Skip to content

Commit 74e4b78

Browse files
Radhika PCke4qqq
authored andcommitted
Applying additional admin guide changes- https://reviews.apache.org/r/7119
1 parent 066ff97 commit 74e4b78

10 files changed

Lines changed: 932 additions & 497 deletions

docs/en-US/add-additional-guest-network.xml

Lines changed: 57 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -3,41 +3,63 @@
33
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
44
%BOOK_ENTITIES;
55
]>
6-
76
<!-- Licensed to the Apache Software Foundation (ASF) under one
8-
or more contributor license agreements. See the NOTICE file
9-
distributed with this work for additional information
10-
regarding copyright ownership. The ASF licenses this file
11-
to you under the Apache License, Version 2.0 (the
12-
"License"); you may not use this file except in compliance
13-
with the License. You may obtain a copy of the License at
14-
15-
http://www.apache.org/licenses/LICENSE-2.0
16-
17-
Unless required by applicable law or agreed to in writing,
18-
software distributed under the License is distributed on an
19-
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
20-
KIND, either express or implied. See the License for the
21-
specific language governing permissions and limitations
22-
under the License.
7+
or more contributor license agreements. See the NOTICE file
8+
distributed with this work for additional information
9+
regarding copyright ownership. The ASF licenses this file
10+
to you under the Apache License, Version 2.0 (the
11+
"License"); you may not use this file except in compliance
12+
with the License. You may obtain a copy of the License at
13+
http://www.apache.org/licenses/LICENSE-2.0
14+
Unless required by applicable law or agreed to in writing,
15+
software distributed under the License is distributed on an
16+
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17+
KIND, either express or implied. See the License for the
18+
specific language governing permissions and limitations
19+
under the License.
2320
-->
24-
2521
<section id="add-additional-guest-network">
26-
<title>Adding an Additional Guest Network</title>
27-
<itemizedlist>
28-
<listitem><para>Log in to the &PRODUCT; UI as an administrator or end user. </para></listitem>
29-
<listitem><para>In the left navigation, choose Network</para></listitem>
30-
<listitem><para>Click Add guest network. Provide the following information: </para>
31-
<itemizedlist>
32-
<listitem><para>Name. The name of the network. This will be user-visible. </para></listitem>
33-
<listitem><para>Description. The description of the network. This will be user-visible.</para></listitem>
34-
<listitem><para>Network offering. If the administrator has configured multiple network offerings, select the one you want to use for this network.</para></listitem>
35-
<listitem><para>Pod. The name of the pod this network applies to. Each pod in a basic zone is a broadcast domain, and therefore each pod has a different IP range for the guest network. The administrator must configure the IP range for each pod. </para></listitem>
36-
<listitem><para>VLAN ID. The VLAN tag for this network.</para></listitem>
37-
<listitem><para>Gateway. The gateway that the guests should use.</para></listitem>
38-
<listitem><para>Netmask. The netmask in use on the subnet the guests will use.</para></listitem>
39-
<listitem><para>Start IP/End IP. Enter the first and last IP addresses that define a range that &PRODUCT; can assign to guests. We strongly recommend the use of multiple NICs. If multiple NICs are used, they may be in a different subnet. If one NIC is used, these IPs should be in the same CIDR as the pod CIDR.</para></listitem></itemizedlist></listitem>
40-
<listitem><para>Click Create.</para></listitem>
41-
</itemizedlist>
42-
43-
</section>
22+
<title>Adding an Additional Guest Network</title>
23+
<orderedlist>
24+
<listitem>
25+
<para>Log in to the &PRODUCT; UI as an administrator or end user. </para>
26+
</listitem>
27+
<listitem>
28+
<para>In the left navigation, choose Network.</para>
29+
</listitem>
30+
<listitem>
31+
<para>Click Add guest network. Provide the following information: </para>
32+
<itemizedlist>
33+
<listitem>
34+
<para><emphasis role="bold">Name</emphasis>: The name of the network. This will be
35+
user-visible. </para>
36+
</listitem>
37+
<listitem>
38+
<para><emphasis role="bold">Display Text</emphasis>: The description of the network. This
39+
will be user-visible.</para>
40+
</listitem>
41+
<listitem>
42+
<para><emphasis role="bold">Zone</emphasis>. The name of the zone this network applies to.
43+
Each zone is a broadcast domain, and therefore each zone has a different IP range for
44+
the guest network. The administrator must configure the IP range for each zone.</para>
45+
</listitem>
46+
<listitem>
47+
<para><emphasis role="bold">Network offering</emphasis>: If the administrator has
48+
configured multiple network offerings, select the one you want to use for this
49+
network.</para>
50+
</listitem>
51+
<listitem>
52+
<para><emphasis role="bold">Guest Gateway</emphasis>: The gateway that the guests should
53+
use.</para>
54+
</listitem>
55+
<listitem>
56+
<para><emphasis role="bold">Guest Netmask</emphasis>: The netmask in use on the subnet the
57+
guests will use.</para>
58+
</listitem>
59+
</itemizedlist>
60+
</listitem>
61+
<listitem>
62+
<para>Click Create.</para>
63+
</listitem>
64+
</orderedlist>
65+
</section>

docs/en-US/add-ingress-egress-rules.xml

Lines changed: 122 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -3,57 +3,129 @@
33
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
44
%BOOK_ENTITIES;
55
]>
6-
76
<!-- Licensed to the Apache Software Foundation (ASF) under one
8-
or more contributor license agreements. See the NOTICE file
9-
distributed with this work for additional information
10-
regarding copyright ownership. The ASF licenses this file
11-
to you under the Apache License, Version 2.0 (the
12-
"License"); you may not use this file except in compliance
13-
with the License. You may obtain a copy of the License at
14-
15-
http://www.apache.org/licenses/LICENSE-2.0
16-
17-
Unless required by applicable law or agreed to in writing,
18-
software distributed under the License is distributed on an
19-
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
20-
KIND, either express or implied. See the License for the
21-
specific language governing permissions and limitations
22-
under the License.
7+
or more contributor license agreements. See the NOTICE file
8+
distributed with this work for additional information
9+
regarding copyright ownership. The ASF licenses this file
10+
to you under the Apache License, Version 2.0 (the
11+
"License"); you may not use this file except in compliance
12+
with the License. You may obtain a copy of the License at
13+
http://www.apache.org/licenses/LICENSE-2.0
14+
Unless required by applicable law or agreed to in writing,
15+
software distributed under the License is distributed on an
16+
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17+
KIND, either express or implied. See the License for the
18+
specific language governing permissions and limitations
19+
under the License.
2320
-->
24-
2521
<section id="add-ingress-egress-rules">
26-
<title>Adding Ingress and Egress Rules to a Security Group</title>
27-
<itemizedlist>
28-
<listitem><para>Log in to the &PRODUCT; UI as an administrator or end user. </para></listitem>
29-
<listitem><para>In the left navigation, choose Network</para></listitem>
30-
<listitem><para>In Select view, choose Security Groups, then click the security group you want .</para></listitem>
31-
<listitem><para>To add an ingress rule, click the Ingress Rules tab and fill out the following fields to specify what network traffic is allowed into VM instances in this security group. If no ingress rules are specified, then no traffic will be allowed in, except for responses to any traffic that has been allowed out through an egress rule.</para>
32-
<itemizedlist>
33-
<listitem><para><emphasis role="bold">Add by CIDR/Account</emphasis>. Indicate whether the source of the traffic will be defined by IP address (CIDR) or an existing security group in a &PRODUCT; account (Account). Choose Account if you want to allow incoming traffic from all VMs in another security group</para></listitem>
34-
<listitem><para><emphasis role="bold">Protocol</emphasis>. The networking protocol that sources will use to send traffic to the security group. TCP and UDP are typically used for data exchange and end-user communications. ICMP is typically used to send error messages or network monitoring data.</para></listitem>
35-
<listitem><para><emphasis role="bold">Start Port, End Port</emphasis>. (TCP, UDP only) A range of listening ports that are the destination for the incoming traffic. If you are opening a single port, use the same number in both fields.</para></listitem>
36-
<listitem><para><emphasis role="bold">ICMP Type, ICMP Code</emphasis>. (ICMP only) The type of message and error code that will be accepted.</para></listitem>
37-
<listitem><para><emphasis role="bold">CIDR</emphasis>. (Add by CIDR only) To accept only traffic from IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. The CIDR is the base IP address of the incoming traffic. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0.</para></listitem>
38-
<listitem><para><emphasis role="bold">Account, Security Group</emphasis>. (Add by Account only) To accept only traffic from another security group, enter the &PRODUCT; account and name of a security group that has already been defined in that account. To allow traffic between VMs within the security group you are editing now, enter the same name you used in step 7.</para></listitem>
39-
</itemizedlist>
40-
<para>The following example allows inbound HTTP access from anywhere:</para>
41-
<mediaobject>
42-
<imageobject>
43-
<imagedata fileref="./images/http-access.png" />
44-
</imageobject>
45-
<textobject><phrase>httpaccess.png: allows inbound HTTP access from anywhere</phrase></textobject>
46-
</mediaobject>
47-
</listitem>
48-
<listitem><para>To add an egress rule, click the Egress Rules tab and fill out the following fields to specify what type of traffic is allowed to be sent out of VM instances in this security group. If no egress rules are specified, then all traffic will be allowed out. Once egress rules are specified, the following types of traffic are allowed out: traffic specified in egress rules; queries to DNS and DHCP servers; and responses to any traffic that has been allowed in through an ingress rule</para>
49-
<itemizedlist>
50-
<listitem><para><emphasis role="bold">Add by CIDR/Account</emphasis>. Indicate whether the destination of the traffic will be defined by IP address (CIDR) or an existing security group in a &PRODUCT; account (Account). Choose Account if you want to allow outgoing traffic to all VMs in another security group.</para></listitem>
51-
<listitem><para><emphasis role="bold">Protocol</emphasis>. The networking protocol that VMs will use to send outgoing traffic. TCP and UDP are typically used for data exchange and end-user communications. ICMP is typically used to send error messages or network monitoring data.</para></listitem>
52-
<listitem><para><emphasis role="bold">Start Port, End Port</emphasis>. (TCP, UDP only) A range of listening ports that are the destination for the outgoing traffic. If you are opening a single port, use the same number in both fields.</para></listitem>
53-
<listitem><para><emphasis role="bold">ICMP Type, ICMP Code</emphasis>. (ICMP only) The type of message and error code that will be sent</para></listitem>
54-
<listitem><para><emphasis role="bold">CIDR</emphasis>. (Add by CIDR only) To send traffic only to IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. The CIDR is the base IP address of the destination. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0.</para></listitem>
55-
<listitem><para><emphasis role="bold">Account, Security Group</emphasis>. (Add by Account only) To allow traffic to be sent to another security group, enter the &PRODUCT; account and name of a security group that has already been defined in that account. To allow traffic between VMs within the security group you are editing now, enter its name.</para></listitem>
56-
</itemizedlist></listitem>
57-
<listitem><para>Click Add.</para></listitem>
58-
</itemizedlist>
22+
<title>Adding Ingress and Egress Rules to a Security Group</title>
23+
<orderedlist>
24+
<listitem>
25+
<para>Log in to the &PRODUCT; UI as an administrator or end user. </para>
26+
</listitem>
27+
<listitem>
28+
<para>In the left navigation, choose Network</para>
29+
</listitem>
30+
<listitem>
31+
<para>In Select view, choose Security Groups, then click the security group you want .</para>
32+
</listitem>
33+
<listitem>
34+
<para>To add an ingress rule, click the Ingress Rules tab and fill out the following fields to
35+
specify what network traffic is allowed into VM instances in this security group. If no
36+
ingress rules are specified, then no traffic will be allowed in, except for responses to any
37+
traffic that has been allowed out through an egress rule.</para>
38+
<itemizedlist>
39+
<listitem>
40+
<para><emphasis role="bold">Add by CIDR/Account</emphasis>. Indicate whether the source of
41+
the traffic will be defined by IP address (CIDR) or an existing security group in a
42+
&PRODUCT; account (Account). Choose Account if you want to allow incoming traffic from
43+
all VMs in another security group</para>
44+
</listitem>
45+
<listitem>
46+
<para><emphasis role="bold">Protocol</emphasis>. The networking protocol that sources will
47+
use to send traffic to the security group. TCP and UDP are typically used for data
48+
exchange and end-user communications. ICMP is typically used to send error messages or
49+
network monitoring data.</para>
50+
</listitem>
51+
<listitem>
52+
<para><emphasis role="bold">Start Port, End Port</emphasis>. (TCP, UDP only) A range of
53+
listening ports that are the destination for the incoming traffic. If you are opening a
54+
single port, use the same number in both fields.</para>
55+
</listitem>
56+
<listitem>
57+
<para><emphasis role="bold">ICMP Type, ICMP Code</emphasis>. (ICMP only) The type of
58+
message and error code that will be accepted.</para>
59+
</listitem>
60+
<listitem>
61+
<para><emphasis role="bold">CIDR</emphasis>. (Add by CIDR only) To accept only traffic
62+
from IP addresses within a particular address block, enter a CIDR or a comma-separated
63+
list of CIDRs. The CIDR is the base IP address of the incoming traffic. For example,
64+
192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0.</para>
65+
</listitem>
66+
<listitem>
67+
<para><emphasis role="bold">Account, Security Group</emphasis>. (Add by Account only) To
68+
accept only traffic from another security group, enter the &PRODUCT; account and name of
69+
a security group that has already been defined in that account. To allow traffic between
70+
VMs within the security group you are editing now, enter the same name you used in step
71+
7.</para>
72+
</listitem>
73+
</itemizedlist>
74+
<para>The following example allows inbound HTTP access from anywhere:</para>
75+
<mediaobject>
76+
<imageobject>
77+
<imagedata fileref="./images/http-access.png"/>
78+
</imageobject>
79+
<textobject>
80+
<phrase>httpaccess.png: allows inbound HTTP access from anywhere</phrase>
81+
</textobject>
82+
</mediaobject>
83+
</listitem>
84+
<listitem>
85+
<para>To add an egress rule, click the Egress Rules tab and fill out the following fields to
86+
specify what type of traffic is allowed to be sent out of VM instances in this security
87+
group. If no egress rules are specified, then all traffic will be allowed out. Once egress
88+
rules are specified, the following types of traffic are allowed out: traffic specified in
89+
egress rules; queries to DNS and DHCP servers; and responses to any traffic that has been
90+
allowed in through an ingress rule</para>
91+
<itemizedlist>
92+
<listitem>
93+
<para><emphasis role="bold">Add by CIDR/Account</emphasis>. Indicate whether the
94+
destination of the traffic will be defined by IP address (CIDR) or an existing security
95+
group in a &PRODUCT; account (Account). Choose Account if you want to allow outgoing
96+
traffic to all VMs in another security group.</para>
97+
</listitem>
98+
<listitem>
99+
<para><emphasis role="bold">Protocol</emphasis>. The networking protocol that VMs will use
100+
to send outgoing traffic. TCP and UDP are typically used for data exchange and end-user
101+
communications. ICMP is typically used to send error messages or network monitoring
102+
data.</para>
103+
</listitem>
104+
<listitem>
105+
<para><emphasis role="bold">Start Port, End Port</emphasis>. (TCP, UDP only) A range of
106+
listening ports that are the destination for the outgoing traffic. If you are opening a
107+
single port, use the same number in both fields.</para>
108+
</listitem>
109+
<listitem>
110+
<para><emphasis role="bold">ICMP Type, ICMP Code</emphasis>. (ICMP only) The type of
111+
message and error code that will be sent</para>
112+
</listitem>
113+
<listitem>
114+
<para><emphasis role="bold">CIDR</emphasis>. (Add by CIDR only) To send traffic only to IP
115+
addresses within a particular address block, enter a CIDR or a comma-separated list of
116+
CIDRs. The CIDR is the base IP address of the destination. For example, 192.168.0.0/22.
117+
To allow all CIDRs, set to 0.0.0.0/0.</para>
118+
</listitem>
119+
<listitem>
120+
<para><emphasis role="bold">Account, Security Group</emphasis>. (Add by Account only) To
121+
allow traffic to be sent to another security group, enter the &PRODUCT; account and name
122+
of a security group that has already been defined in that account. To allow traffic
123+
between VMs within the security group you are editing now, enter its name.</para>
124+
</listitem>
125+
</itemizedlist>
126+
</listitem>
127+
<listitem>
128+
<para>Click Add.</para>
129+
</listitem>
130+
</orderedlist>
59131
</section>

0 commit comments

Comments
 (0)