Abiquo 5.1

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 67 Next »

1. Configure your user account

All users should configure their user accounts before starting work with the cloud platform.

1.1. Edit user details

    MultiExcerpt named 'editusercloudadmin' was not found
The page: Configure your user account was found, but the multiexcerpt named 'editusercloudadmin' was not found. Please check/update the page name used in the 'multiexcerpt-include macro.

    MultiExcerpt named 'twofa' was not found
The page: Configure your user account was found, but the multiexcerpt named 'twofa' was not found. Please check/update the page name used in the 'multiexcerpt-include macro.

2. Create public cloud regions

 

    MultiExcerpt named 'createpubliccloudregions' was not found
The page: Manage Datacenters and Public Cloud Regions was found, but the multiexcerpt named 'createpubliccloudregions' was not found. Please check/update the page name used in the 'multiexcerpt-include macro.


3. Create tenants

    MultiExcerpt named 'createtenants' was not found
The page: Manage Enterprises was found, but the multiexcerpt named 'createtenants' was not found. Please check/update the page name used in the 'multiexcerpt-include macro.

3.1. Control tenant resources

You can control the resources that an enterprise may consume. This will help prevent resource over allocation, enterprises using resources from other enterprises, and even DoS attacks. Allocation limits will also help system administrators to anticipate user needs and forecast resource demand. Hard and soft limits are used by the resource scheduler to decide if a user can deploy a virtual appliance or not.

  • Hard Limit: the maximum amount of resources (CPU, RAM, Hard Disk, etc.) that an enterprise may consume.
  • Soft Limit: triggers a warning for users that they nearing the hard limits for their enterprise.

Unable to render {include} The included page could not be found.

Enterprise allocation limits are checked during configuration or deploy, or before operations as described in the above table.

When creating allocation limits, you cannot have a hard limit only.  And soft limits must always be less than or equal to hard limits. In addition, if the limits are equal to 0, then this means there is  no limit to resource usage at this level.  See  Allocation limit rules

3.2. Allow the tenant to access regions

To set the public cloud regions and datacenters that an enterprise is allowed to access, edit the Enterprise and click the Datacenters tab.

Drag and drop one or more public cloud regions or providers, or datacenters from the left pane into the "Allowed Datacenters" pane on the right.

An enterprise needs access to at least one public cloud region or datacenter so that its users can deploy VMs.

Note: when you create a public cloud region or a datacenter, the platform allows it for your own enterprise automatically. For all other enterprise, the platform adds it to the list in the left pane, which contains "Prohibited datacenters".

Allowed datacenters are working datacenters where users can deploy. This is different to an admin user having administration Scope to administer the infrastructure of datacenter. 

3.3. Limit tenant resources in the region

You can set resource allocation limits for this enterprise in each allowed datacenter or public cloud region. To set allocation limits, select one of the Allowed Datacenters in the right pane and click the edit button. Set these limit values in the pop-up that opens.

Unable to render {include} The included page could not be found.

4. Manage cloud provider credentials

Each tenant should have its own set of API credentials for each provider.

4.1. Obtain cloud provider credentials

If the tenant does not have cloud provider credentials, they should follow their cloud provider's instructions on how to obtain access to the provider's API.

Abiquo provides basic guides to obtaining credentials, but the tenant should always consult the cloud provider for the most up-to-date information.

4.2. Add tenant credentials for each provider

Before you enter public cloud credentials, there must be an existing public cloud region for the provider.

To add credentials for a public cloud provider

  1. Check in Infrastructure view or with your Administrator, that the public cloud region is already created
  2. Edit the enterprise and select the Credentials tab
  3. From the Provider pull down list, select the public cloud provider
  4. Enter your Access key ID, which may be a Username, a specific API access key ID or other account identifier
  5. Enter your Secret access key, which may be an API key or other API credential
  6. Click Validate account
  7. After the account has been validated, click Save




5. Prepare foundation template library

In the Abiquo Apps Library you can compile a selection of certified public cloud templates for your users to deploy by self-service.

Abiquo will store the details of these templates but not their disks.

In the Abiquo Apps Library you can compile a selection of certified public cloud templates for your users to quickly and easily deploy VMs. Abiquo stores the details of these templates but not their disks.

Public cloud libraries can have many thousands of VM templates (e.g. AWS has 19,000 AMIs) that are difficult to find and manage. In addition, administrators cannot control the content of public cloud templates. In the Apps library, you can define a cache of details of your approved or certified public cloud templates. And you can customize the templates' representation to make it even easier for cloud users to find the right template. 

To display VM templates:
  1. Go to Apps library → Public
  2. Select the public cloud region
  3. To change to the list view, click on the list view symbol in the top right-hand corner.

To display the details of a template, move the mouse over the template. A tooltip will display the template information.

5.1. Filter local public cloud templates

You can search and filter templates for all public clouds and other clouds that use their own registry, such as vCloud Director. 

To filter templates in the Apps library:

  1. Click the funnel filter button.
  2. Enter filter values that are not case sensitive
    1. For the ID, you can enter a template ID, for example, ami-0354b96a
    2. For the Name you can enter any text, including wildcards, to search for in the template Name and Description. 
  3. Click Search

To reset filter values to defaults, click Clear.

Unable to render {include} The included page could not be found.




6. Onboard from public cloud

    MultiExcerpt named 'onboardselectregion' was not found
The page: Manage Virtual Datacenters was found, but the multiexcerpt named 'onboardselectregion' was not found. Please check/update the page name used in the 'multiexcerpt-include macro.




7. Create virtual datacenters

You can work with virtual machines, networks and storage in Virtual datacenters view




8. Manage Networks

This section describes how to manage networks in private datacenters and public cloud providers. 

8.1. Display virtual datacenter networks

To display the networks available to a virtual datacenter:

Privileges: Manage virtual network elements, Access external networks tab, Access public networks tab


  1. Go to Virtual datacenters → select virtual datacenter → Network.
  • The default network is highlighted with a star symbol
  • A network with an internet gateway is highlighted with a globe symbol
  • In public cloud, to synchronize networks and IP addresses, click the round arrows synchronize button
  • In AWS, you can filter the list of private networks by Availability Zone


API Features

Virtual datacenter networks are available in the Abiquo API. For example, see VirtualDatacentersResource and PrivateNetworksResource.

Screenshot: Private networks in private cloud

Screenshot: Private networks in public cloud (AWS)

In the Networks list, to view the pool and allocation of IPs:

  • To display all the IPs in the virtual datacenter, click the All button at the top of the list
  • To display the IPs in a network, click the Network name

You can then:

  • Use the slider at the bottom of the list to move through the pages 
  • Filter the list by entering text in the Search box. The filter works with all the columns of the table including:
    • IP Address
    • MAC address
    • Network name
    • Virtual appliance using the IP
    • VM using the IP
    • Provider ID of the entity using the IP (for example, a load balancer)




8.2. Create a private network

Private networks are only available within a virtual datacenter. However, your cloud provider may configure an external gateway for your virtual datacenter.

To create a private network:

  1. Go to Virtual datacenters → select virtual datacenter Network Private
  2. Click the + add button  and complete the dialog


Create private network

Create private network Amazon



Button

Action

Name

Name of the network (VLAN). The name can contain up to 128 characters

IPv6Select checkbox for IPv6 network

Network Address

Private address range of the network

NetmaskFor IPv4 a network mask with an integer value of between 16 and 30

Gateway

Gateway of the VLAN. Must be an IP within the range of the network address and mask

Availability zoneIn AWS, optionally select an Availability zone for high availability. To deploy a group of VMs separately, use a different availability zone for each VM. To assign a VM to an availability zone, assign a private IP address in the network belonging to the required availability zone

Primary DNS

The primary DNS

Secondary DNS

The secondary DNS

DNS suffix

The DNS suffix

Excluded from firewallSelect Excluded from firewall to define a network where VM firewalls will not apply

Static Routes

In supported providers, optionally select Define to create static routes. See Configure Static Routes using DHCP

Default network

Select to make this network the default network, replacing the existing default network

You can configure static routes when you create or edit a network. However, you should check with your systems administrator about when your VM will receive changes to static routes.

Field

Description

Example

Netmask

Destination network mask

255.255.255.0

Network ID

Destination network or host

1.1.1.0

Gateway IP

Next hop (on your network)

10.10.10.100

 Click here to show/hide IPv6 networks

Strict network

 

Non-strict network

FieldDescription

Name

Name of the VLAN. The name can contain up to 128 characters

IPv6Select checkbox for IPv6 network
StrictIPv6 only. If you select Strict, Abiquo will automatically generate the network address (ULA) and also the IP addresses. If you do not select strict, you can enter the network address and IP addresses.
NetmaskNetwork mask of 48, 56 or 64.

Network Address

Private address range of the network. Only for non-strict networks

Primary DNS

The primary DNS

Secondary DNS

The secondary DNS

DNS suffix

The DNS suffix

Default network

Make this network the default network. In a datacenter, this will override the existing default network



8.3. Create IP addresses in private networks

To create new IP addresses in a private network do these steps.

  1. Go to Virtual datacenters → optionally select a virtual datacenter
  2. Go to NetworksPrivate → select a private network
  3. On the Private IPs page, click the add + button and enter details

Or you can add an IP directly to a VM. To do this:

  1. Go to Virtual datacenters → Edit VM → Network
  2. Click the add + button and enter details (or drag the Auto-generated IP label into the Network pane)

Enter the Number of IPs to create and the From IP address (the first in the range). The From IP address must be a new address that does not already exist in the network. After creating the first IP address, the platform will try to create the other IPs and it will skip any existing IP addresses. 


For example, if you have IP addresses in network 30.30.30.30, which are 30, 33, and 34 and then you request 3 new IPs from 30.30.30.31. The new IPs created should be as follows: 31, 32, 35. 
IP Addresses
30.30.30.30
30.30.30.31
30.30.30.32
30.30.30.33
30.30.30.34
30.30.30.35

When you add IPv6 addresses on strict networks, you don't need to set the starting address. On non-strict IPv6 networks, Abiquo recommends that you create an automatic IP address, or you can enter a From IP address manually.



8.4. Edit a private network

To edit a private network
  1. Go to Virtual datacenters → select a virtual datacenter → Network
  2. Select the network
  3. Click the pencil edit button below the Networks list
  4. You can change the network Name, Gateway, DNS settings, and optionally make the network the new default for this virtual datacenter.
  5. Click Save

The new settings will apply to all VMs deployed after you save the network.




8.5. Delete a private network

You can delete a private network if no VMs are using its IPs and it is not the default network for the virtual datacenter.

To delete a private network:

  1. Go to Virtual datacenters → select a virtual datacenter → NetworkPrivate
  2. Select the network and click the delete button below the networks list. 




8.6. Display onboarded external networks

The platform automatically onboards external networks when you onboard virtual datacenters from vCloud Director.

Privileges: Manage virtual network elements, Access external networks tab, Manage external network elements


To display onboarded external networks

  1. Go to Virtual datacentersNetwork → Select vCloud VDC → External




8.7. Delete an onboarded external network

If an onboarded network has been deleted in the provider, its name will display in light gray text. If a VM is using an IP from this network, then you cannot deploy the VM.

If there are no VMs using the IPs of an external network that was already deleted in the provider, to delete the network in the platform, select it and click the delete button.



8.8. Set default virtual datacenter networks

The platform always requires a default network for a virtual datacenter to ensure that if you deploy a VM without assigning a NIC, the platform will be able to add one from the default network.

Privileges: Manage virtual datacenter network elements, Access public network tab, Manage public network elements, Access external network tab, Manage external network elements

To set a new or existing network as the default:

  1. When you create or edit the network, select the Default network checkbox. The new default network will apply to all VMs deployed after you set it.  

In private cloud, if you set a public network as the default, remember to obtain IP addresses for your VMs before you deploy!



8.9. Obtain IP addresses from public networks

In public networks you can reserve or purchase public IP addresses for your VMs. Reserved IPs may be charged while they are reserved, even if they are not used in VMs. 

Privilege: Manage public IPs, Access public networks tab, Manage public network elements

To add new public IP addresses to your virtual datacenter:

  1. Click the + Add button on the Public IPs page to display the list of available public IPs
    1. To move between pages, use pagination controls such as arrows and page numbers
    2. To filter your search, enter an IP address or Network name in the Search filter box
  2. Select IP addresses to add them to your virtual datacenter 
  3. Click Add to reserve the IPs

The platform will add the IPs to your VDC

You can also reserve public IPs directly from the Edit VM dialog.




8.10. Obtain public IP addresses in public cloud

During onboarding from public cloud, the platform will onboard existing public IP addresses in providers that support them, such as AWS and Azure. You can obtain them from the provider and assign them to your virtual datacenters and VMs.

The provider may charge for public IP addresses as soon as you reserve them for your virtual datacenter. Therefore you should reserve your IP addresses just before you deploy and check they are deleted when you undeploy your VMs. Remember that your provider may also limit the number of public IP addresses that you can use per virtual datacenter.


To add public IP addresses to your virtual datacenter, so that you can later assign them to your VMs:

Privileges: Manage virtual network elements, Manage floating IPs, Access public networks tab, Manage public network elements

  1. Go to Virtual datacenters → Select a public cloud virtual datacenter → Network → Public
  2. On the Allocated public IPs page, click the + add button
  3. To add the public IP to a virtual datacenter, click the Add to VDC link near the IP address

Now when you edit a VM in the VDC and go to Network → Public, the platform will display the public IP address and you can add it to your VM.

To obtain a public IP directly for a VM, click Purchase public IPs.




8.11. Synchronize public IP addresses with the cloud provider

To onboard any public IP addresses that were already created in your cloud provider, or update changes made directly in the provider:

Privileges: Manage virtual network elements, Manage floating IPs, Access public networks tab, Manage public network elements

  1. Go to Virtual datacenters → select a public cloud virtual datacenter → Network → Public
  2. Click the double arrow synchronize public IPs button (beside the + add button)





8.12. Release a reserved public IP address

You can release a public IP if it is not assigned to a VM.

In private cloud, to release a public IP that belongs to a public network, select the IP in the IP list and click the delete button.

In public cloud, click the link to Remove from VDC and then click the delete button.


9. Manage firewalls

9.1. Introduction to Firewalls

The platform provides a unified interface to firewalls in varied cloud environments. 

This section describes firewall policies, which are similar to security groups. The platform supports firewall policies in private cloud with network managers (NSX, Neutron) and in public cloud (AWS, Azure). In Oracle Cloud, the platform enables users to onboard classic firewalls and assign them to VMs.

In vCloud Director, the platform supports classic firewalls, which are Edge firewalls at level of the public cloud region (orgVDC). The platform does not support security groups for VMs in vCloud Director. See Manage Classic Firewalls




9.2. Synchronize firewall policies with the cloud provider

The synchronization process will onboard firewalls and it will update the platform's information about firewalls that already exist in the cloud provider. The platform synchronizes automatically when you onboard virtual resources from public cloud. Depending on the provider, the platform may support synchronization at the level of the location (public cloud region) or virtual datacenter.

To synchronize firewalls do these steps:

  1. Select All virtual datacenters and the location, or a single virtual datacenter
  2. Click the double-arrow synchronize button 

To synchronize a firewall before you add new firewall rules:

  1. Select the firewall and click the double-arrow synchronize button




9.3. Create a firewall policy

The platform can create firewall policies in virtual datacenters in the provider, or in the platform only, for later use in providers, depending on provider support.

Privilege: Manage firewall

To create a new firewall, do these steps:

  1. Go to Virtual datacentersNetworkFirewalls
  2. Click the Add button
  3. Enter the firewall details

    Field

    Description

    Name

    Name of the firewall policy.

    LocationPublic cloud region or datacenter
    Virtual datacenter
    • Virtual datacenter: The platform will create your firewall in the cloud provider. It will add a provider-ID that will display on the main Firewalls page. The platform will synchronize rules with the provider
    • No virtual datacenter: If allowed by the provider. The platform will create the firewall in the platform only, for your enterprise in the public cloud region. The platform will not synchronize rules with the provider. The platform will create the firewall in the provider when you select a virtual datacenter.
    DefaultOptional. Select to make the firewall the default for the virtual datacenter

    Description

    Description of the firewall policy

  4. Click Save to create the firewall
  5. Add Firewall rules as described below

If you entered a virtual datacenter, the platform created your firewall in the provider. The platform will display a Provider-ID and a Virtual datacenter ID for the firewall. 

If you selected No virtual datacenter, the firewall will be created in the platform in the public cloud region for your enterprise. The synchronize process will not update this firewall. The platform will not create it in the provider until you select a virtual datacenter.




9.4. Set a firewall policy as the default for a virtual datacenter

You can set a default firewall policy for each virtual datacenter. 

Privilege: Manage default firewall

To set or unset a default firewall for a virtual datacenter:

  1. Select the firewall
  2. Click the star button

When the user creates a VM, the platform will assign the default firewall. The firewall rules apply to VMs, not individual NICs on the VMs. Changes to the firewall ruleset will apply to every VM in the virtual datacenter with the default firewall. If you do not set a default firewall but the provider requires one, for example, AWS, the platform will set the provider's default firewall. In AWS the default firewall is not marked. 




9.5. Edit a firewall policy

If your provider allows it, you may edit a firewall policy in the platform. 

To edit a firewall policy:

  1. Go to Virtual datacenters → select virtual datacenter or select a region → Network → Firewalls
  2. Select the firewall and click the pencil edit button.
  3. Make your changes and click Save

Field

Description

Name

Name of the firewall policy

Virtual datacenter
  • Virtual datacenter: If your firewall had no virtual datacenter and you select one, the platform will create your firewall in the cloud provider. It will add a provider-ID that will display on the main Firewalls page. The platform will synchronize rules with the provider
DefaultSelect this option to set the firewall as the default. Note: The platform will not assign the default firewall to existing VMs.

Description

Description of the firewall policy

If the provider does not allow you to edit the policy, you may be able to delete the firewall in the provider, then reuse the configuration.

9.5.1. Edit firewall rules in AWS

Amazon allows you to edit firewall rules and you can do this through the platform. First synchronize the firewall to update the rules because AWS will not allow you to create a rule that already exists in the security group. Remember that it may take some time for firewall rules to propagate throughout AWS. Until the rules have propagated, the platform will not be able to detect them. See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/query-api-troubleshooting.html#eventual-consistency

9.5.2. Edit firewalls in AWS

To edit an AWS firewall in Abiquo, you can delete the firewall directly in the provider, then synchronize so the provider ID will be removed from the firewall in the platform. You can now edit the firewall and the firewall rules, and you can even assign the firewall to another virtual datacenter. The following screenshot shows the default firewall for several different VDCs. The "webDB" firewall currently exists in AWS. The other firewalls have been created in the platform but are not assigned to a virtual datacenter and do not currently exist in AWS.




9.6. Edit firewall rules

You can define firewall rules for inbound and outbound traffic in your firewall policy.

To add a new firewall rule:

  1. Select the virtual datacenter or location
  2. Select the firewall
  3. On the Firewall rules panel, click the pencil Edit button
  4. Select the Inbound or Outbound tab for the traffic direction you wish to control
  5. Enter the details of a rule
    1. Protocol
      • Select from Common protocols, OR
      • Select and enter a Custom protocol
    1. Port range with the Start port and End port that this rule will apply to. To enter one port, enter the same value twice, or optionally apply the rule to a number of ports at the same time
    2. Sources or Targets as a network address and netmask
  6. Click Add. The firewall rule will be added to the Firewall rules list
  7. Enter more rules as required, then click Save




9.7. Delete firewall policy rules

To delete firewall rules, do these steps.

  1. Go to Virtual datacenters → select a virtual datacenter or select All → Network → Firewalls
  2. Edit the firewall
  3. Select the Inbound or Outbound tab
  4. On the left-hand side of each rule you wish to delete, click the trash/garbage Delete button
  5. Click Save




9.8. Display firewall policies

You can display and manage firewalls in the platforms at the level of the virtual datacenter or the location (public cloud region or datacenter).

To display firewalls that exist in a virtual datacenter in the provider:

  1. Go to Virtual datacenters → select a virtual datacenter → NetworkFirewalls


To display all firewalls in a location (public cloud region or datacenter), including those that only exist in the platform and not in the provider:

  1. Go to Cloud virtual datacenters view → Locations
  2. Select a location
  3. Go to Network → Firewalls

To filter firewalls, enter text in the Search box to search by the NameDescription, and Provider ID in the Firewalls list.



9.9. Assign a firewall policy to a VM

See Assign a firewall policy to a VM




9.10. Move a firewall policy to another VDC

To move a firewall to another virtual datacenter:

  • In Neutron, edit the firewall in Abiquo and change the VDC

  • In Azure ARM, edit the firewall and change or remove the virtual datacenter
  • In AWS, delete the firewall directly in the provider, then synchronize so the provider ID will be removed from the firewall in Abiquo. Now you can edit the firewall and change the virtual datacenter. This is because you are not allowed to edit firewalls or move them from one VPC to another in AWS but you can do this in Abiquo. The following screenshot shows a firewall after the AWS security group was deleted. The firewall rules are preserved for you to edit or apply to another virtual datacenter. 




9.11. Reuse a firewall after deleting a virtual datacenter

If you delete a virtual datacenter, the firewalls will be deleted in the cloud provider or network virtualization system but they will still be present in the platform. The details of the firewalls may vary, for example, in AWS they will not have a Provider ID but in Neutron they will have a provider ID. You can edit these firewalls as required and assign them to another virtual datacenter.

To assign a firewall with no virtual datacenter to a virtual datacenter, do these steps

  1. Go to Virtual datacentersAll → Network → Firewalls

  2. Select a cloud Location

     Click here to expand...

    Reuse a firewall after deleting a virtual datacenter

  3. Select and edit the firewall
  4. Select the virtual datacenter to assign it to
  5. Click Save
 Click here to show/hide the screenshot

Edit a firewall to assign it to a new virtual datacenter



9.12. Delete a firewall policy

To delete a firewall policy:

  1. Edit each VM that is using the firewall policy to remove the firewall policy
  2. Select the firewall policy
  3. Click the Delete button




9.13. Troubleshoot firewall policies

Q: Does my firewall exist in the provider? Which VDC does it belong to?

A: In the Abiquo API, the firewall object contains a link to the virtual datacenter it belongs to. In AWS or Azure ARM, if a firewall has a provider ID, then it exists in the cloud provider. The provider ID is the AWS security group ID or the Azure firewall name.




9.14. Manage firewalls with the API

API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource FirewallPoliciesResource.




10. Manage load balancers

10.1. Introduction to load balancers

The load balancer feature aims to simplify the creation of load balancers across all cloud platforms, providing a unified interface. You can create a load balancer in the enterprise for the location and later assign it to a virtual datacenter, and then the platform will create it in the provider. You can also reuse load balancer configurations.

Please refer to cloud provider documentation as the definitive guide to the load balancing features.  And remember to check your cloud provider pricing before you begin.

In vCloud Director, load balancers belong to a public cloud region, not a virtual datacenter. This means that in vCloud Director, you can attach VMs from more than one virtual datacenter to the same load balancer, and these load balancers do not work with private networks, which belong to only one virtual datacenter.

See Provider support for load balancers tables




10.2. Display load balancers

You can display and manage load balancers in the platform at the level of the virtual datacenter or the location (public cloud region or datacenter).

To display load balancers in a region, including those that are not assigned to a virtual datacenter in a provider

  1. Go to Cloud virtual datacenters view
  2. Click the Locations button and select a location
  3. Go to Network → Load balancers

To display load balancers in virtual datacenters:

  1. Go to Cloud virtual datacenters view
  2. Select a virtual datacenter

  3. Go to Network → Load balancers.


10.3. Create a load balancer

Before you begin:
  • Synchronize your virtual datacenters (including VMs, networks, firewalls, firewall rules, and load balancers)
  • If required by your provider, create firewalls for your VMs to allow your load balancers to access the VMs
  • In Azure make sure that your VMs belong to availability sets


Privilege: Manage load balancers, Assign load balancers


To create a load balancer:

  1. Go to Virtual datacenters → select a virtual datacenter → NetworkLoad balancers 
    1. For vCloud, select All virtual datacentersNetworkLoad balancersRegion
  2. Click the + add button and complete the following dialogs according to your cloud provider's documentation

10.3.1. Load balancer general information

The following screenshots are from AWS.


Field

Value

Name

The name of the load balancer.

  • Amazon will only accept the following characters: A-Z, a-z, 0-9 and "-", and you cannot modify the name
  • Azure will not accept names with white space

Subnets

In providers that support subnets, the subnets to which the load balancer will connect

Algorithm

See cloud provider documentation for more information

Addresses

  • AWS: private or public IP
    Rackspace: private or public IP
    Azure ARM: private or public IP
    Neutron: private IP, or private and public IPs
    NSX: private IP, or private and public IPs
    vCloud Director: private or public IP (IPs on external networks)

  • You may be able to change the address to another one in the same VDC by editing the load balancer


10.3.2. Load balancer routing rules

Field

Value

Common protocols

Select one of the common protocols to load presets

Protocol in

The incoming protocol to the load balancer. See cloud provider documentation for accepted values.

Port in

The incoming port to the load balancer. See cloud provider documentation for accepted values.

Protocol out

The outgoing protocol from the load balancer.

Port outThe outgoing port from the load balancer
SSL CerftificateFor secure connections (e.g. HTTPS), you can add an SSL certificate.
  • The platform will never store or validate the SSL certificate 
  • The platform will pass the certificate directly to the provider
Select an existing certificate or add a new one. Cannot be used in platform-only load balancers
AddClick Add to save a routing rule for the load balancer

To delete a routing rule, click the delete button beside the name of the routing rule in the list

10.3.3. Load balancer SSL certificate

Field

Value

Name

Name of the certificate

Certificate

The certificate contents

Intermediate certificate

An intermediate certificate can be issued by a provider to support older browsers that may not have all of the trusted root certificates for that provider, so that users will not receive invalid SSL warnings. If you have an intermediate certificate, add it at the same time as the certificate to ensure that a trusted-chain certificate is configured.

Private key

The RSA private key for the certificate

10.3.4. Load balancer health check

 

Field

Value

Common protocols

Select one of the most common protocols to load presets

Name

Name of the health check

Protocol

The protocol with which the health check will be performed

Port

The port to which the health check will be performed

PathThe server path to ping (for supported protocols)
Interval (sec)The interval in seconds between health checks
Timeout (sec)The timeout in seconds after which an attempted health check will be considered unsuccessful
AttemptsThe number of attempts before the health check will be considered unsuccessful
AddAdd the current health check to the load balancer

10.3.5. Load balancer firewalls

If your provider supports firewalls, to add a firewall to your load balancer, select your firewall from the list of Firewalls that were created in your provider. Rackspace does not display a firewall selection list.

If a firewall is not on the list, it may not have been properly synchronized. In this case, you will need to click Cancel, synchronize firewalls and start again to create a new load balancer.

10.3.6. Assign load balancer nodes

To assign your load balancer to VMs, drag and drop the VMs them from the Available Nodes list into the Attached Nodes list.

  • The VMs to be load balanced can be in the same or different virtual appliances in the same virtual datacenter
  • You can also attach VMs by selecting load balancers when configuring the VM. 

The platform will display the Status of the load balancer nodes on the Nodes tab, if status information is available from the provider.

You can also check the status using the Abiquo API.





10.4. Manage load balancers with the API

API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource LoadBalancersResource.




10.5. Edit load balancers

The cloud provider determines which elements of a load balancer that you can modify. Due to different provider support for load balancer features, it may be possible to make modifications in the platform that will later be rejected by the cloud provider, triggering an error. Check your cloud provider documentation for supported modifications.




10.6. Edit VMs to assign or unassign to load balancers


Privilege: Assign load balancers

To assign a virtual machine to a load balancer, select the load balancer from the list.




10.7. Onboard and synchronize load balancers from public cloud

When you onboard a VDC from a public cloud provider, the load balancers associated with the VDC and its VMs will be onboarded into the platform.

To access vCloud load balancers, and provider-only load balancers

  1. Go to Virtual datacenters → All virtual datacenters
  2. Go to NetworkLoad balancers → select region

To synchronize all load balancers in a VDC or region:

  1. Go to Virtual datacenters
  2. Select the VDC or region
  3. Click the arrow synchronize button.

Load balancers that have been deleted directly in the provider are displayed in light gray text. You can edit these load balancers to recreate them in the provider, or delete them.




10.8. Delete or release load balancers

To delete a load balancer:
  1. Select the load balancer
  2. Click the delete button.

If your enterprise does not have credentials in the provider, then the load balancer will be released (it will be deleted in the platform but it will remain in cloud provider).




11. Manage virtual machines

This section describes the tasks that may be performed by the cloud user. 

11.1. Edit your user account details

After you log in, you may need to edit your user account to update your details:

  1. Click on the user icon in top right-hand corner of the screen and select Edit user from the pull-down menu
  2. Change your password and edit your user details. Check you have the correct email and phone number to receive passwords and authentication
  3. Add your public key that that the platform will use to launch VMs so that you can access them with SSH

     Click here to expand...

    Edit user general information

    Edit user advanced

    MultiExcerpt named 'ManageVMsCreateVMs' was not found
The page: Manage Virtual Machines was found, but the multiexcerpt named 'ManageVMsCreateVMs' was not found. Please check/update the page name used in the 'multiexcerpt-include macro.

    MultiExcerpt named 'ManageVMsDeploy' was not found
The page: Manage Virtual Machines was found, but the multiexcerpt named 'ManageVMsDeploy' was not found. Please check/update the page name used in the 'multiexcerpt-include macro.

    MultiExcerpt named 'ManageVMsDisplayAllVMs' was not found
The page: Manage Virtual Machines was found, but the multiexcerpt named 'ManageVMsDisplayAllVMs' was not found. Please check/update the page name used in the 'multiexcerpt-include macro.




12. Monitoring and alarms


    MultiExcerpt named 'monitoringscalingmonitorvapps' was not found
The page: Monitoring and Scaling VMs was found, but the multiexcerpt named 'monitoringscalingmonitorvapps' was not found. Please check/update the page name used in the 'multiexcerpt-include macro.




12.1. Introduction to alarms

An alarm activates when a metric passes a certain threshold. If you imagine a dashboard for your metrics, alarms are like red lights that light up when conditions change, for example, when there is a problem. 

If you would like the platform to notify you when an alarm activates, create an Alert for it in Control view.

  • Alerts are a group of one or more alarms. They are like a worker monitoring a group of alarms; when all the lights for the group are lit up, then the worker takes action and activates the alert. Alerts can also trigger action plans to perform automated actions when their alarms activate. After you create an alert, create an action plan in Control view with the alert as a trigger.

You can create alarms for built-in VM metrics or scaling group metrics, as well as custom metrics created using the API for VMs, scaling groups, virtual appliances, and virtual datacenters. 

  • You cannot create alarms for cloned VMs that are part of a scaling group. This is because scaling groups have aggregate alarms that are associated with the base VM. 


12.2. Display alarms in virtual datacenters

To display alarms in virtual datacenters:
  1. Go to Virtual datacenters 
  2. Select a virtual datacenter or All virtual datacenters
  3. Go to Alarms



12.3. Create an alarm

Before you begin:
  1. Configure the metrics you will use in the alarm. See VM monitoring and metrics and Custom Metrics Resources.

To create an alarm:

Privilege: Access alarms section, Manage alarms

  1. Go to Virtual datacenter → Alarms
  2. Select virtual datacenter, virtual appliance, scaling group, or VM
  3. Click the Add + button in the top right hand corner
  4. Enter the alarm details

    Field

    Description

    Entity typeSelect an entity with metrics from the list on the left.
    Entity nameThe name of the entity
    Entity labelThe label of the entity, which for VMs is shown in the list on the left
    Entity iconThe icon that the platform displays in the UI for VMs and virtual appliances

    Name

    Name of the alarm with up to 128 characters. Alarm names must be unique for each metric

    DescriptionDescription of the alarm. Used together with the alarm name and VM name to identify the alarm, for example, when creating an alert
    MetricSelect one of the metrics available for the VM
    Metric unitThe unit of the metric. Read only
    Metric descriptionThe description of the metric. Read only
    DimensionWhen the metric has multiple dimensions, optionally select one or more dimensions. For example, if a VM has multiple hard disks, then the disk read bytes metric may have a dimension for each disk

    Last datapoints in period

    The number of datapoints that the platform will evaluate the metric during the elapsed time.

    If you request the evaluation of an alarm more frequently than metric data is collected by the platform or sent by the provider, then the alarm will not activate.

    We recommend that you create alarms with longer evaluation periods, for example, an average of 10 points over the last hour, so the transmission and collection intervals will not affect the activation of the alarm.

    Statistic

    Statistic that the platform will use for evaluating the alarm, which can be: average, maximum, minimum, sum, count, dev

    Formula

    Operator that the platform will use for evaluation of the alarm, for example, greater than. Values can be: notequal, greaterthan, greaterthanorequalto, lessthan, lessthanorequalto, trendup, trenddown

    Threshold

    Value that the platform will evaluate the alarm against, if appropriate

  5. Click Save

The platform will create the alarm for the metric. If you would like the platform to notify you when an alarm is triggered, create an Alert.

Troubleshooting alarms that do not trigger

  • Although the minimum value of the time period for alarm evaluation is 1 minute, the platform collects metrics data every 2 minutes by default but it can also be configured for each hypervisor or provider.
  • For the default configuration, to ensure that an alarm will activate, it should be evaluated at intervals of greater than 2 minutes.
  • In addition, each provider transmits metrics at different intervals, for example, with Amazon Basic monitoring, data is sent every 5 minutes, and with Advanced monitoring, every minute, whereas for vCloud, data is available on consultation.


For a scaling group, an alarm on a metric of the VM in the base workload will receive input from the metrics of all VMs in the scaling group. This means the base workload and/or the clone VMs. So an alarm for a scaling group can activate, even if the base workload is not deployed.

For API documentation about alarms on an entity, see the API documentation for the entity's resource. For example, for VMs, see VirtualMachinesResource.



12.4. Edit an alarm

When you edit an alarm, you cannot modify the metric or the entity.

When you edit an alarm, there is an extra field, "Active", that shows if the alarm is activated or not.

After you save the alarm, the platform will start to evaluate it again with new data when it receives the next set of metrics datapoints.





12.5. Delete an alarm

You can delete any alarm at any time, even if it is part of one or more alerts. The platform will not warn you that the alarm is used in an alert. However, you can check this in Control view. After you delete an alarm, you cannot recover it.

You can also remove an alarm from an alert.

Privilege: Access alarms section, Manage alarms, Manage alerts

To delete an alarm:

  1. Go to Virtual datacenters or Infrastructure →  Alarms
  2. Select the alarm and delete it

To remove an alarm from an alert:

  1. Go to Control → Alerts → edit alert

  2. Select the alarm, click the delete button, and confirm
    The platform will remove it from this alert, but it will remain in all other alerts that it is associated with

If you delete a VM, the platform will delete any alarms associated with its metrics.




13. Alerts


    MultiExcerpt named 'controlalerts' was not found
The page: Control View was found, but the multiexcerpt named 'controlalerts' was not found. Please check/update the page name used in the 'multiexcerpt-include macro.





14. Scaling groups


    MultiExcerpt named 'monitoringscalingscaling' was not found
The page: Monitoring and Scaling VMs was found, but the multiexcerpt named 'monitoringscalingscaling' was not found. Please check/update the page name used in the 'multiexcerpt-include macro.




15. Automation


15.1. Introduction to action plans


    MultiExcerpt named 'controlactionplans' was not found
The page: Control View was found, but the multiexcerpt named 'controlactionplans' was not found. Please check/update the page name used in the 'multiexcerpt-include macro.




15.2. Automate VM first boot with a configuration or script

To automate the configuration of your VM, edit the VM and on the Bootstrap tab, add a configuration or script that will run with cloud-init. Remember that your VM template must be compatible with cloud-init version 0.7.9 or above, and for Windows systems this will be a Cloudbase-Init template.

15.3. Add variables for the configuration of your VM

To add variables for use by cloud-init configurations or scripts, edit the VM and on the Variables tab, add the key and value for each variable that will be sent to the VM at deploy time. Remember that your VM template must be compatible with cloud-init version 0.7.9 or above, and for Windows system this will be a Cloudbase-Init template.

15.4. Configure Chef Recipes and Roles to automate VM configuration

Chef is an infrastructure automation product that uses configuration recipes. You can use Abiquo Chef Integration to deploy a VM that will then configure itself using Chef recipes and roles on Linux VMs.

The Chef tab will display if your tenant has a Chef configuration and your VM template is compatible with cloud-init.

To add Chef roles and recipes for your VM:

  1. Edit the VM and go to the Chef tab. 
  2. By default on this tab you can select roles. In order to select recipes too, select the Mark the "Select individual components" checkbox
  3. Select the appropriate roles and recipes in order to add to the VM's runlist. When the VM is deployed it will download the roles and recipes, and run them in order.
  4. Run a Chef-client recipe to keep your VM up to date with the Chef server.

To change the order of the runlist, click on the pencil button beside a role or recipe, then edit the order number, then click OK.

If you change the runlist after deploy, Abiquo will update the Chef server, and your Chef-client recipe can obtain these changes from the Chef server.

See also Configuring and Using Abiquo Chef Integration in the Abiquo HOWTOs and Troubleshooting Abiquo Chef Integration in the Administrator's Guide.


  • No labels