Re: Working Site-to-Site VPN gets disconnected and VPC seems to forgets ACL’s

2016-07-21 Thread Jayapal Uradi 
Hi Jonas,

It seems the connection is going down because the dead period detection.

In router run the command 'ipsec auto —status’  to vpn connection  status.
When the connection is down initiate traffic from the guest vm to other end of 
vpn and go to router check the ipsec vpn status (ipsec auto —status).
This gives wether the connection is up or not in the VR.  It takes router 
status get interval to update the VPN status.

The browsing you mentioned is about browsing the other end of vpn servers ?

Thanks,
Jayapal

> On Jul 21, 2016, at 5:25 PM, Jonas Schlichtenbrede 
>  wrote:
> 
> Hi CloudStack Users and Developers,
> 
> we’re currently implementing a new CloudStack environment based on 4.8.0.1
> (System VM Template is 4.6) with XenServer 6.5 SP1 and all the latest
> updates.
> 
> So far everything works as expected we only have an issue regarding the
> stability of Site-to-Site VPNs within VPCs and we think ACL’s.
> 
> I’ll try to describe the problem and behaviour:
> 
> A connected and working S2S VPN switches to disconnected after some time
> (usually a few hours). In relation to that the VPC seems to “forget” it’s
> ACLs. Restarting only the Network Tier (a VM lives within) solves the
> issues for a short period of time (1-3 hours). The state of the VPN
> switches to connected and the S2S VPN is working again. Also pinging from
> the VM to any public address is working again. Strange is, that for example
> browsing to a website is working all the time. Isolated networks however
> work like a charm.
> 
> We tried to solve this issue through several tests. We changing the network
> setup and reducing the complexity just to get this behaviour isolated. But
> it’s always the same. We also tried several different connections to
> different customer gateways (firewalls) and a VPC-VPN to VPC-VPN connection
> to another CloudStack deployment (based on Version 4.5.2) without any
> success.
> 
> In addition, we tested several setups like CentOS 6 and CentOS 7, but again
> always the same. We updated one installation to the master from yesterday
> 4.9.0.0-snapshot – again no success. We do not have any issues with version
> 4.5.2 – but this installation is in a different datacentre.
> 
> Below you’ll find some logs – the relevant IP for this test connection is:
> *85.88.16.104*
> 
> CloudStack 4.8.0.1 Logs (Google Docs):
> 
> https://drive.google.com/open?id=1gqIjDdG1htps4p1t7m1uHSs7aNHplWp1Np83nH6e7zM
> 
> 
> IPsec Logs from the Virtual Router:
> https://drive.google.com/open?id=1ZWvhFu2P_Wv_lF8TgYMmexeS_KDag1Mp-kmuhl8l7uU
> 
> 
> Thank you in advance for your help!
> 
> Jonas
> 
> PS: If possible from your site we can do a remote session to take a look at
> the setup.




DISCLAIMER
==
This e-mail may contain privileged and confidential information which is the 
property of Accelerite, a Persistent Systems business. It is intended only for 
the use of the individual or entity to which it is addressed. If you are not 
the intended recipient, you are not authorized to read, retain, copy, print, 
distribute or use this message. If you have received this communication in 
error, please notify the sender and delete all copies of this message. 
Accelerite, a Persistent Systems business does not accept any liability for 
virus infected mails.

Re: 4.9.0 RC2 Status

2016-07-21 Thread Will Stevens 
Thanks Rohit.  @pdube, is this related at all to any of the issues you have
found?

Cheers,

*Will STEVENS*
Lead Developer

*CloudOps* *| *Cloud Solutions Experts
420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6
w cloudops.com *|* tw @CloudOps_

On Thu, Jul 21, 2016 at 4:13 PM, Rohit Yadav 
wrote:

> Hi Will,
>
>
> The issue is that after upgrading the VR from a pre-4.6 environment, the
> outbound traffic for guest VMs stop working (where their egress rule was
> allow all for 0.0.0.0/0). Along with this, I found that removing allow
> all 0.0.0.0/0 egress rule does not remove the rule from VR's filter
> table. This could be minor security issue for guest VMs.
>
>
> I think it's a blocker, please help review and test it:
>
> https://github.com/apache/cloudstack/pull/1614
>
>
> Regards.
>
> 
> From: williamstev...@gmail.com  on behalf of
> Will Stevens 
> Sent: 21 July 2016 21:43:42
> To: Simon Weller
> Cc: dev@cloudstack.apache.org
> Subject: Re: 4.9.0 RC2 Status
>
> I am waiting on pdube's PR to fix some issues with VPCs (not introduced in
> 4.9, but should be fixed in 4.9).
>
> I am also testing #1613 because I had added #1594 and had to revert it
> because I was running into an error consistently ever since.  Hopefully
> #1613 will run cleanly and I can merge it as well for 4.9.
>
> Sorry for the delay.  Since this release is so huge, it makes sense to fix
> as many issues as possible before it ships (especially if we will LTS this
> release).
>
> *Will STEVENS*
> Lead Developer
>
> *CloudOps* *| *Cloud Solutions Experts
> 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6
> w cloudops.com *|* tw @CloudOps_
>
>
> rohit.ya...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>
> On Thu, Jul 21, 2016 at 12:04 PM, Simon Weller  wrote:
>
> > John,
> >
> >
> > I think we're pending a PR from pdube related to broken VPCs. It sounds
> > very much like what we found in our QA environment a few weeks ago.
> >
> > - Si
> >
> > --
> > *From:* John Burwell 
> > *Sent:* Thursday, July 21, 2016 10:55 AM
> > *To:* dev@cloudstack.apache.org
> > *Cc:* Will Stevens
> > *Subject:* 4.9.0 RC2 Status
> >
> > Will,
> >
> > I am inquiring as to the status of 4.9.0 RC2.  Are there issues we can
> > help resolve in order to get it out?  If not, do you have an ETA on when
> it
> > will be cut?
> >
> > Thanks,
> > -John
> > john.burw...@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London VA WC2N 4HSUK
> > @shapeblue
> >
> >
> >
> >
>

Re: 4.9.0 RC2 Status

2016-07-21 Thread Rohit Yadav 
Hi Will,


The issue is that after upgrading the VR from a pre-4.6 environment, the 
outbound traffic for guest VMs stop working (where their egress rule was allow 
all for 0.0.0.0/0). Along with this, I found that removing allow all 0.0.0.0/0 
egress rule does not remove the rule from VR's filter table. This could be 
minor security issue for guest VMs.


I think it's a blocker, please help review and test it:

https://github.com/apache/cloudstack/pull/1614


Regards.


From: williamstev...@gmail.com  on behalf of Will 
Stevens 
Sent: 21 July 2016 21:43:42
To: Simon Weller
Cc: dev@cloudstack.apache.org
Subject: Re: 4.9.0 RC2 Status

I am waiting on pdube's PR to fix some issues with VPCs (not introduced in
4.9, but should be fixed in 4.9).

I am also testing #1613 because I had added #1594 and had to revert it
because I was running into an error consistently ever since.  Hopefully
#1613 will run cleanly and I can merge it as well for 4.9.

Sorry for the delay.  Since this release is so huge, it makes sense to fix
as many issues as possible before it ships (especially if we will LTS this
release).

*Will STEVENS*
Lead Developer

*CloudOps* *| *Cloud Solutions Experts
420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6
w cloudops.com *|* tw @CloudOps_


rohit.ya...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

On Thu, Jul 21, 2016 at 12:04 PM, Simon Weller  wrote:

> John,
>
>
> I think we're pending a PR from pdube related to broken VPCs. It sounds
> very much like what we found in our QA environment a few weeks ago.
>
> - Si
>
> --
> *From:* John Burwell 
> *Sent:* Thursday, July 21, 2016 10:55 AM
> *To:* dev@cloudstack.apache.org
> *Cc:* Will Stevens
> *Subject:* 4.9.0 RC2 Status
>
> Will,
>
> I am inquiring as to the status of 4.9.0 RC2.  Are there issues we can
> help resolve in order to get it out?  If not, do you have an ETA on when it
> will be cut?
>
> Thanks,
> -John
> john.burw...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London VA WC2N 4HSUK
> @shapeblue
>
>
>
>

[GitHub] cloudstack pull request #1614: CLOUDSTACK-9437: Fix egress chain and cleanup...

2016-07-21 Thread rhtyd 
GitHub user rhtyd opened a pull request:

https://github.com/apache/cloudstack/pull/1614

CLOUDSTACK-9437: Fix egress chain and cleanup for allow all traffic

- Fixes use of rules.v4/rules instead of router_rules.v4 file, this makes 
sure
  that FW_EGRESS_RULE chain gets created on router systemvms
- Adds an explicit removal of allow all 0.0.0.0/0 (all protocol) egress rule
  when adding the default egress rule (CLOUDSTACK-9437)

/cc @swill @jburwell @PaulAngus 

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/shapeblue/cloudstack vr-fix-egress

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/1614.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1614


commit 7cde8edb833037cb247136f7c41a2d5242aa7864
Author: Rohit Yadav 
Date:   2016-07-21T19:54:32Z

CLOUDSTACK-9437: Fix egress chain and cleanup for allow all traffic

- Fixes use of rules.v4/rules instead of router_rules.v4 file, this makes 
sure
  that FW_EGRESS_RULE chain gets created on router systemvms
- Adds an explicit removal of allow all 0.0.0.0/0 (all protocol) egress rule
  when adding the default egress rule (CLOUDSTACK-9437)

Signed-off-by: Rohit Yadav 




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

RE: XenServer 7

2016-07-21 Thread Marty Godsey 
I would love to see this as well since XS7 has some nice performance 
enhancements.

Regards,
Marty Godsey

-Original Message-
From: williamstev...@gmail.com [mailto:williamstev...@gmail.com] On Behalf Of 
Will Stevens
Sent: Thursday, July 21, 2016 1:32 PM
To: dev@cloudstack.apache.org
Subject: Re: XenServer 7

I believe Syed's question is if the XenServer 7 work you guys are doing will be 
upstreamed to ACS.  Do you guys have an informal timeline?

*Will STEVENS*
Lead Developer

*CloudOps* *| *Cloud Solutions Experts
420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* tw @CloudOps_

On Thu, Jul 21, 2016 at 1:15 PM, Syed Ahmed  wrote:

> Hi Raja,
>
> Can we get an answer to this? I have done some XenServer refactoring 
> which I wish to push upstream but if XenServer 7 integration is being 
> pushed. I'd like to sit on my changes in favour of getting better 
> support for XenServer.
>
> -Syed
>
>
>
> On Thu, Jul 14, 2016 at 4:21 AM, Erik Weber  wrote:
>
> > For clarity, is the correct to assume that you'll upstream this to ACS?
> >
> > --
> > Erik
> >
> > On Wed, Jul 13, 2016 at 10:22 AM, Raja Pullela < 
> > raja.pull...@accelerite.com>
> > wrote:
> >
> > > Hi Erik
> > >
> > > BVT – build verification tests or smoke tests are the test 
> > > automation scripts we have in cloudstack repo.
> > > We will run these tests first and see if anything is broken.  For 
> > > any failures, we will create bugs.
> > > IMO, since 4.9 is out, the next version should have the support 
> > > for XS
> > 7.0.
> > > Are you look at anything specific feature/functionality in XS 7.0?  
> > > can you share what it is ?
> > >
> > > Best,
> > > Raja Pullela
> > > Senior Manager, Product Development Accelerate, 
> > > www.accelerite.com,@accelerite 2055, Laurelwood Road,  Santa 
> > > Clara, CA 95054, USA
> > > Phone: 1-408-216-7010
> > >
> > > On 7/13/16, 11:58 AM, "Erik Weber"  wrote:
> > >
> > > Would you mind elaborating a bit what that means?
> > >
> > > Does it mean that you have already done some fixing to get it to 
> > > work
> and
> > > will start testing it?
> > > Or that you plan on testing it now, to figure out what needs fixing?
> > > Or something else?
> > >
> > > I'm trying to figure out when I can expect to use ACS (or a 
> > > commercial
> > > distribution) with XS7
> > >
> > > --
> > > Erik
> > >
> > > On Tue, Jul 12, 2016 at 6:01 PM, Raja Pullela <
> > raja.pull...@accelerite.com
> > > >
> > > wrote:
> > >
> > > > we are going to use XS7 for our testing and will be running
> BVTs/smoke
> > > > tests against the same.
> > > >
> > > > Best,
> > > > Raja Pullela
> > > > Senior Manager, Product Development Accelerate, 
> > > > www.accelerite.com,@accelerite 2055, Laurelwood Road,  Santa 
> > > > Clara, CA 95054, USA
> > > > Phone: 1-408-216-7010
> > > >
> > > > On 7/12/16, 2:17 PM, "Erik Weber"  wrote:
> > > >
> > > > I'm interested in knowing more about any efforts as well, there 
> > > > are
> > > several
> > > > things in XS7 that we really want to use.
> > > >
> > > > --
> > > > Erik
> > > >
> > > > On Wed, May 25, 2016 at 2:59 PM, Paul Angus <
> paul.an...@shapeblue.com>
> > > > wrote:
> > > >
> > > > > Is anyone here working on XenServer 7 support for CloudStack?
> > > > >
> > > > >
> > > > > Kind regards,
> > > > >
> > > > > Paul Angus
> > > > >
> > > > >
> > > > > paul.an...@shapeblue.com
> > > > > www.shapeblue.com
> > > > > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK @shapeblue
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > DISCLAIMER
> > > > ==
> > > > This e-mail may contain privileged and confidential information which
> > is
> > > > the property of Accelerite, a Persistent Systems business. It is
> > intended
> > > > only for the use of the individual or entity to which it is
> addressed.
> > If
> > > > you are not the intended recipient, you are not authorized to read,
> > > retain,
> > > > copy, print, distribute or use this message. If you have received
> this
> > > > communication in error, please notify the sender and delete all
> copies
> > of
> > > > this message. Accelerite, a Persistent Systems business does not
> accept
> > > any
> > > > liability for virus infected mails.
> > > >
> > >
> > >
> > >
> > >
> > >
> > > DISCLAIMER
> > > ==
> > > This e-mail may contain privileged and confidential information which
> is
> > > the property of Accelerite, a Persistent Systems business. It is
> intended
> > > only for the use of the individual or entity to which it is addressed.
> If
> > > you are not the intended recipient, you are not authorized to read,
> > retain,
> > > copy, print, distribute or use this message. If you have received this
> > > communication in error, please notify the sender and delete all copies
> of
> > > this message. Accelerite, a Persistent Systems business does not accept
> > any
> > > liability for virus

Re: XenServer 7

2016-07-21 Thread Will Stevens 
I believe Syed's question is if the XenServer 7 work you guys are doing
will be upstreamed to ACS.  Do you guys have an informal timeline?

*Will STEVENS*
Lead Developer

*CloudOps* *| *Cloud Solutions Experts
420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6
w cloudops.com *|* tw @CloudOps_

On Thu, Jul 21, 2016 at 1:15 PM, Syed Ahmed  wrote:

> Hi Raja,
>
> Can we get an answer to this? I have done some XenServer refactoring which
> I wish to push upstream but if XenServer 7 integration is being pushed. I'd
> like to sit on my changes in favour of getting better support for
> XenServer.
>
> -Syed
>
>
>
> On Thu, Jul 14, 2016 at 4:21 AM, Erik Weber  wrote:
>
> > For clarity, is the correct to assume that you'll upstream this to ACS?
> >
> > --
> > Erik
> >
> > On Wed, Jul 13, 2016 at 10:22 AM, Raja Pullela <
> > raja.pull...@accelerite.com>
> > wrote:
> >
> > > Hi Erik
> > >
> > > BVT – build verification tests or smoke tests are the test automation
> > > scripts we have in cloudstack repo.
> > > We will run these tests first and see if anything is broken.  For any
> > > failures, we will create bugs.
> > > IMO, since 4.9 is out, the next version should have the support for XS
> > 7.0.
> > > Are you look at anything specific feature/functionality in XS 7.0?  can
> > > you share what it is ?
> > >
> > > Best,
> > > Raja Pullela
> > > Senior Manager, Product Development
> > > Accelerate, www.accelerite.com,@accelerite
> > > 2055, Laurelwood Road,  Santa Clara, CA 95054, USA
> > > Phone: 1-408-216-7010
> > >
> > > On 7/13/16, 11:58 AM, "Erik Weber"  wrote:
> > >
> > > Would you mind elaborating a bit what that means?
> > >
> > > Does it mean that you have already done some fixing to get it to work
> and
> > > will start testing it?
> > > Or that you plan on testing it now, to figure out what needs fixing?
> > > Or something else?
> > >
> > > I'm trying to figure out when I can expect to use ACS (or a commercial
> > > distribution) with XS7
> > >
> > > --
> > > Erik
> > >
> > > On Tue, Jul 12, 2016 at 6:01 PM, Raja Pullela <
> > raja.pull...@accelerite.com
> > > >
> > > wrote:
> > >
> > > > we are going to use XS7 for our testing and will be running
> BVTs/smoke
> > > > tests against the same.
> > > >
> > > > Best,
> > > > Raja Pullela
> > > > Senior Manager, Product Development
> > > > Accelerate, www.accelerite.com,@accelerite
> > > > 2055, Laurelwood Road,  Santa Clara, CA 95054, USA
> > > > Phone: 1-408-216-7010
> > > >
> > > > On 7/12/16, 2:17 PM, "Erik Weber"  wrote:
> > > >
> > > > I'm interested in knowing more about any efforts as well, there are
> > > several
> > > > things in XS7 that we really want to use.
> > > >
> > > > --
> > > > Erik
> > > >
> > > > On Wed, May 25, 2016 at 2:59 PM, Paul Angus <
> paul.an...@shapeblue.com>
> > > > wrote:
> > > >
> > > > > Is anyone here working on XenServer 7 support for CloudStack?
> > > > >
> > > > >
> > > > > Kind regards,
> > > > >
> > > > > Paul Angus
> > > > >
> > > > >
> > > > > paul.an...@shapeblue.com
> > > > > www.shapeblue.com
> > > > > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> > > > > @shapeblue
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > DISCLAIMER
> > > > ==
> > > > This e-mail may contain privileged and confidential information which
> > is
> > > > the property of Accelerite, a Persistent Systems business. It is
> > intended
> > > > only for the use of the individual or entity to which it is
> addressed.
> > If
> > > > you are not the intended recipient, you are not authorized to read,
> > > retain,
> > > > copy, print, distribute or use this message. If you have received
> this
> > > > communication in error, please notify the sender and delete all
> copies
> > of
> > > > this message. Accelerite, a Persistent Systems business does not
> accept
> > > any
> > > > liability for virus infected mails.
> > > >
> > >
> > >
> > >
> > >
> > >
> > > DISCLAIMER
> > > ==
> > > This e-mail may contain privileged and confidential information which
> is
> > > the property of Accelerite, a Persistent Systems business. It is
> intended
> > > only for the use of the individual or entity to which it is addressed.
> If
> > > you are not the intended recipient, you are not authorized to read,
> > retain,
> > > copy, print, distribute or use this message. If you have received this
> > > communication in error, please notify the sender and delete all copies
> of
> > > this message. Accelerite, a Persistent Systems business does not accept
> > any
> > > liability for virus infected mails.
> > >
> >
>

Re: XenServer 7

2016-07-21 Thread Syed Ahmed 
Hi Raja,

Can we get an answer to this? I have done some XenServer refactoring which
I wish to push upstream but if XenServer 7 integration is being pushed. I'd
like to sit on my changes in favour of getting better support for
XenServer.

-Syed



On Thu, Jul 14, 2016 at 4:21 AM, Erik Weber  wrote:

> For clarity, is the correct to assume that you'll upstream this to ACS?
>
> --
> Erik
>
> On Wed, Jul 13, 2016 at 10:22 AM, Raja Pullela <
> raja.pull...@accelerite.com>
> wrote:
>
> > Hi Erik
> >
> > BVT – build verification tests or smoke tests are the test automation
> > scripts we have in cloudstack repo.
> > We will run these tests first and see if anything is broken.  For any
> > failures, we will create bugs.
> > IMO, since 4.9 is out, the next version should have the support for XS
> 7.0.
> > Are you look at anything specific feature/functionality in XS 7.0?  can
> > you share what it is ?
> >
> > Best,
> > Raja Pullela
> > Senior Manager, Product Development
> > Accelerate, www.accelerite.com,@accelerite
> > 2055, Laurelwood Road,  Santa Clara, CA 95054, USA
> > Phone: 1-408-216-7010
> >
> > On 7/13/16, 11:58 AM, "Erik Weber"  wrote:
> >
> > Would you mind elaborating a bit what that means?
> >
> > Does it mean that you have already done some fixing to get it to work and
> > will start testing it?
> > Or that you plan on testing it now, to figure out what needs fixing?
> > Or something else?
> >
> > I'm trying to figure out when I can expect to use ACS (or a commercial
> > distribution) with XS7
> >
> > --
> > Erik
> >
> > On Tue, Jul 12, 2016 at 6:01 PM, Raja Pullela <
> raja.pull...@accelerite.com
> > >
> > wrote:
> >
> > > we are going to use XS7 for our testing and will be running BVTs/smoke
> > > tests against the same.
> > >
> > > Best,
> > > Raja Pullela
> > > Senior Manager, Product Development
> > > Accelerate, www.accelerite.com,@accelerite
> > > 2055, Laurelwood Road,  Santa Clara, CA 95054, USA
> > > Phone: 1-408-216-7010
> > >
> > > On 7/12/16, 2:17 PM, "Erik Weber"  wrote:
> > >
> > > I'm interested in knowing more about any efforts as well, there are
> > several
> > > things in XS7 that we really want to use.
> > >
> > > --
> > > Erik
> > >
> > > On Wed, May 25, 2016 at 2:59 PM, Paul Angus 
> > > wrote:
> > >
> > > > Is anyone here working on XenServer 7 support for CloudStack?
> > > >
> > > >
> > > > Kind regards,
> > > >
> > > > Paul Angus
> > > >
> > > >
> > > > paul.an...@shapeblue.com
> > > > www.shapeblue.com
> > > > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> > > > @shapeblue
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > >
> > >
> > > DISCLAIMER
> > > ==
> > > This e-mail may contain privileged and confidential information which
> is
> > > the property of Accelerite, a Persistent Systems business. It is
> intended
> > > only for the use of the individual or entity to which it is addressed.
> If
> > > you are not the intended recipient, you are not authorized to read,
> > retain,
> > > copy, print, distribute or use this message. If you have received this
> > > communication in error, please notify the sender and delete all copies
> of
> > > this message. Accelerite, a Persistent Systems business does not accept
> > any
> > > liability for virus infected mails.
> > >
> >
> >
> >
> >
> >
> > DISCLAIMER
> > ==
> > This e-mail may contain privileged and confidential information which is
> > the property of Accelerite, a Persistent Systems business. It is intended
> > only for the use of the individual or entity to which it is addressed. If
> > you are not the intended recipient, you are not authorized to read,
> retain,
> > copy, print, distribute or use this message. If you have received this
> > communication in error, please notify the sender and delete all copies of
> > this message. Accelerite, a Persistent Systems business does not accept
> any
> > liability for virus infected mails.
> >
>

Re: 4.9.0 RC2 Status

2016-07-21 Thread Will Stevens 
I am waiting on pdube's PR to fix some issues with VPCs (not introduced in
4.9, but should be fixed in 4.9).

I am also testing #1613 because I had added #1594 and had to revert it
because I was running into an error consistently ever since.  Hopefully
#1613 will run cleanly and I can merge it as well for 4.9.

Sorry for the delay.  Since this release is so huge, it makes sense to fix
as many issues as possible before it ships (especially if we will LTS this
release).

*Will STEVENS*
Lead Developer

*CloudOps* *| *Cloud Solutions Experts
420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6
w cloudops.com *|* tw @CloudOps_

On Thu, Jul 21, 2016 at 12:04 PM, Simon Weller  wrote:

> John,
>
>
> I think we're pending a PR from pdube related to broken VPCs. It sounds
> very much like what we found in our QA environment a few weeks ago.
>
> - Si
>
> --
> *From:* John Burwell 
> *Sent:* Thursday, July 21, 2016 10:55 AM
> *To:* dev@cloudstack.apache.org
> *Cc:* Will Stevens
> *Subject:* 4.9.0 RC2 Status
>
> Will,
>
> I am inquiring as to the status of 4.9.0 RC2.  Are there issues we can
> help resolve in order to get it out?  If not, do you have an ETA on when it
> will be cut?
>
> Thanks,
> -John
> john.burw...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London VA WC2N 4HSUK
> @shapeblue
>
>
>
>

Re: 4.9.0 RC2 Status

2016-07-21 Thread Simon Weller 
John,


I think we're pending a PR from pdube related to broken VPCs. It sounds very 
much like what we found in our QA environment a few weeks ago.

- Si


From: John Burwell 
Sent: Thursday, July 21, 2016 10:55 AM
To: dev@cloudstack.apache.org
Cc: Will Stevens
Subject: 4.9.0 RC2 Status

Will,

I am inquiring as to the status of 4.9.0 RC2.  Are there issues we can help 
resolve in order to get it out?  If not, do you have an ETA on when it will be 
cut?

Thanks,
-John
john.burw...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London VA WC2N 4HSUK
@shapeblue

4.9.0 RC2 Status

2016-07-21 Thread John Burwell 
Will,

I am inquiring as to the status of 4.9.0 RC2.  Are there issues we can help 
resolve in order to get it out?  If not, do you have an ETA on when it will be 
cut?  

Thanks,
-John
john.burw...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London VA WC2N 4HSUK
@shapeblue

[GitHub] cloudstack pull request #1613: CLOUDSTACK-9436: Release network resources on...

2016-07-21 Thread nvazquez 
GitHub user nvazquez opened a pull request:

https://github.com/apache/cloudstack/pull/1613

CLOUDSTACK-9436: Release network resources on expunge command

JIRA TICKET: https://issues.apache.org/jira/browse/CLOUDSTACK-9436

Improvement for #1594 

Due to error on `test/integration/smoke/test_vpc_redundant.py` it was found 
out that `vm_network_map` table should be less aggresive on vm stop

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/nvazquez/cloudstack vmnetworkmapissue

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cloudstack/pull/1613.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1613


commit 148e9744828cd7dd3efe9487fc5be303b21b58d3
Author: nvazquez 
Date:   2016-06-06T14:47:45Z

CLOUDSTACK-9436: Release network resources on expunge command




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Working Site-to-Site VPN gets disconnected and VPC seems to forgets ACL’s

2016-07-21 Thread Jonas Schlichtenbrede 
Hi CloudStack Users and Developers,

we’re currently implementing a new CloudStack environment based on 4.8.0.1
(System VM Template is 4.6) with XenServer 6.5 SP1 and all the latest
updates.

So far everything works as expected we only have an issue regarding the
stability of Site-to-Site VPNs within VPCs and we think ACL’s.

I’ll try to describe the problem and behaviour:

A connected and working S2S VPN switches to disconnected after some time
(usually a few hours). In relation to that the VPC seems to “forget” it’s
ACLs. Restarting only the Network Tier (a VM lives within) solves the
issues for a short period of time (1-3 hours). The state of the VPN
switches to connected and the S2S VPN is working again. Also pinging from
the VM to any public address is working again. Strange is, that for example
browsing to a website is working all the time. Isolated networks however
work like a charm.

We tried to solve this issue through several tests. We changing the network
setup and reducing the complexity just to get this behaviour isolated. But
it’s always the same. We also tried several different connections to
different customer gateways (firewalls) and a VPC-VPN to VPC-VPN connection
to another CloudStack deployment (based on Version 4.5.2) without any
success.

In addition, we tested several setups like CentOS 6 and CentOS 7, but again
always the same. We updated one installation to the master from yesterday
4.9.0.0-snapshot – again no success. We do not have any issues with version
4.5.2 – but this installation is in a different datacentre.

Below you’ll find some logs – the relevant IP for this test connection is:
*85.88.16.104*

CloudStack 4.8.0.1 Logs (Google Docs):

https://drive.google.com/open?id=1gqIjDdG1htps4p1t7m1uHSs7aNHplWp1Np83nH6e7zM


IPsec Logs from the Virtual Router:
https://drive.google.com/open?id=1ZWvhFu2P_Wv_lF8TgYMmexeS_KDag1Mp-kmuhl8l7uU


Thank you in advance for your help!

Jonas

PS: If possible from your site we can do a remote session to take a look at
the setup.