Re: IOPS limitation with XenServer as hypervisor

[Andrija Panic]

Hi Melanie,

with KVM it works (but I'm not aware of Xen atm) - you set upper limits for
number of bytes per sec and IOs per seconds for both read and writes, on
Disk Offering (and Compute offering) by defining HyperVisor QoS values.

Example for manual play:
https://fedoraproject.org/wiki/QA:Testcase_Virtualization_IO_Throttling

Cheers
Andrija

On Mon, 26 Nov 2018 at 14:28, Melanie Desaive 
wrote:

> Hi all,
>
> do I get it right, that there is no way to limit IOPS per volume with
> XenServer as hypervisor? (Using ACS 4.11)
>
> I tried the settings to limit IO bandwidth and IOPS per volume on
> hypervisor side with XenServer and only the bandwidth limitation seems
> to have an effect. Seems to me, that this is not supported from the
> XenServer side at all. Is that correct?
>
> See:
> https://bugs.xenserver.org/browse/XSO-580
> https://github.com/xapi-project/blktap/issues/241
>
> Are those features working with KVM?
>
> Greetings, Melanie
> --
> --
>
> Heinlein Support GmbH
> Linux: Akademie - Support - Hosting
>
> http://www.heinlein-support.de
> Tel: 030 / 40 50 51 - 0
> Fax: 030 / 40 50 51 - 19
>
> Zwangsangaben lt. §35a GmbHG:
> HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
> Geschäftsführer: Peer Heinlein  -- Sitz: Berlin
>


-- 

Andrija Panić

Re: KVM NFS template image

[Andrija Panic]

I confirm bug...tmpl not removed...

And I confirm a possible solution:

"volumes" table, field "template_id" should be set to NULL for this
particular volume,  after volume restored from snapshot - on next storage
scavenger run it will be marked properly for GC and removed...
(volumes of VM deployed from ISO file, also have NULL for "template_id"
filed"







On Thu, 22 Nov 2018 at 22:29, ran huang  wrote:

> Hi Andrija,
>
> That is precisely the step I went through.
>
> However the template was not cleaned up after expected interval when no
> other volume have it as a backing image.
>
> regards,
> Ran
> On 11/22/2018 12:53 PM, Andrija Panic wrote:
> > Hi Run,
> >
> > not sure what you mean  (I did not quite understand your explanation) -
> but
> > here is an exercise from my side (just done it):
> >
> > https://pasteboard.co/HOowNao.png
> >
> > Check the image - explanation below:
> >
> >
> > Centos55 minimal (builtin) template, spin new VM:
> > --- new volume created with UUID/PATH (name on NFS files
> > system): 021e8602-235b-4e0d-b9e4-04f0ff46399f
> > --it's backing file: backing file:
> >
> /mnt/63a3ae7b-9ea9-3884-a772-1ea939ef6ec3/93682641-e7f6-11e8-8f64-089e01d943be
> >
> > Create snapshots via GUI - there is qcow2 snapshots created, whole
> snapshot
> > copied over (converted via qemu-img - "ps aux | grep qemu-img") tool to
> > Secondary NFS Storage - and snapshot REMOVED from original volume on
> > Primary NFS Storage (qemu-img snapshot -l
> > 021e8602-235b-4e0d-b9e4-04f0ff46399f shows zero snaps after ACS has
> > finished creating snapshots)
> > Volume still points to it's backing file - no changes so far (as
> expected)
> >
> > Then I restore volume from snapshots.
> > CloudStack will (my conclusions from the exercise), remove original
> volume
> > on NFS Primary Storage (021e8602-235b-4e0d-b9e4-04f0ff46399f), then it
> will
> > copy back (convert via qemu-img) a qcow2 file from Secondary Storage back
> > to Primary Storage - but it will use SAME NAME, so you again see
> > 021e8602-235b-4e0d-b9e4-04f0ff46399f on your NFS mount point.
> >
> > This time when you check the image with qemu-img info - it will show it
> has
> > NO backing file at all - since it's brand new volume/qcow2 image created
> > (as a copy fom Secondary Storage)
> >
> > that is how it works
> >
> > I assume the template will be again cleaned-up/removed from Primary
> Storage
> > if no other VMs/volume use it as it's backing (parent) image.
> >
> > Makes sense ?
> >
> > Cheers
> >
> > On Thu, 22 Nov 2018 at 21:18, ran huang  wrote:
> >
> >> Thanks Andrija, just tested myself with expunge and works as expected.
> >>
> >> However, for KVM, when I revert a qcow disk from snapshot, which removes
> >> the backing chain to template, the template will not be removed.
> >>
> >> So it seems like despite the qcow disk is no longer backed by the
> >> template, the template will still consider the disk as its children in
> >> this case(revert from snapshot).
> >>
> >> regards,
> >> Ran
> >>
> >> On 11/19/2018 10:43 AM, Andrija Panic wrote:
> >>> new template, deployed new VM, destroyed VM (with Exunge option)...
> >>>
> >>> up to 120sec later... (storage.cleanup.interval=120 sec,  global config
> >>> option)
> >>>
> >>> 2018-11-19 19:35:59,525 DEBUGStorage pool garbage collector found 1
> >>> templates to clean up in storage pool: Primary-storage - NFS
> >>> 2018-11-19 19:35:59,525 DEBUG [c.c.s.StorageManagerImpl]
> >>> (StorageManager-Scavenger-1:ctx-2c88c8e0) (logid:040f4ad1) Storage pool
> >>> garbage collector has marked template with ID: 219 on pool 4 for
> garbage
> >>> collection
> >>>
> >>> Another  120sec later... (storage.cleanup.delay=120sec)
> >>>
> >>> 2018-11-19 19:37:59,598 DEBUG [c.c.s.StorageManagerImpl]
> >>> (StorageManager-Scavenger-2:ctx-f9dd338d) (logid:9ae40975) Storage pool
> >>> garbage collector found 1 templates to clean up in storage pool:
> >>> Primary-storage - NFS
> >>> ...
> >>> 2018-11-19 19:37:59,638 DEBUG [c.c.t.TemplateManagerImpl]
> >>> (StorageManager-Scavenger-2:ctx-f9dd338d) (logid:9ae40975) Evicting
> >>> TmplPool[37-219-4-563ea0f5-5164-4ac4-a183-728f418269b7]
> >>> 2018-11-19 19:37:59,643 DEBUG [c.c.h.o.r.Ovm3Hyperviso

Re: KVM NFS template image

[Andrija Panic]

Hi Run,

not sure what you mean  (I did not quite understand your explanation) - but
here is an exercise from my side (just done it):

https://pasteboard.co/HOowNao.png

Check the image - explanation below:


Centos55 minimal (builtin) template, spin new VM:
--- new volume created with UUID/PATH (name on NFS files
system): 021e8602-235b-4e0d-b9e4-04f0ff46399f
--it's backing file: backing file:
/mnt/63a3ae7b-9ea9-3884-a772-1ea939ef6ec3/93682641-e7f6-11e8-8f64-089e01d943be

Create snapshots via GUI - there is qcow2 snapshots created, whole snapshot
copied over (converted via qemu-img - "ps aux | grep qemu-img") tool to
Secondary NFS Storage - and snapshot REMOVED from original volume on
Primary NFS Storage (qemu-img snapshot -l
021e8602-235b-4e0d-b9e4-04f0ff46399f shows zero snaps after ACS has
finished creating snapshots)
Volume still points to it's backing file - no changes so far (as expected)

Then I restore volume from snapshots.
CloudStack will (my conclusions from the exercise), remove original volume
on NFS Primary Storage (021e8602-235b-4e0d-b9e4-04f0ff46399f), then it will
copy back (convert via qemu-img) a qcow2 file from Secondary Storage back
to Primary Storage - but it will use SAME NAME, so you again see
021e8602-235b-4e0d-b9e4-04f0ff46399f on your NFS mount point.

This time when you check the image with qemu-img info - it will show it has
NO backing file at all - since it's brand new volume/qcow2 image created
(as a copy fom Secondary Storage)

that is how it works

I assume the template will be again cleaned-up/removed from Primary Storage
if no other VMs/volume use it as it's backing (parent) image.

Makes sense ?

Cheers

On Thu, 22 Nov 2018 at 21:18, ran huang  wrote:

> Thanks Andrija, just tested myself with expunge and works as expected.
>
> However, for KVM, when I revert a qcow disk from snapshot, which removes
> the backing chain to template, the template will not be removed.
>
> So it seems like despite the qcow disk is no longer backed by the
> template, the template will still consider the disk as its children in
> this case(revert from snapshot).
>
> regards,
> Ran
>
> On 11/19/2018 10:43 AM, Andrija Panic wrote:
> > new template, deployed new VM, destroyed VM (with Exunge option)...
> >
> > up to 120sec later... (storage.cleanup.interval=120 sec,  global config
> > option)
> >
> > 2018-11-19 19:35:59,525 DEBUGStorage pool garbage collector found 1
> > templates to clean up in storage pool: Primary-storage - NFS
> > 2018-11-19 19:35:59,525 DEBUG [c.c.s.StorageManagerImpl]
> > (StorageManager-Scavenger-1:ctx-2c88c8e0) (logid:040f4ad1) Storage pool
> > garbage collector has marked template with ID: 219 on pool 4 for garbage
> > collection
> >
> > Another  120sec later... (storage.cleanup.delay=120sec)
> >
> > 2018-11-19 19:37:59,598 DEBUG [c.c.s.StorageManagerImpl]
> > (StorageManager-Scavenger-2:ctx-f9dd338d) (logid:9ae40975) Storage pool
> > garbage collector found 1 templates to clean up in storage pool:
> > Primary-storage - NFS
> > ...
> > 2018-11-19 19:37:59,638 DEBUG [c.c.t.TemplateManagerImpl]
> > (StorageManager-Scavenger-2:ctx-f9dd338d) (logid:9ae40975) Evicting
> > TmplPool[37-219-4-563ea0f5-5164-4ac4-a183-728f418269b7]
> > 2018-11-19 19:37:59,643 DEBUG [c.c.h.o.r.Ovm3HypervisorGuru]
> > (StorageManager-Scavenger-2:ctx-f9dd338d) (logid:9ae40975)
> > getCommandHostDelegation: class
> com.cloud.agent.api.storage.DestroyCommand
> > ...
> > 2018-11-19 19:37:59,665 DEBUG [c.c.t.TemplateManagerImpl]
> > (StorageManager-Scavenger-2:ctx-f9dd338d) (logid:9ae40975) Successfully
> > evicted template andrija-test-tmpl from storage pool null
> >
> > template "andrija-test-tmpl" deleted...
> >
> > Hope that helps Run.
> >
> > Cheers
> > Andrija
> >
> > On Mon, 19 Nov 2018 at 19:11, Andrija Panic 
> wrote:
> >
> >> True (at least I'm sure for SolidFire) - but I believe in general also
> >> (will test this now...)
> >>
> >> On Mon, 19 Nov 2018 at 18:51, Dag Sonstebo 
> >> wrote:
> >>
> >>> Developers please correct me... but as far as I remember there is a
> >>> garbage collector which does remove the templates from primary storage
> once
> >>> they are not needed (i.e. have no more "child VMs"). This is
> controlled by
> >>> the global setting "storage.template.cleanup.enabled".
> >>>
> >>> Regards,
> >>> Dag Sonstebo
> >>> Cloud Architect
> >>> ShapeBlue
> >>>
> >>>
> >>> On 16/11/2018, 22:51, "ran huang"  wrote:
> >>>
> >>>  

Re: enable cloudStack SSL

[Andrija Panic]

As an alternative, we use HaProxy in front of ACS, with terminating SSL on
HaProxy cluster

Cheers

On Wed, Nov 21, 2018, 20:06 Rene Moser  Hi Rich
>
> We use nginx in front of cloudstack as a HTTP and SSL proxy. It is much
> easier to setup.
>
> Regards
> René
>
>
>
> On 11/21/18 7:31 PM, Richard Persaud wrote:
> > Hello,
> >
> > How can I enable SSL on cloudStack 4.11.1?
> >
> > I have looked over the documentation located at:
> >
> http://docs.cloudstack.apache.org/en/4.11.1.0/installguide/optional_installation.html?highlight=ssl
> > http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
> >
> > Those refer to Tomcat configuration files that do not seem to exist on
> my installation like the Tomcat server.xml file. In fact, I do not see a
> Tomcat directory on my server at all.
> > My installation is on Ubuntu 16.04 LTS via the ShapeBlue repository.
> >
> > I tried modifying server.properties but that did not work.
> >
> > Any suggestion on how to get SSL working?
> >
> > Thank you in advance!
> >
> > Regards,
> >
> > Rich Persaud
> >
> >
>

Re: 1 click deploy VPC network

[Andrija Panic]

Hi Richard,

you are looking for 1 click deploy from within CloudStack ? That is not
possible actually. You do need to deploy VPC, then networks, then VMs etc.
But you could automate this via CloudMonkey (CLI on Linux) or perhaps do
API calls to provision all needed resources - CloudStack provides very
powerfull API and you should consider using it.

Cheers
Andrija

On Tue, 20 Nov 2018 at 19:47, Richard Persaud 
wrote:

> Hello,
>
> We plan on using cloudStack for classroom style deployments, where each
> user will get the same setup but in different VPCs.
>
> How can I set up cloudStack so when a user logs into their account, there
> is a 1 click deploy template (VPC, tiers and VMs)?
>
> Regards,
> Richard Persaud
> Sys Spec, Info Security Del | Macy's, Inc.
> 5985 State Bridge Rd. | Johns Creek, GA 30097
> Office: 678-474-2357
> https://macyspartners.com/PublishingImages/MakeLifeShineBrighter.png
>


-- 

Andrija Panić

Re: Hyper-V with ACS

[Andrija Panic]

thx!

On Tue, 20 Nov 2018 at 15:07, Jean-Francois Nadeau 
wrote:

> We did a quick test with HyperV 2016 under 4.9.3 and some APIs changed in
> hyperv we believed prevented us to deploy a zone correctly.  We did not
> investigate further.
>
> On Tue, Nov 20, 2018 at 6:18 AM Andrija Panic 
> wrote:
>
> > Hi all,
> >
> > anyone has experience with running Hyper-V with CloudStack, what is
> feature
> > set supported (or more importantly not supported), what versions actually
> > work (HyperV 2016 or not), etc.
> >
> > Any info, would be appreciated.
> >
> > --
> >
> > Andrija Panić
> >
>


-- 

Andrija Panić

Hyper-V with ACS

[Andrija Panic]

Hi all,

anyone has experience with running Hyper-V with CloudStack, what is feature
set supported (or more importantly not supported), what versions actually
work (HyperV 2016 or not), etc.

Any info, would be appreciated.

-- 

Andrija Panić

Re: number of cores

[Andrija Panic]

small tip - if you change cpu overprovisioning on CLUSTER level, no need to
restart management server - it's applied immediately on the fly.

On Tue, 20 Nov 2018 at 00:59, Eric Lee Green 
wrote:

> On 11/19/18 3:47 PM, Yiping Zhang wrote:
> > Eric:
> >
> > What's your value for global setting cpu.overprovisioning.factor?
> >
> > I have this value set to 3.0. Right now, one of my servers with 32 cores
> @ 2.0 GHz (with HT enabled), I can allocate a total of 79 vCPU and 139 GHz
> to 26 VM instances.  That's over 200% over provisioning!
>
> I changed it to 4.0 and restarted the management server first thing. It
> started out at 1.5. At 1.5, my zone shows 41% usage with the typical
> workload -- 169.60Ghz / 409.78Ghz.  I have 2x24x3.03ghz and 1x24x2.40ghz
> servers for a total of 203.04Ghz actual, so even without the multiplier
> I'm not over provisioning my CPU Mhz.
>
> > On 11/19/18, 6:43 AM, "Andrija Panic"  wrote:
> >
> >  Unless someone gives you better answer, I guess it's for fun - to
> have more
> >  detailed numbers in dashboard (may be it's related to other
> hypervisor
> >  types, just assuming... or not...)
> >
> >  Cheers
> >
> >  On Mon, 19 Nov 2018 at 14:11, Ugo Vasi  wrote:
> >
> >  > Hi Andrija,
> >  > not having noticed this new voice before I wondered if it is
> limiting
> >  > the fact of reaching or exceeding the number of physical cores.
> >  >
> >  > What is the purpose of this dashboard pane?
> >  >
> >  >
> >  > Il 19/11/18 12:56, Andrija Panic ha scritto:
> >  > > Hi Ugo,
> >  > >
> >  > > Why would you want to do this, just curious ?
> >  > >
> >  > > I believe it's not possible, but anyway (at least with KVM,
> probably same
> >  > > for other hypervisors) it doesn't even makes sense/use, since
> when
> >  > > deploying a VM, ACS query host free/unused number of MHz (GHz),
> so it's
> >  > not
> >  > > even relevant for ACS - number of cores in not relevant in ACS
> >  > calculations
> >  > > during VM deployment.
> >  > >
> >  > >
> >  > > Cheers,
> >  > > Andrija
> >  > >
> >  > > On Mon, Nov 19, 2018, 11:31 Ugo Vasi  wrote:
> >  > >
> >  > >> Hi all,
> >  > >> in the dashboard of an ACS installation vesion 4.11.1.0
> (Ubuntu 16.04
> >  > >> with KVM hypervisor), the new entry "# of CPU Cores" appears.
> >  > >> Is it possible to over-provision like for MHz or storage?
> >  > >>
> >  > >> Thanks
> >  > >>
> >  > >>
> >  > >> --
> >  > >>
> >  > >> *Ugo Vasi* / System Administrator
> >  > >> ugo.v...@procne.it <mailto:ugo.v...@procne.it>
> >  > >>
> >  > >>
> >  > >>
> >  > >>
> >  > >> *Procne S.r.l.*
> >  > >> +39 0432 486 523
> >  > >> via Cotonificio, 45
> >  > >> 33010 Tavagnacco (UD)
> >  > >> www.procne.it <http://www.procne.it/>
> >  > >>
> >  > >>
> >  > >> Le informazioni contenute nella presente comunicazione ed i
> relativi
> >  > >> allegati possono essere riservate e sono, comunque, destinate
> >  > >> esclusivamente alle persone od alla Società sopraindicati. La
> >  > >> diffusione, distribuzione e/o copiatura del documento
> trasmesso da parte
> >  > >> di qualsiasi soggetto diverso dal destinatario è proibita sia
> ai sensi
> >  > >> dell'art. 616 c.p., che ai sensi del Decreto Legislativo n.
> 196/2003
> >  > >> "Codice in materia di protezione dei dati personali". Se avete
> ricevuto
> >  > >> questo messaggio per errore, vi preghiamo di distruggerlo e di
> informare
> >  > >> immediatamente Procne S.r.l. scrivendo all' indirizzo e-mail
> >  > >> i...@procne.it <mailto:i...@procne.it>.
> >  > >>
> >  > >>
> >  > >
> >  > >
> >  > >
> >  >
> >  >
> >  > --
> >  >
> >  > *U

Re: number of cores

[Andrija Panic]

FYI, tested again (CPU overprovisioning factor=1 on both Cluster and Global
level - so NO overprovisioning)

deployed VM unti it failed (could not deploy any more):

At moment of failure:
cpu used 79% (90% is disabled threshold, but VMs is big one, so would cause
91-92% usage)
number of cpu cores: 143%

So in my tests, it has nothing to do with cpu core limit (nor
overprovisioning), since I'm way above it and overprovisioning is disabled.


On Tue, 20 Nov 2018 at 00:48, Yiping Zhang  wrote:

> Eric:
>
> What's your value for global setting cpu.overprovisioning.factor?
>
> I have this value set to 3.0. Right now, one of my servers with 32 cores @
> 2.0 GHz (with HT enabled), I can allocate a total of 79 vCPU and 139 GHz to
> 26 VM instances.  That's over 200% over provisioning!
>
> Yiping
>
> On 11/19/18, 6:43 AM, "Andrija Panic"  wrote:
>
> Unless someone gives you better answer, I guess it's for fun - to have
> more
> detailed numbers in dashboard (may be it's related to other hypervisor
> types, just assuming... or not...)
>
> Cheers
>
> On Mon, 19 Nov 2018 at 14:11, Ugo Vasi  wrote:
>
> > Hi Andrija,
> > not having noticed this new voice before I wondered if it is limiting
> > the fact of reaching or exceeding the number of physical cores.
> >
>     > What is the purpose of this dashboard pane?
> >
> >
> > Il 19/11/18 12:56, Andrija Panic ha scritto:
> > > Hi Ugo,
> > >
> > > Why would you want to do this, just curious ?
> > >
> > > I believe it's not possible, but anyway (at least with KVM,
> probably same
> > > for other hypervisors) it doesn't even makes sense/use, since when
> > > deploying a VM, ACS query host free/unused number of MHz (GHz), so
> it's
> > not
> > > even relevant for ACS - number of cores in not relevant in ACS
> > calculations
> > > during VM deployment.
> > >
> > >
> > > Cheers,
> > > Andrija
> > >
> > > On Mon, Nov 19, 2018, 11:31 Ugo Vasi  wrote:
> > >
> > >> Hi all,
> > >> in the dashboard of an ACS installation vesion 4.11.1.0 (Ubuntu
> 16.04
> > >> with KVM hypervisor), the new entry "# of CPU Cores" appears.
> > >> Is it possible to over-provision like for MHz or storage?
> > >>
> > >> Thanks
> > >>
> > >>
> > >> --
> > >>
> > >> *Ugo Vasi* / System Administrator
> > >> ugo.v...@procne.it <mailto:ugo.v...@procne.it>
> > >>
> > >>
> > >>
> > >>
> > >> *Procne S.r.l.*
> > >> +39 0432 486 523
> > >> via Cotonificio, 45
> > >> 33010 Tavagnacco (UD)
> > >> www.procne.it <http://www.procne.it/>
> > >>
> > >>
> > >> Le informazioni contenute nella presente comunicazione ed i
> relativi
> > >> allegati possono essere riservate e sono, comunque, destinate
> > >> esclusivamente alle persone od alla Società sopraindicati. La
> > >> diffusione, distribuzione e/o copiatura del documento trasmesso
> da parte
> > >> di qualsiasi soggetto diverso dal destinatario è proibita sia ai
> sensi
> > >> dell'art. 616 c.p., che ai sensi del Decreto Legislativo n.
> 196/2003
> > >> "Codice in materia di protezione dei dati personali". Se avete
> ricevuto
> > >> questo messaggio per errore, vi preghiamo di distruggerlo e di
> informare
> > >> immediatamente Procne S.r.l. scrivendo all' indirizzo e-mail
> > >> i...@procne.it <mailto:i...@procne.it>.
> > >>
> > >>
> > >
> > >
> > >
> >
> >
> > --
> >
> > *Ugo Vasi* / System Administrator
> > ugo.v...@procne.it <mailto:ugo.v...@procne.it>
> >
> >
> >
> >
> > *Procne S.r.l.*
> > +39 0432 486 523
> > via Cotonificio, 45
> > 33010 Tavagnacco (UD)
> > www.procne.it <http://www.procne.it/>
> >
> >
> > Le informazioni contenute nella presente comunicazione ed i relativi
> > allegati possono essere riservate e sono, comunque, destinate
> > esclusivamente alle persone od alla Società sopraindicati. La
> > diffusione, distribuzione e/o copiatura del documento trasmesso da
> parte
> > di qualsiasi soggetto diverso dal destinatario è proibita sia ai
> sensi
> > dell'art. 616 c.p., che ai sensi del Decreto Legislativo n. 196/2003
> > "Codice in materia di protezione dei dati personali". Se avete
> ricevuto
> > questo messaggio per errore, vi preghiamo di distruggerlo e di
> informare
> > immediatamente Procne S.r.l. scrivendo all' indirizzo e-mail
> > i...@procne.it <mailto:i...@procne.it>.
> >
> >
>
> --
>
> Andrija Panić
>
>
>

-- 

Andrija Panić

Re: number of cores

[Andrija Panic]

Eric, I sent you numbers from KVM, Ubuntu 14.04 (qemu/libvrti from Ubuntu
16.04)

Can you please reproduce the issue and upload logs - make sure to truncate
logs prior to clicking the "FINISH" button in the VM creation wizard..
Upload to pastebin, so we can check it

Cheers

On Mon, 19 Nov 2018 at 20:42, Eric Green  wrote:

> I am with KVM.
>
> I am sure it’s the core count preventing me from starting VM’s because
> when I hack the database to tell it I have 48 cores rather than 24 cores on
> my hosts, I can then start the VM.
>
> The only thing the logs say is that I can’t create a new VM due to lack of
> resources. Then it quits saying that when I hack the database. Note that
> under 4.9.2 (what I reverted back to), Memory is at 49%, CPU is at 41%,
> Primary Storage is at 5%, and Secondary Storage is at 5%. All other
> resources aren’t even 1% used (I set up # of vlans, shared network IP’s,
> etc. fairly large because I expect to grow the cluster in the future).  4.9
> doesn’t list CPU cores. Under 4.11.1 those measures were the same.
>
> I am running KVM under Centos 7. It may be that the KVM allocator works
> different from the VMware allocator?
>
> From: Dag Sonstebo
> Sent: Monday, November 19, 2018 9:47 AM
> To: users@cloudstack.apache.org
> Subject: Re: number of cores
>
> Andrija - not sure about your 3.4GHz cores - must a be a simplified lookup
> somewhere making assumptions.
>
> Eric - have just tried your scenario in my 4.11.2RC5 lab (admittedly with
> VMware, not KVM) - and I can see my core allocation keeps going up, e.g. at
> the moment it sits at 166% - 10 out of 6 cores used. However it doesn't
> stop me starting new VMs (only using 30-40% CPU and memory).
> Are you sure it's the core count preventing you from starting VMs? What do
> the logs say? (Also keep in mind your system VMs are now using more
> resources that before).
>
> Regards,
> Dag Sonstebo
> Cloud Architect
> ShapeBlue
>
>
> On 19/11/2018, 17:15, "Eric Lee Green"  wrote:
>
>
> On 11/19/18 03:56, Andrija Panic wrote:
> > Hi Ugo,
> >
> > Why would you want to do this, just curious ?
> >
> > I believe it's not possible, but anyway (at least with KVM, probably
> same
> > for other hypervisors) it doesn't even makes sense/use, since when
> > deploying a VM, ACS query host free/unused number of MHz (GHz), so
> it's not
> > even relevant for ACS - number of cores in not relevant in ACS
> calculations
> > during VM deployment.
>
>
> I think you are misunderstanding the question. I have 72 cores in my
> cluster. Each of my hosts has 24 cores. With 4.9.2, I can provision 10
> virtual machines, each of which is programmed with 8 cores, meaning 80
> cores total. They on average are using only 25% of the CPU available
> to
> them (they need to be able to burst) and my compute servers on average
> are only 40% CPU used so that is not a problem.
>
> When I tried upgrading to 4.11.1,  the dashboard showed a new value "#
> of CPU Cores" in red and showed that I had more cores provisioned for
> virtual machines than available in the cluster (80 versus 72
> available).
> Cloudstack would not launch new virtual machines. I shut down two
> virtual machines, and now I can launch one, but not the second because
> I
> would need 80 cores total in my cluster. I cannot launch all 10
> virtual
> machines because I would need 80 cores total. I know this because I
> tried it. I then used MySQL to tell Cloudstack that each of my hosts
> has
> 48 cores (144 total), and suddenly I can launch all of my virtual
> machines.
>
> Is this a bug in 4.11.1? Or is this expected behavior? If expected
> behavior, is there a way to over-provision "total # of cores used"
> other
> than to go into MySQL and tell it that my hosts have more cores than
> they in fact have? (Note that my service offerings are limited to 8
> cores max, so there's no way to launch a single VM with more cores
> than
> exists on a physical host, since all my hosts have 24 cores).
>
>
> > On Mon, Nov 19, 2018, 11:31 Ugo Vasi  wrote:
> >
> >> Hi all,
> >> in the dashboard of an ACS installation vesion 4.11.1.0 (Ubuntu
> 16.04
> >> with KVM hypervisor), the new entry "# of CPU Cores" appears.
> >> Is it possible to over-provision like for MHz or storage?
> >>
> >> Thanks
> >>
> >>
> >> --
> >>
> >> *Ugo Vasi* / System Administrator
> >> ugo.v...

Re: KVM NFS template image

[Andrija Panic]

new template, deployed new VM, destroyed VM (with Exunge option)...

up to 120sec later... (storage.cleanup.interval=120 sec,  global config
option)

2018-11-19 19:35:59,525 DEBUGStorage pool garbage collector found 1
templates to clean up in storage pool: Primary-storage - NFS
2018-11-19 19:35:59,525 DEBUG [c.c.s.StorageManagerImpl]
(StorageManager-Scavenger-1:ctx-2c88c8e0) (logid:040f4ad1) Storage pool
garbage collector has marked template with ID: 219 on pool 4 for garbage
collection

Another  120sec later... (storage.cleanup.delay=120sec)

2018-11-19 19:37:59,598 DEBUG [c.c.s.StorageManagerImpl]
(StorageManager-Scavenger-2:ctx-f9dd338d) (logid:9ae40975) Storage pool
garbage collector found 1 templates to clean up in storage pool:
Primary-storage - NFS
...
2018-11-19 19:37:59,638 DEBUG [c.c.t.TemplateManagerImpl]
(StorageManager-Scavenger-2:ctx-f9dd338d) (logid:9ae40975) Evicting
TmplPool[37-219-4-563ea0f5-5164-4ac4-a183-728f418269b7]
2018-11-19 19:37:59,643 DEBUG [c.c.h.o.r.Ovm3HypervisorGuru]
(StorageManager-Scavenger-2:ctx-f9dd338d) (logid:9ae40975)
getCommandHostDelegation: class com.cloud.agent.api.storage.DestroyCommand
...
2018-11-19 19:37:59,665 DEBUG [c.c.t.TemplateManagerImpl]
(StorageManager-Scavenger-2:ctx-f9dd338d) (logid:9ae40975) Successfully
evicted template andrija-test-tmpl from storage pool null

template "andrija-test-tmpl" deleted...

Hope that helps Run.

Cheers
Andrija

On Mon, 19 Nov 2018 at 19:11, Andrija Panic  wrote:

> True (at least I'm sure for SolidFire) - but I believe in general also
> (will test this now...)
>
> On Mon, 19 Nov 2018 at 18:51, Dag Sonstebo 
> wrote:
>
>> Developers please correct me... but as far as I remember there is a
>> garbage collector which does remove the templates from primary storage once
>> they are not needed (i.e. have no more "child VMs"). This is controlled by
>> the global setting "storage.template.cleanup.enabled".
>>
>> Regards,
>> Dag Sonstebo
>> Cloud Architect
>> ShapeBlue
>>
>>
>> On 16/11/2018, 22:51, "ran huang"  wrote:
>>
>> Hi Andrija,
>>
>> Thanks for the clarification and quick response
>>
>> regards,
>> Ran
>>
>> On 11/16/2018 02:15 PM, Andrija Panic wrote:
>> > Hi Ran,
>> >
>> > templates stays on Primary Storage "forever", at least for NFS
>> (they are
>> > moved from Secondary to Primary when you deploy a very first VM from
>> > specific template). All VMs have this templates qcow2 as baking
>> (parent)
>> > image.
>> >
>> > This template is a qcow2 copy of a file from Secondary Storage -
>> and is
>> > considered a "parent" image, from which all child images  (VM
>> volumes) are
>> > created - as you stated baking file (qcow linked clones, in official
>> > terminology)
>> >
>> > you can have i.e. 100 VMs all linking (having it's backing file...)
>> to a
>> > template qcow2 file.
>> > So in other words, it's not supposed to be removed.
>> >
>> > Does this make sense?
>> >
>> > Cheers
>> >
>> >
>> >
>>
>> dag.sonst...@shapeblue.com
>> www.shapeblue.com
>> Amadeus House, Floral Street, London  WC2E 9DPUK
>> @shapeblue
>>
>>
>>
>> > On Fri, 16 Nov 2018 at 22:38, ran huang  wrote:
>> >
>> >> Greetings All,
>> >>
>> >> For qcow2 format images, when creating a new VM in KVM, the
>> template
>> >> image is copied from secondary storage to primary storage, and the
>> root
>> >> volume image is created with the template image as a backing file.
>> >>
>> >> But when I break this backing chain on primary(expunge VM or
>> revert to a
>> >> snapshot previously created on the root volume image), the template
>> >> image is not deleted.
>> >>
>> >> Might I ask how is the template image going to be cleaned from the
>> >> primary storage?
>> >>
>> >>
>> >> addendum:
>> >> CS ver 4.9.2 on CentOS 7.2
>> >>
>> >> regards,
>> >> Ran
>> >>
>> >
>>
>>
>>
>>
>
> --
>
> Andrija Panić
>


-- 

Andrija Panić

Re: number of cores

[Andrija Panic]

https://pasteboard.co/HNVkBpv.png

All fine, but note that my CPU GHZ is NOT over 80% (I believe 0.8 aka 80%
is the cpu warning or disable threshold)

As Dag said, please check from mgmt logs why you can't actually spin new VM
in your case.

When you start to deploy VM, there will be some friendly printed (human
readable) lines similar to "checking list of hosts with enough resources"
and similar, it will evaluate each host for needed number of MHz and RAM
memory - and if none match, then it will fail to deploy - and it will say
that clearly, something like "no host with enough CPU capacity" or in
similar fashion...

(this is clean install though...)

Please check your "cluster.cpu.allocated.capacity.disablethreshold" both in
Global Settings, and on particular Cluster level.

Cheers

On Mon, 19 Nov 2018 at 19:12, Andrija Panic  wrote:

> Let me test this also, on clean 4.11.2 RC5... (KVM)
>
>
> On Mon, 19 Nov 2018 at 18:47, Dag Sonstebo 
> wrote:
>
>> Andrija - not sure about your 3.4GHz cores - must a be a simplified
>> lookup somewhere making assumptions.
>>
>> Eric - have just tried your scenario in my 4.11.2RC5 lab (admittedly with
>> VMware, not KVM) - and I can see my core allocation keeps going up, e.g. at
>> the moment it sits at 166% - 10 out of 6 cores used. However it doesn't
>> stop me starting new VMs (only using 30-40% CPU and memory).
>> Are you sure it's the core count preventing you from starting VMs? What
>> do the logs say? (Also keep in mind your system VMs are now using more
>> resources that before).
>>
>> Regards,
>> Dag Sonstebo
>> Cloud Architect
>> ShapeBlue
>>
>>
>> On 19/11/2018, 17:15, "Eric Lee Green"  wrote:
>>
>>
>> On 11/19/18 03:56, Andrija Panic wrote:
>> > Hi Ugo,
>> >
>> > Why would you want to do this, just curious ?
>> >
>> > I believe it's not possible, but anyway (at least with KVM,
>> probably same
>> > for other hypervisors) it doesn't even makes sense/use, since when
>> > deploying a VM, ACS query host free/unused number of MHz (GHz), so
>> it's not
>> > even relevant for ACS - number of cores in not relevant in ACS
>> calculations
>> > during VM deployment.
>>
>>
>> I think you are misunderstanding the question. I have 72 cores in my
>> cluster. Each of my hosts has 24 cores. With 4.9.2, I can provision
>> 10
>> virtual machines, each of which is programmed with 8 cores, meaning
>> 80
>> cores total. They on average are using only 25% of the CPU available
>> to
>> them (they need to be able to burst) and my compute servers on
>> average
>> are only 40% CPU used so that is not a problem.
>>
>> When I tried upgrading to 4.11.1,  the dashboard showed a new value
>> "#
>> of CPU Cores" in red and showed that I had more cores provisioned for
>> virtual machines than available in the cluster (80 versus 72
>> available).
>> Cloudstack would not launch new virtual machines. I shut down two
>> virtual machines, and now I can launch one, but not the second
>> because I
>> would need 80 cores total in my cluster. I cannot launch all 10
>> virtual
>> machines because I would need 80 cores total. I know this because I
>> tried it. I then used MySQL to tell Cloudstack that each of my hosts
>> has
>> 48 cores (144 total), and suddenly I can launch all of my virtual
>> machines.
>>
>> Is this a bug in 4.11.1? Or is this expected behavior? If expected
>> behavior, is there a way to over-provision "total # of cores used"
>> other
>> than to go into MySQL and tell it that my hosts have more cores than
>> they in fact have? (Note that my service offerings are limited to 8
>> cores max, so there's no way to launch a single VM with more cores
>> than
>> exists on a physical host, since all my hosts have 24 cores).
>>
>>
>> > On Mon, Nov 19, 2018, 11:31 Ugo Vasi > wrote:
>> >
>> >> Hi all,
>> >> in the dashboard of an ACS installation vesion 4.11.1.0 (Ubuntu
>> 16.04
>> >> with KVM hypervisor), the new entry "# of CPU Cores" appears.
>> >> Is it possible to over-provision like for MHz or storage?
>> >>
>> >> Thanks
>> >>
>> >>
>> >> --
>> >>
>> >> *Ugo Vasi* / System Administrator
>> >> ugo.v...@procn

Re: number of cores

[Andrija Panic]

Let me test this also, on clean 4.11.2 RC5... (KVM)


On Mon, 19 Nov 2018 at 18:47, Dag Sonstebo 
wrote:

> Andrija - not sure about your 3.4GHz cores - must a be a simplified lookup
> somewhere making assumptions.
>
> Eric - have just tried your scenario in my 4.11.2RC5 lab (admittedly with
> VMware, not KVM) - and I can see my core allocation keeps going up, e.g. at
> the moment it sits at 166% - 10 out of 6 cores used. However it doesn't
> stop me starting new VMs (only using 30-40% CPU and memory).
> Are you sure it's the core count preventing you from starting VMs? What do
> the logs say? (Also keep in mind your system VMs are now using more
> resources that before).
>
> Regards,
> Dag Sonstebo
> Cloud Architect
> ShapeBlue
>
>
> On 19/11/2018, 17:15, "Eric Lee Green"  wrote:
>
>
> On 11/19/18 03:56, Andrija Panic wrote:
> > Hi Ugo,
> >
> > Why would you want to do this, just curious ?
> >
> > I believe it's not possible, but anyway (at least with KVM, probably
> same
> > for other hypervisors) it doesn't even makes sense/use, since when
> > deploying a VM, ACS query host free/unused number of MHz (GHz), so
> it's not
> > even relevant for ACS - number of cores in not relevant in ACS
> calculations
> > during VM deployment.
>
>
> I think you are misunderstanding the question. I have 72 cores in my
> cluster. Each of my hosts has 24 cores. With 4.9.2, I can provision 10
> virtual machines, each of which is programmed with 8 cores, meaning 80
> cores total. They on average are using only 25% of the CPU available
> to
> them (they need to be able to burst) and my compute servers on average
> are only 40% CPU used so that is not a problem.
>
> When I tried upgrading to 4.11.1,  the dashboard showed a new value "#
> of CPU Cores" in red and showed that I had more cores provisioned for
> virtual machines than available in the cluster (80 versus 72
> available).
> Cloudstack would not launch new virtual machines. I shut down two
> virtual machines, and now I can launch one, but not the second because
> I
> would need 80 cores total in my cluster. I cannot launch all 10
> virtual
> machines because I would need 80 cores total. I know this because I
> tried it. I then used MySQL to tell Cloudstack that each of my hosts
> has
> 48 cores (144 total), and suddenly I can launch all of my virtual
> machines.
>
> Is this a bug in 4.11.1? Or is this expected behavior? If expected
> behavior, is there a way to over-provision "total # of cores used"
> other
> than to go into MySQL and tell it that my hosts have more cores than
> they in fact have? (Note that my service offerings are limited to 8
> cores max, so there's no way to launch a single VM with more cores
> than
> exists on a physical host, since all my hosts have 24 cores).
>
>
> > On Mon, Nov 19, 2018, 11:31 Ugo Vasi  wrote:
> >
> >> Hi all,
> >> in the dashboard of an ACS installation vesion 4.11.1.0 (Ubuntu
> 16.04
> >> with KVM hypervisor), the new entry "# of CPU Cores" appears.
> >> Is it possible to over-provision like for MHz or storage?
> >>
> >> Thanks
> >>
> >>
> >> --
> >>
> >> *Ugo Vasi* / System Administrator
> >> ugo.v...@procne.it <mailto:ugo.v...@procne.it>
> >>
> >>
> >>
> >>
> >> *Procne S.r.l.*
> >> +39 0432 486 523
> >> via Cotonificio, 45
> >> 33010 Tavagnacco (UD)
> >> www.procne.it <http://www.procne.it/>
> >>
> >>
> >> Le informazioni contenute nella presente comunicazione ed i relativi
> >> allegati possono essere riservate e sono, comunque, destinate
> >> esclusivamente alle persone od alla Società sopraindicati. La
> >> diffusione, distribuzione e/o copiatura del documento trasmesso da
> parte
> >> di qualsiasi soggetto diverso dal destinatario è proibita sia ai
> sensi
> >> dell'art. 616 c.p., che ai sensi del Decreto Legislativo n. 196/2003
> >> "Codice in materia di protezione dei dati personali". Se avete
> ricevuto
> >> questo messaggio per errore, vi preghiamo di distruggerlo e di
> informare
> >> immediatamente Procne S.r.l. scrivendo all' indirizzo e-mail
> >> i...@procne.it <mailto:i...@procne.it>.
> >>
> >>
>
>
>
> dag.sonst...@shapeblue.com
> www.shapeblue.com
> Amadeus House, Floral Street, London  WC2E 9DPUK
> @shapeblue
>
>
>
>

-- 

Andrija Panić

Re: KVM NFS template image

[Andrija Panic]

True (at least I'm sure for SolidFire) - but I believe in general also
(will test this now...)

On Mon, 19 Nov 2018 at 18:51, Dag Sonstebo 
wrote:

> Developers please correct me... but as far as I remember there is a
> garbage collector which does remove the templates from primary storage once
> they are not needed (i.e. have no more "child VMs"). This is controlled by
> the global setting "storage.template.cleanup.enabled".
>
> Regards,
> Dag Sonstebo
> Cloud Architect
> ShapeBlue
>
>
> On 16/11/2018, 22:51, "ran huang"  wrote:
>
> Hi Andrija,
>
> Thanks for the clarification and quick response
>
> regards,
> Ran
>
> On 11/16/2018 02:15 PM, Andrija Panic wrote:
> > Hi Ran,
> >
> > templates stays on Primary Storage "forever", at least for NFS (they
> are
> > moved from Secondary to Primary when you deploy a very first VM from
> > specific template). All VMs have this templates qcow2 as baking
> (parent)
> > image.
> >
> > This template is a qcow2 copy of a file from Secondary Storage - and
> is
> > considered a "parent" image, from which all child images  (VM
> volumes) are
> > created - as you stated baking file (qcow linked clones, in official
> > terminology)
> >
> > you can have i.e. 100 VMs all linking (having it's backing file...)
> to a
> > template qcow2 file.
> > So in other words, it's not supposed to be removed.
> >
> > Does this make sense?
> >
> > Cheers
> >
> >
> >
>
> dag.sonst...@shapeblue.com
> www.shapeblue.com
> Amadeus House, Floral Street, London  WC2E 9DPUK
> @shapeblue
>
>
>
> > On Fri, 16 Nov 2018 at 22:38, ran huang  wrote:
> >
> >> Greetings All,
> >>
> >> For qcow2 format images, when creating a new VM in KVM, the template
> >> image is copied from secondary storage to primary storage, and the
> root
> >> volume image is created with the template image as a backing file.
> >>
> >> But when I break this backing chain on primary(expunge VM or revert
> to a
> >> snapshot previously created on the root volume image), the template
> >> image is not deleted.
> >>
> >> Might I ask how is the template image going to be cleaned from the
> >> primary storage?
> >>
> >>
> >> addendum:
> >> CS ver 4.9.2 on CentOS 7.2
> >>
> >> regards,
> >> Ran
> >>
> >
>
>
>
>

-- 

Andrija Panić

Re: number of cores

[Andrija Panic]

Thx Dag for confirmation.

Speaking about CPU cores - I do have one "problem" which not sure is
possible to solve in meaningful way

2 x 8 core Intel Xeon E5 2.6GHz nominally (with HT enabled), with burst to
3.4 GHz ( but ! only a few cores can burst to that 3.4 - not all at the
same time !) -  and CloudStack reports my host as 32 x 3.4GHz (instead of
32 x 2.6 GHz)
(not sure from where does ACS extract this 3.4GHz info... - effectively my
host CPUs are overprovisioned here by 3.4 / 2.6 = 1.30 (30%
overprovisioning)

One note, we do have CPU governor set to high performance etc...

Any opinion ?

Cheers

On Mon, 19 Nov 2018 at 16:10, Dag Sonstebo 
wrote:

> Ultimately there will always be a 1-to-1 relationship between vCPU cores
> and physical cores - you can't make a 4vCPU VM run on an "overprovisioned 2
> physical core" hypervisor (unless you consider Intel HT to be exactly
> this). You can only overprovision time slices of your total clock cycles.
> If you push the limits too far on this though you get vCPU wait times -
> when there is too much contention and it ends up taking too long to
> schedule e.g. 4 vCPUs on 4 physical cores.
>
> IMO having the total number of cores is still useful information - same as
> total number of hosts and memory. Yes we know these are total numbers - but
> still gives you an idea of the capacity of your compute nodes.
>
> Regards,
> Dag Sonstebo
> Cloud Architect
> ShapeBlue
>
>
> On 19/11/2018, 14:43, "Andrija Panic"  wrote:
>
> Unless someone gives you better answer, I guess it's for fun - to have
> more
> detailed numbers in dashboard (may be it's related to other hypervisor
> types, just assuming... or not...)
>
> Cheers
>
>
> dag.sonst...@shapeblue.com
> www.shapeblue.com
> Amadeus House, Floral Street, London  WC2E 9DPUK
> @shapeblue
>
>
>
> On Mon, 19 Nov 2018 at 14:11, Ugo Vasi  wrote:
>
> > Hi Andrija,
> > not having noticed this new voice before I wondered if it is limiting
> > the fact of reaching or exceeding the number of physical cores.
> >
> > What is the purpose of this dashboard pane?
> >
> >
> > Il 19/11/18 12:56, Andrija Panic ha scritto:
> > > Hi Ugo,
> > >
> > > Why would you want to do this, just curious ?
> > >
> > > I believe it's not possible, but anyway (at least with KVM,
> probably same
> > > for other hypervisors) it doesn't even makes sense/use, since when
> > > deploying a VM, ACS query host free/unused number of MHz (GHz), so
> it's
> > not
> > > even relevant for ACS - number of cores in not relevant in ACS
> > calculations
> > > during VM deployment.
> > >
> > >
> > > Cheers,
> > > Andrija
> > >
> > > On Mon, Nov 19, 2018, 11:31 Ugo Vasi  wrote:
> > >
> > >> Hi all,
> > >> in the dashboard of an ACS installation vesion 4.11.1.0 (Ubuntu
> 16.04
> > >> with KVM hypervisor), the new entry "# of CPU Cores" appears.
> > >> Is it possible to over-provision like for MHz or storage?
> > >>
> > >> Thanks
> > >>
> > >>
> > >> --
> > >>
> > >> *Ugo Vasi* / System Administrator
> > >> ugo.v...@procne.it <mailto:ugo.v...@procne.it>
> > >>
> > >>
> > >>
> > >>
> > >> *Procne S.r.l.*
> > >> +39 0432 486 523
> > >> via Cotonificio, 45
> > >> 33010 Tavagnacco (UD)
> > >> www.procne.it <http://www.procne.it/>
> > >>
> > >>
> > >> Le informazioni contenute nella presente comunicazione ed i
> relativi
> > >> allegati possono essere riservate e sono, comunque, destinate
> > >> esclusivamente alle persone od alla Società sopraindicati. La
> > >> diffusione, distribuzione e/o copiatura del documento trasmesso
> da parte
> > >> di qualsiasi soggetto diverso dal destinatario è proibita sia ai
> sensi
> > >> dell'art. 616 c.p., che ai sensi del Decreto Legislativo n.
> 196/2003
> > >> "Codice in materia di protezione dei dati personali". Se avete
> ricevuto
> > >> questo messaggio per errore, vi preghiamo di distruggerlo e di
> informare
> > >> immediatamente Procne S.r.l. scrivendo all' indirizzo e-mail
> > >> i...@

Re: number of cores

[Andrija Panic]

Unless someone gives you better answer, I guess it's for fun - to have more
detailed numbers in dashboard (may be it's related to other hypervisor
types, just assuming... or not...)

Cheers

On Mon, 19 Nov 2018 at 14:11, Ugo Vasi  wrote:

> Hi Andrija,
> not having noticed this new voice before I wondered if it is limiting
> the fact of reaching or exceeding the number of physical cores.
>
> What is the purpose of this dashboard pane?
>
>
> Il 19/11/18 12:56, Andrija Panic ha scritto:
> > Hi Ugo,
> >
> > Why would you want to do this, just curious ?
> >
> > I believe it's not possible, but anyway (at least with KVM, probably same
> > for other hypervisors) it doesn't even makes sense/use, since when
> > deploying a VM, ACS query host free/unused number of MHz (GHz), so it's
> not
> > even relevant for ACS - number of cores in not relevant in ACS
> calculations
> > during VM deployment.
> >
> >
> > Cheers,
> > Andrija
> >
> > On Mon, Nov 19, 2018, 11:31 Ugo Vasi  >
> >> Hi all,
> >> in the dashboard of an ACS installation vesion 4.11.1.0 (Ubuntu 16.04
> >> with KVM hypervisor), the new entry "# of CPU Cores" appears.
> >> Is it possible to over-provision like for MHz or storage?
> >>
> >> Thanks
> >>
> >>
> >> --
> >>
> >> *Ugo Vasi* / System Administrator
> >> ugo.v...@procne.it <mailto:ugo.v...@procne.it>
> >>
> >>
> >>
> >>
> >> *Procne S.r.l.*
> >> +39 0432 486 523
> >> via Cotonificio, 45
> >> 33010 Tavagnacco (UD)
> >> www.procne.it <http://www.procne.it/>
> >>
> >>
> >> Le informazioni contenute nella presente comunicazione ed i relativi
> >> allegati possono essere riservate e sono, comunque, destinate
> >> esclusivamente alle persone od alla Società sopraindicati. La
> >> diffusione, distribuzione e/o copiatura del documento trasmesso da parte
> >> di qualsiasi soggetto diverso dal destinatario è proibita sia ai sensi
> >> dell'art. 616 c.p., che ai sensi del Decreto Legislativo n. 196/2003
> >> "Codice in materia di protezione dei dati personali". Se avete ricevuto
> >> questo messaggio per errore, vi preghiamo di distruggerlo e di informare
> >> immediatamente Procne S.r.l. scrivendo all' indirizzo e-mail
> >> i...@procne.it <mailto:i...@procne.it>.
> >>
> >>
> >
> >
> >
>
>
> --
>
> *Ugo Vasi* / System Administrator
> ugo.v...@procne.it <mailto:ugo.v...@procne.it>
>
>
>
>
> *Procne S.r.l.*
> +39 0432 486 523
> via Cotonificio, 45
> 33010 Tavagnacco (UD)
> www.procne.it <http://www.procne.it/>
>
>
> Le informazioni contenute nella presente comunicazione ed i relativi
> allegati possono essere riservate e sono, comunque, destinate
> esclusivamente alle persone od alla Società sopraindicati. La
> diffusione, distribuzione e/o copiatura del documento trasmesso da parte
> di qualsiasi soggetto diverso dal destinatario è proibita sia ai sensi
> dell'art. 616 c.p., che ai sensi del Decreto Legislativo n. 196/2003
> "Codice in materia di protezione dei dati personali". Se avete ricevuto
> questo messaggio per errore, vi preghiamo di distruggerlo e di informare
> immediatamente Procne S.r.l. scrivendo all' indirizzo e-mail
> i...@procne.it <mailto:i...@procne.it>.
>
>

-- 

Andrija Panić

Re: number of cores

[Andrija Panic]

Hi Ugo,

Why would you want to do this, just curious ?

I believe it's not possible, but anyway (at least with KVM, probably same
for other hypervisors) it doesn't even makes sense/use, since when
deploying a VM, ACS query host free/unused number of MHz (GHz), so it's not
even relevant for ACS - number of cores in not relevant in ACS calculations
during VM deployment.


Cheers,
Andrija

On Mon, Nov 19, 2018, 11:31 Ugo Vasi  Hi all,
> in the dashboard of an ACS installation vesion 4.11.1.0 (Ubuntu 16.04
> with KVM hypervisor), the new entry "# of CPU Cores" appears.
> Is it possible to over-provision like for MHz or storage?
>
> Thanks
>
>
> --
>
> *Ugo Vasi* / System Administrator
> ugo.v...@procne.it 
>
>
>
>
> *Procne S.r.l.*
> +39 0432 486 523
> via Cotonificio, 45
> 33010 Tavagnacco (UD)
> www.procne.it 
>
>
> Le informazioni contenute nella presente comunicazione ed i relativi
> allegati possono essere riservate e sono, comunque, destinate
> esclusivamente alle persone od alla Società sopraindicati. La
> diffusione, distribuzione e/o copiatura del documento trasmesso da parte
> di qualsiasi soggetto diverso dal destinatario è proibita sia ai sensi
> dell'art. 616 c.p., che ai sensi del Decreto Legislativo n. 196/2003
> "Codice in materia di protezione dei dati personali". Se avete ricevuto
> questo messaggio per errore, vi preghiamo di distruggerlo e di informare
> immediatamente Procne S.r.l. scrivendo all' indirizzo e-mail
> i...@procne.it .
>
>

Re: KVM NFS template image

[Andrija Panic]

Hi Ran,

templates stays on Primary Storage "forever", at least for NFS (they are
moved from Secondary to Primary when you deploy a very first VM from
specific template). All VMs have this templates qcow2 as baking (parent)
image.

This template is a qcow2 copy of a file from Secondary Storage - and is
considered a "parent" image, from which all child images  (VM volumes) are
created - as you stated baking file (qcow linked clones, in official
terminology)

you can have i.e. 100 VMs all linking (having it's backing file...) to a
template qcow2 file.
So in other words, it's not supposed to be removed.

Does this make sense?

Cheers



On Fri, 16 Nov 2018 at 22:38, ran huang  wrote:

> Greetings All,
>
> For qcow2 format images, when creating a new VM in KVM, the template
> image is copied from secondary storage to primary storage, and the root
> volume image is created with the template image as a backing file.
>
> But when I break this backing chain on primary(expunge VM or revert to a
> snapshot previously created on the root volume image), the template
> image is not deleted.
>
> Might I ask how is the template image going to be cleaned from the
> primary storage?
>
>
> addendum:
> CS ver 4.9.2 on CentOS 7.2
>
> regards,
> Ran
>


-- 

Andrija Panić

Re: primary storage best practices?

[Andrija Panic]

@Ivan, I'm assunibng Yiping meant other users of CLoudStack (not users
inside CLoudStack) - so yes for us admins...

So we are talking about deployment planner - in similar way as we have
couple of them for the VM deployment (UserDispersing, UserConcetrated, etc)

I like the idea in general.

On Fri, 16 Nov 2018 at 20:29, Yiping Zhang  wrote:

> Hi, Ivan:
>
> I think one or more deployment planner for storage to handle automatic
> storage placement for new images is a good idea (when multiple primary
> storages are available).  But on top of that, letting admins to manually
> pick storage device (to override deployment planner selection) is also a
> good thing to have, giving that it is simply not possible for any
> deployment planner to handle all possible situations out there.
>
> Yiping
>
> On 11/16/18, 10:49 AM, "Ivan Kudryavtsev" 
> wrote:
>
> Hi, Yiping. This is important feature especially for those, who use
> local
> storage deployments.
>
> But I don't think regular users must be able doing that. Admins may
> have
> that feature, but users must perceipt the cloud as incapsulated service
> with hidden topology. What they need is a deployment planner for a
> storage.
>
> The request itself is useful, but the feature design must fit every
> kind of
> cloud use case, not only yours.
>
>
> пт, 16 нояб. 2018 г., 13:10 Yiping Zhang yzh...@marketo.com:
>
> > It sounds like we have an enhancement/feature request here: to be
> able to
> > specify primary storage device where the new image to be created on
> when
> > calling deployVirtualMachine API.
> >
> > Where should I file this request, in Github or the original Apache's
> > CloudStack Jira?
> >
> > Yiping
> >
> > On 11/15/18, 2:27 PM, "Andrija Panic" 
> wrote:
> >
> > I believe (if not mistaken) that CloudStack will match first
> available
> > storage based on storage tags and availability, and will always
> choose
> > first storage pool, even though you have 3 of them available for
> > particular
> > cluster.
> > In this sense, you can not really balance load across multiple
> Primary
> > Storages... (I have actually just tested this, having 2 pools
> with same
> > storage tag, and deploying a few volumes - all of them were
> created on
> > first storage available...)
> >
> > You could configure them with different storage tags, but not
> sure that
> > solves your problem - i.e. some Compute/Disk offerings will be
> > targeting
> > NetApp Cluster1, some NetApp 2, some NetApp3 - but this is
> impractical.
> >
> > Not sure if someone else can shred some light on this scenario ?
> (I
> > could
> > atm imagine a very specific game with editing storage tags on
> > storage_pool
> > via SQL (scheduled job), in order to "rotate" list of available
> storage
> > pools...)
> >
> > Cheers
> >
> > On Thu, 15 Nov 2018 at 23:01, Yiping Zhang 
> wrote:
> >
> > > Hi, all:
> > >
> > > At my site, our currently practice is to have only one primary
> > storage
> > > device for each CloudStack cluster, serving up to 500 disk
> volumes
> > with
> > > total of 10 – 20TB disk space.  Now, we are replacing old
> NetApp
> > clusters
> > > with new ones and moving to SSD disks,  so I need to recreate
> all my
> > > primary storage devices.
> > >
> > > I am thinking of configuring three primary storage volumes,
> each
> > served by
> > > a different NetApp cluster,  for each CloudStack cluster to
> divide
> > work
> > > load on the NetApp end, and to provide some storage redundancy
> in
> > > CloudStack.
> > >
> > > My question is when creating new VM instances,  how would I
> > distribute new
> > > disk volumes on to different primary storage devices evenly and
> > > automatically?
> > >
> > > I am wondering how are other users configure their (NFS)
> primary
> > storage
> > > devices?  What are your best practices in this area?
> > >
> > > Thanks
> > >
> > > Yiping
> > >
> >
> >
> > --
> >
> > Andrija Panić
> >
> >
> >
>
>
>

-- 

Andrija Panić

Re: primary storage best practices?

[Andrija Panic]

I'm *assuming* it should be GitHub, but since I'm not a developer, don't
rely on me... I believe there were plans to move away from Jira to GitHub...

But perhaps someone else can also jump in to confirm the Primary Storage
behavior described above...

On Fri, 16 Nov 2018 at 19:10, Yiping Zhang  wrote:

> It sounds like we have an enhancement/feature request here: to be able to
> specify primary storage device where the new image to be created on when
> calling deployVirtualMachine API.
>
> Where should I file this request, in Github or the original Apache's
> CloudStack Jira?
>
> Yiping
>
> On 11/15/18, 2:27 PM, "Andrija Panic"  wrote:
>
> I believe (if not mistaken) that CloudStack will match first available
> storage based on storage tags and availability, and will always choose
> first storage pool, even though you have 3 of them available for
> particular
> cluster.
> In this sense, you can not really balance load across multiple Primary
> Storages... (I have actually just tested this, having 2 pools with same
> storage tag, and deploying a few volumes - all of them were created on
> first storage available...)
>
> You could configure them with different storage tags, but not sure that
> solves your problem - i.e. some Compute/Disk offerings will be
> targeting
> NetApp Cluster1, some NetApp 2, some NetApp3 - but this is impractical.
>
> Not sure if someone else can shred some light on this scenario ? (I
> could
> atm imagine a very specific game with editing storage tags on
> storage_pool
> via SQL (scheduled job), in order to "rotate" list of available storage
> pools...)
>
> Cheers
>
> On Thu, 15 Nov 2018 at 23:01, Yiping Zhang  wrote:
>
> > Hi, all:
> >
> > At my site, our currently practice is to have only one primary
> storage
> > device for each CloudStack cluster, serving up to 500 disk volumes
> with
> > total of 10 – 20TB disk space.  Now, we are replacing old NetApp
> clusters
> > with new ones and moving to SSD disks,  so I need to recreate all my
> > primary storage devices.
> >
> > I am thinking of configuring three primary storage volumes, each
> served by
> > a different NetApp cluster,  for each CloudStack cluster to divide
> work
> > load on the NetApp end, and to provide some storage redundancy in
> > CloudStack.
> >
> > My question is when creating new VM instances,  how would I
> distribute new
> > disk volumes on to different primary storage devices evenly and
> > automatically?
> >
> > I am wondering how are other users configure their (NFS) primary
> storage
> > devices?  What are your best practices in this area?
> >
> > Thanks
> >
> > Yiping
> >
>
>
> --
>
> Andrija Panić
>
>
>

-- 

Andrija Panić

Re: Guest DHCP issue

[Andrija Panic]

Yes, check the firewall thing - it can cause many different issues if not
correctly configured... I have recently had some fun because of iptables...

On Fri, 16 Nov 2018 at 11:04, Adam Witwicki  wrote:

> Sorted with sudo ufw default allow FORWARD
>
> Thanks guys :)
>
> -Original Message-
> From: Adam Witwicki 
> Sent: 16 November 2018 09:35
> To: users@cloudstack.apache.org
> Subject: Guest DHCP issue
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> Hello
>
> I have recently added 2 new hosts to our cluster, but ran into an issue
> where guests do not receive a DHCP lease from the virtual router.
> If I set the interface as static I can ping the router and all networking
> is fine. I'm sure must have missed a configuration step.
>
> Any ideas?
>
>
> CS version 4.11.0.0
> libvirtd (libvirt) 1.3.1
> Ubuntu 16.04
> bridge-utils, 1.5
>
> Thanks
>
> Adam
>
> Disclaimer Notice:
> This email has been sent by Oakford Technology Limited, while we have
> checked this e-mail and any attachments for viruses, we can not guarantee
> that they are virus-free. You must therefore take full responsibility for
> virus checking.
> This message and any attachments are confidential and should only be read
> by those to whom they are addressed. If you are not the intended recipient,
> please contact us, delete the message from your computer and destroy any
> copies. Any distribution or copying without our prior permission is
> prohibited.
> Internet communications are not always secure and therefore Oakford
> Technology Limited does not accept legal responsibility for this message.
> The recipient is responsible for verifying its authenticity before acting
> on the contents. Any views or opinions presented are solely those of the
> author and do not necessarily represent those of Oakford Technology Limited.
> Registered address: Oakford Technology Limited, 10 Prince Maurice Court,
> Devizes, Wiltshire. SN10 2RT.
> Registered in England and Wales No. 5971519
>
> Disclaimer Notice:
> This email has been sent by Oakford Technology Limited, while we have
> checked this e-mail and any attachments for viruses, we can not guarantee
> that they are virus-free. You must therefore take full responsibility for
> virus checking.
> This message and any attachments are confidential and should only be read
> by those to whom they are addressed. If you are not the intended recipient,
> please contact us, delete the message from your computer and destroy any
> copies. Any distribution or copying without our prior permission is
> prohibited.
> Internet communications are not always secure and therefore Oakford
> Technology Limited does not accept legal responsibility for this message.
> The recipient is responsible for verifying its authenticity before acting
> on the contents. Any views or opinions presented are solely those of the
> author and do not necessarily represent those of Oakford Technology Limited.
> Registered address: Oakford Technology Limited, 10 Prince Maurice Court,
> Devizes, Wiltshire. SN10 2RT.
> Registered in England and Wales No. 5971519
>
>

-- 

Andrija Panić

Re: primary storage best practices?

[Andrija Panic]

I believe (if not mistaken) that CloudStack will match first available
storage based on storage tags and availability, and will always choose
first storage pool, even though you have 3 of them available for particular
cluster.
In this sense, you can not really balance load across multiple Primary
Storages... (I have actually just tested this, having 2 pools with same
storage tag, and deploying a few volumes - all of them were created on
first storage available...)

You could configure them with different storage tags, but not sure that
solves your problem - i.e. some Compute/Disk offerings will be targeting
NetApp Cluster1, some NetApp 2, some NetApp3 - but this is impractical.

Not sure if someone else can shred some light on this scenario ? (I could
atm imagine a very specific game with editing storage tags on storage_pool
via SQL (scheduled job), in order to "rotate" list of available storage
pools...)

Cheers

On Thu, 15 Nov 2018 at 23:01, Yiping Zhang  wrote:

> Hi, all:
>
> At my site, our currently practice is to have only one primary storage
> device for each CloudStack cluster, serving up to 500 disk volumes with
> total of 10 – 20TB disk space.  Now, we are replacing old NetApp clusters
> with new ones and moving to SSD disks,  so I need to recreate all my
> primary storage devices.
>
> I am thinking of configuring three primary storage volumes, each served by
> a different NetApp cluster,  for each CloudStack cluster to divide work
> load on the NetApp end, and to provide some storage redundancy in
> CloudStack.
>
> My question is when creating new VM instances,  how would I distribute new
> disk volumes on to different primary storage devices evenly and
> automatically?
>
> I am wondering how are other users configure their (NFS) primary storage
> devices?  What are your best practices in this area?
>
> Thanks
>
> Yiping
>


-- 

Andrija Panić

Re: Information on VXLAN implementations (and other guest isolation methods)

[Andrija Panic]

Im aware of his blog :) good stuff really...

On Wed, 14 Nov 2018 at 20:54, Ivan Kudryavtsev 
wrote:

> Vincent Bernat wrote a good article about that. Highly recommend. Would be
> great if CloudStack will support that:
> https://vincent.bernat.ch/en/blog/2017-vxlan-bgp-evpn
>
> ср, 14 нояб. 2018 г. в 14:37, Andrija Panic :
>
> > I have just single pod/subnet in a Zone so it's regular stuff,
> multicast...
> >
> > I'm also curious how this would span to multiple subnets in production -
> I
> > did have a chat with my networking colleague back in the days...
> >
> > Cheers
> >
> > On Wed, 14 Nov 2018 at 19:45, Ivan Kudryavtsev  >
> > wrote:
> >
> > > Andrija, cool stuff.
> > >
> > > Do you run it with multicast or BGP EVPN? Looks like multicast is not
> the
> > > best approach for large-scale deployments.
> > >
> > > ср, 14 нояб. 2018 г. в 13:38, Andrija Panic :
> > >
> > > > Simon just explained it well - and a few additions from my side, in
> > case
> > > it
> > > > helps
> > > >
> > > > Read details in this page, in order to avoid some hard issues during
> > > later
> > > > production (beside MTU, check the max_igmp_membership etc...)
> > > > http://docs.cloudstack.apache.org/en/4.11.1.0/plugins/vxlan.html
> > > >
> > > > Here is example from one of my dev setups, if that helps - but it
> boils
> > > > down to what Simon shared.
> > > >
> > > > bond0.150 is the vlan 150 that is dedicated to carry all VXLAN
> > "tunnels"
> > > > (it HAS to have the IP, it serves as VTEP basically) - you would
> > probably
> > > > want to define this as separate PHYSICAL NETWORK during zone
> > provisioning
> > > > (because other networks i.e. management, storage, public doesn't
> > support
> > > > vxlan as isolation method) - so you define "bond.150" as the KVM
> > traffic
> > > > label for Guest Network
> > > >
> > > > (FYI: you could also create bridge cloudXYZ that has bond0.150 as
> > member
> > > > and use this as KMV traffic label, but cloudstack will just extract
> > child
> > > > interface, bond0.150 and create later the structure on its own -
> while
> > > > cloudXYZ bridge is NOT used anywhere else)
> > > >
> > > >
> > > > So my setup, bond0.150. Cloudstack needs to create i.e. vxlan
> structure
> > > > with vxlan id , so it will take bond0.150 and create VXLAN
> > interface
> > > on
> > > > top of it (ip -d link show vxlan, to see it's properties )
> > > >
> > > > After cloudstack has created a vxlan interface (on top of you vlan
> > > > interface), it will then create a bridge (brvx-) and finally join
> > > vm's
> > > > NIC to this bridge so both vxlan interface and VMs vNIC will be part
> of
> > > > bridge.
> > > >
> > > > That's it - works well as Simon said, last 4 years in production with
> > > > vxlan.
> > > >
> > > > Here is any UGLY but informative drawing from my side :)
> > > >
> > > >
> > >
> >
> https://docs.google.com/drawings/d/1oPWU5p_wUd9UPhXGZg7j4acu5XYPbkLWzmihi6Qbwl8/edit?usp=sharing
> > > >
> > > > So you can see tunnels etc. On the picture are also some other
> networks
> > > > like public network on vlan 160 etc...
> > > > (images on Simon's link are excellent, just old bridge names)
> > > >
> > > >
> > > > In case you use VXLAN for Guest networks (VPC networks, isolated,
> etc)
> > -
> > > > make sure to understand that Private Gateway network only supports
> > VLAN,
> > > > not VXLAN, it's usefull to know, since I later had to add new
> physical
> > > > networks to support Private Gateway (didn't plan originally for it).
> > > >
> > > >
> > > > CHeers
> > > >
> > > > On Wed, 14 Nov 2018 at 18:29, Simon Weller 
> > > > wrote:
> > > >
> > > > > Hi Alexandre,
> > > > >
> > > > >
> > > > > VXLAN on KVM works very well and we've had it in production for a
> > > number
> > > > > of years now.
> > > > >
> > > > >
> > > > > Please see this document on how it is implemented:
> > > >

Re: Information on VXLAN implementations (and other guest isolation methods)

[Andrija Panic]

I have just single pod/subnet in a Zone so it's regular stuff, multicast...

I'm also curious how this would span to multiple subnets in production - I
did have a chat with my networking colleague back in the days...

Cheers

On Wed, 14 Nov 2018 at 19:45, Ivan Kudryavtsev 
wrote:

> Andrija, cool stuff.
>
> Do you run it with multicast or BGP EVPN? Looks like multicast is not the
> best approach for large-scale deployments.
>
> ср, 14 нояб. 2018 г. в 13:38, Andrija Panic :
>
> > Simon just explained it well - and a few additions from my side, in case
> it
> > helps
> >
> > Read details in this page, in order to avoid some hard issues during
> later
> > production (beside MTU, check the max_igmp_membership etc...)
> > http://docs.cloudstack.apache.org/en/4.11.1.0/plugins/vxlan.html
> >
> > Here is example from one of my dev setups, if that helps - but it boils
> > down to what Simon shared.
> >
> > bond0.150 is the vlan 150 that is dedicated to carry all VXLAN "tunnels"
> > (it HAS to have the IP, it serves as VTEP basically) - you would probably
> > want to define this as separate PHYSICAL NETWORK during zone provisioning
> > (because other networks i.e. management, storage, public doesn't support
> > vxlan as isolation method) - so you define "bond.150" as the KVM traffic
> > label for Guest Network
> >
> > (FYI: you could also create bridge cloudXYZ that has bond0.150 as member
> > and use this as KMV traffic label, but cloudstack will just extract child
> > interface, bond0.150 and create later the structure on its own - while
> > cloudXYZ bridge is NOT used anywhere else)
> >
> >
> > So my setup, bond0.150. Cloudstack needs to create i.e. vxlan structure
> > with vxlan id , so it will take bond0.150 and create VXLAN interface
> on
> > top of it (ip -d link show vxlan, to see it's properties )
> >
> > After cloudstack has created a vxlan interface (on top of you vlan
> > interface), it will then create a bridge (brvx-) and finally join
> vm's
> > NIC to this bridge so both vxlan interface and VMs vNIC will be part of
> > bridge.
> >
> > That's it - works well as Simon said, last 4 years in production with
> > vxlan.
> >
> > Here is any UGLY but informative drawing from my side :)
> >
> >
> https://docs.google.com/drawings/d/1oPWU5p_wUd9UPhXGZg7j4acu5XYPbkLWzmihi6Qbwl8/edit?usp=sharing
> >
> > So you can see tunnels etc. On the picture are also some other networks
> > like public network on vlan 160 etc...
> > (images on Simon's link are excellent, just old bridge names)
> >
> >
> > In case you use VXLAN for Guest networks (VPC networks, isolated, etc) -
> > make sure to understand that Private Gateway network only supports VLAN,
> > not VXLAN, it's usefull to know, since I later had to add new physical
> > networks to support Private Gateway (didn't plan originally for it).
> >
> >
> > CHeers
> >
> > On Wed, 14 Nov 2018 at 18:29, Simon Weller 
> > wrote:
> >
> > > Hi Alexandre,
> > >
> > >
> > > VXLAN on KVM works very well and we've had it in production for a
> number
> > > of years now.
> > >
> > >
> > > Please see this document on how it is implemented:
> > >
> >
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Linux+native+VXLAN+support+on+KVM+hypervisor
> > >
> > > Cloudstack does create all the VXLAN configuration for each new
> network,
> > > you  just need to have a working underlay that supports multicast (e.g.
> > an
> > > IP on the VXLAN interface and iptables rules rules that allow multicast
> > > traffic).
> > > We place our VXLANs into a VLAN and expose that VLAN via a KVM traffic
> > > label to the VXLAN guest network.
> > >
> > > - Si
> > >
> > >
> > >
> > > 
> > > From: Alexandre Bruyere 
> > > Sent: Wednesday, November 14, 2018 10:32 AM
> > > To: users@cloudstack.apache.org
> > > Subject: Information on VXLAN implementations (and other guest
> isolation
> > > methods)
> > >
> > > Hello.
> > >
> > > I'm currently investigating guest isolation methods for a project. The
> > idea
> > > was thrown about to use VXLANs, but it's rather fuzzy on how it
> actually
> > is
> > > implemented.
> > >
> > > Does Cloudstack automatically create and maintain VXLAN connections, or
> > > does it ride off an already-implemented VXLAN system configured under
> the
> > > hood?
> > >
> > > And what would be the use cases for VXLANs? Would it be appropriate to
> > use
> > > in a small-scale network for hybrid clusters? If not, what would the
> > > Cloudstack community recommend?
> > >
> > > Thanks for your time!
> > >
> >
> >
> > --
> >
> > Andrija Panić
> >
>
>
> --
> With best regards, Ivan Kudryavtsev
> Bitworks LLC
> Cell RU: +7-923-414-1515
> Cell USA: +1-201-257-1512
> WWW: http://bitworks.software/ <http://bw-sw.com/>
>


-- 

Andrija Panić

Re: Information on VXLAN implementations (and other guest isolation methods)

[Andrija Panic]

Simon just explained it well - and a few additions from my side, in case it
helps

Read details in this page, in order to avoid some hard issues during later
production (beside MTU, check the max_igmp_membership etc...)
http://docs.cloudstack.apache.org/en/4.11.1.0/plugins/vxlan.html

Here is example from one of my dev setups, if that helps - but it boils
down to what Simon shared.

bond0.150 is the vlan 150 that is dedicated to carry all VXLAN "tunnels"
(it HAS to have the IP, it serves as VTEP basically) - you would probably
want to define this as separate PHYSICAL NETWORK during zone provisioning
(because other networks i.e. management, storage, public doesn't support
vxlan as isolation method) - so you define "bond.150" as the KVM traffic
label for Guest Network

(FYI: you could also create bridge cloudXYZ that has bond0.150 as member
and use this as KMV traffic label, but cloudstack will just extract child
interface, bond0.150 and create later the structure on its own - while
cloudXYZ bridge is NOT used anywhere else)


So my setup, bond0.150. Cloudstack needs to create i.e. vxlan structure
with vxlan id , so it will take bond0.150 and create VXLAN interface on
top of it (ip -d link show vxlan, to see it's properties )

After cloudstack has created a vxlan interface (on top of you vlan
interface), it will then create a bridge (brvx-) and finally join vm's
NIC to this bridge so both vxlan interface and VMs vNIC will be part of
bridge.

That's it - works well as Simon said, last 4 years in production with vxlan.

Here is any UGLY but informative drawing from my side :)
https://docs.google.com/drawings/d/1oPWU5p_wUd9UPhXGZg7j4acu5XYPbkLWzmihi6Qbwl8/edit?usp=sharing

So you can see tunnels etc. On the picture are also some other networks
like public network on vlan 160 etc...
(images on Simon's link are excellent, just old bridge names)


In case you use VXLAN for Guest networks (VPC networks, isolated, etc) -
make sure to understand that Private Gateway network only supports VLAN,
not VXLAN, it's usefull to know, since I later had to add new physical
networks to support Private Gateway (didn't plan originally for it).


CHeers

On Wed, 14 Nov 2018 at 18:29, Simon Weller  wrote:

> Hi Alexandre,
>
>
> VXLAN on KVM works very well and we've had it in production for a number
> of years now.
>
>
> Please see this document on how it is implemented:
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Linux+native+VXLAN+support+on+KVM+hypervisor
>
> Cloudstack does create all the VXLAN configuration for each new network,
> you  just need to have a working underlay that supports multicast (e.g. an
> IP on the VXLAN interface and iptables rules rules that allow multicast
> traffic).
> We place our VXLANs into a VLAN and expose that VLAN via a KVM traffic
> label to the VXLAN guest network.
>
> - Si
>
>
>
> 
> From: Alexandre Bruyere 
> Sent: Wednesday, November 14, 2018 10:32 AM
> To: users@cloudstack.apache.org
> Subject: Information on VXLAN implementations (and other guest isolation
> methods)
>
> Hello.
>
> I'm currently investigating guest isolation methods for a project. The idea
> was thrown about to use VXLANs, but it's rather fuzzy on how it actually is
> implemented.
>
> Does Cloudstack automatically create and maintain VXLAN connections, or
> does it ride off an already-implemented VXLAN system configured under the
> hood?
>
> And what would be the use cases for VXLANs? Would it be appropriate to use
> in a small-scale network for hybrid clusters? If not, what would the
> Cloudstack community recommend?
>
> Thanks for your time!
>


-- 

Andrija Panić

Re: Migration plan

[Andrija Panic]

No.

On Sun, Nov 11, 2018, 12:36 kotipalli venkatesh <
venkateshcloudt...@gmail.com wrote:

> Hi
>
> Doubletake software license hug amount. Previously I have used  this one
> for one of the customer.
>
> Is any other softwares??
>
> Thanks,
> Venkatesh
>
>
> On Sun 11 Nov, 2018, 3:41 PM Andrija Panic 
> > Morning coffee makes wonders...
> >
> > www.doubletake.com
> >
> > Not sure if name changed lately or something (I have personally never
> used
> > it) but I know my colleagues used to replicate whole CloudStack VPC
> between
> > 2 DCs, via S2S VPN, with perhaps different IP addressing scheme in second
> > DR...
> >
> > Cheers
> >
> >
> > On Sun, Nov 11, 2018, 04:42 kotipalli venkatesh <
> > venkateshcloudt...@gmail.com wrote:
> >
> > > Hi
> > >
> > > Will you please suggest 3rd party sync tools.
> > >
> > > Thanks,
> > > Venkatesh
> > >
> > > On Sun 11 Nov, 2018, 3:34 AM Andrija Panic  > wrote:
> > >
> > > > ok, so this rules our any CloudStack way to migrate things... clear.
> > > >
> > > > If possible, you should probably look into XenMotion between 2
> > > > clusters/pools, in case there is good/fast IP connectivity here, that
> > > might
> > > > do the work, without downtime - at least for single VM.
> > > > In case you need to migrate whole environment at a time (dozens of
> VM)
> > > then
> > > > not sure if this is good strategy.
> > > >
> > > > Offline way, I assume you can just move images from one pool to
> another
> > > > (export / import) while VMs are stopped. This can be done with
> default
> > > > tools, or even some external migration tools (from other vendors)
> > > >
> > > > Other way is also from INSIDE the VMs - i.e. use block-level
> > replication
> > > > tools, if you have some kind of VM-to-VM IP connectivity (i.e. site 2
> > > site
> > > > connections between source and destination VMs) - these kind of
> > software
> > > > are made for DR purposes, and after initial sync of source to
> > destination
> > > > VMs - you can just execute the switch-over of complete environments
> > (I'm
> > > > trying to remember the specific tool that my colleagues used...but no
> > > luck
> > > > so far...)
> > > >
> > > > Anyway, make sure xs-tools are up to date (not sure about
> compatibility
> > > > between different versions xe-tools vs guest-tools, etc) - anyway,
> > first
> > > > prepare/update the source VM and then migrate to new cluster.
> > > >
> > > > Other ways you could pull it out is also to stop VM(s), and then
> > download
> > > > volumes from CloudStack (will generate download ULR) - then simply
> > > download
> > > > VM image (root or data disks) from this URL into new hosts/SR and use
> > it
> > > to
> > > > start a brand new VM with existing disks. Or create snapshots, and
> then
> > > > download this snapshots to destination hosts/pool, etc...
> > > >
> > > > There are many ways to do it, depending on the needed scenario and
> > > allowed
> > > > downtime.
> > > >
> > > > Perhaps look into xcp-ng project (fork of XenServer) without all
> these
> > > > limitations that Citrix imposed lately...
> > > >
> > > > Hope this helps
> > > > Andrija
> > > >
> > > > On Sat, 10 Nov 2018 at 22:28, kotipalli venkatesh <
> > > > venkateshcloudt...@gmail.com> wrote:
> > > >
> > > > > Hi Andrija,
> > > > >
> > > > > Saparate regions.
> > > > >
> > > > > Currently customer instances sitting on CloudStack. Now we are
> > > migrating
> > > > > instances to hypervisor i.e. xenserver 7.2.
> > > > >
> > > > > No more cloudstack. He having own hypervisors.
> > > > >
> > > > > Thanks,
> > > > > Venkatesh
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Sun 11 Nov, 2018, 2:39 AM Andrija Panic <
> andrija.pa...@gmail.com
> > > > wrote:
> > > > >
> > > > > > Hi Venkatesh,
> > > > > >
> > > > > > is this 2 separate regions / installations - i.e. not 2 zones
> > inside
> > > > same
> > > > > > Region ?
> > > > > >
> > > > > > On Sat, 10 Nov 2018 at 21:35, kotipalli venkatesh <
> > > > > > venkateshcloudt...@gmail.com> wrote:
> > > > > >
> > > > > > > Hi All,
> > > > > > >
> > > > > > > We are using cloudstack older version 4.3.1 and hypervisor is
> > > > xenserver
> > > > > > > 6.2.
> > > > > > >
> > > > > > > Now, we are migrating VMs one Data enter to another Datcenter.
> In
> > > > > > > destination Datcenter hypervisor is xenserver 7.1. all VMs are
> > > > windows
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > >
> > > > Andrija Panić
> > > >
> > >
> >
>

Re: Migration plan

[Andrija Panic]

Morning coffee makes wonders...

www.doubletake.com

Not sure if name changed lately or something (I have personally never used
it) but I know my colleagues used to replicate whole CloudStack VPC between
2 DCs, via S2S VPN, with perhaps different IP addressing scheme in second
DR...

Cheers


On Sun, Nov 11, 2018, 04:42 kotipalli venkatesh <
venkateshcloudt...@gmail.com wrote:

> Hi
>
> Will you please suggest 3rd party sync tools.
>
> Thanks,
> Venkatesh
>
> On Sun 11 Nov, 2018, 3:34 AM Andrija Panic 
> > ok, so this rules our any CloudStack way to migrate things... clear.
> >
> > If possible, you should probably look into XenMotion between 2
> > clusters/pools, in case there is good/fast IP connectivity here, that
> might
> > do the work, without downtime - at least for single VM.
> > In case you need to migrate whole environment at a time (dozens of VM)
> then
> > not sure if this is good strategy.
> >
> > Offline way, I assume you can just move images from one pool to another
> > (export / import) while VMs are stopped. This can be done with default
> > tools, or even some external migration tools (from other vendors)
> >
> > Other way is also from INSIDE the VMs - i.e. use block-level replication
> > tools, if you have some kind of VM-to-VM IP connectivity (i.e. site 2
> site
> > connections between source and destination VMs) - these kind of software
> > are made for DR purposes, and after initial sync of source to destination
> > VMs - you can just execute the switch-over of complete environments (I'm
> > trying to remember the specific tool that my colleagues used...but no
> luck
> > so far...)
> >
> > Anyway, make sure xs-tools are up to date (not sure about compatibility
> > between different versions xe-tools vs guest-tools, etc) - anyway, first
> > prepare/update the source VM and then migrate to new cluster.
> >
> > Other ways you could pull it out is also to stop VM(s), and then download
> > volumes from CloudStack (will generate download ULR) - then simply
> download
> > VM image (root or data disks) from this URL into new hosts/SR and use it
> to
> > start a brand new VM with existing disks. Or create snapshots, and then
> > download this snapshots to destination hosts/pool, etc...
> >
> > There are many ways to do it, depending on the needed scenario and
> allowed
> > downtime.
> >
> > Perhaps look into xcp-ng project (fork of XenServer) without all these
> > limitations that Citrix imposed lately...
> >
> > Hope this helps
> > Andrija
> >
> > On Sat, 10 Nov 2018 at 22:28, kotipalli venkatesh <
> > venkateshcloudt...@gmail.com> wrote:
> >
> > > Hi Andrija,
> > >
> > > Saparate regions.
> > >
> > > Currently customer instances sitting on CloudStack. Now we are
> migrating
> > > instances to hypervisor i.e. xenserver 7.2.
> > >
> > > No more cloudstack. He having own hypervisors.
> > >
> > > Thanks,
> > > Venkatesh
> > >
> > >
> > >
> > >
> > >
> > > On Sun 11 Nov, 2018, 2:39 AM Andrija Panic  > wrote:
> > >
> > > > Hi Venkatesh,
> > > >
> > > > is this 2 separate regions / installations - i.e. not 2 zones inside
> > same
> > > > Region ?
> > > >
> > > > On Sat, 10 Nov 2018 at 21:35, kotipalli venkatesh <
> > > > venkateshcloudt...@gmail.com> wrote:
> > > >
> > > > > Hi All,
> > > > >
> > > > > We are using cloudstack older version 4.3.1 and hypervisor is
> > xenserver
> > > > > 6.2.
> > > > >
> > > > > Now, we are migrating VMs one Data enter to another Datcenter. In
> > > > > destination Datcenter hypervisor is xenserver 7.1. all VMs are
> > windows
> > > > >
> > > >
> > >
> >
> >
> > --
> >
> > Andrija Panić
> >
>

Re: Unable to start any instance because no templates are available

[Andrija Panic]

Hi Alessandro,

may I ask which tutorial / or which doc did you follow (Quick install
guide, or full install gude...)
Basic Zone or Advanced, CLoudStack version, KVM hypervisor flavour
(ubuntu.centos, etc)
So a bit more details please.

Later there are more questions like:
- inside Infrastructure, when you click on HOSTs (there is 1 KVM host),
does it say that Agent is Connected (i..e State is UP and Resource State is
Connected) ? If so, this means we have Agents connected to Management
Server, as it should be
- For the sake of simplifying troubleshooting - make sure that you
completely disabled/deactivate any firewall on both physical hosts -
sometimes firewall can kick in and cause chaos... (you can fix it later)
- Can you confirm that your KVM node can actually access Secondary Storage,
the way you have defined it when creating Zone...

If zone is Advanced Zone, then you had to define "KVM TRAFFIC LABEL" - for
each Network Type (for Management network, for Guest Network, for Storage
network if separate, etc) on the Physical Network - this one is the most
common issues (omitted step) for beginners and causes issues...(we can
troubleshoot this one, after you have confirmed all above steps as fine).
How does your vlan/bridging setup looks like on KVM node ?

When all this is OK, KVM node will be able  to (automatically, no actions
needed from your side) start 2 system VMs (Secondary Storage VM and Console
Proxy VM).
Then SSVM will download that mentioend Centos 5.5 template - but if SSVM is
not running, it obviously can't download any template.
After they have been started fine (all green, State UP, etc, same as for
KVM nodes), then we need to use a script inside these VMs, to check
connectivity and health in general... and if all fine, you are done with
your basic and working setup of CloudStack

Builtin CentOS 5.5 is enough to spin a VM from, in order to verify that VM
works fine (root / password is the login) - but you can't do that yet,
because it hasn't been downloaded by SSVM to Secondary Storage.

Later you can add more templates - here are templates from one community
member: http://dl.openvm.eu/cloudstack/

Later you will want to configure and play with different Compute offerings,
Data disk offerings, VPC offerings (if you deployed Advanced zone), Network
offerings, System VM offerings (optional), etc...


Cheers
Andrija


On Sun, 11 Nov 2018 at 02:20, Alessandro Brega 
wrote:

> Hello everbody
>
> I'm new to cloudstack and just installed it. I installed the management +
> nfs one one host and added another host for the kvm guests. After many
> small issues during the setup, almost everything looks good so far now. But
> when I try to create a new instance using the UI I don't have any templates
> to choose from. However when I go to Templates I can see "CentOS
> 5.5(64-bit) no GUI (KVM)" and "SystemVM Template (KVM)".
>
> "CentOS 5.5(64-bit) no GUI (KVM)": This shows status "Active" for Zone1.
> "SystemVM Template (KVM)": shows status "Download Complete" for Zone1.
>
> I ran
> "/usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt
> -m /mnt/secondary -u
>
> http://download.cloudstack.org/systemvm/4.11/systemvmtemplate-4.11.1-kvm.qcow2.bz2
> -h
> 
> kvm -F" on the mangement host several times but it doesn't seem to
> change anything.
>
> At Infrastructure there's everywhere a 1, except for System VMs and Virtual
> Routers which both have a 0. Is this a problem? I don't see any buttons to
> add a System VM nor a Virtual Router.
>
> As I already spent several hours on how to get this working any help would
> be greatly appreciated. Btw, where can I download more templates for
> ubuntu, debian, newer centos etc.?
>
> Thank you guys!
>
> Alessandro
>


-- 

Andrija Panić

Re: Migration plan

[Andrija Panic]

ok, so this rules our any CloudStack way to migrate things... clear.

If possible, you should probably look into XenMotion between 2
clusters/pools, in case there is good/fast IP connectivity here, that might
do the work, without downtime - at least for single VM.
In case you need to migrate whole environment at a time (dozens of VM) then
not sure if this is good strategy.

Offline way, I assume you can just move images from one pool to another
(export / import) while VMs are stopped. This can be done with default
tools, or even some external migration tools (from other vendors)

Other way is also from INSIDE the VMs - i.e. use block-level replication
tools, if you have some kind of VM-to-VM IP connectivity (i.e. site 2 site
connections between source and destination VMs) - these kind of software
are made for DR purposes, and after initial sync of source to destination
VMs - you can just execute the switch-over of complete environments (I'm
trying to remember the specific tool that my colleagues used...but no luck
so far...)

Anyway, make sure xs-tools are up to date (not sure about compatibility
between different versions xe-tools vs guest-tools, etc) - anyway, first
prepare/update the source VM and then migrate to new cluster.

Other ways you could pull it out is also to stop VM(s), and then download
volumes from CloudStack (will generate download ULR) - then simply download
VM image (root or data disks) from this URL into new hosts/SR and use it to
start a brand new VM with existing disks. Or create snapshots, and then
download this snapshots to destination hosts/pool, etc...

There are many ways to do it, depending on the needed scenario and allowed
downtime.

Perhaps look into xcp-ng project (fork of XenServer) without all these
limitations that Citrix imposed lately...

Hope this helps
Andrija

On Sat, 10 Nov 2018 at 22:28, kotipalli venkatesh <
venkateshcloudt...@gmail.com> wrote:

> Hi Andrija,
>
> Saparate regions.
>
> Currently customer instances sitting on CloudStack. Now we are migrating
> instances to hypervisor i.e. xenserver 7.2.
>
> No more cloudstack. He having own hypervisors.
>
> Thanks,
> Venkatesh
>
>
>
>
>
> On Sun 11 Nov, 2018, 2:39 AM Andrija Panic 
> > Hi Venkatesh,
> >
> > is this 2 separate regions / installations - i.e. not 2 zones inside same
> > Region ?
> >
> > On Sat, 10 Nov 2018 at 21:35, kotipalli venkatesh <
> > venkateshcloudt...@gmail.com> wrote:
> >
> > > Hi All,
> > >
> > > We are using cloudstack older version 4.3.1 and hypervisor is xenserver
> > > 6.2.
> > >
> > > Now, we are migrating VMs one Data enter to another Datcenter. In
> > > destination Datcenter hypervisor is xenserver 7.1. all VMs are windows
> > >
> >
>


-- 

Andrija Panić

Re: Migration plan

[Andrija Panic]

Hi Venkatesh,

is this 2 separate regions / installations - i.e. not 2 zones inside same
Region ?

On Sat, 10 Nov 2018 at 21:35, kotipalli venkatesh <
venkateshcloudt...@gmail.com> wrote:

> Hi All,
>
> We are using cloudstack older version 4.3.1 and hypervisor is xenserver
> 6.2.
>
> Now, we are migrating VMs one Data enter to another Datcenter. In
> destination Datcenter hypervisor is xenserver 7.1. all VMs are windows
> machines which is running health care application.
>
> Did any one experienced same scenario ? how to migrate the VMs offline or
> online please share the suggestions guys.
>
> Thanks,
> Venkatesh
>


-- 

Andrija Panić

Re: VR corrupted when adding many guest network to VPC

[Andrija Panic]

Cool, happy to hear that!

On Sat, Nov 10, 2018, 20:21 Ivan X Yue  Hi, Andrija,
>
> Our problem is exactly the one that you found.  After we apply the patch,
> it works very well.
>
> Thanks a lot for the help.
>
> Thanks
> Ivan
>
>
>
> From:   Andrija Panic 
> To: users 
> Date:   2018/11/09 03:55 AM
> Subject:Re: VR corrupted when adding many guest network to VPC
>
>
>
> afaik, if ti's the same stuff - then it's here:
> https://issues.apache.org/jira/browse/CLOUDSTACK-
>
>
> cheers
>
> On Fri, 9 Nov 2018 at 06:00, Ivan X Yue  wrote:
>
> > We are using CloudStack 4.9.3.1.  We are using advance networking, and
> > create VPC network with multiple guest networks.  Each guest network has
> a
> > few VMs and a few public IPs.  Everything works well until we add the
> 9th
> > guest network to the VPC.  After creating it and adding a VM there, the
> > Virtual Router is corrupted.  All the public IPs that works before stop
> > working.
> >
> > When we check out the virtual router, it seems that when it setup the
> 9th
> > network, it creates eth10.  However, instead of adding the inet info to
> > eth10, it is added to eth1 instead.  We observe the same issue in
> > /etc/dnsmasq.d/cloud.conf.  The DNS info is added to eth1 instead of
> > eth10.  As the result, the cloud.conf file is corrupted and dnsmasq
> fails
> > to start.
> >
> > Is it a known issue?  Is there any patch or work around?
> >
> >
> > root@r-514-VM:/etc/dnsmasq.d# ip addr
> > 1: lo:  mtu 16436 qdisc noqueue state UNKNOWN
> > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> > inet 127.0.0.1/8 scope host lo
> > 2: eth0:  mtu 1500 qdisc pfifo_fast
> state
> > UP qlen 1000
> > link/ether 0e:00:a9:fe:01:72 brd ff:ff:ff:ff:ff:ff
> > inet 169.254.1.114/16 brd 169.254.255.255 scope global eth0
> > 3: eth1:  mtu 1500 qdisc pfifo_fast
> state
> > UP qlen 1000
> > link/ether 06:76:18:00:00:0a brd ff:ff:ff:ff:ff:ff
> > inet 10.125.18.81/26 brd 10.125.18.127 scope global eth1
> > inet 172.16.8.1/24 brd 172.16.8.255 scope global eth1
> > inet 10.125.18.82/26 brd 10.125.18.127 scope global secondary eth1
> > inet 10.125.18.92/26 brd 10.125.18.127 scope global secondary eth1
> > inet 10.125.18.99/26 brd 10.125.18.127 scope global secondary eth1
> > inet 10.125.18.91/26 brd 10.125.18.127 scope global secondary eth1
> > inet 10.125.18.101/26 brd 10.125.18.127 scope global secondary eth1
> > inet 10.125.18.102/26 brd 10.125.18.127 scope global secondary eth1
> > inet 10.125.18.115/26 brd 10.125.18.127 scope global secondary eth1
> > inet 10.125.18.98/26 brd 10.125.18.127 scope global secondary eth1
> > 4: eth2:  mtu 1500 qdisc pfifo_fast
> state
> > UP qlen 1000
> > link/ether 02:00:67:af:00:02 brd ff:ff:ff:ff:ff:ff
> > inet 172.16.0.1/24 brd 172.16.0.255 scope global eth2
> > 5: eth3:  mtu 1500 qdisc pfifo_fast
> state
> > UP qlen 1000
> > link/ether 02:00:5e:46:00:02 brd ff:ff:ff:ff:ff:ff
> > inet 172.16.1.1/24 brd 172.16.1.255 scope global eth3
> > 6: eth4:  mtu 1500 qdisc pfifo_fast
> state
> > UP qlen 1000
> > link/ether 02:00:27:b8:00:02 brd ff:ff:ff:ff:ff:ff
> > inet 172.16.2.1/24 brd 172.16.2.255 scope global eth4
> > 7: eth5:  mtu 1500 qdisc pfifo_fast
> state
> > UP qlen 1000
> > link/ether 02:00:27:4b:00:02 brd ff:ff:ff:ff:ff:ff
> > inet 172.16.3.1/24 brd 172.16.3.255 scope global eth5
> > 8: eth6:  mtu 1500 qdisc pfifo_fast
> state
> > UP qlen 1000
> > link/ether 02:00:79:f7:00:02 brd ff:ff:ff:ff:ff:ff
> > inet 172.16.4.1/24 brd 172.16.4.255 scope global eth6
> > 9: eth7:  mtu 1500 qdisc pfifo_fast
> state
> > UP qlen 1000
> > link/ether 02:00:67:91:00:02 brd ff:ff:ff:ff:ff:ff
> > inet 172.16.5.1/24 brd 172.16.5.255 scope global eth7
> > 10: eth8:  mtu 1500 qdisc pfifo_fast
> > state UP qlen 1000
> > link/ether 02:00:4b:40:00:02 brd ff:ff:ff:ff:ff:ff
> > inet 172.16.6.1/24 brd 172.16.6.255 scope global eth8
> > 11: eth9:  mtu 1500 qdisc pfifo_fast
> > state UP qlen 1000
> > link/ether 02:00:44:40:00:02 brd ff:ff:ff:ff:ff:ff
> > inet 172.16.7.1/24 brd 172.16.7.255 scope global eth9
> > 12: eth10:  mtu 1500 qdisc noop state DOWN qlen
> 1000
> > link/ether 02:00:1d:61:00:02 brd ff:ff:ff:ff:ff:ff
> >
> >
> > Please let me know if there is any suggestion.  Thx for any help in
> > advance.
> >
> > Thanks,
> > Ivan
> >
> >
> >
>
> --
>
> Andrija Panić
>
>
>
>
>

Re: urgent: Unable to apply firewall rules on router

[Andrija Panic]

IF VR is part of VPC, then just restart VPC wtih "Clean Up" options - never
restart VR (unless you really prefer to for some reason).
If you are using Isolated Network setup (single VR and single network
behind VR), then restart the Network, with "Clean UP" options.
In both cases, a BRAND NEW router will be created (after previous one was
destroyed)

Interestingly, this is also good to know, when i.e. using custom VR
systemVM template - i.e. there is bug (i.e. dnsmasq issue in past), you
upload new systemVM template, define it as the default routing template in
Global Settings... then you really need to restart VPC/Network with Clean
UP in order to create BRAND NEW VR from whatever is the NEW template.
Stopping and restarting/rebooting VR (which does recreate OS disk from
scratch) - does it from the same linked template(there are some
workarrounds for this also...)


Hope that help
Andrija

On Sat, 10 Nov 2018 at 10:12, Ugo Vasi  wrote:

> Hi Rafael,
> in the file pippo.log I see messages similar to the following but also
> appear in other virtual routers that work regularly:
>
> 2018-09-29 17:26:32,554  CsHelper.py execute:193 Command 'iptables -t
> mangle -D PREROUTING -s xx.xx.xx.xx/32 -m state --state NEW -j CONNMARK'
> returned non-zero exit status 2
> 2018-09-29 17:26:32,554  CsNetfilter.py get_unseen:131 Delete rule -D
> PREROUTING -s xx.xx.xx.xx/32 -m state --state NEW -j CONNMARK from table
> mangle
>
> I tried to restart the router but the behavior was not changed.
> Regenerating it instead seems to work well, the rules are added in a few
> seconds.
>
> I noticed that by destroying a router with the appropriate button, the
> manager does not automatically recreate it. I have to stop and restart a
> machine that depends on that router to get it re-created.
> Is there another procedure to automate the destruction and recreation of
> the routers?
>
>
> Thanks
>
>
>
> Il 09/11/18 12:29, Rafael Weingärtner ha scritto:
> > Did you check the logs in the affected router?
> >
> > On Fri, Nov 9, 2018 at 9:28 AM Ugo Vasi 
> wrote:
> >
> >> Hi Glenn,
> >> I tried to restart the manager but nothing changed. Note that this
> >> behavior only occurs on this router, the others work regularly.
> >> As soon as possible restart the router and see what happens.
> >>
> >> Thanks
> >>
> >> Il 08/11/18 19:36, Glenn Wagner ha scritto:
> >>> Hi Ugo,
> >>>
> >>> Have you tried to just restart the management service to clear any
> >> running tasks?
> >>> And then try add the rules again.
> >>>
> >>> Regards
> >>> Glenn Wagner
> >>>
> >>>
> >>> glenn.wag...@shapeblue.com
> >>> www.shapeblue.com
> >>> Winter Suite, 1st Floor, The Avenues, Drama Street, Somerset West, Cape
> >> Town  7129South Africa
> >>> @shapeblue
> >>>
> >>>
> >>>
> >>>
> >>> -Original Message-
> >>> From: Ugo Vasi 
> >>> Sent: Thursday, 08 November 2018 5:33 PM
> >>> To: users@cloudstack.apache.org; Andrija Panic <
> andrija.pa...@gmail.com>
> >>> Subject: Re: urgent: Unable to apply firewall rules on router
> >>>
> >>> Hi Andrija,
> >>> from the checks you have suggested I do not show up long running jobs.
> >>>
> >>> There are no error messages in the agent logs. By migrating the router,
> >> the behavior has not changed.
> >>> Doing further tests I found that the added rules become effective
> >> immediately but the interface takes about 25 minutes to show it as
> active.
> >> A couple of times gave error:
> >>> 2018-11-08 16:22:28,588 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
> >> (API-Job-Executor-17:ctx-36b7f3eb job-942) (logid:a107efdf) Complete
> async
> >> job-942, jobStatus: FAILED, resultCode: 530, result:
> >>
> org.apache.cloudstack.api.response.ExceptionResponse/null/{"uuidList":[],"errorcode":530,"errortext":"Failed
> >>> to create firewall rule"}
> >>>
> >>> When I delete a rule, it remains active until the status is updated and
> >> then disappears (about 20 minutes after).
> >>> Il 07/11/18 18:38, Andrija Panic ha scritto:
> >>>> Hi Ugo,
> >>>>
> >>>> I have seen similar issues with i.e. starting a VM when there are
> >>>> other long running jobs - check if there are any ongoing long jobs
> >>>> already, that might be blocking th

Re: VR corrupted when adding many guest network to VPC

[Andrija Panic]

afaik, if ti's the same stuff - then it's here:
https://issues.apache.org/jira/browse/CLOUDSTACK-

cheers

On Fri, 9 Nov 2018 at 06:00, Ivan X Yue  wrote:

> We are using CloudStack 4.9.3.1.  We are using advance networking, and
> create VPC network with multiple guest networks.  Each guest network has a
> few VMs and a few public IPs.  Everything works well until we add the 9th
> guest network to the VPC.  After creating it and adding a VM there, the
> Virtual Router is corrupted.  All the public IPs that works before stop
> working.
>
> When we check out the virtual router, it seems that when it setup the 9th
> network, it creates eth10.  However, instead of adding the inet info to
> eth10, it is added to eth1 instead.  We observe the same issue in
> /etc/dnsmasq.d/cloud.conf.  The DNS info is added to eth1 instead of
> eth10.  As the result, the cloud.conf file is corrupted and dnsmasq fails
> to start.
>
> Is it a known issue?  Is there any patch or work around?
>
>
> root@r-514-VM:/etc/dnsmasq.d# ip addr
> 1: lo:  mtu 16436 qdisc noqueue state UNKNOWN
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> 2: eth0:  mtu 1500 qdisc pfifo_fast state
> UP qlen 1000
> link/ether 0e:00:a9:fe:01:72 brd ff:ff:ff:ff:ff:ff
> inet 169.254.1.114/16 brd 169.254.255.255 scope global eth0
> 3: eth1:  mtu 1500 qdisc pfifo_fast state
> UP qlen 1000
> link/ether 06:76:18:00:00:0a brd ff:ff:ff:ff:ff:ff
> inet 10.125.18.81/26 brd 10.125.18.127 scope global eth1
> inet 172.16.8.1/24 brd 172.16.8.255 scope global eth1
> inet 10.125.18.82/26 brd 10.125.18.127 scope global secondary eth1
> inet 10.125.18.92/26 brd 10.125.18.127 scope global secondary eth1
> inet 10.125.18.99/26 brd 10.125.18.127 scope global secondary eth1
> inet 10.125.18.91/26 brd 10.125.18.127 scope global secondary eth1
> inet 10.125.18.101/26 brd 10.125.18.127 scope global secondary eth1
> inet 10.125.18.102/26 brd 10.125.18.127 scope global secondary eth1
> inet 10.125.18.115/26 brd 10.125.18.127 scope global secondary eth1
> inet 10.125.18.98/26 brd 10.125.18.127 scope global secondary eth1
> 4: eth2:  mtu 1500 qdisc pfifo_fast state
> UP qlen 1000
> link/ether 02:00:67:af:00:02 brd ff:ff:ff:ff:ff:ff
> inet 172.16.0.1/24 brd 172.16.0.255 scope global eth2
> 5: eth3:  mtu 1500 qdisc pfifo_fast state
> UP qlen 1000
> link/ether 02:00:5e:46:00:02 brd ff:ff:ff:ff:ff:ff
> inet 172.16.1.1/24 brd 172.16.1.255 scope global eth3
> 6: eth4:  mtu 1500 qdisc pfifo_fast state
> UP qlen 1000
> link/ether 02:00:27:b8:00:02 brd ff:ff:ff:ff:ff:ff
> inet 172.16.2.1/24 brd 172.16.2.255 scope global eth4
> 7: eth5:  mtu 1500 qdisc pfifo_fast state
> UP qlen 1000
> link/ether 02:00:27:4b:00:02 brd ff:ff:ff:ff:ff:ff
> inet 172.16.3.1/24 brd 172.16.3.255 scope global eth5
> 8: eth6:  mtu 1500 qdisc pfifo_fast state
> UP qlen 1000
> link/ether 02:00:79:f7:00:02 brd ff:ff:ff:ff:ff:ff
> inet 172.16.4.1/24 brd 172.16.4.255 scope global eth6
> 9: eth7:  mtu 1500 qdisc pfifo_fast state
> UP qlen 1000
> link/ether 02:00:67:91:00:02 brd ff:ff:ff:ff:ff:ff
> inet 172.16.5.1/24 brd 172.16.5.255 scope global eth7
> 10: eth8:  mtu 1500 qdisc pfifo_fast
> state UP qlen 1000
> link/ether 02:00:4b:40:00:02 brd ff:ff:ff:ff:ff:ff
> inet 172.16.6.1/24 brd 172.16.6.255 scope global eth8
> 11: eth9:  mtu 1500 qdisc pfifo_fast
> state UP qlen 1000
> link/ether 02:00:44:40:00:02 brd ff:ff:ff:ff:ff:ff
> inet 172.16.7.1/24 brd 172.16.7.255 scope global eth9
> 12: eth10:  mtu 1500 qdisc noop state DOWN qlen 1000
> link/ether 02:00:1d:61:00:02 brd ff:ff:ff:ff:ff:ff
>
>
> Please let me know if there is any suggestion.  Thx for any help in
> advance.
>
> Thanks,
> Ivan
>
>
>

-- 

Andrija Panić

Re: urgent: Unable to apply firewall rules on router

[Andrija Panic]

Hi Ugo,

I have seen similar issues with i.e. starting a VM when there are other
long running jobs - check if there are any ongoing long jobs already, that
might be blocking the executioon of this job - i.e. long running snapshots,
or other thing.
I would also examine agent.log on the host where this VR is located - there
might be some traces there...

Try this SQL to list aysnc jobs:

select aj.id,
case when aj.job_status=1 then 'completed' when aj.job_status=2
then 'progress' when aj.job_status=3 then 'error' end as status,
aj.created, aj.last_updated, aj.related, account.account_name,
user.username, host.name as host, vm.name as instance, vmj.step, aj.job_cmd
  from async_job aj
  inner join vm_work_job vmj on aj.id = vmj.id
  left join vm_instance vm on vmj.vm_instance_id=vm.id
  left join user on aj.user_id=user.id
  left join account on aj.account_id=account.id
  left join host on vm.host_id=host.id

Alternatively, try to live-migrate VR to another host, and try to add rule
again.

Cheers
Andrija


On Wed, 7 Nov 2018 at 17:59, Ugo Vasi  wrote:

> Hi all,
> I'm having a problem when I try to insert a firewall rule of an address
> connected to a new VM of a Guest Isolated Network.
>
> After a while the job is removed as FAILED. I try to repeat the
> operation but the problem remains. How can I unblock the situation?
>
> here it is the log of job-927:
>
> 2018-11-07 17:16:45,256 INFO  [o.a.c.f.j.i.AsyncJobMonitor]
> (API-Job-Executor-3:ctx-75ed3861 job-927) (logid:0787853c) Add job-927
> into job monitoring
> 2018-11-07 17:16:45,279 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
> (API-Job-Executor-3:ctx-75ed3861 job-927) (logid:0e6c51f7) Executing
> AsyncJobVO {id:927, userId: 2, accountId: 2, instanceType: FirewallRule,
> instanceId: 289, cmd:
> org.apache.cloudstack.api.command.user.firewall.CreateFirewallRuleCmd,
> cmdInfo:
> {"startport":"1","ipaddressid":"39e4cce4-6a6c-4f31-9f19-85a1bfc47705","httpmethod":"GET","ctxAccountId":"2","uuid":"8bccd152-ce2b-4917-9865-3563806cc457","cmdEventType":"FIREWALL.OPEN","cidrlist":"XX.XX.XX.XX/29","protocol":"tcp","response":"json","ctxUserId":"2","ctxStartEventId":"5163","id":"289","endport":"65535","ctxDetails":"{\"interface
>
> com.cloud.network.rules.FirewallRule\":\"8bccd152-ce2b-4917-9865-3563806cc457\",\"interface
>
> com.cloud.network.IpAddress\":\"39e4cce4-6a6c-4f31-9f19-85a1bfc47705\"}","_":"1541607404902"},
>
> cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0,
> result: null, initMsid: 220777304233416, completeMsid: null,
> lastUpdated: null, lastPolled: null, created: null}
> 2018-11-07 17:16:45,280 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
> (qtp1096283470-466:ctx-27e3330a ctx-7e984b1b) (logid:5ebca5bb) submit
> async job-927, details: AsyncJobVO {id:927, userId: 2, accountId: 2,
> instanceType: FirewallRule, instanceId: 289, cmd:
> org.apache.cloudstack.api.command.user.firewall.CreateFirewallRuleCmd,
> cmdInfo:
> {"startport":"1","ipaddressid":"39e4cce4-6a6c-4f31-9f19-85a1bfc47705","httpmethod":"GET","ctxAccountId":"2","uuid":"8bccd152-ce2b-4917-9865-3563806cc457","cmdEventType":"FIREWALL.OPEN","cidrlist":"XX.XX.XX.XX/29","protocol":"tcp","response":"json","ctxUserId":"2","ctxStartEventId":"5163","id":"289","endport":"65535","ctxDetails":"{\"interface
>
> com.cloud.network.rules.FirewallRule\":\"8bccd152-ce2b-4917-9865-3563806cc457\",\"interface
>
> com.cloud.network.IpAddress\":\"39e4cce4-6a6c-4f31-9f19-85a1bfc47705\"}","_":"1541607404902"},
>
> cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0,
> result: null, initMsid: 220777304233416, completeMsid: null,
> lastUpdated: null, lastPolled: null, created: null}
> 2018-11-07 17:16:45,330 DEBUG [o.a.c.n.t.BasicNetworkTopology]
> (API-Job-Executor-3:ctx-75ed3861 job-927 ctx-2af633c5) (logid:0e6c51f7)
> APPLYING FIREWALL RULES
> 2018-11-07 17:16:45,330 DEBUG [o.a.c.n.t.BasicNetworkTopology]
> (API-Job-Executor-3:ctx-75ed3861 job-927 ctx-2af633c5) (logid:0e6c51f7)
> Applying firewall rules in network Ntwk[206|Guest|8]
> 2018-11-07 17:16:45,345 DEBUG [c.c.a.t.Request]
> (API-Job-Executor-3:ctx-75ed3861 job-927 ctx-2af633c5) (logid:0e6c51f7)
> Seq 1-5860309015115866969: Sending  { Cmd , MgmtId: 220777304233416,
> via: 1(cshp121), Ver: v1, Flags: 11,
>
> [{"com.cloud.agent.api.routing.SetFirewallRulesCommand":{"rules":[{"id":289,"srcIp":"193.239.54.35","protocol":"tcp","srcPortRange":[1,65535],"revoked":false,"alreadyAdded":false,"sourceCidrList":["XX.XX.XX.XX/29"],"purpose":"Firewall","trafficType":"Ingress","defaultEgressPolicy":false}],"accessDetails":{"
> router.name":"r-12-VM","router.guest.ip":"10.11.12.1","router.ip":"169.254.1.114","zone.network.type":"Advanced","firewall.egress.default":"false"},"wait":0}}]
>
> }
> 2018-11-07 17:18:32,512 WARN  [o.a.c.f.j.i.AsyncJobMonitor]
> (Timer-1:ctx-1960b382) (logid:bcb6ab77) Task (job-927) has been pending
> for 107 seconds
> 2018-11-07 17:19:32,512 

Re: cloudstack reset VM password files

[Andrija Panic]

Good stuff (btw I have been using old password init and MSI installer for
win2016 and it works just fine for me).

Cloudinit also supports automatic resize of root partitions/filesystem on
boot (usefull when you deploy VM from small template but choose to make
root disk bigger during vm creation).

Cheers
Andrija

On Wed, Nov 7, 2018, 10:01  Hi,
>
> I can also highly recommend cloud-init. We use it for our templates as
> well. There is also a Windows analogue of it (
> https://cloudbase.it/cloudbase-init/) that I recently used to finally get
> password functionality to work properly on Windows Server 2016.
>
>
> Simon Völker
>
> Fraunhofer-Gesellschaft e.V.
> Schloss Birlinghoven
> 53754 Sankt Augustin
> Telefon: +49 2241 14-2311
> E-mail: simon.voel...@zv.fraunhofer.de simon.voel...@zv.fraunhofer.de>
>
>
>
> Am 07.11.2018 um 09:55 schrieb Yordan Kostov <
> yordan.kos...@worldsupport.info>:
>
> Thank you René,
>
> I will take it from here and test it. Some documentation will be on the
> way as well.
>
> Best regards,
> Jordan
>
> -Original Message-
> From: Rene Moser [mailto:m...@renemoser.net]
> Sent: Wednesday, November 7, 2018 10:46 AM
> To: users@cloudstack.apache.org
> Subject: Re: cloudstack reset VM password files
>
> Hi
>
> Nowadays the cloud-init [1] project supports cloudstack out of the box and
> we switched our templates to only use cloud-init.
>
> Unfortunately the docs regarding cloudstack is not that great (it is on my
> list to give back my finding). There are some great docs here
> https://wiki.archlinux.org/index.php/Cloud-init.
>
> Our config under config dir /etc/cloud/cloud.cfg.d/ has two files
>
> - 80_root.cfg
> - 99_cloudstack.cfg
>
> 80_root.cfg contents is...
>
> system_info:
>  default_user:
>name: root
> disable_root: 0
> ssh_pwauth: 1
>
> ...and 99_cloudstack.cfg looks like...
>
> datasource:
>  CloudStack: {}
>  None: {}
> datasource_list:
>  - CloudStack
>
> Note that cloud-init has a ton of great features beside the support of
> cloudstack.
>
> Hope that helps
>
> René
>
> [1] https://cloudinit.readthedocs.io/en/latest/
>
>
>

Re: VPC Acl problem for public LB (acs 4.11.1)

[Andrija Panic]

Hi,

so ACL doesn't really affect LB as far as I know and can tell - i.e. if you
do LB port 80, you can not really filter who can connect to it...everyone
can connect !

Why? - it's about implementation, which you can check below, in case you
have free time to read :)


Port Forwarding or Static Nat traffic (as defined in CloudStack) is
filtered via iptables inside Virtual Router because inside the iptables
main FORWARD chain, traffic is sorted/redirected to the appropriate
sub-chain
i.e. "ACL_INBOUND_eth2" and "ACL_OUTBOUND_eth2", where eth2 is the network
(nic) on which you applied certain ACL in CloudStack. A single CloudStack
ACL (all it's rules )  are being split in 2 different sub-chains, as in
explained above - all inbound rules are added to "acl_inbound_eth2", and
all outbound rules are added to "acl_outbound_eth2" - so this is how magic
happens in filtering in/out traffic to a network - any internal network of
VPC.

But, again, remember these are ACL rules (iptables sub-chains) inside the
main *FORWARD* chain - since VR is doing FORWARDING of traffic from
internet to internal network by effectively doing a DNAT on the incoming IP
packet from Internet...

Now... LB vs ACL.

LB=haproxy, works in different way - here the VR (haproxy) accepts
connections from internet  on local VR port (named "Public port", as
named/configured in ACS - check with "netstat -antup | grep PORT") - and
this is the main INPUT chain of iptables. Imagine doing LB for port 80 -
this means there will be a single ALLOW rule created directly inside this
main ACCEPT chain allowing remote connection to the (local) port 80 on the
VR (haproxy) - again check with netstat, you will see local port 80
listening on the public NIC of the VR !

Next step in LB proxying process: VR (haproxy) initiates a BRAND NEW TCP
connection from itself (from internal interface this time, say, from eth2)
to the internal destination VM, which means the main OUTPUT chain in
iptables is evaluated now (it's not forwarding traffic, it is a brand new
TCP connection) - but main OUTPUT chain allows all outbound connections
from the VR itself (I'm talking about main OUTPUT chain, which means all
connections from VR alone only!, are allowed - i.e. this doesn't
evaluate/allow traffic from/to internal networks).

In other words, ACLs are not applicable for LB rules :) You can check all
this by logging inside VR and examining iptables (i.e. do "iptables-save"
with different ACLs applied, then diff the 2 files which you saved).

Boring, but perhaps interesting...


Cheers
Andrija

On Mon, 5 Nov 2018 at 21:05, Matheus Fontes  wrote:

> Hi,
> Do acls work with public load balancers in vpc?
> If I use a port forward or static nat on public ips inside vpc they work
> perfect, but when I change a port from port forwarding to load balance the
> acls are not working.
> We are using Cloudstack 4.11.1
>
> Thanks
> Matheus Fontes



-- 

Andrija Panić

Re: Problem creating networks after 4.11 upgrade

[Andrija Panic]

Could you please try with 4.11.2 RC release? Did you send an email on DEV
list with link to GitHub?

On Sun, Nov 4, 2018, 22:29 Eric Lee Green  Yeah, had all sorts of problems with custom network offerings after
> upgrading to 4.11.1, along with problems with launching virtual machines
> (every attempt to launch resulted in a "not enough resources" error),
> couldn't get virtual routers to come up for custom networks, etc. I
> didn't have time in my service window to do any detailed examinations of
> why they were failing, I just downgraded back to 4.9.2 before my service
> window ended. When 4.11 is stable, maybe I'll try upgrading to it again.
> (OS: Centos 7. Old version: 4.9.2. New version: 4.11.1. Hardware: Three
> compute servers with dual hexacore processors and 96gb+ of memory w/KVM.
> End result after two hours of trying to make it work: Downgrade back to
> 4.9.2.)
>
> I was thinking about migrating most of my other computer servers into
> the Cloudstack cloud because it's easier for my users to take care of
> their own resources, but I was hoping to do it after migrating to 4.11.
> I guess not.
>
> On 11/4/18 13:14, Jean-Francois Nadeau wrote:
>
> > I all,
> >
> > I was wondering if anyone else had this problem after upgrading from 4.9.
> >   All our networks are using a custom network offering with no services
> > defined since the physical network provides DHCP and DNS.   Environment
> is
> > CentOS 7, KVM with the openvswitch driver.
> >
> > Now after the upgrade to 4.11,  creating a network using that same
> network
> > offering fails with an  "Unable to convert network offering with
> specified
> > id to network profile" error.
> >
> > The issue is documented here:
> > https://github.com/apache/cloudstack/issues/2989
> >
> > I hope someone can have a look at it.  This is the last issue that blocks
> > us from upgrading.
> >
> > best,
> >
> > Jean-Francois
> >
>
>

Re: [VOTE] Apache CloudStack 4.11.2.0 RC4

[Andrija Panic]

Assuming I may vote:

+1 from my side

Tested:
- building DEB packages for Ubuntu
- advanced and basic zone deployment (KVM, clean install 4.11.2)
- upgrade from 4.8.0.1 to 4.11.2
- a bunch of integration tests done from in-house suite of tests (system
and user tests) - all PASS, with exception that RAW templates are broken -
there is already a GitHub issue from 4.11:
https://github.com/apache/cloudstack/issues/2820
- online and offline storage migration from NFS/CEPH to SolidFire


Some issues I experienced (perhaps something local to me, but managed to
reproduce it many times):
Management/Agent on Ubuntu 14.04:
When upgrading existing 4.8 installation to 4.11.2, init.d scripts were not
created/overwritten nor I was asked if I want to replace or keep existing
versions (like it's done with i.e. agent.properties, db.properties, etc...)
so this seems like some packaging issue.
Clean install (or in my problematic case - a complete uninstall and
install) is working fine in regards to init.d scripts

Cheers
Andrija




On Fri, 2 Nov 2018 at 16:36, Wido den Hollander  wrote:

> +1 (binding)
>
> I've tested:
>
> - Building DEB packages for Ubuntu
> - Install DEB packages
> - Upgrade from 4.11.1 to 4.11.2
>
> Wido
>
> On 10/30/18 5:10 PM, Paul Angus wrote:
> > Hi All,
> >
> > By popular demand, I've created a 4.11.2.0 release (RC4), with the
> following artefacts up for testing and a vote:
> >
> > Git Branch and Commit SH:
> >
> https://gitbox.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs/heads/4.11.2.0-RC20181030T1040
> > Commit: 840ad40017612e169665fa799a6d31a23ecad347
> >
> > Source release (checksums and signatures are available at the same
> location):
> > https://dist.apache.org/repos/dist/dev/cloudstack/4.11.2.0/
> >
> > PGP release keys (signed using 8B309F7251EE0BC8):
> > https://dist.apache.org/repos/dist/release/cloudstack/KEYS
> >
> > The vote will be open until Sunday 4th November.
> >
> > For sanity in tallying the vote, can PMC members please be sure to
> indicate "(binding)" with their vote?
> >
> > [ ] +1 approve
> > [ ] +0 no opinion
> > [ ] -1 disapprove (and reason why)
> >
> > Additional information:
> >
> > For users' convenience, I've built packages from
> 840ad40017612e169665fa799a6d31a23ecad347 and published RC4 repository here:
> > http://packages.shapeblue.com/testing/41120rc4/
> >
> > The release notes are still work-in-progress, but the systemvm template
> upgrade section has been updated. You may refer the following for systemvm
> template upgrade testing:
> >
> http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/latest/index.html
> >
> > 4.11.2 systemvm templates are as before and available from here:
> > http://packages.shapeblue.com/testing/systemvm/4112rc3
> >
> >
> >
> >
> > Kind regards,
> >
> > Paul Angus
> >
> >
> > paul.an...@shapeblue.com
> > www.shapeblue.com
> > Amadeus House, Floral Street, London  WC2E 9DPUK
> > @shapeblue
> >
> >
> >
>


-- 

Andrija Panić

Re: Upload Data Volume

[Andrija Panic]

Ok, so SSVM can access remote web server properly, that is good - but
please note, any http redirections are not allowed nor httpS (ssl) when
downloading volume/template from remote locations via CloudStack, just
plain http and http response/status code 200...

Can you please also verify health of the SSVM with the script that exists
inside SSVM: /usr/local/cloud/system.../ssvm-check or similar named...there
should be no errors...

Best,
Andrija



On Fri, Nov 2, 2018, 11:46 Nicolas Bouige  Hi Andrija,
>
> I can download the .vhd directly on the SSVM.
> I tried with the link provided by CP and link from my webserver.
>
> Both works fine.
>
> From CP, to make it work,  we had to modifiy symbolic link and add
> permission on the .vhd.
> 49085a35-73bc-4e11-a40b-c7547c798787.vhd ->
> /mnt/SecStorage/null/volumes/4/29907/7f9a2e42-04e1-4733-be3e-a00b41cb2f08.vhd
> ln -sfn
> /mnt/SecStorage/1766927c-d83e-3423-aa68-87a5d0c71771/volumes/4/29907/7f9a2e42-04e1-4733-be3e-a00b41cb2f08.vhd
> 49085a35-73bc-4e11-a40b-c7547c798787.vhd
>
> Now, the DATA volume is staying in state "Uploaded" and we are not able to
> make any operations with it , like attach disk to a VM.
>
> Best regards,
> N.B
>
> -Message d'origine-
> De : Andrija Panic [mailto:andrija.pa...@gmail.com]
> Envoyé : mercredi 31 octobre 2018 18:45
> À : users 
> Objet : Re: Upload Data Volume
>
> Login inside SSVM in destination CloudStack and try to wget the volume as
> suggested in previous email. See if that works first.
>
> Best
> Andrija
>
> On Wed, Oct 31, 2018, 18:36 Nicolas Bouige  wrote:
>
> > Nope, i exported the .vhd manually from my Xen pool  and put it in a
> > webserver to be download by Cloudstack.
> > This step works fine. So that's not a problem if the download volume
> > feature from CloudPlatform didn' work.
> >
> > i'm in trouble with the second part, to import the .vhd hosted on my
> > webserver  to cloudstack.
> >
> >
> > -Message d'origine-
> > De : Rafael Weingärtner [mailto:rafaelweingart...@gmail.com]
> > Envoyé : mercredi 31 octobre 2018 18:26 À : users
> >  Objet : Re: Upload Data Volume
> >
> > Ah, so the cloud platform is not working properly. I mean, it is not
> > exporting the VHDs already. That is your problem, right?
> >
> > On Wed, Oct 31, 2018 at 2:24 PM Nicolas Bouige 
> wrote:
> >
> > > Hi Rafael,
> > >
> > > Did not try as i got an access denied via my web browser...that's
> > > why i exported the .vhd on my own webserver instead to use this
> feature.
> > >
> > > Best regards,
> > > N.B
> > >
> > > -Message d'origine-
> > > De : Rafael Weingärtner [mailto:rafaelweingart...@gmail.com]
> > > Envoyé : mercredi 31 octobre 2018 17:36 À : users
> > >  Objet : Re: Upload Data Volume
> > >
> > > Did you log in the SSVM of your ACS 4.11, and tried to wget the
> > > template/data disk using the URL provided by the Citrix/Accelerite
> > > cloud platform?
> > >
> > > On Wed, Oct 31, 2018 at 1:33 PM Nicolas Bouige 
> > wrote:
> > >
> > > > Hello All,
> > > >
> > > >
> > > >
> > > > I’m currently trying to migrate some VMs from Cloudplatform 4.7
> > > > (XEN) to Cloudstack 4.11.1 (XCP)
> > > >
> > > >
> > > >
> > > > Im stuck with the DATA Volume, there are exported on a web server
> > > > and accessible by the  management-server.
> > > >
> > > > Webserver is working  fine as i can upload ROOT disk from it.
> > > >
> > > >
> > > >
> > > > The only difference is for upload ROOT DISK as template SSVM is
> > > > involved with the public ip  and  DATA DISK, the management server
> > > > is used with private ip.
> > > > Both ip (private and public) are « pingable » from mgmt-server and
> > > > SSVM and i can download .vhd.
> > > >
> > > > Unfortunately, each time i try to upload DATA disk, i got this error
> :
> > > >
> > > >
> > > >
> > > > 2018-10-31 15:26:09,493 DEBUG [c.c.a.t.Request]
> > > > (AgentManager-Handler-15:null) (logid:) Seq 34-3493104460979266769:
> > > > Processing:  { Ans: , MgmtId: 2886211232, via: 34, Ver: v1, Flags:
> > > > 10,
> > > > [{"com.cloud.agent.api.storage.DownloadAnswer":{"jobId":"1866970c-
> > > > b1
> > > > 9f
> > > > -427a-b957-3738bbd50d0e",&

Re: Upload Data Volume

[Andrija Panic]

Login inside SSVM in destination CloudStack and try to wget the volume as
suggested in previous email. See if that works first.

Best
Andrija

On Wed, Oct 31, 2018, 18:36 Nicolas Bouige  wrote:

> Nope, i exported the .vhd manually from my Xen pool  and put it in a
> webserver to be download by Cloudstack.
> This step works fine. So that's not a problem if the download volume
> feature from CloudPlatform didn' work.
>
> i'm in trouble with the second part, to import the .vhd hosted on my
> webserver  to cloudstack.
>
>
> -Message d'origine-
> De : Rafael Weingärtner [mailto:rafaelweingart...@gmail.com]
> Envoyé : mercredi 31 octobre 2018 18:26
> À : users 
> Objet : Re: Upload Data Volume
>
> Ah, so the cloud platform is not working properly. I mean, it is not
> exporting the VHDs already. That is your problem, right?
>
> On Wed, Oct 31, 2018 at 2:24 PM Nicolas Bouige  wrote:
>
> > Hi Rafael,
> >
> > Did not try as i got an access denied via my web browser...that's why
> > i exported the .vhd on my own webserver instead to use this feature.
> >
> > Best regards,
> > N.B
> >
> > -Message d'origine-
> > De : Rafael Weingärtner [mailto:rafaelweingart...@gmail.com]
> > Envoyé : mercredi 31 octobre 2018 17:36 À : users
> >  Objet : Re: Upload Data Volume
> >
> > Did you log in the SSVM of your ACS 4.11, and tried to wget the
> > template/data disk using the URL provided by the Citrix/Accelerite
> > cloud platform?
> >
> > On Wed, Oct 31, 2018 at 1:33 PM Nicolas Bouige 
> wrote:
> >
> > > Hello All,
> > >
> > >
> > >
> > > I’m currently trying to migrate some VMs from Cloudplatform 4.7
> > > (XEN) to Cloudstack 4.11.1 (XCP)
> > >
> > >
> > >
> > > Im stuck with the DATA Volume, there are exported on a web server
> > > and accessible by the  management-server.
> > >
> > > Webserver is working  fine as i can upload ROOT disk from it.
> > >
> > >
> > >
> > > The only difference is for upload ROOT DISK as template SSVM is
> > > involved with the public ip  and  DATA DISK, the management server
> > > is used with private ip.
> > > Both ip (private and public) are « pingable » from mgmt-server and
> > > SSVM and i can download .vhd.
> > >
> > > Unfortunately, each time i try to upload DATA disk, i got this error :
> > >
> > >
> > >
> > > 2018-10-31 15:26:09,493 DEBUG [c.c.a.t.Request]
> > > (AgentManager-Handler-15:null) (logid:) Seq 34-3493104460979266769:
> > > Processing:  { Ans: , MgmtId: 2886211232, via: 34, Ver: v1, Flags:
> > > 10,
> > > [{"com.cloud.agent.api.storage.DownloadAnswer":{"jobId":"1866970c-b1
> > > 9f
> > > -427a-b957-3738bbd50d0e","downloadPct":0,"errorString":"Connection
> > > refused (Connection
> > > refused)","downloadStatus":"DOWNLOAD_ERROR","downloadPath":"/mnt/Sec
> > > St
> > > orage/2949d66c-3490-3636-93f7-f2299fa5f4b2/volumes/12/615/dnld362614
> > > 18
> > > 85766458800tmp_","installPath":"volumes/12/615","templateSize":0,"te
> > > mp latePhySicalSize":0,"result":true,"details":"Connection
> > > refused (Connection refused)","wait":0}}] }
> > >
> > > 2018-10-31 15:26:09,563 WARN  [o.a.c.alerts]
> > > (RemoteHostEndPoint-15:ctx-28d55a70) (logid:ebfb4bd8) AlertType:: 28
> > > |
> > > dataCenterId:: 0 | podId:: null | clusterId:: null | message::
> > > Failed to upload volume: ce2747c9-468a-4d1f-9651-8b6e2373079b with
> error:
> > > Connection refused (Connection refused)
> > >
> > > 2018-10-31 15:26:09,573 ERROR [o.a.c.s.i.BaseImageStoreDriverImpl]
> > > (RemoteHostEndPoint-15:ctx-28d55a70) (logid:ebfb4bd8) Failed to
> > > upload
> > > volume: ce2747c9-468a-4d1f-9651-8b6e2373079b with error: Connection
> > > refused (Connection refused)
> > >
> > >
> > >
> > > I don’t know where the « connection refused » comes from.
> > >
> > >
> > >
> > > Someone knows the exact process in cloudstack to upload volumes from
> > > an URL ?
> > >
> > > Best regards,
> > >
> > >
> > >
> > > [image: SignatureBouige]
> > >
> > >
> > >
> >
> >
> > --
> > Rafael Weingärtner
> >
>
>
> --
> Rafael Weingärtner
>

Re: KVM Custom CPU-Model

[Andrija Panic]

I haven't played with host-model, but manual says (
http://docs.cloudstack.apache.org/en/4.11.1.0/installguide/hypervisor/kvm.html
)

"
host-model: libvirt will identify the CPU model in
/usr/share/libvirt/cpu_map.xml which most closely matches the host, and
then request additional CPU flags to complete the match. This should give
close to maximum functionality/performance, which maintaining good
reliability/compatibility if the guest is migrated to another host with
slightly different host CPUs
"

This makes me believe that in my case (as from previous email) it
would/should use "IvyBridge" and not qemu64 as CPU, plus some more flags..
That is easy to test - switch to that one - restart agent, and start VM
while choosing to start it on that particular host (i.e. have running VM,
stop it, and start on particular host).

Hope that helps

Andrija

On Tue, 30 Oct 2018 at 17:00, Stock, Alexander <
alexander.st...@itelligence.de> wrote:

> Hi Andrija,
>
> thank you for your quick answer.
> I already checked out the custom CPU-Model of our CPU generation as plan b.
> This would also work for us.
>
> The question for me was just why is qemu64 working with
> guest.cpu.mode=host-model and not working with guest.cpu.mode=custom.
>
> BR
> Alexander
>
> -Ursprüngliche Nachricht-
> Von: Andrija Panic 
> Gesendet: Dienstag, 30. Oktober 2018 13:30
> An: users 
> Betreff: Re: KVM Custom CPU-Model
>
> Hi Alex,
>
> based on CPU_map.xml, qemu64 CPU model requires (presents to Guest) the
> SVM flag, which is the AMD things as you know (not sure why though...)
>
> Here is the info:
> root@ix1-c7-4:~# cat /usr/share/libvirt/cpu_map.xml| grep qemu64 -A36
> 
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
> 
>
> That being said, I would suggest that you consider using latest named CPU
> model which corresponds to your CPU - I assume you have identical/same CPUs
> in the cluster - and whatever is the vCPU model of the VM - it has to be
> supported by all physical hosts (same CPU flags in general) in order to
> support Live MIgrations of VMS across hosts.
>
> For example, in my test cluster I have following CPU model Intel(R)
> Xeon(R) CPU E5-2650 v2 @ 2.60GHz - which is (check on Intel site) and
> "IvyBridge"
> code name.
>
> So in agent.properties I have following (in qemu 2.5)
>
> guest.cpu.model=IvyBridge
> guest.cpu.mode=custom
>
> But previously with Qemu 2.2 there was no support for IvyBridge named CPU
> model, so I used Sandy Bridge - so you can choose your own here and perhaps
> add some more flags if you want.
> QEmu 2.2
>
> guest.cpu.model=SandyBridge
> guest.cpu.mode=custom
>
> If you have i.e. mixed CPU models, check the "oldest one" and target that
> one in you agent.properties across all nodes.
>
> Cheers,
> Andrija
>
> On Tue, 30 Oct 2018 at 12:42, Stock, Alexander <
> alexander.st...@itelligence.de> wrote:
>
> > Hi all,
> >
> >
> >
> > maybe someone can help me with my KVM related questions.
> >
> > At the moment we want to add cpu flags to the standard qemu64
> > CPU-Model in a testcluster.
> >
> >
> >
> > For this we tried the following configuration:
> >
> >
> >
> > guest.cpu.mode=custom
> >
> > guest.cpu.model=qemu64
> >
> >
> > guest.cpu.features=sse4.2 sse4.1
> >
> >
> >
> > But ended up with the following error message:
> >
> > *org.libvirt.LibvirtException: unsupported configuration: guest and
> > host CPU are not compatible: Host CPU does not provide required
> > features: svm*
> >
> >
> >
> > When we use *kvm64* instead of *qemu64* the start of the vm is working
> > and the needed flags are available.
> >
> > Has someone experience in using kvm64 over qemu64 and are there some
> > drawbacks with it?
> >
> > Also I guess the standard CPU-Model which comes from
> > guest.cpu.mode=host-model is qemu64.
> >
> > Why is it working with mode host-model and not with custom. Is there
> > some libvirt magic involved?
> >
> >
> >
> > *Alexander Stock*
> >
> > Architect
> > Cloud Implementation
> >
> >
> >
> > [image: pic23646]
> >
> >
> >
> > itelligence Global Managed Services GmbH ▪ Philipp-Reis-Straße 2 ▪
> > 02625 Bautzen
> >
> > phone: +49 3591 52 53 1398 ▪fax: +49 3591 52 53 
> >
> > e-mail: alexander.st...@itelligence.com
> >
> >
> >
> > www.itelligencegroup.com
> >
> >
> >
> > itelligence Global Managed Services GmbH ▪ Sitz: Bautzen ▪
> > Handelsregister: Amtsgericht Dresden, HRB 21356
> >
> > Geschäftsführer: Mirko Kruse ▪ André Walter
> >
> >
> >
>
>
> --
>
> Andrija Panić
>


-- 

Andrija Panić

Re: KVM Custom CPU-Model

[Andrija Panic]

Hi Alex,

based on CPU_map.xml, qemu64 CPU model requires (presents to Guest) the SVM
flag, which is the AMD things as you know (not sure why though...)

Here is the info:
root@ix1-c7-4:~# cat /usr/share/libvirt/cpu_map.xml| grep qemu64 -A36

  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  


That being said, I would suggest that you consider using latest named CPU
model which corresponds to your CPU - I assume you have identical/same CPUs
in the cluster - and whatever is the vCPU model of the VM - it has to be
supported by all physical hosts (same CPU flags in general) in order to
support Live MIgrations of VMS across hosts.

For example, in my test cluster I have following CPU model Intel(R) Xeon(R)
CPU E5-2650 v2 @ 2.60GHz - which is (check on Intel site) and "IvyBridge"
code name.

So in agent.properties I have following (in qemu 2.5)

guest.cpu.model=IvyBridge
guest.cpu.mode=custom

But previously with Qemu 2.2 there was no support for IvyBridge named CPU
model, so I used Sandy Bridge - so you can choose your own here and perhaps
add some more flags if you want.
QEmu 2.2

guest.cpu.model=SandyBridge
guest.cpu.mode=custom

If you have i.e. mixed CPU models, check the "oldest one" and target that
one in you agent.properties across all nodes.

Cheers,
Andrija

On Tue, 30 Oct 2018 at 12:42, Stock, Alexander <
alexander.st...@itelligence.de> wrote:

> Hi all,
>
>
>
> maybe someone can help me with my KVM related questions.
>
> At the moment we want to add cpu flags to the standard qemu64 CPU-Model in
> a testcluster.
>
>
>
> For this we tried the following configuration:
>
>
>
> guest.cpu.mode=custom
>
> guest.cpu.model=qemu64
>
>
> guest.cpu.features=sse4.2 sse4.1
>
>
>
> But ended up with the following error message:
>
> *org.libvirt.LibvirtException: unsupported configuration: guest and host
> CPU are not compatible: Host CPU does not provide required features: svm*
>
>
>
> When we use *kvm64* instead of *qemu64* the start of the vm is working
> and the needed flags are available.
>
> Has someone experience in using kvm64 over qemu64 and are there some
> drawbacks with it?
>
> Also I guess the standard CPU-Model which comes from guest.cpu.mode=host-model
> is qemu64.
>
> Why is it working with mode host-model and not with custom. Is there some
> libvirt magic involved?
>
>
>
> *Alexander Stock*
>
> Architect
> Cloud Implementation
>
>
>
> [image: pic23646]
>
>
>
> itelligence Global Managed Services GmbH ▪ Philipp-Reis-Straße 2 ▪ 02625
> Bautzen
>
> phone: +49 3591 52 53 1398 ▪fax: +49 3591 52 53 
>
> e-mail: alexander.st...@itelligence.com
>
>
>
> www.itelligencegroup.com
>
>
>
> itelligence Global Managed Services GmbH ▪ Sitz: Bautzen ▪
> Handelsregister: Amtsgericht Dresden, HRB 21356
>
> Geschäftsführer: Mirko Kruse ▪ André Walter
>
>
>


-- 

Andrija Panić

Re: System Template not working on second Zone

[Andrija Panic]

https://rohityadav.cloud/blog/cloudstack-kvm/

this is for most recent 4.11 release and Ubuntu 18.04.

Advanced Zone and NFS on same box etc - all in one box.

For local storage, you need to decide if you really want "Local storage" or
"Shared Storage: (i.e. local storage being by default
/var/lib/libvirt/images/) or just a regular shared NFS storage, but on same
box etc.




On Mon, 29 Oct 2018 at 15:56, Raymon van der Meijden <
ray...@van-der-meijden.com> wrote:

>
> - I have remove the secondary ip from cloudbr0
> - I have added a secondary storage to the zone (from another zone) which
> hold the templates
> - I have removed the server from the zone
> - I have re-added the server to the zone.
> - Disable and reanableld the zone
> - The system vm`s are now working. Deleting them will create working new
> copy`s so the platform itself working
>
> During the reconnection of the server it was still trying to mount to
> the .190 adres. So i briefly added it with ifconfig. This issue now
> seems resolved
>
> I now want to find out how to create a single node zone (which also hold
> the NFS secondary storage) and use local SSD for it primary storage,
> which already works.
>
> This is clearly not working, any thoughts on how to use the KVM server
> als NFS server. I got inspired by
>
> http://www.greenhills.co.uk/2013/08/30/cloudstack-single-server-on-ubuntu-with-kvm.html
>
> auto cloudbr0
> iface cloudbr0 inet static
> #iface cloudbr0 inet manual
>  bridge_ports em1.160
>  #bridge_ports em1
>  address 192.168.160.241
>  netmask 255.255.255.0
>  gateway 192.168.160.1
>  dns-nameservers 8.8.8.8 8.8.4.4
>  dns-domain domain.com
>  bridge_fd 5
>  bridge_stp off
>  bridge_maxwait 1
>
> #auto cloudbr0:1
> #iface cloudbr0:1 inet static
> #   address 192.168.160.190
> #   netmask 255.255.255.0
>
>
> This server is a single sever located in a DC, so i cannot add another
> box to be NFS storage
>
>
>
> On 29-10-18 15:37, Andrija Panic wrote:
> > It would help if you would explain networking on the KVM side - how many
> > interfaces, bonds or not, vlans or not, bridge names, etc and how did
> you
> > setup your differetn Traffic across Physical Network inside CloudStack
> (did
> > you place red circle "Storage" on the right part on Physical Network, or
> > not, etc - I'm talking about UI setup of Zone here)
> >
> > Each Traffic Type (Management, Guest, Storage, Public) can and should
> have
> > a KVM traffic label set to it. i.e.  it's not "label of the Management
> > Zone", it's label for each Network Traffic Type that you placed (drag and
> > drop via UI, if created via UI...) on the Physical Network during
> creating
> > the Advanced Zone.
> >
> > Networking (for Advanced Zone specifically) can be a bit of challenge to
> > master and understand how it works, why to define traffic labels, and it
> > works in general - but once that is all mastered, it's pretty
> > straightforward...
> >
> >
> >
> >
> > On Mon, 29 Oct 2018 at 15:23, Raymon van der Meijden <
> > ray...@van-der-meijden.com> wrote:
> >
> >> The labels of the Management Zone are cloudbr0 on all KVM Hypervisors.
> >> The difference with this hypervisor is that i tried running a cloudbr0:1
> >> subinterface for the hypervisor to also act as NFS storage on the
> >> secondary IP.
> >>
> >> This secondary IP is also making the connection to the management
> >> server, maybe this is providing the issue.
> >>
> >> I have removed the secondary ip and will try again
> >>
> >>
> >> On 29-10-18 14:51, Andrija Panic wrote:
> >>> Go to Infrastructure --> Zones --> ZONE_NAME --> Physical Networks -->
> >>> NAME_of_SECONDARY_STORAGE_NETWORK - if you used dedicated STORAGE
> >> network,
> >>> otherwise it's shared with the Management Network, so go to this one,
> and
> >>> than again click on "Storage" button again and make sure KVM traffic
> >> label
> >>> is set to the correct name of the BRIDGE.
> >>>
> >>> as in images:
> >>> https://pasteboard.co/HKHvTZF.png
> >>> https://pasteboard.co/HKHuK5r.png
> >>>
> >>> KVM traffic labels = name of the physical interface on KVM host
> (usually
> >>> name of the bridge) - so CloudStack will know to which bridge to join
> the
> >>> SSVM vNIC...so SSVM can contact secondary storage...
> >>&

Re: Questions on snapshots

[Andrija Panic]

I wouldn't comment on the feasibility of this - but snapshots that stays on
Primary Storage... in case of Primary Storage issues, will be unusable also.
Perhaps you are talking about issues inside VMs - in this sense, again,
snapshots might not be (in my opinion...) the best solution, at least such
frequent snapshots, but again that is only my opinion.. Perhaps a proper
backup mechanism inside VMs etc...

Anyhow, there is VM-level snapshots if KVM is using NFS for Primary Storage
(and same for XenServer afaik) - these should be tested and evaluated for
your use case.
Simple volume snapshots are probably not going to work for you/customer in
case of multiple-volume VMs - since you need to ensure consistent state
inside the OS filesystem/apps, etc (imagine DB on volume1, and logs on
volume2, etc)

I'm just afraid that keeping huge number of snapshots of the VM will mean a
serious performance degradation sooner or later.

just my 2 cents, if you don't mind.

Cheers


On Mon, 29 Oct 2018 at 15:35, Alexandre Bruyere 
wrote:

> Tests will be done for sure.
>
> Use case is 5-minute snapshots on VMs for ultra-high-availability hybrid
> cloud - to provide small and medium businesses with a reliable system that,
> in the case of issues, loses as little work as possible.
>
> On Sun, Oct 28, 2018 at 6:00 AM Andrija Panic 
> wrote:
>
> > I'm not sure what is your use case - what you want to achieve - but make
> > sure to test this thoroughly
> >
> > You can "manually" (outside of ACS) always make a snap of the volume, but
> > you need to make sure that this doesn't collide with CloudStack in any
> way
> > - i.e. there is also VM level snapshots in KVM if you are using NFS as
> > Primary Storage - so check this out maybe it works for you - here for
> > example you have the limitation (if I remember correctly) that you can
> not
> > attach additional volume (or something similar) to the VM, until you have
> > deleted all VM-level snapshots, etc. (which makes sense of course)
> >
> > I guess it takes a lot of work to skip Secondary Storage (snapshot
> workflow
> > inside CLoudStack), because you need to make sure to provide workflow for
> > all different Primary Storage providers (there are bunch of them, not
> only
> > NFS...), and then there are bunch of HyperVisors supported, and so on, so
> > it's a big challenge (I'm not developer, but that is my assumption)
> >
> > Cheers
> >
> > On Sun, 28 Oct 2018 at 00:06, Alexandre Bruyere <
> > bruyere.alexan...@gmail.com>
> > wrote:
> >
> > > Well... Sounds like the new scripters that are coming in tomorrow will
> > come
> > > in handy. I'll probably have them script something to pull snapshots
> from
> > > KVM directly instead of going through Cloudstack.
> > >
> > > Is there anything that would stop this from working?
> > >
> > > On Fri, Oct 26, 2018 at 4:15 PM Andrija Panic  >
> > > wrote:
> > >
> > > > Yes.
> > > >
> > > > There are improvements being done atm, (afaik), to try to manage
> > > snapshots
> > > > on the primary storage (for NFS and maybe CEPH, it's already
> > implemented
> > > on
> > > > i.e. SolidFire).
> > > >
> > > > Simply this is how it was working so far - snapshots are meant to be
> > > moved
> > > > to Secondary Storage (and later can be converted to Templates,
> > downloaded
> > > > from SSVM, converted to volumes etc).
> > > > I agree with you, but that is how it was implemented, I assume for
> > > > compatibility reasons - since different Hypervisors manage things in
> > > > different ways - you have to support different hypervisosrs,
> different
> > > > storage solutions etc (it's NOT only NFS...).
> > > >
> > > > Cheers
> > > >
> > > >
> > > > On Fri, 26 Oct 2018 at 22:08, Alexandre Bruyere <
> > > > bruyere.alexan...@gmail.com>
> > > > wrote:
> > > >
> > > > > So wait. Are you telling me that Cloudstack does a full backup of
> the
> > > > > volume every time a snapshot is taken?
> > > > >
> > > > > What's the point of snapshots then? Making specific operations
> > faster?
> > > > >
> > > > > --
> > > > > Alexandre Bruyère
> > > > >
> > > > > -Original Message-
> > > > > Re: Questions on snapshots
> > > > > From: Andrija Panic 
> > > > > To: users 
> > > 

Re: System Template not working on second Zone

[Andrija Panic]

It would help if you would explain networking on the KVM side - how many
interfaces, bonds or not, vlans or not, bridge names, etc and how did  you
setup your differetn Traffic across Physical Network inside CloudStack (did
you place red circle "Storage" on the right part on Physical Network, or
not, etc - I'm talking about UI setup of Zone here)

Each Traffic Type (Management, Guest, Storage, Public) can and should have
a KVM traffic label set to it. i.e.  it's not "label of the Management
Zone", it's label for each Network Traffic Type that you placed (drag and
drop via UI, if created via UI...) on the Physical Network during creating
the Advanced Zone.

Networking (for Advanced Zone specifically) can be a bit of challenge to
master and understand how it works, why to define traffic labels, and it
works in general - but once that is all mastered, it's pretty
straightforward...




On Mon, 29 Oct 2018 at 15:23, Raymon van der Meijden <
ray...@van-der-meijden.com> wrote:

>
> The labels of the Management Zone are cloudbr0 on all KVM Hypervisors.
> The difference with this hypervisor is that i tried running a cloudbr0:1
> subinterface for the hypervisor to also act as NFS storage on the
> secondary IP.
>
> This secondary IP is also making the connection to the management
> server, maybe this is providing the issue.
>
> I have removed the secondary ip and will try again
>
>
> On 29-10-18 14:51, Andrija Panic wrote:
> > Go to Infrastructure --> Zones --> ZONE_NAME --> Physical Networks -->
> > NAME_of_SECONDARY_STORAGE_NETWORK - if you used dedicated STORAGE
> network,
> > otherwise it's shared with the Management Network, so go to this one, and
> > than again click on "Storage" button again and make sure KVM traffic
> label
> > is set to the correct name of the BRIDGE.
> >
> > as in images:
> > https://pasteboard.co/HKHvTZF.png
> > https://pasteboard.co/HKHuK5r.png
> >
> > KVM traffic labels = name of the physical interface on KVM host (usually
> > name of the bridge) - so CloudStack will know to which bridge to join the
> > SSVM vNIC...so SSVM can contact secondary storage...
> >
> >
> >
> >
> > On Mon, 29 Oct 2018 at 14:44, Raymon van der Meijden <
> > ray...@van-der-meijden.com> wrote:
> >
> >> Where did you find out these naming issues, so i can double check.
> >> Because the places i have found look simular to me
> >>
> >>
> >> On 29-10-18 14:37, Yordan Kostov wrote:
> >>> Hello Raymon,
> >>>
> >>>I had the same issue (SSVMs booting but no OS existing).
> >>>At the end I found out that this happened because my network
> >> labels were not set correctly so the networks were not allocated
> properly
> >> no proper connection to the secondary storage was available. This means
> >> that the system creates the VM metdata (compute, ram, network
> interfaces)
> >> but could not fetch the system disks from the secondary storage (so you
> see
> >> the vms but they are actually empty).
> >>> I hope that helps!
> >>>
> >>> Best regards,
> >>> Jordan
> >>>
> >>> -Original Message-
> >>> From: Raymon van der Meijden [mailto:ray...@van-der-meijden.com]
> >>> Sent: Monday, October 29, 2018 3:24 PM
> >>> To: users@cloudstack.apache.org
> >>> Subject: System Template not working on second Zone
> >>>
> >>>
> >>> I`m running a cloudstack cluster for some time now and i`m getting the
> >> hang of it. So i tried to add an additional Zone (Advanced) but i cannot
> >> get the system VM to start. The VM`s are created and a running
> according to
> >> cloudstack. But when i check the VM using VNC there is no OS available (
> >> Bootdisk not found)
> >>>
> >>> I think the generation using the template is not working. But i cannot
> >> figure out the issue. There is a secondary storage defined for this
> zone.
> >> (And it seems to be working) And i have placed the template on that
> storage.
> >>> The management log gives me debug logging, but i cannot find an issue.
> >>>
> >>>
> >>> The creation of the systemtempate when mounted to the new secondary
> >> storage.
> >>> root@cloud:/mnt/tank/secondary/template/tmpl/1/222#
> >>>
> >>
> /usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt
> >>> -m /mnt/tank/secondary -u
>

Re: System Template not working on second Zone

[Andrija Panic]

(after that, disable Zone, destroy SSVM/CPVM, enable Zone and they will be
recreated again...)

btw /template/1/224/   translates to
/template/Account_ID/template_ID/  (similar path is used for snapshots and
upoaded volumes) - so your path is OK -  template/1 is system account,
while i.e. template/2 is the cloud admin account, and so on...

cheers

On Mon, 29 Oct 2018 at 14:51, Andrija Panic  wrote:

> Go to Infrastructure --> Zones --> ZONE_NAME --> Physical Networks -->
> NAME_of_SECONDARY_STORAGE_NETWORK - if you used dedicated STORAGE network,
> otherwise it's shared with the Management Network, so go to this one, and
> than again click on "Storage" button again and make sure KVM traffic label
> is set to the correct name of the BRIDGE.
>
> as in images:
> https://pasteboard.co/HKHvTZF.png
> https://pasteboard.co/HKHuK5r.png
>
> KVM traffic labels = name of the physical interface on KVM host (usually
> name of the bridge) - so CloudStack will know to which bridge to join the
> SSVM vNIC...so SSVM can contact secondary storage...
>
>
>
>
> On Mon, 29 Oct 2018 at 14:44, Raymon van der Meijden <
> ray...@van-der-meijden.com> wrote:
>
>> Where did you find out these naming issues, so i can double check.
>> Because the places i have found look simular to me
>>
>>
>> On 29-10-18 14:37, Yordan Kostov wrote:
>> > Hello Raymon,
>> >
>> >   I had the same issue (SSVMs booting but no OS existing).
>> >   At the end I found out that this happened because my network
>> labels were not set correctly so the networks were not allocated properly
>> no proper connection to the secondary storage was available. This means
>> that the system creates the VM metdata (compute, ram, network interfaces)
>> but could not fetch the system disks from the secondary storage (so you see
>> the vms but they are actually empty).
>> >
>> > I hope that helps!
>> >
>> > Best regards,
>> > Jordan
>> >
>> > -Original Message-
>> > From: Raymon van der Meijden [mailto:ray...@van-der-meijden.com]
>> > Sent: Monday, October 29, 2018 3:24 PM
>> > To: users@cloudstack.apache.org
>> > Subject: System Template not working on second Zone
>> >
>> >
>> > I`m running a cloudstack cluster for some time now and i`m getting the
>> hang of it. So i tried to add an additional Zone (Advanced) but i cannot
>> get the system VM to start. The VM`s are created and a running according to
>> cloudstack. But when i check the VM using VNC there is no OS available (
>> Bootdisk not found)
>> >
>> >
>> > I think the generation using the template is not working. But i cannot
>> figure out the issue. There is a secondary storage defined for this zone.
>> (And it seems to be working) And i have placed the template on that storage.
>> >
>> > The management log gives me debug logging, but i cannot find an issue.
>> >
>> >
>> > The creation of the systemtempate when mounted to the new secondary
>> storage.
>> >
>> > root@cloud:/mnt/tank/secondary/template/tmpl/1/222#
>> >
>> /usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt
>> > -m /mnt/tank/secondary -u
>> >
>> http://download.cloudstack.org/systemvm/4.11/systemvmtemplate-4.11.1-kvm.qcow2.bz2
>> > -h kvm -F
>> > --2018-10-29 14:12:07--
>> >
>> http://download.cloudstack.org/systemvm/4.11/systemvmtemplate-4.11.1-kvm.qcow2.bz2
>> > Resolving download.cloudstack.org (download.cloudstack.org)...
>> > 185.27.174.49, 2a00:f10:121:400:403:9cff:fe00:37f
>> > Connecting to download.cloudstack.org
>> > (download.cloudstack.org)|185.27.174.49|:80... connected.
>> > HTTP request sent, awaiting response... 200 OK
>> > Length: 302864294 (289M) [application/x-bzip2] Saving to:
>> >
>> '/usr/share/cloudstack-common/scripts/storage/secondary/4edec9f7-b516-4bcc-adf8-27d61e01a3d7.qcow2'
>> >
>> >
>> 100%[>]
>> > 302,864,294 6.48MB/s   in 47s
>> >
>> > 2018-10-29 14:12:54 (6.18 MB/s) -
>> >
>> '/usr/share/cloudstack-common/scripts/storage/secondary/4edec9f7-b516-4bcc-adf8-27d61e01a3d7.qcow2'
>> > saved [302864294/302864294]
>> >
>> > Uncompressing to
>> >
>> /usr/share/cloudstack-common/scripts/storage/secondary/4edec9f7-b516-4bcc-adf8-27d61e01a3d7.qcow2.tmp
>> > (type bz2)...could take a long time
>> > Moving to
>> >
>> /mnt/tank/secondary/template/tmpl/1/224///4edec9f7-b516-4bcc-adf8-27d61e01a3d7.qcow2...could
>> > take a while
>> > Successfully installed system VM template  to
>> /mnt/tank/secondary/template/tmpl/1/224/
>> >
>> >
>> > But i think this should actually be /tmpl/10/224 since the id of the
>> new Zone is 10 (i have created and deleted some in the past)
>> >
>> >
>> >
>> >
>>
>
>
> --
>
> Andrija Panić
>


-- 

Andrija Panić

Re: System Template not working on second Zone

[Andrija Panic]

Go to Infrastructure --> Zones --> ZONE_NAME --> Physical Networks -->
NAME_of_SECONDARY_STORAGE_NETWORK - if you used dedicated STORAGE network,
otherwise it's shared with the Management Network, so go to this one, and
than again click on "Storage" button again and make sure KVM traffic label
is set to the correct name of the BRIDGE.

as in images:
https://pasteboard.co/HKHvTZF.png
https://pasteboard.co/HKHuK5r.png

KVM traffic labels = name of the physical interface on KVM host (usually
name of the bridge) - so CloudStack will know to which bridge to join the
SSVM vNIC...so SSVM can contact secondary storage...




On Mon, 29 Oct 2018 at 14:44, Raymon van der Meijden <
ray...@van-der-meijden.com> wrote:

> Where did you find out these naming issues, so i can double check.
> Because the places i have found look simular to me
>
>
> On 29-10-18 14:37, Yordan Kostov wrote:
> > Hello Raymon,
> >
> >   I had the same issue (SSVMs booting but no OS existing).
> >   At the end I found out that this happened because my network
> labels were not set correctly so the networks were not allocated properly
> no proper connection to the secondary storage was available. This means
> that the system creates the VM metdata (compute, ram, network interfaces)
> but could not fetch the system disks from the secondary storage (so you see
> the vms but they are actually empty).
> >
> > I hope that helps!
> >
> > Best regards,
> > Jordan
> >
> > -Original Message-
> > From: Raymon van der Meijden [mailto:ray...@van-der-meijden.com]
> > Sent: Monday, October 29, 2018 3:24 PM
> > To: users@cloudstack.apache.org
> > Subject: System Template not working on second Zone
> >
> >
> > I`m running a cloudstack cluster for some time now and i`m getting the
> hang of it. So i tried to add an additional Zone (Advanced) but i cannot
> get the system VM to start. The VM`s are created and a running according to
> cloudstack. But when i check the VM using VNC there is no OS available (
> Bootdisk not found)
> >
> >
> > I think the generation using the template is not working. But i cannot
> figure out the issue. There is a secondary storage defined for this zone.
> (And it seems to be working) And i have placed the template on that storage.
> >
> > The management log gives me debug logging, but i cannot find an issue.
> >
> >
> > The creation of the systemtempate when mounted to the new secondary
> storage.
> >
> > root@cloud:/mnt/tank/secondary/template/tmpl/1/222#
> >
> /usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt
> > -m /mnt/tank/secondary -u
> >
> http://download.cloudstack.org/systemvm/4.11/systemvmtemplate-4.11.1-kvm.qcow2.bz2
> > -h kvm -F
> > --2018-10-29 14:12:07--
> >
> http://download.cloudstack.org/systemvm/4.11/systemvmtemplate-4.11.1-kvm.qcow2.bz2
> > Resolving download.cloudstack.org (download.cloudstack.org)...
> > 185.27.174.49, 2a00:f10:121:400:403:9cff:fe00:37f
> > Connecting to download.cloudstack.org
> > (download.cloudstack.org)|185.27.174.49|:80... connected.
> > HTTP request sent, awaiting response... 200 OK
> > Length: 302864294 (289M) [application/x-bzip2] Saving to:
> >
> '/usr/share/cloudstack-common/scripts/storage/secondary/4edec9f7-b516-4bcc-adf8-27d61e01a3d7.qcow2'
> >
> >
> 100%[>]
> > 302,864,294 6.48MB/s   in 47s
> >
> > 2018-10-29 14:12:54 (6.18 MB/s) -
> >
> '/usr/share/cloudstack-common/scripts/storage/secondary/4edec9f7-b516-4bcc-adf8-27d61e01a3d7.qcow2'
> > saved [302864294/302864294]
> >
> > Uncompressing to
> >
> /usr/share/cloudstack-common/scripts/storage/secondary/4edec9f7-b516-4bcc-adf8-27d61e01a3d7.qcow2.tmp
> > (type bz2)...could take a long time
> > Moving to
> >
> /mnt/tank/secondary/template/tmpl/1/224///4edec9f7-b516-4bcc-adf8-27d61e01a3d7.qcow2...could
> > take a while
> > Successfully installed system VM template  to
> /mnt/tank/secondary/template/tmpl/1/224/
> >
> >
> > But i think this should actually be /tmpl/10/224 since the id of the new
> Zone is 10 (i have created and deleted some in the past)
> >
> >
> >
> >
>


-- 

Andrija Panić

Re: Questions on snapshots

[Andrija Panic]

I'm not sure what is your use case - what you want to achieve - but make
sure to test this thoroughly

You can "manually" (outside of ACS) always make a snap of the volume, but
you need to make sure that this doesn't collide with CloudStack in any way
- i.e. there is also VM level snapshots in KVM if you are using NFS as
Primary Storage - so check this out maybe it works for you - here for
example you have the limitation (if I remember correctly) that you can not
attach additional volume (or something similar) to the VM, until you have
deleted all VM-level snapshots, etc. (which makes sense of course)

I guess it takes a lot of work to skip Secondary Storage (snapshot workflow
inside CLoudStack), because you need to make sure to provide workflow for
all different Primary Storage providers (there are bunch of them, not only
NFS...), and then there are bunch of HyperVisors supported, and so on, so
it's a big challenge (I'm not developer, but that is my assumption)

Cheers

On Sun, 28 Oct 2018 at 00:06, Alexandre Bruyere 
wrote:

> Well... Sounds like the new scripters that are coming in tomorrow will come
> in handy. I'll probably have them script something to pull snapshots from
> KVM directly instead of going through Cloudstack.
>
> Is there anything that would stop this from working?
>
> On Fri, Oct 26, 2018 at 4:15 PM Andrija Panic 
> wrote:
>
> > Yes.
> >
> > There are improvements being done atm, (afaik), to try to manage
> snapshots
> > on the primary storage (for NFS and maybe CEPH, it's already implemented
> on
> > i.e. SolidFire).
> >
> > Simply this is how it was working so far - snapshots are meant to be
> moved
> > to Secondary Storage (and later can be converted to Templates, downloaded
> > from SSVM, converted to volumes etc).
> > I agree with you, but that is how it was implemented, I assume for
> > compatibility reasons - since different Hypervisors manage things in
> > different ways - you have to support different hypervisosrs, different
> > storage solutions etc (it's NOT only NFS...).
> >
> > Cheers
> >
> >
> > On Fri, 26 Oct 2018 at 22:08, Alexandre Bruyere <
> > bruyere.alexan...@gmail.com>
> > wrote:
> >
> > > So wait. Are you telling me that Cloudstack does a full backup of the
> > > volume every time a snapshot is taken?
> > >
> > > What's the point of snapshots then? Making specific operations faster?
> > >
> > > --
> > > Alexandre Bruyère
> > >
> > > -Original Message-
> > > Re: Questions on snapshots
> > > From: Andrija Panic 
> > > To: users 
> > > Friday, October 26, 2018 at 3:38 PM
> > >
> > > So :)
> > >
> > > 1. Snap interval - scheduled snaps are max 1h per the so called
> "hourly"
> > > schedule - so makes sense :) You could do some automation, by creating
> > > manual snapshots and deleting oldest ones via automation - i.e. you can
> > > use Cloud Monkey, CLI utility that talk to API and is great for any
> kind
> > of
> > > automation, unless you talk directly to API from i.e. Python etc, via
> > > HTTPS.
> > >
> > > 2. number of snaps: Go to Global Configuration, there is parameter
> > > "snapshot.max.hourly" - and you can change it, I assume to <=24
> > ...(restart
> > > mgmt server and you are good),(there are similar for daily and monthly)
> > >
> > > Now, related to snapshots - when you decided to really use them (i.e.
> in
> > > production) - a BIG warning - make sure to "know" what you are doing...
> > > Because so far, when you create a snapshot of the volume on Primary
> > Storage
> > > (NFS or CEPH), there is really a snapshot that is created almost
> > instantly
> > > of that volume, but then the whole image (so whole image in that point
> in
> > > time) is being copied over (qemu-img) to the Secondary Storage NFS -
> and
> > in
> > > case of too frequent snaps, or modest networking, this might at some
> > point
> > > throttle your network and also break some logic inside CloudStack
> > > For example: I had clients that were expecting to do hourly snapshots
> of
> > > the 2TB image (right... perhaps a too much expectation from their side)
> > and
> > > this can fail with timeout (in my case it was modest CEPH performance)
> > > Also pay attention to schedules, so you don't have hourly snap (one of
> > > hourly runs) begin at i.e. 17.00h and then you configured at same time
> > > (17.00) daily (/weekly/monthly) at 17.00 (or a

Re: Questions on snapshots

[Andrija Panic]

Yes.

There are improvements being done atm, (afaik), to try to manage snapshots
on the primary storage (for NFS and maybe CEPH, it's already implemented on
i.e. SolidFire).

Simply this is how it was working so far - snapshots are meant to be moved
to Secondary Storage (and later can be converted to Templates, downloaded
from SSVM, converted to volumes etc).
I agree with you, but that is how it was implemented, I assume for
compatibility reasons - since different Hypervisors manage things in
different ways - you have to support different hypervisosrs, different
storage solutions etc (it's NOT only NFS...).

Cheers


On Fri, 26 Oct 2018 at 22:08, Alexandre Bruyere 
wrote:

> So wait. Are you telling me that Cloudstack does a full backup of the
> volume every time a snapshot is taken?
>
> What's the point of snapshots then? Making specific operations faster?
>
> --
> Alexandre Bruyère
>
> -Original Message-
> Re: Questions on snapshots
> From: Andrija Panic 
> To: users 
> Friday, October 26, 2018 at 3:38 PM
>
> So :)
>
> 1. Snap interval - scheduled snaps are max 1h per the so called "hourly"
> schedule - so makes sense :) You could do some automation, by creating
> manual snapshots and deleting oldest ones via automation - i.e. you can
> use Cloud Monkey, CLI utility that talk to API and is great for any kind of
> automation, unless you talk directly to API from i.e. Python etc, via
> HTTPS.
>
> 2. number of snaps: Go to Global Configuration, there is parameter
> "snapshot.max.hourly" - and you can change it, I assume to <=24 ...(restart
> mgmt server and you are good),(there are similar for daily and monthly)
>
> Now, related to snapshots - when you decided to really use them (i.e. in
> production) - a BIG warning - make sure to "know" what you are doing...
> Because so far, when you create a snapshot of the volume on Primary Storage
> (NFS or CEPH), there is really a snapshot that is created almost instantly
> of that volume, but then the whole image (so whole image in that point in
> time) is being copied over (qemu-img) to the Secondary Storage NFS - and in
> case of too frequent snaps, or modest networking, this might at some point
> throttle your network and also break some logic inside CloudStack
> For example: I had clients that were expecting to do hourly snapshots of
> the 2TB image (right... perhaps a too much expectation from their side) and
> this can fail with timeout (in my case it was modest CEPH performance)
> Also pay attention to schedules, so you don't have hourly snap (one of
> hourly runs) begin at i.e. 17.00h and then you configured at same time
> (17.00) daily (/weekly/monthly) at 17.00 (or about the same time) - those
> later snaps will simply fail, because there is already ongoing snap on the
> same volume.
>
> Sorry long post...
>
>
> Cheers
> Andrija
>
> On Fri, 26 Oct 2018 at 20:53, Alexandre Bruyere <
> bruyere.alexan...@gmail.com
> >
> wrote:
>
> > Hello.
> >
> > I'm currently investigating the functions of Cloudstack, and looked into
> > snapshots.
> >
> > As far as I can tell, the smallest possible interval for snapshots is one
> > hour. Is there a way to schedule them more frequently? For my use, 5
> > minutes snapshots would be ideal.
> >
> > Also, it's limiting me to 8 snapshots kept. Is it possible to keep a
> larger
> > number of them - whether it is by changing configurations, by some other
> > mechanic or any other way?
> >
>
>
> --
>
> Andrija Panić
>
>
> -Original Message-
> Re: Questions on snapshots
> From: Andrija Panic 
> To: users 
> Friday, October 26, 2018 at 3:38 PM
>


-- 

Andrija Panić

Re: ISOs not readying?

[Andrija Panic]

Well, check you "Internal DNS" on the Zone - in the Rohit's article (I just
scrolled/searched through it) - it's not clear that DNS server is
192.168.1.1 which is also the IP of the gateway used in the example -
though the physical hosts is set to use 1.1.1.1 (new to me, but exists :)
)...

Optionally change Internal DNS to also 8.8.8.8 or any public, disable zone,
destroy SSVM/CPVM, enable zone and check ssvm again...

On Fri, 26 Oct 2018 at 21:45, Andrija Panic  wrote:

> Well for the beginning - destroy the SSVM and it will be recreated in few
> tens of seconds...
> When you view Infrastructure --> System VMs tab, There is Agent filed
> which has to say "Up" - https://pasteboard.co/HKhvFr6.png here is
> screenshot.
>
> It takes, say, 1-3 minutes for Agent to connect (Vm start, and agent
> connect)  - or a bit more on slower demo infra - but wait for Agent to be
> connected... if it doesn't connect in some minutes, then you might have a
> firewall issue (SSVM agent can't connect to mgmt server on port 8250) - in
> this case fix firewall and better destroy ssvm again and check again.
>
> If agent is connected all fine - then SSVM should be all fine and
> configured properly  - so after that is has to say "NFS is Mounted" - if it
> instead shows IP address or similar, then maybe there is some networking
> setup issue.
>
> Cheers
> Andrija
>
>
>
> On Fri, 26 Oct 2018 at 21:35, Alexandre Bruyere <
> bruyere.alexan...@gmail.com> wrote:
>
>> NFS was not in fact mounted. How'd I fix that?
>>
>> (Thanks a lot for the help)
>>
>> On Fri, Oct 26, 2018 at 3:26 PM Andrija Panic 
>> wrote:
>>
>> > my typo on key name - name of the key (my installation) is
>> > "/root/.ssh/id_rsa.cloud" (on the agent KVM node) - I swapped dot and
>> > underscore in previous email, sorry - same key is also avilable on MGMT
>> > server: /usr/share/cloudstack-common/scripts/vm/systemvm/id_rsa.cloud
>> >
>> > Anyway, via Console Access::
>> > open Console windows of Secondary Storage VM
>> > root / password (yes... ssh listens only on local interface, so no
>> security
>> > issue...)
>> >
>> > here again execute the script from previous email...
>> >
>> > should report all fine - especially check agent connection says
>> connected,
>> > that it says "NFS is mounted" or similar, and also make sure DNS
>> resolution
>> > works :) - all from the script.
>> >
>> >
>> > Cheers
>> >
>> > On Fri, 26 Oct 2018 at 21:12, Alexandre Bruyere <
>> > bruyere.alexan...@gmail.com>
>> > wrote:
>> >
>> > > Command doesn't seem to work (says it can't find the ID file). Though
>> if
>> > > there's a default password for system VMs I could use the console.
>> > >
>> > > Adding that template doesn't seem to work.
>> > >
>> > > On Fri, Oct 26, 2018 at 2:47 PM Andrija Panic <
>> andrija.pa...@gmail.com>
>> > > wrote:
>> > >
>> > > > Just tested URL above, with normal (not direct) download, and it
>> works
>> > > > fine. (ACS 4.11.2 RC3)
>> > > >
>> > > > Did you check the health of the Secondary Storage Virtual Machine -
>> I
>> > > would
>> > > > suggest to do so, since this seems as possible issue with SSVM and
>> it
>> > > might
>> > > > means other issues for your deployment also.
>> > > >
>> > > >
>> > > >1.
>> > > >
>> > > >ssh -i  /root/.ssh/id.rsa_cloud  -p 3922 root@> address
>> > of
>> > > >SSVM>
>> > > >2. *SSVM health check* - Run the following script inside ssvm:
>> > > >/usr/local/cloud/systemvm/ssvm-check.sh
>> > > >It checks for 1)connectivity with  DNS server 2) resolving of
>> > domain
>> > > >names 3)status of secondary storage 4)ability to write to
>> secondary
>> > > > storage
>> > > >5)connectivity with management server at port 8250 and 6) status
>> of
>> > > java
>> > > >process.
>> > > >
>> > > >
>> > > > Please try to add template:
>> > > >
>> > http://dl.openvm.eu/cloudstack/ubuntu/x86_64/ubuntu-16.04-kvm.qcow2.bz2
>> > > -
>> > > > if this works...
>> > > >
>> > > > Cheers,
>> > > >

Re: ISOs not readying?

[Andrija Panic]

Well for the beginning - destroy the SSVM and it will be recreated in few
tens of seconds...
When you view Infrastructure --> System VMs tab, There is Agent filed which
has to say "Up" - https://pasteboard.co/HKhvFr6.png here is screenshot.

It takes, say, 1-3 minutes for Agent to connect (Vm start, and agent
connect)  - or a bit more on slower demo infra - but wait for Agent to be
connected... if it doesn't connect in some minutes, then you might have a
firewall issue (SSVM agent can't connect to mgmt server on port 8250) - in
this case fix firewall and better destroy ssvm again and check again.

If agent is connected all fine - then SSVM should be all fine and
configured properly  - so after that is has to say "NFS is Mounted" - if it
instead shows IP address or similar, then maybe there is some networking
setup issue.

Cheers
Andrija



On Fri, 26 Oct 2018 at 21:35, Alexandre Bruyere 
wrote:

> NFS was not in fact mounted. How'd I fix that?
>
> (Thanks a lot for the help)
>
> On Fri, Oct 26, 2018 at 3:26 PM Andrija Panic 
> wrote:
>
> > my typo on key name - name of the key (my installation) is
> > "/root/.ssh/id_rsa.cloud" (on the agent KVM node) - I swapped dot and
> > underscore in previous email, sorry - same key is also avilable on MGMT
> > server: /usr/share/cloudstack-common/scripts/vm/systemvm/id_rsa.cloud
> >
> > Anyway, via Console Access::
> > open Console windows of Secondary Storage VM
> > root / password (yes... ssh listens only on local interface, so no
> security
> > issue...)
> >
> > here again execute the script from previous email...
> >
> > should report all fine - especially check agent connection says
> connected,
> > that it says "NFS is mounted" or similar, and also make sure DNS
> resolution
> > works :) - all from the script.
> >
> >
> > Cheers
> >
> > On Fri, 26 Oct 2018 at 21:12, Alexandre Bruyere <
> > bruyere.alexan...@gmail.com>
> > wrote:
> >
> > > Command doesn't seem to work (says it can't find the ID file). Though
> if
> > > there's a default password for system VMs I could use the console.
> > >
> > > Adding that template doesn't seem to work.
> > >
> > > On Fri, Oct 26, 2018 at 2:47 PM Andrija Panic  >
> > > wrote:
> > >
> > > > Just tested URL above, with normal (not direct) download, and it
> works
> > > > fine. (ACS 4.11.2 RC3)
> > > >
> > > > Did you check the health of the Secondary Storage Virtual Machine - I
> > > would
> > > > suggest to do so, since this seems as possible issue with SSVM and it
> > > might
> > > > means other issues for your deployment also.
> > > >
> > > >
> > > >1.
> > > >
> > > >ssh -i  /root/.ssh/id.rsa_cloud  -p 3922 root@ > of
> > > >SSVM>
> > > >2. *SSVM health check* - Run the following script inside ssvm:
> > > >/usr/local/cloud/systemvm/ssvm-check.sh
> > > >It checks for 1)connectivity with  DNS server 2) resolving of
> > domain
> > > >names 3)status of secondary storage 4)ability to write to
> secondary
> > > > storage
> > > >5)connectivity with management server at port 8250 and 6) status
> of
> > > java
> > > >process.
> > > >
> > > >
> > > > Please try to add template:
> > > >
> > http://dl.openvm.eu/cloudstack/ubuntu/x86_64/ubuntu-16.04-kvm.qcow2.bz2
> > > -
> > > > if this works...
> > > >
> > > > Cheers,
> > > > Andrija
> > > >
> > > > On Fri, 26 Oct 2018 at 19:41, Alexandre Bruyere <
> > > > bruyere.alexan...@gmail.com>
> > > > wrote:
> > > >
> > > > > Direct download that bypasses secondary storage seems to make it
> > ready
> > > > > instantly (with the correct filesize), so I'm going to assume the
> > link
> > > is
> > > > > good.
> > > > >
> > > > > On Fri, Oct 26, 2018 at 1:28 PM Alexandre Bruyere <
> > > > > bruyere.alexan...@gmail.com> wrote:
> > > > >
> > > > > > No progress in UI, no status.
> > > > > >
> > > > > > How would I make sure there are no redirections? At a glance
> there
> > > > > doesn't
> > > > > > seem to be any.
> > > > > >
> > > > > > On Fri, Oct 26, 2018 at 12:33 PM 

Re: Questions on snapshots

[Andrija Panic]

So :)

1. Snap interval - scheduled snaps are max 1h per the so called "hourly"
schedule - so makes sense :) You could do some automation, by creating
manual snapshots and deleting oldest ones via automation  - i.e. you can
use Cloud Monkey, CLI utility that talk to API and is great for any kind of
automation, unless you talk directly to API from i.e. Python etc, via HTTPS.

2. number of snaps: Go to Global Configuration, there is parameter
"snapshot.max.hourly" - and you can change it, I assume to <=24 ...(restart
mgmt server and you are good),(there are similar for daily and monthly)

Now, related to snapshots - when you decided to really use them (i.e. in
production) - a BIG warning - make sure to "know" what you are doing...
Because so far, when you create a snapshot of the volume on Primary Storage
(NFS or CEPH), there is really a snapshot that is created almost instantly
of that volume, but then the whole image (so whole image in that point in
time) is being copied over (qemu-img) to the Secondary Storage NFS - and in
case of too frequent snaps, or modest networking, this might at some point
throttle your network and also break some logic inside CloudStack
For example:  I had clients that were expecting to do hourly snapshots of
the 2TB image (right... perhaps a too much expectation from their side) and
this can fail with timeout (in my case it was modest CEPH performance)
Also pay attention to schedules, so you don't have hourly snap (one of
hourly runs) begin at i.e. 17.00h and then you configured at same time
(17.00) daily (/weekly/monthly) at 17.00 (or about the same time) - those
later snaps will simply fail, because there is already ongoing snap on the
same volume.

Sorry long post...


Cheers
Andrija

On Fri, 26 Oct 2018 at 20:53, Alexandre Bruyere 
wrote:

> Hello.
>
> I'm currently investigating the functions of Cloudstack, and looked into
> snapshots.
>
> As far as I can tell, the smallest possible interval for snapshots is one
> hour. Is there a way to schedule them more frequently? For my use, 5
> minutes snapshots would be ideal.
>
> Also, it's limiting me to 8 snapshots kept. Is it possible to keep a larger
> number of them - whether it is by changing configurations, by some other
> mechanic or any other way?
>


-- 

Andrija Panić

Re: ISOs not readying?

[Andrija Panic]

my typo on key name - name of the key (my installation) is
"/root/.ssh/id_rsa.cloud" (on the agent KVM node) - I swapped dot and
underscore in previous email, sorry - same key is also avilable on MGMT
server: /usr/share/cloudstack-common/scripts/vm/systemvm/id_rsa.cloud

Anyway, via Console Access::
open Console windows of Secondary Storage VM
root / password (yes... ssh listens only on local interface, so no security
issue...)

here again execute the script from previous email...

should report all fine - especially check agent connection says connected,
that it says "NFS is mounted" or similar, and also make sure DNS resolution
works :) - all from the script.


Cheers

On Fri, 26 Oct 2018 at 21:12, Alexandre Bruyere 
wrote:

> Command doesn't seem to work (says it can't find the ID file). Though if
> there's a default password for system VMs I could use the console.
>
> Adding that template doesn't seem to work.
>
> On Fri, Oct 26, 2018 at 2:47 PM Andrija Panic 
> wrote:
>
> > Just tested URL above, with normal (not direct) download, and it works
> > fine. (ACS 4.11.2 RC3)
> >
> > Did you check the health of the Secondary Storage Virtual Machine - I
> would
> > suggest to do so, since this seems as possible issue with SSVM and it
> might
> > means other issues for your deployment also.
> >
> >
> >1.
> >
> >ssh -i  /root/.ssh/id.rsa_cloud  -p 3922 root@ >SSVM>
> >2. *SSVM health check* - Run the following script inside ssvm:
> >/usr/local/cloud/systemvm/ssvm-check.sh
> >It checks for 1)connectivity with  DNS server 2) resolving of  domain
> >names 3)status of secondary storage 4)ability to write to secondary
> > storage
> >5)connectivity with management server at port 8250 and 6) status of
> java
> >process.
> >
> >
> > Please try to add template:
> > http://dl.openvm.eu/cloudstack/ubuntu/x86_64/ubuntu-16.04-kvm.qcow2.bz2
> -
> > if this works...
> >
> > Cheers,
> > Andrija
> >
> > On Fri, 26 Oct 2018 at 19:41, Alexandre Bruyere <
> > bruyere.alexan...@gmail.com>
> > wrote:
> >
> > > Direct download that bypasses secondary storage seems to make it ready
> > > instantly (with the correct filesize), so I'm going to assume the link
> is
> > > good.
> > >
> > > On Fri, Oct 26, 2018 at 1:28 PM Alexandre Bruyere <
> > > bruyere.alexan...@gmail.com> wrote:
> > >
> > > > No progress in UI, no status.
> > > >
> > > > How would I make sure there are no redirections? At a glance there
> > > doesn't
> > > > seem to be any.
> > > >
> > > > On Fri, Oct 26, 2018 at 12:33 PM Andrija Panic <
> > andrija.pa...@gmail.com>
> > > > wrote:
> > > >
> > > >> Make sure no http redirections, no ssl support (not sure if https
> URLs
> > > are
> > > >> supported now in 4.11 or not). Only plain http adn status code 200
> :)
> > > >>
> > > >> Do you see percentage /download progress in UI ?
> > > >>
> > > >> On Fri, Oct 26, 2018, 18:20 Alexandre Bruyere <
> > > >> bruyere.alexan...@gmail.com>
> > > >> wrote:
> > > >>
> > > >> > Hello.
> > > >> >
> > > >> > I've set up a Ubuntu 16.04.5 Cloudstack setup using this tutorial:
> > > >> >
> > > >> > https://rohityadav.cloud/blog/cloudstack-kvm/
> > > >> >
> > > >> > The only place I've strayed is that I've configured four network
> > > >> interfaces
> > > >> > - enp3s0 set as manual config, enp3s0.10 set as manual config
> (I've
> > > made
> > > >> > sure my system was VLAN-enabled), cloudbr0 as a
> > statically-configured
> > > >> > bridge to enp3s0 and cloudbr1 as a statically-configured bridge to
> > > >> > enp3s0.10 on VLAN 10.
> > > >> >
> > > >> > My problem is, I'm currently trying to import an iso (Ubuntu
> Server)
> > > >> from
> > > >> > URL (
> > http://releases.ubuntu.com/16.04/ubuntu-16.04.5-server-amd64.iso
> > > )
> > > >> in
> > > >> > two zones (one on cloudbr0, one on cloudbr1).
> > > >> >
> > > >> > Adding the ISO seems to work fine, but they never become "ready".
> > Any
> > > >> tips
> > > >> > as to why?
> > > >> >
> > > >> > (I will be testing direct download shortly)
> > > >> >
> > > >>
> > > >
> > >
> >
> >
> > --
> >
> > Andrija Panić
> >
>


-- 

Andrija Panić

Re: ISOs not readying?

[Andrija Panic]

You can only start VM on the NFS Primary Storage (atm) from the
direct-downloaded template - it only works with NFS as Primary Storage as
far as my tests go, so you can't use this option with i.e. CEPH or
SolidFire - but is really nice anyway and can be improved upon request.

How it works (from my observations):
 - When you try to start very first VM from direct-downloaded template
(well, its not yet downloaded at this stage...) - Cloudstack Agent on KVM
side (java process) will start downloading the file from URL in DB to the
NFS Primary Storage mount point (avoids Secondary Storage altogether) - but
not before you start VM  (until this moment, it's just URL inside DB).
- On the regular Primary Storage mount  point there is new folders
"templates" (which didn't exist until 4.11.1 - i.e. "") and below is the
standard directory structure off /account-ID/template-ID/ (i.e.
/mnt/63a3ae7b-9ea9-3884-a772-1ea939ef6ec3/template/2/224/) - this just
holds the template until it's moved to the real Primary Storage location on
same NFS box (i.e.
/mnt/63a3ae7b-9ea9-3884-a772-1ea939ef6ec3/f1b7b620-4ce8-41e7-bd31-e9a464d4ab74
)
- Once very first VM deployed from this template, it's deleted from Primary
Storage /template/ location, since it now already exist on true Primary
Storage location with other VM images.
 - Later all new VMs from that same template are just child qcow2 images of
the main qcow2 file (qcow2 linked clones), as usual...

Nice stuff...





On Fri, 26 Oct 2018 at 20:47, Andrija Panic  wrote:

> Just tested URL above, with normal (not direct) download, and it works
> fine. (ACS 4.11.2 RC3)
>
> Did you check the health of the Secondary Storage Virtual Machine - I
> would suggest to do so, since this seems as possible issue with SSVM and it
> might means other issues for your deployment also.
>
>
>1.
>
>ssh -i  /root/.ssh/id.rsa_cloud  -p 3922 root@SSVM>
>2. *SSVM health check* - Run the following script inside ssvm:
>/usr/local/cloud/systemvm/ssvm-check.sh
>It checks for 1)connectivity with  DNS server 2) resolving of  domain
>names 3)status of secondary storage 4)ability to write to secondary storage
>5)connectivity with management server at port 8250 and 6) status of java
>process.
>
>
> Please try to add template:
> http://dl.openvm.eu/cloudstack/ubuntu/x86_64/ubuntu-16.04-kvm.qcow2.bz2 -
> if this works...
>
> Cheers,
> Andrija
>
> On Fri, 26 Oct 2018 at 19:41, Alexandre Bruyere <
> bruyere.alexan...@gmail.com> wrote:
>
>> Direct download that bypasses secondary storage seems to make it ready
>> instantly (with the correct filesize), so I'm going to assume the link is
>> good.
>>
>> On Fri, Oct 26, 2018 at 1:28 PM Alexandre Bruyere <
>> bruyere.alexan...@gmail.com> wrote:
>>
>> > No progress in UI, no status.
>> >
>> > How would I make sure there are no redirections? At a glance there
>> doesn't
>> > seem to be any.
>> >
>> > On Fri, Oct 26, 2018 at 12:33 PM Andrija Panic > >
>> > wrote:
>> >
>> >> Make sure no http redirections, no ssl support (not sure if https URLs
>> are
>> >> supported now in 4.11 or not). Only plain http adn status code 200 :)
>> >>
>> >> Do you see percentage /download progress in UI ?
>> >>
>> >> On Fri, Oct 26, 2018, 18:20 Alexandre Bruyere <
>> >> bruyere.alexan...@gmail.com>
>> >> wrote:
>> >>
>> >> > Hello.
>> >> >
>> >> > I've set up a Ubuntu 16.04.5 Cloudstack setup using this tutorial:
>> >> >
>> >> > https://rohityadav.cloud/blog/cloudstack-kvm/
>> >> >
>> >> > The only place I've strayed is that I've configured four network
>> >> interfaces
>> >> > - enp3s0 set as manual config, enp3s0.10 set as manual config (I've
>> made
>> >> > sure my system was VLAN-enabled), cloudbr0 as a statically-configured
>> >> > bridge to enp3s0 and cloudbr1 as a statically-configured bridge to
>> >> > enp3s0.10 on VLAN 10.
>> >> >
>> >> > My problem is, I'm currently trying to import an iso (Ubuntu Server)
>> >> from
>> >> > URL (
>> http://releases.ubuntu.com/16.04/ubuntu-16.04.5-server-amd64.iso)
>> >> in
>> >> > two zones (one on cloudbr0, one on cloudbr1).
>> >> >
>> >> > Adding the ISO seems to work fine, but they never become "ready". Any
>> >> tips
>> >> > as to why?
>> >> >
>> >> > (I will be testing direct download shortly)
>> >> >
>> >>
>> >
>>
>
>
> --
>
> Andrija Panić
>


-- 

Andrija Panić

Re: ISOs not readying?

[Andrija Panic]

Just tested URL above, with normal (not direct) download, and it works
fine. (ACS 4.11.2 RC3)

Did you check the health of the Secondary Storage Virtual Machine - I would
suggest to do so, since this seems as possible issue with SSVM and it might
means other issues for your deployment also.


   1.

   ssh -i  /root/.ssh/id.rsa_cloud  -p 3922 root@
   2. *SSVM health check* - Run the following script inside ssvm:
   /usr/local/cloud/systemvm/ssvm-check.sh
   It checks for 1)connectivity with  DNS server 2) resolving of  domain
   names 3)status of secondary storage 4)ability to write to secondary storage
   5)connectivity with management server at port 8250 and 6) status of java
   process.


Please try to add template:
http://dl.openvm.eu/cloudstack/ubuntu/x86_64/ubuntu-16.04-kvm.qcow2.bz2 -
if this works...

Cheers,
Andrija

On Fri, 26 Oct 2018 at 19:41, Alexandre Bruyere 
wrote:

> Direct download that bypasses secondary storage seems to make it ready
> instantly (with the correct filesize), so I'm going to assume the link is
> good.
>
> On Fri, Oct 26, 2018 at 1:28 PM Alexandre Bruyere <
> bruyere.alexan...@gmail.com> wrote:
>
> > No progress in UI, no status.
> >
> > How would I make sure there are no redirections? At a glance there
> doesn't
> > seem to be any.
> >
> > On Fri, Oct 26, 2018 at 12:33 PM Andrija Panic 
> > wrote:
> >
> >> Make sure no http redirections, no ssl support (not sure if https URLs
> are
> >> supported now in 4.11 or not). Only plain http adn status code 200 :)
> >>
> >> Do you see percentage /download progress in UI ?
> >>
> >> On Fri, Oct 26, 2018, 18:20 Alexandre Bruyere <
> >> bruyere.alexan...@gmail.com>
> >> wrote:
> >>
> >> > Hello.
> >> >
> >> > I've set up a Ubuntu 16.04.5 Cloudstack setup using this tutorial:
> >> >
> >> > https://rohityadav.cloud/blog/cloudstack-kvm/
> >> >
> >> > The only place I've strayed is that I've configured four network
> >> interfaces
> >> > - enp3s0 set as manual config, enp3s0.10 set as manual config (I've
> made
> >> > sure my system was VLAN-enabled), cloudbr0 as a statically-configured
> >> > bridge to enp3s0 and cloudbr1 as a statically-configured bridge to
> >> > enp3s0.10 on VLAN 10.
> >> >
> >> > My problem is, I'm currently trying to import an iso (Ubuntu Server)
> >> from
> >> > URL (http://releases.ubuntu.com/16.04/ubuntu-16.04.5-server-amd64.iso
> )
> >> in
> >> > two zones (one on cloudbr0, one on cloudbr1).
> >> >
> >> > Adding the ISO seems to work fine, but they never become "ready". Any
> >> tips
> >> > as to why?
> >> >
> >> > (I will be testing direct download shortly)
> >> >
> >>
> >
>


-- 

Andrija Panić

Re: ISOs not readying?

[Andrija Panic]

Make sure no http redirections, no ssl support (not sure if https URLs are
supported now in 4.11 or not). Only plain http adn status code 200 :)

Do you see percentage /download progress in UI ?

On Fri, Oct 26, 2018, 18:20 Alexandre Bruyere 
wrote:

> Hello.
>
> I've set up a Ubuntu 16.04.5 Cloudstack setup using this tutorial:
>
> https://rohityadav.cloud/blog/cloudstack-kvm/
>
> The only place I've strayed is that I've configured four network interfaces
> - enp3s0 set as manual config, enp3s0.10 set as manual config (I've made
> sure my system was VLAN-enabled), cloudbr0 as a statically-configured
> bridge to enp3s0 and cloudbr1 as a statically-configured bridge to
> enp3s0.10 on VLAN 10.
>
> My problem is, I'm currently trying to import an iso (Ubuntu Server) from
> URL (http://releases.ubuntu.com/16.04/ubuntu-16.04.5-server-amd64.iso) in
> two zones (one on cloudbr0, one on cloudbr1).
>
> Adding the ISO seems to work fine, but they never become "ready". Any tips
> as to why?
>
> (I will be testing direct download shortly)
>

Re: FRESH install Cloustack 4.11 CentOS7 XEN6.5 SECONDARY STORAGE 0.00KB (URGENT)

[Andrija Panic]

Well, my apologies also - I see now that the original thread stated a
normally working SSVM...  Seems I was rushing with my answer :)

On Thu, 25 Oct 2018 at 23:48, Jordan Michaels  wrote:

> Hi Andrija,
>
> Maybe my issue is different then. I apologize, as I didn't mean to hijack
> this thread. It just sounded very similar to the issue I am experiencing.
>
> In my case, the SSVM's are never created, because the system seems to not
> be able to find the storage. I'll keep working on it.
>
> Thank you!
>
> --
> Kind regards,
> Jordan Michaels
> Vivio Technologies
>
> ----- Original Message -
> From: "Andrija Panic" 
> To: "users" , "jordan" 
> Sent: Thursday, 25 October, 2018 11:23:23
> Subject: Re: FRESH install Cloustack 4.11 CentOS7 XEN6.5 SECONDARY STORAGE
> 0.00KB (URGENT)
>
> Hi Jordan,
> I' would perhaps still suspect firewall issue - can you destroy SSVM and
> CPVM (they will be automatically created after few tens of seconds) - SSVM
> is the one connecting to Secondary Storage and afaik reporting back
> capacity to management server (what you see in dashboard)
>
> I did my tests by doing SSH to inside the SSVM (and CPVM), and did telnet
> to port 8250 to mgmt IP address to verify communication with mgmt. Also
> inside SSVM there is the script which you can use to check ssvm
> health: /usr/local/cloud/systemvm/ssvm-check.sh - it's use to check
> connections to mgmt server, to internet, dns resolution, if able to access
> Secondary Storage etc - if this script gives all OK (i.e. no errors)
> than you are good.
>
> If you need help doing ssh to SSVM/CPVM - check this link please:
>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSVM%2C+templates%2C+Secondary+storage+troubleshooting
>
> Try please and
>
> On Thu, 25 Oct 2018 at 19:59, Jordan Michaels 
> wrote:
>
> > I am encountering this issue in a single-server setup as well. The
> initial
> > setup worked fine, then I messed with some network settings a bit which
> > caused me to remove the one host, and cannot get the system up and
> running
> > again because secondary storage shows 0KB. Verified NFS shares are
> > writable, verified firewall ports are open, not sure what else to check
> or
> > to try.
> >
> > --
> > Kind regards,
> > Jordan Michaels
> > Vivio Technologies
> >
> > - Original Message -
> > From: "Alexandre Bruyere" 
> > To: "users" 
> > Sent: Wednesday, 24 October, 2018 06:39:43
> > Subject: Re: FRESH install Cloustack 4.11 CentOS7 XEN6.5 SECONDARY
> STORAGE
> > 0.00KB (URGENT)
> >
> > Just saw you followed it, and I'm not sure where the problem is, I'll
> need
> > to study it - I've had no trouble on my part.
> >
> > On Wed, Oct 24, 2018 at 9:34 AM Alexandre Bruyere <
> > bruyere.alexan...@gmail.com> wrote:
> >
> > > For reference, you can use iptables commands in firewall-cmd by using
> the
> > > --direct option.
> > >
> > > I've made a pull request to update the Quick Installation Guide with an
> > > example of commands you can use to configure the firewall.
> > >
> > > On Wed, Oct 24, 2018 at 8:07 AM Andrija Panic  >
> > > wrote:
> > >
> > >> I assume a bit late (just a few months :)  - but for sake of other
> list
> > >> members - had exactly the same case, because of FIREWALL on CentOS 7
> > >>
> > >> - dashboard shows ZERO capacity, since SSVM is NOT functional -
> because
> > >> agent inside SSVM could not connect to Management Server - because of
> > >> FIREWALL...
> > >>  - running ssvm.sh script reported BAD IP address of the Secondary
> > Storage
> > >> inside VM - so make sure the agent is CONNECTED when viewing SSVM and
> > CPVM
> > >> from Infrastructure --> System VMs...
> > >> - also CPVM was not working - again, because agent was not connected
> to
> > >> mgmt server..
> > >>
> > >> Firewall can be properly fixed/configured (obviously), or you can try
> > temp
> > >> workaround:
> > >> systemctl disable firewalld
> > >> systemctl stop firewalld
> > >>
> > >> After that, disable Zone, destroy both CPVM and SSVM, Enable Zone, and
> > >> wait
> > >> for SSVM and CPVM to be created and that agent connects (Agent State
> > shows
> > >> UP in GUI)
> > >>
> > >> Cheers
> > >> Andrija
> > >>
> > >> On Fri, 23 Mar 2018 

Re: FRESH install Cloustack 4.11 CentOS7 XEN6.5 SECONDARY STORAGE 0.00KB (URGENT)

[Andrija Panic]

Hi Jordan,
I' would perhaps still suspect firewall issue - can you destroy SSVM and
CPVM (they will be automatically created after few tens of seconds) - SSVM
is the one connecting to Secondary Storage and afaik reporting back
capacity to management server (what you see in dashboard)

I did my tests by doing SSH to inside the SSVM (and CPVM), and did telnet
to port 8250 to mgmt IP address to verify communication with mgmt. Also
inside SSVM there is the script which you can use to check ssvm
health: /usr/local/cloud/systemvm/ssvm-check.sh - it's use to check
connections to mgmt server, to internet, dns resolution, if able to access
Secondary Storage etc - if this script gives all OK (i.e. no errors)
than you are good.

If you need help doing ssh to SSVM/CPVM - check this link please:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSVM%2C+templates%2C+Secondary+storage+troubleshooting

Try please and

On Thu, 25 Oct 2018 at 19:59, Jordan Michaels  wrote:

> I am encountering this issue in a single-server setup as well. The initial
> setup worked fine, then I messed with some network settings a bit which
> caused me to remove the one host, and cannot get the system up and running
> again because secondary storage shows 0KB. Verified NFS shares are
> writable, verified firewall ports are open, not sure what else to check or
> to try.
>
> --
> Kind regards,
> Jordan Michaels
> Vivio Technologies
>
> - Original Message -
> From: "Alexandre Bruyere" 
> To: "users" 
> Sent: Wednesday, 24 October, 2018 06:39:43
> Subject: Re: FRESH install Cloustack 4.11 CentOS7 XEN6.5 SECONDARY STORAGE
> 0.00KB (URGENT)
>
> Just saw you followed it, and I'm not sure where the problem is, I'll need
> to study it - I've had no trouble on my part.
>
> On Wed, Oct 24, 2018 at 9:34 AM Alexandre Bruyere <
> bruyere.alexan...@gmail.com> wrote:
>
> > For reference, you can use iptables commands in firewall-cmd by using the
> > --direct option.
> >
> > I've made a pull request to update the Quick Installation Guide with an
> > example of commands you can use to configure the firewall.
> >
> > On Wed, Oct 24, 2018 at 8:07 AM Andrija Panic 
> > wrote:
> >
> >> I assume a bit late (just a few months :)  - but for sake of other list
> >> members - had exactly the same case, because of FIREWALL on CentOS 7
> >>
> >> - dashboard shows ZERO capacity, since SSVM is NOT functional - because
> >> agent inside SSVM could not connect to Management Server - because of
> >> FIREWALL...
> >>  - running ssvm.sh script reported BAD IP address of the Secondary
> Storage
> >> inside VM - so make sure the agent is CONNECTED when viewing SSVM and
> CPVM
> >> from Infrastructure --> System VMs...
> >> - also CPVM was not working - again, because agent was not connected to
> >> mgmt server..
> >>
> >> Firewall can be properly fixed/configured (obviously), or you can try
> temp
> >> workaround:
> >> systemctl disable firewalld
> >> systemctl stop firewalld
> >>
> >> After that, disable Zone, destroy both CPVM and SSVM, Enable Zone, and
> >> wait
> >> for SSVM and CPVM to be created and that agent connects (Agent State
> shows
> >> UP in GUI)
> >>
> >> Cheers
> >> Andrija
> >>
> >> On Fri, 23 Mar 2018 at 17:52, Dag Sonstebo 
> >> wrote:
> >>
> >> > Hi Olivier,
> >> >
> >> > Can you write to the NFS mount from SSVM? It could be you have it
> >> mounted
> >> > OK, but ACLs and/or settings prevent you from actually
> reading/writing.
> >> >
> >> > Also keep in mind the NFS permissions you need to set
> >> > (rw,async,no_root_squash,no_subtree_check) –  some pointers on
> >> >
> >>
> http://docs.cloudstack.apache.org/projects/cloudstack-installation/en/4.11/management-server/index.html#using-a-separate-nfs-server
> >> >
> >> > Regards,
> >> > Dag Sonstebo
> >> > Cloud Architect
> >> > ShapeBlue
> >> >
> >> > On 23/03/2018, 16:27, "Olivier GUIN" 
> wrote:
> >> >
> >> > Hi,
> >> >
> >> > I've a problem with secondary storage, in the dashboard it is
> >> 0.00KB .
> >> >
> >> > In the ssvm, when I launch ssvm.check  : This no nfs mount
> >> directory !
> >> >
> >> > root@s-2-VM:/usr/local/cloud/systemvm# ./ssvm-check.sh
> >> > 
&

Re: Unable to create a deployment for VM

[Andrija Panic]

Hi,

that is the famous setup article from one of CloudStack conferences, if I'm
not mistaken - but since things have changed "a bit" during last 4 years
(both cloudstack and the XenServer versions), that means that probably some
steps might be missing (just a guess)

Anyway, since system VM is not starting at all - I would suggest to take a
look into systemVM template - which you should have preseeded during the
installation process with  the "*cloud-install-sys-tmplt*" script - check
template state in GUI if it says "OK" under "Ready" section (go to specific
template, click on Zones, and there you will read it). Alternatively, make
sure that HOST is in connected/up/routing state  - can be observer from
Infrastructure-->Hosts.

Otherwise, is systemVM template is OK, than the HOST (xenserver) should be
able to mount Secondary Storage (your emails says it works fine...) and
start the VM from the template (later patch systemVM etc etc...)

I would also suggest perhaps trying a more up to date tutorial, from the
original documentation for 4.11 release (http://docs.cloudstack.apache.org)
and check your steps with XenServer.

Alternatively, if you are willing to play with KVM, there is also a very
Quick Installation Guide for CenOS6 (outdated, being updated as we speak) -
while updated version (not final but with some comments) can be found here:
https://github.com/apache/cloudstack-documentation/blob/cae56e460902b7b4efde426b9cc88e512a1c9076/source/quickinstallationguide/qig.rst


If nothing helps, please share management.log file content (pastebean or
similar) so we can check.
I'm personally not aware of specific agent logs on XenServer, but I assume
there are some logs from XenServer itself which you could collect as well.

Cheers
Andrija

On Thu, 25 Oct 2018 at 00:41, fulc927  wrote:

> Hello,
>
> First my environment is built following this tutorial
> https://www.shapeblue.com/virtualbox-test-env/
>
> I am trying to setup properly Cloudstack as a proof-of-concept and
> eventually adopting it in more sophisticated configuration
>
> I am using cloudstack-management-4.11 and Citrix XenServer Host 7.5.0
>
> I successfully create a zone and a primary storage, bad things are
> coming next, once SystemVMs have to boot.
>
> System VMs nevers successfully boot, they are stuck in an endless loop
> cycle (start-stop-start…)
>
> logs attached to this email report:
>
>  > Deploy avoids pods: null, clusters: null, hosts: null
>  > Unable to create a deployment for VM
>
> My config has enough ressources to run the management server and the xen
> one in an virtualyzed environment
>
> I highly suspect a network misconfiguration, everything should be OK
> since i replicate the config from shapeblue:
>
> PRI STORAGE 10.10.100.11
>
> SECONDARY STORAGE 10.10.101.11
>
> MGMT TRAFFIC SERVER 192.168.56.11
>
> XEN 192.168.56.101
>
> POD SETTINGS 192.168.56.1 (21 - 30)
>
> PUBLIC TRAFFIC 172.30.0.(21 - 30 )
>
> Maybe something is wrong on the MGMT network ? but since i can ping IPs
> properly I suspect something more tricky.
>
> If someone could help me giving a look faulty parameters, I can'f figure
> out why my cluster and pod load as null value and make the next
> processes messy
>
> Thanks
>
>
> Xen hypervisor seems good regarding
> storage:10.10.100.11:/exports/primary/ on
> /run/sr-mount/3473326c-6813-97dc-fd85-9f221d59892f type nfs
>
> (rw,relatime,vers=3,rsize=131072,wsize=131072,namlen=255,acdirmin=0,acdirmax=0,soft,proto=tcp,timeo=100,retrans=12,sec=sys,mountaddr=10.10.100.11,mountvers=3,mountport=892,mountproto=tcp,local_lock=none,addr=10.10.100.11)
> 10.10.101.11:/exports/secondary on
> /var/cloud_mount/fb486192-aa16-30d2-9278-c5704f273389 type nfs4
>
> (rw,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,soft,proto=tcp,port=0,timeo=133,retrans=1,sec=sys,clientaddr=10.10.101.101,local_lock=none,addr=10.10.101.11)
>
>
>
>

-- 

Andrija Panić

Re: FRESH install Cloustack 4.11 CentOS7 XEN6.5 SECONDARY STORAGE 0.00KB (URGENT)

[Andrija Panic]

I assume a bit late (just a few months :)  - but for sake of other list
members - had exactly the same case, because of FIREWALL on CentOS 7

- dashboard shows ZERO capacity, since SSVM is NOT functional - because
agent inside SSVM could not connect to Management Server - because of
FIREWALL...
 - running ssvm.sh script reported BAD IP address of the Secondary Storage
inside VM - so make sure the agent is CONNECTED when viewing SSVM and CPVM
from Infrastructure --> System VMs...
- also CPVM was not working - again, because agent was not connected to
mgmt server..

Firewall can be properly fixed/configured (obviously), or you can try temp
workaround:
systemctl disable firewalld
systemctl stop firewalld

After that, disable Zone, destroy both CPVM and SSVM, Enable Zone, and wait
for SSVM and CPVM to be created and that agent connects (Agent State shows
UP in GUI)

Cheers
Andrija

On Fri, 23 Mar 2018 at 17:52, Dag Sonstebo 
wrote:

> Hi Olivier,
>
> Can you write to the NFS mount from SSVM? It could be you have it mounted
> OK, but ACLs and/or settings prevent you from actually reading/writing.
>
> Also keep in mind the NFS permissions you need to set
> (rw,async,no_root_squash,no_subtree_check) –  some pointers on
> http://docs.cloudstack.apache.org/projects/cloudstack-installation/en/4.11/management-server/index.html#using-a-separate-nfs-server
>
> Regards,
> Dag Sonstebo
> Cloud Architect
> ShapeBlue
>
> On 23/03/2018, 16:27, "Olivier GUIN"  wrote:
>
> Hi,
>
> I've a problem with secondary storage, in the dashboard it is 0.00KB .
>
> In the ssvm, when I launch ssvm.check  : This no nfs mount directory !
>
> root@s-2-VM:/usr/local/cloud/systemvm# ./ssvm-check.sh
> 
> First DNS server is  200.13.136.8
> PING 200.13.136.8 (200.13.136.8): 56 data bytes
> 64 bytes from 200.13.136.8: icmp_seq=0 ttl=63 time=2.566 ms
> 64 bytes from 200.13.136.8: icmp_seq=1 ttl=63 time=0.516 ms
> --- 200.13.136.8 ping statistics ---
> 2 packets transmitted, 2 packets received, 0% packet loss
> round-trip min/avg/max/stddev = 0.516/1.541/2.566/1.025 ms
> Good: Can ping DNS server
> 
> Good: DNS resolves cloudstack.apache.org
> 
> nfs is currently mounted
> 
> Management server is 172.16.1.5. Checking connectivity.
> ./ssvm-check.sh: line 121: warning: command substitution: ignored null
> byte in input
> Good: Can connect to management server port 8250
> 
> Good: Java process is running
> 
> Tests Complete. Look for ERROR or WARNING above.
>
> Can you help me to verify ssvm (Apache CloudStack SystemVM 4.11.0):
>
> eth0 => cloud_link_local_network  : 169.254.0.123
> eth1 => net-mgmt (managment) : IP OK ping server managment
> eth2 => net-public : IP public : ping 8.8.8.8 and ping www.google.com
> eth3 => net-storage : IP storage : ping nfs server
>
> My log :
>
> 2018-03-23 13:22:26,166 WARN [c.c.a.d.ParamGenericValidationWorker]
> (qtp1796488937-14:ctx-ad319378 ctx-45f67ed3) (logid:60b07a9b) Received
> unknown parameters for command listSystemVms. Unknown parameters :
> listall
> 2018-03-23 13:22:31,740 WARN [c.c.a.d.ParamGenericValidationWorker]
> (qtp1796488937-1691:ctx-95b8fcab ctx-d9892e7b) (logid:56afab29)
> Received
> unknown parameters for command listHosts. Unknown parameters : listall
> 2018-03-23 13:22:38,604 WARN [c.c.a.m.DirectAgentAttache]
> (DirectAgentCronJob-186:ctx-45bbd1b8) (logid:1e90d267) Unable to
> complete the ping task
>
> I don't undestand ...
>
> I use http://packages.shapeblue.com/cloudstack/upstream/centos7/4.11
> (yum.repos.d)
>
> I use this script to install, reinstall etc  :-)
>
> #!/bin/sh
> clear
> yum clean all
> yum update -y
> yum install cloudstack-management cloudstack-usage -y
> cd /opt/
> wget http://download.cloud.com.s3.amazonaws.com/tools/vhd-util
> mv vhd-util
> /usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver/
> chmod +x
> /usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver/vhd-util
> cloudstack-setup-databases cloud:Xx@localhost
> --deploy-as=root:Xxx
> cloudstack-setup-management
> rmdir /tmp/secondary
> mkdir /tmp/secondary
> mount -t nfs 172.16.6.3:/volume1/cs/secondary /tmp/secondary
>
> /usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt
>
> -m /tmp/secondary -u
>
> http://packages.shapeblue.com.s3-eu-west-1.amazonaws.com/systemvmtemplate/4.11/systemvmtemplate-4.11.0-xen.vhd.bz2
> -h xenserver
> umount /tmp/secondary/
> rmdir /tmp/secondary/
> tail -f 

Re: Host/cluster preference?

[Andrija Panic]

You could probably use dedication, i.e. dedicate first cluster to the ROOT
domain (or other domain where your accounts/users are), so all resources
(VMs actually) will be by default created on this cluster which is
dedicated to the domain.
Other cluster, you make public (i.e. NOT dedicated) - and test.
Based on that (at least HOST dedication - which I have been working with a
few times) - all VMs should be created on the dedicated hosts (cluster in
your case) but you can always (as cloud admin) migrate VMs away to another
cluster (well - live migration between cluster is officially NOT supported
completely - so better test that - I remember I have been able to migrate,
I believe USER VMs only, but not system VMs - or similar... (in 4.8 at
least)

If dedicated cluster is full, I assume VMs will continue to be created on
other non-dedicated hosts...

I'm not aware of other way to achieve your goal...

On Tue, 23 Oct 2018 at 20:31, Alexandre Bruyere 
wrote:

> Hello.
>
> In my current project, I would need to make Cloudstack have a strong
> preference for a host/cluster to be applied (specific scenario: hybrid
> cloud that would use local cluster as primary host, with emergency
> switchover to external cluster in case of issue).
>
> However, looking at the documentation I can find, I can only see that it is
> possible to make the allocators either prohibit hosts from hosting VMs, or
> have it choose among preferences.
>
> Aside from a hack by using the type preference (making the external cluster
> prefer to run a configuration which isn't running), is there any proper way
> to go around this?
>


-- 

Andrija Panić

Re: ACS 4.11.1.0 - agent.properties file became empty on a KVM host

[Andrija Panic]

Hi Andrei,

upgrading packages (it should defaults to keep your current configuration
file ?) will usually save a .rpmsave file. or dpkg-old (like you already
have it - I assume during last upgrade...)

Anyway, so far, whenever you restart agent, it will get overwritten again
with just plain configuration lines in some order (i.e. you can create
comments and so on, but it will completely get overwritten) -  I assume
something broke here (no use of assumptions obviously...) and config file
was not populated again.

Did you try to remove host from CloudStack and re-add it again from zero -
perhaps that would solve the problem?

Cheers



On Mon, 22 Oct 2018 at 15:42, Andrei Mikhailovsky 
wrote:

> Hi Gabriel,
>
> thanks for your reply. What you've suggested will create a default
> agent.properties file, which is no good. The agent will not connect to the
> server with the default agent.properties file for many reasons.
>
> I think I can recreate most of the file content by looking at the other
> agent.properties files. However, one thing that I am missing is the:
>
> keystore.passphrase=
>
> Where do I get the passphrase for the keystore file? is it stored
> somewhere in db of the management server or on the KVM host itself?
>
> Thanks
>
> - Original Message -
> > From: "Gabriel Beims Bräscher" 
> > To: "users" 
> > Sent: Monday, 22 October, 2018 13:54:32
> > Subject: Re: ACS 4.11.1.0 - agent.properties file became empty on a KVM
> host
>
> > Hi Andrei,
> >
> > When upgrading the CloudStack agent you can accept or refuse to change
> the
> > agent.properties. The default operation is to not change configuration
> > files.
> >
> > The agent service does not impact directly on the running VMs; thus, I
> > would suggest you remove the /etc/cloudstack/agent/agent.properties file,
> > uninstall the CloudStack agent service and reinstall it. I would also
> > suggest you keep a copy of /etc/cloudstack/ just to have a saved state of
> > your agent configurations before reinstalling and compare them if needed.
> >
> > Em seg, 22 de out de 2018 às 09:36, Andrei Mikhailovsky
> >  escreveu:
> >
> >> Hi
> >>
> >> I have an issue with one of the host servers. This issue is rather
> >> strange. Perhaps someone can help me with understanding how this
> happened
> >> and how to fix it.
> >>
> >> About 3 days ago one of the KVM host servers ran out of disk space on
> its
> >> root partition. I have fixed the issue and reconnected the agent by
> running
> >> 'service cloudstack-agent restart'.
> >>
> >> I've noticed that the host server is still showing Disconnected status
> in
> >> the web gui. The agent log files repeat the following 3 lines every 10
> or
> >> so seconds:
> >>
> >> 2018-10-22 12:50:54,339 INFO [cloud.agent.AgentShell] (main:null)
> (logid:)
> >> Agent started
> >> 2018-10-22 12:50:54,343 INFO [cloud.agent.AgentShell] (main:null)
> (logid:)
> >> Implementation Version is 4.11.1.0
> >> 2018-10-22 12:50:54,345 INFO [cloud.agent.AgentShell] (main:null)
> (logid:)
> >> agent.properties found at /etc/cloudstack/agent/agent.properties
> >>
> >>
> >> looking further revealed that the file is 0 bytes:
> >>
> >> -rw--- 1 root root 0 Oct 20 06:39 agent.properties
> >> -rwxr-xr-x 1 root root 8890 Jul 6 14:01 agent.properties.dpkg-dist
> >>
> >> Something has replaced the original agent.properties file. The
> >> creation/modification dates of the agent.properties file on other KVM
> host
> >> servers are all different (times and dates). As I always upgrade the
> host
> >> servers at the same time, this led me to believe that agent.properties
> file
> >> is automatically generated or modified by some script or service that is
> >> running on the host server or perhaps the modification is pushed from
> the
> >> management server to the agent.
> >>
> >> As the server is in the Disconnected state I can't migrate servers and
> >> virtual routers from that host server and I can't set it to Maintenance
> >> either.
> >>
> >> How do I manually force the creation / update of the agent.properties
> file
> >> on that host server? The challenge is that vms /vrs which are running on
> >> that host server are production servers and they should keep running
> >> without shutting down.
> >>
> >> Thanks for any tips/help.
> >>
> >> Andrei
>


-- 

Andrija Panić

Re: [VOTE] Apache CloudStack 4.11.2.0 RC3

[Andrija Panic]

Hi Rohit,

thanks for the input - I was hoping for similar to previous RC2 releases -
tag, so I can feed it easily (and lazy...) to my Jenkins... :)

Will see how to consume it this way, thanks.

Andrija

On Fri, 19 Oct 2018 at 20:42, Rohit Yadav  wrote:

> Hi Andrija,
>
>
> You can check using the commit ID:
>
>
> https://github.com/apache/cloudstack/commits/a8e53d0e9674028973c8f3a98a5a8ff15b24f5da
>
>
> The tag 4.11.2.0 will only be pushed once RC3 voting passes.
>
>
> - Rohit
>
> <https://cloudstack.apache.org>
>
>
>
> 
> From: Andrija Panic 
> Sent: Friday, October 19, 2018 10:54:08 PM
> To: dev
> Cc: Rene Moser; users
> Subject: Re: [VOTE] Apache CloudStack 4.11.2.0 RC3
>
> Hi all,
>
> Can someone point me to tag/release URL, last thing I see
> is 4.11.2.0-RC20181017T1751?
>
> https://github.com/apache/cloudstack/commits/4.11.2.0-RC20181017T1751
>
> Thx,
> Andrija
>
>
> On Thu, Oct 18, 2018, 13:52 Paul Angus  wrote:
>
> > Uggh cut and paste fail!
> >
> > Yes 26th October - end of next week. (I'm on annual leave next week).
> >
> >
> > Kind regards,
> >
> > Paul Angus
> >
> > paul.an...@shapeblue.com
> > www.shapeblue.com<http://www.shapeblue.com>
> > Amadeus House, Floral Street, London  WC2E 9DPUK
> > @shapeblue
> >
> >
> >
> >
> > -Original Message-
> > From: Rene Moser 
> > Sent: 18 October 2018 12:45
> > To: d...@cloudstack.apache.org; Paul Angus ;
> > users@cloudstack.apache.org
> > Subject: Re: [VOTE] Apache CloudStack 4.11.2.0 RC3
> >
> > On 10/18/2018 12:54 PM, Paul Angus wrote:
> > > The vote will be open until the middle of next week, 26th September
> 2018.
> > s/September/October/ right?
> >
>
> rohit.ya...@shapeblue.com
> www.shapeblue.com
> Amadeus House, Floral Street, London  WC2E 9DPUK
> @shapeblue
>
>
>
>

-- 

Andrija Panić

Re: [VOTE] Apache CloudStack 4.11.2.0 RC3

[Andrija Panic]

Hi all,

Can someone point me to tag/release URL, last thing I see
is 4.11.2.0-RC20181017T1751?

https://github.com/apache/cloudstack/commits/4.11.2.0-RC20181017T1751

Thx,
Andrija


On Thu, Oct 18, 2018, 13:52 Paul Angus  wrote:

> Uggh cut and paste fail!
>
> Yes 26th October - end of next week. (I'm on annual leave next week).
>
>
> Kind regards,
>
> Paul Angus
>
> paul.an...@shapeblue.com
> www.shapeblue.com
> Amadeus House, Floral Street, London  WC2E 9DPUK
> @shapeblue
>
>
>
>
> -Original Message-
> From: Rene Moser 
> Sent: 18 October 2018 12:45
> To: d...@cloudstack.apache.org; Paul Angus ;
> users@cloudstack.apache.org
> Subject: Re: [VOTE] Apache CloudStack 4.11.2.0 RC3
>
> On 10/18/2018 12:54 PM, Paul Angus wrote:
> > The vote will be open until the middle of next week, 26th September 2018.
> s/September/October/ right?
>

Re: Where to look when your SSVM creation NPE's?

[Andrija Panic]

Can you please make sure that the Agent is up and running - check agent
logs etc ?
This has nothing to do with "SSVM cant talk to Secondary Storage" (actually
this can be checked/tested with existing script from inside SSVM, once SSVM
has been started)

It might be capacity issue (though it's usually reported nicely) or perhaps
KVM host can't access Primary Storage.

You did preseed systemVM template as in the guide, right ?

Please share versions, as Simon suggested.

Thx

On Thu, 18 Oct 2018 at 22:15, Simon Weller  wrote:

> Jordan,
>
>
> Could you tell us a bit more about your setup?
>
> Hypervisor Type? Network design (basic or advanced)? Primary storage type?
> CloudStack version? OS being used?
>
> - Si
> 
> From: Jordan Michaels 
> Sent: Thursday, October 18, 2018 2:26 PM
> To: users
> Subject: Where to look when your SSVM creation NPE's?
>
> Hi Folks,
>
> I've added a host to the CloudStack Management server but now I'm getting
> NPE's when the Management server tries to create the System VM's:
>
> 2018-10-18 06:20:26,052 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
> (Work-Job-Executor-40:ctx-ac017e0e job-1248/job-1621) (logid:b6f3dd96) Done
> executing com.cloud.vm.VmWorkStart for job-1621
> 2018-10-18 06:20:26,054 INFO  [o.a.c.f.j.i.AsyncJobMonitor]
> (Work-Job-Executor-40:ctx-ac017e0e job-1248/job-1621) (logid:b6f3dd96)
> Remove job-1621 from job monitoring
> 2018-10-18 06:20:26,073 WARN  [o.a.c.s.SecondaryStorageManagerImpl]
> (secstorage-1:ctx-70aba7ab) (logid:f3c51c51) Exception while trying to
> start secondary storage vm
> java.lang.NullPointerException
> at
> com.cloud.network.guru.DirectPodBasedNetworkGuru$2.doInTransactionWithoutResult(DirectPodBasedNetworkGuru.java:183)
> at
> com.cloud.utils.db.TransactionCallbackWithExceptionNoReturn.doInTransaction(TransactionCallbackWithExceptionNoReturn.java:25)
> at
> com.cloud.utils.db.TransactionCallbackWithExceptionNoReturn.doInTransaction(TransactionCallbackWithExceptionNoReturn.java:21)
> at com.cloud.utils.db.Transaction.execute(Transaction.java:40)
> at
> com.cloud.network.guru.DirectPodBasedNetworkGuru.getIp(DirectPodBasedNetworkGuru.java:173)
> at
> com.cloud.network.guru.DirectPodBasedNetworkGuru.reserve(DirectPodBasedNetworkGuru.java:161)
> at
> org.apache.cloudstack.engine.orchestration.NetworkOrchestrator.prepareNic(NetworkOrchestrator.java:1594)
> at
> org.apache.cloudstack.engine.orchestration.NetworkOrchestrator.prepare(NetworkOrchestrator.java:1565)
> at
> com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:)
> at
> com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:4930)
> at sun.reflect.GeneratedMethodAccessor155.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> com.cloud.vm.VmWorkJobHandlerProxy.handleVmWorkJob(VmWorkJobHandlerProxy.java:107)
> at
> com.cloud.vm.VirtualMachineManagerImpl.handleVmWorkJob(VirtualMachineManagerImpl.java:5093)
> at
> com.cloud.vm.VmWorkJobDispatcher.runJob(VmWorkJobDispatcher.java:102)
> at
> org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:581)
> at
> org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
> at
> org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
> at
> org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:529)
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> 2018-10-18 06:20:26,076 INFO  [o.a.c.s.SecondaryStorageManagerImpl]
> (secstorage-1:ctx-70aba7ab) (logid:f3c51c51) Unable to start secondary
> storage vm for standby capacity, vm id : 346, will recycle it and start a
> new one
> 2018-10-18 06:20:26,076 DEBUG [c.c.a.SecondaryStorageVmAlertAdapter]
> (secstorage-1:ctx-70aba7ab) (logid:f3c51c51) received secondary storage vm
> alert
> 2018-10-18 06:20:26,076 DEBUG [c.c.a.SecondaryStorageVmAlertAdapter]
> 

Re: Problems configuring KVM host

[Andrija Panic]

; > I am looking forward to an updated guide if you do get to it, though
> >> (the
> >> > thought is much appreciated).
> >> > -
> >> > KVM host configurations:
> >> > Starting point: CentOS 6.10 Minimal Install
> >> >
> >> > ifcfg-eth0
> >> >
> >> > DEVICE=eth0
> >> > HWADDR=[Redacted for readability]
> >> > TYPE=Ethernet
> >> > UUID=[Redacted for readability]
> >> > ONBOOT=yes
> >> > NM_CONTROLLED=no
> >> > BOOTPROTO=none
> >> > IPADDR=204.168.1.51
> >> > NETMASK=255.255.255.0
> >> > GATEWAY=204.168.1.1
> >> > DNS1=192.168.101.1
> >> >
> >> > SELinux was set to permissive
> >> >
> >> > NTP was installed
> >> >
> >> > Community package repository was used:
> >> >
> >> > cloudstack.repo
> >> >
> >> > [cloudstack]
> >> > name=cloudstack
> >> > baseurl=http://download.cloudstack.org/centos/6/4.11/
> >> > enabled=1
> >> > gpgcheck=0
> >> >
> >> >
> >> > Modified qemu.conf to enable vnc_listen on 0.0.0.0
> >> >
> >> > Libvrtd.conf had several lines altered as per the tutorial:
> >> > listen_tls = 0
> >> > listen_tcp = 1
> >> > tcp_port = "16059"
> >> > auth_tcp = "none"
> >> > mdns_adv = 0
> >> >
> >> > Uncommented LIBVIRTD_ARGS in /etc/sysconfig/libvirtd
> >> >
> >> > -
> >> > Zone config:
> >> >
> >> > Name: CSTestZone
> >> > Network Type: Basic
> >> > Public: Yes
> >> > DNS 1: 192.168.101.1
> >> > Internal DNS 1: 192.168.101.1
> >> > Guest Network KVM traffic label: 204.168.1.0/24
> >> > Management Network KVM traffic label: 204.168.1.0/24
> >> >
> >> > -
> >> > And for good measure, here's the error that the management server
> throws
> >> > when I try adding the host (thanks for the path to the logs!)
> >> >
> >> > 2018-10-17 13:41:59,867 WARN  [c.c.h.k.d.LibvirtServerDiscoverer]
> >> > (qtp1386767190-15:ctx-0e54785c ctx-ee01f7ae) (logid:1a5a07f0)  can't
> >> setup
> >> > agent, due to com.cloud.utils.exception.CloudRuntimeException: Failed
> to
> >> > setup keystore on the KVM host: 204.168.1.51 - Failed to setup
> keystore
> >> on
> >> > the KVM host: 204.168.1.51
> >> > 2018-10-17 13:41:59,868 WARN  [c.c.r.ResourceManagerImpl]
> >> > (qtp1386767190-15:ctx-0e54785c ctx-ee01f7ae) (logid:1a5a07f0) Unable
> to
> >> > find the server resources at http://204.168.1.51
> >> > 2018-10-17 13:41:59,868 INFO  [c.c.u.e.CSExceptionErrorCode]
> >> > (qtp1386767190-15:ctx-0e54785c ctx-ee01f7ae) (logid:1a5a07f0) Could
> not
> >> > find exception: com.cloud.exception.DiscoveryException in error code
> >> list
> >> > for exceptions
> >> > 2018-10-17 13:41:59,868 WARN  [o.a.c.a.c.a.h.AddHostCmd]
> >> > (qtp1386767190-15:ctx-0e54785c ctx-ee01f7ae) (logid:1a5a07f0)
> Exception:
> >> > com.cloud.exception.DiscoveryException: Unable to add the host
> >> > at
> >> >
> >>
> com.cloud.resource.ResourceManagerImpl.discoverHostsFull(ResourceManagerImpl.java:820)
> >> > at
> >> >
> >>
> com.cloud.resource.ResourceManagerImpl.discoverHosts(ResourceManagerImpl.java:606)
> >> >
> >> >
> >> > ---
> >> > To Simon:
> >> > Fully plan on migrating to CentOS 7.x or Ubuntu Server LTS - this is
> >> > merely a test to see if the behavior of Cloudstack is adequate for the
> >> > project. As Andrija mentioned, the tutorial makes use of CentOS 6.x,
> and
> >> > that's what I'm going to until it works, because from experience it's
> >> > *never* a good idea to start changing things up without understanding
> >> how
> >> > and why software works. Though admittedly that's hypocritical because
> >> the
> >> > guide did make use of the management server as a host as well...
> >> >
> >> > On Wed, Oct 17, 2018 at 12:22 PM Andrija Panic <
> andrija.pa...@gmail.com
> >> >
> >> > wrote:
> >> >
> >> >> Well, the guide (Quick guide) is targeting CentOS 6.8 AFAIK, I will

Re: Problems configuring KVM host

[Andrija Panic]

  at
> >
> com.cloud.resource.ResourceManagerImpl.discoverHostsFull(ResourceManagerImpl.java:820)
> > at
> >
> com.cloud.resource.ResourceManagerImpl.discoverHosts(ResourceManagerImpl.java:606)
> >
> >
> > ---
> > To Simon:
> > Fully plan on migrating to CentOS 7.x or Ubuntu Server LTS - this is
> > merely a test to see if the behavior of Cloudstack is adequate for the
> > project. As Andrija mentioned, the tutorial makes use of CentOS 6.x, and
> > that's what I'm going to until it works, because from experience it's
> > *never* a good idea to start changing things up without understanding how
> > and why software works. Though admittedly that's hypocritical because the
> > guide did make use of the management server as a host as well...
> >
> > On Wed, Oct 17, 2018 at 12:22 PM Andrija Panic 
> > wrote:
> >
> >> Well, the guide (Quick guide) is targeting CentOS 6.8 AFAIK, I will see
> if
> >> I have some time to update that to CentOS 7 in near future - if that
> makes
> >> sense ?
> >>
> >> On Wed, 17 Oct 2018 at 17:56, Simon Weller 
> >> wrote:
> >>
> >> > In addition to Andrija's comments below, I'd recommend you use Centos
> >> 7.x
> >> > rather than 6.x, as  Centos/RHEL development is targeted towards that
> >> > release now and has been for a couple of years.
> >> >
> >> >
> >> > - Si
> >> >
> >> > 
> >> > From: Andrija Panic 
> >> > Sent: Wednesday, October 17, 2018 10:51 AM
> >> > To: users
> >> > Subject: Re: Problems configuring KVM host
> >> >
> >> > Hi Alexandre,
> >> >
> >> > irrelevant to your explanation above (which is good, to understand
> whole
> >> > setup!), there is something with network configuration on the Zone
> >> level, I
> >> > assume, per the message from the script:
> >> >
> >> >
> >>
> https://github.com/apache/cloudstack/blob/master/agent/bindir/cloud-setup-agent.in#L76
> >> >
> >> >
> >> > Above is an quick-installation link that you followed (all fine! and
> you
> >> > move MGMT to separate server), but that article it has external links
> to
> >> > how to configure KVM host networking - so we don't know how did you
> >> > configure it. In general, the NIC configuration (from the quick guide)
> >> > should be modified so that NIC is part of the BRIDGE (IP parameters
> you
> >> can
> >> > move from NIC to Bridge or not, it should not be relevant for this
> >> sample
> >> > setup) - and make sure that this bridge is defined as the "KVM traffic
> >> > label" while you configured your Zone for probably both the Management
> >> and
> >> > the Guest Network (you can also edit already existing zone - disable
> >> zone,
> >> > edit Guest and Management network (inside physical network, inside
> >> zone) to
> >> > define new KVM traffic label and finally enable zone).
> >> >
> >> > Anyway, please post configuration that you applied on KVM host and
> Zone
> >> > level - since it seems that setup-agent script don't know what bridge
> to
> >> > use for Management and Guest traffic.
> >> > Btw, Management server logs are located
> >> > here: /var/log/cloudstack/management/management-server.log (on the
> >> > management server, obviously :) )
> >> >
> >> > Cheers
> >> >
> >> > On Wed, 17 Oct 2018 at 16:27, Alexandre Bruyere <
> >> > bruyere.alexan...@gmail.com>
> >> > wrote:
> >> >
> >> > > Hello.
> >> > >
> >> > > I'm trying to set up a small Cloudstack setup on a test bench, but
> I'm
> >> > > having issues getting the host/agent running properly.
> >> > >
> >> > > First, here's the configuration of the test bench:
> >> > >
> >> > > Server #1:
> >> > > Hardware - Two active NICs: one that goes out to the company's
> network
> >> > > (we'll call it Outer), the other into a switch on the bench (into a
> >> > private
> >> > > subnet that we'll call Inner). HP Proliant DG380 G5 (2x quad-core
> >> Intel
> >> > > Xeon - they do not support nested virtualization, 6GB RAM, HP P400
> >> RAID
> &g

Re: Problems configuring KVM host

[Andrija Panic]

Well, the guide (Quick guide) is targeting CentOS 6.8 AFAIK, I will see if
I have some time to update that to CentOS 7 in near future - if that makes
sense ?

On Wed, 17 Oct 2018 at 17:56, Simon Weller  wrote:

> In addition to Andrija's comments below, I'd recommend you use Centos 7.x
> rather than 6.x, as  Centos/RHEL development is targeted towards that
> release now and has been for a couple of years.
>
>
> - Si
>
> ________
> From: Andrija Panic 
> Sent: Wednesday, October 17, 2018 10:51 AM
> To: users
> Subject: Re: Problems configuring KVM host
>
> Hi Alexandre,
>
> irrelevant to your explanation above (which is good, to understand whole
> setup!), there is something with network configuration on the Zone level, I
> assume, per the message from the script:
>
> https://github.com/apache/cloudstack/blob/master/agent/bindir/cloud-setup-agent.in#L76
>
>
> Above is an quick-installation link that you followed (all fine! and you
> move MGMT to separate server), but that article it has external links to
> how to configure KVM host networking - so we don't know how did you
> configure it. In general, the NIC configuration (from the quick guide)
> should be modified so that NIC is part of the BRIDGE (IP parameters you can
> move from NIC to Bridge or not, it should not be relevant for this sample
> setup) - and make sure that this bridge is defined as the "KVM traffic
> label" while you configured your Zone for probably both the Management and
> the Guest Network (you can also edit already existing zone - disable zone,
> edit Guest and Management network (inside physical network, inside zone) to
> define new KVM traffic label and finally enable zone).
>
> Anyway, please post configuration that you applied on KVM host and Zone
> level - since it seems that setup-agent script don't know what bridge to
> use for Management and Guest traffic.
> Btw, Management server logs are located
> here: /var/log/cloudstack/management/management-server.log (on the
> management server, obviously :) )
>
> Cheers
>
> On Wed, 17 Oct 2018 at 16:27, Alexandre Bruyere <
> bruyere.alexan...@gmail.com>
> wrote:
>
> > Hello.
> >
> > I'm trying to set up a small Cloudstack setup on a test bench, but I'm
> > having issues getting the host/agent running properly.
> >
> > First, here's the configuration of the test bench:
> >
> > Server #1:
> > Hardware - Two active NICs: one that goes out to the company's network
> > (we'll call it Outer), the other into a switch on the bench (into a
> private
> > subnet that we'll call Inner). HP Proliant DG380 G5 (2x quad-core Intel
> > Xeon - they do not support nested virtualization, 6GB RAM, HP P400 RAID
> > controller running a single SATA HDD)
> > Software: ESXi 5.5. Two virtual routers, one for each NIC. Two virtual
> > machines: an Ubuntu VM that acts as a NAT router and bridge between Inner
> > and Outer (we'll call it RT), and a Cloudstack management server
> > (functional, we'll call it CSMan) connected to Inner.
> >
> > Server #2:
> > Hardware: One active NIC on Inner. Same hardware as Server #1 except it
> is
> > using a single SAS drive.
> > Software: CentOS 6.10 KVM host configured as per the "KVM Setup and
> > Installation" section of this guide:
> >
> >
> https://cloudstack-documentation.readthedocs.io/en/4.11.1.0/quickinstallationguide/qig.html
> > . NIC is configured with a static Inner IP, gateway is RT, DNS servers
> are
> > the company's.
> >
> > Switch: Completely unconfigured Netgear 24-port switch. On the Inner
> > network, there is no DHCP or DNS setup (as the guide I used specifically
> > says to not add one for the purposes of this setup)
> >
> > Laptop: Simple laptop, Windows 10, configured with an address on Outer,
> > default gateway is RT. Connects to Server #1 via the vSphere client using
> > an Outer address, connects to the VMs and Server #2 via PuTTY using an
> > Inner address
> >
> >
> > Now onto the problem:
> > CSMan simply fails to add the host, and I can't find any information on
> why
> > that is (can't find logs). Server #2, on the other hand, fails to
> complete
> > the cloudstack-setup-agent command, returning the error "Failed to get
> > default route. Please configure your network ot have a default route."
> >
> > Searching the issue only returns a few mail threads that failed to help,
> > and searching the error only returns installation guides and what appears
> > to be the source for Cloudstack.
> >
> > Where should I start to even troubleshoot the issue?
> >
> > Thank you very much for your help.
> >
>
>
> --
>
> Andrija Panić
>


-- 

Andrija Panić

Re: Problems configuring KVM host

[Andrija Panic]

Hi Alexandre,

irrelevant to your explanation above (which is good, to understand whole
setup!), there is something with network configuration on the Zone level, I
assume, per the message from the script:
https://github.com/apache/cloudstack/blob/master/agent/bindir/cloud-setup-agent.in#L76


Above is an quick-installation link that you followed (all fine! and you
move MGMT to separate server), but that article it has external links to
how to configure KVM host networking - so we don't know how did you
configure it. In general, the NIC configuration (from the quick guide)
should be modified so that NIC is part of the BRIDGE (IP parameters you can
move from NIC to Bridge or not, it should not be relevant for this sample
setup) - and make sure that this bridge is defined as the "KVM traffic
label" while you configured your Zone for probably both the Management and
the Guest Network (you can also edit already existing zone - disable zone,
edit Guest and Management network (inside physical network, inside zone) to
define new KVM traffic label and finally enable zone).

Anyway, please post configuration that you applied on KVM host and Zone
level - since it seems that setup-agent script don't know what bridge to
use for Management and Guest traffic.
Btw, Management server logs are located
here: /var/log/cloudstack/management/management-server.log (on the
management server, obviously :) )

Cheers

On Wed, 17 Oct 2018 at 16:27, Alexandre Bruyere 
wrote:

> Hello.
>
> I'm trying to set up a small Cloudstack setup on a test bench, but I'm
> having issues getting the host/agent running properly.
>
> First, here's the configuration of the test bench:
>
> Server #1:
> Hardware - Two active NICs: one that goes out to the company's network
> (we'll call it Outer), the other into a switch on the bench (into a private
> subnet that we'll call Inner). HP Proliant DG380 G5 (2x quad-core Intel
> Xeon - they do not support nested virtualization, 6GB RAM, HP P400 RAID
> controller running a single SATA HDD)
> Software: ESXi 5.5. Two virtual routers, one for each NIC. Two virtual
> machines: an Ubuntu VM that acts as a NAT router and bridge between Inner
> and Outer (we'll call it RT), and a Cloudstack management server
> (functional, we'll call it CSMan) connected to Inner.
>
> Server #2:
> Hardware: One active NIC on Inner. Same hardware as Server #1 except it is
> using a single SAS drive.
> Software: CentOS 6.10 KVM host configured as per the "KVM Setup and
> Installation" section of this guide:
>
> https://cloudstack-documentation.readthedocs.io/en/4.11.1.0/quickinstallationguide/qig.html
> . NIC is configured with a static Inner IP, gateway is RT, DNS servers are
> the company's.
>
> Switch: Completely unconfigured Netgear 24-port switch. On the Inner
> network, there is no DHCP or DNS setup (as the guide I used specifically
> says to not add one for the purposes of this setup)
>
> Laptop: Simple laptop, Windows 10, configured with an address on Outer,
> default gateway is RT. Connects to Server #1 via the vSphere client using
> an Outer address, connects to the VMs and Server #2 via PuTTY using an
> Inner address
>
>
> Now onto the problem:
> CSMan simply fails to add the host, and I can't find any information on why
> that is (can't find logs). Server #2, on the other hand, fails to complete
> the cloudstack-setup-agent command, returning the error "Failed to get
> default route. Please configure your network ot have a default route."
>
> Searching the issue only returns a few mail threads that failed to help,
> and searching the error only returns installation guides and what appears
> to be the source for Cloudstack.
>
> Where should I start to even troubleshoot the issue?
>
> Thank you very much for your help.
>


-- 

Andrija Panić

Re: TAP/SPAN...

[Andrija Panic]

Any changes inside VR are not persistent, so next restart - you loose all
customisation. Now, if that VR rules works, you COULD technically pull some
magic with Jenkins job and some python scripting to connect to the VR and
determine if needed rules are in place, and if not, to aplly them...(some
of my colleagues done that long time ago...) but it's a messy solution and
not really recommend.

Cheers





On Fri, Oct 12, 2018, 22:19 David Merrill  wrote:

> I'd hoped I could simply "mirror the VLAN" to a specific interface on the
> switch, but Dell Support says I cannot pull this off with the switches we
> have in place.
>
> So, I'm back to considering mucking with the client's virtual router.
>
> What this site suggests:
>
>  *
> https://networkhop.wordpress.com/2016/04/27/port-mirroring-with-iptables/
>
> seems reasonable (in principle):
>
>  iptables -t mangle -I PREROUTING -j TEE –gateway a.b.c.d
>  iptables -t mangle -I POSTROUTING -j TEE –gateway a.b.c.d
>
> and easy enough to undo (in principle).
>
> Downsides include:
>
>  1. Overhead associated with duplicating packets
>  2. Redoing it should the router need to be recreated (presuming that any
> edits wouldn't stick).
>
> Surely I can't be the only one to have considered doing something like
> this, maybe folks run some a 3rd-party virtual appliance to get this kind
> of thing done?
>
> David Merrill
> Senior Systems Engineer,
> Managed and Private/Hybrid Cloud Services
> OTELCO
> 92 Oak Street, Portland ME 04101
> office 207.772.5678 
> www.otelco.com /business/managed-services
>
> On 9/28/18, 3:09 PM, "Simon Weller"  wrote:
>
> David,
>
> So I assume the customer is in an isolated network between the VR and
> their VMs?
>
> If so, just SPAN that vlan to another port on your switch and tap it
> there.
> 
> From: David Merrill 
> Sent: Friday, September 28, 2018 2:01 PM
> To: users@cloudstack.apache.org
> Subject: Re: TAP/SPAN...
>
> XenServer 6.5
>
> Thanks,
> David
>
> David Merrill
> Senior Systems Engineer,
> Managed and Private/Hybrid Cloud Services
> OTELCO
> 92 Oak Street, Portland ME 04101
> office 207.772.5678 
> www.otelco.com  >/business/managed-services
>
>
>
> Confidentiality Message
> The information contained in this e-mail transmission may be
> confidential and legally privileged. If you are not the intended recipient,
> you are notified that any dissemination, distribution, copying or other use
> of this information, including attachments, is prohibited. If you received
> this message in error, please call me at 207.772.5678 
> so this error can be corrected.
>
>
> On 9/28/18, 2:54 PM, "Simon Weller"  wrote:
>
> What hypervisor are you using?
>
>
> If you're using KVM, you could add a vlan VIF into the bridge in
> question and then dump that traffic somewhere via a replicated span on your
> switch.
>
>
> -  Si
>
>
> 
> From: David Merrill 
> Sent: Friday, September 28, 2018 1:47 PM
> To: users@cloudstack.apache.org
> Subject: TAP/SPAN...
>
> We’ve got a client who would like to ship a copy of all packets
> that pass through their virtual router to an appliance (that we’d place on
> their VLAN).
>
> I’ve searched a bit (I’d hoped to see some mention of it in the
> users list) and haven’t found specific references to TAP/SPAN related to
> CloudStack, is there a convention for such things? I’m a (tiny) little out
> of my depth, is this the kind of thing that I might find (if it existed)
> here:
>
>   *
> http://docs.cloudstack.apache.org/en/4.11.1.0/adminguide/networking.html?highlight=network%20service%20providers
>
> At the very least is something like this (a kind of roll-your-own
> SPAN) possible on the virtual router?
>
>   *
> https://networkhop.wordpress.com/2016/04/27/port-mirroring-with-iptables/
>
> I wish this had come up at the collab  in Montreal (having JUST
> been there earlier this week), but so it goes.
>
> Thanks for any consideration/feedback,
> David
>
> David Merrill
> Senior Systems Engineer,
> Managed and Private/Hybrid Cloud Services
> OTELCO
> 92 Oak Street, Portland ME 04101
> office 207.772.5678
> www.otelco.com/business/managed-services
>
>
>
>
>
>

Re: System VM version - CS 4.11.1

[Andrija Panic]

Yes, all of these have to be system type - good that you solved the issue :)

On Sat, Oct 13, 2018, 05:07 Grégoire Lamodière  wrote:

> Hi Andrija,
>
> Yes, they both have the proper name (systemvm-kvm-4.11.1 and
> systemvm-xenserver-4.11.1).
> The only thing that made it working was to change the type of Xen Template.
>
> Cheers
> Grégoire
>
> -Message d'origine-
> De : Andrija Panic [mailto:andrija.pa...@gmail.com]
> Envoyé : vendredi 12 octobre 2018 20:48
> À : users 
> Objet : Re: System VM version - CS 4.11.1
>
> Hi,
>
> check the global variables router.template.kvm and
> router.template.xenserver they should have the value of the exact name
> of the new systemVM templates as you registered them...
>
> Let us know if this fixes the issue.
> MGMT server will need to be restarted...
>
> Cheers
> Andrija
>
> On Fri, 12 Oct 2018 at 19:32, Grégoire Lamodière 
> wrote:
>
> > Ok, I reply to myself.
> > I think there is something to check about this on the way CS handle
> > template choice on systemvm templates creation.
> >
> > Both 4.11.1 KVM and Xen templates have been registered with UI.
> > The KVM one is typed "SYSTEM", and the XEN "USER".
> >
> > So when systemvm were created, they were using old template on Xen.
> >
> > This points me to the following questions :
> >
> > 1/ Is it a systemvm issue (should not check the type when selecting
> > the template ?) 2/ Or is it a template registration issue - only set
> > SYSTEM to the first one, or KVM one, and not the second / Xen
> >
> > I think someone else already wrote the same workarround on this list
> > (UPDATE DB SET type='SYSTEM')
> >
> > Cheers.
> >
> > Grégoire
> >
> > -Message d'origine-
> > De : Grégoire Lamodière [mailto:g.lamodi...@dimsi.fr] Envoyé :
> > vendredi 12 octobre 2018 18:31 À : users@cloudstack.apache.org Objet :
> > System VM version - CS 4.11.1
> >
> > Hi All,
> >
> > I have a strange behavior on a CS 4.11.1 deployment (upgraded from
> > 4.11.0)
> >
> > This deployment has a mixed cluster (KVM / CXP-NG 7.4).
> > Both systemvm templates (KVM / XEN) have been deployed with proper URL
> >
> > When systemvm are on one KVM host, they report proper version.
> > On XCP, they report 4.11.0
> >
> > I check on a virtual router (/etc/cloudstack-release) and it reports
> > 4.11.0.
> > On the vr start, it shows 4.11.1
> >
> > And if I try the « upgrade router » from UI, it breaks the vr.
> >
> > I will check the source to understand the init process and try to
> > understand what is happening.
> >
> > Anyone already got this issue ?
> >
> > Cheers
> >
> > Grégoire
> >
>
>
> --
>
> Andrija Panić
>

Re: System VM version - CS 4.11.1

[Andrija Panic]

Hi,

check the global variables router.template.kvm and
router.template.xenserver they should have the value of the exact name
of the new systemVM templates as you registered them...

Let us know if this fixes the issue.
MGMT server will need to be restarted...

Cheers
Andrija

On Fri, 12 Oct 2018 at 19:32, Grégoire Lamodière 
wrote:

> Ok, I reply to myself.
> I think there is something to check about this on the way CS handle
> template choice on systemvm templates creation.
>
> Both 4.11.1 KVM and Xen templates have been registered with UI.
> The KVM one is typed "SYSTEM", and the XEN "USER".
>
> So when systemvm were created, they were using old template on Xen.
>
> This points me to the following questions :
>
> 1/ Is it a systemvm issue (should not check the type when selecting the
> template ?)
> 2/ Or is it a template registration issue - only set SYSTEM to the first
> one, or KVM one, and not the second / Xen
>
> I think someone else already wrote the same workarround on this list
> (UPDATE DB SET type='SYSTEM')
>
> Cheers.
>
> Grégoire
>
> -Message d'origine-
> De : Grégoire Lamodière [mailto:g.lamodi...@dimsi.fr]
> Envoyé : vendredi 12 octobre 2018 18:31
> À : users@cloudstack.apache.org
> Objet : System VM version - CS 4.11.1
>
> Hi All,
>
> I have a strange behavior on a CS 4.11.1 deployment (upgraded from 4.11.0)
>
> This deployment has a mixed cluster (KVM / CXP-NG 7.4).
> Both systemvm templates (KVM / XEN) have been deployed with proper URL
>
> When systemvm are on one KVM host, they report proper version.
> On XCP, they report 4.11.0
>
> I check on a virtual router (/etc/cloudstack-release) and it reports
> 4.11.0.
> On the vr start, it shows 4.11.1
>
> And if I try the « upgrade router » from UI, it breaks the vr.
>
> I will check the source to understand the init process and try to
> understand what is happening.
>
> Anyone already got this issue ?
>
> Cheers
>
> Grégoire
>


-- 

Andrija Panić

Re: Network "restart required - yes"

[Andrija Panic]

Thx Rohit!

On Wed, Oct 3, 2018, 14:27 Rohit Yadav  wrote:

> Hi Andrija,
>
>
> Since you're running an older ACS 4.8.x version, the rolling restart VPC
> code does not apply for you. Performing restart of a vpc network (tier, and
> when cleanup is not selected) will not restart the VPC VR but only re-apply
> the networking rules.
>
>
> When due to a failed shutdown of network elements or failed restart
> attempt, the VPC fails to restart, the restart_required column in vpc table
> is marked as true. This is the relevant code wrt 4.8:
>
>
> https://github.com/apache/cloudstack/blob/4.8/server/src/com/cloud/network/vpc/VpcManagerImpl.java#L1553
>
>
> It's possible that the restart flag in API response and UI is not actually
> *necessary*, this is just a presentational issue for users to perform an
> action when any past action may have failed.
>
>
> - Rohit
>
> <https://cloudstack.apache.org>
>
>
>
> 
> From: Andrija Panic 
> Sent: Wednesday, September 19, 2018 8:56:51 PM
> To: users
> Subject: Re: Network "restart required - yes"
>
> Well, not recent at all, and no issues so far update was done a few
> months, and as I stated above, from DB I got all VRs reported to be running
> 4.6.0 version - I assume DB is populated dynamically as VR reports the
> version to MGMT server
>
> Need to think...
>
>
> rohit.ya...@shapeblue.com
> www.shapeblue.com
> Amadeus House, Floral Street, London  WC2E 9DPUK
> @shapeblue
>
>
>
> On Wed, 19 Sep 2018 at 15:43, Simon Weller 
> wrote:
>
> > Without digging into the code, I believe that the VR reports the version
> > and it's matched against the min version. i'm not sure what happens if
> the
> > version is not reported at all.
> >
> > Is this recent and have you updated the system QCOW2 or systemvm.iso
> > recently? And if so, did you rebuild the rpms, or manually place the
> image
> > or iso?
> >
> >
> > - Si
> >
> > 
> > From: Andrija Panic 
> > Sent: Wednesday, September 19, 2018 8:35 AM
> > To: users
> > Subject: Re: Network "restart required - yes"
> >
> > Just did some SQL - only 19 networks in this state (requires restart...),
> > so a few of VPCs
> >
> > Minimum template version ss 4.6.0 (we run acs 4.8.x)
> >
> > and just checked all VRs from DB, did SQL, all existing routers are on
> this
> > version (4.6.0)
> >
> > Hm...
> >
> >
> > On Wed, 19 Sep 2018 at 15:02, Simon Weller 
> > wrote:
> >
> > > Andrija,
> > >
> > >
> > > Is this isolated to that particular VPC, or is this across the entire
> > > zone? What's the minreq.sysvmtemplate.version global set to?
> > >
> > >
> > > - Si
> > >
> > > 
> > > From: Andrija Panic 
> > > Sent: Wednesday, September 19, 2018 7:55 AM
> > > To: users
> > > Subject: Re: Network "restart required - yes"
> > >
> > > Actually, its the filed called "Restart required" - check here:
> > > https://pasteboard.co/HEBUmB0.png
> > >
> > > you go to inside VPC, click on network, and there it is...
> > >
> > >
> > > Thanks !
> > >
> > > On Wed, 19 Sep 2018 at 14:42, Rafael Weingärtner <
> > > rafaelweingart...@gmail.com> wrote:
> > >
> > > > Where is this appearing? In the network 'state' field?
> > > >
> > > > On Wed, Sep 19, 2018 at 9:28 AM, Andrija Panic <
> > andrija.pa...@gmail.com>
> > > > wrote:
> > > >
> > > > > Hi all,
> > > > >
> > > > > does anyone know it means when on the Network tab (this is VPC
> > network)
> > > > it
> > > > > says "Restart Required - yes" ?
> > > > >  (the VR is using latest, up-to-date template just FYI).
> > > > >
> > > > > Thanks,
> > > > >
> > > > > --
> > > > >
> > > > > Andrija Panić
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Rafael Weingärtner
> > > >
> > >
> > >
> > > --
> > >
> > > Andrija Panić
> > >
> >
> >
> > --
> >
> > Andrija Panić
> >
>
>
> --
>
> Andrija Panić
>

Re: Disk controller type

[Andrija Panic]

Hi Adam,

Glad you solved the problem! But I need to say this work sounds "crazy" in
a sense that this is not (per my knowledge) how it should be done
"properly".

Im wondering if this is something in 4.11 that makes you make such
workaround...

Anyway, glad you worked it out.

Cheers

On Wed, Sep 26, 2018, 04:39 Adam Witwicki  wrote:

> Ok Guys, I have cracked it - this is for 4.11 but should work on most
> versions
>
> To change the controller type of an existing  windows 2012 and 2016 server
> from IDE ATA to virtio  do the following
>
>
> On the Host
>
> Create an empty disk
> dd if=/dev/zero of=/home/user/blank.img bs=1M count=4096
>
> Create a device xml file for a virtio disk
> /home/user/virtodisk.xml with the following contains
>
> 
>   
>   
>   
>   
>   
>   
>   
>
> Attach this disk to the running VM
>
> Virsh
> attach-device  /home/user/virtodisk.xml
> exit
>
> insert the Virtio Driver iso and install drivers on VM
>
> Shutdown VM using cloudstack control (stop instance)
>
> Add the following to the “user_vm_detail” table in the database, where XXX
> is the 3 digits in the internal VM name i-83-XXX-VM
>
> INSERT INTO `user_vm_details` (`vm_id`, `name`, `value`, `display`) VALUES
> (xxx, 'rootDiskController', 'virtio', 1);
>
> Start the VM and all is good
>
>
> Thanks for everyone's help and suggestions
>
> Adam
>
>
> -Original Message-
> From: Andrija Panic 
> Sent: 21 September 2018 16:50
> To: users 
> Subject: Re: Disk controller type
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> Or in other words, again based on ACS 4.8, simply use Windows PV as the OS
> type, but make sure that you have a clean driver install process in your
> head - if install windows from zero - that is simple, just detach
> win.iso,attach virtidrivers ISO file and load scsi drivers... later install
> network Virtio etc :)
>
> But if converting existing IDE version of Windows, make some tests with
> /detecthal to avoid long downtime :)
>
> On Fri, Sep 21, 2018, 16:14 Simon Weller  wrote:
>
> > Your two options are virtio blk or virtio-scsi. If your imported VM
> > doesn't have the correct controller specified, you're going to have to
> > modify it before enabling virtio in libvirt.
> >
> > Check out this guide:
> > https://access.redhat.com/articles/2470791#installing-the-kvm-windows-
> > virtio-drivers-5
> >
> >
> >
> > 
> > From: Adam Witwicki 
> > Sent: Friday, September 21, 2018 5:28 AM
> > To: users@cloudstack.apache.org
> > Subject: RE: Disk controller type
> >
> > Win 2016 doesn’t use Virtio by default, but we need too as disk
> > performance is rubbish if we don’t
> >
> >
> >
> >
> > -Original Message-
> > From: Andrija Panic 
> > Sent: 21 September 2018 11:25
> > To: users 
> > Subject: Re: Disk controller type
> >
> > ** This mail originated from OUTSIDE the Oakford corporate network.
> > Treat hyperlinks and attachments in this email with caution. **
> >
> > Hrm... Im mot aware of Windows 2016 OS type, that is probably in newer
> > version of ACS, so far, up to Windows 2012 OS type, it was all IDE...
> >
> > Can you do silly check with either 'ps aux | grep VMNAME' or with
> > 'virsh dumpxml VMNAME' so we see what controller type is used.
> >
> > I have hard time believing that Win 2016 OS type would use Virtio by
> > default, since afaik no Virtio drivers are builtin inaide Windows by
> > default (in contrast to Hype-V drivers being available in stock Linux
> > kernel for some tome now :) )
> >
> >
> > On Fri, Sep 21, 2018, 10:31 Adam Witwicki 
> wrote:
> >
> > > Andrija,
> > >
> > > I have something weird, I have a template which uses the OS type of
> > > Windows Server 2016 (64-bit), this was imported into Cloudstack  and
> > > this template uses a VirtIO controller I have another template that
> > > was created from a disk also with OS type of Windows Server 2016
> > > (64-bit) but has an ID controller.
> > >
> > > I am trying to work out why this happened and now I can make the
> > > disk template always select the VirtIO controller.
> > > Setting the instance to windows PV causes BSOD on boot, well before
> > > hal can be redetected
> > >
> > >
> > > Thanks
> > >
> > > Adam
> > 

Re: Is that safe to put public IP directly on Virtual Router/ System VMs?

[Andrija Panic]

Each sysem VM have a single (at minimum) public IP address attached:

- cpvm need it to enable your laptop/you access to the console of the VM
from anywhere on internet (its authenticated)

- ssvm need it to download templates from internet (and offer you download
link when you download i.e. vokume from ACS)

-VRs need it for obvious reasons - to provide internet access to VMs (since
VMs are usually on internal/private network/asdresses)...

Unless I got your question wrong ?

Cheers


On Sep 25, 2018 21:29, "Netlynker"  wrote:

Hi,

I looked at the deployment architecture from document and it said to have
public IP addresses on Virtaul Router/System VMs.

Is that recommended setup?

How safe will it be to expose Virtaul Router/ System VMs directly to
internet?

Any recommendation is welcomed.

Thanks in advance,
Netlynker

Re: Disk controller type

[Andrija Panic]

Or in other words, again based on ACS 4.8, simply use Windows PV as the OS
type, but make sure that you have a clean driver install process in your
head - if install windows from zero - that is simple, just detach
win.iso,attach virtidrivers ISO file and load scsi drivers... later install
network Virtio etc :)

But if converting existing IDE version of Windows, make some tests with
/detecthal to avoid long downtime :)

On Fri, Sep 21, 2018, 16:14 Simon Weller  wrote:

> Your two options are virtio blk or virtio-scsi. If your imported VM
> doesn't have the correct controller specified, you're going to have to
> modify it before enabling virtio in libvirt.
>
> Check out this guide:
> https://access.redhat.com/articles/2470791#installing-the-kvm-windows-virtio-drivers-5
>
>
>
> 
> From: Adam Witwicki 
> Sent: Friday, September 21, 2018 5:28 AM
> To: users@cloudstack.apache.org
> Subject: RE: Disk controller type
>
> Win 2016 doesn’t use Virtio by default, but we need too as disk
> performance is rubbish if we don’t
>
>
>
>
> -Original Message-
> From: Andrija Panic 
> Sent: 21 September 2018 11:25
> To: users 
> Subject: Re: Disk controller type
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> Hrm... Im mot aware of Windows 2016 OS type, that is probably in newer
> version of ACS, so far, up to Windows 2012 OS type, it was all IDE...
>
> Can you do silly check with either 'ps aux | grep VMNAME' or with 'virsh
> dumpxml VMNAME' so we see what controller type is used.
>
> I have hard time believing that Win 2016 OS type would use Virtio by
> default, since afaik no Virtio drivers are builtin inaide Windows by
> default (in contrast to Hype-V drivers being available in stock Linux
> kernel for some tome now :) )
>
>
> On Fri, Sep 21, 2018, 10:31 Adam Witwicki  wrote:
>
> > Andrija,
> >
> > I have something weird, I have a template which uses the OS type of
> > Windows Server 2016 (64-bit), this was imported into Cloudstack  and
> > this template uses a VirtIO controller I have another template that
> > was created from a disk also with OS type of Windows Server 2016
> > (64-bit) but has an ID controller.
> >
> > I am trying to work out why this happened and now I can make the disk
> > template always select the VirtIO controller.
> > Setting the instance to windows PV causes BSOD on boot, well before
> > hal can be redetected
> >
> >
> > Thanks
> >
> > Adam
> >
> > -Original Message-
> > From: Andrija Panic 
> > Sent: 20 September 2018 11:18
> > To: users 
> > Subject: Re: Disk controller type
> >
> > ** This mail originated from OUTSIDE the Oakford corporate network.
> > Treat hyperlinks and attachments in this email with caution. **
> >
> > Sooo... here is my experience:
> >
> > if using correct VirtIO OS TYPE (set on template/VM) - i.e. ubuntu
> > 14.04, Centos 6.x or 7.x, Windows PV, other PV (but NOT centos 6.0 or
> > 7.0 - these "dot zero" versions are NOT virtio at least in ACS 4.8),
> > then when VM is STARTED FROM ACS (power on VM) - all drives should be
> attached as VirtIO.
> >
> > BUT if you do same as above, then additionally create and HOTPLUG new
> > drives/volumes to KVM - it will be IDE - some strange default behavior
> > during hotplug action just stop VM/start and it will become VirtIO
> > again...
> >
> > In order to "troubleshoot" these instances - you need to be careful to
> > which OS TYPE was the instance set to (this is inherited from
> > TEMPLATE, if you used some template - but it CAN be changed on an
> > deployed&
> > instance)
> >
> > In case you plan to i.e. move your Windows instances from IDE to
> > VirtIO - be aware that it might fail miserably, and OS will fail to
> > boot - but there is a fix with *"* bcdedit /set detecthal boolean
> > (where boolean is one of 1,  on, yes or true) " after which Windows
> > will detect HAL again and boot just fine.
> >
> > Let me know if more help needed
> >
> > Cheers
> >
> > On Thu, 20 Sep 2018 at 11:22, Adam Witwicki 
> > wrote:
> >
> > >
> > >
> > > It looks like I can just add
> > >
> > > rootDiskController virtio
> > >
> > > To the templates settings tab?
> > >
> > > Can anyone confirm?
> > >
> > > Thanks
> > >
> > > Adam
> > >
> > > -Original Message-

Re: Disk controller type

[Andrija Panic]

Hrm... Im mot aware of Windows 2016 OS type, that is probably in newer
version of ACS, so far, up to Windows 2012 OS type, it was all IDE...

Can you do silly check with either 'ps aux | grep VMNAME' or with 'virsh
dumpxml VMNAME' so we see what controller type is used.

I have hard time believing that Win 2016 OS type would use Virtio by
default, since afaik no Virtio drivers are builtin inaide Windows by
default (in contrast to Hype-V drivers being available in stock Linux
kernel for some tome now :) )


On Fri, Sep 21, 2018, 10:31 Adam Witwicki  wrote:

> Andrija,
>
> I have something weird, I have a template which uses the OS type of
> Windows Server 2016 (64-bit), this was imported into Cloudstack  and this
> template uses a VirtIO controller
> I have another template that was created from a disk also with OS type of
> Windows Server 2016 (64-bit) but has an ID controller.
>
> I am trying to work out why this happened and now I can make the disk
> template always select the VirtIO controller.
> Setting the instance to windows PV causes BSOD on boot, well before hal
> can be redetected
>
>
> Thanks
>
> Adam
>
> -Original Message-
> From: Andrija Panic 
> Sent: 20 September 2018 11:18
> To: users 
> Subject: Re: Disk controller type
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> Sooo... here is my experience:
>
> if using correct VirtIO OS TYPE (set on template/VM) - i.e. ubuntu 14.04,
> Centos 6.x or 7.x, Windows PV, other PV (but NOT centos 6.0 or 7.0 - these
> "dot zero" versions are NOT virtio at least in ACS 4.8), then when VM is
> STARTED FROM ACS (power on VM) - all drives should be attached as VirtIO.
>
> BUT if you do same as above, then additionally create and HOTPLUG new
> drives/volumes to KVM - it will be IDE - some strange default behavior
> during hotplug action just stop VM/start and it will become VirtIO
> again...
>
> In order to "troubleshoot" these instances - you need to be careful to
> which OS TYPE was the instance set to (this is inherited from TEMPLATE, if
> you used some template - but it CAN be changed on an deployed&
> instance)
>
> In case you plan to i.e. move your Windows instances from IDE to VirtIO -
> be aware that it might fail miserably, and OS will fail to boot - but there
> is a fix with *"* bcdedit /set detecthal boolean (where boolean is one of
> 1,  on, yes or true) " after which Windows will detect HAL again and boot
> just fine.
>
> Let me know if more help needed
>
> Cheers
>
> On Thu, 20 Sep 2018 at 11:22, Adam Witwicki 
> wrote:
>
> >
> >
> > It looks like I can just add
> >
> > rootDiskController virtio
> >
> > To the templates settings tab?
> >
> > Can anyone confirm?
> >
> > Thanks
> >
> > Adam
> >
> > -Original Message-
> > From: Ivan Kudryavtsev 
> > Sent: 20 September 2018 10:20
> > To: users 
> > Subject: Re: Disk controller type
> >
> > ** This mail originated from OUTSIDE the Oakford corporate network.
> > Treat hyperlinks and attachments in this email with caution. **
> >
> > Rakesh, It doesn't work like that for CS as it uses stateless XML
> configs.
> >
> > чт, 20 сент. 2018 г., 16:12 Rakesh Venkatesh  >:
> >
> > > I think you can change the controller type in XML file of the VM but
> > > not sure if that works or not.
> > >
> > > virsh dumpxml 
> > > virsh edit 
> > > change the controller type, save and start the vm again
> > >
> > > On Thu, Sep 20, 2018 at 9:59 AM Adam Witwicki
> > > 
> > > wrote:
> > >
> > > > Hello,
> > > >
> > > > I have a number of of instances using the wrong controller type
> > > > (ATA)
> > > does
> > > > anyone know where this is set in the database so I can start them
> > > > with
> > > the
> > > > VirtIO scsi controller?
> > > >
> > > > Thanks
> > > >
> > > > Adam
> > > >
> > > >
> > > >
> > > >
> > > > Disclaimer Notice:
> > > > This email has been sent by Oakford Technology Limited, while we
> > > > have checked this e-mail and any attachments for viruses, we can
> > > > not guarantee that they are virus-free. You must therefore take
> > > > full responsibility for virus checking.
> > > > This message and any attachments are confidential and should only
> > > >

Re: Cannot delete public network?

[Andrija Panic]

Np, glad it helped :)

On Thu, 20 Sep 2018 at 16:40, Yordan Kostov 
wrote:

> Hello Andrija,
>
> Your suggestion helped!
>
> There were  issues with the system VMs getting IP address so I had to
> delete them from the hypervisor and after that I set UPDATE vm_instance SET
> removed=now() for the vms in the db to make them disappear in CD.
>
> I did not know that ip relocation remained for those VMs so setting it to
> NULL did the job.
>
> Thank you!
>
> Best regards,
> Jordan
>
> -Original Message-
> From: Andrija Panic [mailto:andrija.pa...@gmail.com]
> Sent: Thursday, September 20, 2018 5:23 PM
> To: users 
> Subject: Re: Cannot delete public network?
>
> Did you try disabling the zone first, delete ssvm and cpvm? Then try to
> delete it...
>
> Otherwise, you can check the DB, there is table named user_ip_address
> (from top of my kind, not sure of name) and there you can check if any
> public IP is assigned etc.
>
> Best
> Andrija
>
> On Thu, Sep 20, 2018, 15:24 Yordan Kostov  >
> wrote:
>
> > Dear all,
> >
> >
> >
> > I am trying to remove a zone from Cloudstack.
> >
> > Before I do that I went to delete the physical
> > networks but I get the error message (for the one that holds public
> > vlan) : *The Physical Network is not deletable because there are
> > public IP addresses allocated for this physical network.*
> >
> >
> >
> > When I go in and try to delete the network range itself it says the
> > IPs are in use, but there are no VMs.
> > There are no pods or hosts in the zone (already deleted).
> >
> >
> > Is there a way to release the IPs or is this a bug?
> >
> >
> >
> >
> >
> >
> >
> > Best regards,
> >
> > Jordan Kostov
> >
> >
> >
>


-- 

Andrija Panić

Re: Cannot delete public network?

[Andrija Panic]

Did you try disabling the zone first, delete ssvm and cpvm? Then try to
delete it...

Otherwise, you can check the DB, there is table named user_ip_address (from
top of my kind, not sure of name) and there you can check if any public IP
is assigned etc.

Best
Andrija

On Thu, Sep 20, 2018, 15:24 Yordan Kostov 
wrote:

> Dear all,
>
>
>
> I am trying to remove a zone from Cloudstack.
>
> Before I do that I went to delete the physical networks
> but I get the error message (for the one that holds public vlan) : *The
> Physical Network is not deletable because there are public IP addresses
> allocated for this physical network.*
>
>
>
> When I go in and try to delete the network range itself it says the IPs
> are in use, but there are no VMs.
> There are no pods or hosts in the zone (already deleted).
>
>
> Is there a way to release the IPs or is this a bug?
>
>
>
>
>
>
>
> Best regards,
>
> Jordan Kostov
>
>
>

Re: Disk controller type

[Andrija Panic]

Sooo... here is my experience:

if using correct VirtIO OS TYPE (set on template/VM) - i.e. ubuntu 14.04,
Centos 6.x or 7.x, Windows PV, other PV (but NOT centos 6.0 or 7.0 - these
"dot zero" versions are NOT virtio at least in ACS 4.8), then when VM is
STARTED FROM ACS (power on VM) - all drives should be attached as VirtIO.

BUT if you do same as above, then additionally create and HOTPLUG new
drives/volumes to KVM - it will be IDE - some strange default behavior
during hotplug action just stop VM/start and it will become VirtIO
again...

In order to "troubleshoot" these instances - you need to be careful to
which OS TYPE was the instance set to (this is inherited from TEMPLATE, if
you used some template - but it CAN be changed on an deployed&
instance)

In case you plan to i.e. move your Windows instances from IDE to VirtIO -
be aware that it might fail miserably, and OS will fail to boot - but there
is a fix with *"* bcdedit /set detecthal boolean (where boolean is one of 1,
 on, yes or true) " after which Windows will detect HAL again and boot just
fine.

Let me know if more help needed

Cheers

On Thu, 20 Sep 2018 at 11:22, Adam Witwicki  wrote:

>
>
> It looks like I can just add
>
> rootDiskController virtio
>
> To the templates settings tab?
>
> Can anyone confirm?
>
> Thanks
>
> Adam
>
> -Original Message-
> From: Ivan Kudryavtsev 
> Sent: 20 September 2018 10:20
> To: users 
> Subject: Re: Disk controller type
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> Rakesh, It doesn't work like that for CS as it uses stateless XML configs.
>
> чт, 20 сент. 2018 г., 16:12 Rakesh Venkatesh :
>
> > I think you can change the controller type in XML file of the VM but
> > not sure if that works or not.
> >
> > virsh dumpxml 
> > virsh edit 
> > change the controller type, save and start the vm again
> >
> > On Thu, Sep 20, 2018 at 9:59 AM Adam Witwicki
> > 
> > wrote:
> >
> > > Hello,
> > >
> > > I have a number of of instances using the wrong controller type
> > > (ATA)
> > does
> > > anyone know where this is set in the database so I can start them
> > > with
> > the
> > > VirtIO scsi controller?
> > >
> > > Thanks
> > >
> > > Adam
> > >
> > >
> > >
> > >
> > > Disclaimer Notice:
> > > This email has been sent by Oakford Technology Limited, while we
> > > have checked this e-mail and any attachments for viruses, we can not
> > > guarantee that they are virus-free. You must therefore take full
> > > responsibility for virus checking.
> > > This message and any attachments are confidential and should only be
> > > read by those to whom they are addressed. If you are not the
> > > intended
> > recipient,
> > > please contact us, delete the message from your computer and destroy
> > > any copies. Any distribution or copying without our prior permission
> > > is prohibited.
> > > Internet communications are not always secure and therefore Oakford
> > > Technology Limited does not accept legal responsibility for this
> message.
> > > The recipient is responsible for verifying its authenticity before
> > > acting on the contents. Any views or opinions presented are solely
> > > those of the author and do not necessarily represent those of
> > > Oakford Technology
> > Limited.
> > > Registered address: Oakford Technology Limited, 10 Prince Maurice
> > > Court, Devizes, Wiltshire. SN10 2RT.
> > > Registered in England and Wales No. 5971519
> > >
> > >
> >
> > --
> > Thanks and regards
> > Rakesh venkatesh
> >
> Disclaimer Notice:
> This email has been sent by Oakford Technology Limited, while we have
> checked this e-mail and any attachments for viruses, we can not guarantee
> that they are virus-free. You must therefore take full responsibility for
> virus checking.
> This message and any attachments are confidential and should only be read
> by those to whom they are addressed. If you are not the intended recipient,
> please contact us, delete the message from your computer and destroy any
> copies. Any distribution or copying without our prior permission is
> prohibited.
> Internet communications are not always secure and therefore Oakford
> Technology Limited does not accept legal responsibility for this message.
> The recipient is responsible for verifying its authenticity before acting
> on the contents. Any views or opinions presented are solely those of the
> author and do not necessarily represent those of Oakford Technology Limited.
> Registered address: Oakford Technology Limited, 10 Prince Maurice Court,
> Devizes, Wiltshire. SN10 2RT.
> Registered in England and Wales No. 5971519
>
>

-- 

Andrija Panić

Re: ***UNCHECKED*** Re: Network "restart required - yes"

[Andrija Panic]

ok, thx once more :)

On Wed, 19 Sep 2018 at 18:06, Rafael Weingärtner <
rafaelweingart...@gmail.com> wrote:

> >
> > Btw, do you know what actually REALLY happens when you restart Network
> > (part of VPC), not the whole VPC - since I was not clear if this does
> > anything (and it takes 1-3 seconds only...)
> >
> I have checked this before, but I do not know it by heart now.
> If I had to guess, I would that say restart network will reboot the VR.
> Restart network with cleanup (not the VPC) will remove and add
> configurations applied in the VR after the reboot.
> Restart network with cleanup (in the VPC) will destroy and recreate the VR.
>
> On Wed, Sep 19, 2018 at 12:35 PM, Andrija Panic 
> wrote:
>
> > Hi Rafael,
> >
> > thanks a lot for digging into code - I undestand possible situations now
> -
> > thx.
> >
> > Btw, do you know what actually REALLY happens when you restart Network
> > (part of VPC), not the whole VPC - since I was not clear if this does
> > anything (and it takes 1-3 seconds only...)
> >
> > thx again
> >
> > On Wed, 19 Sep 2018 at 15:52, Rafael Weingärtner <
> > rafaelweingart...@gmail.com> wrote:
> >
> > > According to the code:
> > >
> > > >  a lot more code here
> > > >
> > >  if (forceCleanup) {
> > > >
> > >if (!rollingRestartVpc(vpc, context)) {
> > > >s_logger.warn("Failed to execute a rolling restart as a part
> of
> > > VPC
> > > > " + vpc + " restart process");
> > > >restartRequired = true;
> > > >return false;
> > > >}
> > > >return true;
> > > >
> > > }
> > > >
> > > s_logger.debug("Starting VPC " + vpc + " as a part of VPC restart
> process
> > > > without cleanup");
> > > > if (!startVpc(vpcId, false)) {
> > > > s_logger.warn("Failed to start vpc as a part of VPC " + vpc
> + "
> > > > restart process");
> > > > restartRequired = true;
> > > > return false;
> > > >  }
> > > >
> > >  a lot more code here
> > > >
> > > final VpcVO vo = _vpcDao.findById(vpcId);
> > > > vo.setRestartRequired(restartRequired);
> > > > _vpcDao.update(vpc.getId(), vo);
> > > >
> > >  a lot more code here
> > >
> > >
> > > That means,  something wrong happened either in "rollingRestartVpc" or
> > > "startVpc" methods. Therefore, all of the affected networks should
> > present
> > > log entries such as " Failed to start vpc as a part of VPC " or "
> > > Failed to execute a rolling restart as a part of VPC "
> > >
> > > On Wed, Sep 19, 2018 at 10:42 AM, Simon Weller  >
> > > wrote:
> > >
> > > > Without digging into the code, I believe that the VR reports the
> > version
> > > > and it's matched against the min version. i'm not sure what happens
> if
> > > the
> > > > version is not reported at all.
> > > >
> > > > Is this recent and have you updated the system QCOW2 or systemvm.iso
> > > > recently? And if so, did you rebuild the rpms, or manually place the
> > > image
> > > > or iso?
> > > >
> > > >
> > > > - Si
> > > >
> > > > ________
> > > > From: Andrija Panic 
> > > > Sent: Wednesday, September 19, 2018 8:35 AM
> > > > To: users
> > > > Subject: Re: Network "restart required - yes"
> > > >
> > > > Just did some SQL - only 19 networks in this state (requires
> > restart...),
> > > > so a few of VPCs
> > > >
> > > > Minimum template version ss 4.6.0 (we run acs 4.8.x)
> > > >
> > > > and just checked all VRs from DB, did SQL, all existing routers are
> on
> > > this
> > > > version (4.6.0)
> > > >
> > > > Hm...
> > > >
> > > >
> > > > On Wed, 19 Sep 2018 at 15:02, Simon Weller 
> > > > wrote:
> > > >
> > > > > Andrija,
> > > > >
> > > > >
> > > > > Is this isolated to that particular VPC, or is this across the
> entire
> > > > > zone? What's the minre

Re: ***UNCHECKED*** Re: Network "restart required - yes"

[Andrija Panic]

Hi Rafael,

thanks a lot for digging into code - I undestand possible situations now -
thx.

Btw, do you know what actually REALLY happens when you restart Network
(part of VPC), not the whole VPC - since I was not clear if this does
anything (and it takes 1-3 seconds only...)

thx again

On Wed, 19 Sep 2018 at 15:52, Rafael Weingärtner <
rafaelweingart...@gmail.com> wrote:

> According to the code:
>
> >  a lot more code here
> >
>  if (forceCleanup) {
> >
>if (!rollingRestartVpc(vpc, context)) {
> >s_logger.warn("Failed to execute a rolling restart as a part of
> VPC
> > " + vpc + " restart process");
> >restartRequired = true;
> >return false;
> >}
> >return true;
> >
> }
> >
> s_logger.debug("Starting VPC " + vpc + " as a part of VPC restart process
> > without cleanup");
> > if (!startVpc(vpcId, false)) {
> > s_logger.warn("Failed to start vpc as a part of VPC " + vpc + "
> > restart process");
> > restartRequired = true;
> > return false;
> >  }
> >
>  a lot more code here
> >
> final VpcVO vo = _vpcDao.findById(vpcId);
> > vo.setRestartRequired(restartRequired);
> > _vpcDao.update(vpc.getId(), vo);
> >
>  a lot more code here
>
>
> That means,  something wrong happened either in "rollingRestartVpc" or
> "startVpc" methods. Therefore, all of the affected networks should present
> log entries such as " Failed to start vpc as a part of VPC " or "
> Failed to execute a rolling restart as a part of VPC "
>
> On Wed, Sep 19, 2018 at 10:42 AM, Simon Weller 
> wrote:
>
> > Without digging into the code, I believe that the VR reports the version
> > and it's matched against the min version. i'm not sure what happens if
> the
> > version is not reported at all.
> >
> > Is this recent and have you updated the system QCOW2 or systemvm.iso
> > recently? And if so, did you rebuild the rpms, or manually place the
> image
> > or iso?
> >
> >
> > - Si
> >
> > 
> > From: Andrija Panic 
> > Sent: Wednesday, September 19, 2018 8:35 AM
> > To: users
> > Subject: Re: Network "restart required - yes"
> >
> > Just did some SQL - only 19 networks in this state (requires restart...),
> > so a few of VPCs
> >
> > Minimum template version ss 4.6.0 (we run acs 4.8.x)
> >
> > and just checked all VRs from DB, did SQL, all existing routers are on
> this
> > version (4.6.0)
> >
> > Hm...
> >
> >
> > On Wed, 19 Sep 2018 at 15:02, Simon Weller 
> > wrote:
> >
> > > Andrija,
> > >
> > >
> > > Is this isolated to that particular VPC, or is this across the entire
> > > zone? What's the minreq.sysvmtemplate.version global set to?
> > >
> > >
> > > - Si
> > >
> > > ________
> > > From: Andrija Panic 
> > > Sent: Wednesday, September 19, 2018 7:55 AM
> > > To: users
> > > Subject: Re: Network "restart required - yes"
> > >
> > > Actually, its the filed called "Restart required" - check here:
> > > https://pasteboard.co/HEBUmB0.png
> > >
> > > you go to inside VPC, click on network, and there it is...
> > >
> > >
> > > Thanks !
> > >
> > > On Wed, 19 Sep 2018 at 14:42, Rafael Weingärtner <
> > > rafaelweingart...@gmail.com> wrote:
> > >
> > > > Where is this appearing? In the network 'state' field?
> > > >
> > > > On Wed, Sep 19, 2018 at 9:28 AM, Andrija Panic <
> > andrija.pa...@gmail.com>
> > > > wrote:
> > > >
> > > > > Hi all,
> > > > >
> > > > > does anyone know it means when on the Network tab (this is VPC
> > network)
> > > > it
> > > > > says "Restart Required - yes" ?
> > > > >  (the VR is using latest, up-to-date template just FYI).
> > > > >
> > > > > Thanks,
> > > > >
> > > > > --
> > > > >
> > > > > Andrija Panić
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Rafael Weingärtner
> > > >
> > >
> > >
> > > --
> > >
> > > Andrija Panić
> > >
> >
> >
> > --
> >
> > Andrija Panić
> >
>
>
>
> --
> Rafael Weingärtner
>


-- 

Andrija Panić

Re: Network "restart required - yes"

[Andrija Panic]

Well, not recent at all, and no issues so far update was done a few
months, and as I stated above, from DB I got all VRs reported to be running
4.6.0 version - I assume DB is populated dynamically as VR reports the
version to MGMT server

Need to think...

On Wed, 19 Sep 2018 at 15:43, Simon Weller  wrote:

> Without digging into the code, I believe that the VR reports the version
> and it's matched against the min version. i'm not sure what happens if the
> version is not reported at all.
>
> Is this recent and have you updated the system QCOW2 or systemvm.iso
> recently? And if so, did you rebuild the rpms, or manually place the image
> or iso?
>
>
> - Si
>
> ________
> From: Andrija Panic 
> Sent: Wednesday, September 19, 2018 8:35 AM
> To: users
> Subject: Re: Network "restart required - yes"
>
> Just did some SQL - only 19 networks in this state (requires restart...),
> so a few of VPCs
>
> Minimum template version ss 4.6.0 (we run acs 4.8.x)
>
> and just checked all VRs from DB, did SQL, all existing routers are on this
> version (4.6.0)
>
> Hm...
>
>
> On Wed, 19 Sep 2018 at 15:02, Simon Weller 
> wrote:
>
> > Andrija,
> >
> >
> > Is this isolated to that particular VPC, or is this across the entire
> > zone? What's the minreq.sysvmtemplate.version global set to?
> >
> >
> > - Si
> >
> > 
> > From: Andrija Panic 
> > Sent: Wednesday, September 19, 2018 7:55 AM
> > To: users
> > Subject: Re: Network "restart required - yes"
> >
> > Actually, its the filed called "Restart required" - check here:
> > https://pasteboard.co/HEBUmB0.png
> >
> > you go to inside VPC, click on network, and there it is...
> >
> >
> > Thanks !
> >
> > On Wed, 19 Sep 2018 at 14:42, Rafael Weingärtner <
> > rafaelweingart...@gmail.com> wrote:
> >
> > > Where is this appearing? In the network 'state' field?
> > >
> > > On Wed, Sep 19, 2018 at 9:28 AM, Andrija Panic <
> andrija.pa...@gmail.com>
> > > wrote:
> > >
> > > > Hi all,
> > > >
> > > > does anyone know it means when on the Network tab (this is VPC
> network)
> > > it
> > > > says "Restart Required - yes" ?
> > > >  (the VR is using latest, up-to-date template just FYI).
> > > >
> > > > Thanks,
> > > >
> > > > --
> > > >
> > > > Andrija Panić
> > > >
> > >
> > >
> > >
> > > --
> > > Rafael Weingärtner
> > >
> >
> >
> > --
> >
> > Andrija Panić
> >
>
>
> --
>
> Andrija Panić
>


-- 

Andrija Panić

Re: Network "restart required - yes"

[Andrija Panic]

Just did some SQL - only 19 networks in this state (requires restart...),
so a few of VPCs

Minimum template version ss 4.6.0 (we run acs 4.8.x)

and just checked all VRs from DB, did SQL, all existing routers are on this
version (4.6.0)

Hm...


On Wed, 19 Sep 2018 at 15:02, Simon Weller  wrote:

> Andrija,
>
>
> Is this isolated to that particular VPC, or is this across the entire
> zone? What's the minreq.sysvmtemplate.version global set to?
>
>
> - Si
>
> ________
> From: Andrija Panic 
> Sent: Wednesday, September 19, 2018 7:55 AM
> To: users
> Subject: Re: Network "restart required - yes"
>
> Actually, its the filed called "Restart required" - check here:
> https://pasteboard.co/HEBUmB0.png
>
> you go to inside VPC, click on network, and there it is...
>
>
> Thanks !
>
> On Wed, 19 Sep 2018 at 14:42, Rafael Weingärtner <
> rafaelweingart...@gmail.com> wrote:
>
> > Where is this appearing? In the network 'state' field?
> >
> > On Wed, Sep 19, 2018 at 9:28 AM, Andrija Panic 
> > wrote:
> >
> > > Hi all,
> > >
> > > does anyone know it means when on the Network tab (this is VPC network)
> > it
> > > says "Restart Required - yes" ?
> > >  (the VR is using latest, up-to-date template just FYI).
> > >
> > > Thanks,
> > >
> > > --
> > >
> > > Andrija Panić
> > >
> >
> >
> >
> > --
> > Rafael Weingärtner
> >
>
>
> --
>
> Andrija Panić
>


-- 

Andrija Panić

Re: Network "restart required - yes"

[Andrija Panic]

Actually, its the filed called "Restart required" - check here:
https://pasteboard.co/HEBUmB0.png

you go to inside VPC, click on network, and there it is...


Thanks !

On Wed, 19 Sep 2018 at 14:42, Rafael Weingärtner <
rafaelweingart...@gmail.com> wrote:

> Where is this appearing? In the network 'state' field?
>
> On Wed, Sep 19, 2018 at 9:28 AM, Andrija Panic 
> wrote:
>
> > Hi all,
> >
> > does anyone know it means when on the Network tab (this is VPC network)
> it
> > says "Restart Required - yes" ?
> >  (the VR is using latest, up-to-date template just FYI).
> >
> > Thanks,
> >
> > --
> >
> > Andrija Panić
> >
>
>
>
> --
> Rafael Weingärtner
>


-- 

Andrija Panić

Network "restart required - yes"

[Andrija Panic]

Hi all,

does anyone know it means when on the Network tab (this is VPC network) it
says "Restart Required - yes" ?
 (the VR is using latest, up-to-date template just FYI).

Thanks,

-- 

Andrija Panić

Re: Solved: slow performance CEPH RBD on KVM

[Andrija Panic]

Cool, I didn't consider this as a variable :)

IDE works extremely slow indeed... anyway, make sure to also have RBD
caching on KVM side.

Cheers

On Mon, Aug 6, 2018, 14:51 Benjamin Naber 
wrote:

> Hi Andrija,
>
> i figured out the problem. templates should be created as OS: Other PV
> Virtio-SCSI (64-bit) otherwise, vm disk will created as an IDE Device.
>
> Afther changing the setting i got my Performance and a well working
> environment.
>
>
> Kind regards
>
> Ben
>
> >
> > Andrija Panic  hat am 5. August 2018 um
> 11:05 geschrieben:
> >
> > Hi,
> >
> > Google "enable rbd cache on KVM" - this is supposed to enable write
> back
> > cache if client OS sends proper flush commands (i.e. linux kernel
> newer
> > than 3.0) - will NOT help with reads, obviously...
> >
> > For rest, there can be done some tunning, but expect no miracle.
> >
> > You didn't specify ceph cluster details, journals setup, etc - would
> be
> > useful to know, then KVM host version, etc.
> >
> > Cheers
> >
> > On Fri, Aug 3, 2018, 16:05 Benjamin Naber <
> benjamin.na...@coders-area.de>
> > wrote:
> >
> > > >
> > > Hi @all,
> > >
> > > ive setup a Ceph Cluster in combination with KVM Hosts. If i
> benchmark
> > > ceph rbd performance from Hypervisor itself i got 10 times
> higher
> > > performance than from using a cloudstack created guest-vm.
> > > are there any recommendet settings for KVM Hosts in cloudstack
> or KVM
> > > using with ceph rbd ?
> > >
> > > kind regards
> > > Ben
> > >
> > > >
>

Re: Windows Server 2016 Templates for Cloudstack

[Andrija Panic]

We are using original one (cloud instance manager) sucessfully - at least
on older template (from say 8 months ago...) - not sure if versions have
been changing or not - here is what we use (version check)
https://snag.gy/prZTPB.jpg so you can try ti compare... Unless some new
mega security by MS to ban setting pass(I guess you confirmed the
service is running, after install ?)

Though, hostname is not set indeed - it's random windows style...

On Fri, 27 Jul 2018 at 16:48,  wrote:

> Thank you, I’ll look into it.
>
>
> Simon Völker
> Fraunhofer-Gesellschaft e.V.
> Abteilung C7 Kommunikationsmanagement
> Schloss Birlinghoven IZB, 53754 Sankt Augustin
> Telefon: (02241) 14-2311
> E-mail: simon.voel...@zv.fraunhofer.de simon.voel...@zv.fraunhofer.de>
>
>
>
> Am 27.07.2018 um 11:09 schrieb Dag Sonstebo  >:
>
> Hi Simon,
>
> With regards to hostname this should just be a question of setting your
> Windows template to pick up hostname from DHCP.
>
> Admin passwords – if the existing install doesn’t work you could look at a
> cloud-init derivative for Windows, looks like
> https://cloudbase.it/cloudbase-init/ may do the trick?
>
> Regards,
> Dag Sonstebo
> Cloud Architect
> ShapeBlue
>
> On 27/07/2018, 09:53, "simon.voel...@zv.fraunhofer.de simon.voel...@zv.fraunhofer.de>"  simon.voel...@zv.fraunhofer.de>> wrote:
>
>Hi,
>
>we are currently updating templates we provide to our customers.
> However, we are running into problems with Windows Server 2016 and the
> cloudstack functionality of setting an administrator password and a
> hostname. The CloudInstanceManager we used for older versions does not seem
> to work anymore. Does anybody know a successor to the Cloud Instance
> Manager or a workaround to make the functions work in Server 2016?
>
>Regards
>
>Simon Völker
>Fraunhofer-Gesellschaft e.V.
>Abteilung C7 Kommunikationsmanagement
>Schloss Birlinghoven IZB, 53754 Sankt Augustin
>Telefon: (02241) 14-2311
>E-mail: simon.voel...@zv.fraunhofer.de simon.voel...@zv.fraunhofer.de>
>
>
>
>
>
>
> dag.sonst...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>
>
>

-- 

Andrija Panić

Re: add new ip range to zone

[Andrija Panic]

 Hi Swen,

no issues, since external Juniper router is doing the routing between
multiple public IP ranges - here is my setup inside ACS, check it:
https://snag.gy/kp67WA.jpg (ACS multiple ranges)

each of this "gateway" address is an interface on Juniper (btw, I don't
manage it, my colleague does) and rest of the range is given to ACS for use.

So if 2 VRs are in different IP ranges, traffic between them will flow
VR1--> JUNIPER --> VR2

Hope that helps

Andrija


On Mon, 23 Jul 2018 at 14:15, Swen - swen.io  wrote:

> Hi Andrija,
>
> did you have routing problems when a VR is using IPs out of more than one
> ip range?
>
> Best regards,
> Swen
>
> -Ursprüngliche Nachricht-
> Von: Andrija Panic [mailto:andrija.pa...@gmail.com]
> Gesendet: Mittwoch, 18. Juli 2018 16:49
> An: users 
> Betreff: Re: add new ip range to zone
>
> Bunch of Public IP ranges, again in same VLAN... (gateway is just an
> virtual inteface on physical router...all virtual interfaces in same vlan)
>
> On Wed, 18 Jul 2018 at 14:28, Nicolas Bouige  wrote:
>
> > Hi Rafael,
> >
> > yes, we had the situation but both ranges of public IPs was already in
> > the same VLAN.
> >
> > Nicolas Bouige
> > DIMSI
> > cloud.dimsi.fr<http://www.cloud.dimsi.fr>
> > 4, avenue Laurent Cely
> > Tour d’Asnière – 92600 Asnière sur Seine T/ +33 (0)6 28 98 53 40
> >
> >
> > 
> > De : Rafael Weingärtner 
> > Envoyé : mercredi 18 juillet 2018 13:02:41
> > À : users
> > Objet : Re: add new ip range to zone
> >
> > Nicolas, have you had the situation where 2 public IPs from different
> > ranges were assigned to the same VPC(VR)?
> > Here we had this situation, and it was not playing well in our network
> > setup. We had to move everything to the same VLAN.
> >
> > On Wed, Jul 18, 2018 at 7:25 AM, Nicolas Bouige 
> wrote:
> >
> > > Hello Swen,
> > >
> > > In our deployment, we are using two different network for public ip in
> > the
> > > same vlan without any problem.
> > >
> > > Best regards,
> > > N.B
> > >
> > > -Message d'origine-
> > > De : Swen - swen.io [mailto:m...@swen.io]
> > > Envoyé : mercredi 18 juillet 2018 11:26
> > > À : users@cloudstack.apache.org
> > > Objet : add new ip range to zone
> > >
> > > Hello all,
> > >
> > > We are using advanced networking in our installation and we need to add
> > > new public ips.
> > > Should we configure the new /24 network in the same vlan as the other
> one
> > > or should we use a vlan-id for each /24 network? What do you recommend?
> > >
> > > I am concerned what is happening if a VR gets public ips from different
> > > /24 networks within the same or in different vlans? Is there a chance
> > that
> > > a routing problem of any kind will accrue?
> > >
> > > Thank you for your 2 cents (or more) on this!
> > >
> > > Best regards,
> > > Swen
> > >
> > >
> > >
> > >
> >
> >
> > --
> > Rafael Weingärtner
> >
>
>
> --
>
> Andrija Panić
>
>
>

-- 

Andrija Panić

Re: 4.11.0 -> 4.11.1 problem: Guest VMs losing connection after few minutes

[Andrija Panic]

using vxlan as isolation method for advance network ?

On Fri, 20 Jul 2018 at 11:29, Daan Hoogland  wrote:

> On Fri, Jul 20, 2018 at 9:09 AM, ilya musayev <
> ilya.mailing.li...@gmail.com>
> wrote:
>
> > Have you tried destroying router vm and let CloudStack create new one ?
> >
> ​yes, or restart network with cleanup
>
> ​
>
>
> >
> > On Fri, Jul 20, 2018 at 1:33 AM Jevgeni Zolotarjov <
> j.zolotar...@gmail.com
> > >
> > wrote:
> >
> > > - an ip-address conflict.
> > >   JZ: unlikely, but not impossible. I tried to restart router VM in
> > > Network-Guest networks -> defaultGuestNetwork -> VirtualAppliances
> > > While rebooting ping to this router VM disappeared. Hence, no other
> > device
> > > is using the same IP.
> > > But!!! when this virtual router started, then network connection to all
> > > guest VMs disappeared. So, it must be something with this virtual
> router.
> > >
> > > - flakey hardware being one of
> > > -+ if card in the host
> > > JZ: higly unlikely
> > >
> > > -+ a router with bad firmware
> > > JZ: also unlikely
> > >
> > > - of course a strange cofiguration of the software router in you host
> > might
> > > be the issue as well
> > > JZ: I didnt do any special configuration. Just used default.
> > >
> > > by all I know this happening after upgrade sounds like an unhappy
> > incident
> > > but can't be sure.
> > > The iptables restart, was this on the VirtualRouter or on the host, or
> > > maybe on the guest? and the restart network?
> > >
> > > JZ: iptables restart on host machine. (or network restart on host)
> > >
> > >
> > >
> > > On Fri, Jul 20, 2018 at 11:14 AM Daan Hoogland <
> daan.hoogl...@gmail.com>
> > > wrote:
> > >
> > > > that behaviour sound familiar from a couple of cases:
> > > > - an ip-address conflict.
> > > > - flakey hardware being one of
> > > > -+ if card in the host
> > > > -+ a router with bad firmware
> > > > - of course a strange cofiguration of the software router in you host
> > > might
> > > > be the issue as well
> > > >
> > > > by all I know this happening after upgrade sounds like an unhappy
> > > incident
> > > > but can't be sure.
> > > > The iptables restart, was this on the VirtualRouter or on the host,
> or
> > > > maybe on the guest? and the restart network?
> > > >
> > > >
> > > > On Fri, Jul 20, 2018 at 7:43 AM, Jevgeni Zolotarjov <
> > > > j.zolotar...@gmail.com>
> > > > wrote:
> > > >
> > > > > I updated cloudstack 4.11.0 -> 4.11.1
> > > > >
> > > > > Everything went OK during update, but after host reboot guest VMs
> > lost
> > > > > connection after few minutes of normal work.
> > > > > I tried restarting network - systemctl restart network.service
> > > > > then connection was restored again for few minutes
> > > > >
> > > > > Finally I could restore connection by restarting iptables -
> systemctl
> > > > > restart iptables.service
> > > > >
> > > > > But then again guest VMs lost connection after few minutes of
> normal
> > > > > operation.
> > > > > The time of normal operation can be 5 minutes, but sometimes up to
> 40
> > > > > minutes.
> > > > >
> > > > > Please help me to track the root cause and fix it
> > > > >
> > > > > Host OS - Centos 7.5
> > > > > virtualisation - KVM
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Daan
> > > >
> > >
> >
>
>
>
> --
> Daan
>


-- 

Andrija Panić

Re: Cloudstack logo EPS

[Andrija Panic]

Maybe here:

https://cloudstack.apache.org/trademark-guidelines.html

https://www.brandeps.com/logo/A/Apache-CloudStack-01

.ai files (from first link are Adobe Ilustrator vector files), and seems
that can be converted to EPS even with some online tools (but I guess
designer has the right tools anyway :) )

cheers

On Thu, 19 Jul 2018 at 10:45, Giles Sirett 
wrote:

> Hi all
> I've got a designer looking at some ideas for Cloudstack marketing stuff
>
> He wants the cloudstack logo EPS file (files)
>
> Anybody know where they can be found ?
>
> Kind regards
> Giles
>
>
> giles.sir...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>
>

-- 

Andrija Panić

Re: VPC ACLs SRC and DST

[Andrija Panic]

Hi Jon,

to be honest, I would not know answer to that - this is not part of VPC if
I understand correctly ? If so, I can't really tell, but again, its worth
checking both GUI and API eventually to see if such thing is supported.
When configuring such thing (static NAT) to a VM inside VPC - same rules
apply for ACL - NAT is just replacing IP inside the IP packet, but you
still need to allow traffic and so on, via ACLs.

Best

On Wed, 18 Jul 2018 at 18:30, Jon Marshall  wrote:

> Hi Andrija
>
>
> Following on from that if you are using an isolated guest network and
> static IP for NAT to a VM private IP is there anyway in the IP address
> firewall configuration to deny certain traffic as well as permit traffic.
>
>
> Jon
>
>
> ________
> From: Andrija Panic 
> Sent: 18 July 2018 16:17
> To: users
> Subject: Re: VPC ACLs SRC and DST
>
> Hi Adam,
>
> unless something has changed in most recent version (doubt that) - no, you
> can only define one CIDR in each ACL rule, which, if creating
> egress/outbound rule is considered as destination IP/CIDR to which you
> alow/deny access from your VPC network, or if using ingress (inbound) rule,
> then this CIDR represents the SOURCE from which access is allowed/denied to
> your VPC network (whole VPC network in both cases - i.e.  it's not granular
> on single IP/VM level - for this you need to use local firewall if really
> needed)
>
> Hope that answers your question.
>
>
> Andrija
>
> On Wed, 18 Jul 2018 at 17:07, Adam Witwicki 
> wrote:
>
> > Hello
> >
> > Is there a way we can add the DST IP to the ACL lists in a VPC as well as
> > the SRC IP (outbound)
> >
> > Thanks
> >
> > Adam
> >
> >
> >
> > Disclaimer Notice:
> > This email has been sent by Oakford Technology Limited, while we have
> > checked this e-mail and any attachments for viruses, we can not guarantee
> > that they are virus-free. You must therefore take full responsibility for
> > virus checking.
> > This message and any attachments are confidential and should only be read
> > by those to whom they are addressed. If you are not the intended
> recipient,
> > please contact us, delete the message from your computer and destroy any
> > copies. Any distribution or copying without our prior permission is
> > prohibited.
> > Internet communications are not always secure and therefore Oakford
> > Technology Limited does not accept legal responsibility for this message.
> > The recipient is responsible for verifying its authenticity before acting
> > on the contents. Any views or opinions presented are solely those of the
> > author and do not necessarily represent those of Oakford Technology
> Limited.
> > Registered address: Oakford Technology Limited, 10 Prince Maurice Court,
> > Devizes, Wiltshire. SN10 2RT.
> > Registered in England and Wales No. 5971519
> >
> >
>
> --
>
> Andrija Panić
>


-- 

Andrija Panić

Re: VPC ACLs SRC and DST

[Andrija Panic]

Hi Adam,

unless something has changed in most recent version (doubt that) - no, you
can only define one CIDR in each ACL rule, which, if creating
egress/outbound rule is considered as destination IP/CIDR to which you
alow/deny access from your VPC network, or if using ingress (inbound) rule,
then this CIDR represents the SOURCE from which access is allowed/denied to
your VPC network (whole VPC network in both cases - i.e.  it's not granular
on single IP/VM level - for this you need to use local firewall if really
needed)

Hope that answers your question.


Andrija

On Wed, 18 Jul 2018 at 17:07, Adam Witwicki  wrote:

> Hello
>
> Is there a way we can add the DST IP to the ACL lists in a VPC as well as
> the SRC IP (outbound)
>
> Thanks
>
> Adam
>
>
>
> Disclaimer Notice:
> This email has been sent by Oakford Technology Limited, while we have
> checked this e-mail and any attachments for viruses, we can not guarantee
> that they are virus-free. You must therefore take full responsibility for
> virus checking.
> This message and any attachments are confidential and should only be read
> by those to whom they are addressed. If you are not the intended recipient,
> please contact us, delete the message from your computer and destroy any
> copies. Any distribution or copying without our prior permission is
> prohibited.
> Internet communications are not always secure and therefore Oakford
> Technology Limited does not accept legal responsibility for this message.
> The recipient is responsible for verifying its authenticity before acting
> on the contents. Any views or opinions presented are solely those of the
> author and do not necessarily represent those of Oakford Technology Limited.
> Registered address: Oakford Technology Limited, 10 Prince Maurice Court,
> Devizes, Wiltshire. SN10 2RT.
> Registered in England and Wales No. 5971519
>
>

-- 

Andrija Panić

Re: add new ip range to zone

[Andrija Panic]

Bunch of Public IP ranges, again in same VLAN... (gateway is just an
virtual inteface on physical router...all virtual interfaces in same vlan)

On Wed, 18 Jul 2018 at 14:28, Nicolas Bouige  wrote:

> Hi Rafael,
>
> yes, we had the situation but both ranges of public IPs was already in the
> same VLAN.
>
> Nicolas Bouige
> DIMSI
> cloud.dimsi.fr
> 4, avenue Laurent Cely
> Tour d’Asnière – 92600 Asnière sur Seine
> T/ +33 (0)6 28 98 53 40
>
>
> 
> De : Rafael Weingärtner 
> Envoyé : mercredi 18 juillet 2018 13:02:41
> À : users
> Objet : Re: add new ip range to zone
>
> Nicolas, have you had the situation where 2 public IPs from different
> ranges were assigned to the same VPC(VR)?
> Here we had this situation, and it was not playing well in our network
> setup. We had to move everything to the same VLAN.
>
> On Wed, Jul 18, 2018 at 7:25 AM, Nicolas Bouige  wrote:
>
> > Hello Swen,
> >
> > In our deployment, we are using two different network for public ip in
> the
> > same vlan without any problem.
> >
> > Best regards,
> > N.B
> >
> > -Message d'origine-
> > De : Swen - swen.io [mailto:m...@swen.io]
> > Envoyé : mercredi 18 juillet 2018 11:26
> > À : users@cloudstack.apache.org
> > Objet : add new ip range to zone
> >
> > Hello all,
> >
> > We are using advanced networking in our installation and we need to add
> > new public ips.
> > Should we configure the new /24 network in the same vlan as the other one
> > or should we use a vlan-id for each /24 network? What do you recommend?
> >
> > I am concerned what is happening if a VR gets public ips from different
> > /24 networks within the same or in different vlans? Is there a chance
> that
> > a routing problem of any kind will accrue?
> >
> > Thank you for your 2 cents (or more) on this!
> >
> > Best regards,
> > Swen
> >
> >
> >
> >
>
>
> --
> Rafael Weingärtner
>


-- 

Andrija Panić

Re: Unable to upload volumes 4.11.0

[Andrija Panic]

HttpS links were not supported (at least up to 4.8 release - I have to
always use plain HTTP).

Cheers

On Mon, Jul 16, 2018, 12:43 Paul Angus  wrote:

> Hi Adam,
> Have you tried this with 4.11.1?
>
>
> Kind regards,
>
> Paul Angus
>
> paul.an...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>
>
> -Original Message-
> From: Adam Witwicki 
> Sent: 16 July 2018 11:22
> To: users@cloudstack.apache.org
> Subject: RE: Unable to upload volumes 4.11.0
>
> Hi Paul
>
> That was accepted but returned this error, cert issue.
>
> Failed to upload volume: e6638e70-f346-4a98-aab7-91046e9fcfc7 with error:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
>
> Yet I am able to import as a template from the same source.?
> A confusing one
>
> Thanks
>
> Adam
>
> -Original Message-
> From: Paul Angus 
> Sent: 16 July 2018 11:06
> To: users@cloudstack.apache.org
> Subject: RE: Unable to upload volumes 4.11.0
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> Full disclosure - I used 4.11.1 but I uploaded a 'volume' from centos
> without a problem.
> Could you test the same link?
> https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
>
>
> Kind regards,
>
> Paul Angus
>
> paul.an...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK @shapeblue
>
>
>
>
> -Original Message-
> From: Adam Witwicki 
> Sent: 16 July 2018 08:02
> To: users@cloudstack.apache.org
> Subject: RE: Unable to upload volumes 4.11.0
>
> Hi Paul,
>
> The SSVM can curl the file, and the template import (add) works without
> issue, it’s the volume import (add) that fails
>
> Thanks
>
> Adam
>
> -Original Message-
> From: Paul Angus 
> Sent: 14 July 2018 07:36
> To: users@cloudstack.apache.org
> Subject: RE: Unable to upload volumes 4.11.0
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> Hi Adam,
>
> That error is coming from:
>
> if (httpClient.executeMethod(httphead) != HttpStatus.SC_OK) {
> throw new IllegalArgumentException("Invalid URL: " +
> url);
>
> have you tried checking that you can reach the download from the
> management server and the SSVM?
>
> Also does the hostname resolve to an IP which is within the cloudstack
> management networks? If so you need to add the IP(s) to
> secstorage.allowed.internal.sites
>
>
>
>
> paul.an...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK @shapeblue
>
>
>
>
> -Original Message-
> From: Adam Witwicki 
> Sent: 13 July 2018 09:21
> To: users@cloudstack.apache.org
> Subject: Unable to upload volumes 4.11.0
>
> Hello
>
> I cant seem to upload (add) a qcow2 volume via a URL, any ideas or other
> methods? we really need to import other systems disks.
>
> I get this in the logs
>
> 2018-07-13 09:08:18,435 DEBUG [c.c.s.VolumeApiServiceImpl]
> (API-Job-Executor-42:ctx-a1afd9f2 job-6668 ctx-7da8ec40) (logid:d97e88ec)
> Checking url:
> http://ingestion.xxx.com/Flowmon/Flowmon_Collector_Virtual_All_Plugins-disk-1.qcow2
> 2018-07-13
> 
> 09:08:18,509 ERROR [c.c.a.ApiAsyncJobDispatcher]
> (API-Job-Executor-42:ctx-a1afd9f2 job-6668) (logid:d97e88ec) Unexpected
> exception while executing
> org.apache.cloudstack.api.command.user.volume.UploadVolumeCmd
> java.lang.IllegalArgumentException: Invalid URL:
> http://ingestion.xx.com/Flowmon/Flowmon_Collector_Virtual_All_Plugins-disk-1.qcow2
> at com.cloud.utils.UriUtils.checkUrlExistence(UriUtils.java:395)
> at
> com.cloud.storage.VolumeApiServiceImpl.validateVolume(VolumeApiServiceImpl.java:415)
> at
> com.cloud.storage.VolumeApiServiceImpl.uploadVolume(VolumeApiServiceImpl.java:296)
> at
> com.cloud.storage.VolumeApiServiceImpl.uploadVolume(VolumeApiServiceImpl.java:179)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:338)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:197)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
> at
> 

Re: Unable to upload volumes 4.11.0

[Andrija Panic]

Hi Adam,

can you try volume name without underscores ?

Andrija

On Fri, 13 Jul 2018 at 10:21, Adam Witwicki  wrote:

> Hello
>
> I cant seem to upload (add) a qcow2 volume via a URL, any ideas or other
> methods? we really need to import other systems disks.
>
> I get this in the logs
>
> 2018-07-13 09:08:18,435 DEBUG [c.c.s.VolumeApiServiceImpl]
> (API-Job-Executor-42:ctx-a1afd9f2 job-6668 ctx-7da8ec40) (logid:d97e88ec)
> Checking url:
> http://ingestion.xxx.com/Flowmon/Flowmon_Collector_Virtual_All_Plugins-disk-1.qcow2
> 2018-07-13
> 
> 09:08:18,509 ERROR [c.c.a.ApiAsyncJobDispatcher]
> (API-Job-Executor-42:ctx-a1afd9f2 job-6668) (logid:d97e88ec) Unexpected
> exception while executing
> org.apache.cloudstack.api.command.user.volume.UploadVolumeCmd
> java.lang.IllegalArgumentException: Invalid URL:
> http://ingestion.xx.com/Flowmon/Flowmon_Collector_Virtual_All_Plugins-disk-1.qcow2
> at com.cloud.utils.UriUtils.checkUrlExistence(UriUtils.java:395)
> at
> com.cloud.storage.VolumeApiServiceImpl.validateVolume(VolumeApiServiceImpl.java:415)
> at
> com.cloud.storage.VolumeApiServiceImpl.uploadVolume(VolumeApiServiceImpl.java:296)
> at
> com.cloud.storage.VolumeApiServiceImpl.uploadVolume(VolumeApiServiceImpl.java:179)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:338)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:197)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
> at
> org.apache.cloudstack.network.contrail.management.EventUtils$EventInterceptor.invoke(EventUtils.java:107)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:174)
> at
> com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:51)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:174)
> at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
> at com.sun.proxy.$Proxy201.uploadVolume(Unknown Source)
> at
> org.apache.cloudstack.api.command.user.volume.UploadVolumeCmd.execute(UploadVolumeCmd.java:145)
> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:150)
> at
> com.cloud.api.ApiAsyncJobDispatcher.runJob(ApiAsyncJobDispatcher.java:108)
> at
> org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:581)
> at
> org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
> at
> org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
> at
> org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:529)
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> 2018-07-13 09:08:18,511 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
> (API-Job-Executor-42:ctx-a1afd9f2 job-6668) (logid:d97e88ec) Complete async
> job-6668, jobStatus: FAILED, resultCode: 530, result:
> org.apache.cloudstack.api.response.ExceptionResponse/null/{"uuidList":[],"errorcode":530,"errortext":"Invalid
> URL:
> http://ingestion.x.com/Flowmon/Flowmon_Collector_Virtual_All_Plugins-disk-1.qcow2
> "}
>
>
>
> Disclaimer Notice:
> This email has been sent by Oakford Technology Limited, while we have
> checked this e-mail and any attachments for 

Re: Adding secondary IP to VM

[Andrija Panic]

ACS doesn't handle this in any way (except that it might reserve the IP, so
it's not possible to add same IP to another VM/nic in same network).

You need to manually configure secondary IP on the VM - this is at least in
4.8 release, and per my experience so far.

Cheers.

On Wed, 11 Jul 2018 at 11:23, Jon Marshall  wrote:

> I am trying to work out how CS handles additional IPs assigned to a VM.
>
>
> So using DHCP for the VMs if I log onto the virtual router in the
> "dhcphosts.txt" can see the VM maping to it's IP.
>
>
> If I then acquire a secondary IP for the VM a couple of questions -
>
>
> 1) where does the virtual router store the information because it is not
> in the DHCP file which makes sense but it must record it somewhere because
> it won't hand out that same IP to another VM (I tested it). Is it in the
> DBase somewhere
>
>
> 2) How do others handle multiple IPs on a VM ie. do you DHCP for the main
> interface and then configure static IPs for the sub interfaces or do you
> turn off DHCP altogether ?
>
>
> Many thanks
>
>
> Jon
>


-- 

Andrija Panić

Re: Is there a way to get back destroyed Virtual Router?

[Andrija Panic]

If this is advanced networking (VPC), then just restart VPC and it should
bring up a new router. For me (4.8), restarting network actually never did
anything (for whatever reason...).

Cheers

On Wed, Jul 11, 2018, 09:28 Boris Stoyanov 
wrote:

> If you restart your network cloudstack will create a new router for you,
> if that does not happen then your zone is not able to deploy a VM and
> you’ll need to dig in the management logs to see whats wrong.
>
> Bobby
>
>
> boris.stoya...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>
> > On 11 Jul 2018, at 10:18, Jevgeni Zolotarjov 
> wrote:
> >
> > " But eventually if the network is used Cloudstack will automatically
> > recreate the router"
> >
> > Yes, I hoped for the same. But it doesn't happen. Virtual Router VM has
> not
> > appeared after being destroyed
> >
> > On Wed, Jul 11, 2018 at 10:13 AM Boris Stoyanov <
> > boris.stoya...@shapeblue.com> wrote:
> >
> >> If you’re looking to recover the very same VM, once expunged I don’t
> think
> >> you can. But eventually if the network is used Cloudstack will
> >> automatically recreate the router with the same settings and should be
> >> identical toy the old VM.
> >>
> >> Boris Stoyanov.
> >>
> >>
> >> boris.stoya...@shapeblue.com
> >> www.shapeblue.com
> >> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> >> @shapeblue
> >>
> >>
> >>
> >>> On 11 Jul 2018, at 10:10, Jevgeni Zolotarjov 
> >> wrote:
> >>>
> >>> I am running cloudstacl 4.11.1
> >>> Virtual Router VM got destroyed unintentionally.
> >>>
> >>> Is there a way to re-create it?
> >>>
> >>> Regards,
> >>> Jevgeni
> >>
> >>
>
>

Re: Importing Hyper-V to Cloudstack 4.11.0 UEFI and GPT

[Andrija Panic]

Hi Adam,

Wonderful that you found a way to solve it !

If you have some spare time, please consider updating the ACS
administration pages on github :) - I do that from time to time (since
can't contribute any code really :) )

Cheers!

On Tue, Jul 10, 2018, 17:43 Adam Witwicki  wrote:

> Fixed using this
>
>
> https://www.sevenforums.com/installation-setup/320700-boot-windows-7-8-gpt-bios-system-no-hybrid-mbrs-duet.html
>
> ROOT MBR disk,
> Attached GPT disk (imported windows partitions)
>
> select disk 0
> clean
> create partition primary [size=##]
> format
> select partition 1
> active
> list volume
> select volume 1
> assign
> list volume
> exit
>
> bcdboot C:\Windows /l en-us /s D:
> bootsect /nt60 D: /mbr /force
> bcdedit /store D:\boot\bcd /set {bootmgr} device boot
>
>
> Thanks Everyone
>
> Adam
>
> -Original Message-
> From: Adam Witwicki
> Sent: 10 July 2018 15:09
> To: users 
> Subject: RE: Importing Hyper-V to Cloudstack 4.11.0 UEFI and GPT
>
> Is there any way to get cloudstack to boot a GPT disk? This needs to be
> made clearer in the documentation, we have lots of hyper-v GEN2 boxes we
> need to import.
>
> I have found one bootloader on a CD that will boot the windows OS, but am
> having a nightmare getting this installed on the first HDD
> https://sourceforge.net/projects/cloverefiboot/
>
> Thanks
>
> Adam
>
> -Original Message-
> From: Andrija Panic 
> Sent: 09 July 2018 14:09
> To: users 
> Subject: Re: Importing Hyper-V to Cloudstack 4.11.0
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> Ah yes... if ti has anything to do with UEFI, than it's not possible.
>
> But if plain GPT - there should be a fix possible - check this one:
>
> https://forum.proxmox.com/threads/hyper-v-export-with-gpt-partition-table-will-not-boot.23716/
>
> Cheers
>
> On Mon, 9 Jul 2018 at 14:48, Adam Witwicki 
> wrote:
>
> > Andrija
> >
> > It looks like we cannot boot a GPT disk, this will be a huge pain, as
> > most of the systems we want to migrate are GPT
> >
> > Thanks
> >
> > Aadm
> >
> > -Original Message-
> > From: Andrija Panic 
> > Sent: 06 July 2018 14:27
> > To: users 
> > Subject: Re: Importing Hyper-V to Cloudstack 4.11.0
> >
> > ** This mail originated from OUTSIDE the Oakford corporate network.
> > Treat hyperlinks and attachments in this email with caution. **
> >
> > I would not be sure...
> >
> > Silly question, can you check (ps aux | grep VMNAME) or with virsh
> > dumpxml etc... that the volume is actually really attached to the VM ?
> > If so, then I would try to mount the volume on the hypervisor host
> > (there are ways to mount qcow2 and same with ceph, using rbd map,
> > etc...) to "enter" the volume and see if all fine.. or perhaps doing
> > qemu-img check... just from top of my head. I find it hard that
> > conversion produces damaged volume, but it;s possible,
> >
> > Actually, pay attention on the conversion process - not sure how/with
> > which tool you do conversion - but's it's good idea to export VM (from
> > HyperV) to get clean/single VHDX file, and then convert (check the
> > VHDX previously also with qemu-img check) Here there is a Windows
> > version, that should work (did NOT test it though):
> > https://cloudbase.it/qemu-img-windows/
> >
> > Let me know, really curious what is going on...
> >
> >
> >
> >
> > On Fri, 6 Jul 2018 at 14:49, Adam Witwicki 
> > wrote:
> >
> > > Andrija,
> > >
> > > I used qemu-img to convert to qcow2 since I am using KVM with ceph -
> > > when I view the console I get the emulated BIOS saying no bootable
> > > device found
> > > - this must be before any IDE or VirtIO drivers.
> > > I have also tried with NFS storage and get the same boot error.
> > >
> > > This process worked on 4.9, I notice there are more template options
> > > on
> > > 4.11.0 do I need to do any thing different?
> > >
> > > Thanks
> > >
> > > Adam
> > >
> > > -Original Message-
> > > From: Andrija Panic 
> > > Sent: 06 July 2018 13:45
> > > To: users 
> > > Subject: Re: Importing Hyper-V to Cloudstack 4.11.0
> > >
> > > ** This mail originated from OUTSIDE the Oakford corporate network.
> > > Treat hyperlinks and attachments in this email with caution. **
> > >
&

Re: ACS for Reseller

[Andrija Panic]

Just FYI, we are managing this via custom user Portal (portal does initial
user provisioning as well as i.e. demo VPC etc, lots of possibilities from
Portal side...) and it has account mapping from itself to ACS users, etc -
this all done because we are public IaaS provided, so for billing/usage
needs etc...

Cheers

On Tue, Jul 10, 2018, 16:14 Rafael Weingärtner 
wrote:

> Yes, it is.
>
> It is possible to create domain admins that can create further domain and
> users, ad even other domain admins for the sub-domains. They would be able
> to mange resource limiting and other "user"/client configurations.
>
> On Tue, Jul 10, 2018 at 11:12 AM, Lotic Lists  wrote:
>
> > Hi all
> >
> >
> >
> > Is it possible create a custom role to permit domain-admin create
> > subdomains
> > and accounts for subdomains?
> >
> > The scenario is to grant full autonomy to reseller.
> >
> >
> >
> > Tks
> >
> > Marcelo
> >
> >
>
>
> --
> Rafael Weingärtner
>