Merge remote-tracking branch 'upstream/main' into instance

Author: abh1sar

.readthedocs.yaml

@@ -1,5 +1,8 @@
 version: 2
 
+sphinx:
+  configuration: source/conf.py
+
 build:
   os: "ubuntu-22.04"
   tools:

source/_global.rst

@@ -33,11 +33,11 @@
 .. |sysvm64-name-ovm|    replace:: systemvm-ovm-4.20.0-x86_64
 
 .. Latest version systemvm template URL
-.. |sysvm64-url-xen|    replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.0.0-x86_64-xen.vhd.bz2
-.. |sysvm64-url-kvm|    replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.0.0-x86_64-kvm.qcow2.bz2
-.. |sysvm64-url-vmware| replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.0.0-x86_64-vmware.ova
-.. |sysvm64-url-hyperv| replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.0.0-x86_64-hyperv.vhd.zip
-.. |sysvm64-url-ovm|    replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.0.0-x86_64-ovm.raw.bz2
+.. |sysvm64-url-xen|    replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.0-x86_64-xen.vhd.bz2
+.. |sysvm64-url-kvm|    replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.0-x86_64-kvm.qcow2.bz2
+.. |sysvm64-url-vmware| replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.0-x86_64-vmware.ova
+.. |sysvm64-url-hyperv| replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.0-x86_64-hyperv.vhd.zip
+.. |sysvm64-url-ovm|    replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.0-x86_64-ovm.raw.bz2
 
 .. Images
 

source/_static/images/B&R-BackupScheduleEntry.png

@@ -481,37 +481,77 @@ to be applied through the API call described above.
 
 
 In addition to those shown in the example script above, the following
-configuration items can be configured (the default values are for
-openldap)
+configuration items can be configured on a Global or on a per Domain level (the default values are for
+OpenLDAP) 
 
--  ``ldap.basedn``:	Sets the basedn for LDAP. Ex: **OU=APAC,DC=company,DC=com**
-
--  ``ldap.bind.principal``, ``ldap.bind.password``: DN and password for a User
-   who can list all the Users in the above basedn. Ex:
-   **CN=Administrator, OU=APAC, DC=company, DC=com**
+.. list-table:: LDAP Settings
+   :header-rows: 1
 
--  ``ldap.user.object``: object type of Users within LDAP. Defaults value is
-   **user** for AD and **interorgperson** for openldap.
+   * - Setting
+     - OpenLDAP
+     - Active Directory
+     - Description
+   * - ``ldap.basedn``
+     - `Ex: OU=APAC, DC=company, DC=com`
+     - `Ex: DC=company, DC=com`
+     - Sets the basedn for LDAP.
+   * - ``ldap.search.group.principle``
+     - `Ex: CN=ACSGroup, DC=company, DC=com`
+     - `Ex: CN=ACSGroup, CN=Users, DC=company, DC=com`
+     - (optional) if set only Users from this group are listed.
+   * - ``ldap.bind.principal``
+     - `Ex: CN=ACSServiceAccount, OU=APAC, DC=company, DC=com`
+     - `Ex: CN=ACSServiceAccount, CN=Users, DC=company, DC=com`
+     - Service account that can list all the Users in the above basedn. Avoid using privileged account such as Administrator.
+   * - ``ldap.bind.password``
+     - `******************`
+     - `******************`
+     - Password for a DN User. Is entered in plain text but gets stored encrypted.
+   * - ``ldap.user.object``
+     - `interorgperson`
+     - `user`
+     - Object type of Users within LDAP.
+   * - ``ldap.email.attribute``
+     - `mail`
+     - `mail`
+     - Email attribute within ldap for a User.
+   * - ``ldap.firstname.attribute``
+     - `givenname`
+     - `givenname`
+     - firstname attribute within ldap for a User.
+   * - ``ldap.lastname.attribute``
+     - `sn`
+     - `sn`
+     - lastname attribute within ldap for a User.
+   * - ``ldap.group.object``
+     - `groupOfUniqueNames`
+     - `groupOfUniqueNames`
+     - Object type of groups within LDAP.
+   * - ``ldap.group.user.uniquemember``
+     - `uniquemember`
+     - `uniquemember`
+     - Attribute for uniquemembers within a group.
+
+   .. note:: ``ldap.search.group.principle`` is required when using ``linkaccounttoldap``.
+
+Once configured, on Add Account page, you will see an "Add LDAP Account" button which opens a dialog and the selected Users can be imported.
 
--  ``ldap.email.attribute``: email attribute within ldap for a User. Default
-   value for AD and openldap is **mail**.
+.. figure:: /_static/images/CloudStack-ldap-screen1.png
+   :align:   center
 
--  ``ldap.firstname.attribute``: firstname attribute within ldap for a User.
-   Default value for AD and openldap is **givenname**.
 
--  ``ldap.lastname.attribute``: lastname attribute within ldap for a User.
-   Default value for AD and openldap is **sn**.
+You could also use api commands:
+``listLdapUsers``, to list Users in LDAP that could or would be imported in CloudStack
+``ldapCreateAccount``, to manually create a User in a specific Account
+``importLdapUsers``, to batch import Users from LDAP
 
--  ``ldap.username.attribute``: username attribute for a User within LDAP.
-   Default value is **SAMAccountName** for AD and **uid** for openldap.
+Once LDAP is enabled, the Users will not be allowed to changed password
+directly in CloudStack.
 
 
-Restricting LDAP Users to a group:
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  ``ldap.search.group.principle``: this is optional and if set only Users from
-   this group are listed.
 
+   .. note:: this is required when using ``linkaccounttoldap``.
 
 LDAP SSL:
 ~~~~~~~~~
@@ -524,30 +564,6 @@ You will need to know the path to the keystore and the password.
 -  ``ldap.truststore.password`` : truststore password
 
 
-LDAP groups:
-~~~~~~~~~~~~
-
--  ``ldap.group.object``: object type of groups within LDAP. Default value is
-   group for AD and **groupOfUniqueNames** for openldap.
-
--  ``ldap.group.user.uniquemember``: attribute for uniquemembers within a group.
-   Default value is **member** for AD and **uniquemember** for openldap.
-
-Once configured, on Add Account page, you will see an "Add LDAP Account" button
-which opens a dialog and the selected Users can be imported.
-
-.. figure:: /_static/images/CloudStack-ldap-screen1.png
-   :align:   center
-
-
-You could also use api commands:
-``listLdapUsers``, to list Users in LDAP that could or would be imported in CloudStack
-``ldapCreateAccount``, to manually create a User in a specific Account
-``importLdapUsers``, to batch import Users from LDAP
-
-Once LDAP is enabled, the Users will not be allowed to changed password
-directly in CloudStack.
-
 .. |button to dedicate a zone, pod,cluster, or host| image:: /_static/images/dedicate-resource-button.png
 
 Using a SAML 2.0 Identity Provider for User Authentication

source/_static/images/add-bucket.png

@@ -144,12 +144,12 @@ icon.
 
 |B&R-createBackup.png|
 
-To setup a recurring backup schedule, navigate to the Instance and click on the 'Backup Schedule'
+To setup a recurring backup schedule, navigate to the Instance and click on the 'Configure Backup Schedule'
 icon.
 
 |B&R-BackupSchedule.png|
 
-Then set the time and frequency of the backups, click 'Configure' and then 'Close'
+Then set the Interval type, timezone, time of taking the backup and maximum numbers of backups to retain.
 
 |B&R-BackupScheduleEntry.png|
 
@@ -200,6 +200,21 @@ Supported APIs:
 - **createInstanceFromBackup**: create a new Instance from a backup.
 
 
+Configuring resource limits on Backups
+--------------------------------------
+Administrators can enforce limits on the maximum number of backups that can be taken and
+the total backup storage size that can be used at an account, domain and project level.
+Administrators can do this by going to the configure limits tab in accounts, domains and projects
+similar to when enforcing resource limits on volumes, primary storage usage etc.
+
+Unlike other resources like volumes, backup limits take into account the physical used size
+and not the allocated size of the backup. This is because the backup once taken can never
+grow into the allocated size. At the time of backup creation, Cloudstack doesn't know the
+size of the backup that will be taken, so it uses the physical size of the volumes to be
+backed up from Volume Stats to calculate the backup size for checking resource limits.
+If Volume Stats are not present, then the virtual size of the volumes is used to calculate
+the backup size, although the actual backup size may be less than the size use to do resource limit check.
+
 .. |B&R-assignOffering.png| image:: /_static/images/B&R-assignOffering.png
    :alt: Assigning an SLA/Policy to an Instance.
    :width: 400 px

source/adminguide/accounts.rst

@@ -1011,7 +1011,7 @@ msgstr ""
 
 #: ../../storage.rst:685
 # bc81c587ad8b4032b27d61690390e258
-msgid "With each snapshot schedule, users can also specify the number of scheduled snapshots to be retained. Older snapshots that exceed the retention limit are automatically deleted. This user-defined limit must be equal to or lower than the global limit set by the CloudStack administrator. See `“Globally Configured Limits” <usage.html#globally-configured-limits>`_. The limit applies only to those snapshots that are taken as part of an automatic recurring snapshot policy. Additional manual snapshots can be created and retained."
+msgid "With each reccurring snapshot schedule, users can also specify the number of recurring snapshots to be retained. Older snapshots that exceed the retention limit are automatically deleted. This user-defined limit must be equal to or lower than the global limit set by the CloudStack administrator. See `“Globally Configured Limits” <usage.html#globally-configured-limits>`_. The limit applies only to those snapshots that are taken as part of an automatic recurring snapshot policy. Additional manual snapshots can be created and retained."
 msgstr ""
 
 #: ../../storage.rst:697