cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ke4...@apache.org
Subject [05/11] networking2.rst
Date Tue, 28 Jan 2014 02:23:26 GMT
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/4bbce96f/source/parameters.rst
----------------------------------------------------------------------
diff --git a/source/parameters.rst b/source/parameters.rst
new file mode 100644
index 0000000..f1823c7
--- /dev/null
+++ b/source/parameters.rst
@@ -0,0 +1,359 @@
+Setting Configuration Parameters
+================================
+
+19.1. About Configuration Parameters
+------------------------------------
+
+CloudStack provides a variety of settings you can use to set limits,
+configure features, and enable or disable features in the cloud. Once
+your Management Server is running, you might need to set some of these
+configuration parameters, depending on what optional features you are
+setting up. You can set default values at the global level, which will
+be in effect throughout the cloud unless you override them at a lower
+level. You can make local settings, which will override the global
+configuration parameter values, at the level of an account, zone,
+cluster, or primary storage.
+
+The documentation for each CloudStack feature should direct you to the
+names of the applicable parameters. The following table shows a few of
+the more useful parameters.
+
+Field
+
+Value
+
+management.network.cidr
+
+A CIDR that describes the network that the management CIDRs reside on.
+This variable must be set for deployments that use vSphere. It is
+recommended to be set for other deployments as well. Example:
+192.168.3.0/24.
+
+xen.setup.multipath
+
+For XenServer nodes, this is a true/false variable that instructs
+CloudStack to enable iSCSI multipath on the XenServer Hosts when they
+are added. This defaults to false. Set it to true if you would like
+CloudStack to enable multipath.
+
+If this is true for a NFS-based deployment multipath will still be
+enabled on the XenServer host. However, this does not impact NFS
+operation and is harmless.
+
+secstorage.allowed.internal.sites
+
+This is used to protect your internal network from rogue attempts to
+download arbitrary files using the template download feature. This is a
+comma-separated list of CIDRs. If a requested URL matches any of these
+CIDRs the Secondary Storage VM will use the private network interface to
+fetch the URL. Other URLs will go through the public interface. We
+suggest you set this to 1 or 2 hardened internal machines where you keep
+your templates. For example, set it to 192.168.1.66/32.
+
+use.local.storage
+
+Determines whether CloudStack will use storage that is local to the Host
+for data disks, templates, and snapshots. By default CloudStack will not
+use this storage. You should change this to true if you want to use
+local storage and you understand the reliability and feature drawbacks
+to choosing local storage.
+
+host
+
+This is the IP address of the Management Server. If you are using
+multiple Management Servers you should enter a load balanced IP address
+that is reachable via the private network.
+
+default.page.size
+
+Maximum number of items per page that can be returned by a CloudStack
+API command. The limit applies at the cloud level and can vary from
+cloud to cloud. You can override this with a lower value on a particular
+API call by using the page and pagesize API command parameters. For more
+information, see the Developer's Guide. Default: 500.
+
+ha.tag
+
+The label you want to use throughout the cloud to designate certain
+hosts as dedicated HA hosts. These hosts will be used only for
+HA-enabled VMs that are restarting due to the failure of another host.
+For example, you could set this to ha\_host. Specify the ha.tag value as
+a host tag when you add a new host to the cloud.
+
+vmware.vcenter.session.timeout
+
+Determines the vCenter session timeout value by using this parameter.
+The default value is 20 minutes. Increase the timeout value to avoid
+timeout errors in VMware deployments because certain VMware operations
+take more than 20 minutes.
+
+Setting Global Configuration Parameters
+---------------------------------------------
+
+Use the following steps to set global configuration parameters. These
+values will be the defaults in effect throughout your CloudStack
+deployment.
+
+#. 
+
+   Log in to the UI as administrator.
+
+#. 
+
+   In the left navigation bar, click Global Settings.
+
+#. 
+
+   In Select View, choose one of the following:
+
+   -  
+
+      Global Settings. This displays a list of the parameters with brief
+      descriptions and current values.
+
+   -  
+
+      Hypervisor Capabilities. This displays a list of hypervisor
+      versions with the maximum number of guests supported for each.
+
+#. 
+
+   Use the search box to narrow down the list to those you are
+   interested in.
+
+#. 
+
+   In the Actions column, click the Edit icon to modify a value. If you
+   are viewing Hypervisor Capabilities, you must click the name of the
+   hypervisor first to display the editing screen.
+
+Setting Local Configuration Parameters
+--------------------------------------------
+
+Use the following steps to set local configuration parameters for an
+account, zone, cluster, or primary storage. These values will override
+the global configuration settings.
+
+#. 
+
+   Log in to the UI as administrator.
+
+#. 
+
+   In the left navigation bar, click Infrastructure or Accounts,
+   depending on where you want to set a value.
+
+#. 
+
+   Find the name of the particular resource that you want to work with.
+   For example, if you are in Infrastructure, click View All on the
+   Zones, Clusters, or Primary Storage area.
+
+#. 
+
+   Click the name of the resource where you want to set a limit.
+
+#. 
+
+   Click the Settings tab.
+
+#. 
+
+   Use the search box to narrow down the list to those you are
+   interested in.
+
+#. 
+
+   In the Actions column, click the Edit icon to modify a value.
+
+Granular Global Configuration Parameters
+----------------------------------------------
+
+The following global configuration parameters have been made more
+granular. The parameters are listed under three different scopes:
+account, cluster, and zone.
+
+Field
+
+Field
+
+Value
+
+account
+
+remote.access.vpn.client.iprange
+
+The range of IPs to be allocated to remotely access the VPN clients. The
+first IP in the range is used by the VPN server.
+
+account
+
+allow.public.user.templates
+
+If false, users will not be able to create public templates.
+
+account
+
+use.system.public.ips
+
+If true and if an account has one or more dedicated public IP ranges,
+IPs are acquired from the system pool after all the IPs dedicated to the
+account have been consumed.
+
+account
+
+use.system.guest.vlans
+
+If true and if an account has one or more dedicated guest VLAN ranges,
+VLANs are allocated from the system pool after all the VLANs dedicated
+to the account have been consumed.
+
+cluster
+
+cluster.storage.allocated.capacity.notificationthreshold
+
+The percentage, as a value between 0 and 1, of allocated storage
+utilization above which alerts are sent that the storage is below the
+threshold.
+
+cluster
+
+cluster.storage.capacity.notificationthreshold
+
+The percentage, as a value between 0 and 1, of storage utilization above
+which alerts are sent that the available storage is below the threshold.
+
+cluster
+
+cluster.cpu.allocated.capacity.notificationthreshold
+
+The percentage, as a value between 0 and 1, of cpu utilization above
+which alerts are sent that the available CPU is below the threshold.
+
+cluster
+
+cluster.memory.allocated.capacity.notificationthreshold
+
+The percentage, as a value between 0 and 1, of memory utilization above
+which alerts are sent that the available memory is below the threshold.
+
+cluster
+
+cluster.cpu.allocated.capacity.disablethreshold
+
+The percentage, as a value between 0 and 1, of CPU utilization above
+which allocators will disable that cluster from further usage. Keep the
+corresponding notification threshold lower than this value to be
+notified beforehand.
+
+cluster
+
+cluster.memory.allocated.capacity.disablethreshold
+
+The percentage, as a value between 0 and 1, of memory utilization above
+which allocators will disable that cluster from further usage. Keep the
+corresponding notification threshold lower than this value to be
+notified beforehand.
+
+cluster
+
+cpu.overprovisioning.factor
+
+Used for CPU over-provisioning calculation; the available CPU will be
+the mathematical product of actualCpuCapacity and
+cpu.overprovisioning.factor.
+
+cluster
+
+mem.overprovisioning.factor
+
+Used for memory over-provisioning calculation.
+
+cluster
+
+vmware.reserve.cpu
+
+Specify whether or not to reserve CPU when not over-provisioning; In
+case of CPU over-provisioning, CPU is always reserved.
+
+cluster
+
+vmware.reserve.mem
+
+Specify whether or not to reserve memory when not over-provisioning; In
+case of memory over-provisioning memory is always reserved.
+
+zone
+
+pool.storage.allocated.capacity.disablethreshold
+
+The percentage, as a value between 0 and 1, of allocated storage
+utilization above which allocators will disable that pool because the
+available allocated storage is below the threshold.
+
+zone
+
+pool.storage.capacity.disablethreshold
+
+The percentage, as a value between 0 and 1, of storage utilization above
+which allocators will disable the pool because the available storage
+capacity is below the threshold.
+
+zone
+
+storage.overprovisioning.factor
+
+Used for storage over-provisioning calculation; available storage will
+be the mathematical product of actualStorageSize and
+storage.overprovisioning.factor.
+
+zone
+
+network.throttling.rate
+
+Default data transfer rate in megabits per second allowed in a network.
+
+zone
+
+guest.domain.suffix
+
+Default domain name for VMs inside a virtual networks with a router.
+
+zone
+
+router.template.xen
+
+Name of the default router template on Xenserver.
+
+zone
+
+router.template.kvm
+
+Name of the default router template on KVM.
+
+zone
+
+router.template.vmware
+
+Name of the default router template on VMware.
+
+zone
+
+enable.dynamic.scale.vm
+
+Enable or diable dynamically scaling of a VM.
+
+zone
+
+use.external.dns
+
+Bypass internal DNS, and use the external DNS1 and DNS2
+
+zone
+
+blacklisted.routes
+
+Routes that are blacklisted cannot be used for creating static routes
+for a VPC Private Gateway.
+
+

http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/4bbce96f/source/projects.rst
----------------------------------------------------------------------
diff --git a/source/projects.rst b/source/projects.rst
new file mode 100644
index 0000000..d591c3d
--- /dev/null
+++ b/source/projects.rst
@@ -0,0 +1,552 @@
+Using Projects to Organize Users and Resources
+==============================================
+
+Overview of Projects
+-------------------------
+
+Projects are used to organize people and resources. CloudStack users
+within a single domain can group themselves into project teams so they
+can collaborate and share virtual resources such as VMs, snapshots,
+templates, data disks, and IP addresses. CloudStack tracks resource
+usage per project as well as per user, so the usage can be billed to
+either a user account or a project. For example, a private cloud within
+a software company might have all members of the QA department assigned
+to one project, so the company can track the resources used in testing
+while the project members can more easily isolate their efforts from
+other users of the same cloud
+
+You can configure CloudStack to allow any user to create a new project,
+or you can restrict that ability to just CloudStack administrators. Once
+you have created a project, you become that project’s administrator, and
+you can add others within your domain to the project. CloudStack can be
+set up either so that you can add people directly to a project, or so
+that you have to send an invitation which the recipient must accept.
+Project members can view and manage all virtual resources created by
+anyone in the project (for example, share VMs). A user can be a member
+of any number of projects and can switch views in the CloudStack UI to
+show only project-related information, such as project VMs, fellow
+project members, project-related alerts, and so on.
+
+The project administrator can pass on the role to another project
+member. The project administrator can also add more members, remove
+members from the project, set new resource limits (as long as they are
+below the global defaults set by the CloudStack administrator), and
+delete the project. When the administrator removes a member from the
+project, resources created by that user, such as VM instances, remain
+with the project. This brings us to the subject of resource ownership
+and which resources can be used by a project.
+
+Resources created within a project are owned by the project, not by any
+particular CloudStack account, and they can be used only within the
+project. A user who belongs to one or more projects can still create
+resources outside of those projects, and those resources belong to the
+user’s account; they will not be counted against the project’s usage or
+resource limits. You can create project-level networks to isolate
+traffic within the project and provide network services such as port
+forwarding, load balancing, VPN, and static NAT. A project can also make
+use of certain types of resources from outside the project, if those
+resources are shared. For example, a shared network or public template
+is available to any project in the domain. A project can get access to a
+private template if the template’s owner will grant permission. A
+project can use any service offering or disk offering available in its
+domain; however, you can not create private service and disk offerings
+at the project level..
+
+Configuring Projects
+-------------------------
+
+Before CloudStack users start using projects, the CloudStack
+administrator must set up various systems to support them, including
+membership invitations, limits on project resources, and controls on who
+can create projects.
+
+Setting Up Invitations
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+CloudStack can be set up either so that project administrators can add
+people directly to a project, or so that it is necessary to send an
+invitation which the recipient must accept. The invitation can be sent
+by email or through the user’s CloudStack account. If you want
+administrators to use invitations to add members to projects, turn on
+and set up the invitations feature in CloudStack.
+
+#. 
+
+   Log in as administrator to the CloudStack UI.
+
+#. 
+
+   In the left navigation, click Global Settings.
+
+#. 
+
+   In the search box, type project and click the search button.
+   |searchbutton.png: Searches projects|
+
+#. 
+
+   In the search results, you can see a few other parameters you need to
+   set to control how invitations behave. The table below shows global
+   configuration parameters related to project invitations. Click the
+   edit button to set each parameter.
+
+   Configuration Parameters
+
+   Description
+
+   project.invite.required
+
+   Set to true to turn on the invitations feature.
+
+   project.email.sender
+
+   The email address to show in the From field of invitation emails.
+
+   project.invite.timeout
+
+   Amount of time to allow for a new member to respond to the
+   invitation.
+
+   project.smtp.host
+
+   Name of the host that acts as an email server to handle invitations.
+
+   project.smtp.password
+
+   (Optional) Password required by the SMTP server. You must also set
+   project.smtp.username and set project.smtp.useAuth to true.
+
+   project.smtp.port
+
+   SMTP server’s listening port.
+
+   project.smtp.useAuth
+
+   Set to true if the SMTP server requires a username and password.
+
+   project.smtp.username
+
+   (Optional) User name required by the SMTP server for authentication.
+   You must also set project.smtp.password and set project.smtp.useAuth
+   to true..
+
+#. 
+
+   Restart the Management Server:
+
+   .. code:: bash
+
+       service cloudstack-management restart
+
+Setting Resource Limits for Projects
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The CloudStack administrator can set global default limits to control
+the amount of resources that can be owned by each project in the cloud.
+This serves to prevent uncontrolled usage of resources such as
+snapshots, IP addresses, and virtual machine instances. Domain
+administrators can override these resource limits for individual
+projects with their domains, as long as the new limits are below the
+global defaults set by the CloudStack root administrator. The root
+administrator can also set lower resource limits for any project in the
+cloud
+
+Setting Per-Project Resource Limits
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The CloudStack root administrator or the domain administrator of the
+domain where the project resides can set new resource limits for an
+individual project. The project owner can set resource limits only if
+the owner is also a domain or root administrator.
+
+The new limits must be below the global default limits set by the
+CloudStack administrator (as described in `Section 6.2.2, “Setting
+Resource Limits for Projects” <#set-resource-limits-for-projects>`__).
+If the project already owns more of a given type of resource than the
+new maximum, the resources are not affected; however, the project can
+not add any new resources of that type until the total drops below the
+new limit.
+
+#. 
+
+   Log in as administrator to the CloudStack UI.
+
+#. 
+
+   In the left navigation, click Projects.
+
+#. 
+
+   In Select View, choose Projects.
+
+#. 
+
+   Click the name of the project you want to work with.
+
+#. 
+
+   Click the Resources tab. This tab lists the current maximum amount
+   that the project is allowed to own for each type of resource.
+
+#. 
+
+   Type new values for one or more resources.
+
+#. 
+
+   Click Apply.
+
+Setting the Global Project Resource Limits
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+#. 
+
+   Log in as administrator to the CloudStack UI.
+
+#. 
+
+   In the left navigation, click Global Settings.
+
+#. 
+
+   In the search box, type max.projects and click the search button.
+
+#. 
+
+   In the search results, you will see the parameters you can use to set
+   per-project maximum resource amounts that apply to all projects in
+   the cloud. No project can have more resources, but an individual
+   project can have lower limits. Click the edit button to set each
+   parameter. |editbutton.png: Edits parameters|
+
+   max.project.public.ips
+
+   Maximum number of public IP addresses that can be owned by any
+   project in the cloud. See About Public IP Addresses.
+
+   max.project.snapshots
+
+   Maximum number of snapshots that can be owned by any project in the
+   cloud. See Working with Snapshots.
+
+   max.project.templates
+
+   Maximum number of templates that can be owned by any project in the
+   cloud. See Working with Templates.
+
+   max.project.uservms
+
+   Maximum number of guest virtual machines that can be owned by any
+   project in the cloud. See Working With Virtual Machines.
+
+   max.project.volumes
+
+   Maximum number of data volumes that can be owned by any project in
+   the cloud. See Working with Volumes.
+
+#. 
+
+   Restart the Management Server.
+
+   .. code:: bash
+
+       # service cloudstack-management restart
+
+Setting Project Creator Permissions
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can configure CloudStack to allow any user to create a new project,
+or you can restrict that ability to just CloudStack administrators.
+
+#. 
+
+   Log in as administrator to the CloudStack UI.
+
+#. 
+
+   In the left navigation, click Global Settings.
+
+#. 
+
+   In the search box, type allow.user.create.projects.
+
+#. 
+
+   Click the edit button to set the parameter. |editbutton.png: Edits
+   parameters|
+
+   allow.user.create.projects
+
+   Set to true to allow end users to create projects. Set to false if
+   you want only the CloudStack root administrator and domain
+   administrators to create projects.
+
+#. 
+
+   Restart the Management Server.
+
+   .. code:: bash
+
+       # service cloudstack-management restart
+
+Creating a New Project
+---------------------------
+
+CloudStack administrators and domain administrators can create projects.
+If the global configuration parameter allow.user.create.projects is set
+to true, end users can also create projects.
+
+#. 
+
+   Log in as administrator to the CloudStack UI.
+
+#. 
+
+   In the left navigation, click Projects.
+
+#. 
+
+   In Select view, click Projects.
+
+#. 
+
+   Click New Project.
+
+#. 
+
+   Give the project a name and description for display to users, then
+   click Create Project.
+
+#. 
+
+   A screen appears where you can immediately add more members to the
+   project. This is optional. Click Next when you are ready to move on.
+
+#. 
+
+   Click Save.
+
+Adding Members to a Project
+--------------------------------
+
+New members can be added to a project by the project’s administrator,
+the domain administrator of the domain where the project resides or any
+parent domain, or the CloudStack root administrator. There are two ways
+to add members in CloudStack, but only one way is enabled at a time:
+
+-  
+
+   If invitations have been enabled, you can send invitations to new
+   members.
+
+-  
+
+   If invitations are not enabled, you can add members directly through
+   the UI.
+
+Sending Project Membership Invitations
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Use these steps to add a new member to a project if the invitations
+feature is enabled in the cloud as described in `Section 6.2.1, “Setting
+Up Invitations” <#set-up-invitations>`__. If the invitations feature is
+not turned on, use the procedure in Adding Project Members From the UI.
+
+#. 
+
+   Log in to the CloudStack UI.
+
+#. 
+
+   In the left navigation, click Projects.
+
+#. 
+
+   In Select View, choose Projects.
+
+#. 
+
+   Click the name of the project you want to work with.
+
+#. 
+
+   Click the Invitations tab.
+
+#. 
+
+   In Add by, select one of the following:
+
+   #. 
+
+      Account – The invitation will appear in the user’s Invitations tab
+      in the Project View. See Using the Project View.
+
+   #. 
+
+      Email – The invitation will be sent to the user’s email address.
+      Each emailed invitation includes a unique code called a token
+      which the recipient will provide back to CloudStack when accepting
+      the invitation. Email invitations will work only if the global
+      parameters related to the SMTP server have been set. See
+      `Section 6.2.1, “Setting Up Invitations” <#set-up-invitations>`__.
+
+#. 
+
+   Type the user name or email address of the new member you want to
+   add, and click Invite. Type the CloudStack user name if you chose
+   Account in the previous step. If you chose Email, type the email
+   address. You can invite only people who have an account in this cloud
+   within the same domain as the project. However, you can send the
+   invitation to any email address.
+
+#. 
+
+   To view and manage the invitations you have sent, return to this tab.
+   When an invitation is accepted, the new member will appear in the
+   project’s Accounts tab.
+
+Adding Project Members From the UI
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The steps below tell how to add a new member to a project if the
+invitations feature is not enabled in the cloud. If the invitations
+feature is enabled cloud,as described in `Section 6.2.1, “Setting Up
+Invitations” <#set-up-invitations>`__, use the procedure in
+`Section 6.4.1, “Sending Project Membership
+Invitations” <#send-projects-membership-invitation>`__.
+
+#. 
+
+   Log in to the CloudStack UI.
+
+#. 
+
+   In the left navigation, click Projects.
+
+#. 
+
+   In Select View, choose Projects.
+
+#. 
+
+   Click the name of the project you want to work with.
+
+#. 
+
+   Click the Accounts tab. The current members of the project are
+   listed.
+
+#. 
+
+   Type the account name of the new member you want to add, and click
+   Add Account. You can add only people who have an account in this
+   cloud and within the same domain as the project.
+
+Accepting a Membership Invitation
+--------------------------------------
+
+If you have received an invitation to join a CloudStack project, and you
+want to accept the invitation, follow these steps:
+
+#. 
+
+   Log in to the CloudStack UI.
+
+#. 
+
+   In the left navigation, click Projects.
+
+#. 
+
+   In Select View, choose Invitations.
+
+#. 
+
+   If you see the invitation listed onscreen, click the Accept button.
+
+   Invitations listed on screen were sent to you using your CloudStack
+   account name.
+
+#. 
+
+   If you received an email invitation, click the Enter Token button,
+   and provide the project ID and unique ID code (token) from the email.
+
+Suspending or Deleting a Project
+-------------------------------------
+
+When a project is suspended, it retains the resources it owns, but they
+can no longer be used. No new resources or members can be added to a
+suspended project.
+
+When a project is deleted, its resources are destroyed, and member
+accounts are removed from the project. The project’s status is shown as
+Disabled pending final deletion.
+
+A project can be suspended or deleted by the project administrator, the
+domain administrator of the domain the project belongs to or of its
+parent domain, or the CloudStack root administrator.
+
+#. 
+
+   Log in to the CloudStack UI.
+
+#. 
+
+   In the left navigation, click Projects.
+
+#. 
+
+   In Select View, choose Projects.
+
+#. 
+
+   Click the name of the project.
+
+#. 
+
+   Click one of the buttons:
+
+   To delete, use |deletebutton.png: Removes a project|
+
+   To suspend, use |deletebutton.png: suspends a project|
+
+Using the Project View
+---------------------------
+
+If you are a member of a project, you can use CloudStack’s project view
+to see project members, resources consumed, and more. The project view
+shows only information related to one project. It is a useful way to
+filter out other information so you can concentrate on a project status
+and resources.
+
+#. 
+
+   Log in to the CloudStack UI.
+
+#. 
+
+   Click Project View.
+
+#. 
+
+   The project dashboard appears, showing the project’s VMs, volumes,
+   users, events, network settings, and more. From the dashboard, you
+   can:
+
+   -  
+
+      Click the Accounts tab to view and manage project members. If you
+      are the project administrator, you can add new members, remove
+      members, or change the role of a member from user to admin. Only
+      one member at a time can have the admin role, so if you set
+      another user’s role to admin, your role will change to regular
+      user.
+
+   -  
+
+      (If invitations are enabled) Click the Invitations tab to view and
+      manage invitations that have been sent to new project members but
+      not yet accepted. Pending invitations will remain in this list
+      until the new member accepts, the invitation timeout is reached,
+      or you cancel the invitation.


Mime
View raw message