Apache CloudStack Cloud Operation

This document presents the concept of cloud computing environments, under

the context of private clouds, and an introduction to the Apache CloudStack

cloud orchestration platform, focusing on its operation process.

Last update: January 9, 2026

Revision: a861aa100534f4f28acdbb7f732a7becb500075c

Contents

1 Introduction 22

1.1 Private cloud platforms . . . . . . . . . . . . . . . . . . . . . . . . . 23

1.1.1 Basic functionalities . . . . . . . . . . . . . . . . . . . . . . . 23

1.2 Apache CloudStack history . . . . . . . . . . . . . . . . . . . . . . . 25

2 Apache CloudStack basic concepts 26

2.1 Control Plane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

2.2 Compute Plane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

2.3 Data Plane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

2.4 Logical organization of Apache CloudStack . . . . . . . . . . . . . . 28

2.5 Apache CloudStack components . . . . . . . . . . . . . . . . . . . . 29

3 Apache CloudStack functionalities 31

3.1 Home dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

3.2 VM settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

3.2.1 General settings . . . . . . . . . . . . . . . . . . . . . . . . . 32

3.2.2 Miscellaneous settings for internal usage . . . . . . . . . . . 33

3.2.3 VM settings speciﬁc for KVM . . . . . . . . . . . . . . . . . . 33

3.2.4 VM settings speciﬁc for VMware . . . . . . . . . . . . . . . . 34

3.2.5 Settings speciﬁc for XenServer internal use . . . . . . . . . . 34

3.2.6 Settings speciﬁc for Mac OSX - Guest . . . . . . . . . . . . . 34

3.2.7 Global settings for VMs . . . . . . . . . . . . . . . . . . . . . 34

3.2.7.1 User access restriction . . . . . . . . . . . . . . . . 34

3.2.7.2 Extra settings metadata . . . . . . . . . . . . . . . . 35

3.2.7.3 VM statistics retention . . . . . . . . . . . . . . . . 36

3.3 Volume management . . . . . . . . . . . . . . . . . . . . . . . . . . 38

3.3.1 Volume migration with stopped VM (cold migration) . . . . 38

3.3.2 Volume migration with running VMs (hot migration) . . . . 39

3.3.3 Volume migration via CLI . . . . . . . . . . . . . . . . . . . . 40

3.3.4 Importing a volume to another zone or account . . . . . . . 42

3.4 Virtual router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

3.4.1 Stopping the virtual router . . . . . . . . . . . . . . . . . . . 45

3.4.2 Restarting the virtual router . . . . . . . . . . . . . . . . . . 47

3.4.3 Destroying a virtual router . . . . . . . . . . . . . . . . . . . 47

3.4.4 Default oﬀering deﬁnition for virtual router . . . . . . . . . 48

3.5 Public IPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

3.5.1 Public IP reserved for system VMs . . . . . . . . . . . . . . . 50

3.6 IPv6 support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

3.6.1 Isolated networks and VPC tiers . . . . . . . . . . . . . . . . 50

3.6.2 Shared networks . . . . . . . . . . . . . . . . . . . . . . . . . 56

3.7 Host, storage and network tags . . . . . . . . . . . . . . . . . . . . . 58

3.7.1 Host tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

3.7.2 Storage tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

3.7.3 Network tags . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

3.7.4 Flexible tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

3.8 Managing instance deployment based on their operating system 67

3.8.1 Hosts Preference OS . . . . . . . . . . . . . . . . . . . . . . . 67

3.8.2 Flexible guest OS . . . . . . . . . . . . . . . . . . . . . . . . . 69

3.9 Snapshots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

3.9.1 Snapshot settings . . . . . . . . . . . . . . . . . . . . . . . . . 70

3.10 Event and alert audit . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

3.10.1 Alert e-mails . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

3.10.2 Searching and ﬁltering alerts . . . . . . . . . . . . . . . . . . 72

3.10.3 Removing or archiving alerts . . . . . . . . . . . . . . . . . . 73

3.10.4 Event and alert removal automation . . . . . . . . . . . . . 73

3.11 Storage management within Apache CloudStack . . . . . . . . . . 74

3.11.1 Primary storage . . . . . . . . . . . . . . . . . . . . . . . . . . 74

3.11.1.1 Adding a primary storage . . . . . . . . . . . . . . . 75

3.11.1.2 Disabling a primary storage . . . . . . . . . . . . . 78

3.11.1.3 Maintenance mode for primary storage . . . . . . 79

3.11.1.4 Behaviour after restarting hosts . . . . . . . . . . . 79

3.11.1.5 Local storage usage . . . . . . . . . . . . . . . . . . 80

3.11.2 Secondary storage . . . . . . . . . . . . . . . . . . . . . . . . 85

3.11.2.1 Adding secondary storages . . . . . . . . . . . . . . 86

3.11.2.2 Data migration between secondary storages . . . 87

3.11.2.3 Read-only mode for secondary storage . . . . . . 88

3.11.2.4 Read-write mode for secondary storage . . . . . . 89

3.11.2.5 Secondary storage removal . . . . . . . . . . . . . 90

3.12 Resource allocation for secondary storage . . . . . . . . . . . . . . 90

4 Service Oﬀerings 94

4.1 Compute oﬀerings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

4.2 Disk Oﬀerings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

4.2.1 Limiting IOPS e BPS in disk oﬀerings . . . . . . . . . . . . . . 101

4.3 Network oﬀerings - throttling . . . . . . . . . . . . . . . . . . . . . . 105

4.4 System oﬀerings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

4.4.0.1 Creating system oﬀerings . . . . . . . . . . . . . . 107

4.4.0.2 Editing system oﬀerings . . . . . . . . . . . . . . . 110

4.4.0.3 Removing system oﬀerings . . . . . . . . . . . . . . 111

4.4.0.4 Changing the system oﬀering of a system VMs . . 112

4.5 Backup oﬀerings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

4.5.0.1 Enabling backup oﬀerings . . . . . . . . . . . . . . 113

4.5.0.2 Importing backup oﬀerings . . . . . . . . . . . . . 115

4.5.0.3 Backup oﬀering removal . . . . . . . . . . . . . . . 116

4.5.0.4 Using backup oﬀerings . . . . . . . . . . . . . . . . 116

5 Apache CloudStack settings 119

5.1 Settings scopes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

5.2 Global settings that control the primary storage usage . . . . . . . 120

5.3 Settings to limit resources . . . . . . . . . . . . . . . . . . . . . . . . 122

5.4 Settings that control Kubernetes usage . . . . . . . . . . . . . . . . 122

5.4.1 Enabling Kubernetes integration . . . . . . . . . . . . . . . . 122

5.4.2 Kubernetes clusters creation . . . . . . . . . . . . . . . . . . 123

6 UI customization 124

6.1 Changing logo and other elements . . . . . . . . . . . . . . . . . . . 124

6.2 Changing logo when resizing the page . . . . . . . . . . . . . . . . . 126

6.3 Theme management . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

6.3.1 Theme creation . . . . . . . . . . . . . . . . . . . . . . . . . . 128

6.3.2 Theme list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

6.3.3 Updating a theme . . . . . . . . . . . . . . . . . . . . . . . . 131

6.3.3.1 CSS ﬁeld . . . . . . . . . . . . . . . . . . . . . . . . . 132

6.3.3.2 JSON settings . . . . . . . . . . . . . . . . . . . . . . 132

6.3.4 Removing a theme . . . . . . . . . . . . . . . . . . . . . . . . 134

6.3.5 Common UI customization examples . . . . . . . . . . . . . 134

6.3.5.1 Creating themes with external stylization ﬁle . . . 134

6.3.5.2 Notes about style conﬂicts . . . . . . . . . . . . . . 134

6.3.5.3 Adding fonts . . . . . . . . . . . . . . . . . . . . . . 135

6.3.5.4 Using CSS variables . . . . . . . . . . . . . . . . . . 135

6.3.5.5 Login page . . . . . . . . . . . . . . . . . . . . . . . 135

6.3.5.6 Header stylization . . . . . . . . . . . . . . . . . . . 137

6.3.5.7 Sidebar stylization . . . . . . . . . . . . . . . . . . . 138

6.3.5.8 Cards and dashboard graphs stylization . . . . . . 140

6.3.5.9 Listings and links stylization . . . . . . . . . . . . . 141

6.4 Redirection to external links . . . . . . . . . . . . . . . . . . . . . . . 142

7 Resources consumption accounting 145

7.1 Usage Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

7.1.1 Usage Server setup . . . . . . . . . . . . . . . . . . . . . . . . 145

7.1.2 Usage type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

7.1.3 Usage records . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

7.2 Quota . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

7.2.1 Quota setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

7.2.2 Tariﬀs management . . . . . . . . . . . . . . . . . . . . . . . 156

7.2.2.1 Creating tariﬀs . . . . . . . . . . . . . . . . . . . . . 157

7.2.2.2 Tariﬀ details . . . . . . . . . . . . . . . . . . . . . . 159

7.2.2.3 Editing tariﬀs . . . . . . . . . . . . . . . . . . . . . . 159

7.2.2.4 Removing tariﬀs . . . . . . . . . . . . . . . . . . . . 160

7.2.3 Activation rules . . . . . . . . . . . . . . . . . . . . . . . . . . 160

7.2.3.1 Default presets for all resource types . . . . . . . . 163

7.2.3.2 Presets for the RUNNING_VM type . . . . . . . . . 165

7.2.3.3 Presets for the ALLOCATED_VM type . . . . . . . . 166

7.2.3.4 Presets for the VOLUME type . . . . . . . . . . . . 167

7.2.3.5 Presets for the TEMPLATE and ISO type . . . . . . 167

7.2.3.6 Presets for the SNAPSHOT type . . . . . . . . . . . 168

7.2.3.7 Presets for the NETWORK_OFFERING type . . . . . 169

7.2.3.8 Presets for the VM_SNAPSHOT type . . . . . . . . 169

7.2.3.9 Presets for the BACKUP type . . . . . . . . . . . . . 169

7.2.3.10 Presets for the NETWORK_USAGE type . . . . . . . 170

7.2.3.11 Presets for the BACKUP_OBJECT type . . . . . . . . 170

7.2.3.12 Verifying presets via API . . . . . . . . . . . . . . . 170

7.2.3.13 Presets for the other resources . . . . . . . . . . . 171

7.2.3.14 Expressions examples . . . . . . . . . . . . . . . . . 171

7.2.4 Credits management . . . . . . . . . . . . . . . . . . . . . . . 174

7.2.4.1 Adding/removing credits . . . . . . . . . . . . . . . 175

7.2.5 Active accounts . . . . . . . . . . . . . . . . . . . . . . . . . . 176

7.2.6 Managing e-mail templates from Quota . . . . . . . . . . . 177

7.2.7 Notes about using the Quota plugin . . . . . . . . . . . . . . 179

8 Operation 180

8.1 Debugging issues and troubleshooting process . . . . . . . . . . . 180

8.1.1 Debugging via logs . . . . . . . . . . . . . . . . . . . . . . . . 180

8.1.2 Debugging via web interface . . . . . . . . . . . . . . . . . . 180

8.1.3 Debugging network problems . . . . . . . . . . . . . . . . . 181

8.1.4 Log ﬁles path . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

8.1.5 Log level increase on Management Servers and KVM Agents182

8.1.6 Troubleshooting process . . . . . . . . . . . . . . . . . . . . 185

8.2 Host/VM failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

8.2.1 Host HA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

8.2.2 VM HA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

8.3 HA’s relation to heartbeat storage connection loss . . . . . . . . . 197

8.4 Apache CloudStack services management . . . . . . . . . . . . . . 198

8.4.1 Managing the cloudstack-management . . . . . . . . . . . . 199

8.4.2 Managing cloudstack-agent (for KVM hypervisor) . . . . . . 200

8.4.3 Managing cloudstack-usage . . . . . . . . . . . . . . . . . . . 201

8.5 System VMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

8.5.1 Console Proxy Virtual Machine . . . . . . . . . . . . . . . . . 203

8.5.2 Secondary Storage Virtual Machine . . . . . . . . . . . . . . 203

8.5.3 Virtual Router . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

8.5.3.1 Virtual Router health checks . . . . . . . . . . . . . . 204

8.5.4 Accessing the system VMs . . . . . . . . . . . . . . . . . . . . 207

8.5.5 Changing the system VMs password . . . . . . . . . . . . . . 208

8.5.6 URL for CPVM and SSVM consumption . . . . . . . . . . . . 209

8.6 Enabling VMs computational resources increase . . . . . . . . . . 209

8.7 Overprovisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

8.8 Updating the Apache CloudStack . . . . . . . . . . . . . . . . . . . . 213

8.8.1 Major versions updates . . . . . . . . . . . . . . . . . . . . . 213

8.8.2 Updates within the same major version . . . . . . . . . . . 215

8.9 SSL certiﬁcate update in the environment (nginx and ACS) . . . . . 215

8.9.1 Root and intermediary certiﬁcates extraction . . . . . . . . 215

8.9.2 Key conversion to PKCS#8: . . . . . . . . . . . . . . . . . . . 216

8.9.3 Adding certiﬁcates in nginx . . . . . . . . . . . . . . . . . . . 216

8.9.4 Adding certiﬁcates in the Apache CloudStack . . . . . . . . 216

8.10 SSH key pairs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

9 KVM hypervisor 226

9.1 KVM installation and CloudStack Agent . . . . . . . . . . . . . . . . 227

9.2 KVM and CloudStack Agent setup . . . . . . . . . . . . . . . . . . . 228

9.3 KVM operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

9.4 KVM’s CPU topology . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

9.5 CPU control with KVM . . . . . . . . . . . . . . . . . . . . . . . . . . 232

10 VMware hypervisor 235

10.1 Creating datastores . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

10.2 Installing the ESXi hosts . . . . . . . . . . . . . . . . . . . . . . . . . 236

10.2.1 Default ESXi hosts installation . . . . . . . . . . . . . . . . . 237

10.2.2 ESXi hosts basic settings . . . . . . . . . . . . . . . . . . . . . 240

10.2.3 Advanced ESXi hosts settings . . . . . . . . . . . . . . . . . . 245

10.2.3.1 Adding new IPs . . . . . . . . . . . . . . . . . . . . . 245

10.2.3.2 Adding new datastores . . . . . . . . . . . . . . . . 248

10.2.3.3 Adding the license key . . . . . . . . . . . . . . . . 250

10.3 vCenter installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

10.3.1 Adding license key . . . . . . . . . . . . . . . . . . . . . . . . 261

10.3.2 Adding multiple ESXi hosts . . . . . . . . . . . . . . . . . . . 263

10.3.3 Removing the Linux graphical interface . . . . . . . . . . . . 267

10.4 Adding VMware cluster in Apache CloudStack . . . . . . . . . . . . 268

10.5 Problems when adding a VMware cluster . . . . . . . . . . . . . . . 273

10.6 Importing VMware VM to Apache CloudStack . . . . . . . . . . . . 276

10.6.1 Importing VMs via UI . . . . . . . . . . . . . . . . . . . . . . . 276

10.6.2 Importing VMs via API . . . . . . . . . . . . . . . . . . . . . . 279

11 Conclusion 281

Appendix A Terminology 282

List of Figures

1 Cloud computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

2 Example of a fault tolerant Apache CloudStack architecture . . . . 26

3 Logical organization of Apache CloudStack . . . . . . . . . . . . . . 29

4 Home dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

5 VM settings tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

6 Global settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

7 Example for the query return with the total size for the vm _ s ta t s

table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

8 Migrating volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

9 Conﬁrming operation . . . . . . . . . . . . . . . . . . . . . . . . . . 39

10 Migrating the VM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

11 Conﬁguring the migration . . . . . . . . . . . . . . . . . . . . . . . . 40

12 Getting to the virtual routers tab . . . . . . . . . . . . . . . . . . . . 44

13 Verifying if the VR was correctly created . . . . . . . . . . . . . . . . 44

14 Browsing to the virtual routers . . . . . . . . . . . . . . . . . . . . . 45

15 Stopping the virtual router . . . . . . . . . . . . . . . . . . . . . . . 45

16 Conﬁrming operation . . . . . . . . . . . . . . . . . . . . . . . . . . 46

17 Conﬁrming that the virtual router stopped . . . . . . . . . . . . . . 46

18 Restarting the virtual router . . . . . . . . . . . . . . . . . . . . . . . 47

19 Destroying the virtual router . . . . . . . . . . . . . . . . . . . . . . 47

20 Conﬁrming operation . . . . . . . . . . . . . . . . . . . . . . . . . . 47

21 Conﬁrming virtual router removal . . . . . . . . . . . . . . . . . . . 48

22 Steps to deﬁne the default oﬀering for the virtual router . . . . . . 49

23 Beginning to add the IPv6 interval for the public network . . . . . 51

24 Adding an IPv6 interval for the public network . . . . . . . . . . . . 51

25 A /52 preﬁx allows 4096 IPv6 subnetworks in /64 block . . . . . . . 51

26 Beginning to add the IPv6 interval for the guest network . . . . . . 52

27 Adding an IPv6 interval for the guest network . . . . . . . . . . . . 52

28 Creating VPC oﬀering with IPv6 support . . . . . . . . . . . . . . . . 53

29 Creating oﬀering for VPC tiers with IPv6 support . . . . . . . . . . 53

30 VM’s IPv6 autoconﬁguration validation (via SLAAC) . . . . . . . . . 54

31 Exhibition via UI for the routes that must be added to the edge

router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

32 Exhibition via API for the routes that must be added to the edge

router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

33 Creating an isolated network oﬀering with IPv6 support . . . . . . 55

34 VM’s IPv6 autoconﬁguration validation (via SLAAC) . . . . . . . . . 55

35 Exhibition via UI for the routes that must be added to the edge

router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

36 Exhibition via API for the routes that must be added to the edge

router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

37 Shared network creation from IPv4 info . . . . . . . . . . . . . . . . 57

38 Shared network creation from IPv6 info . . . . . . . . . . . . . . . . 57

39 Field for updating storage tags and host tags of a compute oﬀering 58

40 Accessing the host editing . . . . . . . . . . . . . . . . . . . . . . . . 65

41 Creating the ﬂexible tag in the host . . . . . . . . . . . . . . . . . . 65

42 Accessing the primary storage editing . . . . . . . . . . . . . . . . . 66

43 Creating the ﬂexible tag in the primary storage . . . . . . . . . . . 67

44 Access the host being conﬁgured . . . . . . . . . . . . . . . . . . . . 68

45 Access the host’s editing form . . . . . . . . . . . . . . . . . . . . . 68

46 Host’s Preference OS conﬁgurations . . . . . . . . . . . . . . . . . . 69

47 Guest OS rule conﬁguration for the host . . . . . . . . . . . . . . . 69

48 Accessing alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

49 Archiving or deleting an alert . . . . . . . . . . . . . . . . . . . . . . 73

50 Accessing the primary storage addition menu . . . . . . . . . . . . 76

51 Details for adding a primary storage . . . . . . . . . . . . . . . . . . 76

52 Adding a primary storage with NFS . . . . . . . . . . . . . . . . . . 77

53 Adding a primary storage with Shared Mount Point . . . . . . . . . 78

54 Disabling a primary storage . . . . . . . . . . . . . . . . . . . . . . . 79

55 Enabling the maintenance mode . . . . . . . . . . . . . . . . . . . . 79

56 Enabling the usage of local storage for system VMs . . . . . . . . . 80

57 Accessing the zone to be edited . . . . . . . . . . . . . . . . . . . . 81

58 Accessing the zone editing menu . . . . . . . . . . . . . . . . . . . . 81

59 Enabling the usage of local storage for user’s VMs . . . . . . . . . . 82

60 Adding a compute oﬀering with highlight in their Storage Type . . 83

61 Adding a disk oﬀering with highlight in the Storage Type . . . . . . 84

62 Cold volume migration to local storage . . . . . . . . . . . . . . . . 85

63 Adding a new secondary storage . . . . . . . . . . . . . . . . . . . . 87

64 Details while adding a new secondary storage . . . . . . . . . . . . 87

65 Migrating data between secondary storages . . . . . . . . . . . . . 88

66 Details for migrating data between secondary storages . . . . . . 88

67 Deﬁning a secondary storage as read-only . . . . . . . . . . . . . . 89

68 Deﬁning a secondary storage as read-write . . . . . . . . . . . . . . 89

69 Deleting a secondary storage . . . . . . . . . . . . . . . . . . . . . . 90

70 Conﬁrming secondary storage removal . . . . . . . . . . . . . . . . 90

71 Starting to create a new disk oﬀering . . . . . . . . . . . . . . . . . 96

72 Creating the new disk oﬀering . . . . . . . . . . . . . . . . . . . . . 97

73 Starting to edit the disk oﬀering . . . . . . . . . . . . . . . . . . . . 99

74 Editing a disk oﬀering . . . . . . . . . . . . . . . . . . . . . . . . . . 99

75 Starting to update disk oﬀering accesses . . . . . . . . . . . . . . . 99

76 Updating the disk oﬀering accesses . . . . . . . . . . . . . . . . . . 100

77 Changing the disk oﬀerings order . . . . . . . . . . . . . . . . . . . 100

78 Starting to delete a disk oﬀering . . . . . . . . . . . . . . . . . . . . 100

79 Deleting a disk oﬀering . . . . . . . . . . . . . . . . . . . . . . . . . . 100

80 Selecting a QoS type . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

81 Limiting a BPS ratio . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

82 Default system oﬀerings . . . . . . . . . . . . . . . . . . . . . . . . . 107

83 Starting to create a new system oﬀering . . . . . . . . . . . . . . . 108

84 Creating a new system oﬀering - 1 - continues . . . . . . . . . . . . 109

85 Creating a new system oﬀering - 2 . . . . . . . . . . . . . . . . . . . 109

86 Starting to edit the system oﬀering . . . . . . . . . . . . . . . . . . 110

87 Editing the system oﬀering . . . . . . . . . . . . . . . . . . . . . . . 110

88 Changing system oﬀering order . . . . . . . . . . . . . . . . . . . . 111

89 Starting the system oﬀering removal . . . . . . . . . . . . . . . . . 111

90 Removing a system oﬀering . . . . . . . . . . . . . . . . . . . . . . . 111

91 Backup oﬀering tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

92 Starting to import a new backup oﬀering . . . . . . . . . . . . . . . 115

93 Importing a new backup oﬀering . . . . . . . . . . . . . . . . . . . . 115

94 Starting backup oﬀering removal . . . . . . . . . . . . . . . . . . . . 116

95 Removing the backup oﬀering . . . . . . . . . . . . . . . . . . . . . 116

96 Starting to assign a VM to a backup oﬀering . . . . . . . . . . . . . 116

97 Assigning a VM to a backup oﬀering . . . . . . . . . . . . . . . . . . 117

98 Starting manual backup for a VM . . . . . . . . . . . . . . . . . . . . 117

99 Performing a manual backup for a VM . . . . . . . . . . . . . . . . 117

100 Starting backup scheduling . . . . . . . . . . . . . . . . . . . . . . . 117

101 Scheduling backups . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

102 Starting to remove backup oﬀering from the VM . . . . . . . . . . 118

103 Removing backup oﬀering from the VM . . . . . . . . . . . . . . . . 118

104 Global setting endpoint.url . . . . . . . . . . . . . . . . . . . . . . . 123

105 Customized banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

106 Customized footer . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

107 Whole logo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

108 Cut logo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

109 Mini logo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

110 Customized login page . . . . . . . . . . . . . . . . . . . . . . . . . . 137

111 Stylized header . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

112 Stylized sidebar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

113 Stylized closed sidebar . . . . . . . . . . . . . . . . . . . . . . . . . . 140

114 Stylized dashboard on root admin account . . . . . . . . . . . . . . 141

115 Stylized dashboard on user account . . . . . . . . . . . . . . . . . . 141

116 Stylized listing and links . . . . . . . . . . . . . . . . . . . . . . . . . 142

117 Only one deﬁned element . . . . . . . . . . . . . . . . . . . . . . . . 143

118 More than one deﬁned element . . . . . . . . . . . . . . . . . . . . 143

119 Link with an icon attribute . . . . . . . . . . . . . . . . . . . . . . . . 144

120 Accessing the settings . . . . . . . . . . . . . . . . . . . . . . . . . . 146

121 Editing the settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

122 Quota plugin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

123 List of active tariﬀs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

124 Listing ﬁlters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

125 Tariﬀ creation form . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

126 Tariﬀ details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

127 Possible actions for active tariﬀs . . . . . . . . . . . . . . . . . . . . 159

128 Tariﬀ editing form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

129 Removing a tariﬀ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

130 List of active accounts . . . . . . . . . . . . . . . . . . . . . . . . . . 175

131 Form for adding/removing credits . . . . . . . . . . . . . . . . . . . 175

132 List of active accounts . . . . . . . . . . . . . . . . . . . . . . . . . . 176

133 Listing ﬁlters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

134 List of e-mail templates from Quota . . . . . . . . . . . . . . . . . . 178

135 Editing the e-mail template . . . . . . . . . . . . . . . . . . . . . . . 178

136

Quota state for admin accounts and custom-account . . . . . . . . 179

137 VM created through the UI . . . . . . . . . . . . . . . . . . . . . . . 186

138 Identifying the command sent. . . . . . . . . . . . . . . . . . . . . . 186

139 Identifying the logid for the desired process. . . . . . . . . . . . . . 187

140 Console Proxy Virtual Machine . . . . . . . . . . . . . . . . . . . . . . 203

141 Secondary Storage Virtual Machine . . . . . . . . . . . . . . . . . . . 203

142 Virtual Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

143 Health checks display for a certain VR. . . . . . . . . . . . . . . . . . 205

144 Acessing the SSL certiﬁcate addition form via UI . . . . . . . . . . . 217

145 Adding SSL certiﬁcate via UI . . . . . . . . . . . . . . . . . . . . . . . 218

146 Accessing the SSH key pairs sections . . . . . . . . . . . . . . . . . . 219

147 Creating an SSH key pair . . . . . . . . . . . . . . . . . . . . . . . . . 220

148 SSH key pair automatic creation . . . . . . . . . . . . . . . . . . . . . 222

149 Creating the SSH key . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

150 Creating instance and implementing the SSH key . . . . . . . . . . 225

151 KVM virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

152 Hypervisors comparison . . . . . . . . . . . . . . . . . . . . . . . . . 227

153 Output example for the command virsh schedinfo . . . . . . . . . 234

154 Initial ESXi installation screen . . . . . . . . . . . . . . . . . . . . . . 237

155 Accept terms of use . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

156 Choosing the disk to install the system . . . . . . . . . . . . . . . . 238

157 Selecting the keyboard layout . . . . . . . . . . . . . . . . . . . . . . 238

158 Creating the root password . . . . . . . . . . . . . . . . . . . . . . . 238

159 Potential warning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

160 Conﬁrm installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

161 Host installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

162 Restarting the host . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

163 Initial login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

164 The default user is root, and its password is the one set during

installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

165 Section Conﬁgure Management Network . . . . . . . . . . . . . . . . 241

166 Section IPv4 Conﬁguration . . . . . . . . . . . . . . . . . . . . . . . . 242

167 Static IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

168 Applying changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

169 Section Troubleshooting Options . . . . . . . . . . . . . . . . . . . . . 243

170 Shell access on the host . . . . . . . . . . . . . . . . . . . . . . . . . 244

171 SSH access on the host . . . . . . . . . . . . . . . . . . . . . . . . . . 244

172 URL for accessing the web interface . . . . . . . . . . . . . . . . . . 245

173 Login screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

174 Available NICs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

175 Virtual switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

176 Conﬁguring the new virtual switch . . . . . . . . . . . . . . . . . . . 247

177 VM Kernel NICs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

178 Conﬁguring the new VM Kernel NIC . . . . . . . . . . . . . . . . . . 248

179 Datastores . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

180 Datastore types supported. . . . . . . . . . . . . . . . . . . . . . . . 249

181 Conﬁguring the new datastore . . . . . . . . . . . . . . . . . . . . . 249

182 Finish the datastore setup . . . . . . . . . . . . . . . . . . . . . . . . 250

183 Accessing the license . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

184 Verifying if the license is valid . . . . . . . . . . . . . . . . . . . . . . 251

185 Adding the license . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

186 Possible operation types . . . . . . . . . . . . . . . . . . . . . . . . . 253

187 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

188 Terms of use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

189 Available deploy types . . . . . . . . . . . . . . . . . . . . . . . . . . 254

190 Adding ESXi host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

191 Adding the root password . . . . . . . . . . . . . . . . . . . . . . . . 255

192 Infrastructure size . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

193 Available datastores . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

194 Conﬁguring the vCenter network . . . . . . . . . . . . . . . . . . . . 257

195 Finish conﬁguring the vCenter . . . . . . . . . . . . . . . . . . . . . 257

196 Start conﬁguring the PSC . . . . . . . . . . . . . . . . . . . . . . . . 258

197 Applying appliance basic settings . . . . . . . . . . . . . . . . . . . . 258

198 Creating and setting up a new SSO . . . . . . . . . . . . . . . . . . . 259

199 VMware improvement program . . . . . . . . . . . . . . . . . . . . 259

200 Finishing the setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

201 Finishing the installation . . . . . . . . . . . . . . . . . . . . . . . . . 260

202 vSphere home screen . . . . . . . . . . . . . . . . . . . . . . . . . . 261

203 Licenses screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

204 Adding the license . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

205 Changing the license name . . . . . . . . . . . . . . . . . . . . . . . 262

206 Finish adding the license . . . . . . . . . . . . . . . . . . . . . . . . . 263

207 Starting to add a new datacenter/folder . . . . . . . . . . . . . . . . 264

208 Naming the new datacenter . . . . . . . . . . . . . . . . . . . . . . . 264

209 Adding a new host to the datacenter . . . . . . . . . . . . . . . . . 265

210 Adding the IP to the host . . . . . . . . . . . . . . . . . . . . . . . . . 265

211 User and password of the host . . . . . . . . . . . . . . . . . . . . . 265

212 Host details overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

213 Host license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

214 Host lockdown mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

215 VM location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

216 Final details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

217 Adding a VMware datacenter . . . . . . . . . . . . . . . . . . . . . . 268

218 Conﬁguring a VMware datacenter in Apache CloudStack . . . . . . 269

219 Accessing the physical networks details in Apache CloudStack . . 269

220 Updating networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

221 Adding the VMware network mapping in the Apache CloudStack . 271

222 Conﬁguring the VMware cluster in Apache CloudStack . . . . . . . 272

223 Tag error message on the UI when trying to add the vCluster . . . 273

224 vCenter zone selection . . . . . . . . . . . . . . . . . . . . . . . . . . 274

225 Removing the cloud.zone attribute . . . . . . . . . . . . . . . . . . . 275

226 Selecting and erasing the vCluster from the database . . . . . . . 276

227 Accessing the Tools view to import the VMs . . . . . . . . . . . . . . 277

228 Checking VMware cluster VMs . . . . . . . . . . . . . . . . . . . . . 277

229 Importing a VM to the Apache CloudStack . . . . . . . . . . . . . . 278

230 Details for VM import . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

231 VM successfully imported . . . . . . . . . . . . . . . . . . . . . . . . 279

List of Tables

1 VM general conﬁgurations . . . . . . . . . . . . . . . . . . . . . . . . 32

2 VM conﬁgurations for internal use . . . . . . . . . . . . . . . . . . . 33

3 KVM speciﬁc VM conﬁgurations . . . . . . . . . . . . . . . . . . . . . 33

4 VMware speciﬁc VM settings . . . . . . . . . . . . . . . . . . . . . . 34

5 VM settings speciﬁc for XenServer internal use . . . . . . . . . . . 34

6 VM settings speciﬁc for Mac OSX - Guest . . . . . . . . . . . . . . . 34

7 Host tags usage example . . . . . . . . . . . . . . . . . . . . . . . . 60

8 Storage tags usage example . . . . . . . . . . . . . . . . . . . . . . . 61

9 Network tags usage example . . . . . . . . . . . . . . . . . . . . . . 63

10 Snapshot settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

11 Events and alerts settings . . . . . . . . . . . . . . . . . . . . . . . . 72

12 Storage protocols supported by each hypervisor . . . . . . . . . . 74

13 Possible values for each resource available in the heuristicrules . 91

14 listSecondaryStorageSelectors API parameters . . . . . . . . . . . 92

15 createSecondaryStorageSelectors API parameters . . . . . . . . . 93

16 updateSecondaryStorageSelectors API parameters . . . . . . . . . 93

17 removeSecondaryStorageSelectors API parameters . . . . . . . . . 94

18 Comparison between test results using block size of 64 KiB and

128 KiB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

19 Comparison between test results using BPS limits . . . . . . . . . . 104

20 System oﬀerings settings for system VMs . . . . . . . . . . . . . . . 112

21 Backup settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

22 Backup settings for Veeam . . . . . . . . . . . . . . . . . . . . . . . 114

23 Cloudstack behavior settings in case of storage running out of space121

24 Resource limitation settings . . . . . . . . . . . . . . . . . . . . . . . 122

25 createGuiTheme parameters . . . . . . . . . . . . . . . . . . . . . . 129

26 listGuiThemes parameters . . . . . . . . . . . . . . . . . . . . . . . 130

27 updateGuiTheme parameters . . . . . . . . . . . . . . . . . . . . . . 131

28 jsonconfiguration attributes . . . . . . . . . . . . . . . . . . . . . . . 133

29 jsonconfiguration plugin attributes . . . . . . . . . . . . . . . . . . 133

30 Usage server settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

31 Usage types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

32 Quota plugin settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

33 Default presets for every resource type - Part 1 . . . . . . . . . . . 163

34 Default presets for every resource type - Part 2 . . . . . . . . . . . 164

35 Presets for the RUNNING_VM type . . . . . . . . . . . . . . . . . . . 165

36 Presets for the ALLOCATED_VM type . . . . . . . . . . . . . . . . . 166

37 Presets for the VOLUME type . . . . . . . . . . . . . . . . . . . . . . 167

38 Presets for the TEMPLATE and ISO types . . . . . . . . . . . . . . . 167

39 Presets for the SNAPSHOT type . . . . . . . . . . . . . . . . . . . . . 168

40 Presets for the NETWORK_OFFERING type . . . . . . . . . . . . . . 169

41 Presets for the VM_SNAPSHOT type . . . . . . . . . . . . . . . . . . 169

42 Presets for the BACKUP type . . . . . . . . . . . . . . . . . . . . . . 169

43 Presets for the NETWORK_USAGE type . . . . . . . . . . . . . . . . 170

44 Presets for the BACKUP_OBJECT type . . . . . . . . . . . . . . . . . 170

45 Logs hierarchy levels on Log4j . . . . . . . . . . . . . . . . . . . . . 183

46 Health check settings from virtual routers - Part 1 . . . . . . . . . . 206

47 Health check settings from virtual routers - Part 2 . . . . . . . . . . 207

48 System VM URL settings . . . . . . . . . . . . . . . . . . . . . . . . . 209

49 Overprovisioning settings . . . . . . . . . . . . . . . . . . . . . . . . 212

50 Use case examples for cpu.corespersocket . . . . . . . . . . . . . . 232

Notes

• This document does not cover all the topics, subjects and use cases for

Apache CloudStack. Therefore, in case you do not ﬁnd what you are look-

ing for, create a review or inclusion solicitation through GitLab.

• This document is periodically updated. So, stay tuned for new updates.

1. Introduction

In the past few years, there was a huge growth in the usage of cloud comput-

ing (private, public and/or hybrid), intensifying opportunities in the digital ser-

vices market. To supply this demand, the infrastructure needed to create and

maintain this kind of environment grows constantly, directly impacting man-

agement and operation costs.

Cloud computing environments are complex and heterogeneous, possess-

ing dynamic variables and many components that must be intertwined and

managed. In order to eﬃciently manage this kind of environment it is neces-

sary to employ tools capable of orchestrating the infrastructure, helping during

implementation, maintaining and managing cloud services and systems.

Apache CloudStack and OpenStack are the main open-source alternatives

for creating private cloud environments, highlighted by their robustness, project

maturity and range of technologies and functionalities supported. Such charac-

teristics translate to hundreds of companies adopting these platforms around

the world, including: USP, UNICAMP, Dell, Deutsche Telekom, Apple, Planetel,

LWSA and many others.

SC Clouds comes in aid of this need, providing consultancy, support and

continued development to cloud infrastructure providers and companies that

have cloud technology as the main pillar for creating and providing services. In

partnership with clients, planning and execution are carried out for the cloud

computing environments that provide infrastructure as a service. Our profes-

sionals have full mastery with the Apache CloudStack and OpenStack platforms,

being responsible for multiple new features and bug ﬁxes in the projects. Cur-

rently, SC Clouds helps with management, planning, implantation, support, bug

ﬁxing and implementing new functionalities for companies in Germany, Brazil,

Italy, Mexico and Switzerland.

1.1. Private cloud platforms

Cloud orchestration platforms, such as Apache CloudStack and OpenStack,

are used to provide private, public and hybrid clouds to companies and insti-

tutions around the globe. They are capable of connecting diﬀerent computa-

tional systems (storage, network and hypervisors), creating the abstraction for

infrastructure-as-a-service for the system’s users and administrators.

Both OpenStack and CloudStack are free open-source softwares for cloud

environment orchestration. Both share the goal of managing computational

resources, working with the virtualization concept to provide resources on de-

mand, focusing on the provision of infrastructure-as-a-service resources.

Figure 1: Cloud computing

1.1.1. Basic functionalities

Both CloudStack and OpenStack oﬀer basic functionalities needed to provi-

sion cloud computing services. Some of the provided functionalities are:

• Computing services

– VM provisioning and management for their resources (networks, mem-

ory, CPU, disks, etc);

– Management of the images with which the VMs will be created;

– Support for multiple hypervisors, like KVM, XenServer and VMware.

• Network services

– Management and conﬁguration for shared and dedicated networks;

– Creation of VLAN, VxLANS (overlay networks) and other topologies;

– Deﬁnition of access and routing policies;

– Qos, Load balancers and ﬁrewalls management;

• Storage services

– Disk management;

– Block and object based storage;

– Backups;

– SDS support (Software Deﬁned Storage), e.g. Ceph/RBD;

• Resource monitoring services

– Event monitoring;

– Display available and used resources;

– Pricing and billing;

• Open REST APIs, standardized and documented, to manage all services,

their automation and integration with other tools;

• Authentication service with native LDAP integration;

• Support to SAML2 and OpenID Connect federated systems;

• Containers-as-a-service;

Within the basic functionalities for cloud orchestration systems, Apache Cloud-

Stack has limitations related to federated systems, since it only supports the

SAML2 protocol.

1.2. Apache CloudStack history

The CloudStack project started in 2008 as a startup project known as VMOps.

The company changed its name to Cloud.com and released a CloudStack stable

version in 2010, under the GNU GPLv3 license (General Public License version

3). In 2011, Cloud.com was acquired by Citrix and in 2012 the project was do-

nated to the Apache foundation. In the past few years, CloudStack has grown

and has become a reference orchestration tool, being used by many organiza-

tions, such as Globo, RNP, UNICAMP, USP, LWSA, CGEE, Apple, Dell, Nokia and

Disney.

2. Apache CloudStack basic concepts

This section introduces the basic concepts of Apache CloudStack, its logical

organization and the components that constitute the orchestrator.

Apache CloudStack’s architecture is designed to support both vertical scal-

ing (increasing a machine’s resources) and horizontal scaling (adding new ma-

chines, either Management Servers or CloudStack Agents).

Figure 2: Example of a fault tolerant Apache CloudStack architecture

A minimal Apache CloudStack implantation project requires a Control Plane,

a Compute Plane and a Data Plane; besides that, a network infrastructure is

also required.

2.1. Control Plane

The Control Plane refers to a layer composed of services responsible for

managing cloud available resources, such as physical servers, storages and net-

work switches. In addition, within the Control Plane is performed the conﬁgu-

ration and management of virtual networks, routing and load balancing. The

basic components required to implement the Control Plane include:

• Management Server: responsible for managing and orchestrating resources

available in the infrastructure, as well as providing REST APIs and a web

interface for management. It can be duplicated/replicated to provide a

high availability structure to the API and UI, however, it is necessary to

use a web proxy for this setup, and sticky sessions for the UI.

• Load balancer: CloudStack allows the use of a load balancer that provides

a virtual IP to perform load distribution between the Management Servers

as well as allowing the use of sticky sessions. The environment’s adminis-

trator is responsible for creating load balancer rules for the Management

Servers based on the environment’s needs.

• Database: CloudStack uses various settings that deﬁne how the cloud

will be managed. These settings are stored on a database (MariaDB or

MySQL), that can be handled by admin users

• Galera Cluster: In the context of database clustering, Galera Cluster is a

synchronous virtual replication multi-primary cluster. By oﬀering the syn-

chronous replication functionality and allowing read and write in any clus-

ter node, Galera comes as a way to ensure fault tolerance and consistency

between all database nodes.

• Usage Server (optional): Besides the essential components for implanta-

tion, the Usage Server is an optional service responsible for processing

resource consumption events in the infrastructure, making it possible for

external agents to charge for these events. This topic will be detailed in

the section 7.1.

2.2. Compute Plane

The Compute Plane is responsible for sustaining the infrastructure oﬀered

as a service, acting during allocation of computational resources and work load

We do not recommend performing changes in the database without the supervision of an

SC Clouds member or previous knowledge, since this kind of change may cause inconsistencies

in CloudStack’s processes and workﬂows.

distribution between available hosts in the environment. It handles VM cre-

ation, migration and monitoring. The physical servers assigned for this service

must support virtualization, as they will host the allocated VMs.

• CloudStack Agent: only necessary when using the KVM hypervisor, the

CloudStack Agent performs the connection between the Management Server

and KVM.

2.3. Data Plane

The Data Plane consists of elements responsible for storage management

(appliances or SDSs, when applicable, such as Ceph/RBD). The main concepts

regarding storages will be addressed in the section 3.11.

2.4. Logical organization of Apache CloudStack

The logical organization used by CloudStack can be split in:

• Region: broadest cloud implementation unit. Groups one or more zones.

• Zone: represents a single datacenter, composed of one or more pods and

secondary storages.

• Pod: represents a single rack on the datacenter.

• Cluster: consists of one or more homogeneous hosts that share the same

primary storage. Ideally, the processors of all hosts should belong to the

same family, aligned with the capabilities of the oldest generation.

• Host: a server where the user VMs are executed. When using KVM as the

hypervisor, it is also where the CloudStack Agent is installed.

• Primary Storage: operates at either host, cluster or zone level. Responsible

for storing the disks (also called volumes) utilized by VMs.

• Secondary Storage: operates at zone level, storing VM templates/ISOs/back-

ups/snapshots.

Figure 3: Logical organization of Apache CloudStack

Figure 3 illustrates the ACS hierarchy, in which the outermost component

is a region, that groups one or more zones. The zones represent a datacenter

composed of pods, which are composed by clusters, and clusters consist of

hosts, which function as active processing nodes.

2.5. Apache CloudStack components

The CloudStack structure is composed of the following components:

1. Management Servers;

2. Hosts;

3. Network : network that connects the ACS components. It is recommended

to make use of network segregation, physically or virtually (via broadcast

domain), to improve security;

4. Primary storage;

5. Secondary storage;

6. Virtual router: System VM which emulates a router, implementing the ser-

vices of guest networks. Making it possible, for example, to access the

internet;

7. Console proxy virtual machine: System VM responsible for providing console

access for any VM via web interface;

8. Secondary storage virtual machine: System VM responsible for managing

the zone’s secondary storages. Provides functions including download,

registry and upload for volumes, templates and ISOs.

3. Apache CloudStack functionalities

This section provides a brief overview of the main Apache CloudStack func-

tionalities related to environment operations (RootAdmin users), along with in-

structions on how to use them. For information regarding resource consump-

tion by end users, refer to the Apache CloudStack Cloud Usage document.

3.1. Home dashboard

This is the default Apache CloudStack dashboard, where the infrastructure

details are shown.

Figure 4: Home dashboard

3.2. VM settings

VMs have both general settings and hypervisor speciﬁc settings. It is recom-

mended for some settings to be kept, such as the ones for internal usage, in

order to prevent issues.

This section will only present settings available at operation level. For VM

settings available at usage level, check the Apache CloudStack usage documen-

tation.

To modify a VM’s settings, it is ﬁrst necessary to stop it. Then, the VM settings

can be modiﬁed accessing the Settings tab.

Figure 5: VM settings tab

3.2.1. General settings

Setting Description.

rootdisksize Deﬁnes the root disk size for the VM. If a service oﬀer-

ing has its root disk size conﬁgured, this parameter is

overwritten by the service oﬀering.

rootDiskController Deﬁnes the disk controller used by the VM’s root disk.

dataDiskController Deﬁnes the disk controller used by the VM’s data disks.

nameonhypervisor Deﬁnes the VM’s name within the hypervisor.

Table 1: VM general conﬁgurations

3.2.2. Miscellaneous settings for internal usage

Setting Description

cpuOvercommitRatio Deﬁnes the ratio for CPU overcom-

mit, which allows for more CPU

cores to be allocated than the num-

ber physically available on the host

machine.

memoryOvercommitRatio Deﬁnes the ratio for memory over-

commit, which allows for more

memory to be allocated than the

amount physically available on the

host machine.

Message.ReservedCapacityFreed.Flag Internal ﬂag used to indicate if the

reserved resources for a VM were re-

leased.

Table 2: VM conﬁgurations for internal use

3.2.3. VM settings speciﬁc for KVM

Setting Description

kvm.vnc.port Deﬁnes the VNC port used by the VM in the KVM environ-

ment.

kvm.vnc.address Deﬁnes the IP used to access the VM via NIC in a KVM

environment.

video.hardware Deﬁnes the virtual video adapter used by the VM.

video.ram Deﬁnes the amount of video RAM available for the VM.

io.policy Deﬁnes the policy used to deal with data I/O.

iothreads Allows the usage of speciﬁc threads for I/O.

Table 3: KVM speciﬁc VM conﬁgurations

When setting video.hardw are with the value virtio, Windows VMs will start

to utilize the VirtIO driver, permiting the usage of new console resolutions in

the VM. More information related to KVM can be found in Section 9.

3.2.4. VM settings speciﬁc for VMware

Setting Description

svga.vramSize Deﬁnes the amount of video memory available for

the VM.

nestedVirtualizationFlag Enables or disables nested virtualization within

the VM.

ramReservation Deﬁnes the minimum RAM amount allocated to

the VM.

Table 4: VMware speciﬁc VM settings

More information related to KVM can be found in the section 10.

3.2.5. Settings speciﬁc for XenServer internal use

Setting Description

hypervisortoolsversion Deﬁnes the hypervisor version used by the VM.

platform Deﬁnes the platform type in which the VM is being

executed, such as Linux or Windows.

timeoﬀset Deﬁnes the timezone for the VM.

Table 5: VM settings speciﬁc for XenServer internal use

3.2.6. Settings speciﬁc for Mac OSX - Guest

Setting Description

smc.present Enables or disables SMC support in the VM.

ﬁrmware Deﬁnes the ﬁrmware used by the VM.

Table 6: VM settings speciﬁc for Mac OSX - Guest

3.2.7. Global settings for VMs

Beyond the settings that individually aﬀect VMs, Apache CloudStack pro-

vides some global settings related to the VMs, so that the environment may be

customized as a whole.

3.2.7.1. User access restriction

It is possible to restrict user type accounts from modifying certain settings in

the VMs. There are two restriction options, that are deﬁned with the following

global settings:

• user.vm.denied.details: prevents adding, editing and visualizing settings;

• user.vm.readonly.details: prevents adding or editing settings, but they are

still visible for the users in the Settings tab.

Figure 6: Global settings

3.2.7.2. Extra settings metadata

It is possible to add extra properties to the deployment of a VM, as long as the

enable.additional.vm.configuration setting is enabled (it is necessary to restart

the Management Server for the changes to this setting to be applied).

The cloud administrator may deﬁne through the following global settings

which commands the users may add to their VMs, based on their respective

hypervisors.

• allow.additional.vm.configuration.list.kvm

Additional KVM settings must be provided in XML format, encoded as URL.

For example:

As URL:

%3CmemoryBacking%3E%0D%0A++%3Chugepages%2F%3E%0D%0A%3C%2FmemoryBacking%3E

• allow.additional.vm.configuration.list.vmware

Additional VMware settings are key=value pairs, encoded as URL. For ex-

ample:

hypervisor.cpuid.v0=FALSE

As URL:

hypervisor.cpuid.v0%3DFALSE

• allow.additional.vm.configuration.list.xenserver

Additional XenServer settings are vm-param-set command parameters,

in the form of key=value pairs, encoded as URL. For example:

HVM-boot-policy=

PV-bootloader=pygrub

PV-args=hvc0w

As URL:

HVM-boot-policy%3D%0APV-bootloader%3Dpygrub%0APV-args%3Dhvc0

3.2.7.3. VM statistics retention

VM statistics retention is governed through two global settings:

• vm.stats.interval: interval, in millisecond, between each data collection.

The default value for this setting is 60000 milliseconds, equivalent to 1

minute.

• vm.stats.max.retention.time: retention time, in minutes, for the data on

the database. The default value for this setting is 720 minutes, equivalent

to 12 hours.

Based on the value deﬁned on these settings, it is possible to calculate the

maximum amount of statistical records within the database using the following

formula:

storageSpace =

(retention · 60000)

interval

· M Ss · V M s · recordSize

• storageSpace: space, in bytes, necessary to store the statistics from the

VMs;

• retention: value for the vm.stats.max.retention.time setting;

• interval: value for the vm.stats.interval setting;

• MSs: amount of Management Servers running in the environment;

• VMs: amount of VMs running in the environment;

• recordSize: estimated size, in bytes, for each record in the database.

Therefore, in an environment with 2 Management Servers and 1000 VMs,

in which the retention time is 10 minutes, the collection interval is 30 seconds

and the size for each record is 400 bytes, the maximum amount of records in

the database will be 16 MB:

(10 · 60000)

30000

· 2 · 1000 · 400 = 16000000B = 16MB

Furthermore, it is possible to track the physical growth of the table with the

following command in the database:

SELECT TABLE_NAME AS 'Table',

DATA_LENGTH AS 'Data size (B)',

INDEX_LENGTH AS 'Index size (B)',

ROUND((DATA_LENGTH + INDEX_LENGTH) / 1024) AS 'Total size (KiB)'

FROM information_schema.TABLES

WHERE TABLE_SCHEMA = 'cloud'

AND TABLE_NAME = 'vm_stats';

Figure 7: Example for the query return with the total size for the vm_stats table

Still, it should be highlighted that the MySQL database shows value changes

for each 16KiB of data. Therefore, considering that each record has a 400 bytes

size, changes in those values will be observed every 40 records, approximately.

3.3. Volume management

This section addresses operational processes related to volume manage-

ment within ACS

3.3.1. Volume migration with stopped VM (cold migration)

As default, this operation is only allowed for root admin users. It is important

to note that the VM’s host must have access to the volume’s destination storage.

Figure 8: Migrating volumes

Other processes related to volume management can be found in the Apache CloudStack

usage documentation.

Figure 9: Conﬁrming operation

3.3.2. Volume migration with running VMs (hot migration)

As default, this operation is allowed only for root admin users. If the utilized

hypervisor is KVM, it is also necessary to migrate the VM to which the volume

belongs in order to perform hot volume migration. More details about the lim-

itations of hot migration are found in the following item.

Figure 10: Migrating the VM

Figure 11: Conﬁguring the migration

3.3.3. Volume migration via CLI

There are two possible cases for volume migration: migrating volumes of

stopped VMs (cold migration) and migrating volumes of running VMs (hot mi-

gration).

In cold volume migration the volume is copied to the secondary storage and

then to the primary storage. While in hot migration, the volume is directly mi-

grated to the target primary storage, which makes it faster and cheaper for the

environment.

To perform a cold migration, just use the following command:

migrate volume volumeid=<volume_id>

storageid=<destination_storage_id>

On the other hand, for hot volume migration, some details are important to

note:

• If the hypervisor in use is VMware or XenServer, the command above can

be executed directly. However, when using KVM, it is necessary to perform

a VM migration between hosts at the same time. KVM provides a feature

called live block copy, which allows the migration of volumes from a run-

ning VM to another storage without requiring the VM itself to be migrated

to a diﬀerent host. After the migration, the XML and the VM process are

updated to reference the new storage. This functionality, however, is not

supported by ACS currently. Consequently, running VMs on KVM cannot

migrate volumes independently through ACS. Therefore, volume migra-

tion between storages while the VM is active must occur in conjunction

with a host migration to ensure that all necessary updates are applied.

There is a known issue with XFS, in which it may have its partitions cor-

rupted during the hosts migration, making it necessary to execute a pro-

cess to recover these volumes;

• If the VM contains large data disks, the ACS timeout settings must be re-

viewed, as very large volumes may trigger a timeout and cause the migra-

tion process to fail;

• KVM has some timeout settings that deal with VM migrations. If the VM

possesses a huge amount of RAM, the migration process may fail.

The main global settings that aﬀect migrations are:

• enable.storage.migration: Enables volume migrations;

• secstor age.max .migrat e.sessions: Maximum number of data copy tasks

that an SSVM may perform concurrently;

• secstorage.sess ion.max: Maximum number of requests that an SSVM

may have queued. When the value is exceed, a new SSVM is created.

Moreover, when the amount of requests is far from reaching this value

and there are inactive SSVMs, they are destroyed;

• storage.pool.max.waitseconds: Wait timeout for storage pool synchro-

nization operations;

• migratewait: VM migration timeout. After this time limit the migration is

cancelled;

• kvm.s torage.offl ine.migration.wait: Timeout for cold volume migration

(only applies to KVM), and

• kvm.storage.online.migration.wait: Timeout for hot volume migration (only

applies to KVM).

The KVM agent settings may be changed in the following ﬁle: /etc/cloud

stack-features/agent/agent.properties, with the main settings that aﬀect the

migration process being:

• vm.migrate. pauseafter: Wait time for the completion of hot migrations.

After this limit, the VM is paused to complete the migration;

• vm.migrate.downtime: Time that the VM will stay paused to complete the

migration, and

• vm.migrate.speed: Migration speed (in MB/s). As default, ACS tries to es-

timate the network transfer speed.

To perform a volume migration, use the command:

migrate virtualmachinewithvolume virtualmachineid=<vm_id> hostid=<destination_host_id> \

migrateto[0].volume=<volume_id> migrateto[0].pool=<target_storage_id>

3.3.4. Importing a volume to another zone or account

There are some situations where it is necessary to import volumes to an-

other zone and/or account. Via UI, this can be achieved following these steps:

1. Acquire the volume download link from the Apache CloudStack usage doc-

ument

;

2. Copy and paste the URL on the volume upload URL ﬁeld

;

3. Conﬁgure the volume to belong to the desired zone and/or account.

It is also possible to perform this procedure via API. For this, follow these

steps:

1. Use the following command to generate the URL:

extract volume zoneid=<zone_id> id=<volume_id> mode=HTTP_DOWNLOAD

2. To perform the importation, use the command

upload volume zoneid=<destination_zone_id> name=<volume_name> format=<volume_format> \

url=<previously_generated_URL> domainid=<destination_domain_id> account=<destination_account_id>

3.4. Virtual router

This section will exclusively address virtual router operations. For more in-

formation related to guest networks, access the Apache CloudStack usage doc-

umentation.

When a VM uses an isolated network and when a shared network is created,

Apache CloudStack automatically creates a virtual router for them.

More information may be found in the section Volume download in the Apache CloudStack

usage document.

More information may be found in the section Online volume upload via URL in the Apache

CloudStack usage document.

The parameters domainid and account are optional, however the ac c o u n t parameter de-

pends on the domainid.

Figure 12: Getting to the virtual routers tab

Figure 13: Verifying if the VR was correctly created

3.4.1. Stopping the virtual router

Figure 14: Browsing to the virtual routers

Figure 15: Stopping the virtual router

Figure 16: Conﬁrming operation

Bear in mind that when the Force option is enabled, ACS will mark the router

VM as stopped, even if the stop command fails to execute on the host. This

option should only be used when it is certain that the router is already stopped

but ACS still reports it as running.

Figure 17: Conﬁrming that the virtual router stopped

3.4.2. Restarting the virtual router

Figure 18: Restarting the virtual router

3.4.3. Destroying a virtual router

It is possible to destroy a VR, but it will be recreated when the network is

restarted. When destroying a VR all services provided by it will be interrupted,

therefore running VMs that utilize it may show errors and faults.

Figure 19: Destroying the virtual router

Figure 20: Conﬁrming operation

Figure 21: Conﬁrming virtual router removal

3.4.4. Default oﬀering deﬁnition for virtual router

When creating a new network, there is a sequence of actions established by

CloudStack to deﬁne which oﬀering (section 4) the VR will utilize, determined

through the following steps:

1. If a service oﬀering is speciﬁed in the network oﬀering used in the network

creation, it will be used in the VR creation. Otherwise, the next step will

be veriﬁed:

2. If the router.service.offering setting, at account level, deﬁnes the oﬀering,

it will be used in the VR creation. Otherwise, the next step will be veriﬁed:

3. If the router.service.off ering global setting deﬁnes the oﬀering, it will be

used in the VR creation. Otherwise, the next step will be veriﬁed:

4. The default system oﬀering will be used (System Oﬀering For Software Router

or System Oﬀering For Software Router - Local Storage).

Figure 22: Steps to deﬁne the default oﬀering for the virtual router

It is important to verify that if an already existing network is updated to uti-

lize a new network oﬀering, or the network is restarted with clean up, the new

VRs will also follow the same steps to deﬁne which oﬀering will be used.

3.5. Public IPs

This section will only approach topics relevant to public IPs at operation

level. For more information, access the Apache CloudStack Cloud usage docu-

mentation.

3.5.1. Public IP reserved for system VMs

CloudStack operates with reserved IPs for system VMs. They are not strict,

so if there are only public IPs reserved for system VMs free, ACS will use them

for user VMs. To change this behaviour and make sure that public IPs reserved

for system VMs are only available for them it is necessary to change the global

setting system.vm.public.ip.reservation.mode.strictness to true.

3.6. IPv6 support

ACS provides support for IPv6 in shared and isolated networks, as well as

VPC tiers. Currently, it is not possible to create any of the mentioned networks

using only IPv6, all of them need to be created with an IPv4 + IPv6 dual-stack.

The following subsections detail the requirements and limitations related to

shared networks and isolated networks/VPC tiers support.

3.6.1. Isolated networks and VPC tiers

Currently, ACS only supports IPv6 through the SLAAC conﬁguration, not sup-

porting DHCPv6 stateless or stateful, making it necessary to manually add routes

on the edge router for each network created in the environment. The addition

of routes on the edge router should only be performed after the network is

created in ACS. Furthermore, public networks are allocated using a whole /64

block for IPv6, making it necessary for the preﬁx to be lower than or equal to /

64. The following steps are mandatory to enable IPv6 in isolated networks/VPC

tiers:

1. Enable the global setting ipv6.offering.enabled.

2. Add the IPv6 interval for the public network.

Figure 23: Beginning to add the IPv6 interval for the public network

Figure 24: Adding an IPv6 interval for the public network

Figure 25: A /52 preﬁx allows 4096 IPv6 subnetworks in /64 block

3. Add the IPv6 preﬁx, which should be equal to or lower than /64.

Figure 26: Beginning to add the IPv6 interval for the guest network

Figure 27: Adding an IPv6 interval for the guest network

Furthermore, it is necessary to create oﬀerings for VPCs and their tiers, spec-

ifying both protocols; the same applies to isolated networks. Below is shown a

step-by-step to create tiers with IPv6 support.

1. Create VPC oﬀering with IPv6 support.

Figure 28: Creating VPC oﬀering with IPv6 support

2. Create network oﬀering for tiers with IPv6 support.

Figure 29: Creating oﬀering for VPC tiers with IPv6 support

3. The VM allocated to the network will use the SLAAC protocol, assigning an

unused IPv6 to it.

Figure 30: VM’s IPv6 autoconﬁguration validation (via SLAAC)

4. In the edge router, it is necessary to add the informed routes, via UI or via

API.

Figure 31: Exhibition via UI for the routes that must be added to the edge router

Figure 32: Exhibition via API for the routes that must be added to the edge router

The process of creating isolated networks is similar, diﬀering only during the

creation of the network oﬀering.

1. Create an isolated network oﬀering with IPv6 support.

Figure 33: Creating an isolated network oﬀering with IPv6 support

2. The VM allocated to the network will use the SLAAC protocol, assigning an

unused IPv6 to it.

Figure 34: VM’s IPv6 autoconﬁguration validation (via SLAAC)

3. In the edge router, it is necessary to add the informed routes, via UI or via

API.

Figure 35: Exhibition via UI for the routes that must be added to the edge router

Figure 36: Exhibition via API for the routes that must be added to the edge router

3.6.2. Shared networks

Unlike isolated networks and VPC tiers, it is not necessary to perform any

conﬁguration within ACS to use shared networks with IPv6, being enough to

create a network with the shared type while specifying the gateway, CIDR and

IP range used by the network. These informations must be speciﬁed for both IP

protocol versions, since, currently, it is not possible to create a network using

only IPv6.

Shared networks management is performed directly through the network

router, being done separately from ACS. VMs will also use the SLAAC protocol

for IPv6 autoconﬁguration, so, it is necessary for the gateway to have the Router

Advertisements service enabled, informing the IPv6 network preﬁx. With these

informations, the VM itself will obtain a valid IP within the network. Below is

shown an example for creating a dual-stack shared network.

Figure 37: Shared network creation from IPv4 info

Figure 38: Shared network creation from IPv6 info

3.7. Host, storage and network tags

Host tags and storage tags, despite their names, do not relate to resource

tags and are functionalities aimed to direct resource allocation, such as in which

host the VM deploy will be perfomed or in which storage the volume will be

created. Tags serve multiple purposes (such as directing volumes to a better

quality storage, based on the oﬀering). The behaviour of tags varies depending

on the resource type.

Figure 39: Field for updating storage tags and host tags of a compute oﬀering

3.7.1. Host tags

Host tags are responsible for directing VMs to compatible hosts. They are

validated with the host tags informed in the compute oﬀerings (section 4.1) or

in the system oﬀerings (section 4.4).

To explain the host tags’ behaviour some examples with two hosts (Host1

and Host2) will be presented:

1. Tags organization:

• Host1: h1

• Host2: h2

• Oﬀering: h1

When creating a VM with the oﬀering, the deploy will be perfomed in

Host1, since it has the tag compatible with the oﬀering.

2. Tags organization:

• Host1: h1

• Host2: h2,h3

• Oﬀering: h3

The hosts accept a tag list, using comma (,) as a separator. Therefore, in

this example, Host2 has the tags h2 and h3. When creating a VM with

the oﬀering, the deploy will be performed in Host2, since it has the tag

compatible with the oﬀering.

3. Tags organization:

• Host1: h1

• Host2: h2,h3

• Oﬀering: h2,h3

Contrary to hosts, oﬀerings do not accept a list of host tags, therefore in

this example, h2,h3 is only one tag in the oﬀering. None of the hosts have

compatible tags, therefore, it will not be possible to deploy a VM with the

oﬀering. However, when a host is manually selected CloudStack ignores

this behaviour and allows the deployment.

4. Tags organization:

• Host1: h1

• Host2: h2,h3

• Oﬀering: (no tags)

When the oﬀering does not have any tags, the VM deployment may be

performed in any host.

5. Tags organization:

• Host1: (no tags)

• Host2: h2

• Oﬀering: h3

None of the hosts have compatible tags and the deployment for VMs with

this oﬀering is not possible. However, CloudStack ignores this behaviour

when a host is manually selected and allows the deployment.

Example Host tags Oﬀering tag Behaviour

1 Host1: h1

Host2: h2

h1 Deploy in Host1

2 Host1: h1

Host2: h2,h3

h3 Deploy in Host2

3 Host1: h1

Host2: h2,h3

h2,h3 The deploy will not be per-

fomed, unless one of the hosts

is selected

4 Host1: h1

Host2: h2,h3

(no tags) Deploy in any host

5 Host1: (no tags)

Host2: h2

h3 The deploy will not be per-

fomed, unless one of the hosts

is selected

Table 7: Host tags usage example

3.7.2. Storage tags

Storage tags are responsible for directing volumes to compatible primary

storages. They are validated with the storage tags informed in the disk oﬀer-

ings

, compute oﬀerings (section 4.1) or system oﬀerings (section 4.4).

The following examples demonstrate the behavior of storage tags:

1. Tags organization:

• Storage: A

• Oﬀering: A,B

Information about disk oﬀerings can be checked in the Apache CloudStack usage docu-

mentation.

Both storage and oﬀering accept a comma-separated (,) list of tags. There-

fore, in this example the oﬀering has the tags A and B. In this example it

will not be possible to allocate the volume, because all oﬀering tags need

to be present in the storage. Despite the storage having the tag A, it does

not have the tag B.

2. Tags organization:

• Storage: A,B,C,D,X

• Oﬀering: A,B,C

In this example, it will be possible to allocate the volume, because all of

the oﬀering tags are present in the storage.

3. Tags organization:

• Storage: A,B,C

• Oﬀering: (no tags)

In this example, it will be possible to allocate the volume, because the

oﬀering does not have any tag requirements.

4. Tags organization:

• Storage: (no tags)

• Oﬀering: D,E

In this example, it will not be possible to allocate the volume, because the

storage does not have tags, therefore it does not fulﬁll the tag require-

ments of the oﬀering.

Example Storage tags Oﬀering tags Behaviour

1 A A,B The volume will not be allocated

2 A,B,C,D,X A,B,C The volume will be allocated

3 A,B,C (no tags) The volume will be allocated

4 (no tags) D,E The volume will not be allocated

Table 8: Storage tags usage example

In summary, if the oﬀering has tags, the storage must have all the tags for

the volume allocation process to occur. If the oﬀering does not have any tags,

the volume can be allocated, regardless of the storage having any tags.

3.7.3. Network tags

Network tags are responsible for directing the virtual networks to compat-

ible physical networks. They are validated with network tags informed in the

network oﬀerings

The following examples demonstrate the behavior of the network tags:

1. Tags organization:

• Physical network: A

• Oﬀering: A,B

Neither the physical network nor the oﬀering accept lists for tags, there-

fore, there can only be one tag for each resource. In this case, the value

A,B set for the oﬀering corresponds to a single tag. As the tags from the

oﬀering and the physical network are diﬀerent, it will not be possible to

direct the virtual network for this physical network.

2. Tags organization:

• Physical network: B

• Oﬀering: B

In this example, both the physical network and the oﬀering have the same

tag, therefore it will be possible to direct the virtual network to the physical

network.

3. Tags organization:

• Physical network: C

Information about network oﬀerings can be found in the Apache CloudStack usage docu-

mentation.

• Oﬀering: (no tags)

In this example, it will be possible to direct the virtual network to the phys-

ical network, because the oﬀering does not have any tag requirements.

4. Tags organization:

• Physical network: (no tags)

• Oﬀering: D

In this example, it will not be possible to direct the virtual network to the

physical network, because the physical network does not have any tags

and, consequently, does not fulﬁll the oﬀering requirements.

Example Network tag Oﬀering tag Behaviour

1 A A,B Will not be directed

2 B B Will be directed

3 C (no tags) Will be directed

4 (no tags) D Will not be directed

Table 9: Network tags usage example

In summary, directing the virtual network to the physical network will not be

possible if the oﬀering has a diﬀerent tag than the physical network. If the of-

fering does not have any tags, directing will be possible, regardless of whether

the physical network has tags.

3.7.4. Flexible tags

When deﬁning tags for a resource (i.e. a host), the oﬀerings with those tags

will be directed to this resource. However, oﬀerings without tags can also be

directed to it. In a way that, even after adding tags to a resource with the pur-

pose of making it exclusive for some types of oﬀerings, this exclusivity can be

ignored.

Furthermore, the default tag system only allows the user to inform a sim-

ple list of tags, without the possibility to create more complex rules, such as

verifying if the oﬀering has certain pairs of tags.

To circumvent these situations, ACS allows hosts and storages to use tags

deﬁned as JavaScript rules, known as ﬂexible tags. With ﬂexible tags, the role of

tags is inverted, instead of requiring the host or storage to have the same tag as

the oﬀering to be selected, the oﬀering must include the tag of the resource it

will be assigned to. This inversion makes it so that oﬀerings without tags cannot

be directed to any resource. This way, operators may have ﬁner control over

VMs and volumes directed within the environment.

The conﬁguration of rules in the hosts is done through the updateHost API,

informing the rule in the hostta gs ﬁeld. Still, the conﬁguration of rules in the

storages is done through the updateStoragePool API, informing the rule in the

tags ﬁeld. For the informed tag to be eﬀectively interpreted as JavaScript, it is

necessary to declare the istagaru le parameter as true every time that one of

the listed APIs is used.

It is important to highlight that tags in compute oﬀerings or disk oﬀerings

are injected as a list. Therefore, when validating an oﬀering with the tags A,B,

during processing, there will be a tags variable, in which tags[0] will be tag A

and tags[1] will be tag B.

Usage example for the updateHost API for updating a host with a tag using

JS:

update host id=3d7d8532-d0cf-476c-a36e-1b936d780abb istagarule=true hosttags="tags[0] == 'Premium'"

Via UI:

• Select the host and click on edit:

Figure 40: Accessing the host editing

• Create the ﬂexible tag:

Figure 41: Creating the ﬂexible tag in the host

Example for updateStoragePool API usage to update a primary storage with

a tag using JS:

update storagepool id=dc916dc7-cc1c-3f3d-905b-b198daf15a79 istagarule=true tags="tags.length == 0 ||

tags[0] === 'test'"

Via UI:

• Select the primary storage and click on edit:

Figure 42: Accessing the primary storage editing

• Create the ﬂexible tag:

Figure 43: Creating the ﬂexible tag in the primary storage

It is important to mention that ﬂexible tags are not compatible with Quota

activation rules.

3.8. Managing instance deployment based on their operating system

Apache CloudStack provides two functionalities to direct instance allocation

based on their operating system: preference OS and ﬂexible guest OS.

3.8.1. Hosts Preference OS

Preference OS for hosts is a conﬁguration that lets the operator deﬁne a

prioritary operating system for a certain host. This way, hosts that have this

property conﬁgured as the same operating system as the VM, will have priority

during the allocation process. The opposite is also valid, hosts with the Prefer-

ence OS conﬁguration set with a diﬀerent operating system than the VM, will

have lower allocation priority, when compared to the others hosts in the envi-

ronment.

However, this functionality only deﬁnes the priority order during the host al-

location, still allowing VMs with disctinct operating systems from the host con-

ﬁguration to be allocated in them. Therefore, it is important to emphasize that

this conﬁguration does not make it possible to isolate a host for a determined

operating system.

To access this conﬁguration through the UI:

Figure 44: Access the host being conﬁgured

Figure 45: Access the host’s editing form

Figure 46: Host’s Preference OS conﬁgurations

3.8.2. Flexible guest OS

The Flexible guest OS functionality allows the creation of rules, written in

JavaScript, that ﬁlter instances based on their operating systems during the al-

location process of a VM in a host. Thus, using the functionality it is possible to

dedicate a host for one or more operating systems.

To access the conﬁguration through the UI, access the host’s editing form:

Figure 47: Guest OS rule conﬁguration for the host

To deﬁne the rules, the variable v mGuestOs is provided and contains the

operating system of the instance being allocated, as a string. Thus, to dedicate

a host for Windows VMs, the following rule can be added:

vmGuestOs.toLowerCase().indexOf('windows') >= 0

To dedicate the host for more than one operating system the logical opera-

tor OR, || in JavaScript, can be used, as such:

// dedicar host para VMs Ubuntu e Debian

vmGuestOs.toLowerCase().indexOf('ubuntu') >= 0 ||

vmGuestOs.toLowerCase().indexOf('debian') >= 0

Also, it is possible to add rules that forbid allocating certain operating sys-

tems in the host, for example:

// host accepts only VMs that don't use Ubuntu

vmGuestOs.toLowerCase().indexOf('ubuntu') == -1

3.9. Snapshots

Snapshots are recovery points for a whole VM or just a single disk. They

can be used as a way to recover from failures or even to create templates and

new volumes. In some hypervisors, such as VMware and KVM, they behave like

backups.

In this section we will only approach topics at operation level. For informa-

tion related to the Snapshot usage, check the Apache CloudStack usage docu-

mentation.

3.9.1. Snapshot settings

The main snapshot settings are:

Setting Description Default value

max.account.snapshots Maximum number of

snapshots per account

max.domain.snapshots Maximum number of

snapshots per domain

Inﬁnite

max.project.snapshots Maximum number of

snapshots per project

vmsnapshot.max Maximum number of

snapshots for a VM

Table 10: Snapshot settings

3.10. Event and alert audit

Events are generated whenever a user performs an action within the cloud

or when the state of a resource, virtual or physical, is changed. Policy based

events are called alerts by Apache CloudStack.

Using events, it is possible to monitor tasks, jobs and processes in Cloud-

Stack, including their possible errors.

The main event and alert conﬁgurations are:

Name Description Default

Value

event.purge.delay Days until a created event is removed.

The value 0 indicates that events are

never removed.

event.purge.interval Interval, in seconds, until the creation of

a job to remove old events

86400

∗

alert.purge.delay Days until a created alert is removed. The

value 0 indicates that alerts are never re-

moved.

alert.purge.interval Interval, in seconds, until the creation of

a job to remove old alerts

86400

alert.smtp.host Host in which the SMTP server is running

alert.smtp.password SMTP server password

alert.smtp.port SMTP server port

alert.smtp.username SMTP server user

alert.email.sender E-mail shown as issuer

alert.email.addresses E-mail receiver, which can be a comma

separated list

∗Value, in seconds, for a full day.

Table 11: Events and alerts settings

3.10.1. Alert e-mails

By default, alerts, as they are considered critical events, can be conﬁgured

to send e-mails to the cloud administrators. Possible scenarios where an alert

e-mail will be sent to the cloud administrators are:

• The Management Server has low CPU, memory or storage;

• The Management Server could not communicate with a host for at least

3 minutes;

• A host has low CPU, memory or storage.

3.10.2. Searching and ﬁltering alerts

To view and search for alerts in the web interface you need to:

Figure 48: Accessing alerts

3.10.3. Removing or archiving alerts

When selecting the checkbox for an alert, it is possible to remove or archive

it:

Figure 49: Archiving or deletin g an alert

No matter which option is chosen, a pop-up will appear asking for conﬁrma-

tion.

3.10.4. Event and alert removal automation

ACS provides ways to automate the removal of events and alerts through

the global settings event.purge.delay and alert.purge. delay, respectively. The

value for these settings stands for the number of days until an event/alert is

removed, since its creation date.

So, if the conﬁguration is set with the value 5, 5 days after the events/alerts

are created they will be automatically removed by ACS. The default value for

event.purge.delay is 15 and for alert.purge.delay is 0. If they are set with the

value 0, events/alerts are never removed.

It is advised to increase event retention to make it possible to audit the en-

vironment in larger time periods, such as 90 or 180 days.

3.11. Storage management within Apache CloudStack

The main goal of this topic is to show in more details the purpose of each

storage type present in ACS, their respective scopes, protocols and providers.

3.11.1. Primary storage

The primary storage is used to store disks used by the hosted virtual ma-

chines. It can operate at host level, cluster level or zone level, with the possibil-

ity to add multiple primary storages to clusters and zones. At least one primary

storage per cluster must exist for the orchestrator to operate properly.

CloudStack was designed to work with a wide variety of storage systems,

also capable of using local disks in the hypervisor’s hosts, as long the selected

hypervisor oﬀers support for this. The support for storage types for virtual

disks depends on the hypervisor used.

Storage type XenServer vSphere KVM

NFS Supports Supports Supports

iSCSI Supports Supports via

VMFS

Supports via

cluster ﬁle sys-

tem

Fiber Channel Supports via

storage reposito-

ries

Supports Supports via

cluster ﬁle sys-

tem

Local disk Supports Supports Supports

Table 12: Storage protocols supported by each hypervisor

ACS oﬀers support for the following protocols:

• NFS

• Shared Mount Point

• RDB

• CLVM

• Gluster

• Linstor

• Custom

CloudStack allows administrators to manage the primary storage based on

the cloud environment’s needs. These can be added, enabled, disabled or set

in maintenance mode, where each of these states presents diﬀerent eﬀects on

the storage’s management.

3.11.1.1. Adding a primary storage

Before creating primary storages, it is necessary to deﬁne the storage type and

protocol used

. Next, access must be granted to the storage from the hosts,

validating read and write operations for each of them. To access the primary

storage addition menu:

The table 3.11.1 shows the storage types supported by each hypervisor.

Figure 50: Accessing the primary storage addition menu

Figure 51: Details for adding a primary storage

• Addition with the NFS protocol:

To operate with NFS, it is only necessary to inform the NFS server’s ad-

dress and the path exported from the server. With this protocol, it is not

necessary to mount the primary storage on the host manually, since ACS

will perform this procedure automatically.

Figure 52: Adding a primary storage with NFS

• Addition with Shared Mount Point protocol:

A shared mount point is a path from the local ﬁle system for each host

in a given cluster. The path must be the same for all hosts in the cluster,

such as /mnt/primary-st orage. ACS will not mount the primary storage

like when using NFS, therefore the operator must ensure that the storage

is properly made available.

Figure 53: Adding a primary storage with Shared Mount Point

3.11.1.2. Disabling a primary storage

When disabling a primary storage, running VMs that have volumes in this Stor-

age Pool will not be aﬀected, however new volumes and VMS created will not

be allocated on it. The migration of volumes to a disabled primary storage is

only possible via API, as through UI the primary storage will be shown as Not

suitable. Yet, volumes present in a disabled primary storage can be migrated

out of it both through API and UI.

Figure 54: Disabling a primary storage

3.11.1.3. Maintenance mode for primary storage

When setting a primary storage in maintenance mode all VMs that have vol-

umes in it will be stopped and volumes may be migrated to other primary stor-

age in Up state. Furthermore, it will not be possible to allocate new VMs and

volumes in this primary storage. When starting a stopped VM that has its vol-

ume in a primary storage under maintenance, Apache CloudStack will automat-

ically migrate the volume to an appropriate primary storage. It is important to

notice that the CloudStack Agent will not unmount the primary storage under

maintenance.

Figure 55: Enabling the maintenance mode

3.11.1.4. Behaviour after restarting hosts

If the CloudStack Agent is restarted and the primary storage is either disabled

or in maintenance mode, it will not be automatically mounted. In case the state

is changed after restarting the CloudStack Agent, the primary storage will have

one of the following behaviours, depending on the initial state:

• Maintenance mode: If the primary storage leaves the maintenance mode,

it will be mounted again.

• Disabled: If the primary storage is enabled, it will be necessary to restart

the CloudStack Agent for it to be mounted again. If it is in the user’s in-

terest, they can enable the setting mount.disabl ed.storage.pool, which

makes it so that disabled storage pools are automatically mounted in case

of host reboot.

3.11.1.5. Local storage usage

In the global settings, there is a parameter called system.vm.use.local.storage,

that indicates if system VMs (CPVM, SSVM, VR) may use local or shared disks.

When the value of this parameter is set to true, the system VM’s data will be

preserved in an available local disk and if there are no enabled local disks, the

Management Server will show an error message for insuﬃcient capacity during

system VM initialization.

Figure 56: Enabling the usage of local storage for system VMs

To utilize local storage for user’s VMs, it is necessary to enable this feature

for the zone. This can be achieved by accessing the zone editing menu, and

enabling the option Enable local storage for user VMs.

Figure 57: Accessing the zone to be edited

Figure 58: Accessing the zone editing menu

Figure 59: Enabling the usage of local storage for user’s VMs

After making changes to system.vm.use.local.storage and Enable loca l sto

rage for user V Ms settings it is, necessary to restart the Management Servers

services. The section 8.4.1 exempliﬁes this process in more detail.

For a new instance to make use of local disks, it is necessary, in addition

to enabling the setting that allows this behaviour in the zone, that the service

oﬀerings used for creating this instance are also set to utilize local disks and

that there are local disks enabled. Otherwise, an error message of insuﬃcient

capacity will be displayed from the Management Server, since there is no avail-

able resource to allocate the instances on. Service oﬀerings can not be edited

directly, therefore it is necessary for them be created with the local storage op-

tion checked. The images below show where to ﬁnd this option when creating

a new oﬀering.

Figure 60: Adding a compute oﬀering with highlight in their Storage Type

Figure 61: Adding a disk oﬀering with highlight in the Storage Type

With the option Ena ble local st orage for us er VMs enabled, available local

storages will be listed under the "Infrastructure → Primary storage" menu. To

migrate stopped user VMs’ volumes to local storage, it is necessary to perform

cold migration of the volumes, selecting the available local storages, as the im-

age below shows. However, to migrate running user VMs, it is necessary to

perform hot migration of the volumes. Both processes are exempliﬁed in more

detail in the 3.3 section.

Figure 62: Cold volume migration to local storage

For system VMs and virtual routers it is possible to perform the migration

via the migrateVirtualMachineWithVolume API, informing the VM ID, destiny

host ID, volume ID and destiny storage ID. For example:

> migrate virtualmachinewithvolume virtualmachineid=<VM-id> hostid=<host-id>

migrateto[0].volume=<volume-id> migrateto[0].pool=<target-storage-id>

To get the ID from the system VM’s volumes it is necessary to use the listVolum

es API, informing the listall and listsystemvms parameters to true. For example:

> list volumes zoneid=<zone-id> listall=true listsystemvms=true

Therefore, it is necessary for the settings to be properly conﬁgured for both sys-

tem VMs and user VMs to utilize the local storage feature, otherwise, there will

be errors for insuﬃcient capacity when allocating resources for new instances.

3.11.2. Secondary storage

The secondary storage items are available for all hosts in the same hierar-

chical level of this storage, which is deﬁned zone wise. This storage type is used

to store:

• Templates: Operating systems’ images that may be used to initialize in-

stances and can include additional conﬁguration information, such as in-

stalled applications.

• ISOs: disk images containing data or bootable midia for operating sys-

tems.

• Snapshots: saved copies of a VM’s data (either the whole VM or a speciﬁc

volume) that may be used for data recovery or for creating new models.

Each zone has at least one secondary storage, which is shared between all

service points in the zone. CloudStack oﬀers the functionality to automatically

replicate the second storage through zones in a way that is fault tolerant. ACS

was also designed to operate with any scalable secondary storage system. The

only requirement is that the secondary storage system supports the NFS pro-

tocol.

CloudStack provides plugins that allow storing objects from OpenStack Ob-

ject Storage swift.openstack.org and from Amazon Simple Storage Service (S3).

When using these storage plugins, it is necessary to conﬁgure the Swift or S3

storage and then setup an NFS secondary storage in each zone. An NFS storage

must be kept in each zone, because most hypervisors can not directly mount S3

storages. This NFS storage acts in each zone as a setup zone which all templates

and other secondary storage data travels through before they are forwarded

to Swift or S3. Swift or S3 storages act as environment wide resources, making

templates and other data available for any zone in the cloud.

The following operations are available for secondary storage management:

3.11.2.1. Adding secondary storages

When creating a new zone, the ﬁrst secondary storage is created as part of the

process. If needed, the operator may create a new secondary storage.

Figure 63: Adding a new secondary storage

Figure 64: Details while adding a new secondary storage

3.11.2.2. Data migration between secondary storages

CloudStack allows migrating data from a secondary storage to another, while

choosing between two migration policies:

• Complete: migrates all data from one secondary storage to another;

• Balance: only migrates a portion of the data, keeping the storages bal-

anced.

Figure 65: Migrating data between secondary storages

Figure 66: Details for migrating data between secondary storages

3.11.2.3. Read-only mode for secondary storage

It is possible to deﬁne a read-only secondary storage, preventing any additional

templates, ISOs and snapshots to be stored in it.

Figure 67: Deﬁning a secondary storage as read-only

3.11.2.4. Read-write mode for secondary storage

If the read-only mode is selected, the option to reactivate the read-write mode

becomes available, having to reactivate it in order to perform new store oper-

ations in the secondary storage.

Figure 68: Deﬁning a secondary storage as read-write

3.11.2.5. Secondary storage removal

Lastly, it is also possible to delete secondary storages:

Figure 69: Deleting a secondary storage

Figure 70: Conﬁrming secondary storage removal

3.12. Resource allocation for secondary storage

Apache CloudStack has a functionality called secondary storage selectors

that allows it to specify in which secondary storage templates, ISOs, volumes,

volume snapshots, and backups will be allocated. Currently, the only way to

use this resource is sending requests directly to the API through CloudMonkey.

The Secondary Storage Selectors, through the heuristicrule parameter, use a

conditional block that must be written in JavaScript as an activation rule. When

specifying an activation rule, the secondary storage attributes will always be

present for any kind of resource; on the other hand, snapshot, ISO, template,

volume, and backups attributes will only be available for their respective types

based on the purp ose parameter from the createSecond aryStorageSe lector s

API.

The table below presents possible values for each available resource:

Resource Attributes

Secondary Storage id, usedDiskSize, totalDis

kSize, protocol

Snapshot size, hypervisorType

ISO/TEMPLATE format, hypervisorType

Volume size, format

Table 13: Possible values for each resource available in the heuristicrules

To carry out the usage of this feature, ﬁrstly, the operator needs to create

the selector via the createSeco ndaryStorageSele c tor API. The created selector

will specify the resource type (ISO, snapshot, template or volume), for which

the activation rule will be validated when the zone allocation is performed, and

the zone where the rule will be applied. It is important to highlight that it is only

possible to have one activation rule for each type within the same zone. Listed

below are some use cases:

1. Allocating a resource type for a speciﬁc secondary storage:

function findStorageWithSpecificId(pool) {

return pool.id === '7432f961-c602-4e8e-8580-2496ffbbc45d';

}

secondaryStorages.filter(findStorageWithSpecificId)[0].id

2. Dedicating storage pools for a speciﬁc template format;

function directToDedicatedQCOW2Pool(pool) {

return pool.id === '7432f961-c602-4e8e-8580-2496ffbbc45d';

}

function directToDedicatedVHDPool(pool) {

return pool.id === '1ea0109a-299d-4e37-8460-3e9823f9f25c';

}

if (template.format === 'QCOW2') {

secondaryStorages.filter(directToDedicatedQCOW2Pool)[0].id

} else if (template.format === 'VHD') {

secondaryStorages.filter(directToDedicatedVHDPool)[0].id

}

3. Directing a volume snapshot with KVM to a speciﬁc secondary storage;

if (snapshot.hypervisorType === 'KVM') {

'7432f961-c602-4e8e-8580-2496ffbbc45d';

}

4. Directing resources for a speciﬁc domain

if (account.domain.id == '52d83793-26de-11ec-8dcf-5254005dcdac') {

'1ea0109a-299d-4e37-8460-3e9823f9f25c'

} else if (account.domain.id == 'c1186146-5ceb-4901-94a1-dd1d24bd849d') {

'7432f961-c602-4e8e-8580-2496ffbbc45d'

}

The Secondary Storage Selectors feature has 4 APIs: l istSecondaryStorageS

electors, cr eateSecondaryStorageSelectors,updateSeco ndaryStorageSelectors

and removeSecondaryStorageSelectors.

• The listSecondaryStorageSelectors API has the function to show all the

Secondary Storage Selectors available and has the following parameters:

Parameter Description Obligatory Default value

zoneid Id from the zone used in

the selectors search

Yes -

purpose Type from the object

used in the search. Valid

options are ISO, SNAP-

SHOT, TEMPLATE and

VOLUME

Yes -

showRemoved Specify if removed selec-

tors shall be listed

No false

Table 14: listSecondaryStorageSelectors API parameters

• listSecondaryStorageSelectors API usage example

list secondarystorageselectors zoneid=<zone id> purpose=<object type>

• The createSecondarySto rag eSelectors API’s function is to create a Sec-

ondary Storage Selector and it has the following parameters:

Parameter Description Obligatory

name Name for selector identi-

ﬁcation

Yes

description Selector description Yes

zoneid Zone where the selector

will be active

Yes

purpose Object type for which

the selector will operate.

Valid options are ISO,

SNAPSHOT, TEMPLATE and

VOLUME

Yes

heuristicRule The rule speciﬁed in

JavaScript that will direct

the object to a speciﬁc

secondary storage; the

rule must always return a

text containing the UUID

for a valid secondary

storage

Yes

Table 15: createSecondaryStorageSelectors API parameters

• createSecondaryStorageSelectors API usage example

create secondarystorageselector name=<selector name> description=<description> zoneid=<zone id>

heuristicrule=<activation rule> purpose=<object type>

• The upd ateSecondaryStorageSelectors API’s function is to update a Sec-

ondary Storage Selector and it has the following parameters:

Parameter Description Obligatory

id Selector identiﬁer of the

secondary storage

Yes

heuristicRule The new rule speciﬁed in

JavaScript; the rule must

always return a text con-

taining the UUID for a

valid secondary storage

Yes

Table 16: updateSecondaryStorageSelectors API parameters

• updateSecondaryStorageSelectors API usage example

update secondarystorageselector id=<selector id> heuristicrule=<activation rule>

• The removeSecondaryStorageSelectors API’s function is to remove a Sec-

ondary Storage Selector and it has the following parameters:

Parameter Description Obligatory

id identiﬁer of the selector

to be removed

Yes

Table 17: removeSecondaryStorageSelectors API parameters

• removeSecondaryStorageSelectors API usage example

remove secondarystorageselector id=<selector id>

4. Service Oﬀerings

CloudStack is a cloud orchestration platform that enables centralized man-

agement of virtualized infrastructure environments. To create virtual machines

(VMs), it is necessary to deﬁne their speciﬁcations, such as CPU core count,

memory size, disk capacity, and other parameters. In CloudStack, these spec-

iﬁcations are organized into service oﬀerings, which standardize VM conﬁgu-

rations. This approach streamlines instance provisioning, makes resource us-

age easier to track, and, when required, allows the application of consumption-

based billing policies.

4.1. Compute oﬀerings

Compute oﬀerings are oﬀerings related to the computional resources of a

VM, such as CPU and RAM. A compute oﬀering also has a disk oﬀering, that

deﬁnes the characteristics for the VM root disk (when it is created based on a

template).

There are some settings that limit some aspects from compute oﬀerings,

such as:

Conﬁguração Descrição Valor

Padrão

vm.serviceoﬀering.cpu.cores.max Maximum amount of CPU

cores when creating oﬀerings

or VMs. 0 means boundless.

vm.serviceoﬀering.ram.size.max Maximum amount of RAM

when creating oﬀerings or

VMs. 0 means boundless.

For information related to the usage of Compute Oﬀerings, check the Apache

CloudStack usage documentation.

4.2. Disk Oﬀerings

Disk oﬀerings are service oﬀerings related to storage resources of a VM. Vir-

tual machines created from a template will utilize disk oﬀerings to create extra

disks, while those created with ISOs will need a disk oﬀering to create their root

disk.

To create a disk oﬀering:

Figure 71: Starting to create a new disk oﬀering

Clicking on the button Add Disk Oﬀering will open a form to ﬁll the informa-

tion:

Figure 72: Creating the new disk oﬀering

CloudStack has three types of provisioning:

• Thin Provisioning: disk of this type will be allocated with the minimum size

necessary and may grow accordingly as needed, up to their limit.

• Sparse Provisioning: disks of this type will start with the size deﬁned in the

oﬀering or during the disk creation; however, they may contain old data.

Their creation will be fast because old data is not erased or overwritten,

but it will be necessary to do that before writing new data. The perfor-

mance of the ﬁrst writes for this disk type will be slow.

• Fat Provisioning: disks of this type will start with the size deﬁned in the

oﬀering or during the disk creation and all disk space will be overwritten,

erasing any data within the blocks. When compared with sparse provision-

ing, disks of this type will take longer to be created because of the data

cleaning process; however the performance for their ﬁrst writes will be

faster.

The Quality of Service (QoS) is not implemented by the oﬀerings by default,

however it is possible to utilize a QoS from a hypervisor, in which read and

write rates done by the hypervisor, or storage, are determined, deﬁning the

minimum and maximum IOPS for storages. To utilize a hypervisor QoS it is

necessary that they support this funcionality. For some hypervisors some def-

initions may not be implemented; thus, it is necessary to validate them before

applying in production environments.

Storage tags are used to assign volumes to compatible storages (see section

3.7.2).

There are settings that limit some aspects of the disk oﬀerings:

Conﬁguração Descrição Valor

Padrão

custom.diskoﬀering.size.min Minimum size (in GB) for customiz-

able disk oﬀerings.

custom.diskoﬀering.size.max Maximum size (in GB) for customiz-

able disk oﬀerings.

1024

After created, only a few attributes of the disk oﬀering may be changed.

• Edit:

Figure 73: Starting to edit the disk oﬀering

Figure 74: Editing a disk oﬀering

• Update access:

Figure 75: Starting to update disk oﬀering accesses

Figure 76: Updating the disk oﬀering accesses

• Edit order:

Figure 77: Changing the disk oﬀerings order

To delete a disk oﬀering, access it and click the trash can icon:

Figure 78: Starting to delete a disk oﬀering

Figure 79: Deleting a disk oﬀering

100

If there are volumes using a disk oﬀering, they will keep working normally,

as well as VM migration and restart processes, because CloudStack copies the

disk oﬀering characteristics to the disk. However, it will not be possible to create

new volumes using it.

More information may be found on the oﬃcial documentation.

4.2.1. Limiting IOPS e BPS in disk oﬀerings

During the creation of a disk oﬀering, it is possible to limit the volume IOPS

and BPS rates through the QoS type option.

Figure 80: Selecting a QoS type

When determining limits for volume IOPS and BPS rates, it is important to

be careful with the following details:

• Control over the size of I/O operations:

101

When an operator sets a limit for IOPS rate, all I/O operations, regardless

of size, are treated similarly, and, consequently, users may exploit this to

circumvent the limits set. To prevent this, the operator needs to specify

the block size for each operation. Assuming that the IOPS limit for a VM is

1000, the hypervisor will be limiting for 1000 I/O operations per second,

independently of the size of the IO request. Thus, requests with bigger

block sizes will beneﬁt from this. To illustrate this, some tests with the fio

tool were performed.

A VM was deployed with a disk oﬀering limiting both its read and write

IOPS to 1000. The fio command was executed with a block size of 64 KiB

and then executed again but with a block size of 128 KiB. Although the to-

tal amount of IO operations were diﬀerent in those executions, both per-

formed approximately 1000 IOPS. This happens because of the execution

time necessary for each one. Using a bigger writing block, double the read

and write speed was achieved, even though both executions were limited

to 1000 IOPS. The table bellow shows a brieﬂy comparison between the

values discussed.

Block

Size

Write

(IOPS)

Write

(Mib/s)

Read

(IOPS)

Read

(Mib/s)

64 KiB 1008 63 337 21.1

128 KiB 1016 127 346 43.3

Table 18: Comparison between test results using block size of 64 KiB and 128 KiB

ACS currently does not externalize the operation block size, however, it

is possible to achieve the same objective setting out a read and write

amount in BPS (bytesreadrate and byteswriterate parameters).

102

Figure 81: Limiting a BPS ratio

Considering the same use case above, specifying the diskBytesReadRate

to 104857600 (100 MiB) and diskBytesWriteRate to 31457280 (30 MiB), the

usage for block size of 128 KiB would be limited by these values. There-

fore, when a BPS and IOPS limit is deﬁned, the VM will be limited by the

ﬁrst limit reached. In this case, when using a block size of 128 KiB, the BPS

limit will be reached ﬁrst and, consequently, the VM will never reach 1000

IOPS. The BPS limitation for the block size of 64 KiB will have no eﬀect, be-

cause the IOPS limit will be reached ﬁrst. The table bellow brieﬂy shows

the data mentioned.

103

Block

Size

Write

(IOPS)

Write

(Mib/s)

Read

(IOPS)

Read

(Mib/s)

64 KiB 1008 63 337 21.1

128 KiB 710 88.8 242 30.3

Table 19: Comparison between test results using BPS limits

Considering the situation above, it is recommended using the parameters

diskBytesReadRate and diskBytesWriteRate together with the IOPS limits

to limit volume read and write speeds.

• I/O bursts;

A burst is when the read and write limits are exceed for some time to al-

low a greater performance during intense activities. This functionality is

present in ACS, however, it is only available through the APIs

(createSe

rviceOffering and createDiskOfferin g). The parameters that allow conﬁg-

uring this functionality are:

For more details on how to send requests directly to the API ??

104

Parâmetro Descrição

bytesreadratemax Deﬁnes the maximum

reading speed for the

burst in BPS

bytesreadratemaxlength Deﬁnes the maximum

amount of time for the

BPS read burst in sec-

onds

byteswritemax Deﬁnes the maximum

writing speed for the

burst in BPS

byteswritemaxlength Deﬁne the maximum

amount of time for the

BPS write burst in sec-

onds

iopsreadratemax Deﬁnes the maximum

reading speed for the

burst in IOPS

iopsreadratemaxlength Deﬁnes the maximum

amount of time for the

IOPS read burst in sec-

onds

iopswriteratemax Deﬁnes the maximum

writing speed for the

burst in IOPS

iopswritemaxlength Deﬁne the maximum

amount of time for the

IOPS write burst in sec-

onds

4.3. Network oﬀerings - throttling

Process of controlling network access and bandwidth based on certain rules.

This behaviour is controlled by CloudStack in the guest networks based on net-

work rates parameters (default transfer rates, measured in Mbps, allowed in

a guest network). This parameter determines maximum limits for network us-

age; if the current usage is higher than the deﬁned limits, the access will not be

granted.

It is possible to control network jamming and accounts using the network

105

beyond the deﬁned limits through bandwidth limitations. The network rate for

your cloud can be adjusted in the following way:

• Network oﬀering

• Service oﬀering

• Global settings

If the network rate is deﬁned as NULL in the service oﬀering, the value set

in the global setting vm.network.throttling.rate will be applied. If the value is

deﬁned as NULL for the service oﬀering, the value set in the global setting net

work.throttling.rate will be considered.

For public networks, either storage or predeﬁned management, the network

rate is deﬁned as 0, which implies that they have unlimited bandwidth as de-

fault. Now for guest networks, the network rate is deﬁned as NULL.

The network rate deﬁned for a network oﬀering that is used by a speciﬁc

network within CloudStack, is used for the traﬃc modelling policies for a port

group, i.e., VRs connected to this port group and, consequently, the network

instance also connected. However, an instance that was implemented with a

compute oﬀering that deﬁnes a network rate, will be connected to the port

group imposed for such traﬃc modelling policy, in which the network rate will

be used.

4.4. System oﬀerings

System oﬀerings are similar to compute oﬀerings but intended for system

VMs: console proxy VMs, secondary storage VMs and virtual routers. Cloud-

Stack comes with some oﬀerings intended for each of those VMs by default.

However, the root admin user may create new oﬀerings and change which of

them one of these machines is using.

An example would be when a guest network is created, in which the virtual

router uses the system oﬀering as their network oﬀering. To satisfy a new net-

work oﬀering it is possible to deﬁne resources that will be suppplied by the

106

virtual router. This way, all VRs in this network will utilize this new service of-

fering.

Figure 82: Default system oﬀerings

4.4.0.1. Creating system oﬀerings

Adding a new system oﬀering:

107

Figure 83: Starting to create a new system oﬀering

By clicking on the Add System Service Oﬀering button, a form for inserting

the information will open:

108

Figure 84: Creating a new system oﬀering - 1 - continues

Via UI, the option System VM Type shows only the following types: Domain

router, Console proxy and Se condary storage VM. However, via API it is also

possible to create oﬀerings of the internalloadbalancervm type.

Figure 85: Creating a new system oﬀering - 2

• Host tags will be used to direct the system VMs to compatible hosts (check

109

section 3.7.1).

• Storage tags will be used to direct volumes to compatible storages (check

section 3.7.2).

4.4.0.2. Editing system oﬀerings

After the creation of a system oﬀering only a few attributes can be changed.

• Editing:

Figure 86: Starting to edit the system oﬀering

Figure 87: Editing the system oﬀering

• Change order:

110

Figure 88: Changing system oﬀering order

4.4.0.3. Removing system oﬀerings

To remove a system oﬀering, access it and click the trash can icon (default

oﬀerings can not be removed):

Figure 89: Starting the system oﬀering removal

Figure 90: Removing a system oﬀering

If there are system VMs running under the system oﬀering they will keep

working normally, as CloudStack copies their system oﬀering characteristics to

the system VMs.

111

4.4.0.4. Changing the system oﬀering of a system VMs

It is possible to change the oﬀering that a system VM uses with the changeSer

viceForSystemVm API. With the root admin logged in on CloudMonkey

1011

stop systemvm id=<system_vm_id>

change serviceforsystemvm id=<system_vm_id> serviceofferingid=<system_offering_id>

start systemvm id=<system_vm_id>

However, if the VM is recreated it will use the default oﬀering again. To

change the system oﬀering used by a system VM when created it is necessary

to indicate the oﬀering uuid in the global settings. The null value indicates that

the default CloudStack oﬀering will be used.

Setting Description Value

Deafult

consoleproxy.service.oﬀering uuid of the oﬀering used by console

proxy VMs by default.

null

internallbvm.service.oﬀering uuid of the oﬀering used by internal

load balancer VMs by default.

null

router.service.oﬀering uuid of the oﬀering used by virtual

routers by default

null

secstorage.service.oﬀering uuid of the oﬀering used by sec-

ondary storage VMs by default.

null

Table 20: System oﬀerings settings for system VMs

After changing the values and restarting the Management Servers, destroy-

ing the system VMs will cause CloudStack to recreate them with the new oﬀer-

ings.

4.5. Backup oﬀerings

These oﬀerings are intended for importing backup oﬀerings from providers

outside CloudStack. Currently, the only supported provider is Veeam, for VMware.

To change the service oﬀering, it is necessary for the system VM to be stopped. When

turning it on it will already be using the new oﬀering.

When stopping the system VM it will automatically start after some time. To keep it shut

down, it is necessary to disable the zone.

112

CloudStack has a fake provider (Dummy) just for suﬃcing logical requirements,

however, when oﬀerings are imported from this provider nothing will actually

happen.

4.5.0.1. Enabling backup oﬀerings

To enable the backup oﬀerings feature, it is necessary to deﬁne the backup.fr

amework.enabled global setting to true. Besides, there are also other settings

available for this feature:

Setting Description Value

Deafult

backup.framework.enabled Deﬁnes if the backup oﬀering

feature is enabled or not.

false

backup.framework.provider.plugin Deﬁnes which provider will be

used.

dummy

backup.framework.sync.interval Deﬁnes the interval, in sec-

onds, for task synchronization

between CloudStack and the

provider.

300

Table 21: Backup settings

The settings backup.framework.enabled and backup.framework.provider.p

lugin work within the zone scope.

There are also speciﬁc settings for Veeam providers:

113

Setting Description Default Value

backup.plugin.veeam.password Password for

Veeam access.

backup.plugin.veeam.request

.timeout

Timeout, in seconds,

for Veeam requests.

300

backup.plugin.veeam.url Veeam URL. https://localhost:9398/api/

backup.plugin.veeam.username Username for

Veeam access.

administrator

backup.plugin.veeam.validate

.ssl

If set to true, will

validate the SSL cer-

tiﬁcate in https/ssl

connection with the

Veeam API.

false

Table 22: Backup settings for Veeam

Furthermore, the Veeam server needs to have SSH installed and running on

port 22.

It is also important to highlight that when using Veeam, its templates should

not be used if they contain special characters. The reason being that using

Regex to space such characters causes errors on Veeam.

The following characters are considered special: blank space, \, #, $, (), *, +,

., ?, [], ^, {}, | and accented letters. The characters “-" and “_" are not considered

special characters and can be used normally.

With the backup.framework.enabled global setting set to true, when restart-

ing CloudStack a new sub-tab will show up under Service Oﬀerings:

Figure 91: Backup oﬀering tab

114

4.5.0.2. Importing backup oﬀerings

To import a backup oﬀering:

Figure 92: Starting to import a new backup oﬀering

When clicking on the Import Backup Oﬀering button a form will show up to

ﬁll the information needed:

Figure 93: Importing a new backup oﬀering

115

The values shown in the External Id ﬁeld are related to the provider conﬁg-

ured for the selected zone. If the Allow User Driven Backups ﬁeld is checked,

the user may schedule backups or perform them manually.

4.5.0.3. Backup oﬀering removal

It is not possible to edit a backup oﬀering, only remove it:

Figure 94: Starting backup oﬀering removal

Figure 95: Removing the backup oﬀering

It is not possible to remove a backup oﬀering if it is already being used by a

VM.

4.5.0.4. Using backup oﬀerings

To use a backup oﬀering, just select a VM and:

Figure 96: Starting to assign a VM to a backup oﬀering

116

Figure 97: Assigning a VM to a backup oﬀering

To perform a manual backup you just need to select the Start Backup option:

Figure 98: Starting manual backup for a VM

Figure 99: Performing a manual backup for a VM

To schedule a backup, select the Conﬁgure Backup Schedule option:

Figure 100: Starting backup scheduling

117

Figure 101: Scheduling backups

To remove a VM from the backup oﬀering, select the Remove VM From

Backup Oﬀering option:

Figure 102: Starting to remove backup oﬀering from the VM

Figure 103: Removing backup oﬀering from the VM

For more details check the oﬃcial documentation.

118

5. Apache CloudStack settings

This section presents concepts related to the ACS settings, as well as settings

that are frequently changed for environment customization.

5.1. Settings scopes

One of Apache CloudStack’s main characteristics is its ﬂexibility regarding

environment conﬁguration. This is achieved, in part, through the use of settings

scopes, which are setting groups that aﬀect CloudStack’s behaviour in diﬀerent

levels. This approach provides greater ﬂexibility in ACS conﬁguration and helps

optimize performance and eﬃciency for the system as a whole.

ACS provides settings in the following scopes: Global, Zone, Cluster, Domai

n, Account, ManagementServer, StoragePool and ImageStore.

The Global scope is the broadest one, embracing all the environment’s set-

tings. The settings deﬁned under this scope are applied to all of the cloud subdi-

visions, allowing the user to uniformly customize the settings for the whole en-

vironment. Similarly, other scopes indicate that settings belonging to them are

applied to all resources within their categories. For example, when the value

for a setting within the

Accoun t scope is changed, this change will only aﬀect

the current account. In turn, if the change was made in the Domain scope, the

change will aﬀect all members within that domain.

Beyond setting scopes, there are other settings that are useful during the

ACS customization process.

• enable.a cco unt .settings.for.domain: Allows settings under the account

scope to also be visible at domain level. Furthermore, if an account setting

is set by the administrator, that will be the value considered. Otherwise,

the value from the domain scope that will be considered. If the value un-

der the domain scope is not set, the value from the global setting will be

selected. If this setting is set to false, if a setting at account level is not set

119

by the administrator, the value considered will be the one from the global

setting.

• enable.domain.settings.for.child.domain: if enabled, this setting allows

child domains (subdomains) to inherit the settings deﬁned by their par-

ent domain. For example, if a parent domain deﬁnes a certain setting

to limit the CPU usage to 50%, all child domains will inherit this setting,

unless they have a speciﬁc setting that overwrites the one from its par-

ent domain. This eases domain and account conﬁguration and makes

the process more eﬃcient, allowing administrators to deﬁne settings at a

higher level and inherit them to lower levels. As default, this setting comes

disabled.

5.2. Global settings that control the primary storage usage

The following global settings manage the CloudStack behaviour when a stor-

age is close to running out of storage capacity:

120

Setting Description Default

Value

cluster.storage.allocated.capacity.notiﬁcationthreshold Value between 0

and 1 to indicate

the storage allo-

cation percentage

that will trigger

sending alerts for

low available stor-

age space.

0.75

cluster.storage.capacity.notiﬁcationthreshold Value between 0

and 1 to indicate

the storage usage

percentage that

will trigger sending

alerts for low avail-

able storage space.

0.75

pool.storage.allocated.capacity.disablethreshold Value between 0

and 1 to indicate

the storage allo-

cation percentage

that will trigger it to

disable itself.

0.85

pool.storage.capacity.disablethreshold Value between 0

and 1 to indicate

the storage usage

percentage that

will trigger it to

disable itself.

0.85

Table 23: Cloudstack behavior settings in case of storage running out of space

More information about primary storage management can be found in 3.11.1.

121

5.3. Settings to limit resources

Setting Description

max.account.public.ips Maximum number of public IPs for an ac-

count

max.account.snapshots Maximum number of snapshots for an

account

max.account.templates Maximum number of templates for an ac-

count

max.account.user.vms Maximum number of VMs for an account

max.account.volumes Maximum number of disks for an ac-

count

max.template.iso.size Maximum size for a template or ISO (GB)

max.volume.size.gb Maximum size for disks (GB)

max.account.cpus Maximum number of CPUs for an ac-

count

max.account.ram Maximum amount of RAM (MB) for an ac-

count

max.account.primary.storage Maximum space (GB) in the primary stor-

age that may be used by an account

max.account.secondary.storage Maximum space (GB) in the secondary

storage that may be used by an account

max.project.cpus Maximum number of CPUs for a project

max.project.ram Maximum amount of RAM (MB) for a

project

max.project.primary.storage Maximum space (GB) in the primary stor-

age that may be used by a project

max.project.secondary.storage Maximum space (GB) in the secondary

storage that may be used by a project

Table 24: Resource limitation settings

5.4. Settings that control Kubernetes usage

This section will only approach global settings necessary for using Kuber-

netes. For information related to the usage of Kubernetes, access the Apache

CloudStack usage documentation.

5.4.1. Enabling Kubernetes integration

Firstly, its important to pay attention to the versions used by both Cloud-

Stack and Kubernetes. New Kubernetes versions are released more frequently

122

than CloudStack versions, therefore new Kubernetes versions may not properly

work with the current CloudStack version.

The Kubernetes integration is disabled by default. To enable it, access the

global settings and change the setting cloud.kubernetes.service.enabled to true

and then restart the Management Server.

As soon as integration is enabled, the new APIs will be available and new

Kubernetes tabs will show up in the UI.

5.4.2. Kubernetes clusters creation

To create a Kubernetes cluster, the Management Server must have access

to the public IPs from the networks used for virtual machine provisioning in the

cluster. This is accomplished by conﬁguring the global parameter endpoint.url

o match the domain used for accessing ACS, as demonstrated in the following

example:

Figure 104: Global setting endpoint.url

For a new network to be created when none is selected during the creation

of the Kubernetes cluster, the global setting cloud.kubernetes.cluster.network

.offering must be deﬁned, set with the desired oﬀering to be used as default.

123

6. UI customization

This section demonstrates how to customize the Apache CloudStack web

interface in diﬀerent ways and preferences.

6.1. Changing logo and other elements

Note: this is the legacy GUI customization model. We recommend using a

theme management system (Section 6.3) for greater customization and better

management.

It is possible to change/customize some aspects from the CloudStack web

interface, including the logo, banner, page title and footers. This describes the

processes for customizing the logo and banner. Before any changes are made,

it is advisible to perform a backup from the folder containing the following set-

tings, in case it is necessary to revert the changes made.

In order to customize logos and banner, follow this procedure:

1. Login into the Management Server via ssh:

user@machine:~$ ssh username@management-server-ip

# A practical example:

user@machine:~$ ssh root@192.168.103.168

2. Browse to the directory: /usr/share/clou d st a c k -m a n ag e m e nt / w eb a p p /a s

sets:

user@machine:~$ cd /usr/share/cloudstack-management/webapp/assets

# In case a "Permission denied" error occurs, execute the command:

user@machine:~$ sudo su

# And then browse to the CloudStack logs directory.

3. The images used by CloudStack may be found in this directory. If you

want to change the logo or banner, just change the ﬁles logo.svg and ban

ner.svg, respectively and update them in the config.json settings ﬁle. The

procedure of changing these images consists of uploading the client’s logo

and banner to the Management Server via scp.

4. Repeat this process in each existent Management Server in the infrastruc-

ture.

124

5. If any procedure on the Management Servers results in a "Permission de-

nied" error, execute the command:

user@machine:~$ sudo su

Then repeat the process that caused the error.

Some notes:

• There is a ﬁle named cloud.ico in the directory /usr/sh are/cloudstack-m

anagement/webapp, responsible for the icon shown in the browser tab,

that can also be changed.

• In this same directory, there is a ﬁle named c on f i g. j s on, that can be used

to change the page title, as well as the footers and other details.

• The CloudStack UI has a cache period. If changes are not visible it is rec-

ommended to clear the cache and check again if the changes made were

applied.

• As the CloudStack web interface, at least until the writting of this docu-

ment, is relatively new and is still under development, it may be necessary

to repeat this procedure when the current CloudStack version is updated.

An example of CloudStack customization:

{

"apiBase": "/client/api",

"docBase": "http://docs.cloudstack.apache.org/en/latest",

"appTitle": "SC Clouds",

"footer": "Welcome to the portal with custom aspects",

"logo": "assets/logo.svg",

"banner": "assets/banner.svg",

"error": {

"403": "assets/403.png",

"404": "assets/404.png",

"500": "assets/500.png"

// ...

}

125

Figure 105: Customized banner

Figure 106: Customized footer

6.2. Changing logo when resizing the page

When the user resizes the page to some extent, or clicks to collapse the side

menu, the environment logo set is cut to adjust to the menu size.

The default ACS logo is designed so that when cut it becomes sort of a "mini

logo", other logos, however, may not present this behaviour as shown below:

Figure 107: Whole logo

126

Figure 108: Cut logo

To customize the logo change behaviour the settings in the ﬁle /usr/ shar

e/cloudstack-management /webapp/config.json must be edited in each of the

Management Servers of the environment.

Properties related to this improvement (mini logo) are shown below. Notice

that other properties in this ﬁle were omitted with [...] to avoid cluttering the

document:

{

[...]

"logo": "assets/logo.svg",

"minilogo": "assets/mini-logo.svg",

[...]

"theme": {

"@logo-background-color": "#ffffff",

"@mini-logo-background-color": "#ffffff",

[...]

"@logo-width": "256px",

"@logo-height": "64px",

"@mini-logo-width": "80px",

"@mini-logo-height": "64px",

}

Figure 109: Mini logo

Note: To apply the eﬀects the page’s cache must be refreshed.

127

6.3. Theme management

Themes are an alternative for UI customization in CloudStack. They have

distinct functionalities and purposes, designed, but not limited, to answer the

needs from cloud providers that wish to implement a resale model and pro-

vide a White Label cloud system. It is possible to manage themes at diﬀerent

application levels, allowing greater customization freedom.

This functionality allows managing themes at account, domain and internet

common name level. It is possible to setup CSS rules and attributes in JSON for-

mat that will be used to load the theme dynamically. If no theme is registered,

the GUI will use the current environment settings.

Listed below are the APIs used to manage themes:

6.3.1. Theme creation

The API createGuiTheme is only accessible for root admin accounts and al-

lows themes to be created at diﬀerent scopes. This API has the following pa-

rameters:

Parameter Description Obligatory Default

value

name Name to identify the theme. Yes -

description Theme description. No null

css CSS imported by the GUI to cor-

respond to the theme access set-

tings.

No null

jsonconﬁguration JSON containing the settings to

be imported by the GUI if they

match the theme access settings.

More details about the JSON set-

tings may be found in the Section

6.3.3.2.

No null

commonnames Comma-separated set of internet

common names that have access

to the theme.

No null

128

Parameter Description Obligatory Default

value

domainids Comma-separated list of do-

main IDs that have access to the

theme.

No null

accountsids Comma-separated list of account

IDs that access to the theme.

No null

ispublic Deﬁnes if the theme is accessible

to anyone, when only the commo

nnames is informed. If the doma

inids or accountids are informed,

it is considered false.

No true

Table 25: createGuiTheme parameters

If c ommonnames, domainids and accountids are not informed, the theme

used will be the default; only one default theme can exist and it is automati-

cally public. If there is no corresponding theme, the GUI will use the current

environment settings as fallback.

Despite the ﬁelds css and jsonconfiguration not being mandatory, it is nec-

essary for at least one of these ﬁelds to be informed in order to create the

theme.

Subsection 6.3.5 exempliﬁes theme creation and common interface cus-

tomizations.

6.3.2. Theme list

The listG uiThemes API is accessible to any user and searches for themes

based on the parameters and the requesting user’s access. It has the following

parameters:

129

Parameter Description Obligatory Default

value

id Theme ID. No null

name Theme name. No null

commonname Filtered internet common name. No null

domainid Filtered domain ID. No null

accountid Filtered account ID. No null

listall If used, lists all themes. No false

listremoved If used, lists removed themes. No false

ispublic If used, lists public themes. By de-

fault, all will be listed.

No true

listonlydefaulttheme Lists only the default theme. If set

to true, then all other parameters

will be ignored.

No false

Table 26: listGuiThemes parameters

To allow the theme to be shown on the login page, it is possible to call this API

without authentication; however there are limitations to this use case. An unau-

thenticated call to the listGuiThemes API always retrieves the default theme or

the latest active public theme that corresponds to the internet common name

requested to the API. In addition to that, all API parameters are ignored.

One possible way to perform queries is shown in the example below:

(admin) > list guithemes listall=true

{

"count": 1,

"guiThemes": [

{

"created": "2023-09-15T16:20:18+0000",

"css": ".layout.ant-layout .header {background: purple;}",

"id": "a9a05158-2870-48b7-877a-626badde4b28",

"ispublic": true,

"jsonconfiguration": "{\"banner\":\

"https://res.cloudinary.com/sc-clouds/image/upload/v1645707938

/identidade/scclouds-logo_f56v2y.png\", \

"logo\":\"https://res.cloudinary.com/sc-clouds/image/upload/v1645707938

/identidade/scclouds-logo_f56v2y.png\", \"favicon\":\

"https://gitlab.scclouds.com.br/uploads/-/system/appearance/favicon

/1/scclouds-avatar.ico\"}",

"name": "example-theme"

}

]

}

130

6.3.3. Updating a theme

The updateGuiTheme API is only accessible for root admin accounts and

allows updating an already existing theme. It has the following parameters:

Parameter Description Obligatory Default

value

id ID from theme for update. Yes -

name Name to identify the theme. No null

description Theme description. No null

css CSS imported by the GUI when

the access settings match those

from the theme.

No null

jsonconﬁguration JSON containing the settings to

be imported by the GUI if they

match the theme access settings.

More details about the JSON set-

tings may be found in the Section

6.3.3.2.

No null

commonnames Comma-separated set of internet

common names that can retrieve

the theme.

No null

domainids Comma-separated list of domain

IDs that can retrieve the theme.

No false

accountids Comma-separated ID set of

accounts that can retrieve the

theme.

No false

ispublic Boolean parameter that deﬁnes if

the theme access is open to any-

one, when only the commonnam

es is informed. If the domainids

or acc ountids are informed, it is

considered false.

No true

Table 27: updateGuiTheme parameters

Below is presented an update example for the theme listed in the section

6.3.2. We highlight that the update will overwrite the ﬁelds css and jsonconﬁgu-

ration, as can be seen in the API call return. Besides, to remove a parameter, it

is necessary to explicitly pass it as an empty string.

131

(admin) > update guitheme id=a9a05158-2870-48b7-877a-626badde4b28

css='.layout.ant-layout .header {background: orange;}'

{

"guiThemes": {

"created": "2023-09-15T16:20:18+0000",

"css": ".layout.ant-layout .header {background: orange;}",

"id": "a9a05158-2870-48b7-877a-626badde4b28",

"ispublic": true,

"jsonconfiguration": "{\"banner\":\"https://res.cloudinary.com/sc-clouds/image

/upload/v1645707938/identidade/scclouds-logo_f56v2y.png\", \

"logo\":\"https://res.cloudinary.com/sc-clouds/image/upload/v1645707938

/identidade/scclouds-logo_f56v2y.png\", \"favicon\":\

"https://gitlab.scclouds.com.br/uploads/-/system/appearance/favicon/1

/scclouds-avatar.ico\"}",

"name": "example-theme"

}

6.3.3.1. CSS ﬁeld

In the CSS ﬁeld it is possible to add customized styles to the CloudStack UI,

directly applied in the HTML tags or within the <style> tags, using the CSS lan-

guage. Another option is to use @import, which makes it possible to add a style

through a URL to the CSS ﬁle.

@import <url|string> <media-queries-list>

• url: A URL or string that represents the location of the resource to import.

The URL may be absolute or relative.

• media queries: Comma-separated list of midia queries that set the appli-

cation of the CSS rules deﬁned in the given URL.

Using @import may facilitate adding and organizing themes, as ACS does

not have a mechanism to control CSS ﬁles, which limits the operator’s options.

For this purpose, importing a versioning system is simpler and easier, despite

minor disadvantages, such as needing to perform additional HTTP requests,

which have little to no performance impact.

6.3.3.2. JSON settings

The JSON settings follow the current ACS standard, conﬁg.json; however, limited

in some attributes:

132

Attribute Description.

appTitle Web page title.

favicon Web page favicon.

footer Web page footer.

loginFooter Web page login footer.

logo Local or external link for the image to be presented as the left

bar logo.

minilogo Local or external link for the image to be presented as the left

bar logo miniature, when collapsed.

banner Local or external link for the image to be presented as the login

background.

error.403 Local or external link for the image to be presented when re-

ceiving an error 403.

error.404 Local or external link for the image to be presented when re-

ceiving an error 404.

error.500 Local or external link for the image to be presented when re-

ceiving an error 500.

plugins Set of plugin objects.

Table 28: jsonconfiguration attributes

The plugins structure is as follows:

Attribute Description

name Plugin name.

path Link to the web page to add the plugin.

icon Icon for the plugin.

isExternalLink Determines if the plugin refers to an external link.

Table 29: jsonconfiguration plugin attributes

jsonconfiguration example:

{

"appTitle": "CloudStack",

"favicon": "cloud.ico",

"footer": "Licensed under the Apache License, Version 2.0.",

"loginFooter": "",

"logo": "assets/logo.svg",

"minilogo": "assets/mini-logo.svg",

"banner": "assets/banner.svg",

"error": {

"403": "assets/403.png",

"404": "assets/404.png",

"500": "assets/500.png"

"plugins": [

133

{

"name": "Apache CloudStack",

"path": "https://cloudstack.apache.org/",

"isExternalLink": "true",

"icon": "https://cloudstack.apache.org/images/favicon.ico"

}]

}

If any other attribute is speciﬁed, it will be ignored.

6.3.4. Removing a theme

The re moveGuiTh eme API is only accessible for root admin accounts and

allows them to remove themes. It is necessary to give the theme ID for removal,

as shown in the example below:

(admin) > remove guitheme id=a9a05158-2870-48b7-877a-626badde4b28

{

"success": true

}

6.3.5. Common UI customization examples

This topic aims to present the most common UI customization examples,

besides providing general tips to ease the stylization process.

6.3.5.1. Creating themes with external stylization ﬁle

Firstly, it is necessary to execute the cre ateGuiTheme API via CloudMonkey to

create the theme. As mentioned in the 6.3.3.1 topic, it is advisible for the CSS @i

mport at-rule to be used to conﬁgure the stylization. Through that, it is possible

to introduce CSS properties in a separated ﬁle instead of inserting them via

terminal.

create guitheme name="theme" css="@import url('<css-file-url>')"

6.3.5.2. Notes about style conﬂicts

When styling the ACS interface it is common for conﬂicts to appear between

the styles that are being inserted and the ones in use. They occur when two or

more selectors have conﬂicting styles applied to the same element.

To solve this issue it is necessary for the selector being inserted to have the

highest speciﬁcity possible. As a last resort the !important rule can be used.

134

Styles declared with it will be preferred over any other style. As shown in the

following examples, using this rule turns into a common practice.

6.3.5.3. Adding fonts

In CSS, fonts may be imported. For this example the font Poppins was utilized.

@import url("<font-url>");

* {

font-family: 'Poppins' , Courier !important;

}

6.3.5.4. Using CSS variables

It is recommended adding CSS variables to abstract property values and keep

consistency during stylization. For that, they can be inserted in the CSS ﬁle,

preferably in the :root selector. The following variables were used in this ex-

ample:

:root {

--main-green: #3E7C59;

--main-red: #ae0000;

--main-default: #327355;

--main-primary-light: #db4e2d22;

--main-primary-dark: #db4e2d;

--main-secondary-light: #E9782622;

--main-secondary-dark: #E97826;

--main-gray-light: #eee;

--main-linear-colora: #ddd;

--main-linear-colorb: #ddd;

--main-image-menu: url("<figure-url>");

--main-image-login: url("<figure-url>");

--main-image-icon: url("<figure-url>");

}

6.3.5.5. Login page

/* Login page logo */

.userLayout .user-layout-header {

min-height: 100px;

background-repeat: no-repeat;

background-size: 250px;

background-position: top center;

}

/* ACS logo hidden by default */

.userLayout .user-layout-header > img {

display: none;

}

135

/* Page background-color, excluding footer */

.ant-tabs-tab,

.user-layout {

background-color: var(--main-gray-light) !important;

}

background-color applied in the HTML tag.

However, in practice, the property will be applied in the login page footer

html {

background-color: var(--main-secondary-dark);

}

/* continuous border under the tabs */

.ant-tabs-top-bar .ant-tabs-nav-scroll {

border-bottom: 3px solid var(--main-primary-dark);

width: 90.5%;

margin: 0 auto;

}

/* Tabs title color ("Portal login", "Single sign-on", ...) */

.user-layout .ant-tabs-top-bar .ant-tabs-nav-scroll .ant-tabs-tab {

color: var(--main-primary-dark);

border-bottom: 0px solid var(--main-primary-dark);

}

/* active tab border-bottom */

.user-layout .ant-tabs-top-bar .ant-tabs-nav-scroll .ant-tabs-tab.ant-tabs-tab-active {

border-width: 3px;

}

/* Tab styles when :hover */

.user-layout .ant-tabs-top-bar .ant-tabs-nav-scroll .ant-tabs-tab:hover {

background-color: var(--main-secondary-dark) !important;

color: #fff;

border-width: 3px;

}

/* Necessary to remove the ACS default border */

.ant-tabs-ink-bar.ant-tabs-ink-bar-no-animated {

display: none !important;

}

/* All buttons, except for those that have the class .ant-btn-icon-only*/

button.ant-btn:not(.ant-btn-icon-only){

background-color: var(--main-primary-dark) !important;

color: #fff;

border: 0px;

}

/* :hover buttons */

button.ant-btn:not(.ant-btn-icon-only):hover {

background-color: var(--main-secondary-dark) !important;

color: #fff;

}

/* Inputs */

.ant-input-affix-wrapper,

.ant-input-affix-wrapper input {

background-color: var(--main-gray-light) !important;

}

/* Inputs placeholder */

.ant-input-search .ant-input-search.input-search input::placeholder {

136

color: #666;

}

Figure 110: Customized login page

6.3.5.6. Header stylization

/* Cores do header */ .layout.ant-layout .header {

background: linear-gradient(var(--main-linear-colora), var(--main-linear-colorb)) !important;

box-shadow: 0px 0px 10px #00000055;

}

/* Header icon */

.layout.ant-layout .header .user-menu > span *,

.layout.ant-layout .header .anticon-menu-unfold,

.layout.ant-layout .header .anticon-menu-fold {

color: #000 !important;

}

/* :hover header icons */

.layout.ant-layout .header .anticon-menu-unfold:hover,

.layout.ant-layout .header .anticon-menu-fold:hover,

.layout.ant-layout .header .user-menu > span:hover {

background-color: var(--main-primary-dark) !important;

color: #fff !important;

}

/* User menu icons */

.layout.ant-layout .header .user-menu > span:hover * {

color: #fff !important;

}

/* Dropdown triggers when active */

.layout.ant-layout .header .user-menu > span.ant-dropdown-open {

137

background-color: var(--main-primary-light) !important;

border-bottom: 5px solid var(--main-primary-dark) !important;

}

Figure 111: Stylized header

6.3.5.7. Sidebar stylization

/* background sidebar */

aside {

background: linear-gradient(var(--main-linear-colora), var(--main-linear-colorb)) !important;

}

.sider.light .ant-menu-light, .sider.light .ant-menu-submenu > .ant-menu {

background-color: transparent;

}

/* Navigation links colors */

.sider.light .ant-menu-light a,

.sider.light .ant-menu-submenu > .ant-menu-submenu-title {

color: #000 !important;

}

/* border-right for the active link */

.ant-menu-vertical .ant-menu-item::after,

.ant-menu-vertical-left .ant-menu-item::after,

.ant-menu-vertical-right .ant-menu-item::after,

.ant-menu-inline .ant-menu-item::after {

border-color: var(--main-primary-dark) !important;

}

/* Active link background */

.ant-menu:not(.ant-menu-horizontal) .ant-menu-item.ant-menu-item-selected {

background-color: var(--main-primary-light) !important;

}

/* background link :hover */

.ant-menu:not(.ant-menu-horizontal) .ant-menu-item:hover,

.ant-menu:not(.ant-menu-horizontal) .ant-menu-submenu div:hover {

background-color: var(--main-primary-dark) !important;

}

/* :hover icons color*/

.ant-menu:not(.ant-menu-horizontal) span.ant-menu-title-content:hover .custom-icon path {

fill: #fff !important;

}

/* :hover links color*/

.ant-menu:not(.ant-menu-horizontal) .ant-menu-item-active:hover a,

.ant-menu:not(.ant-menu-horizontal) .ant-menu-submenu span.ant-menu-title-content:hover{

color: #fff !important;

}

/* Sidebar logo */

.ant-layout-sider.light.ant-fixed-sidemenu > div > div{

height: 100px !important;

138

background-repeat: no-repeat;

background-size: 200px;

background-position: 25px 25px;

margin-bottom: 20px;

}

/* Closed sidebar logo*/

.ant-layout-sider.light.ant-fixed-sidemenu.ant-layout-sider-collapsed > div > div{

height: 70px !important;

background-repeat: no-repeat;

background-size: 30px;

background-position: 25px 20px;

}

/* Hide the ACS default logo */

.ant-layout-sider img {

display: none;

}

Figure 112: Stylized sidebar

139

Figure 113: Stylized closed sidebar

6.3.5.8. Cards and dashboard graphs stylization

/* Card "Running VMs" */

.usage-dashboard .ant-row .ant-col:nth-child(1) .ant-card.usage-dashboard-chart-card {

background-color: var(--main-green) !important;

}

/* Card "Stopped VMs" */

.usage-dashboard .ant-row .ant-col:nth-child(2) .ant-card.usage-dashboard-chart-card {

background-color: var(--main-red) !important;

}

/* Cards text: "RunningVMs" and "Stopped VMs" */

.usage-dashboard .ant-row .ant-col:nth-child(1) .ant-card.usage-dashboard-chart-card h2,

.usage-dashboard .ant-row .ant-col:nth-child(1) .ant-card.usage-dashboard-chart-card h3,

.usage-dashboard .ant-row .ant-col:nth-child(2) .ant-card.usage-dashboard-chart-card h2,

.usage-dashboard .ant-row .ant-col:nth-child(2) .ant-card.usage-dashboard-chart-card h3 {

color: #fff !important;

}

/* Graphs percentages */

.ant-progress-circle.ant-progress-status-normal .ant-progress-text {

color: var(--main-default) !important;

font-weight: bold;

}

/* Graph filling color */

.ant-progress.ant-progress-status-normal path.ant-progress-circle-path {

stroke: var(--main-default) !important;

}

/* Color for graph section without filling */

.ant-progress path.ant-progress-circle-trail{

stroke: var(--main-gray-light) !important;

}

140

Figure 114: Stylized dashboard on root admin account

Figure 115: Stylized dashboard on user account

6.3.5.9. Listings and links stylization

/* Links color */

a {

color: var(--main-primary-dark);

}

/* :hover link color */

a:hover {

color: var(--main-secondary-dark);

}

/* Dropdown links color */

.ant-dropdown .ant-dropdown-menu-item:hover {

141

background-color: var(--main-primary-light) !important;

}

/* Dropdown :hover links color */

.ant-dropdown .ant-dropdown-menu-item:hover * {

color: #000;

}

/* :hover listings items color*/

.ant-table-tbody > tr:hover > td {

background: var(--main-secondary-light) !important;

}

Figure 116: Stylized listing and links

6.4. Redirection to external links

There are two properties in the config.json settings ﬁle that deﬁne redirec-

tions to external links.

The property externalLink consists of a list containing values for the ti tle, li

nk and icon attributes.

"externalLinksIcon: "",

"externalLink": [

{

"title": "Cloudstack",

"link": "https://cloudstack.apache.org",

"icon": myIcons/cloudstach.png

{

"title": "Apache",

A list of possible resource limitations setting "link": "https://apache.org",

"icon": "https://www.apache.org/icons/apache.png"

}

]

The external link redirection feature is controlled by the following rules:

• if the properties are undeﬁned, the redirection button will not be shown

to the user;

142

• the attribute link from the externa lLinks property is mandatory in this

context, and empty elements or those without the link property in the ex

ternalLinks property will not be considered;

• the t itle and i con properties are optional, and in the case that the icon

attribute is undeﬁned, the default icon will be applied;

• when the title attribute is undeﬁned, the link will be shown in its place.

Once the title, link and icon are deﬁned, two possible behaviours can be

observed:

1. Only one element is deﬁned: in this context a button will be shown, and

when clicked it will redirect the user to the link deﬁned in the settings;

Figure 117: Only one deﬁned element

2. More than one deﬁned element: a dropdown list will be shown, containing

all the conﬁgured links.

Figure 118: More than one deﬁned element

"externalLinksIcon: "",

"externalLinks": [

{

"title": "",

"link": "http://apache.org",

"icon": "https://www.apache.org/icons/apache.png"

{

"title": "Will not be displayed",

143

"link": "",

"icon": ""

{

"title": "CloudStack",

"link": "http://cloudstack.org",

"icon": "myIcons/cloudstach.png"

}

]

The externalLinksIcon property, also optional, deﬁnes an icon that will be

used to compose the button shown when more than one external link is in-

formed. In the example above this property was ommited, therefore, the de-

fault icon was displayed. It is also possible to use local images in the i con at-

tribute or in an external link.

Figure 119: Link with an icon attribute

More information about UI customization can be accessed in github.

144

7. Resources consumption accounting

The module for accounting computational resources consumption is subdi-

vided in two mechanisms: usage collection (Usage Server) and usage account-

ing (Quota), with the second acting complementarily to the ﬁrst.

The Usage Server mechanism periodically performs the identiﬁcation and

collection of usage data from the environment resources.

The Quota mechanism is a plugin that allows the management of a tariﬀ

model over the computational resource consumption, guided by an one-to-

many relation, making it possible to deﬁne many tariﬀs for the same kind of

resource. Each tariﬀ uses the type of resource, consumption volume and user

characteristics to evaluate and calculate the cost estimates.

7.1. Usage Server

The Usage Server (cloudstack-usage service) is an optional CloudStack com-

ponent, responsible for generating records over used resources in the infras-

tructure, with those records being saved in a separated database, called cloud

usage.

It is used to monitor resource consumption from users, allowing the im-

plementation of reports or billing services. It works collecting data from events

released from CloudStack and using this data to create resource usage reports.

7.1.1. Usage Server setup

The command to enable the Usage Server service is:

user@scclouds:~$ systemctl enable cloudstack-usage.service

user@scclouds:~$ systemctl start cloudstack-usage.service

After enabled, it is necessary to perform its setup within CloudStack:

• Accessing the CloudStack settings:

145

Figure 120: Accessing the settings

The main settings are:

146

Setting Description Default Value

enable.usage.server Enable the service false

publish.usage.events Enable publishing us-

age events

usage.timezone Timezone used by Us-

age Server

GMT

usage.sanity.check.interval Interval, in days, be-

tween error checks in

the Usage Server

usage.snapshot.virtualsize.select Analyses the virtual

size (true) or physical

size (false) from snap-

shots

false

usage.stats.job.aggregation.range Interval, in minutes,

that the data will be

aggregated.

1440

usage.stats.job.exec.time Time scheduled to

start the data aggrega-

tion job.

00:15

Table 30: Usage server settings

Figure 121: Editing the settings

As soon as the desired settings are saved and applied, it is necessary to

restart the Management Server and Usage Server services using the commands:

user@scclouds:~$ systemctl restart cloudstack-management.service

user@scclouds:~$ systemctl restart cloudstack-usage.service

7.1.2. Usage type

The Usage Server is utilized to monitor the consumption of various resources

and so, to diﬀerentiate records, each report is sent along with the usage type

147

parameter to indicate the type of resource accounted during the aggregation

period.

It is possible to ﬁnd all usage types via API, as follows:

(admin) > list usagetypes

Type Name Description

1 RUNNING_VM Veriﬁes the execution time for a VM dur-

ing the usage record period. If the VM

is updated during the period, you will re-

ceive a separated record for the updated

VM.

2 ALLOCATED_VM Veriﬁes the total time interval between

the creation of a VM until its destruction.

3 IP_ADDRESS Shows the public IP address used by the

account.

4 NETWORK_BYTES_SENT Veriﬁes the number of bytes sent from

the VMs from a certain account. Indi-

vidual traﬃc sent from each VM is not

tracked.

5 NETWORK_BYTES_RECEIVED Veriﬁes the number of bytes received by

the VMs from a certain account. Indi-

vidual traﬃc received by each VM is not

tracked.

6 VOLUME Veriﬁes the total time interval between

the creation of a disk volume until its de-

struction.

148

7 TEMPLATE Veriﬁes the total time interval between

the creation of a template (created from a

snapshot or upload) until its destruction.

The template size is also returned.

8 ISO Veriﬁes the total time interval between

the upload of an ISO until its destruction.

The ISO size is also returned.

9 SNAPSHOT Veriﬁes the total time interval between

the creation of a snapshot until its de-

struction.

10 SECURITY_GROUP Veriﬁes security groups usage.

11 LOAD_BALANCER_POLICY Veriﬁes the total time interval between

the creation of a load balancer rule until

its removal. It does not track whether or

not a VM has used this rule.

12 PORT_FORWARDING_RULE Veriﬁes the total time interval between

the creation of a port forwarding rule un-

til its removal.

13 NETWORK_OFFERING Veriﬁes the total time interval between

the designation of a network oﬀering to

a VM until its removal.

14 VPN_USERS Veriﬁes the time interval between the cre-

ation of a VPN user until its removal.

21 VM_DISK_IO_READ Shows the amount of disk read opera-

tions from the VM.

22 VM_DISK_IO_WRITE Shows the amount of disk write opera-

tions from the VM.

149

23 VM_DISK_BYTES_READ Shows the amount of bytes read from the

VM disk.

24 VM_DISK_BYTES_WRITE Shows the amount of bytes written in the

VM disk.

25 VM_SNAPSHOT Shows the amount of storage used by the

VM snapshots.

26 VOLUME_SECONDARY Shows the amount of secondary storage

used by the VM volumes.

27 VM_SNAPSHOT_ON_PRIMARY Shows the amount of primary storage

used by the VM snapshots.

28 BACKUP Shows the amount of storage used by VM

backups.

29 VPC Veriﬁes the total time interval between

the creation of a VPC until its destruction.

30 NETWORK Veriﬁes the total time interval between

the creati a network until its destruction.

31 BACKUP_OBJECT Shows the storage used by backup ob-

jects.

Table 31: Usage types

A list of possible resource limiting settings may be accessed in 5.3.

7.1.3. Usage records

Usage Server collects resource usage statistics through event data gener-

ated by CloudStack and uses an aggregation job to generate reports. The time

the Usage records aggregation job runs for the ﬁrst time each day is deter-

mined by the u sage.stats.job.exec.time global setting, and the generated Us-

age records records contain resource usage over a period of minutes deﬁned

by the usage.stats.job.ag gregation.ra nge global setting. Since the generation

150

of Usage records can be confusing for some Usage types, this section aims to

explain each of them:

• RUNNING_VM: A Usage record will be generated for each VM execution

that occurred during the recording period, with the exception of system

VMs. Recording begins with the VM.START event and ends with the VM.

STOP event or the VM.DYNAMIC.SCALE event. After the VM.DYNAMIC.SC

ALE event, the recording done until the moment is saved in a record and

recording restarts for a new record.

• ALLOCATED_VM: A Usage record will be generated for each VM allocation

that occurred during the recording period, with the exception of system

VMs. Recording begins with the VM.CREATE event and ends with the V

M.DESTRO Y, VM.UPGRADE, or VM.D YNAMIC.SC ALE events. After the VM

.UP GRADE or VM.DYNAMIC.SCALE events, the recording done until the

moment is saved in a record and recording restarts for a new record.

• IP_ADDRESS: A Usage record will be generated for each public IP address

that was associated with a network or assigned to a VM during the record-

ing period, with the exception of system VMs. Recording begins with the

NET.IPASSIGN event and ends with the NET.IPRELEASE event.

• NETWORK_BYTES_SENT: A Usage record will be generated for each net-

work that sent bytes during the recording period. Each time the Usage

records aggregation job is executed, this number of bytes is recalculated.

• NETWORK_BYTES_RECEIVED: A Usage record will be generated for each

network that received bytes during the recording period. Each time the

Usage records aggregation job is executed, this number of bytes is recal-

culated.

• VOLUME: A Usage record will be generated for each disk volume that was

allocated in primary storage during the recording period. Recording be-

151

gins with the VOLUME. C R E A T E event and ends with the VOLUME.DELETE

or VOLUME.RESIZE event. After the VOLUME.RESIZE event, the recording

done until the moment is saved in a record and recording restarts for a

new record.

• TEMPLAT E: A Usage record will be generated for each template that ex-

isted in secondary storage during the recording period. Recording begins

with the TEMPLATE. CREATE or TEMPLATE.COPY event and ends with the

TEMPLATE.DELETE event.

• ISO: A Usage record will be generated for each ISO that existed on a sec-

ondary storage during the registration period. Recording begins with the

ISO.CREATE or ISO.COPY event and ends with the ISO.DELETE event.

• SNAPSHOT: A Usage record will be generated for each snapshot of a vol-

ume that existed on a secondary storage during the registration period.

Recording begins with the SNAPSHOT.CREATE event and ends with the S

NAPSHOT.DELETE event.

• LOAD_BALANCER_POLICY: A Usage record will be generated for each load

balancer policy used during the registration period. Recording begins with

the LB.CREATE event and ends with the LB.DELETE event.

• PORT_FORWARDING_RULE: A Usage record will be generated for each

port forwarding rule used during the registration period. Recording be-

gins with the NE T.RULEADD event and ends with the NET.RULEDELETE

event.

• NETWORK_OFFERING: A Usage record will be generated for each VM con-

nected to a network created with a network oﬀering during the registra-

tion period. Recording begins with the NETWORK.OFFERING.CREATE or N

ETWORK.OFFERING. A SSIGN event and ends with the NE T WORK.OFFERIN

G.DELETE or NETWORK.OFFERING.REMOVE event.

152

• VPN_USERS: A Usage record will be generated for each VPN user that ex-

isted during the record period. Recording begins with the VPN.USER.ADD

event and ends with the VPN.USER.REMOVE event.

• VM_DISK_IO_READ and VM_DISK_BYTES_READ: A Usage record will be

generated for each disk in a VM that performed read operations during

the recording period. Each time the Usage records aggregation job is ex-

ecuted, this number of bytes is recalculated.

• VM_DISK_IO_WRITE and VM_DISK_BYTES_WRITE: A Usage record will be

generated for each disk in a VM that performed write operations during

the recording period. Each time the Usage records aggregation job is ex-

ecuted, this number of bytes is recalculated.

• VM_SNAPSHOT: A Usage record will be generated for each volume saved

by a snapshot of a VM during the registration period. Recording begins

with the VMSNAPSHOT.CREATE event and ends with the VMSNAPSHOT.D

ELETE event.

• VOLUME_SECONDARY: A Usage record will be generated for each volume

that was allocated to secondary storage during the registration period.

Recording begins with the VOLUME.UPLOAD event and ends with the VOL

UME.DELETE or VOLUME.CREATE event (since the volume will be migrated

to primary storage).

• VM_SNAPSHOT_ON_PRIMARY: A Usage record will be generated for each

VM snapshot that existed on the primary storage during the registration

period. Recording begins with the VMSNAPSHOT.ON_PRIMARY event and

ends with the VMSNAPSHOT.OFF_PRIMARY event.

• BACKUP: A Usage record will be generated for each backup oﬀering that

was associated with a VM during the registration period. Recording begins

153

with the BACKUP.OFFERING.ASSIGN event and ends with the BACKUP.OF

FERING.REMOVE event.

• VPC: A Usage record will be generated for each VPC that existed during

the recording period. Recording begins with the VPC.CREATE event and

ends with the VPC.DELETE event.

• NETWORK: A Usage record will be generated for each network on which

VMs were running during the recording period. Recording begins with the

NETWORK.CREATE event and ends with the NETWORK.DELETE event.

• BACKUP_OBJECT: A Usage record will be generated for each backup that

existed during the recording period. Recording begins with the BACKUP.

CREATE event and ends with the BACKUP.DELETE event.

7.2. Quota

The Quota plugin is a service that extends the Usage Server functionalities,

making it possible to assign monetary value to computational resources con-

sumption in the control reports.

7.2.1. Quota setup

The main settings for this service are:

154

Name Description Default

Value

quota.currency.symbol Currency symbol used to

measure the resource us-

age.

quota.enable.service Enable the Quota plugin. false

quota.statement.period Interval in which the Quota

details are sent via e-mail,

with possible values being:

bimonthly(0), monthly(1),

quarterly(2), half-yearly(3)

and annual(4).

quota.usage.smtp.connection.timeout Connection timeout with the

SMTP server.

quota.usage.smtp.host Host that holds the SMTP

server.

quota.usage.smtp.password SMTP server password.

quota.usage.smtp.port SMTP server port.

quota.usage.smtp.sender Issuing e-mail.

quota.usage.smtp.useAuth Use authentication in the

SMTP server.

quota.usage.smtp.user SMTP server user.

quota.enable.enforcement Makes resource manipula-

tion unavailable for the ac-

count when it reaches the

Quota limit.

false

Table 32: Quota plugin settings

After changing these settings, it is necessary to restart the Management

Server and the Usage Server to apply them:

user@scclouds:~$ systemctl restart cloudstack-management.service

user@scclouds:~$ systemctl restart cloudstack-usage.service

After this restart, the Quota menu will be available in the UI:

155

Figure 122: Quota plugin

From this menu it will be possible to manage tariﬀs, credits, Quota e-mail

templates and visualize reports.

7.2.2. Tariﬀs management

In the Tariﬀ submenu it is possible to visualize and manage the Quota tariﬀs.

When accessing the menu, a list of active system tariﬀs will be shown:

Figure 123: List of active tariﬀs

It is also possible to list already removed tariﬀs, just by selecting the Remo

ved option in the ﬁlter, or All to list everything:

156

Figure 124: Listing ﬁlters

The operator may create new tariﬀs or edit/remove already existing ones.

7.2.2.1. Creating tariﬀs

To create a new tariﬀ, use the Create Quota tarif f button, which will open the

following form:

157

Figure 125: Tariﬀ creation form

The operator must obligatorily inform the Name, Usage ty pe and Tariff val

ue ﬁelds. The remaining ﬁelds are optional.

In the Processing period ﬁeld, when choosing the Monthly option, a new

ﬁeld named Ex e c ute on will appear, where it will be necessary to add a day of

the month between 1-28, indicating the date in which the tariﬀ will be monthly

processed.

It is possible to set rules to deﬁne when a tariﬀ must be applied. The docu-

mentation about activation rules may be found in the Activation rules section.

158

7.2.2.2. Tariﬀ details

When selecting a tariﬀ in the listing, it is possible to visualize its details and any

actions that may be executed:

Figure 126: Tariﬀ details

7.2.2.3. Editing tariﬀs

After creating tariﬀs, the operator may change some of its information:

Figure 127: Possible actions for active tariﬀs

159

Figure 128: Tariﬀ editing form

The changes made in the tariﬀ will only have an eﬀect on processings made

after the changes.

7.2.2.4. Removing tariﬀs

If necessary, the operator may remove tariﬀs to prevent them from being in-

cluded in future Quota processings:

Figure 129: Removing a tariﬀ

7.2.3. Activation rules

Activation rules are logical expressions used to deﬁne which tariﬀs are ap-

plied based on which resources are being used, possibly including speciﬁc tar-

160

iﬀs for speciﬁc clients.

Through activation rules it is possible to use resource tags as a way to iden-

tify diﬀerent resource types within the same category and then apply unique

tariﬀs for each one (for example, apply a greater tariﬀ if the storage is of SSD

type).

Due to its simplicity, both in terms of understanding and writing, compared

to other programming languages, JavaScript was chosen for the creation of

the activation rules. Therefore, the expressions must be written speciﬁcally

in JavaScript ECMAScript 5.1 code and need to follow, besides the language

syntax, the following rules:

• The expression processing engine is only instantiated once per processing

cycle, therefore, reserved words such as const, var or let must not be used

to declare variables when creating activation rules, as this will cause an I

dentifier has already been declared error and it will not be possible to

process such rules. Instead of using const a = 1;, for example, a = 1; should

be used.

• ACS expects the return from these expressions to be a boolean value (t

rue/false) or a numeric value. It will deduce the result type applying the

following rules:

– if the result is a number, such as 1, 2.5 and so on, the result will be

used as the tariﬀ value, instead of the value deﬁned in the Tariff valu

e ﬁeld;

– if the result is not a number, ACS will try to convert it to a boolean.

If the result is true, the value set in the Tarif f value ﬁeld will be used

in the calculation. Otherwise, if the result is false or if the expression

does not result in a valid boolean, the tariﬀ will not be applied in the

calculation;

161

– if the tariﬀ does not have an expression to be evaluated or if the ex-

pression is empty, the tariﬀ will always be applied.

Some variables will be pre-created (referred as preset throughout the text)

in the expressions context to provide greater ﬂexibility to the operators. Each

resource type will have a series of presets corresponding to its characteristics:

162

7.2.3.1. Default presets for all resource types

Variable Description

account.id uuid of the account that owns the resource.

account.name name of the account that owns the resource.

account.role.id uuid of the role from the account that owns the

resource (if it exists).

account.role.name name of the role from the account that owns the

resource (if it exists).

account.role.type type of the role from the account that owns the

resource (if it exists).

domain.id uuid of the domain of the account that owns the

resource.

domain.name name of the domain of the account that owns the

resource (if it exists).

domain.path path of the domain of the account that owns the

resource.

project.id uuid of the project that owns the resource (if it

exists).

project.name name of the project that owns the resource (if it

exists).

resourceType type of resource.

value.accountResources List containing the remaining of the account re-

sources of the same type that are valid in the

same period that is being processed.

zone.id uuid of the zone of the account that owns the re-

source.

zone.name name of the domain of the account that owns the

resource.

processedData.id uuid of the resource.

processedData.name name of the resource.

processedData.startDate Start date from the processed data.

processedData.endDate End date from the processed data.

Table 33: Default presets for every resource type - Part 1

163

Variable Description

processedData.usageValue usage from the resources during the pe-

riod.

processedData.aggregatedTariﬀs Aggregation from all tariﬀs applied by

Quota over the resource during the pe-

riod.

processedData.tariﬀs.value Tariﬀ value.

processedData.tariﬀs.id uuid of the tariﬀ.

processedData.tariﬀs.name name of the tariﬀ.

lastTariﬀs List of objects containing id and value at-

tributes for previous tariﬀs.

Table 34: Default presets for every resource type - Part 2

164

7.2.3.2. Presets for the RUNNING_VM type

Variable Description

value.host.id uuid of the host where the VM is

running.

value.host.name name of the host where the VM is

running.

value.host.tags List of tags of the host where the

VM is running.

Example: ["a", "b"].

value.host.isTagARule Boolean indicating if the tag used

is a rule.

value.id uuid of the VM.

value.name name of the VM.

value.osName name of the OS in the VM.

value.computeOﬀering.customized Boolean indicating if the compute

oﬀering of the VM is customizable.

value.computeOﬀering.id uuid of the compute oﬀering of

the VM.

value.computeOﬀering.name name of the compute oﬀering of

the VM.

value.computingResources.cpuNumber Current number of vCPUs in the

VM.

value.computingResources.cpuSpeed Current CPU speed in the VM (in

MHz).

value.computingResources.memory Current amount of memory in the

VM (in MiB).

value.tags VM tags, in the format key:value.

Example: {"a":"b", "c":"d"}.

value.template.id uuid of the VM template.

value.template.name name of the VM template.

value.hypervisorType type of hypervisor of the VM.

Table 35: Presets for the RUNNING_VM type

165

7.2.3.3. Presets for the ALLOCATED_VM type

Variable Description

value.id uuid of the VM.

value.name name of the VM.

value.osName name of the OS in the VM.

value.computeOﬀering.customized Boolean indicating if the compute of-

fering of the VM is customizable.

value.computeOﬀering.id uuid of the compute oﬀering of the

VM.

value.computeOﬀering.name name of the compute oﬀering of the

VM.

value.tags VM tags, in the format key:value. Ex-

ample: {"a":"b", "c":"d"}.

value.template.id uuid of the VM template.

value.template.name name of the VM template.

value.hypervisorType type of hypervisor of the VM.

Table 36: Presets for the ALLOCATED_VM type

166

7.2.3.4. Presets for the VOLUME type

Variable Description

value.diskOﬀering.id uuid of the disk oﬀering of the volume.

value.diskOﬀering.name name of the disk oﬀering of the volume.

value.id uuid of the volume.

value.name name of the volume.

value.provisioningType Resource provisioning type. Values for this set-

ting may be: thin, sparse or fat.

value.storage.id uuid of the storage where the volume is located.

value.storage.isTagARule Boolean indicating if the tag used is a rule.

value.storage.name name of the storage where the volume is located.

value.storage.scope scope of the storage where the volume is located.

Values for this setting may be: ZONE or CLUSTE

value.storage.tags List of tags of the storage where the volume is

located. Example: ["a", "b"].

value.tags Volume tags, in the format key:value. Example: {

"a":"b", "c":"d"}.

value.size size of the volume (in MiB).

value.volumeFormat Volume format. Values for this setting may be: R

AW, VHD, VHDX, OVA and QCOW2.

Table 37: Presets for the VOLUME type

7.2.3.5. Presets for the TEMPLATE and ISO type

Variable Description

value.id uuid of the template/ISO.

value.name name of the template/ISO.

value.osName name of the template’s/ISO’s OS.

value.tags Template/ISO tags, in the format k ey:value. Example: {"a":"

b", "c":"d"}.

value.size size of the template/ISO (in MiB).

Table 38: Presets for the TEMPLATE and ISO types

167

7.2.3.6. Presets for the SNAPSHOT type

Variable Description

value.id uuid of the snapshot.

value.name name of the snapshot.

value.size size of the snapshot (in MiB).

value.snapshotType type of snapshot. Values for this setting may be:

MANUAL, HOURLY, DAILY, WEEKLY or MONTHLY.

value.storage.id uuid of the storage where the snapshot is lo-

cated.

value.storage.isTagARule Boolean indicating if the tag used is a rule.

value.storage.name name of the storage where the snapshot is lo-

cated.

value.storage.scope scope of the storage where the snapshot is lo-

cated. Values for this setting may be: ZONE or

CLUSTER.

value.storage.tags List of tags of the storage where the snapshot is

located. Example: ["a", "b"].

value.tags Snapshot tags, in the format key:value. Example:

{"a":"b", "c":"d"}.

value.hypervisorType hypervisor in which the resource was deployed.

Values for this setting may be: XenServer, KVM, V

Mware, Hy per-V, BareMetal, Ovm, Ovm3 and L X

Table 39: Presets for the SNAPSHOT type

Notes:

• If the global setting snapshot.backup.to.secondary is set to false, the value

for the presets value. storage.id and value.storage.name will be from the

primary storage. Otherwise, they will be from the secondary storage.

• Hosts or storages using the ﬂexible tags feature will have the isTagARule

variable set to true and will have their tag variable empty.

• If the global setting snapshot.backup.to.secondary is set to false, the value

168

for the presets value.sto rage.scope and value.storage.tags will be from

the primary storage. Otherwise, they will not exist.

7.2.3.7. Presets for the NETWORK_OFFERING type

Variable Description

value.id uuid of the network oﬀering.

value.name name of the network oﬀering.

value.tag tag of the network oﬀering.

Table 40: Presets for the NETWORK_OFFERING type

7.2.3.8. Presets for the VM_SNAPSHOT type

Variable Description

value.id uuid of the VM snapshot.

value.name name of the VM snapshot.

value.tags VM snapshot tags, in the format key :value. Exam-

ple: {"a":"b", "c":"d"}.

value.vmSnapshotType type of the VM snapshot. Values for this setting

may be:

Disk or DiskAndMemory.

value.hypervisorType Hypervisor in which the resource was deployed.

Values for this setting may be: XenServer, KVM, V

Mware, Hyper-V, BareMetal, Ovm, Ovm3 and LXC.

Table 41: Presets for the VM_SNAPSHOT type

7.2.3.9. Presets for the BACKUP type

Variable Description

value.size size of the backup.

value.virtualSize virtual size of the VM.

value.backupOﬀering.id uuid of the backup oﬀering.

value.backupOﬀering.name name of the backup oﬀering.

value.backupOﬀering.externalId external id of the backup oﬀering.

Table 42: Presets for the BACKUP type

Notes:

169

• The measurement unit of the presets value.size and value.virtualSize varies

for each backup provider. For example, values informed by Veeam are in

bytes.

7.2.3.10. Presets for the NETWORK_USAGE type

Variable Description

value.id uuid of the network.

value.name name of the network.

value.state state of the network. Values for this setting may be: Allocated,

Conﬁgured, Implementing, Implemented, Shutdown and De-

stroyed.

Table 43: Presets for the NETWORK_USAGE type

7.2.3.11. Presets for the BACKUP_OBJECT type

Variable Description

value.id uuid of the backup object.

value.name name of the backup object.

value.size size of the resource, in MiB.

value.virtualSize virtual size of the backup.

value.backupOﬀering.id uuid of the backup oﬀering.

value.backupOﬀering.name name of the backup oﬀering.

value.backupOﬀering.externalId external id of the backup oﬀering.

value.virtualMachine.id uuid of the VM.

value.virtualMachine.name name of the VM.

Table 44: Presets for the BACKUP_OBJECT type

7.2.3.12. Verifying presets via API

An API call may be done to verify all the presets for each resource, but only

admin users have access to this command. For that, just choose a usageType

to check the variable names and descriptions, as shown below:

(admin) > quota listpresetvariables usagetype=<usageType_id>

170

7.2.3.13. Presets for the other resources

The speciﬁc presets for each resource type were addressed based on use cases,

therefore, not all resource properties are present, similarly, not all resources

have speciﬁc presets, only the default presets. Other presets may be added as

use cases appear.

7.2.3.14. Expressions examples

As described at the beginning of this section, activation rules are logical expres-

sions written in JavaScript, created to address speciﬁc use cases. It is advisible

for the environment administrator to create their own expressions based on

their needs, paying attention to the rules described at the beginning of this

section and to the language syntax. The following examples provide demon-

strations of what can be achieved using activation rules.

1. Apply a tariﬀ to a single account (available to all resource types):

if (account.id == 'b29e84da-ed2e-47dc-9785-49231de8ff07') {

true

} else {

false

}

Or simply:

account.id == 'b29e84da-ed2e-47dc-9785-49231de8ff07'

2. Apply a tariﬀ if the account currently has more than 20 resources of the

same type (available for all resource types):

value.accountResources.filter(resource =>

resource.domainId == 'b5ea6ffb-fa80-455e-8b38-c9b7e3900cfd'

).length > 20

171

3. Return the tariﬀ value based on the amount of resources that the account

currently owns (available for all resource types)

resourcesLength = value.accountResources.filter(resource =>

resource.domainId == 'b5ea6ffb-fa80-455e-8b38-c9b7e3900cfd'

).length

if (resourcesLength > 40) {

} else if (resourcesLength > 10) {

} else {

}

4. Apply the tariﬀ for a certain OS (available for the RUNNING_VM and AL-

LOCATED_VM):

['Windows 10 (32-bit)',

'Windows 10 (64-bit)',

'Windows 2000 Advanced Server'].indexOf(value.osName) !== -1

5. Storage tags validation (available for VOLUME and SNAPSHOT):

value.storage.tags.indexOf('SSD') !== -1

&& value.storage.tags.indexOf('NVME') !== -1

6. Host tags validation (available for RUNNING_VM):

value.host.tags.indexOf('CPU platinum') !== -1

If the value is not informed in the else, the expression may result in undefined and the

tariﬀ will not be applied.

172

7. Public IPs validation

. If the ﬁrst public IP is free of charge for the user, it

is possible to prevent charging source NAT IPs (available for IP ADDRESS):

resourceType !== 'SourceNat'

8. Return the tariﬀ value if the storage in use is of HDD type (available for

VOLUME and SNAPSHOT):

useHdd = false

if (value.storage) {

for (i = 0; i < value.storage.tags.length; i++) {

if (value.storage.tags[i].indexOf('hdd') !== -1) {

useHdd = true

break

}

if (useHdd) {

0.3

} else {

}

9. For a more complex example, the following expression represents the li-

censing cost for Windows OS and it has some peculiarities (available for

ALLOCATED_VM):

• The amount charged will be based on the number of vCPUs assigned

to the VM;

• A minimum of 4 vCPUs are charged;

Public IPs are connected to the VPC or isolated networks (not directly to the user VM). Every

ﬁrst public IP in a VPC or isolate network is a source NAT; if the public IP is allocated by the user,

the preset resourceType will be null.

173

• For more than 4 vCPUs it is charged incrementally for vCPUs pairs

(2). In other words, if the number of vCPUs is odd, the charge will be

rounded up to an even value. For example, the charge for 5 vCPUs is

the same as for 6 vCPUs, for 7 vCPUs is the same as 8, and so on;

• The charge will be monthly.

TOTAL_CORES_PER_PACKAGES = 2;

MININUM_NUMBER_OF_PACKAGES_WINDOWS_LICENSES = 4;

OPERATING_SYSTEM_NAME = "windows";

windows_operating_system_monthly_price = 36;

calculate_number_of_license_packages = function (vcpus) {

return (vcpus + vcpus%TOTAL_CORES_PER_PACKAGES)/

TOTAL_CORES_PER_PACKAGES;

};

if (value.osName.toLocaleLowerCase().

indexOf(OPERATING_SYSTEM_NAME) >= 0) {

calculate_number_of_license_packages

(value.computingResources.cpuNumber) *

windows_operating_system_monthly_price

} else {

}

7.2.4. Credits management

In the Summa ry sub-menu it is possible to check the Quota reports and

manage the accounts’ credits.

174

Figure 130: List of active accounts

7.2.4.1. Adding/removing credits

To add/remove credits from an account, use the Add credits button, which will

open the following form:

Figure 131: Form for adding/removing credits

Notes:

175

• To remove credits from an account, use the - operator before the tariﬀ

value, in the Value ﬁeld.

• The Min Balance ﬁeld indicates the minimum limit for the account bal-

ance.

• Checking the Enforce Quota ﬁeld will make accounts that reach their limits

have their balances blocked.

7.2.5. Active accounts

In the Summary sub-menu it is shown, by default, the current state of active

accounts (last balance + credits):

Figure 132: List of active accounts

It is also possible to list already removed accounts, just by selecting the ﬁlter

option Removed accounts, or All to list everything:

176

Figure 133: Listing ﬁlters

Via CloudMonkey, this query may be performed in the following way:

(admin) > quota summary account=admin domainid=52d83793-26de-11ec-8dcf-5254005dcdac listall=true

{

"count": 1,

"summary": [

{

"account": "admin",

"accountid": "af16aaed-26de-11ec-8dcf-5254005dcdac",

"accountremoved": false,

"balance": 124.49,

"currency": "$",

"domain": "/",

"domainid": "52d83793-26de-11ec-8dcf-5254005dcdac",

"domainremoved": false,

"enddate": "2023-10-06T12:00:00+0000",

"quota": 8.33871072,

"quotaenabled": true,

"startdate": "2023-10-01T12:00:00+0000",

"state": "ENABLED"

}

]

}

7.2.6. Managing e-mail templates from Quota

It is possible to deﬁne notiﬁcation templates for the Quota mechanism, which

will be sent to users based on four pre-deﬁned situations. For each user it is

possible to deﬁne when the notiﬁcations will be sent.

In the Email Templ ate sub-menu it is possible to visualize and manage the

e-mail templates that the Quota plugin will send:

177

Figure 134: List of e-mail templates from Quota

By default, the Quota plugin will send e-mails to an account in the following

scenarios:

• Low credits;

• No credits;

• Credits added;

• Balance in use.

Each scenario has a corresponding email template that will be sent. To edit

one of these templates, just select it in the listing:

Figure 135: Editing the e-mail template

178

7.2.7. Notes about using the Quota plugin

1. To add an account to the Quota plugin processing it is necessary to add

credits to it at least once. Furthermore, the account level setting quota.

account.enabled must be deﬁned as true. The Quota state for a speciﬁc

account may be accessed through the Summary sub-menu in the Quota

state column.

Figure 136: Quota state for admin accounts and custom-account

2. For accounts with credits balance lower than zero to become blocked the

global setting quota.enable.enfo rce me nt must be set to true and the op-

tion Enforce Quota must be used when adding credits to the account.

3. A blocked account still has access to its resources that are already allo-

cated. It can deallocate them but can neither allocate new resources nor

reallocate old ones. In other words, if the user has its account blocked,

they can destroy or stop their VMs but can’t start/restart them. If any is-

sue occurs with the VM (like a shutdown caused by lack of CPU or RAM)

the user will have to acquire more credits to restart the VM.

4. The check for account credits, and subsequent block (when applicable) is

performed in a interval deﬁned by the variable usage.stats.job.

aggregation.range, with default value being once a day.

179

8. Operation

This section presents some of the basic operations that operators must be

familiar with for troubleshooting issues in ACS.

8.1. Debugging issues and troubleshooting process

There are several situations where problems may occur in ACS. This section

provides recommendations for identifying the origin of most problems, as it is

frequently possible to solve them without the need to open a new issue.

8.1.1. Debugging via logs

When encountering an error, the ﬁrst step in troubleshooting is often to

check the log ﬁles of the components involved in the actions that triggered it.

Reading logs frequently reveals the source of most problems. Furthermore,

if the problem is not treatable in the operation context, sending the logs rele-

vant to the problem simpliﬁes and speeds up their resolution when opening an

issue. Section 8.1.4 describes how to ﬁnd the log ﬁles.

Eventually, errors happen because of resource shortage. For example, an

error when creating a virtual router may be caused by the shortage of available

IPs. This kind of situation is ﬁxed by increasing the current amount of resources

or recycling other resources that are no longer used.

8.1.2. Debugging via web interface

When errors occur through the web interface, it is possible to verify which

API commands are currently being executed, which facilitates searching for the

error in the logs, as the commands being called are known. The steps for this

kind of debugging are:

1. Open the development tools menu in your browser (F12 is usually the

shortcut);

2. Select the network tab;

3. In parallel, open the Management Server’s log ﬁle, using the command ta

il -f;

180

4. Perform the action that causes the error in the web interface. You will see

all calls being made in the Network tab;

5. Select one of your interest;

6. In the GET section of the Network tab, the API command being executed

will be visible;

By doing so, it is possible to follow the execution ﬂow on the logs and debug

the problem.

8.1.3. Debugging network problems

Sometimes, the routes of some ACS components are changed, which may

prevent proper communication between certain components. The command i

p route is the main way to detect any changes in the routes, ensuring that the

IPs are coherent with the adopted topology. Alternatively, the a rp command

can be used to verify if the packets are travelling through the right interface.

The SC Clouds team provides a document with the deﬁned topology, that may

be consulted to verify if the IPs are correct.

8.1.4. Log ﬁles path

The log ﬁle from the Management Server can be found in the following path:

• /var/log/cloudstack/management/management-server.log

If the Usage Server is being used, its log ﬁle may be found in the following

path:

• /var/log/cloudstack/usage/usage.log

If the hypervisor used is KVM, a CloudStack Agent will exist. Its log ﬁle can

be found in the following path:

• /var/log/cloudstack/agent/agent.log

The logs for the system VMs can be found in the following path:

• /var/log/cloud.log

• /var/log/cloud/cloud.out

181

8.1.5. Log level increase on Management Servers and KVM Agents

This section describes how to conﬁgure Log4j

in a way that prevents the

loss of important ACS logs. Log4j organizes the logs in the following way:

1. FATAL: Errors that cause a system stop (crash). It is important for this type

of message to be reported!

2. ERROR: Errors that interrupt a task, however these do not cause a com-

plete system stop. Generally it is also important to report this type of

message;

3. WARN: Warnings that do not represent errors that happened but indicate

events that may cause them in the future;

4. INFO: Information relevant to the performed action. Messages of this

type describe normal system events, not errors;

5. DEBUG: Information that details the perfomed action;

6. TRACE: Detailed step by step of the performed action, being of a ﬁner level

than the DEBUG level;

ACS logs have some known categorization and clarity issues. For example,

there are logs that should be registered at INFO or ERROR level but are regis-

tered at DEBUG level. The SC Clouds team has been working on improvements

on these and others aspects referent to ACS logs. However, until this task is

completed, it is necessary for the Log4j to be adequately conﬁgured (at DEBUG

level) to ease the troubleshooting processes.

It is possible to conﬁgure Log4j to register only logs of certain types, this way

Log4j will register all messages of that type and those that are more severe. The

adopted hierarchy is:

Tool used by ACS to register logs.

182

Setting Log levels registered

OFF No log registry.

FATAL FATAL

ERROR FATAL and ERROR

WARN FATAL, ERROR and WARN

INFO FATAL, ERROR, WARN and INFO

DEBUG FATAL, ERROR, WARN, INFO and DEBUG

TRACE FATAL, ERROR, WARN, INFO, DEBUG and TRACE

ALL FATAL, ERROR, WARN, INFO, DEBUG and TRACE

Table 45: Logs hierarchy levels on Log4j

It is possible to conﬁgure the appender

to accept a log level from the ones

shown above. The current default setting for the Management Servers is DEB

UG; for agents and system VMs the default is INFO. Therefore, the appender

will only register logs of the speciﬁed level or of greater severity, which may be

insuﬃcient to detect or comprehend certain problems. If the hypervisor used is

KVM, it is recommended to change this setting from INFO to DEBUG throughout

agents.

For that, edit the ﬁles shown below in the respective hosts using a text editor:

• In the agent:

sudo vim /etc/cloudstack/agent/log4j-cloud.xml

• In the Management Server:

sudo vim /etc/cloudstack/management/log4j-cloud.xml

• In the system VMs:

sudo vim /usr/local/cloud/systemvm/conf/log4j-cloud.xml

Part of the tool responsible for delivering the logs to their destination.

183

If the hypervisor used is VMware, the process to access the system VMs and

edit the logj4 settings ﬁle is diﬀerent. The section Accessing the System VMs

shows this process in more detail.

Change the following setting:

...

...

...

To:

...

...

...

To limit the log sources, Log4j allows the creation of categories, deﬁning

from where the logs will be collected, as well as the accepted level. It is impor-

tant to take note that the XML that deﬁnes the Log4j settings is serially read,

therefore the order of the categories is important, since if we want to limit the

logs from a package while keeping logs in a less restrictive level, we will ﬁrst

need to deﬁne the less restrictive level for the wanted section and them deﬁne

the restriction level for the package as a whole.

With this in mind, we recommend adding the following category to the agents

XML:

</category>

This category must be above org.apache, for the reason previously explained.

However, if instead of creating the category, the category org.apache was edited

to DEBUG level, an imense ﬂood of unimportant log messages would be cre-

ated.

In the management servers this category already exists, but it is poorly po-

sitioned, therefore it must be moved so it is above org.apache.

It is also necessary to change the priority value of the category com.clou d

184

to DEBUG level:

</category>

Finally, it is necessary to change the root category setting, because it dictates

the maximum level that the logger accepts, and without this alteration all the

changes made previously will not take eﬀect. The default for this setting is INFO:

<root>

<appender-ref ref="CONSOLE"/>

<appender-ref ref="FILE"/>

</root>

It is suﬃcient to change the level value from INFO to DEBUG.

8.1.6. Troubleshooting process

Analyzing CloudStack logs is extremaly useful and can be a key point during

investigations, since they contain information related to all steps of ACS pro-

cesses, including errors, warnings, and additional messages.

For an eﬃcient log analysis in ACS it is necessary to ﬁlter the entries of in-

terest, this is achieved by identifying the log id or job id related to them.

If the analysis is made based on the Management Server logs and there is

more than one Management Server in use, it is necessary to search through

all of them. The reason for this is that command executions may be shared

between them.

To better illustrate the ﬁltering and analysis process, we will present an ex-

ample of the troubleshooting process. In this example we will accompany the

creation of a new VM, but the steps used may also be applied to investigate

multiple occurences in CloudStack.

To begin the analysis, a VM was created via UI and the steps below were

followed:

185

Figure 137: VM created th rough the UI

1. To identify the log id for the process under investigation, it is ﬁrst neces-

sary to locate a log entry containing this information. This can be achieved

by tracing the HTTP requests forwarded to the back-end by the UI when

performing certain user-requested actions. By checking the details of a

HTTP request it is possible to identify the command sent. We will use this

command to search for log entries:

Figure 138: Identifying the command sent.

To perform this search it is necessary to access the location where the log

186

ﬁles are stored and execute the command

grep -r "<UI command>" ./

In the example shown, the command used was:

grep -r "command=deployVirtualMachine&response=json" ./

Thus, we can identify some entries containing the searched command. In

them it is possible to visualize the desired log id. In this example the ID is:

logid:ef4bf833.

Figure 139: Identifying the logid for the desired process.

2. Then, we can ﬁlter the desired information using the log id:

grep -r "<logid>" ./

All log entries containing this log id will be returned.

./management-server.log:2022-03-15 12:38:40,334 DEBUG [c.c.a.ApiServlet]

(qtp1603198149-17:ctx-430e157a) (logid:ef4bf833) ===START=== 172.16.71.7 -- POST

command=deployVirtualMachine&response=json

[...]

./management-server.log:2022-03-15 12:38:41,471 DEBUG [c.c.v.UserVmManagerImpl]

(qtp1603198149-17:ctx-430e157a ctx-91e054dc) (logid:ef4bf833) Allocating in the DB for vm

./management-server.log:2022-03-15 12:38:41,545 INFO

[c.c.v.VirtualMachineManagerImpl] (qtp1603198149-17:ctx-430e157a ctx-91e054dc)

(logid:ef4bf833) allocating virtual machine from

template:b81aab72-2c37-466e-b53f-bdaf398322fa with hostname:i-2-119-VM and 1 networks

./management-server.log:2022-03-15 12:38:41,555 DEBUG

[c.c.v.VirtualMachineManagerImpl] (qtp1603198149-17:ctx-430e157a ctx-91e054dc)

(logid:ef4bf833) Allocating entries for VM: VM instance {id: "119", name:

"i-2-119-VM", uuid: "13fe0bce-a240-48e4-9d5b-081359fcf422", type="User"}

./management-server.log:2022-03-15 12:38:41,560 DEBUG

[c.c.v.VirtualMachineManagerImpl] (qtp1603198149-17:ctx-430e157a ctx-91e054dc)

(logid:ef4bf833) Allocating nics for VM instance {id: "119", name: "i-2-119-VM",

uuid: "13fe0bce-a240-48e4-9d5b-081359fcf422", type="User"}

./management-server.log:2022-03-15 12:38:41,568 DEBUG

[o.a.c.e.o.NetworkOrchestrator] (qtp1603198149-17:ctx-430e157a ctx-91e054dc)

(logid:ef4bf833) Allocating nic for vm VM instance {id: "119", name: "i-2-119-VM",

uuid: "13fe0bce-a240-48e4-9d5b-081359fcf422", type="User"} in network

Ntwk[211|Guest|11] with requested profile NicProfile[0-0-null-null-null]

./management-server.log:2022-03-15 12:38:41,653 DEBUG [c.c.n.NetworkModelImpl]

(qtp1603198149-17:ctx-430e157a ctx-91e054dc) (logid:ef4bf833) Service SecurityGroup

is not supported in the network id=211

./management-server.log:2022-03-15 12:38:41,660 DEBUG

It is alo possible to replace "./" in the command with the log folder’s full path. That way it

is possible to execute it without accessing the directory.

187

[c.c.v.VirtualMachineManagerImpl] (qtp1603198149-17:ctx-430e157a ctx-91e054dc)

(logid:ef4bf833) Allocating disks for VM instance {id: "119", name: "i-2-119-VM",

uuid: "13fe0bce-a240-48e4-9d5b-081359fcf422", type="User"}

./management-server.log:2022-03-15 12:38:41,660 INFO [o.a.c.e.o.VolumeOrchestrator]

(qtp1603198149-17:ctx-430e157a ctx-91e054dc) (logid:ef4bf833) adding disk object

ROOT-119 to i-2-119-VM

./management-server.log:2022-03-15 12:38:41,700 DEBUG

[c.c.r.ResourceLimitManagerImpl] (qtp1603198149-17:ctx-430e157a ctx-91e054dc)

(logid:ef4bf833) Updating resource Type = volume count for Account = 2 Operation =

increasing Amount = 1

./management-server.log:2022-03-15 12:38:41,729 DEBUG

[c.c.r.ResourceLimitManagerImpl] (qtp1603198149-17:ctx-430e157a ctx-91e054dc)

(logid:ef4bf833) Updating resource Type = primary_storage count for Account = 2

Operation = increasing Amount = (50.00 MB) 52428800

./management-server.log:2022-03-15 12:38:41,962 DEBUG

[c.c.v.VirtualMachineManagerImpl] (qtp1603198149-17:ctx-430e157a ctx-91e054dc)

(logid:ef4bf833) Allocation completed for VM: VM instance {id: "119", name:

"i-2-119-VM", uuid: "13fe0bce-a240-48e4-9d5b-081359fcf422", type="User"}

./management-server.log:2022-03-15 12:38:41,962 DEBUG [c.c.v.UserVmManagerImpl]

(qtp1603198149-17:ctx-430e157a ctx-91e054dc) (logid:ef4bf833) Successfully

allocated DB entry for VM instance {id: "119", name: "i-2-119-VM", uuid:

"13fe0bce-a240-48e4-9d5b-081359fcf422", type="User"}

[...]

We can see above the time when the command deployVirtualMachine was

received (2022-0 3-1 5 12:38:40,334), and also various entries related to

resource allocation for the VM creation.

./management-server.log:2022-03-15 12:38:42,646 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]

(qtp1603198149-17:ctx-430e157a ctx-91e054dc) (logid:ef4bf833) submit async job-848, details:

AsyncJobVO {id:848, userId: 2, accountId: 2, instanceType: VirtualMachine, instanceId: 119, cmd

:org.apache.cloudstack.api.command.admin.vm.DeployVMCmdByAdmin, cmdInfo:

{"iptonetworklist[0].networkid":"f8ce6644-6478-4770-84a7-834bd8a717a2","boottype":

"BIOS","httpmethod":"POST","templateid":"b81aab72-2c37-466e-b53f-bdaf398322fa","ctxAccountId":

"2","uuid":"13fe0bce-a240-48e4-9d5b-081359fcf422","cmdEventType":"VM.CREATE","startvm":

"true","bootmode":"LEGACY","serviceofferingid":"ab647165-7a0a-4984-8452-7bfceb036528",

"response":"json","ctxUserId":"2","zoneid":"8b2ceb16-a2f2-40ea-8968-9e08984bdb17",

"ctxStartEventId":"1499","id":"119","ctxDetails":"{\"interface com.cloud.dc.DataCenter\":

\"8b2ceb16-a2f2-40ea-8968-9e08984bdb17\",\"interface com.cloud.template.VirtualMachineTemplate

\": \"b81aab72-2c37-466e-b53f-bdaf398322fa\",\"interface com.cloud.offering.ServiceOffering\"

:\"ab647165-7a0a-4984-8452-7bfceb036528\",

\"interface com.cloud.vm.VirtualMachine\":\"13fe0bce-a240-48e4-9d5b-081359fcf422\"}",

"affinitygroupids":""}, cmdVersion: 0, status: IN_PROGRESS, processStatus: 0,

resultCode: 0, result: null, initMsid: 90520745551922, completeMsid: null,

lastUpdated: null, lastPolled: null, created: null, removed: null}

./management-server.log:2022-03-15 12:38:42,651 DEBUG [c.c.a.ApiServlet]

(qtp1603198149-17:ctx-430e157a ctx-91e054dc) (logid:ef4bf833) ===END===

172.16.71.7 -- POST command=deployVirtualMachine&response=json

We can also see above the time when the command was ﬁnished.

(20 22-03-15 12:38:42,651). It is important to highlight that the request

processing shown until now generates a job, which can be processed by

any ACS Management Server from the cloud environment. Filtering en-

tries that contain the id from this job allows us to obtain more information

related to the VM creation process (the same applies for others processes

188

in ACS). In the second to last log entry displayed we can see that the job

was sent at 2022-03-15 12 :38:42,646 and identify the job id that the re-

quest generated: job-848.

3. Then, the logs containing the job id found must be searched using the

command:

grep -r "<job id>" ./

Using the information returned, it is possible to identify the ID from the

thread that processed the job:

[...]

./management-server.log:2022-03-15 12:38:42,647 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]

(API-Job-Executor-5:ctx-c454c9f5 job-848) (logid:2f55511b) Executing AsyncJobVO

{id:848, userId: 2, accountId: 2, instanceType: VirtualMachine, instanceId: 119, cmd:

org.apache.cloudstack.api.command.admin.vm.DeployVMCmdByAdmin, cmdInfo:

{"iptonetworklist[0].networkid":"f8ce6644-6478-4770-84a7-834bd8a717a2","boottype":

"BIOS","httpmethod":"POST","templateid":"b81aab72-2c37-466e-b53f-bdaf398322fa",

"ctxAccountId":"2","uuid":"13fe0bce-a240-48e4-9d5b-081359fcf422","cmdEventType":

"VM.CREATE","startvm":"true","bootmode":"LEGACY","serviceofferingid":

"ab647165-7a0a-4984-8452-7bfceb036528", "response":"json","ctxUserId":"2","zoneid":

"8b2ceb16-a2f2-40ea-8968-9e08984bdb17","ctxStartEventId":"1499","id":"119","ctxDetails":

"{\"interface com.cloud.dc.DataCenter\":\"8b2ceb16-a2f2-40ea-8968-9e08984bdb17\",

\"interface com.cloud.template.VirtualMachineTemplate\":\"b81aab72-2c37-466e-b53f-bdaf398322fa

\", \"interface com.cloud.offering.ServiceOffering\":\"ab647165-7a0a-4984-8452-7bfceb036528\",

\"interface com.cloud.vm.VirtualMachine\":\"13fe0bce-a240-48e4-9d5b-081359fcf422\"}",

"affinitygroupids":""}, cmdVersion: 0, status: IN_PROGRESS, processStatus: 0,

resultCode: 0, result: null, initMsid: 90520745551922, completeMsid: null,

lastUpdated: null, lastPolled: null, created: null, removed: null}

[...]

4. Finally, after the thread ID is identiﬁed as (logid:2f5551 1b), it is impor-

tant to serch the logs for this ID, as it will return more entries than when

searching for the job id, allowing for a more thorough analysis process.

The command used is:

grep -r "<thread id>" ./

This process provides multiple details related to the VM creation process.

Below, we ﬁrst see the logs associated to cluster identiﬁcation, followed by

the ones identifying the host where the VM may be allocated. The existing

resources in the available options are compared to those deﬁned during

the creation of the VM. This process is repeated for other hosts, and, if a

match occurs, they are added to a list of potential hosts. This process can

189

be observed in the last log entry shown below, where host 31 is added to

the aforementioned list.

./management-server.log:2022-03-15 12:38:43,984 DEBUG [c.c.d.FirstFitPlanner]

(API-Job-Executor-5:ctx-c454c9f5 job-848 ctx-20458e85) (logid:2f55511b) Listing

clusters in order of aggregate capacity, that have (at least one host with) enough

CPU and RAM capacity under this Zone: 1

./management-server.log:2022-03-15 12:38:44,003 DEBUG [c.c.d.FirstFitPlanner]

(API-Job-Executor-5:ctx-c454c9f5 job-848 ctx-20458e85) (logid:2f55511b) Removing

from the clusterId list these clusters from avoid set: []

./management-server.log:2022-03-15 12:38:44,054 DEBUG

[c.c.d.DeploymentPlanningManagerImpl] (API-Job-Executor-5:ctx-c454c9f5 job-848

ctx-20458e85) (logid:2f55511b) Checking resources in Cluster: 1 under Pod: 1

./management-server.log:2022-03-15 12:38:44,078 DEBUG

[c.c.a.m.a.i.FirstFitAllocator] (API-Job-Executor-5:ctx-c454c9f5 job-848

ctx-20458e85 FirstFitRoutingAllocator) (logid:2f55511b) Looking for hosts in dc: 1

pod:1 cluster:1

./management-server.log:2022-03-15 12:38:44,091 DEBUG

[c.c.a.m.a.i.FirstFitAllocator] (API-Job-Executor-5:ctx-c454c9f5 job-848

ctx-20458e85 FirstFitRoutingAllocator) (logid:2f55511b) FirstFitAllocator has 3

hosts to check for allocation: [Host {"id": "31", "name": "cloudstack-lab-host-3",

"uuid": "2fd584d8-9fc3-4666-98f8-17f3e43e4348", "type"="Routing"}, Host {"id":

"30", "name": "cloudstack-lab-host-2", "uuid":

"3d7d8532-d0cf-476c-a36e-1b936d780abb", "type"="Routing"}, Host {"id": "29",

"name": "cloudstack-lab-host-1", "uuid": "11662552-8221-4081-92b5-a3f2c852754a",

"type"="Routing"}]

./management-server.log:2022-03-15 12:38:44,145 DEBUG

[c.c.a.m.a.i.FirstFitAllocator] (API-Job-Executor-5:ctx-c454c9f5 job-848

ctx-20458e85 FirstFitRoutingAllocator) (logid:2f55511b) Looking for speed=500Mhz, Ram=512 MB

./management-server.log:2022-03-15 12:38:44,146 DEBUG [c.c.c.CapacityManagerImpl]