You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ra...@apache.org on 2013/07/11 06:57:55 UTC
[1/2] git commit: updated refs/heads/master to 3e8edd7
Updated Branches:
refs/heads/master 873e4e0e5 -> 3e8edd74b
CLOUDSTACK-1815
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/f56d9d7c
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/f56d9d7c
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/f56d9d7c
Branch: refs/heads/master
Commit: f56d9d7c63b03516382c85290d202eff191c57aa
Parents: 873e4e0
Author: radhikap <ra...@citrix.com>
Authored: Thu Jul 11 10:25:40 2013 +0530
Committer: radhikap <ra...@citrix.com>
Committed: Thu Jul 11 10:27:28 2013 +0530
----------------------------------------------------------------------
docs/en-US/password-storage-engine.xml | 54 +++++++++++++++++++++++++++++
1 file changed, 54 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f56d9d7c/docs/en-US/password-storage-engine.xml
----------------------------------------------------------------------
diff --git a/docs/en-US/password-storage-engine.xml b/docs/en-US/password-storage-engine.xml
new file mode 100644
index 0000000..b1d5340
--- /dev/null
+++ b/docs/en-US/password-storage-engine.xml
@@ -0,0 +1,54 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
+%BOOK_ENTITIES;
+]>
+
+<!-- Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<section id="password-storage-engine">
+ <title>Changing the Default Password Encryption</title>
+ <para>&PRODUCT; allows you to determine the default encoding and authentication mechanism for
+ admin and user logins. Plain text user authenticator has been changed to do a simple string
+ comparison between retrieved and supplied login passwords instead of comparing the retrieved md5
+ hash of the stored password against the supplied md5 hash of the password because clients no
+ longer hash the password. The following method determines what encoding scheme is used to encode
+ the password supplied during user creation or modification.</para>
+ <para>When a new user is created, the user password is encoded by using the first valid encoder
+ loaded as per the sequence specified in the <code>UserPasswordEncoders</code> property in the
+ <filename>ComponentContext.xml</filename> or <filename>nonossComponentContext.xml</filename>
+ files. The order of authentication schemes is determined by the <code>UserAuthenticators</code>
+ property in the same files. The administrator can change the ordering of both these properties
+ as preferred. When a new authenticator or encoder is added, you can add them to this list. While
+ doing so, ensure that the new authenticator or encoder is specified as a bean in both these
+ files if they are required for both oss and non-oss components. The two properties are listed
+ below:</para>
+ <programlisting><property name="UserAuthenticators">
+ <list>
+ <ref bean="SHA256SaltedUserAuthenticator"/>
+ <ref bean="MD5UserAuthenticator"/>
+ <ref bean="LDAPUserAuthenticator"/>
+ <ref bean="PlainTextUserAuthenticator"/>
+ </list>
+ </property>
+ <property name="UserPasswordEncoders">
+ <list>
+ <ref bean="SHA256SaltedUserAuthenticator"/>
+ <ref bean="MD5UserAuthenticator"/>
+ <ref bean="LDAPUserAuthenticator"/>
+ <ref bean="PlainTextUserAuthenticator"/>
+ </list></programlisting>
+</section>
[2/2] git commit: updated refs/heads/master to 3e8edd7
Posted by ra...@apache.org.
CLOUDSTACK-770
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/3e8edd74
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/3e8edd74
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/3e8edd74
Branch: refs/heads/master
Commit: 3e8edd74b9095ac6fde6beaf8a7a3a480c0f95c5
Parents: f56d9d7
Author: radhikap <ra...@citrix.com>
Authored: Thu Jul 11 10:26:42 2013 +0530
Committer: radhikap <ra...@citrix.com>
Committed: Thu Jul 11 10:27:31 2013 +0530
----------------------------------------------------------------------
docs/en-US/configure-acl.xml | 2 +-
docs/en-US/inter-vlan-routing.xml | 28 ++++++++++++++--------------
docs/en-US/vpc.xml | 6 ++++++
3 files changed, 21 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3e8edd74/docs/en-US/configure-acl.xml
----------------------------------------------------------------------
diff --git a/docs/en-US/configure-acl.xml b/docs/en-US/configure-acl.xml
index e4d5dad..c89210b 100644
--- a/docs/en-US/configure-acl.xml
+++ b/docs/en-US/configure-acl.xml
@@ -19,7 +19,7 @@
under the License.
-->
<section id="configure-acl">
- <title>Configuring Access Control List</title>
+ <title>Configuring Network Access Control List</title>
<para>Define Network Access Control List (ACL) on the VPC virtual router to control incoming
(ingress) and outgoing (egress) traffic between the VPC tiers, and the tiers and Internet. By
default, all incoming and outgoing traffic to the guest networks is blocked. To open the ports,
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3e8edd74/docs/en-US/inter-vlan-routing.xml
----------------------------------------------------------------------
diff --git a/docs/en-US/inter-vlan-routing.xml b/docs/en-US/inter-vlan-routing.xml
index c39d567..59115de 100644
--- a/docs/en-US/inter-vlan-routing.xml
+++ b/docs/en-US/inter-vlan-routing.xml
@@ -19,16 +19,16 @@
under the License.
-->
<section id="inter-vlan-routing">
- <title>About Inter-VLAN Routing</title>
- <para>Inter-VLAN Routing is the capability to route network traffic between VLANs. This feature
- enables you to build Virtual Private Clouds (VPC), an isolated segment of your cloud, that can
- hold multi-tier applications. These tiers are deployed on different VLANs that can communicate
- with each other. You provision VLANs to the tiers your create, and VMs can be deployed on
- different tiers. The VLANs are connected to a virtual router, which facilitates communication
- between the VMs. In effect, you can segment VMs by means of VLANs into different networks that
- can host multi-tier applications, such as Web, Application, or Database. Such segmentation by
- means of VLANs logically separate application VMs for higher security and lower broadcasts,
- while remaining physically connected to the same device.</para>
+ <title>About Inter-VLAN Routing (nTier Apps)</title>
+ <para>Inter-VLAN Routing (nTier Apps) is the capability to route network traffic between VLANs.
+ This feature enables you to build Virtual Private Clouds (VPC), an isolated segment of your
+ cloud, that can hold multi-tier applications. These tiers are deployed on different VLANs that
+ can communicate with each other. You provision VLANs to the tiers your create, and VMs can be
+ deployed on different tiers. The VLANs are connected to a virtual router, which facilitates
+ communication between the VMs. In effect, you can segment VMs by means of VLANs into different
+ networks that can host multi-tier applications, such as Web, Application, or Database. Such
+ segmentation by means of VLANs logically separate application VMs for higher security and lower
+ broadcasts, while remaining physically connected to the same device.</para>
<para>This feature is supported on XenServer, KVM, and VMware hypervisors.</para>
<para>The major advantages are:</para>
<itemizedlist>
@@ -88,10 +88,10 @@
</itemizedlist>
</listitem>
<listitem>
- <para>The administrator can define Access Control List (ACL) on the virtual router to filter
- the traffic among the VLANs or between the Internet and a VLAN. You can define ACL based on
- CIDR, port range, protocol, type code (if ICMP protocol is selected) and Ingress/Egress
- type.</para>
+ <para>The administrator can define Network Access Control List (ACL) on the virtual router to
+ filter the traffic among the VLANs or between the Internet and a VLAN. You can define ACL
+ based on CIDR, port range, protocol, type code (if ICMP protocol is selected) and
+ Ingress/Egress type.</para>
</listitem>
</itemizedlist>
<para>The following figure shows the possible deployment scenarios of a Inter-VLAN setup:</para>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3e8edd74/docs/en-US/vpc.xml
----------------------------------------------------------------------
diff --git a/docs/en-US/vpc.xml b/docs/en-US/vpc.xml
index 7c94f0d..d1f0c52 100644
--- a/docs/en-US/vpc.xml
+++ b/docs/en-US/vpc.xml
@@ -75,6 +75,12 @@
Translation for instances to access the Internet via the public gateway. For more
information, see <xref linkend="enable-disable-static-nat-vpc"/>.</para>
</listitem>
+ <listitem>
+ <para><emphasis role="bold">Network ACL</emphasis>: Network ACL is a group of Network ACL
+ items. Network ACL items are nothing but numbered rules that are evaluated in order,
+ starting with the lowest numbered rule. These rules determine whether traffic is allowed in
+ or out of any tier associated with the network ACL. For more information, see <xref linkend="configure-acl"/>.</para>
+ </listitem>
</itemizedlist>
<formalpara>
<title>Network Architecture in a VPC</title>