Skip to content

Commit ac109b0

Browse files
committed
Merge branch '4.20' of https://github.com/apache/cloudstack-documentation into 4.20-release-notes
2 parents b5c9e15 + 4aa7177 commit ac109b0

File tree

7 files changed

+71
-7
lines changed

7 files changed

+71
-7
lines changed
62 KB
Loading

source/adminguide/accounts.rst

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -681,11 +681,6 @@ In any OAuth 2.0 configuration admin has to use the redirect URI "http://<manage
681681
server IP to host table in the local system and assign a domain, something like "management.cloud". In that redirect URI looks like
682682
"http://management.cloud:8080/?verifyOauth"
683683

684-
.. image:: /_static/images/oauth-provider-registration.png
685-
:width: 400px
686-
:align: center
687-
:alt: OAuth provider registration
688-
689684
Following are the details needs to be provided to register the OAuth provider, this is to call the API "registerOauthProvider"
690685

691686
- **Provider**: Name of the provider from the list of OAuth providers supported in CloudStack
@@ -698,6 +693,11 @@ Following are the details needs to be provided to register the OAuth provider, t
698693

699694
- **Secret Key**: Secret Key pre-registered in the specific OAuth provider
700695

696+
.. image:: /_static/images/oauth-provider-registration.png
697+
:width: 400px
698+
:align: center
699+
:alt: OAuth provider registration
700+
701701
Cloudmonkey API call looks like
702702

703703
- register oauthprovider provider=google description="Google Provider"

source/adminguide/api.rst

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
KIND, either express or implied. See the License for the
1313
specific language governing permissions and limitations
1414
under the License.
15-
15+
1616
1717
The CloudStack API is a low level API that has been used to implement
1818
the CloudStack web UIs. It is also a good basis for implementing other
@@ -177,6 +177,29 @@ VMdata - a list of String arrays representing [“directory”, “filename”,
177177

178178
- default: config-2
179179

180+
Virtual machine password via ConfigDrive
181+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
182+
183+
The ConfigDrive metadata provider delivers the virtual machine password simultaneously in two variants, leaving which one to use to the user discretion:
184+
185+
1. As the ``<mountdir>/cloudstack/password/vm_password.txt`` file.
186+
187+
This file is intended to be used by an external script that runs inside the virtual machine every boot, and changes the password if needed.
188+
The init-script that implements this functionality can be found in the `Cloudstack source <https://github.com/apache/cloudstack/blob/main/setup/bindir/cloud-set-guest-password-configdrive.in>`_.
189+
190+
.. note::
191+
The ``vm_password.txt`` file is not compatible with cloud-init password module, so the cloud-init will ignore it.
192+
It is up to Cloudstack administrator to include the script processing it in the virtual machines and/or their templates.
193+
194+
2. As the ``<mountdir>/openstack/latest/vendor_data.json``.
195+
This is a standard password location supported by cloud-init's both ConfigDrive datasource and the password module.
196+
Therefore, this variant allows using cloud-init as the only tool for provisioning a virtual machine, without using external scripts.
197+
198+
.. warning::
199+
Cloud-init password module is designed to only perform the initial virtual machine password setup.
200+
It will ignore the changes in ``vendor_data.json`` after the first run. Therefore, resetting the virtual machine password from Cloudstack will not work with this variant.
201+
202+
180203
For more detailed information about the Config Drive implementation refer to
181204
the `Wiki Article
182205
<https://cwiki.apache.org/confluence/display/CLOUDSTACK/Using+ConfigDrive+for+Metadata%2C+Userdata+and+Password#:~:text=CLOUDSTACK%2D9813%20%2D%20(),%2Dkeys)%20and%20password%20files>`_
Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
.. Licensed to the Apache Software Foundation (ASF) under one
2+
or more contributor license agreements. See the NOTICE file
3+
distributed with this work for additional information#
4+
regarding copyright ownership. The ASF licenses this file
5+
to you under the Apache License, Version 2.0 (the
6+
"License"); you may not use this file except in compliance
7+
with the License. You may obtain a copy of the License at
8+
http://www.apache.org/licenses/LICENSE-2.0
9+
Unless required by applicable law or agreed to in writing,
10+
software distributed under the License is distributed on an
11+
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
12+
KIND, either express or implied. See the License for the
13+
specific language governing permissions and limitations
14+
under the License.
15+
16+
17+
Best Practices
18+
==============
19+
20+
This section provides the best practices to follow for your cloud.
21+
22+
The following are some of the best practices:
23+
24+
- Configure 'api.allowed.source.cidr.list' at cloud level or an account
25+
level to limit source IPs where the API requests are allowed from.
26+
27+
- Setup fail2ban or similar tools to avoid any brute-force attempts
28+
for any operations.

source/adminguide/index.rst

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -187,3 +187,12 @@ Events and Troubleshooting
187187

188188
events
189189
troubleshooting
190+
191+
192+
Best Practices
193+
--------------
194+
195+
.. toctree::
196+
:maxdepth: 4
197+
198+
best_practices

source/adminguide/tuning.rst

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -109,6 +109,10 @@ db.simulator.connectionPoolLib
109109
To use DBCP 2, the value for the configuration must be set to 'dbcp'. An
110110
empty value or 'hikaricp' will allow using HikariCP.
111111

112+
For large-scale environments, HikariCP should perform better. For environments
113+
running management server with constrained memory resources, using DBCP may
114+
work better in terms of memory usage.
115+
112116

113117
Monitor the Database Load
114118
-------------------------

source/installguide/hypervisor/kvm.rst

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -443,7 +443,7 @@ cloudstack-agent and should already be installed.
443443
444444
#LIBVIRTD_ARGS="--listen"
445445
446-
On RHEL 8 / CentOS 8 / SUSE run the following command :
446+
On RHEL 8 / CentOS 8 / SUSE / Ubuntu / Debian, run the following command :
447447

448448
.. parsed-literal::
449449

0 commit comments

Comments
 (0)