Whats new in version 2.0.1
This page summarizes the new features added in 2.0.1 release apart from some Scalability improvements and bug fixes.
1.1 LDAP Support
This release introduces support for LDAP. Not only is LDAP used for authentication, group information stored in the LDAP can be used in ConVirt to drive ConVirt roles.
Installing dependency. Using the distribution specific command (yum, zypper, apt-get), install pyhon-ldap package.
The LDAP settings are stored in src/convirt/web/convirt/development.ini file. Here is a sample setup. It basically contains the LDAP server information and LDAP attribute names to identify user id, email and user's group information . For example, in the following file, the User LDAP record should contain uid, email and group-id.
ldap_trace_level = 0
ldap_network_timeout = 60
ldap_tls_cacertfile = /etc/ssl/certs/cacert.pem
ldap_start_tls = 1
ldap_enabled = True
ldap_host = ldap.mycorp.com
ldap_port = 389
ldap_basedn = dc=com,dc=mycorp
user_key = uid
group_key = group-id
email_key = email
ldap_user_search = ou=Users
ldap_group_search = ou=Groups
ldap_group_objectclass = groupOfNames
Here is a short description :
ldap_trace_level specifies the amount of information being logged.
ldap_network_timeout is the number of seconds that the client will wait for a response from the server.
ldap_tls_cacertfile is the Complete path of the file containing trusted CA certificate.
ldap_start_tls is used to enable/disable secure TLS connection.
ldap_enabled is used to enable/disable LDAP authentication.
ldap_host specifies domain name or IP of the LDAP Server.
ldap_port specifies port where the LDAP server is listening.
ldap_basedn specifies the top level of the LDAP directory tree.
user_key specifies the name of the attribute which uniquely identifies a record in the LDAP directory (eg:uid/cn).
group_key specifies the name of the attribute which contains name of groups the user belongs to (Optional).
email_key specifies the name of the attribute which contains email address.
ldap_user_search specifies the location in the directory tree where the details about users are saved.
ldap_group_search specifies the location in the directory tree where the details about groups are saved.
ldap_group_objectclass specifies the grouping of users.Right now we support only 'groupofNames'.
Defining Groups in ConVirt In order for the Role based access to work in ConVirt, LDAP group information has to match the groups created in ConVirt. For example, if LDAP users belong to two groups DeskIT and SrvIT, then create these two groups in ConVirt. Using ConVirt, assign the role to each group as required.
Once this is setup and the user logs in to ConVirt using LDAP,
- The user would be authenticated using the information entered.
- Next ConVirt will find out what groups the user belongs to. ConVirt will use this information to find corresponding role. From then on, the user will be allowed/not allowed, as driven by the role.
1.2 Custom Search
ConVirt dashboards now haver few common searches defined as out of the box. It also has facility to create your own searches. These are available to other ConVirt users as well.
Here are some screen shots showing out of the box search definition and creating a custom one.
|Common out of the box searches|
|Define New Custom Search|
1.3 Dynamic Workload Management
Dynamic Workload Management (DWM) allows the server load within a server pool to be managed using policies. There are two policies defined, Even Distribution and Power Save. The server pool can be managed using either of the policies. Each policy, also has a schedule associated with it. The Policy would be active only during the time windows specified. The rest of the time, DWM will not move the virtual machines.
Even Distribution Policy
The Even Distribution Policy ensures that no server in the server pool is over-utilized. The policy is configured using a threshold. When the Server CPU utilization reaches the threshold, the server is considered "loaded". ConVirt, will move one of more virtual machines from that server to another suitable server. This combined with the initial placement, would result in an even spread of virtual machines across various servers within a server pool.
|Even Distribution Policy configuration|
Power Save Policy
Power Save Policy consolidates virtual machines to smaller number of servers to save power. The policy is configures with 2 thresholds. The lower threshold determines when to kick off the consolidation process. For example, when the server CPU is less than 10 % for 5 minutes, try to move running virtual machines to another server. Once all virtual machines are moved, the server can be shutdown using already specified Power/Fencing configuration. The server shutdown during Power Save would be started back when the Power Save Policy ends according to the schedule. The servers will also be started, when the server utilization on one of the consolidated servers goes beyond the upper threshold.
|Power Save Policy configuration|
1.4 VLAN Support
ConVirt already had ability to associate VLAN interfaces to virtual machines. This release allows you to declare VLAN at either Data Center or at Server Pool level. If the virtual network is created at the Data Center, you can associate it with one or more Server Pools. Once the network is defined or associated with the Server Pool, ConVirt will create the VLAN interfaces and corresponding bridges on all the managed servers in the pool. ConVirt will also ensure that when new servers are added to the server pools, they will have consistent network configuration.
ConVirt uses vconfig to create the VLAN interface and brctl to create and associate the bridge with the newly created interface. Currently the physical interface (e.g. eth0) on which the VLAN is to be created, can not be addressable, and can not have bridge associated with it.
|Create New VLAN|