Hi Samuel, The upgrade notes do mention that you need to use Other Linux (64bit) for vmware systemvmtemplate while registering the template prior to upgrade (pl see docs website). The reason for this is because newer vmware versions have deprecated older guets os like debian7. Glad you're finding that provide remedy to your VR memory issue.
For your VPN issue, can you first tune and share the strongswan config that works for you. I can then help you with the next steps on creating a bugfix for 4.11.30 and advise you how to create and apply a custom systemvm.iso file. Regards, Rohit Yadav From: Zehnder, Samuel Sent: Wednesday, 21 November, 5:57 PM Subject: RE: [VOTE] Apache CloudStack 4.11.2.0 RC5 To: dev@cloudstack.apache.org Hi Rohit I think I've found something regarding memory issues with vmware: Schema-update only updates default system-vm, but not newly registered ones: https://github.com/apache/cloudstack/blob/master/engine/schema/src/main/resources/META-INF/db/schema-41000to41100.sql: 448: -- Use 'Other Linux 64-bit' as guest os for the default systemvmtemplate for VMware 449: -- This fixes a memory allocation issue to systemvms on VMware/ESXi 450: UPDATE `cloud`.`vm_template` SET guest_os_id=99 WHERE id=8; When I registered the new templates I selected Debian something as OS type. I now changed this to "Other Linux (64bit)", which is what above update is doing, and I can see significantly less memory used by VRs. I do not understand the reasons behind this behavior, I tried also other settings (Debian 9 64-bit, Other 3.x Linux), neither seem to handle memory well... As for the VPN part, you suggested > you can build a custom systemvm.iso file with those settings. Is it possible to simply replace the systemvm.iso file on mgmt-server, remove it from secondary and restart mgmt-server? Maybe you can point me here in the right direction. Thanks, Sam > -----Original Message----- > From: Rohit Yadav > Sent: Dienstag, 20. November 2018 12:55 > To: dev@cloudstack.apache.org > Subject: Re: [VOTE] Apache CloudStack 4.11.2.0 RC5 > > Hi Samuel, > > > Thanks for your email. I've opened this ticket for your first issue: > https://github.com/apache/cloudstack/issues/3039 > > Please follow René's advice to (a) try increase the VR memory and see if it > helps, (b) have a script for reducing memory over time. We'll also work with > the systemd project to see if they can fix and backport this for Debian 9.6+. > > > For your second issue, in 4.9 which used a Debian7 based VR and openswan > for VPN, we've moved to strongswan. If your external Cisco > endpoint/integration can work with strongswan, please create a VPC VR and > manipulate the strongswan configs in that VR and share your results or send > a PR, the changes need to be in one of the python files such as configure.py. > The #2 issue is very specific to your environment and is not a general error, if > you're able to optimize the configuration for a VR, you can build a custom > systemvm.iso file with those settings. In addition, you can send a PR or > submit a Github issue with details, logs, configurations etc: > https://github.com/apache/cloudstack/issues > > > I think both the issues are not general blockers and should not void 4.11.2.0 > voting. > > > - Rohit > > > > > > ________________________________ > From: Zehnder, Samuel > Sent: Monday, November 19, 2018 9:13:04 PM > To: dev@cloudstack.apache.org > Subject: Re: [VOTE] Apache CloudStack 4.11.2.0 RC5 > > > Hi Group > > First, sorry that I wasn't able to use the mailto-link for the reply. It somehow > did not work.. > > > > After Upgrading from 4.9 to 4.11 we are seeing two issues with vRouter > systemVMs: > > > > 1) Memory Consumption on vSphere > > vRouter are starting to swap with low memory available, this also starts > happening after increasing memory size to 512m. Interestingly, there's no > process nor cache using the memory as far as "top", "ps", or other tools > report. > > > > 2) Site-2-Site VPN > > a) After a restart of the VPC (vRouter rebuild) VPN Tunnels are not > configured on vRouter. This has to be triggered manually with a call to > resetVpnConnection API. > > b) StrongSwan configuration does not work well with Cisco endpoints, I've > found following inputs: > > - multiple "rightsubnet=" entries are not supported with ikev1 [1], so > multiple conns should be configured instead > > - multiple subnets are supported with ikev2, but not with Cisco endpoints, > use multiple conns as well [2] > > > > For me it is unclear, what script should be modified for above issues, one of > those look promising: > > https://github.com/apache/cloudstack/blob/master/systemvm/debian/opt/ > cloud/bin/ipsectunnel.sh > > https://github.com/apache/cloudstack/blob/master/systemvm/debian/opt/ > cloud/bin/configure.py > > > > Regards, > > Sam > > > > [1] > https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection#leftrigh > t-End-Parameters > > [2] https://serverfault.com/questions/904028/strongswan-to-cisco-asa-with- > multiple-right-subnet > > > > rohit.ya...@shapeblue.com > www.shapeblue.com > Amadeus House, Floral Street, London WC2E 9DPUK @shapeblue > > rohit.ya...@shapeblue.com www.shapeblue.com Amadeus House, Floral Street, London WC2E 9DPUK @shapeblue