etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/incubator-cloudstack

This commit is contained in:
Prasanna Santhanam 2012-09-25 12:15:25 +05:30
parent 0b0d57255c 8f2afb9305
commit 2e393d2fe9
76 changed files with 2426 additions and 2667 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.gitignore vendored
View File

@ -45,10 +45,13 @@ deps/awsapi-lib/
git-remote-https.exe.stackdump
*.swp
tools/devcloud/devcloudbox/.vagrant
deps/*.jar
deps/*.war
deps/*.mar
*.jar
*.war
*.mar
*.zip
*.iso
*.tar.gz
*.tgz
awsapi/modules/*
!.gitignore
.classpath

68
awsapi/docs/AmazonEC2/EC2-API-tool-setup.txt
View File

@ -1,68 +0,0 @@
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-----------------------------------------------------------
1. Get the EC2 API tool
http://s3.amazonaws.com/ec2-downloads/ec2-api-tools-1.3-62308.zip. Install it by unzipping it
2. Prepare a API request certificate, if you have Amazon account, Amazon has the service to let you generate and download a X509 certificate and its associated private key
3. Prepare EC2 command running environment
Set following environment variables and make them point to the right location.
EC2_ACCESS_KEY=<CloudStack API key>
EC2_SECRET_KEY=<CloudStack Secret key>
EC2_HOME: <full path to your EC2 API tool installation directory>
EC2_CERT: <full path to your certficate file>
EC2_PRIVATE_KEY: <full path to your private key file for the certficate>
EC2_URL: http://<CloudBridge server address>/bridge/AmazonEC2
4. Generate CloudStack API key
Login to CloudStack management console, you can generate an API key and its secret key pair there.
5. Inform CloudBridge about the API/security key pair to use
http://<CloudBridge server address>/bridge/rest/AmazonEC2?Action=SetUserKeys&accesskey=<key>&secretkey=<key>
6. Upload certificate and associate it with the API key
There is not a convenient tool to do that, this has to be done in manual step. following HTML form can be used to submit the certificate, be sure to replace the content
matching with your setup though.
to ec2-service.properties
<HTML>
<BODY>
Save the cert into Cloud's EC2 Service:
<P>
<FORM name="setcert" action="http://<CloudBridge server address>/bridge/rest/AmazonEC2" method="get">
<input type="hidden" name="Action" value="SetCertificate"/>
<input type="hidden" name="AWSAccessKeyId" value="<your API key>" />
<input type="hidden" name="SignatureMethod" value="HmacSHA1" />
<input type="hidden" name="SignatureVersion" value="2" />
<input type="hidden" name="Expires" value="2010-11-15T10:10:10Z" />
<input type="hidden" name="Timestamp" value="2011-11-15T10:10:10Z" />
<input type="hidden" name="Version" value="2010-08-31" />
<input type="hidden" name="Signature" value="7KUYxW5YOpUZyZGCP49BudZraGU=" />
<TEXTAREA name="cert" cols=100 rows=20></TEXTAREA>
<P>
<input type="submit" value="Submit" />
</FORM>
</BODY>
</HTML>

164
awsapi/docs/AmazonEC2/EC2-implementation-guide.html
View File

@ -1,164 +0,0 @@
<HTML>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<HEAD>
<TITLE>Cloud.com's EC2 API Implementation Guide</TITLE>
</HEAD>
<BODY>
<H1>Cloud.com's EC2 API Implementation Guide</H1>
3/24/2011
<H2>Table of Contents</H2>
<UL>
<LI><A href="#conf">1. Configuration Parameters</A></LI>
<LI><A href="#party">2. Required 3rd Party Software</A></LI>
<LI><A href="#maintenace">3. Maintenance</A></LI>
<LI><A href="#install">4. Installation Instructions</A></LI>
<LI><A href="#refs">5. References</A></LI>
</UL>
<P>
<H2 id="conf">1. Configuration Parameters</H2>
Several configuration parameters are required to make Cloud.com's EC2 service work properly.
The following parameters are defined in the file:</BR> &lt;install directory>"/apache-tomcat-6.0.18/conf/ec2-service.properties":
<pre>
managementServer=192.168.154.36
cloudAPIPort=8080
WSDLVersion=2010-08-31
keystore=xes.keystore
keystorePass=apache
dbName=cloudsbridge
dbUser=root
dbPassword=
pollInterval1=100
pollInterval2=100
pollInterval3=100
pollInterval4=1000
pollInterval5=100
pollInterval6=100
</pre>
<I>managementServer</I> - FQDN or IP address of a Cloud.com management server. This is the address that
the EC2 service makes Cloud.com REST API calls against.</BR>
<I>cloudAPIPort</I> - The TCP port that the CloudStack, User API is running on. If this property is not defined,
then no port is used by the EC2 service when it queries the CloudStack.</BR>
<I>WSDLVersion</I> - The string that defines the WSDL used by the SOAP API which the REST API also implements.
This string is compared to the "Version=" parameter on each and every authorized REST request.</BR>
<I>keystore</I> - The file name of the keystore used by EC2 which must be placed at the directory:
"../apache-tomcat-6.0.18/webapps/bridge/WEB-INF/classes"</BR>
<I>keystorePass</I> - The password to the EC2 keystore specified by the "keystore" parameter.</BR>
<I>dbName</I> - The MySql database name holding the EC2 service's required tables.</BR>
<I>dbUser=</I> - The user name used to access the "dbName" MySql database.</BR>
<I>dbPassword</I> - The password (if any) the "dbUser" needs to access the EC2 MySql database.</BR>
<I>pollInterval1</I> - Time in milliseconds between asynchronous job completion polling for the following Cloud.com
API call: createTemplate. Default value is 100.</BR>
<I>pollInterval2</I> - Time in milliseconds between asynchronous job completion polling for the following Cloud.com
API call: deployVirtualMachine. Default value is 100.</BR>
<I>pollInterval3</I> - Time in milliseconds between asynchronous job completion polling for the following Cloud.com
API call: createVolume. Default value is 100.</BR>
<I>pollInterval4</I> - Time in milliseconds between asynchronous job completion polling for the following Cloud.com
API call: createSnapshot. Default value is 1000.</BR>
<I>pollInterval5</I> - Time in milliseconds between asynchronous job completion polling for the following Cloud.com
API calls: deleteSnapshot, deleteTemplate, deleteVolume, attachVolume, detachVolume, disassociateIpAddress, enableStaticNat, disableStaticNat. Default value is 100.</BR>
<I>pollInterval6</I> - Time in milliseconds between asynchronous job completion polling for the following Cloud.com
API calls: startVirtualMachine, destroyVirtualMachine, stopVirtualMachine. Default value is 100.</BR>
<P>
<BR>
The following REST calls are used to configure a mapping between Amazon's instance types and CloudStack service offerings:
<P>
http://&lt;fqdn-or-ip&gt;:&lt;port&gt;/bridge/rest/AmazonEC2?Action=SetOfferMapping&amazonoffer=m1.large&cloudoffer=1<BR>
<P>
The 'amazonoffer' parameter defines the standard Amazon instance types while the 'cloudoffer' parameter defines its associated
CloudStack service offering identifer. The result of this REST call is to save the defined relationship. A second call with the
same value for amazonoffer but with a different cloudoffer value will overwrite a previously saved setting.
<BR>
SetOfferMapping is an authenticated REST call using the same authentication scheme as all other EC2 REST calls. This means that the following standard EC2 REST paramters must also be part of the request: Signature, SignatureMethod, Version, SignatureVersion, and Expires.
A HTTP 200 result code is returned on success and a 404 on failure.
<P>
http://&lt;fqdn-or-ip&gt;:&lt;port&gt;/bridge/rest/AmazonEC2?Action=DeleteOfferMapping&amazonoffer=m1.large<BR>
<P>
The result of this REST call is to delete any relationship previously defined by a call to the SetOfferMapping call for the
value passed in the 'amazonoffer' parameter.<BR>
DeleteOfferMapping is an authenticated REST call using the same authentication scheme as all other EC2 REST calls. This means that the following standard EC2 REST paramters must also be part of the request: Signature, SignatureMethod, Version, SignatureVersion, and Expires.
A HTTP 200 result code is returned on success and a 404 on failure.
<P>
Examples of other Amazon instance types are:
{ "m1.small", "m1.large", "m1.xlarge", "c1.medium", "c1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge" }.</BR>
Service offering IDs can be obtained from the following Cloud.com API calls: listServiceOfferings.
Cloud.com's service offerings are configurable and thus can be different per installation, and they
can also be viewed from the Cloud.com's Admin UI.
<P>
<H2 id="party">2. Required 3rd Party Software</H2>
Cloud.com's EC2 service has been built and tested on the following set of 3rd party software:
<pre>
MySql
apache-tomcat 6.0.18
axis2 1.5.1
rampart 1.5 (installed into axis2 for WS-Security)
used for testing: ec2-api-tools-1.3-53907
</pre>
<P>
<H2 id="maintenace">3. Maintenance</H2>
As a result of the SetCertificate REST call <A href="#ref1">[1]</A>, X509 Certificates used for SOAP authentication are
stored in the following keystore:
<pre>
&lt;install directory>/apache-tomcat-6.0.18/webapps/bridge/WEB-INF/classes/xes.keystore
</pre>
The keytool <A href="#ref2">[2]</A> command line tool can be used to delete certificates no longer in use.
<P>
As a result of the SetUserKeys REST call <A href="#ref1">[1]</A>, entries are inserted into
the "usercredentials" table of the "cloudbridge" MySql database.
The MySql command line client can be used to delete usercredentials entries no longer in use.
<P>
<H2 id="install">4. Installation Instructions</H2>
<P>
On the very first install an EC2/S3 MySql database is created by running the following
scripts in the given order: cloudsbridge_db.sql, cloudsbridge_schema.sql, cloudbridge_index.sql
<P>
After a successful installation the following directory and file structure should exist:
<pre>
&lt;install directory>
apache-tomcat-6.0.18
conf
ec2-service.properties (EC2 service's configuration parameters)
server.xml
lib
&lt;many axis2 jar files>
webapps
bridge
WEB-INF
classes
crypto.properties
xes.keystore (holds X509 certificates for SOAP authentication)
modules
cloud-auth-ec2.mar
rampart-1.5.mar
rahas-1.5.mar
addressing-1.5.1.mar
services
cloud-ec2.aar (the Axis2 EC2 service)
</pre>
The "../modules/cloud-auth-ec2.mar" module performs a mapping from an X509 certificate appearing in a SOAP
request (since its signed via WS-Security) to a matching user's Cloud.com API access and secret keys. This association
is first created via the SetUserKeys and SetCertificate REST calls [1].
<P>
<H2 id="refs">5. References</H2>
<OL>
<LI id="ref1">Cloud.com's EC2 API User's Guide, 7/15/2010</LI>
<LI id="ref2"><A href="http://download.oracle.com/docs/cd/E17476_01/javase/1.4.2/docs/tooldocs/windows/keytool.html">keytool - Key and Certificate Management Tool</A></LI>
</OL>
</BODY>
</HTML>

92
awsapi/docs/AmazonEC2/EC2-local-deploy-using-ant.html
View File

@ -1,92 +0,0 @@
<HTML>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<HEAD>
<TITLE>Cloud.com's EC2 local deployment Guide</TITLE>
</HEAD>
<BODY>
<H1>Cloud.com's EC2 local deployment Guide</H1>
8/30/2010
8/25/2011 (updated)
<H2>Table of Contents</H2>
<UL>
<LI><A href="#prereq">1. Required 3rd Party Software</A></LI>
<LI><A href="#git">2. Clone repository</A></LI>
<LI><A href="#build">3. Build, deploy and run cloud-bridge with ant</A></LI>
</UL>
<P>
<H2 id="prereq">1. Required 3rd Party Software</H2>
1) Following software has to be installed in order to deploy and run cloud-bridge tool:
<pre>
apache-tomcat-6.0.32
axis2 1.5.1 (http://apache.imghat.com//ws/axis2/1_5/axis2-1.5-bin.zip)
ant
java
mysql
</pre>
2) Set following environment variables:
<pre>
ANT_HOME
CATALINA_HOME
export ANT_HOME
export JAVA_HOME
</pre>
3) Go to CATALINA_HOME directory and excute “mkdir temp” (this directory is used for storing temporary axis files)
<P>
<H2 id="git">2. Clone repository</H2>
Clone cloud-bridge repository:
<pre>
git clone git@github.com:alena11081/cloud-bridge.git
</pre>
<P>
<H2 id="build">3. Build, deploy and run cloud-bridge with ant</H2>
Deployment procedure using ant (build.xml and build-cloud-bridge.xml are config files), execute from cloned cloud-bridge directory:.
<pre>
* ant clean - removes dist directory
* ant clean-tomcat - cleans up $CATALINA_HOME/webapps/bridge directory
* ant build-cloud-bridge compiles and places the resulting jars into cloud-bridge/dist:
ls dist/
cloud-auth-ec2.mar cloud-auth-s3.mar cloud-bridge.jar cloud-ec2.aar cloud-s3.aar
* deploy-axis - copies and unwars cloud-bridge/lib/axis2-webapp-1.5.1.war to $CATALINA_HOME/webapps/bridge directory
<b>ant deploy-cloud-bridge</b> copies files to $CATALINA_HOME/webapps/bridge tomcat directory:
- copy cloud-bridge/dist/cloud-ec2.aar and cloud-s3.aar to $CATALINA_HOME/webapps/bridge/WEB-INF/services
- copy cloud-bridge/dist/cloud-auth-ec2.mar and cloud-auth-s3.mar to $CATALINA_HOME/webapps/bridge/WEB-INF/modules
- copy all .mar files from cloud-bridge/modules to $CATALINA_HOME/webapps/bridge/WEB-INF/modules
- copy cloud-bridge/dist/cloud-bridge.jar to $CATALINA_HOME/webapps/bridge/WEB-INF/lib
- copy all .jar files from cloud-bridge/lib directory to $CATALINA_HOME/webapps/bridge/WEB-INF/lib
- copy all .jar files from cloud-bridge/rampartlib directory to $CATALINA_HOME/webapps/bridge/WEB-INF/lib
<del>- copy all files from cloud-bridge/conf directory to $CATALINA_HOME/webapps/bridge/WEB-INF/conf</del>
- copy cloud-bridge/resource/Axis2/axis2.xml to $CATALINA_HOME/webapps/bridge/WEB-INF/conf
- copy cloud-bridge/web/web.xml to $CATALINA_HOME/webapps/bridge/WEB-INF
- copy cloud-bridge/resource/AmazonEC2/crypto.properties and xes.keystore to $CATALINA_HOME/webapps/bridge/WEB-INF/classes/
- remove $CATALINA_HOME/webapps/bridge/WEB-INF/lib/dom4j-1.6.1.jar
ant deploydb - execute cloud-bridge/db/mysql/deploy-db-bridge.sh (for Unix). If it's a windows deployment, execute db/mysql/init_db.bat script
5) Configure ec2-service.properties (see parameters descriptions in resource/AmazonEC2/docs/EC2-implementation-guide.html).
6) To run application execute "./catalina.sh run" from $CATALINA_HOME/bin directory.
</BODY>
</HTML>

275
awsapi/docs/AmazonEC2/EC2-users-guide.html
View File

@ -1,275 +0,0 @@
<HTML>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<HEAD>
<TITLE>Cloud.com's EC2 API User's Guide</TITLE>
</HEAD>
<BODY>
<H1>Cloud.com's EC2 API User's Guide</H1>
4/17/2010
<H2>Table of Contents</H2>
<UL>
<LI><A href="#part1">Part 1. Cloud.com's Specific Implementation Details</A></LI>
<UL>
<LI><A href="#registration">1. User Registration</A></LI>
<UL>
<LI><A href="#cloudkeys">1.1 Setting Cloud.com API Keys</A></LI>
<LI><A href="#certifiates">1.2 Setting a User's X509 Certificate</A></LI>
</UL>
<LI><A href="#endpoints">2. Endpoints</LI>
<LI><A href="#differences">3. Differences between Amazon's and Cloud.com's EC2 Implementations</A></LI>
<LI><A href="#misc">4. Miscellaneous</A><P></LI>
</UL>
<LI><A href="#part2">Part 2. Generic EC2 Details</A></LI>
<UL>
<LI><A href="#functions">List of EC2 Functions Implemented</A></LI>
<LI><A href="#wsdl">Supported WSDL Version</A><P></LI>
</UL>
<LI><A href="#refs">References</A></LI>
</UL>
<P></BR>
<H2 id="part1">Part 1. Cloud.com's Specific Implementation Details</H2>
<H3 id="registration">1. User Registration</H3>
To access Cloud.com's EC2 service via REST follow the instructions in Section 1.1.
To access Cloud.com's EC2 service via SOAP follow instructions in both Section 1.1 and 1.2 below.
<P>
<H3 id="cloudkeys">1.1 Setting Cloud.com API Keys</H3>
The EC2 service needs to be given the user's Cloud.com API access and secret keys <A href="#ref2">[2]</A> so that it
can make Cloud.com API calls on the user's behalf. This is done by the following REST command.
<pre>
http://&lt;fqdn-or-ip>:&lt;port>/bridge/rest/AmazonEC2?Action=SetUserKeys&accesskey=&lt;key>&secretkey=&lt;key>
</pre>
SetUserKeys is an <I>unauthorized</I> REST call.</br>
A HTTP 200 result code is returned on success and a 401 on failure.
<P>
<H3 id="certifiates">1.2 Setting a User's X509 Certificate</H3>
EC2 uses WS-Security <A href="#ref4">[4]</A> for authentication on SOAP access. WS-Security signs the entire SOAP request
using a public/private key pair. The user of Cloud.com's EC2 service must
generate a public/private key pair with the public key defined in an X509
certificate. The private key is used by a SOAP client in generating
the WS-Security signature of a SOAP request. The matching public key is stored on
a server and is used to verify the signature on each request.
<P>
The following REST command must be used by a Cloud.com's EC2 service user to
load their certificate into the service. No access via the SOAP API is
possible until this step is performed. Also for this REST command to be
successful the instructions in Section 1.1 must be performed first.
<pre>
http://&lt;fqdn-or-ip>:&lt;port>/bridge/rest/AmazonEC2?Action=SetCertificate&AWSAccessKeyId=&lt;Cloud.com API AccessKey>&cert=&lt;pem encoded cert>
</pre>
SetCertificate is an <I>authenticated</I> REST call using the same authentication scheme as all other EC2 REST calls.
This means that the following standard EC2 REST paramters must also be part of the request: Signature, SignatureMethod, Version,
SignatureVersion, and Expires <A href="#ref3">[3]</A>.</br>
A HTTP 200 result code is returned on success and a 404 on failure.
<P>
An example of a PEM encoded X509 Certificate is <A href="#ref5">[5]</A>:
<pre>
-----BEGIN CERTIFICATE-----
MIICdzCCAeCgAwIBAgIGAPCRHu3UMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNVBAYT
AlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNBV1MxITAfBgNVBAMT
GEFXUyBMaW1pdGVkLUFzc3VyYW5jZSBDQTAeFw0xMDA2MjMxODE4MTZaFw0xMTA2
MjMxODE4MTZaMFIxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMRcw
FQYDVQQLEw5BV1MtRGV2ZWxvcGVyczEVMBMGA1UEAxMMZWZieDQ0eXF1d3E2MIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw+RO1QV7t5EbluyAAD11SoZ4ats5t
DBSta/QB3G9T0y3p2gURrYMDYVJ1BZmyel/DuMANx6UG6Vw+0o0SXOS3mH8Yu/lO
OOH9WxWiXulGMIrpPCiUpnWMrWhIlHu8mqLLhBx+5k4I92plMfH97BySunbv9zaf
ZRKXX3cXIYbUMwIDAQABo1cwVTAOBgNVHQ8BAf8EBAMCBaAwFgYDVR0lAQH/BAww
CgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUCzKwCQvocPYFki/9
NORZFTsjcZ8wDQYJKoZIhvcNAQEFBQADgYEAXmIe6+XsNHYIiLGQO6dh8nvHHzDw
3sltNa7z6BSdNr7WDxpJg9oFUcddQVca1LZsjsqx6dIc1WxQUjPE9oOfSYqQZuMD
/GOpWyXMb/oJ2MLI1Vp1ABKhHoHUJmPOrIou4UbCifMeD7MFZkezkKDqqH3jQMjA
4YDNkSWLnJ9xba8=
-----END CERTIFICATE-----
</pre>
<P>
To remove a previously loaded certificate the user can simply execute
the following REST command.
<pre>
http://&lt;fqdn-or-ip>:&lt;port>/bridge/rest/AmazonEC2?Action=DeleteCertificate&AWSAccessKeyId=&lt;Cloud.com API AccessKey>
where the same value for the 'AWSAccessKeyId' parameter as was used in a previous call to SetCertificate.
</pre>
DeleteCertificate is an <I>authenticated</I> REST call using the same authentication scheme (and having all the same
required parameters) as all other EC2 REST calls.</br>
A HTTP 200 result code is returned on success and a 404 on failure.
<P>
<H3 id="endpoints">2. Endpoints</H3>
For SOAP access the endpoint is:
<pre>http://&lt;fqdn-or-ip>:&lt;port>/bridge/services/AmazonEC2</pre>
For REST access the endpoint is:
<pre>http://&lt;fqdn-or-ip>:&lt;port>/bridge/rest/AmazonEC2</pre>
<P>
<H3 id="differences">3. Differences between Amazon's and Cloud.com's EC2 Implementations</H3>
<font size=+1><I>EC2's RegisterImage Function</I></font>
<P>
This function maps to the Cloud.com's API "registerTemplate" function <A href="#ref2">[2]</A>. However the registerTemplate function
requires the following additional parameters that are not present in the RegisterImage function:
<pre>
format - the format for the template. Possible values include QCOW2, RAW, and VHD.</br>
osTypeId - the ID of the OS Type that best represents the OS of this template.</br>
zoneId - the ID of the zone the template is to be hosted on.</br>
</pre>
These parameters must be provided for a successful registerTemplate call and thus a RegsiterImage call.
To accomidate these values we have redefined the "architecture" parameter defined for RegisterImage.
The Amazon defined valid values are: "i386 | x86_64" and it is of type xsd:string. Neither of these
defined values has any meaning in the context of the Cloud.com API.
The new definition of the architecture field is a three part value of the form:
"&lt;format>:&lt;zoneName>:&lt;osTypeName>", where ":" is the field delimitor. A valid example
would be: "VHD:ZONE1:Centos 4.5". Cloud.com's EC2 code translates the "zoneName" value into a valid zoneId,
and the "osTypeName" value into a matching osTypeId. In addition, whereas the architecture field
is optional in Amazon's definition of RegisterImage, it is required in Cloud.com's modified version.
<P>
Another difference for the RegisterImage function concerns the use of the "imageLocation" parameter.
As defined by Amazon <A href="#ref3">[3]</A>:
<pre>
imageLocation - a full path to your AMI manifest in Amazon S3 storage.
</pre>
As defined for Cloud.com's EC2 implementation:
<pre>
imageLocation - is a URL of where the template is hosted. Possible URL include http:// and https://
</pre>
<P>
<font size=+1><I>EC2's DescribeInstances Function</I></font>
<P>
Only the following list of filters are currently supported:
<pre>
availability-zone
hypervisor
image-id
instance-id
instance-type
instance-state-code
instance-state-name
ip-address
owner-id
root-device-name
</pre>
<P>
<font size=+1><I>EC2's DescribeVolumes Function</I></font>
<P>
Only the following list of filters are currently supported:
<pre>
attachment.attach-time
attachment.device
attachment.instance-id
availability-zone
create-time
size
snapshot-id
status
volume-id
</pre>
<P>
<font size=+1><I>EC2's DescribeSnapshots Function</I></font>
<P>
Only the following list of filters are currently supported:
<pre>
owner-alias
owner-id (here its the CloudStack API key)
snapshot-id
start-time
status
volume-id
volume-size
</pre>
<P>
<P>
<font size=+1><I>EC2's DescribeSecurityGroups Function</I></font>
<P>
Only the following list of filters are currently supported:
<pre>
description
group-id
group-name
ip-permission.cidr
ip-permission.from-port
ip-permission.to-port
ip-permission.protocol
owner-id
</pre>
<P>
<H3 id="misc">4. Miscellaneous</H3>
The EC2 service provides a Cloud.com extension to obtain the release version of the EC2 software.
<pre>
http://&lt;fqdn-or-ip>:&lt;port>/bridge/rest/AmazonEC2?Action=CloudEC2Version
</pre>
CloudEC2Version is an <I>unauthorized</I> REST call.</br>
An example of a valid response from this function is:
<pre>
&lt;CloudEC2Version>1.01&lt;/CloudEC2Version>
</pre>
<P></BR>
<H2 id="part2">Part 2. Generic EC2 Details</H2>
<H3 id="functions">List of EC2 Functions Implemented</H3>
Refer to the Amazon EC2 documentation <A href="#ref3">[3]</A> for a description of each function.
Also see Part1, section 3 above, for differences between Amazon's and Cloud.com's EC2 implementations.
<pre>
AllocateAddress
AssociateAddress
AttachVolume
AuthorizeSecurityGroupIngress
CreateImage
CreateSecurityGroup
CreateSnapshot
CreateVolume
DeleteSecurityGroup
DeleteSnapshot
DeleteVolume
DeregisterImage
DescribeAvailabilityZones
DescribeImageAttribute
DescribeImages
DescribeInstanceAttribute
DescribeInstances
DescribeSecurityGroups
DescribeSnapshots
DescribeVolumes
DetachVolume
DisassociateAddress
ModifyImageAttribute
RebootInstances
ReleaseAddress
RegisterImage
RevokeSecurityGroupIngress
ResetImageAttribute
RunInstances
StartInstances
StopInstances
TerminateInstances
</pre>
<P>
<H3 id="wsdl">Supported WSDL Version</H3>
<A href="http://ec2.amazonaws.com/doc/2010-08-31/">http://ec2.amazonaws.com/doc/2010-08-31/</A></BR>
Amazon EC2 Command Line Tool used for testing was version 1.3-57419.
<P>
</BR>
<H2 id="refs">References</H2>
<OL>
<LI id="ref1"><A href="http://en.wikipedia.org/wiki/Public_Key_Cryptography">Public-key cryptograph</A></LI>
<LI id="ref2"><A href="http://cloud.com/community/kb">Cloud.com's Developer API</A></LI>
<LI id="ref3"><A href="http://aws.amazon.com/documentation/ec2/">Amazon's EC2 API</A></LI>
<LI id="ref4"><A href="http://en.wikipedia.org/wiki/WS-Security">WS-Security</A></LI>
<LI id="ref5"><A href="http://en.wikipedia.org/wiki/X.509">X.509 Certificates</A></LI>
</OL>
</BODY>
</HTML>

21
awsapi/docs/AmazonEC2/wsdl2java-command-line.txt
View File

@ -1,21 +0,0 @@
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-----------------------------------------------------------
To generate the Java AXIS2 classes from the Amazon EC2 wsdl use the following command line:
C:\axis2-1.5.1\bin>wsdl2java.bat -ss -sd -ssi -g -p com.amazon.ec2 -ns2p "http://ec2.amazonaws.com/doc/2010-08-31/"=com.amazon.ec2 -uri ec2.wsdl

120
awsapi/docs/AmazonS3/S3-users-guide.html
View File

@ -1,120 +0,0 @@
<HTML>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<HEAD>
<TITLE>Cloud.com's S3 API User's Guide</TITLE>
</HEAD>
<BODY>
<H1>Cloud.com's S3 API User's Guide</H1>
3/4/2011
<H2>Table of Contents</H2>
<UL>
<LI><A href="#part1">Part 1. Cloud.com's Specific Implementation Details</A></LI>
<UL>
<LI><A href="#registration">User Registration</A></LI>
<LI><A href="#endpoints">Endpoints</LI>
</UL>
<LI><A href="#part2">Part 2. Generic S3 Details</A></LI>
<UL>
<LI><A href="#functions">List of S3 Functions Implemented</A></LI>
<LI><A href="#wsdl">Supported WSDL Version</A><P></LI>
</UL>
<LI><A href="#refs">References</A></LI>
</UL>
<P></BR>
<H2 id="part1">Part 1. Cloud.com's Specific Implementation Details</H2>
<H3 id="registration">User Registration</H3>
The S3 service uses the user's Cloud.com API access and secret keys <A href="#ref1">[1]</A> to implement both
the REST and SOAP authentication algorithms. This is done by re-using an EC2 provided REST command. Once
this URL is invoked the user has registered for both the S3 service and the EC2 REST service.
<pre>
http://&lt;fqdn-or-ip>:&lt;port>/bridge/rest/AmazonS3?Action=SetUserKeys&accesskey=&lt;key>&secretkey=&lt;key>
</pre>
SetUserKeys is an <I>unauthorized</I> REST call.</br>
A HTTP 200 result code is returned on success and a 401 on failure.
<P>
<P>
<H3 id="endpoints">Endpoints</H3>
For SOAP access the endpoint is:
<pre>http://&lt;fqdn-or-ip>:&lt;port>/bridge/services/AmazonS3</pre>
For the SOAP PutObject function with a DIME attachment <A href="#ref3">[3]</A>:
<pre>http://&lt;fqdn-or-ip>:&lt;port>/bridge/dime/AmazonS3</pre>
For REST access the endpoint is:
<pre>http://&lt;fqdn-or-ip>:&lt;port>/bridge/rest/AmazonS3</pre>
<P>
<H2 id="part2">Part 2. Generic S3 Details</H2>
<H3 id="functions">List of S3 Functions Implemented</H3>
Refer to the Amazon S3 documentation <A href="#ref2">[2]</A> for a description of each function.
Also see Part1, section 3 above, for a list of unsupported S3 features.
<pre>
REST calls:
GET Service
DELETE Bucket
GET Bucket
GET Bucket acl
GET Bucket versioning
PUT Bucket
PUT Bucket acl
PUT Bucket versioning
List Multipart Uploads
DELETE Object
GET Object
GET Object acl
HEAD Object
POST Object
PUT Object
PUT Object (Copy)
Initiate Multipart Upload
Upload Part
Complete Multipart Upload
Abort Multipart Upload
List Parts
SOAP calls:
ListAllMyBuckets
CreateBucket
DeleteBucket
ListBucket
GetBucketAccessControlPolicy
SetBucketAccessControlPolicy
PutObjectInline
PutObject
CopyObject
GetObject
GetObjectExtended
DeleteObject
GetObjectAccessControlPolicy
SetObjectAccessControlPolicy
</pre>
<P>
<H3 id="wsdl">Supported WSDL Version</H3>
<A href="http://s3.amazonaws.com/doc/2006-03-01/">http://s3.amazonaws.com/doc/2006-03-01/</A></BR>
<P>
</BR>
<H2 id="refs">References</H2>
<OL>
<LI id="ref1"><A href="http://cloud.com/community/kb">Cloud.com's Developer API</A></LI>
<LI id="ref2"><A href="http://aws.amazon.com/documentation/s3/">Amazon's S3 API</A></LI>
<LI id="ref3"><A href="http://msdn.microsoft.com/en-us/magazine/cc188797.aspx">DIME</A></LI>
</OL>
</BODY>
</HTML>

29
awsapi/docs/AmazonS3/notes.txt
View File

@ -1,29 +0,0 @@
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-----------------------------------------------------------
Example of headers for a rest call of copyObject
Authorization: AWS Mark:djdjdjdjdjdjdjdj\n
Host: Henry2.s3.amazonaws.com\n
x-amz-copy-source: /Henry1/test1\n
x-amz-metadata-directive: REPLACE\n
x-amz-meta-hight: 55 feet\n
x-amz-meta-width: 13 yards\n
x-amz-meta-weight: 4 tons\n
x-amz-acl: public-read\n

66
awsapi/docs/AmazonS3/wsdl2java-command-line.txt
View File

@ -1,66 +0,0 @@
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-----------------------------------------------------------
To generate the Java AXIS2 classes from the Amazon EC2 wsdl use the following command line, assuming source definitions in the local directory:
$ wsdl2java.sh -ss -sd -ssi -g -p com.amazon.s3 -ns2p "http://s3.amazonaws.com/doc/2006-03-01/"=com.amazon.s3 -uri cloud-AmazonS3.wsdl
This runs the wsdl2java code generation tool to produce stubs with asynchronous invocation methods, such as those useful for REST using the com.amazon.s3 package.
This creates the following java source files in the src/com/amazon/s3 subdirectory …
AccessControlList.java ListAllMyBucketsResponse.java
AccessControlPolicy.java ListAllMyBucketsResult.java
AmazonCustomerByEmail.java ListBucket.java
AmazonS3CallbackHandler.java ListBucketResponse.java
AmazonS3MessageReceiverInOut.java ListBucketResult.java
AmazonS3Skeleton.java ListEntry.java
AmazonS3SkeletonInterface.java ListVersionsResponse.java
AmazonS3Stub.java ListVersionsResult.java
BucketLoggingStatus.java ListVersionsResultChoice_type0.java
CanonicalUser.java LocationConstraint.java
CopyObject.java LoggingSettings.java
CopyObjectResponse.java MetadataDirective.java
CopyObjectResult.java MetadataEntry.java
CreateBucket.java MfaDeleteStatus.java
CreateBucketConfiguration.java NotificationConfiguration.java
CreateBucketResponse.java Payer.java
CreateBucketResult.java Permission.java
DeleteBucket.java PostResponse.java
DeleteBucketResponse.java PrefixEntry.java
DeleteMarkerEntry.java PutObject.java
DeleteObject.java PutObjectInline.java
DeleteObjectResponse.java PutObjectInlineResponse.java
ExtensionMapper.java PutObjectResponse.java
GetBucketAccessControlPolicy.java PutObjectResult.java
GetBucketAccessControlPolicyResponse.java RequestPaymentConfiguration.java
GetBucketLoggingStatus.java Result.java
GetBucketLoggingStatusResponse.java SetBucketAccessControlPolicy.java
GetObject.java SetBucketAccessControlPolicyResponse.java
GetObjectAccessControlPolicy.java SetBucketLoggingStatus.java
GetObjectAccessControlPolicyResponse.java SetBucketLoggingStatusResponse.java
GetObjectExtended.java SetObjectAccessControlPolicy.java
GetObjectExtendedResponse.java SetObjectAccessControlPolicyResponse.java
GetObjectResponse.java Status.java
GetObjectResult.java StorageClass.java
Grant.java TopicConfiguration.java
Grantee.java User.java
Group.java VersionEntry.java
ListAllMyBuckets.java VersioningConfiguration.java
ListAllMyBucketsEntry.java VersioningStatus.java
ListAllMyBucketsList.java

4
client/WEB-INF/classes/resources/messages.properties
View File

@ -17,8 +17,8 @@
#new labels (begin) **********************************************************************************************
label.isolation.uri=Isolation URI
label.broadcast.uri=Broadcast URI
#new labels (end) ************************************************************************************************

6
cloud-cli/cloudapis/cloud.py
View File

@ -71,10 +71,10 @@ class CloudAPI:
requests = zip(requests.keys(), requests.values())
requests.sort(key=lambda x: str.lower(x[0]))
requestUrl = "&".join(["=".join([request[0], urllib.quote_plus(str(request[1]))]) for request in requests])
hashStr = "&".join(["=".join([str.lower(request[0]), urllib.quote_plus(str.lower(str(request[1])))]) for request in requests])
requestUrl = "&".join(["=".join([request[0], urllib.quote(str(request[1],""))]) for request in requests])
hashStr = "&".join(["=".join([str.lower(request[0]), urllib.quote(str.lower(str(request[1])),"")]) for request in requests])
sig = urllib.quote_plus(base64.encodestring(hmac.new(self.securityKey, hashStr, hashlib.sha1).digest()).strip())
sig = urllib.quote_plus(base64.encodestring(hmac.new(self.securityKey, str.lower(hashStr), hashlib.sha1).digest()).strip())
requestUrl += "&signature=%s"%sig

10
cloud.spec
View File

@ -387,6 +387,16 @@ else
/sbin/service %{name}-agent condrestart >/dev/null 2>&1 || true
fi
%post scripts
mkdir -p %{_libdir}/%{name}/agent
ln -f -s %{_libdir}/%{name}/common/scripts %{_libdir}/%{name}/agent/
ln -f -s %{_libdir}/%{name}/common/vms %{_libdir}/%{name}/agent/
%postun scripts
rm -f %{_libdir}/%{name}/agent/scripts
rm -f %{_libdir}/%{name}/agent/vms
rm -fr %{_libdir}/%{name}/agent
%post client
if [ "$1" == "1" ] ; then
/sbin/chkconfig --add %{name}-management > /dev/null 2>&1 || true

6
debian/changelog vendored
View File

@ -1,3 +1,9 @@
cloud (4.0.0-rc2) unstable; urgency=low
* Bumping the version to 4.0 RC2
-- Wido den Hollander <wido@widodh.nl> Mon, 24 Sep 2012 11:30:29 +0200
cloud (4.0.0-rc1) unstable; urgency=low
* Bumping the version to 4.0 RC1

34
debian/cloud-scripts.postinst vendored Normal file
View File

@ -0,0 +1,34 @@
#!/bin/sh -e
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
case "$1" in
configure)
# We can safely remove the /usr/lib/cloud/agent directory
# All the files in there have moved to the common directory
# The agent directory should become a symlink to common
if [ -d "/usr/lib/cloud/agent" ]; then
rm -fr /usr/lib/cloud/agent
fi
# Now we symlink the common directory to agent for backwards compatibility
if [ ! -h "/usr/lib/cloud/agent" ]; then
ln -s /usr/lib/cloud/common /usr/lib/cloud/agent
fi
;;
esac

34
debian/cloud-system-iso.postinst vendored Normal file
View File

@ -0,0 +1,34 @@
#!/bin/sh -e
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
case "$1" in
configure)
# We can safely remove the /usr/lib/cloud/agent directory
# All the files in there have moved to the common directory
# The agent directory should become a symlink to common
if [ -d "/usr/lib/cloud/agent" ]; then
rm -fr /usr/lib/cloud/agent
fi
# Now we symlink the common directory to agent for backwards compatibility
if [ ! -h "/usr/lib/cloud/agent" ]; then
ln -s /usr/lib/cloud/common /usr/lib/cloud/agent
fi
;;
esac

174
developer/pom.xml Normal file
View File

@ -0,0 +1,174 @@
<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
license agreements. See the NOTICE file distributed with this work for additional
information regarding copyright ownership. The ASF licenses this file to
you under the Apache License, Version 2.0 (the "License"); you may not use
this file except in compliance with the License. You may obtain a copy of
the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
by applicable law or agreed to in writing, software distributed under the
License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
OF ANY KIND, either express or implied. See the License for the specific
language governing permissions and limitations under the License. -->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.apache.cloudstack</groupId>
<artifactId>cloud-developer</artifactId>
<name>Apache CloudStack Developer Tools</name>
<packaging>pom</packaging>
<parent>
<groupId>org.apache.cloudstack</groupId>
<artifactId>cloudstack</artifactId>
<version>4.0.0-SNAPSHOT</version>
</parent>
<dependencies>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.21</version>
<scope>runtime</scope>
</dependency>
</dependencies>
<build>
<defaultGoal>install</defaultGoal>
</build>
<profiles>
<profile>
<id>deploydb</id>
<activation>
<property>
<name>deploydb</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>properties-maven-plugin</artifactId>
<version>1.0-alpha-2</version>
<executions>
<execution>
<phase>initialize</phase>
<goals>
<goal>read-project-properties</goal>
</goals>
<configuration>
<files>
<file>${project.parent.basedir}/utils/conf/db.properties</file>
</files>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-antrun-plugin</artifactId>
<version>1.7</version>
<executions>
<execution>
<phase>generate-resources</phase>
<goals>
<goal>run</goal>
</goals>
<configuration>
<target>
<filter token="VERSION" value="${project.version}" />
<copy todir="${basedir}/target/db" filtering="true">
<fileset dir="${project.basedir}/../setup/db/">
</fileset>
</copy>
</target>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>sql-maven-plugin</artifactId>
<version>1.5</version>
<dependencies>
<!-- specify the dependent jdbc driver here -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>${cs.mysql.version}</version>
</dependency>
</dependencies>
<configuration>
<driver>org.gjt.mm.mysql.Driver</driver>
<url>jdbc:mysql://${db.cloud.host}:${db.cloud.port}/cloud</url>
<username>${db.cloud.username}</username>
<password>${db.cloud.password}</password>
<!--all executions are ignored if -Dmaven.test.skip=true -->
<skip>${maven.test.skip}</skip>
<forceMojoExecution>true</forceMojoExecution>
</configuration>
<executions>
<execution>
<id>drop-database</id>
<phase>process-test-resources</phase>
<goals>
<goal>execute</goal>
</goals>
<configuration>
<username>root</username>
<password>${db.cloud.password}</password>
<url>jdbc:mysql://${db.cloud.host}:${db.cloud.port}</url>
<sqlCommand>drop database if exists `cloud`</sqlCommand>
</configuration>
</execution>
<execution>
<id>create-database</id>
<phase>process-test-resources</phase>
<goals>
<goal>execute</goal>
</goals>
<configuration>
<username>root</username>
<password>${db.cloud.password}</password>
<url>jdbc:mysql://${db.cloud.host}:${db.cloud.port}</url>
<sqlCommand>create database `cloud`</sqlCommand>
</configuration>
</execution>
<execution>
<id>create-schema</id>
<phase>process-test-resources</phase>
<goals>
<goal>execute</goal>
</goals>
<configuration>
<srcFiles>
<srcFile>${basedir}/target/db/create-schema.sql</srcFile>
<srcFile>${basedir}/target/db/templates.sql</srcFile>
<srcFile>${basedir}/target/db/create-index-fk.sql</srcFile>
</srcFiles>
</configuration>
</execution>
<execution>
<id>prefill-schema</id>
<phase>process-test-resources</phase>
<goals>
<goal>execute</goal>
</goals>
<configuration>
<sqlCommand>INSERT INTO `cloud`.`domain` (id, name, parent, path, owner) VALUES (1, 'ROOT', NULL, '/', 2)</sqlCommand>
</configuration>
</execution>
<execution>
<id>prefill-configuration</id>
<phase>process-test-resources</phase>
<goals>
<goal>execute</goal>
</goals>
<configuration>
<sqlCommand>INSERT INTO `cloud`.`configuration` (category, instance, component, name, value) VALUES ('Hidden', 'DEFAULT', 'management-server', 'init', 'false')</sqlCommand>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>

4
docs/en-US/add-load-balancer-rule.xml
View File

@ -70,10 +70,6 @@
the algorithm for the stickiness policy. See Sticky Session Policies for Load Balancer
Rules.</para>
</listitem>
<listitem>
<para><emphasis role="bold">AutoScale</emphasis>: Click Configure and complete the
AutoScale configuration as explained in <xref linkend="autoscale"/>.</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>

29
docs/en-US/add-more-clusters.xml Normal file
View File

@ -0,0 +1,29 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="add-more-clusters">
<title>Add More Clusters (Optional)</title>
<para>You need to tell &PRODUCT; about the hosts that it will manage. Hosts exist inside clusters,
so before you begin adding hosts to the cloud, you must add at least one cluster.</para>
<xi:include href="about-clusters.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="add-clusters-kvm-xenserver.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="add-clusters-ovm.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="add-clusters-vsphere.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
</section>

108
docs/en-US/add-primary-storage.xml Normal file
View File

@ -0,0 +1,108 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="add-primary-storage">
<title>Adding Primary Storage</title>
<note>
<para>Ensure that nothing stored on the server. Adding the server to CloudStack will destroy any
existing data.</para>
</note>
<para>When you create a new zone, the first primary storage is added as part of that procedure.
You can add primary storage servers at any time, such as when adding a new cluster or adding
more servers to an existing cluster.</para>
<orderedlist>
<listitem>
<para>Log in to the &PRODUCT; UI.</para>
</listitem>
<listitem>
<para>In the left navigation, choose Infrastructure. In Zones, click View More, then click the
zone in which you want to add the primary storage.</para>
</listitem>
<listitem>
<para>Click the Compute tab.</para>
</listitem>
<listitem>
<para>In the Primary Storage node of the diagram, click View All.</para>
</listitem>
<listitem>
<para>Click Add Primary Storage.</para>
</listitem>
<listitem>
<para>Provide the following information in the dialog. The information required varies
depending on your choice in Protocol.</para>
<itemizedlist>
<listitem>
<para>Pod. The pod for the storage device.</para>
</listitem>
<listitem>
<para>Cluster. The cluster for the storage device.</para>
</listitem>
<listitem>
<para>Name. The name of the storage device</para>
</listitem>
<listitem>
<para>Protocol. For XenServer, choose either NFS, iSCSI, or PreSetup. For KVM, choose NFS
or SharedMountPoint. For vSphere choose either VMFS (iSCSI or FiberChannel) or
NFS</para>
</listitem>
<listitem>
<para>Server (for NFS, iSCSI, or PreSetup). The IP address or DNS name of the storage
device</para>
</listitem>
<listitem>
<para>Server (for VMFS). The IP address or DNS name of the vCenter server.</para>
</listitem>
<listitem>
<para>Path (for NFS). In NFS this is the exported path from the server.</para>
</listitem>
<listitem>
<para>Path (for VMFS). In vSphere this is a combination of the datacenter name and the
datastore name. The format is "/" datacenter name "/" datastore name. For example,
"/cloud.dc.VM/cluster1datastore".</para>
</listitem>
<listitem>
<para>Path (for SharedMountPoint). With KVM this is the path on each host that is where
this primary storage is mounted. For example, "/mnt/primary".</para>
</listitem>
<listitem>
<para>SR Name-Label (for PreSetup). Enter the name-label of the SR that has been set up
outside &PRODUCT;.</para>
</listitem>
<listitem>
<para>Target IQN (for iSCSI). In iSCSI this is the IQN of the target. For example,
iqn.1986-03.com.sun:02:01ec9bb549-1271378984</para>
</listitem>
<listitem>
<para>Lun # (for iSCSI). In iSCSI this is the LUN number. For example, 3.</para>
</listitem>
<listitem>
<para>Tags (optional). The comma-separated list of tags for this storage device. It should
be an equivalent set or superset of the tags on your disk offerings</para>
</listitem>
</itemizedlist>
<para>The tag sets on primary storage across clusters in a Zone must be identical. For
example, if cluster A provides primary storage that has tags T1 and T2, all other clusters
in the Zone must also provide primary storage that has tags T1 and T2.</para>
</listitem>
<listitem>
<para>Click OK.</para>
</listitem>
</orderedlist>
</section>

48
docs/en-US/add-secondary-storage.xml Normal file
View File

@ -0,0 +1,48 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="add-secondary-storage">
<title>Adding Secondary Storage</title>
<note>
<para>Be sure there is nothing stored on the server. Adding the server to CloudStack will
destroy any existing data.</para>
</note>
<para>When you create a new zone, the first secondary storage is added as part of that procedure.
You can add secondary storage servers at any time to add more servers to an existing
zone.</para>
<orderedlist>
<listitem>
<para>If you are going to use Swift for cloud-wide secondary storage, you must add the Swift
storage to &PRODUCT; before you add the local zone secondary storage servers.</para>
</listitem>
<listitem>
<para>To prepare for local zone secondary storage, you should have created and mounted an NFS
share during Management Server installation.</para>
</listitem>
<listitem>
<para>Make sure you prepared the system VM template during Management Server
installation.</para>
</listitem>
<listitem>
<para>4. Now that the secondary storage server for per-zone storage is prepared, add it to
&PRODUCT;. Secondary storage is added as part of the procedure for adding a new zone.</para>
</listitem>
</orderedlist>
</section>

64
docs/en-US/aws-ec2-configuration.xml Normal file
View File

@ -0,0 +1,64 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="aws-ec2-configuration">
<title>Enabling the AWS API compatible Interface</title>
<para>
To enable the EC2 compatible service you need to set the configuration variable <emphasis>enable.ec2.api</emphasis>to true. This can be done via the &PRODUCT; GUI by going in <emphasis>Global Settings</emphasis> or via the API.
</para>
<para>
<mediaobject>
<imageobject>
<imagedata fileref="./images/ec2-s3-configuration.png"/>
</imageobject>
<textobject>
<phrase>Use the GUI to set the configuration variable to <emphasis>true</emphasis></phrase>
</textobject>
</mediaobject>
</para>
<para>
The easiest is to use the so-called integration port on which you can make unauthenticated calls. In Global Settings set the port to 8096 and subsequently call the <emphasis>updateConfiguration</emphasis> method. The following url shows you how:
</para>
<para>
<programlisting>
http://localhost:8096/client/api?command=updateConfiguration&amp;name=enable.ec2.api&amp;value=true
</programlisting>
</para>
<para>
Once you have updated <emphasis>enable.ec2.api</emphasis>to true, restart the server.
</para>
<para>
You will also need to define compute service offerings with names compatible with the <ulink url="http://aws.amazon.com/ec2/instance-types/">Amazon EC2 instance types</ulink> API names (e.g m1.small,m1.large). This is easiest done via the &PRODUCT; GUI. Go under <emphasis>Service Offerings</emphasis> select <emphasis>Compute offering</emphasis> and either create a new compute offering or modify an existing one, ensuring that the name matches an EC2 instance type API name. The snapshot below shows you how:
</para>
<para>
<mediaobject>
<imageobject>
<imagedata fileref="./images/compute-service-offerings.png"/>
</imageobject>
<textobject>
<phrase>Use the GUI to set the name of a compute service offering to an EC2 instance type API name.</phrase>
</textobject>
</mediaobject>
</para>
</section>

47
docs/en-US/aws-ec2-introduction.xml Normal file
View File

@ -0,0 +1,47 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="aws-ec2-introduction">
<title>Amazon Web Services EC2 Compatible Interface</title>
<para>&PRODUCT; can translate Amazon Web Services (AWS) API calls to native &PRODUCT; API calls so that users can continue using existing AWS-compatible tools. This translation service runs as a separate web application in the same tomcat server as the management server of &PRODUCT;, listening on the same port. This Amazon EC2-compatible API is accessible through a SOAP web service as well as the REST query interface.</para>
<warning>
<para>Expect the SOAP service to be deprecated in new releases in favor of the REST interface.</para>
</warning>
<note>
<para>This service was previously enabled by a separate software called CloudBridge, it is now fully integrated with the &PRODUCT; management server.
</para>
</note>
<para>Limitations</para>
<itemizedlist>
<listitem>
<para>Supported only in zones that use basic networking.</para>
</listitem>
<listitem>
<para>Available in fresh installations of &PRODUCT;. Not available through upgrade of previous versions.</para>
</listitem>
<listitem>
<para>If you need to support features such as elastic IP, set up a Citrix NetScaler to provide this service. The commands such as ec2-associate-address will not work without EIP setup. Users running VMs in this zone will be using the NetScaler-enabled network offering (DefaultSharedNetscalerEIP and ELBNetworkOffering).</para>
</listitem>
</itemizedlist>
</section>

30
docs/en-US/aws-ec2-requirements.xml Normal file
View File

@ -0,0 +1,30 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="aws-ec2-requirements">
<title>System Requirements</title>
<para>This interface complies with Amazon's WDSL version dated November 15, 2010, available at http://ec2.amazonaws.com/doc/2010-11-15/. The EC2 command line utilities compatible with it are <emphasis>EC2 tools v. 1.3.6230</emphasis>that can be downloaded at <ulink url="http://s3.amazonaws.com/ec2-downloads/ec2-api-tools-1.3-62308.zip">http://s3.amazonaws.com/ec2-downloads/ec2-api-tools-1.3-62308.zip</ulink>
</para>
<note>Effort is underway to provide support for a newer API</note>
</section>

407
docs/en-US/aws-ec2-supported-commands.xml Normal file
View File

@ -0,0 +1,407 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="aws-ec2-supported-commands">
<title>Supported AWS API Calls</title>
<para>
The following Amazon EC2 commands are supported by &PRODUCT; when the AWS API compatibility feature is enabled. For a few commands, there are differences between the &PRODUCT; and Amazon EC2 versions, and these differences are noted. The underlying SOAP call for each command is also given, for those who have built tools using those calls.
</para>
<para>Elastic IP Addresses</para>
<table frame='all'>
<title>Elastic IP API mapping</title>
<tgroup cols='3' align='left' colsep='1' rowsep='1'>
<!--<colspec colname='c1'tcolwidth="1*"/>
<colspec colname='c2'tcolwidth="1*"/>-->
<thead>
<row>
<entry>EC2 command</entry>
<entry>SOAP all</entry>
<entry>&PRODUCT; API call</entry>
</row>
</thead>
<tbody>
<row>
<entry>ec2-allocate-address</entry>
<entry>AllocateAddress</entry>
<entry>associateIpAddress</entry>
</row>
<row>
<entry>ec2-associate-address</entry>
<entry>AssociateAddress</entry>
<entry>enableStaticNat</entry>
</row>
<row>
<entry>ec2-describe-addresses</entry>
<entry>DescribeAddresses</entry>
<entry>listPublicIpAddresses</entry>
</row>
<row>
<entry>ec2-diassociate-address</entry>
<entry>DisassociateAddress</entry>
<entry>disableStaticNat</entry>
</row>
<row>
<entry>ec2-release-address</entry>
<entry>ReleaseAddress</entry>
<entry>disassociateIpAddress</entry>
</row>
</tbody>
</tgroup>
</table>
<para>Availability Zones</para>
<table frame='all'>
<title>Availability Zone API mapping</title>
<tgroup cols='3' align='left' colsep='1' rowsep='1'>
<!--<colspec colname='c1'tcolwidth="1*"/>
<colspec colname='c2'tcolwidth="1*"/>-->
<thead>
<row>
<entry>EC2 command</entry>
<entry>SOAP all</entry>
<entry>&PRODUCT; API call</entry>
</row>
</thead>
<tbody>
<row>
<entry>ec2-describe-availability-zones</entry>
<entry>DescribeAvailabilityZones</entry>
<entry>listZones</entry>
</row>
</tbody>
</tgroup>
</table>
<para>Images</para>
<table frame='all'>
<title>Images API mapping</title>
<tgroup cols='3' align='left' colsep='1' rowsep='1'>
<!--<colspec colname='c1'tcolwidth="1*"/>
<colspec colname='c2'tcolwidth="1*"/>-->
<thead>
<row>
<entry>EC2 command</entry>
<entry>SOAP all</entry>
<entry>&PRODUCT; API call</entry>
</row>
</thead>
<tbody>
<row>
<entry>ec2-create-image</entry>
<entry>CreateImage</entry>
<entry>createTemplate</entry>
</row>
<row>
<entry>ec2-deregister</entry>
<entry>DeregisterImage</entry>
<entry>DeleteTemplate</entry>
</row>
<row>
<entry>ec2-describe-images</entry>
<entry>DescribeImages</entry>
<entry>listTemplates</entry>
</row>
<row>
<entry>ec2-register</entry>
<entry>RegisterImage</entry>
<entry>registerTemplate</entry>
</row>
</tbody>
</tgroup>
</table>
<para>Image Attributes</para>
<table frame='all'>
<title>Image Attributes API mapping</title>
<tgroup cols='3' align='left' colsep='1' rowsep='1'>
<!--<colspec colname='c1'tcolwidth="1*"/>
<colspec colname='c2'tcolwidth="1*"/>-->
<thead>
<row>
<entry>EC2 command</entry>
<entry>SOAP all</entry>
<entry>&PRODUCT; API call</entry>
</row>
</thead>
<tbody>
<row>
<entry>ec2-describe-image-attribute</entry>
<entry>DescribeImageAttribute</entry>
<entry>listTemplatePermissions</entry>
</row>
<row>
<entry>ec2-modify-image-attribute</entry>
<entry>ModifyImageAttribute</entry>
<entry>updateTemplatePermissions</entry>
</row>
<row>
<entry>ec2-reset-image-attribute</entry>
<entry>ResetImageAttribute</entry>
<entry>updateTemplatePermissions</entry>
</row>
</tbody>
</tgroup>
</table>
<para>Instances</para>
<table frame='all'>
<title>Instances API mapping</title>
<tgroup cols='3' align='left' colsep='1' rowsep='1'>
<!--<colspec colname='c1'tcolwidth="1*"/>
<colspec colname='c2'tcolwidth="1*"/>-->
<thead>
<row>
<entry>EC2 command</entry>
<entry>SOAP all</entry>
<entry>&PRODUCT; API call</entry>
</row>
</thead>
<tbody>
<row>
<entry>ec2-describe-instances</entry>
<entry>DescribeInstances</entry>
<entry>listVirtualMachines</entry>
</row>
<row>
<entry>ec2-run-instances</entry>
<entry>RunInstances</entry>
<entry>deployVirtualMachine</entry>
</row>
<row>
<entry>ec2-reboot-instances</entry>
<entry>RebootInstances</entry>
<entry>rebootVirtualMachine</entry>
</row>
<row>
<entry>ec2-start-instances</entry>
<entry>StartInstances</entry>
<entry>startVirtualMachine</entry>
</row>
<row>
<entry>ec2-stop-instances</entry>
<entry>StopInstances</entry>
<entry>stopVirtualMachine</entry>
</row>
<row>
<entry>ec2-terminate-instances</entry>
<entry>TerminateInstances</entry>
<entry>destroyVirtualMachine</entry>
</row>
</tbody>
</tgroup>
</table>
<para>Instance Attributes</para>
<table frame='all'>
<title>Instance Attributes Mapping</title>
<tgroup cols='3' align='left' colsep='1' rowsep='1'>
<!--<colspec colname='c1'tcolwidth="1*"/>
<colspec colname='c2'tcolwidth="1*"/>-->
<thead>
<row>
<entry>EC2 command</entry>
<entry>SOAP all</entry>
<entry>&PRODUCT; API call</entry>
</row>
</thead>
<tbody>
<row>
<entry>ec2-describe-instance-attribute</entry>
<entry>DescribeInstanceAttribute</entry>
<entry>listVirtualMachines</entry>
</row>
</tbody>
</tgroup>
</table>
<para>Key Pairs</para>
<table frame='all'>
<title>Keys Pairs Mapping</title>
<tgroup cols='3' align='left' colsep='1' rowsep='1'>
<!--<colspec colname='c1'tcolwidth="1*"/>
<colspec colname='c2'tcolwidth="1*"/>-->
<thead>
<row>
<entry>EC2 command</entry>
<entry>SOAP all</entry>
<entry>&PRODUCT; API call</entry>
</row>
</thead>
<tbody>
<row>
<entry>ec2-add-keypair</entry>
<entry>CreateKeyPair</entry>
<entry>createSSHKeyPair</entry>
</row>
<row>
<entry>ec2-delete-keypair</entry>
<entry>DeleteKeyPair</entry>
<entry>deleteSSHKeyPair</entry>
</row>
<row>
<entry>ec2-describe-keypairs</entry>
<entry>DescribeKeyPairs</entry>
<entry>listSSHKeyPairs</entry>
</row>
<row>
<entry>ec2-import-keypair</entry>
<entry>ImportKeyPair</entry>
<entry>registerSSHKeyPair</entry>
</row>
</tbody>
</tgroup>
</table>
<para>Passwords</para>
<table frame='all'>
<title>Passwords API Mapping</title>
<tgroup cols='3' align='left' colsep='1' rowsep='1'>
<!--<colspec colname='c1'tcolwidth="1*"/>
<colspec colname='c2'tcolwidth="1*"/>-->
<thead>
<row>
<entry>EC2 command</entry>
<entry>SOAP all</entry>
<entry>&PRODUCT; API call</entry>
</row>
</thead>
<tbody>
<row>
<entry>ec2-get-password</entry>
<entry>GetPasswordData</entry>
<entry>getVMPassword</entry>
</row>
</tbody>
</tgroup>
</table>
<para>Security Groups</para>
<table frame='all'>
<title>Security Groups API Mapping</title>
<tgroup cols='3' align='left' colsep='1' rowsep='1'>
<!--<colspec colname='c1'tcolwidth="1*"/>
<colspec colname='c2'tcolwidth="1*"/>-->
<thead>
<row>
<entry>EC2 command</entry>
<entry>SOAP all</entry>
<entry>&PRODUCT; API call</entry>
</row>
</thead>
<tbody>
<row>
<entry>ec2-authorize</entry>
<entry>AuthorizeSecurityGroupIngress</entry>
<entry>authorizeSecurityGroupIngress</entry>
</row>
<row>
<entry>ec2-add-group</entry>
<entry>CreateSecurityGroup</entry>
<entry>createSecurityGroup</entry>
</row>
<row>
<entry>ec2-delete-group</entry>
<entry>DeleteSecurityGroup</entry>
<entry>deleteSecurityGroup</entry>
</row>
<row>
<entry>ec2-describe-group</entry>
<entry>DescribeSecurityGroups</entry>
<entry>listSecurityGroups</entry>
</row>
<row>
<entry>ec2-revoke</entry>
<entry>RevokeSecurityGroupIngress</entry>
<entry>revokeSecurityGroupIngress</entry>
</row>
</tbody>
</tgroup>
</table>
<para>Snapshots</para>
<table frame='all'>
<title>Snapshots API Mapping</title>
<tgroup cols='3' align='left' colsep='1' rowsep='1'>
<!--<colspec colname='c1'tcolwidth="1*"/>
<colspec colname='c2'tcolwidth="1*"/>-->
<thead>
<row>
<entry>EC2 command</entry>
<entry>SOAP all</entry>
<entry>&PRODUCT; API call</entry>
</row>
</thead>
<tbody>
<row>
<entry>ec2-create-snapshot</entry>
<entry>CreateSnapshot</entry>
<entry>createSnapshot</entry>
</row>
<row>
<entry>ec2-delete-snapshot</entry>
<entry>DeleteSnapshot</entry>
<entry>deleteSnapshot</entry>
</row>
<row>
<entry>ec2-describe-snapshots</entry>
<entry>DescribeSnapshots</entry>
<entry>listSnapshots</entry>
</row>
</tbody>
</tgroup>
</table>
<para>Volumes</para>
<table frame='all'>
<title>Volumes API Mapping</title>
<tgroup cols='3' align='left' colsep='1' rowsep='1'>
<!--<colspec colname='c1'tcolwidth="1*"/>
<colspec colname='c2'tcolwidth="1*"/>-->
<thead>
<row>
<entry>EC2 command</entry>
<entry>SOAP all</entry>
<entry>&PRODUCT; API call</entry>
</row>
</thead>
<tbody>
<row>
<entry>ec2-attach-volume</entry>
<entry>AttachVolume</entry>
<entry>attachVolume</entry>
</row>
<row>
<entry>ec2-create-volume</entry>
<entry>CreateVolume</entry>
<entry>createVolume</entry>
</row>
<row>
<entry>ec2-delete-volume</entry>
<entry>DeleteVolume</entry>
<entry>deleteVolume</entry>
</row>
<row>
<entry>ec2-describe-volume</entry>
<entry>DescribeVolume</entry>
<entry>listVolumes</entry>
</row>
<row>
<entry>ec2-detach-volume</entry>
<entry>DetachVolume</entry>
<entry>detachVolume</entry>
</row>
</tbody>
</tgroup>
</table>
</section>

91
docs/en-US/aws-ec2-user-setup.xml Normal file
View File

@ -0,0 +1,91 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="aws-ec2-user-setup">
<title>User configuration</title>
<para>
Users of the Amazon EC2 compatible interface will be able to keep their existing EC2 tools and scripts and use them with their &PRODUCT; deployment, by specifyingi the endpoint of the managment server and using the proper user credentials.In order to do this, each user must perform the following configuration steps:
</para>
<para>
<itemizedlist>
<listitem>
<para>Generate user credentials.</para>
</listitem>
<listitem>
<para>Register with the service.</para>
</listitem>
<listitem>
<para>Setup the environment variables</para>
</listitem>
</itemizedlist>
</para>
<para>
To register, a user needs to:
</para>
<orderedlist>
<listitem>
<para>
Obtain his API key and his secret key as well as the DNS name or IP address of the &PRODUCT; server. Obtaining the keys can be done by asking the &PRODUCT; administrator or by using the GUI or via the API.
</para>
</listitem>
<listitem>
<para>
Obtain a self-signed X.509 certificate. It can be generated with the following command:
</para>
<para><programlisting>$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /path/to/private_key.pem -out /path/to/cert.pem </programlisting>
</para>
</listitem>
<listitem>
<para>
Register the mapping from the X.509 certificate to the API/Secret keys. Download the following script from http://download.cloud.com/releases/3.0.3/cloudstack-aws-api-register and run it. Substitute the values you obtained from the administrator in the URL below.
</para>
<para>
<programlisting>$ cloudstack-aws-api-register --apikey=<replaceable>Users CloudPlatform API key</replaceable> --secretkey=<replaceable>Users CloudPlatform Secret key</replaceable> --cert=<replaceable>/path/to/cert.pem</replaceable> --url=http://<replaceable>&PRODUCT;.server</replaceable>:8080/awsapi</programlisting>
</para>
</listitem>
</orderedlist>
<note>
<para>
A user with an existing AWS certificate could choose to use the same certificate with &PRODUCT; but note that the public key would be uploaded to the &PRODUCT; management server database.
</para>
</note>
<para>
To use the EC2 command line tools, setup the environment variable in a similar fashion than with Amazon EC2 service. Specifically, in bash shell:
<programlisting>
$ export EC2_CERT=/path/to/cert.pem
$ export EC2_PRIVATE_KEY=/path/to/private_key.pem
$ export EC2_URL=http://<replaceable>&PRODUCT;.server</replaceable>:8080/awsapi
$ export EC2_HOME=/path/to/EC2_tools_directory
</programlisting>
</para>
<note>
<para>The Amazon EC2 command-line tools have a default connection timeout. If you find that EC2 commands are not completing due to timeouts, you can pass a new timeout value as an argument with <programlisting>--connection-timeout TIMEOUT </programlisting> or <programlisting>--request-timeout TIMEOUT </programlisting>
</para>
</note>
</section>

15
docs/en-US/installation_overview.xml → docs/en-US/aws-interface-guide.xml
View File

@ -22,12 +22,11 @@
under the License.
-->
<chapter id="installation_overview">
<title>Installation Overview</title>
<xi:include href="cloudstack_whatis.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="cloudstack_features.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="deployment_architecture_overview.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="installation_steps_overview.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="cloudstack_system_requirements.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<chapter id="aws-interface-guide">
<title>Amazon Web Service Interface Guide</title>
<xi:include href="aws-ec2-introduction.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="aws-ec2-requirements.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="aws-ec2-configuration.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="aws-ec2-user-setup.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="aws-ec2-supported-commands.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
</chapter>

29
docs/en-US/choosing_a_deployment_architecture.xml Normal file
View File

@ -0,0 +1,29 @@
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<chapter id="choosing_a_deployment_architecture">
<title>Choosing a Deployment Architecture</title>
<para>The architecture used in a deployment will vary depending on the size and purpose of the deployment. This section contains examples of deployment architecture, including a small-scale deployment useful for test and trial deployments and a fully-redundant large-scale setup for production deployments.</para>
<xi:include href="small_scale_deployment.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="large_scale_redundant_setup.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="separate_storage_network.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="multi_node_management_server.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="multi_site_deployment.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
</chapter>

2
docs/en-US/cloud-infrastructure-overview.xml
View File

@ -42,5 +42,5 @@
<textobject><phrase>infrastructure_overview.png: Nested organization of a zone</phrase></textobject>
</mediaobject>
<para><emphasis role="bold">More Information</emphasis></para>
<para>For more information, see <xref linkend="cloud-infrastructure-concepts" />.</para>
<para>For more information, see documentation on cloud infrastructure concepts.</para>
</section>

66
docs/en-US/cloudstack_features.xml
View File

@ -1,66 +0,0 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="cloudstack_features">
<title>What Can &PRODUCT; Do?</title>
<para>
<emphasis role="bold">Multiple Hypervisor Support</emphasis>
</para>
<para>
&PRODUCT; works with a variety of hypervisors. A single cloud deployment can contain multiple hypervisor implementations. You have the complete freedom to choose the right hypervisor for your workload. &PRODUCT; is designed to work with open source Xen and KVM hypervisors as well as enterprise-grade hypervisors such as Citrix XenServer, VMware vSphere, and Oracle VM (OVM). You can also provision “bare metal” hosts with no hypervisor (Beta feature. Untested in &PRODUCT; 3.0.x0.)
</para>
<para>
<emphasis role="bold">Massively Scalable Infrastructure Management</emphasis>
</para>
<para>
&PRODUCT; can manage tens of thousands of servers installed in multiple geographically distributed datacenters. The centralized management server scales linearly, eliminating the need for intermediate cluster-level management servers. No single component failure can cause cloud-wide outage. Periodic maintenance of the management server can be performed without affecting the functioning of virtual machines running in the cloud.
</para>
<para>
<emphasis role="bold">Automatic Configuration Management</emphasis>
</para>
<para>&PRODUCT; automatically configures each guest virtual machines networking and storage settings.
</para>
<para>&PRODUCT; internally manages a pool of virtual appliances to support the cloud itself. These appliances offer services such as firewalling, routing, DHCP, VPN access, console proxy, storage access, and storage replication. The extensive use of virtual appliances simplifies the installation, configuration, and ongoing management of a cloud deployment.
</para>
<para>
<emphasis role="bold">Graphical User Interface</emphasis>
</para>
<para>&PRODUCT; offers an administrator's Web interface, used for provisioning and managing the cloud, as well as an end-user's Web interface, used for running VMs and managing VM templates. The UI can be customized to reflect the desired service provider or enterprise look and feel.
</para>
<para>
<emphasis role="bold">API and Extensibility</emphasis>
</para>
<para>
&PRODUCT; provides an API that gives programmatic access to all the management features available in the UI. The API is maintained and documented. This API enables the creation of command line tools and new user interfaces to suit particular needs. See the Developers Guide and API Reference, both available at http://docs.cloud.com/CloudStack_Documentation.
</para>
<para>
The &PRODUCT; platform pluggable allocation architecture allows the creation of new types of allocators for the selection of storage and Hosts. See the Allocator Implementation Guide (http://docs.cloud.com/CloudStack_Documentation/Allocator_Implementation_Guide).
</para>
<para>
<emphasis role="bold">High Availability</emphasis>
</para>
<para>The &PRODUCT; platform has a number of features to increase the availability of the system. The Management Server itself may be deployed in a multi-node installation where the servers are load balanced. MySQL may be configured to use replication to provide for a manual failover in the event of database loss. For the Hosts, the &PRODUCT; platform supports NIC bonding and the use of separate networks for storage as well as iSCSI Multipath.
</para>
</section>

22
docs/en-US/cloudstack_installation.ent Normal file
View File

@ -0,0 +1,22 @@
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!ENTITY PRODUCT "CloudStack">
<!ENTITY BOOKID "Technical Documentation">
<!ENTITY YEAR "2012">
<!ENTITY HOLDER "Apache Software Foundation">

68
docs/en-US/cloudstack_system_requirements.xml
View File

@ -1,68 +0,0 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="cloudstack_system_requirements">
<title>Minimum System Requirements</title>
<para>
The machines that will run the Management Server and MySQL database must meet the following requirements. The same machines can also be used to provide primary and secondary storage, such as via localdisk or NFS. The Management Server may be placed on a virtual machine.
</para>
<itemizedlist>
<listitem><para>Operating system:</para>
<itemizedlist>
<listitem><para>Commercial users: Preferred: RHEL 6.2+ 64-bit (https://access.redhat.com/downloads) or CentOS 6.2+ 64-bit (http://isoredirect.centos.org/centos/6/isos/x86_64/). Also supported (v3.0.3 and greater): RHEL and CentOS 5.4-5.x 64-bit</para></listitem>
<listitem><para>Open-source community users: RHEL 5.4-5.x 64-bit or 6.2+ 64-bit; CentOS 5.4-5.x 64-bit or 6.2+ 64-bit; Ubuntu 10.04 LTS</para></listitem>
</itemizedlist>
</listitem>
<listitem><para>64-bit x86 CPU (more cores results in better performance)</para></listitem>
<listitem><para>4 GB of memory</para></listitem>
<listitem><para>250 GB of local disk (more results in better capability; 500 GB recommended)</para></listitem>
<listitem><para>At least 1 NIC</para></listitem>
<listitem><para>Statically allocated IP address</para></listitem>
<listitem><para>Fully qualified domain name as returned by the hostname command</para></listitem>
</itemizedlist>
<para>The host is where the cloud services run in the form of guest virtual machines. Each host is one machine that meets the following requirements:</para>
<itemizedlist>
<listitem><para>Must be 64-bit and must support HVM (Intel-VT or AMD-V enabled).</para></listitem>
<listitem><para>64-bit x86 CPU (more cores results in better performance)</para></listitem>
<listitem><para>Hardware virtualization support required</para></listitem>
<listitem><para>4 GB of memory</para></listitem>
<listitem><para>36 GB of local disk</para></listitem>
<listitem><para>At least 1 NIC</para></listitem>
<listitem><para>Statically allocated IP Address</para></listitem>
<listitem><para>Latest hotfixes applied to hypervisor software</para></listitem>
<listitem><para>When you deploy &PRODUCT;, the hypervisor host must not have any VMs already running</para></listitem>
</itemizedlist>
<para>Hosts have additional requirements depending on the hypervisor. See the requirements listed at the top of the Installation section for your chosen hypervisor:</para>
<itemizedlist>
<listitem><para>Citrix XenServer Installation for &PRODUCT;</para></listitem>
<listitem><para>VMware vSphere Installation and Configuration</para></listitem>
<listitem><para>KVM Installation and Configuration</para></listitem>
<listitem><para>Oracle VM (OVM) Installation and Configuration</para></listitem>
</itemizedlist>
<warning>
<para>
Be sure you fulfill the additional hypervisor requirements and installation steps provided in this Guide. Hypervisor hosts must be properly prepared to work with &PRODUCT;. For example, the requirements for XenServer are listed under Citrix XenServer Installation for &PRODUCT;.
</para>
</warning>
</section>

39
docs/en-US/cloudstack_whatis.xml
View File

@ -1,39 +0,0 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="cloudstack_whatis">
<title>What Is &PRODUCT;?</title>
<para>Who Should Read This</para>
<para>If you are new to &PRODUCT; or you want to learn more about concepts before installing and running &PRODUCT;, read this overview. If you just want to get started, you can skip to Overview of Installation Steps.</para>
<para>&PRODUCT; is an open source software platform that pools computing resources to build public, private, and hybrid Infrastructure as a Service (IaaS) clouds. &PRODUCT; manages the network, storage, and compute nodes that make up a cloud infrastructure. Use &PRODUCT; to deploy, manage, and configure cloud computing environments. Typical users are service providers and enterprises. With &PRODUCT;, you can:
<itemizedlist>
<listitem>
<para>Set up an on-demand, elastic cloud computing service. Service providers can sell self service virtual machine instances, storage volumes, and networking configurations over the Internet.</para></listitem>
<listitem>
<para>Set up an on-premise private cloud for use by employees. Rather than managing virtual machines in the same way as physical machines, with &PRODUCT; an enterprise can offer self-service virtual machines to users without involving IT departments.
</para></listitem>
</itemizedlist>
</para>
</section>

46
docs/en-US/configure-package-repository.xml Normal file
View File

@ -0,0 +1,46 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="configure-package-repository">
<title>Configure package repository</title>
<para>&PRODUCT; is only distributed from source from the official mirrors. DEB and RPM packages are however build for your convience by third-parties</para>
<para>When installing &PRODUCT; it is recommended you use these package repositories for easy installation.</para>
<note>
<para>These repositories contain both the Management Server and KVM Hypervisor packages.</para>
</note>
<section id="configure-package-repository-deb">
<title>DEB package repository</title>
<para>You can add a DEB package repository to your apt sources with the following commands.</para>
<programlisting language="Bash">echo "deb http://cloudstack.apt-get.eu/ubuntu $(lsb_release -s -c) 4.0" > /etc/apt/sources.list.d/cloudstack.list</programlisting>
<para>We now have to add the public key to the trusted keys.</para>
<programlisting language="Bash">wget -O - http://cloudstack.apt-get.eu/release.asc|apt-key add -</programlisting>
<para>Now update your local apt-cache.</para>
<programlisting language="Bash">apt-get update</programlisting>
<para>Your DEB package repository should now be configured and ready for use.</para>
</section>
<section id="configure-package-repository-rpm">
<title>RPM package repository</title>
<para>TODO</para>
</section>
</section>

103
docs/en-US/create-vpn-connection-vpc.xml Normal file
View File

@ -0,0 +1,103 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="create-vpn-connection-vpc">
<title>Creating a VPN Connection</title>
<orderedlist>
<listitem>
<para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
</listitem>
<listitem>
<para>In the left navigation, choose Network.</para>
</listitem>
<listitem>
<para>In the Select view, select VPC.</para>
<para>All the VPCs that you create for the account are listed in the page.</para>
</listitem>
<listitem>
<para>Click the Configure button of the VPC to which you want to deploy the VMs.</para>
<para>The VPC page is displayed where all the tiers you created are listed in a
diagram.</para>
</listitem>
<listitem>
<para>Click the Settings icon.</para>
<para>The following options are displayed.</para>
<itemizedlist>
<listitem>
<para>IP Addresses</para>
</listitem>
<listitem>
<para>Gateways</para>
</listitem>
<listitem>
<para>Site-to-Site VPN</para>
</listitem>
<listitem>
<para>Network ASLs</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Select Site-to-Site VPN.</para>
<para>The Site-to-Site VPN page is displayed.</para>
</listitem>
<listitem>
<para>From the Select View drop-down, ensure that VPN Connection is selected.</para>
</listitem>
<listitem>
<para>Click Create VPN Connection.</para>
<para> The Create VPN Connection dialog is displayed:</para>
<mediaobject>
<imageobject>
<imagedata fileref="./images/create-vpn-connection.png"/>
</imageobject>
<textobject>
<phrase>createvpnconnection.png: creating a vpn connection to the customer
gateway.</phrase>
</textobject>
</mediaobject>
</listitem>
<listitem>
<para>Select the desired customer gateway, then click OK to confirm.</para>
<para>Within a few moments, the VPN Connection is displayed.</para>
<para>The following information on the VPN connection is displayed:</para>
<itemizedlist>
<listitem>
<para>IP Address</para>
</listitem>
<listitem>
<para>Gateway</para>
</listitem>
<listitem>
<para>State</para>
</listitem>
<listitem>
<para>IPSec Preshared Key</para>
</listitem>
<listitem>
<para>IKE Policy</para>
</listitem>
<listitem>
<para>ESP Policy</para>
</listitem>
</itemizedlist>
</listitem>
</orderedlist>
</section>

191
docs/en-US/create-vpn-customer-gateway.xml Normal file
View File

@ -0,0 +1,191 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="create-vpn-customer-gateway">
<title>Creating and Updating a VPN Customer Gateway</title>
<note>
<para>A VPN customer gateway can be connected to only one VPN gateway at a time.</para>
</note>
<para>To add a VPN Customer Gateway:</para>
<orderedlist>
<listitem>
<para>Log in to the &PRODUCT; UI as an administrator or end user. </para>
</listitem>
<listitem>
<para>In the left navigation, choose Network.</para>
</listitem>
<listitem>
<para>In the Select view, select VPN Customer Gateway.</para>
</listitem>
<listitem>
<para>Click Add site-to-site VPN.</para>
<mediaobject>
<imageobject>
<imagedata fileref="./images/add-vpn-customer-gateway.png"/>
</imageobject>
<textobject>
<phrase>addvpncustomergateway.png: adding a customer gateway.</phrase>
</textobject>
</mediaobject>
<para>Provide the following information:</para>
<itemizedlist>
<listitem>
<para><emphasis role="bold">Name</emphasis>: A unique name for the VPN customer gateway
you create.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Gateway</emphasis>: The IP address for the remote
gateway.</para>
</listitem>
<listitem>
<para><emphasis role="bold">CIDR list</emphasis>: The guest CIDR list of the remote
subnets. Enter a CIDR or a comma-separated list of CIDRs. Ensure that a guest CIDR list
is not overlapped with the VPCs CIDR, or another guest CIDR. The CIDR must be
RFC1918-compliant.</para>
</listitem>
<listitem>
<para><emphasis role="bold">IPsec Preshared Key</emphasis>: Preshared keying is a method
where the endpoints of the VPN share a secret key. This key value is used to
authenticate the customer gateway and the VPC VPN gateway to each other. </para>
<note>
<para>The IKE peers (VPN end points) authenticate each other by computing and sending a
keyed hash of data that includes the Preshared key. If the receiving peer is able to
create the same hash independently by using its Preshared key, it knows that both
peers must share the same secret, thus authenticating the customer gateway.</para>
</note>
</listitem>
<listitem>
<para><emphasis role="bold">IKE Encryption</emphasis>: The Internet Key Exchange (IKE)
policy for phase-1. The supported encryption algorithms are AES128, AES192, AES256, and
3DES. Authentication is accomplished through the Preshared Keys.</para>
<note>
<para>The phase-1 is the first phase in the IKE process. In this initial negotiation
phase, the two VPN endpoints agree on the methods to be used to provide security for
the underlying IP traffic. The phase-1 authenticates the two VPN gateways to each
other, by confirming that the remote gateway has a matching Preshared Key.</para>
</note>
</listitem>
<listitem>
<para><emphasis role="bold">IKE Hash</emphasis>: The IKE hash for phase-1. The supported
hash algorithms are SHA1 and MD5.</para>
</listitem>
<listitem>
<para><emphasis role="bold">IKE DH</emphasis>: A public-key cryptography protocol which
allows two parties to establish a shared secret over an insecure communications channel.
The 1536-bit Diffie-Hellman group is used within IKE to establish session keys. The
supported options are None, Group-5 (1536-bit) and Group-2 (1024-bit).</para>
</listitem>
<listitem>
<para><emphasis role="bold">ESP Encryption</emphasis>: Encapsulating Security Payload
(ESP) algorithm within phase-2. The supported encryption algorithms are AES128, AES192,
AES256, and 3DES.</para>
<note>
<para>The phase-2 is the second phase in the IKE process. The purpose of IKE phase-2 is
to negotiate IPSec security associations (SA) to set up the IPSec tunnel. In phase-2,
new keying material is extracted from the Diffie-Hellman key exchange in phase-1, to
provide session keys to use in protecting the VPN data flow.</para>
</note>
</listitem>
<listitem>
<para><emphasis role="bold">ESP Hash</emphasis>: Encapsulating Security Payload (ESP) hash
for phase-2. Supported hash algorithms are SHA1 and MD5.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Perfect Forward Secrecy</emphasis>: Perfect Forward Secrecy
(or PFS) is the property that ensures that a session key derived from a set of long-term
public and private keys will not be compromised. This property enforces a new
Diffie-Hellman key exchange. It provides the keying material that has greater key
material life and thereby greater resistance to cryptographic attacks. The available
options are None, Group-5 (1536-bit) and Group-2 (1024-bit). The security of the key
exchanges increase as the DH groups grow larger, as does the time of the
exchanges.</para>
<note>
<para>When PFS is turned on, for every negotiation of a new phase-2 SA the two gateways
must generate a new set of phase-1 keys. This adds an extra layer of protection that
PFS adds, which ensures if the phase-2 SAs have expired, the keys used for new
phase-2 SAs have not been generated from the current phase-1 keying material.</para>
</note>
</listitem>
<listitem>
<para><emphasis role="bold">IKE Lifetime (seconds)</emphasis>: The phase-1 lifetime of the
security association in seconds. Default is 86400 seconds (1 day). Whenever the time
expires, a new phase-1 exchange is performed.</para>
</listitem>
<listitem>
<para><emphasis role="bold">ESP Lifetime (seconds)</emphasis>: The phase-2 lifetime of the
security association in seconds. Default is 3600 seconds (1 hour). Whenever the value is
exceeded, a re-key is initiated to provide a new IPsec encryption and authentication
session keys.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Dead Peer Detection</emphasis>: A method to detect an
unavailable Internet Key Exchange (IKE) peer. Select this option if you want the virtual
router to query the liveliness of its IKE peer at regular intervals. Its recommended to
have the same configuration of DPD on both side of VPN connection.</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Click OK.</para>
</listitem>
</orderedlist>
<formalpara>
<title>Updating and Removing a VPN Customer Gateway</title>
<para>You can update a customer gateway either with no VPN connection, or related VPN connection
is in error state.</para>
</formalpara>
<orderedlist>
<listitem>
<para>Log in to the &PRODUCT; UI as an administrator or end user. </para>
</listitem>
<listitem>
<para>In the left navigation, choose Network.</para>
</listitem>
<listitem>
<para>In the Select view, select VPN Customer Gateway.</para>
</listitem>
<listitem>
<para>Select the VPN customer gateway you want to work with.</para>
</listitem>
<listitem>
<para>To modify the required parameters, click the Edit VPN Customer Gateway button<inlinemediaobject>
<imageobject>
<imagedata fileref="./images/edit-icon.png"/>
</imageobject>
<textobject>
<phrase>edit.png: button to edit a VPN customer gateway</phrase>
</textobject>
</inlinemediaobject></para>
</listitem>
<listitem>
<para>To remove the VPN customer gateway, click the Delete VPN Customer Gateway button<inlinemediaobject>
<imageobject>
<imagedata fileref="./images/delete-button.png"/>
</imageobject>
<textobject>
<phrase>delete.png: button to remove a VPN customer gateway</phrase>
</textobject>
</inlinemediaobject></para>
</listitem>
<listitem>
<para>Click OK.</para>
</listitem>
</orderedlist>
</section>

80
docs/en-US/create-vpn-gateway-for-vpc.xml Normal file
View File

@ -0,0 +1,80 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="create-vpn-gateway-for-vpc">
<title>Creating a VPN gateway for the VPC</title>
<orderedlist>
<listitem>
<para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
</listitem>
<listitem>
<para>In the left navigation, choose Network.</para>
</listitem>
<listitem>
<para>In the Select view, select VPC.</para>
<para>All the VPCs that you have created for the account is listed in the page.</para>
</listitem>
<listitem>
<para>Click the Configure button of the VPC to which you want to deploy the VMs.</para>
<para>The VPC page is displayed where all the tiers you created are listed in a
diagram.</para>
</listitem>
<listitem>
<para>Click the Settings icon.</para>
<para>The following options are displayed.</para>
<itemizedlist>
<listitem>
<para>IP Addresses</para>
</listitem>
<listitem>
<para>Gateways</para>
</listitem>
<listitem>
<para>Site-to-Site VPN</para>
</listitem>
<listitem>
<para>Network ACLs</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Select Site-to-Site VPN.</para>
<para>If you are creating the VPN gateway for the first time, selecting Site-to-Site VPN
prompts you to create a VPN gateway.</para>
</listitem>
<listitem>
<para>In the confirmation dialog, click Yes to confirm.</para>
<para>Within a few moments, the VPN gateway is created. You will be prompted to view the
details of the VPN gateway you have created. Click Yes to confirm.</para>
<para>The following details are displayed in the VPN Gateway page:</para>
<itemizedlist>
<listitem>
<para>IP Address</para>
</listitem>
<listitem>
<para>Account</para>
</listitem>
<listitem>
<para>Domain</para>
</listitem>
</itemizedlist>
</listitem>
</orderedlist>
</section>

1
docs/en-US/installation.xml
View File

@ -27,6 +27,7 @@
<xi:include href="who-should-read-installation.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="installation-steps-overview.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="minimum-system-requirements.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="configure-package-repository.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="management-server-install-flow.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="hypervisor-host-install-flow.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
</chapter>

42
docs/en-US/large_scale_redundant_setup.xml Normal file
View File

@ -0,0 +1,42 @@
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="large_scale_redundant_setup">
<title>Large-Scale Redundant Setup</title>
<mediaobject>
<imageobject>
<imagedata fileref="./images/large_scale_redundant_setup.png" />
</imageobject>
<textobject><phrase>Large-Scale Redundant Setup</phrase></textobject>
</mediaobject>
<para>This diagram illustrates the network architecture of a large-scale &PRODUCT; deployment.</para>
<itemizedlist>
<listitem><para>A layer-3 switching layer is at the core of the data center. A router redundancy protocol like VRRP should be deployed. Typically high-end core switches also include firewall modules. Separate firewall appliances may also be used if the layer-3 switch does not have integrated firewall capabilities. The firewalls are configured in NAT mode. The firewalls provide the following functions:</para>
<itemizedlist>
<listitem><para>Forwards HTTP requests and API calls from the Internet to the Management Server. The Management Server resides on the management network.</para></listitem>
<listitem><para>When the cloud spans multiple zones, the firewalls should enable site-to-site VPN such that servers in different zones can directly reach each other.</para></listitem>
</itemizedlist>
</listitem>
<listitem><para>A layer-2 access switch layer is established for each pod. Multiple switches can be stacked to increase port count. In either case, redundant pairs of layer-2 switches should be deployed.</para></listitem>
<listitem><para>The Management Server cluster (including front-end load balancers, Management Server nodes, and the MySQL database) is connected to the management network through a pair of load balancers.</para></listitem>
<listitem><para>Secondary storage servers are connected to the management network.</para></listitem>
<listitem><para>Each pod contains storage and computing servers. Each storage and computing server should have redundant NICs connected to separate layer-2 access switches.</para></listitem>
</itemizedlist>
</section>

2
docs/en-US/management-server-install-prepare-os.xml
View File

@ -34,7 +34,7 @@
</listitem>
<listitem>
<para>Make sure that the machine can reach the Internet.</para>
<programlisting language="Bash">ping www.google.com</programlisting>
<programlisting language="Bash">ping www.cloudstack.org</programlisting>
</listitem>
<listitem>
<para>Turn on NTP for time synchronization.</para>

36
docs/en-US/multi_node_management_server.xml Normal file
View File

@ -0,0 +1,36 @@
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="multi_node_management_server">
<title>Multi-Node Management Server</title>
<para>The &PRODUCT; Management Server is deployed on one or more front-end servers connected to a single MySQL database. Optionally a pair of hardware load balancers distributes requests from the web. A backup management server set may be deployed using MySQL replication at a remote site to add DR capabilities.</para>
<mediaobject>
<imageobject>
<imagedata fileref="./images/multi_node_management_server.png" />
</imageobject>
<textobject><phrase>Multi-Node Management Server</phrase></textobject>
</mediaobject>
<para>The administrator must decide the following.</para>
<itemizedlist>
<listitem><para>Whether or not load balancers will be used.</para></listitem>
<listitem><para>How many Management Servers will be deployed.</para></listitem>
<listitem><para>Whether MySQL replication will be deployed to enable disaster recovery.</para></listitem>
</itemizedlist>
</section>

50
docs/en-US/multi_site_deployment.xml Normal file
View File

@ -0,0 +1,50 @@
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="multi_site_deployment">
<title>Multi-Site Deployment</title>
<para>The &PRODUCT; platform scales well into multiple sites through the use of zones. The following diagram shows an example of a multi-site deployment.</para>
<mediaobject>
<imageobject>
<imagedata fileref="./images/example_of_a_multi_site_deployment.png" />
</imageobject>
<textobject><phrase>Example Of A Multi-Site Deployment</phrase></textobject>
</mediaobject>
<para>Data Center 1 houses the primary Management Server as well as zone 1. The MySQL database is replicated in real time to the secondary Management Server installation in Data Center 2.</para>
<mediaobject>
<imageobject>
<imagedata fileref="./images/separate_storage_network.png" />
</imageobject>
<textobject><phrase>Separate Storage Network</phrase></textobject>
</mediaobject>
<para>This diagram illustrates a setup with a separate storage network. Each server has four NICs, two connected to pod-level network switches and two connected to storage network switches.</para>
<para>There are two ways to configure the storage network:</para>
<itemizedlist>
<listitem><para> Bonded NIC and redundant switches can be deployed for NFS. In NFS deployments, redundant switches and bonded NICs still result in one network (one CIDR block+ default gateway address).</para></listitem>
<listitem><para> iSCSI can take advantage of two separate storage networks (two CIDR blocks each with its own default gateway). Multipath iSCSI client can failover and load balance between separate storage networks.</para></listitem>
</itemizedlist>
<mediaobject>
<imageobject>
<imagedata fileref="./images/NIC_bonding_and_multipath_IO.png" />
</imageobject>
<textobject><phrase>NIC Bonding And Multipath I/O</phrase></textobject>
</mediaobject>
<para> This diagram illustrates the differences between NIC bonding and Multipath I/O (MPIO). NIC bonding configuration involves only one network. MPIO involves two separate networks.</para>
</section>

106
docs/en-US/prepare_os.xml
View File

@ -1,106 +0,0 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="prepare_os">
<title>Prepare the Operating System</title>
<para>The OS must be prepared to host the Management Server using the following steps. These steps must be performed on each Management Server node.</para>
<orderedlist>
<listitem><para>Log in to your OS as root.</para></listitem>
<listitem><para>Check for a fully qualified hostname.</para>
<programlisting># hostname --fqdn</programlisting>
<para>This should return a fully qualified hostname such as "kvm1.lab.example.org". If it does not, edit /etc/hosts so that it does.</para>
</listitem>
<listitem><para>Set SELinux to be permissive by default.</para>
<orderedlist numeration="loweralpha">
<listitem><para>Check to see whether SELinux is installed on your machine. If not, you can skip to step 4.</para>
<para>In RHEL or CentOS, SELinux are installed and enabled by default. You can verify this with:</para>
<programlisting># rpm -qa | grep selinux</programlisting>
<para>In Ubuntu, SELinux is not installed by default. You can verify this with:</para>
<programlisting># dpkg --list 'selinux'</programlisting>
</listitem>
<listitem><para>Set the SELINUX variable in /etc/selinux/config to “permissive”. This ensures that the permissive setting will be maintained after a system reboot.</para>
<para>In RHEL or CentOS:</para>
<programlisting># vi /etc/selinux/config</programlisting>
<para>In Ubuntu (do this step only if SELinux was found on the machine in the previous step):</para>
<programlisting># selinux-config-enforcing permissive</programlisting>
</listitem>
<listitem><para>Then set SELinux to permissive starting immediately, without requiring a system reboot.</para>
<para>In CentOS:</para>
<programlisting># setenforce permissive</programlisting>
<para>In RHEL:</para>
<programlisting># setenforce 0</programlisting>
<para>In Ubuntu (do this step only if SELinux was found on the machine):</para>
<programlisting># setenforce permissive</programlisting>
</listitem>
</orderedlist>
</listitem>
<listitem><para>Make sure that the Management Server can reach the Internet.</para>
<programlisting># ping www.google.com</programlisting>
</listitem>
<listitem><para>(RHEL 6.2) If you do not have a Red Hat Network account, you need to prepare a local Yum repository.</para>
<orderedlist numeration="loweralpha">
<listitem><para>If you are working with a physical host, insert the RHEL 6.2 installation CD. If you are using a VM, attach the RHEL6 ISO.</para></listitem>
<listitem><para>Mount the CDROM to /media.</para></listitem>
<listitem><para>Create a repo file at /etc/yum.repos.d/rhel6.repo. In the file, insert the following lines:</para>
<programlisting>
[rhel]
name=rhel6
baseurl=file:///media
enabled=1
gpgcheck=0
</programlisting>
</listitem>
</orderedlist>
</listitem>
<listitem><para>Turn on NTP for time synchronization.</para>
<note><para>NTP is required to synchronize the clocks of the servers in your cloud.</para></note>
<orderedlist numeration="loweralpha">
<listitem><para>Install NTP.</para>
<para>On RHEL or CentOS:</para>
<programlisting># yum install ntp</programlisting>
<para>On Ubuntu:</para>
<programlisting># apt-get install ntp</programlisting>
</listitem>
<listitem><para>Edit the NTP configuration file to point to your NTP server.</para>
<programlisting># vi /etc/ntp.conf</programlisting>
<para>For example, you can use one of the following:</para>
<programlisting>0.xenserver.pool.ntp.org
1.xenserver.pool.ntp.org
2.xenserver.pool.ntp.org
3.xenserver.pool.ntp.org
</programlisting>
</listitem>
<listitem><para>Restart the NTP client.</para>
<programlisting># service ntpd restart</programlisting>
</listitem>
<listitem><para>Make sure NTP will start again upon reboot.</para>
<para>On RHEL or CentOS:</para>
<programlisting># chkconfig ntpd on</programlisting>
<para>On Ubuntu:</para>
<programlisting># chkconfig ntp on</programlisting>
</listitem>
</orderedlist>
</listitem>
</orderedlist>
</section>

50
docs/en-US/primary-storage-add.xml
View File

@ -23,6 +23,52 @@
-->
<section id="primary-storage-add">
<title>Adding Primary Storage</title>
<para>TODO</para>
<title>Add Primary Storage</title>
<section id="sys-require-primary-storage">
<title>System Requirements for Primary Storage</title>
<para>Hardware requirements:</para>
<itemizedlist>
<listitem><para>Any standards-compliant iSCSI or NFS server that is supported by the underlying hypervisor.</para></listitem>
<listitem><para>The storage server should be a machine with a large number of disks. The disks should ideally be managed by a hardware RAID controller.</para></listitem>
<listitem><para>Minimum required capacity depends on your needs.</para></listitem>
</itemizedlist>
<para>When setting up primary storage, follow these restrictions:</para>
<itemizedlist>
<listitem><para>Primary storage cannot be added until a host has been added to the cluster.</para></listitem>
<listitem><para>If you do not provision shared primary storage, you must set the global configuration parameter system.vm.local.storage.required to true, or else you will not be able to start VMs.</para></listitem>
</itemizedlist>
</section>
<section id="adding-primary-storage">
<title>Adding Primary Stroage</title>
<para>When you create a new zone, the first primary storage is added as part of that procedure. You can add primary storage servers at any time, such as when adding a new cluster or adding more servers to an existing cluster.</para>
<warning><para>Be sure there is nothing stored on the server. Adding the server to &PRODUCT; will destroy any existing data.</para></warning>
<orderedlist>
<listitem><para>Log in to the &PRODUCT; UI (see <xref linkend="log-in" />).</para></listitem>
<listitem><para>In the left navigation, choose Infrastructure. In Zones, click View More, then click the zone in which you want to add the primary storage.</para></listitem>
<listitem><para>Click the Compute tab.</para></listitem>
<listitem><para>In the Primary Storage node of the diagram, click View All.</para></listitem>
<listitem><para>Click Add Primary Storage.</para></listitem>
<listitem>
<para>Provide the following information in the dialog. The information required varies depending on your choice in Protocol.</para>
<itemizedlist>
<listitem><para><emphasis role="bold">Pod.</emphasis> The pod for the storage device.</para></listitem>
<listitem><para><emphasis role="bold">Cluster.</emphasis> The cluster for the storage device.</para></listitem>
<listitem><para><emphasis role="bold">Name.</emphasis> The name of the storage device.</para></listitem>
<listitem><para><emphasis role="bold">Protocol.</emphasis> For XenServer, choose either NFS, iSCSI, or PreSetup. For KVM, choose NFS or SharedMountPoint. For vSphere choose either VMFS (iSCSI or FiberChannel) or NFS.</para></listitem>
<listitem><para><emphasis role="bold">Server (for NFS, iSCSI, or PreSetup).</emphasis> The IP address or DNS name of the storage device.</para></listitem>
<listitem><para><emphasis role="bold">Server (for VMFS).</emphasis> The IP address or DNS name of the vCenter server.</para></listitem>
<listitem><para><emphasis role="bold">Path (for NFS).</emphasis> In NFS this is the exported path from the server.</para></listitem>
<listitem><para><emphasis role="bold">Path (for VMFS).</emphasis> In vSphere this is a combination of the datacenter name and the datastore name. The format is "/" datacenter name "/" datastore name. For example, "/cloud.dc.VM/cluster1datastore".</para></listitem>
<listitem><para><emphasis role="bold">Path (for SharedMountPoint).</emphasis> With KVM this is the path on each host that is where this primary storage is mounted. For example, "/mnt/primary".</para></listitem>
<listitem><para><emphasis role="bold">SR Name-Label (for PreSetup).</emphasis> Enter the name-label of the SR that has been set up outside &PRODUCT;.</para></listitem>
<listitem><para><emphasis role="bold">Target IQN (for iSCSI).</emphasis> In iSCSI this is the IQN of the target. For example, iqn.1986-03.com.sun:02:01ec9bb549-1271378984.</para></listitem>
<listitem><para><emphasis role="bold">Lun # (for iSCSI).</emphasis> In iSCSI this is the LUN number. For example, 3.</para></listitem>
<listitem><para><emphasis role="bold">Tags (optional).</emphasis> The comma-separated list of tags for this storage device. It should be an equivalent set or superset of the tags on your disk offerings..</para></listitem>
</itemizedlist>
<para>The tag sets on primary storage across clusters in a Zone must be identical. For example, if cluster A provides primary storage that has tags T1 and T2, all other clusters in the Zone must also provide primary storage that has tags T1 and T2.</para>
</listitem>
<listitem><para>Click OK.</para></listitem>
</orderedlist>
</section>
</section>

22
docs/en-US/secondary-storage-add.xml
View File

@ -23,6 +23,26 @@
-->
<section id="secondary-storage-add">
<title>Add Secondary Storage</title>
<section id="sys-require-secondary-storage">
<title>System Requirements for Secondary Storage</title>
<itemizedlist>
<listitem><para>NFS storage appliance or Linux NFS server</para></listitem>
<listitem><para>(Optional) OpenStack Object Storage (Swift) (see http://swift.openstack.org)</para></listitem>
<listitem><para>100GB minimum capacity</para></listitem>
<listitem><para>A secondary storage device must be located in the same zone as the guest VMs it serves.</para></listitem>
<listitem><para>Each Secondary Storage server must be available to all hosts in the zone.</para></listitem>
</itemizedlist>
</section>
<section id="adding-secondary-storage">
<title>Adding Secondary Storage</title>
<para>TODO</para>
<para>When you create a new zone, the first secondary storage is added as part of that procedure. You can add secondary storage servers at any time to add more servers to an existing zone.</para>
<warning><para>Be sure there is nothing stored on the server. Adding the server to &PRODUCT; will destroy any existing data.</para></warning>
<orderedlist>
<listitem><para>If you are going to use Swift for cloud-wide secondary storage, you must add the Swift storage to &PRODUCT; before you add the local zone secondary storage servers. See <xref linkend="zone-add" />.</para></listitem>
<listitem><para>To prepare for local zone secondary storage, you should have created and mounted an NFS share during Management Server installation. <phrase condition="install">See <xref linkend="prepare-nfs-shares" />.</phrase><phrase condition="admin">See Preparing NFS Shares in the Installation Guide.</phrase></para></listitem>
<listitem><para>Make sure you prepared the system VM template during Management Server installation. <phrase condition="install">See <xref linkend="prepare-system-vm-template" />.</phrase><phrase condition="admin">See Prepare the System VM Template in the Installation Guide.</phrase></para></listitem>
<listitem><para>Now that the secondary storage server for per-zone storage is prepared, add it to &PRODUCT;. Secondary storage is added as part of the procedure for adding a new zone. See <xref linkend="zone-add" />.</para></listitem>
</orderedlist>
</section>
</section>

24
docs/en-US/separate_storage_network.xml Normal file
View File

@ -0,0 +1,24 @@
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="separate_storage_network">
<title>Separate Storage Network</title>
<para>In the large-scale redundant setup described in the previous section, storage traffic can overload the management network. A separate storage network is optional for deployments. Storage protocols such as iSCSI are sensitive to network delays. A separate storage network ensures guest network traffic contention does not impact storage performance.</para>
</section>

37
docs/en-US/small_scale_deployment.xml Normal file
View File

@ -0,0 +1,37 @@
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="small_scale_deployment">
<title>Small-Scale Deployment</title>
<mediaobject>
<imageobject>
<imagedata fileref="./images/small_scale_deployment.png" />
</imageobject>
<textobject><phrase>Small-Scale Deployment</phrase></textobject>
</mediaobject>
<para>This diagram illustrates the network architecture of a small-scale &PRODUCT; deployment.</para>
<itemizedlist>
<listitem><para>A firewall provides a connection to the Internet. The firewall is configured in NAT mode. The firewall forwards HTTP requests and API calls from the Internet to the Management Server. The Management Server resides on the management network.</para></listitem>
<listitem><para>A layer-2 switch connects all physical servers and storage.</para></listitem>
<listitem><para>A single NFS server functions as both the primary and secondary storage.</para></listitem>
<listitem><para>The Management Server is connected to the management network.</para></listitem>
</itemizedlist>
</section>

1
docs/publican-all.cfg
View File

@ -25,3 +25,4 @@ docname: cloudstack
brand: cloudstack
chunk_first: 1
chunk_section_depth: 1
condition: install

4
docs/publican-install.cfg
View File

@ -24,6 +24,4 @@ docname: cloudstack_installation
brand: cloudstack
chunk_first: 1
chunk_section_depth: 1
condition: install

990
patches/systemvm/debian/config/etc/httpd/conf/httpd.conf
View File

@ -1,990 +0,0 @@
#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
#
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
# whole (the 'global environment').
# 2. Directives that define the parameters of the 'main' or 'default' server,
# which responds to requests that aren't handled by a virtual host.
# These directives also provide default values for the settings
# of all virtual hosts.
# 3. Settings for virtual hosts, which allow Web requests to be sent to
# different IP addresses or hostnames and have them handled by the
# same Apache server process.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
# with ServerRoot set to "/etc/httpd" will be interpreted by the
# server as "/etc/httpd/logs/foo.log".
#
### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
#
# Don't give away too much information about all the subcomponents
# we are running. Comment out this line if you don't mind remote sites
# finding out what major optional modules you are running
ServerTokens OS
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation
# (available at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
ServerRoot "/etc/httpd"
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
PidFile run/httpd.pid
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 120
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive Off
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15
##
## Server-Pool Size Regulation (MPM specific)
##
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# ServerLimit: maximum value for MaxClients for the lifetime of the server
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
</IfModule>
# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
Listen 10.1.1.1:80
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
#
# The following modules are not loaded by default:
#
#LoadModule cern_meta_module modules/mod_cern_meta.so
#LoadModule asis_module modules/mod_asis.so
#
# Load config files from the config directory "/etc/httpd/conf.d".
#
Include conf.d/*.conf
#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
#
#ExtendedStatus On
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# . On SCO (ODT 3) use "User nouser" and "Group nogroup".
# . On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
# when the value of (unsigned)Group is above 60000;
# don't use Group #-1 on these systems!
#
User apache
Group apache
### Section 2: 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin root@localhost
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If this is not set to valid DNS name for your host, server-generated
# redirections will not work. See also the UseCanonicalName directive.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address anyway, and this will make
# redirections work in a sensible way.
#
#ServerName www.example.com:80
#
# UseCanonicalName: Determines how Apache constructs self-referencing
# URLs and the SERVER_NAME and SERVER_PORT variables.
# When set "Off", Apache will use the Hostname and Port supplied
# by the client. When set "On", Apache will use the value of the
# ServerName directive.
#
UseCanonicalName Off
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/html"
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/var/www/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
#
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
UserDir disable
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disable" line above, and uncomment
# the following line instead:
#
#UserDir public_html
</IfModule>
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
#<Directory /home/*/public_html>
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# <Limit GET POST OPTIONS>
# Order allow,deny
# Allow from all
# </Limit>
# <LimitExcept GET POST OPTIONS>
# Order deny,allow
# Deny from all
# </LimitExcept>
#</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
# The index.html.var file (a type-map) is used to deliver content-
# negotiated documents. The MultiViews Option can be used for the
# same purpose, but it is much slower.
#
DirectoryIndex index.html index.html.var
#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
#
# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.
#
TypesConfig /etc/mime.types
#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
<IfModule mod_mime_magic.c>
# MIMEMagicFile /usr/share/magic.mime
MIMEMagicFile conf/magic
</IfModule>
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
#
# EnableMMAP: Control whether memory-mapping is used to deliver
# files (assuming that the underlying OS supports it).
# The default is on; turn this off if you serve from NFS-mounted
# filesystems. On some systems, turning it off (regardless of
# filesystem) can improve performance; for details, please see
# http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap
#
#EnableMMAP off
#
# EnableSendfile: Control whether the sendfile kernel support is
# used to deliver files (assuming that the OS supports it).
# The default is on; turn this off if you serve from NFS-mounted
# filesystems. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile
#
#EnableSendfile off
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog logs/error_log
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this
# requires the mod_logio module to be loaded.
#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
#CustomLog logs/access_log common
#
# If you would like to have separate agent and referer logfiles, uncomment
# the following directives.
#
#CustomLog logs/referer_log referer
#CustomLog logs/agent_log agent
#
# For a single logfile with access, agent, and referer information
# (Combined Logfile Format), use the following directive:
#
CustomLog logs/access_log combined
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature On
#
# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/". If the fakename is slash-terminated, then the
# realname must also be slash terminated, and if the fakename omits the
# trailing slash, the realname must also omit it.
#
# We include the /icons/ alias for FancyIndexed directory listings. If you
# do not use FancyIndexing, you may comment this out.
#
Alias /icons/ "/var/www/icons/"
<Directory "/var/www/icons">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
#
# WebDAV module configuration section.
#
<IfModule mod_dav_fs.c>
# Location of the WebDAV lock database.
DAVLockDB /var/lib/dav/lockdb
</IfModule>
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
#
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
#
# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
# Example:
# Redirect permanent /foo http://www.example.com/bar
#
# Directives controlling the display of server-generated directory listings.
#
#
# IndexOptions: Controls the appearance of server-generated directory
# listings.
#
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
#
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions. These are only displayed for
# FancyIndexed directories.
#
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
#
# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
#
DefaultIcon /icons/unknown.gif
#
# AddDescription allows you to place a short description after a file in
# server-generated indexes. These are only displayed for FancyIndexed
# directories.
# Format: AddDescription "description" filename
#
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz
#
# ReadmeName is the name of the README file the server will look for by
# default, and append to directory listings.
#
# HeaderName is the name of a file which should be prepended to
# directory indexes.
ReadmeName README.html
HeaderName HEADER.html
#
# IndexIgnore is a set of filenames which directory indexing should ignore
# and not include in the listing. Shell-style wildcarding is permitted.
#
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
#
# DefaultLanguage and AddLanguage allows you to specify the language of
# a document. You can then use content negotiation to give a browser a
# file in a language the user can understand.
#
# Specify a default language. This means that all data
# going out without a specific language tag (see below) will
# be marked with this one. You probably do NOT want to set
# this unless you are sure it is correct for all cases.
#
# * It is generally better to not mark a page as
# * being a certain language than marking it with the wrong
# * language!
#
# DefaultLanguage nl
#
# Note 1: The suffix does not have to be the same as the language
# keyword --- those with documents in Polish (whose net-standard
# language code is pl) may wish to use "AddLanguage pl .po" to
# avoid the ambiguity with the common suffix for perl scripts.
#
# Note 2: The example entries below illustrate that in some cases
# the two character 'Language' abbreviation is not identical to
# the two character 'Country' code for its country,
# E.g. 'Danmark/dk' versus 'Danish/da'.
#
# Note 3: In the case of 'ltz' we violate the RFC by using a three char
# specifier. There is 'work in progress' to fix this and get
# the reference data for rfc1766 cleaned up.
#
# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
# Norwegian (no) - Polish (pl) - Portugese (pt)
# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
#
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
#
# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
#
# Just list the languages in decreasing order of preference. We have
# more or less alphabetized them here. You probably want to change this.
#
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
#
# ForceLanguagePriority allows you to serve a result page rather than
# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
# [in case no accepted languages matched the available variants]
#
ForceLanguagePriority Prefer Fallback
#
# Specify a default charset for all content served; this enables
# interpretation of all content as UTF-8 by default. To use the
# default browser choice (ISO-8859-1), or to allow the META tags
# in HTML content to override this choice, comment out this
# directive:
#
AddDefaultCharset UTF-8
#
# AddType allows you to add to or override the MIME configuration
# file mime.types for specific file types.
#
#AddType application/x-tar .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
# Despite the name similarity, the following Add* directives have nothing
# to do with the FancyIndexing customization directives above.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
#
# For files that include their own HTTP headers:
#
#AddHandler send-as-is asis
#
# For type maps (negotiated resources):
# (This is enabled by default to allow the Apache "It Worked" page
# to be distributed in multiple languages.)
#
AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# Putting this all together, we can internationalize error responses.
#
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
# our collection of by-error message multi-language collections. We use
# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
# default HTTP_<error>.html.var files by adding the line:
#
# Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
# /var/www/error/include/ files and
# copying them to /your/include/path/, even on a per-VirtualHost basis.
#
Alias /error/ "/var/www/error/"
<IfModule mod_negotiation.c>
<IfModule mod_include.c>
<Directory "/var/www/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback
</Directory>
# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
# ErrorDocument 410 /error/HTTP_GONE.html.var
# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
</IfModule>
</IfModule>
#
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
#
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
#
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
# Change the ".example.com" to match your domain to enable.
#
#<Location /server-status>
# SetHandler server-status
# Order deny,allow
# Deny from all
# Allow from .example.com
#</Location>
#
# Allow remote server configuration reports, with the URL of
# http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".example.com" to match your domain to enable.
#
#<Location /server-info>
# SetHandler server-info
# Order deny,allow
# Deny from all
# Allow from .example.com
#</Location>
#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
#<IfModule mod_proxy.c>
#ProxyRequests On
#
#<Proxy *>
# Order deny,allow
# Deny from all
# Allow from .example.com
#</Proxy>
#
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#
#ProxyVia On
#
# To enable a cache of proxied content, uncomment the following lines.
# See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details.
#
#<IfModule mod_disk_cache.c>
# CacheEnable disk /
# CacheRoot "/var/cache/mod_proxy"
#</IfModule>
#
#</IfModule>
# End of proxy directives.
### Section 3: Virtual Hosts
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
# Use name-based virtual hosting.
#
#NameVirtualHost *:80
#
# NOTE: NameVirtualHost cannot be used without a port specifier
# (e.g. :80) if mod_ssl is being used, due to the nature of the
# SSL protocol.
#
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
#<VirtualHost *:80>
# ServerAdmin webmaster@dummy-host.example.com
# DocumentRoot /www/docs/dummy-host.example.com
# ServerName dummy-host.example.com
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>

12
patches/systemvm/debian/config/etc/logrotate.conf
View File

@ -1,32 +1,21 @@
# see "man logrotate" for details
# rotate log files daily
daily
# keep 5 days worth
rotate 5
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
#compress
# max size 50M
size 50M
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
/var/log/btmp {
missingok
monthly
@ -34,4 +23,3 @@ include /etc/logrotate.d
rotate 1
}
# system-specific logs may be also be configured here.

2
patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
View File

@ -48,7 +48,7 @@ destroy_acl_chain() {
create_acl_chain() {
destroy_acl_chain
sudo iptables -t mangle -N ACL_OUTBOUND_$dev 2>/dev/null
sudo iptables -t mangle -A ACL_OUTBOUND_$dev -j DROP 2>/dev/null
sudo iptables -t mangle -A ACL_OUTBOUND_$dev -j ACCEPT 2>/dev/null
sudo iptables -t mangle -A PREROUTING -m state --state NEW -i $dev -s $subnet/$mask ! -d $ip -j ACL_OUTBOUND_$dev 2>/dev/null
sudo iptables -N ACL_INBOUND_$dev 2>/dev/null
# drop if no rules match (this will be the last rule in the chain)

24
patches/systemvm/debian/config/root/redundant_router/keepalived.conf.templ
View File

@ -1,5 +1,3 @@
! Configuration File for keepalived
global_defs {
router_id [ROUTER_ID]
}
@ -36,29 +34,7 @@ vrrp_instance inside_network {
heartbeat
}
#nopreempt
# notify scripts and alerts are optional
#
# filenames of scripts to run on transitions
# can be unquoted (if just filename)
# or quoted (if has parameters)
# to MASTER transition
notify_master "[RROUTER_BIN_PATH]/master.sh"
# to BACKUP transition
notify_backup "[RROUTER_BIN_PATH]/backup.sh"
# FAULT transition
notify_fault "[RROUTER_BIN_PATH]/fault.sh"
# for ANY state transition.
# "notify" script is called AFTER the
# notify_* script(s) and is executed
# with 3 arguments provided by keepalived
# (ie don't include parameters in the notify line).
# arguments
# $1 = "GROUP"|"INSTANCE"
# $2 = name of group or instance
# $3 = target state of transition
# ("MASTER"|"BACKUP"|"FAULT")
#notify [RROUTER_BIN_PATH]/notify.sh
}

0
patches/systemvm/debian/config/var/lib/misc/dnsmasq.leases
View File

43
patches/systemvm/debian/vpn/etc/ipsec.conf
View File

@ -1,50 +1,9 @@
# /etc/ipsec.conf - Openswan IPsec configuration file
# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Do not set debug options to debug configuration issues!
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
# eg:
# plutodebug="control parsing"
#
# enable to get logs per-peer
# plutoopts="--perpeerlog"
#
# Again: only enable plutodebug or klipsdebug when asked by a developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=yes
# exclude networks used on server side by adding %v4:!a.b.c.0/24
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
# OE is now off by default. Uncomment and change to on, to enable.
oe=off
# which IPsec stack to use. auto will try netkey, then klips then mast
protostack=auto
# Add connections here
# sample VPN connection
# for more examples, see /etc/ipsec.d/examples/
#conn sample
# # Left security gateway, subnet behind it, nexthop toward right.
# left=10.0.0.1
# leftsubnet=172.16.0.0/24
# leftnexthop=10.22.33.44
# # Right security gateway, subnet behind it, nexthop toward left.
# right=10.12.12.1
# rightsubnet=192.168.0.0/24
# rightnexthop=10.101.102.103
# # To authorize this connection, but not actually start it,
# # at startup, uncomment this.
# #auto=add
include /etc/ipsec.d/*.conf

48
patches/systemvm/debian/vpn/etc/ipsec.conf.orig
View File

@ -1,48 +0,0 @@
# /etc/ipsec.conf - Openswan IPsec configuration file
# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Do not set debug options to debug configuration issues!
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
# eg:
# plutodebug="control parsing"
#
# enable to get logs per-peer
# plutoopts="--perpeerlog"
#
# Again: only enable plutodebug or klipsdebug when asked by a developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=yes
# exclude networks used on server side by adding %v4:!a.b.c.0/24
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
# OE is now off by default. Uncomment and change to on, to enable.
oe=off
# which IPsec stack to use. auto will try netkey, then klips then mast
protostack=auto
# Add connections here
# sample VPN connection
# for more examples, see /etc/ipsec.d/examples/
#conn sample
# # Left security gateway, subnet behind it, nexthop toward right.
# left=10.0.0.1
# leftsubnet=172.16.0.0/24
# leftnexthop=10.22.33.44
# # Right security gateway, subnet behind it, nexthop toward left.
# right=10.12.12.1
# rightsubnet=192.168.0.0/24
# rightnexthop=10.101.102.103
# # To authorize this connection, but not actually start it,
# # at startup, uncomment this.
# #auto=add

10
patches/systemvm/debian/vpn/etc/ipsec.secrets
View File

@ -1,12 +1,2 @@
# RCSID $Id: ipsec.secrets.proto,v 1.3.6.1 2005/09/28 13:59:14 paul Exp $
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
# this file is managed with debconf and will contain the automatically created RSA keys
include /var/lib/openswan/ipsec.secrets.inc
include /etc/ipsec.d/ipsec.*.secrets

11
patches/systemvm/debian/vpn/etc/ipsec.secrets.orig
View File

@ -1,11 +0,0 @@
# RCSID $Id: ipsec.secrets.proto,v 1.3.6.1 2005/09/28 13:59:14 paul Exp $
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
# this file is managed with debconf and will contain the automatically created RSA keys
include /var/lib/openswan/ipsec.secrets.inc

76
patches/systemvm/debian/vpn/etc/xl2tpd/xl2tpd.conf.orig
View File

@ -1,76 +0,0 @@
;
; Sample l2tpd configuration file
;
; This example file should give you some idea of how the options for l2tpd
; should work. The best place to look for a list of all options is in
; the source code itself, until I have the time to write better documetation :)
; Specifically, the file "file.c" contains a list of commands at the end.
;
; You most definitely don't have to spell out everything as it is done here
;
; [global] ; Global parameters:
; port = 1701 ; * Bind to port 1701
; auth file = /etc/l2tpd/l2tp-secrets ; * Where our challenge secrets are
; access control = yes ; * Refuse connections without IP match
; rand source = dev ; Source for entropy for random
; ; numbers, options are:
; ; dev - reads of /dev/urandom
; ; sys - uses rand()
; ; egd - reads from egd socket
; ; egd is not yet implemented
;
; [lns default] ; Our fallthrough LNS definition
; exclusive = no ; * Only permit one tunnel per host
; ip range = 192.168.0.1-192.168.0.20 ; * Allocate from this IP range
; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts
; ip range = 192.168.0.5 ; * But this one is okay
; ip range = lac1-lac2 ; * And anything from lac1 to lac2's IP
; lac = 192.168.1.4 - 192.168.1.8 ; * These can connect as LAC's
; no lac = untrusted.marko.net ; * This guy can't connect
; hidden bit = no ; * Use hidden AVP's?
; local ip = 192.168.1.2 ; * Our local IP to use
; length bit = yes ; * Use length bit in payload?
; require chap = yes ; * Require CHAP auth. by peer
; refuse pap = yes ; * Refuse PAP authentication
; refuse chap = no ; * Refuse CHAP authentication
; refuse authentication = no ; * Refuse authentication altogether
; require authentication = yes ; * Require peer to authenticate
; unix authentication = no ; * Use /etc/passwd for auth.
; name = myhostname ; * Report this as our hostname
; ppp debug = no ; * Turn on PPP debugging
; pppoptfile = /etc/ppp/options.l2tpd.lns ; * ppp options file
; call rws = 10 ; * RWS for call (-1 is valid)
; tunnel rws = 4 ; * RWS for tunnel (must be > 0)
; flow bit = yes ; * Include sequence numbers
; challenge = yes ; * Challenge authenticate peer ;
; rx bps = 10000000 ; Receive tunnel speed
; tx bps = 10000000 ; Transmit tunnel speed
; bps = 100000 ; Define both receive and transmit speed in one option
; [lac marko] ; Example VPN LAC definition
; lns = lns.marko.net ; * Who is our LNS?
; lns = lns2.marko.net ; * A backup LNS (not yet used)
; redial = yes ; * Redial if disconnected?
; redial timeout = 15 ; * Wait n seconds between redials
; max redials = 5 ; * Give up after n consecutive failures
; hidden bit = yes ; * User hidden AVP's?
; local ip = 192.168.1.1 ; * Force peer to use this IP for us
; remote ip = 192.168.1.2 ; * Force peer to use this as their IP
; length bit = no ; * Use length bit in payload?
; require pap = no ; * Require PAP auth. by peer
; require chap = yes ; * Require CHAP auth. by peer
; refuse pap = yes ; * Refuse PAP authentication
; refuse chap = no ; * Refuse CHAP authentication
; refuse authentication = no ; * Refuse authentication altogether
; require authentication = yes ; * Require peer to authenticate
; name = marko ; * Report this as our hostname
; ppp debug = no ; * Turn on PPP debugging
; pppoptfile = /etc/ppp/options.l2tpd.marko ; * ppp options file for this lac
; call rws = 10 ; * RWS for call (-1 is valid)
; tunnel rws = 4 ; * RWS for tunnel (must be > 0)
; flow bit = yes ; * Include sequence numbers
; challenge = yes ; * Challenge authenticate peer
;
; [lac cisco] ; Another quick LAC
; lns = cisco.marko.net ; * Required, but can take from default
; require authentication = yes

106
patches/systemvm/debian/xe/xe-linux-distribution.init
View File

@ -1,106 +0,0 @@
#!/bin/bash
#
# xe-linux-distribution Write Linux distribution information to XenStore.
#
# chkconfig: 2345 14 86
# description: Writes Linux distribution version information to XenStore.
#
### BEGIN INIT INFO
# Provides: XenServer Virtual Machine Tools
# Required-Start: $local_fs
# Required-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: XenServer Virtual Machine daemon providing host integration services
# Description: Writes Linux distribution version information to XenStore.
### END INIT INFO
LANG="C"
export LANG
if [ -f /etc/init.d/functions ] ; then
. /etc/init.d/functions
else
action()
{
descr=$1 ; shift
cmd=$@
echo -n "$descr "
$cmd
ret=$?
if [ $ret -eq 0 ] ; then
echo "OK"
else
echo "Failed"
fi
return $ret
}
fi
XE_LINUX_DISTRIBUTION=/usr/sbin/xe-linux-distribution
XE_LINUX_DISTRIBUTION_CACHE=/var/cache/xe-linux-distribution
XE_DAEMON=/usr/sbin/xe-daemon
XE_DAEMON_PIDFILE=/var/run/xe-daemon.pid
if [ ! -x "${XE_LINUX_DISTRIBUTION}" ] ; then
exit 0
fi
start()
{
if [ ! -e /proc/xen/xenbus ] ; then
if [ ! -d /proc/xen ] ; then
action $"Mounting xenfs on /proc/xen:" /bin/false
echo "Could not find /proc/xen directory."
echo "You need a post 2.6.29-rc1 kernel with CONFIG_XEN_COMPAT_XENFS=y and CONFIG_XENFS=y|m"
exit 1
else
# This is needed post 2.6.29-rc1 when /proc/xen support was pushed upstream as a xen filesystem
action $"Mounting xenfs on /proc/xen:" mount -t xenfs none /proc/xen
fi
fi
if [ -e /proc/xen/capabilities ] && grep -q control_d /proc/xen/capabilities ; then
# Do not want daemon in domain 0
exit 0
fi
action $"Detecting Linux distribution version:" \
${XE_LINUX_DISTRIBUTION} ${XE_LINUX_DISTRIBUTION_CACHE}
action $"Starting xe daemon: " /bin/true
mkdir -p $(dirname ${XE_DAEMON_PIDFILE})
# This is equivalent to daemon() in C
( exec &>/dev/null ; ${XE_DAEMON} -p ${XE_DAEMON_PIDFILE} & )
}
stop()
{
action $"Stopping xe daemon: " kill -TERM $(cat ${XE_DAEMON_PIDFILE})
}
# fail silently if not running xen
if [ ! -d /proc/xen ]; then
exit
fi
case "$1" in
start)
start
;;
stop)
stop
;;
force-reload|restart)
stop
start
;;
*)
# do not advertise unreasonable commands that there is no reason
# to use with this device
echo $"Usage: $0 start|restart"
exit 1
esac
exit $?

1
patches/systemvm/debian/xe/xen-vcpu-hotplug.rules
View File

@ -1 +0,0 @@
ACTION=="add", SUBSYSTEM=="cpu", RUN+="/bin/sh -c '[ ! -e /sys$devpath/online ] || echo 1 > /sys$devpath/online'"

8
plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/storage/LibvirtStorageAdaptor.java
View File

@ -199,7 +199,7 @@ public class LibvirtStorageAdaptor implements StorageAdaptor {
sp.create(0);
return sp;
} catch (LibvirtException e) {
s_logger.debug(e.toString());
s_logger.error(e.toString());
if (sp != null) {
try {
sp.undefine();
@ -230,7 +230,7 @@ public class LibvirtStorageAdaptor implements StorageAdaptor {
return sp;
} catch (LibvirtException e) {
s_logger.debug(e.toString());
s_logger.error(e.toString());
if (sp != null) {
try {
sp.undefine();
@ -260,7 +260,7 @@ public class LibvirtStorageAdaptor implements StorageAdaptor {
sp.create(0);
return sp;
} catch (LibvirtException e) {
s_logger.debug(e.toString());
s_logger.error(e.toString());
if (sp != null) {
try {
sp.undefine();
@ -294,7 +294,7 @@ public class LibvirtStorageAdaptor implements StorageAdaptor {
s = conn.secretDefineXML(sd.toString());
s.setValue(Base64.decodeBase64(userInfoTemp[1]));
} catch (LibvirtException e) {
s_logger.debug(e.toString());
s_logger.error(e.toString());
if (s != null) {
try {
s.undefine();

45
pom.xml
View File

@ -209,29 +209,11 @@
<exclude>deps/XenServerJava/Makefile</exclude>
<exclude>dist/console-proxy/js/jquery.js</exclude>
<exclude>scripts/vm/systemvm/id_rsa.cloud</exclude>
<exclude>patches/systemvm/debian/xe/xen-vcpu-hotplug.rules</exclude>
<exclude>patches/systemvm/debian/xe/xe-linux-distribution.init</exclude>
<exclude>patches/systemvm/debian/systemvm.vmx</exclude>
<exclude>patches/systemvm/debian/config/etc/ssh/sshd_config</exclude>
<exclude>patches/systemvm/debian/config/etc/logrotate.d/haproxy</exclude>
<exclude>patches/systemvm/debian/config/etc/logrotate.d/dnsmasq</exclude>
<exclude>patches/systemvm/debian/config/etc/logrotate.d/apache2</exclude>
<exclude>patches/systemvm/debian/config/etc/logrotate.d/ppp</exclude>
<exclude>patches/systemvm/debian/config/etc/logrotate.d/rsyslog</exclude>
<exclude>patches/systemvm/debian/config/etc/vpcdnsmasq.conf</exclude>
<exclude>patches/systemvm/debian/config/etc/httpd/conf/httpd.conf</exclude>
<exclude>patches/systemvm/debian/config/etc/haproxy/haproxy.cfg</exclude>
<exclude>patches/systemvm/debian/config/etc/apache2/vhostexample.conf</exclude>
<exclude>patches/systemvm/debian/config/etc/apache2/sites-available/default-ssl</exclude>
<exclude>patches/systemvm/debian/config/etc/apache2/sites-available/default</exclude>
<exclude>patches/systemvm/debian/config/etc/apache2/httpd.conf</exclude>
<exclude>patches/systemvm/debian/config/etc/apache2/ports.conf</exclude>
<exclude>patches/systemvm/debian/config/etc/rsyslog.conf</exclude>
<exclude>patches/systemvm/debian/config/etc/cloud-nic.rules</exclude>
<exclude>patches/systemvm/debian/config/etc/logrotate.conf</exclude>
<exclude>patches/systemvm/debian/config/etc/init.d/postinit</exclude>
<exclude>patches/systemvm/debian/config/etc/modprobe.d/aesni_intel</exclude>
<exclude>patches/systemvm/debian/config/etc/sysctl.conf</exclude>
<exclude>patches/systemvm/debian/config/etc/dnsmasq.conf</exclude>
<exclude>patches/systemvm/debian/config/etc/rc.local</exclude>
<exclude>patches/systemvm/debian/config/root/redundant_router/heartbeat.sh.templ</exclude>
@ -244,17 +226,9 @@
<exclude>patches/systemvm/debian/config/root/redundant_router/master.sh.templ</exclude>
<exclude>patches/systemvm/debian/config/root/redundant_router/conntrackd.conf.templ</exclude>
<exclude>patches/systemvm/debian/config/root/redundant_router/enable_pubip.sh.templ</exclude>
<exclude>patches/systemvm/debian/config/var/lib/misc/dnsmasq.leases</exclude>
<exclude>patches/systemvm/debian/config/var/www/html/userdata/.htaccess</exclude>
<exclude>patches/systemvm/debian/config/var/www/html/latest/.htaccess</exclude>
<exclude>patches/systemvm/debian/vpn/etc/ipsec.conf.orig</exclude>
<exclude>patches/systemvm/debian/vpn/etc/ipsec.secrets.orig</exclude>
<exclude>patches/systemvm/debian/vpn/etc/ipsec.conf</exclude>
<exclude>patches/systemvm/debian/vpn/etc/ipsec.d/l2tp.conf</exclude>
<exclude>patches/systemvm/debian/vpn/etc/ppp/options.xl2tpd</exclude>
<exclude>patches/systemvm/debian/vpn/etc/xl2tpd/xl2tpd.conf</exclude>
<exclude>patches/systemvm/debian/vpn/etc/xl2tpd/xl2tpd.conf.orig</exclude>
<exclude>patches/systemvm/debian/vpn/etc/ipsec.secrets</exclude>
<exclude>tools/devcloud/basebuild/puppet-devcloudinitial/files/network.conf</exclude>
<exclude>tools/devcloud/devcloud.cfg</exclude>
<exclude>ui/lib/flot/jquery.colorhelpers.js</exclude>
@ -296,6 +270,19 @@
<maxmem>512m</maxmem>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>2.4</version>
<configuration>
<archive>
<manifest>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
<addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
</manifest>
</archive>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>build-helper-maven-plugin</artifactId>
@ -329,6 +316,12 @@
<module>deps</module>
</modules>
</profile>
<profile>
<id>developer</id>
<modules>
<module>developer</module>
</modules>
</profile>
</profiles>
</project>

21
scripts/vm/hypervisor/xenserver/vmops
View File

@ -360,6 +360,26 @@ def createFile(session, args):
return txt
@echo
def createFileInDomr(session, args):
file_path = args['filepath']
file_contents = args['filecontents']
domrip = args['domrip']
try:
tmpfile = util.pread2(['mktemp']).strip()
f = open(tmpfile, "w")
f.write(file_contents)
f.close()
target = "root@" + domrip + ":" + file_path
util.pread2(['scp','-P','3922','-q','-o','StrictHostKeyChecking=no','-i','/root/.ssh/id_rsa.cloud',tmpfile, target])
util.pread2(['rm',tmpfile])
txt = 'success'
except:
util.SMlog(" failed to create HA proxy cfg file ")
txt = ''
return txt
@echo
def deleteFile(session, args):
file_path = args["filepath"]
@ -1452,4 +1472,5 @@ if __name__ == "__main__":
"setLinkLocalIP":setLinkLocalIP,
"cleanup_rules":cleanup_rules,
"bumpUpPriority":bumpUpPriority,
"createFileInDomr":createFileInDomr,
"kill_copy_process":kill_copy_process})

8
server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
View File

@ -468,12 +468,14 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
}
checkCustomerGatewayCidrList(guestCidrList);
long accountId = gw.getAccountId();
if (_customerGatewayDao.findByGatewayIp(gatewayIp) != null) {
Site2SiteCustomerGatewayVO existedGw = _customerGatewayDao.findByGatewayIp(gatewayIp);
if (existedGw != null && existedGw.getId() != gw.getId()) {
throw new InvalidParameterValueException("The customer gateway with ip " + gatewayIp + " already existed in the system!");
}
if (_customerGatewayDao.findByNameAndAccountId(name, accountId) != null) {
existedGw = _customerGatewayDao.findByNameAndAccountId(name, accountId);
if (existedGw != null && existedGw.getId() != gw.getId()) {
throw new InvalidParameterValueException("The customer gateway with name " + name + " already existed!");
}

2
setup/db/create-index-fk.sql
View File

@ -93,3 +93,5 @@ ALTER TABLE `cloud`.`ssh_keypairs` ADD CONSTRAINT `fk_ssh_keypairs__account_id`
ALTER TABLE `cloud`.`ssh_keypairs` ADD CONSTRAINT `fk_ssh_keypairs__domain_id` FOREIGN KEY `fk_ssh_keypair__domain_id` (`domain_id`) REFERENCES `domain` (`id`) ON DELETE CASCADE;
ALTER TABLE `cloud`.`usage_event` ADD INDEX `i_usage_event__created`(`created`);
ALTER TABLE `cloud`.`nicira_nvp_nic_map` ADD CONSTRAINT `fk_nicira_nvp_nic_map__nic` FOREIGN KEY `fk_nicira_nvp_nic_map__nic` (`nic`) REFERENCES `nics` (`uuid`) ON DELETE CASCADE;

BIN
test/scripts/wget.exe
View File

Binary file not shown.

55
tools/build/build_docs.sh Executable file
View File

@ -0,0 +1,55 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
sourcedir=~/incubator-cloudstack/
common_content_dir=/usr/share/publican/Common_Content
publican_path=/usr/bin/publican
usage(){
echo "usage: $0 [-s source dir] [-c publican common content] [-p path to publican]"
echo " -s sets the source directory (defaults to $sourcedir)"
echo " -c sets the public common content directory (defaults to $common_content_dir)"
echo " -p sets the path to the publican binary (defaults to $publican_path)"
echo " -h"
}
while getopts v:s:c:p:h opt
do
case "$opt" in
v) version="$OPTARG";;
s) sourcedir="$OPTARG";;
c) common_content_dir="$OPTARG";;
p) publican_path="$OPTARG";;
h) usage
exit 0;;
\?)
usage
exit 1;;
esac
done
if [ ! -x "$publican_path" ]; then
echo "$publican_path doesn't seem like an executeable?"
exit 1
fi
cd $sourcedir/docs
cp -R /usr/share/publican/Common_Content .
ln -s $sourcedir/docs/publican-cloudstack Common_Content/cloudstack
publican build --config=publican-all.cfg --formats html,pdf --langs en-US --common_content=$sourcedir/docs/Common_Content
rm -r Common_Content

116
tools/guest_password/cloud-set-guest-password Normal file
View File

@ -0,0 +1,116 @@
#!/bin/bash
#
# Init file for Password Download Client
#
# chkconfig: 345 98 02
# description: Password Download Client
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Modify this line to specify the user (default is root)
user=root
# Add your DHCP lease folders here
DHCP_FOLDERS="/var/lib/dhclient/* /var/lib/dhcp3/*"
password_received=0
file_count=0
error_count=0
for DHCP_FILE in $DHCP_FOLDERS
do
if [ -f $DHCP_FILE ]
then
file_count=$((file_count+1))
PASSWORD_SERVER_IP=$(grep dhcp-server-identifier $DHCP_FILE | tail -1 | awk '{print $NF}' | tr -d '\;')
if [ -n $PASSWORD_SERVER_IP ]
then
logger -t "cloud" "Found password server IP $PASSWORD_SERVER_IP in $DHCP_FILE"
logger -t "cloud" "Sending request to password server at $PASSWORD_SERVER_IP"
password=$(wget -q -t 3 -T 20 -O - --header "DomU_Request: send_my_password" $PASSWORD_SERVER_IP:8080)
password=$(echo $password | tr -d '\r')
if [ $? -eq 0 ]
then
logger -t "cloud" "Got response from server at $PASSWORD_SERVER_IP"
case $password in
"") logger -t "cloud" "Password server at $PASSWORD_SERVER_IP did not have any password for the VM"
continue
;;
"bad_request") logger -t "cloud" "VM sent an invalid request to password server at $PASSWORD_SERVER_IP"
error_count=$((error_count+1))
continue
;;
"saved_password") logger -t "cloud" "VM has already saved a password from the password server at $PASSWORD_SERVER_IP"
continue
;;
*) logger -t "cloud" "VM got a valid password from server at $PASSWORD_SERVER_IP"
password_received=1
break
;;
esac
else
logger -t "cloud" "Failed to send request to password server at $PASSWORD_SERVER_IP"
error_count=$((error_count+1))
fi
else
logger -t "cloud" "Could not find password server IP in $DHCP_FILE"
error_count=$((error_count+1))
fi
fi
done
if [ "$password_received" == "0" ]
then
if [ "$error_count" == "$file_count" ]
then
logger -t "cloud" "Failed to get password from any server"
exit 1
else
logger -t "cloud" "Did not need to change password."
exit 0
fi
fi
logger -t "cloud" "Changing password ..."
echo $password | passwd --stdin $user
if [ $? -gt 0 ]
then
usermod -p `mkpasswd -m SHA-512 $password` $user
if [ $? -gt 0 ]
then
logger -t "cloud" "Failed to change password for user $user"
exit 1
else
logger -t "cloud" "Successfully changed password for user $user"
fi
fi
logger -t "cloud" "Sending acknowledgment to password server at $PASSWORD_SERVER_IP"
wget -t 3 -T 20 -O - --header "DomU_Request: saved_password" $PASSWORD_SERVER_IP:8080
exit 0

2
ui/dictionary.jsp
View File

@ -25,6 +25,8 @@ under the License.
<% long now = System.currentTimeMillis(); %>
<script language="javascript">
dictionary = {
'label.broadcast.uri': '<fmt:message key="label.broadcast.uri"/>',
'label.isolation.uri': '<fmt:message key="label.isolation.uri"/>',
'message.zoneWizard.enable.local.storage': '<fmt:message key="message.zoneWizard.enable.local.storage"/>',
'label.edit.tags': '<fmt:message key="label.edit.tags"/>',
'label.local.storage.enabled': '<fmt:message key="label.local.storage.enabled"/>',

170
ui/scripts/accounts.js
View File

@ -19,12 +19,6 @@
var domainObjs;
var rootDomainId;
var systemAccountId = 1;
var adminAccountId = 2;
var systemUserId = 1;
var adminUserId = 2;
cloudStack.sections.accounts = {
title: 'label.accounts',
id: 'accounts',
@ -288,59 +282,71 @@
});
$.ajax({
url: createURL("updateResourceLimit&resourceType=0&max=" + todb(args.data.vmLimit) + "&account=" + accountObj.name + "&domainid=" + accountObj.domainid),
dataType: "json",
async: false,
success: function(json) {
accountObj["vmLimit"] = args.data.vmLimit;
}
});
if(args.data.vmLimit != null) {
$.ajax({
url: createURL("updateResourceLimit&resourceType=0&max=" + todb(args.data.vmLimit) + "&account=" + accountObj.name + "&domainid=" + accountObj.domainid),
dataType: "json",
async: false,
success: function(json) {
accountObj["vmLimit"] = args.data.vmLimit;
}
});
}
$.ajax({
url: createURL("updateResourceLimit&resourceType=1&max=" + todb(args.data.ipLimit) + "&account=" + accountObj.name + "&domainid=" + accountObj.domainid),
dataType: "json",
async: false,
success: function(json) {
accountObj["ipLimit"] = args.data.ipLimit;
}
});
if(args.data.ipLimit != null) {
$.ajax({
url: createURL("updateResourceLimit&resourceType=1&max=" + todb(args.data.ipLimit) + "&account=" + accountObj.name + "&domainid=" + accountObj.domainid),
dataType: "json",
async: false,
success: function(json) {
accountObj["ipLimit"] = args.data.ipLimit;
}
});
}
$.ajax({
url: createURL("updateResourceLimit&resourceType=2&max=" + todb(args.data.volumeLimit) + "&account=" + accountObj.name + "&domainid=" + accountObj.domainid),
dataType: "json",
async: false,
success: function(json) {
accountObj["volumeLimit"] = args.data.volumeLimit;
}
});
if(args.data.volumeLimit != null) {
$.ajax({
url: createURL("updateResourceLimit&resourceType=2&max=" + todb(args.data.volumeLimit) + "&account=" + accountObj.name + "&domainid=" + accountObj.domainid),
dataType: "json",
async: false,
success: function(json) {
accountObj["volumeLimit"] = args.data.volumeLimit;
}
});
}
$.ajax({
url: createURL("updateResourceLimit&resourceType=3&max=" + todb(args.data.snapshotLimit) + "&account=" + accountObj.name + "&domainid=" + accountObj.domainid),
dataType: "json",
async: false,
success: function(json) {
accountObj["snapshotLimit"] = args.data.snapshotLimit;
}
});
$.ajax({
url: createURL("updateResourceLimit&resourceType=4&max=" + todb(args.data.templateLimit) + "&account=" + accountObj.name + "&domainid=" + accountObj.domainid),
dataType: "json",
async: false,
success: function(json) {
accountObj["templateLimit"] = args.data.templateLimit;
}
});
$.ajax({
url: createURL("updateResourceLimit&resourceType=7&max=" + todb(args.data.vpcLimit) + "&account=" + accountObj.name + "&domainid=" + accountObj.domainid),
dataType: "json",
async: false,
success: function(json) {
accountObj["vpcLimit"] = args.data.vpcLimit;
}
});
if(args.data.snapshotLimit != null) {
$.ajax({
url: createURL("updateResourceLimit&resourceType=3&max=" + todb(args.data.snapshotLimit) + "&account=" + accountObj.name + "&domainid=" + accountObj.domainid),
dataType: "json",
async: false,
success: function(json) {
accountObj["snapshotLimit"] = args.data.snapshotLimit;
}
});
}
if(args.data.templateLimit != null) {
$.ajax({
url: createURL("updateResourceLimit&resourceType=4&max=" + todb(args.data.templateLimit) + "&account=" + accountObj.name + "&domainid=" + accountObj.domainid),
dataType: "json",
async: false,
success: function(json) {
accountObj["templateLimit"] = args.data.templateLimit;
}
});
}
if(args.data.vpcLimit != null) {
$.ajax({
url: createURL("updateResourceLimit&resourceType=7&max=" + todb(args.data.vpcLimit) + "&account=" + accountObj.name + "&domainid=" + accountObj.domainid),
dataType: "json",
async: false,
success: function(json) {
accountObj["vpcLimit"] = args.data.vpcLimit;
}
});
}
if(errorMsg == "")
args.response.success({data: accountObj});
@ -552,27 +558,57 @@
},
vmLimit: {
label: 'label.instance.limits',
isEditable: true
isEditable: function(context) {
if (context.accounts[0].accounttype == roleTypeUser || context.accounts[0].accounttype == roleTypeDomainAdmin) //updateResourceLimits is only allowed on account whose type is user or domain-admin
return true;
else
return false;
}
},
ipLimit: {
label: 'label.ip.limits',
isEditable: true
isEditable: function(context) {
if (context.accounts[0].accounttype == roleTypeUser || context.accounts[0].accounttype == roleTypeDomainAdmin) //updateResourceLimits is only allowed on account whose type is user or domain-admin
return true;
else
return false;
}
},
volumeLimit: {
label: 'label.volume.limits',
isEditable: true
isEditable: function(context) {
if (context.accounts[0].accounttype == roleTypeUser || context.accounts[0].accounttype == roleTypeDomainAdmin) //updateResourceLimits is only allowed on account whose type is user or domain-admin
return true;
else
return false;
}
},
snapshotLimit: {
label: 'label.snapshot.limits',
isEditable: true
isEditable: function(context) {
if (context.accounts[0].accounttype == roleTypeUser || context.accounts[0].accounttype == roleTypeDomainAdmin) //updateResourceLimits is only allowed on account whose type is user or domain-admin
return true;
else
return false;
}
},
templateLimit: {
label: 'label.template.limits',
isEditable: true
isEditable: function(context) {
if (context.accounts[0].accounttype == roleTypeUser || context.accounts[0].accounttype == roleTypeDomainAdmin) //updateResourceLimits is only allowed on account whose type is user or domain-admin
return true;
else
return false;
}
},
vpcLimit: {
label: 'VPC limits',
isEditable: true
isEditable: function(context) {
if (context.accounts[0].accounttype == roleTypeUser || context.accounts[0].accounttype == roleTypeDomainAdmin) //updateResourceLimits is only allowed on account whose type is user or domain-admin
return true;
else
return false;
}
},
vmtotal: { label: 'label.total.of.vm' },
@ -1097,12 +1133,8 @@
if (jsonObj.state == 'Destroyed') return [];
if(isAdmin()) {
if(jsonObj.id != systemAccountId && jsonObj.id != adminAccountId) {
//allowedActions.push("edit");
if (jsonObj.accounttype == roleTypeUser || jsonObj.accounttype == roleTypeDomainAdmin) {
//allowedActions.push("updateResourceLimits");
allowedActions.push("edit");
}
allowedActions.push("edit"); //updating networkdomain is allowed on any account, including system-generated default admin account
if(!(jsonObj.domain == "ROOT" && jsonObj.name == "admin" && jsonObj.accounttype == 1)) { //if not system-generated default admin account
if(jsonObj.state == "enabled") {
allowedActions.push("disable");
allowedActions.push("lock");
@ -1127,7 +1159,7 @@
allowedActions.push("edit");
allowedActions.push("changePassword");
allowedActions.push("generateKeys");
if(jsonObj.id != systemUserId && jsonObj.id != adminUserId) {
if(!(jsonObj.domain == "ROOT" && jsonObj.account == "admin" && jsonObj.accounttype == 1)) { //if not system-generated default admin account user
if(jsonObj.state == "enabled")
allowedActions.push("disable");
if(jsonObj.state == "disabled")

188
ui/scripts/domains.js
View File

@ -97,66 +97,92 @@
},
action: function(args) {
var domainObj;
var array1 = [];
array1.push("&name=" + todb(args.data.name));
array1.push("&networkdomain=" + todb(args.data.networkdomain));
var data = {
id: args.context.domains[0].id,
networkdomain: args.data.networkdomain
};
if(args.data.name != null) {
$.extend(data, {
name: args.data.name
});
}
$.ajax({
url: createURL("updateDomain&id=" + args.context.domains[0].id + array1.join("")),
url: createURL("updateDomain"),
async: false,
dataType: "json",
data: data,
success: function(json) {
domainObj = json.updatedomainresponse.domain;
}
});
$.ajax({
url: createURL("updateResourceLimit&domainid=" + args.context.domains[0].id + "&resourceType=0&max=" + args.data.vmLimit),
dataType: "json",
async: false,
success: function(json) {
domainObj["vmLimit"] = args.data.vmLimit;
}
});
$.ajax({
url: createURL("updateResourceLimit&domainid=" + args.context.domains[0].id + "&resourceType=1&max=" + args.data.ipLimit),
dataType: "json",
async: false,
success: function(json) {
domainObj["ipLimit"] = args.data.ipLimit;
}
});
$.ajax({
url: createURL("updateResourceLimit&domainid=" + args.context.domains[0].id + "&resourceType=2&max=" + args.data.volumeLimit),
dataType: "json",
async: false,
success: function(json) {
domainObj["volumeLimit"] = args.data.volumeLimit;
}
});
$.ajax({
url: createURL("updateResourceLimit&domainid=" + args.context.domains[0].id + "&resourceType=3&max=" + args.data.snapshotLimit),
dataType: "json",
async: false,
success: function(json) {
domainObj["snapshotLimit"] = args.data.snapshotLimit;
}
});
$.ajax({
url: createURL("updateResourceLimit&domainid=" + args.context.domains[0].id + "&resourceType=4&max=" + args.data.templateLimit),
dataType: "json",
async: false,
success: function(json) {
domainObj["templateLimit"] = args.data.templateLimit;
}
});
$.ajax({
url: createURL("updateResourceLimit&domainid=" + args.context.domains[0].id + "&resourceType=7&max=" + args.data.vpcLimit),
dataType: "json",
async: false,
success: function(json) {
domainObj["vpcLimit"] = args.data.vpcLimit;
}
});
if(args.data.vmLimit != null) {
$.ajax({
url: createURL("updateResourceLimit&domainid=" + args.context.domains[0].id + "&resourceType=0&max=" + args.data.vmLimit),
dataType: "json",
async: false,
success: function(json) {
domainObj["vmLimit"] = args.data.vmLimit;
}
});
}
if(args.data.ipLimit != null) {
$.ajax({
url: createURL("updateResourceLimit&domainid=" + args.context.domains[0].id + "&resourceType=1&max=" + args.data.ipLimit),
dataType: "json",
async: false,
success: function(json) {
domainObj["ipLimit"] = args.data.ipLimit;
}
});
}
if(args.data.volumeLimit != null) {
$.ajax({
url: createURL("updateResourceLimit&domainid=" + args.context.domains[0].id + "&resourceType=2&max=" + args.data.volumeLimit),
dataType: "json",
async: false,
success: function(json) {
domainObj["volumeLimit"] = args.data.volumeLimit;
}
});
}
if(args.data.snapshotLimit != null) {
$.ajax({
url: createURL("updateResourceLimit&domainid=" + args.context.domains[0].id + "&resourceType=3&max=" + args.data.snapshotLimit),
dataType: "json",
async: false,
success: function(json) {
domainObj["snapshotLimit"] = args.data.snapshotLimit;
}
});
}
if(args.data.templateLimit != null) {
$.ajax({
url: createURL("updateResourceLimit&domainid=" + args.context.domains[0].id + "&resourceType=4&max=" + args.data.templateLimit),
dataType: "json",
async: false,
success: function(json) {
domainObj["templateLimit"] = args.data.templateLimit;
}
});
}
if(args.data.vpcLimit != null) {
$.ajax({
url: createURL("updateResourceLimit&domainid=" + args.context.domains[0].id + "&resourceType=7&max=" + args.data.vpcLimit),
dataType: "json",
async: false,
success: function(json) {
domainObj["vpcLimit"] = args.data.vpcLimit;
}
});
}
args.response.success({data: domainObj});
}
@ -243,7 +269,15 @@
title: 'label.details',
fields: [
{
name: { label: 'label.name', isEditable: true }
name: {
label: 'label.name',
isEditable: function(context) {
if(context.domains[0].level != 0) //ROOT domain (whose level is 0) is not allowed to change domain name
return true;
else
return false;
}
}
},
{
id: { label: 'ID' },
@ -256,27 +290,57 @@
},
vmLimit: {
label: 'label.instance.limits',
isEditable: true
isEditable: function(context) {
if(context.domains[0].level != 0) //ROOT domain (whose level is 0) is not allowed to updateResourceLimits
return true;
else
return false;
}
},
ipLimit: {
label: 'label.ip.limits',
isEditable: true
isEditable: function(context) {
if(context.domains[0].level != 0) //ROOT domain (whose level is 0) is not allowed to updateResourceLimits
return true;
else
return false;
}
},
volumeLimit: {
label: 'label.volume.limits',
isEditable: true
isEditable: function(context) {
if(context.domains[0].level != 0) //ROOT domain (whose level is 0) is not allowed to updateResourceLimits
return true;
else
return false;
}
},
snapshotLimit: {
label: 'label.snapshot.limits',
isEditable: true
isEditable: function(context) {
if(context.domains[0].level != 0) //ROOT domain (whose level is 0) is not allowed to updateResourceLimits
return true;
else
return false;
}
},
templateLimit: {
label: 'label.template.limits',
isEditable: true
isEditable: function(context) {
if(context.domains[0].level != 0) //ROOT domain (whose level is 0) is not allowed to updateResourceLimits
return true;
else
return false;
}
},
vpcLimit: {
label: 'VPC limits',
isEditable: true
isEditable: function(context) {
if(context.domains[0].level != 0) //ROOT domain (whose level is 0) is not allowed to updateResourceLimits
return true;
else
return false;
}
},
accountTotal: { label: 'label.accounts' },
vmTotal: { label: 'label.instances' },
@ -412,8 +476,8 @@
var allowedActions = [];
if(isAdmin()) {
allowedActions.push("create");
if(jsonObj.level != 0) { //ROOT domain (whose level is 0) is not allowed to edit or delete
allowedActions.push("edit"); //merge updateResourceLimit into edit
allowedActions.push("edit"); //merge updateResourceLimit into edit
if(jsonObj.level != 0) { //ROOT domain (whose level is 0) is not allowed to delete
allowedActions.push("delete");
}
}

84
ui/scripts/system.js
View File

@ -2255,6 +2255,7 @@
id: { label: 'label.id' },
projectid: { label: 'label.project.id' },
state: { label: 'label.state' },
guestnetworkid: { label: 'label.network.id' },
publicip: { label: 'label.public.ip' },
guestipaddress: { label: 'label.guest.ip' },
linklocalip: { label: 'label.linklocal.ip' },
@ -2286,6 +2287,47 @@
}
});
}
},
nics: {
title: 'label.nics',
multiple: true,
fields: [
{
name: { label: 'label.name', header: true },
type: { label: 'label.type' },
traffictype: { label: 'label.traffic.type' },
networkname: { label: 'label.network.name' },
netmask: { label: 'label.netmask' },
ipaddress: { label: 'label.ip.address' },
id: { label: 'label.id' },
networkid: { label: 'label.network.id' },
isolationuri: { label: 'label.isolation.uri' },
broadcasturi: { label: 'label.broadcast.uri' }
}
],
dataProvider: function(args) {
$.ajax({
url: createURL("listRouters&id=" + args.context.routers[0].id),
dataType: 'json',
async: true,
success: function(json) {
var jsonObj = json.listroutersresponse.router[0].nic;
args.response.success({
actionFilter: routerActionfilter,
data: $.map(jsonObj, function(nic, index) {
var name = 'NIC ' + (index + 1);
if (nic.isdefault) {
name += ' (' + _l('label.default') + ')';
}
return $.extend(nic, {
name: name
});
})
});
}
});
}
}
}
}
@ -5176,6 +5218,7 @@
id: { label: 'label.id' },
projectid: { label: 'label.project.id' },
state: { label: 'label.state' },
guestnetworkid: { label: 'label.network.id' },
publicip: { label: 'label.public.ip' },
guestipaddress: { label: 'label.guest.ip' },
linklocalip: { label: 'label.linklocal.ip' },
@ -5208,6 +5251,47 @@
}
});
}
},
nics: {
title: 'label.nics',
multiple: true,
fields: [
{
name: { label: 'label.name', header: true },
type: { label: 'label.type' },
traffictype: { label: 'label.traffic.type' },
networkname: { label: 'label.network.name' },
netmask: { label: 'label.netmask' },
ipaddress: { label: 'label.ip.address' },
id: { label: 'label.id' },
networkid: { label: 'label.network.id' },
isolationuri: { label: 'label.isolation.uri' },
broadcasturi: { label: 'label.broadcast.uri' }
}
],
dataProvider: function(args) {
$.ajax({
url: createURL("listRouters&id=" + args.context.routers[0].id),
dataType: 'json',
async: true,
success: function(json) {
var jsonObj = json.listroutersresponse.router[0].nic;
args.response.success({
actionFilter: routerActionfilter,
data: $.map(jsonObj, function(nic, index) {
var name = 'NIC ' + (index + 1);
if (nic.isdefault) {
name += ' (' + _l('label.default') + ')';
}
return $.extend(nic, {
name: name
});
})
});
}
});
}
}
}
}

2
ui/scripts/ui/widgets/detailView.js
View File

@ -789,7 +789,7 @@
// Set up editable metadata
if(typeof(value.isEditable) == 'function')
$value.data('detail-view-is-editable', value.isEditable());
$value.data('detail-view-is-editable', value.isEditable(context));
else //typeof(value.isEditable) == 'boolean' or 'undefined'
$value.data('detail-view-is-editable', value.isEditable);
if (value.select) {

31
usage/distro/centos/SYSCONFDIR/rc.d/init.d/cloud-usage.in
View File

@ -30,7 +30,7 @@
# specific language governing permissions and limitations
# under the License.
. /lib/lsb/init-functions
. /etc/rc.d/init.d/functions
SHORTNAME="cloud-usage"
PIDFILE=@PIDDIR@/"$SHORTNAME".pid
@ -66,27 +66,26 @@ export CLASSPATH="$SCP:$DCP:$UCP:$JCP:@USAGESYSCONFDIR@"
start() {
if [ -s "$PIDFILE" ] && kill -0 $(cat "$PIDFILE") >/dev/null 2>&1; then
log_daemon_msg "$PROGNAME apparently already running"
log_end_msg 0
echo "$PROGNAME apparently already running"
exit 0
fi
log_daemon_msg "Starting $PROGNAME" "$SHORTNAME"
if hostname --fqdn >/dev/null 2>&1 ; then
true
else
log_failure_msg "The host name does not resolve properly to an IP address. Cannot start $PROGNAME"
log_end_msg 1
echo "The host name does not resolve properly to an IP address. Cannot start $PROGNAME"
exit 1
fi
if start_daemon -p $PIDFILE $DAEMON -cp "$CLASSPATH" -pidfile "$PIDFILE" -user "$USER" -outfile SYSLOG -errfile SYSLOG -Dpid=$$ $CLASS
echo -n "Starting $PROGNAME" "$SHORTNAME"
if start_daemon -p $PIDFILE $DAEMON -cp "$CLASSPATH" -pidfile "$PIDFILE" -user "$USER" -errfile SYSLOG -Dpid=$$ $CLASS
RETVAL=$?
then
rc=0
sleep 1
if ! kill -0 $(cat "$PIDFILE") >/dev/null 2>&1; then
log_failure_msg "$PROG failed to start"
failure
rc=1
fi
else
@ -94,18 +93,24 @@ start() {
fi
if [ $rc -eq 0 ]; then
log_end_msg 0
success
else
log_end_msg 1
failure
rm -f "$PIDFILE"
fi
echo
}
stop() {
log_daemon_msg "Stopping $PROGNAME" "$SHORTNAME"
echo -n "Stopping $PROGNAME" "$SHORTNAME"
killproc -p $PIDFILE $DAEMON
log_end_msg $?
if [ "$?" -eq 0 ]; then
success
else
failure
fi
rm -f "$PIDFILE"
echo
}
case "$1" in
@ -116,7 +121,7 @@ case "$1" in
stop
;;
status)
status_of_proc -p "$PIDFILE" "$PROG" "$SHORTNAME"
status -p $PIDFILE $SHORTNAME
RETVAL=$?
;;
restart | force-reload)

31
usage/distro/fedora/SYSCONFDIR/rc.d/init.d/cloud-usage.in
View File

@ -30,7 +30,7 @@
# specific language governing permissions and limitations
# under the License.
. /lib/lsb/init-functions
. /etc/rc.d/init.d/functions
SHORTNAME="cloud-usage"
PIDFILE=@PIDDIR@/"$SHORTNAME".pid
@ -66,27 +66,26 @@ export CLASSPATH="$SCP:$DCP:$UCP:$JCP:@USAGESYSCONFDIR@"
start() {
if [ -s "$PIDFILE" ] && kill -0 $(cat "$PIDFILE") >/dev/null 2>&1; then
log_daemon_msg "$PROGNAME apparently already running"
log_end_msg 0
echo "$PROGNAME apparently already running"
exit 0
fi
log_daemon_msg "Starting $PROGNAME" "$SHORTNAME"
if hostname --fqdn >/dev/null 2>&1 ; then
true
else
log_failure_msg "The host name does not resolve properly to an IP address. Cannot start $PROGNAME"
log_end_msg 1
echo "The host name does not resolve properly to an IP address. Cannot start $PROGNAME"
exit 1
fi
if start_daemon -p $PIDFILE $DAEMON -cp "$CLASSPATH" -pidfile "$PIDFILE" -user "$USER" -outfile SYSLOG -errfile SYSLOG -Dpid=$$ $CLASS
echo -n "Starting $PROGNAME" "$SHORTNAME"
if start_daemon -p $PIDFILE $DAEMON -cp "$CLASSPATH" -pidfile "$PIDFILE" -user "$USER" -errfile SYSLOG -Dpid=$$ $CLASS
RETVAL=$?
then
rc=0
sleep 1
if ! kill -0 $(cat "$PIDFILE") >/dev/null 2>&1; then
log_failure_msg "$PROG failed to start"
failure
rc=1
fi
else
@ -94,18 +93,24 @@ start() {
fi
if [ $rc -eq 0 ]; then
log_end_msg 0
success
else
log_end_msg 1
failure
rm -f "$PIDFILE"
fi
echo
}
stop() {
log_daemon_msg "Stopping $PROGNAME" "$SHORTNAME"
echo -n "Stopping $PROGNAME" "$SHORTNAME"
killproc -p $PIDFILE $DAEMON
log_end_msg $?
if [ "$?" -eq 0 ]; then
success
else
failure
fi
rm -f "$PIDFILE"
echo
}
case "$1" in
@ -116,7 +121,7 @@ case "$1" in
stop
;;
status)
status_of_proc -p "$PIDFILE" "$PROG" "$SHORTNAME"
status -p $PIDFILE $SHORTNAME
RETVAL=$?
;;
restart | force-reload)

31
usage/distro/rhel/SYSCONFDIR/rc.d/init.d/cloud-usage.in
View File

@ -30,7 +30,7 @@
# specific language governing permissions and limitations
# under the License.
. /lib/lsb/init-functions
. /etc/rc.d/init.d/functions
SHORTNAME="cloud-usage"
PIDFILE=@PIDDIR@/"$SHORTNAME".pid
@ -66,27 +66,26 @@ export CLASSPATH="$SCP:$DCP:$UCP:$JCP:@USAGESYSCONFDIR@"
start() {
if [ -s "$PIDFILE" ] && kill -0 $(cat "$PIDFILE") >/dev/null 2>&1; then
log_daemon_msg "$PROGNAME apparently already running"
log_end_msg 0
echo "$PROGNAME apparently already running"
exit 0
fi
log_daemon_msg "Starting $PROGNAME" "$SHORTNAME"
if hostname --fqdn >/dev/null 2>&1 ; then
true
else
log_failure_msg "The host name does not resolve properly to an IP address. Cannot start $PROGNAME"
log_end_msg 1
echo "The host name does not resolve properly to an IP address. Cannot start $PROGNAME"
exit 1
fi
if start_daemon -p $PIDFILE $DAEMON -cp "$CLASSPATH" -pidfile "$PIDFILE" -user "$USER" -outfile SYSLOG -errfile SYSLOG -Dpid=$$ $CLASS
echo -n "Starting $PROGNAME" "$SHORTNAME"
if start_daemon -p $PIDFILE $DAEMON -cp "$CLASSPATH" -pidfile "$PIDFILE" -user "$USER" -errfile SYSLOG -Dpid=$$ $CLASS
RETVAL=$?
then
rc=0
sleep 1
if ! kill -0 $(cat "$PIDFILE") >/dev/null 2>&1; then
log_failure_msg "$PROG failed to start"
failure
rc=1
fi
else
@ -94,18 +93,24 @@ start() {
fi
if [ $rc -eq 0 ]; then
log_end_msg 0
success
else
log_end_msg 1
failure
rm -f "$PIDFILE"
fi
echo
}
stop() {
log_daemon_msg "Stopping $PROGNAME" "$SHORTNAME"
echo -n "Stopping $PROGNAME" "$SHORTNAME"
killproc -p $PIDFILE $DAEMON
log_end_msg $?
if [ "$?" -eq 0 ]; then
success
else
failure
fi
rm -f "$PIDFILE"
echo
}
case "$1" in
@ -116,7 +121,7 @@ case "$1" in
stop
;;
status)
status_of_proc -p "$PIDFILE" "$PROG" "$SHORTNAME"
status -p $PIDFILE $SHORTNAME
RETVAL=$?
;;
restart | force-reload)