You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by se...@apache.org on 2014/03/20 09:08:18 UTC
[1/3] Closes #2: fixed images links, tables, toctree
Repository: cloudstack-docs-admin
Updated Branches:
refs/heads/master 947ff0591 -> 08b01f0d6
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/08b01f0d/source/projects.rst
----------------------------------------------------------------------
diff --git a/source/projects.rst b/source/projects.rst
index 6e256a9..b2eebb4 100644
--- a/source/projects.rst
+++ b/source/projects.rst
@@ -18,7 +18,7 @@ Using Projects to Organize Users and Resources
==============================================
Overview of Projects
--------------------------
+--------------------
Projects are used to organize people and resources. CloudStack users
within a single domain can group themselves into project teams so they
@@ -69,7 +69,7 @@ domain; however, you can not create private service and disk offerings
at the project level..
Configuring Projects
--------------------------
+--------------------
Before CloudStack users start using projects, the CloudStack
administrator must set up various systems to support them, including
@@ -77,7 +77,7 @@ membership invitations, limits on project resources, and controls on who
can create projects.
Setting Up Invitations
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~
CloudStack can be set up either so that project administrators can add
people directly to a project, or so that it is necessary to send an
@@ -135,7 +135,7 @@ and set up the invitations feature in CloudStack.
service cloudstack-management restart
Setting Resource Limits for Projects
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The CloudStack administrator can set global default limits to control
the amount of resources that can be owned by each project in the cloud.
@@ -148,7 +148,7 @@ administrator can also set lower resource limits for any project in the
cloud
Setting Per-Project Resource Limits
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The CloudStack root administrator or the domain administrator of the
domain where the project resides can set new resource limits for an
@@ -193,7 +193,7 @@ new limit.
Click Apply.
Setting the Global Project Resource Limits
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
#.
@@ -237,7 +237,7 @@ Setting the Global Project Resource Limits
# service cloudstack-management restart
Setting Project Creator Permissions
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You can configure CloudStack to allow any user to create a new project,
or you can restrict that ability to just CloudStack administrators.
@@ -273,7 +273,7 @@ or you can restrict that ability to just CloudStack administrators.
# service cloudstack-management restart
Creating a New Project
----------------------------
+----------------------
CloudStack administrators and domain administrators can create projects.
If the global configuration parameter allow.user.create.projects is set
@@ -310,7 +310,7 @@ to true, end users can also create projects.
Click Save.
Adding Members to a Project
---------------------------------
+---------------------------
New members can be added to a project by the project’s administrator,
the domain administrator of the domain where the project resides or any
@@ -328,11 +328,11 @@ to add members in CloudStack, but only one way is enabled at a time:
the UI.
Sending Project Membership Invitations
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Use these steps to add a new member to a project if the invitations
feature is enabled in the cloud as described in `“Setting
-Up Invitations” <#set-up-invitations>`__. If the invitations feature is
+Up Invitations” <#set-up-invitations>`_. If the invitations feature is
not turned on, use the procedure in Adding Project Members From the UI.
#.
@@ -371,7 +371,7 @@ not turned on, use the procedure in Adding Project Members From the UI.
which the recipient will provide back to CloudStack when accepting
the invitation. Email invitations will work only if the global
parameters related to the SMTP server have been set. See
- `“Setting Up Invitations” <#set-up-invitations>`__.
+ `“Setting Up Invitations” <#set-up-invitations>`_.
#.
@@ -389,14 +389,14 @@ not turned on, use the procedure in Adding Project Members From the UI.
project’s Accounts tab.
Adding Project Members From the UI
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The steps below tell how to add a new member to a project if the
invitations feature is not enabled in the cloud. If the invitations
feature is enabled cloud,as described in `“Setting Up
-Invitations” <#set-up-invitations>`__, use the procedure in
+Invitations” <#set-up-invitations>`_, use the procedure in
`“Sending Project Membership
-Invitations” <#send-projects-membership-invitation>`__.
+Invitations” <#send-projects-membership-invitation>`_.
#.
@@ -426,7 +426,7 @@ Invitations” <#send-projects-membership-invitation>`__.
cloud and within the same domain as the project.
Accepting a Membership Invitation
---------------------------------------
+---------------------------------
If you have received an invitation to join a CloudStack project, and you
want to accept the invitation, follow these steps:
@@ -456,7 +456,7 @@ want to accept the invitation, follow these steps:
and provide the project ID and unique ID code (token) from the email.
Suspending or Deleting a Project
--------------------------------------
+--------------------------------
When a project is suspended, it retains the resources it owns, but they
can no longer be used. No new resources or members can be added to a
@@ -495,7 +495,7 @@ parent domain, or the CloudStack root administrator.
To suspend, use |Suspends a project|
Using the Project View
----------------------------
+----------------------
If you are a member of a project, you can use CloudStack’s project view
to see project members, resources consumed, and more. The project view
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/08b01f0d/source/reliability.rst
----------------------------------------------------------------------
diff --git a/source/reliability.rst b/source/reliability.rst
index 05c92e2..0cd4073 100644
--- a/source/reliability.rst
+++ b/source/reliability.rst
@@ -18,7 +18,7 @@ System Reliability and High Availability
========================================
HA for Management Server
-------------------------------
+------------------------
The CloudStack Management Server should be deployed in a multi-node
configuration such that it is not susceptible to individual server
@@ -33,7 +33,7 @@ end user and admin UI, API, dynamic load distribution, and HA will cease
to work.
Management Server Load Balancing
---------------------------------------
+--------------------------------
CloudStack can use a load balancer to provide a virtual IP for multiple
Management Servers. The administrator is responsible for creating the
@@ -44,37 +44,13 @@ persistence is required.
Even if persistence is not required, enabling it is permitted.
-Source Port
-
-Destination Port
-
-Protocol
-
-Persistence Required?
-
-80 or 443
-
-8080 (or 20400 with AJP)
-
-HTTP (or AJP)
-
-Yes
-
-8250
-
-8250
-
-TCP
-
-Yes
-
-8096
-
-8096
-
-HTTP
-
-No
+============== ======================== ================ =====================
+Source Port Destination Port Protocol Persistence Required?
+============== ======================== ================ =====================
+80 or 443 8080 (or 20400 with AJP) HTTP (or AJP) Yes
+8250 8250 TCP Yes
+8096 8096 HTTP No
+============== ======================== ================ =====================
In addition to above settings, the administrator is responsible for
setting the 'host' global config value from the management server IP to
@@ -84,7 +60,7 @@ still available but the system VMs will not be able to contact the
management server.
HA-Enabled Virtual Machines
----------------------------------
+---------------------------
The user can specify a virtual machine as HA-enabled. By default, all
virtual router VMs and Elastic Load Balancing VMs are automatically
@@ -100,7 +76,7 @@ HA features work with iSCSI or NFS primary storage. HA with local
storage is not supported.
HA for Hosts
-------------------
+------------
The user can specify a virtual machine as HA-enabled. By default, all
virtual router VMs and Elastic Load Balancing VMs are automatically
@@ -116,7 +92,7 @@ HA features work with iSCSI or NFS primary storage. HA with local
storage is not supported.
Dedicated HA Hosts
-~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~
One or more hosts can be designated for use only by HA-enabled VMs that
are restarting due to a host failure. Setting up a pool of such
@@ -143,10 +119,11 @@ desired tag (for example, "ha\_host"), and restart the Management
Server. Enter the value in the Host Tags field when adding the host(s)
that you want to dedicate to HA-enabled VMs.
-.. note:: If you set ha.tag, be sure to actually use that tag on at least one host in your cloud. If the tag specified in ha.tag is not set for any host in the cloud, the HA-enabled VMs will fail to restart after a crash.
+.. note::
+ If you set ha.tag, be sure to actually use that tag on at least one host in your cloud. If the tag specified in ha.tag is not set for any host in the cloud, the HA-enabled VMs will fail to restart after a crash.
Primary Storage Outage and Data Loss
-------------------------------------------
+------------------------------------
When a primary storage outage occurs the hypervisor immediately stops
all VMs stored on that storage device. Guests that are marked for HA
@@ -159,7 +136,7 @@ up. Individual volumes in primary storage can be backed up using
snapshots.
Secondary Storage Outage and Data Loss
---------------------------------------------
+--------------------------------------
For a Zone that has only one secondary storage server, a secondary
storage outage will have feature level impact to the system but will not
@@ -174,7 +151,7 @@ be backed up periodically. Multiple secondary storage servers can be
provisioned within each zone to increase the scalability of the system.
Database High Availability
---------------------------------
+--------------------------
To help ensure high availability of the databases that store the
internal data for CloudStack, you can set up database replication. This
@@ -183,7 +160,7 @@ Replication is achieved using the MySQL connector parameters and two-way
replication. Tested with MySQL 5.1 and 5.5.
How to Set Up Database Replication
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Database replication in CloudStack is provided using the MySQL
replication capabilities. The steps to set up replication can be found
@@ -208,7 +185,7 @@ References:
`https://wikis.oracle.com/display/CommSuite/MySQL+High+Availability+and+Replication+Information+For+Calendar+Server <https://wikis.oracle.com/display/CommSuite/MySQL+High+Availability+and+Replication+Information+For+Calendar+Server>`__
Configuring Database High Availability
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To control the database high availability behavior, use the following
configuration settings in the file
@@ -275,7 +252,7 @@ tuning purposes:
Example: ``db.cloud.initialTimeout=3600``
Limitations on Database High Availability
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following limitations exist in the current implementation of this
feature.
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/08b01f0d/source/service_offerings.rst
----------------------------------------------------------------------
diff --git a/source/service_offerings.rst b/source/service_offerings.rst
index d370275..4e794c2 100644
--- a/source/service_offerings.rst
+++ b/source/service_offerings.rst
@@ -30,7 +30,7 @@ just friends who are sharing your cloud – you can still keep track of
what services they use and how much of them.
Service Offerings, Disk Offerings, Network Offerings, and Templates
-------------------------------------------------------------------------
+-------------------------------------------------------------------
A user creating a new instance can make a variety of choices about its
characteristics and capabilities. CloudStack provides several ways to
@@ -62,7 +62,7 @@ System Service Offerings.
Compute and Disk Service Offerings
----------------------------------------
+----------------------------------
A service offering is a set of virtual hardware features such as CPU
core count and speed, memory, and disk size. The CloudStack administrator
@@ -146,7 +146,7 @@ parameters, such as CPU, speed, RAM are recorded.
Creating a New Compute Offering
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To create a new compute offering:
@@ -318,7 +318,7 @@ To create a new compute offering:
Click Add.
Creating a New Disk Offering
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To create a new disk offering:
@@ -414,7 +414,7 @@ To create a new disk offering:
Click Add.
Modifying or Deleting a Service Offering
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Service offerings cannot be changed once created. This applies to both
compute offerings and disk offerings.
@@ -427,7 +427,7 @@ service offering will not be available to end users that are creating
new instances.
System Service Offerings
------------------------------
+------------------------
System service offerings provide a choice of CPU speed, number of CPUs,
tags, and RAM size, just as other service offerings do. But rather than
@@ -446,7 +446,7 @@ different system service offering. All virtual routers in that network
will begin using the settings from the new service offering.
Creating a New System Service Offering
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To create a system service offering:
@@ -542,7 +542,7 @@ To create a system service offering:
Click Add.
Network Throttling
------------------------
+------------------
Network throttling is the process of controlling the network access and
bandwidth usage based on certain rules. CloudStack controls this
@@ -583,57 +583,23 @@ defaulted to the global parameter value.
The following table gives you an overview of how network rate is applied
on different types of networks in CloudStack.
-Networks
-
-Network Rate Is Taken from
-
-Guest network of Virtual Router
-
-Guest Network Offering
-
-Public network of Virtual Router
-
-Guest Network Offering
-
-Storage network of Secondary Storage VM
-
-System Network Offering
-
-Management network of Secondary Storage VM
-
-System Network Offering
-
-Storage network of Console Proxy VM
-
-System Network Offering
-
-Management network of Console Proxy VM
-
-System Network Offering
-
-Storage network of Virtual Router
-
-System Network Offering
-
-Management network of Virtual Router
-
-System Network Offering
-
-Public network of Secondary Storage VM
-
-System Network Offering
-
-Public network of Console Proxy VM
-
-System Network Offering
-
-Default network of a guest VM
-
-Compute Offering
-
-Additional networks of a guest VM
+=============================================== ===============================
+Networks Network Rate Is Taken from
+=============================================== ===============================
+Guest network of Virtual Router Guest Network Offering
+Public network of Virtual Router Guest Network Offering
+Storage network of Secondary Storage VM System Network Offering
+Management network of Secondary Storage VM System Network Offering
+Storage network of Console Proxy VM System Network Offering
+Management network of Console Proxy VM System Network Offering
+Storage network of Virtual Router System Network Offering
+Management network of Virtual Router System Network Offering
+Public network of Secondary Storage VM System Network Offering
+Public network of Console Proxy VM System Network Offering
+Default network of a guest VM Compute Offering
+Additional networks of a guest VM Corresponding Network Offerings
+=============================================== ===============================
-Corresponding Network Offerings
A guest VM must have a default network, and can also have many
additional networks. Depending on various parameters, such as the host
@@ -680,7 +646,7 @@ network, ingress traffic will be limited to 10 Mbps and egress to 200
Mbps.
Changing the Default System Offering for System VMs
---------------------------------------------------------
+---------------------------------------------------
You can manually change the system offering for a particular System VM.
Additionally, as a CloudStack administrator, you can also change the
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/08b01f0d/source/storage.rst
----------------------------------------------------------------------
diff --git a/source/storage.rst b/source/storage.rst
index 433adc9..7185935 100644
--- a/source/storage.rst
+++ b/source/storage.rst
@@ -29,7 +29,7 @@ There is no ephemeral storage in CloudStack. All volumes on all nodes
are persistent.
Primary Storage
----------------------
+---------------
This section gives concepts and technical details about CloudStack
primary storage. For information about how to install and configure
@@ -38,7 +38,7 @@ primary storage through the CloudStack UI, see the Installation Guide.
`Section 2.6, “About Primary Storage” <#about-primary-storage>`__
Best Practices for Primary Storage
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
@@ -68,7 +68,7 @@ Best Practices for Primary Storage
Offerings).
Runtime Behavior of Primary Storage
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Root volumes are created automatically when a virtual machine is
created. Root volumes are deleted when the VM is destroyed. Data volumes
@@ -92,90 +92,23 @@ storage or from a storage system (ex. a SAN), depending on how the
primary storage was added to CloudStack).
Hypervisor Support for Primary Storage
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following table shows storage options and parameters for different
hypervisors.
-VMware vSphere
-
-Citrix XenServer
-
-KVM
-
-Hyper-V
-
-****Format for Disks, Templates, and Snapshots****
-
-VMDK
-
-VHD
-
-QCOW2
-
-VHD
-
-Snapshots are not supported.
-
-**iSCSI support**
-
-VMFS
-
-Clustered LVM
-
-Yes, via Shared Mountpoint
-
-No
-
-**Fiber Channel support**
-
-VMFS
-
-Yes, via Existing SR
-
-Yes, via Shared Mountpoint
-
-No
-
-**NFS support**
-
-Y
-
-Y
-
-Y
-
-No
-
-**Local storage support**
-
-Y
-
-Y
-
-Y
-
-Y
-
-**Storage over-provisioning**
-
-NFS and iSCSI
-
-NFS
-
-NFS
-
-No
-
-**SMB/CIFS**
-
-No
-
-No
-
-No
-
-Yes
+============================================== ================ ==================== =========================== ============================
+ VMware vSphere Citrix XenServer KVM Hyper-V
+============================================== ================ ==================== =========================== ============================
+**Format for Disks, Templates, and Snapshots** VMDK VHD QCOW2 VHD
+ Snapshots are not supported.
+**iSCSI support** VMFS Clustered LVM Yes, via Shared Mountpoint No
+**Fiber Channel support** VMFS Yes, via Existing SR Yes, via Shared Mountpoint No
+**NFS support** Yes Yes Yes No
+**Local storage support** Yes Yes Yes Yes
+**Storage over-provisioning** NFS and iSCSI NFS NFS No
+**SMB/CIFS** No No No Yes
+============================================== ================ ==================== =========================== ============================
XenServer uses a clustered LVM system to store VM images on iSCSI and
Fiber Channel volumes and does not support over-provisioning in the
@@ -208,7 +141,7 @@ could provision 1 iSCSI LUN initially and then add a second iSCSI LUN
when the first approaches capacity.
Storage Tags
-~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~
Storage may be "tagged". A tag is a text string attribute associated
with primary storage, a Disk Offering, or a Service Offering. Tags allow
@@ -229,7 +162,7 @@ if different devices are used to present those tags, the set of exposed
tags can be the same.
Maintenance Mode for Primary Storage
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Primary storage may be placed into maintenance mode. This is useful, for
example, to replace faulty RAM in a storage device. Maintenance mode for
@@ -243,7 +176,7 @@ all guests that were running at the time of the entry into maintenance
mode.
Secondary Storage
------------------------
+-----------------
This section gives concepts and technical details about CloudStack
secondary storage. For information about how to install and configure
@@ -253,7 +186,7 @@ Installation Guide.
`Section 2.7, “About Secondary Storage” <#about-secondary-storage>`__
Working With Volumes
---------------------------
+--------------------
A volume provides storage to a guest VM. The volume can provide for a
root disk or an additional data disk. CloudStack supports additional
@@ -276,10 +209,11 @@ from a volume as well; this is the standard procedure for private
template creation. Volumes are hypervisor-specific: a volume from one
hypervisor type may not be used on a guest of another hypervisor type.
-.. note:: CloudStack supports attaching up to 13 data disks to a VM on XenServer hypervisor versions 6.0 and above. For the VMs on other hypervisor types, the data disk limit is 6.
+.. note::
+ CloudStack supports attaching up to 13 data disks to a VM on XenServer hypervisor versions 6.0 and above. For the VMs on other hypervisor types, the data disk limit is 6.
Creating a New Volume
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~
You can add more data disk volumes to a guest VM at any time, up to the
limits of your storage capacity. Both CloudStack administrators and
@@ -290,7 +224,7 @@ volume. This optimization allows the CloudStack to provision the volume
nearest to the guest that will use it when the first attachment is made.
Using Local Storage for Data Volumes
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
You can create data volumes on local storage (supported with XenServer,
KVM, and VMware). The data volume is placed on the same host as the VM
@@ -315,7 +249,7 @@ If you want to put a host into maintenance mode, you must first stop any
VMs with local data volumes on that host.
To Create a New Volume
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^
#.
@@ -356,7 +290,7 @@ To Create a New Volume
To start using the volume, continue to Attaching a Volume
Uploading an Existing Volume to a Virtual Machine
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing data can be made accessible to a virtual machine. This is
called uploading a volume to the VM. For example, this is useful to
@@ -412,11 +346,13 @@ To upload a volume:
Format. Choose one of the following to indicate the disk image
format of the volume.
+ ========== =================
Hypervisor Disk Image Format
========== =================
XenServer VHD
VMware OVA
KVM QCOW2
+ ========== =================
-
@@ -425,7 +361,7 @@ To upload a volume:
chosen in Format. For example, if Format is VHD, the URL might
look like the following:
- http://yourFileServerIP/userdata/myDataDisk.vhd
+ ``http://yourFileServerIP/userdata/myDataDisk.vhd``
-
@@ -438,7 +374,7 @@ To upload a volume:
step 5, and make sure the status is Uploaded.
Attaching a Volume
-~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~
You can attach a volume to a guest VM to provide extra disk storage.
Attach a volume when you first create a new volume, when you are moving
@@ -460,7 +396,7 @@ volume from one storage pool to another.
#.
Click the volume name in the Volumes list, then click the Attach Disk
- button |AttachDiskButton.png: button to attach a volume|
+ button |AttachDiskButton.png|
#.
@@ -475,9 +411,10 @@ volume from one storage pool to another.
clicking Instances, the instance name, and View Volumes.
Detaching and Moving Volumes
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.. note:: This procedure is different from moving volumes from one storage pool to another as described in `Section 13.4.5, “VM Storage Migration” <#vm-storage-migration>`__.
+.. note::
+ This procedure is different from moving volumes from one storage pool to another as described in `Section 13.4.5, “VM Storage Migration” <#vm-storage-migration>`__.
A volume can be detached from a guest VM and attached to another guest.
Both CloudStack administrators and users can detach volumes from VMs and
@@ -500,7 +437,7 @@ may take several minutes for the volume to be moved to the new VM.
#.
Click the name of the volume you want to detach, then click the
- Detach Disk button. |DetachDiskButton.png: button to detach a volume|
+ Detach Disk button. |DetachDiskButton.png|
#.
@@ -508,11 +445,12 @@ may take several minutes for the volume to be moved to the new VM.
`Section 13.4.3, “Attaching a Volume” <#attaching-volume>`__.
VM Storage Migration
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~
Supported in XenServer, KVM, and VMware.
-.. note:: This procedure is different from moving disk volumes from one VM to another as described in `Section 13.4.4, “Detaching and Moving Volumes” <#detach-move-volumes>`__.
+.. note::
+ This procedure is different from moving disk volumes from one VM to another as described in `Section 13.4.4, “Detaching and Moving Volumes” <#detach-move-volumes>`__.
You can migrate a virtual machine’s root disk volume or any additional
data disk volume from one storage pool to another in the same zone.
@@ -532,10 +470,11 @@ another, or to migrate a VM whose disks are on local storage, or even to
migrate a VM’s disks from one storage repository to another, all while
the VM is running.
-.. note:: Because of a limitation in VMware, live migration of storage for a VM is allowed only if the source and target storage pool are accessible to the source host; that is, the host where the VM is running when the live migration operation is requested.
+.. note::
+ Because of a limitation in VMware, live migration of storage for a VM is allowed only if the source and target storage pool are accessible to the source host; that is, the host where the VM is running when the live migration operation is requested.
Migrating a Data Volume to a New Storage Pool
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
There are two situations when you might want to migrate a disk:
@@ -550,7 +489,7 @@ There are two situations when you might want to migrate a disk:
attach it to a new VM.
Migrating Storage For a Running VM
-''''''''''''''''''''''''''''''''''''''''''''''
+''''''''''''''''''''''''''''''''''
(Supported on XenServer and VMware)
@@ -575,8 +514,7 @@ Migrating Storage For a Running VM
#.
- Click the Migrate Volume button |Migrateinstance.png: button to
- migrate a volume| and choose the destination from the dropdown list.
+ Click the Migrate Volume button |Migrateinstance.png| and choose the destination from the dropdown list.
#.
@@ -584,7 +522,7 @@ Migrating Storage For a Running VM
Ready.
Migrating Storage and Attaching to a Different VM
-'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
+'''''''''''''''''''''''''''''''''''''''''''''''''
#.
@@ -593,13 +531,12 @@ Migrating Storage and Attaching to a Different VM
#.
Detach the disk from the VM. See `Section 13.4.4, “Detaching and
- Moving Volumes” <#detach-move-volumes>`__ but skip the “reattach”
+ Moving Volumes” <#detach-move-volumes>`_ but skip the “reattach”
step at the end. You will do that after migrating to new storage.
#.
- Click the Migrate Volume button |Migrateinstance.png: button to
- migrate a volume| and choose the destination from the dropdown list.
+ Click the Migrate Volume button |Migrateinstance.png| and choose the destination from the dropdown list.
#.
@@ -615,7 +552,7 @@ Migrating Storage and Attaching to a Different VM
Volume” <#attaching-volume>`__
Migrating a VM Root Volume to a New Storage Pool
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
(XenServer, VMware) You can live migrate a VM's root disk from one
storage pool to another, without stopping the VM first.
@@ -638,10 +575,10 @@ be restarted.
#.
- Click the Migrate button |Migrateinstance.png: button to migrate a VM
- or volume| and choose the destination from the dropdown list.
+ Click the Migrate button |Migrateinstance.png| and choose the destination from the dropdown list.
- .. note:: If the VM's storage has to be migrated along with the VM, this will be noted in the host list. CloudStack will take care of the storage migration for you.
+ .. note::
+ If the VM's storage has to be migrated along with the VM, this will be noted in the host list. CloudStack will take care of the storage migration for you.
#.
@@ -653,7 +590,7 @@ be restarted.
(KVM only) Restart the VM.
Resizing Volumes
-~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~
CloudStack provides the ability to resize data disks; CloudStack
controls volume size by using disk offerings. This provides CloudStack
@@ -709,15 +646,14 @@ To resize a volume:
#.
Select the volume name in the Volumes list, then click the Resize
- Volume button |resize-volume-icon.png: button to display the resize
- volume option.|
+ Volume button |resize-volume-icon.png|
#.
In the Resize Volume pop-up, choose desired characteristics for the
storage.
- |resize-volume.png: option to resize a volume.|
+ |resize-volume.png|
#.
@@ -737,7 +673,7 @@ To resize a volume:
Click OK.
Reset VM to New Root Disk on Reboot
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You can specify that you want to discard the root disk and create a new
one whenever a given VM is rebooted. This is useful for secure
@@ -753,7 +689,7 @@ upon reboot. See `Section 8.1.1, “Creating a New Compute
Offering” <#creating-compute-offerings>`__.
Volume Deletion and Garbage Collection
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The deletion of a volume does not delete the snapshots that have been
created from the volume
@@ -779,7 +715,7 @@ Administrators should adjust these values depending on site policies
around data retention.
Working with Volume Snapshots
------------------------------------
+-----------------------------
(Supported for the following hypervisors: **XenServer**, **VMware
vSphere**, and **KVM**)
@@ -809,7 +745,7 @@ A completed snapshot is copied from primary storage to secondary
storage, where it is stored until deleted or purged by newer snapshot.
How to Snapshot a Volume
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~
#.
@@ -829,10 +765,10 @@ How to Snapshot a Volume
#.
- Click the Snapshot button. |image43|
+ Click the Snapshot button. |SnapshotButton.png|
Automatic Snapshot Creation and Retention
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(Supported for the following hypervisors: **XenServer**, **VMware
vSphere**, and **KVM**)
@@ -854,7 +790,7 @@ snapshot policy. Additional manual snapshots can be created and
retained.
Incremental Snapshots and Backup
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Snapshots are created on primary storage where a disk resides. After a
snapshot is created, it is immediately backed up to secondary storage
@@ -864,22 +800,16 @@ primary storage.
CloudStack does incremental backups for some hypervisors. When
incremental backups are supported, every N backup is a full backup.
-VMware vSphere
-Citrix XenServer
++------------------------------+------------------+------------------+-----+
+| | VMware vSphere | Citrix XenServer | KVM |
++==============================+==================+==================+=====+
+| Support incremental backup | No | Yes | No |
++------------------------------+------------------+------------------+-----+
-KVM
-
-Support incremental backup
-
-N
-
-Y
-
-N
Volume Status
-~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~
When a snapshot operation is triggered by means of a recurring snapshot
policy, a snapshot is skipped if a volume has remained inactive since
@@ -892,7 +822,7 @@ When a snapshot is taken manually, a snapshot is always created
regardless of whether a volume has been active or not.
Snapshot Restore
-~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~
There are two paths to restoring snapshots. Users can create a volume
from the snapshot. The volume can then be mounted to a VM and files
@@ -901,7 +831,7 @@ snapshot of a root disk. The user can then boot a VM from this template
to effect recovery of the root disk.
Snapshot Job Throttling
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~
When a snapshot of a virtual machine is requested, the snapshot job runs
on the same host where the VM is running or, in the case of a stopped
@@ -930,7 +860,7 @@ a snapshot request will wait in the queue. If this limit is reached, the
snapshot request fails and returns an error message.
VMware Volume Snapshot Performance
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When you take a snapshot of a data or root volume on VMware, CloudStack
uses an efficient storage technique to improve performance.
@@ -943,5 +873,19 @@ needed, on demand. To generate the OVA, CloudStack uses information in a
properties file (\*.ova.meta) which it stored along with the original
snapshot data.
-.. note:: For upgrading customers: This process applies only to newly created snapshots after upgrade to CloudStack 4.2. Snapshots that have already been taken and stored in OVA format will continue to exist in that format, and will continue to work as expected.
-
+.. note::
+ For upgrading customers: This process applies only to newly created snapshots after upgrade to CloudStack 4.2. Snapshots that have already been taken and stored in OVA format will continue to exist in that format, and will continue to work as expected.
+
+
+.. |AttachDiskButton.png| image:: _static/images/attach-disk-icon.png
+ :alt: Attach Disk Button.
+.. |resize-volume-icon.png| image:: _static/images/resize-volume-icon.png
+ :alt: button to display the resize volume option.
+.. |resize-volume.png| image:: _static/images/resize-volume.png
+ :alt: option to resize a volume.
+.. |SnapshotButton.png| image:: _static/images/SnapshotButton.png
+ :alt: Snapshot Button.
+.. |DetachDiskButton.png| image:: _static/images/detach-disk-icon.png
+ :alt: Detach Disk Button.
+.. |Migrateinstance.png| image:: _static/images/migrate-instance.png
+ :alt: button to migrate a volume.
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/08b01f0d/source/systemvm.rst
----------------------------------------------------------------------
diff --git a/source/systemvm.rst b/source/systemvm.rst
index bd4f41b..481437b 100644
--- a/source/systemvm.rst
+++ b/source/systemvm.rst
@@ -24,7 +24,7 @@ needs. However, the administrator should be aware of them and their
roles to assist in debugging issues.
The System VM Template
-----------------------------
+----------------------
The System VMs come from a single template. The System VM has the
following characteristics:
@@ -63,7 +63,7 @@ following characteristics:
speed
Changing the Default System VM Template
----------------------------------------------
+---------------------------------------
CloudStack allows you to change the default 32-bit System VM template to
64-bit one. Using the 64-bit template, upgrade the virtual router to
@@ -74,10 +74,12 @@ manage larger number of connection in your network.
Based on the hypervisor you use, download the 64-bit template from
the following location:
+ ========== ================================================================================================
Hypervisor Download Location
- ========== ===============================================================================================
+ ========== ================================================================================================
XenServer http://download.cloud.com/templates/4.2/64bit/systemvmtemplate64-2013-07-15-master-xen.vhd.bz2
KVM http://download.cloud.com/templates/4.2/64bit/systemvmtemplate64-2013-07-15-master-kvm.qcow2.bz2
+ ========== ================================================================================================
#.
@@ -126,7 +128,7 @@ System VMs and performs dynamic load balancing and scaling-up of more
System VMs.
Console Proxy
--------------------
+-------------
The Console Proxy is a type of System Virtual Machine that has a role in
presenting a console view via the web UI. It connects the user’s browser
@@ -141,7 +143,8 @@ The AJAX application connects to this IP. The console proxy then proxies
the connection to the VNC port for the requested VM on the Host hosting
the guest.
-.. note:: The hypervisors will have many ports assigned to VNC usage so that multiple VNC sessions can occur simultaneously.
+.. note::
+ The hypervisors will have many ports assigned to VNC usage so that multiple VNC sessions can occur simultaneously.
There is never any traffic to the guest virtual IP, and there is no need
to enable VNC within the guest.
@@ -162,7 +165,7 @@ Console proxies can be restarted by administrators but this will
interrupt existing console sessions for users.
Using a SSL Certificate for the Console Proxy
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The console viewing functionality uses a dynamic DNS service under the
domain name ``realhostip.com`` to assist in providing SSL security to
@@ -181,7 +184,7 @@ IP, where it then expects and receives a SSL certificate for
realhostip.com, and SSL is set up without browser warnings.
Changing the Console Proxy SSL Certificate and Domain
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If the administrator prefers, it is possible for the URL of the
customer's console session to show a domain other than realhostip.com.
@@ -261,7 +264,7 @@ the console proxy domain, SSL certificate, and private key:
The desired new domain name; for example, company.com
- .. |updatessl.png: Updating Console Proxy SSL Certificate|
+ .. |updatessl.png|
#.
@@ -277,7 +280,7 @@ requests will be served with the new DNS domain name, certificate, and
key.
Virtual Router
---------------------
+--------------
The virtual router is a type of System Virtual Machine. The virtual
router is one of the most frequently used service providers in
@@ -294,7 +297,7 @@ virtual router from a guest VM. Some of the characteristics of the
virtual router are determined by its associated system service offering.
Configuring the Virtual Router
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You can set the following:
@@ -323,7 +326,7 @@ You can set the following:
gather network usage statistics, set it to 0.
Upgrading a Virtual Router with System Service Offerings
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When CloudStack creates a virtual router, it uses default settings which
are defined in a default system service offering. See `Section 8.2,
@@ -355,7 +358,7 @@ creating and applying a custom system service offering.
on a Guest Network” <#change-network-offering-on-guest-network>`__.
Best Practices for Virtual Routers
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
@@ -365,7 +368,8 @@ Best Practices for Virtual Routers
-
- .. warning:: Do not use the destroyRouter API when only one router is available in the network, because restartNetwork API with the cleanup=false parameter can't recreate it later. If you want to destroy and recreate the single router available in the network, use the restartNetwork API with the cleanup=true parameter.
+ .. warning::
+ Do not use the destroyRouter API when only one router is available in the network, because restartNetwork API with the cleanup=false parameter can't recreate it later. If you want to destroy and recreate the single router available in the network, use the restartNetwork API with the cleanup=true parameter.
Service Monitoring Tool for Virtual Router
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -386,7 +390,8 @@ an unexpected reason. For example:
The services that are terminated by the OS when memory or CPU is not
sufficiently available for the service.
-.. note:: Only those services with daemons are monitored. The services that are failed due to errors in the service/daemon configuration file cannot be restarted by the Monitoring tool. VPC networks are not supported.
+.. note::
+ Only those services with daemons are monitored. The services that are failed due to errors in the service/daemon configuration file cannot be restarted by the Monitoring tool. VPC networks are not supported.
The following services are monitored in a VR:
@@ -422,7 +427,7 @@ This feature is supported on the following hypervisors: XenServer,
VMware, and KVM.
Enhanced Upgrade for Virtual Routers
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Upgrading VR is made flexible. The CloudStack administrators will be
able to control the sequence of the VR upgrades. The sequencing is based
@@ -596,15 +601,14 @@ Upgrading Virtual Routers
#.
- Click the Upgrade button to upgrade all the VRs. |vr-upgrade.png:
- Button to upgrade VR to use the new template.|
+ Click the Upgrade button to upgrade all the VRs. |vr-upgrade.png|
#.
Click OK to confirm.
Secondary Storage VM
----------------------
+--------------------
In addition to the hosts, CloudStack’s Secondary Storage VM mounts and
writes to secondary storage.
@@ -619,3 +623,7 @@ Zone, copying templates between Zones, and snapshot backups.
The administrator can log in to the secondary storage VM if needed.
+.. |updatessl.png| image:: _static/images/updatessl.png
+ :alt: Updating Console Proxy SSL Certificate
+.. |vr-upgrade.png| image:: _static/images/vr-upgrade.png
+ :alt: Button to upgrade VR to use the new template.
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/08b01f0d/source/templates.rst
----------------------------------------------------------------------
diff --git a/source/templates.rst b/source/templates.rst
index c2da0d5..72302e8 100644
--- a/source/templates.rst
+++ b/source/templates.rst
@@ -31,7 +31,7 @@ choices to users, CloudStack administrators and users can create
templates and add them to CloudStack.
Creating Templates: Overview
-----------------------------------
+----------------------------
CloudStack ships with a default template for the CentOS operating
system. There are a variety of ways to add more templates.
@@ -59,7 +59,7 @@ The various techniques for creating templates are described in the next
few sections.
Requirements for Templates
---------------------------------
+--------------------------
-
@@ -72,14 +72,14 @@ Requirements for Templates
This will enable console view to work properly.
Best Practices for Templates
-----------------------------------
+----------------------------
If you plan to use large templates (100 GB or larger), be sure you have
a 10-gigabit network to support the large templates. A slower network
can lead to timeouts and other errors when large templates are used.
The Default Template
---------------------------
+--------------------
CloudStack includes a CentOS template. This template is downloaded by
the Secondary Storage VM after the primary and secondary storage are
@@ -124,7 +124,7 @@ block most access to the template excluding ssh.
REJECT all -- anywhere anywhere reject-with icmp-host-
Private and Public Templates
-----------------------------------
+----------------------------
When a user creates a template, it can be designated private or public.
@@ -142,7 +142,7 @@ to that Zone. If a public template is created in a public Zone, it is
available to all users in all domains.
Creating a Template from an Existing Virtual Machine
-----------------------------------------------------------
+----------------------------------------------------
Once you have at least one VM set up in the way you want, you can use it
as the prototype for other VMs.
@@ -191,7 +191,8 @@ as the prototype for other VMs.
PV (32-bit) or Other PV (64-bit). This choice is available only
for XenServere:
- .. note:: Generally you should not choose an older version of the OS than the version in the image. For example, choosing CentOS 5.4 to support a CentOS 6.2 image will in general not work. In those cases you should choose Other.
+ .. note::
+ Generally you should not choose an older version of the OS than the version in the image. For example, choosing CentOS 5.4 to support a CentOS 6.2 image will in general not work. In those cases you should choose Other.
-
@@ -216,7 +217,7 @@ template creation process has been completed. The template is then
available when creating a new VM.
Creating a Template from a Snapshot
------------------------------------------
+-----------------------------------
If you do not want to stop the VM in order to use the Create Template
menu item (as described in `Section 12.6, “Creating a Template from an
@@ -225,7 +226,7 @@ can create a template directly from any snapshot through the CloudStack
UI.
Uploading Templates
--------------------------
+-------------------
vSphere Templates and ISOs
--------------------------
@@ -260,7 +261,7 @@ To upload a template:
-
**URL**. The Management Server will download the file from the
- specified URL, such as http://my.web.server/filename.vhd.gz.
+ specified URL, such as ``http://my.web.server/filename.vhd.gz``.
-
@@ -282,7 +283,8 @@ To upload a template:
If the OS type of the stopped VM is not listed, choose Other.
- .. note:: You should not choose an older version of the OS than the version in the image. For example, choosing CentOS 5.4 to support a CentOS 6.2 image will in general not work. In those cases you should choose Other.
+ .. note::
+ You should not choose an older version of the OS than the version in the image. For example, choosing CentOS 5.4 to support a CentOS 6.2 image will in general not work. In those cases you should choose Other.
-
@@ -321,14 +323,14 @@ To upload a template:
template Featured.
Exporting Templates
--------------------------
+-------------------
End users and Administrators may export templates from the CloudStack.
Navigate to the template in the UI and choose the Download function from
the Actions menu.
Creating a Linux Template
---------------------------------
+-------------------------
Linux templates should be prepared using this documentation in order to
prepare your linux VMs for template deployment. For ease of
@@ -365,7 +367,7 @@ An overview of the procedure is as follow:
Existing Virtual Machine” <#create-template-from-existing-vm>`__.
System preparation for Linux
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following steps will prepare a basic Linux installation for
templating.
@@ -379,10 +381,11 @@ templating.
unique to a machine. It is recommended that the name of "localhost"
is used for installation.
- .. warning:: For CentOS, it is necessary to take unique identification out of the
- interface configuration file, for this edit
- /etc/sysconfig/network-scripts/ifcfg-eth0 and change the content to
- the following.
+ .. warning::
+ For CentOS, it is necessary to take unique identification out of the
+ interface configuration file, for this edit
+ /etc/sysconfig/network-scripts/ifcfg-eth0 and change the content to
+ the following.
.. code:: bash
@@ -419,7 +422,8 @@ templating.
**Password management**
- .. note:: If preferred, custom users (such as ones created during the Ubuntu installation) should be removed. First ensure the root user account is enabled by giving it a password and then login as root to continue.
+ .. note::
+ If preferred, custom users (such as ones created during the Ubuntu installation) should be removed. First ensure the root user account is enabled by giving it a password and then login as root to continue.
.. code:: bash
@@ -465,32 +469,33 @@ templating.
.. code:: bash
- #!/bin/sh
- # dhclient change hostname script for Ubuntu
- oldhostname=$(hostname -s)
- if [ $oldhostname = 'localhost' ]
- then
- sleep 10 # Wait for configuration to be written to disk
- hostname=$(cat /var/lib/dhcp/dhclient.eth0.leases | awk ' /host-name/ { host = $3 } END { printf host } ' | sed 's/[";]//g' )
- fqdn="$hostname.$(cat /var/lib/dhcp/dhclient.eth0.leases | awk ' /domain-name/ { domain = $3 } END { printf domain } ' | sed 's/[";]//g')"
- ip=$(cat /var/lib/dhcp/dhclient.eth0.leases | awk ' /fixed-address/ { lease = $2 } END { printf lease } ' | sed 's/[";]//g')
- echo "cloudstack-hostname: Hostname _localhost_ detected. Changing hostname and adding hosts."
- echo " Hostname: $hostname \n FQDN: $fqdn \n IP: $ip"
- # Update /etc/hosts
- awk -v i="$ip" -v f="$fqdn" -v h="$hostname" "/^127/{x=1} !/^127/ && x { x=0; print i,f,h; } { print $0; }" /etc/hosts > /etc/hosts.dhcp.tmp
- mv /etc/hosts /etc/hosts.dhcp.bak
- mv /etc/hosts.dhcp.tmp /etc/hosts
- # Rename Host
- echo $hostname > /etc/hostname
- hostname $hostname
- # Recreate SSH2
- dpkg-reconfig openssh-server
- fi
- ### End of Script ###
-
- chmod 774 /etc/dhcp/dhclient-exit-hooks.d/sethostname
-
- .. warning:: The following steps should be run when you are ready to template your Template Master. If the Template Master is rebooted during these steps you will have to run all the steps again. At the end of this process the Template Master should be shutdown and the template created in order to create and deploy the final template.
+ #!/bin/sh
+ # dhclient change hostname script for Ubuntu
+ oldhostname=$(hostname -s)
+ if [ $oldhostname = 'localhost' ]
+ then
+ sleep 10 # Wait for configuration to be written to disk
+ hostname=$(cat /var/lib/dhcp/dhclient.eth0.leases | awk ' /host-name/ { host = $3 } END { printf host } ' | sed 's/[";]//g' )
+ fqdn="$hostname.$(cat /var/lib/dhcp/dhclient.eth0.leases | awk ' /domain-name/ { domain = $3 } END { printf domain } ' | sed 's/[";]//g')"
+ ip=$(cat /var/lib/dhcp/dhclient.eth0.leases | awk ' /fixed-address/ { lease = $2 } END { printf lease } ' | sed 's/[";]//g')
+ echo "cloudstack-hostname: Hostname _localhost_ detected. Changing hostname and adding hosts."
+ echo " Hostname: $hostname \n FQDN: $fqdn \n IP: $ip"
+ # Update /etc/hosts
+ awk -v i="$ip" -v f="$fqdn" -v h="$hostname" "/^127/{x=1} !/^127/ && x { x=0; print i,f,h; } { print $0; }" /etc/ hosts > /etc/hosts.dhcp.tmp
+ mv /etc/hosts /etc/hosts.dhcp.bak
+ mv /etc/hosts.dhcp.tmp /etc/hosts
+ # Rename Host
+ echo $hostname > /etc/hostname
+ hostname $hostname
+ # Recreate SSH2
+ dpkg-reconfig openssh-server
+ fi
+ ### End of Script ###
+
+ chmod 774 /etc/dhcp/dhclient-exit-hooks.d/sethostname
+
+ .. warning::
+ The following steps should be run when you are ready to template your Template Master. If the Template Master is rebooted during these steps you will have to run all the steps again. At the end of this process the Template Master should be shutdown and the template created in order to create and deploy the final template.
#.
@@ -607,7 +612,8 @@ Windows templates must be prepared with Sysprep before they can be
provisioned on multiple machines. Sysprep allows you to create a generic
Windows template and avoid any possible SID conflicts.
-.. note:: (XenServer) Windows VMs running on XenServer require PV drivers, which may be provided in the template or added after the VM is created. The PV drivers are necessary for essential management functions such as mounting additional volumes and ISO images, live migration, and graceful shutdown.
+.. note::
+ (XenServer) Windows VMs running on XenServer require PV drivers, which may be provided in the template or added after the VM is created. The PV drivers are necessary for essential management functions such as mounting additional volumes and ISO images, live migration, and graceful shutdown.
An overview of the procedure is as follows:
@@ -637,7 +643,7 @@ An overview of the procedure is as follows:
template as described in Creating the Windows Template.
System Preparation for Windows Server 2008 R2
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For Windows 2008 R2, you run Windows System Image Manager to create a
custom sysprep response XML file. Windows System Image Manager is
@@ -647,7 +653,8 @@ Center <http://www.microsoft.com/en-us/download/details.aspx?id=9085>`__.
Use the following steps to run sysprep for Windows 2008 R2:
-.. note:: The steps outlined here are derived from the excellent guide by Charity Shelbourne, originally published at `Windows Server 2008 Sysprep Mini-Setup. <http://blogs.technet.com/askcore/archive/2008/10/31/automating-the-oobe-process-during-windows-server-2008-sysprep-mini-setup.aspx>`__
+.. note::
+ The steps outlined here are derived from the excellent guide by Charity Shelbourne, originally published at `Windows Server 2008 Sysprep Mini-Setup. <http://blogs.technet.com/askcore/archive/2008/10/31/automating-the-oobe-process-during-windows-server-2008-sysprep-mini-setup.aspx>`__
#.
@@ -702,7 +709,7 @@ Use the following steps to run sysprep for Windows 2008 R2:
more information, including examples on the setting you are
attempting to configure.
- |sysmanager.png: System Image Manager|
+ |sysmanager.png|
#.
@@ -712,7 +719,7 @@ Use the following steps to run sysprep for Windows 2008 R2:
High-light the OOBE setting, and add the setting to the Pass 7
oobeSystem. In Settings, set HideEULAPage true.
- |software-license.png: Depicts hiding the EULA page.|
+ |software-license.png|
#.
@@ -732,8 +739,7 @@ Use the following steps to run sysprep for Windows 2008 R2:
oobeSystem configuration pass of your answer file. Under Settings,
specify a password next to Value.
- |change-admin-password.png: Depicts changing the administrator
- password|
+ |change-admin-password.png|
You may read the AIK documentation and set many more options that
suit your deployment. The steps above are the minimum needed to
@@ -764,7 +770,7 @@ Use the following steps to run sysprep for Windows 2008 R2:
complete.
System Preparation for Windows Server 2003 R2
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Earlier versions of Windows have a different sysprep tool. Follow these
steps for Windows Server 2003 R2.
@@ -874,7 +880,7 @@ steps for Windows Server 2003 R2.
After this step the machine will automatically shut down
Importing Amazon Machine Images
---------------------------------------
+-------------------------------
The following procedures describe how to import an Amazon Machine Image
(AMI) into CloudStack when using the XenServer hypervisor.
@@ -887,7 +893,8 @@ You need to have a XenServer host with a file-based storage repository
(either a local ext3 SR or an NFS SR) to convert to a VHD once the image
file has been customized on the Centos/Fedora host.
-.. note:: When copying and pasting a command, be sure the command has pasted as a single line before executing. Some document viewers may introduce unwanted line breaks in copied text.
+.. note::
+ When copying and pasting a command, be sure the command has pasted as a single line before executing. Some document viewers may introduce unwanted line breaks in copied text.
To import an AMI:
@@ -1083,7 +1090,7 @@ To import an AMI:
[root@xenhost a9c5b8c8-536b-a193-a6dc-51af3e5ff799]# scp CentOS_6.2_x64.vhd.bz2 webserver:/var/www/html/templates/
Converting a Hyper-V VM to a Template
---------------------------------------------
+-------------------------------------
To convert a Hyper-V VM to a XenServer-compatible CloudStack template,
you will need a standalone XenServer host with an attached NFS VHD SR.
@@ -1214,7 +1221,7 @@ distribution.
The template will be created, and you can create instances from it.
Adding Password Management to Your Templates
----------------------------------------------------
+--------------------------------------------
CloudStack provides an optional password reset feature that allows users
to set a temporary admin or root password as well as reset the existing
@@ -1238,7 +1245,7 @@ If the script is unable to contact the virtual router during instance
boot it will not set the password but boot will continue normally.
Linux OS Installation
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~
Use the following steps to begin the Linux OS installation:
@@ -1248,7 +1255,7 @@ Use the following steps to begin the Linux OS installation:
-
- `http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in <http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in>`__
+ `http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in <http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in>`_
#.
@@ -1276,14 +1283,14 @@ Use the following steps to begin the Linux OS installation:
chkconfig --add cloud-set-guest-password
Windows OS Installation
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~
Download the installer, CloudInstanceManager.msi, from the `Download
page <http://sourceforge.net/projects/cloudstack/files/Password%20Management%20Scripts/CloudInstanceManager.msi/download>`__
and run the installer in the newly created Windows VM.
Deleting Templates
--------------------------
+------------------
Templates may be deleted. In general, when a template spans multiple
Zones, only the copy that is selected for deletion will be deleted; the
@@ -1295,3 +1302,9 @@ When templates are deleted, the VMs instantiated from them will continue
to run. However, new VMs cannot be created based on the deleted
template.
+.. |sysmanager.png| image:: _static/images/sysmanager.png
+ :alt: System Image Manager
+.. |software-license.png| image:: _static/images/software-license.png
+ :alt: Depicts hiding the EULA page.
+.. |change-admin-password.png| image:: _static/images/change-admin-password.png
+ :alt: Depicts changing the administrator password
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/08b01f0d/source/tuning.rst
----------------------------------------------------------------------
diff --git a/source/tuning.rst b/source/tuning.rst
index 759fe17..2d2261f 100644
--- a/source/tuning.rst
+++ b/source/tuning.rst
@@ -21,7 +21,7 @@ This section provides tips on how to improve the performance of your
cloud.
Performance Monitoring
-----------------------------
+----------------------
Host and guest performance monitoring is available to end users and
administrators. This allows the user to monitor their utilization of
@@ -29,7 +29,7 @@ resources and determine when it is appropriate to choose a more powerful
service offering or larger disk.
Increase Management Server Maximum Memory
------------------------------------------------
+-----------------------------------------
If the Management Server is subject to high demand, the default maximum
JVM memory allocation can be insufficient. To increase the memory:
@@ -58,7 +58,7 @@ JVM memory allocation can be insufficient. To increase the memory:
# service cloudstack-management restart
For more information about memory issues, see "FAQ: Memory" at `Tomcat
-Wiki. <http://wiki.apache.org/tomcat/FAQ/Memory>`__
+Wiki. <http://wiki.apache.org/tomcat/FAQ/Memory>`_
Set Database Buffer Pool Size
-----------------------------
@@ -100,7 +100,7 @@ at `MySQL Reference
Manual <http://dev.mysql.com/doc/refman/5.5/en/innodb-buffer-pool.html>`__.
Set and Monitor Total VM Limits per Host
-----------------------------------------------
+----------------------------------------
The CloudStack administrator should monitor the total number of VM
instances in each cluster, and disable allocation to the cluster if the
@@ -120,7 +120,7 @@ this number of VMs, use the CloudStack UI to disable allocation of more
VMs to the cluster.
Configure XenServer dom0 Memory
--------------------------------------
+-------------------------------
Configure the XenServer dom0 settings to allocate more memory to dom0.
This can enable XenServer to handle larger numbers of virtual machines.
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/08b01f0d/source/ui.rst
----------------------------------------------------------------------
diff --git a/source/ui.rst b/source/ui.rst
index 49354db..a2fffff 100644
--- a/source/ui.rst
+++ b/source/ui.rst
@@ -181,8 +181,7 @@ new, unique value.
#.
- Click the Change Password button. |change-password.png: button to
- change a user's password|
+ Click the Change Password button. |change-password.png|
#.
@@ -259,7 +258,8 @@ call to the cloudstack api.
For example, make a call from the cloudstack server to create a SSH
keypair called "keypair-doc" for the admin account in the root domain:
-.. note:: Ensure that you adjust these values to meet your needs. If you are making the API call from a different server, your URL/PORT will be different, and you will need to use the API keys.
+.. note::
+ Ensure that you adjust these values to meet your needs. If you are making the API call from a different server, your URL/PORT will be different, and you will need to use the API keys.
#.
@@ -355,4 +355,7 @@ With the API command resetSSHKeyForVirtualMachine, a user can set or
reset the SSH keypair assigned to a virtual machine. A lost or
compromised SSH keypair can be changed, and the user can access the VM
by using the new keypair. Just create or register a new keypair, then
-call resetSSHKeyForVirtualMachine.
\ No newline at end of file
+call resetSSHKeyForVirtualMachine.
+
+.. |change-password.png| image:: _static/images/change-password.png
+ :alt: button to change a user's password
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/08b01f0d/source/usage.rst
----------------------------------------------------------------------
diff --git a/source/usage.rst b/source/usage.rst
index ed27b86..f860e7a 100644
--- a/source/usage.rst
+++ b/source/usage.rst
@@ -30,7 +30,7 @@ The Usage Server runs at least once per day. It can be configured to run
multiple times per day.
Configuring the Usage Server
-----------------------------------
+----------------------------
To configure the usage server:
@@ -173,13 +173,14 @@ With this configuration, the Usage job will run every night at 2 AM EST
and will process records for the previous day’s midnight-midnight as
defined by the EST (America/New\_York) time zone.
-.. note:: Because the special value 1440 has been used for
-usage.stats.job.aggregation.range, the Usage Server will ignore the data
-between midnight and 2 AM. That data will be included in the next day's
-run.
+.. note::
+ Because the special value 1440 has been used for
+ usage.stats.job.aggregation.range, the Usage Server will ignore the data
+ between midnight and 2 AM. That data will be included in the next day's
+ run.
Setting Usage Limits
---------------------------
+--------------------
CloudStack provides several administrator control points for capping
resource usage by users. Some of these limits are global configuration
@@ -313,7 +314,7 @@ Maximum secondary storage space that can be used for an account.
Default is 400.
User Permission
-~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~
The root administrator, domain administrators and users are able to list
resources. Ensure that proper logs are maintained in the ``vmops.log``
@@ -336,7 +337,7 @@ and ``api.log`` files.
listResourceLimits API.
Limit Usage Considerations
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~
-
@@ -385,7 +386,7 @@ Limit Usage Considerations
any more instances because the CPU limit has been exhausted.
Limiting Resource Usage in a Domain
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CloudStack allows the configuration of limits on a domain basis. With a
domain limit in place, all users still have their account limits. They
@@ -415,7 +416,7 @@ To set a domain limit:
#.
- Click the Edit button |editbutton.png: edits the settings.|
+ Click the Edit button |editbutton.png|
#.
@@ -470,7 +471,7 @@ To set a domain limit:
Click Apply.
Default Account Resource Limits
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You can limit resource use by accounts. The default limits are set by
using Global configuration parameters, and they affect all accounts
@@ -497,7 +498,7 @@ resource limit.
#.
- Click the Edit button. |editbutton.png: edits the settings|
+ Click the Edit button. |editbutton.png|
#.
@@ -1204,3 +1205,6 @@ aggregation period. The start date in the usage record will show the
date and time of the earliest event. For other types of usage, such as
IP addresses and VMs, the old unprocessed data is not included in daily
aggregation.
+
+.. |editbutton.png| image:: _static/images/edit-icon.png
+ :alt: edits the settings.
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/08b01f0d/source/virtual_machines.rst
----------------------------------------------------------------------
diff --git a/source/virtual_machines.rst b/source/virtual_machines.rst
index 37a2863..964526b 100644
--- a/source/virtual_machines.rst
+++ b/source/virtual_machines.rst
@@ -18,7 +18,7 @@ Working with Virtual Machines
=============================
About Working with Virtual Machines
------------------------------------------
+-----------------------------------
CloudStack provides administrators with complete control over the
lifecycle of all guest VMs executing in the cloud. CloudStack provides
@@ -46,7 +46,8 @@ names can be controlled by the user:
Name – host name that the DHCP server assigns to the VM. Can be set
by the user. Defaults to instance name
-.. note:: You can append the display name of a guest VM to its internal name. For more information, see `Section 10.10, “Appending a Display Name to the Guest VM’s Internal Name” <#append-displayname-vms>`__.
+.. note::
+ You can append the display name of a guest VM to its internal name. For more information, see `Section 10.10, “Appending a Display Name to the Guest VM’s Internal Name” <#append-displayname-vms>`__.
Guest VMs can be configured to be Highly Available (HA). An HA-enabled
VM is monitored by the system. If the system detects that the VM is
@@ -74,12 +75,12 @@ CloudStack will restart it. To shut down an HA-enabled VM, you must go
through the CloudStack UI or API.
Best Practices for Virtual Machines
------------------------------------------
+-----------------------------------
For VMs to work as expected and provide excellent service, follow these guidelines.
Monitor VMs for Max Capacity
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The CloudStack administrator should monitor the total number of VM
instances in each cluster, and disable allocation to the cluster if the
@@ -99,7 +100,7 @@ this number of VMs, use the CloudStack UI to disable allocation of more
VMs to the cluster.
Install Required Tools and Drivers
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Be sure the following are installed on each VM:
@@ -138,11 +139,11 @@ following techniques:
virtual machine, stop and start the VM.
VM Lifecycle
-------------------
+------------
Virtual machines can be in the following states:
-|basic-deployment.png: Basic two-machine CloudStack deployment|
+|basic-deployment.png|
Once a virtual machine is destroyed, it cannot be recovered. All the
resources used by the virtual machine will be reclaimed by the system.
@@ -171,14 +172,15 @@ The system will start the virtual machine from the down state
automatically if the virtual machine is marked as HA-enabled.
Creating VMs
-------------------
+------------
Virtual machines are usually created from a template. Users can also
create blank virtual machines. A blank virtual machine is a virtual
machine without an OS template. Users can attach an ISO file and install
the OS from the CD/DVD-ROM.
-.. note:: You can create a VM without starting it. You can determine whether the VM needs to be started as part of the VM deployment. A request parameter, startVM, in the deployVm API provides this feature. For more information, see the Developer's Guide.
+.. note::
+ You can create a VM without starting it. You can determine whether the VM needs to be started as part of the VM deployment. A request parameter, startVM, in the deployVm API provides this feature. For more information, see the Developer's Guide.
To create a VM from a template:
@@ -213,11 +215,13 @@ To create a VM from a template:
Click Submit and your VM will be created and started.
- .. note:: For security reason, the internal name of the VM is visible only to the root admin.
+ .. note::
+ For security reason, the internal name of the VM is visible only to the root admin.
To create a VM from an ISO:
-.. note:: (XenServer) Windows VMs running on XenServer require PV drivers, which may be provided in the template or added after the VM is created. The PV drivers are necessary for essential management functions such as mounting additional volumes and ISO images, live migration, and graceful shutdown.
+.. note::
+ (XenServer) Windows VMs running on XenServer require PV drivers, which may be provided in the template or added after the VM is created. The PV drivers are necessary for essential management functions such as mounting additional volumes and ISO images, live migration, and graceful shutdown.
#.
@@ -244,7 +248,7 @@ To create a VM from an ISO:
Click Submit and your VM will be created and started.
Accessing VMs
--------------------
+-------------
Any user can access their own virtual machines. The administrator can
access all VMs running in the cloud.
@@ -261,7 +265,7 @@ To access a VM through the CloudStack UI:
#.
- Click the View Console button |image20|.
+ Click the View Console button |console-icon.png|.
To access a VM directly over the network:
@@ -289,14 +293,14 @@ To access a VM directly over the network:
Forwarding and Firewalling” <#ip-forwarding-firewalling>`__.
Stopping and Starting VMs
--------------------------------
+-------------------------
Once a VM instance is created, you can stop, restart, or delete it as
needed. In the CloudStack UI, click Instances, select the VM, and use
the Stop, Start, Reboot, and Destroy buttons.
Assigning VMs to Hosts
-----------------------------
+----------------------
At any point in time, each virtual machine instance is running on a
single host. How does CloudStack determine which host to place a VM on?
@@ -353,7 +357,7 @@ There are several ways:
administrator desires.
Affinity Groups
-~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~
By defining affinity groups and assigning VMs to them, the user or
administrator can influence (but not dictate) which VMs should run on
@@ -435,8 +439,8 @@ To assign an existing VM to an affinity group:
#.
- Click the Change Affinity button. |change-affinity-button.png: button
- to assign an affinity group to a virtual machine|
+ Click the Change Affinity button. |change-affinity-button.png|
+
View Members of an Affinity Group
'''''''''''''''''''''''''''''''''
@@ -482,7 +486,7 @@ To delete an affinity group:
group.
Virtual Machine Snapshots
--------------------------------
+-------------------------
(Supported on VMware and XenServer)
@@ -585,7 +589,7 @@ To create a VM snapshot using the CloudStack UI:
#.
- Click the Take VM Snapshot button. |image22|
+ Click the Take VM Snapshot button. |VMSnapshotButton.png|
.. note:: If a snapshot is already in progress, then clicking this button will have no effect.
@@ -638,14 +642,14 @@ snapshot:
Depending on what you want to do:
- To delete the snapshot, click the Delete button. |image23|
+ To delete the snapshot, click the Delete button. |delete-button.png|
- To revert to the snapshot, click the Revert button. |image24|
+ To revert to the snapshot, click the Revert button. |revert-vm.png|
.. note:: VM snapshots are deleted automatically when a VM is destroyed. You don't have to manually delete the snapshots in this case.
Changing the VM Name, OS, or Group
-----------------------------------------
+----------------------------------
After a VM is created, you can modify the display name, operating
system, and the group it belongs to.
@@ -666,12 +670,11 @@ To access a VM through the CloudStack UI:
#.
- Click the Stop button to stop the VM. |StopButton.png: button to stop
- a VM|
+ Click the Stop button to stop the VM. |StopButton.png|
#.
- Click Edit. |EditButton.png: button to edit the properties of a VM|
+ Click Edit. |EditButton.png|
#.
@@ -695,7 +698,7 @@ To access a VM through the CloudStack UI:
Click Apply.
Appending a Display Name to the Guest VM’s Internal Name
----------------------------------------------------------------
+--------------------------------------------------------
Every guest VM has an internal name. The host uses the internal name to
identify the guest VMs. CloudStack gives you an option to provide a
@@ -717,58 +720,18 @@ names easier in large data center deployments.
The following table explains how a VM name is displayed in different
scenarios.
-User-Provided Display Name
-
-vm.instancename.flag
-
-Hostname on the VM
-
-Name on vCenter
-
-Internal Name
-
-Yes
-
-True
-
-Display name
-
-i-<user\_id>-<vm\_id>-displayName
-
-i-<user\_id>-<vm\_id>-displayName
-
-No
-
-True
+============================= ======================= ==================== ===================================== ==========================
+User-Provided Display Name vm.instancename.flag Hostname on the VM Name on vCenter Internal Name
+============================= ======================= ==================== ===================================== ==========================
+Yes True Display name i-<user\_id>-<vm\_id>-displayName i-<user\_id>-<vm\_id>-displayName
+No True UUID i-<user\_id>-<vm\_id>-<instance.name> i-<user\_id>-<vm\_id>-<instance.name>
+Yes False Display name i-<user\_id>-<vm\_id>-<instance.name> i-<user\_id>-<vm\_id>-<instance.name>
+No False UUID i-<user\_id>-<vm\_id>-<instance.name> i-<user\_id>-<vm\_id>-<instance.name>
+============================= ======================= ==================== ===================================== ==========================
-UUID
-
-i-<user\_id>-<vm\_id>-<instance.name>
-
-i-<user\_id>-<vm\_id>-<instance.name>
-
-Yes
-
-False
-
-Display name
-
-i-<user\_id>-<vm\_id>-<instance.name>
-
-i-<user\_id>-<vm\_id>-<instance.name>
-
-No
-
-False
-
-UUID
-
-i-<user\_id>-<vm\_id>-<instance.name>
-
-i-<user\_id>-<vm\_id>-<instance.name>
Changing the Service Offering for a VM
----------------------------------------------
+--------------------------------------
To upgrade or downgrade the level of compute resources available to a
virtual machine, you can change the VM's compute offering.
@@ -791,13 +754,11 @@ virtual machine, you can change the VM's compute offering.
`Section 10.11.1, “CPU and Memory Scaling for Running
VMs” <#change-cpu-ram-for-vm>`__.)
- Click the Stop button to stop the VM. |StopButton.png: button to stop
- a VM|
+ Click the Stop button to stop the VM. |StopButton.png|
#.
- Click the Change Service button. |ChangeServiceButton.png: button to
- change the service of a VM|
+ Click the Change Service button. |ChangeServiceButton.png|
The Change service dialog box is displayed.
@@ -810,7 +771,7 @@ virtual machine, you can change the VM's compute offering.
Click OK.
CPU and Memory Scaling for Running VMs
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(Supported on VMware and XenServer)
@@ -849,7 +810,7 @@ Dynamic CPU and RAM scaling can be used in the following cases:
update them using the following procedure.
Updating Existing VMs
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~
If you are upgrading from a previous version of CloudStack, and you want
your existing VMs created with previous versions to have the dynamic
@@ -888,7 +849,7 @@ scaling capability, update the VMs using the following steps:
Restart the VM.
Configuring Dynamic CPU and RAM Scaling
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To configure this feature, use the following new global configuration
variables:
@@ -904,7 +865,7 @@ variables:
= 2.
How to Dynamically Scale CPU and RAM
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To modify the CPU and/or RAM capacity of a virtual machine, you need to
change the compute offering of the VM to a new compute offering that has
@@ -922,7 +883,7 @@ requested level of CPU and RAM, the scaling operation will fail. The VM
will continue to run as it was before.
Limitations
-~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~
-
@@ -958,7 +919,7 @@ Limitations
is made to dynamically scale from less than 3 GB to more than 3 GB.
Resetting the Virtual Machine Root Volume on Reboot
-----------------------------------------------------------
+---------------------------------------------------
For secure environments, and to ensure that VM state is not persisted
across reboots, you can reset the root disk. For more information, see
@@ -966,7 +927,7 @@ across reboots, you can reset the root disk. For more information, see
Reboot” <#reset-vm-reboot>`__.
Moving VMs Between Hosts (Manual Live Migration)
--------------------------------------------------------
+------------------------------------------------
The CloudStack administrator can move a running VM from one host to
another without interrupting service to users or going into maintenance
@@ -1017,22 +978,22 @@ To manually live migrate a virtual machine
#.
- Click the Migrate Instance button. |Migrateinstance.png: button to
- migrate an instance|
+ Click the Migrate Instance button. |Migrateinstance.png|
#.
From the list of suitable hosts, choose the one to which you want to
move the VM.
- .. note:: If the VM's storage has to be migrated along with the VM, this will be noted in the host list. CloudStack will take care of the storage migration for you.
+ .. note::
+ If the VM's storage has to be migrated along with the VM, this will be noted in the host list. CloudStack will take care of the storage migration for you.
#.
Click OK.
Deleting VMs
--------------------
+------------
Users can delete their own virtual machines. A running virtual machine
will be abruptly stopped before it is deleted. Administrators can delete
@@ -1054,11 +1015,10 @@ To delete a virtual machine:
#.
- Click the Destroy Instance button. |Destroyinstance.png: button to
- destroy an instance|
+ Click the Destroy Instance button. |Destroyinstance.png|
Working with ISOs
-------------------------
+-----------------
CloudStack supports ISOs and their attachment to guest VMs. An ISO is a
read-only file that has an ISO/CD-ROM style file system. Users can
@@ -1081,7 +1041,7 @@ installing PV drivers into Windows. ISO images are not
hypervisor-specific.
Adding an ISO
-~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~
To make additional operating system or other software available for use
with guest VMs, you can add an ISO. The ISO is typically thought of as
@@ -1192,7 +1152,8 @@ part of a template.
Red Hat Enterprise Linux 6
- .. note:: It is not recommended to choose an older version of the OS than the version in the image. For example, choosing CentOS 5.4 to support a CentOS 6.2 image will usually not work. In these cases, choose Other.
+ .. note::
+ It is not recommended to choose an older version of the OS than the version in the image. For example, choosing CentOS 5.4 to support a CentOS 6.2 image will usually not work. In these cases, choose Other.
-
@@ -1239,7 +1200,7 @@ Attaching an ISO to a VM
#.
- Click the Attach ISO button. |iso.png: depicts adding an iso image|
+ Click the Attach ISO button. |iso.png|
#.
@@ -1281,3 +1242,26 @@ restoreVirtualMachine call. In this case, the VM's root disk is
destroyed and recreated, but from the same template or ISO that was
already in use by the VM.
+.. |basic-deployment.png| image:: _static/images/basic-deployment.png
+ :alt: Basic two-machine CloudStack deployment
+.. |VMSnapshotButton.png| image:: _static/images/VMSnapshotButton.png
+ :alt: button to restart a VPC
+.. |delete-button.png| image:: _static/images/delete-button.png
+.. |EditButton.png| image:: _static/images/edit-icon.png
+ :alt: button to edit the properties of a VM
+.. |change-affinity-button.png| image:: _static/images/change-affinity-button.png
+ :alt: button to assign an affinity group to a virtual machine.
+.. |ChangeServiceButton.png| image:: _static/images/change-service-icon.png
+ :alt: button to change the service of a VM
+.. |Migrateinstance.png| image:: _static/images/migrate-instance.png
+ :alt: button to migrate an instance
+.. |Destroyinstance.png| image:: _static/images/destroy-instance.png
+ :alt: button to destroy an instance
+.. |iso.png| image:: _static/images/iso-icon.png
+ :alt: depicts adding an iso image
+.. |console-icon.png| image:: _static/images/console-icon.png
+ :alt: depicts adding an iso image
+.. |revert-vm.png| image:: _static/images/revert-vm.png
+ :alt: depicts adding an iso image
+.. |StopButton.png| image:: _static/images/stop-instance-icon.png
+ :alt: depicts adding an iso image
[3/3] git commit: Closes #2: fixed images links, tables, toctree
Posted by se...@apache.org.
Closes #2: fixed images links, tables, toctree
Signed-off-by: Sebastien Goasguen <ru...@gmail.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/commit/08b01f0d
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/tree/08b01f0d
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/diff/08b01f0d
Branch: refs/heads/master
Commit: 08b01f0d623c47f63bd3ee4cc88b61c9bb891177
Parents: 947ff05
Author: Pierre-Luc Dion <pd...@cloudops.com>
Authored: Wed Mar 19 21:29:33 2014 -0400
Committer: Sebastien Goasguen <ru...@gmail.com>
Committed: Thu Mar 20 04:07:52 2014 -0400
----------------------------------------------------------------------
source/accounts.rst | 30 +-
source/administration.rst | 2 +-
source/api.rst | 18 +-
source/conf.py | 2 +-
source/events.rst | 27 +-
source/hosts.rst | 75 ++--
source/management.rst | 26 +-
source/networking.rst | 159 ++------
source/networking2.rst | 762 ++++++++++++++++++++------------------
source/projects.rst | 36 +-
source/reliability.rst | 63 +---
source/service_offerings.rst | 84 ++---
source/storage.rst | 226 +++++------
source/systemvm.rst | 44 ++-
source/templates.rst | 135 ++++---
source/tuning.rst | 10 +-
source/ui.rst | 11 +-
source/usage.rst | 28 +-
source/virtual_machines.rst | 178 ++++-----
19 files changed, 899 insertions(+), 1017 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/08b01f0d/source/accounts.rst
----------------------------------------------------------------------
diff --git a/source/accounts.rst b/source/accounts.rst
index ebe3d49..41e6524 100644
--- a/source/accounts.rst
+++ b/source/accounts.rst
@@ -18,7 +18,7 @@ Managing Accounts, Users and Domains
====================================
Accounts, Users, and Domains
----------------------------------
+----------------------------
Accounts
~~~~~~~~
@@ -60,21 +60,21 @@ or delete other administrators, and change the password for any user in
the system.
Domain Administrators
-~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~
Domain administrators can perform administrative operations for users
who belong to that domain. Domain administrators do not have visibility
into physical servers or other domains.
Root Administrator
-~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~
Root administrators have complete access to the system, including
managing templates, service offerings, customer care administrators, and
domains
Resource Ownership
-~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~
Resources belong to the account, not individual users in that account.
For example, billing, resource limits, and so on are maintained by the
@@ -87,7 +87,7 @@ administrator can do the same for VMs within the domain from one account
to any other account in the domain or any of its sub-domains.
Dedicating Resources to Accounts and Domains
----------------------------------------------
+--------------------------------------------
The root administrator can dedicate resources to a specific domain or
account that needs private infrastructure for additional security or
@@ -179,7 +179,7 @@ with system VMs or virtual routers can be used for preferred implicit
dedication.
Using an LDAP Server for User Authentication
--------------------------------------------------
+--------------------------------------------
You can use an external LDAP server such as Microsoft Active Directory
or ApacheDS to authenticate CloudStack end-users. Just map CloudStack
@@ -213,7 +213,7 @@ command ldapConfig and provide the following:
SSL keystore and password, if SSL is used
Example LDAP Configuration Commands
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To understand the examples in this section, you need to know the basic
concepts behind calling the CloudStack API, which are explained in the
@@ -256,7 +256,7 @@ The next few sections explain some of the concepts you will need to know
when filling out the ldapConfig parameters.
Search Base
-~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~
An LDAP query is relative to a given node of the LDAP directory tree,
called the search base. The search base is the distinguished name (DN)
@@ -268,13 +268,15 @@ you are using. A full discussion of distinguished names is outside the
scope of our documentation. The following table shows some examples of
search bases to find users in the testing department..
+================ =======================
LDAP Server Example Search Base DN
================ =======================
ApacheDS OU=testing, O=project
Active Directory OU=testing, DC=company
+================ =======================
Query Filter
-~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~
The query filter is used to find a mapped user in the external LDAP
server. The query filter should uniquely map the CloudStack user to LDAP
@@ -283,11 +285,13 @@ filter syntax, consult the documentation for your LDAP server.
The CloudStack query filter wildcards are:
+===================== ====================
Query Filter Wildcard Description
===================== ====================
%u User name
%e Email address
%n First and last name
+===================== ====================
The following examples assume you are using Active Directory, and refer
to user attributes from the Active Directory schema.
@@ -311,7 +315,7 @@ To find a user by email address:
(mail=%e)
Search User Bind DN
-~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~
The bind DN is the user on the external LDAP server permitted to search
the LDAP directory within the defined search base. When the DN is
@@ -320,13 +324,16 @@ CloudStack user with an LDAP bind. A full discussion of bind DNs is
outside the scope of our documentation. The following table shows some
examples of bind DNs.
+================ =================================================
LDAP Server Example Bind DN
================ =================================================
ApacheDS CN=Administrator,DC=testing,OU=project,OU=org
Active Directory CN=Administrator, OU=testing, DC=company, DC=com
+================ =================================================
+
SSL Keystore Path and Password
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If the LDAP server requires SSL, you need to enable it in the ldapConfig
command by setting the parameters ssl, truststore, and truststorepass.
@@ -334,4 +341,5 @@ Before enabling SSL for ldapConfig, you need to get the certificate
which the LDAP server is using and add it to a trusted keystore. You
will need to know the path to the keystore and the password.
+
.. |button to dedicate a zone, pod,cluster, or host| image:: _static/images/dedicate-resource-button.png
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/08b01f0d/source/administration.rst
----------------------------------------------------------------------
diff --git a/source/administration.rst b/source/administration.rst
index eede610..7c81173 100644
--- a/source/administration.rst
+++ b/source/administration.rst
@@ -31,7 +31,7 @@ your organization, or just friends who are sharing your cloud – you can
still keep track of what services they use and how much of them.
Service Offerings, Disk Offerings, Network Offerings, and Templates
-------------------------------------------------------------------------
+-------------------------------------------------------------------
A user creating a new instance can make a variety of choices about its
characteristics and capabilities. CloudStack provides several ways to
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/08b01f0d/source/api.rst
----------------------------------------------------------------------
diff --git a/source/api.rst b/source/api.rst
index fee2159..1ba27bb 100644
--- a/source/api.rst
+++ b/source/api.rst
@@ -28,13 +28,11 @@ some indication of their state.
The API has a REST-like query basis and returns results in XML or JSON.
-See `the Developer’s
-Guide <http://docs.cloudstack.org/CloudStack_Documentation/Developer's_Guide%3A_CloudStack>`__
-and `the API
-Reference <http://docs.cloudstack.org/CloudStack_Documentation/API_Reference%3A_CloudStack>`__.
+See `the Developer’s Guide <https://cwiki.apache.org/confluence/display/CLOUDSTACK/Developers>`__
+and `the API Reference <http://cloudstack.apache.org/docs/api/>`__.
Provisioning and Authentication API
------------------------------------------
+-----------------------------------
CloudStack expects that a customer will have their own user provisioning
infrastructure. It provides APIs to integrate with these existing
@@ -47,7 +45,7 @@ possible as well. For example, see Using an LDAP Server for User
Authentication.
User Data and Meta Data
------------------------------
+-----------------------
CloudStack provides API access to attach up to 32KB of user data to a
deployed VM. Deployed VMs also have access to instance metadata via the
@@ -57,17 +55,13 @@ User data can be accessed once the IP address of the virtual router is
known. Once the IP address is known, use the following steps to access
the user data:
-#.
-
- Run the following command to find the virtual router.
+#. Run the following command to find the virtual router.
.. code:: bash
# cat /var/lib/dhclient/dhclient-eth0.leases | grep dhcp-server-identifier | tail -1
-#.
-
- Access user data by running the following command using the result of
+#. Access user data by running the following command using the result of
the above command
.. code:: bash
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/08b01f0d/source/conf.py
----------------------------------------------------------------------
diff --git a/source/conf.py b/source/conf.py
index 4c7b170..1e3a98f 100644
--- a/source/conf.py
+++ b/source/conf.py
@@ -46,7 +46,7 @@ master_doc = 'index'
# General information about the project.
project = u'CloudStack Administration Documentation'
-copyright = u'2014, Apache Software Foundation'
+#copyright = u'2014, Apache Software Foundation'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/08b01f0d/source/events.rst
----------------------------------------------------------------------
diff --git a/source/events.rst b/source/events.rst
index 22d9ee0..29d927d 100644
--- a/source/events.rst
+++ b/source/events.rst
@@ -15,7 +15,7 @@
Event Notification
-===================
+==================
An event is essentially a significant or meaningful change in the state
of both virtual and physical resources associated with a cloud
@@ -26,7 +26,7 @@ state change of virtual or physical resources, an action performed by an
user (action events), or policy based events (alerts).
Event Logs
------------
+----------
There are two types of events logged in the CloudStack Event Log.
Standard events log the success or failure of an event and can be used
@@ -153,7 +153,7 @@ changes can control the behaviour.
Restart the Management Server.
Standard Events
-----------------
+---------------
The events log records three types of standard events.
@@ -186,7 +186,7 @@ The events log records three types of standard events.
successfully performed
Long Running Job Events
-------------------------
+-----------------------
The events log records three types of standard events.
@@ -219,7 +219,7 @@ The events log records three types of standard events.
successfully performed
Event Log Queries
-------------------
+-----------------
Database logs can be queried from the user interface. The list of events
captured by the system includes:
@@ -250,7 +250,7 @@ captured by the system includes:
User login and logout
Deleting and Archiving Events and Alerts
------------------------------------------
+----------------------------------------
CloudStack provides you the ability to delete or archive the existing
alerts and events that you no longer want to implement. You can
@@ -285,7 +285,7 @@ API. They are maintained in the database for auditing or compliance
purposes.
Permissions
-~~~~~~~~~~~~
+~~~~~~~~~~~
Consider the following:
@@ -403,7 +403,7 @@ See the export procedure in the "Secondary Storage" section of the
CloudStack Installation Guide
Recovering a Lost Virtual Router
---------------------------------------
+--------------------------------
Symptom
~~~~~~~
@@ -444,11 +444,10 @@ cleanup=false parameter. For more information about redundant router
setup, see Creating a New Network Offering.
For more information about the API syntax, see the API Reference at
-`http://docs.cloudstack.org/CloudStack\_Documentation/API\_Reference%3A\_CloudStack <http://docs.cloudstack.org/CloudStack_Documentation/API_Reference%3A_CloudStack>`__\ API
-Reference.
+`http://cloudstack.apache.org/docs/api/ <http://cloudstack.apache.org/docs/api/>`_.
Maintenance mode not working on vCenter
----------------------------------------------
+---------------------------------------
Symptom
~~~~~~~
@@ -468,7 +467,7 @@ Use vCenter to place the host in maintenance mode.
Unable to deploy VMs from uploaded vSphere template
----------------------------------------------------------
+---------------------------------------------------
Symptom
~~~~~~~~
@@ -488,7 +487,7 @@ Solution
Remove the ISO and re-upload the template.
Unable to power on virtual machine on VMware
---------------------------------------------------
+--------------------------------------------
Symptom
~~~~~~~
@@ -525,7 +524,7 @@ See the following:
Article <http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=10051/>`__
Load balancer rules fail after changing network offering
---------------------------------------------------------------
+--------------------------------------------------------
Symptom
~~~~~~~
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/08b01f0d/source/hosts.rst
----------------------------------------------------------------------
diff --git a/source/hosts.rst b/source/hosts.rst
index ae73057..d63555c 100644
--- a/source/hosts.rst
+++ b/source/hosts.rst
@@ -18,14 +18,14 @@ Working with Hosts
==================
Adding Hosts
-------------------
+------------
Additional hosts can be added at any time to provide more capacity for
guest VMs. For requirements and instructions, see `Section 7.6, “Adding
a Host” <#host-add>`__.
Scheduled Maintenance and Maintenance Mode for Hosts
-----------------------------------------------------------
+----------------------------------------------------
You can place a host into maintenance mode. When maintenance mode is
activated, the host becomes unavailable to receive new guest VMs, and
@@ -34,7 +34,7 @@ another host not in maintenance mode. This migration uses live migration
technology and does not interrupt the execution of the guest.
vCenter and Maintenance Mode
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To enter maintenance mode on a vCenter host, both vCenter and CloudStack
must be used in concert. CloudStack and vCenter have separate
@@ -84,7 +84,7 @@ maintenance modes that work closely together.
it may be migrated back to it manually and new VMs can be added.
XenServer and Maintenance Mode
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For XenServer, you can take a server offline temporarily by using the
Maintenance Mode feature in XenCenter. When you place a server into
@@ -137,7 +137,7 @@ have been successfully migrated off the server.
Click Exit Maintenance Mode.
Disabling and Enabling Zones, Pods, and Clusters
-------------------------------------------------------
+------------------------------------------------
You can enable or disable a zone, pod, or cluster without permanently
removing it from the cloud. This is useful for maintenance or when there
@@ -163,8 +163,7 @@ To disable and enable a zone, pod, or cluster:
#.
If you are disabling or enabling a zone, find the name of the zone in
- the list, and click the Enable/Disable button. |enable-disable.png:
- button to enable or disable zone, pod, or cluster.|
+ the list, and click the Enable/Disable button. |enable-disable.png|
#.
@@ -185,16 +184,16 @@ To disable and enable a zone, pod, or cluster:
#.
- Click the Enable/Disable button. |image32|
+ Click the Enable/Disable button. |enable-disable.png|
Removing Hosts
---------------------
+--------------
Hosts can be removed from the cloud as needed. The procedure to remove a
host depends on the hypervisor type.
Removing XenServer and KVM Hosts
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A node cannot be removed from a cluster until it has been placed in
maintenance mode. This will ensure that all of the VMs on it have been
@@ -204,8 +203,8 @@ migrated to other Hosts. To remove a Host from the cloud:
Place the node in maintenance mode.
- See `Section 11.2, “Scheduled Maintenance and Maintenance Mode for
- Hosts” <#scheduled-maintenance-maintenance-mode-hosts>`__.
+ See `“Scheduled Maintenance and Maintenance Mode for
+ Hosts” <#scheduled-maintenance-and-maintenance-mode-for-hosts>`__.
#.
@@ -219,24 +218,24 @@ migrated to other Hosts. To remove a Host from the cloud:
it, etc
Removing vSphere Hosts
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~
To remove this type of host, first place it in maintenance mode, as
-described in `Section 11.2, “Scheduled Maintenance and Maintenance Mode
-for Hosts” <#scheduled-maintenance-maintenance-mode-hosts>`__. Then use
+described in `“Scheduled Maintenance and Maintenance Mode
+for Hosts” <#scheduled-maintenance-and-maintenance-mode-for-hosts>`_. Then use
CloudStack to remove the host. CloudStack will not direct commands to a
host that has been removed using CloudStack. However, the host may still
exist in the vCenter cluster.
Re-Installing Hosts
--------------------------
+-------------------
You can re-install a host after placing it in maintenance mode and then
removing it. If a host is down and cannot be placed in maintenance mode,
it should still be removed before the re-install.
Maintaining Hypervisors on Hosts
---------------------------------------
+--------------------------------
When running hypervisor software on hosts, be sure all the hotfixes
provided by the hypervisor vendor are applied. Track the release of
@@ -247,14 +246,15 @@ essential that your hosts are completely up to date with the provided
hypervisor patches. The hypervisor vendor is likely to refuse to support
any system that is not up to date with patches.
-.. note:: The lack of up-do-date hotfixes can lead to data corruption and lost VMs.
+.. note::
+ The lack of up-do-date hotfixes can lead to data corruption and lost VMs.
(XenServer) For more information, see `Highly Recommended Hotfixes for
XenServer in the CloudStack Knowledge
Base <http://docs.cloudstack.org/Knowledge_Base/Possible_VM_corruption_if_XenServer_Hotfix_is_not_Applied/Highly_Recommended_Hotfixes_for_XenServer_5.6_SP2>`__.
Changing Host Password
-----------------------------
+----------------------
The password for a XenServer Node, KVM Node, or vSphere Node may be
changed in the database. Note that all Nodes in a Cluster must have the
@@ -299,7 +299,7 @@ To change a Node's password:
mysql> update cloud.host set password='password' where id=5 or id=10 or id=12;
Over-Provisioning and Service Offering Limits
----------------------------------------------------
+---------------------------------------------
(Supported for XenServer, KVM, and VMware)
@@ -353,7 +353,7 @@ the host is actually suitable for the level of over-provisioning which
has been set.
Limitations on Over-Provisioning in XenServer and KVM
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
@@ -368,7 +368,7 @@ Limitations on Over-Provisioning in XenServer and KVM
limits based on the memory contention.
Requirements for Over-Provisioning
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Several prerequisites are required in order for over-provisioning to
function properly. The feature is dependent on the OS type, hypervisor
@@ -404,7 +404,7 @@ administrator must set CONFIG\_VIRTIO\_BALLOON=y in the virtio
configuration.
Hypervisor capabilities
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^
The hypervisor must be capable of using the memory ballooning.
@@ -420,7 +420,7 @@ VMware, KVM
Memory ballooning is supported by default.
Setting Over-Provisioning Ratios
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There are two ways the root admin can set CPU and RAM over-provisioning
ratios. First, the global configuration settings
@@ -435,7 +435,8 @@ done, CloudStack recalculates or scales the used and reserved capacities
based on the new over-provisioning ratios, to ensure that CloudStack is
correctly tracking the amount of free capacity.
-.. note:: It is safer not to deploy additional new VMs while the capacity recalculation is underway, in case the new values for available capacity are not high enough to accommodate the new VMs. Just wait for the new used/available values to become available, to be sure there is room for all the new VMs you want.
+.. note::
+ It is safer not to deploy additional new VMs while the capacity recalculation is underway, in case the new values for available capacity are not high enough to accommodate the new VMs. Just wait for the new used/available values to become available, to be sure there is room for all the new VMs you want.
To change the over-provisioning ratios for an existing cluster:
@@ -462,10 +463,11 @@ To change the over-provisioning ratios for an existing cluster:
intially shown in these fields is the default value inherited from
the global configuration settings.
- .. note:: In XenServer, due to a constraint of this hypervisor, you can not use an over-provisioning factor greater than 4.
+ .. note::
+ In XenServer, due to a constraint of this hypervisor, you can not use an over-provisioning factor greater than 4.
Service Offering Limits and Over-Provisioning
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Service offering limits (e.g. 1 GHz, 1 core) are strictly enforced for
core count. For example, a guest with a service offering of one core
@@ -485,7 +487,7 @@ will receive twice the CPU allocation as a guest created from a 1 GHz
service offering. CloudStack does not perform memory over-provisioning.
VLAN Provisioning
------------------------
+-----------------
CloudStack automatically creates and destroys interfaces bridged to
VLANs on the hosts. In general the administrator does not need to manage
@@ -514,11 +516,12 @@ set of IPs for different customers, each one with their own routers and
the guest networks on different physical NICs.
VLAN Allocation Example
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~
VLANs are required for public and guest traffic. The following is an
example of a VLAN allocation scheme:
+================= ============================= ====================================================================================================
VLAN IDs Traffic type Scope
================= ============================= ====================================================================================================
less than 500 Management traffic. Reserved for administrative purposes. CloudStack software can access this, hypervisors, system VMs.
@@ -527,9 +530,10 @@ less than 500 Management traffic. Reserved for administrative
800-899 VLANs carrying guest traffic. CloudStack accounts. Account-specific VLAN chosen by CloudStack admin to assign to that account.
900-999 VLAN carrying guest traffic CloudStack accounts. Can be scoped by project, domain, or all accounts.
greater than 1000 Reserved for future use
+================= ============================= ====================================================================================================
Adding Non Contiguous VLAN Ranges
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CloudStack provides you with the flexibility to add non contiguous VLAN
ranges to your network. The administrator can either update an existing
@@ -564,7 +568,7 @@ range.
#.
- Click Edit |edit-icon.png: button to edit the VLAN range.|
+ Click Edit |edit-icon.png|.
The VLAN Ranges field now is editable.
@@ -580,7 +584,7 @@ range.
Click Apply.
Assigning VLANs to Isolated Networks
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CloudStack provides you the ability to control VLAN assignment to
Isolated networks. As a Root admin, you can assign a VLAN ID when a
@@ -628,5 +632,10 @@ To enable you to assign VLANs to Isolated networks,
network and the state is changed to Setup. In this state, the network
will not be garbage collected.
-.. note:: You cannot change a VLAN once it's assigned to the network. The VLAN remains with the network for its entire life cycle.
+.. note::
+ You cannot change a VLAN once it's assigned to the network. The VLAN remains with the network for its entire life cycle.
+.. |enable-disable.png| image:: _static/images/enable-disable.png
+ :alt: button to enable or disable zone, pod, or cluster.
+.. |edit-icon.png| image:: _static/images/edit-icon.png
+ :alt: button to edit the VLAN range.
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/08b01f0d/source/management.rst
----------------------------------------------------------------------
diff --git a/source/management.rst b/source/management.rst
index 4385605..9b90659 100644
--- a/source/management.rst
+++ b/source/management.rst
@@ -18,7 +18,7 @@ Managing the Cloud
==================
Using Tags to Organize Resources in the Cloud
----------------------------------------------------
+---------------------------------------------
A tag is a key-value pair that stores metadata about a resource in the
cloud. Tags are useful for categorizing resources. For example, you can
@@ -138,7 +138,7 @@ number of hosts and sockets used for each host type.
Changing the Database Configuration
------------------------------------------
+-----------------------------------
The CloudStack Management Server stores database configuration
information (e.g., hostname, port, credentials) in the file
@@ -146,7 +146,7 @@ information (e.g., hostname, port, credentials) in the file
this file on each Management Server, then restart the Management Server.
Changing the Database Password
-------------------------------------
+------------------------------
You may need to change the password for the MySQL account used by
CloudStack. If so, you'll need to change the password in MySQL, and then
@@ -220,7 +220,7 @@ add the encrypted password to
# service cloud-usage start
Administrator Alerts
---------------------------
+--------------------
The system provides alerts and events to help with the management of the
cloud. Alerts are notices to an administrator, generally delivered by
@@ -248,7 +248,7 @@ Emails will be sent to administrators under the following circumstances:
The Host cluster runs low on CPU, memory, or storage resources
Sending Alerts to External SNMP and Syslog Managers
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In addition to showing administrator alerts on the Dashboard in the
CloudStack UI and sending them in email, CloudStack can also send the
@@ -373,7 +373,7 @@ be found by calling listAlerts.
You can also display the most up to date list by calling the API command ``listAlerts``.
SNMP Alert Details
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^
The supported protocol is SNMP version 2.
@@ -381,7 +381,7 @@ Each SNMP trap contains the following information: message, podId,
dataCenterId, clusterId, and generationTime.
Syslog Alert Details
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^
CloudStack generates a syslog message for every alert. Each syslog
message incudes the fields alertType, message, podId, dataCenterId, and
@@ -399,7 +399,7 @@ For example:
Mar 4 10:13:47 WARN localhost alertType:: managementNode message:: Management server node 127.0.0.1 is up
Configuring SNMP and Syslog Managers
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
To configure one or more SNMP managers or Syslog managers to receive
alerts from CloudStack:
@@ -480,14 +480,14 @@ log4j-cloud.xml. Check to be sure that the format and settings are
correct.
Deleting an SNMP or Syslog Manager
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
To remove an external SNMP manager or Syslog manager so that it no
longer receives alerts from CloudStack, remove the corresponding entry
from the file ``/etc/cloudstack/management/log4j-cloud.xml``.
Customizing the Network Domain Name
------------------------------------------
+-----------------------------------
The root administrator can optionally assign a custom DNS suffix at the
level of a network, account, domain, zone, or entire CloudStack
@@ -577,9 +577,3 @@ To start the Management Server:
# service cloudstack-management start
-To stop the Management Server:
-
-.. code:: bash
-
- # service cloudstack-management stop
-
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/08b01f0d/source/networking.rst
----------------------------------------------------------------------
diff --git a/source/networking.rst b/source/networking.rst
index 583ed70..0ec0fcf 100644
--- a/source/networking.rst
+++ b/source/networking.rst
@@ -18,7 +18,7 @@ Setting Up Networking for Users
===============================
Overview of Setting Up Networking for Users
-------------------------------------------------
+-------------------------------------------
People using cloud infrastructure have a variety of needs and
preferences when it comes to the networking services provided by the
@@ -78,7 +78,7 @@ account. Isolated networks have the following properties.
entire network
For more information, see `Section 15.5.1, “Configure Guest Traffic in
-an Advanced Zone” <#configure-guest-traffic-in-advanced-zone>`__.
+an Advanced Zone” <#configure-guest-traffic-in-advanced-zone>`_.
Shared Networks
~~~~~~~~~~~~~~~~~~~~~~
@@ -116,7 +116,7 @@ Basic zones in CloudStack 3.0.3 and later versions.
is supported.
For information, see `Section 15.5.3, “Configuring a Shared Guest
-Network” <#creating-shared-network>`__.
+Network” <#creating-shared-network>`_.
Runtime Allocation of Virtual Network Resources
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -131,7 +131,8 @@ helps to conserve network resources.
Network Service Providers
------------------------------
-.. note:: For the most up-to-date list of supported network service providers, see the CloudStack UI or call `listNetworkServiceProviders`.
+.. note::
+ For the most up-to-date list of supported network service providers, see the CloudStack UI or call `listNetworkServiceProviders`.
A service provider (also called a network element) is hardware or
virtual appliance that makes a network service possible; for example, a
@@ -181,7 +182,8 @@ offering.
Network Offerings
----------------------
-.. note:: For the most up-to-date list of supported network services, see the CloudStack UI or call listNetworkServices.
+.. note::
+ For the most up-to-date list of supported network services, see the CloudStack UI or call listNetworkServices.
A network offering is a named set of network services, such as:
@@ -240,7 +242,8 @@ running a web server farm and require a scalable firewall solution, load
balancing solution, and alternate networks for accessing the database
backend.
-.. note:: If you create load balancing rules while using a network service offering that includes an external load balancer device such as NetScaler, and later change the network service offering to one that uses the CloudStack virtual router, you must create a firewall rule on the virtual router for each of your existing load balancing rules so that they continue to function.
+.. note::
+ If you create load balancing rules while using a network service offering that includes an external load balancer device such as NetScaler, and later change the network service offering to one that uses the CloudStack virtual router, you must create a firewall rule on the virtual router for each of your existing load balancing rules so that they continue to function.
When creating a new virtual network, the CloudStack administrator
chooses which network offering to enable for that network. Each virtual
@@ -253,7 +256,7 @@ system VMs. These network offerings are not visible to users but can be
modified by administrators.
Creating a New Network Offering
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To create a network offering:
@@ -336,115 +339,34 @@ To create a network offering:
Based on the guest network type selected, you can see the
following supported services:
- Supported Services
+ =================== ======================================================================= ============= =============
+ Supported Services Description Isolated Shared
+ =================== ======================================================================= ============= =============
+ DHCP For more information, see `Section 15.24, “DNS and DHCP” <#dns-dhcp>`_. Supported Supported
+ DNS For more information, see `Section 15.24, “DNS and DHCP” <#dns-dhcp>`_. Supported Supported
+ Load Balancer If you select Load Balancer, you can choose the CloudStack virtual Supported Supported
+ router or any other load balancers that have been configured in
+ the cloud.
+ Firewall For more information, see the Administration Guide. Supported Supported
+ Source NAT If you select Source NAT, you can choose the CloudStack virtual Supported Supported
+ router or any other Source NAT providers that have been configured
+ in the cloud.
+ Static NAT If you select Static NAT, you can choose the CloudStack virtual Supported Supported
+ router or any other Static NAT providers that have been configured
+ in the cloud.
+ Port Forwarding If you select Port Forwarding, you can choose the CloudStack Supported Not Supported
+ virtual router or any other Port Forwarding providers that have
+ been configured in the cloud.
+ VPN For more information, see `Section 15.25, “Remote Access Supported Not Supported
+ VPN” <#vpn>`__.
+ User Data For more information, see `Section 20.2, “User Data and Meta Not Supported Supported
+ Data” <#user-data-and-meta-data>`_.
+ Network ACL For more information, see `Section 15.27.4, “Configuring Network Supported Not Supported
+ Access Control List” <#configure-acl>`_.
+ Security Groups For more information, see `Section 15.15.2, “Adding a Security Not Supported Supported
+ Group” <#add-security-group>`__.
+ =================== ======================================================================= ============= =============
- Description
-
- Isolated
-
- Shared
-
- DHCP
-
- For more information, see `Section 15.24, “DNS and
- DHCP” <#dns-dhcp>`__.
-
- Supported
-
- Supported
-
- DNS
-
- For more information, see `Section 15.24, “DNS and
- DHCP” <#dns-dhcp>`__.
-
- Supported
-
- Supported
-
- Load Balancer
-
- If you select Load Balancer, you can choose the CloudStack virtual
- router or any other load balancers that have been configured in
- the cloud.
-
- Supported
-
- Supported
-
- Firewall
-
- For more information, see the Administration Guide.
-
- Supported
-
- Supported
-
- Source NAT
-
- If you select Source NAT, you can choose the CloudStack virtual
- router or any other Source NAT providers that have been configured
- in the cloud.
-
- Supported
-
- Supported
-
- Static NAT
-
- If you select Static NAT, you can choose the CloudStack virtual
- router or any other Static NAT providers that have been configured
- in the cloud.
-
- Supported
-
- Supported
-
- Port Forwarding
-
- If you select Port Forwarding, you can choose the CloudStack
- virtual router or any other Port Forwarding providers that have
- been configured in the cloud.
-
- Supported
-
- Not Supported
-
- VPN
-
- For more information, see `Section 15.25, “Remote Access
- VPN” <#vpn>`__.
-
- Supported
-
- Not Supported
-
- User Data
-
- For more information, see `Section 20.2, “User Data and Meta
- Data” <#user-data-and-meta-data>`__.
-
- Not Supported
-
- Supported
-
- Network ACL
-
- For more information, see `Section 15.27.4, “Configuring Network
- Access Control List” <#configure-acl>`__.
-
- Supported
-
- Not Supported
-
- Security Groups
-
- For more information, see `Section 15.15.2, “Adding a Security
- Group” <#add-security-group>`__.
-
- Not Supported
-
- Supported
-
@@ -459,7 +381,7 @@ To create a network offering:
that have been defined by the CloudStack root administrator.
For more information, see `Section 8.2, “System Service
- Offerings” <#system-service-offerings>`__.
+ Offerings” <#system-service-offerings>`_.
-
@@ -518,7 +440,7 @@ To create a network offering:
Elastic IP is enabled.
For information on Elastic IP, see `Section 15.11, “About Elastic
- IP” <#elastic-ip>`__.
+ IP” <#elastic-ip>`_.
-
@@ -544,7 +466,8 @@ To create a network offering:
the conserve mode is on, you can define more than one service on
the same public IP.
- .. note:: If StaticNAT is enabled, irrespective of the status of the conserve mode, no port forwarding or load balancing rule can be created for the IP. However, you can add the firewall rules by using the createFirewallRule command.
+ .. note::
+ If StaticNAT is enabled, irrespective of the status of the conserve mode, no port forwarding or load balancing rule can be created for the IP. However, you can add the firewall rules by using the createFirewallRule command.
-
[2/3] Closes #2: fixed images links, tables, toctree
Posted by se...@apache.org.
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/08b01f0d/source/networking2.rst
----------------------------------------------------------------------
diff --git a/source/networking2.rst b/source/networking2.rst
index 4072f3c..cfdab2b 100644
--- a/source/networking2.rst
+++ b/source/networking2.rst
@@ -23,7 +23,7 @@ have a private LAN. The CloudStack virtual router is the main component
providing networking features for guest traffic.
Guest Traffic
--------------------
+-------------
A network can carry guest traffic only between VMs within one zone.
Virtual machines in different zones cannot communicate with each other
@@ -32,7 +32,7 @@ routing through a public IP address.
See a typical guest traffic setup given below:
-|guest-traffic-setup.png: Depicts a guest traffic setup|
+|guest-traffic-setup.png|
Typically, the Management Server automatically creates a virtual router
for each network. A virtual router is a special virtual machine that
@@ -54,7 +54,7 @@ Source NAT is automatically configured in the virtual router to forward
outbound traffic for all guest VMs
Networking in a Pod
--------------------------
+-------------------
The figure below illustrates network setup within a single pod. The
hosts are connected to a pod-level switch. At a minimum, the hosts
@@ -62,7 +62,7 @@ should have one physical uplink to each switch. Bonded NICs are
supported as well. The pod-level switch is a pair of redundant gigabit
switches with 10 G uplinks.
-|networksinglepod.png: diagram showing logical view of network in a pod|
+|networksinglepod.png|
Servers are connected as follows:
@@ -86,11 +86,11 @@ each network interface as well as redundant switch fabric in order to
maximize throughput and improve reliability.
Networking in a Zone
---------------------------
+--------------------
The following figure illustrates the network setup within a single zone.
-|networksetupzone.png: Depicts network setup in a single zone|
+|networksetupzone.png|
A firewall for management traffic operates in the NAT mode. The network
typically is assigned IP addresses in the 192.168.0.0/16 Class B private
@@ -101,7 +101,7 @@ Each zone has its own set of public IP addresses. Public IP addresses
from different zones do not overlap.
Basic Zone Physical Network Configuration
------------------------------------------------
+-----------------------------------------
In a basic network, configuring the physical network is fairly
straightforward. You only need to configure one guest network to carry
@@ -109,14 +109,14 @@ traffic that is generated by guest VMs. When you first add a zone to
CloudStack, you set up the guest network through the Add Zone screens.
Advanced Zone Physical Network Configuration
---------------------------------------------------
+--------------------------------------------
Within a zone that uses advanced networking, you need to tell the
Management Server how the physical network is set up to carry different
kinds of traffic in isolation.
Configure Guest Traffic in an Advanced Zone
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
These steps assume you have already logged in to the CloudStack UI. To
configure the base guest network:
@@ -136,7 +136,7 @@ configure the base guest network:
The Add guest network window is displayed:
- |addguestnetwork.png: Add Guest network setup in a single zone|
+ |addguestnetwork.png|
#.
@@ -174,13 +174,13 @@ configure the base guest network:
Click OK.
Configure Public Traffic in an Advanced Zone
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In a zone that uses advanced networking, you need to configure at least
one range of IP addresses for Internet traffic.
Configuring a Shared Guest Network
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#.
@@ -313,7 +313,7 @@ Configuring a Shared Guest Network
Click OK to confirm.
Using Multiple Guest Networks
------------------------------------
+-----------------------------
In zones that use advanced networking, additional networks for guest
traffic may be added at any time after the initial installation. You can
@@ -339,7 +339,7 @@ no isolation between guests.Networks that are assigned to a specific
account provide strong isolation.
Adding an Additional Guest Network
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#.
@@ -389,7 +389,7 @@ Adding an Additional Guest Network
Click Create.
Reconfiguring Networks in VMs
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CloudStack provides you the ability to move VMs between networks and
reconfigure a VM's network. You can remove a VM from a network and add
@@ -400,13 +400,13 @@ be accommodated with ease.
This feature is supported on XenServer, VMware, and KVM hypervisors.
Prerequisites
-^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^
Ensure that vm-tools are running on guest VMs for adding or removing
networks to work on VMware hypervisor.
Adding a Network
-^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^
#.
@@ -471,7 +471,7 @@ Adding a Network
CIDR (for IPv6)
Removing a Network
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^
#.
@@ -495,14 +495,14 @@ Removing a Network
#.
- Click Remove NIC button. |remove-nic.png: button to remove a NIC|
+ Click Remove NIC button. |remove-nic.png|
#.
Click Yes to confirm.
Selecting the Default Network
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
#.
@@ -526,15 +526,14 @@ Selecting the Default Network
#.
- Click the Set default NIC button. |set-default-nic.png: button to set
- a NIC as default one.|
+ Click the Set default NIC button. |set-default-nic.png|.
#.
Click Yes to confirm.
Changing the Network Offering on a Guest Network
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A user or administrator can change the network offering that is
associated with an existing guest network.
@@ -559,8 +558,7 @@ associated with an existing guest network.
#.
- In the Details tab, click Edit. |EditButton.png: button to edit a
- network|
+ In the Details tab, click Edit. |edit-icon.png|
#.
@@ -585,7 +583,7 @@ associated with an existing guest network.
If you stopped any VMs, restart them.
IP Reservation in Isolated Guest Networks
------------------------------------------------
+-----------------------------------------
In isolated guest networks, a part of the guest IP address space can be
reserved for non-CloudStack VMs or physical servers. To do so, you
@@ -609,7 +607,7 @@ addresses. CloudStack guest VMs cannot acquire IPs from the Reserved IP
Range.
IP Reservation Considerations
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Consider the following before you reserve an IP range for non-CloudStack
machines:
@@ -692,7 +690,7 @@ machines:
UI.
Limitations
-~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~
-
@@ -707,7 +705,7 @@ Limitations
Reservation in the new re-implemeted network.
Best Practices
-~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~
Apply IP Reservation to the guest network as soon as the network state
changes to Implemented. If you apply reservation soon after the first
@@ -715,7 +713,7 @@ guest VM is deployed, lesser conflicts occurs while applying
reservation.
Reserving an IP Range
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~
#.
@@ -731,8 +729,7 @@ Reserving an IP Range
#.
- In the Details tab, click Edit. |edit-icon.png: button to edit a
- network|
+ In the Details tab, click Edit. |edit-icon.png|
The CIDR field changes to editable one.
@@ -748,7 +745,7 @@ Reserving an IP Range
Range are displayed on the Details page.
Reserving Public IP Addresses and VLANs for Accounts
-----------------------------------------------------------
+----------------------------------------------------
CloudStack provides you the ability to reserve a set of public IP
addresses and VLANs exclusively for an account. During zone creation,
@@ -789,7 +786,7 @@ This feature provides you the following capabilities:
The maximum IPs per account limit cannot be superseded.
Dedicating IP Address Ranges to an Account
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#.
@@ -832,8 +829,7 @@ Dedicating IP Address Ranges to an Account
#.
- Click Add Account |addAccount-icon.png: button to assign an IP
- range to an account.| button.
+ Click Add Account |addAccount-icon.png| button.
The Add Account dialog is displayed.
@@ -910,7 +906,7 @@ Dedicating IP Address Ranges to an Account
Click Add.
Dedicating VLAN Ranges to an Account
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#.
@@ -966,7 +962,7 @@ Dedicating VLAN Ranges to an Account
****Domain****: The domain associated with the account.
Configuring Multiple IP Addresses on a Single NIC
--------------------------------------------------------
+-------------------------------------------------
CloudStack provides you the ability to associate multiple private IP
addresses per guest VM NIC. In addition to the primary IP, you can
@@ -986,7 +982,7 @@ This feature is supported on XenServer, KVM, and VMware hypervisors.
Note that Basic zone security groups are not supported on VMware.
Use Cases
-~~~~~~~~~~~~~~~~~
+~~~~~~~~~
Some of the use cases are described below:
@@ -1009,13 +1005,13 @@ Some of the use cases are described below:
a distinct IP address.
Guidelines
-~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~
To prevent IP conflict, configure different subnets when multiple
networks are connected to the same VM.
Assigning Additional IPs to a VM
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#.
@@ -1051,7 +1047,7 @@ Assigning Additional IPs to a VM
StaticNAT rules.
Port Forwarding and StaticNAT Services Changes
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Because multiple IPs can be associated per NIC, you are allowed to
select a desired IP for the Port Forwarding and StaticNAT services. The
@@ -1063,7 +1059,7 @@ is configured on the specified private IP of the VM. if not passed, NAT
is configured on the primary IP of the VM.
About Multiple IP Ranges
--------------------------------
+------------------------
.. note:: The feature can only be implemented on IPv4 addresses.
@@ -1091,7 +1087,7 @@ subnet, the remove operation fails.
This feature is supported on KVM, xenServer, and VMware hypervisors.
About Elastic IP
------------------------
+----------------
Elastic IP (EIP) addresses are the IP addresses that are associated with
an account, and act as static IP addresses. The account owner has the
@@ -1110,7 +1106,7 @@ DefaultSharedNetscalerEIPandELBNetworkOffering, provides your network
with EIP and ELB network services if a NetScaler device is deployed in
your zone. Consider the following illustration for more details.
-|eip-ns-basiczone.png: Elastic IP in a NetScaler-enabled Basic Zone.|
+|eip-ns-basiczone.png|
In the illustration, a NetScaler appliance is the default entry or exit
point for the CloudStack instances, and firewall is the default entry or
@@ -1136,12 +1132,13 @@ The EIP work flow is as follows:
Network Address Translation (INAT) and Reverse NAT (RNAT) rules
between the public IP and the private IP.
- .. note:: Inbound NAT (INAT) is a type of NAT supported by NetScaler, in which
- the destination IP address is replaced in the packets from the public
- network, such as the Internet, with the private IP address of a VM in
- the private network. Reverse NAT (RNAT) is a type of NAT supported by
- NetScaler, in which the source IP address is replaced in the packets
- generated by a VM in the private network with the public IP address.
+ .. note::
+ Inbound NAT (INAT) is a type of NAT supported by NetScaler, in which
+ the destination IP address is replaced in the packets from the public
+ network, such as the Internet, with the private IP address of a VM in
+ the private network. Reverse NAT (RNAT) is a type of NAT supported by
+ NetScaler, in which the source IP address is replaced in the packets
+ generated by a VM in the private network with the public IP address.
-
@@ -1176,19 +1173,20 @@ For more information on the Associate Public IP option, see
`Section 9.4.1, “Creating a New Network
Offering” <#creating-network-offerings>`__.
-.. note:: The Associate Public IP feature is designed only for use with user VMs.
-The System VMs continue to get both public IP and private by default,
-irrespective of the network offering configuration.
+.. note::
+ The Associate Public IP feature is designed only for use with user VMs.
+ The System VMs continue to get both public IP and private by default,
+ irrespective of the network offering configuration.
New deployments which use the default shared network offering with EIP
and ELB services to create a shared network in the Basic zone will
continue allocating public IPs to each user VM.
Portable IPs
--------------------
+------------
About Portable IP
-~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~
Portable IPs in CloudStack are region-level pool of IPs, which are
elastic in nature, that can be transferred across geographically
@@ -1226,14 +1224,14 @@ The salient features of Portable IP are as follows:
Portable IP transfer is available only for static NAT.
Guidelines
-''''''''''
+^^^^^^^^^^
Before transferring to another network, ensure that no network rules
(Firewall, Static NAT, Port Forwarding, and so on) exist on that
portable IP.
Configuring Portable IPs
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~
#.
@@ -1286,7 +1284,7 @@ Configuring Portable IPs
Click OK.
Acquiring a Portable IP
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~
#.
@@ -1323,7 +1321,7 @@ Acquiring a Portable IP
static NAT rules.
Transferring Portable IP
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~
An IP can be transferred from one network to another only if Static NAT
is enabled. However, when a portable IP is associated with a network,
@@ -1345,7 +1343,7 @@ following:
http://localhost:8096/client/api?command=enableStaticNat&response=json&ipaddressid=a4bc37b2-4b4e-461d-9a62-b66414618e36&virtualmachineid=Y&networkid=X
Multiple Subnets in Shared Network
------------------------------------------
+----------------------------------
CloudStack provides you with the flexibility to add guest IP ranges from
different subnets in Basic zones and security groups-enabled Advanced
@@ -1358,7 +1356,7 @@ address management overhead. You can delete the IP ranges you have
added.
Prerequisites and Guidelines
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
@@ -1387,7 +1385,7 @@ Prerequisites and Guidelines
subnets are not currently supported
Adding Multiple Subnets to a Shared Network
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#.
@@ -1428,7 +1426,7 @@ Adding Multiple Subnets to a Shared Network
The Add IP Range dialog is displayed, as follows:
- |add-ip-range.png: adding an IP range to a network.|
+ |add-ip-range.png|
#.
@@ -1463,7 +1461,7 @@ Adding Multiple Subnets to a Shared Network
Click OK.
Isolation in Advanced Zone Using Private VLAN
-----------------------------------------------------
+---------------------------------------------
Isolation of guest traffic in shared networks can be achieved by using
Private VLANs (PVLAN). PVLANs provide Layer 2 isolation between ports
@@ -1488,7 +1486,7 @@ VMs.
guest VM.
About Private VLAN
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~
In an Ethernet switch, a VLAN is a broadcast domain where hosts can
establish direct communication with each another at Layer 2. Private
@@ -1545,27 +1543,27 @@ For further reading:
-
`Understanding Private
- VLANs <http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/configuration/guide/swpvlan.html#wp1038379>`__
+ VLANs <http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/configuration/guide/swpvlan.html#wp1038379>`_
-
`Cisco Systems' Private VLANs: Scalable Security in a Multi-Client
- Environment <http://tools.ietf.org/html/rfc5517>`__
+ Environment <http://tools.ietf.org/html/rfc5517>`_
-
`Private VLAN (PVLAN) on vNetwork Distributed Switch - Concept
- Overview (1010691) <http://kb.vmware.com>`__
+ Overview (1010691) <http://kb.vmware.com>`_
Prerequisites
-~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~
-
Use a PVLAN supported switch.
See `Private VLAN Catalyst Switch Support
- Matrix <http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml>`__\ for
+ Matrix <http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml>`_ for
more information.
-
@@ -1591,12 +1589,13 @@ Prerequisites
Before you use PVLAN on XenServer and KVM, enable Open vSwitch (OVS).
- .. note:: OVS on XenServer and KVM does not support PVLAN natively. Therefore,
- CloudStack managed to simulate PVLAN on OVS for XenServer and KVM by
- modifying the flow table.
+ .. note::
+ OVS on XenServer and KVM does not support PVLAN natively. Therefore,
+ CloudStack managed to simulate PVLAN on OVS for XenServer and KVM by
+ modifying the flow table.
Creating a PVLAN-Enabled Guest Network
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#.
@@ -1660,7 +1659,7 @@ Creating a PVLAN-Enabled Guest Network
Isolated VLAN.
For the description on Secondary Isolated VLAN, see
- `Section 15.14.1, “About Private VLAN” <#about-pvlan>`__.
+ `Section 15.14.1, “About Private VLAN” <#about-pvlan>`_.
-
@@ -1722,10 +1721,10 @@ Creating a PVLAN-Enabled Guest Network
Click OK to confirm.
Security Groups
-----------------------
+---------------
About Security Groups
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~
Security groups provide a way to isolate traffic to VMs. A security
group is a group of VMs that filter their incoming and outgoing traffic
@@ -1736,8 +1735,8 @@ useful in zones that use basic networking, because there is a single
guest network for all guest VMs. In advanced zones, security groups are
supported only on the KVM hypervisor.
-.. note:: In a zone that uses advanced networking, you can instead define multiple
-guest networks to isolate traffic to VMs.
+.. note::
+ In a zone that uses advanced networking, you can instead define multiple guest networks to isolate traffic to VMs.
Each CloudStack account comes with a default security group that denies
all inbound traffic and allows all outbound traffic. The default
@@ -1760,7 +1759,7 @@ except for responses to any traffic that has been allowed out through an
egress rule.
Adding a Security Group
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~
A user or administrator can define a new security group.
@@ -1796,7 +1795,7 @@ A user or administrator can define a new security group.
Egress Rules to a Security Group.
Security Groups in Advanced Zones (KVM Only)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CloudStack provides the ability to use security groups to provide
isolation between guests on a single shared, zone-wide network in an
@@ -1805,7 +1804,7 @@ advanced zones rather than multiple VLANs allows a greater range of
options for setting up guest isolation in a cloud.
Limitations
-'''''''''''
+^^^^^^^^^^^
The following are not supported for this feature:
@@ -1831,7 +1830,7 @@ Security groups must be enabled in the zone in order for this feature to
be used.
Enabling Security Groups
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~
In order for security groups to function in a zone, the security groups
feature must first be enabled for the zone. The administrator can do
@@ -1842,7 +1841,7 @@ not enable security groups for an existing zone, only when creating a
new zone.
Adding Ingress and Egress Rules to a Security Group
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#.
@@ -1909,7 +1908,7 @@ Adding Ingress and Egress Rules to a Security Group
The following example allows inbound HTTP access from anywhere:
- |httpaccess.png: allows inbound HTTP access from anywhere|
+ |httpaccess.png|
#.
@@ -1969,7 +1968,7 @@ Adding Ingress and Egress Rules to a Security Group
Click Add.
External Firewalls and Load Balancers
---------------------------------------------
+-------------------------------------
CloudStack is capable of replacing its Virtual Router with an external
Juniper SRX device and an optional external NetScaler or F5 load
@@ -1977,15 +1976,15 @@ balancer for gateway and load balancing services. In this case, the VMs
use the SRX as their gateway.
About Using a NetScaler Load Balancer
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Citrix NetScaler is supported as an external network element for load
balancing in zones that use isolated networking in advanced zones. Set
up an external load balancer when you want to provide load balancing
through means other than CloudStack’s provided virtual router.
-.. note:: In a Basic zone, load balancing service is supported only if Elastic IP
-or Elastic LB services are enabled.
+.. note::
+ In a Basic zone, load balancing service is supported only if Elastic IP or Elastic LB services are enabled.
When NetScaler load balancer is used to provide EIP or ELB services in a
Basic zone, ensure that all guest VM traffic must enter and exit through
@@ -1999,7 +1998,7 @@ policy-based route must be set up so that all traffic originated from
the guest VM's are directed to NetScaler device. This is required to
ensure that the outbound traffic from the guest VM's is routed to a
public IP by using NAT.For more information on Elastic IP, see
-`Section 15.11, “About Elastic IP” <#elastic-ip>`__.
+`Section 15.11, “About Elastic IP” <#elastic-ip>`_.
The NetScaler can be set up in direct (outside the firewall) mode. It
must be added before any load balancing rules are deployed on guest VMs
@@ -2052,7 +2051,7 @@ is required. Once a VPX instance is added into CloudStack, it is treated
the same as a VPX on an ESXi host.
Configuring SNMP Community String on a RHEL Server
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The SNMP Community string is similar to a user id or password that
provides access to a network device, such as router. This string is sent
@@ -2069,7 +2068,7 @@ communication between the NetScaler device and the RHEL machine.
Ensure that you installed SNMP on RedHat. If not, run the following
command:
- .. code:: screen
+ .. code:: bash
yum install net-snmp-utils
@@ -2083,10 +2082,11 @@ communication between the NetScaler device and the RHEL machine.
Map the community name into a security name (local and mynetwork,
depending on where the request is coming from):
- .. note:: Use a strong password instead of public when you edit the
- following table.
+ .. note::
+ Use a strong password instead of public when you edit the
+ following table.
- .. code:: screen
+ .. code:: bash
# sec.name source community
com2sec local localhost public
@@ -2098,7 +2098,7 @@ communication between the NetScaler device and the RHEL machine.
Map the security names into group names:
- .. code:: screen
+ .. code:: bash
# group.name sec.model sec.name
group MyRWGroup v1 local
@@ -2110,7 +2110,7 @@ communication between the NetScaler device and the RHEL machine.
Create a view to allow the groups to have the permission to:
- .. code:: screen
+ .. code:: bash
incl/excl subtree mask view all included .1
@@ -2119,7 +2119,7 @@ communication between the NetScaler device and the RHEL machine.
Grant access with different write permissions to the two groups to
the view you created.
- .. code:: screen
+ .. code:: bash
# context sec.model sec.level prefix read write notif
access MyROGroup "" any noauth exact all none none
@@ -2129,7 +2129,7 @@ communication between the NetScaler device and the RHEL machine.
Unblock SNMP in iptables.
- .. code:: screen
+ .. code:: bash
iptables -A INPUT -p udp --dport 161 -j ACCEPT
@@ -2137,7 +2137,7 @@ communication between the NetScaler device and the RHEL machine.
Start the SNMP service:
- .. code:: screen
+ .. code:: bash
service snmpd start
@@ -2146,12 +2146,12 @@ communication between the NetScaler device and the RHEL machine.
Ensure that the SNMP service is started automatically during the
system startup:
- .. code:: screen
+ .. code:: bash
chkconfig snmpd on
Initial Setup of External Firewalls and Load Balancers
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When the first VM is created for a new account, CloudStack programs the
external firewall and load balancer to work with the VM. The following
@@ -2186,7 +2186,7 @@ The following objects are created on the load balancer:
private subnet (e.g. 10.1.1.2).
Ongoing Configuration of External Firewalls and Load Balancers
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Additional user actions (e.g. setting a port forward) will cause further
programming of the firewall and load balancer. A user may request
@@ -2218,22 +2218,23 @@ element. This data is collected on a regular basis and stored in the
CloudStack database.
Load Balancer Rules
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~
A CloudStack user or administrator may create load balancing rules that
balance traffic received at a public IP to one or more VMs. A user
creates a rule, specifies an algorithm, and assigns the rule to a set of
VMs.
-.. note:: If you create load balancing rules while using a network service
-offering that includes an external load balancer device such as
-NetScaler, and later change the network service offering to one that
-uses the CloudStack virtual router, you must create a firewall rule on
-the virtual router for each of your existing load balancing rules so
-that they continue to function.
+.. note::
+ If you create load balancing rules while using a network service
+ offering that includes an external load balancer device such as
+ NetScaler, and later change the network service offering to one that
+ uses the CloudStack virtual router, you must create a firewall rule on
+ the virtual router for each of your existing load balancing rules so
+ that they continue to function.
Adding a Load Balancer Rule
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
#.
@@ -2267,7 +2268,7 @@ Adding a Load Balancer Rule
Addresses page when the rule is created.
To do that, select the name of the network, then click Add Load
- Balancer tab. Continue with `7 <#config-lb>`__.
+ Balancer tab. Continue with `7 <#config-lb>`_.
#.
@@ -2351,7 +2352,7 @@ Adding a Load Balancer Rule
steps to add more load balancer rules for this IP address.
Sticky Session Policies for Load Balancer Rules
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Sticky sessions are used in Web-based applications to ensure continued
availability of information across the multiple requests in a user's
@@ -2378,7 +2379,7 @@ CloudStack UI or call listNetworks and check the
SupportedStickinessMethods capability.
Health Checks for Load Balancer Rules
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
(NetScaler load balancer only; requires NetScaler version 10.0)
@@ -2416,7 +2417,7 @@ For details on how to set a health check policy using the UI, see
Rule” <#add-load-balancer-rule>`__.
Configuring AutoScale
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~
AutoScaling allows you to scale your back-end services or application
VMs up or down seamlessly and automatically according to the conditions
@@ -2439,11 +2440,10 @@ CloudStack uses the NetScaler load balancer to monitor all aspects of a
system's health and work in unison with CloudStack to initiate scale-up
or scale-down actions.
-.. note:: AutoScale is supported on NetScaler Release 10 Build 74.4006.e and
-beyond.
+.. note:: AutoScale is supported on NetScaler Release 10 Build 74.4006.e and beyond.
Prerequisites
-'''''''''''''
+^^^^^^^^^^^^^
Before you configure an AutoScale rule, consider the following:
@@ -2453,9 +2453,10 @@ Before you configure an AutoScale rule, consider the following:
AutoScale. When a VM is deployed by using a template and when it
comes up, the application should be up and running.
- .. note:: If the application is not running, the NetScaler device considers the
- VM as ineffective and continues provisioning the VMs unconditionally
- until the resource limit is exhausted.
+ .. note::
+ If the application is not running, the NetScaler device considers the
+ VM as ineffective and continues provisioning the VMs unconditionally
+ until the resource limit is exhausted.
-
@@ -2506,11 +2507,11 @@ Before you configure an AutoScale rule, consider the following:
configuring AutoScale.
Configuration
-'''''''''''''
+^^^^^^^^^^^^^
Specify the following:
-|autoscaleateconfig.png: Configuring AutoScale|
+|autoscaleateconfig.png|
-
@@ -2539,15 +2540,16 @@ Specify the following:
rule has at least the configured number of active VM instances are
available to serve the traffic.
- .. note:: If an application, such as SAP, running on a VM instance is down for
- some reason, the VM is then not counted as part of Min Instance
- parameter, and the AutoScale feature initiates a scaleup action if
- the number of active VM instances is below the configured value.
- Similarly, when an application instance comes up from its earlier
- down state, this application instance is counted as part of the
- active instance count and the AutoScale process initiates a scaledown
- action when the active instance count breaches the Max instance
- value.
+ .. note::
+ If an application, such as SAP, running on a VM instance is down for
+ some reason, the VM is then not counted as part of Min Instance
+ parameter, and the AutoScale feature initiates a scaleup action if
+ the number of active VM instances is below the configured value.
+ Similarly, when an application instance comes up from its earlier
+ down state, this application instance is counted as part of the
+ active instance count and the AutoScale process initiates a scaledown
+ action when the active instance count breaches the Max instance
+ value.
-
@@ -2561,13 +2563,14 @@ Specify the following:
leads to a single load balancing rule exhausting the VM instances
limit specified at the account or domain level.
- .. note:: If an application, such as SAP, running on a VM instance is down for
- some reason, the VM is not counted as part of Max Instance parameter.
- So there may be scenarios where the number of VMs provisioned for a
- scaleup action might be more than the configured Max Instance value.
- Once the application instances in the VMs are up from an earlier down
- state, the AutoScale feature starts aligning to the configured Max
- Instance value.
+ .. note::
+ If an application, such as SAP, running on a VM instance is down for
+ some reason, the VM is not counted as part of Max Instance parameter.
+ So there may be scenarios where the number of VMs provisioned for a
+ scaleup action might be more than the configured Max Instance value.
+ Once the application instances in the VMs are up from an earlier down
+ state, the AutoScale feature starts aligning to the configured Max
+ Instance value.
Specify the following scale-up and scale-down policies:
@@ -2667,24 +2670,22 @@ advanced settings, and specify the following:
**Apply**: Click Apply to create the AutoScale configuration.
Disabling and Enabling an AutoScale Configuration
-'''''''''''''''''''''''''''''''''''''''''''''''''
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you want to perform any maintenance operation on the AutoScale VM
instances, disable the AutoScale configuration. When the AutoScale
configuration is disabled, no scaleup or scaledown action is performed.
You can use this downtime for the maintenance activities. To disable the
-AutoScale configuration, click the Disable AutoScale |EnableDisable.png:
-button to enable or disable AutoScale.| button.
+AutoScale configuration, click the Disable AutoScale |EnableDisable.png| button.
The button toggles between enable and disable, depending on whether
AutoScale is currently enabled or not. After the maintenance operations
are done, you can enable the AutoScale configuration back. To enable,
open the AutoScale configuration page again, then click the Enable
-AutoScale |EnableDisable.png: button to enable or disable AutoScale.|
-button.
+AutoScale |EnableDisable.png| button.
Updating an AutoScale Configuration
-'''''''''''''''''''''''''''''''''''
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
You can update the various parameters and add or delete the conditions
in a scaleup or scaledown rule. Before you update an AutoScale
@@ -2696,7 +2697,7 @@ apply the new AutoScale policies, open the AutoScale configuration page
again, then click the Enable AutoScale button.
Runtime Considerations
-''''''''''''''''''''''
+^^^^^^^^^^^^^^^^^^^^^^
-
@@ -2721,7 +2722,7 @@ Runtime Considerations
rule.
Global Server Load Balancing Support
--------------------------------------------
+------------------------------------
CloudStack supports Global Server Load Balancing (GSLB) functionalities
to provide business continuity, and enable seamless resource movement
@@ -2739,7 +2740,7 @@ provider in CloudStack. GSLB functionality works in an Active-Active
data center environment.
About Global Server Load Balancing
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Global Server Load Balancing (GSLB) is an extension of load balancing
functionality, which is highly efficient in avoiding downtime. Based on
@@ -2752,7 +2753,7 @@ accessing a resource in the event of a failure, or to provide a means of
shifting traffic easily to simplify maintenance, or both.
Components of GSLB
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^
A typical GSLB environment is comprised of the following components:
@@ -2819,7 +2820,7 @@ A typical GSLB environment is comprised of the following components:
ADNS service IP and port.
How Does GSLB Works in CloudStack?
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Global server load balancing is used to manage the traffic flow to a web
site hosted on two separate zones that ideally are in different
@@ -2856,7 +2857,7 @@ the mechanism to monitor health of virtual servers both at local and
remote sites. The cloud admin enables GSLB as a service to the tenants
that use zones 1 and 2.
-|gslb.png: GSLB architecture|
+|gslb.png|
Tenant-A wishes to leverage the GSLB service provided by the xyztelco
cloud. Tenant-A configures a GSLB rule to load balance traffic across
@@ -2886,7 +2887,7 @@ will be resolved to the public IP associated with the selected virtual
server.
Configuring GSLB
-~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~
To configure a GSLB deployment, you must first configure a standard load
balancing setup for each zone. This enables you to balance load across
@@ -2912,7 +2913,7 @@ above, the administrator of xyztelco is the one who sets up GSLB:
On the NetScaler side, configure GSLB as given in `Configuring Global
Server Load Balancing
- (GSLB) <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-con.html>`__:
+ (GSLB) <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-con.html>`_:
#.
@@ -2922,7 +2923,7 @@ above, the administrator of xyztelco is the one who sets up GSLB:
Configure Authoritative DNS, as explained in `Configuring an
Authoritative DNS
- Service <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-adns-svc-tsk.html>`__.
+ Service <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-adns-svc-tsk.html>`_.
#.
@@ -2936,28 +2937,28 @@ above, the administrator of xyztelco is the one who sets up GSLB:
and B.xyztelco.com.
For more information, see `Configuring a Basic GSLB
- Site <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-basic-site-tsk.html>`__.
+ Site <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-basic-site-tsk.html>`_.
#.
Configure a GSLB virtual server.
For more information, see `Configuring a GSLB Virtual
- Server <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-vsvr-tsk.html>`__.
+ Server <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-vsvr-tsk.html>`_.
#.
Configure a GSLB service for each virtual server.
For more information, see `Configuring a GSLB
- Service <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-svc-tsk.html>`__.
+ Service <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-svc-tsk.html>`_.
#.
Bind the GSLB services to the GSLB virtual server.
For more information, see `Binding GSLB Services to a GSLB Virtual
- Server <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-bind-svc-vsvr-tsk.html>`__.
+ Server <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-bind-svc-vsvr-tsk.html>`_.
#.
@@ -2965,7 +2966,7 @@ above, the administrator of xyztelco is the one who sets up GSLB:
from the domain details.
For more information, see `Binding a Domain to a GSLB Virtual
- Server <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-bind-dom-vsvr-tsk.html>`__.
+ Server <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-bind-dom-vsvr-tsk.html>`_.
#.
@@ -2973,7 +2974,7 @@ above, the administrator of xyztelco is the one who sets up GSLB:
NetScaler device.
For more information, see `Section 15.17.2.2, “Enabling GSLB in
- NetScaler” <#enable-glsb-ns>`__.
+ NetScaler” <#enable-glsb-ns>`_.
As a domain administrator/ user perform the following:
@@ -2981,17 +2982,17 @@ As a domain administrator/ user perform the following:
Add a GSLB rule on both the sites.
- See `Section 15.17.2.3, “Adding a GSLB Rule” <#gslb-add>`__.
+ See `Section 15.17.2.3, “Adding a GSLB Rule” <#gslb-add>`_.
#.
Assign load balancer rules.
See `Section 15.17.2.4, “Assigning Load Balancing Rules to
- GSLB” <#assign-lb-gslb>`__.
+ GSLB” <#assign-lb-gslb>`_.
Prerequisites and Guidelines
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
@@ -3070,7 +3071,7 @@ Prerequisites and Guidelines
Statistics is collected from each GSLB virtual server.
Enabling GSLB in NetScaler
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^
In each zone, add GSLB-enabled NetScaler device for load balancing.
@@ -3173,7 +3174,7 @@ In each zone, add GSLB-enabled NetScaler device for load balancing.
Click OK.
Adding a GSLB Rule
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^
#.
@@ -3197,7 +3198,7 @@ Adding a GSLB Rule
The Add GSLB page is displayed as follows:
- |gslb-add.png: adding a gslb rule|
+ |gslb-add.png|
#.
@@ -3242,7 +3243,7 @@ Adding a GSLB Rule
Click OK to confirm.
Assigning Load Balancing Rules to GSLB
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
#.
@@ -3281,14 +3282,14 @@ Assigning Load Balancing Rules to GSLB
Click OK to confirm.
Known Limitation
-~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~
Currently, CloudStack does not support orchestration of services across
the zones. The notion of services and service providers in region are to
be introduced.
Guest IP Ranges
-----------------------
+---------------
The IP ranges for guest network traffic are set on a per-account basis
by the user. This allows the users to configure their network in a
@@ -3302,7 +3303,7 @@ For more information, see `Section 15.10, “About Multiple IP
Ranges” <#multiple-ip-range>`__.
Acquiring a New IP Address
----------------------------------
+--------------------------
#.
@@ -3334,14 +3335,14 @@ Acquiring a New IP Address
want a normal Public IP click No.
For more information on Portable IP, see `Section 15.12, “Portable
- IPs” <#portable-ip>`__.
+ IPs” <#portable-ip>`_.
Within a few moments, the new IP address should appear with the state
Allocated. You can now use the IP address in port forwarding or
static NAT rules.
Releasing an IP Address
-------------------------------
+-----------------------
When the last rule for an IP address is removed, you can release that IP
address. The IP address still belongs to the VPC; however, it can be
@@ -3369,8 +3370,8 @@ picked up for any guest network again.
#.
- Click the Release IP button. |ReleaseIPButton.png: button to release
- an IP|
+ Click the Release IP button. |ReleaseIPButton.png|
+
Static NAT
-----------------
@@ -3382,7 +3383,7 @@ This section tells how to enable or disable static NAT for a particular
IP address.
Enabling or Disabling Static NAT
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If port forwarding rules are already in effect for an IP address, you
cannot enable static NAT to that IP.
@@ -3412,7 +3413,7 @@ function only if they are defined on the default network.
#.
- Click the Static NAT |enabledisablenat.png: button to enable/disable NAT|
+ Click the Static NAT |enabledisablenat.png|
button.
The button toggles between Enable and Disable, depending on whether
@@ -3424,7 +3425,7 @@ function only if they are defined on the default network.
the destination VM and click Apply.
IP Forwarding and Firewalling
-------------------------------------
+-----------------------------
By default, all incoming traffic to the public IP address is rejected.
All outgoing traffic from the guests is also blocked by default.
@@ -3441,7 +3442,7 @@ forwarding rule could route incoming traffic on the public IP's port 33
to port 100 on one user VM's private IP.
Firewall Rules
-~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~
By default, all incoming traffic to the public IP address is rejected by
the firewall. To allow external traffic, you can open firewall ports by
@@ -3452,11 +3453,11 @@ incoming requests from certain IP addresses.
You cannot use firewall rules to open ports for an elastic IP address.
When elastic IP is used, outside access is instead controlled through
the use of security groups. See `Section 15.15.2, “Adding a Security
-Group” <#add-security-group>`__.
+Group” <#add-security-group>`_.
In an advanced zone, you can also create egress firewall rules by using
the virtual router. For more information, see `Section 15.22.2, “Egress
-Firewall Rules in an Advanced Zone” <#egress-firewall-rule>`__.
+Firewall Rules in an Advanced Zone” <#egress-firewall-rule>`_.
Firewall rules can be created using the Firewall tab in the Management
Server UI. This tab is not displayed by default when CloudStack is
@@ -3520,7 +3521,7 @@ To create a firewall rule:
Click Add.
Egress Firewall Rules in an Advanced Zone
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The egress traffic originates from a private network to a public
network, such as the Internet. By default, the egress traffic is blocked
@@ -3532,7 +3533,7 @@ allowed and the remaining traffic is blocked. When all the firewall
rules are removed the default policy, Block, is applied.
Prerequisites and Guidelines
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Consider the following scenarios to apply egress firewall rules:
@@ -3566,7 +3567,7 @@ Consider the following scenarios to apply egress firewall rules:
will have the default egress policy Deny.
Configuring an Egress Firewall Rule
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
#.
@@ -3587,7 +3588,7 @@ Configuring an Egress Firewall Rule
following fields to specify what type of traffic is allowed to be
sent out of VM instances in this guest network:
- |egress-firewall-rule.png: adding an egress firewall rule|
+ |egress-firewall-rule.png|
-
@@ -3620,7 +3621,7 @@ Configuring an Egress Firewall Rule
Click Add.
Configuring the Default Egress Policy
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The default egress policy for Isolated guest network is configured by
using Network offering. Use the create network offering option to
@@ -3694,7 +3695,7 @@ This feature is supported only on virtual router and Juniper SRX.
traffic blocked or allowed.
Port Forwarding
-~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~
A port forward service is a set of port forwarding rules that define a
policy. A port forward service is then applied to one or more guest VMs.
@@ -3776,7 +3777,7 @@ To set up port forwarding:
Click Add.
IP Load Balancing
-------------------------
+-----------------
The user may choose to associate the same public IP for multiple guests.
CloudStack implements a TCP-level load balancer with the following
@@ -3798,14 +3799,14 @@ This is similar to port forwarding but the destination may be multiple
IP addresses.
DNS and DHCP
--------------------
+------------
The Virtual Router provides DNS and DHCP services to the guests. It
proxies DNS requests to the DNS server configured on the Availability
Zone.
Remote Access VPN
-------------------------
+-----------------
CloudStack account owners can create virtual private networks (VPN) to
access their virtual machines. If the guest network is instantiated from
@@ -3821,9 +3822,10 @@ The VPN user database is shared across all the VPNs created by the
account owner. All VPN users get access to all VPNs created by the
account owner.
-.. note:: Make sure that not all traffic goes through the VPN. That is, the route
-installed by the VPN should be only for the guest network and not for
-all traffic.
+.. note::
+ Make sure that not all traffic goes through the VPN. That is, the route
+ installed by the VPN should be only for the guest network and not for
+ all traffic.
-
@@ -3845,7 +3847,7 @@ all traffic.
Connection” <#site-to-site-vpn>`__
Configuring Remote Access VPN
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To set up VPN for the cloud:
@@ -3900,12 +3902,12 @@ To enable VPN for a particular network:
#.
- Click the Enable VPN button. |EnableVPNButton.png: button to enable a VPN|
+ Click the Enable VPN button. |vpn-icon.png|
The IPsec key is displayed in a popup window.
Configuring Remote Access VPN in VPC
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
On enabling Remote Access VPN on a VPC, any VPN client present outside
the VPC can access VMs present in the VPC by using the Remote VPN
@@ -3985,7 +3987,7 @@ To enable VPN for a VPC:
#.
- Click the Enable VPN button. |vpn-icon.png: button to enable VPN|
+ Click the Enable VPN button. |vpn-icon.png|
Click OK to confirm. The IPsec key is displayed in a pop-up window.
@@ -4013,7 +4015,7 @@ Now, you need to add the VPN users.
Repeat the same steps to add the VPN users.
Using Remote Access VPN with Windows
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The procedure to use VPN varies by Windows version. Generally, the user
must edit the VPN properties and make sure that the default route is not
@@ -4066,11 +4068,11 @@ Vista. The commands should be similar for other Windows versions.
Right-click the new connection and select Properties. In the
Properties dialog, select the Networking tab.
-#.
+#.
In Type of VPN, choose L2TP IPsec VPN, then click IPsec settings.
Select Use preshared key. Enter the preshared key from step
- `1 <#source-nat>`__.
+ `1 <#source-nat>`_.
#.
@@ -4079,10 +4081,10 @@ Vista. The commands should be similar for other Windows versions.
#.
- Enter the user name and password from step `1 <#source-nat>`__.
+ Enter the user name and password from step `1 <#source-nat>`_.
Using Remote Access VPN with Mac OS X
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
First, be sure you've configured the VPN settings in your CloudStack
install. This section is only concerned with connecting via Mac OS X to
@@ -4138,7 +4140,7 @@ differ slightly in older or newer releases of Mac OS X.
Now click "Connect" and you will be connected to the CloudStack VPN.
Setting Up a Site-to-Site VPN Connection
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A Site-to-Site VPN connection helps you establish a secure connection
from an enterprise datacenter to the cloud infrastructure. This allows
@@ -4169,9 +4171,10 @@ The supported endpoints on the remote datacenters are:
CloudStack virtual routers
-.. note:: In addition to the specific Cisco and Juniper devices listed above, the
-expectation is that any Cisco or Juniper device running on the supported
-operating systems are able to establish VPN connections.
+.. note::
+ In addition to the specific Cisco and Juniper devices listed above, the
+ expectation is that any Cisco or Juniper device running on the supported
+ operating systems are able to establish VPN connections.
To set up a Site-to-Site VPN connection, perform the following:
@@ -4180,7 +4183,7 @@ To set up a Site-to-Site VPN connection, perform the following:
Create a Virtual Private Cloud (VPC).
See `Section 15.27, “Configuring a Virtual Private
- Cloud” <#configure-vpc>`__.
+ Cloud” <#configure-vpc>`_.
#.
@@ -4196,10 +4199,10 @@ To set up a Site-to-Site VPN connection, perform the following:
gateway.
Creating and Updating a VPN Customer Gateway
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-.. note:: A VPN customer gateway can be connected to only one VPN gateway at a
-time.
+.. note::
+ A VPN customer gateway can be connected to only one VPN gateway at a time.
To add a VPN Customer Gateway:
@@ -4219,7 +4222,7 @@ To add a VPN Customer Gateway:
Click Add VPN Customer Gateway.
- |addvpncustomergateway.png: adding a customer gateway.|
+ |addvpncustomergateway.png|
Provide the following information:
@@ -4245,12 +4248,13 @@ To add a VPN Customer Gateway:
authenticate the customer gateway and the VPC VPN gateway to each
other.
- .. note:: The IKE peers (VPN end points) authenticate each other by
- computing and sending a keyed hash of data that includes the
- Preshared key. If the receiving peer is able to create the same
- hash independently by using its Preshared key, it knows that both
- peers must share the same secret, thus authenticating the customer
- gateway.
+ .. note::
+ The IKE peers (VPN end points) authenticate each other by
+ computing and sending a keyed hash of data that includes the
+ Preshared key. If the receiving peer is able to create the same
+ hash independently by using its Preshared key, it knows that both
+ peers must share the same secret, thus authenticating the customer
+ gateway.
-
@@ -4259,11 +4263,12 @@ To add a VPN Customer Gateway:
AES256, and 3DES. Authentication is accomplished through the
Preshared Keys.
- .. note:: The phase-1 is the first phase in the IKE process. In this initial
- negotiation phase, the two VPN endpoints agree on the methods to
- be used to provide security for the underlying IP traffic. The
- phase-1 authenticates the two VPN gateways to each other, by
- confirming that the remote gateway has a matching Preshared Key.
+ .. note::
+ The phase-1 is the first phase in the IKE process. In this initial
+ negotiation phase, the two VPN endpoints agree on the methods to
+ be used to provide security for the underlying IP traffic. The
+ phase-1 authenticates the two VPN gateways to each other, by
+ confirming that the remote gateway has a matching Preshared Key.
-
@@ -4284,11 +4289,12 @@ To add a VPN Customer Gateway:
within phase-2. The supported encryption algorithms are AES128,
AES192, AES256, and 3DES.
- .. note:: The phase-2 is the second phase in the IKE process. The purpose of
- IKE phase-2 is to negotiate IPSec security associations (SA) to
- set up the IPSec tunnel. In phase-2, new keying material is
- extracted from the Diffie-Hellman key exchange in phase-1, to
- provide session keys to use in protecting the VPN data flow.
+ .. note::
+ The phase-2 is the second phase in the IKE process. The purpose of
+ IKE phase-2 is to negotiate IPSec security associations (SA) to
+ set up the IPSec tunnel. In phase-2, new keying material is
+ extracted from the Diffie-Hellman key exchange in phase-1, to
+ provide session keys to use in protecting the VPN data flow.
-
@@ -4307,11 +4313,12 @@ To add a VPN Customer Gateway:
of the key exchanges increase as the DH groups grow larger, as
does the time of the exchanges.
- .. note:: When PFS is turned on, for every negotiation of a new phase-2 SA
- the two gateways must generate a new set of phase-1 keys. This
- adds an extra layer of protection that PFS adds, which ensures if
- the phase-2 SA’s have expired, the keys used for new phase-2 SA’s
- have not been generated from the current phase-1 keying material.
+ .. note::
+ When PFS is turned on, for every negotiation of a new phase-2 SA
+ the two gateways must generate a new set of phase-1 keys. This
+ adds an extra layer of protection that PFS adds, which ensures if
+ the phase-2 SA’s have expired, the keys used for new phase-2 SA’s
+ have not been generated from the current phase-1 keying material.
-
@@ -4363,19 +4370,19 @@ related VPN connection is in error state.
#.
To modify the required parameters, click the Edit VPN Customer
- Gateway button |edit.png: button to edit a VPN customer gateway|
+ Gateway button |edit-icon.png|
#.
To remove the VPN customer gateway, click the Delete VPN Customer
- Gateway button |delete.png: button to remove a VPN customer gateway|
+ Gateway button |delete.png|
#.
Click OK.
Creating a VPN gateway for the VPC
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
#.
@@ -4470,7 +4477,7 @@ Creating a VPN gateway for the VPC
Domain
Creating a VPN Connection
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^
.. note:: CloudStack supports creating up to 8 VPN connections.
@@ -4557,8 +4564,7 @@ Creating a VPN Connection
The Create VPN Connection dialog is displayed:
- |createvpnconnection.png: creating a VPN connection to the customer
- gateway.|
+ |createvpnconnection.png|
#.
@@ -4608,7 +4614,7 @@ Creating a VPN Connection
ESP Policy
Site-to-Site VPN Connection Between VPC Networks
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
CloudStack provides you with the ability to establish a site-to-site VPN
connection between CloudStack virtual routers. To achieve that, add a
@@ -4665,7 +4671,7 @@ This feature is supported on all the hypervisors.
connections to show the Connected state.
Restarting and Removing a VPN Connection
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
#.
@@ -4756,11 +4762,10 @@ Restarting and Removing a VPN Connection
#.
To remove a VPN connection, click the Delete VPN connection button
- |remove-vpn.png: button to remove a VPN connection|
+ |remove-vpn.png|
To restart a VPN connection, click the Reset VPN connection button
- present in the Details tab. |reset-vpn.png: button to reset a VPN
- connection|
+ present in the Details tab. |reset-vpn.png|
About Inter-VLAN Routing (nTier Apps)
--------------------------------------------
@@ -4789,8 +4794,8 @@ The major advantages are:
from a pre-specified set of guest VLANs. All the VMs of a certain
tier of an account reside on the guest VLAN allotted to that account.
- .. note:: A VLAN allocated for an account cannot be shared between multiple
- accounts.
+ .. note::
+ A VLAN allocated for an account cannot be shared between multiple accounts.
-
@@ -4813,7 +4818,7 @@ The major advantages are:
**VPN Gateway**: For more information, see `Section 15.25.5.2,
“Creating a VPN gateway for the
- VPC” <#create-vpn-gateway-for-vpc>`__.
+ VPC” <#create-vpn-gateway-for-vpc>`_.
-
@@ -4825,7 +4830,7 @@ The major advantages are:
-
**Private Gateway**: For more information, see `Section 15.27.5,
- “Adding a Private Gateway to a VPC” <#add-gateway-vpc>`__.
+ “Adding a Private Gateway to a VPC” <#add-gateway-vpc>`_.
-
@@ -4859,16 +4864,16 @@ The major advantages are:
The following figure shows the possible deployment scenarios of a
Inter-VLAN setup:
-|mutltier.png: a multi-tier setup.|
+|mutltier.png|
To set up a multi-tier Inter-VLAN deployment, see `Section 15.27,
-“Configuring a Virtual Private Cloud” <#configure-vpc>`__.
+“Configuring a Virtual Private Cloud” <#configure-vpc>`_.
Configuring a Virtual Private Cloud
-------------------------------------------
+-----------------------------------
About Virtual Private Clouds
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CloudStack Virtual Private Cloud is a private, isolated part of
CloudStack. A VPC can have its own virtual network topology that
@@ -4883,7 +4888,7 @@ networks can have the network ranges 10.0.1.0/24, 10.0.2.0/24,
10.0.3.0/24, and so on.
Major Components of a VPC:
-''''''''''''''''''''''''''
+^^^^^^^^^^^^^^^^^^^^^^^^^^
A VPC is comprised of the following network components:
@@ -4920,7 +4925,7 @@ A VPC is comprised of the following network components:
**Private Gateway**: All the traffic to and from a private network
routed to the VPC through the private gateway. For more information,
see `Section 15.27.5, “Adding a Private Gateway to a
- VPC” <#add-gateway-vpc>`__.
+ VPC” <#add-gateway-vpc>`_.
-
@@ -4931,20 +4936,20 @@ A VPC is comprised of the following network components:
**Site-to-Site VPN Connection**: A hardware-based VPN connection
between your VPC and your datacenter, home network, or co-location
facility. For more information, see `Section 15.25.5, “Setting Up a
- Site-to-Site VPN Connection” <#site-to-site-vpn>`__.
+ Site-to-Site VPN Connection” <#site-to-site-vpn>`_.
-
**Customer Gateway**: The customer side of a VPN Connection. For more
information, see `Section 15.25.5.1, “Creating and Updating a VPN
- Customer Gateway” <#create-vpn-customer-gateway>`__.
+ Customer Gateway” <#create-vpn-customer-gateway>`_.
-
**NAT Instance**: An instance that provides Port Address Translation
for instances to access the Internet via the public gateway. For more
information, see `Section 15.27.10, “Enabling or Disabling Static NAT
- on a VPC” <#enable-disable-static-nat-vpc>`__.
+ on a VPC” <#enable-disable-static-nat-vpc>`_.
-
@@ -4953,10 +4958,10 @@ A VPC is comprised of the following network components:
starting with the lowest numbered rule. These rules determine whether
traffic is allowed in or out of any tier associated with the network
ACL. For more information, see `Section 15.27.4, “Configuring Network
- Access Control List” <#configure-acl>`__.
+ Access Control List” <#configure-acl>`_.
Network Architecture in a VPC
-'''''''''''''''''''''''''''''
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
In a VPC, the following four basic options of network architectures are
present:
@@ -4978,7 +4983,7 @@ present:
VPC with a private gateway only and site-to-site VPN access
Connectivity Options for a VPC
-''''''''''''''''''''''''''''''
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
You can connect your VPC to:
@@ -4997,7 +5002,7 @@ You can connect your VPC to:
public gateway and a VPN gateway.
VPC Network Considerations
-''''''''''''''''''''''''''
+^^^^^^^^^^^^^^^^^^^^^^^^^^
Consider the following before you create a VPC:
@@ -5083,7 +5088,7 @@ Consider the following before you create a VPC:
Remote access VPN is not supported in VPC networks.
Adding a Virtual Private Cloud
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When creating the VPC, you simply provide the zone and a set of IP
addresses for the VPC network address space. You specify this set of
@@ -5105,7 +5110,7 @@ addresses in the form of a Classless Inter-Domain Routing (CIDR) block.
Click Add VPC. The Add VPC page is displayed as follows:
- |add-vpc.png: adding a vpc.|
+ |add-vpc.png|
Provide the following information:
@@ -5146,7 +5151,7 @@ addresses in the form of a Classless Inter-Domain Routing (CIDR) block.
Click OK.
Adding Tiers
-~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~
Tiers are distinct locations within a VPC that act as isolated networks,
which do not have access to other tiers by default. Tiers are set up on
@@ -5169,8 +5174,9 @@ other tiers within the VPC.
All the VPC that you have created for the account is listed in the
page.
- .. note:: The end users can see their own VPCs, while root and domain admin can
- see any VPC they are authorized to see.
+ .. note::
+ The end users can see their own VPCs, while root and domain admin can
+ see any VPC they are authorized to see.
#.
@@ -5183,7 +5189,7 @@ other tiers within the VPC.
The Add new tier dialog is displayed, as follows:
- |add-tier.png: adding a tier to a vpc.|
+ |add-tier.png|
If you have already created tiers, the VPC diagram is displayed.
Click Create Tier to add a new tier.
@@ -5242,7 +5248,7 @@ other tiers within the VPC.
Continue with configuring access control list for the tier.
Configuring Network Access Control List
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Define Network Access Control List (ACL) on the VPC virtual router to
control incoming (ingress) and outgoing (egress) traffic between the VPC
@@ -5255,7 +5261,7 @@ network ACLs can be created for the tiers only if the NetworkACL service
is supported.
About Network ACL Lists
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^
In CloudStack terminology, Network ACL is a group of Network ACL items.
Network ACL items are nothing but numbered rules that are evaluated in
@@ -5272,38 +5278,15 @@ behavior is all the incoming traffic is blocked and outgoing traffic is
allowed from the tiers. Default network ACL cannot be removed or
modified. Contents of the default Network ACL is:
-Rule
-
-Protocol
-
-Traffic type
-
-Action
-
-CIDR
-
-1
-
-All
-
-Ingress
-
-Deny
-
-0.0.0.0/0
-
-2
-
-All
-
-Egress
-
-Deny
-
-0.0.0.0/0
+===== ======== ============ ====== =========
+Rule Protocol Traffic type Action CIDR
+===== ======== ============ ====== =========
+1 All Ingress Deny 0.0.0.0/0
+2 All Egress Deny 0.0.0.0/0
+===== ======== ============ ====== =========
Creating ACL Lists
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^
#.
@@ -5385,7 +5368,7 @@ Creating ACL Lists
displayed to users.
Creating an ACL Rule
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^
#.
@@ -5481,7 +5464,7 @@ Creating an ACL Rule
tab.
Creating a Tier with Custom ACL List
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
#.
@@ -5506,7 +5489,7 @@ Creating a Tier with Custom ACL List
Click OK.
Assigning a Custom ACL List to a Tier
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
#.
@@ -5534,8 +5517,7 @@ Assigning a Custom ACL List to a Tier
#.
- Click the Replace ACL List icon. |replace-acl-icon.png: button to
- replace an ACL list|
+ Click the Replace ACL List icon. |replace-acl-icon.png|
The Replace ACL List dialog is displayed.
@@ -5548,7 +5530,7 @@ Assigning a Custom ACL List to a Tier
Click OK.
Adding a Private Gateway to a VPC
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A private gateway can be added by the root admin only. The VPC private
network has 1:1 relationship with the NIC of the physical network. You
@@ -5632,7 +5614,7 @@ with duplicated VLAN and IP are allowed in the same data center.
Click Add new gateway:
- |add-new-gateway-vpc.png: adding a private gateway for the VPC.|
+ |add-new-gateway-vpc.png|
#.
@@ -5680,7 +5662,7 @@ with duplicated VLAN and IP are allowed in the same data center.
add more gateway for this VPC.
Source NAT on Private Gateway
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
You might want to deploy multiple VPCs with the same super CIDR and
guest tier CIDR. Therefore, multiple guest VMs from different VPCs can
@@ -5698,7 +5680,7 @@ To enable source NAT on existing private gateways, delete them and
create afresh with source NAT.
ACL on Private Gateway
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^
The traffic on the VPC private gateway is controlled by creating both
ingress and egress network ACL rules. The ACLs contains both allow and
@@ -5719,11 +5701,11 @@ Alternatively, you can do the following:
-
- Use the Quickview. See `3 <#quickview>`__.
+ Use the Quickview. See `3 <#quickview>`_.
-
- Use the Details tab. See `4 <#details-tab>`__ through .
+ Use the Details tab. See `4 <#details-tab>`_ through .
#.
@@ -5737,7 +5719,7 @@ Alternatively, you can do the following:
#.
In the Detail tab, click the Replace ACL button.
- |replace-acl-icon.png: button to replace the default ACL behaviour.|
+ |replace-acl-icon.png|
The Replace ACL dialog is displayed.
@@ -5749,7 +5731,7 @@ Alternatively, you can do the following:
in the Details page.
Creating a Static Route
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^
CloudStack enables you to specify routing for the VPN connection you
create. You can enter one or CIDR addresses to indicate which traffic is
@@ -5779,7 +5761,7 @@ to be routed back to the gateway.
Wait for few seconds until the new route is created.
Blacklisting Routes
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^
CloudStack enables you to block a list of routes so that they are not
assigned to any of the VPC private gateways. Specify the list of routes
@@ -5790,7 +5772,7 @@ continue functioning. You cannot add a static route if the route is
blacklisted for the zone.
Deploying VMs to the Tier
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~
#.
@@ -5819,7 +5801,7 @@ Deploying VMs to the Tier
Click Virtual Machines tab of the tier to which you want to add a VM.
- |add-vm-vpc.png: adding a VM to a vpc.|
+ |add-vm-vpc.png|
The Add Instance page is displayed.
@@ -5827,7 +5809,7 @@ Deploying VMs to the Tier
on adding an instance, see the Installation Guide.
Deploying VMs to VPC Tier and Shared Networks
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CloudStack allows you deploy VMs on a VPC tier and one or more shared
networks. With this feature, VMs deployed in a multi-tier application
@@ -5866,8 +5848,7 @@ service provider.
You can deploy a VM to a VPC tier and multiple shared networks.
- |addvm-tier-sharednw.png: adding a VM to a VPC tier and shared
- network.|
+ |addvm-tier-sharednw.png|
#.
@@ -5876,7 +5857,7 @@ service provider.
Your VM will be deployed to the selected VPC tier and shared network.
Acquiring a New IP Address for a VPC
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When you acquire an IP address, all IP addresses are allocated to VPC,
not to the guest networks within the VPC. The IPs are associated to the
@@ -5963,7 +5944,7 @@ associated to more than one network at a time.
address in port forwarding, load balancing, and static NAT rules.
Releasing an IP Address Alloted to a VPC
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The IP address is a limited resource. If you no longer need a particular
IP, you can disassociate it from its VPC and return it to the pool of
@@ -6046,11 +6027,10 @@ still belongs to the same VPC.
#.
- In the Details tab, click the Release IP button |release-ip-icon.png:
- button to release an IP.|
+ In the Details tab, click the Release IP button |release-ip-icon.png|
Enabling or Disabling Static NAT on a VPC
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A static NAT rule maps a public IP address to the private IP address of
a VM in a VPC to allow Internet traffic to it. This section tells how to
@@ -6137,8 +6117,8 @@ function only if they are defined on the default network.
#.
- In the Details tab,click the Static NAT button. |enable-disable.png:
- button to enable Static NAT.| The button toggles between Enable and
+ In the Details tab,click the Static NAT button. |enable-disable.png|
+ The button toggles between Enable and
Disable, depending on whether static NAT is currently enabled for the
IP address.
@@ -6146,14 +6126,14 @@ function only if they are defined on the default network.
If you are enabling static NAT, a dialog appears as follows:
- |select-vmstatic-nat.png: selecting a tier to apply staticNAT.|
+ |select-vmstatic-nat.png|
#.
Select the tier and the destination VM, then click Apply.
Adding Load Balancing Rules on a VPC
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In a VPC, you can configure two types of load balancing—external LB and
internal LB. External LB is nothing but a LB rule created to redirect
@@ -6167,7 +6147,7 @@ load balancing devices are not supported for internal LB. The service is
provided by a internal LB VM configured on the target tier.
Load Balancing Within a Tier (External LB)
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
A CloudStack user or administrator may create load balancing rules that
balance traffic received at a public IP to one or more VMs that belong
@@ -6176,7 +6156,7 @@ creates a rule, specifies an algorithm, and assigns the rule to a set of
VMs within a tier.
Enabling NetScaler as the LB Provider on a VPC Tier
-'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
+'''''''''''''''''''''''''''''''''''''''''''''''''''
#.
@@ -6208,7 +6188,7 @@ Enabling NetScaler as the LB Provider on a VPC Tier
Rule” <#ext-lb-vpc>`__.
Creating a Network Offering for External LB
-'''''''''''''''''''''''''''''''''''''''''''''''''''''''''
+'''''''''''''''''''''''''''''''''''''''''''
To have external LB support on VPC, create a network offering as
follows:
@@ -6265,7 +6245,7 @@ follows:
isolated part of CloudStack. A VPC can have its own virtual
network topology that resembles a traditional physical network.
For more information on VPCs, see `Section 15.27.1, “About Virtual
- Private Clouds” <#vpc>`__.
+ Private Clouds” <#vpc>`_.
-
@@ -6302,7 +6282,7 @@ follows:
Click OK and the network offering is created.
Creating an External LB Rule
-''''''''''''''''''''''''''''''''''''''''''
+''''''''''''''''''''''''''''
#.
@@ -6437,19 +6417,19 @@ The new load balancing rule appears in the list. You can repeat these
steps to add more load balancing rules for this IP address.
Load Balancing Across Tiers
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
CloudStack supports sharing workload across different tiers within your
VPC. Assume that multiple tiers are set up in your environment, such as
Web tier and Application tier. Traffic to each tier is balanced on the
VPC virtual router on the public side, as explained in
`Section 15.27.11, “Adding Load Balancing Rules on a
-VPC” <#add-loadbalancer-rule-vpc>`__. If you want the traffic coming
+VPC” <#add-loadbalancer-rule-vpc>`_. If you want the traffic coming
from the Web tier to the Application tier to be balanced, use the
internal load balancing feature offered by CloudStack.
How Does Internal LB Work in VPC?
-'''''''''''''''''''''''''''''''''''''''''''''''
+'''''''''''''''''''''''''''''''''
In this figure, a public LB rule is created for the public IP
72.52.125.10 with public port 80 and private port 81. The LB rule,
@@ -6463,10 +6443,10 @@ configured on the VM, InternalLBVM1. Another internal LB rule for the
guest IP 10.10.10.6, with load balancer port 23 and instance port 25 is
configured on the VM, InternalLBVM2.
-|vpc-lb.png: Configuring internal LB for VPC|
+|vpc-lb.png|
Guidelines
-''''''''''''''''''''''''
+''''''''''
-
@@ -6497,7 +6477,7 @@ Guidelines
Only one tier can have Public LB support in a VPC.
Enabling Internal LB on a VPC Tier
-''''''''''''''''''''''''''''''''''''''''''''''''
+''''''''''''''''''''''''''''''''''
#.
@@ -6511,7 +6491,7 @@ Enabling Internal LB on a VPC Tier
Rule” <#int-lb-vpc>`__.
Creating a Network Offering for Internal LB
-'''''''''''''''''''''''''''''''''''''''''''''''''''''''''
+'''''''''''''''''''''''''''''''''''''''''''
To have internal LB support on VPC, either use the default offering,
DefaultIsolatedNetworkOfferingForVpcNetworksWithInternalLB, or create a
@@ -6601,7 +6581,7 @@ network offering as follows:
Click OK and the network offering is created.
Creating an Internal LB Rule
-''''''''''''''''''''''''''''''''''''''''''
+''''''''''''''''''''''''''''
When you create the Internal LB rule and applies to a VM, an Internal LB
VM, which is responsible for load balancing, is created.
@@ -6694,7 +6674,7 @@ the location.
Source
Adding a Port Forwarding Rule on a VPC
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#.
@@ -6813,7 +6793,7 @@ Adding a Port Forwarding Rule on a VPC
You can test the rule by opening an SSH session to the instance.
Removing Tiers
-~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~
You can remove a tier from a VPC. A removed tier cannot be revoked. When
a tier is removed, only the resources of the tier are expunged. All the
@@ -6851,12 +6831,12 @@ belonging to the same VPC.
#.
In the Network Details tab, click the Delete Network button.
- |del-tier.png: button to remove a tier|
+ |del-tier.png|
Click Yes to confirm. Wait for some time for the tier to be removed.
Editing, Restarting, and Removing a Virtual Private Cloud
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. note:: Ensure that all the tiers are removed before you remove a VPC.
@@ -6881,21 +6861,19 @@ Editing, Restarting, and Removing a Virtual Private Cloud
#.
- In the Details tab, click the Remove VPC button |remove-vpc.png:
- button to remove a VPC|
+ In the Details tab, click the Remove VPC button |remove-vpc.png|
You can remove the VPC by also using the remove button in the Quick
View.
You can edit the name and description of a VPC. To do that, select
- the VPC, then click the Edit button. |edit-icon.png: button to edit a
- VPC|
+ the VPC, then click the Edit button. |edit-icon.png|
To restart a VPC, select the VPC, then click the Restart button.
- |restart-vpc.png: button to restart a VPC|
+ |restart-vpc.png|
Persistent Networks
---------------------------
+-------------------
The network that you can provision without having to deploy any VMs on
it is called a persistent network. A persistent network can be part of a
@@ -6920,7 +6898,7 @@ therefore even if all its VMs are destroyed the services will not be
discontinued.
Persistent Network Considerations
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
@@ -6964,7 +6942,7 @@ Persistent Network Considerations
non-persistent.
Creating a Persistent Guest Network
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To create a persistent network, perform the following:
@@ -6973,7 +6951,7 @@ To create a persistent network, perform the following:
Create a network offering with the Persistent option enabled.
See `Section 9.4.1, “Creating a New Network
- Offering” <#creating-network-offerings>`__.
+ Offering” <#creating-network-offerings>`_.
#.
@@ -6995,4 +6973,82 @@ To create a persistent network, perform the following:
#.
- Click OK.
\ No newline at end of file
+ Click OK.
+
+.. |guest-traffic-setup.png| image:: _static/images/guest-traffic-setup.png
+ :alt: Depicts a guest traffic setup
+.. |networksinglepod.png| image:: _static/images/network-singlepod.png
+ :alt: diagram showing logical view of network in a pod.
+.. |networksetupzone.png| image:: _static/images/network-setup-zone.png
+ :alt: Depicts network setup in a single zone.
+.. |addguestnetwork.png| image:: _static/images/add-guest-network.png
+ :alt: Add Guest network setup in a single zone.
+.. |remove-nic.png| image:: _static/images/remove-nic.png
+ :alt: button to remove a NIC.
+.. |set-default-nic.png| image:: _static/images/set-default-nic.png
+ :alt: button to set a NIC as default one.
+.. |addAccount-icon.png| image:: _static/images/addAccount-icon.png
+ :alt: button to assign an IP range to an account.
+.. |eip-ns-basiczone.png| image:: _static/images/eip-ns-basiczone.png
+ :alt: Elastic IP in a NetScaler-enabled Basic Zone.
+.. |add-ip-range.png| image:: _static/images/add-ip-range.png
+ :alt: adding an IP range to a network.
+.. |httpaccess.png| image:: _static/images/http-access.png
+ :alt: allows inbound HTTP access from anywhere.
+.. |autoscaleateconfig.png| image:: _static/images/autoscale-config.png
+ :alt: Configuring AutoScale.
+.. |EnableDisable.png| image:: _static/images/enable-disable-autoscale.png
+ :alt: button to enable or disable AutoScale.
+.. |gslb.png| image:: _static/images/gslb.png
+ :alt: GSLB architecture
+.. |gslb-add.png| image:: _static/images/add-gslb.png
+ :alt: adding a gslb rule.
+.. |ReleaseIPButton.png| image:: _static/images/release-ip-icon.png
+ :alt: button to release an IP
+.. |enabledisablenat.png| image:: _static/images/enable-disable.png
+ :alt: button to enable/disable NAT.
+.. |egress-firewall-rule.png| image:: _static/images/egress-firewall-rule.png
+ :alt: adding an egress firewall rule.
+.. |vpn-icon.png| image:: _static/images/vpn-icon.png
+ :alt: button to enable VPN.
+.. |addvpncustomergateway.png| image:: _static/images/add-vpn-customer-gateway.png
+ :alt: adding a customer gateway.
+.. |delete.png| image:: _static/images/delete-button.png
+ :alt: button to remove a VPN customer gateway.
+.. |createvpnconnection.png| image:: _static/images/create-vpn-connection.png
+ :alt: creating a VPN connection to the customer gateway.
+.. |remove-vpn.png| image:: _static/images/remove-vpn.png
+ :alt: button to remove a VPN connection
+.. |reset-vpn.png| image:: _static/images/reset-vpn.png
+ :alt: button to reset a VPN connection
+.. |mutltier.png| image:: _static/images/multi-tier-app.png
+ :alt: a multi-tier setup.
+.. |add-vpc.png| image:: _static/images/add-vpc.png
+ :alt: adding a vpc.
+.. |add-tier.png| image:: _static/images/add-tier.png
+ :alt: adding a tier to a vpc.
+.. |replace-acl-icon.png| image:: _static/images/replace-acl-icon.png
+ :alt: button to replace an ACL list
+.. |add-new-gateway-vpc.png| image:: _static/images/add-new-gateway-vpc.png
+ :alt: adding a private gateway for the VPC.
+.. |add-vm-vpc.png| image:: _static/images/add-vm-vpc.png
+ :alt: adding a VM to a vpc.
+.. |addvm-tier-sharednw.png| image:: _static/images/addvm-tier-sharednw.png
+ :alt: adding a VM to a VPC tier and shared network.
+.. |release-ip-icon.png| image:: _static/images/release-ip-icon.png
+ :alt: button to release an IP.
+.. |enable-disable.png| image:: _static/images/enable-disable.png
+ :alt: button to enable Static NAT.
+.. |select-vmstatic-nat.png| image:: _static/images/select-vm-staticnat-vpc.png
+ :alt: selecting a tier to apply staticNAT.
+.. |vpc-lb.png| image:: _static/images/vpc-lb.png
+ :alt: Configuring internal LB for VPC
+.. |del-tier.png| image:: _static/images/del-tier.png
+ :alt: button to remove a tier
+.. |remove-vpc.png| image:: _static/images/remove-vpc.png
+ :alt: button to remove a VPC
+.. |edit-icon.png| image:: _static/images/edit-icon.png
+ :alt: button to edit.
+.. |restart-vpc.png| image:: _static/images/restart-vpc.png
+ :alt: button to restart a VPC
+