Updated Branches: refs/heads/javelin db9cc97ab -> 6eedfdfb7
Master pull Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/6eedfdfb Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/6eedfdfb Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/6eedfdfb Branch: refs/heads/javelin Commit: 6eedfdfb79d2b56ce8244639dc1c1efa375702ea Parents: db9cc97 9110489 Author: Alex Huang <[email protected]> Authored: Fri Sep 14 11:20:45 2012 -0700 Committer: Alex Huang <[email protected]> Committed: Fri Sep 14 11:20:45 2012 -0700 ---------------------------------------------------------------------- .gitignore | 1 + cloud.spec | 2 +- console-proxy/systemvm-descriptor.xml | 18 + debian/cloud-agent-deps.install | 1 - debian/cloud-deps.install | 2 + debian/cloud-server.install | 2 +- debian/control | 2 +- deps/install-non-oss.sh | 16 + deps/pom.xml | 11 + docs/en-US/images/add-cluster.png | Bin 0 -> 46302 bytes docs/en-US/images/add-guest-network.png | Bin 0 -> 20547 bytes docs/en-US/images/add-new-gateway-vpc.png | Bin 0 -> 23184 bytes docs/en-US/images/add-tier.png | Bin 0 -> 14891 bytes docs/en-US/images/add-vpc.png | Bin 0 -> 16597 bytes docs/en-US/images/add-vpn-customer-gateway.png | Bin 0 -> 29851 bytes docs/en-US/images/autoscale-config.png | Bin 0 -> 39379 bytes docs/en-US/images/create-vpn-connection.png | Bin 0 -> 13613 bytes docs/en-US/images/enable-disable-autoscale.png | Bin 0 -> 913 bytes docs/en-US/images/guest-traffic-setup.png | Bin 0 -> 34022 bytes docs/en-US/images/icon.svg | 37 ++ docs/en-US/images/multi-tier-app.png | Bin 0 -> 200956 bytes docs/en-US/images/network-acl.png | Bin 0 -> 23333 bytes docs/en-US/images/network-setup-zone.png | Bin 0 -> 67410 bytes docs/en-US/images/network-singlepod.png | Bin 0 -> 18381 bytes docs/en-US/images/remove-tier.png | Bin 0 -> 7457 bytes docs/en-US/images/restart-vpc.png | Bin 0 -> 860 bytes docs/en-US/images/select-vm-staticnat-vpc.png | Bin 0 -> 17472 bytes docs/en-US/images/vm-lifecycle.png | Bin 0 -> 20783 bytes docs/en-US/images/vsphere-client.png | Bin 0 -> 81246 bytes docs/en-US/site-to-site-vpn.xml | 69 +++-- docs/en-US/vpc.xml | 265 +++++++++------ patches/cloudpatch-descriptor.xml | 16 + .../debian/config/etc/cron.daily/cloud-cleanup | 16 + patches/systemvm/debian/config/etc/default/cloud | 17 + .../debian/config/etc/default/cloud-passwd-srvr | 17 + patches/systemvm/debian/config/etc/init.d/cloud | 16 + .../debian/config/etc/init.d/cloud-early-config | 16 + .../debian/config/etc/init.d/cloud-passwd-srvr | 17 +- patches/systemvm/debian/config/etc/init.d/postinit | 17 + .../config/etc/iptables/iptables-consoleproxy | 18 +- .../debian/config/etc/iptables/iptables-elbvm | 17 + .../debian/config/etc/iptables/iptables-router | 17 + .../debian/config/etc/iptables/iptables-secstorage | 18 +- .../debian/config/etc/iptables/iptables-vpcrouter | 17 + .../debian/config/etc/iptables/rt_tables_init | 18 + patches/systemvm/debian/config/etc/iptables/rules | 17 + .../debian/config/opt/cloud/bin/checks2svpn.sh | 16 + .../debian/config/opt/cloud/bin/cloud-nic.sh | 17 +- .../debian/config/opt/cloud/bin/passwd_server | 16 + patches/systemvm/debian/systemvm.xml | 16 + .../.settings/org.eclipse.jdt.core.prefs | 13 - ..._reposExceptionDueToWrongReturnValueCheck.patch | 13 - .../OvmDontTouchOCFS2ClusterWhenAgentStart.patch | 13 - .../ovm/scripts/vm/hypervisor/ovm/OvmPatch.patch | 23 -- plugins/hypervisors/xen/build.xml | 2 +- .../network-elements/midokura-midonet/build.xml | 17 + pom.xml | 104 +++++- ui/scripts/dashboard.js | 19 +- ui/scripts/instances.js | 8 +- ui/scripts/templates.js | 70 +---- ui/scripts/ui-custom/dashboard.js | 1 + ui/scripts/ui/dialog.js | 116 +++---- wscript_configure | 2 +- 63 files changed, 792 insertions(+), 354 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/6eedfdfb/docs/en-US/site-to-site-vpn.xml ---------------------------------------------------------------------- diff --cc docs/en-US/site-to-site-vpn.xml index 9fb9eb7,a102ebe..6570aab --- a/docs/en-US/site-to-site-vpn.xml +++ b/docs/en-US/site-to-site-vpn.xml @@@ -22,28 -19,44 +19,44 @@@ under the License. --> <section id="site-to-site-vpn"> - <title>Setting Up a Site-to-Site VPN Connection</title> - <para>A Site-to-Site VPN connection helps you establish a secure connection from an enterprise - datacenter to the cloud infrastructure. This allows users to access the guest VMs by - establishing a VPN connection to the virtual router of the account from a device in the - datacenter of the enterprise. Having this facility eliminates the need to establish VPN - connections to individual VMs.</para> - <para>The supported endpoints on the remote datacenters are: </para> - <itemizedlist> - <listitem><para>Cisco ISR with IOS 12.4 or later</para></listitem> - <listitem><para>Juniper J-Series routers with JunOS 9.5 or later</para></listitem> - </itemizedlist><note><para>In addition to the specific Cisco and Juniper devices listed above, the expectation is that - any Cisco or Juniper device running on the supported operating systems are able to - establish VPN connections.</para></note> - <para> To set up a Site-to-Site VPN connection, perform the following:</para> - <orderedlist> - <listitem><para>Create a Virtual Private Cloud (VPC).</para><para>See <xref linkend="configure-vpc"/>.</para></listitem> - <listitem><para>Create a VPN Customer Gateway.</para></listitem> - <listitem><para>Create a VPN gateway for the VPC that you created.</para></listitem> - <listitem><para>Create VPN connection from the VPC VPN gateway to the customer VPN gateway.</para></listitem> - </orderedlist> - <xi:include href="create-vpn-customer-gateway.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="create-vpn-gateway-for-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="create-vpn-connection-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - <xi:include href="delete-reset-vpn.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> - </section> + <title>Setting Up a Site-to-Site VPN Connection</title> + <para>A Site-to-Site VPN connection helps you establish a secure connection from an enterprise + datacenter to the cloud infrastructure. This allows users to access the guest VMs by + establishing a VPN connection to the virtual router of the account from a device in the + datacenter of the enterprise. Having this facility eliminates the need to establish VPN + connections to individual VMs.</para> + <para>The supported endpoints on the remote datacenters are: </para> + <itemizedlist> + <listitem> + <para>Cisco ISR with IOS 12.4 or later</para> + </listitem> + <listitem> + <para>Juniper J-Series routers with JunOS 9.5 or later</para> + </listitem> + </itemizedlist> + <note> + <para>In addition to the specific Cisco and Juniper devices listed above, the expectation is + that any Cisco or Juniper device running on the supported operating systems are able to + establish VPN connections.</para> + </note> + <para> To set up a Site-to-Site VPN connection, perform the following:</para> + <orderedlist> + <listitem> + <para>Create a Virtual Private Cloud (VPC).</para> + <para>See <xref linkend="configure-vpc"/>.</para> + </listitem> + <listitem> + <para>Create a VPN Customer Gateway.</para> + </listitem> + <listitem> + <para>Create a VPN gateway for the VPC that you created.</para> + </listitem> + <listitem> + <para>Create VPN connection from the VPC VPN gateway to the customer VPN gateway.</para> + </listitem> + </orderedlist> + <xi:include href="create-vpn-customer-gateway.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="create-vpn-gateway-for-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="create-vpn-connection-vpc.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="delete-reset-vpn.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> -</section> ++</section> http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/6eedfdfb/docs/en-US/vpc.xml ---------------------------------------------------------------------- diff --cc docs/en-US/vpc.xml index 53953ad,cfa5fe1..0665d37 --- a/docs/en-US/vpc.xml +++ b/docs/en-US/vpc.xml @@@ -22,115 -19,165 +19,165 @@@ under the License. --> <section id="vpc"> - <title>About Virtual Private Clouds</title> - <para>&PRODUCT; Virtual Private Cloud is a private, isolated part of &PRODUCT;. A VPC - can have its own virtual network topology that resembles a traditional physical network. You - can launch VMs in the virtual network that can have private addresses in the range of your - choice, for example: 10.0.0.0/16. You can define network tiers within your VPC network - range, which in turn enables you to group similar kinds of instances based on IP address - range.</para> - <para>For example, if a VPC has the private range 10.0.0.0/16, its guest networks can have the network ranges 10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24, and so on.</para> - <formalpara> - <title>Major Components of a VPC:</title> - <para>A VPC is comprised of the following network components:</para> - </formalpara> + <title>About Virtual Private Clouds</title> + <para>&PRODUCT; Virtual Private Cloud is a private, isolated part of &PRODUCT;. A VPC can have its + own virtual network topology that resembles a traditional physical network. You can launch VMs + in the virtual network that can have private addresses in the range of your choice, for example: + 10.0.0.0/16. You can define network tiers within your VPC network range, which in turn enables + you to group similar kinds of instances based on IP address range.</para> + <para>For example, if a VPC has the private range 10.0.0.0/16, its guest networks can have the + network ranges 10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24, and so on.</para> + <formalpara> + <title>Major Components of a VPC:</title> + <para>A VPC is comprised of the following network components:</para> + </formalpara> + <itemizedlist> + <listitem> + <para><emphasis role="bold">VPC</emphasis>: A VPC acts as a container for multiple isolated + networks that can communicate with each other via its virtual router.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Network Tiers</emphasis>: Each tier acts as an isolated network + with its own VLANs and CIDR list, where you can place groups of resources, such as VMs. The + tiers are segmented by means of VLANs. The NIC of each tier acts as its gateway.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Virtual Router</emphasis>: A virtual router is automatically + created and started when you create a VPC. The virtual router connect the tiers and direct + traffic among the public gateway, the VPN gateways, and the NAT instances. For each tier, a + corresponding NIC and IP exist in the virtual router. The virtual router provides DNS and + DHCP services through its IP.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Public Gateway</emphasis>: The traffic to and from the Internet + routed to the VPC through the public gateway. In a VPC, the public gateway is not exposed to + the end user; therefore, static routes are not support for the public gateway.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Private Gateway</emphasis>: All the traffic to and from a private + network routed to the VPC through the private gateway. For more information, see <xref + linkend="add-gateway-vpc"/>.</para> + </listitem> + <listitem> + <para><emphasis role="bold">VPN Gateway</emphasis>: The VPC side of a VPN connection.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Site-to-Site VPN Connection</emphasis>: A hardware-based VPN + connection between your VPC and your datacenter, home network, or co-location facility. For + more information, see <xref linkend="site-to-site-vpn"/>.</para> + </listitem> + <listitem> + <para><emphasis role="bold">Customer Gateway</emphasis>: The customer side of a VPN + Connection. For more information, see <xref linkend="create-vpn-customer-gateway"/>.</para> + </listitem> + <listitem> + <para><emphasis role="bold">NAT Instance</emphasis>: An instance that provides Port Address + Translation for instances to access the Internet via the public gateway. For more + information, see <xref linkend="enable-disable-static-nat-vpc"/>.</para> + </listitem> + </itemizedlist> + <formalpara> + <title>Network Architecture in a VPC</title> + <para>In a VPC, the following four basic options of network architectures are present:</para> + </formalpara> + <itemizedlist> + <listitem> + <para>VPC with a public gateway only</para> + </listitem> + <listitem> + <para>VPC with public and private gateways</para> + </listitem> + <listitem> + <para>VPC with public and private gateways and site-to-site VPN access</para> + </listitem> + <listitem> + <para>VPC with a private gateway only and site-to-site VPN access</para> + </listitem> + </itemizedlist> + <formalpara> + <title>Connectivity Options for a VPC</title> + <para>You can connect your VPC to:</para> + </formalpara> + <itemizedlist> + <listitem> + <para>The Internet through the public gateway.</para> + </listitem> + <listitem> + <para>The corporate datacenter by using a site-to-site VPN connection through the VPN + gateway.</para> + </listitem> + <listitem> + <para>Both the Internet and your corporate datacenter by using both the public gateway and a + VPN gateway.</para> + </listitem> + </itemizedlist> + <formalpara> + <title>VPC Network Considerations</title> + <para>Consider the following before you create a VPC:</para> + </formalpara> + <itemizedlist> + <listitem> + <para>A VPC, by default, is created in the enabled state.</para> + </listitem> + <listitem> + <para>A VPC can be created in Advance zone only, and can't belong to more than one zone at a + time.</para> + </listitem> + <listitem> + <para>The default number of VPCs an account can create is 20. However, you can change it by + using the max.account.vpcs global parameter, which controls the maximum number of VPCs an + account is allowed to create.</para> + </listitem> + <listitem> + <para>The default number of tiers an account can create within a VPC is 3. You can configure + this number by using the vpc.max.networks parameter.</para> + </listitem> + <listitem> + <para>Each tier should have an unique CIDR in the VPC. Ensure that the tier's CIDR should be + within the VPC CIDR range.</para> + </listitem> + <listitem> + <para>A tier belongs to only one VPC. </para> + </listitem> + <listitem> + <para>All network tiers inside the VPC should belong to the same account.</para> + </listitem> + <listitem> + <para>When a VPC is created, by default, a SourceNAT IP is allocated to it. The Source NAT IP + is released only when the VPC is removed.</para> + </listitem> + <listitem> + <para>A public IP can be used for only one purpose at a time. If the IP is a sourceNAT, it + cannot be used for StaticNAT or port forwarding.</para> + </listitem> + <listitem> + <para>The instances only have a private IP address that you provision. To communicate with the + Internet, enable NAT to an instance that you launch in your VPC.</para> + </listitem> + <listitem> + <para>Only new networks can be added to a VPC. The maximum number of networks per VPC is + limited by the value you specify in the vpc.max.networks parameter. The default value is + three.</para> + </listitem> + <listitem> + <para>The load balancing service can be supported by only one tier inside the VPC.</para> + </listitem> + <listitem> + <para>If an IP address is assigned to a tier:</para> <itemizedlist> - <listitem><para><emphasis role="bold">VPC</emphasis>: A VPC acts as a container for multiple isolated - networks that can communicate with each other via its virtual router.</para></listitem> - <listitem><para><emphasis role="bold">Network Tiers</emphasis>: Each tier acts as an isolated network with its - own VLANs and CIDR list, where you can place groups of resources, such as VMs. The - tiers are segmented by means of VLANs. The NIC of each tier acts as its - gateway.</para></listitem> - <listitem><para><emphasis role="bold">Virtual Router</emphasis>: A virtual router is automatically created and - started when you create a VPC. The virtual router connect the tiers and direct - traffic among the public gateway, the VPN gateways, and the NAT instances. For each - tier, a corresponding NIC and IP exist in the virtual router. The virtual router - provides DNS and DHCP services through its IP.</para></listitem> - <listitem><para><emphasis role="bold">Public Gateway</emphasis>: The traffic to and from the Internet routed - to the VPC through the public gateway. In a VPC, the public gateway is not exposed - to the end user; therefore, static routes are not support for the public - gateway.</para></listitem> - <listitem><para><emphasis role="bold">Private Gateway</emphasis>: All the traffic to and from a private network routed to the VPC through the private gateway. For more information, see <xref linkend="add-gateway-vpc"/>.</para></listitem> - <listitem><para><emphasis role="bold">VPN Gateway</emphasis>: The VPC side of a VPN connection.</para></listitem> - <listitem><para><emphasis role="bold">Site-to-Site VPN Connection</emphasis>: A hardware-based VPN connection - between your VPC and your datacenter, home network, or co-location facility. For - more information, see <xref linkend="site-to-site-vpn"/>.</para></listitem> - <listitem><para><emphasis role="bold">Customer Gateway</emphasis>: The customer side of a VPN Connection. For - more information, see <xref linkend="create-vpn-customer-gateway"/>.</para></listitem> - <listitem><para><emphasis role="bold">NAT Instance</emphasis>: An instance that provides Port Address - Translation for instances to access the Internet via the public gateway. For more - information, see <xref linkend="enable-disable-static-nat-vpc"/>.</para></listitem> - </itemizedlist> - <formalpara> - <title>Network Architecture in a VPC</title> - <para>In a VPC, the following four basic options of network architectures are - present:</para> - </formalpara> - <itemizedlist> - <listitem><para>VPC with a public gateway only</para></listitem> - <listitem><para>VPC with public and private gateways</para></listitem> - <listitem><para>VPC with public and private gateways and site-to-site VPN access</para></listitem> - <listitem><para>VPC with a private gateway only and site-to-site VPN access</para></listitem> - </itemizedlist> - <formalpara> - <title>Connectivity Options for a VPC</title> - <para>You can connect your VPC to:</para></formalpara> - <itemizedlist> - <listitem><para>The Internet through the public gateway.</para></listitem> - <listitem><para>The corporate datacenter by using a site-to-site VPN connection through the VPN gateway.</para></listitem> - <listitem><para>Both the Internet and your corporate datacenter by using both the public gateway and a VPN gateway.</para></listitem> - </itemizedlist> - <formalpara><title>VPC Network Considerations</title> - <para>Consider the following before you create a VPC:</para></formalpara> - <itemizedlist><listitem> - <para>A VPC, by default, is created in the enabled state.</para> - </listitem> - <listitem> - <para>A VPC can be created in Advance zone only, and can't belong to more than one zone at a time.</para> - </listitem> <listitem> - <para>The default number of VPCs an account can create is 20. However, you can change it - by using the max.account.vpcs global parameter, which controls the maximum number of - VPCs an account is allowed to create.</para> + <para>That IP can't be used by more than one tier at a time in the VPC. For example, if + you have tiers A and B, and a public IP1, you can create a port forwarding rule by using + the IP either for A or B, but not for both.</para> </listitem> <listitem> - <para>The default number of tiers an account can create within a VPC is 3. You can - configure this number by using the vpc.max.networks parameter.</para> + <para>That IP can't be used for StaticNAT, load balancing, or port forwarding rules for + another guest network inside the VPC.</para> </listitem> + </itemizedlist> + </listitem> <listitem> - <para>Each tier should have an unique CIDR in the VPC. Ensure that the tier's CIDR - should be within the VPC CIDR range.</para> - </listitem> - <listitem> - <para>A tier belongs to only one VPC. </para> - </listitem> - <listitem> - <para>All network tiers inside the VPC should belong to the same account.</para> - </listitem> - <listitem> - <para>When a VPC is created, by default, a SourceNAT IP is allocated to it. The Source - NAT IP is released only when the VPC is removed.</para> - </listitem> - <listitem><para>A public IP can be used for only one purpose at a time. If the IP is a sourceNAT, it cannot be used for StaticNAT or port forwarding.</para> - </listitem> - <listitem><para>The instances only have a private IP address that you provision. To communicate with the Internet, enable NAT to an instance that you launch in your VPC.</para> - </listitem> - <listitem> - <para>Only new networks can be added to a VPC. The maximum number of networks per VPC is - limited by the value you specify in the vpc.max.networks parameter. The default - value is three.</para> - </listitem> - <listitem> - <para>The load balancing service can be supported by only one tier inside the - VPC.</para> - </listitem> - <listitem><para>If an IP address is assigned to a tier:</para><itemizedlist> - <listitem><para>That IP can't be used by more than one tier at a time in the VPC. For example, if you have - tiers A and B, and a public IP1, you can create a port forwarding rule by - using the IP either for A or B, but not for both.</para></listitem> - <listitem><para>That IP can't be used for StaticNAT, load balancing, or port forwarding rules for another - guest network inside the VPC.</para></listitem> - </itemizedlist> - </listitem> - <listitem><para>Remote access VPN is not supported in VPC networks.</para></listitem></itemizedlist> - </section> + <para>Remote access VPN is not supported in VPC networks.</para> + </listitem> + </itemizedlist> -</section> ++</section>
