http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/a6b15cb9/source/locale/pot/accounts.pot ---------------------------------------------------------------------- diff --git a/source/locale/pot/accounts.pot b/source/locale/pot/accounts.pot index 2bc6819..49fb0dc 100644 --- a/source/locale/pot/accounts.pot +++ b/source/locale/pot/accounts.pot @@ -1,14 +1,14 @@ # SOME DESCRIPTIVE TITLE. -# Copyright (C) +# Copyright (C) 2016, Apache Software Foundation # This file is distributed under the same license as the Apache CloudStack Administration Documentation package. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # #, fuzzy msgid "" msgstr "" -"Project-Id-Version: Apache CloudStack Administration Documentation 4\n" +"Project-Id-Version: Apache CloudStack Administration Documentation 4.8\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2014-06-30 12:52+0200\n" +"POT-Creation-Date: 2016-08-22 13:55+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <l...@li.org>\n" @@ -17,393 +17,418 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" #: ../../accounts.rst:18 -# bdc151e73be141a8ad0b4190c3102939 -msgid "Managing Accounts, Users and Domains" +msgid "Managing Roles, Accounts, Users and Domains" msgstr "" #: ../../accounts.rst:21 -# a49422e951994e72894009f0fc5cc963 -msgid "Accounts, Users, and Domains" +msgid "Roles, Accounts, Users, and Domains" msgstr "" #: ../../accounts.rst:24 -# 7316ca3f637249cbbf2f29bd75791600 -msgid "Accounts" +msgid "Roles" msgstr "" #: ../../accounts.rst:26 -# 7544ce31af194b279c9dcfb7ae37d3cc +msgid "A role represents a set of allowed functions. All CloudStack accounts have a role attached to them that enforce access rules on them to be allowed or disallowed to make an API request. Typically there are four default roles: root admin, resource admin, domain admin and user." +msgstr "" + +#: ../../accounts.rst:33 +msgid "Accounts" +msgstr "" + +#: ../../accounts.rst:35 msgid "An account typically represents a customer of the service provider or a department in a large organization. Multiple users can exist in an account." msgstr "" -#: ../../accounts.rst:32 -# e758840629a8483ba31892ff437911e1 +#: ../../accounts.rst:41 msgid "Domains" msgstr "" -#: ../../accounts.rst:34 -# 3e28d2a36b0642c08a698f6a4426e72c +#: ../../accounts.rst:43 msgid "Accounts are grouped by domains. Domains usually contain multiple accounts that have some logical relationship to each other and a set of delegated administrators with some authority over the domain and its subdomains. For example, a service provider with several resellers could create a domain for each reseller." msgstr "" -#: ../../accounts.rst:40 -# 79060520f2e046868f58925f3f2efc01 +#: ../../accounts.rst:49 msgid "For each account created, the Cloud installation creates three different types of user accounts: root administrator, domain administrator, and user." msgstr "" -#: ../../accounts.rst:46 -# 341bf7792d884c2d8180600a07351f62 +#: ../../accounts.rst:55 msgid "Users" msgstr "" -#: ../../accounts.rst:48 -# 8efee3ca63e44a4098ff5086e58f1249 +#: ../../accounts.rst:57 msgid "Users are like aliases in the account. Users in the same account are not isolated from each other, but they are isolated from users in other accounts. Most installations need not surface the notion of users; they just have one user per account. The same user cannot belong to multiple accounts." msgstr "" -#: ../../accounts.rst:54 -# 67a573904306470f87a1f3f6ad52a15f +#: ../../accounts.rst:63 msgid "Username is unique in a domain across accounts in that domain. The same username can exist in other domains, including sub-domains. Domain name can repeat only if the full pathname from root is unique. For example, you can create root/d1, as well as root/foo/d1, and root/sales/d1." msgstr "" -#: ../../accounts.rst:59 -# af85977a7aeb4aff9010bde059e08b23 +#: ../../accounts.rst:68 msgid "Administrators are accounts with special privileges in the system. There may be multiple administrators in the system. Administrators can create or delete other administrators, and change the password for any user in the system." msgstr "" -#: ../../accounts.rst:66 -# 8613eb42958647fba87ae1b922d58740 +#: ../../accounts.rst:75 msgid "Domain Administrators" msgstr "" -#: ../../accounts.rst:68 -# 901efdb2c8554033b865587a48a319f9 +#: ../../accounts.rst:77 msgid "Domain administrators can perform administrative operations for users who belong to that domain. Domain administrators do not have visibility into physical servers or other domains." msgstr "" -#: ../../accounts.rst:74 -# 5922a532b5814e479301a7d697eb8854 +#: ../../accounts.rst:83 msgid "Root Administrator" msgstr "" -#: ../../accounts.rst:76 -# 20be104d0a134bab92309e774b538dd4 +#: ../../accounts.rst:85 msgid "Root administrators have complete access to the system, including managing templates, service offerings, customer care administrators, and domains" msgstr "" -#: ../../accounts.rst:82 -# 7f9e7eaa9c5b4eaba5575b81514d4040 +#: ../../accounts.rst:91 msgid "Resource Ownership" msgstr "" -#: ../../accounts.rst:84 -# 3fad6f5edfb34464b707419ce6b7b4a6 +#: ../../accounts.rst:93 msgid "Resources belong to the account, not individual users in that account. For example, billing, resource limits, and so on are maintained by the account, not the users. A user can operate on any resource in the account provided the user has privileges for that operation. The privileges are determined by the role. A root administrator can change the ownership of any virtual machine from one account to any other account by using the assignVirtualMachine API. A domain or sub-domain administrator can do the same for VMs within the domain from one account to any other account in the domain or any of its sub-domains." msgstr "" -#: ../../accounts.rst:96 -# f25ec45041cd435d83eaf32720407dd4 +#: ../../accounts.rst:105 +msgid "Using Dynamic Roles" +msgstr "" + +#: ../../accounts.rst:107 +msgid "In addition to the four default roles, the dynamic role-based API checker feature allows CloudStack root admins to create new roles with customized permissions. The allow/deny rules can be configured dynamically during runtime without restarting the management server(s)." +msgstr "" + +#: ../../accounts.rst:112 +msgid "For backward compatiblity, all roles resolve to one of the four role types: admin, resource admin, domain admin and user. A new role can be created using the roles tab in the UI and specifying a name, a role type and optionally a description." +msgstr "" + +#: ../../accounts.rst:117 +msgid "Role specific rules can be configured through the rules tab on role specific details page. A rule is either an API name or a wildcard string that are one of allow or deny permission and optionally a description." +msgstr "" + +#: ../../accounts.rst:121 +msgid "When a user makes an API request, the backend checks the requested API against configured rules (in the order the rules were configured) for the caller user-account's role. It will iterate through the rules and would allow the API request if the API matches an allow rule, else if it matches a deny rule it would deny the request. Next, if the request API fails to match any of the configured rules it would allow if the requested API's default authorized annotaions allow that user role type and finally deny the user API request if it fails to be explicitly allowed/denied by the role permission rules or the default API authorize annotations. Note: to avoid root admin being locked out of the system, all root admin accounts are allowed all APIs." +msgstr "" + +#: ../../accounts.rst:132 +msgid "The dynamic-roles feature is enabled by default only for all new CloudStack installations since version `4.9.x <https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack>`_." +msgstr "" + +#: ../../accounts.rst:135 +msgid "After an upgrade, existing deployments can be migrated to use this feature by running a migration tool by the CloudStack admin. The migration tool is located at ``/usr/share/cloudstack-common/scripts/util/migrate-dynamicroles.py``." +msgstr "" + +#: ../../accounts.rst:139 +msgid "During migration, this tool enables an internal flag in the database, copies existing static role-based rules from provided commands.properties file (typically at ``/etc/cloudstack/management/commands.properties``) to the database and renames the commands.properties file (typically to /etc/cloudstack/management/commands.properties.deprecated). The migration process does not require restarting the management server(s)." +msgstr "" + +#: ../../accounts.rst:146 +msgid "Usage: ``migrate-dynamicroles.py`` [options] [-h for help]" +msgstr "" + +#: ../../accounts.rst:148 +msgid "Options:" +msgstr "" + +#: ../../accounts.rst:151 +msgid "The name of the database, default: cloud" +msgstr "" + +#: ../../accounts.rst:153 +msgid "User name a MySQL user with privileges on cloud database, default: cloud" +msgstr "" + +#: ../../accounts.rst:155 +msgid "Password of a MySQL user with privileges on cloud database" +msgstr "" + +#: ../../accounts.rst:157 +msgid "Host or IP of the MySQL server" +msgstr "" + +#: ../../accounts.rst:159 +msgid "Host or IP of the MySQL server, default: 3306" +msgstr "" + +#: ../../accounts.rst:161 +msgid "The commands.properties file, default: /etc/cloudstack/management/commands.properties" +msgstr "" + +#: ../../accounts.rst:163 +msgid "Dry run and debug operations this tool will perform" +msgstr "" + +#: ../../accounts.rst:166 +msgid "Example:" +msgstr "" + +#: ../../accounts.rst:168 +msgid "sudo python /usr/share/cloudstack-common/scripts/util/migrate-dynamicroles.py -u cloud -p cloud -h localhost -p 3006 -f /etc/cloudstack/management/commands.properties" +msgstr "" + +#: ../../accounts.rst:170 +msgid "If you've multiple management servers, remove or rename the commands.properties file on all management servers typically in /etc/cloudstack/management path, after running the migration tool for the first management server" +msgstr "" + +#: ../../accounts.rst:176 msgid "Dedicating Resources to Accounts and Domains" msgstr "" -#: ../../accounts.rst:98 -# 8a6427fc034647e681a14ca03224406c +#: ../../accounts.rst:178 msgid "The root administrator can dedicate resources to a specific domain or account that needs private infrastructure for additional security or performance guarantees. A zone, pod, cluster, or host can be reserved by the root administrator for a specific domain or account. Only users in that domain or its subdomain may use the infrastructure. For example, only users in a given domain can create guests in a zone dedicated to that domain." msgstr "" -#: ../../accounts.rst:106 -# 13b20e92d1144d5da1089384a9ce4e59 +#: ../../accounts.rst:186 msgid "There are several types of dedication available:" msgstr "" -#: ../../accounts.rst:108 -# a62e7433baeb444386932b41fe5601fa +#: ../../accounts.rst:188 msgid "Explicit dedication. A zone, pod, cluster, or host is dedicated to an account or domain by the root administrator during initial deployment and configuration." msgstr "" -#: ../../accounts.rst:112 -# 29fbffa86cfd49b4aa29ea7d373eaa03 +#: ../../accounts.rst:192 msgid "Strict implicit dedication. A host will not be shared across multiple accounts. For example, strict implicit dedication is useful for deployment of certain types of applications, such as desktops, where no host can be shared between different accounts without violating the desktop software's terms of license." msgstr "" -#: ../../accounts.rst:118 -# a821acd0f71541708e12788d2fbc5d75 +#: ../../accounts.rst:198 msgid "Preferred implicit dedication. The VM will be deployed in dedicated infrastructure if possible. Otherwise, the VM can be deployed in shared infrastructure." msgstr "" -#: ../../accounts.rst:124 -# b498c9fe36a94f2588d7a9e4494a761d +#: ../../accounts.rst:204 msgid "How to Dedicate a Zone, Cluster, Pod, or Host to an Account or Domain" msgstr "" -#: ../../accounts.rst:126 -# 62ce22c4d6f346b79218ff7a937ee3e2 +#: ../../accounts.rst:206 msgid "For explicit dedication: When deploying a new zone, pod, cluster, or host, the root administrator can click the Dedicated checkbox, then choose a domain or account to own the resource." msgstr "" -#: ../../accounts.rst:130 -# 9dfe3b7a9e87411d9694c32c5e4f891e +#: ../../accounts.rst:210 msgid "To explicitly dedicate an existing zone, pod, cluster, or host: log in as the root admin, find the resource in the UI, and click the Dedicate button. |button to dedicate a zone, pod,cluster, or host|" msgstr "" -#: ../../accounts.rst:134 -# 90707af3ed2b4e6fa7875e9bdd890252 +#: ../../accounts.rst:214 msgid "For implicit dedication: The administrator creates a compute service offering and in the Deployment Planner field, chooses ImplicitDedicationPlanner. Then in Planner Mode, the administrator specifies either Strict or Preferred, depending on whether it is permissible to allow some use of shared resources when dedicated resources are not available. Whenever a user creates a VM based on this service offering, it is allocated on one of the dedicated hosts." msgstr "" -#: ../../accounts.rst:144 -# fda3697ce3a4454da72edbe9f02b3564 +#: ../../accounts.rst:224 msgid "How to Use Dedicated Hosts" msgstr "" -#: ../../accounts.rst:146 -# cfd0e245a5a2498b9fa7c89160957ffe +#: ../../accounts.rst:226 msgid "To use an explicitly dedicated host, use the explicit-dedicated type of affinity group (see `âAffinity Groupsâ <virtual_machines.html#affinity-groups>`_). For example, when creating a new VM, an end user can choose to place it on dedicated infrastructure. This operation will succeed only if some infrastructure has already been assigned as dedicated to the user's account or domain." msgstr "" -#: ../../accounts.rst:155 -# 86abbd3940f34e96a1ad71a01dc6339d +#: ../../accounts.rst:235 msgid "Behavior of Dedicated Hosts, Clusters, Pods, and Zones" msgstr "" -#: ../../accounts.rst:157 -# a9963e63da4e48f2a2b7b7fdad96ba29 +#: ../../accounts.rst:237 msgid "The administrator can live migrate VMs away from dedicated hosts if desired, whether the destination is a host reserved for a different account/domain or a host that is shared (not dedicated to any particular account or domain). CloudStack will generate an alert, but the operation is allowed." msgstr "" -#: ../../accounts.rst:163 -# a9a8992734b0490aac5bd5e5efa45483 +#: ../../accounts.rst:243 msgid "Dedicated hosts can be used in conjunction with host tags. If both a host tag and dedication are requested, the VM will be placed only on a host that meets both requirements. If there is no dedicated resource available to that user that also has the host tag requested by the user, then the VM will not deploy." msgstr "" -#: ../../accounts.rst:169 -# 694b1842b07049c094a79e240c2db934 +#: ../../accounts.rst:249 msgid "If you delete an account or domain, any hosts, clusters, pods, and zones that were dedicated to it are freed up. They will now be available to be shared by any account or domain, or the administrator may choose to re-dedicate them to a different account or domain." msgstr "" -#: ../../accounts.rst:174 -# 9676e7d49a4247c0bd41a3d53e7482a1 +#: ../../accounts.rst:254 msgid "System VMs and virtual routers affect the behavior of host dedication. System VMs and virtual routers are owned by the CloudStack system account, and they can be deployed on any host. They do not adhere to explicit dedication. The presence of system vms and virtual routers on a host makes it unsuitable for strict implicit dedication. The host can not be used for strict implicit dedication, because the host already has VMs of a specific account (the default system account). However, a host with system VMs or virtual routers can be used for preferred implicit dedication." msgstr "" -#: ../../accounts.rst:186 -# c3ac9b9cb46f4fa7b6ea8d96adc7111e +#: ../../accounts.rst:266 msgid "Using an LDAP Server for User Authentication" msgstr "" -#: ../../accounts.rst:188 -# 4c358cdbd0ef4ea8bae9aa240f1b4e4a -msgid "You can use an external LDAP server such as Microsoft Active Directory or ApacheDS to authenticate CloudStack end-users. Just map CloudStack accounts to the corresponding LDAP accounts using a query filter. The query filter is written using the query syntax of the particular LDAP server, and can include special wildcard characters provided by CloudStack for matching common values such as the userâs email address and name. CloudStack will search the external LDAP directory tree starting at a specified base directory and return the distinguished name (DN) and password of the matching user. This information along with the given password is used to authenticate the user.." +#: ../../accounts.rst:268 +msgid "You can use an external LDAP server such as Microsoft Active Directory or ApacheDS to authenticate CloudStack end-users. CloudStack will search the external LDAP directory tree starting at a specified base directory and gets user info such as first name, last name, email and username." msgstr "" -#: ../../accounts.rst:199 -# 14c749c7da61408588c8e8cdaa11796c -msgid "To set up LDAP authentication in CloudStack, call the CloudStack API command ldapConfig and provide the following:" +#: ../../accounts.rst:273 +msgid "To authenticate, username and password entered by the user are used. Cloudstack does a search for a user with the given username. If it exists, it does a bind request with DN and password." msgstr "" -#: ../../accounts.rst:202 -# c4708aa56b75423080f17f84ec2a37a4 -msgid "Hostname or IP address and listening port of the LDAP server" +#: ../../accounts.rst:277 +msgid "To set up LDAP authentication in CloudStack, call the CloudStack API command ``addLdapConfiguration`` and provide Hostname or IP address and listening port of the LDAP server. You could configure multiple servers as well. These are expected to be replicas. If one fails, the next one is used." msgstr "" -#: ../../accounts.rst:204 -# ff4d11fcc40f4d5c86ce032c3d6e6a76 -msgid "Base directory and query filter" +#: ../../accounts.rst:283 +msgid "The following global configurations should also be configured (the default values are for openldap)" msgstr "" -#: ../../accounts.rst:206 -# 0b5fce75930e49b19cf1d00062c78539 -msgid "Search user DN credentials, which give CloudStack permission to search on the LDAP server" +#: ../../accounts.rst:286 +msgid "``ldap.basedn``: Sets the basedn for LDAP. Ex: **OU=APAC,DC=company,DC=com**" msgstr "" -#: ../../accounts.rst:209 -# c3d66516470141c3af861a4b24f45150 -msgid "SSL keystore and password, if SSL is used" +#: ../../accounts.rst:288 +msgid "``ldap.bind.principal``, ``ldap.bind.password``: DN and password for a user who can list all the users in the above basedn. Ex: **CN=Administrator, OU=APAC, DC=company, DC=com**" msgstr "" -#: ../../accounts.rst:213 -# 6e565fd7b02d4a97b86b380e839f129f -msgid "Example LDAP Configuration Commands" +#: ../../accounts.rst:292 +msgid "``ldap.user.object``: object type of users within LDAP. Defaults value is **user** for AD and **inetorgperson** for openldap." msgstr "" -#: ../../accounts.rst:215 -# ee72e29a6b33456684ebcbfd012c075a -msgid "To understand the examples in this section, you need to know the basic concepts behind calling the CloudStack API, which are explained in the Developerâs Guide." +#: ../../accounts.rst:295 +msgid "``ldap.email.attribute``: email attribute within ldap for a user. Default value for AD and openldap is **mail**." msgstr "" -#: ../../accounts.rst:219 -# 065e58a0d0f74c8d84670251cf00c487 -msgid "The following shows an example invocation of ldapConfig with an ApacheDS LDAP server" +#: ../../accounts.rst:298 +msgid "``ldap.firstname.attribute``: firstname attribute within ldap for a user. Default value for AD and openldap is **givenname**." msgstr "" -#: ../../accounts.rst:226 -# 31d88144f8004adf8efd11cf7f9db7bd -msgid "The command must be URL-encoded. Here is the same example without the URL encoding:" +#: ../../accounts.rst:301 +msgid "``ldap.lastname.attribute``: lastname attribute within ldap for a user. Default value for AD and openldap is **sn**." msgstr "" -#: ../../accounts.rst:244 -# 884cde7f5dbd499ba1c28ff09380c692 -msgid "The following shows a similar command for Active Directory. Here, the search base is the testing group within a company, and the users are matched up based on email address." +#: ../../accounts.rst:304 +msgid "``ldap.username.attribute``: username attribute for a user within LDAP. Default value is **SAMAccountName** for AD and **uid** for openldap." msgstr "" -#: ../../accounts.rst:252 -# d2675a267aa34f4ea3fe2bba2300b61c -msgid "The next few sections explain some of the concepts you will need to know when filling out the ldapConfig parameters." +#: ../../accounts.rst:309 +msgid "Restricting LDAP users to a group:" msgstr "" -#: ../../accounts.rst:257 -# befdce0cfd624549844139c917a82bb4 -msgid "Search Base" +#: ../../accounts.rst:311 +msgid "``ldap.search.group.principle``: this is optional and if set only users from this group are listed." msgstr "" -#: ../../accounts.rst:259 -# 1522f19d5a2a4e35a8bedc5d147a1af1 -msgid "An LDAP query is relative to a given node of the LDAP directory tree, called the search base. The search base is the distinguished name (DN) of a level of the directory tree below which all users can be found. The users can be in the immediate base directory or in some subdirectory. The search base may be equivalent to the organization, group, or domain name. The syntax for writing a DN varies depending on which LDAP server you are using. A full discussion of distinguished names is outside the scope of our documentation. The following table shows some examples of search bases to find users in the testing department.." +#: ../../accounts.rst:316 +msgid "LDAP SSL:" msgstr "" -#: ../../accounts.rst:270 -#: ../../accounts.rst:328 -# 3649e87915d24059beec30463e0abd10 -# eb0f32160dd24b21991c2f454df60742 -msgid "LDAP Server" +#: ../../accounts.rst:318 +msgid "If the LDAP server requires SSL, you need to enable the below configurations. Before enabling SSL for LDAP, you need to get the certificate which the LDAP server is using and add it to a trusted keystore. You will need to know the path to the keystore and the password." msgstr "" -#: ../../accounts.rst:270 -# d8fb5f498afb4ee1aa6669b39f1e34be -msgid "Example Search Base DN" +#: ../../accounts.rst:322 +msgid "``ldap.truststore`` : truststore path" msgstr "" -#: ../../accounts.rst:272 -#: ../../accounts.rst:330 -# 2e421fc0d49d4a819b31999dc3cae2e0 -# a0327a00878d45dab6dc0bc777814674 -msgid "ApacheDS" +#: ../../accounts.rst:323 +msgid "``ldap.truststore.password`` : truststore password" msgstr "" -#: ../../accounts.rst:272 -# 6c854d5e6cdd4e3aadda7dd9be769a53 -msgid "OU=testing, O=project" +#: ../../accounts.rst:327 +msgid "LDAP groups:" msgstr "" -#: ../../accounts.rst:273 -#: ../../accounts.rst:331 -# a1fbaf989c584a248386911c51fd2fba -# c776e850eb3e4d64b262a32a9d302bfb -msgid "Active Directory" +#: ../../accounts.rst:329 +msgid "``ldap.group.object``: object type of groups within LDAP. Default value is group for AD and **groupOfUniqueNames** for openldap." msgstr "" -#: ../../accounts.rst:273 -# 5d0095ff2d7044e7b60bc1754210dd3c -msgid "OU=testing, DC=company" +#: ../../accounts.rst:332 +msgid "``ldap.group.user.uniquemember``: attribute for uniquemembers within a group. Default value is **member** for AD and **uniquemember** for openldap." msgstr "" -#: ../../accounts.rst:278 -# 8309dae488944f0aae3e84a8e1a97ac3 -msgid "Query Filter" +#: ../../accounts.rst:335 +msgid "Once configured, on Add Account page, you will see an \"Add LDAP Account\" button which opens a dialog and the selected users can be imported." msgstr "" -#: ../../accounts.rst:280 -# c523dbbf5dd94c62a2e3927a8f3123dc -msgid "The query filter is used to find a mapped user in the external LDAP server. The query filter should uniquely map the CloudStack user to LDAP user for a meaningful authentication. For more information about query filter syntax, consult the documentation for your LDAP server." +#: ../../accounts.rst:342 +msgid "You could also use api commands: ``listLdapUsers``, ``ldapCreateAccount`` and ``importLdapUsers``." msgstr "" -#: ../../accounts.rst:285 -# f4f9c13ceefa4163962bd3cfab257852 -msgid "The CloudStack query filter wildcards are:" +#: ../../accounts.rst:345 +msgid "Once LDAP is enabled, the users will not be allowed to changed password directly in cloudstack." msgstr "" -#: ../../accounts.rst:288 -# bab683973b9045339c8df3488bc5dd1c -msgid "Query Filter Wildcard" +#: ../../accounts.rst:353 +msgid "Using a SAML 2.0 Identity Provider for User Authentication" msgstr "" -#: ../../accounts.rst:288 -# a94af335cc864d9a962f1fb9b7b5f72c -msgid "Description" +#: ../../accounts.rst:355 +msgid "You can use a SAML 2.0 Identity Provider with CloudStack for user authentication. This will require enabling the SAML 2.0 service provider plugin in CloudStack. To do that first, enable the SAML plugin by setting ``saml2.enabled`` to ``true`` and restart management server." msgstr "" -#: ../../accounts.rst:290 -# 334393ba6786415e91a2ed1a22d26adb -msgid "%u" +#: ../../accounts.rst:360 +msgid "Starting 4.5.2, the SAML plugin uses an authorization workflow where users should be authorized by an admin using ``authorizeSamlSso`` API before those users can use Single Sign On against a specific IDP. This can be done by ticking the enable SAML Single Sign On checkbox and selecting a IDP when adding or importing users. For existing users, admin can go to the user's page and click on configure SAML SSO option to enable/disable SSO for a user and select a Identity Provider. A user can be authorized to authenticate against only one IDP." msgstr "" -#: ../../accounts.rst:290 -# 151cd28e952d4ff98ff9d1544698ccb8 -msgid "User name" +#: ../../accounts.rst:368 +msgid "The CloudStack service provider metadata is accessible using the ``getSPMetadata`` API command, or from the URL http://acs-server:8080/client/api?command=getSPMetadata where acs-server is the domain name or IP address of the management server. The IDP administrator can get the SP metadata from CloudStack and add it to their IDP server." msgstr "" -#: ../../accounts.rst:291 -# f1f86cbcf39e412fb298da7653a123d3 -msgid "%e" +#: ../../accounts.rst:374 +msgid "To start a SAML 2.0 Single Sign-On authentication, on the login page users need to select the Identity Provider or Institution/Department they can authenticate with and click on Login button. This action call the ``samlsso`` API command which will redirect the user to the Identity Provider's login page. Upon successful authentication, the IdP will redirect the user to CloudStack. In case a user has multiple user accounts with the same username (across domains) for the same authorized IDP, that user would need to specify domainpath after selecting their IDP server from the dropdown list. By default, users don't need to specify any domain path. After a user is successfully authenticated by an IDP server, the SAML authentication plugin finds user accounts whose username match the username attribute value returned by the SAML authentication response; it fails only when it finds that there are multiple user accounts with the same user name for the specific IDP otherwise the unique useraccount is allowed to proceed and the user is logged into their account." msgstr "" -#: ../../accounts.rst:291 -# fdf52531788c41fabb814f45f07b178a -msgid "Email address" +#: ../../accounts.rst:389 +msgid "Limitations:" msgstr "" -#: ../../accounts.rst:292 -# 6e5b529e3da248ee85f1e20f81bd8e1c -msgid "%n" +#: ../../accounts.rst:391 +msgid "The plugin uses a user attribute returned by the IDP server in the SAML response to find and map the authorized user in CloudStack. The default attribute is `uid`." msgstr "" -#: ../../accounts.rst:292 -# 4704eb3b3e494ad3bc2105d98a3c84a9 -msgid "First and last name" +#: ../../accounts.rst:394 +msgid "The SAML authentication plugin supports HTTP-Redirect and HTTP-Post bindings." msgstr "" -#: ../../accounts.rst:295 -# 51612c6475e246f7b7d8a156605a2323 -msgid "The following examples assume you are using Active Directory, and refer to user attributes from the Active Directory schema." +#: ../../accounts.rst:396 +msgid "Tested with Shibboleth 2.4, SSOCircle, Microsoft ADFS, OneLogin, Feide OpenIDP, PingIdentity." msgstr "" -#: ../../accounts.rst:298 -# d853815e3f894dcdbb92be883305dc5b -msgid "If the CloudStack user name is the same as the LDAP user ID:" +#: ../../accounts.rst:399 +msgid "The following global configuration should be configured:" msgstr "" -#: ../../accounts.rst:304 -# d0bb623240d0410eb8d70ed22ba5a2f8 -msgid "If the CloudStack user name is the LDAP display name:" +#: ../../accounts.rst:401 +msgid "``saml2.enabled``: Indicates whether SAML SSO plugin is enabled or not true. Default is **false**" msgstr "" -#: ../../accounts.rst:310 -# 0a96c3c2516946c1b4260fd4d4d6ffb7 -msgid "To find a user by email address:" +#: ../../accounts.rst:403 +msgid "``saml2.sp.id``: SAML2 Service Provider Identifier string" msgstr "" -#: ../../accounts.rst:318 -# 5b63c901fb5a4d208df8e362234d1cba -msgid "Search User Bind DN" +#: ../../accounts.rst:405 +msgid "``saml2.idp.metadata.url``: SAML2 Identity Provider Metadata XML Url or Filename. If a URL is not provided, it will look for a file in the config directory /etc/cloudstack/management" +msgstr "" + +#: ../../accounts.rst:407 +msgid "``saml2.default.idpid``: The default IdP entity ID to use only in case of multiple IdPs" +msgstr "" + +#: ../../accounts.rst:409 +msgid "``saml2.sigalg``: The algorithm to use to when signing a SAML request. Default is SHA1, allowed algorithms: SHA1, SHA256, SHA384, SHA512." +msgstr "" + +#: ../../accounts.rst:411 +msgid "``saml2.redirect.url``: The CloudStack UI url the SSO should redirected to when successful. Default is **http://localhost:8080/client**"; +msgstr "" + +#: ../../accounts.rst:413 +msgid "``saml2.sp.org.name``: SAML2 Service Provider Organization Name" +msgstr "" + +#: ../../accounts.rst:415 +msgid "``saml2.sp.org.url``: SAML2 Service Provider Organization URL" msgstr "" -#: ../../accounts.rst:320 -# 92769f4cb5be444cab0bcb685ebe1cc4 -msgid "The bind DN is the user on the external LDAP server permitted to search the LDAP directory within the defined search base. When the DN is returned, the DN and passed password are used to authenticate the CloudStack user with an LDAP bind. A full discussion of bind DNs is outside the scope of our documentation. The following table shows some examples of bind DNs." +#: ../../accounts.rst:417 +msgid "``saml2.sp.contact.email``: SAML2 Service Provider Contact Email Address" msgstr "" -#: ../../accounts.rst:328 -# 7fcc45a0be9241b09a01d2287541d652 -msgid "Example Bind DN" +#: ../../accounts.rst:419 +msgid "``saml2.sp.contact.person``: SAML2 Service Provider Contact Person Name" msgstr "" -#: ../../accounts.rst:330 -# b4c0b2f84be54e32820cac392b6c9c75 -msgid "CN=Administrator,DC=testing,OU=project,OU=org" +#: ../../accounts.rst:421 +msgid "``saml2.sp.slo.url``: SAML2 CloudStack Service Provider Single Log Out URL" msgstr "" -#: ../../accounts.rst:331 -# 46e145ddbc9f47e08b21fa2631ed9fa7 -msgid "CN=Administrator, OU=testing, DC=company, DC=com" +#: ../../accounts.rst:423 +msgid "``saml2.sp.sso.url``: SAML2 CloudStack Service Provider Single Sign On URL" msgstr "" -#: ../../accounts.rst:336 -# cbaaf7054abf480eb88b336ba62a097b -msgid "SSL Keystore Path and Password" +#: ../../accounts.rst:425 +msgid "``saml2.user.attribute``: Attribute name to be looked for in SAML response that will contain the username. Default is **uid**" msgstr "" -#: ../../accounts.rst:338 -# 8a6a84c57cc144edb9a20e63c71ddedc -msgid "If the LDAP server requires SSL, you need to enable it in the ldapConfig command by setting the parameters ssl, truststore, and truststorepass. Before enabling SSL for ldapConfig, you need to get the certificate which the LDAP server is using and add it to a trusted keystore. You will need to know the path to the keystore and the password." +#: ../../accounts.rst:427 +msgid "``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300. Default is 1800" msgstr ""
http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/a6b15cb9/source/locale/pot/administration.pot ---------------------------------------------------------------------- diff --git a/source/locale/pot/administration.pot b/source/locale/pot/administration.pot index 4c7627a..deffb99 100644 --- a/source/locale/pot/administration.pot +++ b/source/locale/pot/administration.pot @@ -1,14 +1,14 @@ # SOME DESCRIPTIVE TITLE. -# Copyright (C) +# Copyright (C) 2016, Apache Software Foundation # This file is distributed under the same license as the Apache CloudStack Administration Documentation package. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # #, fuzzy msgid "" msgstr "" -"Project-Id-Version: Apache CloudStack Administration Documentation 4\n" +"Project-Id-Version: Apache CloudStack Administration Documentation 4.8\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2014-06-30 12:52+0200\n" +"POT-Creation-Date: 2016-08-22 13:55+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <l...@li.org>\n" @@ -17,47 +17,38 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" #: ../../administration.rst:18 -# 29cfff43a2514946ad4c3499ebefbed6 msgid "User Services" msgstr "" #: ../../administration.rst:20 -# d7001feee3bd4b298a4c17869c0c45dc msgid "In addition to the physical and logical infrastructure of your cloud and the CloudStack software and servers, you also need a layer of user services so that people can actually make use of the cloud. This means not just a user UI, but a set of options and resources that users can choose from, such as templates for creating virtual machines, disk storage, and more. If you are running a commercial service, you will be keeping track of what services and resources users are consuming and charging them for that usage. Even if you do not charge anything for people to use your cloud â say, if the users are strictly internal to your organization, or just friends who are sharing your cloud â you can still keep track of what services they use and how much of them." msgstr "" #: ../../administration.rst:34 -# 8691c3078d2741dabb85f469a7b58373 msgid "Service Offerings, Disk Offerings, Network Offerings, and Templates" msgstr "" #: ../../administration.rst:36 -# 82a1a03c5a234653b024700134d18169 msgid "A user creating a new instance can make a variety of choices about its characteristics and capabilities. CloudStack provides several ways to present users with choices when creating a new instance:" msgstr "" #: ../../administration.rst:40 -# 5b79acf1c4034cf09e56634938cbfd33 msgid "Service Offerings, defined by the CloudStack administrator, provide a choice of CPU speed, number of CPUs, RAM size, tags on the root disk, and other choices. See Creating a New Compute Offering." msgstr "" #: ../../administration.rst:44 -# d71f7d3d0dda4061838347d6fc7e35fc msgid "Disk Offerings, defined by the CloudStack administrator, provide a choice of disk size and IOPS (Quality of Service) for primary data storage. See Creating a New Disk Offering." msgstr "" #: ../../administration.rst:48 -# c00720676a8a4c4a9d423dd5f5743f4c msgid "Network Offerings, defined by the CloudStack administrator, describe the feature set that is available to end users from the virtual router or external networking devices on a given guest network. See Network Offerings." msgstr "" #: ../../administration.rst:53 -# 169ad751a60e44929103a91c102ac2a2 msgid "Templates, defined by the CloudStack administrator or by any CloudStack user, are the base OS images that the user can choose from when creating a new instance. For example, CloudStack includes CentOS as a template. See Working with Templates." msgstr "" #: ../../administration.rst:58 -# 81b027ebc2094409b6f28288660792c7 msgid "In addition to these choices that are provided for users, there is another type of service offering which is available only to the CloudStack root administrator, and is used for configuring virtual infrastructure resources. For more information, see Upgrading a Virtual Router with System Service Offerings." msgstr "" http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/a6b15cb9/source/locale/pot/api.pot ---------------------------------------------------------------------- diff --git a/source/locale/pot/api.pot b/source/locale/pot/api.pot index 70a1475..4420f88 100644 --- a/source/locale/pot/api.pot +++ b/source/locale/pot/api.pot @@ -1,14 +1,14 @@ # SOME DESCRIPTIVE TITLE. -# Copyright (C) +# Copyright (C) 2016, Apache Software Foundation # This file is distributed under the same license as the Apache CloudStack Administration Documentation package. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # #, fuzzy msgid "" msgstr "" -"Project-Id-Version: Apache CloudStack Administration Documentation 4\n" +"Project-Id-Version: Apache CloudStack Administration Documentation 4.8\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2014-06-30 12:52+0200\n" +"POT-Creation-Date: 2016-08-22 13:55+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <l...@li.org>\n" @@ -17,107 +17,86 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" #: ../../api.rst:18 -# 7499b008b97e41b59d4cdc3835758f36 msgid "CloudStack API" msgstr "" #: ../../api.rst:20 -# 7a40beffc6484f108ad5202cb2a4e7c3 msgid "The CloudStack API is a low level API that has been used to implement the CloudStack web UIs. It is also a good basis for implementing other popular APIs such as EC2/S3 and emerging DMTF standards." msgstr "" #: ../../api.rst:24 -# 0e4247f81b8a4a83afa84f323d2697b9 msgid "Many CloudStack API calls are asynchronous. These will return a Job ID immediately when called. This Job ID can be used to query the status of the job later. Also, status calls on impacted resources will provide some indication of their state." msgstr "" #: ../../api.rst:29 -# dc0b3fef72b74085a24d7e0c15cb227d msgid "The API has a REST-like query basis and returns results in XML or JSON." msgstr "" #: ../../api.rst:31 -# 1f57015e966c480795b141ba3f87b86a msgid "See `the Developerâs Guide <https://cwiki.apache.org/confluence/display/CLOUDSTACK/Development+101>`_ and `the API Reference <http://cloudstack.apache.org/docs/api/>`_." msgstr "" #: ../../api.rst:36 -# de3d35bb699f45f495251ceb69a2c238 msgid "Provisioning and Authentication API" msgstr "" #: ../../api.rst:38 -# c8eb593d2c654d8db8d5ce7791bedd07 msgid "CloudStack expects that a customer will have their own user provisioning infrastructure. It provides APIs to integrate with these existing systems where the systems call out to CloudStack to add/remove users.." msgstr "" #: ../../api.rst:42 -# f37cbbabb4af4c76977b51277f5cefa3 msgid "CloudStack supports pluggable authenticators. By default, CloudStack assumes it is provisioned with the userâs password, and as a result authentication is done locally. However, external authentication is possible as well. For example, see Using an LDAP Server for User Authentication." msgstr "" #: ../../api.rst:50 -# a1cd31f63e9a4fe6869e80cdd8f2274f msgid "User Data and Meta Data" msgstr "" #: ../../api.rst:52 -# 8adea5c3508040cfb6f8475bc1f2f96c msgid "CloudStack provides API access to attach up to 32KB of user data to a deployed VM. Deployed VMs also have access to instance metadata via the virtual router." msgstr "" #: ../../api.rst:56 -# 11a9a59d3f23401d8c639b7767af0a94 msgid "User data can be accessed once the IP address of the virtual router is known. Once the IP address is known, use the following steps to access the user data:" msgstr "" #: ../../api.rst:60 -# 0b14bfd2cf6c41a98f39a406fdb83868 msgid "Run the following command to find the virtual router." msgstr "" #: ../../api.rst:66 -# e0144a29051543d1aba1d5b18d18e033 msgid "Access user data by running the following command using the result of the above command" msgstr "" #: ../../api.rst:73 -# 8ebc1946ef8840c4b4c99d6194576997 msgid "Meta Data can be accessed similarly, using a URL of the form http://10.1.1.1/latest/meta-data/{metadata type}. (For backwards compatibility, the previous URL http://10.1.1.1/latest/{metadata type} is also supported.) For metadata type, use one of the following:" msgstr "" #: ../../api.rst:78 -# bed0120874a643b1b9d59bd6a4e9e404 msgid "service-offering. A description of the VMs service offering" msgstr "" #: ../../api.rst:80 -# 71b8d766955140c3b512c2a9318fa115 msgid "availability-zone. The Zone name" msgstr "" #: ../../api.rst:82 -# 2a80730691bb49e0b69de28d14feea03 msgid "local-ipv4. The guest IP of the VM" msgstr "" #: ../../api.rst:84 -# 6f5c73e35f714f0f83b7c799a46c499f msgid "local-hostname. The hostname of the VM" msgstr "" #: ../../api.rst:86 -# ad4c5b53b2844aa9b7518ea0165e3c5a msgid "public-ipv4. The first public IP for the router. (E.g. the first IP of eth2)" msgstr "" #: ../../api.rst:89 -# 53db659838e1499c86e3674db658bbdb msgid "public-hostname. This is the same as public-ipv4" msgstr "" #: ../../api.rst:91 -# 760946f739514ea5be9f4c114716b1ba msgid "instance-id. The instance name of the VM" msgstr "" http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/a6b15cb9/source/locale/pot/events.pot ---------------------------------------------------------------------- diff --git a/source/locale/pot/events.pot b/source/locale/pot/events.pot index 0fe5136..46bde7b 100644 --- a/source/locale/pot/events.pot +++ b/source/locale/pot/events.pot @@ -1,14 +1,14 @@ # SOME DESCRIPTIVE TITLE. -# Copyright (C) +# Copyright (C) 2016, Apache Software Foundation # This file is distributed under the same license as the Apache CloudStack Administration Documentation package. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # #, fuzzy msgid "" msgstr "" -"Project-Id-Version: Apache CloudStack Administration Documentation 4\n" +"Project-Id-Version: Apache CloudStack Administration Documentation 4.8\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2014-06-30 12:52+0200\n" +"POT-Creation-Date: 2016-08-22 13:55+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <l...@li.org>\n" @@ -17,316 +17,297 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" #: ../../events.rst:18 -# 0defb3a9608c4824b34ed35d916fd0c4 msgid "Event Notification" msgstr "" #: ../../events.rst:20 -# 37ebc4e9b0b148daaab42c65d71cc834 msgid "An event is essentially a significant or meaningful change in the state of both virtual and physical resources associated with a cloud environment. Events are used by monitoring systems, usage and billing systems, or any other event-driven workflow systems to discern a pattern and make the right business decision. In CloudStack an event could be a state change of virtual or physical resources, an action performed by an user (action events), or policy based events (alerts)." msgstr "" #: ../../events.rst:30 -# 82bc7c30085140f89344da554ad386a3 msgid "Event Logs" msgstr "" #: ../../events.rst:32 -# c1d54e6d1a2d4cd6888ad99bf943ed83 msgid "There are two types of events logged in the CloudStack Event Log. Standard events log the success or failure of an event and can be used to identify jobs or processes that have failed. There are also long running job events. Events for asynchronous jobs log when a job is scheduled, when it starts, and when it completes. Other long running synchronous jobs log when a job starts, and when it completes. Long running synchronous and asynchronous event logs can be used to gain more information on the status of a pending job or can be used to identify a job that is hanging or has not started. The following sections provide more information on these events.." msgstr "" #: ../../events.rst:45 -# 127295678f0c4cf084cf737444f11087 msgid "Notification" msgstr "" #: ../../events.rst:47 -# a669e3079b7e41d1a82dd149bf00b011 -msgid "Event notification framework provides a means for the Management Server components to publish and subscribe to CloudStack events. Event notification is achieved by implementing the concept of event bus abstraction in the Management Server. An event bus is introduced in the Management Server that allows the CloudStack components and extension plug-ins to subscribe to the events by using the Advanced Message Queuing Protocol (AMQP) client. In CloudStack, a default implementation of event bus is provided as a plug-in that uses the RabbitMQ AMQP client. The AMQP client pushes the published events to a compatible AMQP server. Therefore all the CloudStack events are published to an exchange in the AMQP server." +msgid "Event notification framework provides a means for the Management Server components to publish and subscribe to CloudStack events. Event notification is achieved by implementing the concept of event bus abstraction in the Management Server." msgstr "" -#: ../../events.rst:59 -# e41f3e4f6450467da27fc6dc4ebb2788 +#: ../../events.rst:52 msgid "A new event for state change, resource state change, is introduced as part of Event notification framework. Every resource, such as user VM, volume, NIC, network, public IP, snapshot, and template, is associated with a state machine and generates events as part of the state change. That implies that a change in the state of a resource results in a state change event, and the event is published in the corresponding state machine on the event bus. All the CloudStack events (alerts, action events, usage events) and the additional category of resource state change events, are published on to the events bus." msgstr "" -#: ../../events.rst:71 -# 4aaf02080d184ab387923b45f39d5762 -msgid "Use Cases" +#: ../../events.rst:63 +msgid "Implementations" +msgstr "" + +#: ../../events.rst:64 +msgid "An event bus is introduced in the Management Server that allows the CloudStack components and extension plug-ins to subscribe to the events by using the Advanced Message Queuing Protocol (AMQP) client. In CloudStack, a default implementation of event bus is provided as a plug-in that uses the RabbitMQ AMQP client. The AMQP client pushes the published events to a compatible AMQP server. Therefore all the CloudStack events are published to an exchange in the AMQP server." msgstr "" #: ../../events.rst:73 -# f7b5a1de0f014d2eabfe925d0c5c4e95 +msgid "Additionally, both an in-memory implementation and an Apache Kafka implementation are also available." +msgstr "" + +#: ../../events.rst:77 +msgid "Use Cases" +msgstr "" + +#: ../../events.rst:79 msgid "The following are some of the use cases:" msgstr "" -#: ../../events.rst:75 -# 9be82bc2fe244fef9851d9adb481fdaf +#: ../../events.rst:81 msgid "Usage or Billing Engines: A third-party cloud usage solution can implement a plug-in that can connects to CloudStack to subscribe to CloudStack events and generate usage data. The usage data is consumed by their usage software." msgstr "" -#: ../../events.rst:80 -# 2585685666874f3f8795c70fe2671356 +#: ../../events.rst:86 msgid "AMQP plug-in can place all the events on the a message queue, then a AMQP message broker can provide topic-based notification to the subscribers." msgstr "" -#: ../../events.rst:84 -# ff10e0227bc04e2f86f15c3c534b7c47 +#: ../../events.rst:90 msgid "Publish and Subscribe notification service can be implemented as a pluggable service in CloudStack that can provide rich set of APIs for event notification, such as topics-based subscription and notification. Additionally, the pluggable service can deal with multi-tenancy, authentication, and authorization issues." msgstr "" -#: ../../events.rst:92 -# bdc9ac2f935c456fbd3778ddef6c91cf -msgid "Configuration" +#: ../../events.rst:98 +msgid "AMQP Configuration" msgstr "" -#: ../../events.rst:94 -# c2514aa04f964044bd2bd630f31b4d3f +#: ../../events.rst:100 +#: ../../events.rst:209 msgid "As a CloudStack administrator, perform the following one-time configuration to enable event notification framework. At run time no changes can control the behaviour." msgstr "" -#: ../../events.rst:98 -# e94d4200515d4f15adbc52ca3bbf8c54 -msgid "Open ``'componentContext.xml``." +#: ../../events.rst:104 +#: ../../events.rst:219 +msgid "Create the folder ``/etc/cloudstack/management/META-INF/cloudstack/core``" msgstr "" -#: ../../events.rst:100 -# e2bbf37abe854d6cb8384bdd3c9d72b9 +#: ../../events.rst:106 +#: ../../events.rst:221 +msgid "Inside that folder, open ``spring-event-bus-context.xml``." +msgstr "" + +#: ../../events.rst:108 msgid "Define a bean named ``eventNotificationBus`` as follows:" msgstr "" -#: ../../events.rst:102 -# 47bce54d52714df7bafac2b6d04dd816 +#: ../../events.rst:110 msgid "name : Specify a name for the bean." msgstr "" -#: ../../events.rst:104 -# 4317cb3aa0fd4c7fa3f0e637f6cfea48 +#: ../../events.rst:112 msgid "server : The name or the IP address of the RabbitMQ AMQP server." msgstr "" -#: ../../events.rst:106 -# 0f6561172d38446db99181316f50e667 +#: ../../events.rst:114 msgid "port : The port on which RabbitMQ server is running." msgstr "" -#: ../../events.rst:108 -# 7ff0aa3ff7af48fbbf4651a2d8e5f34d +#: ../../events.rst:116 msgid "username : The username associated with the account to access the RabbitMQ server." msgstr "" -#: ../../events.rst:111 -# 7193c434eaab44eda2d7d9b2b86c675d +#: ../../events.rst:119 msgid "password : The password associated with the username of the account to access the RabbitMQ server." msgstr "" -#: ../../events.rst:114 -# f765ea7d69504610a98a95fdb802fe32 +#: ../../events.rst:122 msgid "exchange : The exchange name on the RabbitMQ server where CloudStack events are published." msgstr "" -#: ../../events.rst:117 -# 7ba933b1d4ec41c1a20f2cdca4275405 +#: ../../events.rst:125 msgid "A sample bean is given below:" msgstr "" -#: ../../events.rst:130 -# 07a04a0f79804e938092a93f3180770a +#: ../../events.rst:148 msgid "The ``eventNotificationBus`` bean represents the ``org.apache.cloudstack.mom.rabbitmq.RabbitMQEventBus`` class." msgstr "" -#: ../../events.rst:133 -# 83cdf82ae8c34a238d181c5bbaef30dd +#: ../../events.rst:151 +msgid "If you want to use encrypted values for the username and password, you have to include a bean to pass those as variables from a credentials file." +msgstr "" + +#: ../../events.rst:154 +msgid "A sample is given below" +msgstr "" + +#: ../../events.rst:194 +msgid "Create a new file in the same folder called ``cred.properties`` and the specify the values for username and password as jascrypt encrypted strings" +msgstr "" + +#: ../../events.rst:196 +msgid "Sample, with ``guest`` as values for both fields:" +msgstr "" + +#: ../../events.rst:204 +#: ../../events.rst:241 msgid "Restart the Management Server." msgstr "" -#: ../../events.rst:137 -# 573b41c4def247f6981e828da7f54f82 +#: ../../events.rst:207 +msgid "Kafka Configuration" +msgstr "" + +#: ../../events.rst:213 +msgid "Create an appropriate configuration file in ``/etc/cloudstack/management/kafka.producer.properties`` which contains valid kafka configuration properties as documented in http://kafka.apache.org/documentation.html#newproducerconfigs The properties may contain an additional ``topic`` property which if not provided will default to ``cloudstack``. While ``key.serializer`` and ``value.serializer`` are usually required for a producer to correctly start, they may be omitted and will default to ``org.apache.kafka.common.serialization.StringSerializer``." +msgstr "" + +#: ../../events.rst:223 +msgid "Define a bean named ``eventNotificationBus`` with a single ``name`` attribute, A sample bean is given below:" +msgstr "" + +#: ../../events.rst:245 msgid "Standard Events" msgstr "" -#: ../../events.rst:139 -#: ../../events.rst:161 -# f503981d0a764de49d4acc01c70d6126 -# 9212f9cd71b542899ac8256d4a51026d +#: ../../events.rst:247 +#: ../../events.rst:269 msgid "The events log records three types of standard events." msgstr "" -#: ../../events.rst:141 -#: ../../events.rst:163 -# fab87560ba674752808dacaf3abfc44a -# 94b40a1c0c98456399293f6a38102385 +#: ../../events.rst:249 +#: ../../events.rst:271 msgid "INFO. This event is generated when an operation has been successfully performed." msgstr "" -#: ../../events.rst:144 -#: ../../events.rst:166 -# 49450fc963104f569e80611ac7179829 -# 13438410decf4526b0381dc44062ba76 +#: ../../events.rst:252 +#: ../../events.rst:274 msgid "WARN. This event is generated in the following circumstances." msgstr "" -#: ../../events.rst:146 -#: ../../events.rst:168 -# c6197efc809f4a67baf05aa139cb10f5 -# a16599807269441f8f1799ae29968e11 +#: ../../events.rst:254 +#: ../../events.rst:276 msgid "When a network is disconnected while monitoring a template download." msgstr "" -#: ../../events.rst:149 -#: ../../events.rst:171 -# 0e060afef9e84640b3c2da38436691e2 -# 019e604962174d4492cca7be02ad2647 +#: ../../events.rst:257 +#: ../../events.rst:279 msgid "When a template download is abandoned." msgstr "" -#: ../../events.rst:151 -#: ../../events.rst:173 -# 8b3eabd5fcc0406bb83abe3863261df9 -# 19ccb6eebbc1446a8cb47056d2ad0274 +#: ../../events.rst:259 +#: ../../events.rst:281 msgid "When an issue on the storage server causes the volumes to fail over to the mirror storage server." msgstr "" -#: ../../events.rst:154 -#: ../../events.rst:176 -# 96793fba6d294c98bd8dcde72d0d9f49 -# 0b487b0c814145438366a847c93c52d8 +#: ../../events.rst:262 +#: ../../events.rst:284 msgid "ERROR. This event is generated when an operation has not been successfully performed" msgstr "" -#: ../../events.rst:159 -# b1c1824ddd304288bd0803e80d482bb9 +#: ../../events.rst:267 msgid "Long Running Job Events" msgstr "" -#: ../../events.rst:181 -# ffb5ee0896674a62a567e634fc725510 +#: ../../events.rst:289 msgid "Event Log Queries" msgstr "" -#: ../../events.rst:183 -# 0c75a642e72943e0bb28642902590c9b +#: ../../events.rst:291 msgid "Database logs can be queried from the user interface. The list of events captured by the system includes:" msgstr "" -#: ../../events.rst:186 -# fe735d1b0444472aa47e381cd00eec61 +#: ../../events.rst:294 msgid "Virtual machine creation, deletion, and on-going management operations" msgstr "" -#: ../../events.rst:189 -# e331126149b64023bf0e7655bbcb2991 +#: ../../events.rst:297 msgid "Virtual router creation, deletion, and on-going management operations" msgstr "" -#: ../../events.rst:191 -# 33b99484fca246c48ceff95aac8b52d2 +#: ../../events.rst:299 msgid "Template creation and deletion" msgstr "" -#: ../../events.rst:193 -# 7969071933104816945f05e9f3a597e3 +#: ../../events.rst:301 msgid "Network/load balancer rules creation and deletion" msgstr "" -#: ../../events.rst:195 -# 91ecfa5192134ffeafe5043cff29432a +#: ../../events.rst:303 msgid "Storage volume creation and deletion" msgstr "" -#: ../../events.rst:197 -# b0c0672f35af4003870943a16b461337 +#: ../../events.rst:305 msgid "User login and logout" msgstr "" -#: ../../events.rst:201 -# 57cfb09e85c842b581f3a0f38609a9c4 +#: ../../events.rst:309 msgid "Deleting and Archiving Events and Alerts" msgstr "" -#: ../../events.rst:203 -# b4160055fbd946979df299cf40a75777 +#: ../../events.rst:311 msgid "CloudStack provides you the ability to delete or archive the existing alerts and events that you no longer want to implement. You can regularly delete or archive any alerts or events that you cannot, or do not want to resolve from the database." msgstr "" -#: ../../events.rst:208 -# 7bdab572982c4739808182e94b589c7e +#: ../../events.rst:316 msgid "You can delete or archive individual alerts or events either directly by using the Quickview or by using the Details page. If you want to delete multiple alerts or events at the same time, you can use the respective context menu. You can delete alerts or events by category for a time period. For example, you can select categories such as **USER.LOGOUT**, **VM.DESTROY**, **VM.AG.UPDATE**, **CONFIGURATION.VALUE.EDI**, and so on. You can also view the number of events or alerts archived or deleted." msgstr "" -#: ../../events.rst:217 -# cf46cdd4536a4a93912df2f4e88af8a1 +#: ../../events.rst:325 msgid "In order to support the delete or archive alerts, the following global parameters have been added:" msgstr "" -#: ../../events.rst:220 -# 19ff2e090cf24d30aeacde33ec972af1 +#: ../../events.rst:328 msgid "**alert.purge.delay**: The alerts older than specified number of days are purged. Set the value to 0 to never purge alerts automatically." msgstr "" -#: ../../events.rst:223 -# e3ccfdc51da14488bc9e44623c64d707 +#: ../../events.rst:331 msgid "**alert.purge.interval**: The interval in seconds to wait before running the alert purge thread. The default is 86400 seconds (one day)." msgstr "" -#: ../../events.rst:228 -# a6eda71ad15940c2b58724ff74f97e26 +#: ../../events.rst:336 msgid "Archived alerts or events cannot be viewed in the UI or by using the API. They are maintained in the database for auditing or compliance purposes." msgstr "" -#: ../../events.rst:234 -# 7c40293965f24130896768ea8223a152 +#: ../../events.rst:342 msgid "Permissions" msgstr "" -#: ../../events.rst:236 -# e43e679e6a304ae1b78e11f56bed12b2 +#: ../../events.rst:344 msgid "Consider the following:" msgstr "" -#: ../../events.rst:238 -# c5bd820d9a5e487b9440609da1e22551 +#: ../../events.rst:346 msgid "The root admin can delete or archive one or multiple alerts or events." msgstr "" -#: ../../events.rst:241 -# 51b4fa6e53064c7088052c69d7a1b4fe +#: ../../events.rst:349 msgid "The domain admin or end user can delete or archive one or multiple events." msgstr "" -#: ../../events.rst:246 -# bea2b3dcb4bb41468a31793133ffeb06 +#: ../../events.rst:354 msgid "Procedure" msgstr "" -#: ../../events.rst:248 -# aa16543921984837a7f59142ad2df67d +#: ../../events.rst:356 msgid "Log in as administrator to the CloudStack UI." msgstr "" -#: ../../events.rst:250 -# f8b2ec5bdbf749d2bf704ff20c063c89 +#: ../../events.rst:358 msgid "In the left navigation, click Events." msgstr "" -#: ../../events.rst:252 -# 5519a86ae5b04a68b972ee88e37deffe +#: ../../events.rst:360 msgid "Perform either of the following:" msgstr "" -#: ../../events.rst:254 -# fd1193e3ff83466aa226d4834dea269d +#: ../../events.rst:362 msgid "To archive events, click Archive Events, and specify event type and date." msgstr "" -#: ../../events.rst:257 -# abfda9e22c7f42f3a4ff488ff755e59e +#: ../../events.rst:365 msgid "To archive events, click Delete Events, and specify event type and date." msgstr "" -#: ../../events.rst:260 -# 58b630d17160410ab6757d134aa17a62 +#: ../../events.rst:368 msgid "Click OK." msgstr ""
