You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bf...@apache.org on 2013/07/09 22:46:07 UTC
[25/50] [abbrv] git commit: updated refs/heads/ui-ucs to 9334dab
CLOUDSTACK-2806
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/03c8f74e
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/03c8f74e
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/03c8f74e
Branch: refs/heads/ui-ucs
Commit: 03c8f74e982f0e90b05a23088b3f03630fc19b2b
Parents: 24e9797
Author: radhikap <ra...@citrix.com>
Authored: Mon Jul 8 16:55:56 2013 +0530
Committer: radhikap <ra...@citrix.com>
Committed: Mon Jul 8 16:56:27 2013 +0530
----------------------------------------------------------------------
docs/en-US/add-gateway-vpc.xml | 9 +-
docs/en-US/configure-acl.xml | 308 +++++++++++++++++-----------
docs/en-US/images/replace-acl-icon.png | Bin 0 -> 930 bytes
docs/en-US/images/replace-acl-list.png | Bin 0 -> 7706 bytes
4 files changed, 198 insertions(+), 119 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/03c8f74e/docs/en-US/add-gateway-vpc.xml
----------------------------------------------------------------------
diff --git a/docs/en-US/add-gateway-vpc.xml b/docs/en-US/add-gateway-vpc.xml
index 9a270f9..486cf84 100644
--- a/docs/en-US/add-gateway-vpc.xml
+++ b/docs/en-US/add-gateway-vpc.xml
@@ -144,10 +144,11 @@
<section id="acl-private-gateway">
<title>ACL on Private Gateway</title>
<para>The traffic on the VPC private gateway is controlled by creating both ingress and egress
- network ACL rules. The ACLs contains both allow and deny rules. As per the rule, all the
- ingress traffic to the private gateway interface and all the egress traffic out from the
- private gateway interface are blocked. You can change this default behaviour while creating a
- private gateway.</para>
+ network ACL rules. The ACLs contains both allow and deny rules. In addition to the default ACL
+ rules, rules you might have created are also listed in the ACL drop-down list. As per the
+ rule, all the ingress traffic to the private gateway interface and all the egress traffic out
+ from the private gateway interface are blocked. You can change this default behaviour while
+ creating a private gateway.</para>
</section>
<section id="static-route">
<title>Creating a Static Route</title>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/03c8f74e/docs/en-US/configure-acl.xml
----------------------------------------------------------------------
diff --git a/docs/en-US/configure-acl.xml b/docs/en-US/configure-acl.xml
index e7459e6..1def9ea 100644
--- a/docs/en-US/configure-acl.xml
+++ b/docs/en-US/configure-acl.xml
@@ -25,119 +25,197 @@
default, all incoming and outgoing traffic to the guest networks is blocked. To open the ports,
you must create a new network ACL. The network ACLs can be created for the tiers only if the
NetworkACL service is supported.</para>
- <orderedlist>
- <listitem>
- <para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
- </listitem>
- <listitem>
- <para>In the left navigation, choose Network.</para>
- </listitem>
- <listitem>
- <para>In the Select view, select VPC.</para>
- <para>All the VPCs that you have created for the account is listed in the page.</para>
- </listitem>
- <listitem>
- <para>Click the Configure button of the VPC, for which you want to configure load balancing
- rules.</para>
- <para>For each tier, the following options are displayed:</para>
- <itemizedlist>
- <listitem>
- <para>Internal LB</para>
- </listitem>
- <listitem>
- <para>Public LB IP</para>
- </listitem>
- <listitem>
- <para>Static NAT</para>
- </listitem>
- <listitem>
- <para>Virtual Machines</para>
- </listitem>
- <listitem>
- <para>CIDR</para>
- </listitem>
- </itemizedlist>
- <para>The following router information is displayed:</para>
- <itemizedlist>
- <listitem>
- <para>Private Gateways</para>
- </listitem>
- <listitem>
- <para>Public IP Addresses</para>
- </listitem>
- <listitem>
- <para>Site-to-Site VPNs</para>
- </listitem>
- <listitem>
- <para>Network ACL Lists</para>
- </listitem>
- </itemizedlist>
- </listitem>
- <listitem>
- <para>Select Network ACL Lists.</para>
- <para>The following default rules are displayed in the Network ACLs page: default_allow,
- default_deny.</para>
- </listitem>
- <listitem>
- <para>Click Add ACL Lists, and specify the following:</para>
- <itemizedlist>
- <listitem>
- <para><emphasis role="bold">ACL List Name</emphasis>: A name for the ACL list.</para>
- </listitem>
- <listitem>
- <para><emphasis role="bold">Description</emphasis>: A short description of the ACL list
- that can be displayed to users.</para>
- </listitem>
- </itemizedlist>
- </listitem>
- <listitem>
- <para>Select the ACL list.</para>
- </listitem>
- <listitem>
- <para>Select the ACL List Rules tab.</para>
- <para>To add an ACL rule, fill in the following fields to specify what kind of network traffic
- is allowed in the VPC. </para>
- <itemizedlist>
- <listitem>
- <para><emphasis role="bold">CIDR</emphasis>: The CIDR acts as the Source CIDR for the
- Ingress rules, and Destination CIDR for the Egress rules. To accept traffic only from or
- to the IP addresses within a particular address block, enter a CIDR or a comma-separated
- list of CIDRs. The CIDR is the base IP address of the incoming traffic. For example,
- 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0.</para>
- </listitem>
- <listitem>
- <para><emphasis role="bold">Protocol</emphasis>: The networking protocol that sources use
- to send traffic to the tier. The TCP and UDP protocols are typically used for data
- exchange and end-user communications. The ICMP protocol is typically used to send error
- messages or network monitoring data. All supports all the traffic. Other option is
- Protocol Number.</para>
- </listitem>
- <listitem>
- <para><emphasis role="bold">Start Port</emphasis>, <emphasis role="bold">End
- Port</emphasis> (TCP, UDP only): A range of listening ports that are the destination
- for the incoming traffic. If you are opening a single port, use the same number in both
- fields.</para>
- </listitem>
- <listitem>
- <para><emphasis role="bold">Protocol Number</emphasis>: The protocol number associated
- with IPv4 or IPv6. For more information, see <ulink
- url="http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml">Protocol
- Numbers</ulink>.</para>
- </listitem>
- <listitem>
- <para><emphasis role="bold">ICMP Type</emphasis>, <emphasis role="bold">ICMP
- Code</emphasis> (ICMP only): The type of message and error code that will be
- sent.</para>
- </listitem>
- <listitem>
- <para><emphasis role="bold">Action</emphasis>: What action to be taken. </para>
- </listitem>
- </itemizedlist>
- </listitem>
- <listitem>
- <para>Click Add. The ACL rule is added.</para>
- <para>You can edit the tags assigned to the ACL rules and delete the ACL rules you have
- created. Click the appropriate button in the Details tab.</para>
- </listitem>
- </orderedlist>
+ <section id="acl-list">
+ <title>Creating ACL Lists</title>
+ <orderedlist>
+ <listitem>
+ <para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
+ </listitem>
+ <listitem>
+ <para>In the left navigation, choose Network.</para>
+ </listitem>
+ <listitem>
+ <para>In the Select view, select VPC.</para>
+ <para>All the VPCs that you have created for the account is listed in the page.</para>
+ </listitem>
+ <listitem>
+ <para>Click the Configure button of the VPC.</para>
+ <para>For each tier, the following options are displayed:</para>
+ <itemizedlist>
+ <listitem>
+ <para>Internal LB</para>
+ </listitem>
+ <listitem>
+ <para>Public LB IP</para>
+ </listitem>
+ <listitem>
+ <para>Static NAT</para>
+ </listitem>
+ <listitem>
+ <para>Virtual Machines</para>
+ </listitem>
+ <listitem>
+ <para>CIDR</para>
+ </listitem>
+ </itemizedlist>
+ <para>The following router information is displayed:</para>
+ <itemizedlist>
+ <listitem>
+ <para>Private Gateways</para>
+ </listitem>
+ <listitem>
+ <para>Public IP Addresses</para>
+ </listitem>
+ <listitem>
+ <para>Site-to-Site VPNs</para>
+ </listitem>
+ <listitem>
+ <para>Network ACL Lists</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ <listitem>
+ <para>Select Network ACL Lists.</para>
+ <para>The following default rules are displayed in the Network ACLs page: default_allow,
+ default_deny.</para>
+ </listitem>
+ <listitem>
+ <para>Click Add ACL Lists, and specify the following:</para>
+ <itemizedlist>
+ <listitem>
+ <para><emphasis role="bold">ACL List Name</emphasis>: A name for the ACL list.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Description</emphasis>: A short description of the ACL list
+ that can be displayed to users.</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </orderedlist>
+ </section>
+ <section id="add-acl-rule">
+ <title>Creating an ACL Rule</title>
+ <orderedlist>
+ <listitem>
+ <para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
+ </listitem>
+ <listitem>
+ <para>In the left navigation, choose Network.</para>
+ </listitem>
+ <listitem>
+ <para>In the Select view, select VPC.</para>
+ <para>All the VPCs that you have created for the account is listed in the page.</para>
+ </listitem>
+ <listitem>
+ <para>Click the Configure button of the VPC.</para>
+ </listitem>
+ <listitem>
+ <para>Select Network ACL Lists.</para>
+ <para>In addition to the custom ACL lists you have created, the following default rules are
+ displayed in the Network ACLs page: default_allow, default_deny.</para>
+ </listitem>
+ <listitem>
+ <para>Select the desired ACL list.</para>
+ </listitem>
+ <listitem>
+ <para>Select the ACL List Rules tab.</para>
+ <para>To add an ACL rule, fill in the following fields to specify what kind of network
+ traffic is allowed in the VPC. </para>
+ <itemizedlist>
+ <listitem>
+ <para><emphasis role="bold">CIDR</emphasis>: The CIDR acts as the Source CIDR for the
+ Ingress rules, and Destination CIDR for the Egress rules. To accept traffic only from
+ or to the IP addresses within a particular address block, enter a CIDR or a
+ comma-separated list of CIDRs. The CIDR is the base IP address of the incoming
+ traffic. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Protocol</emphasis>: The networking protocol that sources
+ use to send traffic to the tier. The TCP and UDP protocols are typically used for data
+ exchange and end-user communications. The ICMP protocol is typically used to send
+ error messages or network monitoring data. All supports all the traffic. Other option
+ is Protocol Number.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Start Port</emphasis>, <emphasis role="bold">End
+ Port</emphasis> (TCP, UDP only): A range of listening ports that are the destination
+ for the incoming traffic. If you are opening a single port, use the same number in
+ both fields.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Protocol Number</emphasis>: The protocol number associated
+ with IPv4 or IPv6. For more information, see <ulink
+ url="http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml">Protocol
+ Numbers</ulink>.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">ICMP Type</emphasis>, <emphasis role="bold">ICMP
+ Code</emphasis> (ICMP only): The type of message and error code that will be
+ sent.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Action</emphasis>: What action to be taken. </para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ <listitem>
+ <para>Click Add. The ACL rule is added.</para>
+ <para>You can edit the tags assigned to the ACL rules and delete the ACL rules you have
+ created. Click the appropriate button in the Details tab.</para>
+ </listitem>
+ </orderedlist>
+ </section>
+ <section id="create-acl-tier">
+ <title>Assigning a Custom ACL List to a Tier</title>
+ <orderedlist>
+ <listitem>
+ <para>Create a VPC.</para>
+ </listitem>
+ <listitem>
+ <para>Create a custom ACL list.</para>
+ </listitem>
+ <listitem>
+ <para>Add ACL rules to the ACL list.</para>
+ </listitem>
+ <listitem>
+ <para>Create a tier in the VPC.</para>
+ <para>Select the desired ACL list while creating a tier.</para>
+ </listitem>
+ <listitem><para>Click OK.</para></listitem>
+ </orderedlist>
+ </section>
+ <section id="assign-acl-tier">
+ <title>Assigning a Custom ACL List to a Tier</title>
+ <orderedlist>
+ <listitem>
+ <para>Create a VPC.</para>
+ </listitem>
+ <listitem>
+ <para>Create a tier in the VPC.</para>
+ </listitem>
+ <listitem>
+ <para>Associate the tier with the default ACL rule.</para>
+ </listitem>
+ <listitem>
+ <para>Create a custom ACL list.</para>
+ </listitem>
+ <listitem>
+ <para>Add ACL rules to the ACL list.</para>
+ </listitem>
+ <listitem>
+ <para>Select the tier for which you want to assign the custom ACL.</para>
+ </listitem>
+ <listitem><para>Click the Replace ACL List icon.<inlinemediaobject>
+ <imageobject>
+ <imagedata fileref="./images/replace-acl-icon.png"/>
+ </imageobject>
+ <textobject>
+ <phrase>replace-acl-icon.png: button to replace an ACL list</phrase>
+ </textobject>
+ </inlinemediaobject></para>
+ <para>The Replace ACL List dialog is displayed.</para></listitem>
+ <listitem><para>Select the desired ACL list.</para></listitem>
+ <listitem><para>Click OK.</para></listitem>
+ </orderedlist>
+ </section>
</section>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/03c8f74e/docs/en-US/images/replace-acl-icon.png
----------------------------------------------------------------------
diff --git a/docs/en-US/images/replace-acl-icon.png b/docs/en-US/images/replace-acl-icon.png
new file mode 100644
index 0000000..6a15d45
Binary files /dev/null and b/docs/en-US/images/replace-acl-icon.png differ
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/03c8f74e/docs/en-US/images/replace-acl-list.png
----------------------------------------------------------------------
diff --git a/docs/en-US/images/replace-acl-list.png b/docs/en-US/images/replace-acl-list.png
new file mode 100644
index 0000000..3375017
Binary files /dev/null and b/docs/en-US/images/replace-acl-list.png differ