Citrix Systems 4.2 5.4.5. About Password and Key Encryption

Chapter 5. Installation

54

d. Edit the /etc/sysconfig/iptables file and add the following lines at the beginning of the INPUT

chain.

-A INPUT -p tcp --dport 3306 -j ACCEPT

7. Return to the root shell on your first Management Server.

8. Set up the database. The following command creates the cloud user on the database.

• In dbpassword, specify the password to be assigned to the cloud user. You can choose to

provide no password.

• In dbhost, provide the hostname or IP address of the database node.

• In deploy-as, specify the username and password of the user deploying the database. For

example, if you originally installed MySQL with user “root” and password “password”, provide --

deploy-as=root:password.

• (Optional) For encryption_type, use file or web to indicate the technique used to pass in the

database encryption password. Default: file. See Section 5.4.5, “About Password and Key

Encryption”.

• (Optional) For management_server_key, substitute the default key that is used to encrypt

confidential parameters in the CloudPlatform properties file. Default: password. It is highly

recommended that you replace this with a more secure value. See Section 5.4.5, “About

Password and Key Encryption”.

• (Optional) For database_key, substitute the default key that is used to encrypt confidential

parameters in the CloudPlatform database. Default: password. It is highly recommended

that you replace this with a more secure value. See Section 5.4.5, “About Password and Key

Encryption”.

# cloudstack-setup-databases cloud:<dbpassword>@<dbhost> --deploy-as=root:<password> -e

<encryption_type> -m <management_server_key> -k <database_key>

9. Now run a script that will set up iptables rules and SELinux for use by the Management Server. It

will also chkconfig off and start the Management Server.

# cloudstack-setup-management

10. Continue to Section 5.4.7, “Prepare NFS Shares”.

5.4.5. About Password and Key Encryption

CloudPlatform stores several sensitive passwords and secret keys that are used to provide security.

These values are always automatically encrypted:

• Database secret key

• Database password

• SSH keys

• Compute node root password

Contents

Main Page Page Page Page Page Page Page Getting More Information and Help 1.1. Additional Documentation Available 1.2. Citrix Knowledge Center 1.3. Contacting Support Page Concepts 2.1. What Is CloudPlatform? 2.2. What Can CloudPlatform Do? 2.3. Deployment Architecture Overview 2.3.1. Management Server Overview 2.3.2. Cloud Infrastructure Overview 2.3.3. Networking Overview Page Page Cloud Infrastructure Concepts 3.1. About Regions 3.2. About Zones Page 3.3. About Pods 3.4. About Clusters 3.5. About Hosts 3.6. About Primary Storage 3.7. About Secondary Storage 3.8. About Physical Networks 3.8.1. Basic Zone Network Traffic Types 3.8.2. Basic Zone Guest IP Addresses 3.8.3. Advanced Zone Network Traffic Types 3.8.4. Advanced Zone Guest IP Addresses 3.8.5. Advanced Zone Public IP Addresses 3.8.6. System Reserved IP Addresses Page Upgrade Instructions 4.1. Upgrade from 3.0.x to 4.2 Page Page Page Page Page Page Page XenServer or KVM: ESXi 4.2. Upgrade from 2.2.x to 4.2 Page Page Page Page Page Page Page XenServer or KVM: ESXi 4.3. Upgrade from 2.1.x to 4.2 4.4. Upgrading and Hotfixing XenServer Hypervisor Hosts 4.4.1. Upgrading to a New XenServer Version Page 4.4.2. Applying Hotfixes to a XenServer Cluster Page Page Page Installation 5.1. Who Should Read This 5.2. Overview of Installation Steps 5.3. Minimum System Requirements 5.3.1. Management Server, Database, and Storage System Requirements 5.3.2. Host/Hypervisor System Requirements 5.3.3. Hypervisor Compatibility Matrix 5.3.3.1. CloudPlatform 4.x 5.3.3.2. CloudPlatform 3.x 5.3.3.3. CloudPlatform 2.x 5.4. Management Server Installation 5.4.1. Management Server Installation Overview 5.4.2. Prepare the Operating System Page 5.4.3. Install the Management Server on the First Host 5.4.4. Install and Configure the Database 5.4.4.1. Install the Database on the Management Server Node Page 5.4.4.2. Install the Database on a Separate Node Page 5.4.5. About Password and Key Encryption 5.4.6. Changing the Default Password Encryption 5.4.7. Prepare NFS Shares 5.4.7.1. Using a Separate NFS Server 5.4.7.2. Using the Management Server As the NFS Server Page 5.4.8. Prepare and Start Additional Management Servers 5.4.9. Management Server Load Balancing 5.4.10. Prepare the System VM Template 5.4.11. Installation Complete! Next Steps 5.5. Setting Configuration Parameters 5.5.1. About Configuration Parameters Page 5.5.2. Setting Global Configuration Parameters 5.5.3. Setting Local Configuration Parameters 5.5.4. Granular Global Configuration Parameters Page Page Page Page User Interface 6.1. Supported Browsers 6.2. Log In to the UI Username Password 6.2.2. Root Administrator's UI Overview 6.2.3. Logging In as the Root Administrator 6.2.4. Changing the Root Password 6.3. Using SSH Keys for Authentication 6.3.1. Creating an Instance from a Template that Supports SSH Keys 6.3.2. Creating the SSH Keypair 6.3.3. Creating an Instance 6.3.4. Logging In Using the SSH Keypair 6.3.5. Resetting SSH Keys Page Steps to Provisioning Your Cloud Infrastructure 7.1. Overview of Provisioning Steps 7.2. Adding Regions (optional) 7.2.1. The First Region: The Default Region 7.2.2. Adding a Region 7.2.3. Adding Third and Subsequent Regions 7.2.4. Deleting a Region 7.3. Adding a Zone 7.3.1. Create a Secondary Storage Mount Point for the New Zone 7.3.2. Steps to Add a New Zone 7.3.2.1. Basic Zone Configuration Page Page 7.3.2.2. Advanced Zone Configuration Page Page Page Page 7.4. Adding a Pod 7.5. Adding a Cluster 7.5.1. Add Cluster: KVM or XenServer 7.5.2. Add Cluster: OVM 7.5.3. Add Cluster: vSphere 7.5.3.1. VMware Cluster Size Limit 7.5.3.2. Adding a vSphere Cluster Page Page 7.6. Adding a Host 7.6.1. Adding a Host (XenServer, KVM, or OVM) 7.6.1.1. Requirements for XenServer, KVM, and OVM Hosts 7.6.1.1.1. XenServer Host Additional Requirements 7.6.1.1.2. KVM Host Additional Requirements 7.6.1.2. Adding a XenServer, KVM, or OVM Host 7.6.2. Adding a Host (vSphere) 7.7. Adding Primary Storage 7.8. Adding Secondary Storage 7.8.1. Adding an NFS Secondary Staging Store for Each Zone 7.9. Initialize and Test Page Page Installing XenServer for CloudPlatform 8.1. System Requirements for XenServer Hosts 8.2. XenServer Installation Steps 8.3. Configure XenServer dom0 Memory 8.4. Username and Password 8.5. Time Synchronization 8.6. Licensing 8.6.1. Getting and Deploying a License 8.7. Install CloudPlatform XenServer Support Package (CSP) 8.8. Primary Storage Setup for XenServer 8.9. iSCSI Multipath Setup for XenServer (Optional) 8.10. Physical Networking Setup for XenServer 8.10.1. Configuring Public Network with a Dedicated NIC for XenServer (Optional) 8.10.2. Configuring Multiple Guest Networks for XenServer 8.10.3. Separate Storage Network for XenServer (Optional) 8.10.4. NIC Bonding for XenServer (Optional) 8.10.4.1. Management Network Bonding 8.10.4.2. Creating a Private Bond on the First Host in the Cluster 8.10.4.3. Public Network Bonding 8.10.4.4. Creating a Public Bond on the First Host in the Cluster 8.10.4.5. Adding More Hosts to the Cluster 8.10.4.6. Complete the Bonding Setup Across the Cluster Page Installing KVM for CloudPlatform 9.1. System Requirements for KVM Hypervisor Hosts 9.1.1. Supported Operating Systems for KVM Hosts 9.1.2. System Requirements for KVM Hosts 9.2. Install and configure the Agent 9.3. Installing the CloudPlatform Agent on a KVM Host 9.4. Physical Network Configuration for KVM 9.5. Time Synchronization for KVM Hosts 9.6. Primary Storage Setup for KVM (Optional) Page Page Installing VMware for CloudPlatform 10.1. System Requirements for vSphere Hosts 10.1.1. Software requirements Apply All Necessary Hotfixes 10.1.2. Hardware requirements 10.1.3. vCenter Server requirements: 10.1.4. Other requirements: 10.2. Preparation Checklist for VMware 10.2.1. vCenter Checklist 10.2.2. Networking Checklist for VMware 10.3. vSphere Installation Steps 10.4. ESXi Host setup 10.5. Physical Host Networking 10.5.1. Configure Virtual Switch 10.5.1.1. Separating Traffic 10.5.2. Configure vCenter Management Network 10.5.3. Configure NIC Bonding for vSphere 10.6. Configuring a vSphere Cluster with Nexus 1000v Virtual Switch 10.6.1. About Cisco Nexus 1000v Distributed Virtual Switch 10.6.2. Prerequisites and Guidelines 10.6.3. Nexus 1000v Virtual Switch Preconfiguration 10.6.3.1. Preparation Checklist 10.6.3.1.1. vCenter Credentials Checklist 10.6.3.1.2. Network Configuration Checklist 10.6.3.1.3. VSM Configuration Checklist 10.6.3.2. Creating a Port Profile 10.6.3.3. Assigning Physical NIC Adapters 10.6.3.4. Adding VLAN Ranges 10.6.4. Enabling Nexus Virtual Switch in CloudPlatform 10.6.5. Configuring Nexus 1000v Virtual Switch in CloudPlatform 10.6.6. Removing Nexus Virtual Switch 10.6.7. Configuring a VMware Datacenter with VMware Distributed Virtual Switch 10.6.7.1. About VMware Distributed Virtual Switch 10.6.7.2. Prerequisites and Guidelines 10.6.7.3. Preparation Checklist Page 10.6.7.4. Enabling Virtual Distributed Switch in CloudPlatform 10.6.7.5. Configuring Distributed Virtual Switch in CloudPlatform 10.7. Storage Preparation for vSphere (iSCSI only) 10.7.1. Enable iSCSI initiator for ESXi hosts 10.7.2. Add iSCSI target 10.7.3. Create an iSCSI datastore 10.7.4. Multipathing for vSphere (Optional) 10.8. Add Hosts or Configure Clusters (vSphere) Page Bare Metal Installation 11.1. Bare Metal Host System Requirements 11.2. About Bare Metal Kickstart Installation 11.2.1. Limitations of Kickstart Baremetal Installation 11.3. Provisioning a Bare Metal Host with Kickstart 11.3.1. Download the Software 11.3.2. Set Up IPMI 11.3.3. Enable PXE on the Bare Metal Host 11.3.4. Install the PXE and DHCP Servers 11.3.5. Set Up a File Server Page 11.3.6. Create a Bare Metal Image 11.3.7. Create a Bare Metal Compute Offering 11.3.8. Create a Bare Metal Network Offering 11.3.9. Set Up the Security Group Agent (Optional) Page 11.3.10. (Optional) Set Bare Metal Configuration Parameters 11.3.11. Add a Bare Metal Zone 11.3.12. Add a Bare Metal Cluster 11.3.13. Add a Bare Metal Host 11.3.14. Add the PXE Server and DHCP Server to Your Deployment 11.3.15. Create a Bare Metal Template 11.3.16. Provision a Bare Metal Instance 11.3.17. Test Bare Metal Installation 11.3.18. Example CentOS 6.x Kickstart File Chapter 11. Bare Metal Installation 148 11.3.19. Example Fedora 17 Kickstart File Example Ubuntu 12.04 Kickstart File 149 11.3.20. Example Ubuntu 12.04 Kickstart File Chapter 11. Bare Metal Installation 150 11.4. Using Cisco UCS as Bare Metal Host CloudPlatform 11.4.1. Registering a UCS Manager 11.4.2. Associating a Profile with a UCS Blade 11.4.3. Disassociating a Profile from a UCS Blade Page Installing Oracle VM (OVM) for CloudPlatform 12.1. System Requirements for OVM Hosts 12.2. OVM Installation Overview 12.3. Installing OVM on the Host(s) 12.4. Primary Storage Setup for OVM 12.5. Set Up Host(s) for System VMs Choosing a Deployment Architecture 13.1. Small-Scale Deployment 13.2. Large-Scale Redundant Setup 13.3. Separate Storage Network 13.4. Multi-Node Management Server 13.5. Multi-Site Deployment Page Network Setup 14.1. Basic and Advanced Networking Basic Advanced 14.2. VLAN Allocation Example 14.3. Example Hardware Configuration 14.3.1. Dell 62xx 14.3.2. Cisco 3750 14.4. Layer-2 Switch Example Configurations 14.4.1. Dell 62xx 14.4.2. Cisco 3750 14.5. Hardware Firewall 14.5.1. Generic Firewall Provisions 14.5.2. External Guest Firewall Integration for Juniper SRX Page 14.5.3. External Guest Firewall Integration for Cisco VNMC 14.5.3.1. Using Cisco ASA 1000v Firewall, Cisco Nexus 1000v dvSwitch, and Cisco VNMC in a Deployment 14.5.3.1.1. Guidelines 14.5.3.1.2. Prerequisites 14.5.3.1.3. Using Cisco ASA 1000v Services 14.5.3.2. Adding a VNMC Instance 14.5.3.3. Adding an ASA 1000v Instance 14.5.3.4. Creating a Network Offering Using Cisco ASA 1000v 14.5.3.5. Reusing ASA 1000v Appliance in new Guest Networks 14.6. External Guest Load Balancer Integration (Optional) 14.7. Topology Requirements 14.7.1. Security Requirements 14.7.2. Runtime Internal Communications Requirements 14.7.3. Storage Network Topology Requirements 14.7.4. External Firewall Topology Requirements 14.8. Guest Network Usage Integration for Traffic Sentinel 14.9. Setting Zone VLAN and Running VM Maximums Page Amazon Web Service Interface 15.1. Amazon Web Services EC2 Compatible Interface Limitations: 15.2. System Requirements 15.3. Enabling the AWS API Compatible Interface 15.4. AWS API User Setup Steps (SOAP Only) 15.4.1. AWS API User Registration 15.4.2. AWS API Command-Line Tools Setup 15.5. Supported AWS API Calls Page Page Page Additional Installation Options 16.1. Installing the Usage Server (Optional) 16.1.1. Requirements for Installing the Usage Server 16.1.2. Steps to Install the Usage Server 16.2. SSL (Optional) 16.3. Database Replication (Optional) Page 16.3.1. Failover