diff --git a/.asf.yaml b/.asf.yaml new file mode 100644 index 0000000000..a6ab4a8ba6 --- /dev/null +++ b/.asf.yaml @@ -0,0 +1,59 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# https://cwiki.apache.org/confluence/display/INFRA/git+-+.asf.yaml+features +--- +github: + description: "Apache CloudStack is an opensource Infrastructure as a Service (IaaS) cloud computing platform" + homepage: https://cloudstack.apache.org/ + labels: + - iaas + - cloud + - cloudstack + - infrastructure + - java + - python + - kvm + - libvirt + - vsphere + - vmware + - xenserver + - xcp-ng + - orchestration + - virtualization + - virtual-machine + - kubernetes + + features: + wiki: false + issues: false + discussions: false + projects: true + + enabled_merge_buttons: + merge: false + squash: true + rebase: false + + collaborators: + - abh1sar + + protected_branches: ~ + +notifications: + commits: commits@cloudstack.apache.org + pullrequests: commits@cloudstack.apache.org diff --git a/.readthedocs.yaml b/.readthedocs.yaml index 859738cdbc..35a95c185d 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -9,5 +9,8 @@ build: python: "3.11" python: - install: - - requirements: requirements.txt + install: + - requirements: requirements.txt + +sphinx: + configuration: source/conf.py diff --git a/README.rst b/README.rst index 686a01bb98..32f3e50a21 100644 --- a/README.rst +++ b/README.rst @@ -17,7 +17,7 @@ Apache CloudStack ================= -Apache CloudStack is an Apache project, see for +Apache CloudStack is an Apache project - see for more information. @@ -90,7 +90,7 @@ On your computer, follow these steps to setup a local repository for working on .. code:: bash $ git clone https://github.com/YOUR_ACCOUNT/cloudstack-documentation.git - $ cd cloudstack-docs-install + $ cd cloudstack-documentation $ git remote add upstream https://github.com/apache/cloudstack-documentation.git $ git checkout main $ git fetch upstream diff --git a/requirements.txt b/requirements.txt index 97918fbdb8..1dbf927199 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,4 +2,4 @@ docutils==0.20.1 Sphinx==7.2.6 sphinx-rtd-theme==2.0.0 readthedocs-sphinx-ext==2.2.5 -Jinja2==3.1.3 +Jinja2==3.1.5 diff --git a/source/_global.rst b/source/_global.rst index f5819b21da..92bdf8ed8e 100644 --- a/source/_global.rst +++ b/source/_global.rst @@ -25,19 +25,20 @@ .. Latest version systemvm template name -.. |sysvm64-version| replace:: 4.20.0 -.. |sysvm64-name-xen| replace:: systemvm-xenserver-4.20.0-x86_64 -.. |sysvm64-name-kvm| replace:: systemvm-kvm-4.20.0-x86_64 -.. |sysvm64-name-vmware| replace:: systemvm-vmware-4.20.0-x86_64 -.. |sysvm64-name-hyperv| replace:: systemvm-hyperv-4.20.0-x86_64 -.. |sysvm64-name-ovm| replace:: systemvm-ovm-4.20.0-x86_64 +.. |sysvm64-version| replace:: 4.22.0 +.. |sysvm64-name-xen| replace:: systemvm-xenserver-4.22.0-x86_64 +.. |sysvm64-name-kvm| replace:: systemvm-kvm-4.22.0-x86_64 +.. |sysvm64-name-vmware| replace:: systemvm-vmware-4.22.0-x86_64 +.. |sysvm64-name-hyperv| replace:: systemvm-hyperv-4.22.0-x86_64 +.. |sysvm64-name-ovm| replace:: systemvm-ovm-4.22.0-x86_64 .. Latest version systemvm template URL -.. |sysvm64-url-xen| replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.0-x86_64-xen.vhd.bz2 -.. |sysvm64-url-kvm| replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.0-x86_64-kvm.qcow2.bz2 -.. |sysvm64-url-vmware| replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.0-x86_64-vmware.ova -.. |sysvm64-url-hyperv| replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.0-x86_64-hyperv.vhd.zip -.. |sysvm64-url-ovm| replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.0-x86_64-ovm.raw.bz2 +.. |sysvm64-url-xen| replace:: http://download.cloudstack.org/systemvm/4.22/systemvmtemplate-4.22.0-x86_64-xen.vhd.bz2 +.. |sysvm64-url-kvm| replace:: http://download.cloudstack.org/systemvm/4.22/systemvmtemplate-4.22.0-x86_64-kvm.qcow2.bz2 +.. |sysvm64-url-kvm-aarch64| replace:: http://download.cloudstack.org/systemvm/4.22/systemvmtemplate-4.22.0-aarch64-kvm.qcow2.bz2 +.. |sysvm64-url-vmware| replace:: http://download.cloudstack.org/systemvm/4.22/systemvmtemplate-4.22.0-x86_64-vmware.ova +.. |sysvm64-url-hyperv| replace:: http://download.cloudstack.org/systemvm/4.22/systemvmtemplate-4.22.0-x86_64-hyperv.vhd.zip +.. |sysvm64-url-ovm| replace:: http://download.cloudstack.org/systemvm/4.22/systemvmtemplate-4.22.0-x86_64-ovm.raw.bz2 .. Images diff --git a/source/_static/images/B&R-Backup-Offerings.png b/source/_static/images/B&R-Backup-Offerings.png new file mode 100644 index 0000000000..0d6ba4e83c Binary files /dev/null and b/source/_static/images/B&R-Backup-Offerings.png differ diff --git a/source/_static/images/B&R-Backup-Respository.png b/source/_static/images/B&R-Backup-Repository.png similarity index 100% rename from source/_static/images/B&R-Backup-Respository.png rename to source/_static/images/B&R-Backup-Repository.png diff --git a/source/_static/images/B&R-BackupScheduleEntry.png b/source/_static/images/B&R-BackupScheduleEntry.png index 3f5b3392ae..67f73cf85f 100644 Binary files a/source/_static/images/B&R-BackupScheduleEntry.png and b/source/_static/images/B&R-BackupScheduleEntry.png differ diff --git a/source/_static/images/B&R-ConfigureInstance.png b/source/_static/images/B&R-ConfigureInstance.png new file mode 100644 index 0000000000..8712c89943 Binary files /dev/null and b/source/_static/images/B&R-ConfigureInstance.png differ diff --git a/source/_static/images/B&R-CreateInstanceFromBackup.png b/source/_static/images/B&R-CreateInstanceFromBackup.png new file mode 100644 index 0000000000..18ce385683 Binary files /dev/null and b/source/_static/images/B&R-CreateInstanceFromBackup.png differ diff --git a/source/_static/images/B&R-Cross-Zone-Enable-Add.png b/source/_static/images/B&R-Cross-Zone-Enable-Add.png new file mode 100644 index 0000000000..fd50c01038 Binary files /dev/null and b/source/_static/images/B&R-Cross-Zone-Enable-Add.png differ diff --git a/source/_static/images/B&R-Cross-Zone-Select-Zone.png b/source/_static/images/B&R-Cross-Zone-Select-Zone.png new file mode 100644 index 0000000000..efe12598dc Binary files /dev/null and b/source/_static/images/B&R-Cross-Zone-Select-Zone.png differ diff --git a/source/_static/images/CloudStack-shared-network.png b/source/_static/images/CloudStack-shared-network.png new file mode 100644 index 0000000000..cb87b6a59b Binary files /dev/null and b/source/_static/images/CloudStack-shared-network.png differ diff --git a/source/_static/images/MaaS-add-cluster.png b/source/_static/images/MaaS-add-cluster.png new file mode 100644 index 0000000000..51169322cd Binary files /dev/null and b/source/_static/images/MaaS-add-cluster.png differ diff --git a/source/_static/images/MaaS-add-host.png b/source/_static/images/MaaS-add-host.png new file mode 100644 index 0000000000..11d2934f33 Binary files /dev/null and b/source/_static/images/MaaS-add-host.png differ diff --git a/source/_static/images/MaaS-add-reserve-iprange.png b/source/_static/images/MaaS-add-reserve-iprange.png new file mode 100644 index 0000000000..5451cfe282 Binary files /dev/null and b/source/_static/images/MaaS-add-reserve-iprange.png differ diff --git a/source/_static/images/MaaS-add-sshkeypair.png b/source/_static/images/MaaS-add-sshkeypair.png new file mode 100644 index 0000000000..7711104991 Binary files /dev/null and b/source/_static/images/MaaS-add-sshkeypair.png differ diff --git a/source/_static/images/MaaS-add-subnet-1.png b/source/_static/images/MaaS-add-subnet-1.png new file mode 100644 index 0000000000..a58af418e5 Binary files /dev/null and b/source/_static/images/MaaS-add-subnet-1.png differ diff --git a/source/_static/images/MaaS-add-subnet-2.png b/source/_static/images/MaaS-add-subnet-2.png new file mode 100644 index 0000000000..14ceb50fc2 Binary files /dev/null and b/source/_static/images/MaaS-add-subnet-2.png differ diff --git a/source/_static/images/MaaS-add-template.png b/source/_static/images/MaaS-add-template.png new file mode 100644 index 0000000000..28a3b2715f Binary files /dev/null and b/source/_static/images/MaaS-add-template.png differ diff --git a/source/_static/images/MaaS-add-token.png b/source/_static/images/MaaS-add-token.png new file mode 100644 index 0000000000..c1f79504bb Binary files /dev/null and b/source/_static/images/MaaS-add-token.png differ diff --git a/source/_static/images/MaaS-deploy-instance.png b/source/_static/images/MaaS-deploy-instance.png new file mode 100644 index 0000000000..78d3530f40 Binary files /dev/null and b/source/_static/images/MaaS-deploy-instance.png differ diff --git a/source/_static/images/MaaS-disable-dhcp.png b/source/_static/images/MaaS-disable-dhcp.png new file mode 100644 index 0000000000..9fba0e8525 Binary files /dev/null and b/source/_static/images/MaaS-disable-dhcp.png differ diff --git a/source/_static/images/MaaS-enable-dhcp-on-servers.png b/source/_static/images/MaaS-enable-dhcp-on-servers.png new file mode 100644 index 0000000000..07d7345aee Binary files /dev/null and b/source/_static/images/MaaS-enable-dhcp-on-servers.png differ diff --git a/source/_static/images/MaaS-subnet-configuration.png b/source/_static/images/MaaS-subnet-configuration.png new file mode 100644 index 0000000000..3bcf805c06 Binary files /dev/null and b/source/_static/images/MaaS-subnet-configuration.png differ diff --git a/source/_static/images/NASB&R-quiesceInstance.png b/source/_static/images/NASB&R-quiesceInstance.png new file mode 100644 index 0000000000..3ba79e9cba Binary files /dev/null and b/source/_static/images/NASB&R-quiesceInstance.png differ diff --git a/source/_static/images/add-bucket.png b/source/_static/images/add-bucket.png index 988a7e48c0..bfbd1f534e 100644 Binary files a/source/_static/images/add-bucket.png and b/source/_static/images/add-bucket.png differ diff --git a/source/_static/images/add-custom-action.png b/source/_static/images/add-custom-action.png new file mode 100644 index 0000000000..4d8362e377 Binary files /dev/null and b/source/_static/images/add-custom-action.png differ diff --git a/source/_static/images/add-guest-os-category.png b/source/_static/images/add-guest-os-category.png new file mode 100644 index 0000000000..fd2a724d4b Binary files /dev/null and b/source/_static/images/add-guest-os-category.png differ diff --git a/source/_static/images/add-user-popup.png b/source/_static/images/add-user-popup.png new file mode 100644 index 0000000000..cb8c6d671e Binary files /dev/null and b/source/_static/images/add-user-popup.png differ diff --git a/source/_static/images/adding-storage-access-group-on-host.png b/source/_static/images/adding-storage-access-group-on-host.png new file mode 100644 index 0000000000..21915abaca Binary files /dev/null and b/source/_static/images/adding-storage-access-group-on-host.png differ diff --git a/source/_static/images/adding-storage-access-group-on-primary-storage.png b/source/_static/images/adding-storage-access-group-on-primary-storage.png new file mode 100644 index 0000000000..23dbb7bcb6 Binary files /dev/null and b/source/_static/images/adding-storage-access-group-on-primary-storage.png differ diff --git a/source/_static/images/admin-change-password-popup.png b/source/_static/images/admin-change-password-popup.png new file mode 100644 index 0000000000..723dcd3c0c Binary files /dev/null and b/source/_static/images/admin-change-password-popup.png differ diff --git a/source/_static/images/built-in-extensions.png b/source/_static/images/built-in-extensions.png new file mode 100644 index 0000000000..8970333a19 Binary files /dev/null and b/source/_static/images/built-in-extensions.png differ diff --git a/source/_static/images/cks-acquire-publicip.png b/source/_static/images/cks-acquire-publicip.png new file mode 100644 index 0000000000..71831b7b70 Binary files /dev/null and b/source/_static/images/cks-acquire-publicip.png differ diff --git a/source/_static/images/cks-addfirewall.png b/source/_static/images/cks-addfirewall.png new file mode 100644 index 0000000000..585e5c2e46 Binary files /dev/null and b/source/_static/images/cks-addfirewall.png differ diff --git a/source/_static/images/cks-addloadbalancer.png b/source/_static/images/cks-addloadbalancer.png new file mode 100644 index 0000000000..ed2f7b4057 Binary files /dev/null and b/source/_static/images/cks-addloadbalancer.png differ diff --git a/source/_static/images/cks-addnode.png b/source/_static/images/cks-addnode.png new file mode 100644 index 0000000000..cabeced27c Binary files /dev/null and b/source/_static/images/cks-addnode.png differ diff --git a/source/_static/images/cks-cni-configuration-cluster-creation.png b/source/_static/images/cks-cni-configuration-cluster-creation.png new file mode 100644 index 0000000000..c445c79166 Binary files /dev/null and b/source/_static/images/cks-cni-configuration-cluster-creation.png differ diff --git a/source/_static/images/cks-cni-configuration-registration-sample.png b/source/_static/images/cks-cni-configuration-registration-sample.png new file mode 100644 index 0000000000..0ce8a6159d Binary files /dev/null and b/source/_static/images/cks-cni-configuration-registration-sample.png differ diff --git a/source/_static/images/cks-create-cluster-additional-settings.png b/source/_static/images/cks-create-cluster-additional-settings.png new file mode 100644 index 0000000000..5136abd955 Binary files /dev/null and b/source/_static/images/cks-create-cluster-additional-settings.png differ diff --git a/source/_static/images/cks-create-cluster-affinity-groups.png b/source/_static/images/cks-create-cluster-affinity-groups.png new file mode 100644 index 0000000000..469e7a250a Binary files /dev/null and b/source/_static/images/cks-create-cluster-affinity-groups.png differ diff --git a/source/_static/images/cks-csi-integration.png b/source/_static/images/cks-csi-integration.png new file mode 100644 index 0000000000..d72fe3bcd0 Binary files /dev/null and b/source/_static/images/cks-csi-integration.png differ diff --git a/source/_static/images/cks-csi-pods.png b/source/_static/images/cks-csi-pods.png new file mode 100644 index 0000000000..f6d54f8d2f Binary files /dev/null and b/source/_static/images/cks-csi-pods.png differ diff --git a/source/_static/images/cks-custom-template-registration.png b/source/_static/images/cks-custom-template-registration.png new file mode 100644 index 0000000000..72ff75fc05 Binary files /dev/null and b/source/_static/images/cks-custom-template-registration.png differ diff --git a/source/_static/images/clone-icon.png b/source/_static/images/clone-icon.png new file mode 100644 index 0000000000..3ab22055f6 Binary files /dev/null and b/source/_static/images/clone-icon.png differ diff --git a/source/_static/images/compute_offering_dailog_with_lease.png b/source/_static/images/compute_offering_dailog_with_lease.png new file mode 100644 index 0000000000..bf5417c06c Binary files /dev/null and b/source/_static/images/compute_offering_dailog_with_lease.png differ diff --git a/source/_static/images/create-extension.png b/source/_static/images/create-extension.png new file mode 100644 index 0000000000..166d32aa2a Binary files /dev/null and b/source/_static/images/create-extension.png differ diff --git a/source/_static/images/deploy_instance_advanced_lease.png b/source/_static/images/deploy_instance_advanced_lease.png new file mode 100644 index 0000000000..8949961d71 Binary files /dev/null and b/source/_static/images/deploy_instance_advanced_lease.png differ diff --git a/source/_static/images/deploy_instance_lease_offering.png b/source/_static/images/deploy_instance_lease_offering.png new file mode 100644 index 0000000000..ac56d0805c Binary files /dev/null and b/source/_static/images/deploy_instance_lease_offering.png differ diff --git a/source/_static/images/deployvm_userdata.png b/source/_static/images/deployvm_userdata.png index bcc249d59d..e26c20b698 100644 Binary files a/source/_static/images/deployvm_userdata.png and b/source/_static/images/deployvm_userdata.png differ diff --git a/source/_static/images/deployvm_userdata_with_variables.png b/source/_static/images/deployvm_userdata_with_variables.png index 59089c1cdd..eca47336a5 100644 Binary files a/source/_static/images/deployvm_userdata_with_variables.png and b/source/_static/images/deployvm_userdata_with_variables.png differ diff --git a/source/_static/images/edit-user-api-key-access.png b/source/_static/images/edit-user-api-key-access.png new file mode 100644 index 0000000000..e36d6400d7 Binary files /dev/null and b/source/_static/images/edit-user-api-key-access.png differ diff --git a/source/_static/images/edit_instance_lease.png b/source/_static/images/edit_instance_lease.png new file mode 100644 index 0000000000..d406cb96e0 Binary files /dev/null and b/source/_static/images/edit_instance_lease.png differ diff --git a/source/_static/images/extension.png b/source/_static/images/extension.png new file mode 100644 index 0000000000..d72c2c9ebd Binary files /dev/null and b/source/_static/images/extension.png differ diff --git a/source/_static/images/extensions.png b/source/_static/images/extensions.png new file mode 100644 index 0000000000..36ada99d89 Binary files /dev/null and b/source/_static/images/extensions.png differ diff --git a/source/_static/images/filter-user-api-key-access.png b/source/_static/images/filter-user-api-key-access.png new file mode 100644 index 0000000000..d474527a47 Binary files /dev/null and b/source/_static/images/filter-user-api-key-access.png differ diff --git a/source/_static/images/force-password-change-login.png b/source/_static/images/force-password-change-login.png new file mode 100644 index 0000000000..7ad2da89f4 Binary files /dev/null and b/source/_static/images/force-password-change-login.png differ diff --git a/source/_static/images/force-password-reset-quick-action.png b/source/_static/images/force-password-reset-quick-action.png new file mode 100644 index 0000000000..2618322e7c Binary files /dev/null and b/source/_static/images/force-password-reset-quick-action.png differ diff --git a/source/_static/images/guest-os-categories.png b/source/_static/images/guest-os-categories.png new file mode 100644 index 0000000000..3bb567cf68 Binary files /dev/null and b/source/_static/images/guest-os-categories.png differ diff --git a/source/_static/images/hyperv-add-cluster.png b/source/_static/images/hyperv-add-cluster.png new file mode 100644 index 0000000000..c1840cd986 Binary files /dev/null and b/source/_static/images/hyperv-add-cluster.png differ diff --git a/source/_static/images/hyperv-add-host.png b/source/_static/images/hyperv-add-host.png new file mode 100644 index 0000000000..4fb1ca717a Binary files /dev/null and b/source/_static/images/hyperv-add-host.png differ diff --git a/source/_static/images/hyperv-add-iso.png b/source/_static/images/hyperv-add-iso.png new file mode 100644 index 0000000000..1f793b1200 Binary files /dev/null and b/source/_static/images/hyperv-add-iso.png differ diff --git a/source/_static/images/hyperv-add-template.png b/source/_static/images/hyperv-add-template.png new file mode 100644 index 0000000000..8cd7360ceb Binary files /dev/null and b/source/_static/images/hyperv-add-template.png differ diff --git a/source/_static/images/netris-isolation-method.png b/source/_static/images/netris-isolation-method.png new file mode 100644 index 0000000000..167544f888 Binary files /dev/null and b/source/_static/images/netris-isolation-method.png differ diff --git a/source/_static/images/netris-provider-config.png b/source/_static/images/netris-provider-config.png new file mode 100644 index 0000000000..33caa93785 Binary files /dev/null and b/source/_static/images/netris-provider-config.png differ diff --git a/source/_static/images/netris-public-ip-pool.png b/source/_static/images/netris-public-ip-pool.png new file mode 100644 index 0000000000..bf1f4e4c06 Binary files /dev/null and b/source/_static/images/netris-public-ip-pool.png differ diff --git a/source/_static/images/netris-sysvm-vr-ip-range.png b/source/_static/images/netris-sysvm-vr-ip-range.png new file mode 100644 index 0000000000..0c6d8ec701 Binary files /dev/null and b/source/_static/images/netris-sysvm-vr-ip-range.png differ diff --git a/source/_static/images/netris-vxlan-range.png b/source/_static/images/netris-vxlan-range.png new file mode 100644 index 0000000000..c5d71331f1 Binary files /dev/null and b/source/_static/images/netris-vxlan-range.png differ diff --git a/source/_static/images/oauth-provider-registration.png b/source/_static/images/oauth-provider-registration.png new file mode 100644 index 0000000000..81cc5c77d0 Binary files /dev/null and b/source/_static/images/oauth-provider-registration.png differ diff --git a/source/_static/images/proxmox-add-cluster.png b/source/_static/images/proxmox-add-cluster.png new file mode 100644 index 0000000000..53e91bf890 Binary files /dev/null and b/source/_static/images/proxmox-add-cluster.png differ diff --git a/source/_static/images/proxmox-add-host.png b/source/_static/images/proxmox-add-host.png new file mode 100644 index 0000000000..f251ab3b7c Binary files /dev/null and b/source/_static/images/proxmox-add-host.png differ diff --git a/source/_static/images/proxmox-add-iso.png b/source/_static/images/proxmox-add-iso.png new file mode 100644 index 0000000000..219f89c164 Binary files /dev/null and b/source/_static/images/proxmox-add-iso.png differ diff --git a/source/_static/images/proxmox-add-template.png b/source/_static/images/proxmox-add-template.png new file mode 100644 index 0000000000..dc14d1ef39 Binary files /dev/null and b/source/_static/images/proxmox-add-template.png differ diff --git a/source/_static/images/proxmox-add-token.png b/source/_static/images/proxmox-add-token.png new file mode 100644 index 0000000000..313394c527 Binary files /dev/null and b/source/_static/images/proxmox-add-token.png differ diff --git a/source/_static/images/proxmox-api-token-permission.png b/source/_static/images/proxmox-api-token-permission.png new file mode 100644 index 0000000000..e9a77e3a28 Binary files /dev/null and b/source/_static/images/proxmox-api-token-permission.png differ diff --git a/source/_static/images/proxmox-deploy-instance.png b/source/_static/images/proxmox-deploy-instance.png new file mode 100644 index 0000000000..78a067bb0e Binary files /dev/null and b/source/_static/images/proxmox-deploy-instance.png differ diff --git a/source/_static/images/register_userdata.png b/source/_static/images/register_userdata.png index 8ac4fcccb4..43ca382cc9 100644 Binary files a/source/_static/images/register_userdata.png and b/source/_static/images/register_userdata.png differ diff --git a/source/_static/images/register_userdata_with_variables.png b/source/_static/images/register_userdata_with_variables.png index 463baac3e5..9a53515cdd 100644 Binary files a/source/_static/images/register_userdata_with_variables.png and b/source/_static/images/register_userdata_with_variables.png differ diff --git a/source/_static/images/run-custom-action-instance.png b/source/_static/images/run-custom-action-instance.png new file mode 100644 index 0000000000..9da4e9e545 Binary files /dev/null and b/source/_static/images/run-custom-action-instance.png differ diff --git a/source/_static/images/run-custom-action.png b/source/_static/images/run-custom-action.png new file mode 100644 index 0000000000..ae7a10c14c Binary files /dev/null and b/source/_static/images/run-custom-action.png differ diff --git a/source/_static/images/ssl-certificate-account.png b/source/_static/images/ssl-certificate-account.png new file mode 100644 index 0000000000..78e2dc018f Binary files /dev/null and b/source/_static/images/ssl-certificate-account.png differ diff --git a/source/_static/images/ssl-certificate-list.png b/source/_static/images/ssl-certificate-list.png new file mode 100644 index 0000000000..5aa3fe74c1 Binary files /dev/null and b/source/_static/images/ssl-certificate-list.png differ diff --git a/source/_static/images/ssl-certificate-new-lb-rule-select.png b/source/_static/images/ssl-certificate-new-lb-rule-select.png new file mode 100644 index 0000000000..682a96172c Binary files /dev/null and b/source/_static/images/ssl-certificate-new-lb-rule-select.png differ diff --git a/source/_static/images/ssl-certificate-new-lb-rule.png b/source/_static/images/ssl-certificate-new-lb-rule.png new file mode 100644 index 0000000000..7dd5043744 Binary files /dev/null and b/source/_static/images/ssl-certificate-new-lb-rule.png differ diff --git a/source/_static/images/ssl-certificate-project.png b/source/_static/images/ssl-certificate-project.png new file mode 100644 index 0000000000..ff97b318ac Binary files /dev/null and b/source/_static/images/ssl-certificate-project.png differ diff --git a/source/_static/images/ssl-certificate-update-lb-rule-protocol.png b/source/_static/images/ssl-certificate-update-lb-rule-protocol.png new file mode 100644 index 0000000000..e6637e57c9 Binary files /dev/null and b/source/_static/images/ssl-certificate-update-lb-rule-protocol.png differ diff --git a/source/_static/images/ssl-certificate-update-lb-rule-ssl-cert.png b/source/_static/images/ssl-certificate-update-lb-rule-ssl-cert.png new file mode 100644 index 0000000000..183c89ee8a Binary files /dev/null and b/source/_static/images/ssl-certificate-update-lb-rule-ssl-cert.png differ diff --git a/source/_static/images/ssl-certificate-upload.png b/source/_static/images/ssl-certificate-upload.png new file mode 100644 index 0000000000..52eef23423 Binary files /dev/null and b/source/_static/images/ssl-certificate-upload.png differ diff --git a/source/_static/images/ui-announcement-banner.png b/source/_static/images/ui-announcement-banner.png new file mode 100644 index 0000000000..fc687f3fe0 Binary files /dev/null and b/source/_static/images/ui-announcement-banner.png differ diff --git a/source/_static/images/ui-legacy-image-selection.png b/source/_static/images/ui-legacy-image-selection.png new file mode 100644 index 0000000000..828800a990 Binary files /dev/null and b/source/_static/images/ui-legacy-image-selection.png differ diff --git a/source/_static/images/ui-login-project-view.png b/source/_static/images/ui-login-project-view.png new file mode 100644 index 0000000000..49299ffd4f Binary files /dev/null and b/source/_static/images/ui-login-project-view.png differ diff --git a/source/_static/images/ui-modern-image-selection.png b/source/_static/images/ui-modern-image-selection.png new file mode 100644 index 0000000000..2fe012593a Binary files /dev/null and b/source/_static/images/ui-modern-image-selection.png differ diff --git a/source/_static/images/user-change-password-popup.png b/source/_static/images/user-change-password-popup.png new file mode 100644 index 0000000000..1f392195c9 Binary files /dev/null and b/source/_static/images/user-change-password-popup.png differ diff --git a/source/_static/images/userdata_template_link.png b/source/_static/images/userdata_template_link.png index 5138393ee8..1db5005461 100644 Binary files a/source/_static/images/userdata_template_link.png and b/source/_static/images/userdata_template_link.png differ diff --git a/source/_static/images/vm-settings-kvm-guest-cpu-model.png b/source/_static/images/vm-settings-kvm-guest-cpu-model.png new file mode 100644 index 0000000000..f2f69b4b78 Binary files /dev/null and b/source/_static/images/vm-settings-kvm-guest-cpu-model.png differ diff --git a/source/_static/images/vm-settings-uefi-secure.png b/source/_static/images/vm-settings-uefi-secure.png new file mode 100644 index 0000000000..6e5e4e4810 Binary files /dev/null and b/source/_static/images/vm-settings-uefi-secure.png differ diff --git a/source/_static/images/vm-settings-virtual-tpm-enabled-vmware.png b/source/_static/images/vm-settings-virtual-tpm-enabled-vmware.png new file mode 100644 index 0000000000..7f8d4fe2b0 Binary files /dev/null and b/source/_static/images/vm-settings-virtual-tpm-enabled-vmware.png differ diff --git a/source/_static/images/vm-settings-virtual-tpm-model-kvm.png b/source/_static/images/vm-settings-virtual-tpm-model-kvm.png new file mode 100644 index 0000000000..9075eb57b8 Binary files /dev/null and b/source/_static/images/vm-settings-virtual-tpm-model-kvm.png differ diff --git a/source/_static/images/vm-settings-virtual-tpm-version-kvm.png b/source/_static/images/vm-settings-virtual-tpm-version-kvm.png new file mode 100644 index 0000000000..64bbaba46f Binary files /dev/null and b/source/_static/images/vm-settings-virtual-tpm-version-kvm.png differ diff --git a/source/_static/images/vmware-increase-ports.png b/source/_static/images/vmware-increase-ports.png index fe96815326..013fab1dd6 100644 Binary files a/source/_static/images/vmware-increase-ports.png and b/source/_static/images/vmware-increase-ports.png differ diff --git a/source/_static/images/vmware-nexus-add-cluster.png b/source/_static/images/vmware-nexus-add-cluster.png index 7c1dd73f77..9ba38716df 100644 Binary files a/source/_static/images/vmware-nexus-add-cluster.png and b/source/_static/images/vmware-nexus-add-cluster.png differ diff --git a/source/_static/images/vmware-physical-network.png b/source/_static/images/vmware-physical-network.png index a7495c77b1..d2d287fc53 100644 Binary files a/source/_static/images/vmware-physical-network.png and b/source/_static/images/vmware-physical-network.png differ diff --git a/source/_static/images/zone-kvm-register-template.png b/source/_static/images/zone-kvm-register-template.png new file mode 100644 index 0000000000..62948349bd Binary files /dev/null and b/source/_static/images/zone-kvm-register-template.png differ diff --git a/source/_static/images/zone-register-templates.png b/source/_static/images/zone-register-templates.png new file mode 100644 index 0000000000..438da7befb Binary files /dev/null and b/source/_static/images/zone-register-templates.png differ diff --git a/source/adminguide/accounts.rst b/source/adminguide/accounts.rst index 7f65c1b7cc..b70515c0e9 100644 --- a/source/adminguide/accounts.rst +++ b/source/adminguide/accounts.rst @@ -49,6 +49,8 @@ Beside the Root Administrator type of Account (available in the root domain only of Accounts can be created for each domain: Domain Administrator and User. +.. _users: + Users ~~~~~ @@ -481,37 +483,77 @@ to be applied through the API call described above. In addition to those shown in the example script above, the following -configuration items can be configured (the default values are for -openldap) - -- ``ldap.basedn``: Sets the basedn for LDAP. Ex: **OU=APAC,DC=company,DC=com** +configuration items can be configured on a Global or on a per Domain level (the default values are for +OpenLDAP) -- ``ldap.bind.principal``, ``ldap.bind.password``: DN and password for a User - who can list all the Users in the above basedn. Ex: - **CN=Administrator, OU=APAC, DC=company, DC=com** +.. list-table:: LDAP Settings + :header-rows: 1 -- ``ldap.user.object``: object type of Users within LDAP. Defaults value is - **user** for AD and **interorgperson** for openldap. + * - Setting + - OpenLDAP + - Active Directory + - Description + * - ``ldap.basedn`` + - `Ex: OU=APAC, DC=company, DC=com` + - `Ex: DC=company, DC=com` + - Sets the basedn for LDAP. + * - ``ldap.search.group.principle`` + - `Ex: CN=ACSGroup, DC=company, DC=com` + - `Ex: CN=ACSGroup, CN=Users, DC=company, DC=com` + - (optional) if set only Users from this group are listed. + * - ``ldap.bind.principal`` + - `Ex: CN=ACSServiceAccount, OU=APAC, DC=company, DC=com` + - `Ex: CN=ACSServiceAccount, CN=Users, DC=company, DC=com` + - Service account that can list all the Users in the above basedn. Avoid using privileged account such as Administrator. + * - ``ldap.bind.password`` + - `******************` + - `******************` + - Password for a DN User. Is entered in plain text but gets stored encrypted. + * - ``ldap.user.object`` + - `interorgperson` + - `user` + - Object type of Users within LDAP. + * - ``ldap.email.attribute`` + - `mail` + - `mail` + - Email attribute within ldap for a User. + * - ``ldap.firstname.attribute`` + - `givenname` + - `givenname` + - firstname attribute within ldap for a User. + * - ``ldap.lastname.attribute`` + - `sn` + - `sn` + - lastname attribute within ldap for a User. + * - ``ldap.group.object`` + - `groupOfUniqueNames` + - `groupOfUniqueNames` + - Object type of groups within LDAP. + * - ``ldap.group.user.uniquemember`` + - `uniquemember` + - `uniquemember` + - Attribute for uniquemembers within a group. + + .. note:: ``ldap.search.group.principle`` is required when using ``linkaccounttoldap``. + +Once configured, on Add Account page, you will see an "Add LDAP Account" button which opens a dialog and the selected Users can be imported. -- ``ldap.email.attribute``: email attribute within ldap for a User. Default - value for AD and openldap is **mail**. +.. figure:: /_static/images/CloudStack-ldap-screen1.png + :align: center -- ``ldap.firstname.attribute``: firstname attribute within ldap for a User. - Default value for AD and openldap is **givenname**. -- ``ldap.lastname.attribute``: lastname attribute within ldap for a User. - Default value for AD and openldap is **sn**. +You could also use api commands: +``listLdapUsers``, to list Users in LDAP that could or would be imported in CloudStack +``ldapCreateAccount``, to manually create a User in a specific Account +``importLdapUsers``, to batch import Users from LDAP -- ``ldap.username.attribute``: username attribute for a User within LDAP. - Default value is **SAMAccountName** for AD and **uid** for openldap. +Once LDAP is enabled, the Users will not be allowed to changed password +directly in CloudStack. -Restricting LDAP Users to a group: -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- ``ldap.search.group.principle``: this is optional and if set only Users from - this group are listed. + .. note:: this is required when using ``linkaccounttoldap``. LDAP SSL: ~~~~~~~~~ @@ -524,30 +566,6 @@ You will need to know the path to the keystore and the password. - ``ldap.truststore.password`` : truststore password -LDAP groups: -~~~~~~~~~~~~ - -- ``ldap.group.object``: object type of groups within LDAP. Default value is - group for AD and **groupOfUniqueNames** for openldap. - -- ``ldap.group.user.uniquemember``: attribute for uniquemembers within a group. - Default value is **member** for AD and **uniquemember** for openldap. - -Once configured, on Add Account page, you will see an "Add LDAP Account" button -which opens a dialog and the selected Users can be imported. - -.. figure:: /_static/images/CloudStack-ldap-screen1.png - :align: center - - -You could also use api commands: -``listLdapUsers``, to list Users in LDAP that could or would be imported in CloudStack -``ldapCreateAccount``, to manually create a User in a specific Account -``importLdapUsers``, to batch import Users from LDAP - -Once LDAP is enabled, the Users will not be allowed to changed password -directly in CloudStack. - .. |button to dedicate a zone, pod,cluster, or host| image:: /_static/images/dedicate-resource-button.png Using a SAML 2.0 Identity Provider for User Authentication @@ -676,16 +694,11 @@ For GitHub, please follow the instructions mentioned here `"Setting up OAuth 2.0 In any OAuth 2.0 configuration admin has to use the redirect URI "http://:/#/verifyOauth" .. Note:: [Google OAuth 2.0 redirect URI] : - Google OAuth 2.0 configuration wont accept '#' in the URI, please use "http://:/?verifyOauth" + Google OAuth 2.0 configuration won't accept '#' in the URI, please use "http://:/?verifyOauth" Google does not accept direct IP address in the redirect URI, it must be a domain. As a workaround one can add the management server IP to host table in the local system and assign a domain, something like "management.cloud". In that redirect URI looks like "http://management.cloud:8080/?verifyOauth" -.. image:: /_static/images/oauth-provider-registration.png - :width: 400px - :align: center - :alt: OAuth provider registration - Following are the details needs to be provided to register the OAuth provider, this is to call the API "registerOauthProvider" - **Provider**: Name of the provider from the list of OAuth providers supported in CloudStack @@ -698,6 +711,11 @@ Following are the details needs to be provided to register the OAuth provider, t - **Secret Key**: Secret Key pre-registered in the specific OAuth provider +.. image:: /_static/images/oauth-provider-registration.png + :width: 400px + :align: center + :alt: OAuth provider registration + Cloudmonkey API call looks like - register oauthprovider provider=google description="Google Provider" @@ -884,3 +902,194 @@ password for a user: .. figure:: /_static/images/reset-password.png :align: center + +Add Users +------------ +CloudStack allows administrators to create :ref:`users` within an Account. +Users represent individual identities that can access CloudStack +resources based on their assigned roles and permissions. + +Who can add Users +~~~~~~~~~~~~~~~~~~ + +The following administrators can create Users: + +- Root Administrators – across all domains and accounts +- Domain Administrators – within their domain hierarchy + +**UI Flow:** + +#. Navigate to **Accounts → Users**. +#. Click **Add User**. +#. Fill in the User details, including the initial password. +#. (Optional) Enable **User must change password at next login**. +#. Add the User. + +.. figure:: /_static/images/add-user-popup.png + :align: center + :alt: Add user by administrator + :width: 400px + +If password change is enforced during User creation, the User is prompted to +change the password on first login. +See :ref:`user-login-flow-enforced-password-change`. + + +Password Change for Users +------------------------- +CloudStack allows User passwords to be changed either by the User +themselves or by an administrator. Password changes may be performed +voluntarily or as part of an administrative action. + +User-initiated password changes +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Users can change their own password at any time after successfully +logging in to the CloudStack UI. + +**UI Flow:** + +#. Log in to the CloudStack UI. +#. Click the User profile menu. +#. Select **Change Password**. +#. Enter the current password. +#. Enter and confirm the new password. +#. Submit the change. + +.. figure:: /_static/images/user-change-password-popup.png + :align: center + :alt: User changing their own password + :width: 400px + +Administrator-initiated password changes +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Root and Domain Admins can change User's password when required, for example +during account recovery or administrative maintenance. + +**UI Flow:** + +#. Navigate to **Accounts → Users**. +#. Open the required User details page. +#. Select **Change Password**. +#. (Optional) Enable **User must change password at next login**. +#. Change the password. + +.. figure:: /_static/images/admin-change-password-popup.png + :align: center + :alt: Change user password by administrator + :width: 400px + +When password change is selected, the User must change the temporary password on the +next login. See :ref:`user-login-flow-enforced-password-change`. + + +Force Password Reset for Users (Quick Action) +----------------------------------------------- +CloudStack allows administrators to enforce a password change +**without modifying the current password**. + +**UI Flow:** + +#. Navigate to **Accounts → Users**. +#. Open the required User details page. +#. Click **Force password reset** from the actions menu. +#. Confirm the action. + +.. figure:: /_static/images/force-password-reset-quick-action.png + :align: center + :alt: Force password reset using quick action + +.. raw:: html + +
+ +.. _user-login-flow-enforced-password-change: +User login flow for enforced password change +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +When password change is enforced, the User login flow is as follows: + +#. The User enters username, domain, and password. +#. Authentication succeeds. +#. The User is redirected to the **Change Password** page. +#. The User must set a new password that complies with configured + password policies. +#. Until the password is changed, no other UI actions or API operations are permitted. +#. Upon successful password update, normal access is granted. + +.. figure:: /_static/images/force-password-change-login.png + :align: center + :alt: User prompted to change password after login + :width: 400px + +Using API Key and Secret Key based Authentication +------------------------------------------------- +Users can generate API key and Secret key to directly access CloudStack APIs. +This authentication method is used for programmatically calling CloudStack APIs and thus helps in automation. +The API key uniquely identifies the Account, while the Secret key is used to generate a secure signature. +When making an API call, the API key and signature are included along with the command and other parameters, +and sent to the CloudStack API endpoint. For detailed information, refer to the CloudStack's Programmer Guide. + +Disabling Api Key and Secret Key based Access +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Root Administrators may choose to Disable Api key based access for certain Users, Accounts or Domains. +Or the Administrator may choose to Disable Api Key based access globally and allow only for certain users. +This could be particularly useful in cases where external authorization mechanisms like LDAP, SAML or OAuth2 are used, +as then Api key based authorization is the only means for automation. +This gives control to the Admin over who is allowed to run automation. + +Api key based access is enabled by default but it can be disabled (or enabled) at different granularities: + +1. Users + +Setting for a User can be changed through the Api Key Access field in the Edit User form, visible only to the Root Administrator. +Three values are possible: Disable, Enable and Inherit. Inherit means that the User will inherit whatever value is set for the Account. + + .. figure:: /_static/images/edit-user-api-key-access.png + :align: center + +Admins can also search for Users having the required Api key access value using the User list view search filter. + + .. figure:: /_static/images/filter-user-api-key-access.png + :align: center + +2. Accounts + +Similar to Users, Api Key Access field is present in the Edit Account Form and the Account list view search filter, only for the Root Administrator. +If the value is set to Inherit, it means that Account will inherit whatever value is set for the Domain. + +3. Domains + +Api Key Access at Domain level is controlled by the Domain level setting "api.key.access". If the Domain level +configuration is not set, then similar to other configurations it will consult the global value. + +4. Global + +The global value of the configuration setting "api.key.access" is set to 'True' by default. So Api Key Access at +all levels is enabled by default. If the global value is changed to 'False' without setting any of the lower levels, +then Api Key Access will be disabled for all Users. + +Order of Precedence +^^^^^^^^^^^^^^^^^^^ +The local value always takes precedence over the global value. So if Api key access is disabled for a User but +enabled for an Account, the User authorisation will still fail. Only if the User's Api key access is set to +'Inherit', the Account's Api Key Access value is considered. +Similarly if Account's Api Key Access is set to 'Inherit', only then the Domain level setting is considered, +And only if the Domain level configuration is not set, the Global configuration is considered. + +Examples +^^^^^^^^ + +#. Disallow Api key access for all Accounts and Users in a Domain. + + #. Leave all User and Account level Api Key Access values to the default 'Inherit'. + #. Set the Domain level setting "api.key.access" to False only for the required domain. + +#. Disallow Api key access for some Users, but allowed globally. + + #. Set the User level permission to ‘Disabled’ only for the required Users. + #. All upper level permissions should either be Inherit or Enabled. + +#. Allow Api key access to some Users, but disallowed globally. + + #. Set User level permission to ‘Enabled’ only for the required Users. + #. All upper level permissions should either be Inherit or Disabled. diff --git a/source/adminguide/api.rst b/source/adminguide/api.rst index b4139a8391..d0a269b30b 100644 --- a/source/adminguide/api.rst +++ b/source/adminguide/api.rst @@ -12,7 +12,7 @@ KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - + The CloudStack API is a low level API that has been used to implement the CloudStack web UIs. It is also a good basis for implementing other @@ -46,30 +46,33 @@ Authentication. User Data and Meta Data ~~~~~~~~~~~~~~~~~~~~~~~ -The user-data service on a Shared or Isolated Network can be provided through the +The User Data service on a Shared or Isolated Network can be provided through the Virtual Router or through an attached iso called the Config drive. User Data and Meta Data Via Virtual Router ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -CloudStack provides API access to attach up to 32KB of user data to a +CloudStack provides API access to attach up to 32KB of User Data to a deployed Instance. Deployed Instances also have access to metadata via the virtual router. -User data can be accessed once the IP address of the virtual router is +User Data can be accessed once the IP address of the virtual router is known. Once the IP address is known, use the following steps to access -the user data: +the User Data: #. Run the following command to find the virtual router. .. code:: bash + # cat /var/lib/dhclient/dhclient-eth0.leases | grep dhcp-server-identifier | tail -1 -#. Access user data by running the following command using the result of +#. Access User Data by running the following command using the result of the above command .. code:: bash + # curl http://10.1.1.1/latest/user-data + Meta Data can be accessed similarly, using a URL of the form http://10.1.1.1/latest/meta-data/{metadata type}. (For backwards compatibility, the previous URL http://10.1.1.1/latest/{metadata type} @@ -94,15 +97,15 @@ User Data and Meta Data via Config Drive ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Config drive is an ISO file that is mounted as a cd-rom on a user Instance and -contains related userdata, metadata (incl. ssh-keys) and +contains related User Data, metadata (incl. ssh-keys) and password files. Enable config drive ~~~~~~~~~~~~~~~~~~~ To use the config drive the Network offering must have the “ConfigDrive” -provider selected for the userdata service. +provider selected for the User Data service. -If the networkoffering uses ConfigDrive for userdata and the Template is +If the networkoffering uses ConfigDrive for User Data and the Template is password enabled, the password string for the Instance is placed in the vm_password.txt file and it is included in the ISO. @@ -113,13 +116,13 @@ user Instance, such that any other ISO image (e.g. boot image or vmware tools) is mounted on 1st cd/dvd drive. This means existing functionality of supporting 1 cd rom drive is still available. -At password reset or update of user data, the Config Drive ISO +At password reset or update of User Data, the Config Drive ISO will be rebuilt. The existing ISO is mounted on a temporary directory, -password, userdata or ssh-keys are updated and a new ISO is built from the +password, User Data or ssh-keys are updated and a new ISO is built from the updated directory structure. In case of a password reset, the new password will be picked-up at Instance start. -To access the updated userdata, the user needs to remount the config drive ISO. +To access the updated User Data, the user needs to remount the config drive ISO. When an Instance is stopped, the ConfigDrive network element will trigger the Secondary Storage VM to remove the ISO from the secondary storage. @@ -177,6 +180,29 @@ VMdata - a list of String arrays representing [“directory”, “filename”, - default: config-2 +Virtual machine password via ConfigDrive +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The ConfigDrive metadata provider delivers the virtual machine password simultaneously in two variants, leaving which one to use to the user discretion: + +1. As the ``/cloudstack/password/vm_password.txt`` file. + +This file is intended to be used by an external script that runs inside the virtual machine every boot, and changes the password if needed. +The init-script that implements this functionality can be found in the `Cloudstack source `_. + +.. note:: + The ``vm_password.txt`` file is not compatible with cloud-init password module, so the cloud-init will ignore it. + It is up to Cloudstack administrator to include the script processing it in the virtual machines and/or their templates. + +2. As the ``/openstack/latest/vendor_data.json``. +This is a standard password location supported by cloud-init's both ConfigDrive datasource and the password module. +Therefore, this variant allows using cloud-init as the only tool for provisioning a virtual machine, without using external scripts. + +.. warning:: + Cloud-init password module is designed to only perform the initial virtual machine password setup. + It will ignore the changes in ``vendor_data.json`` after the first run. Therefore, resetting the virtual machine password from Cloudstack will not work with this variant. + + For more detailed information about the Config Drive implementation refer to the `Wiki Article `_ diff --git a/source/adminguide/autoscale_with_virtual_router.rst b/source/adminguide/autoscale_with_virtual_router.rst index 7e7be108f8..4370fec387 100644 --- a/source/adminguide/autoscale_with_virtual_router.rst +++ b/source/adminguide/autoscale_with_virtual_router.rst @@ -170,10 +170,10 @@ Specify the following: For more information, see `“Affinity Groups” `_. -- Userdata: The userdata of the Instances. +- User Data: The User Data of the Instances. - For more information, see `“User-Data and Meta-Data” - `_. + For more information, see `“User Data and Metadata” + `_. AutoScale Policies @@ -287,7 +287,7 @@ then click Edit AutoScale Instance Profile button. |autoscale-vmgroup-profile-update.png| -You are able to reset userdata of the Instance, by clicking Reset Userdata on AutoScale Instance Group button. +You are able to reset User Data of the Instance, by clicking Reset User Data on AutoScale Instance Group button. |autoscale-vmgroup-profile-reset-userdata.png| @@ -399,5 +399,5 @@ a service assigned to a rule inside the context of AutoScale. .. |autoscale-vmgroup-profile-update.png| image:: /_static/images/autoscale-vmgroup-profile-update.png :alt: Update AutoScale Instance Profile. .. |autoscale-vmgroup-profile-reset-userdata.png| image:: /_static/images/autoscale-vmgroup-profile-reset-userdata.png - :alt: Reset Userdata in AutoScale Instance Profile. + :alt: Reset User Data in AutoScale Instance Profile. diff --git a/source/adminguide/backup_and_recovery.rst b/source/adminguide/backup_and_recovery.rst index bf657b89d8..f07e6649bd 100644 --- a/source/adminguide/backup_and_recovery.rst +++ b/source/adminguide/backup_and_recovery.rst @@ -31,7 +31,7 @@ The following providers are currently supported: - KVM with NAS B&R Plugin (4.20 onwards) See the Veeam Backup and Recovery plugin documentation for plugin specific information. -:ref:`Veeam Backup and Recovery Plugin` +:ref:`Veeam Backup and Replication Plugin` See the DELL EMC Networker Backup and Recovery plugin documentation for plugin specific information. :ref:`DELL EMC Networker Backup and Recovery Plugin` @@ -92,7 +92,7 @@ Backup Offerings ------------------ Admins can import an external provider's backup offerings using UI or API for a -particular zone, as well as manage a backup offering's lifecyle. Admins can also +particular zone, as well as manage a backup offering's lifecycle. Admins can also specify if a backup offering allows user-defined backup schedules and ad-hoc backups. Users can list and consume the imported backup offerings, only root admins can import or delete offerings. @@ -144,12 +144,12 @@ icon. |B&R-createBackup.png| -To setup a recurring backup schedule, navigate to the Instance and click on the 'Backup Schedule' +To setup a recurring backup schedule, navigate to the Instance and click on the 'Configure Backup Schedule' icon. |B&R-BackupSchedule.png| -Then set the time and frequency of the backups, click 'Configure' and then 'Close' +Then set the Interval type, timezone, time of taking the backup and maximum numbers of backups to retain. |B&R-BackupScheduleEntry.png| @@ -161,8 +161,100 @@ of an expunged Instance will not restore nics and recovery any network which may not exist. User may however restore a specific volume from an Instance backup and attach that volume to a specified Instance. +Creating a new Instance from Backup +----------------------------------- + +Since CloudStack 4.21, users can remove the backup offering and expunge or unmanage an instance +that has existing backups, for the supported backup providers — Dummy, NAS, and Veeam. +Additionally, users can create a new instance from a backup using any of these providers. + +Each backup now includes metadata that captures the instance’s configuration at the time of backup including service offering, +template, disk offerings for all data volumes, attached networks, and instance-specific settings. +The new instance will be created with the same configuration and data as the original instance at the time the backup was taken. + +.. warning:: + Users should ensure that the entry for the expunged or unmanaged instance is not purged from the database, as the backup framework relies on it to function correctly. + +|B&R-CreateInstanceFromBackup.png| + +Users also have the option to customize the configuration of the new instance, similar to deploying a new instance from scratch. +The deployment form will be pre-filled with the values captured in the backup, but users can modify them as needed. +However, the number of volumes in the new instance must match the number of volumes in the backup. +If volume sizes are customized, users must ensure that each volume is at least as large as the corresponding volume in the backup. +Advanced settings are not pre-filled in the form by default, but if left unset, they will automatically be retrieved from the backup metadata. +The Template and ISO can only be updated via the UI if the UUID stored in the backup is no longer available in the environment. + +If the original instance from which the backup was created has been expunged, users will be presented with an option to reuse thesame IP address and +MAC address stored in the backup metadata. The new instance will be assigned the same IP and MAC address, provided they are still available in the network. + +|B&R-ConfigureInstance.png| + +If one or few of the resources stored in the backup such as template, networks etc are no longer available +in the system, the user will be prompted to reconfigure the Instance before creating it from backup. + +.. note:: + If the backup was created in a release prior to 4.21, the backup metadata won't contain the instance configuration details, + so users would have to fill in the required details by clicking on the Configure Instance button. + +Creating a New Instance from Backup in Another Zone +--------------------------------------------------- + +Since **Apache CloudStack 4.22**, users can create a new Instance from a Backup in another Zone. +i.e, the Instance being created can be on a different Zone from the Zone in which the Backup was created. +This can be used to implement Disaster Recovery capabilities with Instance Backups. +Currently, this capability is supported only by the **NAS Backup & Recovery plugin**. + +When creating a Backup Repository, the administrator can enable the **Cross-Zone Instance Creation** option. +This allows the repository to be used for creating Instances in other Zones. The setting can be changed later as well +using the Edit Backup Repository action button. + +|B&R-Cross-Zone-Enable-Add.png| + +Once Cross-Zone Instance Creation is enabled for a Backup Repository, users will see the option to **select a Zone** while creating a new Instance from a Backup. + +|B&R-Cross-Zone-Select-Zone.png| + +The new Instance will be created in the selected Zone, with the configuration either inherited from the backup or chosen by the user. +Configurations stored in the backup are automatically selected if the same resources are present in the destination Zone. + +For example, if the same template exists in both the source and destination Zones, it will be auto-selected. +Users will still need to manually select configurations that are unique to a single Zone, such as networks. + +Points to Note +~~~~~~~~~~~~~~ + +- A Cross-Zone enabled Backup Repository can be used to create Instances in **all Zones** within the CloudStack environment. +- The Backups can be taken only from the original Zone. +- The administrator must ensure that the Backup Repository is **reachable and mountable** from hosts in other Zones. +- Restore operations are performed by mounting the Backup Repository over **NFS, CIFS, or CephFS** (depending on configuration), + and then copying the backup files to Primary Storage. + +Extending the Functionality for DRaaS +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Administrators can extend this feature to implement Disaster Recovery as a Service (DRaaS) by adding additional configuration and instrumentation. +Two common approaches are: + +1. **Zone-Local Repository** + + - Configure a Backup Repository that is local to the source Zone. + - Add this repository to the Zone and enable Cross-Zone Instance Creation. + - In other Zones, configure NAS servers and synchronize backup files in the background between the source repository and the NAS servers in those Zones. + - Use DNS to resolve the repository URL to the local NAS server in each Zone, ensuring Instance creation from Backup always use the closest copy. + +2. **Global Repository with WAN Optimizations** + + - Configure a single global Backup Repository accessible from all Zones. + - NFS performance over WAN may become a bottleneck for Cross-Zone Instance creation scenarios. + To improve NFS performance over WAN, the following NFS mount options are recommended: + + - ``nconnect=16``: Open multiple TCP connections to the NFS server. + - ``rsize=1048576``: Use a larger chunk size for reads. + - ``wsize=1048576``: Use a larger chunk size for writes. + - The actual read and write chunk sizes may be increased further, depending on the NFS server’s capabilities. + Supported APIs: -~~~~~~~~~~~~~~~~ +--------------- - **assignVirtualMachineToBackupOffering**: adds an Instance to a backup offering. - **removeVirtualMachineFromBackupOffering**: removes an Instance from a backup offering, if forced `true` parameter is passed this may also @@ -176,7 +268,23 @@ Supported APIs: - **listBackups**: lists backups. - **restoreBackup**: restore a previous Instance backup in-place of a stopped or destroyed Instance. - **restoreVolumeFromBackupAndAttachToVM**: restore and attach a backed-up volume (of an Instance backup) to a specified Instance. +- **createVMFromBackup**: create a new Instance from a backup. + +Configuring resource limits on Backups +-------------------------------------- +Administrators can enforce limits on the maximum number of backups that can be taken and +the total backup storage size that can be used at an account, domain and project level. +Administrators can do this by going to the configure limits tab in accounts, domains and projects +similar to when enforcing resource limits on volumes, primary storage usage etc. + +Unlike other resources like volumes, backup limits take into account the physical used size +and not the allocated size of the backup. This is because the backup once taken can never +grow into the allocated size. At the time of backup creation, Cloudstack doesn't know the +size of the backup that will be taken, so it uses the physical size of the volumes to be +backed up from Volume Stats to calculate the backup size for checking resource limits. +If Volume Stats are not present, then the virtual size of the volumes is used to calculate +the backup size, although the actual backup size may be less than the size use to do resource limit check. .. |B&R-assignOffering.png| image:: /_static/images/B&R-assignOffering.png :alt: Assigning an SLA/Policy to an Instance. @@ -196,3 +304,16 @@ Supported APIs: .. |B&R-BackupScheduleEntry.png| image:: /_static/images/B&R-BackupScheduleEntry.png :alt: Creating a backup schedule for an Instance. :width: 400px +.. |B&R-CreateInstanceFromBackup.png| image:: /_static/images/B&R-CreateInstanceFromBackup.png + :alt: Creating a new Instance from a backup. + :width: 400px +.. |B&R-ConfigureInstance.png| image:: /_static/images/B&R-ConfigureInstance.png + :alt: Configure Instance parameters before creating it from backup. + :width: 700px +.. |B&R-Cross-Zone-Enable-Add.png| image:: /_static/images/B&R-Cross-Zone-Enable-Add.png + :alt: Enable Cross-Zone Instance Creation on Backup Repository + :width: 400px +.. |B&R-Cross-Zone-Select-Zone.png| image:: /_static/images/B&R-Cross-Zone-Select-Zone.png + :alt: Select Zone when creating Instance from Backup + :width: 700px + diff --git a/source/adminguide/best_practices.rst b/source/adminguide/best_practices.rst new file mode 100644 index 0000000000..a1795de466 --- /dev/null +++ b/source/adminguide/best_practices.rst @@ -0,0 +1,28 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +Best Practices +============== + +This section provides the best practices to follow for your cloud. + +The following are some of the best practices: + +- Configure 'api.allowed.source.cidr.list' at cloud level or an account + level to limit source IPs where the API requests are allowed from. + +- Setup fail2ban or similar tools to avoid any brute-force attempts + for any operations. diff --git a/source/adminguide/events.rst b/source/adminguide/events.rst index 42402d8a2f..b3444730e0 100644 --- a/source/adminguide/events.rst +++ b/source/adminguide/events.rst @@ -59,6 +59,14 @@ machine on the event bus. All the CloudStack events (alerts, action events, usage events) and the additional category of resource state change events, are published on to the events bus. +.. note:: + Alerts for some more important events will be sent multiple + times. This is due to the nature of guarding + certain resources from multiple threads in the code, to make sure + that events are not missed. Examples are "Host down" or + "HA starting VM". These are considered too important to not send + immediately and hence a check if they are already queued can not be done. + Implementations ~~~~~~~~~~~~~~~ An event bus is introduced in the @@ -73,6 +81,13 @@ in the AMQP server. Additionally, both an in-memory implementation and an Apache Kafka implementation are also available. + +.. note:: + On upgrading from 4.19.x or lower, existing AMQP or Kafka integration + configurations should be moved from folder + ``/etc/cloudstack/management/META-INF/cloudstack/core`` to + ``/etc/cloudstack/management/META-INF/cloudstack/event`` + Use Cases ~~~~~~~~~ @@ -101,7 +116,7 @@ As a CloudStack administrator, perform the following one-time configuration to enable event notification framework. At run time no changes can control the behaviour. -#. Create the folder ``/etc/cloudstack/management/META-INF/cloudstack/core`` +#. Create the folder ``/etc/cloudstack/management/META-INF/cloudstack/event`` #. Inside that folder, open ``spring-event-bus-context.xml``. @@ -203,6 +218,23 @@ changes can control the behaviour. #. Restart the Management Server. +#. CloudStack creates the exchange ‘cloudstack-events’ which will receive messages containing CloudStack events; however will be no queues created. + + To create a queue and bind with cloudstack-events the following steps are needed: + + - Go to Queues tab and add a queue, e.g. 'cloudstack-queue’ + - Go to Exchanges tab and Bind to queue cloudstack-queue with the desired ‘Routing key’. + + +#. Routing keys + + The routing key is a list of words, delimited by a period ("."). CloudStack builds routing keys according to each event type, some examples are: + + Some example of routing keys that match CloudStack events: + - A pound symbol (“#”) indicates a match on zero or more words; thus, it will match any possible set of words; + - Asterisk (“*”) matching any word and the period (“.”) delimiting example '\*.*.*.*.*' + + Kafka Configuration ~~~~~~~~~~~~~~~~~~~ @@ -214,9 +246,22 @@ changes can control the behaviour. which contains valid kafka configuration properties as documented in http://kafka.apache.org/documentation.html#newproducerconfigs The properties may contain an additional ``topic`` property which if not provided will default to ``cloudstack``. While ``key.serializer`` and ``value.serializer`` are usually required for a producer to correctly start, they may be omitted and - will default to ``org.apache.kafka.common.serialization.StringSerializer``. + will default to ``org.apache.kafka.common.serialization.StringSerializer``. A sample example which will be used by cloudstack for exporting of events + + .. parsed-literal:: + + cat /etc/cloudstack/management/kafka.producer.properties + + bootstrap.servers=:9092 + acks=all + topic=cs + retries=1 + + + + -#. Create the folder ``/etc/cloudstack/management/META-INF/cloudstack/core`` +#. Create the folder ``/etc/cloudstack/management/META-INF/cloudstack/event`` #. Inside that folder, open ``spring-event-bus-context.xml``. diff --git a/source/adminguide/events/webhooks.rst b/source/adminguide/events/webhooks.rst index 15e57cb919..023b58d317 100644 --- a/source/adminguide/events/webhooks.rst +++ b/source/adminguide/events/webhooks.rst @@ -21,7 +21,7 @@ This allows users to consume event notifications without any external services such as an event streaming platforms. Webhooks can be managed using both API and UI. CloudStack provides following -APIs for webhhoks: +APIs for webhooks: .. cssclass:: table-striped table-bordered table-hover @@ -37,7 +37,7 @@ APIs for webhhoks: executeWebhookDelivery Executes a Webhook delivery ====================== =========================== -In the UI, webhooks can be managed under *Tools > Webhhooks* menu. +In the UI, webhooks can be managed under *Tools > Webhooks* menu. |webhooks.png| @@ -80,8 +80,8 @@ To create a webhook: - **Payload URL**. The payload URL of the Webhook. All events for the webhook will posted on this URL. - - **SSL Verification**. An otional parameter to specify whether the HTTP - POST requests for event notications must be sent with strict SSL + - **SSL Verification**. An optional parameter to specify whether the HTTP + POST requests for event notifications must be sent with strict SSL verification request when a HTTPS payload URL is used. - **Secret Key**. An option secret key parameter which can be used to sign @@ -123,7 +123,7 @@ configurations: CloudStack allows retrieving recent deliveries for a webhook with details such -as event, headers, payload, respose, success, duration, etc. +as event, headers, payload, response, success, duration, etc. In the UI, these can be accessed under Recent deliveries tab in the Webhook detail view. The user can redeliver an existing delivery. To check the working of the @@ -155,7 +155,7 @@ as the payload. The following custom headers are sent with the request: - **X-CS-Event**. Event for for which the webhook delivery is made. - **User-Agent**. In the format - *CS-Hookshot/*. Here - ACCOUNT_ID is the ID of the account which trigerred the event. + ACCOUNT_ID is the ID of the account which triggered the event. - **X-CS-Signature**. HMAC SHA256 signature created using the webhook secret key and the delivery payload. It is sent only when secret key @@ -171,7 +171,7 @@ Working with HTTPS webhook payload URL with self-signed certificate openssl req -x509 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem -days 365 -#. Copy the genereated cert.pem to the management server(s). +#. Copy the generated cert.pem to the management server(s). #. Import the certificate for JDK on the management server(s) diff --git a/source/adminguide/extensions.rst b/source/adminguide/extensions.rst new file mode 100644 index 0000000000..2c6b7308e0 --- /dev/null +++ b/source/adminguide/extensions.rst @@ -0,0 +1,108 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +Extensions +========== + +Extensions are a new mechanism introduced in Apache CloudStack to allow administrators to extend the platform's functionality by integrating external systems or custom workflows. Currently, CloudStack supports a single extension type called Orchestrator. + +In the UI, extensions can be managed under *Extensions* menu. + + |extensions.png| + +Overview +^^^^^^^^ + +An extension in CloudStack is defined as an external binary (written in any programming language) that implements specific actions CloudStack can invoke. This allows operators to manage resource lifecycle operations outside CloudStack, such as provisioning VMs in third-party systems or triggering external automation pipelines. + +Extensions are managed through the API and UI, with support for configuration, resource mappings, and action execution. + + |create-extension.png| + +Configuration +^^^^^^^^^^^^^ + +Administrators can define and manage the following components of an extension: + + - Path: A path to a file or script that will be executed during extension operations. + + - Configuration Details: Key-value properties used by the extension at runtime. + + - Resource Mappings: Association between extensions and CloudStack resources such as clusters, etc. + +Path and Availabilty +^^^^^^^^^^^^^^^^^^^^ + +The path for an extension can point to any binary or executable script. If no explicit path is provided, CloudStack uses a default base Bash script. The state of the path is validated across all management servers. In the UI, the Availabilty is displayed as Not Ready if the file is missing, inaccessible, or differs across management servers. + +All extension files are stored under a directory named after the extension within `/usr/share/cloudstack-management/extensions`. + +Payload +^^^^^^^ + +CloudStack sends structured JSON payloads to the extension binary during each operation. These payloads are written to .json files stored under `/var/lib/cloudstack/management/extensions`. The extension binary is expected to read the file and return an appropriate result. CloudStack automatically attempts to clean up payload files older than one day. + +Orchestrator Extension +^^^^^^^^^^^^^^^^^^^^^^ + +An Orchestrator extension enables CloudStack to delegate VM orchestration to an external system. Key features include: + + - Cluster Mapping: Orchestrator extensions can be associated with one or more CloudStack clusters. + + - Hosts: Multiple hosts can be added to such clusters, ideally pointing to different physical or external hosts. + + - Instance Lifecycle Supported: Orchestrator extensions can handle basic VM actions like prepare, deploy, start, stop, reboot, status and delete. + + - Console Access: Instances can be accessed either via VNC consoles or through a URL, depending on the capabilities of the orchestrator extension. CloudStack retrieves console details from extensions using the ``getconsole`` action and either forwards them to the Console Proxy VM (CPVM) (for VNC access) or provides the external console URL to the user. Since 4.22.0, out-of-the-box console access support is available for instances deployed using the in-built Proxmox extension. See :ref:`Console Access for Instances with Orchestrator Extensions `for details on adding console access support in developed extensions. + + - Configuration Details: Key-value configuration details can be specified at different levels - extension, cluster mapping, host, template, service offering, instance. + + - Custom Actions: Admins can define custom actions beyond the standard VM operations. + + - Instance Preparation: Orchestrator extensions can optionally perform a preparation step during instance deployment. This step is executed before the instance is started on the external system. It allows the extension to update certain instance details in CloudStack. CloudStack sends a structured JSON containing the instance configuration, and the extension can respond with the values it wishes to modify. Currently, only a limited set of fields can be updated: the instance’s VNC password, MAC address, details, and the IPv4/IPv6 addresses of its NICs. + + - Networking: If networking is setup properly on the external system (See :ref:`in-built extensions networking ` for more details.), the Virtual Router in CloudStack can connect to the external VMs and provide DHCP, DNS, and routing services. + + **Note**: User data and ssh-key injection from within CloudStack is not supported for the external VMs in this release. The External systems should handle user-data and ssh-key injections natively using other mechanisms. + + |extension.png| + + +CloudStack provides built-in Orchestrator Extensions for Proxmox, Hyper-V, and MaaS, which work with their respective environments out of the box. + +.. note:: + - When a CloudStack host linked to an orchestrator extension is placed into Maintenance mode, all running instances on the host will be stopped. + + - For hosts linked to extensions, CloudStack will report zero for CPU and memory capacity, and host metrics will reflect the same. During instance deployment, capacity checks are the responsibility of the extension executable; CloudStack will not perform any capacity calculations. + + - Some of the features that rely on interaction with VMs, such as VM snapshots, live migration, VM scaling, VM autoscaling groups, VNF appliance, Kubernetes clusters, etc are currently not supported for instances managed by orchestrator extensions. + +.. include:: extensions/custom_actions.rst + +.. include:: extensions/inbuilt_extensions.rst + +.. include:: extensions/limitations.rst + +.. include:: extensions/troubleshooting.rst + +.. include:: extensions/developer.rst + +.. Images + + +.. |extensions.png| image:: /_static/images/extensions.png +.. |create-extension.png| image:: /_static/images/create-extension.png +.. |extension.png| image:: /_static/images/extension.png diff --git a/source/adminguide/extensions/custom_actions.rst b/source/adminguide/extensions/custom_actions.rst new file mode 100644 index 0000000000..c250019678 --- /dev/null +++ b/source/adminguide/extensions/custom_actions.rst @@ -0,0 +1,62 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +Custom Actions +^^^^^^^^^^^^^^ + +In addition to standard instance operations, extensions support custom actions. These can be configured via UI in the extension details view or the addCustomAction API. The extension binary or script must implement handlers for these action names and process any provided parameters. + + |add-custom-action.png| + +Description, allowed role types, parameters, success/error messages, configuration details, timeout can be defined during creation or update. +Alowed role types can be one or more of Admin, Resource Admin, Domain Admin, User. +Success and error messages will be used and returned during action execution. They allow string expansion and the following can be used to customise messages: + + - {{actionName}} for showing name of the action + - {{extensionName}} for showing name of the extension + - {{resourceName}} for showing name of the resource + +An example usage can be - "Successfully completed {{actionName}} for {{resourceName}} using {{extensionName}}". +Configuration details can be key-value pairs which will be passed to the extension during action execution. +Timeout value can be configured to adjust wait time for action completion. + +A single parameter can have the following details: + + - **name**: Name of the parameter. + + - **type**: Type of the parameter. It can be one of the following: BOOLEAN, DATE, NUMBER, STRING + + - **validationformat**: Validation format for the parameter value. Supported only for NUMBER and STRING type. For NUMBER, it can be NONE or DECIMAL. For STRING, it can be NONE, EMAIL, PASSWORD, URL, UUID. + + - **valueoptions**: Options for the value of the parameter. This is allowed only for NUMBER and STRING type. + + +Running Custom Action +~~~~~~~~~~~~~~~~~~~~~ + +All enabled custom actions can then be triggered for a resource of the type the action is defined for or provided while running, using the **Run Action** view or runCustomAction API. + + |run-custom-action-instance.png| + + |run-custom-action.png| + + +.. Images + + +.. |add-custom-action.png| image:: /_static/images/add-custom-action.png +.. |run-custom-action-instance.png| image:: /_static/images/run-custom-action-instance.png +.. |run-custom-action.png| image:: /_static/images/run-custom-action.png diff --git a/source/adminguide/extensions/developer.rst b/source/adminguide/extensions/developer.rst new file mode 100644 index 0000000000..cd9bc976b4 --- /dev/null +++ b/source/adminguide/extensions/developer.rst @@ -0,0 +1,240 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +Writing Extensions for CloudStack +================================= + +The CloudStack Extensions Framework allows developers and operators to write extensions using any programming language or script. From CloudStack’s perspective, an extension is simply an executable capable of handling specific actions and processing input payloads. CloudStack invokes the executable by passing the action name and the path to a JSON-formatted payload file as command-line arguments. The extension processes the payload, performs the required operations on an external system, and returns the result as a JSON response written to `stdout`. + + +Create a New Extension +^^^^^^^^^^^^^^^^^^^^^^ + +You must first register a new extension using the API or UI: + +.. code-block:: bash + + cloudmonkey createExtension name=myext path=myext-executable + +Arguments: + +- ``name``: Unique name +- ``path``: Relative path to the executable. Root path will be `/usr/share/cloudstack-management/extensions/` + +The path must be: + +- Executable (``chmod +x``) +- Owned by the ``cloud:cloud`` user +- Present on all management servers (identical path and binary) + +If no explicit path is provided during extension creation, CloudStack will scaffold a basic shell script at a default location with minimal required action handlers. This provides a starting point for customization and ensures the extension is immediately recognized and callable by the system. + +CloudStack checks extension readiness periodically and shows its state in the UI/API. + +Extension Structure +^^^^^^^^^^^^^^^^^^^ + +Your extension must support the following invocation structure: + +.. code-block:: bash + + /path/to/executable + +Arguments: + +- ````: Action name (e.g., ``deploy``, ``start``, ``status``) +- ````: Path to the input JSON file +- ````: Max duration CloudStack will wait for completion + +Sample Invocation: + +.. code-block:: bash + + /usr/share/cloudstack-management/extensions/myext/myext.py deploy /var/lib/cloudstack/management/extensions/myext/162345.json 60 + +Input Format (Payload) +^^^^^^^^^^^^^^^^^^^^^^ + +CloudStack provides input via a JSON file, which your executable must read and parse. + +Example: + +.. code-block:: json + + { + "externaldetails": { + "resourcemap": { + ... + }, + "virtualmachine": { + "exttemplateid": "1" + }, + "host": { + ... + }, + "extension": { + ... + } + }, + "virtualmachineid": "...", + "cloudstack.vm.details": { + "id": 100, + "name": "i-2-100-VM", + ... + }, + "virtualmachinename": "i-2-100-VM", + "caller": { + "roleid": "6b86674b-7e61-11f0-ba77-1e00c8000158", + "rolename": "Root Admin", + "name": "admin", + "roletype": "Admin", + "id": "93567ed9-7e61-11f0-ba77-1e00c8000158", + "type": "ADMIN" + } + } + +The schema varies depending on the resource and action. Use this to perform context-specific logic. + +Output Format +^^^^^^^^^^^^^ + +Your extension should write a response JSON to ``stdout``. Example: + +.. code-block:: json + + { + "status": "success", + "message": "Deployment completed" + } + +For custom actions, CloudStack will display the ``message`` in the UI if the output JSON includes ``"printmessage": "true"``. +The ``message`` field can be a string, a JSON object or a JSON array. + +Action Lifecycle +^^^^^^^^^^^^^^^^ + +1. A CloudStack action (e.g., deploy VM) triggers a corresponding extension action. +2. CloudStack invokes the extension’s executable with appropriate parameters. +3. The extension processes the input and responds within the timeout. +4. CloudStack continues action workflow based on the result. + +Console Access for Instances with Orchestrator Extensions +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Orchestrator extensions can provide console access for instances either through **VNC** or a **URL**. +To enable this, the extension must implement the ``getconsole`` action and return output in one of the following JSON formats: + +VNC-based console: + +.. code-block:: json + + { + "status": "success", + ... + "console": { + "host": "pve-node1.internal", + "port": "5901", + "password": "PVEVNC:6329C6AA::ZPcs5MT....d9", + "passwordonetimeuseonly": true + "protocol": "vnc" + } + } + +``passwordonetimeuseonly`` is optional. It can be set to ``true`` if the system returns a one-time-use VNC ticket. + +For VNC-based access, the returned details are forwarded to the Console Proxy VM (CPVM) in the same zone as the instance. The specified **host** and **port** must be reachable from the CPVM. + +Direct URL-based console: + +.. code-block:: json + + { + "status": "success", + ... + "console": { + "url": "CONSOLE_URL", + "protocol": "direct" + } + } + + +.. note:: + For URL–based console access, CloudStack does not report the acquired or client IP address. + In this mode, security and access control must be handled by the server providing the console. + + Protocol value of ``direct`` can be used for URL–based console access. + +Custom Actions +^^^^^^^^^^^^^^ + +You can define new custom actions for users or admin-triggered workflows. + +- Register via UI or ``addCustomAction`` API +- Define input parameters (name, type, required) +- Implement the handler for the custom action in your executable. + +CloudStack UI will render forms dynamically based on these definitions. + +Best Practices +^^^^^^^^^^^^^^ + +- Make executable/script idempotent and stateless +- Validate all inputs before acting +- Avoid hard dependencies on CloudStack internals +- Implement logging for troubleshooting +- Use exit code and ``stdout`` for signaling success/failure + +Extension Examples +^^^^^^^^^^^^^^^^^^ + +**Bash Example** + +.. code-block:: bash + + #!/bin/bash + ACTION=$1 + FILE=$2 + TIMEOUT=$3 + + if [ "$ACTION" == "deploy" ]; then + echo '{ "success": true, "result": { "message": "OK" } }' + else + echo '{ "success": false, "result": { "message": "Unsupported action" } }' + fi + +**Python Example** + +.. code-block:: python + + import sys, json + + action = sys.argv[1] + payload_file = sys.argv[2] + + with open(payload_file) as f: + data = json.load(f) + + if action == "deploy": + print(json.dumps({"success": True, "result": {"message": "Deployed"}})) + else: + print(json.dumps({"success": False, "result": {"message": "Unknown action"}})) + +For a clearer understanding of how to implement an extension, developers can refer to the base shell script scaffolded by CloudStack for orchestrator-type extensions. This script is located at: + +/usr/share/cloudstack-common/scripts/vm/hypervisor/external/provisioner/provisioner.sh + +It serves as a template with minimal required action handlers, making it a useful starting point for building new extensions. + +Additionally, CloudStack includes in-built extensions for Proxmox and Hyper-V that demonstrate how to implement extensions in different languages - Bash and Python. diff --git a/source/adminguide/extensions/inbuilt_extensions.rst b/source/adminguide/extensions/inbuilt_extensions.rst new file mode 100644 index 0000000000..d0641e2932 --- /dev/null +++ b/source/adminguide/extensions/inbuilt_extensions.rst @@ -0,0 +1,484 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +In-built Orchestrator Extensions +================================ + +CloudStack provides in-built Orchestrator Extensions for Proxmox, Hyper-V and MaaS. These extensions work with Proxmox, Hyper-V and MaaS environments out of the box, and can also serve as reference implementations for anyone looking to develop new custom extensions. +The Extension files are located in `/usr/share/cloudstack-management/extensions/`, under the subdirectories `Proxmox`, `HyperV`, and `MaaS`. +The Proxmox Extension is written in shell script, while the Hyper-V and MaaS Extensions are written in python. +Proxmox and Hyper-V Extensions support some custom actions in addition to the standard VM actions like deploy, start, stop, reboot, status and delete. +After installing or upgrading CloudStack, in-built Extensions will show up in the Extensions section in UI. + + |built-in-extensions.png| + +**Note**: These Extensions may undergo changes with future CloudStack releases and backwards compatibility is not guaranteed. + +Proxmox +^^^^^^^^ + +The Proxmox CloudStack Extension is written in shell script and communicates with the Proxmox Cluster using the `Proxmox VE API `_ over HTTPS." + +Before using the Proxmox Extension, ensure that the Proxmox Datacenter is configured correctly and accessible to CloudStack. + +Since 4.22.0, console access support is available for instances deployed using the in-built Proxmox extension via VNC and console proxy VM. + +.. note:: + Proxmox VNC connections have a short initial connection timeout (about 10 seconds), + even when accessing the console from the CloudStack UI. If the noVNC interface takes + longer to load, or if there is a delay between creating the console endpoint and + opening it, the connection may fail on the first attempt. In such cases, users can + simply retry to establish the console session. + +Get the API Token-Secret from Proxmox +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +If not already set up, create a new API Token in the Proxmox UI by navigating to `Datacenter > Permissions > API Tokens`. + +Uncheck the `Privilege Separation` checkbox in the `Add: Token` dialog + + |proxmox-add-token.png| + +Note down the **user**, **token**, and **secret**. + +Alternatively, check the `Privilege Separation` checkbox in the `Add: Token` dialog, and give permissions to the API Token +by navigating to `Datacenter > Permissions > Add > API Tokens Permission` + +- Set Role = `PVEAdmin` and Path = `/vms` +- Set Role = `PVEAdmin` and Path = `/storage` +- Set Role = `PVEAdmin` and Path = `/sdn` + + |proxmox-api-token-permission.png| + +To check whether the **token** and **secret** are working fine, you can check the following from the CloudStack Management Server: + +.. code-block:: bash + + export PVE_TOKEN='root@pam!=' + + curl -s -k -H "Authorization: PVEAPIToken=$PVE_TOKEN" https://:8006/api2/json/version | jq + +It should return a JSON response similar to this: + +.. code-block:: json + + { + "data": { + "repoid": "ec58e45e1bcdf2ac", + "version": "8.4.0", + "release": "8.4" + } + } + +Adding Proxmox to CloudStack +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +To set up the Proxmox Extension, follow these steps in CloudStack: + +#. **Enable Extension** + + Enable the Extension by clicking the `Enable` button on the `Extensions` page in the UI. + +#. **Create Cluster** + + Create a Cluster with Hypervisor type `External` and Extension type `Proxmox`. + + |proxmox-add-cluster.png| + +#. **Add Host** + + Add a Host to the newly created Cluster with the following details: + + If the Proxmox nodes use a shared API endpoint or credentials, the `url`, `user`, `token`, and `secret` can be set in the Extension's `Configuration Details` instead of per Host. However, `node` and `network_bridge` must still be specified individually for each Host. + + * **url**: IP address/URL for Proxmox API access, e.g., `https://:8006`. + * **user**: User name for Proxmox API access + * **token**: API token for Proxmox + * **secret**: API secret for Proxmox + * **node**: Hostname of the Proxmox nodes + * **network_bridge**: Name of the network bridge to use for VM networking + + |proxmox-add-host.png| + + **Note**: If the TLS certificate cannot be verified when CloudStack connects to the Proxmox node, add the detail **verify_tls_certificate** and set it to **false** to skip certificate verification. + +#. **Create Template** + + A Template in CloudStack can map to either a `Template` or an `ISO` in Proxmox. + Provide a dummy `url` and template name. Select `External` as the hypervisor and `Proxmox` as the extension. Under `External Details`, specify: + + * **template_type**: `template` or `iso` + * **template_id**: ID of the template in Proxmox (if `template_type` is `template`) + + |proxmox-add-template.png| + + * **iso_path**: Full path to the ISO in Proxmox (if `template_type` is `iso`) + |proxmox-add-iso.png| + + Note: Templates and ISOs should be stored on shared storage when using multiple Proxmox nodes. Or copy the template/iso to each host's local storage at the same location. + +#. **Deploy Instance** + + Deploy an Instance using the Template created above. Optionally, provide the detail `vm_name` to specify the name of the VM in Proxmox. + Otherwise, the CloudStack Instance's internal name is used. The VM Id in Proxmox is mapped to the CloudStack Instance and stored as a detail in CloudStack DB. + The Instance will be provisioned on a randomly selected Proxmox host. The VM will be configured with the MAC address and VLAN ID as defined in CloudStack. + + |proxmox-deploy-instance.png| + +#. **Lifecycle Operations** + + Operations **Start**, **Stop**, **Reboot**, and **Delete** can be performed on the Instance from CloudStack. + +#. **Custom Actions** + + Custom actions **Create Snapshot**, **Restore Snapshot**, and **Delete Snapshot** are also supported for Instances. + +.. _proxmox-networking: +Configuring Networking +~~~~~~~~~~~~~~~~~~~~~~ + +Proxmox nodes and CloudStack hypervisor hosts must be connected via a VLAN trunked network. On each Proxmox node, +a bridge interface should be created and connected to the network interface that carries the VLAN-tagged traffic. +This bridge must be specified under Configuration Details (`network_bridge`) when registering the Proxmox node as a Host in CloudStack. + +When a VM is deployed, CloudStack includes the assigned MAC address and VLAN ID in the Extension payload. +The VM created on the Proxmox node is configured with this MAC and connected to the corresponding VLAN via the specified bridge. + +Upon boot, the VM broadcasts a VLAN-tagged DHCP request, which reaches the CloudStack Virtual Router (VR) handling that VLAN. +The VR responds with the appropriate IP address as configured in CloudStack. Once the VM receives the lease, it becomes fully integrated into the CloudStack-managed network. + +Users can then manage the Hyper-V VM like any other CloudStack guest Instance. Users can apply Egress Policies, +Firewall Rules, Port Forwarding, and other networking features seamlessly through the CloudStack UI or API. + +Hyper-V +^^^^^^ + +The Hyper-V CloudStack Extension is a Python-based script that communicates with the Hyper-V host using WinRM (Windows Remote Management) over HTTPS, +using NTLM authentication for secure remote execution of PowerShell commands that manage the full lifecycle of virtual machines. + +Each Hyper-V host maps to a CloudStack Host. Before using the Hyper-V Extension, ensure that the Hyper-V host is accessible to the CloudStack Management Server via WinRM over HTTPS. + +Console access for instances deployed using the Hyper-V extension is not available out of the box. + +Configuring WinRM over HTTPS +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +**Windows Remote Management (WinRM)** is a protocol developed by Microsoft for securely managing Windows machines remotely using **WS-Management (Web Services for Management)**. +It allows remote execution of PowerShell commands over HTTP or HTTPS and is widely used in automation tools such as **Ansible**, **Terraform**, and **Packer** for managing Windows infrastructure. + +To enable WinRM over HTTPS on the Hyper-V host, ensure the following: + +- WinRM is enabled and configured to listen on port 5986 (HTTPS). +- A valid TLS certificate is installed and bound to the WinRM listener. You may use a certificate from a trusted Certificate Authority (CA) or a self-signed certificate. +- The firewall on the Hyper-V host allows inbound connections on TCP port 5986. +- The CloudStack Management Server has network access to the Hyper-V host on port 5986. +- The Hyper-V host has a local or domain user account with appropriate permissions for managing virtual machines (e.g., creating, deleting, configuring VMs). + +Sample powershell script to configure WinRM over HTTPS with self-signed TLS certificate is given below: + +.. code-block:: powershell + + Enable-PSRemoting -Force + $cert = New-SelfSignedCertificate -DnsName "$env:COMPUTERNAME" -CertStoreLocation Cert:\LocalMachine\My + New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbprint $cert.Thumbprint -Force + New-NetFirewallRule -DisplayName "WinRM HTTPS" -Name "WinRM-HTTPS" -Protocol TCP -LocalPort 5986 -Direction Inbound -Action Allow + +Install pywinrm on CloudStack Management Server +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +**pywinrm** is a Python library that acts as a client to remotely execute commands on Windows machines via the WinRM protocol. Install it using ``pip3 install pywinrm``. + +Host Details +~~~~~~~~~~~~ + +Apart from the `url`, `username` and `password`, the following details are required when adding a Hyper-V host in CloudStack: + +* **network_bridge**: Name of the network bridge to use for VM networking. This bridge must be configured on the Hyper-V host and connected to the appropriate network interface as explained in the `Configuring Networking` section below. +* **vhd_path**: Path to the storage location where VM disks will be created. +* **vm_path**: Path to the storage location where VM configuration files and metadata will be stored. +* **verify_tls_certificate**: Set to `false` to skip TLS certificate verification for self-signed certificates. + + +Adding Hyper-V to CloudStack +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +#. **Enable Extension** + + Enable the Extension by clicking the `Enable` button on the `Extensions` page in the UI. + +#. **Create Cluster** + + Create a Cluster with Hypervisor type `External` and Extension type `HyperV`. + + |hyperv-add-cluster.png| + +#. **Add Host** + + Add a Host to the newly created Cluster with the following details: + + |hyperv-add-host.png| + **Note**: Add the detail **verify_tls_certificate** set to **false** to skip TLS certificate verification for self-signed certificates. + +#. **Create Template** + + A Template in CloudStack can map to either a `Template` or an `ISO` in Hyper-V. + Provide a dummy `url` and Template name. Select `External` as the hypervisor and `HyperV` as the Extension. Under `External Details`, specify: + + * **template_type**: `template` or `iso` + * **generation**: VM generation (1 or 2) + * **template_path**: Full path to the template .vhdx file (if `template_type` is `template`) + + |hyperv-add-template.png| + + * **iso_path**: Full path to the ISO in HyperV (if `template_type` is `iso`) + * **vhd_size_gb**: Size of the VHD disk to create (in GB) (if `template_type` is `iso`) + + |hyperv-add-iso.png| + + Note: Templates and ISOs should be stored on shared storage when using multiple HyperV nodes. Or copy the template/iso to each host's local storage at the same location. + +#. **Deploy Instance** + + Deploy an Instance using the template created above. The Instance will be provisioned on a randomly selected Hyper-V host. + The VM will be configured with the MAC address and VLAN ID as defined in CloudStack. + The VM in Hyper-V is created with the name `'CloudStack Instance's internal name' + '-' + 'CloudStack Instance's UUID'` to keep it unique. + +#. **Lifecycle Operations** + + Operations **Start**, **Stop**, **Reboot**, and **Delete** can be performed on the Instance from CloudStack. + +#. **Custom Actions** + + Custom actions **Suspend**, **Resume**, **Create Snapshot**, **Restore Snapshot**, and **Delete Snapshot** are also supported for Instances. + +Configuring Networking +~~~~~~~~~~~~~~~~~~~~~~ + +Hyper-V hosts and CloudStack hypervisor Hosts must be connected via a VLAN trunked network. +On each Hyper-V host, an external virtual switch should be created and bound to the physical network interface that carries VLAN-tagged traffic. +This switch must be specified in the Configuration Details (network_bridge) when adding the Hyper-V host to CloudStack. + +When a VM is deployed, CloudStack includes the assigned MAC address and VLAN ID in the Extension payload. +The VM is then created on the Hyper-V host with this MAC address and attached to the specified external switch with the corresponding VLAN configured. + +Upon boot, the VM sends a VLAN-tagged DHCP request, which reaches the CloudStack Virtual Router (VR) responsible for that VLAN. +The VR responds with the correct IP address as configured in CloudStack. Once the VM receives the lease, it becomes fully integrated into the CloudStack-managed network. + +Users can then manage the Hyper-V VM like any other CloudStack guest Instance. Users can apply Egress Policies, +Firewall Rules, Port Forwarding, and other networking features seamlessly through the CloudStack UI or API. + +MaaS +^^^^ + +The MaaS Extension for CloudStack is written in Python and communicates with `Canonical MaaS `_ using the `MaaS APIs `_. + +Before using the MaaS Extension, ensure that the Canonical MaaS Service is configured correctly with servers added into it and accessible to CloudStack. + +Get the API key from MaaS +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +If not already set up, create a new API Key in the MaaS UI by navigating to left column under `admin > API keys`. + +Existing `MAAS consumer` token can be used or a new API key can be generated by clicking the `Generate MAAS API Key` button + + |MaaS-add-token.png| + +Note down the **key** value. + +You can verify the MAAS API key and connectivity from the CloudStack Management Server by using the MAAS CLI as shown below (replace the example values with your own): + +.. code-block:: bash + + maas login admin http://:5240/MAAS + + # Example: + maas login admin http://10.0.80.47:5240/MAAS QqeFTc4fvz9qQyPzGy:UUGKTDf6VwPVDnhXUp:wtAZk6rKeHrFLyDQD9sWcASPkZVSMu6a + + # Verify MAAS connectivity and list machines + maas admin machines read | jq '.[].system_id' + +If the connection is successful, the command will list all registered machine system IDs from MAAS. + +Install required Python libraries +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The MAAS Orchestrator Extension uses OAuth1 for API authentication. + +Ensure the required Python libraries are installed on the CloudStack Management Server before using this extension. +The following command is provided as an example, package installation steps may vary depending on the host operating system: + +.. code-block:: bash + + pip3 install requests requests_oauthlib + +Adding MaaS to CloudStack +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +To set up the MaaS Extension, follow these steps in CloudStack: + +#. **Use Default Extension** + + A default MaaS Extension is already available and enabled under `Extensions` tab. + +#. **Create Cluster** + + Create a Cluster with Hypervisor type `External` and Extension type `MaaS`. + + |MaaS-add-cluster.png| + +#. **Add Host** + + Add a Host to the newly created Cluster with the following details: + + To access MaaS environment, the `endpoint`, `apikey` need to be set in the Host. + + * **endpoint**: IP address of the MaaS server. The API used for operations in the script will look like `http://:5240/MAAS/api/2.0`. + * **apikey**: API key for MaaS + + |MaaS-add-host.png| + + +#. **Create Template** + + A Template in CloudStack maps to an image available in MaaS that can be deployed on a baremetal server. + Provide a dummy `url` and template name. Select `External` as the hypervisor and `MaaS` as the extension. + Under `External Details`, specify the following parameters: + + * **os**: Operating system name (e.g., `ubuntu`) + * **distro_series**: Ubuntu codename (e.g., `focal`, `jammy`) + * **architecture**: Image architecture name as listed in MaaS (e.g., `amd64/ga-20.04`, `amd64/hwe-22.04`, `amd64/generic`) + + MAAS uses only distro_series to identify the operating system for Ubuntu-based images (for example, focal, jammy). + + Example configurations: + + .. code-block:: text + + # Ubuntu 20.04 (Focal) + os=ubuntu + distro_series=focal + architecture=amd64/ga-20.04 + + |MaaS-add-template.png| + +#. **Deploy Instance** + + Deploy an Instance using the Template created above. The Instance will be provisioned on a randomly selected MaaS machine. + **maas_system_id** value can be provided in the external details to deploy the instance on specific server. + + |MaaS-deploy-instance.png| + +#. **Lifecycle Operations** + + Operations **Start**, **Stop**, **Reboot**, and **Delete** can be performed on the Instance from CloudStack. + +Configuring Networking and additional details +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The MaaS scenarios have been tested and verified only with a Shared Network setup in CloudStack and with ubuntu based images, using the MAAS Orchestrator Extension. +Please find some additional notes with respect to the networking and access related configuration as below, + +#. **Configuring TFTP to point to MAAS** + + Ensure that the TFTP or PXE boot configuration (for example, in pfSense or your network’s DHCP server) is set to point to the MAAS server as the TFTP source. + This ensures that VMs retrieve boot images directly from MAAS during PXE boot. + +#. **Using CloudStack Virtual Router (VR) as an External DHCP Server** + + If the end user wants the **CloudStack Virtual Router (VR)** to act as the external DHCP server for instances provisioned through MAAS, the following configuration steps must be performed. + + **In CloudStack** + + a. Navigate to **Networks → Add Shared Network**. + b. Create a Shared Network using the **DefaultSharedNetworkOffering**, and define an appropriate **Guest IP range**. + + |CloudStack-shared-network.png| + + **In MAAS** + + a. Navigate to **Networking → Subnets → Add Subnet** and create a subnet corresponding to the same IP range used in CloudStack. + + |MaaS-add-subnet-1.png| + |MaaS-add-subnet-2.png| + + b. Once the subnet is added: + - Ensure **Managed allocation** is **disabled**. + - Ensure **Active discovery** is **enabled**. + + |MaaS-subnet-configuration.png| + + c. Add a **Reserved IP range** that matches the CloudStack Guest range (optional, for clarity). + + |MaaS-add-reserve-iprange.png| + + d. Disable the DHCP service in MAAS: + - Navigate to **Subnets → VLAN → Edit VLAN**. + - Ensure the **DHCP service** is **disabled**. + + |MaaS-disable-dhcp.png| + + e. For all the servers in MAAS, navigate to each server in the Ready state, go to Network → Server Interface → Edit Physical, and set the IP mode to DHCP. + + |MaaS-enable-dhcp-on-servers.png| + + This configuration allows the CloudStack Virtual Router (VR) to provide IP address allocation and DHCP services for the baremetal instances managed through MAAS. + +#. **Using CloudStack-Generated SSH Keys for Baremetal Access** + + If the user wants to use the **SSH key pair generated in CloudStack** to log into the baremetal server provisioned by MAAS, perform the following steps. + + **In CloudStack** + + a. Navigate to **Compute → SSH Keypairs → Create SSH Keypair**. + b. Save the generated **private key** for later use (CloudStack stores only the public key). + + **In MAAS** + + a. Navigate to **Admin → SSH Keys → Import**. + b. Paste the **public key** from the CloudStack-generated SSH key pair. + c. Save the changes. + + |MaaS-add-sshkeypair.png| + + + After these steps, any baremetal node deployed via the MAAS Extension can be accessed using the **private key** from CloudStack. + +.. Images + + +.. |built-in-extensions.png| image:: /_static/images/built-in-extensions.png +.. |proxmox-add-cluster.png| image:: /_static/images/proxmox-add-cluster.png +.. |proxmox-add-host.png| image:: /_static/images/proxmox-add-host.png +.. |proxmox-add-token.png| image:: /_static/images/proxmox-add-token.png +.. |proxmox-api-token-permission.png| image:: /_static/images/proxmox-api-token-permission.png +.. |proxmox-add-template.png| image:: /_static/images/proxmox-add-template.png +.. |proxmox-add-iso.png| image:: /_static/images/proxmox-add-iso.png +.. |proxmox-deploy-instance.png| image:: /_static/images/proxmox-deploy-instance.png +.. |hyperv-add-cluster.png| image:: /_static/images/hyperv-add-cluster.png +.. |hyperv-add-host.png| image:: /_static/images/hyperv-add-host.png +.. |hyperv-add-template.png| image:: /_static/images/hyperv-add-template.png +.. |hyperv-add-iso.png| image:: /_static/images/hyperv-add-iso.png +.. |MaaS-add-token.png| image:: /_static/images/MaaS-add-token.png +.. |MaaS-add-cluster.png| image:: /_static/images/MaaS-add-cluster.png +.. |MaaS-add-host.png| image:: /_static/images/MaaS-add-host.png +.. |MaaS-add-template.png| image:: /_static/images/MaaS-add-template.png +.. |MaaS-deploy-instance.png| image:: /_static/images/MaaS-deploy-instance.png +.. |CloudStack-shared-network.png| image:: /_static/images/CloudStack-shared-network.png +.. |MaaS-add-subnet-1.png| image:: /_static/images/MaaS-add-subnet-1.png +.. |MaaS-add-subnet-2.png| image:: /_static/images/MaaS-add-subnet-2.png +.. |MaaS-subnet-configuration.png| image:: /_static/images/MaaS-subnet-configuration.png +.. |MaaS-add-reserve-iprange.png| image:: /_static/images/MaaS-add-reserve-iprange.png +.. |MaaS-disable-dhcp.png| image:: /_static/images/MaaS-disable-dhcp.png +.. |MaaS-add-sshkeypair.png| image:: /_static/images/MaaS-add-sshkeypair.png +.. |MaaS-enable-dhcp-on-servers.png| image:: /_static/images/MaaS-enable-dhcp-on-servers.png \ No newline at end of file diff --git a/source/adminguide/extensions/limitations.rst b/source/adminguide/extensions/limitations.rst new file mode 100644 index 0000000000..d043565b79 --- /dev/null +++ b/source/adminguide/extensions/limitations.rst @@ -0,0 +1,53 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +Limitations +=========== + +Although the external Instances behave a lot like CloudStack managed +Instances in many ways, there are some limitations. Some of these +limitations are due to the framework itself, while others can be addressed +by adding custom actions in the scripts written for the built-in extensions. + +**Some general features/actions not supported at the framework level:** + + - Data volumes. + + - User Data and Metadata services. + + - SSH key injection. + + - Affinity Groups. + + - Migrate Instance. + + - Host Capacity and Utilization Stats. + + - Add Nics to Instance post deployment. + +**Actions which can be implemented using Custom Actions in built-in extensions:** + + - Reinstall Instance. + + - Backup and Restore. + + - Recurring Snapshots. + + - Change Service Offering. + + - Resize Volume. + + - Attach ISO. diff --git a/source/adminguide/extensions/troubleshooting.rst b/source/adminguide/extensions/troubleshooting.rst new file mode 100644 index 0000000000..815da5d352 --- /dev/null +++ b/source/adminguide/extensions/troubleshooting.rst @@ -0,0 +1,70 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +Troubleshooting Extensions +========================== + +Validate the Extension Path +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + - Ensure that the path is correctly defined and accessible on all management servers. The executable must be owned by the `cloud` user and group, and have appropriate permissions to be executed by `cloud:cloud`. + + - The script or binary must be executable and have appropriate permissions. + + - If the binary differs across management servers, the extension will be marked as Not Ready. + + - Ensure files are stored at: `/usr/share/cloudstack-management/extensions/` + + - CloudStack runs a background task at regular intervals to verify path readiness. If the path is not ready, its state will appear as Not Ready in the UI or API responses. + + - Alerts are generated if the extension path is not ready. + + - The check interval can be configured using the global configuration - `extension.path.state.check.interval`. The default is 5 minutes. + +Verify Payload Handling +^^^^^^^^^^^^^^^^^^^^^^^ + + - Ensure the extension binary can correctly read and parse the incoming JSON payload. + + - Payload files are placed at: `/var/lib/cloudstack/management/extensions//` + + - These payload files are automatically cleaned up after 24 hours. + + - Improper parsing of the payload is a common cause of failure—log any parsing errors in your extension binary for debugging. + +Refer to Base Extension Scripts +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + - For guidance on implementing supported actions, refer to the base scripts present for each extension type. + + - For Orchestrator-type extensions, see: `/usr/share/cloudstack-common/scripts/vm/hypervisor/external/provisioner/provisioner.sh` + + - These scripts provide examples of how to handle standard actions like start, stop, status, etc. + +Check Logs for Errors +^^^^^^^^^^^^^^^^^^^^^ + + - If the extension does not respond or returns an error, check the management server logs. + + - Logs include details of: + + 1. Invocation of the extension binary + + 2. Payload hand-off + + 3. Output parsing + + - Any exceptions or exit code issues. diff --git a/source/adminguide/guest_os.rst b/source/adminguide/guest_os.rst index cb64f57c1f..04b8ec1cb0 100644 --- a/source/adminguide/guest_os.rst +++ b/source/adminguide/guest_os.rst @@ -13,6 +13,13 @@ specific language governing permissions and limitations under the License. + +.. |guest-os-categories.png| image:: /_static/images/guest-os-categories.png + :alt: Guest OS Categories + +.. |add-guest-os-category.png| image:: /_static/images/add-guest-os-category.png + :alt: Add Guest OS Category form + .. |guest-os-button.png| image:: /_static/images/guest-os-button.png :alt: Guest OS section @@ -36,8 +43,40 @@ and also need to have a mapping with the actual operating system name supported Under "Configuration" section there are sub-sections for guest operating system. +Guest OS Categories +------------------- + +A list of existing categories for the guest operating systems are shown as +"Guest OS Categories" section. Operators can also add new guest operating +system categories from the view. + +|guest-os-categories.png| + +Guest operating system categories are useful for categorizing images, i.e., +templates and ISOs, in several UI forms such as deploying an instance, +reinstalling an instance, etc., when the modern image selection is used in the +UI configuration. + +To allow a guest operating system category to be displayed in the UI forms, it +must be marked as featured. The order of the categories can also be controlled +using the Order option in the categories view. + +Like other resources, a custom resource icon can be set for a particular guest +operating system category for further control. If no resource icon is set for +a category, the UI will display default icons based on the category +name. + +An existing guest OS category can be deleted if it does not have any +associated guest operating systems. + +The "Add guest OS category" option allows operators to create new categories, +which can be marked as featured if they are meant to be displayed in the UI +forms. + +|add-guest-os-category.png| + Guest OS ---------- +-------- A list of supported guest operating systems are shown under |guest-os-button.png| and also one can add new operating systems. @@ -86,4 +125,4 @@ and following details needs to be provided. :align: center :alt: Guest OS mapping form -Operator can also do operations like edit and delete guest OS and its hypervisor mappings. \ No newline at end of file +Operator can also do operations like edit and delete guest OS and its hypervisor mappings. diff --git a/source/adminguide/host_and_storage_tags.rst b/source/adminguide/host_and_storage_tags.rst index 9bbb18b833..211a83ea3d 100644 --- a/source/adminguide/host_and_storage_tags.rst +++ b/source/adminguide/host_and_storage_tags.rst @@ -31,30 +31,39 @@ There are two types of host tags: To explain the behavior of host tags, some examples will be demonstrated with two hosts (Host1 and Host2): #. Tag setup: + * Host1: h1 * Host2: h2 * Offering: h1 + When a VM is created with the offering, the deployment will be carried out on Host1, as it is the one that has the tag compatible with the offering. #. Tag setup: + * Host1: h1 * Host2: h2,h3 * Offering: h3 + Hosts and offerings accept a list of tags, with comma (,) being their separator. So in this example, Host2 has the h2 and h3 tags. When a VM is created with the offering, the deployment will be carried out on Host2, as it is the one that has the tag compatible with the offering. #. Tag setup: + * Host1: h1 * Host2: h2,h3 * Offering: (no tag) + When the offering does not have tags, it will be possible to deploy the VM on any host. #. Tag setup: + * Host1: (no tag) * Host2: h2 * Offering: h3 + None of the hosts have compatible tags and it will not be possible to deploy a VM with the offering. However, CloudStack ignores this behavior when a host is manually selected. .. _strict-host-tags: + Strict Host Tags ----------------- During certain operations, such as changing the compute offering or starting or @@ -96,23 +105,31 @@ Storage tags are responsible for directing volumes to compatible primary storage To explain the behavior of storage tags, some examples will be demonstrated: #. Tag setup: + * Storage: A * Offering: A,B + Storage and offering accept a list of tags, with the comma (,) being their separator. Therefore, in this example, the offering has tags A and B. In this example, it will not be possible to allocate the volume, as all the offering tags must exist in the storage. Although the storage has the A tag, it does not have the B tag. #. Tag setup: + * Storage: A,B,C,D,X * Offering: A,B,C + In this example, it will be possible to allocate the volume, as all the offering tags exist in the storage. #. Tag setup: + * Storage: A, B, C * Offering: (no tag) + In this example, it will be possible to allocate the volume, as the offering does not have any tag requirements. #. Tag setup: + * Storage: (no tag) * Offering: D,E + In this example, it will not be possible to allocate the volume, as the storage does not have tags, therefore it does not meet the offering requirements. In short, if the offering has tags, the storage will need to have all the tags for the volume to be allocated. If the offering does not have tags, the volume can be allocated, regardless of whether the storage has a tag or not. @@ -127,7 +144,24 @@ To overcome these situations, ACS allows hosts and storages to have tags that ar Configuring flexible tags on hosts is carried out through the ``updateHost`` API, entering the rule in the ``hosttags`` field. On the other hand, configuring flexible tags in the storages is done using the ``updateStoragePool`` API, informing the rule in the ``tags`` field. For the informed tag to be effectively interpreted as JavaScript, you must declare the ``istagarule`` parameter as true whenever you use one of the APIs presented. -It is worth mentioning that the compute offering or disk offering tags are injected in list format. Thus, when validating an offering with tags ``A, B``, during processing, there will be the variable ``tags``, where ``tags[0]`` will be tag A, and ``tags[1]`` will be tag B. +It is worth mentioning that the compute offering or disk offering tags are injected in list format. Thus, when validating an offering with tags ``A, B``, during processing, there will be the variable ``tags``, where ``tags[0]`` will be tag A, and ``tags[1]`` will be tag B. The order of the tags is significant and can affect the outcome, depending on how they are implemented. + +Example: tags[0] == "slow" || tags[1] == "fast" + Tags and results: + +- “slow,fast” -> TRUE +- “fast,slow” -> FALSE +- “fast” -> FALSE + +If you want to avoid dependency on tag order, use the following approach: + +Example: tags.indexOf('slow') >= 0 || tags.indexOf('fast') >= 0 + Tags and results: + +- “slow,fast” -> TRUE +- “fast,slow” -> TRUE +- “fast” -> TRUE + It's also important to mention that flexible tags are not compatible with quota's activation rules. @@ -137,7 +171,7 @@ In Apache CloudStack 4.19 and prior, cloud operators are only able to set tags o Implicit host tags feature is supported since Apache CloudStack 4.20. With the feature, Cloud operators can easily set the implicit host tags per host based on the server configurations. For example, based on the following hardware devices and -softwares which can be fetched by commands, scripts or tools: +software which can be fetched by commands, scripts or tools: - CPU architecture and model - Network card type and speed diff --git a/source/adminguide/hosts.rst b/source/adminguide/hosts.rst index fee3cd32af..b7c6b8df43 100644 --- a/source/adminguide/hosts.rst +++ b/source/adminguide/hosts.rst @@ -164,7 +164,7 @@ migrated to other Hosts. To remove a Host from the cloud: #. Use the UI option to remove the node. - Then you may power down the Host, re-use its IP address, re-install + Then you may power down the Host, reuse its IP address, re-install it, etc @@ -223,6 +223,62 @@ Following hypervisor-specific documentations can be referred for different maxim Guest Instance limit check is not done while deploying an Instance on a KVM hypervisor host. +.. _discovering-gpu-devices-on-kvm-hosts: + +Discovering GPU Devices on KVM Hosts +-------------------------------- + +For KVM, the user needs to ensure that IOMMU is enabled and the necessary +drivers are installed. If vGPU is to be used, the user needs to ensure that +the vGPU type is supported by the host and has been created on the host. The +cloudstack agent uses the ``gpudiscovery.sh`` script to discover the GPU devices +on the host. For more information on how to prepare the host for GPU +passthrough, see `Managing GPU devices in virtual machines `_. + +Once the host is configured with the GPU devices, the operator can trigger the +discovery of the GPU devices on the host by using ``discoverGPUdevices`` command +using cmk or use the ``Discover GPU devices`` button on the host details page in the UI. +This triggers a request to the cloudstack agent to discover the GPU devices on +the host. + +The cloudstack agent uses the ``gpudiscovery.sh`` script to discover the GPU +devices on a KVM host. The script is located in the +``/usr/share/cloudstack-common/scripts/vm/kvm/`` directory on the host. The script +relies on the ``lspci`` & ``xmlstarlet`` command to discover the GPU devices +and their status on the host. So, for the discovery to be successful, the +``lspci`` & ``xmlstarlet`` should be installed on the host. + + .. parsed-literal:: + + dnf install pciutils xmlstarlet + + .. parsed-literal:: + + sudo apt install pciutils xmlstarlet + +.. note:: + The following table shows the compatibility matrix for NVIDIA vGPU types with CloudStack: + + .. cssclass:: table-striped table-bordered table-hover + + =============================== ================== ======================= + NVIDIA vGPU Type VFIO Framework Supported in CloudStack + =============================== ================== ======================= + Legacy: SR-IOV not supported `mdev` Yes + SR-IOV supported `mdev` Yes + SR-IOV supported `Vendor specific` Yes + Multi Instance GPU No + =============================== ================== ======================= + + The script can also be run manually to debug the discovery of the GPU devices on a host. + + .. parsed-literal:: + + sudo /usr/share/cloudstack-common/scripts/vm/kvm/gpudiscovery.sh + + The script will output the GPU devices in a JSON found on the host. The operator + can also update the script to customize the discovery of the GPU devices on the host. + Changing Host Password ---------------------- @@ -472,7 +528,7 @@ To change the over-provisioning factors for an existing cluster: #. Fill in your desired over-provisioning multipliers in the fields CPU overcommit factor and RAM overcommit factor. The value which is - intially shown in these fields is the default value inherited from + initially shown in these fields is the default value inherited from the global configuration settings. .. note:: @@ -595,7 +651,7 @@ The former behaviour also is supported — VLAN is randomly allocated to a network from the VNET range of the physical network when the network turns to Implemented state. The VLAN is released back to the VNET pool when the network shuts down as a part of the Network Garbage Collection. -The VLAN can be re-used either by the same network when it is +The VLAN can be reused either by the same network when it is implemented again, or by any other network. On each subsequent implementation of a network, a new VLAN can be assigned. @@ -676,7 +732,7 @@ management server(s). The ``outofbandmanagement.sync.poolsize`` is the maximum number of ipmitool background power state scanners that can run at a time. Based on the maximum number of hosts you've, you can increase/decrease the value depending on how much -stress your management server host can endure. It will take atmost number of +stress your management server host can endure. It will take at most number of total out-of-band-management enabled hosts in a round * ``outofbandmanagement.action.timeout`` / ``outofbandmanagement.sync.poolsize`` seconds to complete a background power-state sync scan in a single round. @@ -703,7 +759,7 @@ power management actions but in the UI a warning is displayed. Security -------- -Starting 4.11, CloudStack has an inbuilt certicate authority (CA) framework and +Starting 4.11, CloudStack has an inbuilt certificate authority (CA) framework and a default 'root' CA provider which acts as a self-signed CA. The CA framework participates in certificate issuance, renewal, revocation, and propagation of certificates during setup of a host. This framework is primary used to @@ -714,9 +770,9 @@ Following are some global settings that control various aspects of this feature. .. cssclass:: table-striped table-bordered table-hover -======================================= ==================================================================== +======================================= ==================================================================================================== Global setting Description -======================================= ==================================================================== +======================================= ==================================================================================================== ca.framework.provider.plugin The configured CA provider plugin ca.framework.cert.keysize The key size used for certificate generation ca.framework.cert.signature.algorithm The certificate signature algorithm @@ -724,13 +780,15 @@ ca.framework.cert.validity.period Certificate validity in days ca.framework.cert.automatic.renewal Whether to auto-renew expiring certificate on hosts ca.framework.background.task.delay The delay between each CA background task round in seconds ca.framework.cert.expiry.alert.period The number of days to check and alert expiring certificates -ca.plugin.root.private.key (hidden/encrypted in database) Auto-generated CA private key -ca.plugin.root.public.key (hidden/encrypted in database) CA public key -ca.plugin.root.ca.certificate (hidden/encrypted in database) CA certificate -ca.plugin.root.issuer.dn The CA issue distinguished name used by the root CA provider +ca.plugin.root.private.key (hidden) CA private key. Auto-generated if empty. PKCS#8 format required +ca.plugin.root.public.key (hidden) CA public key. Auto-generated if empty. X.509/SPKI format required +ca.plugin.root.ca.certificate (hidden) CA certificate chain. Auto-generated if empty. Supports intermediate CA chains +ca.plugin.root.issuer.dn The CA issuer distinguished name used by the root CA provider ca.plugin.root.auth.strictness Setting to enforce two-way SSL authentication and trust validation ca.plugin.root.allow.expired.cert Setting to allow clients with expired certificates -======================================= ==================================================================== +ca.framework.inject.default.truststore Injects CA certificate into JVM default truststore on startup for outgoing HTTPS trust + (default: ``true``). Restart management server(s) when changed +======================================= ==================================================================================================== A change in ``ca.framework.background.task.delay`` settings requires restarting of management server(s) as the thread pool and a background tasks are configured @@ -750,6 +808,76 @@ enforce authentication and validation strictness by setting ``ca.plugin.root.auth.strictness`` to ``true`` and restarting the management server(s). +Custom CA Support +~~~~~~~~~~~~~~~~~~ + +The built-in ``root`` CA provider supports user-provided CA +material. When the ``ca.plugin.root.private.key``, +``ca.plugin.root.public.key``, and ``ca.plugin.root.ca.certificate`` +configuration keys are pre-populated, CloudStack uses the provided CA instead +of auto-generating one. All internal certificate provisioning (agents, +SystemVMs, management server keystores) automatically use the configured CA. + +Starting 4.23, this support was enhanced to include: + +- **Intermediate CA chains**: The ``ca.plugin.root.ca.certificate`` key can now + contain a PEM-concatenated chain of certificates. +- **Outgoing HTTPS trust**: The configured CA is injected into the management + server's default truststore (controlled by ``ca.framework.inject.default.truststore``) + and the SystemVM's truststore, allowing outgoing HTTPS connections to trust + servers using this CA. This enables SystemVMs to download templates and ISOs + from HTTPS servers whose certificates are signed by the configured CA. +- **Validation**: User-provided keys are validated on startup to prevent silent + overwriting of malformed keys. + +All three keys must be set together. If any key is missing or malformed, the CA +provider will log a warning, overwrite them with auto-generated keys, and +the user will need to update the global settings again with valid values. +The private key must be in PKCS#8 format and the public key must be explicitly +extracted. Use the following commands to prepare the CA material: + +.. code:: bash + + # Convert private key to PKCS#8 format (required) + openssl pkcs8 -topk8 -nocrypt -in ca.key -out ca-pkcs8.key + + # Extract the public key + openssl rsa -in ca.key -pubout -out ca.pub + + # For intermediate CAs, concatenate into a single PEM chain + cat intermediate.crt root.crt > ca-chain.crt + +.. note:: + When migrating from one CA to another on an existing environment, agents + holding certificates signed by the old CA will fail to connect after the + management server restarts with the new CA. Ensure + ``ca.plugin.root.auth.strictness`` is set to ``false`` to allow agents to + reconnect, then use ``provisionCertificate`` to re-provision each host and + SystemVM with certificates signed by the new CA. Alternatively, use forced + provisionin (see below) for hosts that cannot reconnect. + +Forced Certificate Provisioning +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The ``provisionCertificate`` API accepts a ``forced`` parameter (default: +``false``). When set to ``true``, the management server provisions certificates +directly via SSH instead of the agent communication channel. This is required +when agents cannot connect to the management server — for example, after a CA +change when the agent's keystore trusts the old CA. + +For KVM hosts, forced provisioning connects via SSH using stored host +credentials, provisions the certificate, and restarts the ``cloudstack-agent`` +and ``libvirtd`` services. For SystemVMs, it routes commands through the +SystemVM's SSH access. + +.. code:: bash + + # Force re-provision a disconnected KVM host + cmk provision certificate hostid= reconnect=true forced=true + + # Force re-provision a disconnected SystemVM + cmk provision certificate hostid= reconnect=true forced=true + Server Address Usage -------------------- @@ -924,7 +1052,7 @@ There are four stages in the KVM rolling maintenance process: #. Pre-Flight stage: Pre-flight script (``PreFlight`` or ``PreFlight.sh`` or ``PreFlight.py``) runs on hosts before commencing the rolling maintenance. If pre-flight check scripts return an error from any host, then rolling maintenance will be cancelled with no actions taken, and an error returned. If there are no pre-flight scripts defined, then no checks will be done from the hosts. -#. Pre-Maintenace stage: Pre-maintenance script ((``PreMaintenance`` or ``PreMaintenance.sh`` or ``PreMaintenance.py``)) runs before a specific host is put into maintenance. If no pre-maintenance script is defined, then no pre-maintenance actions will be taken, and the management server will move straight to putting the host in maintenance followed by requesting that the agent runs the maintenance script. +#. Pre-Maintenance stage: Pre-maintenance script ((``PreMaintenance`` or ``PreMaintenance.sh`` or ``PreMaintenance.py``)) runs before a specific host is put into maintenance. If no pre-maintenance script is defined, then no pre-maintenance actions will be taken, and the management server will move straight to putting the host in maintenance followed by requesting that the agent runs the maintenance script. #. Maintenance stage: Maintenance script ((``Maintenance`` or ``Maintenance.sh`` or ``Maintenance.py``)) runs after a host has been put into maintenance. If no maintenance script is defined, or if the pre-flight or pre-maintenance scripts determine that no maintenance is required, then the host will not be put into maintenance, and the completion of the pre-maintenance scripts will signal the end of all maintenance tasks and the KVM agent will hand the host back to the management server. Once the maintenance scripts have signalled that it has completed, the host agent will signal to the management server that the maintenance tasks have completed, and therefore the host is ready to exit maintenance mode and any 'information' which was collected (such as processing times) will be returned to the management server. diff --git a/source/adminguide/index.rst b/source/adminguide/index.rst index 720e0cda60..040ad1cd67 100644 --- a/source/adminguide/index.rst +++ b/source/adminguide/index.rst @@ -140,6 +140,7 @@ Managing VM and Volume Allocation host_and_storage_tags arch_types + vm_volume_allocators Managing Networks and Traffic ----------------------------- @@ -187,3 +188,21 @@ Events and Troubleshooting events troubleshooting + + +Extensions +---------- + +.. toctree:: + :maxdepth: 4 + + extensions + + +Best Practices +-------------- + +.. toctree:: + :maxdepth: 4 + + best_practices diff --git a/source/adminguide/locale/pot/hosts.pot b/source/adminguide/locale/pot/hosts.pot index 5ef7fbe455..1678b60fab 100644 --- a/source/adminguide/locale/pot/hosts.pot +++ b/source/adminguide/locale/pot/hosts.pot @@ -262,7 +262,7 @@ msgstr "" #: ../../hosts.rst:171 # 400a182ceace4cef87ffe6c731ea45cd -msgid "Then you may power down the Host, re-use its IP address, re-install it, etc" +msgid "Then you may power down the Host, reuse its IP address, re-install it, etc" msgstr "" #: ../../hosts.rst:176 @@ -545,7 +545,7 @@ msgstr "" #: ../../hosts.rst:410 # 4574765089c64df0a53ffd4b0d9052a0 -msgid "Fill in your desired over-provisioning multipliers in the fields CPU overcommit factor and RAM overcommit factor. The value which is intially shown in these fields is the default value inherited from the global configuration settings." +msgid "Fill in your desired over-provisioning multipliers in the fields CPU overcommit factor and RAM overcommit factor. The value which is initially shown in these fields is the default value inherited from the global configuration settings." msgstr "" #: ../../hosts.rst:421 @@ -772,7 +772,7 @@ msgstr "" #: ../../hosts.rst:530 # 47af367fd0e74e9c98c07d5fd93d9a6a -msgid "The former behaviour also is supported — VLAN is randomly allocated to a network from the VNET range of the physical network when the network turns to Implemented state. The VLAN is released back to the VNET pool when the network shuts down as a part of the Network Garbage Collection. The VLAN can be re-used either by the same network when it is implemented again, or by any other network. On each subsequent implementation of a network, a new VLAN can be assigned." +msgid "The former behaviour also is supported — VLAN is randomly allocated to a network from the VNET range of the physical network when the network turns to Implemented state. The VLAN is released back to the VNET pool when the network shuts down as a part of the Network Garbage Collection. The VLAN can be reused either by the same network when it is implemented again, or by any other network. On each subsequent implementation of a network, a new VLAN can be assigned." msgstr "" #: ../../hosts.rst:538 diff --git a/source/adminguide/locale/pot/management.pot b/source/adminguide/locale/pot/management.pot index cf7bfff0a7..04596b1bc7 100644 --- a/source/adminguide/locale/pot/management.pot +++ b/source/adminguide/locale/pot/management.pot @@ -298,7 +298,7 @@ msgstr "" #: ../../management.rst:345 # 653fb8fc18ea4f17ab01fe630ed6783b -msgid "CloudStack generates a syslog message for every alert. Each syslog message incudes the fields alertType, message, podId, dataCenterId, and clusterId, in the following format. If any field does not have a valid value, it will not be included." +msgid "CloudStack generates a syslog message for every alert. Each syslog message includes the fields alertType, message, podId, dataCenterId, and clusterId, in the following format. If any field does not have a valid value, it will not be included." msgstr "" #: ../../management.rst:354 diff --git a/source/adminguide/locale/pot/networking/inter_vlan_routing.pot b/source/adminguide/locale/pot/networking/inter_vlan_routing.pot index d7b6b8009d..bc8643d755 100644 --- a/source/adminguide/locale/pot/networking/inter_vlan_routing.pot +++ b/source/adminguide/locale/pot/networking/inter_vlan_routing.pot @@ -38,7 +38,7 @@ msgstr "" #: ../../networking/inter_vlan_routing.rst:37 # dca4c4be393c4d7bbcda75f49ffc8efc -msgid "The administrator can deploy a set of VLANs and allow users to deploy VMs on these VLANs. A guest VLAN is randomly alloted to an account from a pre-specified set of guest VLANs. All the VMs of a certain tier of an account reside on the guest VLAN allotted to that account." +msgid "The administrator can deploy a set of VLANs and allow users to deploy VMs on these VLANs. A guest VLAN is randomly allotted to an account from a pre-specified set of guest VLANs. All the VMs of a certain tier of an account reside on the guest VLAN allotted to that account." msgstr "" #: ../../networking/inter_vlan_routing.rst:43 diff --git a/source/adminguide/locale/pot/networking/ip_reservation_in_guest_networks.pot b/source/adminguide/locale/pot/networking/ip_reservation_in_guest_networks.pot index 4d28e100e1..315d15163e 100644 --- a/source/adminguide/locale/pot/networking/ip_reservation_in_guest_networks.pot +++ b/source/adminguide/locale/pot/networking/ip_reservation_in_guest_networks.pot @@ -68,7 +68,7 @@ msgstr "" #: ../../networking/ip_reservation_in_guest_networks.rst:60 # 0710411bb18c4764970dffcc49fe5dab -msgid "You cannot apply IP Reservation if any VM is alloted with an IP address that is outside the Guest VM CIDR." +msgid "You cannot apply IP Reservation if any VM is allotted with an IP address that is outside the Guest VM CIDR." msgstr "" #: ../../networking/ip_reservation_in_guest_networks.rst:63 diff --git a/source/adminguide/locale/pot/networking/virtual_private_cloud_config.pot b/source/adminguide/locale/pot/networking/virtual_private_cloud_config.pot index 9f29a3ac43..2bb1162f05 100644 --- a/source/adminguide/locale/pot/networking/virtual_private_cloud_config.pot +++ b/source/adminguide/locale/pot/networking/virtual_private_cloud_config.pot @@ -1547,7 +1547,7 @@ msgstr "" #: ../../networking/virtual_private_cloud_config.rst:1165 # 2e6d402ef3d044488597c6501ca6749d # f974a014675745ceae4ebb19113bc49e -msgid "Naviagte to Service Offerings and choose Network OfferingPublic IP Addresses." +msgid "Navigate to Service Offerings and choose Network OfferingPublic IP Addresses." msgstr "" #: ../../networking/virtual_private_cloud_config.rst:961 diff --git a/source/adminguide/locale/pot/networking2.pot b/source/adminguide/locale/pot/networking2.pot index 14666aa3e7..8f769f4eea 100644 --- a/source/adminguide/locale/pot/networking2.pot +++ b/source/adminguide/locale/pot/networking2.pot @@ -970,7 +970,7 @@ msgstr "" #: ../../networking2.rst:637 # 7cd262eb2864435f953ba2f8d9b2e0a0 -msgid "You cannot apply IP Reservation if any VM is alloted with an IP address that is outside the Guest VM CIDR." +msgid "You cannot apply IP Reservation if any VM is allotted with an IP address that is outside the Guest VM CIDR." msgstr "" #: ../../networking2.rst:642 @@ -5097,7 +5097,7 @@ msgstr "" #: ../../networking2.rst:4764 # 9914db80271c45879b3763424ebbbe4e -msgid "The administrator can deploy a set of VLANs and allow users to deploy VMs on these VLANs. A guest VLAN is randomly alloted to an account from a pre-specified set of guest VLANs. All the VMs of a certain tier of an account reside on the guest VLAN allotted to that account." +msgid "The administrator can deploy a set of VLANs and allow users to deploy VMs on these VLANs. A guest VLAN is randomly allotted to an account from a pre-specified set of guest VLANs. All the VMs of a certain tier of an account reside on the guest VLAN allotted to that account." msgstr "" #: ../../networking2.rst:4770 @@ -6272,7 +6272,7 @@ msgstr "" #: ../../networking2.rst:6482 # bfaeb8a949fb4d25a618540dcc365471 # 6c6e4ac1110442ba9ec325328e96bfb8 -msgid "Naviagte to Service Offerings and choose Network OfferingPublic IP Addresses." +msgid "Navigate to Service Offerings and choose Network OfferingPublic IP Addresses." msgstr "" #: ../../networking2.rst:6185 diff --git a/source/adminguide/locale/pot/networking_and_traffic.pot b/source/adminguide/locale/pot/networking_and_traffic.pot index bad4a1a647..619619d8ee 100644 --- a/source/adminguide/locale/pot/networking_and_traffic.pot +++ b/source/adminguide/locale/pot/networking_and_traffic.pot @@ -970,7 +970,7 @@ msgstr "" #: ../../networking/ip_reservation_in_guest_networks.rst:60 # 0e5b7bff020d494b9f4e85c641380036 -msgid "You cannot apply IP Reservation if any VM is alloted with an IP address that is outside the Guest VM CIDR." +msgid "You cannot apply IP Reservation if any VM is allotted with an IP address that is outside the Guest VM CIDR." msgstr "" #: ../../networking/ip_reservation_in_guest_networks.rst:63 @@ -5088,7 +5088,7 @@ msgstr "" #: ../../networking/inter_vlan_routing.rst:37 # 3e6de8dbeba5419abdb2b03019116141 -msgid "The administrator can deploy a set of VLANs and allow users to deploy VMs on these VLANs. A guest VLAN is randomly alloted to an account from a pre-specified set of guest VLANs. All the VMs of a certain tier of an account reside on the guest VLAN allotted to that account." +msgid "The administrator can deploy a set of VLANs and allow users to deploy VMs on these VLANs. A guest VLAN is randomly allotted to an account from a pre-specified set of guest VLANs. All the VMs of a certain tier of an account reside on the guest VLAN allotted to that account." msgstr "" #: ../../networking/inter_vlan_routing.rst:43 @@ -6263,7 +6263,7 @@ msgstr "" #: ../../networking/virtual_private_cloud_config.rst:1165 # d6358f1cb80b45c6becf012d6670f0ff # 19877c93762c4d95b38bfafc90fc110c -msgid "Naviagte to Service Offerings and choose Network OfferingPublic IP Addresses." +msgid "Navigate to Service Offerings and choose Network OfferingPublic IP Addresses." msgstr "" #: ../../networking/virtual_private_cloud_config.rst:963 diff --git a/source/adminguide/locale/pot/service_offerings.pot b/source/adminguide/locale/pot/service_offerings.pot index 6edb5a3e18..ed535bc4f2 100644 --- a/source/adminguide/locale/pot/service_offerings.pot +++ b/source/adminguide/locale/pot/service_offerings.pot @@ -416,7 +416,7 @@ msgstr "" #: ../../service_offerings.rst:304 # 665e3b5c270e42979195e2837591595b -msgid "Custom IOPS. If checked, the user can set their own IOPS. If not checked, the root administrator can define values. If the root admin does not set values when using storage QoS, default values are used (the defauls can be overridden if the proper parameters are passed into CloudStack when creating the primary storage in question)." +msgid "Custom IOPS. If checked, the user can set their own IOPS. If not checked, the root administrator can define values. If the root admin does not set values when using storage QoS, default values are used (the defaults can be overridden if the proper parameters are passed into CloudStack when creating the primary storage in question)." msgstr "" #: ../../service_offerings.rst:311 diff --git a/source/adminguide/locale/pot/storage.pot b/source/adminguide/locale/pot/storage.pot index e6cdb16aec..8a9161d444 100644 --- a/source/adminguide/locale/pot/storage.pot +++ b/source/adminguide/locale/pot/storage.pot @@ -1011,7 +1011,7 @@ msgstr "" #: ../../storage.rst:685 # bc81c587ad8b4032b27d61690390e258 -msgid "With each snapshot schedule, users can also specify the number of scheduled snapshots to be retained. Older snapshots that exceed the retention limit are automatically deleted. This user-defined limit must be equal to or lower than the global limit set by the CloudStack administrator. See `“Globally Configured Limits” `_. The limit applies only to those snapshots that are taken as part of an automatic recurring snapshot policy. Additional manual snapshots can be created and retained." +msgid "With each reccurring snapshot schedule, users can also specify the number of recurring snapshots to be retained. Older snapshots that exceed the retention limit are automatically deleted. This user-defined limit must be equal to or lower than the global limit set by the CloudStack administrator. See `“Globally Configured Limits” `_. The limit applies only to those snapshots that are taken as part of an automatic recurring snapshot policy. Additional manual snapshots can be created and retained." msgstr "" #: ../../storage.rst:697 diff --git a/source/adminguide/locale/pot/troubleshooting.pot b/source/adminguide/locale/pot/troubleshooting.pot index 979a74e127..33da45dc8c 100644 --- a/source/adminguide/locale/pot/troubleshooting.pot +++ b/source/adminguide/locale/pot/troubleshooting.pot @@ -283,7 +283,7 @@ msgstr "" #: ../../troubleshooting.rst:244 # 5f383b9190f34ebcbdd6bb92b713ee21 -msgid "Below are a few troubleshooting steps to check whats going wrong with your network..." +msgid "Below are a few troubleshooting steps to check what's going wrong with your network..." msgstr "" #: ../../troubleshooting.rst:249 @@ -308,7 +308,7 @@ msgstr "" #: ../../troubleshooting.rst:271 # 417a511656394e62ab6533726322a54e -msgid "If the pings dont work, run *tcpdump(8)* all over the place to check who is gobbling up the packets. Ultimately, if the switches are not configured correctly, CloudStack networking wont work so fix the physical networking issues before you proceed to the next steps" +msgid "If the pings dont work, run *tcpdump(8)* all over the place to check who is gobbling up the packets. Ultimately, if the switches are not configured correctly, CloudStack networking won't work so fix the physical networking issues before you proceed to the next steps" msgstr "" #: ../../troubleshooting.rst:276 @@ -333,7 +333,7 @@ msgstr "" #: ../../troubleshooting.rst:321 # d7be5d89abc2416a81c2e11ae80e5c5e -msgid "KVM traffic labels require to be named as *\"cloudbr0\"*, *\"cloudbr2\"*, *\"cloudbrN\"* etc and the corresponding bridge must exist on the KVM hosts. If you create labels/bridges with any other names, CloudStack (atleast earlier versions did) seems to ignore them. CloudStack does not create the physical bridges on the KVM hosts, you need to create them **before** before adding the host to Cloudstack." +msgid "KVM traffic labels require to be named as *\"cloudbr0\"*, *\"cloudbr2\"*, *\"cloudbrN\"* etc and the corresponding bridge must exist on the KVM hosts. If you create labels/bridges with any other names, CloudStack (at least earlier versions did) seems to ignore them. CloudStack does not create the physical bridges on the KVM hosts, you need to create them **before** before adding the host to Cloudstack." msgstr "" #: ../../troubleshooting.rst:340 @@ -348,7 +348,7 @@ msgstr "" #: ../../troubleshooting.rst:385 # e75bf706d6a745c9a94ee34516e86d1f -msgid "The Internet would be accessible from both the SSVM and CPVM instances by default. Their public IPs will also be directly pingable from the Internet. Please note that these test would work only if your switches and traffic labels are configured correctly for your environment. If your SSVM/CPVM cant reach the Internet, its very unlikely that the Virtual Router (VR) can also the reach the Internet suggesting that its either a switching issue or incorrectly assigned traffic labels. Fix the SSVM/CPVM issues before you debug VR issues." +msgid "The Internet would be accessible from both the SSVM and CPVM instances by default. Their public IPs will also be directly pingable from the Internet. Please note that these test would work only if your switches and traffic labels are configured correctly for your environment. If your SSVM/CPVM can't reach the Internet, its very unlikely that the Virtual Router (VR) can also the reach the Internet suggesting that its either a switching issue or incorrectly assigned traffic labels. Fix the SSVM/CPVM issues before you debug VR issues." msgstr "" #: ../../troubleshooting.rst:417 @@ -358,12 +358,12 @@ msgstr "" #: ../../troubleshooting.rst:432 # fd961e75e43d4c48a4b779ef136e1d12 -msgid "However, the Virtual Router's (VR) Source NAT Public IP address **WONT** be reachable until appropriate Ingress rules are in place. You can add *Ingress* rules under *Network, Guest Network, IP Address, Firewall* setting page." +msgid "However, the Virtual Router's (VR) Source NAT Public IP address **WON'T** be reachable until appropriate Ingress rules are in place. You can add *Ingress* rules under *Network, Guest Network, IP Address, Firewall* setting page." msgstr "" #: ../../troubleshooting.rst:439 # 7a1ba3d03cd64a0cb60486d361453ebd -msgid "The VM Instances by default wont be able to access the Internet. Add Egress rules to permit traffic." +msgid "The VM Instances by default won't be able to access the Internet. Add Egress rules to permit traffic." msgstr "" #: ../../troubleshooting.rst:444 @@ -378,6 +378,6 @@ msgstr "" #: ../../troubleshooting.rst:454 # 5fff1dc7083a4412a9e4051f2e239180 -msgid "This section was contibuted by Shanker Balan and was originally published on `Shapeblue's blog `_" +msgid "This section was contributed by Shanker Balan and was originally published on `Shapeblue's blog `_" msgstr "" diff --git a/source/adminguide/locale/zh_CN/LC_MESSAGES/hosts.po b/source/adminguide/locale/zh_CN/LC_MESSAGES/hosts.po index 7b0786ac75..8b8abb5127 100644 --- a/source/adminguide/locale/zh_CN/LC_MESSAGES/hosts.po +++ b/source/adminguide/locale/zh_CN/LC_MESSAGES/hosts.po @@ -317,7 +317,7 @@ msgstr "使用UI选项来移除主机。" # 400a182ceace4cef87ffe6c731ea45cd #: ../../hosts.rst:171 msgid "" -"Then you may power down the Host, re-use its IP address, re-install it, etc" +"Then you may power down the Host, reuse its IP address, re-install it, etc" msgstr "然后你可以关掉主机,重用它的IP地址,重新安装系统,等等。" # b9297a05564a41f8aa6995f8f1e2265a @@ -702,7 +702,7 @@ msgstr "选择你要操作的群集,点击编辑按钮。" #: ../../hosts.rst:410 msgid "" "Fill in your desired over-provisioning multipliers in the fields CPU " -"overcommit factor and RAM overcommit factor. The value which is intially shown" +"overcommit factor and RAM overcommit factor. The value which is initially shown" " in these fields is the default value inherited from the global " "configuration settings." msgstr "在CPU overcommit ratio和RAM overcommit ratio区域里填入你希望的超配系数。这里的初始值是从全局配置设置里继承而来的。" @@ -988,7 +988,7 @@ msgid "" "network from the VNET range of the physical network when the network turns " "to Implemented state. The VLAN is released back to the VNET pool when the " "network shuts down as a part of the Network Garbage Collection. The VLAN can" -" be re-used either by the same network when it is implemented again, or by " +" be reused either by the same network when it is implemented again, or by " "any other network. On each subsequent implementation of a network, a new " "VLAN can be assigned." msgstr "同样被支持—当网络转换为运行状态是,VLAN是随机地通过物理网络的VNET范围分配给网络。当网络作为网络垃圾回收过程的一部分而关闭时,VLAN会被回收到VNET池。当网络再次启用的时候VLAN还能被其重用,或者其他网络使用。在每个新启用的网络中,都有一个新的VLAN被分配。" diff --git a/source/adminguide/locale/zh_CN/LC_MESSAGES/management.po b/source/adminguide/locale/zh_CN/LC_MESSAGES/management.po index 585e04be42..6d55fdbe2f 100644 --- a/source/adminguide/locale/zh_CN/LC_MESSAGES/management.po +++ b/source/adminguide/locale/zh_CN/LC_MESSAGES/management.po @@ -363,7 +363,7 @@ msgstr "Syslog警报详情" #: ../../management.rst:345 msgid "" "CloudStack generates a syslog message for every alert. Each syslog message " -"incudes the fields alertType, message, podId, dataCenterId, and clusterId, " +"includes the fields alertType, message, podId, dataCenterId, and clusterId, " "in the following format. If any field does not have a valid value, it will " "not be included." msgstr "CloudStack为每个警告生成一个syslog信息。每个syslog信息包含下列格式的字段alertType、message、podId、dataCenterId和clusterId。如果任何字段没有有效值的话,它将不会包含在内。" diff --git a/source/adminguide/locale/zh_CN/LC_MESSAGES/networking/inter_vlan_routing.po b/source/adminguide/locale/zh_CN/LC_MESSAGES/networking/inter_vlan_routing.po index c2517b7938..b784662c5f 100644 --- a/source/adminguide/locale/zh_CN/LC_MESSAGES/networking/inter_vlan_routing.po +++ b/source/adminguide/locale/zh_CN/LC_MESSAGES/networking/inter_vlan_routing.po @@ -53,7 +53,7 @@ msgstr "主要的优势为:" #: ../../networking/inter_vlan_routing.rst:37 msgid "" "The administrator can deploy a set of VLANs and allow users to deploy VMs on" -" these VLANs. A guest VLAN is randomly alloted to an account from a pre-" +" these VLANs. A guest VLAN is randomly allotted to an account from a pre-" "specified set of guest VLANs. All the VMs of a certain tier of an account " "reside on the guest VLAN allotted to that account." msgstr "管理可以部署一个vlans集,同时运行用户部署虚拟机在这些vlan上。从预先指定的vlan集中随机的为租户分配一个来宾vlan.租户处于同一层的所有vm处于分配给这个租户的来宾vlan." diff --git a/source/adminguide/locale/zh_CN/LC_MESSAGES/networking/ip_reservation_in_guest_networks.po b/source/adminguide/locale/zh_CN/LC_MESSAGES/networking/ip_reservation_in_guest_networks.po index 2b2be7d4e8..d7e1080722 100644 --- a/source/adminguide/locale/zh_CN/LC_MESSAGES/networking/ip_reservation_in_guest_networks.po +++ b/source/adminguide/locale/zh_CN/LC_MESSAGES/networking/ip_reservation_in_guest_networks.po @@ -93,7 +93,7 @@ msgstr "指定一个有效的客户虚拟机CIDR。只有不活动的IP在客户 # 0710411bb18c4764970dffcc49fe5dab #: ../../networking/ip_reservation_in_guest_networks.rst:60 msgid "" -"You cannot apply IP Reservation if any VM is alloted with an IP address that" +"You cannot apply IP Reservation if any VM is allotted with an IP address that" " is outside the Guest VM CIDR." msgstr "如果任一虚拟机被分配了客户虚拟机CIDR之外的IP地址时,IP预留将不能应用。" diff --git a/source/adminguide/locale/zh_CN/LC_MESSAGES/networking/virtual_private_cloud_config.po b/source/adminguide/locale/zh_CN/LC_MESSAGES/networking/virtual_private_cloud_config.po index c0efde4c74..553c3bf8c4 100644 --- a/source/adminguide/locale/zh_CN/LC_MESSAGES/networking/virtual_private_cloud_config.po +++ b/source/adminguide/locale/zh_CN/LC_MESSAGES/networking/virtual_private_cloud_config.po @@ -1820,7 +1820,7 @@ msgstr "使用用户或管理员登录到CloudStack用户界面。" # f974a014675745ceae4ebb19113bc49e #: ../../networking/virtual_private_cloud_config.rst:959 #: ../../networking/virtual_private_cloud_config.rst:1165 -msgid "Naviagte to Service Offerings and choose Network OfferingPublic IP Addresses." +msgid "Navigate to Service Offerings and choose Network OfferingPublic IP Addresses." msgstr "下拉选择方案,选择网络方案:" # 08107e25d3ae4ed5a4e72a9ef68249af diff --git a/source/adminguide/locale/zh_CN/LC_MESSAGES/networking2.po b/source/adminguide/locale/zh_CN/LC_MESSAGES/networking2.po index 2ec73d92ee..d5fb26845f 100644 --- a/source/adminguide/locale/zh_CN/LC_MESSAGES/networking2.po +++ b/source/adminguide/locale/zh_CN/LC_MESSAGES/networking2.po @@ -1046,7 +1046,7 @@ msgstr "指定一个有效的客户虚拟机CIDR。只有不活动的IP在客户 # 7cd262eb2864435f953ba2f8d9b2e0a0 #: ../../networking2.rst:637 msgid "" -"You cannot apply IP Reservation if any VM is alloted with an IP address that" +"You cannot apply IP Reservation if any VM is allotted with an IP address that" " is outside the Guest VM CIDR." msgstr "如果任一虚拟机被分配了客户虚拟机CIDR之外的IP地址时,IP预留将不能应用。" @@ -6338,7 +6338,7 @@ msgstr "主要的优势为:" #: ../../networking2.rst:4764 msgid "" "The administrator can deploy a set of VLANs and allow users to deploy VMs on" -" these VLANs. A guest VLAN is randomly alloted to an account from a pre-" +" these VLANs. A guest VLAN is randomly allotted to an account from a pre-" "specified set of guest VLANs. All the VMs of a certain tier of an account " "reside on the guest VLAN allotted to that account." msgstr "管理可以部署一个vlans集,同时运行用户部署虚拟机在这些vlan上。从预先指定的vlan集中随机的为租户分配一个来宾vlan.租户处于同一层的所有vm处于分配给这个租户的来宾vlan." @@ -7792,7 +7792,7 @@ msgstr "使用用户或管理员登录到CloudStack用户界面。" # bfaeb8a949fb4d25a618540dcc365471 # 6c6e4ac1110442ba9ec325328e96bfb8 #: ../../networking2.rst:6177 ../../networking2.rst:6482 -msgid "Naviagte to Service Offerings and choose Network OfferingPublic IP Addresses." +msgid "Navigate to Service Offerings and choose Network OfferingPublic IP Addresses." msgstr "下拉选择方案,选择网络方案:" # 7d4dc49f6e224caa9bee24da2b622a4c diff --git a/source/adminguide/locale/zh_CN/LC_MESSAGES/networking_and_traffic.po b/source/adminguide/locale/zh_CN/LC_MESSAGES/networking_and_traffic.po index ec94b4aa4e..ae047772c5 100644 --- a/source/adminguide/locale/zh_CN/LC_MESSAGES/networking_and_traffic.po +++ b/source/adminguide/locale/zh_CN/LC_MESSAGES/networking_and_traffic.po @@ -1127,7 +1127,7 @@ msgstr "指定一个有效的客户虚拟机CIDR。只有不活动的IP在客户 # 0e5b7bff020d494b9f4e85c641380036 #: ../../networking/ip_reservation_in_guest_networks.rst:60 msgid "" -"You cannot apply IP Reservation if any VM is alloted with an IP address that" +"You cannot apply IP Reservation if any VM is allotted with an IP address that" " is outside the Guest VM CIDR." msgstr "如果任一虚拟机被分配了客户虚拟机CIDR之外的IP地址时,IP预留将不能应用。" @@ -6544,7 +6544,7 @@ msgstr "主要的优势为:" #: ../../networking/inter_vlan_routing.rst:37 msgid "" "The administrator can deploy a set of VLANs and allow users to deploy VMs on" -" these VLANs. A guest VLAN is randomly alloted to an account from a pre-" +" these VLANs. A guest VLAN is randomly allotted to an account from a pre-" "specified set of guest VLANs. All the VMs of a certain tier of an account " "reside on the guest VLAN allotted to that account." msgstr "管理可以部署一个vlans集,同时运行用户部署虚拟机在这些vlan上。从预先指定的vlan集中随机的为租户分配一个来宾vlan.租户处于同一层的所有vm处于分配给这个租户的来宾vlan." @@ -8012,7 +8012,7 @@ msgstr "使用用户或管理员登录到CloudStack用户界面。" # 19877c93762c4d95b38bfafc90fc110c #: ../../networking/virtual_private_cloud_config.rst:959 #: ../../networking/virtual_private_cloud_config.rst:1165 -msgid "Naviagte to Service Offerings and choose Network OfferingPublic IP Addresses." +msgid "Navigate to Service Offerings and choose Network OfferingPublic IP Addresses." msgstr "下拉选择方案,选择网络方案:" # 34b1dc57da234cfcbef32cbb10126c3c diff --git a/source/adminguide/locale/zh_CN/LC_MESSAGES/service_offerings.po b/source/adminguide/locale/zh_CN/LC_MESSAGES/service_offerings.po index b4f468837e..70fa95b6fb 100644 --- a/source/adminguide/locale/zh_CN/LC_MESSAGES/service_offerings.po +++ b/source/adminguide/locale/zh_CN/LC_MESSAGES/service_offerings.po @@ -567,7 +567,7 @@ msgstr "QoS 类型。三种可选:空 ( 无服务质量), hypervisor msgid "" "Custom IOPS. If checked, the user can set their own IOPS. If not checked, " "the root administrator can define values. If the root admin does not set " -"values when using storage QoS, default values are used (the defauls can be " +"values when using storage QoS, default values are used (the defaults can be " "overridden if the proper parameters are passed into CloudStack when creating" " the primary storage in question)." msgstr "订制 IOPS 。 如选中,用户可以设置自己的 IOPS。如未被选中,root 管理员则能够定义该值。如果使用存储 QoS时,root 管理员没有设置该值,则采用默认值(如果创建主存储时考虑到对应的参数被传递到 CloudStack 中,则默认值将被覆盖)" diff --git a/source/adminguide/locale/zh_CN/LC_MESSAGES/troubleshooting.po b/source/adminguide/locale/zh_CN/LC_MESSAGES/troubleshooting.po index b042c29a71..4a8e5409f2 100644 --- a/source/adminguide/locale/zh_CN/LC_MESSAGES/troubleshooting.po +++ b/source/adminguide/locale/zh_CN/LC_MESSAGES/troubleshooting.po @@ -338,7 +338,7 @@ msgstr "故障排查网络传输" # 5f383b9190f34ebcbdd6bb92b713ee21 #: ../../troubleshooting.rst:244 msgid "" -"Below are a few troubleshooting steps to check whats going wrong with your " +"Below are a few troubleshooting steps to check what's going wrong with your " "network..." msgstr "在下列故障排查步骤中检验你网络中出现的故障..." @@ -370,7 +370,7 @@ msgstr "在*host2 (kvm2)*上" msgid "" "If the pings dont work, run *tcpdump(8)* all over the place to check who is " "gobbling up the packets. Ultimately, if the switches are not configured " -"correctly, CloudStack networking wont work so fix the physical networking " +"correctly, CloudStack networking won't work so fix the physical networking " "issues before you proceed to the next steps" msgstr "如果ping不通,运行 *tcpdump(8)*在所有VLAN上检查丢失的数据包。最终,如果交换机配置失败,CloudStack网络将无法工作,所以在处理下一部前要确定物理网络设备的问题。" @@ -407,7 +407,7 @@ msgstr "列出正在使用的*CloudMonkey*" msgid "" "KVM traffic labels require to be named as *\"cloudbr0\"*, *\"cloudbr2\"*, " "*\"cloudbrN\"* etc and the corresponding bridge must exist on the KVM hosts." -" If you create labels/bridges with any other names, CloudStack (atleast " +" If you create labels/bridges with any other names, CloudStack (at least " "earlier versions did) seems to ignore them. CloudStack does not create the " "physical bridges on the KVM hosts, you need to create them **before** before" " adding the host to Cloudstack." @@ -440,7 +440,7 @@ msgid "" "The Internet would be accessible from both the SSVM and CPVM instances by " "default. Their public IPs will also be directly pingable from the Internet. " "Please note that these test would work only if your switches and traffic " -"labels are configured correctly for your environment. If your SSVM/CPVM cant" +"labels are configured correctly for your environment. If your SSVM/CPVM can't" " reach the Internet, its very unlikely that the Virtual Router (VR) can also" " the reach the Internet suggesting that its either a switching issue or " "incorrectly assigned traffic labels. Fix the SSVM/CPVM issues before you " @@ -458,16 +458,16 @@ msgstr "除非有些Egress规则,Virtual Router(VR)也是不能到达Internet # fd961e75e43d4c48a4b779ef136e1d12 #: ../../troubleshooting.rst:432 msgid "" -"However, the Virtual Router's (VR) Source NAT Public IP address **WONT** be " +"However, the Virtual Router's (VR) Source NAT Public IP address **WON'T** be " "reachable until appropriate Ingress rules are in place. You can add " "*Ingress* rules under *Network, Guest Network, IP Address, Firewall* setting" " page." -msgstr "尽管如此,Virtual Router(VR) Source NAT Pulic IP地址除非有近似的Ingress规则在此,要么**WONT** 达到。你可以添加 *Ingress* rules under *Network, Guest Network, IP Address, Firewall* 设置页。" +msgstr "尽管如此,Virtual Router(VR) Source NAT Pulic IP地址除非有近似的Ingress规则在此,要么**WON'T** 达到。你可以添加 *Ingress* rules under *Network, Guest Network, IP Address, Firewall* 设置页。" # 7a1ba3d03cd64a0cb60486d361453ebd #: ../../troubleshooting.rst:439 msgid "" -"The VM Instances by default wont be able to access the Internet. Add Egress " +"The VM Instances by default won't be able to access the Internet. Add Egress " "rules to permit traffic." msgstr "默认的VM Instances不能够连接Internet。添加Egress规则后可允许连接。" @@ -491,7 +491,7 @@ msgstr "在海量的实例中,问题会出现在交换层,原因是L3的配 # 5fff1dc7083a4412a9e4051f2e239180 #: ../../troubleshooting.rst:454 msgid "" -"This section was contibuted by Shanker Balan and was originally published on" +"This section was contributed by Shanker Balan and was originally published on" " `Shapeblue's blog `_" msgstr "这些内容有Shanker Balan贡献,其原文发布在`Shapeblue'博客中`_" diff --git a/source/adminguide/management.rst b/source/adminguide/management.rst index 87d2212289..bdaedac062 100644 --- a/source/adminguide/management.rst +++ b/source/adminguide/management.rst @@ -231,6 +231,48 @@ Emails will be sent to administrators under the following circumstances: - The Host cluster runs low on CPU, memory, or storage resources +The following global settings are available to configure Alerts via SMTP. + +.. list-table:: Management Alerts Global Settings + :header-rows: 1 + + * - Global setting + - Default + - Description + * - ``alert.smtp.host`` + - `null` + - SMTP hostname used for sending out email alerts. + * - ``alert.smtp.port`` + - `465` + - Port the SMTP server is listening on. + * - ``alert.smtp.useAuth`` + - `false` + - If true, use SMTP authentication when sending emails. + * - ``alert.smtp.username`` + - `null` + - Username for SMTP authentication (applies only if alert.smtp.useAuth is true). + * - ``alert.smtp.password`` + - `null` + - Password for SMTP authentication (applies only if alert.smtp.useAuth is true). + * - ``alert.smtp.useStartTLS`` + - `false` + - If set to true and if we enable security via alert.smtp.useAuth, this will enable StartTLS to secure the connection. + * - ``(alert.smtp.enabledSecurityProtocols`` + - `null` + - White-space separated security protocols; ex: "TLSv1 TLSv1.1". Supported protocols: SSLv2Hello, SSLv3, TLSv1, TLSv1.1 and TLSv1.2 + * - ``alert.smtp.connectiontimeout`` + - `30000` + - Socket connection timeout value in milliseconds. -1 for infinite timeout. + * - ``alert.smtp.timeout`` + - `30000` + - Socket I/O timeout value in milliseconds. -1 for infinite timeout. + * - ``alert.email.addresses`` + - `null` + - Comma separated list of email addresses which are going to receive alert emails. + * - ``alert.email.sender`` + - `null` + - Sender of alert email (will be in the From header of the email). + Sending Alerts to External SNMP and Syslog Managers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -246,116 +288,96 @@ The alerts which can be sent are: The following is the list of alert type numbers. The current alerts can be found by calling listAlerts. -:: - - MEMORY = 0 // Available Memory below configured threshold - -:: - - CPU = 1 // Unallocated CPU below configured threshold - -:: - - STORAGE =2 // Available Storage below configured threshold - -:: - - STORAGE_ALLOCATED = 3 // Remaining unallocated Storage is below configured threshold - -:: - - PUBLIC_IP = 4 // Number of unallocated virtual Network public IPs is below configured threshold - -:: - - PRIVATE_IP = 5 // Number of unallocated private IPs is below configured threshold - -:: - - SECONDARY_STORAGE = 6 // Available Secondary Storage in availability zone is below configured threshold - -:: - - HOST = 7 // Host related alerts like host disconnected - -:: - - USERVM = 8 // User Instance stopped unexpectedly - -:: - - DOMAIN_ROUTER = 9 // Domain Router VM stopped unexpectedly - -:: - - CONSOLE_PROXY = 10 // Console Proxy VM stopped unexpectedly - -:: - - ROUTING = 11 // Lost connection to default route (to the gateway) - -:: - - STORAGE_MISC = 12 // Storage issue in system VMs - -:: - - USAGE_SERVER = 13 // No usage server process running - -:: - - MANAGMENT_NODE = 14 // Management Network CIDR is not configured originally - -:: - - DOMAIN_ROUTER_MIGRATE = 15 // Domain Router VM Migration was unsuccessful - -:: - - CONSOLE_PROXY_MIGRATE = 16 // Console Proxy VM Migration was unsuccessful - -:: - - USERVM_MIGRATE = 17 // User Instance Migration was unsuccessful - -:: - - VLAN = 18 // Number of unallocated VLANs is below configured threshold in availability zone - -:: - - SSVM = 19 // SSVM stopped unexpectedly - -:: - - USAGE_SERVER_RESULT = 20 // Usage job failed - -:: - - STORAGE_DELETE = 21 // Failed to delete storage pool - -:: - - UPDATE_RESOURCE_COUNT = 22 // Failed to update the resource count - -:: - - USAGE_SANITY_RESULT = 23 // Usage Sanity Check failed - -:: - - DIRECT_ATTACHED_PUBLIC_IP = 24 // Number of unallocated shared Network IPs is low in availability zone - -:: - - LOCAL_STORAGE = 25 // Remaining unallocated Local Storage is below configured threshold - -:: - - RESOURCE_LIMIT_EXCEEDED = 26 //Generated when the resource limit exceeds the limit. Currently used for recurring Snapshots only - - -You can also display the most up to date list by calling the API command ``listAlerts``. +.. list-table:: List of Alerts + :header-rows: 1 + + * - Type Number + - Name + - Description + * - `0` + - ``MEMORY`` + - Available Memory below configured threshold + * - `1` + - ``CPU`` + - Unallocated CPU below configured threshold + * - `2` + - ``STORAGE`` + - Available Storage below configured threshold + * - `3` + - ``STORAGE_ALLOCATED`` + - Remaining unallocated Storage is below configured threshold + * - `4` + - ``PUBLIC_IP`` + - Number of unallocated virtual Network public IPs is below configured threshold + * - `5` + - ``PRIVATE_IP`` + - Number of unallocated private IPs is below configured threshold + * - `6` + - ``SECONDARY_STORAGE`` + - Available Secondary Storage in availability zone is below configured threshold + * - `7` + - ``HOST`` + - Host related alerts like host disconnected + * - `8` + - ``USERVM`` + - User Instance stopped unexpectedly + * - `9` + - ``DOMAIN_ROUTER`` + - Domain Router VM stopped unexpectedly + * - `10` + - ``CONSOLE_PROXY`` + - Console Proxy VM stopped unexpectedly + * - `11` + - ``ROUTING`` + - Lost connection to default route (to the gateway) + * - `12` + - ``STORAGE_MISC`` + - Storage issue in system VMs + * - `13` + - ``USAGE_SERVER`` + - No usage server process running + * - `14` + - ``MANAGEMENT_NODE`` + - Management Network CIDR is not configured originally + * - `15` + - ``DOMAIN_ROUTER_MIGRATE`` + - Domain Router VM Migration was unsuccessful + * - `16` + - ``CONSOLE_PROXY_MIGRATE`` + - Console Proxy VM Migration was unsuccessful + * - `17` + - ``USERVM_MIGRATE`` + - User Instance Migration was unsuccessful + * - `18` + - ``VLAN`` + - Number of unallocated VLANs is below configured threshold in availability zone + * - `19` + - ``SSVM`` + - SSVM stopped unexpectedly + * - `20` + - ``USAGE_SERVER_RESULT`` + - Usage job failed + * - `21` + - ``STORAGE_DELETE`` + - Failed to delete storage pool + * - `22` + - ``UPDATE_RESOURCE_COUNT`` + - Failed to update the resource count + * - `23` + - ``USAGE_SANITY_RESULT`` + - Usage Sanity Check failed + * - `24` + - ``DIRECT_ATTACHED_PUBLIC_IP`` + - Number of unallocated shared Network IPs is low in availability zone + * - `25` + - ``LOCAL_STORAGE`` + - Remaining unallocated Local Storage is below configured threshold + * - `26` + - ``RESOURCE_LIMIT_EXCEEDED`` + - Generated when the resource limit exceeds the limit. Currently used for recurring Snapshots only + + +You can also display the most up to date list by calling the API command ``listAlerts`` or unsing CLoudMonkey ``cmk list alerts``. SNMP Alert Details @@ -371,7 +393,7 @@ Syslog Alert Details ^^^^^^^^^^^^^^^^^^^^ CloudStack generates a syslog message for every alert. Each syslog -message incudes the fields alertType, message, podId, dataCenterId, and +message includes the fields alertType, message, podId, dataCenterId, and clusterId, in the following format. If any field does not have a valid value, it will not be included. @@ -624,7 +646,7 @@ cluster.heartbeat.threshold Threshold (in milliseconds) before self- ======================================= ======================== .. note:: - - Every 60 seconds (configuable via management.server.stats.interval setting) each management server collects its statistics and publishs to all other management server peers. When other management server receives the published stats, it will set the peer state (owner is the receiver and peer is the sender) to Up. + - Every 60 seconds (configurable via management.server.stats.interval setting) each management server collects its statistics and publishes to all other management server peers. When other management server receives the published stats, it will set the peer state (owner is the receiver and peer is the sender) to Up. - Every 1.5 seconds (configurable via cluster.heartbeat.interval), each management server writes heartbeat to CloudStack database, and check the stats of other management servers. - If in the past 150 seconds (configurable via cluster.heartbeat.threshold), a management server does not write heartbeat and its peer states, its state and peer states will be set to Down by other management servers. - In case a management server cannot write heartbeat to the database due to connection issue to the database, the host is set to Down state by other management server, when the database connection is restored, the management server will perform self-fencing and exit with code 219. diff --git a/source/adminguide/nas_plugin.rst b/source/adminguide/nas_plugin.rst index fd42fd3900..1c7b892e49 100644 --- a/source/adminguide/nas_plugin.rst +++ b/source/adminguide/nas_plugin.rst @@ -27,15 +27,18 @@ instances to any shared storage (NAS). It is based on `libvirt push backup mode to take full instance backups (qcow2) and requires libvirt-7.2.0 and QEMU-4.2, or high versions on the KVM hosts. +Currently, only backup of VMs from the NFS, CEPH, File-based Shared Mountpoint +and Local Storage based Primary Storage are tested to work. All other Primary Storages +are not tested, backups on them may not work. + The NAS B&R plugin requires admin to first add backup repositories which are -network-attached storage (shared storage). Currently it supports NFS, and may -support other shared storage such as CephFS and CIFS/Samba in future. +network-attached storage (shared storage). It supports NFS, CIFS/Samba and CephFS. When initiating B&R operations on KVM instance, the assigned backup offering is used to infer backup repository (NAS) details which are then used to mount -the shared storage temporarily on the KVM host to peform instance backup/restore +the shared storage temporarily on the KVM host to perform instance backup/restore disks operations. This also requires that admin installs NAS-storage specific -utilities on the KVM hosts such as nfs-utils/nfs-common (ceph-common, cifs-utils). +utilities on the KVM hosts such as nfs-utils/nfs-common, ceph-common and cifs-utils. Consider the following mount, typically performed on a KVM/Linux host to mount storage: @@ -67,24 +70,56 @@ backup.framework.enabled true backup.framework.provider.plugin nas ================================= ======================== -Once the above two configurations are set, restart the cloudstack-management service. Once the service is restarted we can add the backup repository for the 'nas' Backup and Recovery plugin. -Navigate to the configuration -> Backup Repository. Click on 'Add Backup Repository' and fill the form. +Once the above two configurations are set, restart the cloudstack-management service. After restart check the Settings of the Zone where you want to enable NAS backups - make sure that the "backup.framework.enabled"="true" on the Setting tab of the Zone. Once this is done, we can add the backup repository for the 'nas' Backup and Recovery plugin. +Navigate to the Infrastructure -> Backup Repository. Click on 'Add Backup Repository' and fill the form. =================== ======================== Field Value =================== ======================== Name A suitable name to represent the Backup Repository Address URL, in case of NFS :/path -Type NFS ( only NFS type in 4.20) -label.mountopts Any mount point options to be passed while mouting this storage on the hypervisor. +Type NFS / CIFS / CEPH +Mount options Any mount point options to be passed while mounting this storage on the hypervisor. Zone The zone in CloudStack with which this Backup Repository must be associated. =================== ======================== -.. image:: /_static/images/B&R-Backup-Respository.png +.. image:: /_static/images/B&R-Backup-Repository.png :align: center :alt: NAS Backup repository -Once the Backup Repository is created, we need to add a Backup Offering, in this plugin the Backup offering is a placeholder to associate an instance to a Backup Repository. While creating the Backup Offering, select the desired Backup Repository. Associate the Backup Offering on an instance to create an Adhoc or scheduled backup. +Pay attention to the "Name" given to this repository, as you will have to specify this in the "External ID" field when creating Backup Offerings (Importing backup offering) + +Once the Backup Repository is created, we need to add a Backup Offering, in this plugin the Backup offering is a placeholder to associate an instance to a Backup Repository. While creating the Backup Offering, select the desired Backup Repository. Associate the Backup Offering on an instance to create an Adhoc or scheduled backup. + +For the "External ID", please specify the name of the previously created backup repository. + +.. image:: /_static/images/B&R-Backup-Offerings.png + :align: center + :alt: NAS Backup offerings + +After this has been done, you can go to any Instance view and there will be buttons available for either ad-hoc backup or a scheduled backup of the VM + +Quiesce (Filesystem Freeze and Thaw) +------------------------------------ + +Users can set quiesce to true while creating a backup or a backup schedule. +When a backup is initiated with quiesce enabled, CloudStack uses QEMU guest agent +to freeze the filesystem before starting backup. This operation flushes all dirty +filesystem buffers to disk and quiesces new writes. The filesystem is then thawed +immediately after the backup process starts, keeping the freezing window very short. + +|NASB&R-quiesceInstance.png| + +This enhancement brings the NAS backup plugin from crash-consistent backups closer to +application-consistent backups. + +Points to note: + +#. The feature requires qemu-guest-agent to be installed and running on the guest instance. +#. This method does not capture the memory state of the guest. Any data held in application memory + that hasn’t been flushed to disk prior to the filesystem freeze will not be captured. +#. For fully application-consistent backups, guest applications must implement pre-freeze hooks + to flush their internal state to disk before the filesystem is frozen. Support Information and Limitation ---------------------------------- @@ -96,8 +131,10 @@ such as OpenSUSE 15, Debian 11 and Debian 12. Instance backups are full disk backups and limited by libvirt's ability to initiate and handle backup. All such backups are exported and stored in qcow2 -format. Due to this, restore operation are supported for volumes of type qcow2 -and limited to NFS and local storage based primary storage pools. +format only. Due to this, restore operation for volumes of type raw, on CEPH based +primary storage pools, are converted from qcow2 to raw format using qemu-img convert. +Restore operation for volumes of type qcow2, on NFS and Local Storage based primary +storage pools, does not need such conversion as these can be directly copied. For running instances, their disks (of any format/storage type) are backed up by libvirtd's push based efficient-backup mechanism exported as qcow2 disks on the @@ -107,10 +144,13 @@ For stopped instances, `qemu-img` is used to convert and export full-disk backup in qcow2 format to the backup repository. For restore operations, the KVM instance must be stopped in CloudStack. -Currently, only volume(s) restoration is supported only to NFS and local storage -based primary storage pools, and restored volumes are fully baked disks (i.e. +Currently, only volume(s) restoration is supported only to NFS, CEPH, File-based Shared Mountpoint +and Local Storage based primary storage pools, and restored volumes are fully backed disks (i.e. not using any backing template file). -Restoring fully expunged and unmanaged instances are not supported. Backup and -restore operations are not fully supported for CKS cluster instances and should +Backup and restore operations are not fully supported for CKS cluster instances and should be avoided. + +.. |NASB&R-quiesceInstance.png| image:: /_static/images/NASB&R-quiesceInstance.png + :alt: Quiesce option while creating backups. + :width: 400 px diff --git a/source/adminguide/networking.rst b/source/adminguide/networking.rst index df18c7547d..f0cf3c1de0 100644 --- a/source/adminguide/networking.rst +++ b/source/adminguide/networking.rst @@ -106,7 +106,7 @@ IP addresses. - CloudStack does not assign IP addresses to instances. -- Userdata and metadata can be passed to the instance using a config drive +- User Data and metadata can be passed to the instance using a config drive (which must be enabled in the network service offering) Example GUI dialog box (for a regular user account) is shown below: @@ -367,8 +367,8 @@ To create a network offering: been configured in the cloud. VPN For more information, see `“Remote Access Supported Not Supported VPN” `_. - User Data For more information, see `“User Data and Meta Not Supported Supported - Data” `_. + User Data For more information, see `“User Data and Metadata Not Supported Supported + ” `_. Network ACL For more information, see `“Configuring Network Access Control List Supported Not Supported ” `_. Security Groups For more information, see `“Adding a Security Not Supported Supported diff --git a/source/adminguide/networking/advanced_zone_config.rst b/source/adminguide/networking/advanced_zone_config.rst index 82af5065fd..558c001272 100644 --- a/source/adminguide/networking/advanced_zone_config.rst +++ b/source/adminguide/networking/advanced_zone_config.rst @@ -70,7 +70,7 @@ configure the base guest Network: - **IPv6 DNS**: A set of custom IPv6 DNS that will be used by the guest Network. If not provided then IPv6 DNS specified for the zone will be used. Available only when the selected Network offering is IPv6 enabled and supports DNS service. - - **IPv4 address for the VR in this Network**: The source NAT address or primary public Network address to use by the guest Network. If not provided then a random address from the available pool of addresses wil be used. + - **IPv4 address for the VR in this Network**: The source NAT address or primary public Network address to use by the guest Network. If not provided then a random address from the available pool of addresses will be used. - **Network Domain**: A custom DNS suffix at the level of a Network. If you want to assign a special domain name to the Guest Instance Network, specify a @@ -82,6 +82,7 @@ configure the base guest Network: .. note:: * In security groups-enabled Advanced zones and Basic zones, creation of VPC and isolated Networks are not supported. * MTU options will be shown in the UI and considered only when zone configuration - `allow.end.users.to.specify.vr.mtu` is set to true. Maximum allowed values for public and private MTU can be controlled by zone-level configurations, `vr.public.interface.max.mtu` and `vr.private.interface.max.mtu` respectively. + * We can configure a zone with multiple Physical Networks having guest traffic type. In such zones, we need to tag the additional Physical networks. We must have one Physical Network that is not tagged for isolated/L2 network offerings not configured with any tags. For example the default network offerings. Configure Public Traffic in an Advanced Zone ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/adminguide/networking/dynamic_static_routing.rst b/source/adminguide/networking/dynamic_static_routing.rst index f86497ed4b..701ab1dbc4 100644 --- a/source/adminguide/networking/dynamic_static_routing.rst +++ b/source/adminguide/networking/dynamic_static_routing.rst @@ -40,8 +40,8 @@ About Network Mode Network mode indicates the mode with which the isolated network or VPC will operate. There are two valid options -- NATTED. This is the default network mode of isolated networks. The VR of isolated networks and VPCs provides Source NAT services, as well as Static NAT, Load Balancer, Port Forwarding, Vpn if the network offering supports. -- ROUTED. For isolated networks in ROUTED mode, the VR no longer supports Source NAT, Static NAT, Load Balancer, Port Forwarding and Vpn. The supported services are Dns, Dhcp, Userdata, Firewall (for isolated networks) and Network ACL (for vpc and vpc networks). +- NATTED. This is the default network mode of isolated networks. The VR of isolated networks and VPCs provides Source NAT services, as well as Static NAT, Load Balancer, Port Forwarding, VPN if the network offering supports. +- ROUTED. For isolated networks in ROUTED mode, the VR no longer supports Source NAT, Static NAT, Load Balancer, Port Forwarding and VPN. The supported services are DNS, DHCP, User data, Firewall (for isolated networks) and Network ACL (for VPC and VPC networks). About Routing mode @@ -253,7 +253,7 @@ For more information, see `“CloudStack Kubernetes Service” <../plugins/cloud .. |manage-ipv4-subnets-for-zone.png| image:: /_static/images/manage-ipv4-subnets-for-zone.png - :alt: Manage IPv4 subnets for zoone + :alt: Manage IPv4 subnets for zone .. |manage-ipv4-subnets-for-networks.png| image:: /_static/images/manage-ipv4-subnets-for-networks.png :alt: Manage IPv4 subnets for guest networks diff --git a/source/adminguide/networking/external_firewalls_and_load_balancers.rst b/source/adminguide/networking/external_firewalls_and_load_balancers.rst index eae69281b8..a753886c6c 100644 --- a/source/adminguide/networking/external_firewalls_and_load_balancers.rst +++ b/source/adminguide/networking/external_firewalls_and_load_balancers.rst @@ -291,6 +291,11 @@ Adding a Load Balancer Rule algorithm for the stickiness policy. See Sticky Session Policies for Load Balancer Rules. + - **Protocol**: The protocol for the Load Balancer Rule such as tcp, udp, tcp-proxy or ssl. + + - **SSL Certificate**: The SSL certificate assigned to the Load Balancer Rule. + This is visible only when protocol is ssl. See :ref:`conf-ssl-cert`. + - **AutoScale**: Click Configure and complete the AutoScale configuration as explained in :ref:`conf-autoscale`. @@ -470,6 +475,70 @@ For details on how to set a health check policy using the UI, see :ref:`adding-lb-rule`. +.. _conf-ssl-cert: + +Configuring SSL Certificate for Load Balancer Rules +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +SSL Offloading allows load balancers to handle encryption and decryption of +HTTP(s) traffic giving plain text HTTP to the back end servers freeing them +from the resource intensive task of handling encryption and decryption. +SSL Offloading supports CloudStack Virtual Router since Apache CloudStack 4.22.0. + +- Upload SSL certificates + +SSL certificate is required for SSL offloading feature. As the first step, users +need to upload SSL certificates for the accounts or projects. + +|ssl-certificate-account.png| + +Click "Upload SSL Certificate" button, input the following fields in the dialog, click "Submit" + + * Name: the name of the SSL certificate. This is required. + * Certificate: the SSL certificate. This is required. + * Private Key: the private key of the SSL certificate. This is required. + * Certificate chain: the ROOT CA and intermediate certificate(s) of the SSL certificate. Please input if exist, otherwise the SSL certificate might not work. + * Password: the password of the private key. Currently it is unsupported when use CloudStack Virtual Router for SSL offloading. + * Revocation check: Whether enables revocation checking for certificates. Please do not check if self-signed SSL certificate. + +|ssl-certificate-upload.png| + +Users can view or remove the SSL certificates on the same page. + +|ssl-certificate-list.png| + +For projects, go to the project page and click "Certificates" tab + +|ssl-certificate-project.png| + +- Create Load balancer rule with SSL Certificate + +SSL certificate can be configured only when the protocol of load balancer rule is ssl. + +|ssl-certificate-new-lb-rule.png| + +Click "SSL certificate" button, select a SSL certificate, click "OK" + +|ssl-certificate-new-lb-rule-select.png| + +- Assign SSL certificate to existing Load balancer rule + +If the load balancer rule has been created without SSL certificate, update protocol to SSL if it is not + +|ssl-certificate-update-lb-rule-protocol.png| + +Click "Manage" button under the "SSL certificate" field, select a SSL certificate, +click "Replace" or "Assign" button to assign a new SSL certificate. + +|ssl-certificate-update-lb-rule-ssl-cert.png| + +User can remove the SSL certificate from load balancer rule by clicking "Remove" button. + +.. note:: + Since SSL offloading increases CPU utilization on the load balancer, + please allocate more resources to the Virtual Router when expecting high traffic. + + .. _conf-autoscale: Configuring AutoScale @@ -735,3 +804,19 @@ Runtime Considerations :alt: Configuring AutoScale. .. |EnableDisable.png| image:: /_static/images/enable-disable-autoscale.png :alt: button to enable or disable AutoScale. +.. |ssl-certificate-account.png| image:: /_static/images/ssl-certificate-account.png + :alt: Manage certificates for account. +.. |ssl-certificate-upload.png| image:: /_static/images/ssl-certificate-upload.png + :alt: Upload SSL certificate for account. +.. |ssl-certificate-list.png| image:: /_static/images/ssl-certificate-list.png + :alt: List of certificates for account. +.. |ssl-certificate-project.png| image:: /_static/images/ssl-certificate-project.png + :alt: Manage certificates for project. +.. |ssl-certificate-new-lb-rule.png| image:: /_static/images/ssl-certificate-new-lb-rule.png + :alt: Create load balancer rule with SSL protocol +.. |ssl-certificate-new-lb-rule-select.png| image:: /_static/images/ssl-certificate-new-lb-rule-select.png + :alt: Select SSL certificate for new load balancer rule. +.. |ssl-certificate-update-lb-rule-protocol.png| image:: /_static/images/ssl-certificate-update-lb-rule-protocol.png + :alt: Update protocol of load balancer rule to SSL. +.. |ssl-certificate-update-lb-rule-ssl-cert.png| image:: /_static/images/ssl-certificate-update-lb-rule-ssl-cert.png + :alt: Manage certificates of load balancer rule. diff --git a/source/adminguide/networking/ip_reservation_in_guest_networks.rst b/source/adminguide/networking/ip_reservation_in_guest_networks.rst index 32d4aff035..87bb13466d 100644 --- a/source/adminguide/networking/ip_reservation_in_guest_networks.rst +++ b/source/adminguide/networking/ip_reservation_in_guest_networks.rst @@ -57,7 +57,7 @@ machines: - Specify a valid Guest instance CIDR. IP Reservation is applied only if no active IPs exist outside the Guest instance CIDR. - You cannot apply IP Reservation if any instance is alloted with an IP + You cannot apply IP Reservation if any instance is allotted with an IP address that is outside the Guest instance CIDR. - To reset an existing IP Reservation, apply IP reservation by @@ -90,7 +90,7 @@ Limitations - Upgrading network offering which causes a change in CIDR (such as upgrading an offering with no external devices to one with external devices) IP Reservation becomes void if any. Reconfigure IP - Reservation in the new re-implemeted network. + Reservation in the new re-implemented network. Best Practices diff --git a/source/adminguide/networking/isolation_in_advanced_zone_with_vlan.rst b/source/adminguide/networking/isolation_in_advanced_zone_with_vlan.rst index 46e438fd09..d1a0945aab 100644 --- a/source/adminguide/networking/isolation_in_advanced_zone_with_vlan.rst +++ b/source/adminguide/networking/isolation_in_advanced_zone_with_vlan.rst @@ -20,7 +20,7 @@ Isolation in Advanced Zone Using Private VLANs About PVLANs (Secondary VLANs) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The clasic use-case for PVLANs is a shared backup network, where you wish all users' +The classic use-case for PVLANs is a shared backup network, where you wish all users' hosts to be able to communicate with a backup host, but not with each other. |pvlans.png| diff --git a/source/adminguide/networking/multiple_subnets_in_shared_network.rst b/source/adminguide/networking/multiple_subnets_in_shared_network.rst index bd7087f723..07936f0432 100644 --- a/source/adminguide/networking/multiple_subnets_in_shared_network.rst +++ b/source/adminguide/networking/multiple_subnets_in_shared_network.rst @@ -95,6 +95,8 @@ Adding Multiple Subnets to a Shared Network defaulted to the vlan of the network or if vlan of the network is null - to Untagged +.. note:: If the VNI is of a VXLAN, the protocol prefix `vxlan://` must be used, like in `vxlan://` + #. Click OK. diff --git a/source/adminguide/networking/remote_access_vpn.rst b/source/adminguide/networking/remote_access_vpn.rst index ffa45823e9..95384c27cc 100644 --- a/source/adminguide/networking/remote_access_vpn.rst +++ b/source/adminguide/networking/remote_access_vpn.rst @@ -133,7 +133,7 @@ To enable VPN for a VPC: - Site-to-Site VPNs - - Network ACL Lists + - Network ACLs #. In the Router node, select Public IP Addresses. @@ -156,4 +156,19 @@ Now, you need to add the VPN users. #. Click Add. -#. Repeat the same steps to add the VPN users. \ No newline at end of file +#. Repeat the same steps to add the VPN users. + +Limitations of Remote Access VPN +-------------------------------- + +CloudStack's Remote Access VPN feature (L2TP over IPsec with pre-shared key) is subject to certain limitations: + +- **Single connection per source IP/CIDR:** + Due to the use of StrongSwan in the virtual router implementation, CloudStack does not support multiple simultaneous VPN connections originating from the same source public IP or NAT'ed subnet. + This means that if multiple users are behind the same NAT (e.g., office network or shared IP), only one of them can connect at a time. Additional connection attempts will fail until the first session is disconnected. + +- **No support for overlapping subnets by the VPN:** + Remote Access VPN does not provide NAT traversal or address translation features to handle overlapping subnets between the client and the VPC. + +**Recommendation:** +If your environment requires multiple concurrent VPN connections from the same location (NAT or IP), consider deploying a dedicated VPN appliance (e.g., OpenVPN or pfSense) inside the VPC to support advanced use cases. diff --git a/source/adminguide/networking/security_groups.rst b/source/adminguide/networking/security_groups.rst index 6f14944661..241ef1c1ff 100644 --- a/source/adminguide/networking/security_groups.rst +++ b/source/adminguide/networking/security_groups.rst @@ -27,7 +27,8 @@ rules filter network traffic according to the IP address that is attempting to communicate with the instance. Security groups are particularly useful in zones that use basic networking, because there is a single guest network for all Guest Instances. In advanced zones, security groups are -supported only on the KVM hypervisor. +supported only on the KVM hypervisor and XenServer/XCP-ng with the network backend +configured as "bridge". .. note:: In a zone that uses advanced networking, you can instead define @@ -41,8 +42,7 @@ desired set of rules. Any CloudStack user can set up any number of additional security groups. When a new instance is launched, it is assigned to the default security group unless another user-defined security group is specified. An instance can be a -member of any number of security groups. Once an instance is assigned to a -security group, it remains in that group for its entire lifetime; you +member of any number of security groups. You can change the security groups of an instance only in a stopped state; you can not move a running instance from one security group to another. You can modify a security group by deleting or adding any number of diff --git a/source/adminguide/networking/site_to_site_vpn.rst b/source/adminguide/networking/site_to_site_vpn.rst index 33d3ccb545..7bf09767ae 100644 --- a/source/adminguide/networking/site_to_site_vpn.rst +++ b/source/adminguide/networking/site_to_site_vpn.rst @@ -64,7 +64,7 @@ Creating and Updating a VPN Customer Gateway ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. note:: - A VPN customer gateway can be connected to only one VPN gateway at a time. + A VPN Customer Gateway can be connected to only one VPN gateway at a time. To add a VPN Customer Gateway: @@ -80,7 +80,7 @@ To add a VPN Customer Gateway: Provide the following information: - - **Name**: A unique name for the VPN customer gateway you create. + - **Name**: A unique name for the VPN Customer Gateway you create. - **Gateway**: The IP address for the remote gateway. @@ -115,13 +115,19 @@ To add a VPN Customer Gateway: confirming that the remote gateway has a matching Preshared Key. - **IKE Hash**: The IKE hash for phase-1. The supported hash - algorithms are SHA1 and MD5. + algorithms are SHA1, SHA256, SHA384 and SHA512 and MD5. + + - **IKE Version**: The IKE Version to use between ike (autoselect), ikev1, or ikev2. + Connections marked with 'ike' will use 'ikev2' when initiating, + but accept any protocol version when responding. Defaults to 'ike'. - **IKE DH**: A public-key cryptography protocol which allows two parties to establish a shared secret over an insecure communications channel. The 1536-bit Diffie-Hellman group is used within IKE to establish session keys. The supported options are - None, Group-5 (1536-bit) and Group-2 (1024-bit). + None, Group-2 (1024-bit), Group-5 (1536-bit), Group-14 (2048-bit), + Group-15 (3072-bit), Group-16 (4096-bit), Group-17 (6144-bit) and + Group-18 (8192-bit). - **ESP Encryption**: Encapsulating Security Payload (ESP) algorithm within phase-2. The supported encryption algorithms are AES128, @@ -134,8 +140,8 @@ To add a VPN Customer Gateway: extracted from the Diffie-Hellman key exchange in phase-1, to provide session keys to use in protecting the VPN data flow. - - **ESP Hash**: Encapsulating Security Payload (ESP) hash for - phase-2. Supported hash algorithms are SHA1 and MD5. + - **ESP Hash**: Encapsulating Security Payload (ESP) hash for phase-2. + Supported hash algorithms are SHA1, SHA256, SHA384 and SHA512 and MD5. - **Perfect Forward Secrecy**: Perfect Forward Secrecy (or PFS) is the property that ensures that a session key derived from a set of @@ -143,9 +149,10 @@ To add a VPN Customer Gateway: property enforces a new Diffie-Hellman key exchange. It provides the keying material that has greater key material life and thereby greater resistance to cryptographic attacks. The available options - are None, Group-5 (1536-bit) and Group-2 (1024-bit). The security - of the key exchanges increase as the DH groups grow larger, as - does the time of the exchanges. + are None, Group-2 (1024-bit), Group-5 (1536-bit), Group-14 (2048-bit), + Group-15 (3072-bit), Group-16 (4096-bit), Group-17 (6144-bit) and + Group-18 (8192-bit). The security of the key exchanges increase as + the DH groups grow larger, as does the time of the exchanges. .. note:: When PFS is turned on, for every negotiation of a new phase-2 SA @@ -172,27 +179,137 @@ To add a VPN Customer Gateway: - **Force UDP Encapsulation of ESP Packets**: Force Encapsulation for NAT traversal + .. note:: + If the administrator has configured excluded cryptographic + parameters, those options will not appear in the form. If obsolete + parameters are configured, those options will be displayed with a + warning message indicating they are obsolete and should be avoided. + #. Click OK. +Configuring Excluded and Obsolete VPN Customer Gateway Parameters +'''''''''''''''''''''''''''''''''''''''''''''''' + +CloudStack provides administrators with configuration settings to enforce +modern security standards by marking certain cryptographic algorithms and +parameters as excluded or obsolete for VPN Customer Gateway creation. + +**Excluded Parameters:** + +These parameters are completely hidden from users and cannot be used +while creating or updating VPN Customer Gateways: + +- **vpn.customer.gateway.excluded.encryption.algorithms**: Comma-separated + list of encryption algorithms to exclude. Applies to both phases. + +- **vpn.customer.gateway.excluded.hashing.algorithms**: Comma-separated + list of hashing algorithms to exclude. Applies to both phases. + +- **vpn.customer.gateway.excluded.ike.versions**: Comma-separated list of + IKE versions to exclude. + +- **vpn.customer.gateway.excluded.dh.group**: Comma-separated list of + Diffie-Hellman groups to exclude. Applies to both phases. + +**Obsolete Parameters:** + +These parameters are shown with a warning message, allowing existing +deployments to continue functioning while encouraging migration to more +secure alternatives: + +- **vpn.customer.gateway.obsolete.encryption.algorithms**: Comma-separated + list of encryption algorithms marked as obsolete. Applies to both phases. + +- **vpn.customer.gateway.obsolete.hashing.algorithms**: Comma-separated + list of hashing algorithms marked as obsolete. Applies to phases. + +- **vpn.customer.gateway.obsolete.ike.versions**: Comma-separated list of + IKE versions marked as obsolete. + +- **vpn.customer.gateway.obsolete.dh.group**: Comma-separated list of + Diffie-Hellman groups marked as obsolete. Applies to both phases. + +**Behavior:** + +- **Excluded parameters**: Not shown in the Create and Update VPN Customer + Gateway forms. Users cannot select these options for new gateways. + +- **Obsolete parameters**: Shown with a warning message in the Create and + Update forms, indicating they are deprecated and should be avoided. + +- **Existing gateways**: If a VPN Customer Gateway already uses excluded or + obsolete parameters: + + - A warning icon is displayed next to the gateway name with a message + prompting users to change the obsolete or excluded parameters. + + - The Update VPN Customer Gateway form displays the setting with a + warning message encouraging users to change it to a more secure + alternative. + +- The ``listVpnCustomerGateways`` API response includes two new fields: + + - **obsoleteparameters**: List of all obsolete parameters used by the gateway + + - **excludedparameters**: List of all excluded parameters used by the gateway + +- The ``listCapabilities`` API response includes a new field containing + the list of excluded and obsolete VPN Customer Gateway parameters, but + only if these configuration settings are configured by the operator. + +**Events and Alerts:** + +There is a thread that run periodically to check for VPN Customer Gateways which +are using excluded or obsolete cryptographic parameters.The interval at which this thread +runs is configurable using the setting **vpn.customer.gateway.obsolete.check.interval**. +The unit is in hours and the default value is 0 which means it is disabled by default. + +Each time the thread runs, it generates Events for each VPN Customer Gateway which is +using excluded or obsolete parameters. +It also generates Alerts to the Administrator about the number of VPN Customer Gateways +that are using excluded and/or obsolete parameters. + +**Configuration Scope:** + +The obsolete and excluded settings support Domain-level configuration. +When set at Domain level, the values override global settings for that specific Domain only. + +- Global Settings: Apply to all Domains without specific overrides + +- Domain Settings: Override global settings for that specific Domain only + +Note: Domain settings do not cascade to child Domains. Each child Domain must be configured individually, +or it will inherit from global settings (not from its parent Domain). + +To reset a Domain-specific override, navigate to Domains → [Domain Name] → Settings and reset the value. +This will cause the Domain to fall back to global settings + Updating and Removing a VPN Customer Gateway '''''''''''''''''''''''''''''''''''''''''''' You can update a customer gateway either with no VPN connection, or related VPN connection is in error state. +.. note:: + If a VPN Customer Gateway is using excluded or obsolete cryptographic + parameters (as configured by your CloudStack operator), a warning icon + will be displayed next to the gateway name. When editing such a gateway, + the Update form will display warnings for any obsolete or excluded + parameters, encouraging you to change them to more secure alternatives. + #. Log in to the CloudStack UI as an administrator or end user. #. In the left navigation, choose Network. #. In the Select view, select VPN Customer Gateway. -#. Select the VPN customer gateway you want to work with. +#. Select the VPN Customer Gateway you want to work with. #. To modify the required parameters, click the Edit VPN Customer Gateway button |vpn-edit-icon.png| -#. To remove the VPN customer gateway, click the Delete VPN Customer +#. To remove the VPN Customer Gateway, click the Delete VPN Customer Gateway button |delete.png| #. Click OK. @@ -236,7 +353,7 @@ Creating a VPN gateway for the VPC - Site-to-Site VPNs - - Network ACL Lists + - Network ACLs #. Select Site-to-Site VPN. @@ -299,7 +416,7 @@ Creating a VPN Connection - Site-to-Site VPNs - - Network ACL Lists + - Network ACLs #. Select Site-to-Site VPN. @@ -364,7 +481,7 @@ This feature is supported on all the hypervisors. For more information, see `"Creating a VPN gateway for the VPC" <#creating-a-vpn-gateway-for-the-vpc>`_. -#. Create VPN customer gateway for both the VPCs. +#. Create VPN Customer Gateway for both the VPCs. For more information, see `"Creating and Updating a VPN Customer Gateway" <#creating-and-updating-a-vpn-customer-gateway>`_. @@ -431,7 +548,7 @@ Restarting and Removing a VPN Connection - Site-to-Site VPNs - - Network ACL Lists + - Network ACLs #. Select Site-to-Site VPN. @@ -464,6 +581,6 @@ Restarting and Removing a VPN Connection .. |reset-vpn.png| image:: /_static/images/reset-vpn.png :alt: button to reset a VPN connection .. |delete.png| image:: /_static/images/delete-button.png - :alt: button to remove a VPN customer gateway. + :alt: button to remove a VPN Customer Gateway. .. |vpn-edit-icon.png| image:: /_static/images/edit-icon.png :alt: button to edit. diff --git a/source/adminguide/networking/using_remote_access.rst b/source/adminguide/networking/using_remote_access.rst index 3af1db746a..9c30a33e0d 100644 --- a/source/adminguide/networking/using_remote_access.rst +++ b/source/adminguide/networking/using_remote_access.rst @@ -24,7 +24,7 @@ Using Remote Access VPN :local: :depth: 1 -Remote Access VPN connection to VPC or Guest Network to access Instances and applications. This section considers you have enabled Remote acccess VPN, refer to: :ref:`remote-access-vpn`. +Remote Access VPN connection to VPC or Guest Network to access Instances and applications. This section considers you have enabled Remote access VPN, refer to: :ref:`remote-access-vpn`. When connected to a VPC via VPN, the client have access to all Network Tiers. diff --git a/source/adminguide/networking/virtual_private_cloud_config.rst b/source/adminguide/networking/virtual_private_cloud_config.rst index 79599d0686..2a2bb57dd4 100644 --- a/source/adminguide/networking/virtual_private_cloud_config.rst +++ b/source/adminguide/networking/virtual_private_cloud_config.rst @@ -210,11 +210,24 @@ addresses in the form of a Classless Inter-Domain Routing (CIDR) block. - **VPC Offering**: If the administrator has configured multiple VPC offerings, select the one you want to use for this VPC. + .. note:: + VPC Offerings can now be created with Conserve mode. When Conserve mode is off, the public IP can only be used for a single VPC Network Tier (e.g. you can add VMs from only a single VPC tier/network to the Load Balancer). But when the Conserve mode is on, you can define services (use VMS as targets) from more than one VPC Network Tier on the same public IP (e.g. add VMs1 from Tier1 and VM2 from Tier2 to a single Load Balancer. + + .. note:: + If StaticNAT is enabled, irrespective of the status of the + conserve mode, no port forwarding or load balancing rule can be + created for the IP. However, you can add the firewall rules by + using the createFirewallRule command. + + .. note:: + In case Conserve Mode is enabled on VPC Offering and VPC Network Tier Offerings, then the Source NAT IP address of the VPC can be reused for multiple services. + + - **DNS**: A set of custom DNS that will be used by this VPC. If not provided then DNS specified for the zone will be used. Available only when the selected VPC offering supports DNS service. - **IPv6 DNS**: A set of custom IPv6 DNS that will be used by this VPC. If not provided then IPv6 DNS specified for the zone will be used. Available only when the selected VPC offering is IPv6 enabled and supports DNS service. - - **IPv4 address for the VR in this VPC**: The source NAT address or primary public Network address to use by the guest Networks. If not provided then a random address from the available pool of addresses wil be used. + - **IPv4 address for the VR in this VPC**: The source NAT address or primary public Network address to use by the guest Networks. If not provided then a random address from the available pool of addresses will be used. - **Public MTU**: The MTU to be configured on the public interfaces of the VPC Network's VR @@ -266,6 +279,10 @@ other Network Tiers within the VPC. - **Name**: A unique name for the Network Tier you create. + .. note:: + Admins can choose to automatically prepend the VPC name to the Tier name during creation + using global configurations "vpc.tier.name.prepend" and "vpc.tier.name.prepend.delimiter". + - **Network Offering**: The following default Network offerings are listed: Internal LB, DefaultIsolatedNetworkOfferingForVpcNetworksNoLB, @@ -304,15 +321,15 @@ Configuring Network Access Control List ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. note:: -Network Access Control Lists can only be created if the service -"NetworkACL" is supported by the created VPC. + Network Access Control Lists can only be created if the service + "NetworkACL" is supported by the created VPC. Define a Network Access Control List (ACL) to control incoming (ingress) and outgoing (egress) traffic between the associated Network Tier and external Networks (other Network Tiers of the VPC as well as public Networks). -About Network ACL Lists -^^^^^^^^^^^^^^^^^^^^^^^ +About Network ACLs +^^^^^^^^^^^^^^^^^^ In CloudStack terminology, a Network ACL is a group of Network ACL rules. Network ACL rules are processed by their order, starting with the lowest @@ -343,18 +360,18 @@ destination" and / or "allow all ingress source" rule to the ACL. Afterwards traffic can be white- or blacklisted. .. note:: -- ACL Rules in Cloudstack are stateful -- Source / Destination CIDRs are always external Networks -- ACL rules can also been seen on the virtual router of the VPC. Ingress - rules are listed in the table iptables table "filter" while egress rules - are placed in the "mangle" table -- ACL rules for ingress and egress are not correlating. For example a - egress "deny all" won't affect traffic in response to an allowed ingress - connection + - ACL Rules in Cloudstack are stateful + - Source / Destination CIDRs are always external Networks + - ACL rules can also been seen on the virtual router of the VPC. Ingress + rules are listed in the table iptables table "filter" while egress rules + are placed in the "mangle" table + - ACL rules for ingress and egress are not correlating. For example a + egress "deny all" won't affect traffic in response to an allowed ingress + connection -Creating ACL Lists -^^^^^^^^^^^^^^^^^^ +Creating ACLs +^^^^^^^^^^^^^ #. Log in to the CloudStack UI as an administrator or end User. @@ -387,18 +404,18 @@ Creating ACL Lists - Site-to-Site VPNs - - Network ACL Lists + - Network ACLs -#. Select Network ACL Lists. +#. Select Network ACLs. The following default rules are displayed in the Network ACLs page: default\_allow, default\_deny. -#. Click Add ACL Lists, and specify the following: +#. Click Add Network ACL, and specify the following: - - **ACL List Name**: A name for the ACL list. + - **ACL Name**: A name for the ACL. - - **Description**: A short description of the ACL list that can be + - **Description**: A short description of the ACL that can be displayed to users. @@ -416,15 +433,15 @@ Creating an ACL Rule #. Click the Configure button of the VPC. -#. Select Network ACL Lists. +#. Select Network ACLs. - In addition to the custom ACL lists you have created, the following + In addition to the custom ACLs you have created, the following default rules are displayed in the Network ACLs page: default\_allow, default\_deny. -#. Select the desired ACL list. +#. Select the desired ACL. -#. Select the ACL List Rules tab. +#. Select the ACL Rules tab. To add an ACL rule, fill in the following fields to specify what kind of network traffic is allowed in the VPC. @@ -467,24 +484,24 @@ Creating an ACL Rule tab. -Creating a Tier with Custom ACL List -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Creating a Tier with Custom ACL +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ #. Create a VPC. -#. Create a custom ACL list. +#. Create a custom ACL. -#. Add ACL rules to the ACL list. +#. Add ACL rules to the ACL. #. Create a tier in the VPC. - Select the desired ACL list while creating a tier. + Select the desired ACL while creating a tier. #. Click OK. -Assigning a Custom ACL List to a Tier -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Assigning a Custom ACL to a Tier +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ #. Create a VPC. @@ -492,17 +509,17 @@ Assigning a Custom ACL List to a Tier #. Associate the tier with the default ACL rule. -#. Create a custom ACL list. +#. Create a custom ACL. -#. Add ACL rules to the ACL list. +#. Add ACL rules to the ACL. #. Select the tier for which you want to assign the custom ACL. -#. Click the Replace ACL List icon. |replace-acl-icon.png| +#. Click the Replace ACL icon. |replace-acl-icon.png| - The Replace ACL List dialog is displayed. + The Replace ACL dialog is displayed. -#. Select the desired ACL list. +#. Select the desired ACL. #. Click OK. @@ -554,7 +571,7 @@ with duplicated VLAN and IP are allowed in the same data center. - Site-to-Site VPNs - - Network ACL Lists + - Network ACLs #. Select Private Gateways. @@ -797,7 +814,7 @@ associated to more than one network at a time. - Site-to-Site VPNs - - Network ACL Lists + - Network ACLs #. Select IP Addresses. @@ -855,7 +872,7 @@ still belongs to the same VPC. - Site-to-Site VPNs - - Network ACL Lists + - Network ACLs #. Select Public IP Addresses. @@ -916,7 +933,7 @@ function only if they are defined on the default network. - Site-to-Site VPNs - - Network ACL Lists + - Network ACLs #. In the Router node, select Public IP Addresses. @@ -1082,7 +1099,7 @@ Creating an External LB Rule - Site-to-Site VPNs - - Network ACL Lists + - Network ACLs #. In the Router node, select Public IP Addresses. @@ -1119,6 +1136,12 @@ Creating an External LB Rule algorithm for the stickiness policy. See Sticky Session Policies for Load Balancer Rules. + - **Protocol**: The protocol for the Load Balancer Rule such as tcp, udp, tcp-proxy or ssl. + + - **SSL Certificate**: The SSL certificate assigned to the Load Balancer Rule. + This is visible only when protocol is ssl. see `"Configuring SSL Certificate for Load Balancer + Rules" `_. + - **Add Instances**: Click Add Instances, then select two or more Instances that will divide the load of incoming traffic, and click Apply. @@ -1350,7 +1373,7 @@ Adding a Port Forwarding Rule on a VPC - Site-to-Site VPNs - - Network ACL Lists + - Network ACLs #. In the Router node, select Public IP Addresses. @@ -1444,12 +1467,32 @@ Editing, Restarting, and Removing a Virtual Private Cloud |restart-vpc.png| +Working with Domain VPCs +~~~~~~~~~~~~~~~~~~~~~~~~ + +The functionality of domain VPCs allows operators to aggregate multiple +Network Tiers from distinct users on the same VPC, reducing the number of virtual +routers necessary in the environment, and consequently, decreasing the +amount of public IP addresses consumed. All Network Tiers added to the VPC share +the same VR, but each one has their own broadcast domain and features +implemented by the VPC, such as DHCP, NAT, and so on. + +In order to utilize this functionality, a new Network Tier must be included to an +existing VPC by inputing the respective data for the account and the VPC +on the **'createNetwork'** API. It is important to note that, in order +for a Network Tier of a different account to be created on the VPC, the account +that creates the Network Tier must have access to both the account that owns the +VPC and the account that owns the Network Tier. The owner of the VPC must also +have access to the account that owns the Network Tier, however, the opposite +is not required. + + .. |add-vpc.png| image:: /_static/images/add-vpc.png :alt: adding a vpc. .. |add-tier.png| image:: /_static/images/add-tier.png :alt: adding a tier to a vpc. .. |replace-acl-icon.png| image:: /_static/images/replace-acl-icon.png - :alt: button to replace an ACL list + :alt: button to replace an ACL .. |add-new-gateway-vpc2.png| image:: /_static/images/add-new-gateway-vpc2.png :alt: adding a private gateway for the VPC. .. |add-vm-vpc.png| image:: /_static/images/add-vm-vpc.png diff --git a/source/adminguide/networking/vnf_templates_appliances.rst b/source/adminguide/networking/vnf_templates_appliances.rst index fcc57bbac9..2ba354586a 100644 --- a/source/adminguide/networking/vnf_templates_appliances.rst +++ b/source/adminguide/networking/vnf_templates_appliances.rst @@ -15,14 +15,14 @@ VNF Templates and Appliances -======================= +============================ Virtualized Network Functions (VNFs) refers to virtualized software applications which offers network services, for example routers, firewalls, load balancers. Adding a VNF template from an URL -------- +----------------------------------------------------------- To create a VNF appliance, user needs to register a VNF template and add VNF settings. @@ -44,7 +44,7 @@ the same page or under Network -> VNF templates. Updating a VM template to VNF template -------- +----------------------------------------------------------- Users are able to update an existing VM template, which is uploaded from HTTP server or local, or created from volume, to be a VNF template. @@ -63,7 +63,7 @@ HTTP server or local, or created from volume, to be a VNF template. Updating the VNF settings of a VNF template -------------------- +----------------------------------------------------------- Users need to add the VNF nics and VNF details of the VNF templates. @@ -115,7 +115,7 @@ Users need to add the VNF nics and VNF details of the VNF templates. Deploying VNF appliances -------------------- +----------------------------------------------------------- #. Log in to the CloudStack UI as an administrator or end user. @@ -147,15 +147,15 @@ Deploying VNF appliances The following network rules will be applied. - If management network is an isolated network, CloudStack will acquire a public - IP, enable static nat on the VNF appliance, and create firewall rules to allow - traffic to ssh/http/https ports based on access_methods in VNF template details. + IP, enable static nat on the VNF appliance, and create firewall rules to allow + traffic to ssh/http/https ports based on access_methods in VNF template details. - If management network is a shared network with security groups, CloudStack will - create a new security group with rules to allow traffic to ssh/http/https ports - based on access_methods in VNF template details, and assign to the VNF appliance. + create a new security group with rules to allow traffic to ssh/http/https ports + based on access_methods in VNF template details, and assign to the VNF appliance. - If management network is a L2 network, VPC tier or Shared network without security - groups, no network rules will be configured. + groups, no network rules will be configured. #. Click on the "Launch VNF appliance" button diff --git a/source/adminguide/projects.rst b/source/adminguide/projects.rst index 14fa8dc0db..c497adbf6b 100644 --- a/source/adminguide/projects.rst +++ b/source/adminguide/projects.rst @@ -205,17 +205,35 @@ Setting the Global Project Resource Limits .. cssclass:: table-striped table-bordered table-hover - +--------------------------+------------------------------------------------------------------------------------------------------------------------------+ - | max.project.public.ips | Maximum number of public IP addresses that can be owned by any project in the cloud. See About Public IP Addresses. | - +--------------------------+------------------------------------------------------------------------------------------------------------------------------+ - | max.project.snapshots | Maximum number of Snapshots that can be owned by any project in the cloud. See Working with Snapshots. | - +--------------------------+------------------------------------------------------------------------------------------------------------------------------+ - | max.project.templates | Maximum number of Templates that can be owned by any project in the cloud. See Working with Templates. | - +--------------------------+------------------------------------------------------------------------------------------------------------------------------+ - | max.project.uservms | Maximum number of guest Instances that can be owned by any project in the cloud. See Working With Instances. | - +--------------------------+------------------------------------------------------------------------------------------------------------------------------+ - | max.project.volumes | Maximum number of data volumes that can be owned by any project in the cloud. See Working with Volumes. | - +--------------------------+------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------------+-----------------------------------------------------------------------------------------------------------------------------+ + | max.project.public.ips | Default maximum number of public IP addresses that can be owned by any project in the cloud. See About Public IP Addresses. | + +-----------------------------+-----------------------------------------------------------------------------------------------------------------------------+ + | max.project.snapshots | Default maximum number of Snapshots that can be owned by any project in the cloud. See Working with Snapshots. | + +-----------------------------+-----------------------------------------------------------------------------------------------------------------------------+ + | max.project.templates | Default maximum number of Templates that can be owned by any project in the cloud. See Working with Templates. | + +-----------------------------+-----------------------------------------------------------------------------------------------------------------------------+ + | max.project.uservms | Default maximum number of guest Instances that can be owned by any project in the cloud. See Working With Instances. | + +-----------------------------+-----------------------------------------------------------------------------------------------------------------------------+ + | max.project.volumes | Default maximum number of data volumes that can be owned by any project in the cloud. See Working with Volumes. | + +-----------------------------+-----------------------------------------------------------------------------------------------------------------------------+ + | max.project.networks | Default maximum number of networks that can be owned by any project in the cloud. | + +-----------------------------+-----------------------------------------------------------------------------------------------------------------------------+ + | max.project.vpcs | Default maximum number of vpcs that can be owned by any project in the cloud. | + +-----------------------------+-----------------------------------------------------------------------------------------------------------------------------+ + | max.project.cpus | Default maximum number of cpu cores that can be owned by any project in the cloud. | + +-----------------------------+-----------------------------------------------------------------------------------------------------------------------------+ + | max.project.memory | Default maximum memory (in MB) that can be used by any project in the cloud. | + +-----------------------------+-----------------------------------------------------------------------------------------------------------------------------+ + | max.project.primary.storage | Default maximum primary storage space (in GiB) that can be used by any project in the cloud. | + +-----------------------------+-----------------------------------------------------------------------------------------------------------------------------+ + | max.project.backups | Default maximum number of backups that can be owned by any project in the cloud. | + +-----------------------------+-----------------------------------------------------------------------------------------------------------------------------+ + | max.project.backup.storage | Default maximum backup storage (in GiB) that can be used by any project in the cloud. | + +-----------------------------+-----------------------------------------------------------------------------------------------------------------------------+ + | max.project.buckets | Default maximum number of buckets that can be owned by any project in the cloud. | + +-----------------------------+-----------------------------------------------------------------------------------------------------------------------------+ + | max.project.object storage | Default maximum Object storage (in GiB) that can be used by any project in the cloud. | + +-----------------------------+-----------------------------------------------------------------------------------------------------------------------------+ #. Restart the Management Server. @@ -292,7 +310,7 @@ Working with Project Roles -------------------------- CloudStack allows adding project members with a desired project role. A project role will be assigned to the member in addition to their base -account role. Project Roles are retrictive in nature and can be used to +account role. Project Roles are restrictive in nature and can be used to further restrict certain API access to the members within the project. It is important to note that a project role cannot be used to elevate an existing user's permissions. Project roles can be created or managed diff --git a/source/adminguide/reliability.rst b/source/adminguide/reliability.rst index 62bdcf5427..ff0bb63a96 100644 --- a/source/adminguide/reliability.rst +++ b/source/adminguide/reliability.rst @@ -320,7 +320,7 @@ with the selected Template for a User. A User may also not be able to save Templates or examine/restore saved Templates. These features will automatically be available when the secondary storage comes back online. -Secondary storage data loss will impact recently added User data +Secondary storage data loss will impact recently added user data including Templates, Snapshots, and ISO Images. Secondary storage should be backed up periodically. Multiple secondary storage servers can be provisioned within each zone to increase the scalability of the system. diff --git a/source/adminguide/service_offerings.rst b/source/adminguide/service_offerings.rst index ea50df7a26..f8d0eacce3 100644 --- a/source/adminguide/service_offerings.rst +++ b/source/adminguide/service_offerings.rst @@ -19,6 +19,9 @@ .. |edit-icon.png| image:: /_static/images/edit-icon.png :alt: edit offering button +.. |clone-icon.png| image:: /_static/images/clone-icon.png + :alt: clone offering button + In addition to the physical and logical infrastructure of your cloud and the CloudStack software and servers, you also need a layer of user services so that people can actually make use of the cloud. This means not just a @@ -212,7 +215,7 @@ To create a new compute offering: it enables the admin to set some boundaries. - **# of CPU cores**: The number of cores which should be allocated - to a system VM with this offering. If 'Custom constrained' is checked, the admin will + to the VM with this offering. If 'Custom constrained' is checked, the admin will be asked to enter the minimum and maximum number of CPUs that a user can request. If 'Custom unconstrained' is checked, this field does not appear as the user will be prompted to enter a value when creating their guest Instance. @@ -226,7 +229,7 @@ To create a new compute offering: will be prompted to enter a value when creating their guest Instance. - **Memory (in MB)**: The amount of memory in megabytes that the - system VM should be allocated. For example, “2048” would provide + VM should be allocated. For example, “2048” would provide a 2 GB RAM allocation. If 'Custom constrained' is selected, the admin will be asked to enter the minimum and maximum amount of RAM that a user can request. If 'Custom unconstrained' is selected, this field does @@ -238,7 +241,11 @@ To create a new compute offering: - **Network Rate**: Allowed data transfer rate in MB per second. - **Offer HA**: If yes, the administrator can choose to have the - system VM be monitored and as highly available as possible. + VM be monitored and as highly available as possible. + + .. note:: + The HA is offered when the VM High Availability manager is enabled in the zone using the setting 'vm.ha.enabled', by default this setting is enabled. + When disabled, alerts are sent during HA attempts when 'vm.ha.alerts.enabled' setting is enabled. - **Dynamic Scaling Enabled**: If yes, Instance can be dynamically scalable of cpu or memory @@ -285,22 +292,26 @@ To create a new compute offering: - Preferred: The instance will be deployed in dedicated infrastructure if possible. Otherwise, the instance can be deployed in shared infrastructure. - - **GPU**: Assign a physical GPU(GPU-passthrough) or a portion of a physical + - **GPU Card**: Assign a physical GPU(GPU-passthrough) or a portion of a physical GPU card (vGPU) to the guest instance. It allows graphical applications to run on the instance. Select the card from the supported list of cards. - The options given are NVIDIA GRID K1 and NVIDIA GRID K2. These are vGPU - capable cards that allow multiple vGPUs on a single physical GPU. If you - want to use a card other than these, follow the instructions in the - **"GPU and vGPU support for CloudStack Guest instances"** page in the - Cloudstack Version 4.4 Design Docs found in the Cloudstack Wiki. - - **vGPU Type**: Represents the type of virtual GPU to be assigned to a + - **GPU Profile**: Represents the type of virtual GPU to be assigned to a guest instance. In this case, only a portion of a physical GPU card (vGPU) is assigned to the guest instance. - Additionally, the **passthrough vGPU** type is defined to represent a physical GPU - device. A **passthrough vGPU** can directly be assigned to a single guest instance. - In this case, a physical GPU device is exclusively allotted to a single - guest instance. + Additionally, the **passthrough** type is defined to represent a physical GPU + device. A **passthrough** can directly be assigned to a single guest instance. + In this case, the physical GPU devices are exclusively allotted to a single guest instance. + + - **GPU Count**: The number of GPUs to be assigned to the guest instance. + This is applicable only for KVM hypervisor. + + - **GPU Display**: Whether to use the GPU device attached to the guest instance for display. + This is applicable only for KVM hypervisor. Depending on the OS and display configuration, + the user might need to set ``video.hardware`` to ``none`` in the instance's settings to + use CPVM for display. To set the ``video.hardware`` setting, navigate to + the instance's details page in the CloudStack UI, click on the + "Settings" tab, and add/or update the ``video.hardware`` setting to ``none``. - **Public**: Indicate whether the compute offering should be available to all domains or only some domains. Choose Yes to make it @@ -336,7 +347,7 @@ To create a new compute offering: - **Storage type**: The type of disk that should be allocated. Local allocates from storage attached directly to the host where the - system VM is running. Shared allocates from storage accessible via + VM is running. Shared allocates from storage accessible via NFS. - **Provisioning type**: The type of disk that should be allocated. @@ -368,7 +379,7 @@ To create a new compute offering: - **Custom IOPS** [1]_: If checked, the user can set their own IOPS. If not checked, the root administrator can define values. If the root admin does not set values when using storage QoS, default values - are used (the defauls can be overridden if the proper parameters + are used (the defaults can be overridden if the proper parameters are passed into CloudStack when creating the primary storage in question). @@ -389,7 +400,7 @@ To create a new compute offering: disk that represents the root disk. This does not apply for KVM. - **Storage Tags**: The tags that should be associated with the - primary storage used by the system VM. + primary storage used by the VM. When the flag is disabled @@ -401,12 +412,40 @@ To create a new compute offering: - **Disk Offering Strictness**: This flag defines the strictness of the disk offering association with the compute offering. When set to true, overriding of disk offering is not allowed on deploy instance and change disk offering is not allowed for the ROOT disk + + - **Enable Lease**: When this flag is enabled, Compute Offering is created with 'Instance Lease' enabled. + In CloudStack, a lease for an instance sets a specific time duration (in days) after which a chosen lease action, such as stopping or destroying the instance, will take place. + These lease settings are defined in the Compute Offering and are automatically applied to any Instance created using it. + + .. note:: The global configuration ``instance.lease.enabled`` should be configured as true to create compute offering with lease. + + .. note:: Lease duration or expiryaction can't be updated for compute offering. + + ``instance.lease.enabled``: Indicates whether Instance Lease feature is enabled or not. Default is **false** + For more information, see `“Setting Global Configuration Parameters” + <../installguide/configuration.html#setting-global-configuration-parameters>`_. + + When the flag is enabled + + - **Lease Duration (in days)**: Sets the lease duration. An instance created using this compute offering will inherit the lease duration by default. Supported values are in range 1 <= N <= 36500. + + - **Lease expiry action**: Lease expiry action: Denotes lease expiry action, which gets executed upon lease expiry for instances created using this compute offering. + Supported values for lease expiry action are as follows: + + - STOP + - DESTROY + + .. image:: /_static/images/compute_offering_dailog_with_lease.png + :width: 400px + :align: center + :alt: Compute offering dialog box + #. Click Add. -.. [1] These options are dependant on the capabilities of the hypervisor or the shared storage system which the instances are on. +.. [1] These options are dependent on the capabilities of the hypervisor or the shared storage system which the instances are on. If the hypervisor or underlying storage don't support a particular capability in the offering, the setting will have no effect. @@ -466,7 +505,7 @@ To create a new disk offering: - **Custom IOPS** [2]_: If checked, the user can set their own IOPS. If not checked, the root administrator can define values. If the root admin does not set values when using storage QoS, default values - are used (the defauls can be overridden if the proper parameters + are used (the defaults can be overridden if the proper parameters are passed into CloudStack when creating the primary storage in question). @@ -514,7 +553,7 @@ To create a new disk offering: #. Click Add. -.. [2] These options are dependant on the capabilities of the hypervisor or the shared storage system which the instances are on. +.. [2] These options are dependent on the capabilities of the hypervisor or the shared storage system which the instances are on. If the hypervisor or underlying storage don't support a particular capability in the offering, the setting will have no effect. @@ -599,6 +638,10 @@ To create a system service offering: - **Offer HA**: If yes, the administrator can choose to have the system VM be monitored and as highly available as possible. + .. note:: + The HA is offered when the VM High Availability manager is enabled in the zone using the setting 'vm.ha.enabled', by default this setting is enabled. + When disabled, alerts are sent during HA attempts when 'vm.ha.alerts.enabled' setting is enabled. + - **Storage Tags**: The tags that should be associated with the primary storage used by the system VM. @@ -615,16 +658,27 @@ To create a system service offering: #. Click Add. +Cloning Offerings +----------------- + +From CloudStack 4.23, you can clone an existing compute, disk, network or VPC, +system and backup offerings to create a new offering. This is useful when you want +to create a new offering with similar settings as an existing offering. +To clone an offering, navigate to the offering's list view or details page and +click on the clone icon |clone-icon.png|. +The dialog box for cloning an offering is similar to the one for creating a new offering, +but with some fields pre-filled with the settings of the existing offering. +You can modify any of the settings as needed before clicking Add to create the new offering. + + Network Throttling ------------------ -Network throttling is the process of controlling the network access and -bandwidth usage based on certain rules. CloudStack controls this +Network throttling is the process of controlling the network bandwidth. CloudStack controls this behaviour of the guest networks in the cloud by using the network rate parameter. This parameter is defined as the default data transfer rate in Mbps (Megabits Per Second) allowed in a guest network. It defines the -upper limits for network utilization. If the current utilization is -below the allowed upper limits, access is granted, else revoked. +upper limits for network bandwidth. You can throttle the network bandwidth either to control the usage above a certain limit for some accounts, or to control network congestion in a @@ -653,22 +707,22 @@ on different types of networks in CloudStack. .. cssclass:: table-striped table-bordered table-hover -=========================================== =============================== -Networks Network Rate Is Taken from -=========================================== =============================== -Guest network of Virtual Router Guest Network Offering -Public network of Virtual Router Guest Network Offering -Storage network of Secondary Storage VM System Network Offering -Management network of Secondary Storage VM System Network Offering -Storage network of Console Proxy VM System Network Offering -Management network of Console Proxy VM System Network Offering -Storage network of Virtual Router System Network Offering -Management network of Virtual Router System Network Offering -Public network of Secondary Storage instance System Network Offering -Public network of Console Proxy instance System Network Offering -Default network of a guest instance Compute Offering -Additional networks of a guest instance Corresponding Network Offerings -=========================================== =============================== +============================================ =============================== +Networks Network Rate Is Taken from +============================================ =============================== +Guest network of Virtual Router Guest Network Offering +Public network of Virtual Router Guest Network Offering +Storage network of Secondary Storage VM System Network Offering +Management network of Secondary Storage VM System Network Offering +Storage network of Console Proxy VM System Network Offering +Management network of Console Proxy VM System Network Offering +Storage network of Virtual Router System Network Offering +Management network of Virtual Router System Network Offering +Public network of Secondary Storage instance System Network Offering +Public network of Console Proxy instance System Network Offering +Default network of a guest instance Compute Offering +Additional networks of a guest instance Corresponding Network Offerings +============================================ =============================== A guest instance must have a default network, and can also have many additional networks. Depending on various parameters, such as the host diff --git a/source/adminguide/storage.rst b/source/adminguide/storage.rst index b8ed84ccb4..dc3dd7b3e5 100644 --- a/source/adminguide/storage.rst +++ b/source/adminguide/storage.rst @@ -164,29 +164,39 @@ In order to use multiple local storage pools, you need to #. Edit /etc/cloudstack/agent/agent.properties - - Add extra directories to "local.storage.path" - - Add UUID of directories to "local.storage.uuid" (UUID can be generated by `uuidgen`) + - Add extra directories to "local.storage.path". + - Add UUID of directories to "local.storage.uuid" (UUID can be generated by `uuidgen`). + "local.storage.uuid" must be present in the agent.properties file and should not be deleted. .. parsed-literal:: local.storage.uuid=a43943c1-1759-4073-9db1-bc0ea19203aa,f5b1220b-4446-42dc-a872-cffd281f9f8c local.storage.path=/var/lib/libvirt/images,/var/lib/libvirt/images2 -# #. Restart cloudstack-agent service - Storage pools will be automatically created in libvirt by the CloudStack agent Adding a Local Storage Pool via UI -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ When using UI, ensure that the scope of the storage is set to "Host", and ensure that the protocol is set to "Filesystem". |adding-local-pool-via-ui.png| +Adding a Local Storage Pool via Command Line +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Using Cloudmonkey command line. + + .. parsed-literal:: + + cmk create storagepool zoneid=07d64765-3123-4fc2-b947-25d2c36f5bb4 name=test provider=DefaultPrimary podid=0af34b96-e88d-440e-a6bd-c4e8aab4aa4a clusterid=49db6a16-2f6c-4583-9d07-37ccceb248ae url=file://10.9.8.7/var/lib/libvirt/images2 + Changing the Scope of the Primary Storage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + Scope of a Primary Storage can be changed from Zone-wide to Cluster-wide and vice versa when the Primary Storage is in Disabled state. An action button is displayed in UI for each Primary Storage in Disabled state. @@ -243,6 +253,38 @@ same set of tags on the primary storage for all clusters in a pod. Even if different devices are used to present those tags, the set of exposed tags can be the same. +Storage Access Groups +~~~~~~~~~~~~~~~~~~~~~ + +When a primary storage is added in CloudStack, either at the Zone or Cluster scope, +it gets connected to all the hosts within that scope. Using Storage Access Groups, +this behavior can be controlled by defining groups on both primary storage and hosts, +ensuring connections are established only within those groups. When a Storage Access +Group is set on a primary storage (a text string attribute similar to tag), +and the same group is assigned to a host, the primary storage will connect only to that host. +A Storage Access Group can also be applied at the Cluster, Pod, or Zone level, allowing +all hosts in that entity to inherit the group automatically. + +For example, if there are 50 hosts across 10 clusters, with 5 hosts per cluster, +and a zone-wide primary storage is added, it will connect to all 50 hosts. If the +operator wants to limit the connection to a few hosts in just the first 2 clusters, +Storage Access Groups can be set on the primary storage and those specific hosts — +or directly on the two clusters to achieve the same effect. + +Adding Storage Access Group on a primary storage. + +|adding-storage-access-group-on-primary-storage.png| + +Adding Storage Access Group on a host. Similarly it can be applied Cluster/Pod/Zone. + +|adding-storage-access-group-on-host.png| + +A primary storage with a Storage Access Group will connect only to hosts that have the +same Storage Access Group. A storage pool without a Storage Access Group will connect to all hosts, +including those with or without any Storage Access Group. + +Note: Storage Access Groups are not applicable for local primary storages. Currently this is tested with NFS +and Dell PowerFlex storages. Maintenance Mode for Primary Storage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -276,7 +318,7 @@ templates, and ISOs. Setting NFS Mount Options on the Storage Pool -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NFS mount options can be added while creating an NFS storage pool for KVM hosts. When the storage pool is mounted on the KVM hypervisor host, @@ -393,6 +435,7 @@ under "Browser" tab for a secondary storage. Read only ~~~~~~~~~ + Secondary storages can also be set to read-only in order to cordon it off from being used for storing any further Templates, Volumes and Snapshots. @@ -401,7 +444,7 @@ from being used for storing any further Templates, Volumes and Snapshots. cmk updateImageStore id=4440f406-b9b6-46f1-93a4-378a75cf15de readonly=true Direct resources to a specific secondary storage -~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By default, ACS allocates ISOs, volumes, snapshots, and templates to the freest secondary storage of the zone. In order to direct these resources to a specific secondary storage, the user can utilize the functionality of the dynamic secondary storage selectors using heuristic rules. This functionality utilizes JavaScript rules, defined by the user, to direct these resources to a specific secondary storage. When creating the heuristic rule, the script will have access to some preset variables with information about the secondary storage in the zone, about the resource the rule will be applied upon, and about the account that triggered the allocation. These variables are presented in the table below: @@ -409,39 +452,39 @@ By default, ACS allocates ISOs, volumes, snapshots, and templates to the freest | Resource | Variables | +===================================+===================================+ | Secondary Storage | ``id`` | - | +-----------------------------------| + | +-----------------------------------+ | | ``name`` | - | +-----------------------------------| + | +-----------------------------------+ | | ``usedDiskSize`` | - | +-----------------------------------| + | +-----------------------------------+ | | ``totalDiskSize`` | - | +-----------------------------------| + | +-----------------------------------+ | | ``protocol`` | +-----------------------------------+-----------------------------------+ | Snapshot | ``size`` | - | +-----------------------------------| + | +-----------------------------------+ | | ``hypervisorType`` | - | +-----------------------------------| + | +-----------------------------------+ | | ``name`` | +-----------------------------------+-----------------------------------+ | ISO/Template | ``format`` | - | +-----------------------------------| + | +-----------------------------------+ | | ``hypervisorType`` | - | +-----------------------------------| + | +-----------------------------------+ | | ``templateType`` | - | +-----------------------------------| + | +-----------------------------------+ | | ``name`` | +-----------------------------------+-----------------------------------+ | Volume | ``size`` | - | +-----------------------------------| + | +-----------------------------------+ | | ``format`` | +-----------------------------------+-----------------------------------+ | Account | ``id`` | - | +-----------------------------------| + | +-----------------------------------+ | | ``name`` | - | +-----------------------------------| + | +-----------------------------------+ | | ``domain.id`` | - | +-----------------------------------| + | +-----------------------------------+ | | ``domain.name`` | +-----------------------------------+-----------------------------------+ @@ -722,7 +765,7 @@ may take several minutes for the volume to be moved to the new Instance. Instance Storage Migration -~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~ Supported in XenServer, KVM, and VMware. @@ -771,7 +814,7 @@ There are two situations when you might want to migrate a disk: Migrating Storage For a Running Instance '''''''''''''''''''''''''''''''''''''''' -(Supported on XenServer and VMware) +(Supported on XenServer, KVM and VMware) #. Log in to the CloudStack UI as a user or admin. @@ -813,15 +856,17 @@ Migrating Storage and Attaching to a Different Instance Volume” <#attaching-a-volume>`_ -Migrating an Instance Root Volume to a New Storage Pool +Migrating an Instance Volume to a New Storage Pool ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(XenServer, VMware) You can live migrate an Instance's root disk from one +(XenServer, VMware) You can live migrate an Instance's volumes from one storage pool to another, without stopping the Instance first. -(KVM) When migrating the root disk volume, the Instance must first be stopped, -and users can not access the Instance. After migration is complete, the Instance can -be restarted. +(KVM) KVM does not support volume live migration due to the limited possibility +to refresh VM XML domain. Therefore, to live migrate a volume between storage pools, +one must migrate the VM to a different host as well to force the VM XML domain update. +Use 'migrateVirtualMachineWithVolumes' instead or stop the Instance and then migrate +the volume. #. Log in to the CloudStack UI as a user or admin. @@ -1083,7 +1128,7 @@ Volume statistics are collected on a regular interval (defined by global setting volume.stats.interval with a default of 600 seconds). This feature is currently only available for VMware and KVM. Volume stats include include bytes/s and IO/s statistics as shown in the -API output bellow. +API output below. .. code:: bash @@ -1099,6 +1144,7 @@ API output bellow. "diskkbsread": 343124, "diskkbswrite": 217619, ... + Bytes read/write, as well as the total IO/s, are exposed via UI, as shown in the image below. |volume-metrics.png| @@ -1157,12 +1203,12 @@ Following is the example for checkVolume API usage and the result in the volume Importing and Unmanaging Volumes from Storage Pools -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Since Apache CloudStack 4.19.1.0, importing and unmanaging volumes from primary storage pools are supported. .. note:: - Currenty the supported storage types are: NFS, Ceph and Local storage for KVM hypervisor. + Currently the supported storage types are: NFS, Ceph and Local storage for KVM hypervisor. #. Log in to the CloudStack UI as an administrator. @@ -1285,11 +1331,18 @@ is running, the global setting 'kvm.snapshot.enabled' must be set to 'True'. The Volume Snapshot creation has changed in recent versions: -Under the hood, first, a full Instance Snapshot is taken - this means that during the taking of -the Instance Snapshot the Instance will be in the "Paused" state (while RAM memory is being written to the -QCOW2 file), which means that Instance will be unavailable from the Network point of view. -When the Instance Snapshot is created, Instance is unpaused/resumed, the single Volume Snapshot is exported -to the Secondary Storage, and then the Instance Snapshots is removed from the Instance. +When the VM is running, a disk-only VM snapshot is taken, exclusively for the volume in question. +If the VM is stopped, the volume will be converted (with qemu-img convert). The final storage location is +determined by the ``snapshot.backup.to.secondary`` configuration; if it is false the snapshot will be copied +to a different directory in the same primary storage as the volume; if it is true the snapshot will be copied +to the secondary storage. If the snapshot is being taken in a file-based storage (NFS, SharedMountPoint, Local), +it will be copied directly to its final storage location, according to the configuration. + +Since 4.21.0.0, ACS supports incremental snapshots for the KVM hypervisor when using file-based storage (NFS, SharedMountPoint, Local), +to enable incremental snapshots the ``kvm.incremental.snapshot`` configuration must be enabled. Furthermore, in order to take incremental snapshots +the KVM host must have at least Libvirt version 7.6.0+ and qemu version 6.1+. The size of the snapshot chains +will be determined by the ``snapshot.delta.max`` configuration, which affects both KVM and XenServer snapshots. +More information on the incremental snapshot feature for KVM can be found in its `specification `_. Automatic Snapshot Creation and Retention @@ -1305,7 +1358,7 @@ policy can be set up per disk volume. For example, a user can set up a daily Snapshot at 02:30. With each Snapshot schedule, users can also specify the number of -scheduled Snapshots to be retained. Older Snapshots that exceed the +recurring Snapshots to be retained. Older Snapshots that exceed the retention limit are automatically deleted. This user-defined limit must be equal to or lower than the global limit set by the CloudStack administrator. See `“Globally Configured @@ -1331,7 +1384,7 @@ incremental backups are supported, every N backup is a full backup. +------------------------------+------------------+------------------+-----+ | | VMware vSphere | Citrix XenServer | KVM | +==============================+==================+==================+=====+ -| Support incremental backup | No | Yes | No | +| Support incremental backup | No | Yes | Yes | +------------------------------+------------------+------------------+-----+ .. note:: @@ -1409,7 +1462,7 @@ Snapshot request fails and returns an error message. Snapshot Copy ~~~~~~~~~~~~~ -CloudStack allows copying an exisiting backed-up snapshot to multiple zones. +CloudStack allows copying an existing backed-up snapshot to multiple zones. Users can either use the UI in the snapshot details view or the `copySnapshot` API to copy a snapshot from one zone to other zone(s). Snapshot copies can be used for disastser recovery and creating volumes and templates in the @@ -1485,6 +1538,8 @@ To create a new bucket, click create Bucket, provide the following details, and #. Object Store: Select the object store where you want the Bucket to reside +#. Quota in GiB: Enforce a quota on the bucket. This is a mandatory field since 4.21 as it is used to enforce resource limit on object store usage. + Based on the selected Object Store, you can specify additional details like quota, encryption, policy. |Createbucket.png| @@ -1525,8 +1580,17 @@ Deleting objects from a bucket 2. Click on the |delete-button.png| button to delete the selected files from the bucket. + +Configuring resource limits on buckets and object storage usage +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Administrators can enforce limits on the maximum number of buckets they can be created and +the total object storage space that can be allocated at an account, domain and project level. +Allocated storage is the sum of quota used by all of the buckets. +Administrators can do this by going to the configure limits tab in accounts, domains and projects +similar to when enforcing resource limits on volumes, primary storage usage etc. + Shared FileSystems ---------------- +------------------ CloudStack offers fully managed NFS Shared FileSystems to all users. This section gives technical details on how to create/manage a Shared FileSystem @@ -1536,7 +1600,7 @@ using basic lifecycle operations and also some implementation details. This feature is available only on advanced zones without security groups. Creating a New Shared FileSystem -~~~~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #. Log in to the CloudStack UI as a user or administrator. @@ -1600,25 +1664,28 @@ Supported lifecycle operations are : Shared FileSystem Instance -~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~ + The Shared FileSystem Instance is stateless and HA enabled. A new instance is deployed and will start serving the NFS share if the host or VM goes down. The VM is installed with the SystemVM template which is also used by the CPVM and SSVM. The Shared FileSystem Instance can be seen in the Instances Tab as well. It's name is prefixed by the string "sharedfs-" plus the Shared FileSystem name. Actions that might interfere with Shared FileSystem operations are blocked or not shown. -Basic operaions like Start, Stop and Reboot are allowed for troubleshooting. +Basic operations like Start, Stop and Reboot are allowed for troubleshooting. Users can access the VM using the 'View Console' button for troubleshooting although it is not required during normal operations. Service Offering ~~~~~~~~~~~~~~~~ + There are two global settings that control what should be the minimum RAM size and minimum CPU count for the Shared FileSystem Instance : 'sharedfsvm.min.cpu.count' and 'sharedfsvm.min.ram.size`. Only those offerings which meet these settings and have HA enabled are shown in the create form. Shared FileSystem Data Volume -~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + The data volume is also visible to the users. It is recommended to use the Shared FileSystem UI/API to manage the data but users or admin can perform actions directly on the data volume or the root volume as well if they wish. Attaching and detaching a disk is not allowed on a Shared FileSystem Instance. @@ -1685,4 +1752,7 @@ as well if they wish. Attaching and detaching a disk is not allowed on a Shared :alt: NFS mount options in add Primary Storage .. |nfs-mount-options-edit-primary-storage.png| image:: /_static/images/nfs-mount-options-edit-primary-storage.png :alt: NFS mount options in edit Primary Storage - +.. |adding-storage-access-group-on-primary-storage.png| image:: /_static/images/adding-storage-access-group-on-primary-storage.png + :alt: Adding storage access groups on primary storage +.. |adding-storage-access-group-on-host.png| image:: /_static/images/adding-storage-access-group-on-host.png + :alt: Adding storage access groups on host diff --git a/source/adminguide/systemvm.rst b/source/adminguide/systemvm.rst index 356334fe27..ec0e00d298 100644 --- a/source/adminguide/systemvm.rst +++ b/source/adminguide/systemvm.rst @@ -17,7 +17,7 @@ CloudStack uses several types of system Instances to perform tasks in the cloud. In general CloudStack manages these system VMs and creates, starts, and stops them as needed based on scale and immediate -needs. However, the administrator should be aware of them and their +needs. Unlike user VMs, system VMs are expunged on destroying them. However, the administrator should be aware of them and their roles to assist in debugging issues. @@ -27,7 +27,7 @@ The System VM Template The System VMs come from a single Template. The System VM has the following characteristics: -- Debian 10.8(buster), 4.19.0 kernel with the latest security +- Debian 12(bookwork), 6.1.0 kernel with the latest security patches from the Debian security APT repository - Has a minimal set of packages installed thereby reducing the attack @@ -46,6 +46,51 @@ following characteristics: - Latest version of JRE from Sun/Oracle ensures improved security and speed +Starting with 4.20.0 release, the following architectures are supported for KVM +hypervisor: + +- Intel/AMD 64-bit (x86_64) + +- ARM 64-bit (aarch64) + +Other hypervisors only support Intel/AMD 64-bit (x86_64) + + +System VM Template bundled with packages +---------------------------------------- + +The System VM Template is bundled with the official release DEB and RPM +cloudstack-management packages for Intel/AMD 64-bit architecture and the +following hypervisors: + +- KVM + +- VMware + +- XenServer + +Currently, the ARM 64-bit template(s) are not bundled with the packages. + +During zone deployment and upgrade, the required templates, i.e., the +templates for hypervisor and architecture which are in use in the zone +if not already present will be automatically registered and seeded on +the secondary storage. + +Template(s) will be downloaded from the configured repository +and the same workflow for the registration and seeding will be used. +Repository for downloading the templates can be configured using +/etc/cloudstack/management/server.properties file by updating the +``system.vm.templates.download.repository`` property. If no custom +repository is configured, templates will be downloaded from the default +official repository. + +If the automatic download and seeding of template fails, the +template can be registered and seeded manually. +UI/API can be used to register the template if the secondary storage VM is +running in the zone. In case the secondary storage VM is not present then +manual registration and seeding can be done using ``cloud-install-sys-tmplt`` +script. + Changing the Default System VM Template --------------------------------------- @@ -58,18 +103,19 @@ of memory. .. cssclass:: table-striped table-bordered table-hover - ========== ================================================================================================ - Hypervisor Download Location - ========== ================================================================================================ - XenServer |sysvm64-url-xen| - KVM |sysvm64-url-kvm| - VMware |sysvm64-url-vmware| - Hyper-V |sysvm64-url-hyperv| - ========== ================================================================================================ + ========== ============ ================================================================================== + Hypervisor Architecture Download Location + ========== ============ ================================================================================== + XenServer x86_64 |sysvm64-url-xen| + KVM x86_64 |sysvm64-url-kvm| + KVM aarch64 |sysvm64-url-kvm-aarch64| + VMware x86_64 |sysvm64-url-vmware| + Hyper-V x86_64 |sysvm64-url-hyperv| + ========== ============ ================================================================================== #. As an administrator, log in to the CloudStack UI -#. Register the 64 bit Template. +#. Register the 64-bit Template. For example: KVM64bitTemplate @@ -89,6 +135,11 @@ of memory. Any new virtual router created in this Zone automatically picks up this Template. +#. When using multiple architectures in the Zone, same name can be used + for the templates for the different architectures and same hypervisor + to allow deployment across them depending on the compute capacity and + the zone setting - *system.vm.preferred.architecture* + #. Restart the Management Server. Accessing System VMs @@ -198,7 +249,7 @@ Console proxies can be restarted by administrators but this will interrupt existing console sessions for users. Creating an Instance Console Endpoint -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The access to an instance console is created by the API 'createConsoleEndpoint', for the instance specified in the parameter 'virtualmachineid'. By default, @@ -228,7 +279,7 @@ When ‘consoleproxy.extra.security.validation.enabled’ is false: then CloudSt does not require a token for validation. The websocket port is passed as a boot argument to the console proxy and the -management server decides between the secure or unsecure port (8443 or 8080) when +management server decides between the secure or insecure port (8443 or 8080) when setting the boot arguments for the CPVM. - The secure port 8443 is sent as a boot argument when: @@ -265,7 +316,7 @@ communication with SSL: Changing the Console Proxy SSL Certificate and Domains -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The administrator can configure SSL encryption by selecting a domain and uploading a new SSL certificate and private key. The domain must @@ -656,55 +707,55 @@ column in 'Failed'/'Passed' if there are health check failures of any type. Following global configs have been added for configuring health checks: - ``router.health.checks.enabled`` - If true, router health checks are allowed - to be executed and read. If false, all scheduled checks and API calls for on - demand checks are disabled. Default is true. + to be executed and read. If false, all scheduled checks and API calls for on + demand checks are disabled. Default is true. - ``router.health.checks.basic.interval`` - Interval in minutes at which basic - router health checks are performed. If set to 0, no tests are scheduled. Default - is 3 mins as per the pre 4.14 monitor services. + router health checks are performed. If set to 0, no tests are scheduled. Default + is 3 mins as per the pre 4.14 monitor services. - ``router.health.checks.advanced.interval`` - Interval in minutes at which - advanced router health checks are performed. If set to 0, no tests are scheduled. - Default value is 10 minutes. + advanced router health checks are performed. If set to 0, no tests are scheduled. + Default value is 10 minutes. - ``router.health.checks.config.refresh.interval`` - Interval in minutes at which - router health checks config - such as scheduling intervals, excluded checks, etc - is updated on virtual routers by the management server. This value should be - sufficiently high (like 2x) from the router.health.checks.basic.interval and - router.health.checks.advanced.interval so that there is time between new results - generation for passed data. Default is 10 mins. + router health checks config - such as scheduling intervals, excluded checks, etc + is updated on virtual routers by the management server. This value should be + sufficiently high (like 2x) from the router.health.checks.basic.interval and + router.health.checks.advanced.interval so that there is time between new results + generation for passed data. Default is 10 mins. - ``router.health.checks.results.fetch.interval`` - Interval in minutes at which - router health checks results are fetched by management server. On each result fetch, - management server evaluates need to recreate VR as per configuration of - 'router.health.checks.failures.to.recreate.vr'. This value should be sufficiently - high (like 2x) from the 'router.health.checks.basic.interval' and - 'router.health.checks.advanced.interval' so that there is time between new - results generation and fetch. + router health checks results are fetched by management server. On each result fetch, + management server evaluates need to recreate VR as per configuration of + 'router.health.checks.failures.to.recreate.vr'. This value should be sufficiently + high (like 2x) from the 'router.health.checks.basic.interval' and + 'router.health.checks.advanced.interval' so that there is time between new + results generation and fetch. - ``router.health.checks.failures.to.recreate.vr`` - Health checks failures defined - by this config are the checks that should cause router recreation. If empty the - recreate is not attempted for any health check failure. Possible values are comma - separated script names from systemvm’s /root/health_scripts/ (namely - cpu_usage_check.py, - dhcp_check.py, disk_space_check.py, dns_check.py, gateways_check.py, haproxy_check.py, - iptables_check.py, memory_usage_check.py, router_version_check.py), connectivity.test - or services (namely - loadbalancing.service, webserver.service, dhcp.service) + by this config are the checks that should cause router recreation. If empty the + recreate is not attempted for any health check failure. Possible values are comma + separated script names from systemvm’s /root/health_scripts/ (namely - cpu_usage_check.py, + dhcp_check.py, disk_space_check.py, dns_check.py, gateways_check.py, haproxy_check.py, + iptables_check.py, memory_usage_check.py, router_version_check.py), connectivity.test + or services (namely - loadbalancing.service, webserver.service, dhcp.service) - ``router.health.checks.to.exclude`` - Health checks that should be excluded when - executing scheduled checks on the router. This can be a comma separated list of - script names placed in the '/root/health_checks/' folder. Currently the following - scripts are placed in default systemvm Template - cpu_usage_check.py, - disk_space_check.py, gateways_check.py, iptables_check.py, router_version_check.py, - dhcp_check.py, dns_check.py, haproxy_check.py, memory_usage_check.py. + executing scheduled checks on the router. This can be a comma separated list of + script names placed in the '/root/health_checks/' folder. Currently the following + scripts are placed in default systemvm Template - cpu_usage_check.py, + disk_space_check.py, gateways_check.py, iptables_check.py, router_version_check.py, + dhcp_check.py, dns_check.py, haproxy_check.py, memory_usage_check.py. - ``router.health.checks.free.disk.space.threshold`` - Free disk space threshold - (in MB) on VR below which the check is considered a failure. Default is 100MB. + (in MB) on VR below which the check is considered a failure. Default is 100MB. - ``router.health.checks.max.cpu.usage.threshold`` - Max CPU Usage threshold as - % above which check is considered a failure. + % above which check is considered a failure. - ``router.health.checks.max.memory.usage.threshold`` - Max Memory Usage threshold - as % above which check is considered a failure. + as % above which check is considered a failure. The scripts for following health checks are provided in '/root/health_checks/'. These are not exhaustive and can be modified for covering other scenarios not covered. @@ -787,7 +838,7 @@ it is upgraded: - SecurityGroup -- UserData +- User Data - DHCP @@ -902,6 +953,62 @@ System VMs (any of the Console Proxy VM, Secondary Storage VM, Virtual Router or Since CloudStack 4.16, for VMware, migration of System VMs can also be done to a destination host in a different cluster belonging to the same pod (in case of cluster-wide primary storage pools, this will cause the Root volume of the system VM to be migrated to the appropriate datastore in the new cluster). Storage migration of stopped System VMs is also supported. +Customizing System VMs +---------------------- + +CloudStack supports User Data for System VMs at boot time. +The default root administrator can supply initialization scripts or configuration to automate tasks +such as installing additional packages, setting environment variables, or configuring telemetry. +Ensure that the User Data is valid for cloud-init. +Invalid content may prevent a System VM from functioning correctly. + +Initialization is performed by a CloudStack service, not by the systemd +cloud-init unit, to avoid conflicts with CloudStack System VM services. + +.. warning:: + User Data offers powerful customization, but inappropriate or intrusive scripts can + destabilize or break System VMs. Avoid modifying critical services or networking unless + you fully understand the impact, and always test changes in a non-production environment + before rollout. + +To enable and configure User Data for System VMs: + +#. Create a User Data entry under the default root administrator account. +#. Set the global setting ``systemvm.userdata.enabled`` to ``true``. +#. Provide the ID of the User Data per System VM type using the following global settings: + + .. cssclass:: table-striped table-bordered table-hover + ================================= ========================================================= + Global Setting Description + ================================= ========================================================= + ``console.proxy.vm.userdata`` ID of the User Data for Console Proxy VMs + ``secstorage.vm.userdata`` ID of the User Data for Secondary Storage VMs + ``virtual.router.userdata`` ID of the User Data for Virtual Routers, VPC VR, + internal LB Instances, and elastic LB Instances + ================================= ========================================================= + +#. Destroy the System VMs and allow CloudStack to re-deploy them to apply the changes. + +.. note:: + Only the default root administrator can set the global settings for System VM User Data. + The associated User Data entries must also be created under the default root administrator account. + +.. note:: + The size of the User Data that can be sent is dependent on the + hypervisor. This is because of the way it is provided to the system VM. + The user data is compressed and encoded in base64 format when it is + provided to the system VM along with other system VM configurations. + + - KVM: Uses QEMU Guest Agent to write configuration directly to + ``/var/cache/cloud/cmdline`` inside the VM + + - XenServer (HVM): Stores in XenStore key ``vm-data/cloudstack/init`` + + - VMware: Sets as ``machine.id`` extraConfig parameter + + The operator needs to ensure that the user data is within the limits + of the hypervisor. + Troubleshoot networks from System VMs ------------------------------------- .. |run-diagnostics-icon.png| image:: /_static/images/run-diagnostics-icon.png diff --git a/source/adminguide/templates.rst b/source/adminguide/templates.rst index e92db413c6..2373fea198 100644 --- a/source/adminguide/templates.rst +++ b/source/adminguide/templates.rst @@ -136,7 +136,7 @@ in a private Zone, it is available only to Users in the domain assigned to that Zone. If a public Template is created in a public Zone, it is available to all Users in all domains. - +.. _creating-a-template-from-an-existing-virtual-machine: Creating a Template from an Existing Instance --------------------------------------------- @@ -271,11 +271,11 @@ To upload a Template: - **Tag**: The tag for the template. This tag can be used with host tags to allow deployment of Instances on specific hosts. - - **Userdata**: The registered Userdata are listed. Select the + - **User Data**: The registered User Data entries are listed. Select the desired one. - - **Userdata link policy**: Select the userdata override policy as required. - For more information on userdata and override link policy, please check `Userdata section `_. + - **User Data link policy**: Select the User Data override policy as required. + For more information on User Data and override link policy, please check `User Data section `_. - **Hypervisor**: The supported hypervisors are listed. Select the @@ -447,7 +447,7 @@ can also attach ISO images to Guest Instances. For example, this enables installing PV drivers into Windows. ISO images are not hypervisor-specific. - +.. _adding-an-iso: Adding an ISO ------------- @@ -597,8 +597,10 @@ Attaching an ISO to a Instance .. |template-permissions-update-2.png| image:: /_static/images/template-permissions-update-2.png :alt: Sharing template with 2 specific projects .. |template-permissions-update-3.png| image:: /_static/images/template-permissions-update-3.png - :alt: Revoking permissins from Account "user8" + :alt: Revoking permissions from Account "user8" .. |template-permissions-update-4.png| image:: /_static/images/template-permissions-update-4.png - :alt: Revoking permsissons from both projects previously added + :alt: Revoking permissions from both projects previously added .. |template-permissions-update-5.png| image:: /_static/images/template-permissions-update-5.png - :alt: Reseting (removing all) permissions + :alt: Resetting (removing all) permissions +.. |iso.png| image:: /_static/images/iso-icon.png + :alt: depicts adding an iso image diff --git a/source/adminguide/templates/._create_linux.rst.swp b/source/adminguide/templates/._create_linux.rst.swp new file mode 100644 index 0000000000..a5e9a0d741 Binary files /dev/null and b/source/adminguide/templates/._create_linux.rst.swp differ diff --git a/source/adminguide/templates/_bypass-secondary-storage-kvm.rst b/source/adminguide/templates/_bypass-secondary-storage-kvm.rst index 0aa5376a32..080e5ef9a9 100644 --- a/source/adminguide/templates/_bypass-secondary-storage-kvm.rst +++ b/source/adminguide/templates/_bypass-secondary-storage-kvm.rst @@ -49,7 +49,8 @@ From CloudStack 4.14.0, system VM Templates also support direct download. An adm Uploading Certificates for Direct Downloads -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + For direct downloads over HTTPS, the KVM hosts must have valid certificates. These certificates can be either self-signed or signed and will allow the KVM hosts to access the Templates/ISOs and download them. CloudStack provides some APIs to handle certificates for direct downloads: @@ -85,7 +86,7 @@ CloudStack provides some APIs to handle certificates for direct downloads: upload templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID certificate=CERTIFICATE_FORMATTED hostid=HOST_ID Synchronising Certificates for Direct Downloads -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ As new hosts may be added to a zone which do not include a certificate which was previously uploaded to pre-existing hosts. @@ -97,7 +98,7 @@ CloudStack provides a way to synchronize certificates across all the connected h - Upload missing certificates to hosts Direct Download Timeouts -~~~~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^^^^ With 4.14.0, ability to configure different timeout values for the direct downloading of Templates has been added. Three new global settings have been added for this: diff --git a/source/adminguide/templates/_cloud_init.rst b/source/adminguide/templates/_cloud_init.rst index 1494308004..93413e6dc1 100644 --- a/source/adminguide/templates/_cloud_init.rst +++ b/source/adminguide/templates/_cloud_init.rst @@ -22,7 +22,7 @@ Cloudstack and cloud-init integration provide Instances with advanced management * Password management * SSH keys management * Partition management -* User-data input +* User Data input * `Other modules `_ @@ -112,7 +112,7 @@ These features can be implemented in `“Linux Template creation process” <_cr If the cloud-init ssh module is set to run every boot, it will regenerate the certificate fingerprint of the host. This will cause a warning to anyone that logs in the system and also bring trouble to anyone trying to automate ssh access. - Disable cloud-init regenerating host certificates on boot. If Template certificates are deleted they will be regenerated by the OS on instnace first boot. + Disable cloud-init regenerating host certificates on boot. If Template certificates are deleted they will be regenerated by the OS on instance first boot. .. code:: bash @@ -198,7 +198,7 @@ These features can be implemented in `“Linux Template creation process” <_cr .. warning:: - The example code above is based on XFS parition type. If ext4 partitioning is utilized replace **xfs_growfs** with **resize2fs** in the last code line. + The example code above is based on XFS partition type. If ext4 partitioning is utilized replace **xfs_growfs** with **resize2fs** in the last code line. It is possible to also use cloud-init `resize2fs module `_ . - **Enable autoresize on every boot** @@ -211,9 +211,9 @@ These features can be implemented in `“Linux Template creation process” <_cr sudo sed -i s/" - runcmd"/" - [runcmd, always]"/g /etc/cloud/cloud.cfg sudo sed -i s/" - scripts-user"/" - [scripts-user, always]"/g /etc/cloud/cloud.cfg -#. **User-data** +#. **User Data** - Cloud-init can parse and execute user-data form Cloud-stack during Instance creation. This feature works as is without additional configuration. + Cloud-init can parse and execute User Data form Cloud-stack during Instance creation. This feature works as is without additional configuration. #. **Network configuration with ConfigDrive** diff --git a/source/adminguide/templates/_create_linux.rst b/source/adminguide/templates/_create_linux.rst index 895e2e0909..d53a7b9b34 100644 --- a/source/adminguide/templates/_create_linux.rst +++ b/source/adminguide/templates/_create_linux.rst @@ -29,8 +29,7 @@ An overview of the procedure is as follow: #. Upload your Linux ISO. - For more information, see `“Adding an - ISO” `_. + For more information, see :ref:`adding-an-iso`. #. Create an Instance with this ISO. @@ -112,7 +111,7 @@ templating of Centos and Ubuntu. deluser myuser --remove-home - User password management and reset cappabilities in GUI are available with: + User password management and reset capabilities in GUI are available with: * `Cloud-init integration `_ * `Adding Password Management to Your Templates `_ /Legacy for non systemd systems only/ @@ -129,9 +128,9 @@ templating of Centos and Ubuntu. Volumes can autorextend after reboot when partition is extended in the GUI. This feature is possible with `Cloud-init integration `_. -#. **User-data** +#. **User Data** - Cloudstack can push user-data during Instance creation. + Cloudstack can push User Data during Instance creation. This feature is possible with `Cloud-init integration `_. #. **Template cleanup** @@ -213,5 +212,4 @@ templating of Centos and Ubuntu. #. **Create the Template!** You are now ready to create the Final Template, for more information see - `“Creating a Template from an Existing Virtual - Machine” <#creating-a-template-from-an-existing-instance>`_. + :ref:`creating-a-template-from-an-existing-virtual-machine`. diff --git a/source/adminguide/templates/_create_windows.rst b/source/adminguide/templates/_create_windows.rst index eeeb8768ac..ae63f61b13 100644 --- a/source/adminguide/templates/_create_windows.rst +++ b/source/adminguide/templates/_create_windows.rst @@ -32,13 +32,17 @@ An overview of the procedure is as follows: #. Upload your Windows ISO. - For more information, see `“Adding an - ISO” `_. + For more information, see :ref:`adding-an-iso`. #. Create an instance with this ISO. For more information, see `“Creating - instances” `_. + instances” <../virtual_machines.html#creating-instances>`_. + +#. Add Virtual TPM device to the instance. + + For more information, see `“Instance Settings for Virtual Trusted Platform Module (vTPM) + ” <../virtual_machines.html#instance-settings-for-virtual-trusted-platform-module-vtpm>`_. #. Follow the steps in Sysprep for Windows Server 2008 R2 (below) or Sysprep for Windows Server 2003 R2, depending on your version of @@ -49,7 +53,7 @@ An overview of the procedure is as follows: System Preparation for Windows Server 2008 R2 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ For Windows 2008 R2, you run Windows System Image Manager to create a custom sysprep response XML file. Windows System Image Manager is @@ -156,7 +160,7 @@ Use the following steps to run sysprep for Windows 2008 R2: System Preparation for Windows Server 2003 R2 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Earlier versions of Windows have a different sysprep tool. Follow these steps for Windows Server 2003 R2. diff --git a/source/adminguide/templates/_import_ami.rst b/source/adminguide/templates/_import_ami.rst index 5f307d8f5a..055d9fe937 100644 --- a/source/adminguide/templates/_import_ami.rst +++ b/source/adminguide/templates/_import_ami.rst @@ -102,14 +102,14 @@ To import an AMI: none /sys sysfs defaults 0 0 #. Enable login via the console. The default console device in a - XenServer system is xvc0. Ensure that etc/inittab and etc/securetty + XenServer system is xvc0. Ensure that etc/inittab and etc/security have the following lines respectively: .. code:: bash # grep xvc0 etc/inittab co:2345:respawn:/sbin/agetty xvc0 9600 vt100-nav - # grep xvc0 etc/securetty + # grep xvc0 etc/security xvc0 #. Ensure the ramdisk supports PV disk and PV network. Customize this diff --git a/source/adminguide/templates/_password.rst b/source/adminguide/templates/_password.rst index 3378acb50e..4b62b372ec 100644 --- a/source/adminguide/templates/_password.rst +++ b/source/adminguide/templates/_password.rst @@ -42,7 +42,7 @@ boot it will not set the password but boot will continue normally. Linux OS Installation -~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^ Use the following steps to begin the Linux OS installation: @@ -78,7 +78,7 @@ Use the following steps to begin the Linux OS installation: Windows OS Installation -~~~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^^^ Download the installer, CloudInstanceManager.msi, from the `Download page `_ diff --git a/source/adminguide/troubleshooting.rst b/source/adminguide/troubleshooting.rst index 7bb889fbec..20d6d6a870 100644 --- a/source/adminguide/troubleshooting.rst +++ b/source/adminguide/troubleshooting.rst @@ -241,7 +241,7 @@ load balancing rules so that they continue to function. Troubleshooting Internet Traffic -------------------------------- -Below are a few troubleshooting steps to check whats going wrong with your +Below are a few troubleshooting steps to check what's going wrong with your network... @@ -270,7 +270,7 @@ Trouble Shooting Steps If the pings dont work, run *tcpdump(8)* all over the place to check who is gobbling up the packets. Ultimately, if the switches are not - configured correctly, CloudStack networking wont work so fix the + configured correctly, CloudStack networking won't work so fix the physical networking issues before you proceed to the next steps #. Ensure `Traffic Labels `_ are set for the Zone. @@ -321,7 +321,7 @@ Trouble Shooting Steps #. KVM traffic labels require to be named as *"cloudbr0"*, *"cloudbr2"*, *"cloudbrN"* etc and the corresponding bridge must exist on the KVM hosts. If you create labels/bridges with any other names, CloudStack - (atleast earlier versions did) seems to ignore them. CloudStack does not + (at least earlier versions did) seems to ignore them. CloudStack does not create the physical bridges on the KVM hosts, you need to create them **before** before adding the host to Cloudstack. @@ -386,7 +386,7 @@ Trouble Shooting Steps Instances by default. Their public IPs will also be directly pingable from the Internet. Please note that these test would work only if your switches and traffic labels are configured correctly for your - environment. If your SSVM/CPVM cant reach the Internet, its very + environment. If your SSVM/CPVM can't reach the Internet, its very unlikely that the Virtual Router (VR) can also the reach the Internet suggesting that its either a switching issue or incorrectly assigned traffic labels. Fix the SSVM/CPVM issues before you debug VR issues. @@ -430,7 +430,7 @@ Trouble Shooting Steps round-trip min/avg/max/stddev = 28.098/44.021/69.179/17.998 ms #. However, the Virtual Router's (VR) Source NAT Public IP address - **WONT** be reachable until appropriate Ingress rules are + **WON'T** be reachable until appropriate Ingress rules are in place. You can add *Ingress* rules under *Network, Guest Network, IP Address, Firewall* setting page. @@ -451,6 +451,6 @@ Trouble Shooting Steps In a vast majority of the cases, the problem has turned out to be at the switching layer where the L3 switches were configured incorrectly. -This section was contibuted by Shanker Balan and was originally published on +This section was contributed by Shanker Balan and was originally published on `Shapeblue's blog `_ diff --git a/source/adminguide/tuning.rst b/source/adminguide/tuning.rst index ae7450ef77..bb214602ee 100644 --- a/source/adminguide/tuning.rst +++ b/source/adminguide/tuning.rst @@ -109,6 +109,10 @@ db.simulator.connectionPoolLib To use DBCP 2, the value for the configuration must be set to 'dbcp'. An empty value or 'hikaricp' will allow using HikariCP. +For large-scale environments, HikariCP should perform better. For environments +running management server with constrained memory resources, using DBCP may +work better in terms of memory usage. + Monitor the Database Load ------------------------- diff --git a/source/adminguide/ui.rst b/source/adminguide/ui.rst index 3a84aa229a..047d2f82cf 100644 --- a/source/adminguide/ui.rst +++ b/source/adminguide/ui.rst @@ -45,6 +45,10 @@ the default username is password. Domain -> If you are a root User, leave this field blank. +.. note:: + + Since 4.21 it is possible to login to a specific Project view by enabling the 'displayProjectFieldOnLogin' setting on config.json (which is disabled by default). Please refer to: :ref:`enable-login-to-project-view`. + If you are a User in the sub-domains, enter the full path to the domain, excluding the root domain. @@ -178,30 +182,33 @@ new, unique value. #. Type the new password, and click OK. -Basic UI Customization +Basic UI Customisation ~~~~~~~~~~~~~~~~~~~~~~ Users can customize the CloudStack's user interface by means of a configuration file at /etc/cloudstack/management/config.json which can be used to modify the theme, logos, etc. to align to one's requirement. To change the logo, login banner, error page icon, etc. the following details can be edited in config.json: -============================= ================================================================ +======================================= ================================================================================================================================================================== Property Description -============================= ================================================================ -apiBase Changes the suffix for the API endpoint -docBase Changes the base URL for the documentation -appTitle Changes the title of the portal -footer Changes the footer text -loginFavicon Changes the favicon of the login page -loginFooter Configure to display text (HTML) in the footer at the login screen -loginTitle Changes the title of the login page -logo Changes the logo top-left side image -minilogo Changes the logo top-left side image when menu is collapsed -banner Changes the login banner image -error.404 Changes the image of error Page not found -error.403 Changes the image of error Forbidden -error.500 Changes the image of error Internal Server Error -============================= ================================================================ +======================================= ================================================================================================================================================================== +apiBase Changes the suffix for the API endpoint +docBase Changes the base URL for the documentation +appTitle Changes the title of the portal +footer Changes the footer text +loginFavicon Changes the favicon of the login page +loginFooter Configure to display text (HTML) in the footer at the login screen +loginTitle Changes the title of the login page +logo Changes the logo top-left side image +minilogo Changes the logo top-left side image when menu is collapsed +banner Changes the login banner image +error.404 Changes the image of error Page not found +error.403 Changes the image of error Forbidden +error.500 Changes the image of error Internal Server Error +imageSelectionInterface Allows specifying view for image(template/ISO) selection in several UI forms. Supported values are: "modern" and "legacy". Default view is "modern" +showUserCategoryForModernImageSelection Enables showing or hiding _User_ category in the *modern* image selection view which will show all user-owned images for the logged in user. Default value is true +showAllCategoryForModernImageSelection Enables showing or hiding _All_ category in the *modern* image selection view which will show all available images for the logged in user. Default value is false +======================================= ================================================================================================================================================================== .. parsed-literal:: @@ -219,7 +226,7 @@ error.500 Changes the image of error Internal Server Error } -Customization of themes is also possible, such as, modifying banner width, general color, etc. This can be done by editing the "theme" section of the config.json file. Theme section provides following properties for customization: +Customisation of themes is also possible, such as, modifying banner width, general color, etc. This can be done by editing the "theme" section of the config.json file. Theme section provides following properties for customisation: ============================= ================================================================ Property Description @@ -329,7 +336,7 @@ that have a title, text (description), link and icon. }, Contextual help documentation URLs can be customized with the help of `docBase` and `docHelpMappings` properties. -To override a particular documentation URL, a mapping can be added for the URL path in the config. A documentation URL is formed by combining the `docBase` URL base and a path set in the source code. Adding a mapping for any particular path in the configuration will result in generating documetation URL with overridden path. +To override a particular documentation URL, a mapping can be added for the URL path in the config. A documentation URL is formed by combining the `docBase` URL base and a path set in the source code. Adding a mapping for any particular path in the configuration will result in generating documentation URL with overridden path. By default, `docHelpMappings` lists all existing documentation URL suffixes, mapped to themselves, in the configuration file that are used in the code. .. parsed-literal:: @@ -370,7 +377,7 @@ By default, `docHelpMappings` lists all existing documentation URL suffixes, map "adminguide/networking_and_traffic.html#creating-a-vpn-gateway-for-the-vpc": "adminguide/networking_and_traffic.html#creating-a-vpn-gateway-for-the-vpc", "adminguide/networking_and_traffic.html#enabling-or-disabling-static-nat": "adminguide/networking_and_traffic.html#enabling-or-disabling-static-nat", "adminguide/networking_and_traffic.html#load-balancing-across-tiers": "adminguide/networking_and_traffic.html#load-balancing-across-tiers", - "adminguide/networking_and_traffic.html#releasing-an-ip-address-alloted-to-a-vpc": "adminguide/networking_and_traffic.html#releasing-an-ip-address-alloted-to-a-vpc", + "adminguide/networking_and_traffic.html#releasing-an-ip-address-allotted-to-a-vpc": "adminguide/networking_and_traffic.html#releasing-an-ip-address-allotted-to-a-vpc", "adminguide/networking_and_traffic.html#reserving-public-ip-addresses-and-vlans-for-accounts": "adminguide/networking_and_traffic.html#reserving-public-ip-addresses-and-vlans-for-accounts", "adminguide/networking_and_traffic.html#restarting-and-removing-a-vpn-connection": "adminguide/networking_and_traffic.html#restarting-and-removing-a-vpn-connection", "adminguide/networking_and_traffic.html#security-groups": "adminguide/networking_and_traffic.html#security-groups", @@ -480,23 +487,104 @@ Example for adding custom plugins: plugins: [ { "name": "ExamplePlugin", - "icon": "appstore", + "icon": "appstore-outlined", "path": "example.html" }, { "name": "ExamplePlugin1", - "icon": "appstore", + "icon": "appstore-outlined", "path": "https://cloudstack.apache.org/" } ] ... } -`icon` for the plugin can be chosen from Ant Design icons listed at `Icon - Ant Design Vue`_. +`icon` for the plugin can be chosen from Ant Design icons listed at `https://3x.antdv.com/components/icon `_. + +.. warning:: + Not all ant icons are supported at the moment. You will find a list of supported icons + within the github repository in ui/src/core/lazy_lib/icons_use.js. To use an icon you + need to transform the listed name. For example "PieChartOutlined" needs to be transformed + to "pie-chart-outlined", "ReadOutlined" needs to be transformed to "read-outlined". + For displaying a custom HTML in the plugin, HTML file can be stored in the CloudStack management server's web application directory on the server, i.e., */usr/share/cloudstack-management/webapp* and `path` can be set to the name of the file. For displaying a service or a web page, URL can be set as the `path` of the plugin. |ui-custom-plugin.png| + +Announcement Banner +=================== + +Admin can configure an **announcement banner** in `config.json` to display alerts or messages to all users. +This banner is useful for communicating important notices such as performance issues, scheduled maintenance, or general announcements. +To enable and customize the banner, use the `announcementBanner` section in the config.json file. + +This section supports the following properties: + +**Configuration Example** + +.. parsed-literal:: + + "announcementBanner": { + "enabled": true, + "showIcon": true, + "closable": true, + "persistDismissal": true, + "type": "warning", + "message": "Performance Notice: We're experiencing high load. Some operations may be slower than usual.", + "startDate": "2025-06-01T00:00:00Z", + "endDate": "2025-07-16T00:00:00Z" + } + +**Banner Display Example** + +Based on the configuration above, the following banner is shown in the user interface: + +.. image:: /_static/images/ui-announcement-banner.png + :align: center + :alt: UI Announcement banner + +-------- + +**Properties Description** + +- **enabled**: Enables or disables the announcement banner (`true` or `false`). +- **showIcon**: Displays an icon alongside the message. The icon corresponds to the banner `type`. +- **closable**: Allows users to close the banner. +- **persistDismissal**: Remembers the user's dismissal of the banner, so it doesn't reappear. +- **type**: Specifies the type of banner. Supported values are: + + - `info` + - `warning` + - `error` + - `success` + +- **message**: The HTML-formatted content displayed in the banner. +- **startDate** / **endDate**: Define the visibility window for the banner using ISO 8601 format (`YYYY-MM-DDTHH:MM:SSZ`). + +.. note:: + + - The `message` property supports basic HTML, allowing styled content such as `` tags for emphasis. + - Banner's background color changes based on `type` property value. White color is used for banner if `type` is not defined or has invalid value. + - Multi-line message is supported, however recommendation is to limit it to 2 lines. Content may overlap banner for more than 2 lines. + + +Instance Image Selection Customisation +------------------------------------- + +In the UI, there are several forms where the user needs to select an image (template/ISO) for an instance, such as deploying an instance, reinstalling an instance, creating a VNF appliance, etc. The image selection interface for these forms can be selected by the operator based on preference by specifying properties in the UI configuration file (config.json). + +The configuration property _imageSelectionInterface_ can be set to one of these values: modern or legacy. The default value is *modern*. + +When the *modern* interface is used, images will be categorized based on the guest operating system categories. Further customisation can be done using the configuration properties showUserCategoryForModernImageSelection and showAllCategoryForModernImageSelection to allow or disallow the display of additional categories. + +|ui-modern-image-selection.png| + +The *legacy* interface will display images based on templatefilter/isofilter, i.e., Featured, Community, My Templates/ISOs, and Shared. + +|ui-legacy-image-selection.png| + + Advanced UI Customisation ~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -576,6 +664,23 @@ For the UI to work with different servers, it is necessary to configure the Ngin |ui-multiple-server-management.png| +.. _enable-login-to-project-view: + +Enable Login to Project View +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +User can use the file /etc/cloudstack/management/config.json to enable the Project field displayed on Login by the setting: + +============================= ================================================================= +Property Description +============================= ================================================================= +displayProjectFieldOnLogin Disabled by default. When enabled, login directly to Project view +============================= ================================================================= + +When the Project field is set and the Project exists, the user is directly directed to the Project view instead of the Default View. + +|ui-login-project-view.png| + Known Limitations ~~~~~~~~~~~~~~~~~ @@ -589,8 +694,17 @@ The following features are no longer supported or available in the UI but are st .. |change-password.png| image:: /_static/images/change-password.png :alt: button to change a User's password +.. |ui-modern-image-selection.png| image:: /_static/images/ui-modern-image-selection.png + :alt: Modern Image Selection + +.. |ui-legacy-image-selection.png| image:: /_static/images/ui-legacy-image-selection.png + :alt: Legacy Image Selection + .. |ui-custom-plugin.png| image:: /_static/images/ui-custom-plugin.png :alt: Custom plugin shown in UI with navigation .. |ui-multiple-server-management.png| image:: /_static/images/ui-multiple-server-management.png :alt: Custom plugin shown in UI with navigation + +.. |ui-login-project-view.png| image:: /_static/images/ui-login-project-view.png + :alt: Enabling the Project field on login diff --git a/source/adminguide/usage.rst b/source/adminguide/usage.rst index 773c69325e..9363d7900f 100644 --- a/source/adminguide/usage.rst +++ b/source/adminguide/usage.rst @@ -249,20 +249,29 @@ max.account.cpus Maximum number of CPU cores that can be used Default is 40. max.account.ram (MB) Maximum RAM that can be used for an Account. Default is 40960. +max.account.gpus Maximum number of GPUs that can be used for an Account. + Default is 20. max.account.primary.storage (GB) Maximum primary storage space that can be used for an Account. Default is 200. max.account.secondary.storage (GB) Maximum secondary storage space that can be used for an Account. Default is 400. -max.project.cpus Maximum number of CPU cores that can be used for an Account. +max.project.cpus Maximum number of CPU cores that can be used for a Project. Default is 40. -max.project.ram (MB) Maximum RAM that can be used for an Account. +max.project.ram (MB) Maximum RAM that can be used for a Project. Default is 40960. -max.project.primary.storage (GB) Maximum primary storage space that can be used for an Account. +max.project.gpus Maximum number of GPUs that can be used for a Project. + Default is 20. +max.project.primary.storage (GB) Maximum primary storage space that can be used for a Project. Default is 200. -max.project.secondary.storage (GB) Maximum secondary storage space that can be used for an Account. +max.project.secondary.storage (GB) Maximum secondary storage space that can be used for a Project. Default is 400. =================================== ================================================================= +The GPU devices are not detached when the Instance is stopped. Therefore, +the GPU devices for stopped Instances are counted towards the resource limits. +To avoid this, the administrator can set the `gpu.detach.on.stop` global +setting to `true` to detach the GPU devices when the Instance is stopped. + The administrator can also set limits for specific tagged host and storage resources for an account or domain. Such tags must be specified in the following global settings: @@ -697,8 +706,6 @@ Load Balancer Policy or Port Forwarding Rule Usage Record Format - usageid - ID of the load balancer policy or port forwarding rule -- usagetype - A number representing the usage type (see Usage Types) - - startdate, enddate - The range of time for which the usage is aggregated; see Dates in the Usage Record @@ -723,15 +730,11 @@ Network Offering Usage Record Format - rawusage – A number representing the actual usage in hours -- usageid – ID of the Network offering - -- usagetype – A number representing the usage type (see Usage Types) - -- offeringid – Network offering ID +- offeringid – ID of the Network offering -- virtualMachineId – The ID of the Instance +- virtualmachineid – The ID of the Instance -- virtualMachineId – The ID of the Instance +- isdefault – The default nic of the Instance - startdate, enddate – The range of time for which the usage is aggregated; see Dates in the Usage Record @@ -759,8 +762,6 @@ VPN User Usage Record Format - usageid – VPN User ID -- usagetype – A number representing the usage type (see Usage Types) - - startdate, enddate – The range of time for which the usage is aggregated; see Dates in the Usage Record diff --git a/source/adminguide/veeam_plugin.rst b/source/adminguide/veeam_plugin.rst index 8afb80c26d..eaa63632ef 100644 --- a/source/adminguide/veeam_plugin.rst +++ b/source/adminguide/veeam_plugin.rst @@ -13,12 +13,12 @@ specific language governing permissions and limitations under the License. -.. _Veeam Backup and Recovery Plugin: +.. _Veeam Backup and Replication Plugin: -Veeam Backup and Recovery Plugin +Veeam Backup and Replication Plugin ================================= -About the Veeam Backup and Recovery Plugin +About the Veeam Backup and Replication Plugin ------------------------------------------- There are a couple of important concepts to understand before working with the Veeam plugin. @@ -44,10 +44,10 @@ There are a couple of important concepts to understand before working with the V remaining image(s) -Installing Veeam Backup and Recovery for use with CloudStack +Installing Veeam Backup and Replication for use with CloudStack ------------------------------------------------------------- -The B&R Veeam plugin has been tested against Veeam Backup and Recovery 11 and 12. The +The B&R Veeam plugin has been tested against Veeam Backup and Replication 11 and 12. The enterprise edition is required for the Enterprise Manager API. The final tested version of Veeam was on a Windows Server 2019 (with desktop), although much of the development work was done against a Windows Server 2016 OS (with desktop). @@ -129,6 +129,7 @@ Plug-in specific settings: ======================================= ======================== Configuration Description ======================================= ======================== +backup.framework.provider.plugin The backup and recovery provider plugin. Set this to 'veeam'. backup.plugin.veeam.url Veeam B&R server URL. Default: http://:9398/api/ backup.plugin.veeam.version Veeam B&R server version. CloudStack will get Veeam server version via PowerShell commands if it is 0 or not set backup.plugin.veeam.username Veeam B&R server username. Default: administrator diff --git a/source/adminguide/virtual_machines.rst b/source/adminguide/virtual_machines.rst index 1640ab0e74..3a07f40a89 100644 --- a/source/adminguide/virtual_machines.rst +++ b/source/adminguide/virtual_machines.rst @@ -205,6 +205,19 @@ following techniques: updateVirtualMachine API. After installing the tools and updating the Instance, stop and start the Instance. +Instance Metdata +~~~~~~~~~~~~~~~~ + +CloudStack provides different means for controlling an instance's metadata. + +- 'extraconfig' parameter of 'deployVirtualMachine' or 'updateVirtualMachine' API methods + can be used for setting different metadata parameters for an instance. +- Zone-level configurations - 'vm.metadata.manufacturer' and 'vm.metadata.product' can be used + to set the manufacturer and product respectively in the instance metadata. However, a + custom value for these parameters may affect cloud-init functionality for the instance + when used with CloudStack datasource. One of the requirement for cloud-init functionality + to work with CloudStack datasource is that product value should contain 'CloudStack'. + Accessing Instances ------------------- @@ -528,8 +541,8 @@ Dynamic CPU and RAM scaling can be used in the following cases: update them using the following procedure. -Updating Existing Instances -~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Enable Dynamic Scaling for Existing Instances +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If you are upgrading from a previous version of CloudStack, and you want your existing Instances created with previous versions to have the dynamic @@ -801,6 +814,12 @@ deployed to the same host. "non-strict host affinity" is similar to, but more flexible than, "host affinity", Instances are ideally placed together in the same host, but only if possible. +.. note:: When using VMware and enabling DRS, the results are + unpredictable. VMware implements similar functionality but + CloudStack does not leverage the VMware feature. As VMware is + unaware of the CloudStack definition of affinity groups, its DRS + may go against the desired configuration. + The scope of an affinity group is on an Account level. @@ -960,6 +979,153 @@ restoreVirtualMachine call. In this case, the Instance's root disk is destroyed and recreated, but from the same Template or ISO that was already in use by the Instance. +Instance Lease +-------------- + +CloudStack offers the option to create Instances with a Lease. A Lease defines a set time period after which a selected action, +such as stopping or destroying the instance, will be automatically performed. This helps optimize cloud resource usage by automatically +freeing up resources that are no longer in use. + +If a user needs an instance only for a limited time, this option can be very helpful. +When deploying an instance, users can either choose a Compute Offering that includes Instance Lease support or enable it specifically for that instance, +setting the number of days after which the instance should be stopped or destroyed once their task is complete. + + +**Configuring Instance Lease feature** + +The cloud administrator can use global configuration variables to control the behavior of Instance Lease. +To set these variables, API or CloudStack UI can be used: + +======================================= ======================== +Configuration Description +======================================= ======================== +instance.lease.enabled Indicates whether to enable the Instance Lease feature, will be applicable only on instances created after lease is enabled. **Default: false** +instance.lease.scheduler.interval Background task interval in seconds that executes Lease expiry action on eligible expired instances. Default: 3600. +instance.lease.eventscheduler.interval Background task interval in seconds that executes Lease event executor for instances about to be expired in next N days. Default: 86400 +instance.lease.expiryevent.daysbefore Denotes number of days (N) in advance expiry events are generated for instance about to expire. Default: 7 days +======================================= ======================== + +.. note:: it is recommended to configure the lowest possible value (in secs) for **instance.lease.scheduler.interval**, so that lease expiry action is taken as soon as lease is expired. + + +**Lease Parameters** + + +**leaseduration**: Lease duration is specified in days. This can take Natural numbers (>=1) and -1 to disable the lease. Max supported value is 36500 (100 years). + +User can disable Lease for instance in two ways: + +- Disable the Instance Lease during instance deployment by unchecking the 'Enable Lease' option when using a Compute Offering that supports it. +- For existing instances with a lease already enabled, it can be removed by editing the instance and unchecking the 'Enable Lease' option. + +**leaseexpiryaction**: There are two expiry action supported: + +- STOP: The instance is stopped, and it will be out of lease. The user can restart the instance manually. +- DESTROY: The instance is destroyed when the lease expires. + +.. note:: Expiry action is executed at most once on the instance, e.g. STOP action will bring instance in Stopped state on expiry and instance will be out of lease. User may choose to start it again. + + +**Using Instance Lease** + +Lease information is associated to an Instance and following parameters are used to enable lease for it: + +#. leaseduration +#. leaseexpiryaction + +Instance remains active for specified leaseduration (in days). Upon lease expiry, configured expiryaction is executed on the instance and +lease is removed from the instance for any further action. + +**Notes:** + +#. Lease Assignment: A lease can only be assigned to an instance during deployment. +#. Lease Acquisition: Instances without a lease cannot acquire one by switching to a different Compute Offering or by editing the instance. +#. Lease Inheritance: Instances inherit the lease from a Compute Offering with 'Instance Lease' feature enabled. This lease can be overridden or disabled in the “Advanced Settings”. +#. Lease Persistence: A lease is always tied to the instance. Modifications to the Compute Offering do not affect the instance's lease. +#. Non-Lease Compute Offering: Instances can have a lease by enabling it in the "Advanced Settings" for non-lease based Compute Offering too. +#. Lease Duration Management: The lease duration can be extended or reduced for instances before expiry. However, once the lease is disabled, it cannot be re-enabled for that instance. +#. Lease Expiry: Once the lease expires and the associated action is completed, the lease is annulled and cannot be reattached or extended. +#. Feature Disablement: If the lease feature is disabled, the lease associated with instances is canceled. Re-enabling the feature will not automatically reapply the lease to previously grandfathered instances. +#. Delete Protection: The DESTROY lease expiry action is skipped for instances with delete protection enabled. + +**Deployment of Instance with lease** + +There are 2 ways to deploy instance with lease from UI: + +1. Use Compute Offering which has 'Instance Lease' feature enabled. + +.. image:: /_static/images/deploy_instance_lease_offering.png + :width: 400px + :align: center + :alt: Deploy Instance with lease compute offering dialog box + +2. Enable lease under Advance settings during instance Deployment + +.. image:: /_static/images/deploy_instance_advanced_lease.png + :width: 400px + :align: center + :alt: Deploy Instance with lease using advance settings + + +**Using API** + +Pass lease parameters in the command to enable lease during instance deployment: + +.. code:: bash + + cmk deploy virtualmachine name=..... leaseduration=... leaseexpiryaction=... + +- Use Compute Offering with lease + +.. code:: bash + + cmk deploy virtualmachine name=..... serviceofferingid=lease-compute-offering + + +**Editing Instance Lease** + +The lease duration for an instance can be extended, reduced, or disabled for instances that already have an active lease. +However, it is not possible to enable the lease on an instance after it has already been deployed. + +From UI: + +.. image:: /_static/images/edit_instance_lease.png + :width: 400px + :align: center + :alt: Edit Instance Lease dialog + + +Using API: + +.. code:: bash + + cmk update virtualmachine id=fa970d19-8340-455c-a9fb-569205954fdc leaseduration=20 leaseexpiryaction=DESTROY + +To disable lease using API: + +.. code:: bash + + cmk update virtualmachine id=fa970d19-8340-455c-a9fb-569205954fdc leaseduration=-1 + +.. note:: DESTROY action will ignore instance if deleteprotection is enabled for it. + +.. note:: When the feature is disabled, the lease associated with instances is cancelled. Re-enabling the feature will not automatically reapply the lease to previously grandfathered instances. + +.. note:: Lease duration is considered as total lease for instance. + +**Instance Lease Events** + +Lease feature generates various events to help in auditing and monitoring: + +=================== ======================== +Event Type Description +=================== ======================== +VM.LEASE.EXPIRED Event is generated at lease expiry +VM.LEASE.DISABLED Denotes if lease is disabled by user/admin +VM.LEASE.CANCELLED When lease is cancelled (feature gets disabled) +VM.LEASE.EXPIRING Expiry intimation event for instance +=================== ======================== + Advanced Instance Settings -------------------------- @@ -1000,6 +1166,44 @@ An example list of settings as well as their possible values are shown on the im |vm-settings-values-dropdown-KVM-list.png| (KVM disk controllers) +|vm-settings-kvm-guest-cpu-model.png| +(KVM guest CPU model, available for root admin since 4.20.1.0) + +CloudStack supports setting the guest machine type for KVM instances since 4.22.0 by using the instance setting 'kvm.guest.os.machine.type'. The list of supported machine types will depend on the QEMU version on the KVM host. + +.. note:: + For Ubuntu 24 KVM hosts (and other distros containing QEMU 8.x versions) setting the machine type for Windows VMs to 'pc-i440fx-8.0' mitigates the issue which prevents retrieving the instance UUID from within the guest VM via: `wmic path win32_computersystemproduct get uuid`. + +Instance Settings for Virtual Trusted Platform Module (vTPM) +----------------------------- + +Trusted Platform Module (TPM) is a standard for a secure cryptoprocessor, which +can securely store artifacts used to authenticate the platform, including passwords, +certificates, or encryption keys. TPM is required by recent Windows releases. + +Virtual Trusted Platform Module (vTPM) is the software-based representation of physical TPM. +CloudStack supports vTPM for instances running on KVM and VMware since 4.20.1.0 . + +|vm-settings-uefi-secure.png| +UEFI setting + +- On Vmware, the boot type must be set to UEFI. Boot mode can be SECURE (recommended) or LEGACY. +- On KVM, it is recommended to set boot type to UEFI, and boot mode to SECURE. +- UEFI is required for some Windows versions. +- On XenServer amd XCP-ng, the boot type must be set to UEFI, boot mode can be SECURE or LEGACY. vTPM is supported on XenServer 8.3 and later versions and XCP-ng 8.4 and later versions. vTPM can be enabled by setting the virtual.tpm.enabled setting on the template or vm instance as done on VMware. +- For XenServer and XCP-ng, to boot Windows VMs in UEFI Secure more, the host needs to have Microsoft UEFI Secure Boot certificates installed. Run `secureboot-certs install` on the host to install them. This makes certificates available to OVFM, QEMU, shim tooling. + +- tpm-tis, TIS means TPM Interface Specification; +- tpm-crb, CRB means Command-Response Buffer. + +|vm-settings-virtual-tpm-version-kvm.png| +TPM version for KVM. There are two options: + +- 2.0. This is the default TPM version. It is used when version is not specified or invalid. +- 1.2. This is not supported with CRB model. + +|vm-settings-virtual-tpm-enabled-vmware.png| +Enable or disable vTPM for VMware. Instance Snapshots ================== @@ -1035,7 +1239,7 @@ like many other resources in CloudStack. KVM supports Instance Snapshots when using NFS shared storage. If raw block storage is used (i.e. Ceph), then Instance Snapshots are not possible, since there is no possibility to write RAM memory content anywhere. In such cases you can use as an alternative -`Storage-based VM Snapshots on KVM`_ +:ref:`Storage-based-Instance-Snapshots-on-KVM`. If you need more information about Instance Snapshots on VMware, check out the @@ -1044,7 +1248,7 @@ VMware documentation and the VMware Knowledge Base, especially `_. -.. _`Storage-based Instance Snapshots on KVM`: +.. _Storage-based-Instance-Snapshots-on-KVM: Storage-based Instance Snapshots on KVM --------------------------------------- @@ -1065,6 +1269,21 @@ When the snapshotting is complete, the Instance is thawed. You can use this functionality on Instances with raw block storages (E.g. Ceph/SolidFire/Linstor). +.. _Disk-only-File-based-Storage-Instance-Snapshots-on-KVM: + +Disk-only File-based Storage Instance Snapshot on KVM +----------------------------------------------------- + +Since version 4.21, CloudStack supports incremental disk-only instance snapshots for VMs on KVM that are running on file-based storages (NFS, local, shared mount point). +Different from :ref:`Storage-based-Instance-Snapshots-on-KVM`, the VM is not frozen by default; only if the ``quiescevm`` parameter is provided. Furthermore, if ``quiescevm`` is true +the VM is only frozen during the operation of creating the deltas on the volumes of the VM, thus the downtime is minimal. + +When using this snapshot strategy, you will not be able to create volume snapshots, as these two features are not compatible. If you want to use both volume snapshots and instance snapshots +at the same time, you may inform the value ``KvmFileBasedStorageVmSnapshotStrategy`` on the ``vmSnapshot.strategies.exclude`` configuration, so that +this strategy is not used and the :ref:`Storage-based-Instance-Snapshots-on-KVM` feature is used instead. + +More information on this feature may be found in the `specification `_. + Limitations on Instance Snapshots --------------------------------- @@ -1085,6 +1304,25 @@ Limitations on Instance Snapshots managed by CloudStack. Any Snapshots that you make directly on the hypervisor will not be tracked in CloudStack. +Pause During Live Instance Snapshots on KVM +------------------------------------------- + +When creating **Instance Snapshots with Memory**, CloudStack uses Libvirt’s +*domain snapshot* API to create an Internal Snapshot that includes Memory. +The guest’s memory state is written directly into the root volume’s QCOW2 file. +This causes the instance to pause for the duration of the memory dump. The pause +time is typically much longer than with VMware snapshots, but this is a limitation +with Internal Snapshots in Libvirt. + +**Instance Snapshots without Memory** has seen significant improvements since Cloudstack 4.21 with the +:ref:`Disk-only-File-based-Storage-Instance-Snapshots-on-KVM` feature for NFS and local storage. +Pre 4.21, the Instance would be frozen for the entire duration of the snapshot create operation. +Since 4.21, the Instance is only frozen during the checkpointing operation, which is significantly less. + +Users looking for the Instance Snapshot feature in KVM are recommended to use the +:ref:`Disk-only-File-based-Storage-Instance-Snapshots-on-KVM` feature, if the pause duration is a concern. +App consistent snapshots can be created by using the ``quiescevm`` parameter with pre and post-freeze hooks. +The Instance should have Qemu Guest Agent installed for this to work. Configuring Instance Snapshots ------------------------------ @@ -1251,7 +1489,25 @@ Create an Instance Template that supports SSH Keys. Creating the SSH Keypair ------------------------ -You must make a call to the createSSHKeyPair api method. You can either +#. Log in to the CloudStack UI. + +#. In the left navigation bar, click Compute --> SSH Key Pairs. + +#. Click Create a SSH Key Pair. + +#. In the dialog, make the following choices: + + - **Name**: Any desired name for the SSH Key Pair. + + - **Public key**: (Optional) Public key material of the SSH Key Pair. + + .. note:: If this field is filled in, CloudStack will register the public key. If this field is left blank, CloudStack will create a new SSH key pair. + + - **Domain**: (Optional) domain for the SSH Key Pair. + +.. note:: If Cloudstack generates a New SSH Key Pair using a public key, it will not save the private key. When shown, be sure to save a copy of it. + +You can also use the ``createSSHKeyPair`` api method to create an SSH Keypair. You can either use the CloudStack Python API library or the curl commands to make the call to the cloudstack api. @@ -1350,11 +1606,21 @@ The -i parameter tells the ssh client to use a ssh key found at Resetting SSH Keys ------------------ -With the API command resetSSHKeyForVirtualMachine, a user can set or -reset the SSH keypair assigned to an Instance. A lost or compromised -SSH keypair can be changed, and the user can access the Instance -by using the new keypair. Just create or register a new keypair, then -call resetSSHKeyForVirtualMachine. +A lost or compromised SSH keypair can be changed, and the user can access the Instance by using the new keypair. + +#. Log in to the CloudStack UI. + +#. In the left navigation bar, click Compute --> Instances. + +#. Choose the Instance. + +#. Click on Reset SSH Key Pair button the Instance. + + .. note:: The Instance must be in a Stopped state. + +#. Select the SSH Key Pair(s) to add to instance + +.. note:: This can also be performed via API: ``resetSSHKeyForVirtualMachine``: Resets the assigned SSH keypair for an Instance. .. include:: virtual_machines/user-data.rst @@ -1371,39 +1637,54 @@ CloudStack meet the intensive graphical processing requirement by means of the high computation power of GPU/vGPU, and CloudStack users can run multimedia rich applications, such as Auto-CAD, that they otherwise enjoy at their desk on a virtualized environment. -CloudStack leverages the XenServer support for NVIDIA GRID Kepler 1 and 2 series -to run GPU/vGPU enabled Instances. NVIDIA GRID cards allows sharing a single GPU cards -among multiple Instances by creating vGPUs for each Instance. With vGPU technology, the -graphics commands from each Instance are passed directly to the underlying dedicated -GPU, without the intervention of the hypervisor. This allows the GPU hardware -to be time-sliced and shared across multiple Instances. XenServer hosts use the GPU -cards in following ways: - -**GPU passthrough**: GPU passthrough represents a physical GPU which can be + +For KVM, CloudStack leverages libvirt's PCI passthrough feature to assign a +physical GPU to a guest Instance. For vGPU profiles, depending on the vGPU type, +CloudStack uses mediated devices or Virtual Functions(VF) to assign a virtual +GPU to a guest Instance. It's the responsibility of the operator to ensure that +GPU devices are in correct state and are available for use on the host. If the +operator wants to use vGPU profiles, they need to ensure that the vGPU type is +supported by the host and has been created on the host. + +For XenServer, CloudStack leverages the XenServer support for NVIDIA GRID +Kepler 1 and 2 series to run GPU/vGPU enabled Instances. + +Some NVIDIA cards allow sharing a single GPU card among multiple Instances by +creating vGPUs for each Instance. With vGPU technology, the graphics commands +from each Instance are passed directly to the underlying dedicated GPU, without +the intervention of the hypervisor. This allows the GPU hardware to be +time-sliced and shared across multiple Instances. The GPU cards are used in the +following ways: + +**passthrough**: GPU passthrough represents a physical GPU which can be directly assigned to an Instance. GPU passthrough can be used on a hypervisor alongside GRID vGPU, with some restrictions: A GRID physical GPU can either host GRID vGPUs or be used as passthrough, but not both at the same time. -**GRID vGPU**: GRID vGPU enables multiple Instances to share a single physical GPU. +**vGPU**: vGPU enables multiple Instances to share a single physical GPU. The Instances run an NVIDIA driver stack and get direct access to the GPU. GRID physical GPUs are capable of supporting multiple virtual GPU devices (vGPUs) -that can be assigned directly to guest Instances. Guest Instances use GRID virtual GPUs in +that can be assigned directly to guest Instances. Guest Instances use vGPUs in the same manner as a physical GPU that has been passed through by the hypervisor: an NVIDIA driver loaded in the guest Instance provides direct access to the GPU for performance-critical fast paths, and a paravirtualized interface to -the GRID Virtual GPU Manager, which is used for nonperformant management -operations. NVIDIA GRID Virtual GPU Manager for XenServer runs in dom0. +the NVIDIA vGPU Manager, which is used for nonperformant management +operations. NVIDIA vGPU Manager for XenServer runs in dom0. + CloudStack provides you with the following capabilities: -- Adding XenServer hosts with GPU/vGPU capability provisioned by the administrator. +- Adding hosts with GPU/vGPU capability provisioned by the administrator. + (Supports only XenServer & KVM) -- Creating a Compute Offering with GPU/vGPU capability. +- Creating a Compute Offering with GPU/vGPU capability. For KVM, it is possible to + specify the GPU count and whether to use the GPU for display. For XenServer, + GPU count is simply ignored and only one device is assigned to the guest Instance. - Deploying an Instance with GPU/vGPU capability. - Destroying an Instance with GPU/vGPU capability. -- Allowing an user to add GPU/vGPU support to an Instance without GPU/vGPU support by +- Allowing a user to add GPU/vGPU support to an Instance without GPU/vGPU support by changing the Service Offering and vice-versa. - Migrating Instances (cold migration) with GPU/vGPU capability. @@ -1413,57 +1694,78 @@ CloudStack provides you with the following capabilities: - Querying hosts to obtain information about the GPU cards, supported vGPU types in case of GRID cards, and capacity of the cards. +- Limit an account/domain/project to use a certain number of GPUs. + Prerequisites and System Requirements ------------------------------------- Before proceeding, ensure that you have these prerequisites: -- The vGPU-enabled XenServer 6.2 and later versions. - For more information, see `Citrix 3D Graphics Pack `_. +- CloudStack does not restrict the deployment of GPU-enabled Instances with + guest OS types that are not supported for GPU/vGPU functionality. The deployment + would be successful and a GPU/vGPU will also get allocated for Instances; however, + due to missing guest OS drivers, Instance would not be able to leverage GPU resources. + Therefore, it is recommended to use GPU-enabled service offering only with supported guest OS. -- GPU/vPGU functionality is supported for following HVM guest operating systems: - For more information, see `Citrix 3D Graphics Pack `_. +- NVIDIA GRID K1 (16 GiB video RAM) AND K2 (8 GiB of video RAM) cards supports + homogeneous virtual GPUs, implies that at any given time, the vGPUs resident on + a single physical GPU must be all of the same type. However, this restriction + doesn't extend across physical GPUs on the same card. Each physical GPU on a + K1 or K2 may host different types of virtual GPU at the same time. For example, + a GRID K2 card has two physical GPUs, and supports four types of virtual GPU; + GRID K200, GRID K220Q, GRID K240Q, AND GRID K260Q. -- Windows 7 (x86 and x64) +- NVIDIA driver must be installed to enable vGPU operation as for a physical NVIDIA GPU. -- Windows Server 2008 R2 -- Windows Server 2012 +For XenServer: -- Windows 8 (x86 and x64) +- the vGPU-enabled XenServer 6.2 and later versions. + For more information, see `Citrix 3D Graphics Pack `_. -- Windows 8.1 ("Blue") (x86 and x64) +- GPU/vGPU functionality is supported for following HVM guest operating systems: + For more information, see `Citrix 3D Graphics Pack `_. -- Windows Server 2012 R2 (server equivalent of "Blue") + - Windows 7 (x86 and x64) -- CloudStack does not restrict the deployment of GPU-enabled Instances with guest OS types that are not supported by XenServer for GPU/vGPU functionality. The deployment would be successful and a GPU/vGPU will also get allocated for Instances; however, due to missing guest OS drivers, Instance would not be able to leverage GPU resources. Therefore, it is recommended to use GPU-enabled service offering only with supported guest OS. + - Windows Server 2008 R2 -- NVIDIA GRID K1 (16 GiB video RAM) AND K2 (8 GiB of video RAM) cards supports homogeneous virtual GPUs, implies that at any given time, the vGPUs resident on a single physical GPU must be all of the same type. However, this restriction doesn't extend across physical GPUs on the same card. Each physical GPU on a K1 or K2 may host different types of virtual GPU at the same time. For example, a GRID K2 card has two physical GPUs, and supports four types of virtual GPU; GRID K200, GRID K220Q, GRID K240Q, AND GRID K260Q. + - Windows Server 2012 -- NVIDIA driver must be installed to enable vGPU operation as for a physical NVIDIA GPU. + - Windows 8 (x86 and x64) -- XenServer tools are installed in the Instance to get maximum performance on XenServer, regardless of type of vGPU you are using. Without the optimized networking and storage drivers that the XenServer tools provide, remote graphics applications running on GRID vGPU will not deliver maximum performance. + - Windows 8.1 ("Blue") (x86 and x64) -- To deliver high frames from multiple heads on vGPU, install XenDesktop with HDX 3D Pro remote graphics. + - Windows Server 2012 R2 (server equivalent of "Blue") -Before continuing with configuration, consider the following: +- XenServer tools are installed in the Instance to get maximum performance on + XenServer, regardless of type of vGPU you are using. Without the optimized + networking and storage drivers that the XenServer tools provide, remote + graphics applications running on GRID vGPU will not deliver maximum performance. + +- To deliver high frames from multiple heads on vGPU, install XenDesktop with + HDX 3D Pro remote graphics. -- Deploying Instances GPU/vGPU capability is not supported if hosts are not available with enough GPU capacity. +Before continuing with configuration, consider the following: -- A Service Offering cannot be created with the GPU values that are not supported by CloudStack UI. However, you can make an API call to achieve this. +- Deploying Instances with GPU/vGPU capability is not supported if hosts are + not available with enough GPU capacity. -- Dynamic scaling is not supported. However, you can choose to deploy an Instance without GPU support, and at a later point, you can change the system offering to upgrade to the one with vGPU. You can achieve this by offline upgrade: stop the Instance, upgrade the Service Offering to the one with vGPU, then start the Instance. +- Dynamic scaling is not supported. However, you can choose to deploy an + Instance without GPU support, and at a later point, you can change the system + offering to upgrade to the one with vGPU. You can achieve this by offline + upgrade: stop the Instance, upgrade the Service Offering to the one with + vGPU, then start the Instance. - Live migration of GPU/vGPU enabled Instance is not supported. -- Limiting GPU resources per Account/Domain is not supported. - - Disabling GPU at Cluster level is not supported. - Notification thresholds for GPU resource is not supported. -Supported GPU Devices ---------------------- + +Supported GPU Devices for XenServer +----------------------------------- .. cssclass:: table-striped table-bordered table-hover @@ -1488,14 +1790,17 @@ GPU/vGPU Assignment Workflow CloudStack follows the below sequence of operations to provide GPU/vGPU support for Instances: -#. Ensure that XenServer host is ready with GPU installed and configured. - For more information, see `Citrix 3D Graphics Pack `_. +#. Ensure that the host is ready with GPU installed and configured. + + - For more information for XenServer, see `XenServer Documentation `_. + + - For KVM, to configure the host see how to `discover GPU Devices on Hosts here `_. #. Add the host to CloudStack. CloudStack checks if the host is GPU-enabled or not. CloudStack queries the host and detect if it's GPU enabled. #. Create a compute offering with GPU/vGPU support: - For more information, see `Creating a New Compute Offering <#creating-a-new-compute-offering>`__.. + For more information, see `Creating a New Compute Offering `_. #. Continue with any of the following operations: @@ -1612,6 +1917,16 @@ Instance disk statistics are shown in the Metrics tab in an individual volume vi :alt: List of possible VMware NIC models .. |vm-settings-values-dropdown-KVM-list.png| image:: /_static/images/vm-settings-values-dropdown-KVM-list.png :alt: List of possible KVM disk controllers +.. |vm-settings-kvm-guest-cpu-model.png| image:: /_static/images/vm-settings-kvm-guest-cpu-model.png + :alt: List of possible KVM guest CPU models +.. |vm-settings-uefi-secure.png| image:: /_static/images/vm-settings-uefi-secure.png + :alt: Set boot type to UEFI and mode to SECURE +.. |vm-settings-virtual-tpm-model-kvm.png| image:: /_static/images/vm-settings-virtual-tpm-model-kvm.png + :alt: List of TPM models for KVM +.. |vm-settings-virtual-tpm-version-kvm.png| image:: /_static/images/vm-settings-virtual-tpm-version-kvm.png + :alt: List of TPM versions for KVM +.. |vm-settings-virtual-tpm-enabled-vmware.png| image:: /_static/images/vm-settings-virtual-tpm-enabled-vmware.png + :alt: Enable vTPM or not for VMware .. |vm-metrics-ui.png| image:: /_static/images/vm-metrics-ui.png :alt: VM metrics UI .. |vm-disk-metrics-ui.png| image:: /_static/images/vm-disk-metrics-ui.png diff --git a/source/adminguide/virtual_machines/importing_unmanaging_vms.rst b/source/adminguide/virtual_machines/importing_unmanaging_vms.rst index 6c60150c5a..bc197da889 100644 --- a/source/adminguide/virtual_machines/importing_unmanaging_vms.rst +++ b/source/adminguide/virtual_machines/importing_unmanaging_vms.rst @@ -14,13 +14,13 @@ under the License. About Import Export Instances -------------------------- +----------------------------- For certain hypervisors, CloudStack supports importing of Instances from Managed Hosts, External Hosts, Local Storage and Shared Storage, into CloudStack. Manage or Unmanage Instances on Managed Hosts -------------------------- +--------------------------------------------- .. note:: This is currently only available for **vSphere** and **KVM** clusters. @@ -72,7 +72,7 @@ Listing unmanaged Instances --------------------------- Prerequisites to list unmanaged Instances (vSphere or KVM) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In order for CloudStack to list the Instances that are not managed by CloudStack on a host/cluster, the instances must exist on the hosts that are already part to the CloudStack. @@ -339,7 +339,22 @@ Unmanaging Instances Administrators can unmanage guest Instances from CloudStack. Once unmanaged, CloudStack can no longer monitor, control or administer the provisioning and orchestration-related operations on an Instance. -To unmanage a guest Instance, an administrator must either use the UI or invoke the unmanageVirtualMachine API passing the ID of the Instance to unmanage. The API has the following preconditions: +To unmanage a guest Instance, an administrator must either use the UI or invoke the unmanageVirtualMachine API passing the ID of the Instance to unmanage. + +.. code:: bash + + cmk unmanage virtualmachine id= + +The API supports the `hostid` parameter for stopped instances on the KVM hypervisor, allowing the domain XML to be persisted on the specified host. + +.. code:: bash + + cmk unmanage virtualmachine id= hostid= + +.. note:: + Instances with Config Drive cannot be unmanaged by default, as the Config Drive ISO will be removed during the unmanage operation. To unmanage such instances via the API, use the forced=true parameter. + +The API has the following preconditions: - The Instance must not be destroyed - The Instance state must be 'Running’ or ‘Stopped’ @@ -362,6 +377,23 @@ Preserving unmanaged Instance NICs The zone setting: unmanage.vm.preserve.nics can be used to preserve Instance NICs and its MAC addresses after unmanaging them. If set to true, the Instance NICs (and their MAC addresses) are preserved when unmanaging it. Otherwise, NICs are removed and MAC addresses can be reassigned. +Persistent KVM Domain XML for Unmanaged Instances +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Since 4.22, the domain XML of an Instance is made persistent when it is unmanaged from CloudStack. This allows the Instance to be managed directly outside of CloudStack using `virsh` or other libvirt tools. The domain XML will be stored in the directory `/etc/libvirt/qemu` on the relevant KVM host. + +Domain XML is taken from Instance but varies based on their state: + +- Running Instance + - The existing domain XML is retrieved from the Instance and persisted on the host where the Instance is running. +- Stopped Instance + - The domain XML is reconstructed from the Instance details available in the CloudStack database. + - The reconstructed domain XML is persisted on the last host where the Instance was running before it was stopped. If that host is no longer available, the domain XML is saved on any other available host within the cluster. + +.. note:: + It is recommended to unmanage Instances while they are in the **Running** state to ensure that the exact domain XML is preserved. When unmanaged in the **Stopped** state, some information may be lost due to reconstruction. + + Unmanaging Instance actions ~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -407,7 +439,8 @@ Unmanaging Instance actions - For the Instance being unmanaged: stopped and destroyed usage events (similar to the generated usage events when expunging an Instance), with types: ‘VM.STOP’ and ‘VM.DESTROY', unless the instance has been already stopped before being unmanaged and in this case only ‘VM.DESTROY' is generated. Import Instances from External Hosts -------------------------- +------------------------------------ + .. note:: This is currently only available for **KVM** hypervisor. External Host @@ -425,6 +458,10 @@ Prerequisites - Currently, it's supported to only use NFS and Local storage as the destination Primary Storage pools in CloudStack - Currently, only libvirt-based instances can be migrated +.. note:: + - Allocate a NIC to any instance without one immediately after importing it into CloudStack. + - Instances imported on a Config Drive network must be stopped and started after import to properly attach the Config Drive ISO. + listVmsForImport API ~~~~~~~~~~~~~~~~~~~~ @@ -504,7 +541,7 @@ choose the temporary storage location on the external host for the converted fil Same response as that of deployVirtualMachine API. Import Instances from Local/Shared Storage ----------------------------------------- +------------------------------------------ .. note:: This is currently only available for **KVM** hypervisor. @@ -540,7 +577,7 @@ The importVm API is utilized to create instances using QCOW2 file from an existi Same response as that of deployVirtualMachine API. Import Instances from Shared Storage -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The importVm API is utilized to create instances using QCOW2 file from an existing Shared Storage pool of a KVM cluster within the CloudStack infrastructure. Only NFS Storage Pool are supported. diff --git a/source/adminguide/virtual_machines/importing_vmware_vms_into_kvm.rst b/source/adminguide/virtual_machines/importing_vmware_vms_into_kvm.rst index c8d6b1822f..84848fed26 100644 --- a/source/adminguide/virtual_machines/importing_vmware_vms_into_kvm.rst +++ b/source/adminguide/virtual_machines/importing_vmware_vms_into_kvm.rst @@ -24,7 +24,11 @@ The virt-v2v output (progress) is logged in the CloudStack agent logs, to help a :: - virtv2v.verbose.enabled=true + dnf install virt-v2v + + echo "virtv2v.verbose.enabled=true" >> /etc/cloudstack/agent/agent.properties + + systemctl restart cloudstack-agent Installing virt-v2v on Ubuntu KVM hosts does not install nbdkit which is required in the conversion of VMware VCenter guests. To install it, please execute: @@ -62,12 +66,57 @@ You can also install the RPM manually from https://fedorapeople.org/groups/virt/ For Debian-based distributions: +Ubuntu don’t seem to ship the virtio-win package with drivers, which causes virt-v2v not to convert the VMWare Windows guests to virtio profiles. This could result in slow IDE drives and Intel E1000 NICs. As a workaround, we can follow the below steps to install the package from the RPM on all KVM hosts running the virt-v2v: + :: apt install virtio-win (if the package is not available, then manual steps will be required to install the virtio drivers for windows) + + wget https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.noarch.rpm + + # install “alien” which can convert rpms to debs + apt -y install alien + + # the conversion, can take a while + alien -d virtio-win.noarch.rpm + + # install the resulting deb + dpkg -i virtio-win*.deb + +In addition to this, we need to install the below package as well to avoid the error “virt-v2v: error: One of rhsrvany.exe or pvvxsvc.exe is missing in /usr/share/virt-tools“. + + :: + + wget -nd -O srvany.rpm https://kojipkgs.fedoraproject.org//packages/mingw-srvany/1.1/4.fc38/noarch/mingw32-srvany-1.1-4.fc38.noarch.rpm + + alien -d srvany.rpm + + dpkg -i *srvany*.deb + The OVF tool (ovftool) must be installed on the destination KVM hosts if the hosts should export VM files (OVF) from vCenter. If not, the management server exports them (the management server doesn't require ovftool installed). +Steps to install ovftool + +Download the ovftool from https://developer.broadcom.com/tools/open-virtualization-format-ovf-tool/latest + + :: + + unzip VMware-ovftool-4.6.3-24031167-lin.x86_64.zip -d /usr/local/ + + #create a soft link + + ln -s /usr/local/ovftool/ovftool /usr/local/bin/ovftool + +If you are hitting the following error when running ovftool, install the dependecy + +./ovftool.bin: error while loading shared libraries: libnsl.so.1: cannot open shared object file: No such file or directory + + :: + + dnf install libnsl + + Usage ----- diff --git a/source/adminguide/virtual_machines/user-data.rst b/source/adminguide/virtual_machines/user-data.rst index 1c715e1235..bce96b8256 100644 --- a/source/adminguide/virtual_machines/user-data.rst +++ b/source/adminguide/virtual_machines/user-data.rst @@ -14,43 +14,45 @@ under the License. -User-Data and Meta-Data ------------------------ +User Data and Metadata +---------------------- -Users can register userdata in CloudStack and refer the registered userdata while -deploying or editing or reset userdata on an instance. The userdata content can also be -directly provided while deploying the instance. Userdata content length can be up to 32kb. +Users can register User Data in CloudStack and refer the registered User Data while +deploying or editing or reset User Data on an instance. The User Data content can also be +directly provided while deploying the instance. User Data content length can be up to 32kb. -To register a new userdata: +Register Userdata + +To register a new User Data: #. Log in to the CloudStack UI. -#. In the left navigation bar, click Compute and then User Data. +#. In the left navigation bar, click Compute and then User Data Library. -#. Click Register a userdata. +#. Click Register User Data. #. In the dialog, make the following choices: - - **Name**: Any desired name for the userdata. + - **Name**: Any desired name for the User Data. - - **Userdata**: Plain userdata content. CloudStack UI does base64 encoding. + - **User Data**: Plain User Data content. CloudStack UI does base64 encoding. - - **Userdata parameters**: Comma separated list of variables which (if any) declared - in userdata content. + - **User Data parameters**: Comma separated list of variables which (if any) declared + in the User Data content. - - **Domain**: An optional domain for the userdata. + - **Domain**: An optional domain for the User Data. - - **Account**: An optional account for the userdata. + - **Account**: An optional account for the User Data. .. image:: /_static/images/register_userdata.png :width: 400px :align: center - :alt: Regiser userdata dialog box + :alt: Register User Data dialog box -If userdata content has variables declared in it, user can register the Userdata -with userdata parameters. +If User Data content has variables declared in it, user can register the User Data +with User Data parameters. -For example, if userdata content is like below having a custom variable "variable1" +For example, if User Data content is like below having a custom variable "variable1" .. code:: bash @@ -60,87 +62,87 @@ For example, if userdata content is like below having a custom variable "variabl - echo 'TestVariable {{ ds.meta_data.variable1 }}' >> /tmp/variable - echo 'Hostname {{ ds.meta_data.public_hostname }}' > /tmp/hostname -Userdata has to be registered with userdata parameter "variable1" like below +User Data has to be registered with the parameter "variable1" like below .. image:: /_static/images/register_userdata_with_variables.png :width: 400px :align: center - :alt: Regiser userdata with variables dialog box + :alt: Register User Data with variables dialog box -If the variables in userdata content are of a predefined metadata like "public_hostname" -or "instance_id", then userdata parameters should not declare these variables. That is +If the variables in User Data content are of a predefined metadata like "public_hostname" +or "instance_id", then User Data parameters should not declare these variables. That is the reason in the above example "public_hostname" is not declared. -There are three CloudStack APIs that can be used to provide user-data to instance: +There are three CloudStack APIs that can be used to provide User Data to instance: deployVirtualMachine, updateVirtualMachine and resetUserDataForVirtualMachine. These APIs accepts parameters ``userdataid`` and ``userdatadetails``. userdatadetails is to specify the custom values for the variables which are declared -in userdata in a key value parameter map details. +in User Data in a key value parameter map details. .. image:: /_static/images/deployvm_userdata.png :width: 400px :align: center - :alt: Provide userdata id or userdata text dialog box + :alt: Provide User Data id or User Data text dialog box -If the userdata contains variables that are declared during registration then those values +If the User Data contains variables that are declared during registration then those values has to be specified like below, .. image:: /_static/images/deployvm_userdata_with_variables.png :width: 400px :align: center - :alt: Provide userdata id or userdata with variables text dialog box + :alt: Provide userdata id or User Data with variables text dialog box -These details will be saved as meta-data file(s) in both config drive and virtual router, -which in turn support jinja based instance meta-data feature of cloud-init, +These details will be saved as metadata file(s) in both config drive and virtual router, +which in turn support jinja based instance metadata feature of cloud-init, refer to https://cloudinit.readthedocs.io/en/latest/topics/instancedata.html. -These APIs also support the parameter ``userdata=`` to provide the userdata content +These APIs also support the parameter ``userdata=`` to provide the User Data content directly. The value for this parameter must be a `base64 `_-encoded multi-part MIME message. See further below for an example of what this should look like. -The registered UserData can be linked to a Template or ISO on registration/upload/editing -using linkUserDataToTemplate API. The same API can be used to unlink the mapping of userdata and Template. +The registered User Data can be linked to a Template or ISO on registration/upload/editing +using linkUserDataToTemplate API. The same API can be used to unlink the mapping of User Data and Template. -While linking userData to a Template/ISO userdata override policy has to be specified. +While linking User Data to a Template/ISO User Data override policy has to be specified. Following are the override policies available: -Allow Override: Allow users to override UserData for the Template during instance deployment or on reset. +Allow Override: Allow users to override User Data for the Template during instance deployment or on reset. This is the default override policy if not specified -Deny Override: Override of UserData isn’t allowed during instance deployment or on reset. +Deny Override: Override of User Data isn’t allowed during instance deployment or on reset. -Append Only: Don’t allow users to override linked UserData but allow users to pass userdata content - or ID that should be appended to the linked UserData of the Template. When the users pass userdata it is appended to the Template userdata in the form of a multipart MIME message +Append Only: Don’t allow users to override linked User Data but allow users to pass User Data content + or ID that should be appended to the linked User Data of the Template. When the users pass User Data it is appended to the Template User Data in the form of a multipart MIME message This is how it looks like in Template/ISO register/upload/edit forms. .. image:: /_static/images/userdata_template_link.png :width: 400px :align: center - :alt: Linking userdata to template/ISO + :alt: Linking User Data to template/ISO Based on these override policies, "Add Instance" UI form provides relevant options to either -override or append. If it is "Deny Override" then "Add Instance" will not allow adding user specific userdata +override or append. If it is "Deny Override" then "Add Instance" will not allow adding user specific User Data -Storing and accessing userdata -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Storing and accessing User Data +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ HTTP GET parameters are limited to a length of 2048 bytes, but it is possible -to store larger user-data blobs by sending them in the body via HTTP POST +to store larger User Data blobs by sending them in the body via HTTP POST instead of GET. -From inside the instance, the user-data is accessible via the virtual router, -if the UserData service is enabled on the network offering. +From inside the instance, the User Data is accessible via the virtual router, +if the User Data service is enabled on the network offering. If you are using the DNS service of the virtual router, a special hostname -called `data-server.` is provided, that will point to a valid user-data server. +called `data-server.` is provided, that will point to a valid User Data server. Otherwise you have to determine the virtual router address via other means, such as DHCP leases. Be careful to scan all routers if you have multiple -networks attached to an instance, in case not all of them have the UserData service +networks attached to an instance, in case not all of them have the User Data service enabled. -User-data is available from the URL ``http://data-server./latest/user-data`` +User Data is available from the URL ``http://data-server./latest/user-data`` and can be fetched via curl or other HTTP client. It is also possible to fetch instance metadata from the same service, via the URL @@ -163,12 +165,40 @@ For metadata type, use one of the following: - ``instance-id``. The instance name of the instance +Resetting UserData +------------------ + +#. Log in to the CloudStack UI. + +#. In the left navigation bar, click Compute --> Instances. + +#. Choose the Instance to reset userdata. + + .. note:: The Instance must be in a stopped state. + +#. Click on Reset Userdata button on the Instance. + + .. note:: If the instance already has userdata applied to it, an extra dialog box will appear. + + - ``Disabled`` (Default) - This will reset the userdata using the already configured values. Skip the next step. + + - ``Enabled`` - Choose this to override the already configured values. Continue to next step. + +#. In the dialog box, choose one of the following: + + - Stored Userdata: Choose another userdata entry. + + .. note:: Stored Userdata is created under Instances --> User Data + + - Manual Userdata Entry: Manually provide userdata for this Instance + +.. note:: This can also be performed via API: ``resetUserDataForVirtualMachine``: Resets the UserData for virtual machine. Determining the virtual router address without DNS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If can't or don't want to use the virtual router's DNS service, it's also -possible to determine the user-data server from a DHCP lease. +possible to determine the User Data server from a DHCP lease. #. Run the following command to find the virtual router. @@ -176,18 +206,18 @@ possible to determine the user-data server from a DHCP lease. # cat /var/lib/dhcp/dhclient.eth0.leases | grep dhcp-server-identifier | tail -1 -#. Access the data-server via its IP +#. Access the User Data server via its IP .. code:: bash # curl http://10.1.1.1/latest/user-data -Fetching user-data via the API +Fetching User Data via the API ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -User-data is not included with the normal instance state for historic reasons. -To read out the base64-encoded user-data via the API, use the `getVirtualMachineUserData `_ +User Data is not included with the normal instance state for historic reasons. +To read out the base64-encoded User Data via the API, use the `getVirtualMachineUserData `_ API call: .. code:: bash @@ -199,7 +229,7 @@ Using cloud-init ~~~~~~~~~~~~~~~~ `cloud-init `_ can be used to access -and interpret user-data inside Instances. If you install cloud-init into your +and interpret User Data inside Instances. If you install cloud-init into your Instance Templates, it will allow you to store SSH keys and user passwords on each new Instance deployment automatically (:ref:`adding-password-management-to-templates` and `using ssh keys `_). @@ -219,13 +249,13 @@ Instance deployment automatically (:ref:`adding-password-management-to-templates For more information, see `Cloud-init integration `_ -Custom user-data example +Custom User Data example ~~~~~~~~~~~~~~~~~~~~~~~~ This example uses cloud-init to automatically update all OS packages on the first launch. -#. Register the following user-data in CloudStack. If APIs are used to register userdata or to - provide direct userdata text then userdata needs to be wrapped into a multi-part MIME message +#. Register the following User Data in CloudStack. If APIs are used to register User Data or to + provide direct User Data text then User Data needs to be wrapped into a multi-part MIME message and encoded in base64: .. code:: bash @@ -250,8 +280,8 @@ This example uses cloud-init to automatically update all OS packages on the firs package_upgrade: true EOF -#. Deploy an instance with this user-data either by providing the UUID of the registerd userdata - or by providing base64 encoded userdata: +#. Deploy an instance with this User Data either by providing the UUID of the registerd User Data + or by providing base64 encoded User Data: .. code:: bash @@ -259,9 +289,9 @@ This example uses cloud-init to automatically update all OS packages on the firs .. code:: bash - cmk deploy virtualmachine name=..... userdataid= + cmk deploy virtualmachine name=..... userdataid= -.. note:: When using multipart userdata, cloud-init expects userdata format of one particular type only in one multipart section. +.. note:: When using multipart User Data, cloud-init expects User Data format of one particular type only in one multipart section. Disclaimer ~~~~~~~~~~ diff --git a/source/adminguide/vm_volume_allocators.rst b/source/adminguide/vm_volume_allocators.rst new file mode 100644 index 0000000000..c15ebd8796 --- /dev/null +++ b/source/adminguide/vm_volume_allocators.rst @@ -0,0 +1,139 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +VM and Volume Allocators +====================== + +Each Instance must be deployed in suitable deployment destination. Deployment destination is set of recommended resources that you can choose for deploying an instance. +A deployment planner provides the suitable deployment destination that is required for a instance. + +Allocators are used to figure out suitable host and storage pools for deploying the Instance: + +#. VM Allocator +#. Volume Allocator + + +VM Allocator +------------ + +VM allocator returns suitable hosts in the cluster where you can deploy the given instance. Various parameters e.g. CPU and +RAM capacity, current state of the host are considered to decide the host. + +VM allocator supports following algorithms to select a host in the cluster: + +.. cssclass:: table-striped table-bordered table-hover + +============================= ======================== +Algorithm Description +============================= ======================== +random Selects a host in the cluster randomly. +firstfit Selects the first available host in the cluster. +userdispersing Selects the host running least instances for the account, aims to spread out the instances belonging to a single user account. +userconcentratedpod_random Selects the host randomly aiming to keep all instances belonging to single user account in same pod. +userconcentratedpod_firstfit Selects the first suitable host from a pod running most instances for the user. +firstfitleastconsumed Selects the first host after sorting eligible hosts by least allocated resources (such as CPU or RAM). +============================= ======================== + +Use global configuration parameter: +**vm.allocation.algorithm** to specify the algorithm that the Allocator must use. By default it is configured to use "random" algorithm. + + +Volume Allocator +-------------- + +Volume allocator returns suitable storage pools available in the cluster where volumes of the given instance can be created. +To decide the storage pools, it considers factors such as disk offering, storage capacity, availability scope etc. + +Volume allocator supports following algorithms to select a host in the cluster: + +.. cssclass:: table-striped table-bordered table-hover + +============================= ======================== +Algorithm Description +============================= ======================== +random Selects a storage pool in the cluster randomly. +firstfit Selects the first available storage pool in the cluster. +userdispersing Selects the storage pool running least instances for the account, aims to spread out the instances belonging to a single user account. +userconcentratedpod_random Selects the storage pool randomly aiming to keep all instances belonging to single user account in same pod. +userconcentratedpod_firstfit Selects the first suitable pool from a pod running most instances for the user. +firstfitleastconsumed Selects the first storage pool after sorting eligible pools by least allocated resources. +============================= ======================== + +.. note:: + Since 4.21.0, dedicated named configuration is provided for admin to configure volume allocation algorithm. + + **volume.allocation.algorithm**: random (default) + + Before 4.21.0, **vm.allocation.algorithm** was used for both VM as well as Volume allocation. + + +Cluster, Pod and Host Ordering +============================== + +Overview +-------- + +`The host.capacityType.to.order.clusters` is a global advanced configuration parameter in Apache CloudStack that controls how pods, clusters, +and hosts are prioritized during Instance deployment, based on available CPU, RAM, or a weighted combination of both in Host. +This configuration is specifically leveraged when the VM allocation algorithm is set to `firstfitleastconsumed`. + +Configuration +------------- + +Key: `host.capacityType.to.order.clusters` + +.. cssclass:: table-striped table-bordered table-hover + +========= ======================== +Value Behavior +========= ======================== +CPU Prioritizes resources with the most available CPU. +RAM Prioritizes resources with the most available memory. +COMBINED Uses a weighted formula to balance CPU and RAM in prioritization. +========= ======================== + +**Additional Configuration for COMBINED** + +- Key: `host.capacityType.to.order.clusters.cputomemoryweight` +- Type: Float(0.0 to 1.0) +- Default: 0.5 +- Purpose: Determines the weight of CPU vs RAM in the combined capacity calculation. + +Capacity calculation formula: + +.. code:: bash + + capacity = (host.capacityType.to.order.clusters.cputomemoryweight * CPU) + ((1 - host.capacityType.to.order.clusters.cputomemoryweight) * RAM) + + +This allows flexible tuning of prioritization depending on workload sensitivity. + +Example Configuration +--------------------- + +.. code:: bash + + host.capacityType.to.order.clusters: COMBINED + host.capacityType.to.order.clusters.cputomemoryweight: 0.7 + +Above config prioritizes CPU at 70% weight and RAM at 30% when ranking pods, clusters, and hosts. + +.. note:: + - `host.capacityType.to.order.clusters` is only respected for host ordering when: + .. code:: bash + + vm.allocation.algorithm: firstfitleastconsumed + - When using COMBINED, make sure to tune cpu.to.memory.capacity.weight to reflect your environment’s resource constraints and workload profiles. diff --git a/source/conceptsandterminology/concepts.rst b/source/conceptsandterminology/concepts.rst index a0627fbd70..f621ffaa6d 100644 --- a/source/conceptsandterminology/concepts.rst +++ b/source/conceptsandterminology/concepts.rst @@ -174,7 +174,7 @@ Resources within the cloud are managed as follows: - Pods: A pod is usually a rack, or row of racks that includes a layer-2 switch and one or more clusters. -- Clusters: A cluster consists of one or more homogenous hosts and primary +- Clusters: A cluster consists of one or more homogeneous hosts and primary storage. - Host: A single compute node within a cluster; often a hypervisor. diff --git a/source/conceptsandterminology/index.rst b/source/conceptsandterminology/index.rst index f29e29478d..4402fdf847 100644 --- a/source/conceptsandterminology/index.rst +++ b/source/conceptsandterminology/index.rst @@ -37,6 +37,13 @@ Concepts and Terminology .. architecture: +Object Types in CloudStack +------------------------ +.. toctree:: + :maxdepth: 2 + + object_types + Choosing a Deployment Architecture ---------------------------------- .. toctree:: diff --git a/source/conceptsandterminology/locale/pot/administration_guide.pot b/source/conceptsandterminology/locale/pot/administration_guide.pot index 6610222d29..19f84e4f2d 100644 --- a/source/conceptsandterminology/locale/pot/administration_guide.pot +++ b/source/conceptsandterminology/locale/pot/administration_guide.pot @@ -779,7 +779,7 @@ msgstr "" #: ../../administration_guide.rst:331 # 3748d1e9df464087a1ffe1ff96240883 -msgid "Then you may power down the Host, re-use its IP address, re-install it, etc" +msgid "Then you may power down the Host, reuse its IP address, re-install it, etc" msgstr "" #: ../../administration_guide.rst:334 @@ -995,7 +995,7 @@ msgstr "" #: ../../administration_guide.rst:434 # 0e804d9f17db4c8a981a54fd41556317 -msgid "Fill in your desired over-provisioning multipliers in the fields CPU overcommit factor and RAM overcommit factor. The value which is intially shown in these fields is the default value inherited from the global configuration settings." +msgid "Fill in your desired over-provisioning multipliers in the fields CPU overcommit factor and RAM overcommit factor. The value which is initially shown in these fields is the default value inherited from the global configuration settings." msgstr "" #: ../../administration_guide.rst:437 diff --git a/source/conceptsandterminology/locale/pot/concepts.pot b/source/conceptsandterminology/locale/pot/concepts.pot index de31e099db..874ba784c0 100644 --- a/source/conceptsandterminology/locale/pot/concepts.pot +++ b/source/conceptsandterminology/locale/pot/concepts.pot @@ -248,7 +248,7 @@ msgstr "" #: ../../concepts.rst:134 # d33af50f42ee45deb987f9d2ade53d3b -msgid "Clusters: A cluster consists of one or more homogenous hosts and primary storage." +msgid "Clusters: A cluster consists of one or more homogeneous hosts and primary storage." msgstr "" #: ../../concepts.rst:135 diff --git a/source/conceptsandterminology/locale/pot/dev.pot b/source/conceptsandterminology/locale/pot/dev.pot index b83641edcd..a75b00a1cc 100644 --- a/source/conceptsandterminology/locale/pot/dev.pot +++ b/source/conceptsandterminology/locale/pot/dev.pot @@ -185,7 +185,7 @@ msgstr "" #: ../../dev.rst:136 # d443f5ac0cce419f98b4469aa4c74efc -msgid "To show how to sign a request, we will re-use the previous example." +msgid "To show how to sign a request, we will reuse the previous example." msgstr "" #: ../../dev.rst:140 diff --git a/source/conceptsandterminology/locale/pot/developer_guide.pot b/source/conceptsandterminology/locale/pot/developer_guide.pot index 0ec5453913..7dfd0042fc 100644 --- a/source/conceptsandterminology/locale/pot/developer_guide.pot +++ b/source/conceptsandterminology/locale/pot/developer_guide.pot @@ -323,7 +323,7 @@ msgstr "" #: ../../developer_guide.rst:334 # d99c1e63a66443539d663a0cba7beca0 -msgid "The Installing from source section will only get you to the point of runnign the management server, it does not get you any hypervisors. The simulator section gets you a simulated datacenter for testing. With DevCloud you can run at least one hypervisor and add it to your management server the way you would a real physical machine." +msgid "The Installing from source section will only get you to the point of running the management server, it does not get you any hypervisors. The simulator section gets you a simulated datacenter for testing. With DevCloud you can run at least one hypervisor and add it to your management server the way you would a real physical machine." msgstr "" #: ../../developer_guide.rst:340 @@ -443,12 +443,12 @@ msgstr "" #: ../../developer_guide.rst:460 # 7c104d4cd0fe475e863b91f53449a5c5 -msgid "The CloudStack API is a query based API using http that return results in XML or JSON. It is used to implement the default web UI. This API is not a standard like `OGF OCCI `__ or `DMTF CIMI `__ but is easy to learn. Mapping exists between the AWS API and the CloudStack API as will be seen in the next section. Recently a Google Compute Engine interface was also developed that maps the GCE REST API to the CloudStack API described here. The API `docs `__ are a good start to learn the extent of the API. Multiple clients exist on `GitHub `__ to use this API, you should be able to find one in your favorite language. The reference documentation for the API and changes that might occur from version to version is availble `on-line `__. This short section is aimed at providing a quick summary to give you a base understanding of how to use this API. As a quick start, a good way to explore the API is to navigate the dashboard with a firebug console (or similar developer console) to study the queries." +msgid "The CloudStack API is a query based API using http that return results in XML or JSON. It is used to implement the default web UI. This API is not a standard like `OGF OCCI `__ or `DMTF CIMI `__ but is easy to learn. Mapping exists between the AWS API and the CloudStack API as will be seen in the next section. Recently a Google Compute Engine interface was also developed that maps the GCE REST API to the CloudStack API described here. The API `docs `__ are a good start to learn the extent of the API. Multiple clients exist on `GitHub `__ to use this API, you should be able to find one in your favorite language. The reference documentation for the API and changes that might occur from version to version is available `on-line `__. This short section is aimed at providing a quick summary to give you a base understanding of how to use this API. As a quick start, a good way to explore the API is to navigate the dashboard with a firebug console (or similar developer console) to study the queries." msgstr "" #: ../../developer_guide.rst:481 # 0bcb8dd851254f9b9b0240917b405d84 -msgid "In a succint statement, the CloudStack query API can be used via http GET requests made against your cloud endpoint (e.g http://localhost:8080/client/api). The API name is passed using the ``command`` key and the various parameters for this API call are passed as key value pairs. The request is signed using the access key and secret key of the user making the call. Some calls are synchronous while some are asynchronous, this is documented in the API `docs `__. Asynchronous calls return a ``jobid``, the status and result of a job can be queried with the ``queryAsyncJobResult`` call. Let's get started and give an example of calling the ``listUsers`` API in Python." +msgid "In a succinct statement, the CloudStack query API can be used via http GET requests made against your cloud endpoint (e.g http://localhost:8080/client/api). The API name is passed using the ``command`` key and the various parameters for this API call are passed as key value pairs. The request is signed using the access key and secret key of the user making the call. Some calls are synchronous while some are asynchronous, this is documented in the API `docs `__. Asynchronous calls return a ``jobid``, the status and result of a job can be queried with the ``queryAsyncJobResult`` call. Let's get started and give an example of calling the ``listUsers`` API in Python." msgstr "" #: ../../developer_guide.rst:493 @@ -458,7 +458,7 @@ msgstr "" #: ../../developer_guide.rst:504 # f06d2f79776845b69c69945a988dc02d -msgid "Open a Python shell and import the basic modules necessary to make the request. Do note that this request could be made many different ways, this is just a low level example. The ``urllib*`` modules are used to make the http request and do url encoding. The ``hashlib`` module gives us the sha1 hash function. It used to geenrate the ``hmac`` (Keyed Hashing for Message Authentication) using the secretkey. The result is encoded using the ``base64`` module." +msgid "Open a Python shell and import the basic modules necessary to make the request. Do note that this request could be made many different ways, this is just a low level example. The ``urllib*`` modules are used to make the http request and do url encoding. The ``hashlib`` module gives us the sha1 hash function. It used to generate the ``hmac`` (Keyed Hashing for Message Authentication) using the secretkey. The result is encoded using the ``base64`` module." msgstr "" #: ../../developer_guide.rst:524 @@ -488,7 +488,7 @@ msgstr "" #: ../../developer_guide.rst:598 # 4bf1c04a89934aca9d24a5a585888739 -msgid "While the native CloudStack API is not a standard, CloudStack provides a AWS EC2 compatible interface. It has the great advantage that existing tools written with EC2 libraries can be re-used against a CloudStack based cloud. In the installation books we described how to run this interface from installing packages. In this section we show you how to compile the interface with ``maven`` and test it with Python boto module." +msgid "While the native CloudStack API is not a standard, CloudStack provides a AWS EC2 compatible interface. It has the great advantage that existing tools written with EC2 libraries can be reused against a CloudStack based cloud. In the installation books we described how to run this interface from installing packages. In this section we show you how to compile the interface with ``maven`` and test it with Python boto module." msgstr "" #: ../../developer_guide.rst:606 diff --git a/source/conceptsandterminology/locale/pot/networking.pot b/source/conceptsandterminology/locale/pot/networking.pot index edb353bc1d..8655112ad7 100644 --- a/source/conceptsandterminology/locale/pot/networking.pot +++ b/source/conceptsandterminology/locale/pot/networking.pot @@ -744,7 +744,7 @@ msgstr "" #: ../../networking/nicira-plugin.rst:7 # 0c134c3d04de4ba49f31e0c3f0108144 -msgid "The Nicira NVP plugin adds Nicira NVP as one of the available SDN implementations in CloudStack. With the plugin an exisiting Nicira NVP setup can be used by CloudStack to implement isolated guest networks and to provide additional services like routing and NAT." +msgid "The Nicira NVP plugin adds Nicira NVP as one of the available SDN implementations in CloudStack. With the plugin an existing Nicira NVP setup can be used by CloudStack to implement isolated guest networks and to provide additional services like routing and NAT." msgstr "" #: ../../networking/nicira-plugin.rst:13 @@ -1810,7 +1810,7 @@ msgstr "" #: ../../networking/vxlan.rst:152 # 6856ea7ca74549fb91a97823fda39f40 -msgid "This plugin requires an IPv4 address on the KVM host to terminate and originate VXLAN traffic. The address should be assinged to a physical interface or a bridge interface bound to a physical interface. Both a private address or a public address are fine for the purpose. It is not required to be in the same subnet for all hypervisors in a zone, but they should be able to reach each other via IP multicast with UDP/8472 port. A name of a physical interface or a name of a bridge interface bound to a physical interface can be used as a traffic label. Physical interface name fits for almost all cases, but if physical interface name differs per host, you may use a bridge to set a same name. If you would like to use a bridge name as a traffic label, you may create a bridge in this way." +msgid "This plugin requires an IPv4 address on the KVM host to terminate and originate VXLAN traffic. The address should be assigned to a physical interface or a bridge interface bound to a physical interface. Both a private address or a public address are fine for the purpose. It is not required to be in the same subnet for all hypervisors in a zone, but they should be able to reach each other via IP multicast with UDP/8472 port. A name of a physical interface or a name of a bridge interface bound to a physical interface can be used as a traffic label. Physical interface name fits for almost all cases, but if physical interface name differs per host, you may use a bridge to set a same name. If you would like to use a bridge name as a traffic label, you may create a bridge in this way." msgstr "" #: ../../networking/vxlan.rst:165 @@ -1866,7 +1866,7 @@ msgstr "" #: ../../networking/vxlan.rst:298 # 494b6216726d4b41ac1143c03c93ede2 -msgid "These iptable settings are not persistent accross reboots, we have to save them first." +msgid "These iptable settings are not persistent across reboots, we have to save them first." msgstr "" #: ../../networking/vxlan.rst:306 diff --git a/source/conceptsandterminology/network_setup.rst b/source/conceptsandterminology/network_setup.rst index 467130a270..f5576af969 100644 --- a/source/conceptsandterminology/network_setup.rst +++ b/source/conceptsandterminology/network_setup.rst @@ -55,7 +55,7 @@ VPN support No Yes Port forwarding Physical Physical and Virtual 1:1 NAT Physical Physical and Virtual Source NAT No Physical and Virtual -Userdata Yes Yes +User data Yes Yes Network usage monitoring sFlow / netFlow at physical router Hypervisor and Virtual Router DNS and DHCP Yes Yes ========================= =================================== =============================== @@ -668,7 +668,7 @@ offering as follows: #. Log in to the CloudStack UI as a user or admin. -#. Naviagte to Service Offerings and choose Network OfferingPublic IP Addresses. +#. Navigate to Service Offerings and choose Network OfferingPublic IP Addresses. #. Click Add Network Offering. diff --git a/source/conceptsandterminology/object_types.rst b/source/conceptsandterminology/object_types.rst new file mode 100644 index 0000000000..20fafd5a67 --- /dev/null +++ b/source/conceptsandterminology/object_types.rst @@ -0,0 +1,59 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + + +All Object Types in Apache CloudStack +------------------------------------- + +.. cssclass:: table-striped table-bordered table-hover + +========================= =================================== +Object Name Description +========================= =================================== + Account A CloudStack account is a group of users. An account is used to manage users and resources. Each resource is owned by an account. Resources can be shared between accounts within the same domain. + Affinity Group An affinity group is a way to group instances together on the same host or to keep them apart. Affinity groups are defined at the account level and can be applied to instances at the time of deployment. + Alert Alerts are used to notify administrators of system events. Alerts can be generated for various events + Cluster A cluster is a collection of hosts. A cluster contains hosts that are managed by the same hypervisor. A cluster is contained within a zone and can contain primary storage. + Disk Offering A disk offering defines the characteristics of a disk volume. A disk offering specifies the size of the disk volume and whether it is local or shared storage. + Domain A domain is a hierarchical administrative unit within CloudStack. Domains are used to partition the CloudStack environment into separate sections. Each domain can have its own administrators, users, and resources. Domains can be nested to create a hierarchy. + Event Events are used to track system activity. Events are generated for various actions taken by users and administrators. + Global Settings Global settings are configuration parameters that apply to the entire CloudStack environment. + Host A host is a physical server that runs the hypervisor software. Hosts are grouped into clusters and are contained within a zone. + Hypervisor A hypervisor is the software that enables virtualization. CloudStack supports several hypervisors, including KVM, XenServer, VMware, and Hyper-V. + Instance An Instance is a virtual machine that runs on a host. Historically they were called Virtual Machines, so CloudStack APIs are named after that. Instances are created from templates and can be managed by users and administrators. + IP Address An IP address is a unique identifier assigned to an instance or a network interface. IP addresses can be either public or private. + ISO Image An ISO image is a disk image that contains an operating system or other software. ISO images can be used to create instances or to install software on existing instances. + Load Balancer A load balancer is a device that distributes network traffic across multiple instances. Load balancers can be used to improve performance and availability. + Network A Network is a virtual network that connects instances and other resources. Networks can be either isolated or shared. + Network Offering A network offering defines the characteristics of a network. A network offering specifies the type of network, the services it provides, and the traffic types it supports. + Physical Network A physical network is a representation of the underlying physical network infrastructure. Physical networks can be used to define how virtual networks are mapped to physical networks. + Pod A pod is a collection of hosts within a zone. Pods are used to group hosts that are in the same physical location. + Primary Storage Primary storage is the storage that is used to store virtual machine disk volumes. Primary storage can be either local or shared storage. + Project A project is a way to group resources together for a specific purpose. Projects can be used to manage resources for a specific team or application. + Resource Tag Resource tags are labels that can be applied to resources to help organize and manage them. + Secondary Storage Secondary storage is the storage that is used to store templates, ISO images, and snapshots. Secondary storage is typically shared storage. + Security Group A security group is a virtual firewall that controls inbound and outbound traffic to instances. Security groups can be used to restrict access to instances based on IP address, port, and protocol. + Service Offering A service offering defines the characteristics of an instance. A service offering specifies the CPU, memory, and other resources that are allocated to an instance. + Snapshot A snapshot is a point-in-time copy of a disk volume. Snapshots can be used to back up data or to create new disk volumes. + SSH Key Pair An SSH key pair is a pair of cryptographic keys that are used to authenticate users when they connect to instances via SSH. + Storage Pool A storage pool is a collection of storage resources that can be used to store virtual machine disk volumes. Storage pools can be either local or shared storage. + Template A Template is a pre-configured disk image that contains an operating system and other software. Templates can be used to create instances. + User A User is an individual who has access to the CloudStack environment. Users can be assigned to accounts and can have different roles and permissions. + VLAN A VLAN (Virtual Local Area Network) is a logical partition of a physical network. VLANs can be used to isolate network traffic and improve security. + VPC A VPC (Virtual Private Cloud) is a virtual network that is isolated from other networks. VPCs can be used to create a private cloud environment within CloudStack. + Volume A volume is a virtual disk that can be attached to an instance. Volumes can be created from templates, snapshots, or other volumes. + Zone A zone is a top-level container for resources. A zone contains clusters, pods, and primary storage. Zones can be used to represent different geographical locations or different environments (e.g., production, development). +========================= =================================== diff --git a/source/conf.py b/source/conf.py index 277e874e1e..fe4543b671 100644 --- a/source/conf.py +++ b/source/conf.py @@ -20,13 +20,13 @@ # -- Project information ----------------------------------------------------- project = 'Apache CloudStack' -copyright = '2012-2024, Apache Foundation' +copyright = '2012-2025, Apache Foundation' author = 'Apache CloudStack Project' # The short X.Y version -version = '4.20' +version = '4.22' # The full version, including alpha/beta/rc tags -release = '4.20.0.0' +release = '4.22.0.0' rst_epilog = """ .. include:: /_global.rst diff --git a/source/developersguide/ansible.rst b/source/developersguide/ansible.rst index ed3232f96e..f6bd73a0df 100644 --- a/source/developersguide/ansible.rst +++ b/source/developersguide/ansible.rst @@ -190,7 +190,7 @@ the file will look like this: yum: name=libselinux-python state=present - - name: Ensure cloudstack specfic my.cnf lines are present + - name: Ensure cloudstack specific my.cnf lines are present lineinfile: dest=/etc/my.cnf regexp=’$item’ insertafter=”symbolic-links=0″ line=’$item’ diff --git a/source/developersguide/dev.rst b/source/developersguide/dev.rst index e85b943646..67aceb1415 100644 --- a/source/developersguide/dev.rst +++ b/source/developersguide/dev.rst @@ -132,7 +132,7 @@ have both the API Key and Secret Key provided by the CloudStack administrator for your Account before proceeding with the signing process. -To show how to sign a request, we will re-use the previous example. +To show how to sign a request, we will reuse the previous example. .. parsed-literal:: @@ -555,7 +555,7 @@ is added to the new class named CSExceptionErrorCode. 4475 : "com.cloud.exception.InsufficientStorageCapacityException" -4480 : "com.cloud.exception.InsufficientVirtualNetworkCapcityException" +4480 : "com.cloud.exception.InsufficientVirtualNetworkCapacityException" 4485 : "com.cloud.exception.InternalErrorException" diff --git a/source/developersguide/developer_guide.rst b/source/developersguide/developer_guide.rst index 7666cfa0b9..9309c29c0f 100644 --- a/source/developersguide/developer_guide.rst +++ b/source/developersguide/developer_guide.rst @@ -204,7 +204,7 @@ Using Appliance for development ------------------------------- The Installing from source section will only get you to the point of -runnign the management server, it does not get you any hypervisors. The +running the management server, it does not get you any hypervisors. The simulator section gets you a simulated datacenter for testing. An appliance based development such as using ``mbx`` can allow you to run at least one hypervisor and add it to your management server the way you would a real physical machine. @@ -281,14 +281,14 @@ learn the extent of the API. Multiple clients exist on `GitHub `__ to use this API, you should be able to find one in your favorite language. The reference documentation for the API and changes that might -occur from version to version is availble +occur from version to version is available `on-line `__. This short section is aimed at providing a quick summary to give you a base understanding of how to use this API. As a quick start, a good way to explore the API is to navigate the dashboard with a firebug console (or similar developer console) to study the queries. -In a succint statement, the CloudStack query API can be used via http +In a succinct statement, the CloudStack query API can be used via http GET requests made against your cloud endpoint (e.g http://localhost:8080/client/api). The API name is passed using the ``command`` key and the various parameters for this API call are passed @@ -315,7 +315,7 @@ Open a Python shell and import the basic modules necessary to make the request. Do note that this request could be made many different ways, this is just a low level example. The ``urllib*`` modules are used to make the http request and do url encoding. The ``hashlib`` module gives -us the sha1 hash function. It used to geenrate the ``hmac`` (Keyed +us the sha1 hash function. It used to generate the ``hmac`` (Keyed Hashing for Message Authentication) using the secretkey. The result is encoded using the ``base64`` module. diff --git a/source/developersguide/get_help.rst b/source/developersguide/get_help.rst index 9f4670f9fa..9d9a2c2c88 100644 --- a/source/developersguide/get_help.rst +++ b/source/developersguide/get_help.rst @@ -38,7 +38,7 @@ The following guides are available: - CloudStack Concepts and Terminology - Quick Installation Guide - Installation Guide -- Upgradong CloudStack +- Upgrading CloudStack - Usage Guide - Developers Guide - Plugins Guide diff --git a/source/developersguide/index.rst b/source/developersguide/index.rst index 85ac8821c0..842f4732f0 100644 --- a/source/developersguide/index.rst +++ b/source/developersguide/index.rst @@ -24,7 +24,7 @@ Developers Guide ================ -This is the Apache CloudStack developers guide. This section gives information for those wishing to develop CloudStack either contributing to the CloudStack core software or writing external plugins. Futher information can also be found at CloudStack's wiki https://cwiki.apache.org/confluence/display/CLOUDSTACK/Home and on the CloudStack mailing lists http://cloudstack.apache.org/mailing-lists.html +This is the Apache CloudStack developers guide. This section gives information for those wishing to develop CloudStack either contributing to the CloudStack core software or writing external plugins. Further information can also be found at CloudStack's wiki https://cwiki.apache.org/confluence/display/CLOUDSTACK/Home and on the CloudStack mailing lists http://cloudstack.apache.org/mailing-lists.html .. toctree:: :maxdepth: 2 diff --git a/source/index.rst b/source/index.rst index fc0fb47ecf..b9b369e0a4 100644 --- a/source/index.rst +++ b/source/index.rst @@ -51,15 +51,9 @@ Information can also be found at CloudStack's wiki https://cwiki.apache.org/conf Apache CloudStack web site Apache CloudStack Source Code Apache CloudStack on GitHub + Apache CloudStack Documentation on GitHub -.. toctree:: - :caption: Pre 4.11 Documentation: - - Installation Guide - Administration Guide - Release Notes - Indices and Tables ================== diff --git a/source/installguide/building_from_source.rst b/source/installguide/building_from_source.rst index 70315b397e..0708418ee8 100644 --- a/source/installguide/building_from_source.rst +++ b/source/installguide/building_from_source.rst @@ -267,7 +267,7 @@ several other dependencies. Note that we recommend using Maven 3. While we have defined, and you have presumably already installed the bootstrap prerequisites, there are a number of build time prerequisites that need to be resolved. CloudStack uses maven for dependency -resolution. You can resolve the buildtime depdencies for CloudStack by +resolution. You can resolve the buildtime dependencies for CloudStack by running: .. parsed-literal:: diff --git a/source/installguide/configuration.rst b/source/installguide/configuration.rst index b50a94ae61..bdfbb77a02 100644 --- a/source/installguide/configuration.rst +++ b/source/installguide/configuration.rst @@ -47,6 +47,8 @@ follow these procedures: #. Add secondary storage to the zone. See :ref:`add-secondary-storage`. +#. Register Templates to the zone. See :ref:`register-templates`. + #. Initialize and test the new cloud. See :ref:`initialize-and-test`. When you have finished these steps, you will have a deployment with the @@ -264,7 +266,13 @@ and secondary storage. #. Click Add Zone. The zone creation wizard will appear. -#. Choose one of the following network types: +#. Choose one of the following zone types: + + - **Core.** Core Zones are intended for Datacenter based deployments and allow the full range of Networking and other functionality in Apache CloudStack. Core zones have a number of prerequisites and rely on the presence of shared storage and helper Instances. For more information see :ref:`core-zone`. + + - **Edge.** Edge Zones are lightweight zones, designed for deploying in edge computing scenarios. They are limited in functionality but have far fewer prerequisites than core zones. Please refer to :ref:`edge-zone`. + +#. If Core Zone is selected, choose one of the following network types: - **Basic.** For AWS-style networking. Provides a single network where each instance is assigned an IP directly from the @@ -277,7 +285,7 @@ and secondary storage. VPN, or load balancer support. - **Security Groups.** You can choose to enable Security Groups in your zone. - For further informations regarding Security Groups and there prequesits + For further information regarding Security Groups and there prequesits please refer to the Security Groups section in the documentation. #. The rest of the steps differ depending on whether you chose Basic or @@ -287,6 +295,9 @@ and secondary storage. - `“Advanced Zone Configuration” <#advanced-zone-configuration>`_ +.. note:: + Since CloudStack 4.20.1, it is possible to specify the preferred architecture type for a zone for deployment of system VM including virtual routers. Zone setting - *system.vm.preferred.architecture* can be updated for this. The server will first try deployment on the preferred architecture and if it fails then will attempt on other architecture hosts. + Administrator can also register ROUTING template with the same name for different architectures to allow deployment across them depending on the compute capacity. For other system VMs, server will attempt deployment using different architecture templates available. Basic Zone Configuration ~~~~~~~~~~~~~~~~~~~~~~~~ @@ -496,6 +507,9 @@ Basic Zone Configuration - Copy the SSH public key from /var/cloudstack/management/.ssh/id_rsa.pub on the management server - Add the copied key to /root/.ssh/authorized_keys file on the host + .. TIP:: + On Ubuntu systems, the key will be in ``/var/lib/cloudstack/management/.ssh/id_rsa.pub`` instead. + Select "System SSH Key" and proceed with next steps. - **Host Tags.** (Optional) Any labels that you use to categorize @@ -526,6 +540,8 @@ Advanced Zone Configuration For Advanced zone, you may chose to select Edge which will allow creating an Edge Zone. If Edge is not selected then wizard will continue creating a Core zone. +.. _core-zone: + Core Zone ********* @@ -637,6 +653,8 @@ Core Zone - **VLAN / VNI ID.** The VLAN / VNI ID's that will be used for guest traffic. +.. note:: If the VNI is of a VXLAN, the protocol prefix `vxlan://` must be used, like in `vxlan://` + #. In a new pod, CloudStack adds the first cluster for you. You can always add more clusters later. For an overview of what a cluster is, see :ref:`about-clusters` @@ -669,14 +687,14 @@ Core Zone - **Host Name.** (Obligatory) The DNS name or IP address of the host. - - **Username.** (Obligatory) Username of a user who has administrator / root privilidges on + - **Username.** (Obligatory) Username of a user who has administrator / root privileges on the specified host (using Linux-hosts usually root). - **Password.** (Obligatory) This is the password for the user named above (from your XenServer or KVM install). .. note:: - For security reasons there are ways to use non-adminstrative users for + For security reasons there are ways to use non-administrative users for adding a host. Please refer to the hypervisor setup guides for further information. - **Host Tags.** Any labels that you use to categorize @@ -774,6 +792,8 @@ Core Zone #. Click Launch. +.. _edge-zone: + Edge Zone ********* @@ -805,14 +825,14 @@ To work with limited compute resources, an Edge zone will not deploy system VMs. - **Host Name.** (Obligatory) The DNS name or IP address of the host. - - **Username.** (Obligatory) Username of a user who has administrator / root privilidges on the specified host (using Linux-hosts usually root). + - **Username.** (Obligatory) Username of a user who has administrator / root privileges on the specified host (using Linux-hosts usually root). - - **Authentication.** Atuthentication type used for the host, either Password or System SSH Key. + - **Authentication.** Authentication type used for the host, either Password or System SSH Key. - **Password.** (Obligatory if Password authentication is selected) This is the password for the user named above. .. note:: - For security reasons there are ways to use non-adminstrative users for + For security reasons there are ways to use non-administrative users for adding a host. Please refer to the hypervisor setup guides for further information. - **Host Tags.** Any labels that you use to categorize @@ -1005,7 +1025,7 @@ XenServer and KVM hosts can be added to a cluster at any time. Requirements for XenServer and KVM Hosts -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**************************************** .. warning:: Make sure the hypervisor host does not have any instances already running before @@ -1026,7 +1046,7 @@ hypervisor in the CloudStack Installation Guide. Since CloudStack 4.20.0, the host arch type is auto detected when adding the host into CloudStack and it must match the cluster arch type for the operation to succeed. XenServer Host Additional Requirements -'''''''''''''''''''''''''''''''''''''' +************************************** If network bonding is in use, the administrator must cable the new host identically to other hosts in the cluster. @@ -1060,7 +1080,7 @@ bonds on the new hosts in the cluster. KVM Host Additional Requirements -'''''''''''''''''''''''''''''''' +******************************** - If shared mountpoint storage is in use, the administrator should ensure that the new host has all the same mountpoints (with storage @@ -1082,7 +1102,7 @@ KVM Host Additional Requirements defaults:cloudstack !requiretty Adding a XenServer Host -^^^^^^^^^^^^^^^^^^^^^^^ +*********************** #. If you have not already done so, install the hypervisor software on the host. You will need to know which version of the hypervisor @@ -1126,7 +1146,7 @@ Adding a XenServer Host Adding a KVM Host -^^^^^^^^^^^^^^^^^ +***************** The steps to add a KVM host are same as adding a XenServer Host as mentioned in the above section. @@ -1317,7 +1337,7 @@ ever one) CloudStack volume, so performance of the CloudStack volume does not vary depending on how heavily other tenants are using the system. -The createStoragePool API has been augmented to support plugable storage +The createStoragePool API has been augmented to support pluggable storage providers. The following is a list of parameters to use when adding storage to CloudStack that is based on the SolidFire plug-in: @@ -1389,7 +1409,7 @@ so performance of the CloudStack volume does not vary depending on how heavily o tenants are using the system. This volume migration is supported across PowerFlex storage pools only, which are on same or distinct storage instance. -The createStoragePool API has been augmented to support plugable storage +The createStoragePool API has been augmented to support pluggable storage providers. The following is a list of parameters to use when adding storage to CloudStack that is based on the PowerFlex plug-in: @@ -1411,7 +1431,7 @@ storage to CloudStack that is based on the PowerFlex plug-in: - url=[storage pool url] -The url parameter contains the PowerFlex storage pool details, specifed +The url parameter contains the PowerFlex storage pool details, specified in the following format: powerflex://:@/ @@ -1428,11 +1448,19 @@ StorPool Plug-in ~~~~~~~~~~~~~~~~ .. note:: - The StorPool storage plug-in for CloudStack is part of the standard - CloudStack install. There is no additional work required to add this - component. + The StorPool storage plug-in for CloudStack described here is part of + the standard installation for CloudStack versions 4.17.0.0 and newer. + There is no additional work required to add this component. + + In case you use a version before 4.17.0.0, you should install the + StorPool plug-in provided in the `StorPool CloudStack + `_ + repository. -The StorPool plug-in is deeply integrated with CloudStack and works on with KVM hypervisors. +The StorPool plug-in is deeply integrated with CloudStack and works with KVM +hypervisors. For more information on how you can accelerate your CloudStack +deployment using CloudStack and StorPool together, see the `StorPool +`_ site. When used with service or disk offerings, an administrator is able to build an environment in which a root or data disk that a user creates @@ -1440,41 +1468,14 @@ leads to the dynamic creation of a StorPool volume, which has guaranteed performance. Such a StorPool volume is associated with one CloudStack volume, so performance of the CloudStack volume does not vary depending on how heavily other tenants are using the system. The volume migration is supported -accross non-managed storage pools (e.g. NFS/Local storage/Ceph) to StorPool, and -accross StorPool storage pools. - -More technical details could be found on `StorPool Knowledge Base `_. - -The createStoragePool API has been augmented to support plugable storage providers. -The following is a list of parameters to use when adding storage to CloudStack that is based on the StorPool plug-in: - -command=createStoragePool -scope=[zone] -zoneid=[your zone id] -hypervisor=KVM -name=[name for primary storage] -protocol=SharedMountPoint -provider=StorPool -capacityBytes=[used for accounting purposes only. May be more or less than the actual StorPool Template capacity] -url=[storage pool url] -The url parameter contains the StorPool storage pool details, specified in the following format: - -SP_API_HTTP=address:port;SP_AUTH_TOKEN=token;SP_TEMPLATE=template_name - -- =[address of StorPool Api] -- =[StorPool's token] -- =[name of StorPool's Template] - -================================= ==================================================================================================================================================================== -StorPool Configurations Description -================================= ==================================================================================================================================================================== -sp.bypass.secondary.storage For StorPool Managed storage backup to secondary -sp.cluster.id For StorPool multi cluster authorization (It will be set automatically for each cluster) -sp.enable.alternative.endpoint Used for StorPool primary storage, defines if there is a need to be used alternative endpoint -sp.alternative.endpoint Used for StorPool primary storage for an alternative endpoint. Structure of the endpoint is `SP_API_HTTP=address:port; SP_AUTH_TOKEN=token; SP_TEMPLATE=template_name` -storpool.volume.tags.checkup Minimal interval (in seconds) to check and report if a StorPool volume created by CloudStack exists in CloudStack's database -storpool.snapshot.tags.checkup Minimal interval (in seconds) to check and report if a StorPool Snapshot created by CloudStack exists in CloudStack's database -================================= ==================================================================================================================================================================== +across non-managed storage pools (e.g. NFS/Local storage/Ceph) to StorPool, and +across StorPool storage pools. + +For detailed information about *Command*, *Scope*, *Hypervisor*, and other +parameters you need to specify when setting up the StorPool plug-in, see the +`CloudStack integration +`_ +documentation. HPE Primera/3PAR Plug-in ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -1487,7 +1488,7 @@ This documentation assumes you have the following configured in your environment - FiberChannel fabric and connectivity to every KVM host where volumes be attached to virtual machines. - Host definitions in the Primera Array that match the name of the hostwill in CloudStack. This can be fully-qualified or just the hostname. - Hostset defined to match the group of hosts associated with the Cloudstack cluster. -- Username and password to access the API with at least Edit privleges. +- Username and password to access the API with at least Edit privileges. - CPG (Common Provisioning Group) defined in the HPE Primera storage system where volumes and snapshots can be provisioned. When this storage pool is used with Compute or Disk Offerings, an administrator is @@ -1500,7 +1501,7 @@ HPE Primera Storage provider implementations, between HPE Primera Storage Pools NFS Storage Pools, and between other providers that support cross-provider volume migration. The createStoragePool API can be used to configure an HPE Primera storage pool with the -following paramaters: +following parameters: - command=createStoragePool - scope=[zone | cluster]. Note this must match your Hostset configuration (below) @@ -1510,10 +1511,10 @@ following paramaters: - name=[name for primary storage] - hypervisor=KVM - provider=Primera -- capacitybytes=The total capacity bytes avialable to the pool (before overprovisioning configuration is applied). If provided, this must be less than the total available capacity of the CPG on the storage system. If its not provided, defaults to the CPG maximum space. +- capacitybytes=The total capacity bytes available to the pool (before overprovisioning configuration is applied). If provided, this must be less than the total available capacity of the CPG on the storage system. If its not provided, defaults to the CPG maximum space. - url=[url to storage system] -The url parameter contains the HPE Primera storage pool details, specifed +The url parameter contains the HPE Primera storage pool details, specified in the following format: https://:@:/api/v1?cpg=&hostset=&api_skiptlsvalidation=" @@ -1531,7 +1532,7 @@ When a volume is created by the plugin, it will create bi-directional mappings i - vol: A root or data volume - snap: A snapshot volume - tpl: A template spooled to the storage device -- Each volume's description field in the HPE Primera storage system will have a formatted key/value pair with metadata mappings for the Cloudstack volume defintion (user volume name, volume uuid, account/project information) +- Each volume's description field in the HPE Primera storage system will have a formatted key/value pair with metadata mappings for the Cloudstack volume definition (user volume name, volume uuid, account/project information) - Each virtual volume's WWID will be stored in the volume's path field in Cloudstack Pure Flasharray API @@ -1545,7 +1546,7 @@ This documentation assumes you have the following configured in your environment - FiberChannel fabric and connectivity to every KVM host where volumes will be attached to virtual machines. - Host definitions in the Pure Flasharray that match the name of the host in CloudStack. This can be fully-qualified or just the hostname. - Hostgroup defined to match the group of hosts associated with the Cloudstack cluster. -- Username and password to access the API with at least Edit privleges. +- Username and password to access the API with at least Edit privileges. - Pure Flasharray pod defined in the HPE Primera storage system where volumes and snapshots can be provisioned. NOTE: This "pod" is not the same as a "pod" in Cloudstack. When this storage pool is used with Compute or Disk Offerings, an administrator is @@ -1558,7 +1559,7 @@ Pure Flasharray Storage provider implementations, between Pure Flasharray Storag NFS Storage Pools, and between other providers that support cross-provider volume migration. The createStoragePool API can be used to configure an Pure Flasharray storage pool with the -following paramaters: +following parameters: - command=createStoragePool - scope=[zone | cluster]. Note this must match your Hostset configuration (below) @@ -1571,7 +1572,7 @@ following paramaters: - capacitybytes=The total capacity bytes available to the pool (before overprovisioning configuration is applied). If provided, this must be less than the total available capacity of the Flasharray pod on the storage system. If its not provided, defaults to the Flasharray pod maximum space. - url=[url to storage system] -The url parameter contains the Pure Flasharray storage pool details, specifed +The url parameter contains the Pure Flasharray storage pool details, specified in the following format: https://:@:/api?pod=&hostgroup=&api_skiptlsvalidation=" @@ -1590,7 +1591,7 @@ When a volume is created by the plugin, it will create bi-directional mappings i - vol: A root or data volume - snap: A snapshot volume - tpl: A template spooled to the storage device -- Each volume's description field in the Pure Flasharray storage system will have a formatted key/value pair with metadata mappings for the Cloudstack volume defintion (user volume name, volume uuid, account/project information) +- Each volume's description field in the Pure Flasharray storage system will have a formatted key/value pair with metadata mappings for the Cloudstack volume definition (user volume name, volume uuid, account/project information) - Each virtual volume's WWID will be stored in the volume's path field in Cloudstack .. _add-secondary-storage: @@ -1717,7 +1718,7 @@ zone: - Path. The path to the zone's Secondary Staging Store. -Adding Object Storage +Add Object Storage ~~~~~~~~~~~~~~~~~~~~~~~~ You can add object storage pools at any time to add more capacity or providers to CloudStack @@ -1754,6 +1755,29 @@ You can add object storage pools at any time to add more capacity or providers See https://min.io/docs/minio/linux/index.html for MinIO Documentation + +.. _register-templates: + +Register Cloud Templates +------------------------ + +For "KVM" hypervisor, admin can register cloud templates after Zone is enabled, through the optional step "Register Template" + + #. After selecting kvm hypervisor: + + |ZoneKVMRegisterTemplates.png: KVM Register Templates| + + #. Register Template step in Zone wizard: + + |ZoneRegisterTemplates.png: Zone Register Templates| + +**Notes** + +- Cloud image templates are hosted in http://download.cloudstack.org/templates/cloud-images/ +- Metadata for the available templates is stored on the management server at: `/usr/share/cloudstack-management/webapp/cloud-image-templates.json` +- `MD5 `_ and `SHA512 `_ checksums can be used to validate available cloud images for registration. + + .. _initialize-and-test: Initialize and Test @@ -1881,9 +1905,31 @@ deployment. Setting Local Configuration Parameters ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Use the following steps to set local configuration parameters for an -account, zone, cluster, or primary storage. These values will override -the global configuration settings. +Configurations can also be set at more granular levels or scopes. + +#. Domain +#. Account +#. Zone +#. Cluster +#. Primary Storage +#. Secondary Storage + +All local settings can be configured at a global level as well. +If set, the local setting takes precedence over the global setting. + +Some configurations can be set at multiple levels or scopes. +For example, the following configuration parameters can be set at the +Zone scope and the Primary Storage scope. + +* pool.storage.capacity.disablethreshold +* pool.storage.allocated.resize.capacity.disablethreshold +* pool.storage.capacity.disablethreshold +* volume.resize.allowed.beyond.allocation + +In this case also the more granular setting (Primary Storage) +overrides the broader setting (Zone). + +Use the following steps to set local configuration parameters #. Log in to the UI as administrator. @@ -1917,7 +1963,7 @@ account, cluster, and zone. .. cssclass:: table-striped table-bordered table-hover ======== ========================================================= ====================================================================================================================================== -Field Field Value +Scope Name Value ======== ========================================================= ====================================================================================================================================== account remote.access.vpn.client.iprange The range of IPs to be allocated to remotely access the VPN clients. The first IP in the range is used by the VPN server. account allow.public.user.templates If false, users will not be able to create public Templates. @@ -1937,7 +1983,6 @@ cluster vmware.reserve.cpu Specify whe cluster vmware.reserve.mem Specify whether or not to reserve memory when not over-provisioning; In case of memory over-provisioning memory is always reserved. zone pool.storage.allocated.capacity.disablethreshold The percentage, as a value between 0 and 1, of allocated storage utilization above which allocators will disable that pool because the available allocated storage is below the threshold. -zone pool.storage.capacity.disablethreshold The percentage, as a value between 0 and 1, of storage utilization above which allocators will disable the pool because the available storage capacity is below the threshold. zone storage.overprovisioning.factor Used for storage over-provisioning calculation; available storage will be the mathematical product of actualStorageSize and storage.overprovisioning.factor. zone network.throttling.rate Default data transfer rate in megabits per second allowed in a network. zone guest.domain.suffix Default domain name for instances inside a virtual networks with a router. @@ -1956,3 +2001,5 @@ zone denied.routes Routes that .. |add-Host.png: Adding a KVM Host| image:: /_static/images/add-Host.png .. |ConsoleButton.png: button to launch a console| image:: /_static/images/console-icon.png .. |AddObjectStore.png: Add Object Storage| image:: /_static/images/add-object-store.png +.. |ZoneKVMRegisterTemplates.png: KVM Register Templates| image:: /_static/images/zone-kvm-register-template.png +.. |ZoneRegisterTemplates.png: Zone Register Templates| image:: /_static/images/zone-register-templates.png diff --git a/source/installguide/hypervisor/hyperv.rst b/source/installguide/hypervisor/hyperv.rst index 792e51778b..d8a018074c 100644 --- a/source/installguide/hypervisor/hyperv.rst +++ b/source/installguide/hypervisor/hyperv.rst @@ -85,7 +85,7 @@ start: | | y | the file share for the Hyper-V deployment will be | | | | the new folder created in the \\Shares on the | | | | selected volume. You can create sub-folders for both | -| | | CloudStack Primary and Secondary storage within the | +| | | CloudStack Primary and Secondary storage within the | | | | share location. When you select the profile for the | | | | file shares, ensure that you select SMB Share | | | | -Applications. This creates the file shares with | @@ -99,17 +99,17 @@ start: +------------+----------+------------------------------------------------------+ | Virtual | | If you are using Hyper-V 2012 R2, manually create an | | Switch | | external virtual switch before adding the host to | -| | | CloudStack. If the Hyper-V host is added to the Hyper-V | -| | | manager, select the host, then click Virtual Switch | -| | | Manager, then New Virtual Switch. In the External | -| | | Network, select the desired NIC adapter and click | -| | | Apply. | +| | | CloudStack. If the Hyper-V host is added to the | +| | | Hyper-V manager, select the host, then click Virtual | +| | | Switch Manager, then New Virtual Switch. In the | +| | | External Network, select the desired NIC adapter and | +| | | click Apply. | | | | | | | | If you are using Windows 2012 R2, virtual switch is | | | | created automatically. | +------------+----------+------------------------------------------------------+ | Virtual | | Take a note of the name of the virtual switch. You | -| Switch | | need to specify that when configuring CloudStack | +| Switch | | need to specify that when configuring CloudStack | | Name | | physical network labels. | +------------+----------+------------------------------------------------------+ | Hyper-V | | - Add the Hyper-V domain users to the Hyper-V | @@ -122,13 +122,13 @@ start: | | | - This domain user should be part of the Hyper-V | | | | Administrators and Local Administrators group on | | | | the Hyper-V hosts that are to be managed by | -| | | CloudStack. | +| | | CloudStack. | | | | | | | | - The Hyper-V Agent service runs with the | | | | credentials of this domain user account. | | | | | | | | - Specify the credential of the domain user while | -| | | adding a host to CloudStack so that it can manage | +| | | adding a host to CloudStack so that it can manage | | | | it. | | | | | | | | - Specify the credential of the domain user while | @@ -152,6 +152,9 @@ start: | Dial-in | | | +------------+----------+------------------------------------------------------+ +.. NOTE: For this kind of content it might be better to use a CSV table: +.. https://docutils.sourceforge.io/docs/ref/rst/directives.html#csv-table + Hyper-V Installation Steps ~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/installguide/hypervisor/kvm.rst b/source/installguide/hypervisor/kvm.rst index 72bf766185..d5dc3baa57 100644 --- a/source/installguide/hypervisor/kvm.rst +++ b/source/installguide/hypervisor/kvm.rst @@ -24,13 +24,11 @@ KVM is included with a variety of Linux-based operating systems. Although you are not required to run these distributions, the following are recommended: -- CentOS / RHEL: 7.X +- CentOS / RHEL / Binary-compatible variants: 8.X, 9.X, 10.X -- CentOS / RHEL / Binary-compatible variants: 8.X +- Ubuntu: 22.04 + -- Ubuntu: 18.04 + - -- openSUSE / SLES: 15.2 + +- openSUSE / SLES: 15.6 + The main requirement for KVM hypervisors is the libvirt and Qemu version. No matter what Linux distribution you are using, make sure the @@ -55,7 +53,7 @@ In addition, the following hardware requirements apply: - Within a single cluster, the hosts must be of the same distribution version. -- All hosts within a cluster must be homogenous. The CPUs must be of +- All hosts within a cluster must be homogeneous. The CPUs must be of the same type, count, and feature flags. - Must support HVM (Intel-VT or AMD-V enabled) @@ -90,7 +88,7 @@ host to work with CloudStack. .. warning:: Certain servers such as Dell provide the option to choose the Power Management Profile. The Active Power Controller enables Dell System DBPM (Demand Based Power Management) - which can restrict the visibility of the maximum CPU clock speed availble to the OS, + which can restrict the visibility of the maximum CPU clock speed available to the OS, which in turn can lead to CloudStack fetching the incorrect CPU speed of the server. To ensure that CloudStack can always fetch the maximum cpu speed on the server, ensure that "OS Control" is set as the Power Management Profile. @@ -165,6 +163,19 @@ KVM Instances. is the selected/active one (in case you had a previous Java version already installed) with ``alternatives --config java``, after CloudStack agent is installed. +.. note:: + SUSE Linux Enterprise Server 15 (SP7) requires the following steps to install Java 17 and prepare the host. + +.. parsed-literal:: + + SUSEConnect --product sle-module-legacy/15.7/x86_64 + zypper install java-17-openjdk-17.0.15.0-150400.3.54.1 + SUSEConnect --product PackageHub/15.7/x86_64 + zypper install rng-tools + wget https://download.opensuse.org/repositories/openSUSE:/Leap:/15.2/standard/noarch/timezone-java-2020a-lp152.2.1.noarch.rpm + rpm -ivh timezone-java-2020a-lp152.2.1.noarch.rpm + + Configure package repository ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -229,7 +240,7 @@ information. [cloudstack] name=cloudstack - baseurl=http://download.cloudstack.org/suse/|version|/ + baseurl=http://download.cloudstack.org/suse/$releasever/|version|/ enabled=1 gpgcheck=0 @@ -242,7 +253,7 @@ DEB package repository You can add a DEB package repository to your apt sources with the following commands. Replace the code name with your Ubuntu LTS version : -Ubuntu 20.04 (focal), Ubuntu 22.04 (jammy), Ubuntu 24.04 (noble). +Ubuntu 22.04 (jammy), Ubuntu 24.04 (noble). Use your preferred editor and open (or create) ``/etc/apt/sources.list.d/cloudstack.list``. Add the community provided @@ -298,6 +309,11 @@ In SUSE: $ zypper install cloudstack-agent +SUSE Linux Enterprise Server 15 (SP7) requires the following entry to be made in the /etc/cloudstack/agent/agent.properties file; the clock speed can be set to match the host CPU. + +.. parsed-literal:: + + host.cpu.manual.speed.mhz=2350 The host is now ready to be added to a cluster. This is covered in a later section, see :ref:`adding-a-host`. It is @@ -312,82 +328,112 @@ sudoers file: cloudstack ALL=NOPASSWD: /usr/bin/cloudstack-setup-agent Defaults:cloudstack !requiretty +Please note that when adding the KVM host to your Cloudstack Management server, +the setup commands will be run with sudo, even with root account. +You should make sure that you are allowed to run binaries and sudo binaries. + +On security hardened machines, make sure that the following line is +commented-out in your sudoers file if it exists: + +.. parsed-literal:: + + #Defaults noexec -Configure CPU model for KVM guest (Optional) +You may also want to make sure that sudo works by executing the following as +the user you want to register the KVM host with: + +.. parsed-literal:: + + sudo /usr/in/cloudstack-setup-agent --help + +Configure CPU model for KVM guests (Optional) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -In additional,the CloudStack Agent allows host administrator to control -the guest CPU model which is exposed to KVM Instances. By default, the -CPU model of KVM Instance is likely QEMU Virtual CPU version x.x.x with -least CPU features exposed. There are a couple of reasons to specify the -CPU model: +The CloudStack Agent allows host administrators to control +the CPU model which is exposed to KVM instances. By default, the +default QEMU CPU models (``qemu32`` or ``qemu64``) will be used, which +are designed to be compatible with all hosts and, as a consequence, will +expose the least amount of CPU features possible. Therefore, there are +a couple of reasons to specify the CPU model: -- To maximise performance of Instances by exposing new host CPU - features to the KVM Instances; +- Maximize performance of instances by exposing new host CPU + features to them; and, -- To ensure a consistent default CPU across all machines,removing - reliance of variable QEMU defaults; +- Ensure a consistent default CPU across all machines, removing + reliance of variable QEMU defaults. -For the most part it will be sufficient for the host administrator to -specify the guest CPU config in the per-host configuration file -(/etc/cloudstack/agent/agent.properties). This will be achieved by -introducing following configuration parameters: +The guest CPU configuration can be configured per host in the +``/etc/cloudstack/agent/agent.properties`` configuration file +through the following properties: ``guest.cpu.mode``, ``guest.cpu.model`` and ``guest.cpu.features``. -.. parsed-literal:: +The ``guest.cpu.mode`` property accepts three possible values: + +#. **custom:** Allows the customization of the CPU model, which + should be defined in the ``guest.cpu.model`` setting. For instance: - guest.cpu.mode=custom|host-model|host-passthrough - guest.cpu.model=from /usr/share/libvirt/cpu_map.xml(only valid when guest.cpu.mode=custom) - guest.cpu.features=vmx ept aes smx mmx ht (space separated list of cpu flags to apply) + .. parsed-literal:: -There are three choices to fulfill the cpu model changes: + guest.cpu.mode=custom + guest.cpu.model=SandyBridge -#. **custom:** you can explicitly specify one of the supported named - model in /usr/share/libvirt/cpu\_map.xml + The available CPU models for a given architecture can be retrieved by + executing ``virsh cpu-models ``. The XML definition of each + available model can be accessed at the ``/usr/share/libvirt/cpu_map/`` + path of the KVM hosts. -#. **host-model:** libvirt will identify the CPU model in - /usr/share/libvirt/cpu\_map.xml which most closely matches the host, +#. **host-model:** Libvirt will identify the CPU model in + ``/usr/share/libvirt/cpu_map`` which most closely matches the host's CPU, and then request additional CPU flags to complete the match. This - should give close to maximum functionality/performance, which - maintaining good reliability/compatibility if the guest is migrated - to another host with slightly different host CPUs. - -#. **host-passthrough:** libvirt will tell KVM to passthrough the host - CPU with no modifications. The difference to host-model, instead of - just matching feature flags, every last detail of the host CPU is - matched. This gives absolutely best performance, and can be important - to some apps which check low level CPU details, but it comes at a + should give close to maximum functionality/performance and + maintains good reliability/compatibility if the guest is migrated + to another host with slightly different CPUs. + +#. **host-passthrough:** Libvirt will tell KVM to passthrough the host + CPU with no modifications. The difference to ``host-model`` is that, instead of + just matching CPU flags, every last detail of the host's CPU is + matched. This gives absolutely best performance and can be important + to some apps that check low level CPU details. However, it comes at a cost with respect to migration: the guest can only be migrated to an - exactly matching host CPU. + exactly matching host's CPU. + +Furthermore, there is the ``guest.cpu.features`` setting that can be used +to add or remove individual CPU features. It is important to highlight +that Libvirt complains about specifying a list of flags without a CPU model. +Therefore, to apply CPU flags in KVM, one of the following requirements must be met: + +- Define ``guest.cpu.mode=host-model`` and specify the flags; +- Define ``guest.cpu.mode=host-passthrough`` and specify the flags; or, +- Define ``guest.cpu.mode=custom``, ``guest.cpu.model=`` and specify the flags. Here are some examples: -- custom +- Custom CPU model: .. parsed-literal:: guest.cpu.mode=custom guest.cpu.model=SandyBridge -- host-model +- Host model: .. parsed-literal:: guest.cpu.mode=host-model -- host-passthrough +- Host passthrough, adding the ``vmx`` and ``avx`` CPU flags, and removing the ``mmx`` one: .. parsed-literal:: guest.cpu.mode=host-passthrough - guest.cpu.features=vmx + guest.cpu.features=vmx avx -mmx .. note:: - host-passthrough may lead to migration failure,if you have this problem, - you should use host-model or custom. guest.cpu.features will force cpu features - as a required policy so make sure to put only those features that are provided - by the host CPU. As your kvm cluster needs to be made up of homogenous nodes anyway - (see System Requirements), it might make most sense to use guest.cpu.mode=host-model - or guest.cpu.mode=host-passthrough. + ``host-passthrough`` may lead to migration failure. If you have this problem, + you should use ``host-model`` or a custom CPU model. ``guest.cpu.features`` will force CPU features + as a required policy, so make sure to put only those features that are provided + by the host's CPU. As your KVM cluster needs to be made up of homogeneous nodes + (see System Requirements), it might make most sense to use ``guest.cpu.mode=host-model`` + or ``guest.cpu.mode=host-passthrough``. Install and Configure libvirt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -401,7 +447,7 @@ cloudstack-agent and should already be installed. planning to automate the deployment and configuration of your KVM hosts. #. To avoid potential security attack to Instances, We need to turn - off libvirt to listen on unsecure TCP port. CloudStack will automatically + off libvirt to listen on insecure TCP port. CloudStack will automatically set up cloud keystore and certificates when the host is added to cloudstack. We also need to turn off libvirts attempt to use Multicast DNS advertising. Both of these settings are in @@ -443,7 +489,7 @@ cloudstack-agent and should already be installed. #LIBVIRTD_ARGS="--listen" - On RHEL 8 / CentOS 8 / SUSE run the following command : + On RHEL 8 / CentOS 8 / SUSE / Ubuntu / Debian, run the following command : .. parsed-literal:: @@ -472,12 +518,18 @@ cloudstack-agent and should already be installed. #LIBVIRTD_ARGS="--listen" - Configure libvirt to connect to libvirtd and not to per-driver daemons, especially important on newer distros such as EL9 and Ubuntu 24.04. + Configure libvirt to connect to libvirtd and not to per-driver daemons, especially important on newer distros such as EL9, SUSE 15 SP7 and Ubuntu 24.04. Edit ``/etc/libvirt/libvirt.conf`` and add the following: .. parsed-literal:: remote_mode="legacy" + On Ubuntu 24.04 or newer set libvirtd mode to traditional mode (see https://libvirt.org/manpages/libvirtd.html#system-socket-activation): + + .. parsed-literal:: + + systemctl mask libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tls.socket libvirtd-tcp.socket + #. Restart libvirt @@ -603,7 +655,7 @@ There are many ways to configure your networking. Even within the scope of a giv network mode. Below are a few simple examples. .. note:: - Since Ubuntu 20.04 the standard for manging network connections is by + Since Ubuntu 20.04 the standard for managing network connections is by using NetPlan YAML files. Please refer to the Ubuntu man pages for further information and set up network connections figuratively. @@ -1490,7 +1542,7 @@ extra ports by executing the following iptable commands: $ iptables -I INPUT -p tcp -m tcp --dport 49152:49216 -j ACCEPT -These iptable settings are not persistent accross reboots, we have to +These iptable settings are not persistent across reboots, we have to save them first. .. parsed-literal:: @@ -1535,19 +1587,19 @@ To open the required ports, execute the following commands: $ ufw allow proto tcp from any to any port 49152:49216 .. note:: - By default UFW is not enabled on Ubuntu. Executing these commands with the - firewall disabled does not enable the firewall. + Since Ubuntu 22.04 LTS, the UFW's default policy for forwarding is set to "DROP". + Change it to "ACCEPT". - If you have an issue with ufw while using a bridged connection, - add those two lines at the end of the /etc/ufw/before.rules just before COMMIT +.. parsed-literal:: + sudo vi /etc/default/ufw .. parsed-literal:: - sudo vi /etc/ufw/before.rules + DEFAULT_FORWARD_POLICY="ACCEPT" .. parsed-literal:: - -A FORWARD -d 192.168.42.11 -j ACCEPT - -A FORWARD -s 192.168.42.11 -j ACCEPT + sudo ufw enable +UFW is disabled by default, so enabling it is recommended but optional. Additional Packages Required for Features ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -1595,7 +1647,7 @@ perform. In case of KVM, UEFI enabled hypervisor hosts must have the ``ovmf`` or ``edk2-ovmf`` package installed. -You can find further informations regarding prerequisites at the CloudStack Wiki +You can find further information regarding prerequisites at the CloudStack Wiki (https://cwiki.apache.org/confluence/display/CLOUDSTACK/Enable+UEFI+booting+for+Instance) as well as limitations for using UEFI in CloudStack. diff --git a/source/installguide/hypervisor/lxc.rst b/source/installguide/hypervisor/lxc.rst index a0d816572e..c937c1ebd1 100644 --- a/source/installguide/hypervisor/lxc.rst +++ b/source/installguide/hypervisor/lxc.rst @@ -49,7 +49,7 @@ In addition, the following hardware requirements apply: - Within a single cluster, the hosts must be of the same distribution version. -- All hosts within a cluster must be homogenous. The CPUs must be of +- All hosts within a cluster must be homogeneous. The CPUs must be of the same type, count, and feature flags. - Must support HVM (Intel-VT or AMD-V enabled) @@ -71,8 +71,8 @@ LXC does not have any native system VMs, instead KVM will be used to run system VMs. This means that your host will need to support both LXC and KVM, thus most of the installation and configuration will be identical to the KVM installation. The material in this section doesn't duplicate -KVM installation docs. It provides the CloudStack-specific steps that -are needed to prepare a KVM host to work with CloudStack. +information, so perform the steps in the Host KVM Installation section first +:ref:`host-kvm-installation`. .. warning:: Before continuing, make sure that you have applied the latest updates to @@ -123,235 +123,226 @@ KVM Instances. NTP is required to synchronize the clocks of the servers in your cloud. Unsynchronized clocks can cause unexpected problems. - #. Install NTP +#. Install NTP - .. parsed-literal:: - - $ yum install ntp + In RHEL or CentOS: .. parsed-literal:: - $ apt-get install openntpd - -#. Repeat all of these steps on every hypervisor host. - - -Install and configure the Agent -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -To manage LXC Instances on the host CloudStack uses a Agent. This Agent -communicates with the Management server and controls all the Instances -on the host. - -First we start by installing the agent: - -In RHEL or CentOS: - -.. parsed-literal:: - - $ yum install -y epel-release - $ yum install cloudstack-agent - -In Ubuntu: - -.. parsed-literal:: - - $ apt-get install cloudstack-agent - -Next step is to update the Agent configuration setttings. The settings -are in ``/etc/cloudstack/agent/agent.properties`` - -#. Set the Agent to run in LXC mode: - - .. parsed-literal:: - - hypervisor.type=lxc + $ yum install chrony -#. Optional: If you would like to use direct networking (instead of the - default bridge networking), configure these lines: + In Ubuntu: - .. parsed-literal:: + .. parsed-literal:: - libvirt.vif.driver=com.cloud.hypervisor.kvm.resource.DirectVifDriver + $ apt install chrony - .. parsed-literal:: + In SUSE: - network.direct.source.mode=private + .. parsed-literal:: - .. parsed-literal:: + $ zypper install chrony - network.direct.device=eth0 +#. Repeat all of these steps on every hypervisor host. -The host is now ready to be added to a cluster. This is covered in a -later section, see :ref:`adding-a-host`. It is -recommended that you continue to read the documentation before adding -the host! +Configure package repository +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Install and Configure libvirt -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +CloudStack is only distributed from source from the official mirrors. +However, members of the CloudStack community may build convenience +binaries so that users can install Apache CloudStack without needing to +build from source. -CloudStack uses libvirt for managing Instances. Therefore it is -vital that libvirt is configured correctly. Libvirt is a dependency of -cloudstack-agent and should already be installed. +If you didn't follow the steps to build your own packages from source in +the sections for `“Building RPMs from Source” +<../building_from_source.html#building-rpms-from-source>`__ or +`“Building DEB packages” <../building_from_source.html#building-deb-packages>`__ +you may find pre-built DEB and RPM packages for your convenience linked from +the `downloads `_ page. -#. In order to have live migration working libvirt has to listen for - unsecured TCP connections. We also need to turn off libvirts attempt - to use Multicast DNS advertising. Both of these settings are in - ``/etc/libvirt/libvirtd.conf`` +.. note:: + These repositories contain both the Management Server and KVM Hypervisor + packages. - Set the following parameters: +RPM package repository +~~~~~~~~~~~~~~~~~~~~~~ - .. parsed-literal:: +There is a RPM package repository for CloudStack so you can easily +install on RHEL and SUSE based platforms. - listen_tls = 0 +If you're using an RPM-based system, you'll want to add the Yum +repository so that you can install CloudStack with Yum. - .. parsed-literal:: +In RHEL or CentOS: - listen_tcp = 1 +Yum repository information is found under ``/etc/yum.repos.d``. You'll +see several ``.repo`` files in this directory, each one denoting a +specific repository. - .. parsed-literal:: +To add the CloudStack repository, create +``/etc/yum.repos.d/cloudstack.repo`` and insert the following +information. - tcp_port = "16509" +In the case of RHEL being used, you can replace 'centos' by 'rhel' in the value of baseurl - .. parsed-literal:: +.. parsed-literal:: - auth_tcp = "none" + [cloudstack] + name=cloudstack + baseurl=http://download.cloudstack.org/centos/$releasever/|version|/ + enabled=1 + gpgcheck=0 - .. parsed-literal:: +Now you should now be able to install CloudStack using Yum. - mdns_adv = 0 +In SUSE: -#. Turning on "listen\_tcp" in libvirtd.conf is not enough, we have to - change the parameters as well: +Zypper repository information is found under ``/etc/zypp/repos.d/``. You'll +see several ``.repo`` files in this directory, each one denoting a +specific repository. - On RHEL or CentOS modify ``/etc/sysconfig/libvirtd``: +To add the CloudStack repository, create +``/etc/zypp/repos.d/cloudstack.repo`` and insert the following +information. - Uncomment the following line: +.. parsed-literal:: - .. parsed-literal:: + [cloudstack] + name=cloudstack + baseurl=http://download.cloudstack.org/suse/|version|/ + enabled=1 + gpgcheck=0 - #LIBVIRTD_ARGS="--listen" - On Ubuntu: modify ``/etc/default/libvirt-bin`` +Now you should now be able to install CloudStack using zypper. - Add "-l" to the following line - .. parsed-literal:: +DEB package repository +~~~~~~~~~~~~~~~~~~~~~~ - libvirtd_opts="-d" +You can add a DEB package repository to your apt sources with the +following commands. Replace the code name with your Ubuntu LTS version : +Ubuntu 22.04 (jammy), Ubuntu 24.04 (noble). - so it looks like: +Use your preferred editor and open (or create) +``/etc/apt/sources.list.d/cloudstack.list``. Add the community provided +repository to the file (replace "trusty" with "xenial" or "bionic" if it is the case): - .. parsed-literal:: +.. parsed-literal:: - libvirtd_opts="-d -l" + deb https://download.cloudstack.org/ubuntu focal |version| -#. In order to have the VNC Console work we have to make sure it will - bind on 0.0.0.0. We do this by editing ``/etc/libvirt/qemu.conf`` +We now have to add the public key to the trusted keys. - Make sure this parameter is set: +.. parsed-literal:: - .. parsed-literal:: + wget -O - https://download.cloudstack.org/release.asc |sudo tee /etc/apt/trusted.gpg.d/cloudstack.asc - vnc_listen = "0.0.0.0" +Now update your local apt cache. -#. Restart libvirt +.. parsed-literal:: - In RHEL or CentOS: + sudo apt update - .. parsed-literal:: +Your DEB package repository should now be configured and ready for use. - $ service libvirtd restart +Install and configure the Agent +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - In Ubuntu: +To manage LXC Instances on the host CloudStack uses a Agent. This Agent +communicates with the Management server and controls all the Instances +on the host. - .. parsed-literal:: +.. note:: + Depending on your distribution you might need to add the corresponding package repository + for CloudStack. - $ service libvirt-bin restart +First we start by installing the agent: +In RHEL or CentOS: -Configure the Security Policies -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.. parsed-literal:: -CloudStack does various things which can be blocked by security -mechanisms like AppArmor and SELinux. These have to be disabled to -ensure the Agent has all the required permissions. + $ yum install -y epel-release + $ yum install cloudstack-agent -#. Configure SELinux (RHEL and CentOS) +In Ubuntu: - #. Check to see whether SELinux is installed on your machine. If not, - you can skip this section. +.. parsed-literal:: - In RHEL or CentOS, SELinux is installed and enabled by default. - You can verify this with: + $ apt install cloudstack-agent - .. parsed-literal:: +In SUSE: - $ rpm -qa | grep selinux +.. parsed-literal:: - #. Set the SELINUX variable in ``/etc/selinux/config`` to - "permissive". This ensures that the permissive setting will be - maintained after a system reboot. + $ zypper install cloudstack-agent - In RHEL or CentOS: - .. parsed-literal:: +If you're using a non-root user to add the LXC host, please add the user to +sudoers file: - $ vi /etc/selinux/config +.. parsed-literal:: - Change the following line + cloudstack ALL=NOPASSWD: /usr/bin/cloudstack-setup-agent + Defaults:cloudstack !requiretty - .. parsed-literal:: +Next step is to update the Agent configuration settings. The settings +are in ``/etc/cloudstack/agent/agent.properties`` - SELINUX=enforcing +#. Set the Agent to run in LXC mode: - to this + .. parsed-literal:: - .. parsed-literal:: + hypervisor.type=lxc - SELINUX=permissive +#. Optional: If you would like to use direct networking (instead of the + default bridge networking), configure these lines: - #. Then set SELinux to permissive starting immediately, without - requiring a system reboot. + .. parsed-literal:: - .. parsed-literal:: + libvirt.vif.driver=com.cloud.hypervisor.kvm.resource.DirectVifDriver - $ setenforce permissive + .. parsed-literal:: -.. note:: In a production environment, selinux should be set to enforcing - and the necessary selinux policies are created to allow the - services to run. + network.direct.source.mode=private -#. Configure Apparmor (Ubuntu) + .. parsed-literal:: - #. Check to see whether AppArmor is installed on your machine. If - not, you can skip this section. + network.direct.device=eth0 - In Ubuntu AppArmor is installed and enabled by default. You can - verify this with: +The host is now ready to be added to a cluster. This is covered in a +later section, see :ref:`adding-a-host`. It is +recommended that you continue to read the documentation before adding +the host! - .. parsed-literal:: - $ dpkg --list 'apparmor' +Install and Configure libvirt +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - #. Disable the AppArmor profiles for libvirt +CloudStack uses libvirt for managing System VM Instances, even in a LXC host. Therefore it is +vital that libvirt is configured correctly. Libvirt is a dependency of +cloudstack-agent and should already be installed. - .. parsed-literal:: +Please refer to :ref:`install-and-configure-libvirt` for the steps to install and configure +libvirt. Only the, perform the next steps. - $ ln -s /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable/ +In Ubuntu: - .. parsed-literal:: +.. parsed-literal:: - $ ln -s /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper /etc/apparmor.d/disable/ + apt install libvirt-daemon-driver-lxc -y - .. parsed-literal:: - $ apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd +Configure the Security Policies +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - .. parsed-literal:: +CloudStack does various things which can be blocked by security +mechanisms like AppArmor and SELinux. These have to be disabled to +ensure the Agent has all the required permissions. - $ apparmor_parser -R /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper +Please refer to :ref:`configure-the-security-policies` for the steps to install and configure libvirt. Configure the network bridges @@ -625,7 +616,7 @@ extra ports by executing the following iptable commands: $ iptables -I INPUT -p tcp -m tcp --dport 49152:49216 -j ACCEPT -These iptable settings are not persistent accross reboots, we have to +These iptable settings are not persistent across reboots, we have to save them first. .. parsed-literal:: diff --git a/source/installguide/hypervisor/vsphere.rst b/source/installguide/hypervisor/vsphere.rst index 872b51e383..03a325d139 100644 --- a/source/installguide/hypervisor/vsphere.rst +++ b/source/installguide/hypervisor/vsphere.rst @@ -74,7 +74,7 @@ Hardware requirements: - All hosts must be 64-bit and must support HVM (Intel-VT or AMD-V enabled). -- All hosts within a cluster must be homogenous. That means the CPUs +- All hosts within a cluster must be homogeneous. That means the CPUs must be of the same type, count, and feature flags. - 64-bit x86 CPU (more cores results in better performance) @@ -116,16 +116,16 @@ Requirements" `_) - and install it by following the VMware vSphere Installation Guide. + from the VMware/Broadcom Website and install it by following the VMware vSphere Installation Guide. #. Following installation, perform the following configuration, which are described in the next few sections: @@ -270,7 +268,7 @@ Configure Virtual Switch ^^^^^^^^^^^^^^^^^^^^^^^^ During the initial installation of an ESXi host a default virtual switch -vSwitch0 is created. You may need to create additional vSwiches depending +vSwitch0 is created. You may need to create additional vSwitches depending on your required architecture. CloudStack requires all ESXi hosts in the cloud to use consistently named virtual switches. If you change the default virtual switch name, you will need to configure @@ -575,13 +573,13 @@ these credentials while configuring Nexus virtual switch. **Management IP Address** This is the IP address of the VSM appliance. This is the IP address you -specify in the virtual switch IP Address field while configuting Nexus virtual +specify in the virtual switch IP Address field while configuring Nexus virtual switch. **SSL** Should be set to Enable.Always enable SSL. SSH is usually enabled by default during the VSM installation. However, check whether the SSH connection to the -VSM is working, without which CloudStack failes to connect to the VSM. +VSM is working, without which CloudStack fails to connect to the VSM. Creating a Port Profile @@ -878,7 +876,7 @@ The three fields to fill in are: **nexusdvs**: Represents Cisco Nexus 1000v distributed virtual switch. - If nothing specified (left empty), zone-level default virtual switchwould + If nothing specified (left empty), zone-level default virtual switch would be defaulted, based on the value of global parameter you specify. Following are the global configuration parameters: diff --git a/source/installguide/hypervisor/xenserver.rst b/source/installguide/hypervisor/xenserver.rst index 15af51d8d4..2610c330d4 100644 --- a/source/installguide/hypervisor/xenserver.rst +++ b/source/installguide/hypervisor/xenserver.rst @@ -36,15 +36,17 @@ System Requirements for XenServer Hosts - XenServer 7.5 - XenServer 8.0 (not tested explicitly, but should work - see the release notes) - XenServer 8.1 (not tested explicitly, but should work - see the release notes) + - XenServer 8.4 - XCP-ng 7.4.0 - XCP-ng 7.5.0 - XCP-ng 7.6.0 - XCP-ng 8.0.0 - XCP-ng 8.1.0 - XCP-ng 8.2.0 + - XCP-ng 8.3.0 -- You must re-install Citrix XenServer if you are going to re-use a +- You must re-install Citrix XenServer if you are going to reuse a host from a previous install. - Must support HVM (Intel-VT or AMD-V enabled) diff --git a/source/installguide/locale/pot/building_from_source.pot b/source/installguide/locale/pot/building_from_source.pot index f5f9d41975..8cd704cf30 100644 --- a/source/installguide/locale/pot/building_from_source.pot +++ b/source/installguide/locale/pot/building_from_source.pot @@ -233,7 +233,7 @@ msgstr "" #: ../../building_from_source.rst:194 # 283980d16b48466bb2a2d3b17ff1fede -msgid "While we have defined, and you have presumably already installed the bootstrap prerequisites, there are a number of build time prerequisites that need to be resolved. CloudStack uses maven for dependency resolution. You can resolve the buildtime depdencies for CloudStack by running:" +msgid "While we have defined, and you have presumably already installed the bootstrap prerequisites, there are a number of build time prerequisites that need to be resolved. CloudStack uses maven for dependency resolution. You can resolve the buildtime dependencies for CloudStack by running:" msgstr "" #: ../../building_from_source.rst:204 diff --git a/source/installguide/locale/pot/configuration.pot b/source/installguide/locale/pot/configuration.pot index 9c4db09afe..17ba070c69 100644 --- a/source/installguide/locale/pot/configuration.pot +++ b/source/installguide/locale/pot/configuration.pot @@ -1674,7 +1674,7 @@ msgstr "" #: ../../configuration.rst:1264 # febca3ed36dc41f0bfe48a3170c1b282 -msgid "The createStoragePool API has been augmented to support plugable storage providers. The following is a list of parameters to use when adding storage to CloudStack that is based on the SolidFire plug-in:" +msgid "The createStoragePool API has been augmented to support pluggable storage providers. The following is a list of parameters to use when adding storage to CloudStack that is based on the SolidFire plug-in:" msgstr "" #: ../../configuration.rst:1268 diff --git a/source/installguide/locale/pot/hypervisor/kvm.pot b/source/installguide/locale/pot/hypervisor/kvm.pot index 7b75d4ce44..6a0a74a396 100644 --- a/source/installguide/locale/pot/hypervisor/kvm.pot +++ b/source/installguide/locale/pot/hypervisor/kvm.pot @@ -83,7 +83,7 @@ msgstr "" #: ../../hypervisor/kvm.rst:52 # fc001eaf8fb842d7adbbf5bb977be8fd -msgid "All hosts within a cluster must be homogenous. The CPUs must be of the same type, count, and feature flags." +msgid "All hosts within a cluster must be homogeneous. The CPUs must be of the same type, count, and feature flags." msgstr "" #: ../../hypervisor/kvm.rst:55 @@ -320,7 +320,7 @@ msgstr "" #: ../../hypervisor/kvm.rst:243 # ed8dd766459147cbb85ff50d90c4b80e -msgid "In order to have live migration working libvirt has to listen for unsecured TCP connections. We also need to turn off libvirts attempt to use Multicast DNS advertising. Both of these settings are in ``/etc/libvirt/libvirtd.conf``" +msgid "In order to have live migration working libvirt has to listen for insecured TCP connections. We also need to turn off libvirts attempt to use Multicast DNS advertising. Both of these settings are in ``/etc/libvirt/libvirtd.conf``" msgstr "" #: ../../hypervisor/kvm.rst:248 @@ -735,7 +735,7 @@ msgstr "" #: ../../hypervisor/kvm.rst:836 # f47cb1aac5b0422ea1409fd01b64e2db -msgid "These iptable settings are not persistent accross reboots, we have to save them first." +msgid "These iptable settings are not persistent across reboots, we have to save them first." msgstr "" #: ../../hypervisor/kvm.rst:845 diff --git a/source/installguide/locale/pot/hypervisor/lxc.pot b/source/installguide/locale/pot/hypervisor/lxc.pot index 81fef09a88..ec6e8ef5fa 100644 --- a/source/installguide/locale/pot/hypervisor/lxc.pot +++ b/source/installguide/locale/pot/hypervisor/lxc.pot @@ -80,7 +80,7 @@ msgstr "" #: ../../hypervisor/lxc.rst:52 # 9a162b24f7fd499c9793ac22d8cd360f -msgid "All hosts within a cluster must be homogenous. The CPUs must be of the same type, count, and feature flags." +msgid "All hosts within a cluster must be homogeneous. The CPUs must be of the same type, count, and feature flags." msgstr "" #: ../../hypervisor/lxc.rst:55 @@ -230,7 +230,7 @@ msgstr "" #: ../../hypervisor/lxc.rst:160 # 04df1ba82d804c3e93844dbf7cdd829d -msgid "Next step is to update the Agent configuration setttings. The settings are in ``/etc/cloudstack/agent/agent.properties``" +msgid "Next step is to update the Agent configuration settings. The settings are in ``/etc/cloudstack/agent/agent.properties``" msgstr "" #: ../../hypervisor/lxc.rst:163 @@ -262,7 +262,7 @@ msgstr "" #: ../../hypervisor/lxc.rst:197 # f54bd7715b5441f687683613bff00956 -msgid "In order to have live migration working libvirt has to listen for unsecured TCP connections. We also need to turn off libvirts attempt to use Multicast DNS advertising. Both of these settings are in ``/etc/libvirt/libvirtd.conf``" +msgid "In order to have live migration working libvirt has to listen for insecured TCP connections. We also need to turn off libvirts attempt to use Multicast DNS advertising. Both of these settings are in ``/etc/libvirt/libvirtd.conf``" msgstr "" #: ../../hypervisor/lxc.rst:202 @@ -591,7 +591,7 @@ msgstr "" #: ../../hypervisor/lxc.rst:623 # d20a63121d8d4a90b51c2e5eb1dc1b8e -msgid "These iptable settings are not persistent accross reboots, we have to save them first." +msgid "These iptable settings are not persistent across reboots, we have to save them first." msgstr "" #: ../../hypervisor/lxc.rst:632 diff --git a/source/installguide/locale/pot/hypervisor/vsphere.pot b/source/installguide/locale/pot/hypervisor/vsphere.pot index 2935e3a990..c3389a1553 100644 --- a/source/installguide/locale/pot/hypervisor/vsphere.pot +++ b/source/installguide/locale/pot/hypervisor/vsphere.pot @@ -78,7 +78,7 @@ msgstr "" #: ../../hypervisor/vsphere.rst:66 # 0a5dabc432dc454396baf7e656897fe6 -msgid "All hosts within a cluster must be homogenous. That means the CPUs must be of the same type, count, and feature flags." +msgid "All hosts within a cluster must be homogeneous. That means the CPUs must be of the same type, count, and feature flags." msgstr "" #: ../../hypervisor/vsphere.rst:69 @@ -163,7 +163,7 @@ msgstr "" #: ../../hypervisor/vsphere.rst:114 # 311e91fb341e4d30a649ba13d80e2e72 -msgid "You must re-install VMware ESXi if you are going to re-use a host from a previous install." +msgid "You must re-install VMware ESXi if you are going to reuse a host from a previous install." msgstr "" #: ../../hypervisor/vsphere.rst:117 @@ -830,12 +830,12 @@ msgstr "" #: ../../hypervisor/vsphere.rst:507 # c42b39990d6e4d0589467d0a4ff5be4c -msgid "**Management IP Address** This is the IP address of the VSM appliance. This is the IP address you specify in the virtual switch IP Address field while configuting Nexus virtual switch." +msgid "**Management IP Address** This is the IP address of the VSM appliance. This is the IP address you specify in the virtual switch IP Address field while configuring Nexus virtual switch." msgstr "" #: ../../hypervisor/vsphere.rst:512 # 26a1722f2c004284958a7d40035272d8 -msgid "**SSL** Should be set to Enable.Always enable SSL. SSH is usually enabled by default during the VSM installation. However, check whether the SSH connection to the VSM is working, without which CloudStack failes to connect to the VSM." +msgid "**SSL** Should be set to Enable.Always enable SSL. SSH is usually enabled by default during the VSM installation. However, check whether the SSH connection to the VSM is working, without which CloudStack fails to connect to the VSM." msgstr "" #: ../../hypervisor/vsphere.rst:519 diff --git a/source/installguide/locale/pot/hypervisor/xenserver.pot b/source/installguide/locale/pot/hypervisor/xenserver.pot index ab6ae7e169..73e52725c8 100644 --- a/source/installguide/locale/pot/hypervisor/xenserver.pot +++ b/source/installguide/locale/pot/hypervisor/xenserver.pot @@ -63,7 +63,7 @@ msgstr "" #: ../../hypervisor/xenserver.rst:40 # 5dee06ed5f2f472f9e0979ddbb241a63 -msgid "You must re-install Citrix XenServer if you are going to re-use a host from a previous install." +msgid "You must re-install Citrix XenServer if you are going to reuse a host from a previous install." msgstr "" #: ../../hypervisor/xenserver.rst:43 diff --git a/source/installguide/locale/pot/hypervisor_installation.pot b/source/installguide/locale/pot/hypervisor_installation.pot index 6921ad4f97..2dfbdfa1aa 100644 --- a/source/installguide/locale/pot/hypervisor_installation.pot +++ b/source/installguide/locale/pot/hypervisor_installation.pot @@ -104,7 +104,7 @@ msgstr "" #: ../../hypervisor_installation.rst:3366 # 86c9ea55ffec4f399b8e7918b7bb43d0 # e392215de57d4843958e657b3d6d64c7 -msgid "All hosts within a cluster must be homogenous. The CPUs must be of the same type, count, and feature flags." +msgid "All hosts within a cluster must be homogeneous. The CPUs must be of the same type, count, and feature flags." msgstr "" #: ../../hypervisor_installation.rst:75 @@ -423,7 +423,7 @@ msgstr "" #: ../../hypervisor_installation.rst:3539 # ff42e0ea9cf64b509d310c0071086352 # 5b89b062abbe4cc89b7fd10ece8eb9e8 -msgid "In order to have live migration working libvirt has to listen for unsecured TCP connections. We also need to turn off libvirts attempt to use Multicast DNS advertising. Both of these settings are in ``/etc/libvirt/libvirtd.conf``" +msgid "In order to have live migration working libvirt has to listen for insecured TCP connections. We also need to turn off libvirts attempt to use Multicast DNS advertising. Both of these settings are in ``/etc/libvirt/libvirtd.conf``" msgstr "" #: ../../hypervisor_installation.rst:308 @@ -968,7 +968,7 @@ msgstr "" #: ../../hypervisor_installation.rst:3983 # d68286a4499a42d0af59d58cf3307ce8 # cabb0609f32c4af983aec749c9a3bde6 -msgid "These iptable settings are not persistent accross reboots, we have to save them first." +msgid "These iptable settings are not persistent across reboots, we have to save them first." msgstr "" #: ../../hypervisor_installation.rst:911 @@ -1239,7 +1239,7 @@ msgstr "" #: ../../hypervisor_installation.rst:1022 # 7f67c993b17a4b25a8b436331132a38b -msgid "You must re-install Citrix XenServer if you are going to re-use a host from a previous install." +msgid "You must re-install Citrix XenServer if you are going to reuse a host from a previous install." msgstr "" #: ../../hypervisor_installation.rst:1031 @@ -2573,7 +2573,7 @@ msgstr "" #: ../../hypervisor_installation.rst:2258 # 444698b909b14c1bafa79d28ca6d0e0c -msgid "All hosts within a cluster must be homogenous. That means the CPUs must be of the same type, count, and feature flags." +msgid "All hosts within a cluster must be homogeneous. That means the CPUs must be of the same type, count, and feature flags." msgstr "" #: ../../hypervisor_installation.rst:2286 @@ -2628,7 +2628,7 @@ msgstr "" #: ../../hypervisor_installation.rst:2331 # fa50c73129ea428e839debdffdc10099 -msgid "You must re-install VMware ESXi if you are going to re-use a host from a previous install." +msgid "You must re-install VMware ESXi if you are going to reuse a host from a previous install." msgstr "" #: ../../hypervisor_installation.rst:2336 @@ -3310,7 +3310,7 @@ msgstr "" #: ../../hypervisor_installation.rst:2754 # 7febd6557b3742e9a3d478672eba6cad -msgid "This is the IP address of the VSM appliance. This is the IP address you specify in the virtual switch IP Address field while configuting Nexus virtual switch." +msgid "This is the IP address of the VSM appliance. This is the IP address you specify in the virtual switch IP Address field while configuring Nexus virtual switch." msgstr "" #: ../../hypervisor_installation.rst:2758 @@ -3320,7 +3320,7 @@ msgstr "" #: ../../hypervisor_installation.rst:2756 # cab1502c5d5d4221873f13e86168b3d3 -msgid "Should be set to Enable.Always enable SSL. SSH is usually enabled by default during the VSM installation. However, check whether the SSH connection to the VSM is working, without which CloudStack failes to connect to the VSM." +msgid "Should be set to Enable.Always enable SSL. SSH is usually enabled by default during the VSM installation. However, check whether the SSH connection to the VSM is working, without which CloudStack fails to connect to the VSM." msgstr "" #: ../../hypervisor_installation.rst:2761 @@ -4196,7 +4196,7 @@ msgstr "" #: ../../hypervisor_installation.rst:3497 # 6e8937e78ff6442db35604533d058b4a -msgid "Next step is to update the Agent configuration setttings. The settings are in ``/etc/cloudstack/agent/agent.properties``" +msgid "Next step is to update the Agent configuration settings. The settings are in ``/etc/cloudstack/agent/agent.properties``" msgstr "" #: ../../hypervisor_installation.rst:3502 diff --git a/source/installguide/locale/pot/managing_networks.pot b/source/installguide/locale/pot/managing_networks.pot index 35b07554ad..821c40dc15 100644 --- a/source/installguide/locale/pot/managing_networks.pot +++ b/source/installguide/locale/pot/managing_networks.pot @@ -964,7 +964,7 @@ msgstr "" #: ../../managing_networks.rst:638 # 191010bd30424f3aa12cf309a48dcfc4 -msgid "You cannot apply IP Reservation if any VM is alloted with an IP address that is outside the Guest VM CIDR." +msgid "You cannot apply IP Reservation if any VM is allotted with an IP address that is outside the Guest VM CIDR." msgstr "" #: ../../managing_networks.rst:643 @@ -5090,7 +5090,7 @@ msgstr "" #: ../../managing_networks.rst:4657 # 37506050acaf40fda04742118858f794 -msgid "The administrator can deploy a set of VLANs and allow users to deploy VMs on these VLANs. A guest VLAN is randomly alloted to an account from a pre-specified set of guest VLANs. All the VMs of a certain tier of an account reside on the guest VLAN allotted to that account." +msgid "The administrator can deploy a set of VLANs and allow users to deploy VMs on these VLANs. A guest VLAN is randomly allotted to an account from a pre-specified set of guest VLANs. All the VMs of a certain tier of an account reside on the guest VLAN allotted to that account." msgstr "" #: ../../managing_networks.rst:4662 diff --git a/source/installguide/locale/pot/qig.pot b/source/installguide/locale/pot/qig.pot index d38faa0b42..8b94d471bd 100644 --- a/source/installguide/locale/pot/qig.pot +++ b/source/installguide/locale/pot/qig.pot @@ -442,12 +442,12 @@ msgstr "" #: ../../qig.rst:498 # 99f2fbc9c2454f3487ad43f84bb08a12 -msgid "In order to have live migration working libvirt has to listen for unsecured TCP connections. We also need to turn off libvirts attempt to use Multicast DNS advertising. Both of these settings are in /etc/libvirt/libvirtd.conf" +msgid "In order to have live migration working libvirt has to listen for insecured TCP connections. We also need to turn off libvirts attempt to use Multicast DNS advertising. Both of these settings are in /etc/libvirt/libvirtd.conf" msgstr "" #: ../../qig.rst:502 # 9fc492fb10044ee0844b1d25e91f50ee -msgid "Set the following paramaters:" +msgid "Set the following parameters:" msgstr "" #: ../../qig.rst:512 diff --git a/source/installguide/locale/zh_CN/LC_MESSAGES/building_from_source.po b/source/installguide/locale/zh_CN/LC_MESSAGES/building_from_source.po index 52332b3da0..f047dcc9b7 100644 --- a/source/installguide/locale/zh_CN/LC_MESSAGES/building_from_source.po +++ b/source/installguide/locale/zh_CN/LC_MESSAGES/building_from_source.po @@ -296,7 +296,7 @@ msgid "" "While we have defined, and you have presumably already installed the " "bootstrap prerequisites, there are a number of build time prerequisites that" " need to be resolved. CloudStack uses maven for dependency resolution. You " -"can resolve the buildtime depdencies for CloudStack by running:" +"can resolve the buildtime dependencies for CloudStack by running:" msgstr "虽然我们做了一些定义,并且可能已经安装了引导的前提条件,但仍有一些在编译时需要解决的先决条件。CloudStack使用Maven进行依赖性解析。您可以通过运行以下命令,来解决编译CloudStack时的依赖性:" # 7e08137b290649cda9b8e9b728ff33aa diff --git a/source/installguide/locale/zh_CN/LC_MESSAGES/configuration.po b/source/installguide/locale/zh_CN/LC_MESSAGES/configuration.po index eeba00e931..c9d8030831 100644 --- a/source/installguide/locale/zh_CN/LC_MESSAGES/configuration.po +++ b/source/installguide/locale/zh_CN/LC_MESSAGES/configuration.po @@ -2161,7 +2161,7 @@ msgstr "" # febca3ed36dc41f0bfe48a3170c1b282 #: ../../configuration.rst:1264 msgid "" -"The createStoragePool API has been augmented to support plugable storage " +"The createStoragePool API has been augmented to support pluggable storage " "providers. The following is a list of parameters to use when adding storage " "to CloudStack that is based on the SolidFire plug-in:" msgstr "创建存储池的API已经被扩展到支持插件式存储供应商。下面给出了当向基于SolidFire插件的CloudStack添加存储时可使用的参数列表。" diff --git a/source/installguide/locale/zh_CN/LC_MESSAGES/hypervisor/kvm.po b/source/installguide/locale/zh_CN/LC_MESSAGES/hypervisor/kvm.po index e9cf577e45..abbaebaf6d 100644 --- a/source/installguide/locale/zh_CN/LC_MESSAGES/hypervisor/kvm.po +++ b/source/installguide/locale/zh_CN/LC_MESSAGES/hypervisor/kvm.po @@ -95,7 +95,7 @@ msgstr "同一集群中主机必须使用相同版本的Linux系统。" # fc001eaf8fb842d7adbbf5bb977be8fd #: ../../hypervisor/kvm.rst:52 msgid "" -"All hosts within a cluster must be homogenous. The CPUs must be of the same " +"All hosts within a cluster must be homogeneous. The CPUs must be of the same " "type, count, and feature flags." msgstr "同一群集中的所有节点架构必须一致。CPU的型号、数量和功能参数必须相同。" @@ -383,7 +383,7 @@ msgstr "CloudStack使用libvirt管理虚拟机。因此正确地配置libvirt至 # ed8dd766459147cbb85ff50d90c4b80e #: ../../hypervisor/kvm.rst:243 msgid "" -"In order to have live migration working libvirt has to listen for unsecured " +"In order to have live migration working libvirt has to listen for insecured " "TCP connections. We also need to turn off libvirts attempt to use Multicast " "DNS advertising. Both of these settings are in " "``/etc/libvirt/libvirtd.conf``" @@ -862,7 +862,7 @@ msgstr "RHEL 及 CentOS使用iptables作为防火墙,执行以下iptables命 # f47cb1aac5b0422ea1409fd01b64e2db #: ../../hypervisor/kvm.rst:836 msgid "" -"These iptable settings are not persistent accross reboots, we have to save " +"These iptable settings are not persistent across reboots, we have to save " "them first." msgstr "这些iptables配置并不会持久保存,重启之后将会消失,我们必须手动保存这些配置。" diff --git a/source/installguide/locale/zh_CN/LC_MESSAGES/hypervisor/vsphere.po b/source/installguide/locale/zh_CN/LC_MESSAGES/hypervisor/vsphere.po index dd7d536ba0..314e650167 100644 --- a/source/installguide/locale/zh_CN/LC_MESSAGES/hypervisor/vsphere.po +++ b/source/installguide/locale/zh_CN/LC_MESSAGES/hypervisor/vsphere.po @@ -101,7 +101,7 @@ msgstr "所有主机必须为64位架构并且支持HVM(启用Intel-VT或AMD-V) # 0a5dabc432dc454396baf7e656897fe6 #: ../../hypervisor/vsphere.rst:66 msgid "" -"All hosts within a cluster must be homogenous. That means the CPUs must be " +"All hosts within a cluster must be homogeneous. That means the CPUs must be " "of the same type, count, and feature flags." msgstr "同一群集中的所有节点必须为同一架构。CPU型号、数量和功能参数必须相同。" @@ -203,7 +203,7 @@ msgstr "必须配置vCenter使用443端口与CloudStack管理服务器通讯。" # 311e91fb341e4d30a649ba13d80e2e72 #: ../../hypervisor/vsphere.rst:114 msgid "" -"You must re-install VMware ESXi if you are going to re-use a host from a " +"You must re-install VMware ESXi if you are going to reuse a host from a " "previous install." msgstr "如果你计划利用之前安装的主机,那么必须重新安装VMware ESXi。" @@ -1042,7 +1042,7 @@ msgstr "" msgid "" "**Management IP Address** This is the IP address of the VSM appliance. This " "is the IP address you specify in the virtual switch IP Address field while " -"configuting Nexus virtual switch." +"configuring Nexus virtual switch." msgstr "" # 26a1722f2c004284958a7d40035272d8 @@ -1050,7 +1050,7 @@ msgstr "" msgid "" "**SSL** Should be set to Enable.Always enable SSL. SSH is usually enabled by" " default during the VSM installation. However, check whether the SSH " -"connection to the VSM is working, without which CloudStack failes to connect" +"connection to the VSM is working, without which CloudStack fails to connect" " to the VSM." msgstr "" diff --git a/source/installguide/locale/zh_CN/LC_MESSAGES/hypervisor/xenserver.po b/source/installguide/locale/zh_CN/LC_MESSAGES/hypervisor/xenserver.po index 7d5f9dd94e..fab9ab1dfd 100644 --- a/source/installguide/locale/zh_CN/LC_MESSAGES/hypervisor/xenserver.po +++ b/source/installguide/locale/zh_CN/LC_MESSAGES/hypervisor/xenserver.po @@ -73,7 +73,7 @@ msgstr "XenServer 6.2.0" # 5dee06ed5f2f472f9e0979ddbb241a63 #: ../../hypervisor/xenserver.rst:40 msgid "" -"You must re-install Citrix XenServer if you are going to re-use a host from " +"You must re-install Citrix XenServer if you are going to reuse a host from " "a previous install." msgstr "如果你想使用以前装的某台主机,你必须重新安装Citrix XenServer." diff --git a/source/installguide/locale/zh_CN/LC_MESSAGES/hypervisor_installation.po b/source/installguide/locale/zh_CN/LC_MESSAGES/hypervisor_installation.po index f54b065bf3..19d7b91ffe 100644 --- a/source/installguide/locale/zh_CN/LC_MESSAGES/hypervisor_installation.po +++ b/source/installguide/locale/zh_CN/LC_MESSAGES/hypervisor_installation.po @@ -108,7 +108,7 @@ msgstr "同一集群中主机必须使用相同版本的Linux系统。" # e392215de57d4843958e657b3d6d64c7 #: ../../hypervisor_installation.rst:70 ../../hypervisor_installation.rst:3366 msgid "" -"All hosts within a cluster must be homogenous. The CPUs must be of the same " +"All hosts within a cluster must be homogeneous. The CPUs must be of the same " "type, count, and feature flags." msgstr "同一群集中的所有节点架构必须一致。CPU的型号、数量和功能参数必须相同。" @@ -473,7 +473,7 @@ msgstr "CloudStack使用libvirt管理虚拟机。因此正确地配置libvirt至 #: ../../hypervisor_installation.rst:303 #: ../../hypervisor_installation.rst:3539 msgid "" -"In order to have live migration working libvirt has to listen for unsecured " +"In order to have live migration working libvirt has to listen for insecured " "TCP connections. We also need to turn off libvirts attempt to use Multicast " "DNS advertising. Both of these settings are in " "``/etc/libvirt/libvirtd.conf``" @@ -1082,7 +1082,7 @@ msgstr "RHEL 及 CentOS使用iptables作为防火墙,执行以下iptables命 #: ../../hypervisor_installation.rst:903 #: ../../hypervisor_installation.rst:3983 msgid "" -"These iptable settings are not persistent accross reboots, we have to save " +"These iptable settings are not persistent across reboots, we have to save " "them first." msgstr "这些iptables配置并不会持久保存,重启之后将会消失,我们必须手动保存这些配置。" @@ -1382,7 +1382,7 @@ msgstr "XenServer 6.2.0" # 7f67c993b17a4b25a8b436331132a38b #: ../../hypervisor_installation.rst:1022 msgid "" -"You must re-install Citrix XenServer if you are going to re-use a host from " +"You must re-install Citrix XenServer if you are going to reuse a host from " "a previous install." msgstr "如果你想使用以前装的某台主机,你必须重新安装Citrix XenServer." @@ -3112,7 +3112,7 @@ msgstr "所有主机必须为64位架构并且支持HVM(启用Intel-VT或AMD-V) # 444698b909b14c1bafa79d28ca6d0e0c #: ../../hypervisor_installation.rst:2258 msgid "" -"All hosts within a cluster must be homogenous. That means the CPUs must be " +"All hosts within a cluster must be homogeneous. That means the CPUs must be " "of the same type, count, and feature flags." msgstr "同一群集中的所有节点必须为同一架构。CPU型号、数量和功能参数必须相同。" @@ -3184,7 +3184,7 @@ msgstr "必须配置vCenter使用443端口与CloudStack管理服务器通讯。" # fa50c73129ea428e839debdffdc10099 #: ../../hypervisor_installation.rst:2331 msgid "" -"You must re-install VMware ESXi if you are going to re-use a host from a " +"You must re-install VMware ESXi if you are going to reuse a host from a " "previous install." msgstr "如果你计划利用之前安装的主机,那么必须重新安装VMware ESXi。" @@ -4037,7 +4037,7 @@ msgstr "**管理 IP**" #: ../../hypervisor_installation.rst:2754 msgid "" "This is the IP address of the VSM appliance. This is the IP address you " -"specify in the virtual switch IP Address field while configuting Nexus " +"specify in the virtual switch IP Address field while configuring Nexus " "virtual switch." msgstr "VSM appliance的IP地址。 当配置Nexus虚拟交换机时在虚拟交换机的IP地址区域输入的IP地址。" @@ -4051,7 +4051,7 @@ msgstr "**SSL**" msgid "" "Should be set to Enable.Always enable SSL. SSH is usually enabled by default" " during the VSM installation. However, check whether the SSH connection to " -"the VSM is working, without which CloudStack failes to connect to the VSM." +"the VSM is working, without which CloudStack fails to connect to the VSM." msgstr "应该设置为启用。总是启用SSL。在VSM安装期间通常会启用SSH功能。尽管如此仍需检查是否能够使用SSH连接到VSM,如果不能无法连接,CloudStack到VSM的连接会失败。" # 747a5560bbed48598ec8fb9ad2739dde @@ -5144,7 +5144,7 @@ msgstr "CloudStack使用代理管理LXC实例。管理服务器与代理通信 # 6e8937e78ff6442db35604533d058b4a #: ../../hypervisor_installation.rst:3497 msgid "" -"Next step is to update the Agent configuration setttings. The settings are " +"Next step is to update the Agent configuration settings. The settings are " "in ``/etc/cloudstack/agent/agent.properties``" msgstr "接下来更新代理配置。在 ``/etc/cloudstack/agent/agent.properties`` 中配置" diff --git a/source/installguide/locale/zh_CN/LC_MESSAGES/managing_networks.po b/source/installguide/locale/zh_CN/LC_MESSAGES/managing_networks.po index 6bd38dd619..c32580f711 100644 --- a/source/installguide/locale/zh_CN/LC_MESSAGES/managing_networks.po +++ b/source/installguide/locale/zh_CN/LC_MESSAGES/managing_networks.po @@ -1044,7 +1044,7 @@ msgstr "指定一个有效的客户虚拟机CIDR。只有不活动的IP在客户 # 191010bd30424f3aa12cf309a48dcfc4 #: ../../managing_networks.rst:638 msgid "" -"You cannot apply IP Reservation if any VM is alloted with an IP address that" +"You cannot apply IP Reservation if any VM is allotted with an IP address that" " is outside the Guest VM CIDR." msgstr "如果任一虚拟机被分配了客户虚拟机CIDR之外的IP地址时,IP预留将不能应用。" @@ -6365,7 +6365,7 @@ msgstr "主要的优势为:" #: ../../managing_networks.rst:4657 msgid "" "The administrator can deploy a set of VLANs and allow users to deploy VMs on" -" these VLANs. A guest VLAN is randomly alloted to an account from a pre-" +" these VLANs. A guest VLAN is randomly allotted to an account from a pre-" "specified set of guest VLANs. All the VMs of a certain tier of an account " "reside on the guest VLAN allotted to that account." msgstr "管理可以部署一个vlans集,同时运行用户部署虚拟机在这些vlan上。从预先指定的vlan集中随机的为租户分配一个来宾vlan.租户处于同一层的所有vm处于分配给这个租户的来宾vlan." diff --git a/source/installguide/locale/zh_CN/LC_MESSAGES/qig.po b/source/installguide/locale/zh_CN/LC_MESSAGES/qig.po index 5289ea229d..74d85d4c20 100644 --- a/source/installguide/locale/zh_CN/LC_MESSAGES/qig.po +++ b/source/installguide/locale/zh_CN/LC_MESSAGES/qig.po @@ -588,14 +588,14 @@ msgstr "CloudStack使用libvirt管理虚拟机。因此正确的配置libvirt至 # 99f2fbc9c2454f3487ad43f84bb08a12 #: ../../qig.rst:498 msgid "" -"In order to have live migration working libvirt has to listen for unsecured " +"In order to have live migration working libvirt has to listen for insecured " "TCP connections. We also need to turn off libvirts attempt to use Multicast " "DNS advertising. Both of these settings are in /etc/libvirt/libvirtd.conf" msgstr "为了实现动态迁移,libvirt需要监听使用非加密的TCP连接。还需要关闭libvirts尝试使用组播DNS进行广播。这些都是在 /etc/libvirt/libvirtd.conf文件中进行配置。" # 9fc492fb10044ee0844b1d25e91f50ee #: ../../qig.rst:502 -msgid "Set the following paramaters:" +msgid "Set the following parameters:" msgstr "设置下列参数:" # 95403c520e0647c88d0026cb30086615 diff --git a/source/installguide/management-server/_database.rst b/source/installguide/management-server/_database.rst index 004d25b0a4..c1eec4ef37 100644 --- a/source/installguide/management-server/_database.rst +++ b/source/installguide/management-server/_database.rst @@ -22,7 +22,7 @@ node, you can install the MySQL server locally. For an installation that has multiple management server nodes, we assume the MySQL database also runs on a separate node. -CloudStack has been tested with MySQL 5.1 and 5.5. These versions are +CloudStack has been tested with MySQL 8.0. These versions are included in RHEL/CentOS and Ubuntu. @@ -64,20 +64,20 @@ MySQL. See :ref:`install-database-on-separate-node`. innodb_rollback_on_timeout=1 innodb_lock_wait_timeout=600 max_connections=350 - log-bin=mysql-bin - binlog-format = 'ROW' + log_bin=mysql-bin + binlog_format=ROW .. note:: - For Ubuntu 16.04 and later, make sure you specify a ``server-id`` in your ``.cnf`` file for binary logging. Set the ``server-id`` according to your database setup. + For Ubuntu 16.04 and later, make sure you specify a ``server_id`` in your ``/etc/mysql/mysql.conf.d/mysqld.cnf`` file for binary logging. Set the ``server_id`` according to your database setup. .. parsed-literal:: - server-id=source-01 + server_id=source-01 innodb_rollback_on_timeout=1 innodb_lock_wait_timeout=600 max_connections=350 - log-bin=mysql-bin - binlog-format = 'ROW' + log_bin=mysql-bin + binlog_format=ROW .. note:: You can also create a file ``/etc/mysql/conf.d/cloudstack.cnf`` @@ -197,6 +197,11 @@ MySQL. See :ref:`install-database-on-separate-node`. the root User is deploying the database and creating the "cloud" User. + - Since 4.21, the databases (cloud, cloud_usage) are only created if they + do not exist. This behavior prevents accidental recreation of existing + databases. The databases recreation can still be invoked by passing the + --force-recreate flag. + - (Optional) There is an option to bypass the creating of the databases, User and granting permissions to the user. This is useful if you don't want to expose your root credentials but still want the database to @@ -228,6 +233,10 @@ MySQL. See :ref:`install-database-on-separate-node`. GRANT process ON *.* TO cloud@`localhost`; GRANT process ON *.* TO cloud@`%`; + .. note:: + Since 4.21, it is required to pass the --force-recreate flag for + databases recreation. + - (Optional) For encryption\_type, use file or web to indicate the technique used to pass in the database encryption password. Default: file. See :ref:`about-password-key-encryption`. @@ -277,6 +286,20 @@ MySQL. See :ref:`install-database-on-separate-node`. done.” If the servlet container is Tomcat7 the argument --tomcat7 must be used. + .. note:: + Since 4.23.0, the ``cloudstack-setup-management`` command can download + System VM templates on demand when they are not present. + + Use the ``--systemvm-templates`` argument to specify which templates to + download. Valid values are ``all``, ``kvm-aarch64``, ``kvm-x86_64``, + ``xenserver``, and ``vmware``. A comma-separated list combining any of + these identifiers can also be supplied (for example + ``kvm-x86_64,xenserver``). If not specified, ``kvm-x86_64`` template + will be downloaded by default. + + For offline environments, provide a custom repository URL with the + ``--systemvm-templates-repository`` argument so the installer can fetch + templates from an internal mirror. .. _install-database-on-separate-node: @@ -328,9 +351,9 @@ same node for MySQL. See `“Install the Database on the Management Server Node innodb_rollback_on_timeout=1 innodb_lock_wait_timeout=600 max_connections=700 - log-bin=mysql-bin - binlog-format = 'ROW' - bind-address = 0.0.0.0 + log_bin=mysql-bin + binlog_format=ROW + bind-address=0.0.0.0 #. Start or restart MySQL to put the new configuration into effect. @@ -434,7 +457,7 @@ The following command creates the cloud user on the database. want to expose your root credentials but still want the database to be prepared for first start up. These skipped steps will have had to be done manually prior to executing this script. This behaviour can be - envoked by passing the --schema-only flag. This flag conflicts with the + invoked by passing the --schema-only flag. This flag conflicts with the --deploy-as flag so the two cannot be used together. To set up the databases and user manually before executing the script with the flag, these commands can be executed: @@ -509,4 +532,18 @@ The following command creates the cloud user on the database. so ensure that the firewalld is disabled or ensure the correct firewalld rules are in place to allow traffic to ports 8080, 8250 and 9090 to the management server. + .. note:: + Since 4.23.0, the ``cloudstack-setup-management`` command can download + System VM templates on demand when they are not present. + + Use the ``--systemvm-templates`` argument to specify which templates to + download. Valid values are ``all``, ``kvm-aarch64``, ``kvm-x86_64``, + ``xenserver``, and ``vmware``. A comma-separated list combining any of + these identifiers can also be supplied (for example + ``kvm-x86_64,xenserver``). If not specified, ``kvm-x86_64`` template + will be downloaded by default. + + For offline environments, provide a custom repository URL with the + ``--systemvm-templates-repository`` argument so the installer can fetch + templates from an internal mirror. diff --git a/source/installguide/management-server/_nfs.rst b/source/installguide/management-server/_nfs.rst index 4ec71caa14..f3ca1d899a 100644 --- a/source/installguide/management-server/_nfs.rst +++ b/source/installguide/management-server/_nfs.rst @@ -54,7 +54,7 @@ from the Management Server. The exact commands for the following steps may vary depending on your operating system version. -The following steps asume you already have an NFS Server installed on your storage +The following steps assume you already have an NFS Server installed on your storage system. Please refer to the guide of your OS on how to install a NFS Server. .. warning:: @@ -253,8 +253,8 @@ operating system version. .. parsed-literal:: mkdir /primary - mount -t nfs :/export/primary + mount -t nfs :/export/primary /primary umount /primary mkdir /secondary - mount -t nfs :/export/secondary + mount -t nfs :/export/secondary /secondary umount /secondary diff --git a/source/installguide/management-server/_pkg_install.rst b/source/installguide/management-server/_pkg_install.rst index ad8aed59cd..716dda5b58 100644 --- a/source/installguide/management-server/_pkg_install.rst +++ b/source/installguide/management-server/_pkg_install.rst @@ -46,8 +46,8 @@ Install on SUSE zypper install cloudstack-management -Install on Ubuntu -^^^^^^^^^^^^^^^^^ +Install on Ubuntu/Debian +^^^^^^^^^^^^^^^^^^^^^^^^ .. parsed-literal:: diff --git a/source/installguide/management-server/_pkg_repo.rst b/source/installguide/management-server/_pkg_repo.rst index 9ef80c3548..bc07f7973b 100644 --- a/source/installguide/management-server/_pkg_repo.rst +++ b/source/installguide/management-server/_pkg_repo.rst @@ -88,18 +88,21 @@ Now you should now be able to install CloudStack using zypper. DEB package repository ~~~~~~~~~~~~~~~~~~~~~~ +In Ubuntu: + You can add a DEB package repository to your apt sources with the following commands. Replace the code name with your Ubuntu LTS version : -Ubuntu 16.04 (Xenial), Ubuntu 18.04 (Bionic) and Ubuntu 20.04 (Focal) . -Ubuntu 14.04 (Trusty) is no longer supported. +Ubuntu 22.04 (Jammy), and Ubuntu 24.04 (Noble). +Ubuntu 12.04 (Precise), Ubuntu 14.04 (Trusty), Ubuntu 16.04 (Xenial), Ubuntu 18.04 (Bionic), +and Ubuntu 20.04 (Focal) are no longer supported. Use your preferred editor and open (or create) ``/etc/apt/sources.list.d/cloudstack.list``. Add the community provided -repository to the file (replace "trusty" with "xenial" or "bionic" if it is the case): +repository to the file (replace "noble" with "jammy" or "focal" or "bionic" if it is the case): .. parsed-literal:: - deb https://download.cloudstack.org/ubuntu focal |version| + deb https://download.cloudstack.org/ubuntu noble |version| We now have to add the public key to the trusted keys. @@ -115,4 +118,31 @@ Now update your local apt cache. Your DEB package repository should now be configured and ready for use. +In Debian: + +You can also install CloudStack on Debian systems using APT in the same way +as on Ubuntu. Replace the Debian release codename (for example, "bookworm" +for Debian 12) as appropriate. + +Use your preferred editor and open (or create) +``/etc/apt/sources.list.d/cloudstack.list``. Add the community provided +repository to the file (replace "bookworm" with the codename of Debian release if it is the case): + +.. parsed-literal:: + + deb https://download.cloudstack.org/debian bookworm |version| + +We now have to add the public key to the trusted keys. + +.. parsed-literal:: + + wget -O - https://download.cloudstack.org/release.asc |sudo tee /etc/apt/trusted.gpg.d/cloudstack.asc + +Now update your local apt cache. + +.. parsed-literal:: + + sudo apt update + +Your DEB package repository should now be configured and ready for use. diff --git a/source/installguide/optional_installation.rst b/source/installguide/optional_installation.rst index 9496bd245a..d9dee1b85f 100644 --- a/source/installguide/optional_installation.rst +++ b/source/installguide/optional_installation.rst @@ -48,7 +48,7 @@ Steps to Install the Usage Server ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #. Package repository should already being configured. Refer to - `Configure Package Repository `_ + `Configure Package Repository <../installguide/management-server/_pkg_repo.html#configure-package-repository>`_ #. Install package cloudstack-usage @@ -114,6 +114,39 @@ For storing certificates, admins can create and configure a java keystore file and configure the same in the server.properties file as illustrated above. +Health Checks and Monitoring (Optional) +--------------------------------------- + +CloudStack has a plugin for exporting metrics in the format that Prometheus can consume. +This is done by enabling the following configuration parameters in the Global Settings. + + .. parsed-literal:: + + # cloudmonkey update configuration name=prometheus.exporter.enable value=true + # cloudmonkey update configuration name=prometheus.exporter.port value=9595 + # cloudmonkey update configuration name=prometheus.exporter.allowed.ips value="127.0.0.1,192.168.0.10" + +.. note:: + These settings are available to be configured via the CloudStack UI as well. + CloudStack Management needs to be restarted for the changes to take effect. + Replace the mock IP address 192.168.0.10 with the actual IP address of the Prometheus server. + +.. warning:: + A list of addresses can be provided as a comma separated list. It does NOT accept CIDR notation. + +Then, configure prometheus to start pulling metrics by adding the following configuration to ``/etc/prometheus/prometheus.yml``. + + .. parsed-literal:: + + - job_name: 'management' + static_configs: + - targets: ['192.168.0.20:9595'] + +.. note:: + Replace the mock IP address 192.168.0.20 with the actual IP address of the Management server. + Public dashboards are available in the Grafana repository for visualizing CloudStack Management metrics. + + Database Replication (Optional) ------------------------------- @@ -507,7 +540,7 @@ differences between the CloudStack and Amazon EC2 versions, and these differences are noted. The underlying SOAP call for each command is also given, for those who have built tools using those calls. -Table 1. Elastic IP API mapping +Table 1. Elastic IP API mapping .. cssclass:: table-striped table-bordered table-hover @@ -527,7 +560,7 @@ Table 1. Elastic IP API mapping | -Table 2. Availability Zone API mapping +Table 2. Availability Zone API mapping .. cssclass:: table-striped table-bordered table-hover @@ -539,7 +572,7 @@ Table 2. Availability Zone API mapping | -Table 3. Images API mapping +Table 3. Images API mapping .. cssclass:: table-striped table-bordered table-hover @@ -557,7 +590,7 @@ Table 3. Images API mapping | -Table 4. Image Attributes API mapping +Table 4. Image Attributes API mapping .. cssclass:: table-striped table-bordered table-hover @@ -573,7 +606,7 @@ Table 4. Image Attributes API mapping | -Table 5. Instances API mapping +Table 5. Instances API mapping .. cssclass:: table-striped table-bordered table-hover @@ -595,7 +628,7 @@ Table 5. Instances API mapping | -Table 6. Instance Attributes Mapping +Table 6. Instance Attributes Mapping .. cssclass:: table-striped table-bordered table-hover @@ -607,7 +640,7 @@ Table 6. Instance Attributes Mapping | -Table 7. Keys Pairs Mapping +Table 7. Keys Pairs Mapping .. cssclass:: table-striped table-bordered table-hover @@ -625,7 +658,7 @@ Table 7. Keys Pairs Mapping | -Table 8. Passwords API Mapping +Table 8. Passwords API Mapping .. cssclass:: table-striped table-bordered table-hover @@ -637,7 +670,7 @@ Table 8. Passwords API Mapping | -Table 9. Security Groups API Mapping +Table 9. Security Groups API Mapping .. cssclass:: table-striped table-bordered table-hover @@ -657,7 +690,7 @@ Table 9. Security Groups API Mapping | -Table 10. Snapshots API Mapping +Table 10. Snapshots API Mapping .. cssclass:: table-striped table-bordered table-hover @@ -673,7 +706,7 @@ Table 10. Snapshots API Mapping | -Table 11. Volumes API Mapping +Table 11. Volumes API Mapping .. cssclass:: table-striped table-bordered table-hover @@ -713,7 +746,7 @@ AWS API Interface. First is an EC2 example. Replace the Access and Secret Keys with your own and update the endpoint. -Example 1. An EC2 Boto example +Example 1. An EC2 Boto example .. sourcecode:: python @@ -753,7 +786,7 @@ Example 1. An EC2 Boto example Second is an S3 example. The S3 interface in CloudStack is obsolete. If you need an S3 interface you should look at systems like RiakCS, Ceph or GlusterFS. This example is here for completeness and can be adapted to other S3 endpoint. -Example 2. An S3 Boto Example +Example 2. An S3 Boto Example .. sourcecode:: python diff --git a/source/plugins/cloudian-connector.rst b/source/plugins/cloudian-connector.rst index 83d25fbaa5..bfe1db3571 100644 --- a/source/plugins/cloudian-connector.rst +++ b/source/plugins/cloudian-connector.rst @@ -29,7 +29,7 @@ their own S3 storage areas. Compatibility ~~~~~~~~~~~~~ -The following table shows the compatiblity of Cloudian Connector with CloudStack. +The following table shows the compatibility of Cloudian Connector with CloudStack. .. cssclass:: table-striped table-bordered table-hover @@ -156,7 +156,15 @@ Cloudian ships with SSO disabled by default. You will need to enable it on each CMC server. Additionally, you will need to choose a unique SSO shared key that you will also configure in the CloudStack connector further below. -Edit Puppet config to enable SSO on all CMC servers: +HyperStore 8+ instructions to enable SSO on all CMC servers: + + :: + + # hsctl config set cmc.sso.enabled=true + # hsctl config set cmc.sso.sharedKey=YourSecretKeyHere + # hsctl config apply cmc + +Older HyperStore versions use Puppet. Edit Puppet config to enable SSO on all CMC servers: :: diff --git a/source/plugins/cloudstack-csi-driver.rst b/source/plugins/cloudstack-csi-driver.rst new file mode 100644 index 0000000000..25f1cd9b58 --- /dev/null +++ b/source/plugins/cloudstack-csi-driver.rst @@ -0,0 +1,57 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +CloudStack CSI Driver +======================= + +CloudStack Container Storage Interface (CSI) plugin enables Kubernetes clusters running on Apache CloudStack to dynamically provision, manage, and use CloudStack storage volumes + +Features +-------- + +- Automatic provisioning: Create persistent volumes on-demand from Kubernetes PVCs +- No manual intervention: Eliminates need to manually create CloudStack volumes +- Kubernetes-native: Uses standard Kubernetes storage classes and PVC workflows + +Advanced Storage Features +------------------------- +- Volume snapshots: Backup and restore capabilities +- Dynamic expansion: Grow volumes without downtime or data migration +- Flexible reclaim policies: Choose between automatic cleanup or data retention + +Core Components +----------------- +- CSI Controller: Manages volume lifecycle, snapshots, and CloudStack API interactions +- CSI Node Driver: Handles volume mounting and unmounting on worker nodes +- Storage Class Syncer: Automatically syncs CloudStack disk offerings to Kubernetes storage classes + +CSI integration with CKS +~~~~~~~~~~~~~~~~~~~~~~~~~~ +From 4.22.0, CloudStack Kubernetes Service provides CSI integration that allows dynamic provisioning of CloudStack volumes for Kubernetes pods running on CKS clusters. +To enable CSI integration, the CKS data ISOs must have the CSI manifests. Rebuilding the CKS data ISOs using the `create-kubernetes-binaries-iso.sh` script will build ISOs with CSI manifests and images. Pre-built ISOs for Kubernetes versions 1.31.1, 1.32.5 and 1.33.1 are available at https://download.cloudstack.org/cks/ + +|cks-csi-integration.png| + +Enabling CSI integration for a CKS cluster can be done by selecting the `Enable CSI Integration` checkbox in the Advanced Settings section of the Kubernetes cluster creation form. +Doing so will setup the CSI components - the CSI controller and the CSI node daemonset - on the cluster during its creation. + +|cks-csi-pods.png| + +Further details about using CSI with CKS can be found at: https://github.com/cloudstack/cloudstack-csi-driver/blob/main/README.md + +.. |cks-csi-integration.png| image:: /_static/images/cks-csi-integration.png + :alt: Integration of CSI with CKS. +.. |cks-csi-pods.png| image:: /_static/images/cks-csi-pods.png + :alt: CSI Pods. \ No newline at end of file diff --git a/source/plugins/cloudstack-kubernetes-provider.rst b/source/plugins/cloudstack-kubernetes-provider.rst index f093dee6a1..d8a568f215 100644 --- a/source/plugins/cloudstack-kubernetes-provider.rst +++ b/source/plugins/cloudstack-kubernetes-provider.rst @@ -34,7 +34,7 @@ The Prebuilt containers are available on `Docker Hub 443/TCP 5d1h + nginx-deployment2 NodePort 10.103.111.85 80:32014/TCP 4s + + 2. Navigate to network and acquire a public IP. + + |cks-acquire-publicip.png| + + 3. Add a firewall rule on port 80 on the public IP address + + |cks-addfirewall.png| + + 4. Add a loadbalancer rule mentioning the private node port and add the corresponding kubernetes worker node. + + |cks-addloadbalancer.png| + + |cks-addnode.png| + .. |ckp-ip.png| image:: /_static/images/ckp-ip.png .. |ckp-ip-fw.png| image:: /_static/images/ckp-ip-fw.png .. |ckp-ip-lb.png| image:: /_static/images/ckp-ip-lb.png +.. |cks-acquire-publicip.png| image:: /_static/images/cks-acquire-publicip.png +.. |cks-addfirewall.png| image:: /_static/images/cks-addfirewall.png +.. |cks-addloadbalancer.png| image:: /_static/images/cks-addloadbalancer.png +.. |cks-addnode.png| image:: /_static/images/cks-addnode.png \ No newline at end of file diff --git a/source/plugins/cloudstack-kubernetes-service.rst b/source/plugins/cloudstack-kubernetes-service.rst index 70f394d515..12921f30f2 100644 --- a/source/plugins/cloudstack-kubernetes-service.rst +++ b/source/plugins/cloudstack-kubernetes-service.rst @@ -13,11 +13,21 @@ CloudStack Kubernetes Service ============================== -The Kubernetes Service plugin adds Kubernetes integration to CloudStack. The plugin is disabled by default and an admin can enable it using a Global Setting. It enables users to run containerized services using Kubernetes clusters. +The Kubernetes Service plugin adds Kubernetes integration to CloudStack. The plugin is disabled by default and an admin can enable it using a Global Setting. It enables users to run containerized services using Kubernetes clusters. Also the global setting "endpoint.url" needs to be set to the CloudStack management server ip example (http://management-server-ip:8080/client/api) -With CoreOS having reached EOL, from 4.16 the Kubernetes Service Plugin will use the existing SystemVM Template for deploying kubernetes clusters. For installation of Kubernetes binaries on the cluster nodes, a binaries ISO is used for each Kubernetes version to be made available via CloudStack. This allows faster, offline installation of Kubernetes binaries and docker images along with support for adding multiple versions of Kubernetes for upgrades and running different clusters. +The Kubernetes Service plugin will use the existing SystemVM Template by default for deploying Kubernetes clusters. For +installation of Kubernetes binaries on the cluster nodes, a binaries ISO is used for each +Kubernetes version to be made available via CloudStack. This allows faster, offline +installation of Kubernetes binaries and docker images along with support for adding +multiple versions of Kubernetes for upgrades and running different clusters. -For deployment and setup of Kubernetes on cluster nodes, the plugin uses the Kubernetes tool, 'kubeadm'. kubeadm is the command-line tool for easily provisioning a secure Kubernetes cluster on top of physical or cloud servers or Instances. Under the hood, control node(s) of the cluster starts a Kubernetes cluster using kubeadm init command with a custom token, and worker nodes join this Kubernetes cluster using kubeadm join command with the same token. More about kubeadm here: https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm/. Weave Net CNI provider plugin is used for cluster networking. More about Weave Net provide plugin here: https://www.weave.works/docs/net/latest/kubernetes/kube-addon/. +.. note:: + From version 4.21.0, users can choose different templates and service offerings for different types of nodes (worker, control, etcd nodes) for deploying Kubernetes clusters. The templates must be previously registered selecting the 'For CKS' option. + See :ref:`flexible-kubernetes-clusters`. + +For deployment and setup of Kubernetes on cluster nodes, the plugin uses the Kubernetes tool, 'kubeadm'. kubeadm is the command-line tool for easily provisioning a secure Kubernetes cluster on top of physical or cloud servers or Instances. Under the hood, control node(s) of the cluster starts a Kubernetes cluster using kubeadm init command with a custom token, and worker nodes join this Kubernetes cluster using kubeadm join command with the same token. More about kubeadm here: https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm/. + +Calico CNI provider plugin is used for cluster networking supported from ACS 4.21 onwards. More about Calico CNI plugin here: https://docs.projectcalico.org/getting-started/kubernetes/. To access the Kubernetes dashboard securely, the plugin provides access to kubeconfig file data which uses the Kubernetes tool kubectl to run a local proxy and thereby access the dashboard. More about kubectl here: https://kubernetes.io/docs/reference/kubectl/overview/ @@ -45,6 +55,8 @@ Once the Kubernetes service is running the new APIs will become accessible and t **NOTE:** From ACS 4.16 onwards, if a CKS cluster is to be deployed on VMware, the 'vmware.create.full.clone' configuration parameter will need to be set to true, so as to allow resizing of root volumes of the cluster nodes. +.. _kubernetes-supported-versions: + Kubernetes Supported Versions ------------------------------ @@ -61,26 +73,43 @@ Eg: To generate the latest kubernetes iso .. parsed-literal:: - 1.27.2, kubernetes version, see https://github.com/kubernetes/kubernetes/releases - 1.3.0, CNI version, see https://github.com/containernetworking/plugins/releases - 1.27.0, cri-tools version, see https://github.com/kubernetes-sigs/cri-tools/releases - 1.11, weave addon for kubernetes, see https://github.com/weaveworks/weave/tree/master/prog/weave-kube + 1.33.1, kubernetes version, see https://github.com/kubernetes/kubernetes/releases + 1.7.1, CNI version, see https://github.com/containernetworking/plugins/releases + 1.33.0, cri-tools version, see https://github.com/kubernetes-sigs/cri-tools/releases + 3.30.0, calico addon for kubernetes, see https://raw.githubusercontent.com/projectcalico/calico/v3.30.0/manifests/calico.yaml 2.7.0, kubernetes dashboard version, see https://github.com/kubernetes/dashboard/release Usage: .. parsed-literal:: - # ./create-kubernetes-binaries-iso.sh OUTPUT_PATH KUBERNETES_VERSION CNI_VERSION CRICTL_VERSION WEAVENET_NETWORK_YAML_CONFIG DASHBOARD_YAML_CONFIG [OPTIONAL_OUTPUT_FILENAME] + # ./create-kubernetes-binaries-iso.sh OUTPUT_PATH KUBERNETES_VERSION CNI_VERSION CRICTL_VERSION CALICO_NETWORK_YAML_CONFIG DASHBOARD_YAML_CONFIG [OPTIONAL_OUTPUT_FILENAME] [OPTIONAL_ETCD_VERSION] + + -Eg: +Eg: To generate the kubernetes iso with calico cni plugin .. parsed-literal:: + + # ./create-kubernetes-binaries-iso.sh ./ 1.33.1 1.7.1 1.33.0 https://raw.githubusercontent.com/projectcalico/calico/v3.30.0/manifests/calico.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml setup-v1.33.1-calico - # ./create-kubernetes-binaries-iso.sh ./ 1.27.2 1.3.0 1.27.0 https://raw.githubusercontent.com/weaveworks/weave/master/prog/weave-kube/weave-daemonset-k8s-1.11.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml setup-v1.27.2 +Eg: To generate the kubernetes iso with calico cni plugin for ARM64 architecture add aarch64 as the last parameter. + +.. parsed-literal:: + + # ./create-kubernetes-binaries-iso.sh ./ 1.33.1 1.7.1 1.33.0 https://raw.githubusercontent.com/projectcalico/calico/v3.30.0/manifests/calico.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml aarch64 setup-v1.33.1-calico-arm64 **NOTE:** -From ACS 4.16 onwards, Kubernetes versions >= 1.20.x are only supported (https://endoflife.date/kubernetes). +From ACS 4.21 onwards, it is possible to specify the version for etcd binaries in the create-kubernetes-binaries-iso.sh script as an optional parameter - ETCD_VERSION. When the ETCD_VERSION parameter is set, the specified etcd version binaries are downloaded and stored in the Kubernetes ISO. + +Example for etcd version 3.5.1: + +.. parsed-literal:: + + # ./create-kubernetes-binaries-iso.sh ./ 1.33.1 1.7.1 1.33.0 https://raw.githubusercontent.com/projectcalico/calico/v3.30.0/manifests/calico.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml setup-v1.33.1-calico-etcd 3.5.1 + +To deploy Kubernetes clusters with +Kubernetes ISOs built with a specified etcd version are necessary for creating Kubernetes clusters with separate etcd nodes. See :ref:`flexible-kubernetes-clusters`. Working with Kubernetes supported version ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -92,6 +121,10 @@ Once the ISO has been built for a desired Kubernetes version, it can be added by |cks-add-version-form.png| +.. note:: + From 4.21.0, it is possible to deploy separate dedicated etcd nodes. This requires + the Kubernetes ISO contains the etcd binaries. + addKubernetesSupportedVersion API can be used by an admin to add a new supported version for the service. It takes following input parameters: - **name** (the name of the Kubernetes supported version) · semanticversion (the semantic version of the Kubernetes release in MAJOR.MINOR.PATCH format. More about semantic versioning here: https://semver.org/ Required) @@ -104,15 +137,15 @@ addKubernetesSupportedVersion API can be used by an admin to add a new supported For example: .. parsed-literal:: - > add kubernetessupportedversion name=v1.13.2 semanticversion=1.13.2 url=http://172.20.0.1/files/setup-1.13.2.iso zoneid=34d23dd5-5ced-4e8b-9b0a-835a0b8ae2a6 mincpunumber=2 minmemory=2048 + > add kubernetessupportedversion name=v1.33.1 semanticversion=1.33.1 url=http://172.20.0.1/files/setup-1.33.1.iso zoneid=34d23dd5-5ced-4e8b-9b0a-835a0b8ae2a6 mincpunumber=2 minmemory=2048 { "kubernetessupportedversion": { "id": "6668e999-fe6c-4a91-88d8-d10bcf280d02", "isoid": "78d45e9b-a482-46f4-8cbc-cf7964564b85", - "isoname": "v1.13.2-Kubernetes-Binaries-ISO", + "isoname": "v1.33.1-Kubernetes-Binaries-ISO", "isostate": "Active", - "semanticversion": "1.13.2", - "name": "v1.13.2", + "semanticversion": "1.33.1", + "name": "v1.33.1", "supportsha": false, "zoneid": "34d23dd5-5ced-4e8b-9b0a-835a0b8ae2a6", "zonename": "KVM-advzone1" @@ -121,7 +154,7 @@ For example: } } -The minimum Kubernetes version that can be added in the service is 1.11. At present, v1.17 and above might not work due to their incompatibility with weave-net plugin. + Listing supported Kubernetes versions ###################################### @@ -194,6 +227,17 @@ New Kubernetes clusters can be created using the API or via the UI. User will be |cks-create-cluster-form.png| +From 4.21.0, you can select the hypervisor type for Kubernetes cluster nodes. By default, no hypervisor is selected. + +From 4.21.0, users will be provided with an optional section displayed on toggling the 'Show Advanced Settings' button. In this section, users can select templates and service offerings for: +- Worker nodes +- Control nodes +- Etcd nodes (if etcd node count >= 1; By default etcd node count is 0) + +For more information about the Advanced Settings see :ref:`flexible-kubernetes-clusters`. + +|cks-create-cluster-additional-settings.png| + createKubernetesCluster API can be used to create new Kubernetes cluster. It takes following parameters as input, - **name** (name for the Kubernetes cluster; Required) @@ -215,6 +259,13 @@ createKubernetesCluster API can be used to create new Kubernetes cluster. It tak - **dockerregistrypassword** (password for the docker image private registry; Experimental) - **dockerregistryurl** (URL for the docker image private registry; Experimental) - **dockerregistryemail** (email of the docker image private registry user; Experimental) +- **hypervisor** (an optional parameter to specify the hypervisor on which the Kubernetes cluster will be deployed) +- **nodeofferings** (an optional map parameter to set the service offerings for worker, control or etcd nodes. If this parameter is not set, then every VM in the cluster will be deployed using the default service offering set on the serviceofferingid parameter) +- **etcdnodes** (An optional integer parameter that specifies the number of etcd nodes in the cluster. The default value is 0. If set to a value greater than 0, dedicated etcd nodes are created separately from the master nodes.) +- **nodetemplates**: (an optional map parameter to set the template to be used by worker, control or etcd nodes. If not set, then every VM in the cluster will be deployed using the System VM template) +- **asnumber** (an optional parameter to set the AS Number of the Kubernetes cluster network) +- **cniconfigurationid** (an optional parameter to set the UUID of a registered CNI configuration) +- **cniconfigdetails** (an optional parameter to specify the parameters values for the variables defined in the CNI configuration) For example: @@ -228,7 +279,7 @@ For example: "endpoint": "https://172.20.20.12:6443/", "id": "74e3cc02-bbf7-438f-bfb0-9c193e90c1fb", "kubernetesversionid": "6668e999-fe6c-4a91-88d8-d10bcf280d02", - "kubernetesversionname": "v1.13.2", + "kubernetesversionname": "v1.33.1", "controlnodes": 1, "memory": "4096", "name": "Test", @@ -253,7 +304,7 @@ On successful creation, the new cluster will automatically be started and will s .. note:: - A minimum of 2 cores of CPU and 2GB of RAM is needed for deployment. Therefore, the serviceofferingid parameter of createKubernetesCluster API must be provided with the ID of such compute offerings that conform to these requirements. - - Private docker registry related parameters of createKubenetesCluster API (dockerregistryusername, dockerregistryusername, dockerregistryurl, dockerregistryemail) provides experimental functionality. To use them during cluster deployment value for global setting, cloud.kubernetes.cluster.experimental.features.enabled, must be set to true by admin beforehand. + - Private docker registry related parameters of createKubernetesCluster API (dockerregistryusername, dockerregistryusername, dockerregistryurl, dockerregistryemail) provides experimental functionality. To use them during cluster deployment value for global setting, cloud.kubernetes.cluster.experimental.features.enabled, must be set to true by admin beforehand. Listing Kubernetes clusters ############################ @@ -293,7 +344,7 @@ scaleKubernetesCluster API can be used to scale a running (or stopped cluster) t - **serviceofferingid** (the ID of the new service offering for the Instances in the cluster) - **size** (number of Kubernetes cluster worker nodes) -Only running Kubernetes clusters can be scaled in size. When the service fails to scale the cluster, the cluster will show in Alert state else if the scaling is successfull cluster will show up in Running state. +Only running Kubernetes clusters can be scaled in size. When the service fails to scale the cluster, the cluster will show in Alert state else if the scaling is successful cluster will show up in Running state. .. note:: - Only up scaling is supported while scaling clusters for service offering. @@ -340,6 +391,53 @@ The service provides functionality to access kubeconfig file for a running Kuber getKubernetesClusterConfig API can be used to retrieve kubeconfig file data for a cluster. It takes id of the cluster as the input parameter. +Note: The User Data and Metadata of the underlying host can be accessed by the container running on the CKS cluster. If you want prevent the access follow the below steps + +.. parsed-literal:: + + - The User Data and Metadata of the underlying worker-nodes can be accessed by the containers running on the CKS cluster + + For example: Deploy a container on a CKS cluster + + kubectl exec -it -- /bin/sh + + curl http://data-server/latest/meta-data/ + service-offering + availability-zone + local-ipv4 + local-hostname + public-ipv4 + public-hostname + instance-id + vm-id + public-keys + cloud-identifier + hypervisor-host-name + + curl http://data-server/latest/user-data/ + + + - If you want to prevent the access of User Data and Metadata from the containers running on CKS cluster, Execute the following yaml + + kubectl apply -f deny-meta-data.yaml + + apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: deny-metadata-access + spec: + podSelector: {} + policyTypes: + - Egress + egress: + - to: + - ipBlock: + cidr: 169.254.188.68/32 + ports: + - protocol: TCP + port: 80 + + Kubernetes cluster web dashboard ################################# @@ -384,6 +482,13 @@ Kubernetes compatibility Matrix +--------------+---------------------------------+-----------------------------+-------------+ | 4.16.1 | v1.20 onward | SystemVM Template (Debian) | cloud | +--------------+---------------------------------+-----------------------------+-------------+ +| 4.19.1 | v1.30 onward | SystemVM Template (Debian) | cloud | ++--------------+---------------------------------+-----------------------------+-------------+ +| 4.20.1 | v1.30 onward | SystemVM Template (Debian) | cloud | ++--------------+---------------------------------+-----------------------------+-------------+ +| 4.21.0 | v1.33 onward | SystemVM Template (Debian) | cloud | ++--------------+---------------------------------+-----------------------------+-------------+ + Adding/Removing Instances for an ExternalManaged Kubernetes Cluster ################################################################### @@ -405,6 +510,330 @@ To remove an Instance from an ExternalManaged Kubernetes cluster: These operations are only supported for an ExternalManaged Kubernetes Cluster +.. _flexible-kubernetes-clusters: + +Flexible Kubernetes Clusters +---------------------------- + +From 4.21.0, many enhancements have been added to CloudStack Kubernetes Service that allows users to: + +- Select the Hypervisor type for the Kubernetes Cluster nodes +- Specify different templates and/or service offerings for different types of Kubernetes Clusters nodes +- Use CKS-ready custom templates for Kubernetes cluster nodes marked as 'For CKS' +- Separate etcd nodes from control nodes of the Kubernetes clusters +- Add and remove a pre-created instance as a worker node to an existing Kubernetes cluster +- Mark Kubernetes cluster nodes for manual-only upgrade +- Dedicate specific hosts/clusters to a specific domain for CKS cluster deployment +- Use diverse CNI plugins (Calico, Cilium, etc) + +Build a custom template to use for Kubernetes clusters nodes +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +CloudStack provides a custom CKS-ready template based on Ubuntu 22.04 to be used for Kubernetes clusters nodes: https://download.cloudstack.org/testing/custom_templates/ubuntu/22.04/. + +This template contains all the required packages to be used as a Kubernetes cluster node. The default login credentials are: cloud:cloud. + +A user may decide not to use the provided CKS-ready template and build their own template. The following needs to be made sure is present on the template: + +- The following packages or the equivalent ones for the specific OS need to be installed: + + .. code-block:: bash + + cloud-init cloud-guest-utils conntrack apt-transport-https ca-certificates curl gnupg gnupg-agent software-properties-common gnupg lsb-release python3-json-pointer python3-jsonschema containerd.io + +- A user named `cloud` needs to be created and added to the sudoers list: + + .. code-block:: bash + + sudo useradd -m -s /bin/bash cloud + echo "cloud:" | sudo chpasswd + + # Edit /etc/sudoers file with: + cloud ALL=(ALL) NOPASSWD:ALL + +- Create the necessary directory /opt/bin: + + .. code-block:: bash + + sudo mkdir -p /opt/bin + +- Once the VM is deployed, place the Management Server’s SSH Public key at the cloud user’s authorized_keys file at ~/.ssh/authorized_keys + + +Registering a custom template for Kubernetes cluster nodes +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +By default, the Kubernetes clusters nodes are deployed from the System VM template. On the Advanced Settings for Kubernetes clusters creation, CloudStack allows selecting templates for different types of nodes. + +To register a template that will be listed as an option for Kubernetes cluster nodes: + +- Set URL to the provided CKS-ready template at: https://download.cloudstack.org/testing/custom_templates/ubuntu/22.04/ or a custom template built from the section above. + +- Set the template specific values as usual for template registration. + +- Mark the option 'For CKS'. This ensures the template is considered as an option for Kubernetes cluster nodes on the Advanced Settings section for clusters creation. + +|cks-custom-template-registration.png| + +Separate etcd nodes from control nodes +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +By default, a CKS cluster has 0 dedicated etcd nodes, and the etcd service runs on the control nodes. If etcd node count is set to a value greater than or equal to 1 during cluster creation, CloudStack will provision separate nodes exclusively for the etcd service, isolating them from the control nodes with the desired template and service offering if specified. + +To use separate etcd nodes, it is required to build and register a CKS ISO version containing the etcd binaries as explained in: :ref:`kubernetes-supported-versions` + +For convenience, some CKS ISOs are uploaded to: https://download.cloudstack.org/testing/cks/custom_templates/iso-etcd/ + +Add an external VM Instance as a worker node to a Kubernetes cluster +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Requirements for a VM Instance to be added as worker node to a Kubernetes cluster: + +- At least 8GB ROOT disk size, 2 CPU cores and 2GB RAM + +- The VM Instance must have a NIC on the Kubernetes cluster network + +- **The Management Server’s SSH Public key must be added at the cloud user’s authorized_keys file at `~/.ssh/authorized_keys`**. + +The VM Instances meeting the requirements above can be added to the Kubernetes cluster by the `addNodesToKubernetesCluster` API specifying: + +- **id** (UUID of the Kubernetes cluster. Required) +- **nodeids** (comma separated list of (external) node (physical or virtual machines) IDs that need to be added as worker nodes to an existing managed Kubernetes cluster (CKS). Required) +- **mountcksisoonvr** (optional parameter for Vmware only, uses the CKS cluster network VR to mount the CKS ISO) +- **manualupgrade** (optional parameter that indicates if the node is marked for manual upgrade and excluded from the Kubernetes cluster upgrade operation) + +.. note:: + Users will have the ability to add nodes to the Kubernetes cluster and mark them for manual upgrade. Once the nodes are marked for manual upgrade, the future cluster upgrade operations will exclude these nodes i.e., the Kubernetes version won't be upgraded. + +The following course of actions are taken: + +- Validation: The external node(s) are validated to ensure that all the above-mentioned prerequisites are present + +- Addition of port-forwarding rules and firewall rules (for isolated networks) + +- VM is rebooted with the Kubernetes configuration passed as user data + +- The ISO is attached either to the node or to the VR based on the value of `mountcksisoonvr` that is passed as a parameter to the addNodesToKubernetesCluster API (Vmware only). + +- The cluster enters Importing state until all the nodes are successfully added, and the number of Ready nodes is equal to the expected number of nodes to be added. + +- The process timeout is set by the setting: `cloud.kubernetes.cluster.add.node.timeout`. + +Removing an external worker node from a Kubernetes cluster +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +External worker nodes can be removed from a Kubernetes cluster by the `removeNodesFromKubernetesCluster` API specifying: + +- **id** (UUID of the Kubernetes cluster. Required) +- **nodeids** (comma separated list of (external) node (physical or virtual machines) IDs that need to be removed from an existing managed Kubernetes cluster (CKS). Required) + +When node(s) are being removed from a Kubernetes cluster, the following happens: + +- On the control node, drain the specific node before it can be removed + +- Reset the corresponding worker node + +- Delete the worker node from the cluster on the control node + +- Remove the port-forwarding and firewall rules (for isolated networks) for the nodes being removed + +- The cluster enters RemovingNodes state until all the nodes are successfully removed, and the number of Ready nodes is equal to the expected number of nodes + +- The process timeout is set by the setting: `cloud.kubernetes.cluster.remove.node.timeout`. + +Dedicate specific hosts/clusters to a specific domain for CKS cluster deployment +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Administrators are able to dedicate hosts to a domain or account. CloudStack will take the host dedication into consideration when deploying Kubernetes clusters. + +- When there are no hosts dedicated to the domain/account the user belongs, then the nodes will be deployed on any host. + +- When there are hosts dedicated to the domain/account the user belongs, then the nodes will be deployed on the dedicated hosts. + + .. note:: + By design the hosts dedication does not consider the deployment of system VMs on the dedicated hosts (SSVM, CPVM and Virtual Routers). In case the Kubernetes cluster is created on an unimplemented network then the Virtual Router of the network will not be deployed on the dedicated hosts. + +Affinity groups for CKS cluster nodes +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +From 4.23.0 onwards, users can specify host affinity or anti-affinity groups for different types of Kubernetes cluster nodes (control, worker, etcd) during cluster creation. This provides control over VM placement on hosts for high availability requirements. + +|cks-create-cluster-affinity-groups.png| + +To use affinity groups with CKS clusters: + +1. Create the desired affinity groups (host affinity or host anti-affinity) beforehand using the CloudStack UI or API. + +2. When creating a Kubernetes cluster, specify the affinity group mapping using the **nodeaffinitygroups** parameter. This parameter accepts a mapping of node types to affinity group UUIDs with two fields per entry: + + - ``node``: The node type (permitted values: ``worker``, ``control``, ``etcd``) + - ``affinitygroup``: The UUID of the desired affinity group + +Example using the API: + +.. code-block:: bash + + cmk create kubernetescluster name=MyCluster zoneid= kubernetesversionid= serviceofferingid= size=3 nodeaffinitygroups[0].node=worker nodeaffinitygroups[0].affinitygroup= + +Multiple affinity groups can be assigned to a single node type by providing comma-separated UUIDs: + +.. code-block:: bash + + nodeaffinitygroups[0].affinitygroup=, + +Different node types can have different affinity group configurations: + +.. code-block:: bash + + nodeaffinitygroups[0].node=control nodeaffinitygroups[0].affinitygroup= nodeaffinitygroups[1].node=worker nodeaffinitygroups[1].affinitygroup= + +The affinity group configuration is persisted and automatically applied when scaling the cluster - new worker nodes inherit the affinity group settings without requiring additional parameters. + +.. note:: + - When adding external worker nodes to an existing cluster using ``addNodesToKubernetesCluster``, the nodes are validated against any worker affinity groups configured for the cluster. + +Use diverse CNI plugins (Calico, Cilium, etc) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +A CNI framework has also been added which provides end users the flexibility to use the CNI plugin of their choice. The CNI framework internally leverages the managed User data feature provided by CloudStack. + +Sample Calico CNI configuration data used which is appended to the existing Kubernetes control node user data is: + .. note:: + This Calico sample requires prior external BGP peering — without BGP the CKS deployment will not work as expected + +.. code-block:: bash + + #cloud-config + - for i in {1..3}; do curl https://raw.githubusercontent.com/projectcalico/calico/v3.28.0/manifests/calico.yaml -o /home/cloud/calico.yaml && break || sleep 5; done + - until [ -f /home/cloud/success ]; do sleep 5; done + - echo "Kubectl apply file" + - for i in {1..3}; do sudo /opt/bin/kubectl create -f /home/cloud/calico.yaml && break || sleep 5; done + - export PATH=$PATH:/home/cloud + - | + cat << 'EOF' > /home/cloud/create-configs.sh + #!/bin/bash + cat << 'EOL' > /home/cloud/bgp-config.yaml + apiVersion: crd.projectcalico.org/v1 + kind: BGPConfiguration + metadata: + name: default + spec: + logSeverityScreen: Debug + asNumber: {{ AS_NUMBER }} + EOL + cat << 'EOL' > /home/cloud/bgp-peer.yaml + apiVersion: crd.projectcalico.org/v1 + kind: BGPPeer + metadata: + name: bgp-peer-1 + spec: + peerIP: {{ ds.meta_data.peer_ip_address }} + asNumber: {{ ds.meta_data.peer_as_number }} + EOL + EOF + - chmod +x /home/cloud/create-configs.sh + - /home/cloud/create-configs.sh + - for i in {1..3}; do sudo /opt/bin/kubectl apply -f /home/cloud/bgp-config.yaml && break || sleep 5; done + - for i in {1..3}; do sudo /opt/bin/kubectl apply -f /home/cloud/bgp-peer.yaml && break || sleep 5; done + + +The CNI Configuration creation allows specifying the parameters to be set as a comma separated list: + +|cks-cni-configuration-registration-sample.png| + +After a CNI Configuration is created, it can be appended to Kubernetes cluster nodes as part of 'Advanced Settings': + +|cks-cni-configuration-cluster-creation.png| + +For verification of the applied CNI Configuration, the following commands can be used: + +.. code-block:: bash + + root@cksclusteradditon-control-190ca0ce253:~# kubectl get pods -A + + NAMESPACE NAME READY STATUS RESTARTS AGE + + kube-system calico-kube-controllers-8d76c5f9b-pkhcv 1/1 Running 6 (44m ago) 2d21h + + kube-system calico-node-n4msg 1/1 Running 0 2d21h + + kube-system calico-node-pdz2w 1/1 Running 0 2d18h + + kube-system calico-node-slmg2 1/1 Running 0 2d21h + + + + root@cksclusteradditon-control-190ca0ce253:~# kubectl get bgppeer + + NAME AGE + + bgp-peer-1 2d22h + + + + root@cksclusteradditon-control-190ca0ce253:~# kubectl get bgpconfiguration + + NAME AGE + + default 2d22h + + + root@cksclusteradditon-control-190ca0ce253:~# kubectl describe bgpconfiguration + + Name: default + + Namespace: + + Labels: + + Annotations: + + API Version: crd.projectcalico.org/v1 + + Kind: BGPConfiguration + + Metadata: + + Creation Timestamp: 2024-07-19T08:25:14Z + + Generation: 1 + + Resource Version: 580 + + UID: 2b927b4e-82d3-4200-a3c1-9bf0cd5f5824 + + Spec: + + As Number: 65145 + + Log Severity Screen: Debug + + Events: + +There could be Calico routing edge case encountered in some environments. By default, Calico uses the 192.168.0.0/16 network for its pod IP pool when you install it with the standard manifests. To avoid potential routing conflicts with existing networks in your infrastructure, it's advisable to customize the Calico IP pool to use a different subnet that doesn't overlap with your current network setup. + +kubectl get ippool.crd.projectcalico.org -o yaml + +.. code-block:: bash + apiVersion: crd.projectcalico.org/v1 + kind: IPPool + metadata: + name: default-ipv4-ippool + spec: + cidr: 192.168.0.0/16 + ipipMode: Always + natOutgoing: true + disabled: false + +You can edit the IP pool to change the CIDR to a different subnet that fits your network architecture better. For example, you might choose to use 10.0.0.0/16. + +kubectl edit ippool default-ipv4-ippool + +and redeploy the pods + +kubectl delete pod --all -A + + .. |cks-add-version-form.png| image:: /_static/images/cks-add-version-form.png :alt: Add Kubernetes Supported Version form. .. |cks-cluster-access-tab.png| image:: /_static/images/cks-cluster-access-tab.png @@ -417,6 +846,10 @@ To remove an Instance from an ExternalManaged Kubernetes cluster: :alt: Kubernetes clusters list. .. |cks-create-cluster-form.png| image:: /_static/images/cks-create-cluster-form.png :alt: Create Kubernetes Cluster form. +.. |cks-create-cluster-additional-settings.png| image:: /_static/images/cks-create-cluster-additional-settings.png + :alt: Create Kubernetes Cluster form with Advanced Settings. +.. |cks-create-cluster-affinity-groups.png| image:: /_static/images/cks-create-cluster-affinity-groups.png + :alt: Affinity groups selection in Create Kubernetes Cluster Advanced Settings. .. |cks-delete-action.png| image:: /_static/images/cks-delete-action.png :alt: Delete action icon. .. |cks-kube-config-action.png| image:: /_static/images/cks-kube-config-action.png @@ -435,3 +868,9 @@ To remove an Instance from an ExternalManaged Kubernetes cluster: :alt: Upgrade Kubernetes Cluster form. .. |cks-versions.png| image:: /_static/images/cks-versions.png :alt: Supported Kubernetes versions list. +.. |cks-custom-template-registration.png| image:: /_static/images/cks-custom-template-registration.png + :alt: Custom Template Registration for Kubernetes cluster nodes. +.. |cks-cni-configuration-cluster-creation.png| image:: /_static/images/cks-cni-configuration-cluster-creation.png + :alt: Kubernetes cluster creation setting a CNI configuration. +.. |cks-cni-configuration-registration-sample.png| image:: /_static/images/cks-cni-configuration-registration-sample.png + :alt: CNI Configuration registration sample. diff --git a/source/plugins/index.rst b/source/plugins/index.rst index 16f3eaa52b..fd0df5ed60 100644 --- a/source/plugins/index.rst +++ b/source/plugins/index.rst @@ -33,10 +33,12 @@ This is the Apache CloudStack Plugins guide. This section gives information for cloudian-connector nicira-plugin nsx-plugin + netris-plugin vxlan ovs-plugin ipv6 quota cloudstack-kubernetes-service cloudstack-kubernetes-provider.rst + cloudstack-csi-driver.rst diff --git a/source/plugins/ipv6.rst b/source/plugins/ipv6.rst index 81fe7a5cc0..79078f3624 100644 --- a/source/plugins/ipv6.rst +++ b/source/plugins/ipv6.rst @@ -16,14 +16,7 @@ IPv6 Support in CloudStack =========================== - -CloudStack supports Internet Protocol version 6 (IPv6), the recent -version of the Internet Protocol (IP) that defines routing the network -traffic. IPv6 uses a 128-bit address that exponentially expands the -current address space that is available to the users. IPv6 addresses -consist of eight groups of four hexadecimal digits separated by colons, -for example, 5001:0dt8:83a3:1012:1000:8s2e:0870:7454. CloudStack -supports IPv6 for shared and isolated networks. It also supports IPv6 for VPC Network Tiers. +CloudStack has limited IPv6 support. It supports IPv6 for shared and isolated networks. It also supports IPv6 for VPC Network Tiers. Shared network -------------- @@ -101,7 +94,7 @@ The following are not yet supported: #. Security groups -#. Userdata and metadata +#. User Data and metadata #. Passwords @@ -282,9 +275,9 @@ Alternatively, ``createGuestNetworkIpv6Prefix`` API can be used to add a new gue Adding Network or VPC Offering with IPv6 Support ################################################ -To create an IPv6 suported network or VPC offering, global configuration - ``ipv6.offering.enabled`` must be set to **true**. +To create an IPv6 supported network or VPC offering, global configuration - ``ipv6.offering.enabled`` must be set to **true**. -With 4.17.0, a new paramter - ``internetprotocol`` has been added to: +With 4.17.0, a new parameter - ``internetprotocol`` has been added to: - the ``createNetworkOffering`` API which can be used to create a network offering with IPv6 support by using the value dualstack. - the ``createVPCOffering`` API which can be used to create a VPC offering with IPv6 support by using the value dualstack. Corresponding option has also been provided in the UI form creating network/VPC offering: @@ -311,8 +304,8 @@ For using and managing firewall rules with an IPv6 supported isolated network, C - ``listIpv6FirewallRules`` - To list existing IPv6 firewall rules for a network. - ``createIpv6FirewallRule`` - To create a new IPv6 firewall rules for a network. -- ``updateIpv6FirewallRule`` - To update an exisitng IPv6 firewall rules for a network. -- ``deleteIpv6FirewallRule`` - To delete an exisitng IPv6 firewall rules for a network. +- ``updateIpv6FirewallRule`` - To update an existing IPv6 firewall rules for a network. +- ``deleteIpv6FirewallRule`` - To delete an existing IPv6 firewall rules for a network. These operations are also available using UI in the network details view of an IPv6 supported network. @@ -322,7 +315,7 @@ These operations are also available using UI in the network details view of an I IPv6 ACL ######## -IPv6 ACL rules for an IPv6 supported VPC Network Tier can be managed using Network ACL lists for the VPC. IPv6 CIDRs can be specified while adding or updating an ACL rule. +IPv6 ACL rules for an IPv6 supported VPC Network Tier can be managed using Network ACLs for the VPC. IPv6 CIDRs can be specified while adding or updating an ACL rule. |add-ipv6-acl-rule-form.png| |ipv6-acl-list.png| @@ -343,4 +336,4 @@ IPv6 ACL rules for an IPv6 supported VPC Network Tier can be managed using Netwo .. |add-ipv6-acl-rule-form.png| image:: /_static/images/add-ipv6-acl-rule-form.png :alt: Add IPv6 ACL rule. .. |ipv6-acl-list.png| image:: /_static/images/ipv6-acl-list.png - :alt: IPv6 ACL rule in Network ACL list. + :alt: IPv6 ACL rule in Network ACL. diff --git a/source/plugins/netris-plugin.rst b/source/plugins/netris-plugin.rst new file mode 100644 index 0000000000..dabf063b09 --- /dev/null +++ b/source/plugins/netris-plugin.rst @@ -0,0 +1,249 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +The Netris Plugin +================= + +Introduction +------------ + +The Netris Plugin introduces Netris as a network service provider in CloudStack to be able to create and manage Virtual Private Clouds (VPCs) in CloudStack, being able to orchestrate the following network functionalities: + +- Network segmentation with Netris-VXLAN isolation method +- Routing between "public" IP and network segments with an ACS ROUTED mode offering +- SourceNAT, DNAT, 1:1 NAT between "public" IP and network segments with an ACS NATTED mode offering +- Routing between VPC network segments (tiers in ACS nomenclature) +- Access Lists (ACLs) between VPC tiers and "public" network (TCP, UDP, ICMP) both as global egress rules and "public" IP specific ingress rules. +- ACLs between VPC network tiers (TCP, UDP, ICMP) +- External load balancing – between VPC network tiers and "public" IP +- Internal load balancing – between VPC network tiers +- CloudStack Virtual Router services (DHCP, DNS, UserData, Password Injection, etc…) + + +Supported Versions +------------------ + ++--------------+----------------------+----------------+ +| Hypervisor | CloudStack Version | Netris Version | ++==============+======================+================+ +| KVM | >= 4.21 | 4.4.0 | ++--------------+----------------------+----------------+ + +Table: Supported Versions + +Configuration +------------- + +Prerequisites +~~~~~~~~~~~~~ + +The Netris plugin is enabled by the 'netris.plugin.enable' setting, which is false by default. It enables the Netris Plugin on CloudStack when it is set to true. The global setting is non-dynamic, that is, the management server would need to be restarted after being modified. + +Zone creation +~~~~~~~~~~~~~ + +The CloudStack Zone creation wizard is extended: + +.. image:: ../_static/images/netris-isolation-method.png + :width: 600px + :align: center + +- A new isolation method is added for the Core zone, with Advanced networking and KVM hypervisor: NETRIS + +- When the NETRIS isolation method is selected, new steps are added to the zone creation wizard: + - Netris Provider: in this step the administrator must provide: + - Netris provider URL along with an internal name for reference + - Netris provider credentials to login into the Netris provider + - Site name: The Netris Site Name to be linked to + - Admin Tenant Name: The name of the Admin Tenant on the Netris provider + - Netris tag: A tag to be used on each Netris VNET creation + + .. image:: ../_static/images/netris-provider-config.png + :width: 600px + :align: center + + - Public traffic and Netris IP Pool: The public traffic is split in two sections. + - Public traffic: The first Public IP range defined on this section will be marked for system VMs (and a tag will be displayed accordingly, with the name 'systemvm'). The next Public IP ranges defined on this section will be available for VR Public IPs. + + .. image:: ../_static/images/netris-sysvm-vr-ip-range.png + :width: 600px + :align: center + + - Netris IP Pool: Administrators must provide the Public IP range to be used by VPC operations: Source NAT, Load Balancing, Port Forwarding, Static NAT (this range is marked with the tag 'netris') + + .. image:: ../_static/images/netris-public-ip-pool.png + :width: 600px + :align: center + +- When a new zone is being created, CloudStack will check the Public IP ranges defined and will perform the following actions on Netris: + - Create an IPAM allocation for the Netris IP Pool range linked to the default VPC. + - If an existing IPAM allocation contains the Netris IP Pool provided, then the range must be created as a new IPAM subnet as a child entity of the existing allocation on Netris, with purpose: 'common'. The 'common' subnet purpose allows creating 'nat' and 'load-balancer' child subnets. + +.. note:: + **Important:** + Please note CloudStack expects the public IP ranges defined in the same order as the zone wizard creation displays them. The same order must be preserved in case of adding/editing/removing public IP ranges: + + - System VM Public Range + - VRs Public Range + - Netris Public Range + +The subsequent steps of zone creation remain unchanged and once the zone is successfully created and enabled, the system VMs come up with IPs from the Public IP Range reserved for System VMs (not the Netris public IP range). + +VPC creation on Netris +~~~~~~~~~~~~~~~~~~~~~~ + +VPC creation on CloudStack performs the following actions on Netris: + +- A new VPC is created for the Admin Tenant provided at the zone creation phase, with the name convention: D-A-Z-V-, where: + - domainID: Internal database ID of the domain + - accountID: Internal database ID of the account + - zoneID: Internal database ID of the VPC + - vpcName: Name of the VPC + +- A new IPAM allocation is created for the VPC Guest CIDR, with the following parameters: + - Prefix: The VPC CIDR + - Name: D-A-Z-V-, where: + - vpcCidr: is the CIDR defined for the VPC + - VPC: The new VPC created on the step above + +- Source NAT is created for VPC in NAT mode + +VPC Tier creation on Netris +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +VPC Tier creation on CloudStack performs the following actions on Netris: + +- A new IPAM subnet is created for the VPC Tier, with the following parameters: + - Prefix: The VPC Tier CIDR + - Name: D-A-Z-N-, where: + - networkID: The internal database ID of the network tier + - vpcTierCidr: is the CIDR defined for the VPC Tier + - Purpose: 'common' + - VPC: The VPC created on the step above + +- A new vNet is created, with the following parameters: + - Name: D-A-Z-N-, where: + - vpcTierName: is the VPC Tier name + - VPC: The VPC created on the step above + - VXLAN ID: A random VXLAN from the range provided on the zone creation + - VLAN ID: Disabled + - Tags: The tag set on the zone creation + - IP Gateway: The VPC Tier gateway IP, from the subnet created on the step above. +- ACLs are created on Netris + +- The VPC tiers created from the default VPC network offering for Netris – Routed Mode extends the IPAM Subnet creation for the VPC Tier Guest CIDR by setting the parameter: + - Global Routing = true. This parameter allows advertising the IPs for the VPC tier (required for Routed mode) + +.. note:: +Important: Please consider at least one running VM per VPC tier to prevent VPC tier state transition to Allocated state + + +Supported VPC Services +~~~~~~~~~~~~~~~~~~~~~~ + +· The following operations are supported for VPCs created from the default **VPC offering for Netris – NAT mode**: + - Source NAT: + - A new IPAM subnet is created for the Source NAT IP of the VPC, under the Netris IP pool IPAM allocation, with the following parameters: + - **Prefix**: /32, where SOURCE_NAT_IP is the VPC Source NAT IP + - **Purpose**: 'nat' + - **VPC**: Default VPC + - **Name**: D-A-Z-V- + + - A new NAT rule is created with the following parameters: + - **Action**: SNAT + - **Protocol**: ALL + - **VPC**: The associated VPC + - **Name**: D-A-Z-V-SNAT + - **Source Address**: The VPC CIDR + - **Destination Address**: 0.0.0.0/0 + - **SNAT to IP**: true, set to the Source NAT Public IP + + - Port forwarding rules: + - A new IPAM subnet is created for the Public IP, under the Netris IP Pool IPAM allocation, with the following parameters: + - **Prefix**: /32, where PUBLIC_IP is the selected free public IP + - **Purpose**: 'nat' + - **VPC**: Default VPC + - **Name**: D-A-Z-V- + + - A new NAT rule is created with the following parameters: + - **Action**: DNAT + - **VPC**: The associated VPC + - **Name**: D-A-Z-V-DNAT-R, where: + - **Rule ID**: The internal database ID of the port forwarding rule + - **Protocol**: The protocol for the port forwarding rule + - **Source Address**: 0.0.0.0/0 + - **Source Port**: 1-65535 + - **Destination Address**: The port forwarding Public IP + - **Destination Port**: The port forwarding rule public port + - **DNAT to IP**: /32, where VM_IP: is the VM guest IP + - **DNAT to port**: The port forwarding rule private port + + - Static NAT: + - A new IPAM subnet is created for the Public IP, under the Netris IP Pool IPAM allocation, with the following parameters: + - **Prefix**: /32, where PUBLIC_IP is the selected free public IP + - **Purpose**: 'nat' + - **VPC**: Default VPC + - **Name**: D-A-Z-V- + + - A new NAT rule is created with the following parameters: + - **Action**: DNAT + - **VPC**: The associated VPC + - **Name**: D-A-Z-V-STATICNAT: + - **Protocol**: ALL + - **Source Address**: 0.0.0.0/0 + - **Destination Address**: The port forwarding Public IP + - **DNAT to IP**: /32, where VM_IP: is the VM guest IP + + + - Load Balancing: + - A new IPAM subnet is created for the Public IP, under the Netris IP Pool IPAM allocation, with the following parameters: + - **Prefix**: /32, where PUBLIC_IP is the selected free public IP + - **Purpose**: 'load-balancer' + - **VPC**: Default VPC + - **Name**: D-A-Z-V- + + - A new L4 Load Balancer is created with the following parameters: + - **Action**: DNAT + - **VPC**: The associated VPC + - **Name**: D-A-Z-V-LB, where: + - **lbID**: The internal database ID of the load balancer + - **Protocol**: The protocol for the load balancer + - **Frontend Address**: The load balancer Public IP + - **Frontend Port**: The load balancer public port + - For each VM added to the load balancer: + - **Backend address**: The guest VM IP + - **Backend port**: The load balancer private port + + - ACLs + - A new ACL rule is created for each CloudStack ACL rule defined on the network tier ACL: + - **Name**: D-A-Z-V-N-ACL, where: + - **aclID**: The internal database ID of the ACL rule + - **VPC**: The associated VPC + - **Protocol**: The selected protocol for the ACL Rule + - **Action**: 'permit' or 'deny' matching the selected Allow or Deny action on CloudStack + - If the traffic type is **Ingress**: + - **Source Address**: The ACL rule CIDR + - **Source Port**: 1-65535 + - **Destination Address**: The VPC Tier CIDR + - **Destination Port**: X-Y, where: + - *X*: The ACL rule start port + - *Y*: The ACL rule end port + - If the traffic type is Egress: + - **Reverse**: true + - **Source Address**: The VPC Tier CIDR + - **Source Port**: 1-65535 + - **Destination Address**: The ACL rule CIDR + - **Destination Port**: X-Y, where: + - *X*: The ACL rule start port + - *Y*: The ACL rule end port \ No newline at end of file diff --git a/source/plugins/nsx-plugin.rst b/source/plugins/nsx-plugin.rst index 06133701a8..b88139f09b 100644 --- a/source/plugins/nsx-plugin.rst +++ b/source/plugins/nsx-plugin.rst @@ -28,7 +28,7 @@ The VMware NSX Plugin introduces VMware NSX 4 as a network service provider in C - Port Forwarding between “public” networks and VPC network tier - External load balancing – between VPCs network tiers and “public” networks (runs on Edge Cluster) - Internal load balancing – between VPC network tiers -- Password injection, UserData and SSH Keys +- Password injection, User Data and SSH Keys - External, Internal DNS - DHCP - Kubernetes host orchestration, supporting CKS on VPCs @@ -41,7 +41,7 @@ Supported Versions +--------------+----------------------+--------------------+ | Hypervisor | CloudStack Version | VMware NSX Version | +==============+======================+====================+ -| VMware | >= 4.20 | 4.1 | +| VMware | >= 4.20 | 4.1.0 | +--------------+----------------------+--------------------+ Table: Supported Versions @@ -59,7 +59,7 @@ Prior to creating the zone, ensure that the global setting: 'vmware.management.p Zone creation ~~~~~~~~~~~~~ -For an NSX-based zone, the administrator will have to create atleast 2 physical networks, one for Public and Guest networks with **NSX** isolation method and one for Management (and / or storage networks), +For an NSX-based zone, the administrator will have to create at least 2 physical networks, one for Public and Guest networks with **NSX** isolation method and one for Management (and / or storage networks), which uses VLAN isolation method. **Physical network for Public and Guest traffic:** @@ -68,7 +68,7 @@ which uses VLAN isolation method. vSwitch type: distributed virtual switch (dvSwitch) vSwitch name: name of the dvSwitch to handle NSX traffic -**Phsyical network for Management traffic:** +**Physical network for Management traffic:** Isolation method: VLAN VLAN ID: ID for Management traffic vSwitch type: distributed virtual switch (dvSwitch) @@ -200,13 +200,13 @@ When the first VM is created on the network tier, CloudStack creates the followi .. note:: -The following notations were used in the above section: + The following notations were used in the above section: - - d_id: the 'id' column on the 'domain' table for the caller domain - - a_id: the 'id' column of the 'accounts' table for the owner account - - z_id: the 'id' column of the 'datacenter' table for the zone - - v_id: the 'id' column of the 'vpcs' table for the new VPC being created - - s_id: the 'id' column of the 'networks' table for the network tier being created + - d_id: the 'id' column on the 'domain' table for the caller domain + - a_id: the 'id' column of the 'accounts' table for the owner account + - z_id: the 'id' column of the 'datacenter' table for the zone + - v_id: the 'id' column of the 'vpcs' table for the new VPC being created + - s_id: the 'id' column of the 'networks' table for the network tier being created CKS on NSX @@ -226,4 +226,4 @@ Additional Notes ~~~~~~~~~~~~~~~~~ - Ports 67-68 need to be manually opened for network tiers of VPCs created in NSX based zones with default_deny ACL for DHCP to work as expected. -- When creating routed VPC networks in NSX-enabled zones, ensure that no 2 VPCs use the same CIDR, to prevent IP conflicts upstream (BGP). \ No newline at end of file +- When creating routed VPC networks in NSX-enabled zones, ensure that no 2 VPCs use the same CIDR, to prevent IP conflicts upstream (BGP). diff --git a/source/plugins/vxlan.rst b/source/plugins/vxlan.rst index 1d8086c16b..a4726426d9 100644 --- a/source/plugins/vxlan.rst +++ b/source/plugins/vxlan.rst @@ -103,7 +103,7 @@ Create bridge interface with IPv4 address ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This plugin requires an IPv4 address on the KVM host to terminate and -originate VXLAN traffic. The address should be assinged to a physical +originate VXLAN traffic. The address should be assigned to a physical interface or a bridge interface bound to a physical interface. Both a private address or a public address are fine for the purpose. It is not required to be in the same subnet for all hypervisors in a zone, but @@ -221,7 +221,7 @@ you would change the configuration similar to below. # Private network auto cloudbr1 iface cloudbr1 inet static - addres 192.0.2.X + address 192.0.2.X netmask 255.255.255.0 bridge_ports eth0.300 bridge_fd 5 @@ -355,7 +355,7 @@ BGP and EVPN in the upstream network ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This documentation does not cover configuring BGP and EVPN in the upstream network. -This will differ per network and is therefor difficult to capture in this documentation. A couple of key items though: +This will differ per network and is therefore difficult to capture in this documentation. A couple of key items though: - Each hypervisor with establish eBGP session(s) with the Top-of-Rack router(s) in it is rack - These Top-of-Rack devices will connect to (a) Spine router(s) diff --git a/source/quickinstallationguide/qig.rst b/source/quickinstallationguide/qig.rst index 0fe204198c..5cfdab03bf 100644 --- a/source/quickinstallationguide/qig.rst +++ b/source/quickinstallationguide/qig.rst @@ -353,8 +353,8 @@ section: innodb_rollback_on_timeout=1 innodb_lock_wait_timeout=600 max_connections=350 - log-bin=mysql-bin - binlog-format = 'ROW' + log_bin=mysql-bin + binlog_format=ROW Now that MySQL is properly configured we can start it and configure it to @@ -402,23 +402,46 @@ up the management server by issuing the following command: # cloudstack-setup-management + .. note:: + Since 4.23.0, the ``cloudstack-setup-management`` command + can download SystemVM templates on demand when they are not present. -System Template Setup -~~~~~~~~~~~~~~~~~~~~~ + Use the ``--systemvm-templates`` argument to specify which templates to + download. Valid values are ``all``, ``kvm-aarch64``, ``kvm-x86_64``, + ``xenserver``, and ``vmware``. A comma-separated list combining any of + these identifiers can also be supplied (for example + ``kvm-x86_64,xenserver``). If not specified, ``kvm-x86_64`` template + will be downloaded by default. -CloudStack uses a number of system VMs to provide functionality for accessing -the console of Instances, providing various networking services, and -managing various aspects of storage. + For offline environments, provide a custom repository URL with the + ``--systemvm-templates-repository`` argument so the installer can fetch + templates from an internal mirror. -We need to download the systemVM Template and deploy that to the secondary storage. -We will use the local path (/export/secondary) since we are already on the NFS server itself, -but otherwise you would need to mount your Secondary Storage to a temporary mount point, and use -that mount point instead of the /export/secondary path. -Execute the following script: +System VM Template Setup +~~~~~~~~~~~~~~~~~~~~~~~~ + +CloudStack relies on several System VMs (for example SSVM and CPVM) to +provide console access, networking services and storage management. Manual +installation of System VM templates is not required in recent CloudStack +releases. Since 4.16.0, automatic seeding of System VM templates has been +supported; the ``cloudstack-management`` package historically included bundled +templates and the Management Server seeded them to secondary storage during +startup or when a secondary store was added to a zone. Starting with 4.23.0, +CloudStack supports on-demand downloading of System VM templates when they +are not present locally or bundled with the package. + +Templates are typically obtained in two ways: during initial setup via +``cloudstack-setup-management`` or automatically at Management +Server startup and secondary store addition (the Management Server +will attempt to download and seed any missing templates). + +When automated mechanisms are unsuitable, templates can be downloaded and +deployed to secondary storage using the helper script. On the secondary +storage host (or a temporary mount of the secondary store) run:: .. parsed-literal:: - + /usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt \ -m /export/secondary \ -u |sysvm64-url-kvm| \ @@ -489,12 +512,12 @@ that libvirt is configured correctly. Libvirt is a dependency of cloud-agent and should already be installed. #. Even though we are using a single host, the following steps are recommended - to get faimilar with the general requirements. - In order to have live migration working libvirt has to listen for unsecured + to get familiar with the general requirements. + In order to have live migration working libvirt has to listen for unsecured TCP connections. We also need to turn off libvirts attempt to use Multicast DNS advertising. Both of these settings are in /etc/libvirt/libvirtd.conf - Set the following paramaters: + Set the following parameters: :: @@ -639,7 +662,7 @@ Pod Configuration Here we will configure a range for Cloudstack's internal management traffic - CloudStack will assign IPs from this range to system VMs. This will also be part of our local network (i.e. different part of your local home network, from .21 to .30), with the rest of the IP parameters -(netmaks/gateway) being the same as used for the Public Traffic. +(netmask/gateway) being the same as used for the Public Traffic. #. Pod Name - We'll use ``Pod1`` for our cloud. diff --git a/source/releasenotes/about.rst b/source/releasenotes/about.rst index 6de32cf969..89c68b9ea9 100644 --- a/source/releasenotes/about.rst +++ b/source/releasenotes/about.rst @@ -17,37 +17,38 @@ What's New in |release| ======================= -Apache CloudStack 4.20.0.0 is the initial 4.20 LTS release with 190+ new -features, improvements and bug fixes since 4.19, including 15 major -new features. Some of the highlights include: - -• Webhooks -• Dynamic and Static Routing -• Ceph RGW Object Store Support -• NSX integration -• Shared Filesystems -• Multi-arch Zones -• Simple NAS backup plugin for KVM -• Usage UI -• API documentation in UI - +Apache CloudStack |release| is a 4.22 LTS release with 10 new features, +around 15 improvements and more than 140 bug fixes since the 4.21.0.0 release. +Some of the highlights include: + +Enhanced Backup and Disaster Recovery +SSL Offloading for Load Balancers +Baremetal/MaaS Extension +CSI Driver for CKS +Console Access for Proxmox in Extensions Framework +VMware-to-KVM Migration Enhancements +Snapshot/Backup Schedule Listing +Per-Zone Console Proxy Configuration +Direct Volume Migration within Cluster +Persistent KVM Domains +Support for userdata on System VMs +EL10 & OpenSUSE 15.6 Platform Support +Stronger Checksum Algorithm (SHA-512) +Enable KVM volume and VM snapshot by default +Support xz format for template registration +Support for shared Filesystem on Config Drive Networks + +Known Issues +------------ + +• Starting 4.21 VM snapshots are supported for instances on KVM hosts. However, volume snapshots and VM snapshots cannot coexist. + Restoring a volume snapshot will remove any existing VM snapshots and may lead to data loss. + There is a UI issue where error messages in such scenarios may not clearly indicate the problem. + +• When managing and unmanaging UEFI-based VMs on KVM hosts, migration of such VMs may fail in certain scenarios. + This typically occurs when a VM that was unmanaged and later re-imported is started on a different host and then + migrated back to its original host. The migration fails because the VM domain still exists on the original host, + resulting in a conflict. As a workaround, manually remove the old domain from the original host before attempting the migration again. The full list of new features can be found in the project release notes at -https://docs.cloudstack.apache.org/en/4.20.0.0/releasenotes/changes.html - -Log4j Upgrade -============= - -Up until 4.19.x.x, the logging library used for the project was Log4j 1.29. -The 4.20.0.0 version has updated the library to Log4j2. The new Log4j2 configuration file format is not backwards -compatible with the old one. The 4.20.0.0 packages will come with the default configuration files updated. -Users that have made customizations to their files must update their configuration files to match with the new format, -the `official Log4j documentation`_ might help you migrate your custom configurations. - -JRE Upgrade -============ - -Up until 4.19.x.x, the JRE used for ACS was JRE 11. In 4.20.0.0, JRE has been upgraded to JRE 17 as JRE 11 has reached EOL. -This means that Centos7 (EL7) is no longer supported. - -.. _official Log4j documentation: https://logging.apache.org/log4j/2.x/migrate-from-log4j1.html +https://docs.cloudstack.apache.org/en/4.22.0.0/releasenotes/changes.html diff --git a/source/releasenotes/api-changes.rst b/source/releasenotes/api-changes.rst index ad449dbe79..e32a7d099f 100644 --- a/source/releasenotes/api-changes.rst +++ b/source/releasenotes/api-changes.rst @@ -13,146 +13,10 @@ specific language governing permissions and limitations under the License. -API Changes Introduced in 4.20.0.0 +API Changes Introduced in 4.22.0.0 ================================== -For the complete list of API commands and params consult the `CloudStack Apidocs`_. - -New API Commands ----------------- - -.. cssclass:: table-striped table-bordered table-hover - -+---------------------------------------------+--------------------------------------------------------------------------------+ -| Name | Description | -+=============================================+================================================================================+ -| ``changeBgpPeersForNetwork`` | Change the BGP peers for a network. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``enableRole`` | Enables a role | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateSharedFileSystem`` | Update a Shared FileSystem | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateIpv4SubnetForZone`` | Updates an existing IPv4 subnet for a zone. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listASNumbers`` | List Autonomous Systems Numbers | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateRoutingFirewallRule`` | Updates Routing firewall rule with specified ID | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``quotaListEmailConfiguration`` | List quota email template configurations | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``deleteBackupRepository`` | delete a backup repository | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``changeBgpPeersForVpc`` | Change the BGP peers for a VPC. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createSharedFileSystem`` | Create a new Shared File System of specified size and disk offering, attached | -| | to the given network | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``quotaPresetVariablesList`` | List the preset variables available for using in the Quota tariff activation | -| | rules given the usage type. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``addNsxController`` | Add NSX Controller to CloudStack | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``purgeExpungedResources`` | Purge expunged resources | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``deleteNsxController`` | delete NSX Controller to CloudStack | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listWebhooks`` | Lists Webhooks | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``executeWebhookDelivery`` | Executes a Webhook delivery | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``recoverSharedFileSystem`` | Recover a Shared FileSystem by id | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listIpv4SubnetsForGuestNetwork`` | Lists IPv4 subnets for guest networks. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``releaseIpv4SubnetForZone`` | Releases an existing dedicated IPv4 subnet for a zone. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createIpv4SubnetForZone`` | Creates a IPv4 subnet for a zone. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listNetworkProtocols`` | Lists details of network protocols | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createASNRange`` | Creates a range of Autonomous Systems for BGP Dynamic Routing | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``deleteBgpPeer`` | Deletes an existing Bgp Peer. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateBgpPeer`` | Updates an existing Bgp Peer. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``deleteIpv4SubnetForGuestNetwork`` | Deletes an existing IPv4 subnet for guest network. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createRoutingFirewallRule`` | Creates a routing firewall rule in the given network in ROUTED mode | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``releaseASNumber`` | Releases an AS Number back to the pool | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listWebhookDeliveries`` | Lists Webhook deliveries | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``restartSharedFileSystem`` | Restart a Shared FileSystem | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``forgotPassword`` | Sends an email to the user with a token to reset the password using | -| | resetPassword command. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listASNRanges`` | List Autonomous Systems Number Ranges | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``resetPassword`` | Resets the password for the user using the token generated via forgotPassword | -| | command. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``disableRole`` | Disables a role | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listBackupRepositories`` | Lists all backup repositories | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createBgpPeer`` | Creates a Bgp Peer for a zone. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``dedicateBgpPeer`` | Dedicates an existing Bgp Peer to an account or a domain. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createIpv4SubnetForGuestNetwork`` | Creates a IPv4 subnet for guest networks. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``destroySharedFileSystem`` | Destroy a Shared FileSystem by id | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``deleteASNRange`` | deletes a range of Autonomous Systems for BGP Dynamic Routing | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listRoutingFirewallRules`` | Lists all Routing firewall rules | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listIpv4SubnetsForZone`` | Lists IPv4 subnets for zone. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``startSharedFileSystem`` | Start a Shared FileSystem | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``addBackupRepository`` | Adds a backup repository to store NAS backups | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``stopSharedFileSystem`` | Stop a Shared FileSystem | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``deleteRoutingFirewallRule`` | Deletes a routing firewall rule | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listBgpPeers`` | Lists Bgp Peers. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listNsxControllers`` | list all NSX controllers added to CloudStack | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``releaseBgpPeer`` | Releases an existing dedicated Bgp Peer. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``deleteIpv4SubnetForZone`` | Deletes an existing IPv4 subnet for a zone. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``deleteWebhookDelivery`` | Deletes Webhook delivery | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``changeSharedFileSystemServiceOffering`` | Change Service offering of a Shared FileSystem | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``quotaConfigureEmail`` | Configure a quota email template | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``dedicateIpv4SubnetForZone`` | Dedicates an existing IPv4 subnet for a zone to an account or a domain. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listSharedFileSystems`` | List Shared FileSystems | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``deleteWebhook`` | Deletes a Webhook | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateWebhook`` | Updates a Webhook | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``changeSharedFileSystemDiskOffering`` | Change Disk offering of a Shared FileSystem | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``expungeSharedFileSystem`` | Expunge a Shared FileSystem by id | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createWebhook`` | Creates a Webhook | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``extractSnapshot`` | Returns a download URL for extracting a snapshot. It must be in the Backed Up | -| | state. | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listSharedFileSystemProviders`` | Lists all available shared filesystem providers. | -+---------------------------------------------+--------------------------------------------------------------------------------+ +For the complete list of API commands and params consult the `CloudStack Apidocs`_. Parameters Changed API Commands ------------------------------- @@ -162,1423 +26,381 @@ Parameters Changed API Commands +---------------------------------------------+--------------------------------------------------------------------------------+ | Name | Description | +=============================================+================================================================================+ -| ``createVPCOffering`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``fornsx`` (optional) | -| | - ``networkmode`` (optional) | -| | - ``nsxsupportlb`` (optional) | -| | - ``routingmode`` (optional) | -| | - ``specifyasnumber`` (optional) | -| | | -| | *Changed Parameters:* | -| | | -| | - ``supportedservices`` was 'required' and is now 'optional' | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``fornsx`` | -| | - ``networkmode`` | -| | - ``routingmode`` | -| | - ``specifyasnumber`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``ldapCreateAccount`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``taggedresources`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``copyIso`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateResourceLimit`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``tag`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``tag`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``restoreVirtualMachine`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateHost`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` | -| | - ``explicithosttags`` | -| | - ``implicithosttags`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listClusters`` | **Response:** | +| ``listVsphereStoragePolicyCompatiblePools`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``arch`` | +| | - ``capacitybytes`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listStoragePoolObjects`` | **Response:** | +| ``removeNodesFromKubernetesCluster`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``snapshotname`` | +| | - ``csienabled`` | | | - ``templatename`` | -| | - ``volumename`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateVPC`` | **Response:** | +| ``updateHost`` | **Request:** | | | | | | *New Parameters:* | | | | -| | - ``asnumber`` | -| | - ``asnumberid`` | -| | - ``bgppeers`` | -| | - ``ip4routes`` | -| | - ``ip4routing`` | +| | - ``cleanupexternaldetails`` (optional) | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateVmNicIp`` | **Response:** | +| ``createBackupSchedule`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | +| | - ``isbackupvmexpunged`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateDiskOffering`` | **Response:** | +| ``addNodesToKubernetesCluster`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``suitableforvirtualmachine`` | +| | - ``csienabled`` | +| | - ``templatename`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``quotaTariffUpdate`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``position`` (optional) | -| | | -| | **Response:** | +| ``listKubernetesClusters`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``id`` | -| | - ``position`` | -| | | -| | *Removed Parameters:* | -| | | -| | - ``uuid`` | +| | - ``csienabled`` | +| | - ``templatename`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ | ``listCapabilities`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``allowuserforcestopvm`` | -| | - ``sharedfsvmmincpucount`` | -| | - ``sharedfsvmminramsize`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``checkVolume`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateDomain`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``taggedresources`` | +| | - ``additionalconfigenabled`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``detachVolume`` | **Response:** | +| ``createSnapshotPolicy`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``deleteprotection`` | +| | - ``volumename`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``findHostsForMigration`` | **Response:** | +| ``listStoragePools`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``explicithosttags`` | -| | - ``implicithosttags`` | +| | - ``capacitybytes`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``addNicToVirtualMachine`` | **Response:** | +| ``deleteLdapConfiguration`` | **Request:** | | | | | | *New Parameters:* | | | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listPublicIpAddresses`` | **Request:** | +| | - ``id`` (optional) | | | | -| | *New Parameters:* | +| | *Changed Parameters:* | | | | -| | - ``forsystemvms`` (optional) | +| | - ``hostname`` was 'required' and is now 'optional' | | | | | | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``forsystemvms`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateDefaultNicForVirtualMachine`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | +| | - ``id`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``copyTemplate`` | **Response:** | +| ``listBackups`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``arch`` | +| | - ``isbackupvmexpunged`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listNiciraNvpDeviceNetworks`` | **Response:** | +| ``upgradeKubernetesCluster`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``asnumber`` | -| | - ``asnumberid`` | -| | - ``bgppeers`` | -| | - ``ip4routes`` | -| | - ``ip4routing`` | +| | - ``csienabled`` | +| | - ``templatename`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``resizeVolume`` | **Response:** | +| ``listBackupProviderOfferings`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``deleteprotection`` | +| | - ``crosszoneinstancecreation`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``changeOfferingForVolume`` | **Response:** | +| ``importBackupOffering`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``deleteprotection`` | +| | - ``crosszoneinstancecreation`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateNetwork`` | **Response:** | +| ``updateBackupSchedule`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``asnumber`` | -| | - ``asnumberid`` | -| | - ``bgppeers`` | -| | - ``ip4routes`` | -| | - ``ip4routing`` | +| | - ``isbackupvmexpunged`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listUsageTypes`` | **Response:** | +| ``updateStoragePool`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``id`` | -| | - ``name`` | -| | | -| | *Removed Parameters:* | -| | | -| | - ``usagetypeid`` | +| | - ``capacitybytes`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``migrateVirtualMachine`` | **Response:** | +| ``listBackupRepositories`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | +| | - ``crosszoneinstancecreation`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``resetPasswordForVirtualMachine`` | **Response:** | +| ``listNetworks`` | **Request:** | | | | | | *New Parameters:* | | | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | +| | - ``name`` (optional) | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createVPC`` | **Request:** | +| ``listSnapshotPolicies`` | **Request:** | | | | | | *New Parameters:* | | | | -| | - ``asnumber`` (optional) | -| | - ``bgppeerids`` (optional) | -| | - ``cidrsize`` (optional) | -| | | -| | *Changed Parameters:* | -| | | -| | - ``cidr`` was 'required' and is now 'optional' | +| | - ``account`` (optional) | +| | - ``domainid`` (optional) | +| | - ``isrecursive`` (optional) | +| | - ``listall`` (optional) | +| | - ``projectid`` (optional) | | | | | | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``asnumber`` | -| | - ``asnumberid`` | -| | - ``bgppeers`` | -| | - ``ip4routes`` | -| | - ``ip4routing`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``detachIso`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``prepareHostForMaintenance`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` | -| | - ``explicithosttags`` | -| | - ``implicithosttags`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listVirtualMachines`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | +| | - ``volumename`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listDiskOfferings`` | **Request:** | +| ``listLdapConfigurations`` | **Request:** | | | | | | *New Parameters:* | | | | -| | - ``virtualmachineid`` (optional) | +| | - ``id`` (optional) | | | | | | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``suitableforvirtualmachine`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listProjects`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``taggedresources`` | +| | - ``id`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createAccount`` | **Response:** | +| ``listBackupOfferings`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``taggedresources`` | +| | - ``crosszoneinstancecreation`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``revertToVMSnapshot`` | **Response:** | +| ``scaleKubernetesCluster`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | +| | - ``csienabled`` | +| | - ``templatename`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``registerIso`` | **Request:** | +| ``addBackupRepository`` | **Request:** | | | | | | *New Parameters:* | | | | -| | - ``arch`` (optional) | +| | - ``crosszoneinstancecreation`` (optional) | | | | | | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``arch`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``cancelHostMaintenance`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` | -| | - ``explicithosttags`` | -| | - ``implicithosttags`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateZone`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``asnrange`` | -| | - ``ismultiarch`` | -| | - ``isnsxenabled`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listVlanIpRanges`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``fornsx`` | +| | - ``crosszoneinstancecreation`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listProjectAccounts`` | **Response:** | +| ``assignCertToLoadBalancer`` | **Request:** | | | | | | *New Parameters:* | | | | -| | - ``taggedresources`` | +| | - ``forced`` (optional) | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createDiskOffering`` | **Response:** | +| ``unmanageVirtualMachine`` | **Request:** | | | | | | *New Parameters:* | | | | -| | - ``suitableforvirtualmachine`` | +| | - ``forced`` (optional) | +| | - ``hostid`` (optional) | | | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``migrateVirtualMachineWithVolume`` | **Response:** | +| | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | +| | - ``hostid`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``attachVolume`` | **Response:** | +| ``updateBackupOffering`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``deleteprotection`` | +| | - ``crosszoneinstancecreation`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``addHost`` | **Response:** | +| ``updateStorageCapabilities`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``arch`` | -| | - ``explicithosttags`` | -| | - ``implicithosttags`` | +| | - ``capacitybytes`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateProject`` | **Response:** | +| ``listVirtualMachinesUsageHistory`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``taggedresources`` | +| | - ``stats(*)`` | | | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listZones`` | **Response:** | -| | | -| | *New Parameters:* | +| | *Removed Parameters:* | | | | -| | - ``asnrange`` | -| | - ``ismultiarch`` | -| | - ``isnsxenabled`` | +| | - ``stats`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listNetscalerLoadBalancerNetworks`` | **Response:** | +| ``createKubernetesCluster`` | **Request:** | | | | | | *New Parameters:* | | | | -| | - ``asnumber`` | -| | - ``asnumberid`` | -| | - ``bgppeers`` | -| | - ``ip4routes`` | -| | - ``ip4routing`` | +| | - ``enablecsi`` (optional) | | | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``migrateVolume`` | **Response:** | +| | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``deleteprotection`` | +| | - ``csienabled`` | +| | - ``templatename`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``migrateVPC`` | **Response:** | +| ``addLdapConfiguration`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``asnumber`` | -| | - ``asnumberid`` | -| | - ``bgppeers`` | -| | - ``ip4routes`` | -| | - ``ip4routing`` | +| | - ``id`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``dedicatePublicIpRange`` | **Response:** | +| ``getUploadParamsForTemplate`` | **Request:** | | | | | | *New Parameters:* | | | | -| | - ``fornsx`` | +| | - ``templatetype`` (optional) | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``recoverVirtualMachine`` | **Response:** | +| ``syncStoragePool`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | +| | - ``capacitybytes`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``cancelHostAsDegraded`` | **Response:** | +| ``listInfrastructure`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``arch`` | -| | - ``explicithosttags`` | -| | - ``implicithosttags`` | +| | - ``backuprepositories`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listBrocadeVcsDeviceNetworks`` | **Response:** | +| ``findStoragePoolsForMigration`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``asnumber`` | -| | - ``asnumberid`` | -| | - ``bgppeers`` | -| | - ``ip4routes`` | -| | - ``ip4routing`` | +| | - ``capacitybytes`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``importRole`` | **Response:** | +| ``createStoragePool`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``state`` | +| | - ``capacitybytes`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``quotaTariffCreate`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``position`` (optional) | -| | | -| | **Response:** | +| ``listSystemVmsUsageHistory`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``id`` | -| | - ``position`` | +| | - ``stats(*)`` | | | | | | *Removed Parameters:* | | | | -| | - ``uuid`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``suspendProject`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``taggedresources`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createZone`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``asnrange`` | -| | - ``ismultiarch`` | -| | - ``isnsxenabled`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listDomainChildren`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``taggedresources`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``importUnmanagedInstance`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``attachIso`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``generateUsageRecords`` | **Request:** | -| | | -| | *Changed Parameters:* | -| | | -| | - ``enddate`` was 'required' and is now 'optional' | -| | - ``startdate`` was 'required' and is now 'optional' | +| | - ``stats`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listAccounts`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``tag`` (optional) | -| | | -| | **Response:** | +| ``enableStorageMaintenance`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``taggedresources`` | +| | - ``capacitybytes`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``activateProject`` | **Response:** | +| ``cancelStorageMaintenance`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``taggedresources`` | +| | - ``capacitybytes`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``deleteVnfTemplate`` | **Request:** | +| ``updateSnapshotPolicy`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``issystem`` (optional) | +| | - ``volumename`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``addBaremetalHost`` | **Response:** | +| ``updateLoadBalancerRule`` | **Request:** | | | | | | *New Parameters:* | | | | -| | - ``arch`` | -| | - ``explicithosttags`` | -| | - ``implicithosttags`` | +| | - ``cidrlist`` (optional) | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``destroyVirtualMachine`` | **Response:** | +| ``startKubernetesCluster`` | **Response:** | | | | | | *New Parameters:* | | | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | +| | - ``csienabled`` | +| | - ``templatename`` | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``startVirtualMachine`` | **Response:** | +| ``listBackupSchedule`` | **Request:** | | | | | | *New Parameters:* | | | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listHosts`` | **Response:** | +| | - ``account`` (optional) | +| | - ``domainid`` (optional) | +| | - ``id`` (optional) | +| | - ``isrecursive`` (optional) | +| | - ``listall`` (optional) | +| | - ``projectid`` (optional) | | | | -| | *New Parameters:* | +| | *Changed Parameters:* | | | | -| | - ``arch`` | -| | - ``explicithosttags`` | -| | - ``implicithosttags`` | +| | - ``virtualmachineid`` was 'required' and is now 'optional' | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``moveDomain`` | **Response:** | +| ``importVm`` | **Request:** | | | | | | *New Parameters:* | | | | -| | - ``taggedresources`` | +| | - ``extraparams`` (optional) | +| | - ``forceconverttopool`` (optional) | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listNetworks`` | **Response:** | +| ``updateServiceOffering`` | **Request:** | | | | | | *New Parameters:* | | | | -| | - ``asnumber`` | -| | - ``asnumberid`` | -| | - ``bgppeers`` | -| | - ``ip4routes`` | -| | - ``ip4routing`` | +| | - ``cleanupexternaldetails`` (optional) | | | | +---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listAffinityGroups`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``dedicatedresources`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``reserveIpAddress`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``forsystemvms`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listVPCOfferings`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``fornsx`` | -| | - ``networkmode`` | -| | - ``routingmode`` | -| | - ``specifyasnumber`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``uploadVolume`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``lockAccount`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``taggedresources`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``changeServiceForVirtualMachine`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listTemplates`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createAffinityGroup`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``dedicatedresources`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``rebootVirtualMachine`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listVnfTemplates`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``deployVnfAppliance`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateNetworkOffering`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``fornsx`` | -| | - ``networkmode`` | -| | - ``routingmode`` | -| | - ``specifyasnumber`` | -| | - ``supportsinternallb`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createNetworkOffering`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``fornsx`` (optional) | -| | - ``networkmode`` (optional) | -| | - ``nsxsupportlb`` (optional) | -| | - ``nsxsupportsinternallb`` (optional) | -| | - ``routingmode`` (optional) | -| | - ``specifyasnumber`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``fornsx`` | -| | - ``networkmode`` | -| | - ``routingmode`` | -| | - ``specifyasnumber`` | -| | - ``supportsinternallb`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``quotaTariffList`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``id`` (optional) | -| | - ``listonlyremoved`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``id`` | -| | - ``position`` | -| | | -| | *Removed Parameters:* | -| | | -| | - ``uuid`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``destroyVolume`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createProject`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``taggedresources`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``markDefaultZoneForAccount`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``taggedresources`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listImageStoreObjects`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``snapshotname`` | -| | - ``templatename`` | -| | - ``volumename`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateIso`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``prepareTemplate`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createDomain`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``taggedresources`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``assignVolume`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createServiceOffering`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``purgeresources`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``purgeresources`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``assignVirtualMachine`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateTemplate`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` (optional) | -| | - ``templatetag`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createVlanIpRange`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``fornsx`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``fornsx`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listPaloAltoFirewallNetworks`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``asnumber`` | -| | - ``asnumberid`` | -| | - ``bgppeers`` | -| | - ``ip4routes`` | -| | - ``ip4routing`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateVolume`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateVirtualMachine`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateAccount`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``taggedresources`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``disableAccount`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``taggedresources`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listDomains`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``tag`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``taggedresources`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``resetUserDataForVirtualMachine`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``deleteTemplate`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``issystem`` (optional) | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``importVolume`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createTemplate`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``associateIpAddress`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``forsystemvms`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``resetSSHKeyForVirtualMachine`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``addKubernetesSupportedVersion`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` (optional) | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``linkUserDataToTemplate`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createRole`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``state`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateCluster`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listHostTags`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``isimplicit`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``deployVirtualMachine`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listVolumes`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createNetwork`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``asnumber`` (optional) | -| | - ``bgppeerids`` (optional) | -| | - ``cidrsize`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``asnumber`` | -| | - ``asnumberid`` | -| | - ``bgppeers`` | -| | - ``ip4routes`` | -| | - ``ip4routing`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listNetworkOfferings`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``routingmode`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``fornsx`` | -| | - ``networkmode`` | -| | - ``routingmode`` | -| | - ``specifyasnumber`` | -| | - ``supportsinternallb`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listVPCs`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``asnumber`` | -| | - ``asnumberid`` | -| | - ``bgppeers`` | -| | - ``ip4routes`` | -| | - ``ip4routing`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateVlanIpRange`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``fornsx`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listResourceLimits`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``tag`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``tag`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listIsos`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateRole`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``state`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``registerVnfTemplate`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``declareHostAsDegraded`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` | -| | - ``explicithosttags`` | -| | - ``implicithosttags`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateVMAffinityGroup`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``getUploadParamsForTemplate`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` (optional) | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateResourceCount`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``tag`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``tag`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listRoles`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``state`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``state`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``recoverVolume`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateIpAddress`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``forsystemvms`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``migrateNetwork`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``asnumber`` | -| | - ``asnumberid`` | -| | - ``bgppeers`` | -| | - ``ip4routes`` | -| | - ``ip4routing`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``registerTemplate`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listVnfAppliances`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``createVolume`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``removeSecondaryStorageSelector`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``displaytext`` | -| | - ``success`` | -| | | -| | *Removed Parameters:* | -| | | -| | - ``id`` | -| | - ``created`` | -| | - ``description`` | -| | - ``heuristicrule`` | -| | - ``name`` | -| | - ``removed`` | -| | - ``type`` | -| | - ``zoneid`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``addCluster`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``removeNicFromVirtualMachine`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``enableAccount`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``taggedresources`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``reconnectHost`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` | -| | - ``explicithosttags`` | -| | - ``implicithosttags`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateVnfTemplate`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` (optional) | -| | - ``templatetag`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``arch`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateVPCOffering`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``fornsx`` | -| | - ``networkmode`` | -| | - ``routingmode`` | -| | - ``specifyasnumber`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listServiceOfferings`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``templateid`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``purgeresources`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``importVm`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``listCapacity`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``tag`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``tag`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``stopVirtualMachine`` | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``deleteprotection`` | -| | - ``vmtype`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ -| ``updateServiceOffering`` | **Request:** | -| | | -| | *New Parameters:* | -| | | -| | - ``purgeresources`` (optional) | -| | | -| | **Response:** | -| | | -| | *New Parameters:* | -| | | -| | - ``purgeresources`` | -| | | -+---------------------------------------------+--------------------------------------------------------------------------------+ - - diff --git a/source/releasenotes/changes.rst b/source/releasenotes/changes.rst index 345e49ca8c..53c4232206 100644 --- a/source/releasenotes/changes.rst +++ b/source/releasenotes/changes.rst @@ -13,6 +13,1826 @@ specific language governing permissions and limitations under the License. +Changes in |release| since 4.21.0.0 +=================================== + +Apache CloudStack uses GitHub https://github.com/apache/cloudstack/milestone/37?closed=1 +to track its issues + + +.. cssclass:: table-striped table-bordered table-hover + + ++-------------------------+---------------+------------------------------------------------------------+ +| Version | Github | Description | ++=========================+===============+============================================================+ +| 4.22.0.0 | `#11944`_ | NAS BnR: Fix error in Restore and attach volume | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11926`_ | [PowerFlex] Fix the config 'powerflex.connect.on.demand' | +| | | description | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11902`_ | Fix CKS cluster creation not honoring the CKS ISO arch | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11909`_ | UI: Minor fix for extra params display for VMware to KVM | +| | | migration | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11908`_ | [VMware to KVM migration] Check source VM against the | +| | | selected offering | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11907`_ | Fix VMScheduler unit test for daylight saving time | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11651`_ | pre-commit add `chmod 644` manual hook for Markdown | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11870`_ | pre-commit auto add license headers for all Markdown files | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11065`_ | pre-commit: add oxipng a lossless PNG compression | +| | | optimizer | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11901`_ | Fix upgrade router template operation failure displayed on | +| | | the UI | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11900`_ | Avoid html escaping while saving vmsettings in | +| | | backup_details | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11892`_ | Fix: NPE thrown on VMware to KVM migration tasks listing | +| | | for removed VMs | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11896`_ | UI: Fix duplicate memory values on InfoCard view | +| | | conditions | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11887`_ | Fix OOB test failures in ci.yml github actions | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11873`_ | Update CI workflow to use Ubuntu 24.04 and comply to PEP | +| | | 625 | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11863`_ | Add erikbocks as a collaborator | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11856`_ | server: return extension path only to root admins | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11841`_ | Fixes for Import VM Tasks listing | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11318`_ | cloudutils: fix warning, error during kvm agent | +| | | installation | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10223`_ | Allow counters to be created with same name, provider and | +| | | source as a deleted one | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11823`_ | systemvm: fix duplicated "en_US.UTF-8 UTF-8" in | +| | | /etc/locale.gen | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11419`_ | Add support for CSI driver in CKS | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11624`_ | Routed: fix create network exception when auto-allocation | +| | | is disabled | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11754`_ | NAS BnR: Create Instance from Backup issues | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11822`_ | agent: increase timeout for host arch retrieval | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11836`_ | Fix volume copy from primary to primary in simulator | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11832`_ | update the developers guide link on the API page during | +| | | generation | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11786`_ | Support xz format for template registration | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11767`_ | server: consistent behaviour for list apis with project=-1 | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10423`_ | Add logs for host removal | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11766`_ | ui: Allow edit source CIDR on load balancer rule | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11413`_ | UI: Prevent exceptions when network service provider | +| | | that's disabled is viewed | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11548`_ | api,server,ui: allow cleaning up external details for host | +| | | and serviceoffering | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11688`_ | Standardize Markdown headings; enforce MD003 with | +| | | markdownlint | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11667`_ | pre-commit: enforce mixed-line-ending for all files | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11664`_ | Update GitHub Actions | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11665`_ | Remove misspelled file not found from rat excludes | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#9561`_ | Allow uploading of ISO for creating kubernetes supported | +| | | versions | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11781`_ | PR #11778 with changes for main branch | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11465`_ | UI: Add validator for CIDR being passed | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11662`_ | pre-commit: add hooks `check-illegal-windows-names` and | +| | | `file-content… | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10135`_ | Removal of UI blockage to access the | +| | | `changeOfferingForVolume` API | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11446`_ | server: enable KVM volume and VM snapshot by default | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11470`_ | api/server: list networks by name | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10212`_ | Enforce distinct hostnames network | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11680`_ | Markdown: add documentation on pre-commit usage | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11811`_ | importvm: fix IP address allocation on Shared networks | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11594`_ | VMware to KVM Migrations improvements | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11613`_ | Added Extension for MaaS integration in CloudStack | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11738`_ | UI: Move Backup Repository to Infrastructure (from | +| | | Configuration) | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11815`_ | ui: fix add host form state on submit | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11812`_ | UI: Fix for cluster addition in VMware | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11587`_ | API: Add support to list all snapshot policies & backup | +| | | schedules | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11625`_ | Migrate volume improvements, to bypass secondary storage | +| | | when copy volume between pools is allowed directly | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11782`_ | Delete template from storage pool instantly if no volume | +| | | is using it | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11589`_ | server: consistent domainpath in api responses | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11793`_ | update jetty | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11773`_ | storage: change storage pool to Up state when cancel | +| | | storage migration | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11801`_ | Sanitize the rbd file cmd parameter logs during qemu-img | +| | | convert (through Script) | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10282`_ | Add `Hypervisor default` as cache mode for disk offerings | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11760`_ | UI: Fix primary storage for datastore cluster and retain | +| | | traffic labels during zone deployment | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11488`_ | refactor: remove use of term entry-point from extensions | +| | | code base | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10533`_ | Deal with crosssite api call after login. | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11778`_ | systemvmtemplate: Bump Debian version to 12.12.0 | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10740`_ | Storage pool response improvements | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11654`_ | Add support for providing userdata to system VMs | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11722`_ | Fix to not enable the disabled local storage(s) on host | +| | | connection | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11541`_ | Make kvm domain persistent when unmanaged from CS | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11228`_ | server: add user.password.reset.smtp.useStartTLS and | +| | | enabledSecurityProtocols for password reset | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11684`_ | NAS backup provider: Support restore from backup to | +| | | volumes on Ceph storage pool(s), and take backup for | +| | | stopped instances with volumes on Ceph storage pool(s) | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11787`_ | linstor: use sparse/discard qemu-img convert on thin | +| | | devices | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10641`_ | VMware: match nic mac for ip address fetch | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10983`_ | Fixed and enhanced vlan field validation in the UI | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11735`_ | CKS: fix CKS creation on an existing Shared or Routed | +| | | network | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11771`_ | ui: fix overflow for value in DetailInput | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11522`_ | Fix removeUsage for backups | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11751`_ | Consider Instance in Starting state as well for allocation | +| | | algorithm | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11462`_ | Add UUID field for LDAP configuration | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11726`_ | Shared Filesystem support on Config Drive Networks | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11732`_ | Extensions: use home directory of cloud user instead of | +| | | /var/lib/cloudstack/management/ | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11639`_ | CKS: generate a random UUID as password of CKS user in | +| | | project | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11715`_ | Fix detection of Mi3xx GPUs | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11719`_ | UI support for extraconfig in deploy and update instance | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11753`_ | Fix importing unmanaged instances due to incorrect | +| | | internal name | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11741`_ | noVNC: make show dot configurable | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11720`_ | CKS: fix control plane endpoint IP | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11601`_ | extension/proxmox: add console access for instances | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10962`_ | systemvm: fix failed to get script version when patch | +| | | system vm or router | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11198`_ | server: set download volume format to qcow2 for KVM | +| | | volumes | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11546`_ | Add support EL10 & support java 21 for EL10 | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11560`_ | Create Instance from backup on another Zone (DRaaS use | +| | | case) | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11702`_ | ui: do not show admin only options to users while | +| | | registering template | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11687`_ | KVM: fix delete vm snapshot if it does not exist with a | +| | | Stopped vm | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11696`_ | LDAP: honour nested groups for MSAD | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11686`_ | Fix vpclimit count for listAcccount API response | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11530`_ | server: set VirtualMachineTO arch from template if present | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11640`_ | honor templateId passed in importVM API | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11666`_ | Mount the disabled storage pools by default | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11612`_ | ui: allow provisioning backups during instance deploy | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11659`_ | Fix VM import DB sequence issue on import failure | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#8452`_ | Cleanup allocated snapshots / vm snapshots, and update | +| | | pending ones to Error on MS start | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11259`_ | ui: fix build on latest Ubuntu and macOS | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11506`_ | Update gson date format for serializing/deserializing Date | +| | | in MS stats | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11682`_ | api,server: support templatetype when upload template from | +| | | local | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11681`_ | VR: consider NICs for remote access VPN when apply dhcp | +| | | entry | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10710`_ | [router] make a distinction between fatal errors, warnings | +| | | and unknown as healthcheck result | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11652`_ | Fix scaleKubernetesCluster API | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11017`_ | Add yamllint pre-commit hook for YAML file standardization | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11464`_ | Add cleanup for tiers dropdown on assignVirtualMachine API | +| | | form | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11676`_ | chore(markdown): use https on links | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11670`_ | use /prod/stat to get uptime instead of the uptime command | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11618`_ | Netris: Fix inactive VPCs deletion | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11663`_ | PULL_REQUEST_TEMPLATE standardize case of types of changes | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11284`_ | java: fix one typo in many files | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11285`_ | Fix spelling in Java and Python files; update the ignored | +| | | words list `codespell.txt` | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10150`_ | pre-commit add hook `check-shebang-scripts-are-executable` | +| | | for Shell | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11289`_ | misc: pre-commit auto remove unneeded trailing whitespace | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11415`_ | Move console proxy related global settings to Zone level | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11568`_ | Allow updating of Load Balancer source CIDR list | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#9793`_ | pre-commit: clean up Python flake8 excludes with black | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11300`_ | Add CodeQL Analysis for GitHub Actions | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11617`_ | Filter netris vNets only by VPC ID as filter by site isn't | +| | | working as expected on Netris end | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11569`_ | [KVM] Allow passing the OS type machine for KVM XML | +| | | domains through VM setting | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11410`_ | Add LB service to Custom Netris VPC/Network offerings | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11632`_ | Fix for No VMs start after Renew Host Security Keys due to | +| | | wrong qemu group reading | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11602`_ | [UI] Fix group disable action for compute and disk | +| | | offering | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11590`_ | ui: fix tab name in query params | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11389`_ | Fix NPE during VM IP fetch for shared networks | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11576`_ | ui: searchview change should only remove related query | +| | | params | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11406`_ | Add all workflow buttons to README | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11558`_ | server: check limit on correct store during snapshot | +| | | allocation | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11554`_ | ScaleIO/PowerFlex smoke tests improvements, and some fixes | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11614`_ | fix qemu-img path in cloudstack sudoers | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11468`_ | Improvement: SSL offloading with Virtual Router | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10735`_ | ssvm: use mgmt network if no storage network | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11598`_ | Fix transition exception when scaling Stopped k8s clusters | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11610`_ | Fix NPE in case host UEFI detail is not set on agent | +| | | connection | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11507`_ | Import KVM VM: Autodetect vlan id from bridge name | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10970`_ | IPv6 firewall: accept packets from related and established | +| | | connections | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#9305`_ | server: allow migration of vm with snapshots for vmware | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10869`_ | Change log level of AgentHandler#processRequest() | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11556`_ | server: allow adding non-overlapping ipv6 ranges in same | +| | | vlan | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11528`_ | CKS: Validate network offering from network if provided | +| | | rather than global setting | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11575`_ | ui: donot remove account, domain from query on public ip | +| | | filter change | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11314`_ | server: prevent vm schedule update failure for time when | +| | | not changed | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11218`_ | server,kvm: detect boot options for vm import | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10734`_ | 2fa: log error on totp mismatch | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11487`_ | Delete session after key expiration | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11361`_ | Make logout function more robust to prevent session issues | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11553`_ | [UI] Fix display of disk size and IOPS fields in the scale | +| | | VM form | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11557`_ | kvm: add ssvm storage nic null uri check during plug | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11543`_ | systemvm template: update URLs of debian ISOs | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11536`_ | ui: show multiple domains as links in list view | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11329`_ | server: remove extra chars when template status is error | +| | | string | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11485`_ | Don't show backup in list_capacity for dummy plugin or if | +| | | backup_framework is disabled | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10865`_ | ui: do not filter edge zones while registering | +| | | directdownload iso | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11134`_ | Update md5sum to sha512sum | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11489`_ | ui: fix extension path with name having special characters | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11230`_ | Added events for snapshots, vmsnapshots, internalLB | +| | | operations | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11540`_ | make server threads configurable with server.properties | +| | | file | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11542`_ | test: fix test_04_rvpc_network_garbage_collector_nics | +| | | failure | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11550`_ | [UI] Use update offering APIs to disable compute and disk | +| | | offerings | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11030`_ | .github: Update to JDK 17 in ci.yml and build.yml | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11136`_ | utils: add UuidUtils.nameUUIDFromBytes | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11135`_ | packaging: add pre-check.sh | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11379`_ | Remove Domain/IP from Password Reset Link to custom Global | +| | | Setting | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11469`_ | schema: Add upgrade path from 4.21.0.0 to 4.22.0.0 | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11537`_ | api: use single quote instead of double quote in | +| | | StatsResponse | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11532`_ | kvm: fix vm deployment with direct-download iso | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10152`_ | Add response object required by go SDK for parsing | +| | | response | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11243`_ | SG: Apply rules for both ipv4/ipv6 of VMs with associated | +| | | account/SG | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10545`_ | UI: Hide User Card from config.userCard.enabled option | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#10723`_ | Add logs to keystore-setup and fix password regex | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11518`_ | VPC VR: return UNKNOWN redundant state if no guest nics | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11466`_ | UI: Prevent restriction of changeOfferingForVolume API to | +| | | Admin role | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11504`_ | scripts: fix external provision to use correct power state | +| | | & hyperv powersync | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.22.0.0 | `#11516`_ | Fix for live migration of VM with config drive, on KVM | ++-------------------------+---------------+------------------------------------------------------------+ + +177 Issues listed + +.. _`#11944`: https://github.com/apache/cloudstack/pull/11944 +.. _`#11926`: https://github.com/apache/cloudstack/pull/11926 +.. _`#11902`: https://github.com/apache/cloudstack/pull/11902 +.. _`#11909`: https://github.com/apache/cloudstack/pull/11909 +.. _`#11908`: https://github.com/apache/cloudstack/pull/11908 +.. _`#11907`: https://github.com/apache/cloudstack/pull/11907 +.. _`#11651`: https://github.com/apache/cloudstack/pull/11651 +.. _`#11870`: https://github.com/apache/cloudstack/pull/11870 +.. _`#11065`: https://github.com/apache/cloudstack/pull/11065 +.. _`#11901`: https://github.com/apache/cloudstack/pull/11901 +.. _`#11900`: https://github.com/apache/cloudstack/pull/11900 +.. _`#11892`: https://github.com/apache/cloudstack/pull/11892 +.. _`#11896`: https://github.com/apache/cloudstack/pull/11896 +.. _`#11887`: https://github.com/apache/cloudstack/pull/11887 +.. _`#11873`: https://github.com/apache/cloudstack/pull/11873 +.. _`#11863`: https://github.com/apache/cloudstack/pull/11863 +.. _`#11856`: https://github.com/apache/cloudstack/pull/11856 +.. _`#11841`: https://github.com/apache/cloudstack/pull/11841 +.. _`#11318`: https://github.com/apache/cloudstack/pull/11318 +.. _`#10223`: https://github.com/apache/cloudstack/pull/10223 +.. _`#11823`: https://github.com/apache/cloudstack/pull/11823 +.. _`#11419`: https://github.com/apache/cloudstack/pull/11419 +.. _`#11624`: https://github.com/apache/cloudstack/pull/11624 +.. _`#11754`: https://github.com/apache/cloudstack/pull/11754 +.. _`#11822`: https://github.com/apache/cloudstack/pull/11822 +.. _`#11836`: https://github.com/apache/cloudstack/pull/11836 +.. _`#11832`: https://github.com/apache/cloudstack/pull/11832 +.. _`#11786`: https://github.com/apache/cloudstack/pull/11786 +.. _`#11767`: https://github.com/apache/cloudstack/pull/11767 +.. _`#10423`: https://github.com/apache/cloudstack/pull/10423 +.. _`#11766`: https://github.com/apache/cloudstack/pull/11766 +.. _`#11413`: https://github.com/apache/cloudstack/pull/11413 +.. _`#11548`: https://github.com/apache/cloudstack/pull/11548 +.. _`#11688`: https://github.com/apache/cloudstack/pull/11688 +.. _`#11667`: https://github.com/apache/cloudstack/pull/11667 +.. _`#11664`: https://github.com/apache/cloudstack/pull/11664 +.. _`#11665`: https://github.com/apache/cloudstack/pull/11665 +.. _`#9561`: https://github.com/apache/cloudstack/pull/9561 +.. _`#11781`: https://github.com/apache/cloudstack/pull/11781 +.. _`#11465`: https://github.com/apache/cloudstack/pull/11465 +.. _`#11662`: https://github.com/apache/cloudstack/pull/11662 +.. _`#10135`: https://github.com/apache/cloudstack/pull/10135 +.. _`#11446`: https://github.com/apache/cloudstack/pull/11446 +.. _`#11470`: https://github.com/apache/cloudstack/pull/11470 +.. _`#10212`: https://github.com/apache/cloudstack/pull/10212 +.. _`#11680`: https://github.com/apache/cloudstack/pull/11680 +.. _`#11811`: https://github.com/apache/cloudstack/pull/11811 +.. _`#11594`: https://github.com/apache/cloudstack/pull/11594 +.. _`#11613`: https://github.com/apache/cloudstack/pull/11613 +.. _`#11738`: https://github.com/apache/cloudstack/pull/11738 +.. _`#11815`: https://github.com/apache/cloudstack/pull/11815 +.. _`#11812`: https://github.com/apache/cloudstack/pull/11812 +.. _`#11587`: https://github.com/apache/cloudstack/pull/11587 +.. _`#11625`: https://github.com/apache/cloudstack/pull/11625 +.. _`#11782`: https://github.com/apache/cloudstack/pull/11782 +.. _`#11589`: https://github.com/apache/cloudstack/pull/11589 +.. _`#11793`: https://github.com/apache/cloudstack/pull/11793 +.. _`#11773`: https://github.com/apache/cloudstack/pull/11773 +.. _`#11801`: https://github.com/apache/cloudstack/pull/11801 +.. _`#10282`: https://github.com/apache/cloudstack/pull/10282 +.. _`#11760`: https://github.com/apache/cloudstack/pull/11760 +.. _`#11488`: https://github.com/apache/cloudstack/pull/11488 +.. _`#10533`: https://github.com/apache/cloudstack/pull/10533 +.. _`#11778`: https://github.com/apache/cloudstack/pull/11778 +.. _`#10740`: https://github.com/apache/cloudstack/pull/10740 +.. _`#11654`: https://github.com/apache/cloudstack/pull/11654 +.. _`#11722`: https://github.com/apache/cloudstack/pull/11722 +.. _`#11541`: https://github.com/apache/cloudstack/pull/11541 +.. _`#11228`: https://github.com/apache/cloudstack/pull/11228 +.. _`#11684`: https://github.com/apache/cloudstack/pull/11684 +.. _`#11787`: https://github.com/apache/cloudstack/pull/11787 +.. _`#10641`: https://github.com/apache/cloudstack/pull/10641 +.. _`#10983`: https://github.com/apache/cloudstack/pull/10983 +.. _`#11735`: https://github.com/apache/cloudstack/pull/11735 +.. _`#11771`: https://github.com/apache/cloudstack/pull/11771 +.. _`#11522`: https://github.com/apache/cloudstack/pull/11522 +.. _`#11751`: https://github.com/apache/cloudstack/pull/11751 +.. _`#11462`: https://github.com/apache/cloudstack/pull/11462 +.. _`#11726`: https://github.com/apache/cloudstack/pull/11726 +.. _`#11732`: https://github.com/apache/cloudstack/pull/11732 +.. _`#11639`: https://github.com/apache/cloudstack/pull/11639 +.. _`#11715`: https://github.com/apache/cloudstack/pull/11715 +.. _`#11719`: https://github.com/apache/cloudstack/pull/11719 +.. _`#11753`: https://github.com/apache/cloudstack/pull/11753 +.. _`#11741`: https://github.com/apache/cloudstack/pull/11741 +.. _`#11720`: https://github.com/apache/cloudstack/pull/11720 +.. _`#11601`: https://github.com/apache/cloudstack/pull/11601 +.. _`#10962`: https://github.com/apache/cloudstack/pull/10962 +.. _`#11198`: https://github.com/apache/cloudstack/pull/11198 +.. _`#11546`: https://github.com/apache/cloudstack/pull/11546 +.. _`#11560`: https://github.com/apache/cloudstack/pull/11560 +.. _`#11702`: https://github.com/apache/cloudstack/pull/11702 +.. _`#11687`: https://github.com/apache/cloudstack/pull/11687 +.. _`#11696`: https://github.com/apache/cloudstack/pull/11696 +.. _`#11686`: https://github.com/apache/cloudstack/pull/11686 +.. _`#11530`: https://github.com/apache/cloudstack/pull/11530 +.. _`#11640`: https://github.com/apache/cloudstack/pull/11640 +.. _`#11666`: https://github.com/apache/cloudstack/pull/11666 +.. _`#11612`: https://github.com/apache/cloudstack/pull/11612 +.. _`#11659`: https://github.com/apache/cloudstack/pull/11659 +.. _`#8452`: https://github.com/apache/cloudstack/pull/8452 +.. _`#11259`: https://github.com/apache/cloudstack/pull/11259 +.. _`#11506`: https://github.com/apache/cloudstack/pull/11506 +.. _`#11682`: https://github.com/apache/cloudstack/pull/11682 +.. _`#11681`: https://github.com/apache/cloudstack/pull/11681 +.. _`#10710`: https://github.com/apache/cloudstack/pull/10710 +.. _`#11652`: https://github.com/apache/cloudstack/pull/11652 +.. _`#11017`: https://github.com/apache/cloudstack/pull/11017 +.. _`#11464`: https://github.com/apache/cloudstack/pull/11464 +.. _`#11676`: https://github.com/apache/cloudstack/pull/11676 +.. _`#11670`: https://github.com/apache/cloudstack/pull/11670 +.. _`#11618`: https://github.com/apache/cloudstack/pull/11618 +.. _`#11663`: https://github.com/apache/cloudstack/pull/11663 +.. _`#11284`: https://github.com/apache/cloudstack/pull/11284 +.. _`#11285`: https://github.com/apache/cloudstack/pull/11285 +.. _`#10150`: https://github.com/apache/cloudstack/pull/10150 +.. _`#11289`: https://github.com/apache/cloudstack/pull/11289 +.. _`#11415`: https://github.com/apache/cloudstack/pull/11415 +.. _`#11568`: https://github.com/apache/cloudstack/pull/11568 +.. _`#9793`: https://github.com/apache/cloudstack/pull/9793 +.. _`#11300`: https://github.com/apache/cloudstack/pull/11300 +.. _`#11617`: https://github.com/apache/cloudstack/pull/11617 +.. _`#11569`: https://github.com/apache/cloudstack/pull/11569 +.. _`#11410`: https://github.com/apache/cloudstack/pull/11410 +.. _`#11632`: https://github.com/apache/cloudstack/pull/11632 +.. _`#11602`: https://github.com/apache/cloudstack/pull/11602 +.. _`#11590`: https://github.com/apache/cloudstack/pull/11590 +.. _`#11389`: https://github.com/apache/cloudstack/pull/11389 +.. _`#11576`: https://github.com/apache/cloudstack/pull/11576 +.. _`#11406`: https://github.com/apache/cloudstack/pull/11406 +.. _`#11558`: https://github.com/apache/cloudstack/pull/11558 +.. _`#11554`: https://github.com/apache/cloudstack/pull/11554 +.. _`#11614`: https://github.com/apache/cloudstack/pull/11614 +.. _`#11468`: https://github.com/apache/cloudstack/pull/11468 +.. _`#10735`: https://github.com/apache/cloudstack/pull/10735 +.. _`#11598`: https://github.com/apache/cloudstack/pull/11598 +.. _`#11610`: https://github.com/apache/cloudstack/pull/11610 +.. _`#11507`: https://github.com/apache/cloudstack/pull/11507 +.. _`#10970`: https://github.com/apache/cloudstack/pull/10970 +.. _`#9305`: https://github.com/apache/cloudstack/pull/9305 +.. _`#10869`: https://github.com/apache/cloudstack/pull/10869 +.. _`#11556`: https://github.com/apache/cloudstack/pull/11556 +.. _`#11528`: https://github.com/apache/cloudstack/pull/11528 +.. _`#11575`: https://github.com/apache/cloudstack/pull/11575 +.. _`#11314`: https://github.com/apache/cloudstack/pull/11314 +.. _`#11218`: https://github.com/apache/cloudstack/pull/11218 +.. _`#10734`: https://github.com/apache/cloudstack/pull/10734 +.. _`#11487`: https://github.com/apache/cloudstack/pull/11487 +.. _`#11361`: https://github.com/apache/cloudstack/pull/11361 +.. _`#11553`: https://github.com/apache/cloudstack/pull/11553 +.. _`#11557`: https://github.com/apache/cloudstack/pull/11557 +.. _`#11543`: https://github.com/apache/cloudstack/pull/11543 +.. _`#11536`: https://github.com/apache/cloudstack/pull/11536 +.. _`#11329`: https://github.com/apache/cloudstack/pull/11329 +.. _`#11485`: https://github.com/apache/cloudstack/pull/11485 +.. _`#10865`: https://github.com/apache/cloudstack/pull/10865 +.. _`#11134`: https://github.com/apache/cloudstack/pull/11134 +.. _`#11489`: https://github.com/apache/cloudstack/pull/11489 +.. _`#11230`: https://github.com/apache/cloudstack/pull/11230 +.. _`#11540`: https://github.com/apache/cloudstack/pull/11540 +.. _`#11542`: https://github.com/apache/cloudstack/pull/11542 +.. _`#11550`: https://github.com/apache/cloudstack/pull/11550 +.. _`#11030`: https://github.com/apache/cloudstack/pull/11030 +.. _`#11136`: https://github.com/apache/cloudstack/pull/11136 +.. _`#11135`: https://github.com/apache/cloudstack/pull/11135 +.. _`#11379`: https://github.com/apache/cloudstack/pull/11379 +.. _`#11469`: https://github.com/apache/cloudstack/pull/11469 +.. _`#11537`: https://github.com/apache/cloudstack/pull/11537 +.. _`#11532`: https://github.com/apache/cloudstack/pull/11532 +.. _`#10152`: https://github.com/apache/cloudstack/pull/10152 +.. _`#11243`: https://github.com/apache/cloudstack/pull/11243 +.. _`#10545`: https://github.com/apache/cloudstack/pull/10545 +.. _`#10723`: https://github.com/apache/cloudstack/pull/10723 +.. _`#11518`: https://github.com/apache/cloudstack/pull/11518 +.. _`#11466`: https://github.com/apache/cloudstack/pull/11466 +.. _`#11504`: https://github.com/apache/cloudstack/pull/11504 +.. _`#11516`: https://github.com/apache/cloudstack/pull/11516 + +Changes in |release| since 4.20.1.0 +=================================== + +Apache CloudStack uses GitHub https://github.com/apache/cloudstack/milestone/35?closed=1 +to track its issues + +.. cssclass:: table-striped table-bordered table-hover + + ++-------------------------+---------------+------------------------------------------------------------+ +| Version | Github | Description | ++=========================+===============+============================================================+ +| 4.21.0.0 | `#11490`_ | Fix of create a template from a StorPool snapshot on | +| | | another zone | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11457`_ | Fix deployment of CKS clusters in Basic zone | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11463`_ | Remove non-existent network service provider from UI | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11455`_ | Update error message when no snapshot strategy is found | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11458`_ | Fix for PowerFlex MDM configuration on host while | +| | | preparing the SDC connection | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11452`_ | Fix for create template from snapshot (for snapshots on | +| | | primary storage and storage doesn't support create | +| | | snapshot to template directly) | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10964`_ | [KVM] CPU Features for System VMs | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11448`_ | Fix snapshot physical size listing | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11450`_ | Proxmox: fix restore snapshot with memory | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11397`_ | linstor: fix getVolumeStats if multiple Linstor primary | +| | | storages are used | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11133`_ | server: fix conserve_mode of | +| | | DefaultIsolatedNetworkOfferingForVpcNetworks | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11435`_ | Exclude External hypervisor type during upgrade for System | +| | | VM template checks | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11401`_ | UI: fix addHost error in zone creation wizard | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11432`_ | Add support for nvidia vGPU support with vendor specific | +| | | framework | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10485`_ | Fix ConfigurationVO load exception after schema change | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11393`_ | ui: make vpc cidr required when not showing cidrsize | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10645`_ | Network rate must be multiplied by 125 not 128 | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11418`_ | noVNC: Show a dot cursor when the cursor is not visible | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11427`_ | UI: Fix duplicate edit zone button on Basic zones | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11417`_ | Fix edit of compute offering in UI | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11062`_ | api: fix scale or upgrade systemvm | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11404`_ | [UI] Fix zone creation wizard stuck on configuring public | +| | | traffic | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11351`_ | Fix of deployment VM from a copied snapshot in another | +| | | zone | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11386`_ | get forward header for proxies and apply it in Jetty | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11392`_ | cleanup: remove com.cloud.user.MockAccountManagerImpl | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11242`_ | server: fix vm deployment without networkid in a zone with | +| | | shared networks | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11376`_ | Agent connection improvements | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10860`_ | Fix infrastructure leak on exception while | +| | | attaching/detaching volumes in VMware | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11388`_ | Fix create statement for safer upgrades | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11384`_ | Remove volume size check in restoreBackupToVM | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11373`_ | juniper-contrail: publish events only for the module | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#9733`_ | custom AccessLogger | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#9478`_ | Support of snapshot copy to primary storage in different | +| | | zones. | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11366`_ | fix storage pool capacity threshold flag | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11197`_ | Handle project delete in details view | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11315`_ | ui: pass validated storagepolicy for swift store | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11380`_ | plugin-swift: handle null cache store | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11298`_ | added online/offline copy method for Primera storage | +| | | adapter | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11181`_ | Improve volume backup restoration log | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11115`_ | ceph: fix SignatureDoesNotMatch by using correct secret | +| | | key when create bucket | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11372`_ | cloud.spec: provide option between tzdata-java and | +| | | timezone-java | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11377`_ | Netris: Fix Netris provider parameter name and response | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11016`_ | API to list console sessions | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11374`_ | Fix failing simulator vgpu test | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11349`_ | ui: fix initial pagination for images in deploy forms | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11254`_ | agent: increase timeout for host arch retrieval | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11369`_ | ui: update project menu on projects change | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11370`_ | ui: fix api type in InfiniteScrollSelect | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11291`_ | Update System VM template Guest OS version | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11355`_ | api,server,ui: allow listing events by state | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11164`_ | UI support for deploy a VM from volume/snapshot | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11107`_ | Refactoring smoke tests | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11340`_ | Fix GPU discovery script to make it run with mdev for | +| | | SR-IOV enabled devices | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11313`_ | Show chain size in snapshot response for incremental | +| | | snapshots | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11353`_ | UI: Fix cpu & memory details on list view for unmanaged | +| | | k8s clusters (CAPC) | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10946`_ | Find system VM templates for CKS clusters and SharedFS | +| | | honouring the preferred architecture | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11177`_ | Allow full clone volumes with thin provisioning | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11070`_ | fix fsvm-init.yml to detect virtio-scsi in kvm | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10140`_ | Create new Instance from VM backup | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10902`_ | Selected update traffic type based on chosen traffic type | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11337`_ | ui: fix delete traffic type | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11354`_ | [UI] Use GET request method for list API calls | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11352`_ | API: Set Object name when expunging VM | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11343`_ | Support to list templates in ready state (new API | +| | | parameter 'isready', similar to list ISOs) | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11330`_ | Shutdown MS maintenance jobs when finished | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11223`_ | Refactoring retention of backup schedules | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11142`_ | UI: Display NSX Provider only when NSX is the selected | +| | | Isolation method | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11316`_ | Fix listCapacity sort by usage | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11342`_ | kvm: fix regression | +| | | 5a52ca78ae5e165211c618525613c3d62cfd1b28 | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11317`_ | ui: make events tab selected columns persistent using | +| | | cache | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11245`_ | kvm, ui: fix interface when using vlan subnet for storage | +| | | traffic type | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11306`_ | ui: fix advance setting behaviour in autoscale form | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11332`_ | Fix build and ui build errors in main | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11119`_ | Upgrade noVNC from 1.4.0 to 1.6.0 | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11310`_ | server: fix IllegalMonitorStateException on cluster | +| | | managedstate change | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11328`_ | ui: fix volume size not showing | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11068`_ | [Multi-Arch] Select Template Arch when creating template | +| | | from volume | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11249`_ | Update CIDR/Gateway of the Shared Networks from Guest IP | +| | | ranges | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11143`_ | Feature: Add support for GPU with KVM hosts | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11311`_ | README: add `Contributors Avatars` and `Star History` | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11244`_ | Prevent infinite autoscaling | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11303`_ | api,server,extensions: allow updating extension resource | +| | | map details | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11200`_ | Fix local storage pool disconnect issue | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11307`_ | ui: fix NAN% used memory for vm | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11302`_ | server: fix NaN metrics for external resources | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11309`_ | [UI] Fix for local storage enable/disable toggle in edit | +| | | zone | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11042`_ | Add unit tests for getConfigResources in | +| | | ModuleDefinitionSet and improve context readability | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11237`_ | Prevent multi-select dropdown menu from floating on | +| | | scrolling through the form | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11239`_ | [DB] Add force recreate parameter to | +| | | cloudstack-setup-databases script | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#9752`_ | Extensions Framework & Orchestrate Anything | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11232`_ | ui: fix compute offering edit | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11195`_ | [UI] Add dedicated account field dropdown on zone creation | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11292`_ | schema,framework/db,server: fix user_vm_details usage | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10986`_ | [CKS] Create Kubernetes ISO support for ARCH optional | +| | | parameter | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11220`_ | Mark LDAP user query timeout as incorrect login instead of | +| | | disabling user immediately | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11210`_ | Allow custom NTP servers for CPVM | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11053`_ | linstor: Use template's uuid if pool's downloadPath is | +| | | null as resour… | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10458`_ | Netris Network Plugin Integration with CloudStack | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11264`_ | Validate qcow2 file during import operation | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11256`_ | Config 'vm.network.nic.max.secondary.ipaddresses' - Update | +| | | default value (and value if not set) to 10 as per the | +| | | config description and default value in parseInt of the | +| | | config | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11276`_ | Fix pre-commit warnings for deprecated stage names | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10975`_ | [Vmware to KVM Migration] Preserve boot type and boot mode | +| | | of instances to be migrated | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10856`_ | polish: Fix some inconsistencies in object names and | +| | | messages | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10935`_ | UI: Add option to Login to a specific Project view via | +| | | setting on config.json | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11221`_ | console: optimise buffer sizes for faster console | +| | | performance | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11207`_ | [UI] Deploy VM: Restore preselection of the first | +| | | available template | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10736`_ | schema, refactor: rename cloud.user_vm_details to | +| | | cloud.vm_instance_details | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11102`_ | UI: Fix missing labels | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10966`_ | misc: fix typo `sercurity` -> `security` | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11075`_ | UI: Fix OS Type displayed for a VM | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11087`_ | list only own zones for resource admin | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11086`_ | Fix for dynamic scaling toggle for instance | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11064`_ | pre-commit: add gitleaks to detect hardcoded secrets | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11067`_ | Fix HTML license; standardize HTML code | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11066`_ | pre-commit: upgrade markdownlint to the latest version | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11265`_ | add since parameter to BackupScheduleResponse | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11258`_ | Fix restore from NAS backup when datadisk is older than | +| | | the root disk. | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11204`_ | NAS backup provider: Support backup and restore with | +| | | Shared mount point primary storage. | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11093`_ | Object storage browser: Get Content-Type from the file | +| | | extension during upload | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11196`_ | OVM deprecation | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11261`_ | UI: Fix ISO Hypervisor selection | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11222`_ | Fix deletion of backup schedules | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10857`_ | Add special Icon to Shared FileSystem Instances | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11211`_ | Fix to create instances with smaller templates (< 1 GB) on | +| | | PowerFlex/ScaleIO storage | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11215`_ | Guard OS type update for iso/template with existing vms | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11180`_ | Fix KVM incremental snapshot removal when using multiple | +| | | secondary storages | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11214`_ | Add format and physicalsize in listIsoOs api response | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10879`_ | Handle exception for decoder while uploading ISO from | +| | | local | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11138`_ | Fix update resource count failure for domains | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11231`_ | Update .asf.yaml: remove new committer Bernardo | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11054`_ | npe guard for get host info on vmware | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10917`_ | kvm: consider Debian same as Ubuntu | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11101`_ | UI: Fix traffic Label on Zone creation wizard for VMware | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11179`_ | List templates and ISOs by domain | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10947`_ | Allow populating generic templates during Zone Deployment | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11099`_ | PowerFlex/ScaleIO - Wait after SDC service | +| | | start/restart/stop, and retry to fetch SDC id/guid | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10632`_ | File-based disk-only VM snapshot with KVM as hypervisor | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11097`_ | Usage parsers refactoring | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11047`_ | PowerFlex/ScaleIO - MDM and host SDC connection | +| | | enhancements | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11063`_ | [CKS] Simplify logic for scaling CKS cluster service | +| | | offerings | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11191`_ | UI fix api in project view | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11128`_ | systemvm: build 4.20.2 template with 'depmod -a' | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10997`_ | CPU to Memory weight based algorithm to order cluster | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#8942`_ | GUI whitelabel runtime system | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10575`_ | Hide CloudStack version from XML response when | +| | | unauthenticated | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10848`_ | Remove unfinished usage job entries of the host on start | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10503`_ | KVM: Option to deploy a VM with existing volume/snapshot | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11109`_ | fix priority for volume copy operation | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11171`_ | schema: fix missing columns index | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10504`_ | Refactor: Replace sleep() with wait() | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10576`_ | Inefficient use of a for loop | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11170`_ | Improve error when a template to owned by non root-admin | +| | | is registered for all zones. | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11158`_ | .github: restrict codecov in UI build to apache/cloudstack | +| | | repo | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11168`_ | UI: Fix volumes `SearchView` | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11091`_ | [Vmware to KVM Migration] Fix issue with vCenter | +| | | Standalone hosts for VM listing | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11113`_ | directdownload: fix keytool importcert | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10951`_ | Allow configuring Announcement banner by admin | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10899`_ | Support ApiServer to enforce POST requests for state | +| | | changing APIs and requests with timestamps | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10778`_ | Normalize naming of Kubernetes clusters | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10325`_ | Add API command remove management server | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11003`_ | [VMware to KVM Migration] Fix for converted instance NPE | +| | | issue when source VMware instance OVF is exported from | +| | | management server | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11116`_ | ui: fix handler for deploy button menu | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11095`_ | server: fix orphan db transaction issue | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11085`_ | Corrected quota type indexes | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10995`_ | Management Server - Prepare for Maintenance and Cancel | +| | | Maintenance improvements | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11106`_ | Do not rely on Memory engine in DB setup scripts | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11004`_ | Block volume shrink on Xen | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11069`_ | Support Direct Download on Ceph primary storage | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11060`_ | ui: fix missing changes from #10814 | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11019`_ | [Vmware to KVM Migration] Display virt-v2v and ovftool | +| | | versions for supported hosts for migration | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11035`_ | [Vmware to KVM Migration] Improve the Force MS option text | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11057`_ | docs: Update INSTALL.md for frontend build instructions | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11055`_ | Add check for ldap truststore password | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#9102`_ | CKS Enhancements | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11040`_ | Changes baseurl for downloading kubectl | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#9277`_ | Add access modifiers to `VirtualMachineTO` | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11025`_ | docs: revise INSTALL.md with updated Maven setup | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11013`_ | Remove test/selenium/ test/src-not-used/ | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10475`_ | Fix volume allocation logs | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10077`_ | enabled discard option | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#9833`_ | StorPool: support for direct download | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10896`_ | Check Qcow2 version before using --bitmaps | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10987`_ | Fix data being replicated on VM's metadata file in VR | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#9969`_ | Add parameter to not create additional users on | +| | | `cloudstack-setup-databases` | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11011`_ | engine-schema: fix naming for AlmaLinux | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11012`_ | docs: fix outdated Maven subtitle in INSTALL.md | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11001`_ | engine-schema: fix duplicate statements in upgrade path | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#11010`_ | ui: fix build after forward merge | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10587`_ | StorPool added device ID tag to the StorPool volumes | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10663`_ | Accept case insensitive values in boolean settings | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10773`_ | ui,api,server: template categorization based on os | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10814`_ | ui: show deploy/create button on right info pane | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10949`_ | ui: missing changes from #10115 | ++-------------------------+---------------+------------------------------------------------------------+ +| 4.21.0.0 | `#10769`_ | Log previous and new value of configuration when | +| | | reset/update API is called | ++-------------------------+---------------+------------------------------------------------------------+ + +194 Issues listed + +.. _`#11490`: https://github.com/apache/cloudstack/pull/11490 +.. _`#11457`: https://github.com/apache/cloudstack/pull/11457 +.. _`#11463`: https://github.com/apache/cloudstack/pull/11463 +.. _`#11455`: https://github.com/apache/cloudstack/pull/11455 +.. _`#11458`: https://github.com/apache/cloudstack/pull/11458 +.. _`#11452`: https://github.com/apache/cloudstack/pull/11452 +.. _`#10964`: https://github.com/apache/cloudstack/pull/10964 +.. _`#11448`: https://github.com/apache/cloudstack/pull/11448 +.. _`#11450`: https://github.com/apache/cloudstack/pull/11450 +.. _`#11397`: https://github.com/apache/cloudstack/pull/11397 +.. _`#11133`: https://github.com/apache/cloudstack/pull/11133 +.. _`#11435`: https://github.com/apache/cloudstack/pull/11435 +.. _`#11401`: https://github.com/apache/cloudstack/pull/11401 +.. _`#11432`: https://github.com/apache/cloudstack/pull/11432 +.. _`#10485`: https://github.com/apache/cloudstack/pull/10485 +.. _`#11393`: https://github.com/apache/cloudstack/pull/11393 +.. _`#10645`: https://github.com/apache/cloudstack/pull/10645 +.. _`#11418`: https://github.com/apache/cloudstack/pull/11418 +.. _`#11427`: https://github.com/apache/cloudstack/pull/11427 +.. _`#11417`: https://github.com/apache/cloudstack/pull/11417 +.. _`#11062`: https://github.com/apache/cloudstack/pull/11062 +.. _`#11404`: https://github.com/apache/cloudstack/pull/11404 +.. _`#11351`: https://github.com/apache/cloudstack/pull/11351 +.. _`#11386`: https://github.com/apache/cloudstack/pull/11386 +.. _`#11392`: https://github.com/apache/cloudstack/pull/11392 +.. _`#11242`: https://github.com/apache/cloudstack/pull/11242 +.. _`#11376`: https://github.com/apache/cloudstack/pull/11376 +.. _`#10860`: https://github.com/apache/cloudstack/pull/10860 +.. _`#11388`: https://github.com/apache/cloudstack/pull/11388 +.. _`#11384`: https://github.com/apache/cloudstack/pull/11384 +.. _`#11373`: https://github.com/apache/cloudstack/pull/11373 +.. _`#9733`: https://github.com/apache/cloudstack/pull/9733 +.. _`#9478`: https://github.com/apache/cloudstack/pull/9478 +.. _`#11366`: https://github.com/apache/cloudstack/pull/11366 +.. _`#11197`: https://github.com/apache/cloudstack/pull/11197 +.. _`#11315`: https://github.com/apache/cloudstack/pull/11315 +.. _`#11380`: https://github.com/apache/cloudstack/pull/11380 +.. _`#11298`: https://github.com/apache/cloudstack/pull/11298 +.. _`#11181`: https://github.com/apache/cloudstack/pull/11181 +.. _`#11115`: https://github.com/apache/cloudstack/pull/11115 +.. _`#11372`: https://github.com/apache/cloudstack/pull/11372 +.. _`#11377`: https://github.com/apache/cloudstack/pull/11377 +.. _`#11016`: https://github.com/apache/cloudstack/pull/11016 +.. _`#11374`: https://github.com/apache/cloudstack/pull/11374 +.. _`#11349`: https://github.com/apache/cloudstack/pull/11349 +.. _`#11254`: https://github.com/apache/cloudstack/pull/11254 +.. _`#11369`: https://github.com/apache/cloudstack/pull/11369 +.. _`#11370`: https://github.com/apache/cloudstack/pull/11370 +.. _`#11291`: https://github.com/apache/cloudstack/pull/11291 +.. _`#11355`: https://github.com/apache/cloudstack/pull/11355 +.. _`#11164`: https://github.com/apache/cloudstack/pull/11164 +.. _`#11107`: https://github.com/apache/cloudstack/pull/11107 +.. _`#11340`: https://github.com/apache/cloudstack/pull/11340 +.. _`#11313`: https://github.com/apache/cloudstack/pull/11313 +.. _`#11353`: https://github.com/apache/cloudstack/pull/11353 +.. _`#10946`: https://github.com/apache/cloudstack/pull/10946 +.. _`#11177`: https://github.com/apache/cloudstack/pull/11177 +.. _`#11070`: https://github.com/apache/cloudstack/pull/11070 +.. _`#10140`: https://github.com/apache/cloudstack/pull/10140 +.. _`#10902`: https://github.com/apache/cloudstack/pull/10902 +.. _`#11337`: https://github.com/apache/cloudstack/pull/11337 +.. _`#11354`: https://github.com/apache/cloudstack/pull/11354 +.. _`#11352`: https://github.com/apache/cloudstack/pull/11352 +.. _`#11343`: https://github.com/apache/cloudstack/pull/11343 +.. _`#11330`: https://github.com/apache/cloudstack/pull/11330 +.. _`#11223`: https://github.com/apache/cloudstack/pull/11223 +.. _`#11142`: https://github.com/apache/cloudstack/pull/11142 +.. _`#11316`: https://github.com/apache/cloudstack/pull/11316 +.. _`#11342`: https://github.com/apache/cloudstack/pull/11342 +.. _`#11317`: https://github.com/apache/cloudstack/pull/11317 +.. _`#11245`: https://github.com/apache/cloudstack/pull/11245 +.. _`#11306`: https://github.com/apache/cloudstack/pull/11306 +.. _`#11332`: https://github.com/apache/cloudstack/pull/11332 +.. _`#11119`: https://github.com/apache/cloudstack/pull/11119 +.. _`#11310`: https://github.com/apache/cloudstack/pull/11310 +.. _`#11328`: https://github.com/apache/cloudstack/pull/11328 +.. _`#11068`: https://github.com/apache/cloudstack/pull/11068 +.. _`#11249`: https://github.com/apache/cloudstack/pull/11249 +.. _`#11143`: https://github.com/apache/cloudstack/pull/11143 +.. _`#11311`: https://github.com/apache/cloudstack/pull/11311 +.. _`#11244`: https://github.com/apache/cloudstack/pull/11244 +.. _`#11303`: https://github.com/apache/cloudstack/pull/11303 +.. _`#11200`: https://github.com/apache/cloudstack/pull/11200 +.. _`#11307`: https://github.com/apache/cloudstack/pull/11307 +.. _`#11302`: https://github.com/apache/cloudstack/pull/11302 +.. _`#11309`: https://github.com/apache/cloudstack/pull/11309 +.. _`#11042`: https://github.com/apache/cloudstack/pull/11042 +.. _`#11237`: https://github.com/apache/cloudstack/pull/11237 +.. _`#11239`: https://github.com/apache/cloudstack/pull/11239 +.. _`#9752`: https://github.com/apache/cloudstack/pull/9752 +.. _`#11232`: https://github.com/apache/cloudstack/pull/11232 +.. _`#11195`: https://github.com/apache/cloudstack/pull/11195 +.. _`#11292`: https://github.com/apache/cloudstack/pull/11292 +.. _`#10986`: https://github.com/apache/cloudstack/pull/10986 +.. _`#11220`: https://github.com/apache/cloudstack/pull/11220 +.. _`#11210`: https://github.com/apache/cloudstack/pull/11210 +.. _`#11053`: https://github.com/apache/cloudstack/pull/11053 +.. _`#10458`: https://github.com/apache/cloudstack/pull/10458 +.. _`#11264`: https://github.com/apache/cloudstack/pull/11264 +.. _`#11256`: https://github.com/apache/cloudstack/pull/11256 +.. _`#11276`: https://github.com/apache/cloudstack/pull/11276 +.. _`#10975`: https://github.com/apache/cloudstack/pull/10975 +.. _`#10856`: https://github.com/apache/cloudstack/pull/10856 +.. _`#10935`: https://github.com/apache/cloudstack/pull/10935 +.. _`#11221`: https://github.com/apache/cloudstack/pull/11221 +.. _`#11207`: https://github.com/apache/cloudstack/pull/11207 +.. _`#10736`: https://github.com/apache/cloudstack/pull/10736 +.. _`#11102`: https://github.com/apache/cloudstack/pull/11102 +.. _`#10966`: https://github.com/apache/cloudstack/pull/10966 +.. _`#11075`: https://github.com/apache/cloudstack/pull/11075 +.. _`#11087`: https://github.com/apache/cloudstack/pull/11087 +.. _`#11086`: https://github.com/apache/cloudstack/pull/11086 +.. _`#11064`: https://github.com/apache/cloudstack/pull/11064 +.. _`#11067`: https://github.com/apache/cloudstack/pull/11067 +.. _`#11066`: https://github.com/apache/cloudstack/pull/11066 +.. _`#11265`: https://github.com/apache/cloudstack/pull/11265 +.. _`#11258`: https://github.com/apache/cloudstack/pull/11258 +.. _`#11204`: https://github.com/apache/cloudstack/pull/11204 +.. _`#11093`: https://github.com/apache/cloudstack/pull/11093 +.. _`#11196`: https://github.com/apache/cloudstack/pull/11196 +.. _`#11261`: https://github.com/apache/cloudstack/pull/11261 +.. _`#11222`: https://github.com/apache/cloudstack/pull/11222 +.. _`#10857`: https://github.com/apache/cloudstack/pull/10857 +.. _`#11211`: https://github.com/apache/cloudstack/pull/11211 +.. _`#11215`: https://github.com/apache/cloudstack/pull/11215 +.. _`#11180`: https://github.com/apache/cloudstack/pull/11180 +.. _`#11214`: https://github.com/apache/cloudstack/pull/11214 +.. _`#10879`: https://github.com/apache/cloudstack/pull/10879 +.. _`#11138`: https://github.com/apache/cloudstack/pull/11138 +.. _`#11231`: https://github.com/apache/cloudstack/pull/11231 +.. _`#11054`: https://github.com/apache/cloudstack/pull/11054 +.. _`#10917`: https://github.com/apache/cloudstack/pull/10917 +.. _`#11101`: https://github.com/apache/cloudstack/pull/11101 +.. _`#11179`: https://github.com/apache/cloudstack/pull/11179 +.. _`#10947`: https://github.com/apache/cloudstack/pull/10947 +.. _`#11099`: https://github.com/apache/cloudstack/pull/11099 +.. _`#10632`: https://github.com/apache/cloudstack/pull/10632 +.. _`#11097`: https://github.com/apache/cloudstack/pull/11097 +.. _`#11047`: https://github.com/apache/cloudstack/pull/11047 +.. _`#11063`: https://github.com/apache/cloudstack/pull/11063 +.. _`#11191`: https://github.com/apache/cloudstack/pull/11191 +.. _`#11128`: https://github.com/apache/cloudstack/pull/11128 +.. _`#10997`: https://github.com/apache/cloudstack/pull/10997 +.. _`#8942`: https://github.com/apache/cloudstack/pull/8942 +.. _`#10575`: https://github.com/apache/cloudstack/pull/10575 +.. _`#10848`: https://github.com/apache/cloudstack/pull/10848 +.. _`#10503`: https://github.com/apache/cloudstack/pull/10503 +.. _`#11109`: https://github.com/apache/cloudstack/pull/11109 +.. _`#11171`: https://github.com/apache/cloudstack/pull/11171 +.. _`#10504`: https://github.com/apache/cloudstack/pull/10504 +.. _`#10576`: https://github.com/apache/cloudstack/pull/10576 +.. _`#11170`: https://github.com/apache/cloudstack/pull/11170 +.. _`#11158`: https://github.com/apache/cloudstack/pull/11158 +.. _`#11168`: https://github.com/apache/cloudstack/pull/11168 +.. _`#11091`: https://github.com/apache/cloudstack/pull/11091 +.. _`#11113`: https://github.com/apache/cloudstack/pull/11113 +.. _`#10951`: https://github.com/apache/cloudstack/pull/10951 +.. _`#10899`: https://github.com/apache/cloudstack/pull/10899 +.. _`#10778`: https://github.com/apache/cloudstack/pull/10778 +.. _`#10325`: https://github.com/apache/cloudstack/pull/10325 +.. _`#11003`: https://github.com/apache/cloudstack/pull/11003 +.. _`#11116`: https://github.com/apache/cloudstack/pull/11116 +.. _`#11095`: https://github.com/apache/cloudstack/pull/11095 +.. _`#11085`: https://github.com/apache/cloudstack/pull/11085 +.. _`#10995`: https://github.com/apache/cloudstack/pull/10995 +.. _`#11106`: https://github.com/apache/cloudstack/pull/11106 +.. _`#11004`: https://github.com/apache/cloudstack/pull/11004 +.. _`#11069`: https://github.com/apache/cloudstack/pull/11069 +.. _`#11060`: https://github.com/apache/cloudstack/pull/11060 +.. _`#11019`: https://github.com/apache/cloudstack/pull/11019 +.. _`#11035`: https://github.com/apache/cloudstack/pull/11035 +.. _`#11057`: https://github.com/apache/cloudstack/pull/11057 +.. _`#11055`: https://github.com/apache/cloudstack/pull/11055 +.. _`#9102`: https://github.com/apache/cloudstack/pull/9102 +.. _`#11040`: https://github.com/apache/cloudstack/pull/11040 +.. _`#9277`: https://github.com/apache/cloudstack/pull/9277 +.. _`#11025`: https://github.com/apache/cloudstack/pull/11025 +.. _`#11013`: https://github.com/apache/cloudstack/pull/11013 +.. _`#10475`: https://github.com/apache/cloudstack/pull/10475 +.. _`#10077`: https://github.com/apache/cloudstack/pull/10077 +.. _`#9833`: https://github.com/apache/cloudstack/pull/9833 +.. _`#10896`: https://github.com/apache/cloudstack/pull/10896 +.. _`#10987`: https://github.com/apache/cloudstack/pull/10987 +.. _`#9969`: https://github.com/apache/cloudstack/pull/9969 +.. _`#11011`: https://github.com/apache/cloudstack/pull/11011 +.. _`#11012`: https://github.com/apache/cloudstack/pull/11012 +.. _`#11001`: https://github.com/apache/cloudstack/pull/11001 +.. _`#11010`: https://github.com/apache/cloudstack/pull/11010 +.. _`#10587`: https://github.com/apache/cloudstack/pull/10587 +.. _`#10663`: https://github.com/apache/cloudstack/pull/10663 +.. _`#10773`: https://github.com/apache/cloudstack/pull/10773 +.. _`#10814`: https://github.com/apache/cloudstack/pull/10814 +.. _`#10949`: https://github.com/apache/cloudstack/pull/10949 +.. _`#10769`: https://github.com/apache/cloudstack/pull/10769 + +Changes in |release| since 4.20.0.0 +=================================== + +Apache CloudStack uses GitHub https://github.com/apache/cloudstack/milestone/36?closed=1 +to track its issues. + + +.. cssclass:: table-striped table-bordered table-hover + ++-------------------------+--------------------+------------------------------------------------------------+ +| Version | Github | Description | ++=========================+====================+============================================================+ +| 4.20.1.0 | `#10927`_ | systemvmtemplate: fix Debian 12.11.0 ISO url | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10916`_ | server: fix list diskoffering by domainid returns Inactive | +| | | offerings | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10861`_ | Routed: support vxlan networks | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10912`_ | Fix issue with configdrive on XenServer | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10843`_ | backport #10744: engine/schema: create default network | +| | | offering for vpc tier with conserve_mode=1 for fresh | +| | | installation | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10894`_ | .github: fix sonar checks | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10882`_ | Fixed some typos | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10893`_ | test: cleanup acl in test_global_acls.py | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10891`_ | mgmt: add back serviceip in ManagementServerResponse | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10875`_ | Address `assignVm` regression | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10890`_ | test: fix several simulator CI failures | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10885`_ | test: fix test_restore_vm failure on vmware | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10881`_ | test: Update test ubuntu template for VMware to | +| | | deployasis=False | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10586`_ | VMware 80u2 and 80u3 updates/fixes | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10878`_ | linstor: fix host connect recursion regression | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10849`_ | Fix issue with security group selection box display | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10840`_ | ui: add an infinite scroll select component | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10777`_ | Reset the pool id when create volume fails on the | +| | | allocated pool, and update the resize error when no | +| | | endpoint exists | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10799`_ | Prevent data corruption for StorPool volumes | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10837`_ | Fix for Vlan doesn't match issue while adding IP range for | +| | | the shared network without any IP range | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10876`_ | Correct typo in an exception message | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10433`_ | VMware import - logs sanitation | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10253`_ | ssvm: reset fields on destroy | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10867`_ | ui: Assign/Remove Backup offering buttons incorrect in | +| | | details view | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10844`_ | NAS BnR: Restore backed-up volume on live instances is not | +| | | readable | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10852`_ | List usage records for network offering (usage type 13) | +| | | when offering id is specified in usage id | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10770`_ | [Vmware] Improve listing of Vmware Datacenter VMs for | +| | | migration to KVM | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10757`_ | Updated Endpoint Selector to pick the Cluster in Enabled | +| | | state (in addition to Host state) | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10674`_ | Direct agents rebalance improvements with multiple | +| | | management server nodes | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10684`_ | Support XenServer 8.4 / XCP 8.3 - make scripts python3 | +| | | compatible | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10850`_ | Linstor: implement volume and storage stats | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10061`_ | enhancement: add password to configdrive vendor_data.json | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10748`_ | [VMware] Sync the disk path or datastore changes for IDE | +| | | disks, and before any volume resize during start vm (for | +| | | the volumes on datastore cluster) | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10544`_ | refactor create duplicate alert check | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10820`_ | core: support chunked transfer for image files | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10612`_ | server: check if redundant router is supported when | +| | | restart network with makeredundant = true | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10833`_ | xenserver: destroy halted vm on expunge | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10807`_ | cleanup call on super in affinity groups projects | +| | | component test | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10775`_ | StorPool notify libvirt when volume is resized | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#9825`_ | ui: improve metrics api use in list views | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10744`_ | engine/schema: create default network offering for vpc | +| | | tier with conserve_mode=1 for fresh installation | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10431`_ | server: fetch IP of VMs on L2 networks | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10824`_ | UI workaround for the inconsistent formatting of | +| | | listVirtualMachinesUsageHistory | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10712`_ | Backport #9888 to 4.19: Fix Usage inconsistencies | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10822`_ | Add search bar on rules of roles | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10785`_ | Nas BnR: Fix for restore not working correctly | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10815`_ | test: fix test_hostha_simulator.py and | +| | | test_outofbandmanagement.py | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10708`_ | [VMware] Update vlans with proper range before creating | +| | | port group for dvSwitch | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10818`_ | test: cleanup test_guest_os.py for multiple execution | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10624`_ | server: prevent duplicate HA works and alerts | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10806`_ | smoke tests / CI : Fix test_vm_stric_host_tags | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10760`_ | Extra checks in UI when deleting accounts | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10805`_ | Update dependency required for test_outofbandmanagement.py | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10629`_ | check for custom offering and trim size | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10265`_ | [UI] Allow quiescevm and asyncbackup flags while taking | +| | | volume snapshot from UI when these are supported for the | +| | | volume | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10241`_ | server: apply network ACL even if there is no network ACLs | +| | | in the ACL list (#9374) | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10725`_ | UI: show checksum field when register or upload | +| | | template/isos | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10714`_ | UI: Allow editing a Running VM in an Advanced zone with | +| | | security groups except for security group details | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10772`_ | Ceph object store: Fix LocationConstraint error | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10791`_ | UI: Display system VM count in hosts listing | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10726`_ | cloudutils: use "ip route" command instead of "route -n" | +| | | in networkConfig.py | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10749`_ | ResourceCleanupService test fix for daylight saving time | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10774`_ | Xenserver smoke-test: Allow emojis to be accepted in | +| | | volume name during volume creation | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10525`_ | Add new config (non-dynamic) for agent connections | +| | | monitor thread, and keep timeunit to secs (in sync with | +| | | the earlier Wait config) | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10761`_ | smoke tests: Fix cluster DRS & non-strict host affinity | +| | | smoke test failures on XenServer / XCP-ng | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10755`_ | Network Usage event model adjustments | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10543`_ | vTPM: support KVM and VMware | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10583`_ | Fix smoke tests due to change in behavior of restore VM | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10289`_ | api,ui: multi arch improvements | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10741`_ | Smoke tests: Xenserver - Fix consistent failure noticed on | +| | | scale VM test | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10762`_ | test: fix test_certauthority_root.py | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10746`_ | Don't specify ipv6 ranges for shared network | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10647`_ | Revert "Add the option to filter by host when retrieving | +| | | of unregistered VMs (#9925)" | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10738`_ | server: fix available hypervisors listing for a zone | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10662`_ | Fix the size of a template downloaded from secondary | +| | | storage | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10745`_ | ui: confirm on reset configurations | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10493`_ | Fix NPE on updating security groups for an instance | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10603`_ | Fix issue with allocator not considering subsequent | +| | | clusters | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10568`_ | Remove the validation of the amount of acquired public IPs | +| | | when enabling static NAT, adding PF and LB rules on VPC | +| | | public IPs | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10750`_ | UI: Update message of load balancer for autoscaling group | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10753`_ | .github: fix simulator CI caused by imcompatibility | +| | | between python3.10 and nosetests | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10739`_ | VR: add bind-interfaces to /etc/dnsmasq.d/cloud.conf | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10717`_ | plugin/shutdown: use mgmt server uuid in the shutdown | +| | | response | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10630`_ | utils: fix extra slash in Redfish default systems url path | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10728`_ | only clean details and annotations when this template no | +| | | longer exists | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10591`_ | HA: set correct hostId of HA work for vm migration | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10709`_ | UI: Move templates creation date to the Zones tab | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10704`_ | server: check startip and startipv6 of shared network | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10495`_ | Support ConfigDrive with VPC | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10707`_ | Fix volume migration failure handling | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10702`_ | Backport #10273 to `4.20`: Grant access to 2FA APIs for | +| | | default read-only and support roles | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10364`_ | Migrate public templates that have URLs on data migration | +| | | across secondary storages | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10564`_ | Add download link of volumes, templates and ISOs to the | +| | | download event details | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10700`_ | UI: Fix column name in Usage view | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10311`_ | 4.19 fix saml account selector | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10649`_ | Usage server: remove logging of prameters including secret | +| | | keys | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10567`_ | undo removal of accessLogger and deal with some warnings | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10580`_ | UI: Restore AS Numbers and IPv4 Subnets menus | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10653`_ | Backport #10500 framework/cluster: fix NPE for ms-host | +| | | status when mgr stops | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#9175`_ | xenserver: do not destroy halted hypervisor vm | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10652`_ | UI: Allow setting account and domain maximum amount of | +| | | projects through the UI | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10651`_ | UI: Fix projects metrics on dashboard | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10628`_ | systemvm: Bump systemvm template version to debian 12.10 | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10617`_ | Enhance VPC Network Tier form to auto-populate Gateway, | +| | | and Netmask | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10263`_ | Updated setup-sysvm-tmplt script, to run cmds accessing | +| | | destdir with sudo | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10613`_ | enhancement: Optimize listZonesMetrics and | +| | | listClustersMetrics call performance | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10496`_ | Preview-Experimental Support EL10 as Management Server and | +| | | KVM host | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10606`_ | Host status auto refresh | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10595`_ | UI: fix list of vpc network offerings | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10602`_ | ui: fix considerlasthost for start vm | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10546`_ | Fix secondary storage selectors feature | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10513`_ | framework-config: improve configkey caching | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10559`_ | Update ubuntu image link for template download | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10524`_ | Fix to propagate updated management servers list and lb | +| | | algorithm in host and indirect.agent.lb.algorithm settings | +| | | resp, to systemvm agents | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10518`_ | deal with null return for create deployment plan for | +| | | maintenance | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10561`_ | linstor: implement missing deleteDatastore | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10563`_ | api: fix EntityReference in NetworkResponse.java | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10366`_ | server: fix npe during start vr edge case | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10569`_ | List only VMs associated to a userdata | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10562`_ | Veeam BnR : Fix for error in remove backup offering | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10492`_ | Fix Stats Collector to not divide by zero | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10443`_ | linstor: try to delete -rst resource before snapshot | +| | | backup | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10516`_ | kvm: find cluster-wide pools only in Up state when | +| | | investigate a host | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10515`_ | KVM: return null state instead of Disconnected when | +| | | investigate a host without NFS | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10257`_ | VPC: fix private mtu of vpc tier | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10461`_ | UI: Allow custom footer in password reset page | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10450`_ | fix: prometheus: don't poll the same tag multiple times | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10501`_ | test: fix failure in | +| | | test_06_purge_expunged_vm_background_task | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10502`_ | lint: fix test_linstor_volumes.py | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#8831`_ | Refactor alert email generation method | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10497`_ | ui: do not cache config.json and locale files | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#9666`_ | NAS B&R Plugin enhancements | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10474`_ | Remove isMirrored parameter when creating a disk offering | +| | | through UI | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10042`_ | UI: Proper explanation for the global setting to avoid | +| | | ambiguity | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10484`_ | UI: Show Host OOBM parameter in form if configured | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10472`_ | UI: List host OOBM details when enabled and configured | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10455`_ | UI: Filter accounts by domain while creating templates - | +| | | from Volume / Snapshot | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10439`_ | linstor: improve integration-tests | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10337`_ | UI: Add change host password | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#8575`_ | removing the usage of volumeFreeze StorPool API call | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10476`_ | Fix listing disk offerings for newly created VMs that | +| | | haven't yet been started | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10466`_ | cloudstack-setup-databases: fix mode and group of key file | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10376`_ | add use of virsh domifaddr to get VM external DHCP IP | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10462`_ | systemvmtemplate: bump version Debian 12.9.0 and ACS | +| | | 4.20.1 | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10266`_ | kvm: fix volume migration across cluster-scope pools | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10351`_ | UI: Fixes and minor enhacements to the Public IP Addresses | +| | | section | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10221`_ | fix: enforce the minimum cgroup cpu shares value to 2 | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10425`_ | UI: Fix filtering of templates by account | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10407`_ | engine/orchestration: fix missing vm powerstate update vm | +| | | state | ++-------------------------+--------------------+------------------------------------------------------------+ +| 4.20.1.0 | `#10418`_ | Fix hostId verification on unsuccessful expunge operation | ++-------------------------+--------------------+------------------------------------------------------------+ + +150 Issues listed + +.. _`#10927`: https://github.com/apache/cloudstack/pull/10927 +.. _`#10916`: https://github.com/apache/cloudstack/pull/10916 +.. _`#10861`: https://github.com/apache/cloudstack/pull/10861 +.. _`#10912`: https://github.com/apache/cloudstack/pull/10912 +.. _`#10843`: https://github.com/apache/cloudstack/pull/10843 +.. _`#10894`: https://github.com/apache/cloudstack/pull/10894 +.. _`#10882`: https://github.com/apache/cloudstack/pull/10882 +.. _`#10893`: https://github.com/apache/cloudstack/pull/10893 +.. _`#10891`: https://github.com/apache/cloudstack/pull/10891 +.. _`#10875`: https://github.com/apache/cloudstack/pull/10875 +.. _`#10890`: https://github.com/apache/cloudstack/pull/10890 +.. _`#10885`: https://github.com/apache/cloudstack/pull/10885 +.. _`#10881`: https://github.com/apache/cloudstack/pull/10881 +.. _`#10586`: https://github.com/apache/cloudstack/pull/10586 +.. _`#10878`: https://github.com/apache/cloudstack/pull/10878 +.. _`#10849`: https://github.com/apache/cloudstack/pull/10849 +.. _`#10840`: https://github.com/apache/cloudstack/pull/10840 +.. _`#10777`: https://github.com/apache/cloudstack/pull/10777 +.. _`#10799`: https://github.com/apache/cloudstack/pull/10799 +.. _`#10837`: https://github.com/apache/cloudstack/pull/10837 +.. _`#10876`: https://github.com/apache/cloudstack/pull/10876 +.. _`#10433`: https://github.com/apache/cloudstack/pull/10433 +.. _`#10253`: https://github.com/apache/cloudstack/pull/10253 +.. _`#10867`: https://github.com/apache/cloudstack/pull/10867 +.. _`#10844`: https://github.com/apache/cloudstack/pull/10844 +.. _`#10852`: https://github.com/apache/cloudstack/pull/10852 +.. _`#10770`: https://github.com/apache/cloudstack/pull/10770 +.. _`#10757`: https://github.com/apache/cloudstack/pull/10757 +.. _`#10674`: https://github.com/apache/cloudstack/pull/10674 +.. _`#10684`: https://github.com/apache/cloudstack/pull/10684 +.. _`#10850`: https://github.com/apache/cloudstack/pull/10850 +.. _`#10061`: https://github.com/apache/cloudstack/pull/10061 +.. _`#10748`: https://github.com/apache/cloudstack/pull/10748 +.. _`#10544`: https://github.com/apache/cloudstack/pull/10544 +.. _`#10820`: https://github.com/apache/cloudstack/pull/10820 +.. _`#10612`: https://github.com/apache/cloudstack/pull/10612 +.. _`#10833`: https://github.com/apache/cloudstack/pull/10833 +.. _`#10807`: https://github.com/apache/cloudstack/pull/10807 +.. _`#10775`: https://github.com/apache/cloudstack/pull/10775 +.. _`#9825`: https://github.com/apache/cloudstack/pull/9825 +.. _`#10744`: https://github.com/apache/cloudstack/pull/10744 +.. _`#10431`: https://github.com/apache/cloudstack/pull/10431 +.. _`#10824`: https://github.com/apache/cloudstack/pull/10824 +.. _`#10712`: https://github.com/apache/cloudstack/pull/10712 +.. _`#10822`: https://github.com/apache/cloudstack/pull/10822 +.. _`#10785`: https://github.com/apache/cloudstack/pull/10785 +.. _`#10815`: https://github.com/apache/cloudstack/pull/10815 +.. _`#10708`: https://github.com/apache/cloudstack/pull/10708 +.. _`#10818`: https://github.com/apache/cloudstack/pull/10818 +.. _`#10624`: https://github.com/apache/cloudstack/pull/10624 +.. _`#10806`: https://github.com/apache/cloudstack/pull/10806 +.. _`#10760`: https://github.com/apache/cloudstack/pull/10760 +.. _`#10805`: https://github.com/apache/cloudstack/pull/10805 +.. _`#10629`: https://github.com/apache/cloudstack/pull/10629 +.. _`#10265`: https://github.com/apache/cloudstack/pull/10265 +.. _`#10241`: https://github.com/apache/cloudstack/pull/10241 +.. _`#10725`: https://github.com/apache/cloudstack/pull/10725 +.. _`#10714`: https://github.com/apache/cloudstack/pull/10714 +.. _`#10772`: https://github.com/apache/cloudstack/pull/10772 +.. _`#10791`: https://github.com/apache/cloudstack/pull/10791 +.. _`#10726`: https://github.com/apache/cloudstack/pull/10726 +.. _`#10749`: https://github.com/apache/cloudstack/pull/10749 +.. _`#10774`: https://github.com/apache/cloudstack/pull/10774 +.. _`#10525`: https://github.com/apache/cloudstack/pull/10525 +.. _`#10761`: https://github.com/apache/cloudstack/pull/10761 +.. _`#10755`: https://github.com/apache/cloudstack/pull/10755 +.. _`#10543`: https://github.com/apache/cloudstack/pull/10543 +.. _`#10583`: https://github.com/apache/cloudstack/pull/10583 +.. _`#10289`: https://github.com/apache/cloudstack/pull/10289 +.. _`#10741`: https://github.com/apache/cloudstack/pull/10741 +.. _`#10762`: https://github.com/apache/cloudstack/pull/10762 +.. _`#10746`: https://github.com/apache/cloudstack/pull/10746 +.. _`#10647`: https://github.com/apache/cloudstack/pull/10647 +.. _`#10738`: https://github.com/apache/cloudstack/pull/10738 +.. _`#10662`: https://github.com/apache/cloudstack/pull/10662 +.. _`#10745`: https://github.com/apache/cloudstack/pull/10745 +.. _`#10493`: https://github.com/apache/cloudstack/pull/10493 +.. _`#10603`: https://github.com/apache/cloudstack/pull/10603 +.. _`#10568`: https://github.com/apache/cloudstack/pull/10568 +.. _`#10750`: https://github.com/apache/cloudstack/pull/10750 +.. _`#10753`: https://github.com/apache/cloudstack/pull/10753 +.. _`#10739`: https://github.com/apache/cloudstack/pull/10739 +.. _`#10717`: https://github.com/apache/cloudstack/pull/10717 +.. _`#10630`: https://github.com/apache/cloudstack/pull/10630 +.. _`#10728`: https://github.com/apache/cloudstack/pull/10728 +.. _`#10591`: https://github.com/apache/cloudstack/pull/10591 +.. _`#10709`: https://github.com/apache/cloudstack/pull/10709 +.. _`#10704`: https://github.com/apache/cloudstack/pull/10704 +.. _`#10495`: https://github.com/apache/cloudstack/pull/10495 +.. _`#10707`: https://github.com/apache/cloudstack/pull/10707 +.. _`#10702`: https://github.com/apache/cloudstack/pull/10702 +.. _`#10364`: https://github.com/apache/cloudstack/pull/10364 +.. _`#10564`: https://github.com/apache/cloudstack/pull/10564 +.. _`#10700`: https://github.com/apache/cloudstack/pull/10700 +.. _`#10311`: https://github.com/apache/cloudstack/pull/10311 +.. _`#10649`: https://github.com/apache/cloudstack/pull/10649 +.. _`#10567`: https://github.com/apache/cloudstack/pull/10567 +.. _`#10580`: https://github.com/apache/cloudstack/pull/10580 +.. _`#10653`: https://github.com/apache/cloudstack/pull/10653 +.. _`#9175`: https://github.com/apache/cloudstack/pull/9175 +.. _`#10652`: https://github.com/apache/cloudstack/pull/10652 +.. _`#10651`: https://github.com/apache/cloudstack/pull/10651 +.. _`#10628`: https://github.com/apache/cloudstack/pull/10628 +.. _`#10617`: https://github.com/apache/cloudstack/pull/10617 +.. _`#10263`: https://github.com/apache/cloudstack/pull/10263 +.. _`#10613`: https://github.com/apache/cloudstack/pull/10613 +.. _`#10496`: https://github.com/apache/cloudstack/pull/10496 +.. _`#10606`: https://github.com/apache/cloudstack/pull/10606 +.. _`#10595`: https://github.com/apache/cloudstack/pull/10595 +.. _`#10602`: https://github.com/apache/cloudstack/pull/10602 +.. _`#10546`: https://github.com/apache/cloudstack/pull/10546 +.. _`#10513`: https://github.com/apache/cloudstack/pull/10513 +.. _`#10559`: https://github.com/apache/cloudstack/pull/10559 +.. _`#10524`: https://github.com/apache/cloudstack/pull/10524 +.. _`#10518`: https://github.com/apache/cloudstack/pull/10518 +.. _`#10561`: https://github.com/apache/cloudstack/pull/10561 +.. _`#10563`: https://github.com/apache/cloudstack/pull/10563 +.. _`#10366`: https://github.com/apache/cloudstack/pull/10366 +.. _`#10569`: https://github.com/apache/cloudstack/pull/10569 +.. _`#10562`: https://github.com/apache/cloudstack/pull/10562 +.. _`#10492`: https://github.com/apache/cloudstack/pull/10492 +.. _`#10443`: https://github.com/apache/cloudstack/pull/10443 +.. _`#10516`: https://github.com/apache/cloudstack/pull/10516 +.. _`#10515`: https://github.com/apache/cloudstack/pull/10515 +.. _`#10257`: https://github.com/apache/cloudstack/pull/10257 +.. _`#10461`: https://github.com/apache/cloudstack/pull/10461 +.. _`#10450`: https://github.com/apache/cloudstack/pull/10450 +.. _`#10501`: https://github.com/apache/cloudstack/pull/10501 +.. _`#10502`: https://github.com/apache/cloudstack/pull/10502 +.. _`#8831`: https://github.com/apache/cloudstack/pull/8831 +.. _`#10497`: https://github.com/apache/cloudstack/pull/10497 +.. _`#9666`: https://github.com/apache/cloudstack/pull/9666 +.. _`#10474`: https://github.com/apache/cloudstack/pull/10474 +.. _`#10042`: https://github.com/apache/cloudstack/pull/10042 +.. _`#10484`: https://github.com/apache/cloudstack/pull/10484 +.. _`#10472`: https://github.com/apache/cloudstack/pull/10472 +.. _`#10455`: https://github.com/apache/cloudstack/pull/10455 +.. _`#10439`: https://github.com/apache/cloudstack/pull/10439 +.. _`#10337`: https://github.com/apache/cloudstack/pull/10337 +.. _`#8575`: https://github.com/apache/cloudstack/pull/8575 +.. _`#10476`: https://github.com/apache/cloudstack/pull/10476 +.. _`#10466`: https://github.com/apache/cloudstack/pull/10466 +.. _`#10376`: https://github.com/apache/cloudstack/pull/10376 +.. _`#10462`: https://github.com/apache/cloudstack/pull/10462 +.. _`#10266`: https://github.com/apache/cloudstack/pull/10266 +.. _`#10351`: https://github.com/apache/cloudstack/pull/10351 +.. _`#10221`: https://github.com/apache/cloudstack/pull/10221 +.. _`#10425`: https://github.com/apache/cloudstack/pull/10425 +.. _`#10407`: https://github.com/apache/cloudstack/pull/10407 +.. _`#10418`: https://github.com/apache/cloudstack/pull/10418 + + Changes in |release| since 4.19.1.0 =================================== @@ -23,6 +1843,898 @@ to track its issues. .. cssclass:: table-striped table-bordered table-hover ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| Version | Github | Type | Priority | Description | ++=========================+============+===============+==========+============================================================+ +| 4.19.3.0 | `#10916`_ | | | server: fix list diskoffering by domainid returns Inactive | +| | | | | offerings | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10912`_ | | | Fix issue with configdrive on XenServer | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10843`_ | | | backport #10744: engine/schema: create default network | +| | | | | offering for vpc tier with conserve_mode=1 for fresh | +| | | | | installation | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10882`_ | | | Fixed some typos | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10893`_ | | | test: cleanup acl in test_global_acls.py | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10849`_ | | | Fix issue with security group selection box display | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10840`_ | | | ui: add an infinite scroll select component | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10777`_ | | | Reset the pool id when create volume fails on the | +| | | | | allocated pool, and update the resize error when no | +| | | | | endpoint exists | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10799`_ | | | Prevent data corruption for StorPool volumes | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10837`_ | | | Fix for Vlan doesn't match issue while adding IP range for | +| | | | | the shared network without any IP range | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10876`_ | | | Correct typo in an exception message | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10433`_ | | | VMware import - logs sanitation | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10253`_ | | | ssvm: reset fields on destroy | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10852`_ | | | List usage records for network offering (usage type 13) | +| | | | | when offering id is specified in usage id | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10770`_ | | | [Vmware] Improve listing of Vmware Datacenter VMs for | +| | | | | migration to KVM | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10850`_ | | | Linstor: implement volume and storage stats | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10748`_ | | | [VMware] Sync the disk path or datastore changes for IDE | +| | | | | disks, and before any volume resize during start vm (for | +| | | | | the volumes on datastore cluster) | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10544`_ | | | refactor create duplicate alert check | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10612`_ | | | server: check if redundant router is supported when | +| | | | | restart network with makeredundant = true | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10833`_ | | | xenserver: destroy halted vm on expunge | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10807`_ | | | cleanup call on super in affinity groups projects | +| | | | | component test | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10431`_ | | | server: fetch IP of VMs on L2 networks | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10824`_ | | | UI workaround for the inconsistent formatting of | +| | | | | listVirtualMachinesUsageHistory | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10712`_ | | | Backport #9888 to 4.19: Fix Usage inconsistencies | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10708`_ | | | [VMware] Update vlans with proper range before creating | +| | | | | port group for dvSwitch | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10624`_ | | | server: prevent duplicate HA works and alerts | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10760`_ | | | Extra checks in UI when deleting accounts | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10805`_ | | | Update dependency required for test_outofbandmanagement.py | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10629`_ | | | check for custom offering and trim size | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10265`_ | | | [UI] Allow quiescevm and asyncbackup flags while taking | +| | | | | volume snapshot from UI when these are supported for the | +| | | | | volume | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10725`_ | | | UI: show checksum field when register or upload | +| | | | | template/isos | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10714`_ | | | UI: Allow editing a Running VM in an Advanced zone with | +| | | | | security groups except for security group details | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10726`_ | | | cloudutils: use "ip route" command instead of "route -n" | +| | | | | in networkConfig.py | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10761`_ | | | smoke tests: Fix cluster DRS & non-strict host affinity | +| | | | | smoke test failures on XenServer / XCP-ng | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10755`_ | | | Network Usage event model adjustments | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10583`_ | | | Fix smoke tests due to change in behavior of restore VM | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10762`_ | | | test: fix test_certauthority_root.py | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10746`_ | | | Don't specify ipv6 ranges for shared network | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10647`_ | | | Revert "Add the option to filter by host when retrieving | +| | | | | of unregistered VMs (#9925)" | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10745`_ | | | ui: confirm on reset configurations | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10568`_ | | | Remove the validation of the amount of acquired public IPs | +| | | | | when enabling static NAT, adding PF and LB rules on VPC | +| | | | | public IPs | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10753`_ | | | .github: fix simulator CI caused by imcompatibility | +| | | | | between python3.10 and nosetests | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10739`_ | | | VR: add bind-interfaces to /etc/dnsmasq.d/cloud.conf | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10717`_ | | | plugin/shutdown: use mgmt server uuid in the shutdown | +| | | | | response | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10728`_ | | | only clean details and annotations when this template no | +| | | | | longer exists | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10591`_ | | | HA: set correct hostId of HA work for vm migration | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10709`_ | | | UI: Move templates creation date to the Zones tab | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10704`_ | | | server: check startip and startipv6 of shared network | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10311`_ | | | 4.19 fix saml account selector | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10649`_ | | | Usage server: remove logging of prameters including secret | +| | | | | keys | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10653`_ | | | Backport #10500 framework/cluster: fix NPE for ms-host | +| | | | | status when mgr stops | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#9175`_ | | | xenserver: do not destroy halted hypervisor vm | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10652`_ | | | UI: Allow setting account and domain maximum amount of | +| | | | | projects through the UI | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10651`_ | | | UI: Fix projects metrics on dashboard | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10617`_ | | | Enhance VPC Network Tier form to auto-populate Gateway, | +| | | | | and Netmask | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10263`_ | | | Updated setup-sysvm-tmplt script, to run cmds accessing | +| | | | | destdir with sudo | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10606`_ | | | Host status auto refresh | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10595`_ | | | UI: fix list of vpc network offerings | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10602`_ | | | ui: fix considerlasthost for start vm | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10518`_ | | | deal with null return for create deployment plan for | +| | | | | maintenance | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10561`_ | | | linstor: implement missing deleteDatastore | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10563`_ | | | api: fix EntityReference in NetworkResponse.java | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10366`_ | | | server: fix npe during start vr edge case | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10569`_ | | | List only VMs associated to a userdata | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10562`_ | | | Veeam BnR : Fix for error in remove backup offering | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10443`_ | | | linstor: try to delete -rst resource before snapshot | +| | | | | backup | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10516`_ | | | kvm: find cluster-wide pools only in Up state when | +| | | | | investigate a host | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10515`_ | | | KVM: return null state instead of Disconnected when | +| | | | | investigate a host without NFS | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10257`_ | | | VPC: fix private mtu of vpc tier | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10484`_ | | | UI: Show Host OOBM parameter in form if configured | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10472`_ | | | UI: List host OOBM details when enabled and configured | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10455`_ | | | UI: Filter accounts by domain while creating templates - | +| | | | | from Volume / Snapshot | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10439`_ | | | linstor: improve integration-tests | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10466`_ | | | cloudstack-setup-databases: fix mode and group of key file | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10376`_ | | | add use of virsh domifaddr to get VM external DHCP IP | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10266`_ | | | kvm: fix volume migration across cluster-scope pools | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10351`_ | | | UI: Fixes and minor enhacements to the Public IP Addresses | +| | | | | section | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.3.0 | `#10425`_ | | | UI: Fix filtering of templates by account | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ + +78 Issues listed + +.. _`#10916`: https://github.com/apache/cloudstack/pull/10916 +.. _`#10912`: https://github.com/apache/cloudstack/pull/10912 +.. _`#10843`: https://github.com/apache/cloudstack/pull/10843 +.. _`#10882`: https://github.com/apache/cloudstack/pull/10882 +.. _`#10893`: https://github.com/apache/cloudstack/pull/10893 +.. _`#10849`: https://github.com/apache/cloudstack/pull/10849 +.. _`#10840`: https://github.com/apache/cloudstack/pull/10840 +.. _`#10777`: https://github.com/apache/cloudstack/pull/10777 +.. _`#10799`: https://github.com/apache/cloudstack/pull/10799 +.. _`#10837`: https://github.com/apache/cloudstack/pull/10837 +.. _`#10876`: https://github.com/apache/cloudstack/pull/10876 +.. _`#10433`: https://github.com/apache/cloudstack/pull/10433 +.. _`#10253`: https://github.com/apache/cloudstack/pull/10253 +.. _`#10852`: https://github.com/apache/cloudstack/pull/10852 +.. _`#10770`: https://github.com/apache/cloudstack/pull/10770 +.. _`#10850`: https://github.com/apache/cloudstack/pull/10850 +.. _`#10748`: https://github.com/apache/cloudstack/pull/10748 +.. _`#10544`: https://github.com/apache/cloudstack/pull/10544 +.. _`#10612`: https://github.com/apache/cloudstack/pull/10612 +.. _`#10833`: https://github.com/apache/cloudstack/pull/10833 +.. _`#10807`: https://github.com/apache/cloudstack/pull/10807 +.. _`#10431`: https://github.com/apache/cloudstack/pull/10431 +.. _`#10824`: https://github.com/apache/cloudstack/pull/10824 +.. _`#10712`: https://github.com/apache/cloudstack/pull/10712 +.. _`#10708`: https://github.com/apache/cloudstack/pull/10708 +.. _`#10624`: https://github.com/apache/cloudstack/pull/10624 +.. _`#10760`: https://github.com/apache/cloudstack/pull/10760 +.. _`#10805`: https://github.com/apache/cloudstack/pull/10805 +.. _`#10629`: https://github.com/apache/cloudstack/pull/10629 +.. _`#10265`: https://github.com/apache/cloudstack/pull/10265 +.. _`#10725`: https://github.com/apache/cloudstack/pull/10725 +.. _`#10714`: https://github.com/apache/cloudstack/pull/10714 +.. _`#10726`: https://github.com/apache/cloudstack/pull/10726 +.. _`#10761`: https://github.com/apache/cloudstack/pull/10761 +.. _`#10755`: https://github.com/apache/cloudstack/pull/10755 +.. _`#10583`: https://github.com/apache/cloudstack/pull/10583 +.. _`#10762`: https://github.com/apache/cloudstack/pull/10762 +.. _`#10746`: https://github.com/apache/cloudstack/pull/10746 +.. _`#10647`: https://github.com/apache/cloudstack/pull/10647 +.. _`#10745`: https://github.com/apache/cloudstack/pull/10745 +.. _`#10568`: https://github.com/apache/cloudstack/pull/10568 +.. _`#10753`: https://github.com/apache/cloudstack/pull/10753 +.. _`#10739`: https://github.com/apache/cloudstack/pull/10739 +.. _`#10717`: https://github.com/apache/cloudstack/pull/10717 +.. _`#10728`: https://github.com/apache/cloudstack/pull/10728 +.. _`#10591`: https://github.com/apache/cloudstack/pull/10591 +.. _`#10709`: https://github.com/apache/cloudstack/pull/10709 +.. _`#10704`: https://github.com/apache/cloudstack/pull/10704 +.. _`#10311`: https://github.com/apache/cloudstack/pull/10311 +.. _`#10649`: https://github.com/apache/cloudstack/pull/10649 +.. _`#10653`: https://github.com/apache/cloudstack/pull/10653 +.. _`#9175`: https://github.com/apache/cloudstack/pull/9175 +.. _`#10652`: https://github.com/apache/cloudstack/pull/10652 +.. _`#10651`: https://github.com/apache/cloudstack/pull/10651 +.. _`#10617`: https://github.com/apache/cloudstack/pull/10617 +.. _`#10263`: https://github.com/apache/cloudstack/pull/10263 +.. _`#10606`: https://github.com/apache/cloudstack/pull/10606 +.. _`#10595`: https://github.com/apache/cloudstack/pull/10595 +.. _`#10602`: https://github.com/apache/cloudstack/pull/10602 +.. _`#10518`: https://github.com/apache/cloudstack/pull/10518 +.. _`#10561`: https://github.com/apache/cloudstack/pull/10561 +.. _`#10563`: https://github.com/apache/cloudstack/pull/10563 +.. _`#10366`: https://github.com/apache/cloudstack/pull/10366 +.. _`#10569`: https://github.com/apache/cloudstack/pull/10569 +.. _`#10562`: https://github.com/apache/cloudstack/pull/10562 +.. _`#10443`: https://github.com/apache/cloudstack/pull/10443 +.. _`#10516`: https://github.com/apache/cloudstack/pull/10516 +.. _`#10515`: https://github.com/apache/cloudstack/pull/10515 +.. _`#10257`: https://github.com/apache/cloudstack/pull/10257 +.. _`#10484`: https://github.com/apache/cloudstack/pull/10484 +.. _`#10472`: https://github.com/apache/cloudstack/pull/10472 +.. _`#10455`: https://github.com/apache/cloudstack/pull/10455 +.. _`#10439`: https://github.com/apache/cloudstack/pull/10439 +.. _`#10466`: https://github.com/apache/cloudstack/pull/10466 +.. _`#10376`: https://github.com/apache/cloudstack/pull/10376 +.. _`#10266`: https://github.com/apache/cloudstack/pull/10266 +.. _`#10351`: https://github.com/apache/cloudstack/pull/10351 +.. _`#10425`: https://github.com/apache/cloudstack/pull/10425 + + +https://github.com/apache/cloudstack/milestone/33?closed=1 + +.. cssclass:: table-striped table-bordered table-hover + + ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| Version | Github | Type | Priority | Description | ++=========================+============+===============+==========+============================================================+ +| 4.19.2.0 | `#10425`_ | | | UI: Fix filtering of templates by account | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10428`_ | | | ipmi: extra log sanitation | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10413`_ | | | migrate Vmware to KVM ui issues | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10411`_ | | | VMware Import - Support external VMware VMs in any | +| | | | | folders/subfolders other than the root folder of | +| | | | | datacenter (from KVM hosts) | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10409`_ | | | VMware import issue fix - check and update pools in the | +| | | | | order of disks | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10394`_ | | | UI: Fix `docHelp` links for Add Hosts, Add Clusters, | +| | | | | Disable Clusters and Enable Clusters forms | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10373`_ | | | UI: Fix Apache CloudStack description on the onboarding | +| | | | | page | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10262`_ | | | Fix private gateway acl on static routes | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9925`_ | | | Add the option to filter by host when retrieving of | +| | | | | unregistered VMs | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10229`_ | | | Support virtio-blk root disk controller | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10357`_ | | | UI: Fixup missing buttons | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10235`_ | | | server: fix scale vm with same disk offering id | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10183`_ | | | cleanup VM IP after expunge in redundant VPC | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9735`_ | | | Fix VMWare leftovers when deleting VM without root disk | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10320`_ | | | List only untagged offerings for Shared networks when tag | +| | | | | isn't passed | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10132`_ | | | Primera pure patches & various small fixes | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10317`_ | | | systemvm-registration: update seeded template_store_ref | +| | | | | sizes | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10324`_ | | | server: fix pod retrieval during volume attach | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10323`_ | | | Revert test of #10267 | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10280`_ | | | linstor: Fix using multiple primary storage with same | +| | | | | linstor-controller | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10268`_ | | | VPC VR: fix ACL between tier and private gateway | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10126`_ | | | Linstor: encryption support | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10243`_ | | | Hide register template, create/upload volume and create | +| | | | | vpc buttons when zone is not created. | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10216`_ | | | server: fix snapshot physical size | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10255`_ | | | Fix NPE while checking for user data provider | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10222`_ | | | List default network offerings when multiple physical | +| | | | | networks for guest traffic type exists | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10217`_ | | | UI: list backup offerings by zoneid when assign vm to | +| | | | | backup offering | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10237`_ | | | Decrypt zone, cluster, storage details for configuration | +| | | | | values | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10240`_ | | | Improve listing of HA and non-HA hosts when ha.tag setting | +| | | | | is defined and hosts have multiple tags along with ha tag | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10208`_ | | | api,ui: fix empty source cidr value for firewall rule | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10168`_ | | | Allow creation of Shared Networks without IP range if | +| | | | | network offering has no services - specifyvlan = true | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10066`_ | | | Static Routes: fix check on wrong global configuration | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10288`_ | | | ui: fix column filter for templates, isos | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10201`_ | | | Fix volume allocation on local VMFS storage | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10295`_ | | | changed the kubernetestool url | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9941`_ | | | packaging: support both mysql and mariadb on EL8/EL9 | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10245`_ | | | UI: Fix domain view when opening details for a specific | +| | | | | domainid | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10274`_ | | | Fix NPE during account creation | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10273`_ | | | Grant access to 2FA APIs for default read-only and support | +| | | | | roles | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10247`_ | | | server: reset 2fa user configuration on incomplete setup | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10234`_ | | | CKS: use --delete-emptydir-data instead of deprecated | +| | | | | --delete-local-data | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10236`_ | | | api/ui: add specifyvlan to network response | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9852`_ | | | list hosts API fix, when any stale entries exists on | +| | | | | storage_pool_host_ref for the removed pools | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10292`_ | | | ui: fix loading for hypervisor filter in serachview | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10279`_ | | | UI: Validate inserted values in numeric global settings | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10267`_ | | | server: fix attach uploaded volume | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10264`_ | | | extra null guard | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10158`_ | | | deal with NPE during host reconnect | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10075`_ | | | cks: prevent npe on cluster listing with removed offering | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10259`_ | | | Handle special characters when exporting ACLs | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10215`_ | | | [UI] Switch between allocated and used capacity on | +| | | | | dashboard | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10209`_ | | | Added displaynetwork option in filters for listnetwork | +| | | | | only for admin | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10231`_ | | | Fix local storage deletion cases | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10239`_ | | | ui: fix passing vlan while creating vpc tier | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10218`_ | | | server: Fix host CPU number | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9823`_ | | | kvm: add SCSI controllers based on the number of | +| | | | | virtio-SCSI disks | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9550`_ | | | Fix to allow actions on the network if it belongs to a | +| | | | | project | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10227`_ | | | UI: set redundant state as N/A for non-redundant routers | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10219`_ | | | linstor: Fix ZFS snapshot backup | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10204`_ | | | Fix listing of VMs with removed NICs | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10214`_ | | | Configure org.eclipse.jetty.server.Request.maxFormKeys | +| | | | | from server.properties and increase the default value | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10032`_ | | | api: fix access for listSystemVmUsageHistory | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9844`_ | | | Fix NPE issues during host rolling maintenance, due to | +| | | | | host tags and custom constrained/unconstrained service | +| | | | | offering | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10187`_ | | | UI: Fix slider component in global settings with `Range` | +| | | | | type | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10176`_ | | | Clean up network permissions on account deletion | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9644`_ | | | [VMware] Consider CD/DVD drive when calculating next free | +| | | | | unit number for volume attachment over IDE controller | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10174`_ | | | consider a valid ipv4 address as a validish ipv4 /32 cidr | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9900`_ | | | systemvm: fix keystore is reset when patch a systemvm | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10175`_ | | | merge bug fix for #9037; no retrieval of null hosts | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10046`_ | | | upgrade: consider multiple hypervisors and secondary | +| | | | | storages | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9677`_ | | | CheckOnHostCommand: add missing timeout setting | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9725`_ | | | Restrict the migration of volumes attached to VMs in | +| | | | | Starting state | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9764`_ | | | check tags while fetching storage pool for importing vm | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10067`_ | | | VR: fix site-2-site VPN if split connections is enabled | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10065`_ | | | UI: fix cannot open 'Edit tags' modal for static routes | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10064`_ | | | VR: apply iptables rules when add/remove static routes | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10051`_ | | | Certificate and VM hostname validation improvements | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10040`_ | | | set ulimit for server according to redhat spec | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10093`_ | | | kvm-storage: provide isVMMigrate information to storage | +| | | | | plugins | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10045`_ | | | Allow config drive deletion of migrated VM, on host | +| | | | | maintenance | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10105`_ | | | linstor: improve heartbeat check with also asking linstor | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9173`_ | | | server: simplify role change validation | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10086`_ | | | server: fix typo removeaccessvpn in VirtualRouterElement | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10087`_ | | | UI: remove duplicated Instance Name in Public IP details | +| | | | | page | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10047`_ | | | SAML2: add cookie with HttpOnly too | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9744`_ | | | ui: Allow font-awesome icon usage and optimise icon size | +| | | | | inconsistency | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10028`_ | | | Remove SNI option in _run.sh, as it is correct as default. | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10037`_ | | | .github: fix test_certauthority_root in 4.19 | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10035`_ | | | move sql code to the right file | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9999`_ | | | Prevent password updates for SAML and LDAP users | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10033`_ | | | cloudstack-migrate-databases: sql AND added | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#10008`_ | | | Remove user from project before deletion | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9971`_ | | | UI: Tooltip on the host information card to display the | +| | | | | CPU speed in MHz and the memory value in MB (to 3 decimal | +| | | | | places) | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9927`_ | | | UI: Allow accounts of the `User` type to add other | +| | | | | accounts or users to projects through UI | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#7081`_ | | | enable to create VPC portfowarding rules with source cidr | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9759`_ | | | Add new column `last_id` to the table volumes | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9787`_ | | | Allow VMWare import via another host | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9792`_ | | | Linstor: add support for ISO block devices and direct | +| | | | | download | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9949`_ | | | get expunged VM data for job result | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9966`_ | | | UI: Hide section divider when all OAuth providers are | +| | | | | disabled | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9498`_ | | | kvm: ref-count storage pool usage | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9839`_ | | | Revert "storage: fix private templates are not copied to | +| | | | | new image store (#9206)" | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9894`_ | | | Fix listServiceOfferings regression | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9822`_ | | | VR: fix wrong check when compare two configuration files | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9832`_ | | | Linstor: fix live migrate on non-hyperconverged setups | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9222`_ | | | engine-storage: Set SecretConsumerDetail for VM live | +| | | | | migration with storage on shared NFS | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9867`_ | | | Fix Kubernetes cluster view when user is unable to scale | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9856`_ | | | utils: fix invalid JSESSIONID cookie in https setup | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9869`_ | | | kvm: fix ovs network creation issue | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9859`_ | | | linstor/kvm: Workaround a qemu bug and IDE bus discard | +| | | | | enabled. | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9809`_ | | | Fix primary storage update form not showing existing | +| | | | | values | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9770`_ | | | linstor: enable discard for Linstor storage pools | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9756`_ | | | make saml auth request option `forceauthn` configurable | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9798`_ | | | UI: fix unit tests | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9547`_ | | | Filter list VMs by IP address | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#8911`_ | | | Linked clone migration between file-based storages on KVM | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9751`_ | | | API: Fix listing Userdata by keyword or name | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9731`_ | | | Hide UserData field from the EditVM view for VMs that do | +| | | | | not offer it | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9195`_ | | | cleanup validations for VPN connection creation | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9739`_ | | | Fix ISO url in test_usage.py | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#8588`_ | | | CKS: fix creation on shared network if HA is enabled | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9559`_ | | | server: fix nfs version option during mounts | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9374`_ | | | server: apply network ACL even if there is no network ACLs | +| | | | | rules in the ACL list | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9720`_ | | | Revert "list VMs by displayname instead of name" | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9596`_ | | | Fix: Filter out networks without access while getting | +| | | | | networks with SG with free IPs | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9711`_ | | | ui: load project list with minimum details | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9006`_ | | | build/packaging: build tungsten plugin only if noredist is | +| | | | | passed | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9637`_ | | | Fixed Unable to create a domain when networkdomain is | +| | | | | mentioned and cleared | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#8846`_ | | | Removed deprecated instruction MAINTAINER | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9636`_ | | | [VMware] Make disk controller selection on volume | +| | | | | attachment consistent with VM creation and start | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9698`_ | | | lb: fix haproxy cannot start if algorithm is not lowercase | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9700`_ | | | UI: enable project menu on mobile devices | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9563`_ | | | Fix resource count discrepancy while associating IP | +| | | | | address to a network | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9200`_ | | | refactor: cloud-sysvmadm script | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9557`_ | | | UI: Fix VPC network offerings listing on VPC tier creation | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#8503`_ | | | list VMs by displayname instead of name | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9669`_ | | | CPVM: move focus on input area after clearing clipboard | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9461`_ | | | Restore listNetworks behavior & clean up the code | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9652`_ | | | UI: Fix starting VMs through group action by | +| | | | | non-root-admin users | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9528`_ | | | Linstor: Fix migrate primary storage | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9428`_ | | | Fix root disk resize issue when service offering has no | +| | | | | root disk size specified | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9624`_ | | | propagate sort order through retrieval sequence | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9634`_ | | | UI: list vms with details=min when attach a volume to vm | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9632`_ | | | linstor: update java-linstor dependency to 0.5.2 | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9239`_ | | | Fix snapshot deletion on template creation failure | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9206`_ | | | storage: fix private templates are not copied to new image | +| | | | | store | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9567`_ | | | Add validation for secstorage.allowed.internal.sites | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9568`_ | | | VR: remove vpn user info when apply vpn users list | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9578`_ | | | server: fix stopped vm volume migration check on local | +| | | | | volume attach | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9588`_ | | | Updated listStoragePools response - added new managed | +| | | | | parameter | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9560`_ | | | linstor: set/unset allow-two-primaries and protocol on rc | +| | | | | level | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9573`_ | | | Fix VGPU available devices listing | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9554`_ | | | ui: show guest networks for guest vlans list | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9575`_ | | | Fix userdata append header restrictions | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9255`_ | | | Add certificate validation to check headers | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9572`_ | | | Update project account for all the events with project | +| | | | | account owner, except for create project event | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9468`_ | | | [VMware] Disconnect/Detach config drive ISO (if exists) on | +| | | | | stop VM | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9433`_ | | | [VMware] Update data disk controller same as the root disk | +| | | | | controller type when it is not set in the VM detail | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9589`_ | | | [UI] Add project toggle for buckets | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9459`_ | | | Fix usage volume size after resizing | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9540`_ | | | Added domain path to all entities | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9571`_ | | | test: fix component tests test_acl_isolatednetwork and | +| | | | | test_acl_isolatednetwork_delete | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9422`_ | | | allow users to apply extraconfig on updating VMs | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9545`_ | | | Fix Template and ISO upload events | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9417`_ | | | linstor: Improve copyPhysicalDisk performance | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9385`_ | | | add procedures procedure | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9201`_ | | | Ensure affinity groups are honored when VMs are deployed | +| | | | | in parallel | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9499`_ | | | test: fix component test | +| | | | | test_acl_sharednetwork_deployVM-impersonation.py | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9390`_ | | | libvirtstorageadaptor: better handle failed libvirt | +| | | | | storagepool destroy | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9447`_ | | | Fix snapshot chain being deleted on XenServer | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9419`_ | | | API: Fix missing keys in listZonesMetrics response | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9399`_ | | | ui: vm metrics note about behaviour across hypervisors | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9434`_ | | | Fixup CKS UI for external managed clusters | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9458`_ | | | UI: Display Firewall, LB and Port Forwading rules tab for | +| | | | | CKS clusters deployed on isolated networks | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9442`_ | | | Fix removal of usage records | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#9437`_ | | | Add systemvmtemplate arm64 build support | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ +| 4.19.2.0 | `#8833`_ | | | Fix link to removed volumes being shown in info card and | +| | | | | list view | ++-------------------------+------------+---------------+----------+------------------------------------------------------------+ + +179 Issues listed + +.. _`#10425`: https://github.com/apache/cloudstack/pull/10425 +.. _`#10428`: https://github.com/apache/cloudstack/pull/10428 +.. _`#10413`: https://github.com/apache/cloudstack/pull/10413 +.. _`#10411`: https://github.com/apache/cloudstack/pull/10411 +.. _`#10409`: https://github.com/apache/cloudstack/pull/10409 +.. _`#10394`: https://github.com/apache/cloudstack/pull/10394 +.. _`#10373`: https://github.com/apache/cloudstack/pull/10373 +.. _`#10262`: https://github.com/apache/cloudstack/pull/10262 +.. _`#9925`: https://github.com/apache/cloudstack/pull/9925 +.. _`#10229`: https://github.com/apache/cloudstack/pull/10229 +.. _`#10357`: https://github.com/apache/cloudstack/pull/10357 +.. _`#10235`: https://github.com/apache/cloudstack/pull/10235 +.. _`#10183`: https://github.com/apache/cloudstack/pull/10183 +.. _`#9735`: https://github.com/apache/cloudstack/pull/9735 +.. _`#10320`: https://github.com/apache/cloudstack/pull/10320 +.. _`#10132`: https://github.com/apache/cloudstack/pull/10132 +.. _`#10317`: https://github.com/apache/cloudstack/pull/10317 +.. _`#10324`: https://github.com/apache/cloudstack/pull/10324 +.. _`#10323`: https://github.com/apache/cloudstack/pull/10323 +.. _`#10280`: https://github.com/apache/cloudstack/pull/10280 +.. _`#10268`: https://github.com/apache/cloudstack/pull/10268 +.. _`#10126`: https://github.com/apache/cloudstack/pull/10126 +.. _`#10243`: https://github.com/apache/cloudstack/pull/10243 +.. _`#10216`: https://github.com/apache/cloudstack/pull/10216 +.. _`#10255`: https://github.com/apache/cloudstack/pull/10255 +.. _`#10222`: https://github.com/apache/cloudstack/pull/10222 +.. _`#10217`: https://github.com/apache/cloudstack/pull/10217 +.. _`#10237`: https://github.com/apache/cloudstack/pull/10237 +.. _`#10240`: https://github.com/apache/cloudstack/pull/10240 +.. _`#10208`: https://github.com/apache/cloudstack/pull/10208 +.. _`#10168`: https://github.com/apache/cloudstack/pull/10168 +.. _`#10066`: https://github.com/apache/cloudstack/pull/10066 +.. _`#10288`: https://github.com/apache/cloudstack/pull/10288 +.. _`#10201`: https://github.com/apache/cloudstack/pull/10201 +.. _`#10295`: https://github.com/apache/cloudstack/pull/10295 +.. _`#9941`: https://github.com/apache/cloudstack/pull/9941 +.. _`#10245`: https://github.com/apache/cloudstack/pull/10245 +.. _`#10274`: https://github.com/apache/cloudstack/pull/10274 +.. _`#10273`: https://github.com/apache/cloudstack/pull/10273 +.. _`#10247`: https://github.com/apache/cloudstack/pull/10247 +.. _`#10234`: https://github.com/apache/cloudstack/pull/10234 +.. _`#10236`: https://github.com/apache/cloudstack/pull/10236 +.. _`#9852`: https://github.com/apache/cloudstack/pull/9852 +.. _`#10292`: https://github.com/apache/cloudstack/pull/10292 +.. _`#10279`: https://github.com/apache/cloudstack/pull/10279 +.. _`#10267`: https://github.com/apache/cloudstack/pull/10267 +.. _`#10264`: https://github.com/apache/cloudstack/pull/10264 +.. _`#10158`: https://github.com/apache/cloudstack/pull/10158 +.. _`#10075`: https://github.com/apache/cloudstack/pull/10075 +.. _`#10259`: https://github.com/apache/cloudstack/pull/10259 +.. _`#10215`: https://github.com/apache/cloudstack/pull/10215 +.. _`#10209`: https://github.com/apache/cloudstack/pull/10209 +.. _`#10231`: https://github.com/apache/cloudstack/pull/10231 +.. _`#10239`: https://github.com/apache/cloudstack/pull/10239 +.. _`#10218`: https://github.com/apache/cloudstack/pull/10218 +.. _`#9823`: https://github.com/apache/cloudstack/pull/9823 +.. _`#9550`: https://github.com/apache/cloudstack/pull/9550 +.. _`#10227`: https://github.com/apache/cloudstack/pull/10227 +.. _`#10219`: https://github.com/apache/cloudstack/pull/10219 +.. _`#10204`: https://github.com/apache/cloudstack/pull/10204 +.. _`#10214`: https://github.com/apache/cloudstack/pull/10214 +.. _`#10032`: https://github.com/apache/cloudstack/pull/10032 +.. _`#9844`: https://github.com/apache/cloudstack/pull/9844 +.. _`#10187`: https://github.com/apache/cloudstack/pull/10187 +.. _`#10176`: https://github.com/apache/cloudstack/pull/10176 +.. _`#9644`: https://github.com/apache/cloudstack/pull/9644 +.. _`#10174`: https://github.com/apache/cloudstack/pull/10174 +.. _`#9900`: https://github.com/apache/cloudstack/pull/9900 +.. _`#10175`: https://github.com/apache/cloudstack/pull/10175 +.. _`#10046`: https://github.com/apache/cloudstack/pull/10046 +.. _`#9677`: https://github.com/apache/cloudstack/pull/9677 +.. _`#9725`: https://github.com/apache/cloudstack/pull/9725 +.. _`#9764`: https://github.com/apache/cloudstack/pull/9764 +.. _`#10067`: https://github.com/apache/cloudstack/pull/10067 +.. _`#10065`: https://github.com/apache/cloudstack/pull/10065 +.. _`#10064`: https://github.com/apache/cloudstack/pull/10064 +.. _`#10051`: https://github.com/apache/cloudstack/pull/10051 +.. _`#10040`: https://github.com/apache/cloudstack/pull/10040 +.. _`#10093`: https://github.com/apache/cloudstack/pull/10093 +.. _`#10045`: https://github.com/apache/cloudstack/pull/10045 +.. _`#10105`: https://github.com/apache/cloudstack/pull/10105 +.. _`#9173`: https://github.com/apache/cloudstack/pull/9173 +.. _`#10086`: https://github.com/apache/cloudstack/pull/10086 +.. _`#10087`: https://github.com/apache/cloudstack/pull/10087 +.. _`#10047`: https://github.com/apache/cloudstack/pull/10047 +.. _`#9744`: https://github.com/apache/cloudstack/pull/9744 +.. _`#10028`: https://github.com/apache/cloudstack/pull/10028 +.. _`#10037`: https://github.com/apache/cloudstack/pull/10037 +.. _`#10035`: https://github.com/apache/cloudstack/pull/10035 +.. _`#9999`: https://github.com/apache/cloudstack/pull/9999 +.. _`#10033`: https://github.com/apache/cloudstack/pull/10033 +.. _`#10008`: https://github.com/apache/cloudstack/pull/10008 +.. _`#9971`: https://github.com/apache/cloudstack/pull/9971 +.. _`#9927`: https://github.com/apache/cloudstack/pull/9927 +.. _`#7081`: https://github.com/apache/cloudstack/pull/7081 +.. _`#9759`: https://github.com/apache/cloudstack/pull/9759 +.. _`#9787`: https://github.com/apache/cloudstack/pull/9787 +.. _`#9792`: https://github.com/apache/cloudstack/pull/9792 +.. _`#9949`: https://github.com/apache/cloudstack/pull/9949 +.. _`#9966`: https://github.com/apache/cloudstack/pull/9966 +.. _`#9498`: https://github.com/apache/cloudstack/pull/9498 +.. _`#9839`: https://github.com/apache/cloudstack/pull/9839 +.. _`#9894`: https://github.com/apache/cloudstack/pull/9894 +.. _`#9822`: https://github.com/apache/cloudstack/pull/9822 +.. _`#9832`: https://github.com/apache/cloudstack/pull/9832 +.. _`#9222`: https://github.com/apache/cloudstack/pull/9222 +.. _`#9867`: https://github.com/apache/cloudstack/pull/9867 +.. _`#9856`: https://github.com/apache/cloudstack/pull/9856 +.. _`#9869`: https://github.com/apache/cloudstack/pull/9869 +.. _`#9859`: https://github.com/apache/cloudstack/pull/9859 +.. _`#9809`: https://github.com/apache/cloudstack/pull/9809 +.. _`#9770`: https://github.com/apache/cloudstack/pull/9770 +.. _`#9756`: https://github.com/apache/cloudstack/pull/9756 +.. _`#9798`: https://github.com/apache/cloudstack/pull/9798 +.. _`#9547`: https://github.com/apache/cloudstack/pull/9547 +.. _`#8911`: https://github.com/apache/cloudstack/pull/8911 +.. _`#9751`: https://github.com/apache/cloudstack/pull/9751 +.. _`#9731`: https://github.com/apache/cloudstack/pull/9731 +.. _`#9195`: https://github.com/apache/cloudstack/pull/9195 +.. _`#9739`: https://github.com/apache/cloudstack/pull/9739 +.. _`#8588`: https://github.com/apache/cloudstack/pull/8588 +.. _`#9559`: https://github.com/apache/cloudstack/pull/9559 +.. _`#9374`: https://github.com/apache/cloudstack/pull/9374 +.. _`#9720`: https://github.com/apache/cloudstack/pull/9720 +.. _`#9596`: https://github.com/apache/cloudstack/pull/9596 +.. _`#9711`: https://github.com/apache/cloudstack/pull/9711 +.. _`#9006`: https://github.com/apache/cloudstack/pull/9006 +.. _`#9637`: https://github.com/apache/cloudstack/pull/9637 +.. _`#8846`: https://github.com/apache/cloudstack/pull/8846 +.. _`#9636`: https://github.com/apache/cloudstack/pull/9636 +.. _`#9698`: https://github.com/apache/cloudstack/pull/9698 +.. _`#9700`: https://github.com/apache/cloudstack/pull/9700 +.. _`#9563`: https://github.com/apache/cloudstack/pull/9563 +.. _`#9200`: https://github.com/apache/cloudstack/pull/9200 +.. _`#9557`: https://github.com/apache/cloudstack/pull/9557 +.. _`#8503`: https://github.com/apache/cloudstack/pull/8503 +.. _`#9669`: https://github.com/apache/cloudstack/pull/9669 +.. _`#9461`: https://github.com/apache/cloudstack/pull/9461 +.. _`#9652`: https://github.com/apache/cloudstack/pull/9652 +.. _`#9528`: https://github.com/apache/cloudstack/pull/9528 +.. _`#9428`: https://github.com/apache/cloudstack/pull/9428 +.. _`#9624`: https://github.com/apache/cloudstack/pull/9624 +.. _`#9634`: https://github.com/apache/cloudstack/pull/9634 +.. _`#9632`: https://github.com/apache/cloudstack/pull/9632 +.. _`#9239`: https://github.com/apache/cloudstack/pull/9239 +.. _`#9206`: https://github.com/apache/cloudstack/pull/9206 +.. _`#9567`: https://github.com/apache/cloudstack/pull/9567 +.. _`#9568`: https://github.com/apache/cloudstack/pull/9568 +.. _`#9578`: https://github.com/apache/cloudstack/pull/9578 +.. _`#9588`: https://github.com/apache/cloudstack/pull/9588 +.. _`#9560`: https://github.com/apache/cloudstack/pull/9560 +.. _`#9573`: https://github.com/apache/cloudstack/pull/9573 +.. _`#9554`: https://github.com/apache/cloudstack/pull/9554 +.. _`#9575`: https://github.com/apache/cloudstack/pull/9575 +.. _`#9255`: https://github.com/apache/cloudstack/pull/9255 +.. _`#9572`: https://github.com/apache/cloudstack/pull/9572 +.. _`#9468`: https://github.com/apache/cloudstack/pull/9468 +.. _`#9433`: https://github.com/apache/cloudstack/pull/9433 +.. _`#9589`: https://github.com/apache/cloudstack/pull/9589 +.. _`#9459`: https://github.com/apache/cloudstack/pull/9459 +.. _`#9540`: https://github.com/apache/cloudstack/pull/9540 +.. _`#9571`: https://github.com/apache/cloudstack/pull/9571 +.. _`#9422`: https://github.com/apache/cloudstack/pull/9422 +.. _`#9545`: https://github.com/apache/cloudstack/pull/9545 +.. _`#9417`: https://github.com/apache/cloudstack/pull/9417 +.. _`#9385`: https://github.com/apache/cloudstack/pull/9385 +.. _`#9201`: https://github.com/apache/cloudstack/pull/9201 +.. _`#9499`: https://github.com/apache/cloudstack/pull/9499 +.. _`#9390`: https://github.com/apache/cloudstack/pull/9390 +.. _`#9447`: https://github.com/apache/cloudstack/pull/9447 +.. _`#9419`: https://github.com/apache/cloudstack/pull/9419 +.. _`#9399`: https://github.com/apache/cloudstack/pull/9399 +.. _`#9434`: https://github.com/apache/cloudstack/pull/9434 +.. _`#9458`: https://github.com/apache/cloudstack/pull/9458 +.. _`#9442`: https://github.com/apache/cloudstack/pull/9442 +.. _`#9437`: https://github.com/apache/cloudstack/pull/9437 +.. _`#8833`: https://github.com/apache/cloudstack/pull/8833 + + +https://github.com/apache/cloudstack/milestone/31?closed=1 + +.. cssclass:: table-striped table-bordered table-hover + +-------------------------+----------+------------------------------------------------------------+ | Version | Github | Description | +=========================+==========+============================================================+ @@ -360,7 +3072,7 @@ to track its issues. +-------------------------+----------+------------------------------------------------------------+ | 4.20.0.0 | `#9434`_ | Fixup CKS UI for external managed clusters | +-------------------------+----------+------------------------------------------------------------+ -| 4.20.0.0 | `#9458`_ | UI: Display Firewall, LB and Port Forwading rules tab for | +| 4.20.0.0 | `#9458`_ | UI: Display Firewall, LB and Port Forwarding rules tab for | | | | CKS clusters deployed on isolated networks | +-------------------------+----------+------------------------------------------------------------+ | 4.20.0.0 | `#9442`_ | Fix removal of usage records | diff --git a/source/releasenotes/compat.rst b/source/releasenotes/compat.rst index dcc2ca0c52..f40f6c0fae 100644 --- a/source/releasenotes/compat.rst +++ b/source/releasenotes/compat.rst @@ -22,16 +22,16 @@ Supported OS Versions for Management Server This section lists the operating systems that are supported for running CloudStack Management Server. -- Ubuntu 20.04 LTS, 22.04 LTS, 24.04 LTS -- Oracle Linux 8, 9 -- Alma Linux 8, 9 -- Rocky Linux 8, 9 -- RHEL versions 8, 9 -- openSUSE Leap 15 -- SUSE Linux Enterprise Server 15 (not tested, but expected to work same as with openSUSE 15) -- Debian 12 (not tested, but expected to work same as Ubuntu) +- Ubuntu 22.04 LTS, 24.04 LTS +- Oracle Linux 8, 9, 10 +- Rocky Linux 8, 9, 10 +- Alma Linux 8, 9, 10 +- RHEL versions 8, 9, 10 (not tested, but expected to work same as other EL distros) +- openSUSE Leap 15 (not widely tested and used by the community, tested to work openSUSE Leap 15.6) +- SUSE Linux Enterprise Server 15 (not tested, but expected to work same as with openSUSE 15 but likely require workarounds) +- Debian 12, 13 (not tested, but expected to work same as Ubuntu) - .. note:: There is a known issue with ipmitool with EL8 / EL9 / SUSE, so certain functionality such as out of band management might not work + .. note:: There is a known issue with ipmitool with the EL and SUSE distros, so certain functionality such as out of band management might not work Software Requirements ~~~~~~~~~~~~~~~~~~~~~ @@ -45,16 +45,18 @@ Supported Hypervisor Versions CloudStack supports three hypervisor families, KVM, XenServer/XCP-ng with XAPI, and VMware with vSphere. -- Ubuntu 20.04 LTS, 22.04 LTS, 24.04 LTS with KVM -- Oracle Linux 8, 9 with KVM -- Alma Linux 8, 9 with KVM -- Rocky Linux 8, 9 with KVM -- Red Hat Enterprise Linux 8, 9 with KVM -- openSUSE Leap 15 with KVM -- SUSE Linux Enterprise Server 15 with KVM +- Ubuntu 22.04 LTS, 24.04 LTS with KVM +- Oracle Linux 8, 9, 10 with KVM +- Rocky Linux 8, 9, 10 with KVM +- Alma Linux 8, 9, 10 with KVM +- RHEL 8, 9, 10 with KVM (not tested, but expected to work same as other EL distros) +- openSUSE Leap 15 with KVM (not widely tested and used by the community, tested to work openSUSE Leap 15.6) +- SUSE Linux Enterprise Server 15 with KVM (not tested, but expected to work same as with openSUSE 15 but likely require workarounds) - XCP-ng 8.2.0 +- XCP-ng 8.3.0 - Citrix Hypervisor/XenServer version 8.2 (not tested, but expected to work. For 8.2 please check the note below) with latest hotfixes -- Debian 12 with KVM (not tested, but expected to work same as Ubuntu) +- Citrix Hypervisor/XenServer version 8.4 +- Debian 12, 13 with KVM (not tested, but expected to work same as Ubuntu) .. note:: It is now required to enable HA on the XenServer pool in order to recover from a pool-master failure. Please refer to the `XenServer documentation `_. @@ -62,10 +64,9 @@ and VMware with vSphere. - VMware versions 7.0 and 8.0.0 - .. note:: The following VMware minor versions are supported and tested: 7.0, 7.0.1.0, 7.0.2.0, 7.0.3.0, 8.0, 8.0a (8.0.0.1), 8.0b (8.0.0.2), 8.0c (8.0.0.3). + .. note:: The following VMware minor versions are supported and tested: 7.0, 7.0.1.0, 7.0.2.0, 7.0.3.0, 8.0, 8.0a (8.0.0.1), 8.0b (8.0.0.2), 8.0c (8.0.0.3), 8.0 U1 (8.0.1.0), 8.0 U2 (8.0.2.0), 8.0 U3 (8.0.3.0). For any minor versions without hypervisor mappings, all Instances have guest OS identifier "otherGuest64" (x86-64 architecture) or "otherGuest" (other architectures). - .. note:: There are some known issues with 8.0 U1 (https://github.com/apache/cloudstack/issues/7572). VMware 8.0 U1 (8.0.1.0) is not supported yet. - LXC Host Containers on RHEL 8, 9 (not tested to work fine for last many CloudStack releases) - Windows Server 2012 R2 with Hyper-V Role enabled (not tested to work fine for last many CloudStack releases) diff --git a/source/releasenotes/locale/ja/LC_MESSAGES/about.po b/source/releasenotes/locale/ja/LC_MESSAGES/about.po index cadf46a936..028e8f5028 100644 --- a/source/releasenotes/locale/ja/LC_MESSAGES/about.po +++ b/source/releasenotes/locale/ja/LC_MESSAGES/about.po @@ -1158,7 +1158,7 @@ msgstr "" # 7497b1ecef6e4aa78d5fc1945d1552e6 #: ../../source/about.rst:589 msgid "" -"[VMWARE] Cancel vCenter tasks if the task invoked by CloudStack failes with " +"[VMWARE] Cancel vCenter tasks if the task invoked by CloudStack fails with " "time..." msgstr "" @@ -1533,7 +1533,7 @@ msgstr "" # d0f86a6e0cf344f6b651d4550e44c1e3 #: ../../source/about.rst:621 msgid "" -"A stopped vm cant start after disable threshold has been reached on the " +"A stopped vm can't start after disable threshold has been reached on the " "storage ..." msgstr "" diff --git a/source/releasenotes/locale/pot/about.pot b/source/releasenotes/locale/pot/about.pot index 4d98216ced..dcf73dcc97 100644 --- a/source/releasenotes/locale/pot/about.pot +++ b/source/releasenotes/locale/pot/about.pot @@ -974,7 +974,7 @@ msgstr "" #: ../../about.rst:594 # ff5c9f0f0d034143be802c76448ed125 -msgid "[VMWARE] Cancel vCenter tasks if the task invoked by CloudStack failes with time..." +msgid "[VMWARE] Cancel vCenter tasks if the task invoked by CloudStack fails with time..." msgstr "" #: ../../about.rst:595 @@ -1294,7 +1294,7 @@ msgstr "" #: ../../about.rst:626 # d6831610409f4f188790c6d92247cb75 -msgid "A stopped vm cant start after disable threshold has been reached on the storage ..." +msgid "A stopped vm can't start after disable threshold has been reached on the storage ..." msgstr "" #: ../../about.rst:627 diff --git a/source/upgrading/index.rst b/source/upgrading/index.rst index 7077b1b9b7..7a722f7dc1 100644 --- a/source/upgrading/index.rst +++ b/source/upgrading/index.rst @@ -42,8 +42,11 @@ Contents: .. toctree:: :maxdepth: 1 + upgrade/upgrade_java_17_notes upgrade/mysql upgrade/valid_source + upgrade/upgrade-4.22 + upgrade/upgrade-4.21 upgrade/upgrade-4.20 upgrade/upgrade-4.19 upgrade/upgrade-4.18 diff --git a/source/upgrading/locale/ja/LC_MESSAGES/about.po b/source/upgrading/locale/ja/LC_MESSAGES/about.po index cadf46a936..028e8f5028 100644 --- a/source/upgrading/locale/ja/LC_MESSAGES/about.po +++ b/source/upgrading/locale/ja/LC_MESSAGES/about.po @@ -1158,7 +1158,7 @@ msgstr "" # 7497b1ecef6e4aa78d5fc1945d1552e6 #: ../../source/about.rst:589 msgid "" -"[VMWARE] Cancel vCenter tasks if the task invoked by CloudStack failes with " +"[VMWARE] Cancel vCenter tasks if the task invoked by CloudStack fails with " "time..." msgstr "" @@ -1533,7 +1533,7 @@ msgstr "" # d0f86a6e0cf344f6b651d4550e44c1e3 #: ../../source/about.rst:621 msgid "" -"A stopped vm cant start after disable threshold has been reached on the " +"A stopped vm can't start after disable threshold has been reached on the " "storage ..." msgstr "" diff --git a/source/upgrading/locale/pot/about.pot b/source/upgrading/locale/pot/about.pot index 4d98216ced..dcf73dcc97 100644 --- a/source/upgrading/locale/pot/about.pot +++ b/source/upgrading/locale/pot/about.pot @@ -974,7 +974,7 @@ msgstr "" #: ../../about.rst:594 # ff5c9f0f0d034143be802c76448ed125 -msgid "[VMWARE] Cancel vCenter tasks if the task invoked by CloudStack failes with time..." +msgid "[VMWARE] Cancel vCenter tasks if the task invoked by CloudStack fails with time..." msgstr "" #: ../../about.rst:595 @@ -1294,7 +1294,7 @@ msgstr "" #: ../../about.rst:626 # d6831610409f4f188790c6d92247cb75 -msgid "A stopped vm cant start after disable threshold has been reached on the storage ..." +msgid "A stopped vm can't start after disable threshold has been reached on the storage ..." msgstr "" #: ../../about.rst:627 diff --git a/source/upgrading/upgrade/_log4j_file_check.rst b/source/upgrading/upgrade/_log4j_file_check.rst new file mode 100644 index 0000000000..28a22fd984 --- /dev/null +++ b/source/upgrading/upgrade/_log4j_file_check.rst @@ -0,0 +1,26 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +.. sub-section included in upgrade notes. + +.. note:: + + During upgrades from versions prior to 4.20, the logging configuration file may not be migrated automatically to the new Log4j2 format - especially if the original log4j configuration file was manually customized or modified. + + It is strongly recommended to verify **before starting the Management Server and the Usage Server** that the configuration file (e.g. `log4j-cloud.xml`) under `/etc/cloudstack/management` and `/etc/cloudstack/usage` respectively uses the Log4j2 format. + + If the file still uses legacy Log4j (version 1) syntax or structure, **manually replace or update** the configuration using the default Log4j2 configuration supplied with the latest package. + + Failure to update may result in missing or incomplete log generation after upgrade. diff --git a/source/upgrading/upgrade/_mysql_connector.rst b/source/upgrading/upgrade/_mysql_connector.rst index 77e03230f9..30e8beceaf 100644 --- a/source/upgrading/upgrade/_mysql_connector.rst +++ b/source/upgrading/upgrade/_mysql_connector.rst @@ -3,7 +3,7 @@ Install new MySQL connector Starting with 4.9.0, cloudstack-management RPM's now depend on the ``mysql-connector-python`` package. Therefore Apache CloudStack -|release| requires the instalation of the MySQL connector on CentOS. +|release| requires the installation of the MySQL connector on CentOS. MySQL connector RPM repository diff --git a/source/upgrading/upgrade/_sysvm_manual_hotfix.rst b/source/upgrading/upgrade/_sysvm_manual_hotfix.rst index c01eb1ccbb..da11ccd71c 100644 --- a/source/upgrading/upgrade/_sysvm_manual_hotfix.rst +++ b/source/upgrading/upgrade/_sysvm_manual_hotfix.rst @@ -16,7 +16,7 @@ .. sub-section optionally included in upgrade notes. .. Add following to file when including this manual hotfix - .. _manual_hofix: + .. _manual_hotfix: Manual hotfix for systemvm upgrade ---------------------------------- diff --git a/source/upgrading/upgrade/mysql.rst b/source/upgrading/upgrade/mysql.rst index ea9e88497a..c5aff07d39 100644 --- a/source/upgrading/upgrade/mysql.rst +++ b/source/upgrading/upgrade/mysql.rst @@ -23,8 +23,9 @@ not be able to start any VM. The following SQL statement needs to be manually executed in order to fix such issue: - .. parsed-literal:: -ALTER TABLE nics MODIFY COLUMN update_time timestamp DEFAULT CURRENT_TIMESTAMP; + .. code-block:: mysql + + ALTER TABLE nics MODIFY COLUMN update_time timestamp DEFAULT CURRENT_TIMESTAMP; The issue is known to affect the following MySQL server versions: diff --git a/source/upgrading/upgrade/upgrade-4.18.rst b/source/upgrading/upgrade/upgrade-4.18.rst index b6bb8fde89..61c910f5cb 100644 --- a/source/upgrading/upgrade/upgrade-4.18.rst +++ b/source/upgrading/upgrade/upgrade-4.18.rst @@ -225,7 +225,7 @@ Hypervisor: VMware built using "noredist". Refer to :ref:`building-noredist`. -No additional steps are requried for the VMware Hypervisor for this upgrade. +No additional steps are required for the VMware Hypervisor for this upgrade. .. _kvm414: diff --git a/source/upgrading/upgrade/upgrade-4.19.rst b/source/upgrading/upgrade/upgrade-4.19.rst index 9d4d511718..2addf4267a 100644 --- a/source/upgrading/upgrade/upgrade-4.19.rst +++ b/source/upgrading/upgrade/upgrade-4.19.rst @@ -227,7 +227,7 @@ Hypervisor: VMware built using "noredist". Refer to :ref:`building-noredist`. -No additional steps are requried for the VMware Hypervisor for this upgrade. +No additional steps are required for the VMware Hypervisor for this upgrade. .. _kvm414: diff --git a/source/upgrading/upgrade/upgrade-4.20.rst b/source/upgrading/upgrade/upgrade-4.20.rst index 8a1073fc04..dacf9a1ca6 100644 --- a/source/upgrading/upgrade/upgrade-4.20.rst +++ b/source/upgrading/upgrade/upgrade-4.20.rst @@ -207,6 +207,8 @@ Setup the GPG public key if you wish to enable ``gpgcheck=1``: $ sudo yum upgrade cloudstack-usage +.. include:: _log4j_file_check.rst + .. _upg_hyp_414: Upgrade Hypervisors @@ -227,7 +229,7 @@ Hypervisor: VMware built using "noredist". Refer to :ref:`building-noredist`. -No additional steps are requried for the VMware Hypervisor for this upgrade. +No additional steps are required for the VMware Hypervisor for this upgrade. .. _kvm414: diff --git a/source/upgrading/upgrade/upgrade-4.21.rst b/source/upgrading/upgrade/upgrade-4.21.rst new file mode 100644 index 0000000000..441990c851 --- /dev/null +++ b/source/upgrading/upgrade/upgrade-4.21.rst @@ -0,0 +1,305 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +.. |version_to_upgrade| replace:: 4.21.x + +Upgrade Instruction from |version_to_upgrade| +============================================= + + +This section will show you how to upgrade from CloudStack |version_to_upgrade| to latest +CloudStack |release|. + +Any steps that are hypervisor-specific will be called out with a note. + +We recommend reading through this section once or twice before beginning +your upgrade procedure, and working through it on a test system before +working on a production system. + +.. note:: + The following upgrade instructions should be performed regardless of + hypervisor type. + +Overview of Upgrade Steps: +---------------------------- + +#. Check any customisations and integrations +#. Upload the |sysvm64-version| System VM template if not already using it. +#. Confirm Java 17 is the default Java version +#. Stop all running management servers +#. Backup CloudStack database (MySQL) +#. Upgrade 1st CloudStack management server +#. Update hypervisors specific dependencies +#. Restart 1st management server +#. Check that your upgraded environment works as expected +#. Upgrade and restart the remaining management servers + + +.. include:: _customisation_warnings.rst + +.. include:: _sysvm_templates.rst + +.. include:: _java_version.rst + +Packages repository +------------------- + +Most users of CloudStack manage the installation and upgrades of +CloudStack with one of Linux's predominant package systems, RPM or +APT. This guide assumes you'll be using RPM and Yum (for Red Hat +Enterprise Linux or CentOS), or APT and Debian packages (for Ubuntu). + +Create RPM or Debian packages (as appropriate) and a repository from +the |release| source, or check the Apache CloudStack downloads page at +http://cloudstack.apache.org/downloads.html +for package repositories supplied by community members. You will need +them for :ref:`ubuntu414` or :ref:`kvm414` hosts upgrade. + +Instructions for creating packages from the CloudStack source are in the +`CloudStack Installation Guide`_. + +Database Preparation +-------------------- + +Backup current database + +#. Stop your management server or servers. Run this on all management + server hosts: + + .. parsed-literal:: + + $ sudo service cloudstack-management stop + +#. If you are running a usage server or usage servers, stop those as well: + + .. parsed-literal:: + + $ sudo service cloudstack-usage stop + +#. Make a backup of your MySQL database. If you run into any issues or + need to roll back the upgrade, this will assist in debugging or + restoring your existing environment. You'll be prompted for your + password. + + .. parsed-literal:: + + $ mysqldump -u root -p -R cloud > cloud-backup_$(date +%Y-%m-%d-%H%M%S) + $ mysqldump -u root -p cloud_usage > cloud_usage-backup_$(date +%Y-%m-%d-%H%M%S) + + +.. _ubuntu414: +.. _apt-repo414: + +Management Server +----------------- + +Ubuntu +###### + +If you are using Ubuntu, follow this procedure to upgrade your packages. If +not, skip to step :ref:`rhel414`. + +.. note:: + **Community Packages:** This section assumes you're using the community + supplied packages for CloudStack. If you've created your own packages and + APT repository, substitute your own URL for the ones used in these examples. + +The first order of business will be to change the sources list for +each system with CloudStack packages. This means all management +servers, and any hosts that have the KVM agent (no changes should +be necessary for hosts that are running VMware or Xen.) + +Edit your ``/etc/apt/sources.list.d/cloudstack.list`` file on +any systems that have CloudStack packages installed to points to version |version| + +This file should have one line, which contains: + +.. parsed-literal:: + + deb http://download.cloudstack.org/ubuntu bionic |version| + +Setup the public key for the above repository: + +.. parsed-literal:: + + wget -qO - http://download.cloudstack.org/release.asc | sudo apt-key add - + +#. Now update your apt package list: + + .. parsed-literal:: + + $ sudo apt-get update + +#. Now that you have the repository configured, it's time to upgrade + the ``cloudstack-management`` package. + + .. parsed-literal:: + + $ sudo apt-get upgrade cloudstack-management + +#. If you use CloudStack usage server + + .. parsed-literal:: + + $ sudo apt-get upgrade cloudstack-usage + + +.. _rhel414: +.. _rpm-repo414: + +CentOS/RHEL +############## + +If you are using CentOS or RHEL, follow this procedure to upgrade your +packages. If not, skip to hypervisors section :ref:`upg_hyp_414`. + +.. note:: + **Community Packages:** This section assumes you're using the community + supplied packages for CloudStack. If you've created your own packages and + yum repository, substitute your own URL for the ones used in these examples. + +The first order of business will be to change the yum repository +for each system with CloudStack packages. This means all +management servers, and any hosts that have the KVM agent (no changes +should be necessary for hosts that are running VMware or Xen.) + +Change your ``/etc/yum.repos.d/cloudstack.repo`` file on +any systems that have CloudStack packages installed to points to version |version|. + +This file should have content similar to the following: + +.. parsed-literal:: + + [apache-cloudstack] + name=Apache CloudStack + baseurl=http://download.cloudstack.org/centos/$releasever/|version|/ + enabled=1 + gpgcheck=0 + +Setup the GPG public key if you wish to enable ``gpgcheck=1``: + +.. parsed-literal:: + + rpm --import http://download.cloudstack.org/RPM-GPG-KEY + +#. Now that you have the repository configured, it's time to upgrade the + ``cloudstack-management``. + + .. parsed-literal:: + + $ sudo yum upgrade cloudstack-management + +#. If you use CloudStack usage server + + .. parsed-literal:: + + $ sudo yum upgrade cloudstack-usage + +.. include:: _log4j_file_check.rst + +.. _upg_hyp_414: + +Upgrade Hypervisors +------------------- + +Hypervisor: XenServer +##################### + + +No additional steps are required for XenServer Hypervisor for this upgrade. + + +Hypervisor: VMware +################### + +.. warning:: + For VMware hypervisor, CloudStack management server packages must be + built using "noredist". Refer to :ref:`building-noredist`. + + +No additional steps are required for the VMware Hypervisor for this upgrade. + + +.. _kvm414: + +Hypervisor: KVM +################# + +KVM on Ubuntu +"""""""""""""" + +(KVM only) Additional steps are required for each KVM host. These +steps will not affect running guests in the cloud. These steps are +required only for clouds using KVM as hosts and only on the KVM +hosts. + +#. Configure the :ref:`APT repo ` as detailed above. + +#. Stop the running agent. + + .. parsed-literal:: + + $ sudo service cloudstack-agent stop + +#. Update the agent software. + + .. parsed-literal:: + + $ sudo apt-get upgrade cloudstack-agent + +#. Start the agent. + + .. parsed-literal:: + + $ sudo service cloudstack-agent start + + +KVM on CentOS/RHEL +""""""""""""""""""" + +For KVM hosts, upgrade the ``cloudstack-agent`` package + +#. Configure the :ref:`rpm-repo414` as detailed above. + + .. parsed-literal:: + + $ sudo yum install -y epel-release + $ sudo yum upgrade cloudstack-agent + +#. Restart the agent: + + .. parsed-literal:: + + $ sudo service cloudstack-agent stop + $ sudo service cloudstack-agent start + + +Restart management services +--------------------------- + +#. Now it's time to start the management server + + .. parsed-literal:: + + $ sudo service cloudstack-management start + +#. If you use it, start the usage server + + .. parsed-literal:: + + $ sudo service cloudstack-usage start + + +.. include:: _sysvm_restart.rst diff --git a/source/upgrading/upgrade/upgrade-4.22.rst b/source/upgrading/upgrade/upgrade-4.22.rst new file mode 100644 index 0000000000..333fa2aaca --- /dev/null +++ b/source/upgrading/upgrade/upgrade-4.22.rst @@ -0,0 +1,314 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +.. |version_to_upgrade| replace:: 4.22.x + +Upgrade Instruction from |version_to_upgrade| +============================================= + + +This section will show you how to upgrade from CloudStack |version_to_upgrade| to latest +CloudStack |release|. + +Any steps that are hypervisor-specific will be called out with a note. + +We recommend reading through this section once or twice before beginning +your upgrade procedure, and working through it on a test system before +working on a production system. + +.. note:: + The following upgrade instructions should be performed regardless of + hypervisor type. + +Overview of Upgrade Steps: +---------------------------- + +#. Check any customisations and integrations +#. Upload the |sysvm64-version| System VM template if not already using it. +#. Confirm Java 17 is the default Java version +#. Stop all running management servers +#. Backup CloudStack database (MySQL) +#. Upgrade 1st CloudStack management server +#. Update hypervisors specific dependencies +#. Restart 1st management server +#. Check that your upgraded environment works as expected +#. Upgrade and restart the remaining management servers + + +.. include:: _customisation_warnings.rst + +.. include:: _sysvm_templates.rst + +.. include:: _java_version.rst + +Packages repository +------------------- + +Most users of CloudStack manage the installation and upgrades of +CloudStack with one of Linux's predominant package systems, RPM or +APT. This guide assumes you'll be using RPM and Yum (for Red Hat +Enterprise Linux or CentOS), or APT and Debian packages (for Ubuntu). + +Create RPM or Debian packages (as appropriate) and a repository from +the |release| source, or check the Apache CloudStack downloads page at +http://cloudstack.apache.org/downloads.html +for package repositories supplied by community members. You will need +them for :ref:`ubuntu414` or :ref:`kvm414` hosts upgrade. + +Instructions for creating packages from the CloudStack source are in the +`CloudStack Installation Guide`_. + +Database Preparation +-------------------- + +Backup current database + +#. Stop your management server or servers. Run this on all management + server hosts: + + .. parsed-literal:: + + $ sudo systemctl stop cloudstack-management + +#. If you are running a usage server or usage servers, stop those as well: + + .. parsed-literal:: + + $ sudo systemctl stop cloudstack-usage + +#. Make a backup of your MySQL database. If you run into any issues or + need to roll back the upgrade, this will assist in debugging or + restoring your existing environment. You'll be prompted for your + password. + + .. parsed-literal:: + + $ mysqldump -u root -p -R cloud > cloud-backup_$(date +%Y-%m-%d-%H%M%S) + $ mysqldump -u root -p cloud_usage > cloud_usage-backup_$(date +%Y-%m-%d-%H%M%S) + +.. note:: + The -R option is required in the mysqldump command to retain MySQL stored procedures. + + +.. _ubuntu414: +.. _apt-repo414: + +Management Server +----------------- + +Ubuntu/Debian +###### + +If you are using Ubuntu, follow this procedure to upgrade your packages. If +not, skip to step :ref:`rhel414`. + +.. note:: + **Community Packages:** This section assumes you're using the community + supplied packages for CloudStack. If you've created your own packages and + APT repository, substitute your own URL for the ones used in these examples. + +The first order of business will be to change the sources list for +each system with CloudStack packages. This means all management +servers, and any hosts that have the KVM agent (no changes should +be necessary for hosts that are running VMware or Xen.) + +Edit your ``/etc/apt/sources.list.d/cloudstack.list`` file on +any systems that have CloudStack packages installed to points to version |version| + +This file should have one line, which contains: + +.. parsed-literal:: + + deb http://download.cloudstack.org/ubuntu noble |version| + +If you are using Debian, + +.. parsed-literal:: + + deb http://download.cloudstack.org/debian bookworm |version| + +Setup the public key for the above repository: + +.. parsed-literal:: + + wget -qO - http://download.cloudstack.org/release.asc | sudo apt-key add - + +#. Now update your apt package list: + + .. parsed-literal:: + + $ sudo apt update + +#. Now that you have the repository configured, it's time to upgrade + the ``cloudstack-management`` package. + + .. parsed-literal:: + + $ sudo apt-get install cloudstack-management + +#. If you use CloudStack usage server + + .. parsed-literal:: + + $ sudo apt-get install cloudstack-usage + + +.. _rhel414: +.. _rpm-repo414: + +CentOS/RHEL +############## + +If you are using CentOS or RHEL, follow this procedure to upgrade your +packages. If not, skip to hypervisors section :ref:`upg_hyp_414`. + +.. note:: + **Community Packages:** This section assumes you're using the community + supplied packages for CloudStack. If you've created your own packages and + yum repository, substitute your own URL for the ones used in these examples. + +The first order of business will be to change the yum repository +for each system with CloudStack packages. This means all +management servers, and any hosts that have the KVM agent (no changes +should be necessary for hosts that are running VMware or Xen.) + +Change your ``/etc/yum.repos.d/cloudstack.repo`` file on +any systems that have CloudStack packages installed to points to version |version|. + +This file should have content similar to the following: + +.. parsed-literal:: + + [apache-cloudstack] + name=Apache CloudStack + baseurl=http://download.cloudstack.org/centos/$releasever/|version|/ + enabled=1 + gpgcheck=0 + +Setup the GPG public key if you wish to enable ``gpgcheck=1``: + +.. parsed-literal:: + + rpm --import http://download.cloudstack.org/RPM-GPG-KEY + +#. Now that you have the repository configured, it's time to upgrade the + ``cloudstack-management``. + + .. parsed-literal:: + + $ sudo yum upgrade cloudstack-management + +#. If you use CloudStack usage server + + .. parsed-literal:: + + $ sudo yum upgrade cloudstack-usage + +.. include:: _log4j_file_check.rst + +.. _upg_hyp_414: + +Upgrade Hypervisors +------------------- + +Hypervisor: XenServer +##################### + + +No additional steps are required for XenServer Hypervisor for this upgrade. + + +Hypervisor: VMware +################### + +.. warning:: + For VMware hypervisor, CloudStack management server packages must be + built using "noredist". Refer to :ref:`building-noredist`. + + +No additional steps are required for the VMware Hypervisor for this upgrade. + + +.. _kvm414: + +Hypervisor: KVM +################# + +KVM on Ubuntu/Debian +"""""""""""""" + +(KVM only) Additional steps are required for each KVM host. These +steps will not affect running guests in the cloud. These steps are +required only for clouds using KVM as hosts and only on the KVM +hosts. + +#. Configure the :ref:`APT repo ` as detailed above. + +#. Stop the running agent. + + .. parsed-literal:: + + $ sudo systemctl stop cloudstack-agent + +#. Update the agent software. + + .. parsed-literal:: + + $ sudo apt-get install cloudstack-agent + +#. Start the agent. + + .. parsed-literal:: + + $ sudo systemctl start cloudstack-agent + + +KVM on CentOS/RHEL +""""""""""""""""""" + +For KVM hosts, upgrade the ``cloudstack-agent`` package + +#. Configure the :ref:`rpm-repo414` as detailed above. + + .. parsed-literal:: + + $ sudo yum install -y epel-release + $ sudo yum upgrade cloudstack-agent + +#. Restart the agent: + + .. parsed-literal:: + + $ sudo systemctl stop cloudstack-agent + $ sudo systemctl start cloudstack-agent + + +Restart management services +--------------------------- + +#. Now it's time to start the management server + + .. parsed-literal:: + + $ sudo systemctl start cloudstack-management + +#. If you use it, start the usage server + + .. parsed-literal:: + + $ sudo systemctl start cloudstack-usage + + +.. include:: _sysvm_restart.rst diff --git a/source/upgrading/upgrade/upgrade_java_17_notes.rst b/source/upgrading/upgrade/upgrade_java_17_notes.rst new file mode 100644 index 0000000000..a9a4c791f8 --- /dev/null +++ b/source/upgrading/upgrade/upgrade_java_17_notes.rst @@ -0,0 +1,43 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +.. CloudStack Release Notes documentation main file, created by + sphinx-quickstart on Fri Feb 7 16:00:59 2014. + You can adapt this file completely to your liking, but it should at least + contain the root `toctree` directive. + +|menu_acs_logo| + + +Upgrading CloudStack +==================== + +Java version upgraded to Java 17 +--------------------------------- + +As of Apache CloudStack 4.20, support for running with Java 17 has been added. +In later versions, support for Java 11 will be removed. + +If you are running CloudStack with Java 17, for CloudStack versions 4.20 and later: + * Verify /etc/default/cloudstack-management is consistent with https://github.com/apache/cloudstack/blob/main/packaging/systemd/cloudstack-management.default; Specifically, ensure that the following is present in the JAVA_OPTS: + + .. code-block:: bash + + --add-opens=java.base/java.lang=ALL-UNNAMED --add-exports=java.base/sun.security.x509=ALL-UNNAMED + + * Verify /etc/default/cloudstack-usage is also consistent with the same file in the repository. + * Perform the same check for /etc/default/cloudstack-agent on the hypervisor hosts. + +.. include:: _java_version.rst \ No newline at end of file diff --git a/source/upgrading/upgrade/upgrade_notes.rst b/source/upgrading/upgrade/upgrade_notes.rst deleted file mode 100644 index 6c763bb2cc..0000000000 --- a/source/upgrading/upgrade/upgrade_notes.rst +++ /dev/null @@ -1,132 +0,0 @@ -.. Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information# - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - - -General Upgrade Notes -===================== - -Java version upgraded to Java 17 ---------------------------------- - -As of Apache CloudStack 4.20, support for running with Java 17 has been added. -In later versions, support for Java 11 will be removed. - - -.. include:: _java_version.rst - - -Java version upgraded to Java 11 ---------------------------------- - -As of Apache CloudStack 4.14, Java version required is 11 for the -management-server, cloudstack-usage, KVM agent and system-VMs. - - -.. include:: _java_version.rst - -UI Deprecation and Removal Notice ---------------------------------- - -The current jQuery-based CloudStack UI is `deprecated -`_ in this release of CloudStack -and will be removed in the next release of Apache CloudStack. - -Migrating to dynamic roles feature ----------------------------------- - -As of Apache CloudStack 4.9, dynamic roles feature can be enabled after an -upgrade. Dynamic roles feature is enabled by default on new installations. - -Please read more about :ref:`using-dynamics-roles` -feature and process of migrating to using this after an upgrade. - -Agent and KVM Host Security ---------------------------- - -Starting 4.11, a new CA framework has been introduced that is used to secure -agent and management server connections. Starting 4.11.1, KVM hosts in UP -state that are not secured (i.e. the KVM host agent and libvirtd don't have -CA framework provisioned X509 certificates) will show up as 'Unsecure'. A new -button in the UI is available as well as an API to secure and onboard such -hosts. - -Please read more about :ref:`host-security` and the process of migrating existing KVM hosts and agents to use the new security -feature. - -OVS plug-in ------------ - -OVS plug-in functionality is disrupted if ovsdaemon crashes - -A critical functionality issue came out with `CLOUDSTACK-6779 `_. On XenServer it -is observed that on VIF unplug Ovs-Vswitchd is crashing resulting in loosing all -the openflow rules added to the bridge. Ovs daemon gets started and creates a -bridge but configure openflow rules are lost resulting in the disruption of -connectivity for the Instances on the host. - - -Active-Directory Authentication (LDAP) --------------------------------------- - -If using Active-Directory (LDAP/LDAPs) as User authentication; Upgrading to -4.3 and later require changes in Global Settings. After upgrading CloudStack -to 4.3 or latest, following Global Settings must be change: - -.. cssclass:: table-striped table-bordered table-hover - -======================= ============== ============== -Global Settings Default New -======================= ============== ============== -ldap.user.object inetOrgPerson user -ldap.username.attribute uid sAMAccountName -======================= ============== ============== - - -SystemVM 32bit deprecated -------------------------- - -32bit versions of System VM Templates are in the process of being deprecated. Upgrade instructions from this Release Notes use 64bit Templates. - -Explicit JDBC driver declaration --------------------------------- - -While upgrading, on some environments the following may be required to be -added in CloudStack's db.properties file: - - # Add these to your db.properties file - - db.cloud.driver=jdbc:mysql - - db.usage.driver=jdbc:mysql - - -MySQL 8.0 sql mode change -------------------------- - -MySQL mode (sql_mode) has changed in CloudStack db.properties to -"STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE, -ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION". - -This gets automatically applies to the MySQL session used by CloudStack management server. - -If the admin uses MySQL directly and wants to query tables it is advised to change the sql_mode in the corresponding session or globally. - -Eg. mysql> set global sql_mode="STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE, - "> ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION"; - Query OK, 0 rows affected (0.00 sec) - - mysql> set sql_mode="STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE, - "> ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION"; - Query OK, 0 rows affected (0.00 sec) \ No newline at end of file