You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ke...@apache.org on 2014/01/28 03:23:23 UTC
[02/11] networking2.rst
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/4bbce96f/source/templates.rst
----------------------------------------------------------------------
diff --git a/source/templates.rst b/source/templates.rst
new file mode 100644
index 0000000..3a1c8ec
--- /dev/null
+++ b/source/templates.rst
@@ -0,0 +1,1306 @@
+Working with Templates
+======================
+
+A template is a reusable configuration for virtual machines. When users
+launch VMs, they can choose from a list of templates in CloudStack.
+
+Specifically, a template is a virtual disk image that includes one of a
+variety of operating systems, optional additional software such as
+office applications, and settings such as access control to determine
+who can use the template. Each template is associated with a particular
+type of hypervisor, which is specified when the template is added to
+CloudStack.
+
+CloudStack ships with a default template. In order to present more
+choices to users, CloudStack administrators and users can create
+templates and add them to CloudStack.
+
+Creating Templates: Overview
+----------------------------------
+
+CloudStack ships with a default template for the CentOS operating
+system. There are a variety of ways to add more templates.
+Administrators and end users can add templates. The typical sequence of
+events is:
+
+#.
+
+ Launch a VM instance that has the operating system you want. Make any
+ other desired configuration changes to the VM.
+
+#.
+
+ Stop the VM.
+
+#.
+
+ Convert the volume into a template.
+
+There are other ways to add templates to CloudStack. For example, you
+can take a snapshot of the VM's volume and create a template from the
+snapshot, or import a VHD from another system into CloudStack.
+
+The various techniques for creating templates are described in the next
+few sections.
+
+Requirements for Templates
+--------------------------------
+
+-
+
+ For XenServer, install PV drivers / Xen tools on each template that
+ you create. This will enable live migration and clean guest shutdown.
+
+-
+
+ For vSphere, install VMware Tools on each template that you create.
+ This will enable console view to work properly.
+
+Best Practices for Templates
+----------------------------------
+
+If you plan to use large templates (100 GB or larger), be sure you have
+a 10-gigabit network to support the large templates. A slower network
+can lead to timeouts and other errors when large templates are used.
+
+The Default Template
+--------------------------
+
+CloudStack includes a CentOS template. This template is downloaded by
+the Secondary Storage VM after the primary and secondary storage are
+configured. You can use this template in your production deployment or
+you can delete it and use custom templates.
+
+The root password for the default template is "password".
+
+A default template is provided for each of XenServer, KVM, and vSphere.
+The templates that are downloaded depend on the hypervisor type that is
+available in your cloud. Each template is approximately 2.5 GB physical
+size.
+
+The default template includes the standard iptables rules, which will
+block most access to the template excluding ssh.
+
+.. code:: bash
+
+ # iptables --list
+ Chain INPUT (policy ACCEPT)
+ target prot opt source destination
+ RH-Firewall-1-INPUT all -- anywhere anywhere
+
+ Chain FORWARD (policy ACCEPT)
+ target prot opt source destination
+ RH-Firewall-1-INPUT all -- anywhere anywhere
+
+ Chain OUTPUT (policy ACCEPT)
+ target prot opt source destination
+
+ Chain RH-Firewall-1-INPUT (2 references)
+ target prot opt source destination
+ ACCEPT all -- anywhere anywhere
+ ACCEPT icmp -- anywhere anywhere icmp any
+ ACCEPT esp -- anywhere anywhere
+ ACCEPT ah -- anywhere anywhere
+ ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
+ ACCEPT udp -- anywhere anywhere udp dpt:ipp
+ ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
+ ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
+ ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
+ REJECT all -- anywhere anywhere reject-with icmp-host-
+
+Private and Public Templates
+----------------------------------
+
+When a user creates a template, it can be designated private or public.
+
+Private templates are only available to the user who created them. By
+default, an uploaded template is private.
+
+When a user marks a template as “public,” the template becomes available
+to all users in all accounts in the user's domain, as well as users in
+any other domains that have access to the Zone where the template is
+stored. This depends on whether the Zone, in turn, was defined as
+private or public. A private Zone is assigned to a single domain, and a
+public Zone is accessible to any domain. If a public template is created
+in a private Zone, it is available only to users in the domain assigned
+to that Zone. If a public template is created in a public Zone, it is
+available to all users in all domains.
+
+Creating a Template from an Existing Virtual Machine
+----------------------------------------------------------
+
+Once you have at least one VM set up in the way you want, you can use it
+as the prototype for other VMs.
+
+#.
+
+ Create and start a virtual machine using any of the techniques given
+ in `Section 10.4, “Creating VMs” <#creating-vms>`__.
+
+#.
+
+ Make any desired configuration changes on the running VM, then click
+ Stop.
+
+#.
+
+ Wait for the VM to stop. When the status shows Stopped, go to the
+ next step.
+
+#.
+
+ Click Create Template and provide the following:
+
+ -
+
+ **Name and Display Text**. These will be shown in the UI, so
+ choose something descriptive.
+
+ -
+
+ **OS Type**. This helps CloudStack and the hypervisor perform
+ certain operations and make assumptions that improve the
+ performance of the guest. Select one of the following.
+
+ -
+
+ If the operating system of the stopped VM is listed, choose it.
+
+ -
+
+ If the OS type of the stopped VM is not listed, choose Other.
+
+ -
+
+ If you want to boot from this template in PV mode, choose Other
+ PV (32-bit) or Other PV (64-bit). This choice is available only
+ for XenServere:
+
+ .. note:: Generally you should not choose an older version of the
+ OS than the version in the image. For example, choosing CentOS
+ 5.4 to support a CentOS 6.2 image will in general not work. In
+ those cases you should choose Other.
+
+ -
+
+ **Public**. Choose Yes to make this template accessible to all
+ users of this CloudStack installation. The template will appear in
+ the Community Templates list. See `Section 12.5, “Private and
+ Public Templates” <#private-public-template>`__.
+
+ -
+
+ **Password Enabled**. Choose Yes if your template has the
+ CloudStack password change script installed. See `Section 12.14,
+ “Adding Password Management to Your
+ Templates” <#add-password-management-to-templates>`__.
+
+#.
+
+ Click Add.
+
+The new template will be visible in the Templates section when the
+template creation process has been completed. The template is then
+available when creating a new VM.
+
+Creating a Template from a Snapshot
+-----------------------------------------
+
+If you do not want to stop the VM in order to use the Create Template
+menu item (as described in `Section 12.6, “Creating a Template from an
+Existing Virtual Machine” <#create-template-from-existing-vm>`__), you
+can create a template directly from any snapshot through the CloudStack
+UI.
+
+Uploading Templates
+-------------------------
+
+vSphere Templates and ISOs
+--------------------------
+
+If you are uploading a template that was created using vSphere Client,
+be sure the OVA file does not contain an ISO. If it does, the deployment
+of VMs from the template will fail.
+
+Templates are uploaded based on a URL. HTTP is the supported access
+protocol. Templates are frequently large files. You can optionally gzip
+them to decrease upload times.
+
+To upload a template:
+
+#.
+
+ In the left navigation bar, click Templates.
+
+#.
+
+ Click Register Template.
+
+#.
+
+ Provide the following:
+
+ -
+
+ **Name and Description**. These will be shown in the UI, so choose
+ something descriptive.
+
+ -
+
+ **URL**. The Management Server will download the file from the
+ specified URL, such as http://my.web.server/filename.vhd.gz.
+
+ -
+
+ **Zone**. Choose the zone where you want the template to be
+ available, or All Zones to make it available throughout
+ CloudStack.
+
+ -
+
+ **OS Type**: This helps CloudStack and the hypervisor perform
+ certain operations and make assumptions that improve the
+ performance of the guest. Select one of the following:
+
+ -
+
+ If the operating system of the stopped VM is listed, choose it.
+
+ -
+
+ If the OS type of the stopped VM is not listed, choose Other.
+
+ .. note:: You should not choose an older version of the OS than the
+ version in the image. For example, choosing CentOS 5.4 to
+ support a CentOS 6.2 image will in general not work. In those
+ cases you should choose Other.
+
+ -
+
+ **Hypervisor**: The supported hypervisors are listed. Select the
+ desired one.
+
+ -
+
+ **Format**. The format of the template upload file, such as VHD or
+ OVA.
+
+ -
+
+ **Password Enabled**. Choose Yes if your template has the
+ CloudStack password change script installed. See Adding Password
+ Management to Your Templates
+
+ -
+
+ **Extractable**. Choose Yes if the template is available for
+ extraction. If this option is selected, end users can download a
+ full image of a template.
+
+ -
+
+ **Public**. Choose Yes to make this template accessible to all
+ users of this CloudStack installation. The template will appear in
+ the Community Templates list. See `Section 12.5, “Private and
+ Public Templates” <#private-public-template>`__.
+
+ -
+
+ **Featured**. Choose Yes if you would like this template to be
+ more prominent for users to select. The template will appear in
+ the Featured Templates list. Only an administrator can make a
+ template Featured.
+
+Exporting Templates
+-------------------------
+
+End users and Administrators may export templates from the CloudStack.
+Navigate to the template in the UI and choose the Download function from
+the Actions menu.
+
+Creating a Linux Template
+--------------------------------
+
+Linux templates should be prepared using this documentation in order to
+prepare your linux VMs for template deployment. For ease of
+documentation, the VM which you are configuring the template on will be
+referred to as "Template Master". This guide currently covers legacy
+setups which do not take advantage of UserData and cloud-init and
+assumes openssh-server is installed during installation.
+
+An overview of the procedure is as follow:
+
+#.
+
+ Upload your Linux ISO.
+
+ For more information, see `Section 10.15.1, “Adding an
+ ISO” <#add-iso>`__.
+
+#.
+
+ Create a VM Instance with this ISO.
+
+ For more information, see `Section 10.4, “Creating
+ VMs” <#creating-vms>`__.
+
+#.
+
+ Prepare the Linux VM
+
+#.
+
+ Create a template from the VM.
+
+ For more information, see `Section 12.6, “Creating a Template from an
+ Existing Virtual Machine” <#create-template-from-existing-vm>`__.
+
+System preparation for Linux
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The following steps will prepare a basic Linux installation for
+templating.
+
+#.
+
+ **Installation**
+
+ It is good practice to name your VM something generic during
+ installation, this will ensure components such as LVM do not appear
+ unique to a machine. It is recommended that the name of "localhost"
+ is used for installation.
+
+ .. warning:: For CentOS, it is necessary to take unique identification out of the
+ interface configuration file, for this edit
+ /etc/sysconfig/network-scripts/ifcfg-eth0 and change the content to
+ the following.
+
+ .. code:: bash
+
+ DEVICE=eth0
+ TYPE=Ethernet
+ BOOTPROTO=dhcp
+ ONBOOT=yes
+
+ The next steps updates the packages on the Template Master.
+
+ -
+
+ Ubuntu
+
+ .. code:: bash
+
+ sudo -i
+ apt-get update
+ apt-get upgrade -y
+ apt-get install -y acpid ntp
+ reboot
+
+ -
+
+ CentOS
+
+ .. code:: bash
+
+ ifup eth0
+ yum update -y
+ reboot
+
+#.
+
+ **Password management**
+
+ .. note:: If preferred, custom users (such as ones created during the Ubuntu
+ installation) should be removed. First ensure the root user account
+ is enabled by giving it a password and then login as root to
+ continue.
+
+ .. code:: bash
+
+ sudo passwd root
+ logout
+
+ As root, remove any custom user accounts created during the
+ installation process.
+
+ .. code:: bash
+
+ deluser myuser --remove-home
+
+ See `Section 12.14, “Adding Password Management to Your
+ Templates” <#add-password-management-to-templates>`__ for
+ instructions to setup the password management script, this will allow
+ CloudStack to change your root password from the web interface.
+
+#.
+
+ **Hostname Management**
+
+ CentOS configures the hostname by default on boot. Unfortunately
+ Ubuntu does not have this functionality, for Ubuntu installations use
+ the following steps.
+
+ -
+
+ Ubuntu
+
+ The hostname of a Templated VM is set by a custom script in
+ /etc/dhcp/dhclient-exit-hooks.d, this script first checks if the
+ current hostname is localhost, if true, it will get the host-name,
+ domain-name and fixed-ip from the DHCP lease file and use those
+ values to set the hostname and append the /etc/hosts file for
+ local hostname resolution. Once this script, or a user has changed
+ the hostname from localhost, it will no longer adjust system files
+ regardless of it's new hostname. The script also recreates
+ openssh-server keys, which should have been deleted before
+ templating (shown below). Save the following script to
+ /etc/dhcp/dhclient-exit-hooks.d/sethostname, and adjust the
+ permissions.
+
+ .. code:: bash
+
+ #!/bin/sh
+ # dhclient change hostname script for Ubuntu
+ oldhostname=$(hostname -s)
+ if [ $oldhostname = 'localhost' ]
+ then
+ sleep 10 # Wait for configuration to be written to disk
+ hostname=$(cat /var/lib/dhcp/dhclient.eth0.leases | awk ' /host-name/ { host = $3 } END { printf host } ' | sed 's/[";]//g' )
+ fqdn="$hostname.$(cat /var/lib/dhcp/dhclient.eth0.leases | awk ' /domain-name/ { domain = $3 } END { printf domain } ' | sed 's/[";]//g')"
+ ip=$(cat /var/lib/dhcp/dhclient.eth0.leases | awk ' /fixed-address/ { lease = $2 } END { printf lease } ' | sed 's/[";]//g')
+ echo "cloudstack-hostname: Hostname _localhost_ detected. Changing hostname and adding hosts."
+ echo " Hostname: $hostname \n FQDN: $fqdn \n IP: $ip"
+ # Update /etc/hosts
+ awk -v i="$ip" -v f="$fqdn" -v h="$hostname" "/^127/{x=1} !/^127/ && x { x=0; print i,f,h; } { print $0; }" /etc/hosts > /etc/hosts.dhcp.tmp
+ mv /etc/hosts /etc/hosts.dhcp.bak
+ mv /etc/hosts.dhcp.tmp /etc/hosts
+ # Rename Host
+ echo $hostname > /etc/hostname
+ hostname $hostname
+ # Recreate SSH2
+ dpkg-reconfig openssh-server
+ fi
+ ### End of Script ###
+
+ chmod 774 /etc/dhcp/dhclient-exit-hooks.d/sethostname
+
+ .. warning:: The following steps should be run when you are ready to template your
+ Template Master. If the Template Master is rebooted during these
+ steps you will have to run all the steps again. At the end of this
+ process the Template Master should be shutdown and the template
+ created in order to create and deploy the final template.
+
+#.
+
+ **Remove the udev persistent device rules**
+
+ This step removes information unique to your Template Master such as
+ network MAC addresses, lease files and CD block devices, the files
+ are automatically generated on next boot.
+
+ -
+
+ Ubuntu
+
+ .. code:: bash
+
+ rm -f /etc/udev/rules.d/70*
+ rm -f /var/lib/dhcp/dhclient.*
+
+ -
+
+ CentOS
+
+ .. code:: bash
+
+ rm -f /etc/udev/rules.d/70*
+ rm -f /var/lib/dhclient/*
+
+#.
+
+ **Remove SSH Keys**
+
+ This step is to ensure all your Templated VMs do not have the same
+ SSH keys, which would decrease the security of the machines
+ dramatically.
+
+ .. code:: bash
+
+ rm -f /etc/ssh/*key*
+
+#.
+
+ **Cleaning log files**
+
+ It is good practice to remove old logs from the Template Master.
+
+ .. code:: bash
+
+ cat /dev/null > /var/log/audit/audit.log 2>/dev/null
+ cat /dev/null > /var/log/wtmp 2>/dev/null
+ logrotate -f /etc/logrotate.conf 2>/dev/null
+ rm -f /var/log/*-* /var/log/*.gz 2>/dev/null
+
+#.
+
+ **Setting hostname**
+
+ In order for the Ubuntu DHCP script to function and the CentOS
+ dhclient to set the VM hostname they both require the Template
+ Master's hostname to be "localhost", run the following commands to
+ change the hostname.
+
+ .. code:: bash
+
+ hostname localhost
+ echo "localhost" > /etc/hostname
+
+#.
+
+ **Set user password to expire**
+
+ This step forces the user to change the password of the VM after the
+ template has been deployed.
+
+ .. code:: bash
+
+ passwd --expire root
+
+#.
+
+ **Clearing User History**
+
+ The next step clears the bash commands you have just run.
+
+ .. code:: bash
+
+ history -c
+ unset HISTFILE
+
+#.
+
+ **Shutdown the VM**
+
+ Your now ready to shutdown your Template Master and create a
+ template!
+
+ .. code:: bash
+
+ halt -p
+
+#.
+
+ **Create the template!**
+
+ You are now ready to create the template, for more information see
+ `Section 12.6, “Creating a Template from an Existing Virtual
+ Machine” <#create-template-from-existing-vm>`__.
+
+.. note:: Templated VMs for both Ubuntu and CentOS may require a reboot after
+provisioning in order to pickup the hostname.
+
+Creating a Windows Template
+----------------------------------
+
+Windows templates must be prepared with Sysprep before they can be
+provisioned on multiple machines. Sysprep allows you to create a generic
+Windows template and avoid any possible SID conflicts.
+
+.. note:: (XenServer) Windows VMs running on XenServer require PV drivers, which
+may be provided in the template or added after the VM is created. The PV
+drivers are necessary for essential management functions such as
+mounting additional volumes and ISO images, live migration, and graceful
+shutdown.
+
+An overview of the procedure is as follows:
+
+#.
+
+ Upload your Windows ISO.
+
+ For more information, see `Section 10.15.1, “Adding an
+ ISO” <#add-iso>`__.
+
+#.
+
+ Create a VM Instance with this ISO.
+
+ For more information, see `Section 10.4, “Creating
+ VMs” <#creating-vms>`__.
+
+#.
+
+ Follow the steps in Sysprep for Windows Server 2008 R2 (below) or
+ Sysprep for Windows Server 2003 R2, depending on your version of
+ Windows Server
+
+#.
+
+ The preparation steps are complete. Now you can actually create the
+ template as described in Creating the Windows Template.
+
+System Preparation for Windows Server 2008 R2
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+For Windows 2008 R2, you run Windows System Image Manager to create a
+custom sysprep response XML file. Windows System Image Manager is
+installed as part of the Windows Automated Installation Kit (AIK).
+Windows AIK can be downloaded from `Microsoft Download
+Center <http://www.microsoft.com/en-us/download/details.aspx?id=9085>`__.
+
+Use the following steps to run sysprep for Windows 2008 R2:
+
+.. note:: The steps outlined here are derived from the excellent guide by Charity
+Shelbourne, originally published at `Windows Server 2008 Sysprep
+Mini-Setup. <http://blogs.technet.com/askcore/archive/2008/10/31/automating-the-oobe-process-during-windows-server-2008-sysprep-mini-setup.aspx>`__
+
+#.
+
+ Download and install the Windows AIK
+
+ .. note:: Windows AIK should not be installed on the Windows 2008 R2 VM you
+ just created. Windows AIK should not be part of the template you
+ create. It is only used to create the sysprep answer file.
+
+#.
+
+ Copy the install.wim file in the \\sources directory of the Windows
+ 2008 R2 installation DVD to the hard disk. This is a very large file
+ and may take a long time to copy. Windows AIK requires the WIM file
+ to be writable.
+
+#.
+
+ Start the Windows System Image Manager, which is part of the Windows
+ AIK.
+
+#.
+
+ In the Windows Image pane, right click the Select a Windows image or
+ catalog file option to load the install.wim file you just copied.
+
+#.
+
+ Select the Windows 2008 R2 Edition.
+
+ You may be prompted with a warning that the catalog file cannot be
+ opened. Click Yes to create a new catalog file.
+
+#.
+
+ In the Answer File pane, right click to create a new answer file.
+
+#.
+
+ Generate the answer file from the Windows System Image Manager using
+ the following steps:
+
+ #.
+
+ The first page you need to automate is the Language and Country or
+ Region Selection page. To automate this, expand Components in your
+ Windows Image pane, right-click and add the
+ Microsoft-Windows-International-Core setting to Pass 7 oobeSystem.
+ In your Answer File pane, configure the InputLocale, SystemLocale,
+ UILanguage, and UserLocale with the appropriate settings for your
+ language and country or region. Should you have a question about
+ any of these settings, you can right-click on the specific setting
+ and select Help. This will open the appropriate CHM help file with
+ more information, including examples on the setting you are
+ attempting to configure.
+
+ |sysmanager.png: System Image Manager|
+
+ #.
+
+ You need to automate the Software License Terms Selection page,
+ otherwise known as the End-User License Agreement (EULA). To do
+ this, expand the Microsoft-Windows-Shell-Setup component.
+ High-light the OOBE setting, and add the setting to the Pass 7
+ oobeSystem. In Settings, set HideEULAPage true.
+
+ |software-license.png: Depicts hiding the EULA page.|
+
+ #.
+
+ Make sure the license key is properly set. If you use MAK key, you
+ can just enter the MAK key on the Windows 2008 R2 VM. You need not
+ input the MAK into the Windows System Image Manager. If you use
+ KMS host for activation you need not enter the Product Key.
+ Details of Windows Volume Activation can be found at
+ `http://technet.microsoft.com/en-us/library/bb892849.aspx <http://technet.microsoft.com/en-us/library/bb892849.aspx>`__
+
+ #.
+
+ You need to automate is the Change Administrator Password page.
+ Expand the Microsoft-Windows-Shell-Setup component (if it is not
+ still expanded), expand UserAccounts, right-click on
+ AdministratorPassword, and add the setting to the Pass 7
+ oobeSystem configuration pass of your answer file. Under Settings,
+ specify a password next to Value.
+
+ |change-admin-password.png: Depicts changing the administrator
+ password|
+
+ You may read the AIK documentation and set many more options that
+ suit your deployment. The steps above are the minimum needed to
+ make Windows unattended setup work.
+
+#.
+
+ Save the answer file as unattend.xml. You can ignore the warning
+ messages that appear in the validation window.
+
+#.
+
+ Copy the unattend.xml file into the c:\\windows\\system32\\sysprep
+ directory of the Windows 2008 R2 Virtual Machine
+
+#.
+
+ Once you place the unattend.xml file in
+ c:\\windows\\system32\\sysprep directory, you run the sysprep tool as
+ follows:
+
+ .. code:: bash
+
+ cd c:\Windows\System32\sysprep
+ sysprep.exe /oobe /generalize /shutdown
+
+ The Windows 2008 R2 VM will automatically shut down after sysprep is
+ complete.
+
+System Preparation for Windows Server 2003 R2
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Earlier versions of Windows have a different sysprep tool. Follow these
+steps for Windows Server 2003 R2.
+
+#.
+
+ Extract the content of \\support\\tools\\deploy.cab on the Windows
+ installation CD into a directory called c:\\sysprep on the Windows
+ 2003 R2 VM.
+
+#.
+
+ Run c:\\sysprep\\setupmgr.exe to create the sysprep.inf file.
+
+ #.
+
+ Select Create New to create a new Answer File.
+
+ #.
+
+ Enter “Sysprep setup” for the Type of Setup.
+
+ #.
+
+ Select the appropriate OS version and edition.
+
+ #.
+
+ On the License Agreement screen, select “Yes fully automate the
+ installation”.
+
+ #.
+
+ Provide your name and organization.
+
+ #.
+
+ Leave display settings at default.
+
+ #.
+
+ Set the appropriate time zone.
+
+ #.
+
+ Provide your product key.
+
+ #.
+
+ Select an appropriate license mode for your deployment
+
+ #.
+
+ Select “Automatically generate computer name”.
+
+ #.
+
+ Type a default administrator password. If you enable the password
+ reset feature, the users will not actually use this password. This
+ password will be reset by the instance manager after the guest
+ boots up.
+
+ #.
+
+ Leave Network Components at “Typical Settings”.
+
+ #.
+
+ Select the “WORKGROUP” option.
+
+ #.
+
+ Leave Telephony options at default.
+
+ #.
+
+ Select appropriate Regional Settings.
+
+ #.
+
+ Select appropriate language settings.
+
+ #.
+
+ Do not install printers.
+
+ #.
+
+ Do not specify “Run Once commands”.
+
+ #.
+
+ You need not specify an identification string.
+
+ #.
+
+ Save the Answer File as c:\\sysprep\\sysprep.inf.
+
+#.
+
+ Run the following command to sysprep the image:
+
+ .. code:: bash
+
+ c:\sysprep\sysprep.exe -reseal -mini -activated
+
+ After this step the machine will automatically shut down
+
+Importing Amazon Machine Images
+--------------------------------------
+
+The following procedures describe how to import an Amazon Machine Image
+(AMI) into CloudStack when using the XenServer hypervisor.
+
+Assume you have an AMI file and this file is called CentOS\_6.2\_x64.
+Assume further that you are working on a CentOS host. If the AMI is a
+Fedora image, you need to be working on a Fedora host initially.
+
+You need to have a XenServer host with a file-based storage repository
+(either a local ext3 SR or an NFS SR) to convert to a VHD once the image
+file has been customized on the Centos/Fedora host.
+
+.. note:: When copying and pasting a command, be sure the command has pasted as a
+single line before executing. Some document viewers may introduce
+unwanted line breaks in copied text.
+
+To import an AMI:
+
+#.
+
+ Set up loopback on image file:
+
+ .. code:: bash
+
+ # mkdir -p /mnt/loop/centos62
+ # mount -o loop CentOS_6.2_x64 /mnt/loop/centos54
+
+#.
+
+ Install the kernel-xen package into the image. This downloads the PV
+ kernel and ramdisk to the image.
+
+ .. code:: bash
+
+ # yum -c /mnt/loop/centos54/etc/yum.conf --installroot=/mnt/loop/centos62/ -y install kernel-xen
+
+#.
+
+ Create a grub entry in /boot/grub/grub.conf.
+
+ .. code:: bash
+
+ # mkdir -p /mnt/loop/centos62/boot/grub
+ # touch /mnt/loop/centos62/boot/grub/grub.conf
+ # echo "" > /mnt/loop/centos62/boot/grub/grub.conf
+
+#.
+
+ Determine the name of the PV kernel that has been installed into the
+ image.
+
+ .. code:: bash
+
+ # cd /mnt/loop/centos62
+ # ls lib/modules/
+ 2.6.16.33-xenU 2.6.16-xenU 2.6.18-164.15.1.el5xen 2.6.18-164.6.1.el5.centos.plus 2.6.18-xenU-ec2-v1.0 2.6.21.7-2.fc8xen 2.6.31-302-ec2
+ # ls boot/initrd*
+ boot/initrd-2.6.18-164.6.1.el5.centos.plus.img boot/initrd-2.6.18-164.15.1.el5xen.img
+ # ls boot/vmlinuz*
+ boot/vmlinuz-2.6.18-164.15.1.el5xen boot/vmlinuz-2.6.18-164.6.1.el5.centos.plus boot/vmlinuz-2.6.18-xenU-ec2-v1.0 boot/vmlinuz-2.6.21-2952.fc8xen
+
+ Xen kernels/ramdisk always end with "xen". For the kernel version you
+ choose, there has to be an entry for that version under lib/modules,
+ there has to be an initrd and vmlinuz corresponding to that. Above,
+ the only kernel that satisfies this condition is
+ 2.6.18-164.15.1.el5xen.
+
+#.
+
+ Based on your findings, create an entry in the grub.conf file. Below
+ is an example entry.
+
+ .. code:: bash
+
+ default=0
+ timeout=5
+ hiddenmenu
+ title CentOS (2.6.18-164.15.1.el5xen)
+ root (hd0,0)
+ kernel /boot/vmlinuz-2.6.18-164.15.1.el5xen ro root=/dev/xvda
+ initrd /boot/initrd-2.6.18-164.15.1.el5xen.img
+
+#.
+
+ Edit etc/fstab, changing “sda1” to “xvda” and changing “sdb” to
+ “xvdb”.
+
+ .. code:: bash
+
+ # cat etc/fstab
+ /dev/xvda / ext3 defaults 1 1
+ /dev/xvdb /mnt ext3 defaults 0 0
+ none /dev/pts devpts gid=5,mode=620 0 0
+ none /proc proc defaults 0 0
+ none /sys sysfs defaults 0 0
+
+#.
+
+ Enable login via the console. The default console device in a
+ XenServer system is xvc0. Ensure that etc/inittab and etc/securetty
+ have the following lines respectively:
+
+ .. code:: bash
+
+ # grep xvc0 etc/inittab
+ co:2345:respawn:/sbin/agetty xvc0 9600 vt100-nav
+ # grep xvc0 etc/securetty
+ xvc0
+
+#.
+
+ Ensure the ramdisk supports PV disk and PV network. Customize this
+ for the kernel version you have determined above.
+
+ .. code:: bash
+
+ # chroot /mnt/loop/centos54
+ # cd /boot/
+ # mv initrd-2.6.18-164.15.1.el5xen.img initrd-2.6.18-164.15.1.el5xen.img.bak
+ # mkinitrd -f /boot/initrd-2.6.18-164.15.1.el5xen.img --with=xennet --preload=xenblk --omit-scsi-modules 2.6.18-164.15.1.el5xen
+
+#.
+
+ Change the password.
+
+ .. code:: bash
+
+ # passwd
+ Changing password for user root.
+ New UNIX password:
+ Retype new UNIX password:
+ passwd: all authentication tokens updated successfully.
+
+#.
+
+ Exit out of chroot.
+
+ .. code:: bash
+
+ # exit
+
+#.
+
+ Check etc/ssh/sshd\_config for lines allowing ssh login using a
+ password.
+
+ .. code:: bash
+
+ # egrep "PermitRootLogin|PasswordAuthentication" /mnt/loop/centos54/etc/ssh/sshd_config
+ PermitRootLogin yes
+ PasswordAuthentication yes
+
+#.
+
+ If you need the template to be enabled to reset passwords from the
+ CloudStack UI or API, install the password change script into the
+ image at this point. See `Section 12.14, “Adding Password Management
+ to Your Templates” <#add-password-management-to-templates>`__.
+
+#.
+
+ Unmount and delete loopback mount.
+
+ .. code:: bash
+
+ # umount /mnt/loop/centos54
+ # losetup -d /dev/loop0
+
+#.
+
+ Copy the image file to your XenServer host's file-based storage
+ repository. In the example below, the Xenserver is "xenhost". This
+ XenServer has an NFS repository whose uuid is
+ a9c5b8c8-536b-a193-a6dc-51af3e5ff799.
+
+ .. code:: bash
+
+ # scp CentOS_6.2_x64 xenhost:/var/run/sr-mount/a9c5b8c8-536b-a193-a6dc-51af3e5ff799/
+
+#.
+
+ Log in to the Xenserver and create a VDI the same size as the image.
+
+ .. code:: bash
+
+ [root@xenhost ~]# cd /var/run/sr-mount/a9c5b8c8-536b-a193-a6dc-51af3e5ff799
+ [root@xenhost a9c5b8c8-536b-a193-a6dc-51af3e5ff799]# ls -lh CentOS_6.2_x64
+ -rw-r--r-- 1 root root 10G Mar 16 16:49 CentOS_6.2_x64
+ [root@xenhost a9c5b8c8-536b-a193-a6dc-51af3e5ff799]# xe vdi-create virtual-size=10GiB sr-uuid=a9c5b8c8-536b-a193-a6dc-51af3e5ff799 type=user name-label="Centos 6.2 x86_64"
+ cad7317c-258b-4ef7-b207-cdf0283a7923
+
+#.
+
+ Import the image file into the VDI. This may take 10–20 minutes.
+
+ .. code:: bash
+
+ [root@xenhost a9c5b8c8-536b-a193-a6dc-51af3e5ff799]# xe vdi-import filename=CentOS_6.2_x64 uuid=cad7317c-258b-4ef7-b207-cdf0283a7923
+
+#.
+
+ Locate a the VHD file. This is the file with the VDI’s UUID as its
+ name. Compress it and upload it to your web server.
+
+ .. code:: bash
+
+ [root@xenhost a9c5b8c8-536b-a193-a6dc-51af3e5ff799]# bzip2 -c cad7317c-258b-4ef7-b207-cdf0283a7923.vhd > CentOS_6.2_x64.vhd.bz2
+ [root@xenhost a9c5b8c8-536b-a193-a6dc-51af3e5ff799]# scp CentOS_6.2_x64.vhd.bz2 webserver:/var/www/html/templates/
+
+Converting a Hyper-V VM to a Template
+--------------------------------------------
+
+To convert a Hyper-V VM to a XenServer-compatible CloudStack template,
+you will need a standalone XenServer host with an attached NFS VHD SR.
+Use whatever XenServer version you are using with CloudStack, but use
+XenCenter 5.6 FP1 or SP2 (it is backwards compatible to 5.6).
+Additionally, it may help to have an attached NFS ISO SR.
+
+For Linux VMs, you may need to do some preparation in Hyper-V before
+trying to get the VM to work in XenServer. Clone the VM and work on the
+clone if you still want to use the VM in Hyper-V. Uninstall Hyper-V
+Integration Components and check for any references to device names in
+/etc/fstab:
+
+#.
+
+ From the linux\_ic/drivers/dist directory, run make uninstall (where
+ "linux\_ic" is the path to the copied Hyper-V Integration Components
+ files).
+
+#.
+
+ Restore the original initrd from backup in /boot/ (the backup is
+ named \*.backup0).
+
+#.
+
+ Remove the "hdX=noprobe" entries from /boot/grub/menu.lst.
+
+#.
+
+ Check /etc/fstab for any partitions mounted by device name. Change
+ those entries (if any) to mount by LABEL or UUID. You can get that
+ information with the blkid command.
+
+The next step is make sure the VM is not running in Hyper-V, then get
+the VHD into XenServer. There are two options for doing this.
+
+Option one:
+
+#.
+
+ Import the VHD using XenCenter. In XenCenter, go to Tools>Virtual
+ Appliance Tools>Disk Image Import.
+
+#.
+
+ Choose the VHD, then click Next.
+
+#.
+
+ Name the VM, choose the NFS VHD SR under Storage, enable "Run
+ Operating System Fixups" and choose the NFS ISO SR.
+
+#.
+
+ Click Next, then Finish. A VM should be created.
+
+Option two:
+
+#.
+
+ Run XenConvert, under From choose VHD, under To choose XenServer.
+ Click Next.
+
+#.
+
+ Choose the VHD, then click Next.
+
+#.
+
+ Input the XenServer host info, then click Next.
+
+#.
+
+ Name the VM, then click Next, then Convert. A VM should be created.
+
+Once you have a VM created from the Hyper-V VHD, prepare it using the
+following steps:
+
+#.
+
+ Boot the VM, uninstall Hyper-V Integration Services, and reboot.
+
+#.
+
+ Install XenServer Tools, then reboot.
+
+#.
+
+ Prepare the VM as desired. For example, run sysprep on Windows VMs.
+ See `Section 12.11, “Creating a Windows
+ Template” <#create-windows-template>`__.
+
+Either option above will create a VM in HVM mode. This is fine for
+Windows VMs, but Linux VMs may not perform optimally. Converting a Linux
+VM to PV mode will require additional steps and will vary by
+distribution.
+
+#.
+
+ Shut down the VM and copy the VHD from the NFS storage to a web
+ server; for example, mount the NFS share on the web server and copy
+ it, or from the XenServer host use sftp or scp to upload it to the
+ web server.
+
+#.
+
+ In CloudStack, create a new template using the following values:
+
+ -
+
+ URL. Give the URL for the VHD
+
+ -
+
+ OS Type. Use the appropriate OS. For PV mode on CentOS, choose
+ Other PV (32-bit) or Other PV (64-bit). This choice is available
+ only for XenServer.
+
+ -
+
+ Hypervisor. XenServer
+
+ -
+
+ Format. VHD
+
+The template will be created, and you can create instances from it.
+
+Adding Password Management to Your Templates
+---------------------------------------------------
+
+CloudStack provides an optional password reset feature that allows users
+to set a temporary admin or root password as well as reset the existing
+admin or root password from the CloudStack UI.
+
+To enable the Reset Password feature, you will need to download an
+additional script to patch your template. When you later upload the
+template into CloudStack, you can specify whether reset admin/root
+password feature should be enabled for this template.
+
+The password management feature works always resets the account password
+on instance boot. The script does an HTTP call to the virtual router to
+retrieve the account password that should be set. As long as the virtual
+router is accessible the guest will have access to the account password
+that should be used. When the user requests a password reset the
+management server generates and sends a new password to the virtual
+router for the account. Thus an instance reboot is necessary to effect
+any password changes.
+
+If the script is unable to contact the virtual router during instance
+boot it will not set the password but boot will continue normally.
+
+Linux OS Installation
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Use the following steps to begin the Linux OS installation:
+
+#.
+
+ Download the script file cloud-set-guest-password:
+
+ -
+
+ `http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in <http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in>`__
+
+#.
+
+ Copy this file to /etc/init.d.
+
+ On some Linux distributions, copy the file to ``/etc/rc.d/init.d``.
+
+#.
+
+ Run the following command to make the script executable:
+
+ .. code:: bash
+
+ chmod +x /etc/init.d/cloud-set-guest-password
+
+#.
+
+ Depending on the Linux distribution, continue with the appropriate
+ step.
+
+ On Fedora, CentOS/RHEL, and Debian, run:
+
+ .. code:: bash
+
+ chkconfig --add cloud-set-guest-password
+
+Windows OS Installation
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Download the installer, CloudInstanceManager.msi, from the `Download
+page <http://sourceforge.net/projects/cloudstack/files/Password%20Management%20Scripts/CloudInstanceManager.msi/download>`__
+and run the installer in the newly created Windows VM.
+
+Deleting Templates
+-------------------------
+
+Templates may be deleted. In general, when a template spans multiple
+Zones, only the copy that is selected for deletion will be deleted; the
+same template in other Zones will not be deleted. The provided CentOS
+template is an exception to this. If the provided CentOS template is
+deleted, it will be deleted from all Zones.
+
+When templates are deleted, the VMs instantiated from them will continue
+to run. However, new VMs cannot be created based on the deleted
+template.
+
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/4bbce96f/source/troubleshooting.rst
----------------------------------------------------------------------
diff --git a/source/troubleshooting.rst b/source/troubleshooting.rst
new file mode 100644
index 0000000..efddaa6
--- /dev/null
+++ b/source/troubleshooting.rst
@@ -0,0 +1,393 @@
+Troubleshooting
+===============
+
+This section gives an outline of how to implement a plugin to integrate
+a third-party storage provider. For details and an example, you will
+need to read the code.
+
+.. note:: Example code is available at: plugins/storage/volume/sample
+
+Third party storage providers can integrate with CloudStack to provide
+either primary storage or secondary storage. For example, CloudStack
+provides plugins for Amazon Simple Storage Service (S3) or OpenStack
+Object Storage (Swift). The S3 plugin can be used for any object storage
+that supports the Amazon S3 interface.
+
+Additional third party object storages that do not support the S3
+interface can be integrated with CloudStack by writing plugin software
+that uses the object storage plugin framework. Several new interfaces
+are available so that storage providers can develop vendor-specific
+plugins based on well-defined contracts that can be seamlessly managed
+by CloudStack.
+
+Artifacts such as templates, ISOs and snapshots are kept in storage
+which CloudStack refers to as secondary storage. To improve scalability
+and performance, as when a number of hosts access secondary storage
+concurrently, object storage can be used for secondary storage. Object
+storage can also provide built-in high availability capability. When
+using object storage, access to secondary storage data can be made
+available across multiple zones in a region. This is a huge benefit, as
+it is no longer necessary to copy templates, snapshots etc. across zones
+as would be needed in an environment using only zone-based NFS storage.
+
+The user enables a storage plugin through the UI. A new dialog box
+choice is offered to select the storage provider. Depending on which
+provider is selected, additional input fields may appear so that the
+user can provide the additional details required by that provider, such
+as a user name and password for a third-party storage account.
+
+Overview of How to Write a Storage Plugin
+-----------------------------------------------
+
+To add a third-party storage option to CloudStack, follow these general
+steps (explained in more detail later in this section):
+
+#.
+
+ Implement the following interfaces in Java:
+
+ -
+
+ DataStoreDriver
+
+ -
+
+ DataStoreLifecycle
+
+ -
+
+ DataStoreProvider
+
+ -
+
+ VMSnapshotStrategy (if you want to customize the VM snapshot
+ functionality)
+
+#.
+
+ Hardcode your plugin's required additional input fields into the code
+ for the Add Secondary Storage or Add Primary Storage dialog box.
+
+#.
+
+ Place your .jar file in plugins/storage/volume/ or
+ plugins/storage/image/.
+
+#.
+
+ Edit /client/tomcatconf/componentContext.xml.in.
+
+#.
+
+ Edit client/pom.xml.
+
+Implementing DataStoreDriver
+----------------------------------
+
+DataStoreDriver contains the code that CloudStack will use to provision
+the object store, when needed.
+
+You must implement the following methods:
+
+-
+
+ getTO()
+
+-
+
+ getStoreTO()
+
+-
+
+ createAsync()
+
+-
+
+ deleteAsync()
+
+The following methods are optional:
+
+-
+
+ resize()
+
+-
+
+ canCopy() is optional. If you set it to true, then you must implement
+ copyAsync().
+
+Implementing DataStoreLifecycle
+-------------------------------------
+
+DataStoreLifecycle contains the code to manage the storage operations
+for ongoing use of the storage. Several operations are needed, like
+create, maintenance mode, delete, etc.
+
+You must implement the following methods:
+
+-
+
+ initialize()
+
+-
+
+ maintain()
+
+-
+
+ cancelMaintain()
+
+-
+
+ deleteDataStore()
+
+-
+
+ Implement one of the attach\*() methods depending on what scope you
+ want the storage to have: attachHost(), attachCluster(), or
+ attachZone().
+
+Implementing DataStoreProvider
+------------------------------------
+
+DataStoreProvider contains the main code of the data store.
+
+You must implement the following methods:
+
+-
+
+ getDatastoreLifeCycle()
+
+-
+
+ getDataStoreDriver()
+
+-
+
+ getTypes(). Returns one or more types of storage for which this data
+ store provider can be used. For secondary object storage, return
+ IMAGE, and for a Secondary Staging Store, return ImageCache.
+
+-
+
+ configure(). First initialize the lifecycle implementation and the
+ driver implementation, then call registerDriver() to register the new
+ object store provider instance with CloudStack.
+
+-
+
+ getName(). Returns the unique name of your provider; for example,
+ this can be used to get the name to display in the UI.
+
+The following methods are optional:
+
+-
+
+ getHostListener() is optional; it's for monitoring the status of the
+ host.
+
+Implementing VMSnapshotStrategy
+-------------------------------------
+
+VMSnapshotStrategy has the following methods:
+
+-
+
+ takeVMSnapshot()
+
+-
+
+ deleteVMSnapshot()
+
+-
+
+ revertVMSnapshot()
+
+-
+
+ canHandle(). For a given VM snapshot, tells whether this
+ implementation of VMSnapshotStrategy can handle it.
+
+Place the .jar File in the Right Directory
+------------------------------------------------
+
+For a secondary storage plugin, place your .jar file here:
+
+.. code:: bash
+
+ plugins/storage/image/
+
+For a primary storage plugin, place your .jar file here:
+
+.. code:: bash
+
+ plugins/storage/volume/
+
+Edit Configuration Files
+------------------------------
+
+First, edit the following file tell CloudStack to include your .jar
+file. Add a line to this file to tell the CloudStack Management Server
+that it now has a dependency on your code:
+
+.. code:: bash
+
+ client/pom.xml
+
+Place some facts about your code in the following file so CloudStack can
+run it:
+
+.. code:: bash
+
+ /client/tomcatconf/componentContext.xml.in
+
+In the section “Deployment configurations of various adapters,” add
+this:
+
+.. code:: bash
+
+ <bean>id=”some unique ID” class=”package name of your implementation of DataStoreProvider”</bean>
+
+In the section “Storage Providers,” add this:
+
+.. code:: bash
+
+ <property name=”providers”>
+ <ref local=”same ID from the bean tag's id attribute”>
+ </property>
+
+Minimum Required Interfaces
+---------------------------------
+
+The classes, interfaces, and methods used by CloudStack from the Amazon
+Web Services (AWS) Java SDK are listed in this section. An object
+storage that supports the S3 interface is minimally required to support
+the below in order to be compatible with CloudStack.
+
+Interface AmazonS3
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+`http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/AmazonS3.html <http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/AmazonS3.html>`__
+
+Modifier and Type
+
+Method and Description
+
+Bucket
+
+createBucket(String bucketName)
+
+Creates a new Amazon S3 bucket with the specified name in the default
+(US) region, Region.US\_Standard.
+
+void
+
+deleteObject(String bucketName, String key)
+
+Deletes the specified object in the specified bucket.
+
+ObjectMetadata
+
+getObject(GetObjectRequest getObjectRequest, File destinationFile)
+
+Gets the object metadata for the object stored in Amazon S3 under the
+specified bucket and key, and saves the object contents to the specified
+file.
+
+S3Object
+
+getObject(String bucketName, String key)
+
+Gets the object stored in Amazon S3 under the specified bucket and key.
+
+URL
+
+generatePresignedUrl(String bucketName, String key, Date expiration,
+HttpMethod method)
+
+Returns a pre-signed URL for accessing an Amazon S3 resource.
+
+void
+
+deleteBucket(String bucketName)
+
+Deletes the specified bucket.
+
+List<Bucket>
+
+listBuckets()
+
+Returns a list of all Amazon S3 buckets that the authenticated sender of
+the request owns.
+
+ObjectListing
+
+listObjects(String bucketName, String prefix)
+
+Returns a list of summary information about the objects in the specified
+bucket.
+
+PutObjectResult
+
+putObject(PutObjectRequest putObjectRequest)
+
+Uploads a new object to the specified Amazon S3 bucket.
+
+PutObjectResult
+
+putObject(String bucketName, String key, File file)
+
+Uploads the specified file to Amazon S3 under the specified bucket and
+key name.
+
+PutObjectResult
+
+putObject(String bucketName, String key, InputStream input,
+ObjectMetadata metadata)
+
+Uploads the specified input stream and object metadata to Amazon S3
+under the specified bucket and key name.
+
+void
+
+setEndpoint(String endpoint)
+
+Overrides the default endpoint for this client.
+
+void
+
+setObjectAcl(String bucketName, String key, CannedAccessControlList acl)
+
+Sets the CannedAccessControlList for the specified object in Amazon S3
+using one of the pre-configured CannedAccessControlLists.
+
+Class TransferManager
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+`http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/transfer/TransferManager.html <http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/transfer/TransferManager.html>`__
+
+Modifier and Type
+
+Method and Description
+
+Upload
+
+upload(PutObjectRequest putObjectRequest)
+
+Schedules a new transfer to upload data to Amazon S3.
+
+Class PutObjectRequest
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+`http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/model/PutObjectRequest.html <http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/model/PutObjectRequest.html>`__
+
+Modifier and Type
+
+Method and Description
+
+Upload
+
+upload(PutObjectRequest putObjectRequest)
+
+Schedules a new transfer to upload data to Amazon S3.
+
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/4bbce96f/source/tuning.rst
----------------------------------------------------------------------
diff --git a/source/tuning.rst b/source/tuning.rst
new file mode 100644
index 0000000..776a05a
--- /dev/null
+++ b/source/tuning.rst
@@ -0,0 +1,116 @@
+Tuning
+======
+
+This section provides tips on how to improve the performance of your
+cloud.
+
+Performance Monitoring
+----------------------------
+
+Host and guest performance monitoring is available to end users and
+administrators. This allows the user to monitor their utilization of
+resources and determine when it is appropriate to choose a more powerful
+service offering or larger disk.
+
+Increase Management Server Maximum Memory
+-----------------------------------------------
+
+If the Management Server is subject to high demand, the default maximum
+JVM memory allocation can be insufficient. To increase the memory:
+
+#.
+
+ Edit the Tomcat configuration file:
+
+ .. code:: bash
+
+ /etc/cloudstack/management/tomcat6.conf
+
+#.
+
+ Change the command-line parameter -XmxNNNm to a higher value of N.
+
+ For example, if the current value is -Xmx128m, change it to -Xmx1024m
+ or higher.
+
+#.
+
+ To put the new setting into effect, restart the Management Server.
+
+ .. code:: bash
+
+ # service cloudstack-management restart
+
+For more information about memory issues, see "FAQ: Memory" at `Tomcat
+Wiki. <http://wiki.apache.org/tomcat/FAQ/Memory>`__
+
+21.3. Set Database Buffer Pool Size
+-----------------------------------
+
+It is important to provide enough memory space for the MySQL database to
+cache data and indexes:
+
+#.
+
+ Edit the MySQL configuration file:
+
+ .. code:: bash
+
+ /etc/my.cnf
+
+#.
+
+ Insert the following line in the [mysqld] section, below the datadir
+ line. Use a value that is appropriate for your situation. We
+ recommend setting the buffer pool at 40% of RAM if MySQL is on the
+ same server as the management server or 70% of RAM if MySQL has a
+ dedicated server. The following example assumes a dedicated server
+ with 1024M of RAM.
+
+ .. code:: bash
+
+ innodb_buffer_pool_size=700M
+
+#.
+
+ Restart the MySQL service.
+
+ .. code:: bash
+
+ # service mysqld restart
+
+For more information about the buffer pool, see "The InnoDB Buffer Pool"
+at `MySQL Reference
+Manual <http://dev.mysql.com/doc/refman/5.5/en/innodb-buffer-pool.html>`__.
+
+Set and Monitor Total VM Limits per Host
+----------------------------------------------
+
+The CloudStack administrator should monitor the total number of VM
+instances in each cluster, and disable allocation to the cluster if the
+total is approaching the maximum that the hypervisor can handle. Be sure
+to leave a safety margin to allow for the possibility of one or more
+hosts failing, which would increase the VM load on the other hosts as
+the VMs are automatically redeployed. Consult the documentation for your
+chosen hypervisor to find the maximum permitted number of VMs per host,
+then use CloudStack global configuration settings to set this as the
+default limit. Monitor the VM activity in each cluster at all times.
+Keep the total number of VMs below a safe level that allows for the
+occasional host failure. For example, if there are N hosts in the
+cluster, and you want to allow for one host in the cluster to be down at
+any given time, the total number of VM instances you can permit in the
+cluster is at most (N-1) \* (per-host-limit). Once a cluster reaches
+this number of VMs, use the CloudStack UI to disable allocation of more
+VMs to the cluster.
+
+Configure XenServer dom0 Memory
+-------------------------------------
+
+Configure the XenServer dom0 settings to allocate more memory to dom0.
+This can enable XenServer to handle larger numbers of virtual machines.
+We recommend 2940 MB of RAM for XenServer dom0. For instructions on how
+to do this, see `Citrix Knowledgebase
+Article <http://support.citrix.com/article/CTX126531>`__.The article
+refers to XenServer 5.6, but the same information applies to XenServer 6
+
+
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/4bbce96f/source/ui.rst
----------------------------------------------------------------------
diff --git a/source/ui.rst b/source/ui.rst
new file mode 100644
index 0000000..6e68cfa
--- /dev/null
+++ b/source/ui.rst
@@ -0,0 +1,358 @@
+User Interface
+==============
+
+Log In to the UI
+---------------------
+
+CloudStack provides a web-based UI that can be used by both
+administrators and end users. The appropriate version of the UI is
+displayed depending on the credentials used to log in. The UI is
+available in popular browsers including IE7, IE8, IE9, Firefox 3.5+,
+Firefox 4, Safari 4, and Safari 5. The URL is: (substitute your own
+management server IP address)
+
+.. code:: bash
+
+ http://<management-server-ip-address>:8080/client
+
+On a fresh Management Server installation, a guided tour splash screen
+appears. On later visits, you’ll see a login screen where you specify
+the following to proceed to your Dashboard:
+
+Username
+''''''''
+
+The user ID of your account. The default username is admin.
+
+Password
+''''''''
+
+The password associated with the user ID. The password for the default
+username is password.
+
+Domain
+''''''
+
+If you are a root user, leave this field blank.
+
+If you are a user in the sub-domains, enter the full path to the domain,
+excluding the root domain.
+
+For example, suppose multiple levels are created under the root domain,
+such as Comp1/hr. The users in the Comp1 domain should enter Comp1 in
+the Domain field, whereas the users in the Comp1/sales domain should
+enter Comp1/sales.
+
+For more guidance about the choices that appear when you log in to this
+UI, see Logging In as the Root Administrator.
+
+End User's UI Overview
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The CloudStack UI helps users of cloud infrastructure to view and use
+their cloud resources, including virtual machines, templates and ISOs,
+data volumes and snapshots, guest networks, and IP addresses. If the
+user is a member or administrator of one or more CloudStack projects,
+the UI can provide a project-oriented view.
+
+Root Administrator's UI Overview
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The CloudStack UI helps the CloudStack administrator provision, view,
+and manage the cloud infrastructure, domains, user accounts, projects,
+and configuration settings. The first time you start the UI after a
+fresh Management Server installation, you can choose to follow a guided
+tour to provision your cloud infrastructure. On subsequent logins, the
+dashboard of the logged-in user appears. The various links in this
+screen and the navigation bar on the left provide access to a variety of
+administrative functions. The root administrator can also use the UI to
+perform all the same tasks that are present in the end-user’s UI.
+
+Logging In as the Root Administrator
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+After the Management Server software is installed and running, you can
+run the CloudStack user interface. This UI is there to help you
+provision, view, and manage your cloud infrastructure.
+
+#.
+
+ Open your favorite Web browser and go to this URL. Substitute the IP
+ address of your own Management Server:
+
+ .. code:: bash
+
+ http://<management-server-ip-address>:8080/client
+
+ After logging into a fresh Management Server installation, a guided
+ tour splash screen appears. On later visits, you’ll be taken directly
+ into the Dashboard.
+
+#.
+
+ If you see the first-time splash screen, choose one of the following.
+
+ -
+
+ **Continue with basic setup.** Choose this if you're just trying
+ CloudStack, and you want a guided walkthrough of the simplest
+ possible configuration so that you can get started right away.
+ We'll help you set up a cloud with the following features: a
+ single machine that runs CloudStack software and uses NFS to
+ provide storage; a single machine running VMs under the XenServer
+ or KVM hypervisor; and a shared public network.
+
+ The prompts in this guided tour should give you all the
+ information you need, but if you want just a bit more detail, you
+ can follow along in the Trial Installation Guide.
+
+ -
+
+ **I have used CloudStack before.** Choose this if you have already
+ gone through a design phase and planned a more sophisticated
+ deployment, or you are ready to start scaling up a trial cloud
+ that you set up earlier with the basic setup screens. In the
+ Administrator UI, you can start using the more powerful features
+ of CloudStack, such as advanced VLAN networking, high
+ availability, additional network elements such as load balancers
+ and firewalls, and support for multiple hypervisors including
+ Citrix XenServer, KVM, and VMware vSphere.
+
+ The root administrator Dashboard appears.
+
+#.
+
+ You should set a new root administrator password. If you chose basic
+ setup, you’ll be prompted to create a new password right away. If you
+ chose experienced user, use the steps in `Section 5.1.4, “Changing
+ the Root Password” <#changing-root-password>`__.
+
+.. warning:: You are logging in as the root administrator. This account manages the
+CloudStack deployment, including physical infrastructure. The root
+administrator can modify configuration settings to change basic
+functionality, create or delete user accounts, and take many actions
+that should be performed only by an authorized person. Please change the
+default password to a new, unique password.
+
+Changing the Root Password
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+During installation and ongoing cloud administration, you will need to
+log in to the UI as the root administrator. The root administrator
+account manages the CloudStack deployment, including physical
+infrastructure. The root administrator can modify configuration settings
+to change basic functionality, create or delete user accounts, and take
+many actions that should be performed only by an authorized person. When
+first installing CloudStack, be sure to change the default password to a
+new, unique value.
+
+#.
+
+ Open your favorite Web browser and go to this URL. Substitute the IP
+ address of your own Management Server:
+
+ .. code:: bash
+
+ http://<management-server-ip-address>:8080/client
+
+#.
+
+ Log in to the UI using the current root user ID and password. The
+ default is admin, password.
+
+#.
+
+ Click Accounts.
+
+#.
+
+ Click the admin account name.
+
+#.
+
+ Click View Users.
+
+#.
+
+ Click the admin user name.
+
+#.
+
+ Click the Change Password button. |change-password.png: button to
+ change a user's password|
+
+#.
+
+ Type the new password, and click OK.
+
+Using SSH Keys for Authentication
+--------------------------------------
+
+In addition to the username and password authentication, CloudStack
+supports using SSH keys to log in to the cloud infrastructure for
+additional security. You can use the createSSHKeyPair API to generate
+the SSH keys.
+
+Because each cloud user has their own SSH key, one cloud user cannot log
+in to another cloud user's instances unless they share their SSH key
+files. Using a single SSH key pair, you can manage multiple instances.
+
+Creating an Instance Template that Supports SSH Keys
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Create a instance template that supports SSH Keys.
+
+#.
+
+ Create a new instance by using the template provided by cloudstack.
+
+ For more information on creating a new instance, see
+
+#.
+
+ Download the cloudstack script from `The SSH Key Gen
+ Script <http://sourceforge.net/projects/cloudstack/files/SSH%20Key%20Gen%20Script/>`__\ to
+ the instance you have created.
+
+ .. code:: bash
+
+ wget http://downloads.sourceforge.net/project/cloudstack/SSH%20Key%20Gen%20Script/cloud-set-guest-sshkey.in?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fcloudstack%2Ffiles%2FSSH%2520Key%2520Gen%2520Script%2F&ts=1331225219&use_mirror=iweb
+
+#.
+
+ Copy the file to /etc/init.d.
+
+ .. code:: bash
+
+ cp cloud-set-guest-sshkey.in /etc/init.d/
+
+#.
+
+ Give the necessary permissions on the script:
+
+ .. code:: bash
+
+ chmod +x /etc/init.d/cloud-set-guest-sshkey.in
+
+#.
+
+ Run the script while starting up the operating system:
+
+ .. code:: bash
+
+ chkconfig --add cloud-set-guest-sshkey.in
+
+#.
+
+ Stop the instance.
+
+Creating the SSH Keypair
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You must make a call to the createSSHKeyPair api method. You can either
+use the CloudStack Python API library or the curl commands to make the
+call to the cloudstack api.
+
+For example, make a call from the cloudstack server to create a SSH
+keypair called "keypair-doc" for the admin account in the root domain:
+
+.. note:: Ensure that you adjust these values to meet your needs. If you are
+making the API call from a different server, your URL/PORT will be
+different, and you will need to use the API keys.
+
+#.
+
+ Run the following curl command:
+
+ .. code:: bash
+
+ curl --globoff "http://localhost:8096/?command=createSSHKeyPair&name=keypair-doc&account=admin&domainid=5163440e-c44b-42b5-9109-ad75cae8e8a2"
+
+ The output is something similar to what is given below:
+
+ .. code:: bash
+
+ <?xml version="1.0" encoding="ISO-8859-1"?><createsshkeypairresponse cloud-stack-version="3.0.0.20120228045507"><keypair><name>keypair-doc</name><fingerprint>f6:77:39:d5:5e:77:02:22:6a:d8:7f:ce:ab:cd:b3:56</fingerprint><privatekey>-----BEGIN RSA PRIVATE KEY-----
+ MIICXQIBAAKBgQCSydmnQ67jP6lNoXdX3noZjQdrMAWNQZ7y5SrEu4wDxplvhYci
+ dXYBeZVwakDVsU2MLGl/K+wefwefwefwefwefJyKJaogMKn7BperPD6n1wIDAQAB
+ AoGAdXaJ7uyZKeRDoy6wA0UmF0kSPbMZCR+UTIHNkS/E0/4U+6lhMokmFSHtu
+ mfDZ1kGGDYhMsdytjDBztljawfawfeawefawfawfawQQDCjEsoRdgkduTy
+ QpbSGDIa11Jsc+XNDx2fgRinDsxXI/zJYXTKRhSl/LIPHBw/brW8vzxhOlSOrwm7
+ VvemkkgpAkEAwSeEw394LYZiEVv395ar9MLRVTVLwpo54jC4tsOxQCBlloocK
+ lYaocpk0yBqqOUSBawfIiDCuLXSdvBo1Xz5ICTM19vgvEp/+kMuECQBzm
+ nVo8b2Gvyagqt/KEQo8wzH2THghZ1qQ1QRhIeJG2aissEacF6bGB2oZ7Igim5L14
+ 4KR7OeEToyCLC2k+02UCQQCrniSnWKtDVoVqeK/zbB32JhW3Wullv5p5zUEcd
+ KfEEuzcCUIxtJYTahJ1pvlFkQ8anpuxjSEDp8x/18bq3
+ -----END RSA PRIVATE KEY-----
+ </privatekey></keypair></createsshkeypairresponse>
+
+#.
+
+ Copy the key data into a file. The file looks like this:
+
+ .. code:: bash
+
+ -----BEGIN RSA PRIVATE KEY-----
+ MIICXQIBAAKBgQCSydmnQ67jP6lNoXdX3noZjQdrMAWNQZ7y5SrEu4wDxplvhYci
+ dXYBeZVwakDVsU2MLGl/K+wefwefwefwefwefJyKJaogMKn7BperPD6n1wIDAQAB
+ AoGAdXaJ7uyZKeRDoy6wA0UmF0kSPbMZCR+UTIHNkS/E0/4U+6lhMokmFSHtu
+ mfDZ1kGGDYhMsdytjDBztljawfawfeawefawfawfawQQDCjEsoRdgkduTy
+ QpbSGDIa11Jsc+XNDx2fgRinDsxXI/zJYXTKRhSl/LIPHBw/brW8vzxhOlSOrwm7
+ VvemkkgpAkEAwSeEw394LYZiEVv395ar9MLRVTVLwpo54jC4tsOxQCBlloocK
+ lYaocpk0yBqqOUSBawfIiDCuLXSdvBo1Xz5ICTM19vgvEp/+kMuECQBzm
+ nVo8b2Gvyagqt/KEQo8wzH2THghZ1qQ1QRhIeJG2aissEacF6bGB2oZ7Igim5L14
+ 4KR7OeEToyCLC2k+02UCQQCrniSnWKtDVoVqeK/zbB32JhW3Wullv5p5zUEcd
+ KfEEuzcCUIxtJYTahJ1pvlFkQ8anpuxjSEDp8x/18bq3
+ -----END RSA PRIVATE KEY-----
+
+#.
+
+ Save the file.
+
+Creating an Instance
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+After you save the SSH keypair file, you must create an instance by
+using the template that you created at `Section 5.2.1, “ Creating an
+Instance Template that Supports SSH Keys” <#create-ssh-template>`__.
+Ensure that you use the same SSH key name that you created at
+`Section 5.2.2, “Creating the SSH Keypair” <#create-ssh-keypair>`__.
+
+.. note:: You cannot create the instance by using the GUI at this time and
+associate the instance with the newly created SSH keypair.
+
+A sample curl command to create a new instance is:
+
+.. code:: bash
+
+ curl --globoff http://localhost:<port number>/?command=deployVirtualMachine\&zoneId=1\&serviceOfferingId=18727021-7556-4110-9322-d625b52e0813\&templateId=e899c18a-ce13-4bbf-98a9-625c5026e0b5\&securitygroupids=ff03f02f-9e3b-48f8-834d-91b822da40c5\&account=admin\&domainid=1\&keypair=keypair-doc
+
+Substitute the template, service offering and security group IDs (if you
+are using the security group feature) that are in your cloud
+environment.
+
+Logging In Using the SSH Keypair
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+To test your SSH key generation is successful, check whether you can log
+in to the cloud setup.
+
+For exaple, from a Linux OS, run:
+
+.. code:: bash
+
+ ssh -i ~/.ssh/keypair-doc <ip address>
+
+The -i parameter tells the ssh client to use a ssh key found at
+~/.ssh/keypair-doc.
+
+5.2.5. Resetting SSH Keys
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+With the API command resetSSHKeyForVirtualMachine, a user can set or
+reset the SSH keypair assigned to a virtual machine. A lost or
+compromised SSH keypair can be changed, and the user can access the VM
+by using the new keypair. Just create or register a new keypair, then
+call resetSSHKeyForVirtualMachine.
+
+
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/4bbce96f/source/usage.rst
----------------------------------------------------------------------
diff --git a/source/usage.rst b/source/usage.rst
new file mode 100644
index 0000000..2bdcb6e
--- /dev/null
+++ b/source/usage.rst
@@ -0,0 +1,603 @@
+Working with Usage
+==================
+
+The Usage Server is an optional, separately-installed part of CloudStack
+that provides aggregated usage records which you can use to create
+billing integration for CloudStack. The Usage Server works by taking
+data from the events log and creating summary usage records that you can
+access using the listUsageRecords API call.
+
+The usage records show the amount of resources, such as VM run time or
+template storage space, consumed by guest instances.
+
+The Usage Server runs at least once per day. It can be configured to run
+multiple times per day.
+
+Configuring the Usage Server
+----------------------------------
+
+To configure the usage server:
+
+#.
+
+ Be sure the Usage Server has been installed. This requires extra
+ steps beyond just installing the CloudStack software. See Installing
+ the Usage Server (Optional) in the Advanced Installation Guide.
+
+#.
+
+ Log in to the CloudStack UI as administrator.
+
+#.
+
+ Click Global Settings.
+
+#.
+
+ In Search, type usage. Find the configuration parameter that controls
+ the behavior you want to set. See the table below for a description
+ of the available parameters.
+
+#.
+
+ In Actions, click the Edit icon.
+
+#.
+
+ Type the desired value and click the Save icon.
+
+#.
+
+ Restart the Management Server (as usual with any global configuration
+ change) and also the Usage Server:
+
+ .. code:: bash
+
+ # service cloudstack-management restart
+ # service cloudstack-usage restart
+
+The following table shows the global configuration settings that control
+the behavior of the Usage Server.
+
+Parameter Name
+
+Description
+
+enable.usage.server
+
+Whether the Usage Server is active.
+
+usage.aggregation.timezone
+
+Time zone of usage records. Set this if the usage records and daily job
+execution are in different time zones. For example, with the following
+settings, the usage job will run at PST 00:15 and generate usage records
+for the 24 hours from 00:00:00 GMT to 23:59:59 GMT:
+
+.. code:: bash
+
+ usage.stats.job.exec.time = 00:15
+ usage.execution.timezone = PST
+ usage.aggregation.timezone = GMT
+
+Valid values for the time zone are specified in `Appendix A, *Time
+Zones* <#time-zones>`__
+
+Default: GMT
+
+usage.execution.timezone
+
+The time zone of usage.stats.job.exec.time. Valid values for the time
+zone are specified in `Appendix A, *Time Zones* <#time-zones>`__
+
+Default: The time zone of the management server.
+
+usage.sanity.check.interval
+
+The number of days between sanity checks. Set this in order to
+periodically search for records with erroneous data before issuing
+customer invoices. For example, this checks for VM usage records created
+after the VM was destroyed, and similar checks for templates, volumes,
+and so on. It also checks for usage times longer than the aggregation
+range. If any issue is found, the alert
+ALERT\_TYPE\_USAGE\_SANITY\_RESULT = 21 is sent.
+
+usage.stats.job.aggregation.range
+
+The time period in minutes between Usage Server processing jobs. For
+example, if you set it to 1440, the Usage Server will run once per day.
+If you set it to 600, it will run every ten hours. In general, when a
+Usage Server job runs, it processes all events generated since usage was
+last run.
+
+There is special handling for the case of 1440 (once per day). In this
+case the Usage Server does not necessarily process all records since
+Usage was last run. CloudStack assumes that you require processing once
+per day for the previous, complete day’s records. For example, if the
+current day is October 7, then it is assumed you would like to process
+records for October 6, from midnight to midnight. CloudStack assumes
+this “midnight to midnight” is relative to the usage.execution.timezone.
+
+Default: 1440
+
+usage.stats.job.exec.time
+
+The time when the Usage Server processing will start. It is specified in
+24-hour format (HH:MM) in the time zone of the server, which should be
+GMT. For example, to start the Usage job at 10:30 GMT, enter “10:30”.
+
+If usage.stats.job.aggregation.range is also set, and its value is not
+1440, then its value will be added to usage.stats.job.exec.time to get
+the time to run the Usage Server job again. This is repeated until 24
+hours have elapsed, and the next day's processing begins again at
+usage.stats.job.exec.time.
+
+Default: 00:15.
+
+For example, suppose that your server is in GMT, your user population is
+predominantly in the East Coast of the United States, and you would like
+to process usage records every night at 2 AM local (EST) time. Choose
+these settings:
+
+-
+
+ enable.usage.server = true
+
+-
+
+ usage.execution.timezone = America/New\_York
+
+-
+
+ usage.stats.job.exec.time = 07:00. This will run the Usage job at
+ 2:00 AM EST. Note that this will shift by an hour as the East Coast
+ of the U.S. enters and exits Daylight Savings Time.
+
+-
+
+ usage.stats.job.aggregation.range = 1440
+
+With this configuration, the Usage job will run every night at 2 AM EST
+and will process records for the previous day’s midnight-midnight as
+defined by the EST (America/New\_York) time zone.
+
+.. note:: Because the special value 1440 has been used for
+usage.stats.job.aggregation.range, the Usage Server will ignore the data
+between midnight and 2 AM. That data will be included in the next day's
+run.
+
+Setting Usage Limits
+--------------------------
+
+CloudStack provides several administrator control points for capping
+resource usage by users. Some of these limits are global configuration
+parameters. Others are applied at the ROOT domain and may be overridden
+on a per-account basis.
+
+Aggregate limits may be set on a per-domain basis. For example, you may
+limit a domain and all subdomains to the creation of 100 VMs.
+
+This section covers the following topics:
+
+Globally Configured Limits
+--------------------------------
+
+In a zone, the guest virtual network has a 24 bit CIDR by default. This
+limits the guest virtual network to 254 running instances. It can be
+adjusted as needed, but this must be done before any instances are
+created in the zone. For example, 10.1.1.0/22 would provide for ~1000
+addresses.
+
+The following table lists limits set in the Global Configuration:
+
+Parameter Name
+
+Definition
+
+max.account.public.ips
+
+Number of public IP addresses that can be owned by an account
+
+max.account.snapshots
+
+Number of snapshots that can exist for an account
+
+max.account.templates
+
+Number of templates that can exist for an account
+
+max.account.user.vms
+
+Number of virtual machine instances that can exist for an account
+
+max.account.volumes
+
+Number of disk volumes that can exist for an account
+
+max.template.iso.size
+
+Maximum size for a downloaded template or ISO in GB
+
+max.volume.size.gb
+
+Maximum size for a volume in GB
+
+network.throttling.rate
+
+Default data transfer rate in megabits per second allowed per user
+(supported on XenServer)
+
+snapshot.max.hourly
+
+Maximum recurring hourly snapshots to be retained for a volume. If the
+limit is reached, early snapshots from the start of the hour are deleted
+so that newer ones can be saved. This limit does not apply to manual
+snapshots. If set to 0, recurring hourly snapshots can not be scheduled
+
+snapshot.max.daily
+
+Maximum recurring daily snapshots to be retained for a volume. If the
+limit is reached, snapshots from the start of the day are deleted so
+that newer ones can be saved. This limit does not apply to manual
+snapshots. If set to 0, recurring daily snapshots can not be scheduled
+
+snapshot.max.weekly
+
+Maximum recurring weekly snapshots to be retained for a volume. If the
+limit is reached, snapshots from the beginning of the week are deleted
+so that newer ones can be saved. This limit does not apply to manual
+snapshots. If set to 0, recurring weekly snapshots can not be scheduled
+
+snapshot.max.monthly
+
+Maximum recurring monthly snapshots to be retained for a volume. If the
+limit is reached, snapshots from the beginning of the month are deleted
+so that newer ones can be saved. This limit does not apply to manual
+snapshots. If set to 0, recurring monthly snapshots can not be
+scheduled.
+
+To modify global configuration parameters, use the global configuration
+screen in the CloudStack UI. See Setting Global Configuration Parameters
+
+Limiting Resource Usage
+-----------------------------
+
+CloudStack allows you to control resource usage based on the types of
+resources, such as CPU, RAM, Primary storage, and Secondary storage. A
+new set of resource types has been added to the existing pool of
+resources to support the new customization model—need-basis usage, such
+as large VM or small VM. The new resource types are now broadly
+classified as CPU, RAM, Primary storage, and Secondary storage. The root
+administrator is able to impose resource usage limit by the following
+resource types for Domain, Project, and Accounts.
+
+-
+
+ CPUs
+
+-
+
+ Memory (RAM)
+
+-
+
+ Primary Storage (Volumes)
+
+-
+
+ Secondary Storage (Snapshots, Templates, ISOs)
+
+To control the behaviour of this feature, the following configuration
+parameters have been added:
+
+Parameter Name
+
+Description
+
+max.account.cpus
+
+Maximum number of CPU cores that can be used for an account.
+
+Default is 40.
+
+max.account.ram (MB)
+
+Maximum RAM that can be used for an account.
+
+Default is 40960.
+
+max.account.primary.storage (GB)
+
+Maximum primary storage space that can be used for an account.
+
+Default is 200.
+
+max.account.secondary.storage (GB)
+
+Maximum secondary storage space that can be used for an account.
+
+Default is 400.
+
+max.project.cpus
+
+Maximum number of CPU cores that can be used for an account.
+
+Default is 40.
+
+max.project.ram (MB)
+
+Maximum RAM that can be used for an account.
+
+Default is 40960.
+
+max.project.primary.storage (GB)
+
+Maximum primary storage space that can be used for an account.
+
+Default is 200.
+
+max.project.secondary.storage (GB)
+
+Maximum secondary storage space that can be used for an account.
+
+Default is 400.
+
+User Permission
+~~~~~~~~~~~~~~~~~~~~~~~
+
+The root administrator, domain administrators and users are able to list
+resources. Ensure that proper logs are maintained in the ``vmops.log``
+and ``api.log`` files.
+
+-
+
+ The root admin will have the privilege to list and update resource
+ limits.
+
+-
+
+ The domain administrators are allowed to list and change these
+ resource limits only for the sub-domains and accounts under their own
+ domain or the sub-domains.
+
+-
+
+ The end users will the privilege to list resource limits. Use the
+ listResourceLimits API.
+
+Limit Usage Considerations
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-
+
+ Primary or Secondary storage space refers to the stated size of the
+ volume and not the physical size— the actual consumed size on disk in
+ case of thin provisioning.
+
+-
+
+ If the admin reduces the resource limit for an account and set it to
+ less than the resources that are currently being consumed, the
+ existing VMs/templates/volumes are not destroyed. Limits are imposed
+ only if the user under that account tries to execute a new operation
+ using any of these resources. For example, the existing behavior in
+ the case of a VM are:
+
+ -
+
+ migrateVirtualMachine: The users under that account will be able
+ to migrate the running VM into any other host without facing any
+ limit issue.
+
+ -
+
+ recoverVirtualMachine: Destroyed VMs cannot be recovered.
+
+-
+
+ For any resource type, if a domain has limit X, sub-domains or
+ accounts under that domain can have there own limits. However, the
+ sum of resource allocated to a sub-domain or accounts under the
+ domain at any point of time should not exceed the value X.
+
+ For example, if a domain has the CPU limit of 40 and the sub-domain
+ D1 and account A1 can have limits of 30 each, but at any point of
+ time the resource allocated to D1 and A1 should not exceed the limit
+ of 40.
+
+-
+
+ If any operation needs to pass through two of more resource limit
+ check, then the lower of 2 limits will be enforced, For example: if
+ an account has the VM limit of 10 and CPU limit of 20, and a user
+ under that account requests 5 VMs of 4 CPUs each. The user can deploy
+ 5 more VMs because VM limit is 10. However, the user cannot deploy
+ any more instances because the CPU limit has been exhausted.
+
+Limiting Resource Usage in a Domain
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+CloudStack allows the configuration of limits on a domain basis. With a
+domain limit in place, all users still have their account limits. They
+are additionally limited, as a group, to not exceed the resource limits
+set on their domain. Domain limits aggregate the usage of all accounts
+in the domain as well as all the accounts in all the sub-domains of that
+domain. Limits set at the root domain level apply to the sum of resource
+usage by the accounts in all the domains and sub-domains below that root
+domain.
+
+To set a domain limit:
+
+#.
+
+ Log in to the CloudStack UI.
+
+#.
+
+ In the left navigation tree, click Domains.
+
+#.
+
+ Select the domain you want to modify. The current domain limits are
+ displayed.
+
+ A value of -1 shows that there is no limit in place.
+
+#.
+
+ Click the Edit button |editbutton.png: edits the settings.|
+
+#.
+
+ Edit the following as per your requirement:
+
+ Parameter Name
+
+ Description
+
+ Instance Limits
+
+ The number of instances that can be used in a domain.
+
+ Public IP Limits
+
+ The number of public IP addresses that can be used in a domain.
+
+ Volume Limits
+
+ The number of disk volumes that can be created in a domain.
+
+ Snapshot Limits
+
+ The number of snapshots that can be created in a domain.
+
+ Template Limits
+
+ The number of templates that can be registered in a domain.
+
+ VPC limits
+
+ The number of VPCs that can be created in a domain.
+
+ CPU limits
+
+ The number of CPU cores that can be used for a domain.
+
+ Memory limits (MB)
+
+ The number of RAM that can be used for a domain.
+
+ Primary Storage limits (GB)
+
+ The primary storage space that can be used for a domain.
+
+ Secondary Storage limits (GB)
+
+ The secondary storage space that can be used for a domain.
+
+#.
+
+ Click Apply.
+
+Default Account Resource Limits
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can limit resource use by accounts. The default limits are set by
+using Global configuration parameters, and they affect all accounts
+within a cloud. The relevant parameters are those beginning with
+max.account, for example: max.account.snapshots.
+
+To override a default limit for a particular account, set a per-account
+resource limit.
+
+#.
+
+ Log in to the CloudStack UI.
+
+#.
+
+ In the left navigation tree, click Accounts.
+
+#.
+
+ Select the account you want to modify. The current limits are
+ displayed.
+
+ A value of -1 shows that there is no limit in place.
+
+#.
+
+ Click the Edit button. |editbutton.png: edits the settings|
+
+#.
+
+ Edit the following as per your requirement:
+
+ Parameter Name
+
+ Description
+
+ Instance Limits
+
+ The number of instances that can be used in an account.
+
+ The default is 20.
+
+ Public IP Limits
+
+ The number of public IP addresses that can be used in an account.
+
+ The default is 20.
+
+ Volume Limits
+
+ The number of disk volumes that can be created in an account.
+
+ The default is 20.
+
+ Snapshot Limits
+
+ The number of snapshots that can be created in an account.
+
+ The default is 20.
+
+ Template Limits
+
+ The number of templates that can be registered in an account.
+
+ The default is 20.
+
+ VPC limits
+
+ The number of VPCs that can be created in an account.
+
+ The default is 20.
+
+ CPU limits
+
+ The number of CPU cores that can be used for an account.
+
+ The default is 40.
+
+ Memory limits (MB)
+
+ The number of RAM that can be used for an account.
+
+ The default is 40960.
+
+ Primary Storage limits (GB)
+
+ The primary storage space that can be used for an account.
+
+ The default is 200.
+
+ Secondary Storage limits (GB)
+
+ The secondary storage space that can be used for an account.
+
+ The default is 400.
+
+#.
+
+ Click Apply.
+