain. Configure each host that is part of a PVLAN pair can be by using one of - these three port designation:</para> - <itemizedlist> - <listitem> - <para><emphasis role="bold">Promiscuous</emphasis>: A promiscuous port can communicate with - all the interfaces, including the community and isolated host ports that belong to the - secondary VLANs. In Promiscuous mode, hosts are connected to promiscuous ports and are - able to communicate directly with resources on both primary and secondary VLAN. Routers, - DHCP servers, and other trusted devices are typically attached to promiscuous - ports.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Isolated VLANs</emphasis>: The ports within an isolated VLAN - cannot communicate with each other at the layer-2 level. The hosts that are connected to - Isolated ports can directly communicate only with the Promiscuous resources. If your - customer device needs to have access only to a gateway router, attach it to an isolated - port.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Community VLANs</emphasis>: The ports within a community VLAN - can communicate with each other and with the promiscuous ports, but they cannot - communicate with the ports in other communities at the layer-2 level. In a Community mode, - direct communication is permitted only with the hosts in the same community and those that - are connected to the Primary PVLAN in promiscuous mode. If your customer has two devices - that need to be isolated from other customers' devices, but to be able to communicate - among themselves, deploy them in community ports.</para> - </listitem> - </itemizedlist> - <para>For further reading:</para> - <itemizedlist> - <listitem> - <para><ulink - url="http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/configuration/guide/swpvlan.html#wp1038379"; - >Understanding Private VLANs</ulink></para> - </listitem> - <listitem> - <para><ulink url="http://tools.ietf.org/html/rfc5517";>Cisco Systems' Private VLANs: Scalable - Security in a Multi-Client Environment</ulink></para> - </listitem> - <listitem> - <para><ulink url="http://kb.vmware.com";>Private VLAN (PVLAN) on vNetwork Distributed Switch - - Concept Overview (1010691)</ulink></para> - </listitem> - </itemizedlist> - </section> - <section id="prereq-pvlan"> - <title>Prerequisites</title> - <itemizedlist> - <listitem> - <para>Use a PVLAN supported switch.</para> - <para>See <ulink - url="http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml"; - >Private VLAN Catalyst Switch Support Matrix</ulink>for more information.</para> - </listitem> - <listitem> - <para>All the layer 2 switches, which are PVLAN-aware, are connected to each other, and one - of them is connected to a router. All the ports connected to the host would be configured - in trunk mode. Open Management VLAN, Primary VLAN (public) and Secondary Isolated VLAN - ports. Configure the switch port connected to the router in PVLAN promiscuous trunk mode, - which would translate an isolated VLAN to primary VLAN for the PVLAN-unaware router. </para> - <para>Note that only Cisco Catalyst 4500 has the PVLAN promiscuous trunk mode to connect - both normal VLAN and PVLAN to a PVLAN-unaware switch. For the other Catalyst PVLAN support - switch, connect the switch to upper switch by using cables, one each for a PVLAN - pair.</para> - </listitem> - <listitem> - <para>Configure private VLAN on your physical switches out-of-band.</para> - </listitem> - <listitem> - <para>Before you use PVLAN on XenServer and KVM, enable Open vSwitch (OVS).</para> - <note> - <para>OVS on XenServer and KVM does not support PVLAN natively. Therefore, &PRODUCT; - managed to simulate PVLAN on OVS for XenServer and KVM by modifying the flow - table.</para> - </note> - </listitem> - </itemizedlist> - </section> - <section id="ability-pvlan"> - <title>Creating a PVLAN-Enabled Guest Network</title> - <orderedlist> - <listitem> - <para>Log in to the &PRODUCT; UI as administrator.</para> - </listitem> - <listitem> - <para>In the left navigation, choose Infrastructure.</para> - </listitem> - <listitem> - <para>On Zones, click View More.</para> - </listitem> - <listitem> - <para>Click the zone to which you want to add a guest network.</para> - </listitem> - <listitem> - <para>Click the Physical Network tab.</para> - </listitem> - <listitem> - <para>Click the physical network you want to work with.</para> - </listitem> - <listitem> - <para>On the Guest node of the diagram, click Configure.</para> - </listitem> - <listitem> - <para>Click the Network tab.</para> - </listitem> - <listitem> - <para>Click Add guest network.</para> - <para>The Add guest network window is displayed.</para> - </listitem> - <listitem> - <para>Specify the following:</para> - <itemizedlist> - <listitem> - <para><emphasis role="bold">Name</emphasis>: The name of the network. This will be - visible to the user.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Description</emphasis>: The short description of the network - that can be displayed to users.</para> - </listitem> - <listitem> - <para><emphasis role="bold">VLAN ID</emphasis>: The unique ID of the VLAN.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Secondary Isolated VLAN ID</emphasis>: The unique ID of the - Secondary Isolated VLAN. </para> - <para>For the description on Secondary Isolated VLAN, see <xref linkend="about-pvlan" - />.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Scope</emphasis>: The available scopes are Domain, Account, - Project, and All.</para> - <itemizedlist> - <listitem> - <para><emphasis role="bold">Domain</emphasis>: Selecting Domain limits the scope of - this guest network to the domain you specify. The network will not be available - for other domains. If you select Subdomain Access, the guest network is available - to all the sub domains within the selected domain.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Account</emphasis>: The account for which the guest - network is being created for. You must specify the domain the account belongs - to.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Project</emphasis>: The project for which the guest - network is being created for. You must specify the domain the project belongs - to.</para> - </listitem> - <listitem> - <para><emphasis role="bold">All</emphasis>: The guest network is available for all - the domains, account, projects within the selected zone. </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para><emphasis role="bold">Network Offering</emphasis>: If the administrator has - configured multiple network offerings, select the one you want to use for this - network.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Gateway</emphasis>: The gateway that the guests should - use.</para> - </listitem> - <listitem> - <para><emphasis role="bold">Netmask</emphasis>: The netmask in use on the subnet the - guests will use.</para> - </listitem> - <listitem> - <para><emphasis role="bold">IP Range</emphasis>: A range of IP addresses that are - accessible from the Internet and are assigned to the guest VMs.</para> - <!--<para>If one NIC is used, these IPs should be in the same CIDR in the case of - IPv6.</para> --> - </listitem> - <!-- <listitem> - <para><emphasis role="bold">IPv6 CIDR</emphasis>: The network prefix that defines the - guest network subnet. This is the CIDR that describes the IPv6 addresses in use in the - guest networks in this zone. To allot IP addresses from within a particular address - block, enter a CIDR.</para> - </listitem> --> - <listitem> - <para><emphasis role="bold">Network Domain</emphasis>: A custom DNS suffix at the level - of a network. If you want to assign a special domain name to the guest VM network, - specify a DNS suffix.</para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para>Click OK to confirm.</para> - </listitem> - </orderedlist> - </section> -</section> http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/f42520a5/en-US/query-filter.xml ---------------------------------------------------------------------- diff --git a/en-US/query-filter.xml b/en-US/query-filter.xml deleted file mode 100644 index 1c0e493..0000000 --- a/en-US/query-filter.xml +++ /dev/null @@ -1,60 +0,0 @@ -<?xml version='1.0' encoding='utf-8' ?> -<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ -<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> -%BOOK_ENTITIES; -]> - -<!-- Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> - -<section id="query-filter"> -<title>Query Filter</title> -<para>The query filter is used to find a mapped user in the external LDAP server. The query filter should uniquely map the &PRODUCT; user to LDAP user for a meaningful authentication. For more information about query filter syntax, consult the documentation for your LDAP server.</para> -<para>The &PRODUCT; query filter wildcards are:</para> - <informaltable> - <tgroup cols="2" align="left" colsep="1" rowsep="1"> - <thead> - <row> - <entry><para>Query Filter Wildcard</para></entry> - <entry><para>Description</para></entry> - </row> - </thead> - <tbody> - <row> - <entry><para>%u</para></entry> - <entry><para>User name</para></entry> - </row> - <row> - <entry><para>%e</para></entry> - <entry><para>Email address</para></entry> - </row> - <row> - <entry><para>%n</para></entry> - <entry><para>First and last name</para></entry> - </row> - </tbody> - </tgroup> - </informaltable> -<para>The following examples assume you are using Active Directory, and refer to user attributes from the Active Directory schema.</para> -<para>If the &PRODUCT; user name is the same as the LDAP user ID:</para> -<programlisting>(uid=%u)</programlisting> -<para>If the &PRODUCT; user name is the LDAP display name:</para> -<programlisting>(displayName=%u)</programlisting> -<para>To find a user by email address:</para> -<programlisting>(mail=%e)</programlisting> -</section> http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/f42520a5/en-US/re-install-hosts.xml ---------------------------------------------------------------------- diff --git a/en-US/re-install-hosts.xml b/en-US/re-install-hosts.xml deleted file mode 100644 index b8092ad..0000000 --- a/en-US/re-install-hosts.xml +++ /dev/null @@ -1,26 +0,0 @@ -<?xml version='1.0' encoding='utf-8' ?> -<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ -<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> -%BOOK_ENTITIES; -]> -<!-- Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<section id="re-install-hosts"> - <title>Re-Installing Hosts</title> - <para>You can re-install a host after placing it in maintenance mode and then removing it. If a - host is down and cannot be placed in maintenance mode, it should still be removed before the - re-install.</para> -</section> http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/f42520a5/en-US/realip-changes.xml ---------------------------------------------------------------------- diff --git a/en-US/realip-changes.xml b/en-US/realip-changes.xml deleted file mode 100644 index 6b9d904..0000000 --- a/en-US/realip-changes.xml +++ /dev/null @@ -1,224 +0,0 @@ -<?xml version='1.0' encoding='utf-8' ?> -<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ -<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> -%BOOK_ENTITIES; -]> - -<!-- Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<section id="realip-changes"> - <title>Secure Connections for &PRODUCT;System VMs</title> - <para>&PRODUCT; System VMs, such as console proxy and Secondary storage VMs, use SSL certificates - to host HTTPS connections. Because each &PRODUCT; environment is unique, System VMs in each - deployment varies and each instance will have its own set of IP addresses. To use one SSL - certificate across all the instances among different deployments, &PRODUCT; provides a global - parameter based mechanism. To achieve that you need the following:</para> - <itemizedlist> - <listitem> - <para>A software that runs a wildcard DNS service.</para> - </listitem> - <listitem> - <para>A wildcard certificate for this domain name, which can be self-signed.</para> - </listitem> - <listitem> - <para>A domain, which can run a DNS service that is capable of resolving queries for addresses - of the form aaa-bbb-ccc-ddd.yourdomain.com to an IPv4 IP address in the form - aaa.bbb.ccc.ddd, for example, 202.8.44.1.</para> - </listitem> - </itemizedlist> - <section id="conoleproxy-ssl"> - <title>Console Proxy</title> - <para>For Console Proxy sessions, you can use one of the following modes: HTTP, HTTPS with - wildcard certificate, and HTTPS with a certificate signed under an exact domain name. For each - mode, you need to set the global parameter, <parameter>consoleproxy.url.domain</parameter>to - different forms of IP address, which can later be resolved by your DNS server. </para> - <orderedlist> - <listitem> - <para>Ensure that you set up a domain in your DNS server.</para> - <para>In this example, assume that your DNS server is BIND, and the domain name is - yourdomain.com.</para> - </listitem> - <listitem> - <para>Set up your zone in your DNS server. </para> - <para>If you are using BIND 9:</para> - <programlisting>zone "yourhostip.com" IN { - type master; - file "yourhostip.com.zone"; - allow-update { none; }; -};</programlisting> - </listitem> - <listitem> - <para>Populate an A record for every public IP you have entered in &PRODUCT; that the - console proxy could allocate. </para> - <para>For example, a range such as 55.66.77.100 to 55.66.77.200.</para> - <programlisting>55-66-77-100 IN A 55.66.77.100 -55-66-77-101 IN A 55.66.77.101 -55-66-77-102 IN A 55.66.77.102 -55-66-77-103 IN A 55.66.77.103 - -etc.. - -55-66-77-200 IN A 55.66.77.200</programlisting> - </listitem> - <listitem> - <para>Update &PRODUCT; with the new domain name:</para> - <orderedlist numeration="loweralpha"> - <listitem> - <para>Log in to the &PRODUCT; UI as an administrator.</para> - </listitem> - <listitem> - <para>In the left navigation pane, select Global Settings.</para> - </listitem> - <listitem> - <para>Select the <parameter>consoleproxy.url.domain</parameter> parameter.</para> - </listitem> - <listitem> - <para>Depending on your requirement, perform one of the following:</para> - <informaltable> - <tgroup cols="3" align="left" colsep="1" rowsep="1"> - <thead> - <row> - <entry><para>Console Proxy Mode</para></entry> - <entry><para>Global Parameter Settings</para></entry> - <entry><para>Console Proxy URL</para></entry> - </row> - </thead> - <tbody> - <row> - <entry><para>HTTP</para></entry> - <entry><para>Set <parameter>consoleproxy.url.domain</parameter> to - empty.</para></entry> - <entry><para>http://aaa.bbb.ccc.ddd/xxxxx</para> - <para>Where xxxxx is the token.</para></entry> - </row> - <row> - <entry><para>HTTPS with wildcard certificate</para></entry> - <entry>Set <parameter>consoleproxy.url.domain</parameter> to - *.yourdomain.com</entry> - <entry><para>http://aaa.bbb.ccc.ddd.yourdomain.com/xxxxx</para> - <para>Each public IP entered in &PRODUCT; is converted to a DNS name, for - example, 77.88.99.11 and maps to 77-88-99-11.yourdomain.com/xxxxx, where - xxxxx is the secure token. When the browser connects to this URL, it try to - match to wildcard cert *.yourdomain.com.</para> - <para>For more information on generating wildcard certificates, see <xref - linkend="change-console-proxy-ssl-certificate-domain"/>.</para></entry> - </row> - <row> - <entry><para>HTTPS with a certificate signed under an exact domain name (load - balancing console proxy)</para></entry> - <entry><para>Set <parameter>consoleproxy.url.domain</parameter> to - xyz.yourdomain.com.</para> - </entry> - <entry><para>https://xyz.yourdomain.com/xxxxx</para> - <para>For more information, see <xref linkend="lb-realhost"/>.</para></entry> - </row> - </tbody> - </tgroup> - </informaltable> - </listitem> - </orderedlist> - </listitem> - <listitem> - <para>Restart the Management Server.</para> - </listitem> - </orderedlist> - </section> - <section id="lb-realhost"> - <title>Load Balancing Console Proxy VMs</title> - <orderedlist> - <listitem> - <para>On an external LB device, such as Citrix Netscaler, configure LB with a name:</para> - <orderedlist numeration="loweralpha"> - <listitem> - <para>Create a tagged VLAN.</para> - </listitem> - <listitem> - <para>Assign an IP from the public IP range.</para> - <para>For example: 10.10.10.252</para> - </listitem> - <listitem> - <para>Create a virtual server with a virtual IP.</para> - <para>For example: 10.10.10.251</para> - </listitem> - <listitem> - <para> Assign the virtual IP to the console proxy VM.</para> - </listitem> - </orderedlist> - </listitem> - <listitem> - <para>Configure DNS to resolve above hostname to the load balancers IP</para> - <orderedlist> - <listitem> - <para>Edit the forward.named.conf file:</para> - <programlisting>@ IN NS xyz.yourdomain.com -@ IN A 10.10.10.252 -xyz IN A 10.10.10.251 </programlisting> - <para>The sub domain, xyz, points to the virtual IP of the load balancer.</para> - </listitem> - <listitem> - <para>Restart the service to reflect the changes.</para> - </listitem> - </orderedlist> - </listitem> - <listitem id="step3"> - <para>Start Console Proxy VM to acquire its public IP address.</para> - </listitem> - <listitem id="step4"> - <para>Configure the LB rule to point xyz.yourdomain.com to the Console Proxy's IP - address.</para> - <para>To do that, set the consoleproxy.url.domain to xyz.yourdomain.com.</para> - <para>&PRODUCT; sends a request as given below :</para> - <programlisting># wget https://xyz.yourdomain.com/ajax?token=<token>token</token></programlisting> - <para>&PRODUCT; sends the request to xyz.yourdomain.com, and internally the request is - forwarded to the virtual IP of the LB rule, 10.10.10.251. The request is then internally - load balanced and forwarded to associated Console Proxy VM.</para> - <para>In this example, xyz.yourdomain.com is mapped to the virtual IP of the LB rule on the - DNS server. The DNS server resolves the IP and the forward the request to the external LB - device. The LB device load balance the request sends to the associated Console Proxy - public IP.</para> - </listitem> - <listitem> - <para>Repeat steps <xref linkend="step3"/> and <xref linkend="step4"/> to add more Console Proxy VMs into the LB rule.</para> - </listitem> - </orderedlist> - </section> - <section id="ssvm-ssl"> - <title>Secondary Storage VM</title> - <para>Use the <parameter>secstorage.encrypt.copy</parameter> parameter to turn on the secure - connection. To customize domain for SSVM, set the - <parameter>secstorage.ssl.cert.domain</parameter> parameter to *.yourdomain.com.</para> - <note> - <para>Provide the full certificate path for the System VMs if you are using a certificate from - an intermediate CA. The certificate path begins with the certificate of that certifying - entity, and each certificate in the chain is signed by the entity identified by the next - certificate in the chain. The chain terminates with a root CA certificate. For browsers to - trust the site's certificate, you must specify the full chain: site certificate, - intermediate CA, and root CA. Use the uploadCustomCertificate API calls for each level of - the chain. The certificate and private key parameters need to have the full text in PEM - encoded format. For example: <code>'certificate':'-----BEGIN - CERTIFICATE-----\nMIIDYTCCAkmgAwIBAgIQCgEBAQAAAnwasdfKasd</code></para> - </note> - <para/> - </section> - <section id="upgrade-sysvm"> - <title>Upgrade</title> - <para>Post upgrade, &PRODUCT; automatically converts the existing domain values, for example - yourdomain.com to *.yourdomain.com. After upgrade, modify this value to suit your - needs.</para> - </section> -</section>
