apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-03 04:12:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

vpc documentation

Browse Source
This commit is contained in:
Alex Huang 2012-10-04 21:04:04 -07:00
parent 453acc65fd
commit 7a228261c4
6 changed files with 529 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
docs/en-US/acquire-new-ip-for-vpc.xml Normal file
View File

@ -0,0 +1,73 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="acquire-new-ip-for-vpc">
<title>Acquiring a New IP Address for a VPC</title>
<para>When you acquire an IP address, all IP addresses are allocated to VPC, not to the guest
networks within the VPC. The IPs are associated to the guest network only when the first
port-forwarding, load balancing, or Static NAT rule is created for the IP or the network. IP
can't be associated to more than one network at a time.</para>
<orderedlist>
<listitem>
<para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
</listitem>
<listitem>
<para>In the left navigation, choose Network.</para>
</listitem>
<listitem>
<para>In the Select view, select VPC.</para>
<para>All the VPCs that you have created for the account is listed in the page.</para>
</listitem>
<listitem>
<para>Click the Configure button of the VPC to which you want to deploy the VMs.</para>
<para>The VPC page is displayed where all the tiers you created are listed in a
diagram.</para>
</listitem>
<listitem>
<para>Click the Settings icon.</para>
<para>The following options are displayed.</para>
<itemizedlist>
<listitem>
<para>IP Addresses</para>
</listitem>
<listitem>
<para>Gateways</para>
</listitem>
<listitem>
<para>Site-to-Site VPN</para>
</listitem>
<listitem>
<para>Network ACLs</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Select IP Addresses.</para>
<para>The IP Addresses page is displayed.</para>
</listitem>
<listitem>
<para>Click Acquire New IP, and click Yes in the confirmation dialog.</para>
<para>You are prompted for confirmation because, typically, IP addresses are a limited
resource. Within a few moments, the new IP address should appear with the state Allocated.
You can now use the IP address in port forwarding, load balancing, and static NAT
rules.</para>
</listitem>
</orderedlist>
</section>

123
docs/en-US/add-loadbalancer-rule-vpc.xml Normal file
View File

@ -0,0 +1,123 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="add-loadbalancer-rule-vpc">
<title>Adding Load Balancing Rules on a VPC</title>
<para>A &PRODUCT; user or administrator may create load balancing rules that balance traffic
received at a public IP to one or more VMs that belong to a network tier that provides load
balancing service in a VPC. A user creates a rule, specifies an algorithm, and assigns the rule
to a set of VMs within a VPC.</para>
<orderedlist>
<listitem>
<para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
</listitem>
<listitem>
<para>In the left navigation, choose Network.</para>
</listitem>
<listitem>
<para>In the Select view, select VPC.</para>
<para>All the VPCs that you have created for the account is listed in the page.</para>
</listitem>
<listitem>
<para>Click the Configure button of the VPC to which you want to configure load balancing
rules.</para>
<para>The VPC page is displayed where all the tiers you created are listed in a
diagram.</para>
</listitem>
<listitem>
<para>Click the Settings icon.</para>
<para>The following options are displayed.</para>
<itemizedlist>
<listitem>
<para>IP Addresses</para>
</listitem>
<listitem>
<para>Gateways</para>
</listitem>
<listitem>
<para>Site-to-Site VPN</para>
</listitem>
<listitem>
<para>Network ACLs</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Select IP Addresses.</para>
<para>The IP Addresses page is displayed.</para>
</listitem>
<listitem>
<para>Click the IP address for which you want to create the rule, then click the Configuration
tab.</para>
</listitem>
<listitem>
<para>In the Load Balancing node of the diagram, click View All.</para>
</listitem>
<listitem>
<para>Select the tier to which you want to apply the rule.</para>
<note>
<para>In a VPC, the load balancing service is supported only on a single tier.</para>
</note>
</listitem>
<listitem>
<para>Specify the following:</para>
<itemizedlist>
<listitem>
<para><emphasis role="bold">Name</emphasis>: A name for the load balancer rule.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Public Port</emphasis>: The port that receives the incoming
traffic to be balanced.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Private Port</emphasis>: The port that the VMs will use to
receive the traffic.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Algorithm</emphasis>. Choose the load balancing algorithm you
want &PRODUCT; to use. &PRODUCT; supports the following well-known algorithms:</para>
<itemizedlist>
<listitem>
<para>Round-robin</para>
</listitem>
<listitem>
<para>Least connections</para>
</listitem>
<listitem>
<para>Source</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><emphasis role="bold">Stickiness</emphasis>. (Optional) Click Configure and choose
the algorithm for the stickiness policy. See Sticky Session Policies for Load Balancer
Rules.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Add VMs</emphasis>: Click Add VMs, then select two or more VMs
that will divide the load of incoming traffic, and click Apply.</para>
</listitem>
</itemizedlist>
</listitem>
</orderedlist>
<para>The new load balancing rule appears in the list. You can repeat these steps to add more load
balancing rules for this IP address.</para>
</section>

103
docs/en-US/add-portforward-rule-vpc.xml Normal file
View File

@ -0,0 +1,103 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="add-portforward-vpc">
<title>Adding a Port Forwarding Rule on a VPC</title>
<orderedlist>
<listitem>
<para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
</listitem>
<listitem>
<para>In the left navigation, choose Network.</para>
</listitem>
<listitem>
<para>In the Select view, select VPC.</para>
<para>All the VPCs that you have created for the account is listed in the page.</para>
</listitem>
<listitem>
<para>Click the Configure button of the VPC to which you want to deploy the VMs.</para>
<para>The VPC page is displayed where all the tiers you created are listed in a
diagram.</para>
</listitem>
<listitem>
<para>Click the Settings icon.</para>
<para>The following options are displayed.</para>
<itemizedlist>
<listitem>
<para>IP Addresses</para>
</listitem>
<listitem>
<para>Gateways</para>
</listitem>
<listitem>
<para>Site-to-Site VPN</para>
</listitem>
<listitem>
<para>Network ACLs</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Choose an existing IP address or acquire a new IP address. Click the name of the IP
address in the list.</para>
<para>The IP Addresses page is displayed.</para>
</listitem>
<listitem>
<para>Click the IP address for which you want to create the rule, then click the Configuration
tab.</para>
</listitem>
<listitem>
<para>In the Port Forwarding node of the diagram, click View All.</para>
</listitem>
<listitem>
<para>Select the tier to which you want to apply the rule.</para>
</listitem>
<listitem>
<para>Specify the following:</para>
<itemizedlist>
<listitem>
<para><emphasis role="bold">Public Port</emphasis>: The port to which public traffic will
be addressed on the IP address you acquired in the previous step.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Private Port</emphasis>: The port on which the instance is
listening for forwarded public traffic.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Protocol</emphasis>: The communication protocol in use between
the two ports.</para>
<itemizedlist>
<listitem>
<para>TCP</para>
</listitem>
<listitem>
<para>UDP</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><emphasis role="bold">Add VM</emphasis>: Click Add VM. Select the name of the
instance to which this rule applies, and click Apply.</para>
<para>You can test the rule by opening an ssh session to the instance.</para>
</listitem>
</itemizedlist>
</listitem>
</orderedlist>
</section>

87
docs/en-US/castor-with-cs.xml Normal file
View File

@ -0,0 +1,87 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="castor-with-cs">
<title>Using the CAStor Back-end Storage with &PRODUCT;</title>
<para>This section describes how to use a CAStor cluster as the back-end storage system for a
&PRODUCT; S3 front-end. The CAStor back-end storage for &PRODUCT; extends the existing storage
classes and allows the storage configuration attribute to point to a CAStor cluster.</para>
<para>This feature makes use of the &PRODUCT; server's local disk to spool files before writing
them to CAStor when handling the PUT operations. However, a file must be successfully written
into the CAStor cluster prior to the return of a success code to the S3 client to ensure that
the transaction outcome is correctly reported.</para>
<note>
<para>The S3 multipart file upload is not supported in this release. You are prompted with
proper error message if a multipart upload is attempted.</para>
</note>
<para>To configure CAStor:</para>
<orderedlist>
<listitem>
<para>Install &PRODUCT; 4.0 by following the instructions given in the INSTALL.txt
file.</para>
<note>
<para>You can use the S3 storage system in &PRODUCT; without setting up and installing the
compute components.</para>
</note>
</listitem>
<listitem>
<para>Enable the S3 API by setting "enable.s3.api = true" in the Global parameter section in
the UI and register a user.</para>
<para>For more information, see <ulink
url="https://cwiki.apache.org/CLOUDSTACK/s3-api-in-cloudstack.html">S3 API in
&PRODUCT;</ulink>.</para>
</listitem>
<listitem>
<para>Edit the cloud-bridge.properties file and modify the "storage.root" parameter.</para>
<orderedlist numeration="loweralpha">
<listitem>
<para>Set "storage.root" to the key word "castor".</para>
</listitem>
<listitem>
<para>Specify a CAStor tenant domain to which content is written. If the domain is not
specified, the CAStor default domain, specified by the "cluster" parameter in CAStor's
node.cfg file, will be used.</para>
</listitem>
<listitem>
<para condition="">Specify a list of node IP addresses, or set "zeroconf" and the cluster
name. When using a static IP list with a large cluster, it is not necessary to include
every node, only a few is required to initialize the client software.</para>
<para>For example:</para>
<programlisting>storage.root=castor domain=cloudstack 10.1.1.51 10.1.1.52 10.1.1.53</programlisting>
<para>In this example, the configuration file directs &PRODUCT; to write the S3 files to
CAStor instead of to a file system, where the CAStor domain name is cloudstack, and the
CAStor node IP addresses are those listed.</para>
</listitem>
<listitem>
<para>(Optional) The last value is a port number on which to communicate with the CAStor
cluster. If not specified, the default is 80.</para>
<programlisting>#Static IP list with optional port
storage.root=castor domain=cloudstack 10.1.1.51 10.1.1.52 10.1.1.53 80
#Zeroconf locator for cluster named "castor.example.com"
storage.root=castor domain=cloudstack zeroconf=castor.example.com</programlisting>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para>Create the tenant domain within the CAStor storage cluster. If you omit this step before
attempting to store content, you will get HTTP 412 errors in the awsapi.log.</para>
</listitem>
</orderedlist>
</section>

36
docs/en-US/configure-vpc.xml Normal file
View File

@ -0,0 +1,36 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="configure-vpc">
<title>Configuring a Virtual Private Cloud</title>
<xi:include href="vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="add-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="add-tier.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="configure-acl.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="add-gateway-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="add-vm-to-tier.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="acquire-new-ip-for-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="release-ip-for-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="enable-disable-static-nat-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="add-loadbalancer-rule-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="add-portforward-rule-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="remove-tier.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="remove-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
</section>

107
docs/en-US/inter-vlan-routing.xml Normal file
View File

@ -0,0 +1,107 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="inter-vlan-routing">
<title>About Inter-VLAN Routing</title>
<para>Inter-VLAN Routing is the capability to route network traffic between VLANs. This feature
enables you to build Virtual Private Clouds (VPC), an isolated segment of your cloud, that can
hold multi-tier applications. These tiers are deployed on different VLANs that can communicate
with each other. You provision VLANs to the tiers your create, and VMs can be deployed on
different tiers. The VLANs are connected to a virtual router, which facilitates communication
between the VMs. In effect, you can segment VMs by means of VLANs into different networks that
can host multi-tier applications, such as Web, Application, or Database. Such segmentation by
means of VLANs logically separate application VMs for higher security and lower broadcasts,
while remaining physically connected to the same device.</para>
<para>This feature is supported on XenServer and VMware hypervisors.</para>
<para>The major advantages are:</para>
<itemizedlist>
<listitem>
<para>The administrator can deploy a set of VLANs and allow users to deploy VMs on these
VLANs. A guest VLAN is randomly alloted to an account from a pre-specified set of guest
VLANs. All the VMs of a certain tier of an account reside on the guest VLAN allotted to that
account.</para>
<note>
<para>A VLAN allocated for an account cannot be shared between multiple accounts. </para>
</note>
</listitem>
<listitem>
<para>The administrator can allow users create their own VPC and deploy the application. In
this scenario, the VMs that belong to the account are deployed on the VLANs allotted to that
account.</para>
</listitem>
<listitem>
<para>Both administrators and users can create multiple VPCs. The guest network NIC is plugged
to the VPC virtual router when the first VM is deployed in a tier. </para>
</listitem>
<listitem>
<para>The administrator can create the following gateways to send to or receive traffic from
the VMs:</para>
<itemizedlist>
<listitem>
<para><emphasis role="bold">VPN Gateway</emphasis>: For more information, see <xref
linkend="create-vpn-gateway-for-vpc"/>.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Public Gateway</emphasis>: The public gateway for a VPC is
added to the virtual router when the virtual router is created for VPC. The public
gateway is not exposed to the end users. You are not allowed to list it, nor allowed to
create any static routes.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Private Gateway</emphasis>: For more information, see <xref
linkend="add-gateway-vpc"/>.</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Both administrators and users can create various possible destinations-gateway
combinations. However, only one gateway of each type can be used in a deployment.</para>
<para>For example:</para>
<itemizedlist>
<listitem>
<para><emphasis role="bold">VLANs and Public Gateway</emphasis>: For example, an
application is deployed in the cloud, and the Web application VMs communicate with the
Internet.</para>
</listitem>
<listitem>
<para><emphasis role="bold">VLANs, VPN Gateway, and Public Gateway</emphasis>: For
example, an application is deployed in the cloud; the Web application VMs communicate
with the Internet; and the database VMs communicate with the on-premise devices.</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>The administrator can define Access Control List (ACL) on the virtual router to filter
the traffic among the VLANs or between the Internet and a VLAN. You can define ACL based on
CIDR, port range, protocol, type code (if ICMP protocol is selected) and Ingress/Egress
type.</para>
</listitem>
</itemizedlist>
<para>The following figure shows the possible deployment scenarios of a Inter-VLAN setup:</para>
<mediaobject>
<imageobject>
<imagedata fileref="./images/multi-tier-app.png"/>
</imageobject>
<textobject>
<phrase>mutltier.png: a multi-tier setup.</phrase>
</textobject>
</mediaobject>
<para>To set up a multi-tier Inter-VLAN deployment, see <xref linkend="configure-vpc"/>.</para>
</section>