Re: DISCUSS : Vmware to Cloudstack migration support

[Will Stevens]

If you are going from VMware to CloudStack Managed VMware, this is
something I have done quite a bit.  I even built a tool to do this:
https://github.com/swill/migrate2cs

This is not a polished product.  Well, it is pretty polished once you get
it setup, but the setup is a bit complicated to get started.

If you would like to use it, let me know and I will do what I can to get
you setup.

*Will Stevens*
CTO



On Thu, Jul 13, 2017 at 9:52 AM, Shreya Nair  wrote:

> Hello,
>
> *An update to the migration task:*
>
> We have installed Cloudstack onto a vm on VMware to work around the
> cross-hypervisor migration issue. Now the underlying hypervisor would be
> the ESXi server for both setups (VMware and Cloudstack).
>
> Currently, we create the corresponding equivalent infrastructure on
> CloudStack wrt vmware setup.  We create a zone, pod, cluster and host set
> up with the underlying network infrastructure. However, while setting up
> the storage (Primary storage at cluster-wide scope and Secondary storage at
> zone-wide) the documentation mentions the following warnings:
>
>
>- *Primary storage warning:*
>   - When using preallocated storage for primary storage, be sure there
>   is nothing on the storage (ex. you have an empty SAN volume or
> an empty NFS
>   share). Adding the storage to CloudStack will destroy any existing
> data.
>- *Secondary storage warning:*
>   - Ensure that nothing is stored on the server. Adding the server to
>   CloudStack will destroy any existing data.
>
>
> We have obtained the mysql dump of the datastore of the source VM on
> VMware. The datastore, as you may be aware, is a logical container that
> holds virtual machine files and other files necessary for VM operations. As
> such, it may be logically mapped to the Secondary storage setup in the
> CloudStack infrastructure.
>
> Would it be possible to use the mysql dump from source to update the
> Secondary storage?
>
> Thanks & Regards,
>
> Shreya
>
> On Fri, Jul 7, 2017 at 4:04 PM, Paul Angus 
> wrote:
>
> > Maybe you should try qemu-img instead.
> >
> >
> > Kind regards,
> >
> > Paul Angus
> >
> >
> > paul.an...@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> > @shapeblue
> >
> >
> >
> > From: Shreya Nair [mailto:shreya.n...@opcito.com]
> > Sent: 07 July 2017 11:30
> > To: us...@cloudstack.apache.org; dev@cloudstack.apache.org
> > Cc: Vinay Patil ; Siddheshwar More <
> > siddheshwar.m...@opcito.com>
> > Subject: Re: DISCUSS : Vmware to Cloudstack migration support
> >
> > Hi Paul,
> > We explored the XenConvert solution. The XenConvert utility has been
> > retired from XenServer 6.2 and upward. So the only solution would be
> using
> > an old copy or trial version of Xen Conversion Manager.
> >
> > Instead of the qemu-img utility, we used the VirtualBox VBoxManage.exe to
> > support conversion of *.VMDK file to VHD. This VHD file was used to
> create
> > a CS template and create an instance. However, the VM was unable to mount
> > the drives as it was unable to find xvdXX partitions
> >
> >
> > I get the following error on CS instance on boot:
> > [Inline image 2]
> >
> > and the logs shows us this:
> >
> > You might have to change the root from /dev/hd[a-d] to /dev/xvd[a-d]
> >
> >
> >
> > However, on using lsblk command on the source vmware instance, we
> realized
> > that the partitions on SCSI storage devices (Used by vmware) are named as
> > /dev/sdXX while Xen supports /dev/xvdXX.
> > [Inline image 1]
> >
> > Note: VMware tools has been removed from VM prior to migration
> >
> >
> >
> > Thanks & Regards,
> >
> > Shreya
> >
> > On Thu, Jul 6, 2017 at 12:17 AM, Paul Angus  > mailto:paul.an...@shapeblue.com>> wrote:
> > There used to be a XenConvert utility that you do that conversion for
> > you.  I'm not sure that its about anymore, but a bit of googling might
> dig
> > up a copy.
> >
> > Alternatively there are linux and Windows versions of qemu-img convert ,
> > which usually does a pretty good job of disk image conversions
> >
> > Otherwise you could use a P2V backup/recovery tool with an agent that
> runs
> > inside your VMs
> >
> >
> >
> > Kind regards,
> >
> > Paul Angus
> >
> > paul.an...@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> > @shapeblue
> >
> >
> >
> >
> > -Original Message-
> > From: Shreya Nair [mailto:shreya.n...@opcito.com > shreya.n...@opcito.com>]
> > Sent: 05 July 2017 09:22
> > To: us...@cloudstack.apache.org
> > Subject: Re: DISCUSS : Vmware to Cloudstack migration support
> >
> > Hi Oliver,
> >
> > We are trying to migrate the vSphere environment to cloudstack (based on
> > XenServer) due to some internal product dependency which can be addressed

Re: DISCUSS : Vmware to Cloudstack migration support

[Shreya Nair]

Hello,

*An update to the migration task:*

We have installed Cloudstack onto a vm on VMware to work around the
cross-hypervisor migration issue. Now the underlying hypervisor would be
the ESXi server for both setups (VMware and Cloudstack).

Currently, we create the corresponding equivalent infrastructure on
CloudStack wrt vmware setup.  We create a zone, pod, cluster and host set
up with the underlying network infrastructure. However, while setting up
the storage (Primary storage at cluster-wide scope and Secondary storage at
zone-wide) the documentation mentions the following warnings:


   - *Primary storage warning:*
  - When using preallocated storage for primary storage, be sure there
  is nothing on the storage (ex. you have an empty SAN volume or
an empty NFS
  share). Adding the storage to CloudStack will destroy any existing data.
   - *Secondary storage warning:*
  - Ensure that nothing is stored on the server. Adding the server to
  CloudStack will destroy any existing data.


We have obtained the mysql dump of the datastore of the source VM on
VMware. The datastore, as you may be aware, is a logical container that
holds virtual machine files and other files necessary for VM operations. As
such, it may be logically mapped to the Secondary storage setup in the
CloudStack infrastructure.

Would it be possible to use the mysql dump from source to update the
Secondary storage?

Thanks & Regards,

Shreya

On Fri, Jul 7, 2017 at 4:04 PM, Paul Angus  wrote:

> Maybe you should try qemu-img instead.
>
>
> Kind regards,
>
> Paul Angus
>
>
> paul.an...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>
> From: Shreya Nair [mailto:shreya.n...@opcito.com]
> Sent: 07 July 2017 11:30
> To: us...@cloudstack.apache.org; dev@cloudstack.apache.org
> Cc: Vinay Patil ; Siddheshwar More <
> siddheshwar.m...@opcito.com>
> Subject: Re: DISCUSS : Vmware to Cloudstack migration support
>
> Hi Paul,
> We explored the XenConvert solution. The XenConvert utility has been
> retired from XenServer 6.2 and upward. So the only solution would be using
> an old copy or trial version of Xen Conversion Manager.
>
> Instead of the qemu-img utility, we used the VirtualBox VBoxManage.exe to
> support conversion of *.VMDK file to VHD. This VHD file was used to create
> a CS template and create an instance. However, the VM was unable to mount
> the drives as it was unable to find xvdXX partitions
>
>
> I get the following error on CS instance on boot:
> [Inline image 2]
>
> and the logs shows us this:
>
> You might have to change the root from /dev/hd[a-d] to /dev/xvd[a-d]
>
>
>
> However, on using lsblk command on the source vmware instance, we realized
> that the partitions on SCSI storage devices (Used by vmware) are named as
> /dev/sdXX while Xen supports /dev/xvdXX.
> [Inline image 1]
>
> Note: VMware tools has been removed from VM prior to migration
>
>
>
> Thanks & Regards,
>
> Shreya
>
> On Thu, Jul 6, 2017 at 12:17 AM, Paul Angus  mailto:paul.an...@shapeblue.com>> wrote:
> There used to be a XenConvert utility that you do that conversion for
> you.  I'm not sure that its about anymore, but a bit of googling might dig
> up a copy.
>
> Alternatively there are linux and Windows versions of qemu-img convert ,
> which usually does a pretty good job of disk image conversions
>
> Otherwise you could use a P2V backup/recovery tool with an agent that runs
> inside your VMs
>
>
>
> Kind regards,
>
> Paul Angus
>
> paul.an...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>
>
> -Original Message-
> From: Shreya Nair [mailto:shreya.n...@opcito.com shreya.n...@opcito.com>]
> Sent: 05 July 2017 09:22
> To: us...@cloudstack.apache.org
> Subject: Re: DISCUSS : Vmware to Cloudstack migration support
>
> Hi Oliver,
>
> We are trying to migrate the vSphere environment to cloudstack (based on
> XenServer) due to some internal product dependency which can be addressed
> by the CloudStack environment.
>
>
> Thanks & Regards,
>
> Shreya
>
> On Tue, Jul 4, 2017 at 10:27 PM, Oliver Dzombic  mailto:i...@ip-interactive.de>>
> wrote:
>
> > Hi,
> >
> > just our of intrest:
> >
> > Why do you want to go away from vmware ?
> >
> > And why do you prefere xen and not kvm ( which is as you already
> > experienced much more tricky compared to kvm ) ?
> >
> >
> > --
> > Mit freundlichen Gruessen / Best regards
> >
> > Oliver Dzombic
> > IP-Interactive
> >
> > mailto:i...@ip-interactive.de
> >
> > Anschrift:
> >
> > IP Interactive UG ( haftungsbeschraenkt ) Zum Sonnenberg 1-3
> > 63571 Gelnhausen
> >
> > HRB 93402 beim Amtsgericht Hanau
> > Geschäftsführung: Oliver Dzombic
> >
> > Steuer Nr.: 35 

RE: [DISCUSS] CloudStack 4.9.3.0 (LTS)

[Lotic Lists]

Hi Rohit.

I would suggest the 1829 [1]

It's a big problem with XenServer and more than 2 datadisks attached per VM 
(HVM)

[1] https://github.com/apache/cloudstack/pull/1829 


-Original Message-
From: Rohit Yadav [mailto:rohit.ya...@shapeblue.com] 
Sent: quarta-feira, 12 de julho de 2017 11:42
To: dev@cloudstack.apache.org; us...@cloudstack.apache.org
Subject: Re: [DISCUSS] CloudStack 4.9.3.0 (LTS)

All,


Please send me a list of PRs you would like to see in 4.9.3.0 so we can freeze 
the scope for 4.9.3.0, no promises but it may be possible to have a release 
plan as soon as next week.


- Rohit


From: Wido den Hollander 
Sent: 12 July 2017 01:27:30
To: Rohit Yadav; dev@cloudstack.apache.org; us...@cloudstack.apache.org
Subject: Re: [DISCUSS] CloudStack 4.9.3.0 (LTS)

Hi,

I would suggest: https://github.com/apache/cloudstack/pull/2131

Serious issue with Ubuntu 16.04 and statistics gathering on KVM.

Wido

> Op 11 juli 2017 om 11:49 schreef Rohit Yadav :
>
>
> Hi Sean,
>
>
> Thanks for sharing.
>
>
> - Rohit
>
> 
> From: Sean Lair 
> Sent: 11 July 2017 03:41:17
> To: dev@cloudstack.apache.org
> Cc: us...@cloudstack.apache.org
> Subject: RE: [DISCUSS] CloudStack 4.9.3.0 (LTS)
>
> Here are three issues we ran into in 4.9.2.0.  We have been running all of 
> these fixes for several months without issues.  The code changes are all very 
> easy/small, but had a big impact for us.
>
> I'd respectfully suggest they go into 4.9.3.0:
>
> https://github.com/apache/cloudstack/pull/2041 (VR related jobs 
> scheduled and run twice on mgmt servers)
> https://github.com/apache/cloudstack/pull/2040 (Bug in monitoring of 
> S2S VPNs - also exists in 4.10)
> https://github.com/apache/cloudstack/pull/1966 (IPSEC VPNs do not work 
> after vRouter reboot)
>
> Thanks
> Sean
>
> rohit.ya...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK @shapeblue
>
>
>
>
> -Original Message-
> From: Rohit Yadav [mailto:rohit.ya...@shapeblue.com]
> Sent: Friday, July 7, 2017 1:14 AM
> To: dev@cloudstack.apache.org
> Cc: us...@cloudstack.apache.org
> Subject: [DISCUSS] CloudStack 4.9.3.0 (LTS)
>
> All,
>
>
> With 4.10.0.0 voted, I would like to start some initial discussion around the 
> next minor LTS release 4.9.3.0. At the moment I don't have a timeline, plans 
> or dates to share but I would like to engage with the community to gather 
> list of issues, commits, PRs that we should consider for the next LTS release 
> 4.9.3.0.
>
>
> To reduce our test and QA scope, we don't want to consider changes that are 
> new feature, or enhancements but strictly blockers/critical/major bugfixes 
> and security related fixes, and we can consider reverting any already 
> committed/merged PR(s) on 4.9 branch (committed since 4.9.2.0).
>
>
> Please go through list of commits since 4.9.2.0 (you can also run, git log 
> 4.9.2.0..4.9) and let us know if there is any change we should consider 
> reverting:
>
> https://github.com/apache/cloudstack/commits/4.9
>
>
> I started backporting some 
> fixes on the 4.9 branch, please go through the following PR and raise 
> objections on changes/commits that we should not backport or revert:
>
> https://github.com/apache/cloudstack/pull/2052
>
>
> Lastly, please also share any PRs that we should consider reviewing+merging 
> on 4.9 branch for the 4.9.3.0 release effort.
>
>
> - Rohit
>
> rohit.ya...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK @shapeblue
>
>
>

rohit.ya...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

[DISCUSS][SECURITY] Feature: Secure CloudStack Communications

[Rohit Yadav]

All,


With upcoming features such as the application service (container service), and 
existing features such as SAML, they all need some sort of certificate 
management and the idea with the proposed feature is to build a pluggable 
certificate authority manager (CA Manager). I would like to kick an initial 
discussion around how we can secure components of CloudStacks. A CA 
service/manager that can create/provision/deploy certificates providing both 
automated and semi-automated ways for deploying/setup of certificates using 
in-band (ssh, command-answer pattern) and out-of-band (ssh, ansible, chef etc) 
to CloudStack services (such as systemvm agents, KVM agents, possible 
webservices running in systemvms, VRs etc).


While we do have some APIs and mechanisms to secure user/external facing 
services where we can use custom or failsafe SSL/TLS certificates, it's far 
from a complete solution. The present communications between CloudStack 
management server, its peers and agents (served on port 8250) is one way SSL 
handshaked connection, is not authenticated while may be secure by insecure 
certificates.


As a first step, it is proposed to create a general purpose pluggable CA 
service with a default plugin implementation where CloudStack becomes a Root-CA 
and can issue self-signed certificates. Such certificates may be consumed by 
CloudStack agents (CPVM/SSVM/KVM) and other components/services (such as SAML, 
container services etc). The pluggable CA framework should allow developers to 
extend the functionality by implementing provider plugins that may work with 
other CA providers such as LetsEncrypt, an existing/internal CA infrastructure, 
or other certificate vendors.


Please see an initial FS and ideas on implementation in the following FS. 
Looking forward to your feedback.


FS: 
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Agent+Communications

JIRA: https://issues.apache.org/jira/browse/CLOUDSTACK-9993


Regards.

rohit.ya...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

[DISCUSS] Feature: CloudStack Metrics Exporter for Prometheus

[Rohit Yadav]

All,


This is to discuss a new feature (plugin) for CloudStack, please see the issue 
and FS.


Jira issue: https://issues.apache.org/jira/browse/CLOUDSTACK-9998

FS: 
https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+Metrics+Exporter+for+Prometheus

Target release: 4.11 or later


Looking forward to your comments.


- Rohit

rohit.ya...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

Re: [DISCUSS] CloudStack 4.9.3.0 (LTS)

[Rohit Yadav]

Outback,


I think there exists some initial support for XenServer 7.1 in 4.9.2.0, 
4.9/branch however consider installing/upgrading to 4.10.0.0 (once it is 
announced) which should have the support.


- Rohit


From: Outback Dingo 
Sent: 12 July 2017 21:22:53
To: us...@cloudstack.apache.org
Cc: dev@cloudstack.apache.org
Subject: Re: [DISCUSS] CloudStack 4.9.3.0 (LTS)


rohit.ya...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

On Wed, Jul 12, 2017 at 10:41 AM, Rohit Yadav  wrote:
> All,
>
>
> Please send me a list of PRs you would like to see in 4.9.3.0 so we can 
> freeze the scope for 4.9.3.0, no promises but it may be possible to have a 
> release plan as soon as next week.
>
>

Support for XenServer 7.1 would be nice


> - Rohit
>
> 
> From: Wido den Hollander 
> Sent: 12 July 2017 01:27:30
> To: Rohit Yadav; dev@cloudstack.apache.org; us...@cloudstack.apache.org
> Subject: Re: [DISCUSS] CloudStack 4.9.3.0 (LTS)
>
> Hi,
>
> I would suggest: https://github.com/apache/cloudstack/pull/2131
>
> Serious issue with Ubuntu 16.04 and statistics gathering on KVM.
>
> Wido
>
>> Op 11 juli 2017 om 11:49 schreef Rohit Yadav :
>>
>>
>> Hi Sean,
>>
>>
>> Thanks for sharing.
>>
>>
>> - Rohit
>>
>> 
>> From: Sean Lair 
>> Sent: 11 July 2017 03:41:17
>> To: dev@cloudstack.apache.org
>> Cc: us...@cloudstack.apache.org
>> Subject: RE: [DISCUSS] CloudStack 4.9.3.0 (LTS)
>>
>> Here are three issues we ran into in 4.9.2.0.  We have been running all of 
>> these fixes for several months without issues.  The code changes are all 
>> very easy/small, but had a big impact for us.
>>
>> I'd respectfully suggest they go into 4.9.3.0:
>>
>> https://github.com/apache/cloudstack/pull/2041 (VR related jobs scheduled 
>> and run twice on mgmt servers)
>> https://github.com/apache/cloudstack/pull/2040 (Bug in monitoring of S2S 
>> VPNs - also exists in 4.10)
>> https://github.com/apache/cloudstack/pull/1966 (IPSEC VPNs do not work after 
>> vRouter reboot)
>>
>> Thanks
>> Sean
>>
>> rohit.ya...@shapeblue.com
>> www.shapeblue.com
>> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
>> @shapeblue
>>
>>
>>
>>
>> -Original Message-
>> From: Rohit Yadav [mailto:rohit.ya...@shapeblue.com]
>> Sent: Friday, July 7, 2017 1:14 AM
>> To: dev@cloudstack.apache.org
>> Cc: us...@cloudstack.apache.org
>> Subject: [DISCUSS] CloudStack 4.9.3.0 (LTS)
>>
>> All,
>>
>>
>> With 4.10.0.0 voted, I would like to start some initial discussion around 
>> the next minor LTS release 4.9.3.0. At the moment I don't have a timeline, 
>> plans or dates to share but I would like to engage with the community to 
>> gather list of issues, commits, PRs that we should consider for the next LTS 
>> release 4.9.3.0.
>>
>>
>> To reduce our test and QA scope, we don't want to consider changes that are 
>> new feature, or enhancements but strictly blockers/critical/major bugfixes 
>> and security related fixes, and we can consider reverting any already 
>> committed/merged PR(s) on 4.9 branch (committed since 4.9.2.0).
>>
>>
>> Please go through list of commits since 4.9.2.0 (you can also run, git log 
>> 4.9.2.0..4.9) and let us know if there is any change we should consider 
>> reverting:
>>
>> https://github.com/apache/cloudstack/commits/4.9
>>
>>
>> I started backporting some 
>> fixes on the 4.9 branch, please go through the following PR and raise 
>> objections on changes/commits that we should not backport or revert:
>>
>> https://github.com/apache/cloudstack/pull/2052
>>
>>
>> Lastly, please also share any PRs that we should consider reviewing+merging 
>> on 4.9 branch for the 4.9.3.0 release effort.
>>
>>
>> - Rohit
>>
>> rohit.ya...@shapeblue.com
>> www.shapeblue.com
>> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK @shapeblue
>>
>>
>>
>
> rohit.ya...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>

Re: [DISCUSS] Host HA in 4.11

[Rohit Yadav]

Thanks for the interest Simon, the feature has two HA provider (plugins, one 
for simulator and another for KVM+NFS) that can be used as reference 
implementations.


- Rohit


From: Simon Weller 
Sent: 12 July 2017 20:59:38
To: dev@cloudstack.apache.org
Cc: Nathan Johnson; David Mabry; Aaron Hurt
Subject: Re: [DISCUSS] Host HA in 4.11

We are very excited about this feature set, as it adds some really important 
features for KVM.

We don't use NFS, so I think our goal will be seeing what we can contribute to 
include Ceph on the supported storage list.

- Si

From: Rohit Yadav 
Sent: Wednesday, July 12, 2017 5:43 AM
To: dev@cloudstack.apache.org
Subject: [DISCUSS] Host HA in 4.11

All,


Few months ago I had started discussion on Host HA for CloudStack and given 
4.10 is voted and to be announced with master branch cut I would like to 
re-kick discussion around reviewing and acceptance of the feature that is 
pending since Feb 2017.


To briefly share some key points:

- This feature is disabled by default and provides zone/cluster/host level kill 
switches

- This brings in a reliable way to fence (power off) and recover (reboot) a host

- Allows implementation of HA provider plugin specific to a hypervisor and 
storage stack, by default we've implemented a plugin for hosts that have KVM+NFS

- For more details please read the FS: 
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Host+HA
Host HA - Apache Cloudstack - Apache Software 
Foundation
cwiki.apache.org
CLOUDSTACK-9782. Branch. Yet to start, share the PR. Introduction. CloudStack 
lacks a way to reliably fence a host, the idea of the host-ha feature is to 
provide a ...





I had also given a talk about this feature during CCCNA17:

Reliable host fencing - 
http://rohit.yadav.xyz/files/talks/cccna17-reliable-host-fencing.pdf


Pull request: https://github.com/apache/cloudstack/pull/1960 (as soon as the 
4.10->4.11 db upgrade paths are fixed, I can rebase and fix the branch)
[https://avatars1.githubusercontent.com/u/95203?v=3=400]

[4.11/Future] CLOUDSTACK-9782: Host HA and KVM HA provider by rhtyd · Pull 
Request #1960 · 
apache/cloudstack
github.com
Host-HA offers investigation, fencing and recovery mechanisms for host that for 
any reason are malfunctioning. It uses Activity and Health checks to determine 
current host state based on which it m...





- Rohit

rohit.ya...@shapeblue.com
www.shapeblue.com
[http://www.shapeblue.com/wp-content/uploads/2017/06/logo.png]

Shapeblue - The CloudStack Company
www.shapeblue.com
Rapid deployment framework for Apache CloudStack IaaS Clouds. CSForge is a 
framework developed by ShapeBlue to deliver the rapid deployment of a 
standardised ...



53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue




rohit.ya...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

Re: [jira] [Commented] (CLOUDSTACK-9813) Use configdrive for userdata, metadata & password

[Wido den Hollander]

> Op 12 juli 2017 om 23:41 schreef Marcus :
> 
> 
> We've also seen in the past initiatives like object store and 'secondary
> storage free' zones. We may not want to cement the idea that we have
> secondary storage as a mountable filesystem that is highly available.
> 

+10

I would prefer that as well. The only thing you have to worry about is the live 
migration of a VM.

But with a pre-migrate hook you can generate the ISO on the new hypervisor so 
that it's present when the VM migrates.

Wido

> On Wed, Jul 12, 2017 at 5:40 PM Marcus  wrote:
> 
> > Can we not rely on secondary storage for config drive? I'd much rather see
> > it generated dynamically into a temp space during VM start, or (less
> > desirable) even during VM create on primary storage (perhaps in a
> > configdrive) directory where the root disk resides.  It just seems like a
> > bad idea to rely on mounting and availability of secondary storage (which
> > by design is supposed to be out of band from running VMs) to have a healthy
> > VM. People put a lot of work into their primary storage for VM
> > availability, not as much for secondary storage.
> >
> > On Wed, Jul 12, 2017 at 5:01 PM ilya musayev (JIRA) 
> > wrote:
> >
> >>
> >> [
> >> https://issues.apache.org/jira/browse/CLOUDSTACK-9813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16084678#comment-16084678
> >> ]
> >>
> >> ilya musayev commented on CLOUDSTACK-9813:
> >> --
> >>
> >> Hey [~KrisSterckx] [~waegemae]
> >>
> >> The idea of storing config drive on secondary store - is actually bad and
> >> wont be approved by Information Security teams.
> >>
> >> Regards,
> >> ilya
> >>
> >> > Use configdrive for userdata, metadata & password
> >> > --
> >> >
> >> > Key: CLOUDSTACK-9813
> >> > URL:
> >> https://issues.apache.org/jira/browse/CLOUDSTACK-9813
> >> > Project: CloudStack
> >> >  Issue Type: New Feature
> >> >  Security Level: Public(Anyone can view this level - this is the
> >> default.)
> >> >  Components: KVM, Network Controller, Secondary Storage,
> >> SystemVM, VMware
> >> >Affects Versions: Future
> >> >Reporter: Eric Waegeman
> >> >Assignee: Kris Sterckx
> >> >
> >> > To avoid the use of an extra VM for the virtual router we implement
> >> configdrive for userdata, metadata & password.
> >> > The configdrive ISO is created on the secondary store and the KVM &
> >> VMware plugins are adapted to accept the configdrive ISO as second cdrom.
> >> > Is applicable for isolated, VPC and shared networks.
> >>
> >>
> >>
> >> --
> >> This message was sent by Atlassian JIRA
> >> (v6.4.14#64029)
> >>
> >