RE: VMware Template - To read from OVA or NOT

2022-03-29 Thread Corey, Mike 
I will have to test this update then in our environment.


Can you answer WHY the 3 additional scsi controllers are being added by ACS to 
my Windows VMs?  I am not selecting to add an extra data disk from the template 
or UI wizard.

I will reply with results after the upgrade to 4.16.1.

Mike

From: Nicolas Vazquez 
Sent: Tuesday, March 29, 2022 9:14 AM
To: Corey, Mike ; users@cloudstack.apache.org
Subject: Re: VMware Template - To read from OVA or NOT

Thanks Mike,

The 'Read VM settings from OVA' option was introduced on 4.15.0, and only on 
that version it was the default mode. Since 4.15.1 it was made optional, and 
the default mode remained the same as before 4.15.0.

Regarding the root disk controller issue, we have added a fix on 4.16.1: 
https://github.com/apache/cloudstack/pull/5910<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fcloudstack%2Fpull%2F5910=04%7C01%7Cmike.corey%40sap.com%7C54edf982ca7d453d086008da1185f646%7C42f7676cf455423c82f6dc2d99791af7%7C0%7C0%7C637841564933480956%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000=Dbp%2Bw8pLRtLA0wb%2BUqRH73tY4QAbNPDcWzkeYHKy3Zg%3D=0>
 - would be good to verify if this solves the booting issue after setting the 
controller correctly

Regards,
Nicolas Vazquez






From: Corey, Mike mailto:mike.co...@sap.com>>
Date: Tuesday, 29 March 2022 at 08:52
To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org> 
mailto:users@cloudstack.apache.org>>
Cc: Nicolas Vazquez 
mailto:nicolas.vazq...@shapeblue.com>>
Subject: RE: VMware Template - To read from OVA or NOT
Thanks for the reply.

Current ACS 4.16.0.

Deploying template on 4.15.1 had similar results when "Read VM settings from 
OVA" was OFF - the OS would just spin at startup.  Why I started using the Read 
OVA option.

When the option is OFF - I manually select the controller (lsilogicsas) and nic 
(e1000).  One thing I notice is that when the VM deploys, ACS adds 3 additional 
scsi controllers to the VM.  I thought that could be the issue; however, I 
deleted the extra controllers from the VM and the OS still spins like something 
isn't loading right.  Also, looking at the template settings, the 
rootdiskconntroller says lsisas1068 instead of what I selected "lsilogicsas" 
during template download.

Like I said, I feel like I've chased this tail before which is why I ended up 
using the "read VM settings from OVA" setting.  However, the developer of our 
front end web portal has me trying an image without the read OVA setting 
because they think it will fix an API mismatch they have.

Was the "Read VM Settings from OVA" option always "default" in previous 
versions?  In my notes, I have it was introduced in 4.15.1.

Mike



-Original Message-
From: Nicolas Vazquez 
mailto:nicolas.vazq...@shapeblue.com.INVALID>>
Sent: Tuesday, March 29, 2022 7:03 AM
To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>
Subject: Re: VMware Template - To read from OVA or NOT

[You don't often get email from 
nicolas.vazq...@shapeblue.com.invalid<mailto:nicolas.vazq...@shapeblue.com.invalid>.
 Learn why this is important at 
http://aka.ms/LearnAboutSenderIdentification.]<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Faka.ms%2FLearnAboutSenderIdentification.%255d=04%7C01%7Cmike.corey%40sap.com%7C54edf982ca7d453d086008da1185f646%7C42f7676cf455423c82f6dc2d99791af7%7C0%7C0%7C637841564933480956%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000=QSCeGutNLRDN1mIQq5kP0qoUeoGnBqwOYfZkybbISkc%3D=0>

Hi Mike,

The 'Read VM Settings from OVA' option is not mandatory, and by default the 
Vmware environments should not be affected if not using this feature on the 
templates.

I have some questions, which CloudStack version are you using? In this case it 
would seem like the combination of controllers is not supported for the 
template. Were you able to deploy from the same template on previous CloudStack 
versions setting the same controllers? Are the controllers correctly set on 
vCenter? The 'Read VM settings from OVA' honors the template configuration and 
controllers. When deploying a VM using this option, are the disk and NIC 
controllers the same as the ones you want to set when not enabling the option? 
As a quick test, can you create a test VM using the 'Read VM settings from OVA' 
option, stop it and change the controllers from vCenter - would the VM boot 
correctly?

Regards,
Nicolas Vazquez


From: Corey, Mike 
mailto:mike.co...@sap.com.INVALID>>
Date: Thursday, 24 March 2022 at 13:54
To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org> 
mailto:users@cloudstack.apache.org>>
Subject: VMware Template - To read from OVA or NOT
Hi - I feel like I've asked this in the past; however, my developer col

RE: VMware Template - To read from OVA or NOT

2022-03-29 Thread Corey, Mike 
Thanks for the reply.

Current ACS 4.16.0.

Deploying template on 4.15.1 had similar results when "Read VM settings from 
OVA" was OFF - the OS would just spin at startup.  Why I started using the Read 
OVA option.

When the option is OFF - I manually select the controller (lsilogicsas) and nic 
(e1000).  One thing I notice is that when the VM deploys, ACS adds 3 additional 
scsi controllers to the VM.  I thought that could be the issue; however, I 
deleted the extra controllers from the VM and the OS still spins like something 
isn't loading right.  Also, looking at the template settings, the 
rootdiskconntroller says lsisas1068 instead of what I selected "lsilogicsas" 
during template download.

Like I said, I feel like I've chased this tail before which is why I ended up 
using the "read VM settings from OVA" setting.  However, the developer of our 
front end web portal has me trying an image without the read OVA setting 
because they think it will fix an API mismatch they have.

Was the "Read VM Settings from OVA" option always "default" in previous 
versions?  In my notes, I have it was introduced in 4.15.1.  

Mike



-Original Message-
From: Nicolas Vazquez  
Sent: Tuesday, March 29, 2022 7:03 AM
To: users@cloudstack.apache.org
Subject: Re: VMware Template - To read from OVA or NOT

[You don't often get email from nicolas.vazq...@shapeblue.com.invalid. Learn 
why this is important at http://aka.ms/LearnAboutSenderIdentification.]

Hi Mike,

The 'Read VM Settings from OVA' option is not mandatory, and by default the 
Vmware environments should not be affected if not using this feature on the 
templates.

I have some questions, which CloudStack version are you using? In this case it 
would seem like the combination of controllers is not supported for the 
template. Were you able to deploy from the same template on previous CloudStack 
versions setting the same controllers? Are the controllers correctly set on 
vCenter? The 'Read VM settings from OVA' honors the template configuration and 
controllers. When deploying a VM using this option, are the disk and NIC 
controllers the same as the ones you want to set when not enabling the option? 
As a quick test, can you create a test VM using the 'Read VM settings from OVA' 
option, stop it and change the controllers from vCenter - would the VM boot 
correctly?

Regards,
Nicolas Vazquez


From: Corey, Mike 
Date: Thursday, 24 March 2022 at 13:54
To: users@cloudstack.apache.org 
Subject: VMware Template - To read from OVA or NOT
Hi - I feel like I've asked this in the past; however, my developer colleague 
has me spinning my wheels trying to get his code to work against this 
VMware/ACS environment.

I'm having trouble with deploying a VM instance using a VMware specific 
template when I DO NOT use the "Read VM Settings from OVA."  When I don't use 
that setting I set the root disk controller as "lsilogicsas" and NIC to 
"e1000."  The VM deploys however the OS never completely loads, just spins at 
Windows OS "Getting devices ready."

Using the SAME image, with the Read OVA setting - the VM instance deploys and 
loads the OS without issue.

Can someone from ShapeBlue or ACS verify that for VMWARE environments the "Read 
VM settings from OVA" IS or IS NOT required?  If in theory, I should be able to 
deploy a VM from a template where "Read VM Settings from OVA" is OFF - what 
could be the issue (I assume its something identified in OVA that is not 
getting loaded/seen from basic ACS API).



Many thanks!

Mike



Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com




[cid:image001.png@01D83F7E.500DA3D0]

VMware Template - To read from OVA or NOT

2022-03-24 Thread Corey, Mike 
Hi - I feel like I've asked this in the past; however, my developer colleague 
has me spinning my wheels trying to get his code to work against this 
VMware/ACS environment.

I'm having trouble with deploying a VM instance using a VMware specific 
template when I DO NOT use the "Read VM Settings from OVA."  When I don't use 
that setting I set the root disk controller as "lsilogicsas" and NIC to 
"e1000."  The VM deploys however the OS never completely loads, just spins at 
Windows OS "Getting devices ready."

Using the SAME image, with the Read OVA setting - the VM instance deploys and 
loads the OS without issue.

Can someone from ShapeBlue or ACS verify that for VMWARE environments the "Read 
VM settings from OVA" IS or IS NOT required?  If in theory, I should be able to 
deploy a VM from a template where "Read VM Settings from OVA" is OFF - what 
could be the issue (I assume its something identified in OVA that is not 
getting loaded/seen from basic ACS API).



Many thanks!

Mike



Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image001.png@01D83F7E.500DA3D0]

RE: Clarity on when to use "Non-OSS" ACS

2022-01-13 Thread Corey, Mike 
Second attempt for clarity...

From: Corey, Mike
Sent: Tuesday, January 11, 2022 2:53 PM
To: users@cloudstack.apache.org
Subject: Clarity on when to use "Non-OSS" ACS

Hi,

I've been working with ACS 4.15 deploying to VMware hypervisors for over a year 
now.  I'm catching up on 4.16 docs for an upgrade of our landscape.  For 
whatever reason I'm just seeing the below regarding Non-OSS package creation if 
using VMware.

Could I get some clarity on this please?  I'm not sure what it is meant by 
VMware, NetApp, or other non-oss plug-ins.  Up to this point I've been using 
the "normal" CloudStack CentOS package repo for the ACS installation.  Have I 
done it all wrong?


### ACS 4.16 Guide:

If you need support for the VMware, NetApp, F5, NetScaler, SRX, or any other 
non-Open Source Software (nonoss) plugins, you'll need to download a few 
components on your own and follow a slightly different procedure to build from 
source.

Some of the plugins supported by CloudStack cannot be distributed with 
CloudStack for licensing reasons. In some cases, some of the required 
libraries/JARs are under a proprietary license. In other cases, the required 
libraries may be under a license that's not compatible with Apache's licensing 
guidelines for third-party products.

###


Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E 
mike.co...@sap.com<mailto:mike.co...@sap.com>


[cid:image002.png@01D80851.80040570]

Clarity on when to use "Non-OSS" ACS

2022-01-11 Thread Corey, Mike 
Hi,

I've been working with ACS 4.15 deploying to VMware hypervisors for over a year 
now.  I'm catching up on 4.16 docs for an upgrade of our landscape.  For 
whatever reason I'm just seeing the below regarding Non-OSS package creation if 
using VMware.

Could I get some clarity on this please?  I'm not sure what it is meant by 
VMware, NetApp, or other non-oss plug-ins.  Up to this point I've been using 
the "normal" CloudStack CentOS package repo for the ACS installation.  Have I 
done it all wrong?


### ACS 4.16 Guide:

If you need support for the VMware, NetApp, F5, NetScaler, SRX, or any other 
non-Open Source Software (nonoss) plugins, you'll need to download a few 
components on your own and follow a slightly different procedure to build from 
source.

Some of the plugins supported by CloudStack cannot be distributed with 
CloudStack for licensing reasons. In some cases, some of the required 
libraries/JARs are under a proprietary license. In other cases, the required 
libraries may be under a license that's not compatible with Apache's licensing 
guidelines for third-party products.

###


Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image002.png@01D806FA.EE5ECAD0]

RE: API Command Question for "networkids"

2021-10-15 Thread Corey, Mike 
Hi, I am running ACS 4.15.1.0.

I will download the template using the “Read VM settings from OVA” and test the 
deployment from our front-end portal.

Stay tuned!

MC

From: Daan Hoogland 
Sent: Friday, October 15, 2021 4:02 AM
To: Corey, Mike 
Cc: users@cloudstack.apache.org; Rohit Yadav ; 
d...@cloudstack.apache.org
Subject: Re: API Command Question for "networkids"

Mike,
What version of ACS are your using?
the name in the UI would be :
•  "Read VM settings from OVA"
in the db it is called vm_template.deploy_as_is


On Thu, Oct 14, 2021 at 5:44 PM Corey, Mike 
mailto:mike.co...@sap.com>> wrote:
Daan,Rohit,

I don't see the "deployAsIs" in the Register Template UI when 
downloading/registering an OVA template nor do I see it as an option listed in 
the template details of an already registered template.  Am I missing something 
here?

Many thanks!

Mike



-Original Message-
From: Daan Hoogland mailto:daan.hoogl...@gmail.com>>
Sent: Thursday, October 14, 2021 2:55 AM
To: Corey, Mike mailto:mike.co...@sap.com>>
Cc: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>; 
d...@cloudstack.apache.org<mailto:d...@cloudstack.apache.org>
Subject: Re: API Command Question for "networkids"

I just checked the API description and I have been a bit misleading. The
deployAsIs parameter is issued during template registration, not at
deploytime. Look at the code for RegisterTemplateCmd. it is not described
in https://cloudstack.apache.org/api/apidocs-4.15/apis/registerTemplate.html
because it was introduced in 4.15.1 and the page describes 4.15.0. Normally
we don't allow for API changes for minor versions but in this case it was a
needed bug-fix.

On Wed, Oct 13, 2021 at 9:30 PM Corey, Mike 
mailto:mike.co...@sap.com>> wrote:

> Daan and others,
>
> Do you have an example of using the API "deployasis" parameter with VMware
> deployment?
>
> Our developer colleague is having trouble finding a solution.
>
> Thanks!
>
> Mike
>
> -Original Message-
> From: Corey, Mike 
> mailto:mike.co...@sap.com.INVALID>>
> Sent: Monday, October 4, 2021 12:31 PM
> To: daan.hoogl...@gmail.com<mailto:daan.hoogl...@gmail.com>; 
> users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>;
> d...@cloudstack.apache.org<mailto:d...@cloudstack.apache.org>
> Subject: [CAUTION] RE: API Command Question for "networkids"
>
> Daan,
>
> I see from the documentation that this is a new API for ACS 4.15.  Do you
> have an example command line that I should inject this "deployasis" flag?
>
> Thanks!
>
> Mike
>
> -Original Message-
> From: Daan Hoogland mailto:daan.hoogl...@gmail.com>>
> Sent: Friday, October 1, 2021 11:18 AM
> To: users mailto:users@cloudstack.apache.org>>
> Cc: d...@cloudstack.apache.org<mailto:d...@cloudstack.apache.org>
> Subject: Re: API Command Question for "networkids"
>
> Mike the old (your portal's) way should still work, on vmware you might
> want to call it with `deployasis=false`
>
> On Fri, Oct 1, 2021 at 5:01 PM Corey, Mike 
> mailto:mike.co...@sap.com.invalid>>
> wrote:
>
> > That is one thing that caused me to raise this question.  It isn't in the
> > API documentation, but found in the ACS logs when a VM is created via
> > CloudStack UI or API call from self-service portal.  Our developer is
> > porting over the code that works from the Self-Service portal deploying a
> > VM to XenServer hypervisor.  However, that same code does not configure
> the
> > network device correctly when deploying to VMware hypervisor.
> >
> > Example from ACS UI:
> >
> >
> >
> cmdEventType":"VM.CREATE","startvm":"true","nicnetworklist[0].network":"170d544c-ea5f-4627-98be-29202480aa4c","serviceofferingid":"eb796444-dec6-4b48-9552-de9a792a5b71","response":"json","ctxUserId":"6","displayname":"NetworkTest","name":"NetworkTest"
> >
> > Example from Self-Service API:
> >
> >
> >
> "cmdEventType":"VM.CREATE","networkids":"170d544c-ea5f-4627-98be-29202480aa4c","serviceofferingid":"fc57b518-b3d0-468c-8b2e-1704c88d763e","response":"json","ctxUserId":"8","displayname":"TVMNSQ46"
> >
> >
> > -Original Message-
> > From: Daan Hoogland 
> > mailto:daan.hoogl...@gmail.com>>
> > Sent: Friday, October 1, 2021 9:15 AM
> > To: users mailto:users@cloudstack.apache.org>>
> > Cc: d

RE: API Command Question for "networkids"

2021-10-14 Thread Corey, Mike 
Daan,Rohit,

I don't see the "deployAsIs" in the Register Template UI when 
downloading/registering an OVA template nor do I see it as an option listed in 
the template details of an already registered template.  Am I missing something 
here?

Many thanks!

Mike

  

-Original Message-
From: Daan Hoogland  
Sent: Thursday, October 14, 2021 2:55 AM
To: Corey, Mike 
Cc: users@cloudstack.apache.org; d...@cloudstack.apache.org
Subject: Re: API Command Question for "networkids"

I just checked the API description and I have been a bit misleading. The
deployAsIs parameter is issued during template registration, not at
deploytime. Look at the code for RegisterTemplateCmd. it is not described
in https://cloudstack.apache.org/api/apidocs-4.15/apis/registerTemplate.html
because it was introduced in 4.15.1 and the page describes 4.15.0. Normally
we don't allow for API changes for minor versions but in this case it was a
needed bug-fix.

On Wed, Oct 13, 2021 at 9:30 PM Corey, Mike  wrote:

> Daan and others,
>
> Do you have an example of using the API "deployasis" parameter with VMware
> deployment?
>
> Our developer colleague is having trouble finding a solution.
>
> Thanks!
>
> Mike
>
> -Original Message-
> From: Corey, Mike 
> Sent: Monday, October 4, 2021 12:31 PM
> To: daan.hoogl...@gmail.com; users@cloudstack.apache.org;
> d...@cloudstack.apache.org
> Subject: [CAUTION] RE: API Command Question for "networkids"
>
> Daan,
>
> I see from the documentation that this is a new API for ACS 4.15.  Do you
> have an example command line that I should inject this "deployasis" flag?
>
> Thanks!
>
> Mike
>
> -Original Message-
> From: Daan Hoogland 
> Sent: Friday, October 1, 2021 11:18 AM
> To: users 
> Cc: d...@cloudstack.apache.org
> Subject: Re: API Command Question for "networkids"
>
> Mike the old (your portal's) way should still work, on vmware you might
> want to call it with `deployasis=false`
>
> On Fri, Oct 1, 2021 at 5:01 PM Corey, Mike 
> wrote:
>
> > That is one thing that caused me to raise this question.  It isn't in the
> > API documentation, but found in the ACS logs when a VM is created via
> > CloudStack UI or API call from self-service portal.  Our developer is
> > porting over the code that works from the Self-Service portal deploying a
> > VM to XenServer hypervisor.  However, that same code does not configure
> the
> > network device correctly when deploying to VMware hypervisor.
> >
> > Example from ACS UI:
> >
> >
> >
> cmdEventType":"VM.CREATE","startvm":"true","nicnetworklist[0].network":"170d544c-ea5f-4627-98be-29202480aa4c","serviceofferingid":"eb796444-dec6-4b48-9552-de9a792a5b71","response":"json","ctxUserId":"6","displayname":"NetworkTest","name":"NetworkTest"
> >
> > Example from Self-Service API:
> >
> >
> >
> "cmdEventType":"VM.CREATE","networkids":"170d544c-ea5f-4627-98be-29202480aa4c","serviceofferingid":"fc57b518-b3d0-468c-8b2e-1704c88d763e","response":"json","ctxUserId":"8","displayname":"TVMNSQ46"
> >
> >
> > -Original Message-
> > From: Daan Hoogland 
> > Sent: Friday, October 1, 2021 9:15 AM
> > To: users 
> > Cc: d...@cloudstack.apache.org
> > Subject: Re: API Command Question for "networkids"
> >
> > Mike, I don't recognise the commands you talk about, `networkids` and
> > `nicnetworklist`. Can you give links to APIs in [1], please? There are
> some
> > API that are not generic over hypervisors, but these should be well
> > documented and really only very few.
> >
> > [1] https://cloudstack.apache.org/api/apidocs-4.15/
> >
> > On Fri, Oct 1, 2021 at 2:27 PM Corey, Mike 
> > wrote:
> >
> > > Hello - sending again in hopes of getting some feedback on the API
> > > question.
> > >
> > > Thanks!
> > >
> > > Mike
> > >
> > > From: Corey, Mike 
> > > Sent: Monday, September 27, 2021 12:18 PM
> > > To: d...@cloudstack.apache.org; users@cloudstack.apache.org
> > > Subject: [CAUTION] API Command Question for "networkids"
> > >
> > > Hi,
> > >
> > > Our self-service portal developers found that they cannot "port" code
> > from
> > > the current landscape running on XenServer with the new VMWare
&

RE: API Command Question for "networkids"

2021-10-13 Thread Corey, Mike 
Daan and others,

Do you have an example of using the API "deployasis" parameter with VMware 
deployment?

Our developer colleague is having trouble finding a solution.

Thanks!

Mike

-Original Message-
From: Corey, Mike  
Sent: Monday, October 4, 2021 12:31 PM
To: daan.hoogl...@gmail.com; users@cloudstack.apache.org; 
d...@cloudstack.apache.org
Subject: [CAUTION] RE: API Command Question for "networkids"

Daan,

I see from the documentation that this is a new API for ACS 4.15.  Do you have 
an example command line that I should inject this "deployasis" flag?

Thanks!

Mike

-Original Message-
From: Daan Hoogland  
Sent: Friday, October 1, 2021 11:18 AM
To: users 
Cc: d...@cloudstack.apache.org
Subject: Re: API Command Question for "networkids"

Mike the old (your portal's) way should still work, on vmware you might
want to call it with `deployasis=false`

On Fri, Oct 1, 2021 at 5:01 PM Corey, Mike 
wrote:

> That is one thing that caused me to raise this question.  It isn't in the
> API documentation, but found in the ACS logs when a VM is created via
> CloudStack UI or API call from self-service portal.  Our developer is
> porting over the code that works from the Self-Service portal deploying a
> VM to XenServer hypervisor.  However, that same code does not configure the
> network device correctly when deploying to VMware hypervisor.
>
> Example from ACS UI:
>
>
> cmdEventType":"VM.CREATE","startvm":"true","nicnetworklist[0].network":"170d544c-ea5f-4627-98be-29202480aa4c","serviceofferingid":"eb796444-dec6-4b48-9552-de9a792a5b71","response":"json","ctxUserId":"6","displayname":"NetworkTest","name":"NetworkTest"
>
> Example from Self-Service API:
>
>
> "cmdEventType":"VM.CREATE","networkids":"170d544c-ea5f-4627-98be-29202480aa4c","serviceofferingid":"fc57b518-b3d0-468c-8b2e-1704c88d763e","response":"json","ctxUserId":"8","displayname":"TVMNSQ46"
>
>
> -Original Message-
> From: Daan Hoogland 
> Sent: Friday, October 1, 2021 9:15 AM
> To: users 
> Cc: d...@cloudstack.apache.org
> Subject: Re: API Command Question for "networkids"
>
> Mike, I don't recognise the commands you talk about, `networkids` and
> `nicnetworklist`. Can you give links to APIs in [1], please? There are some
> API that are not generic over hypervisors, but these should be well
> documented and really only very few.
>
> [1] https://cloudstack.apache.org/api/apidocs-4.15/
>
> On Fri, Oct 1, 2021 at 2:27 PM Corey, Mike 
> wrote:
>
> > Hello - sending again in hopes of getting some feedback on the API
> > question.
> >
> > Thanks!
> >
> > Mike
> >
> > From: Corey, Mike 
> > Sent: Monday, September 27, 2021 12:18 PM
> > To: d...@cloudstack.apache.org; users@cloudstack.apache.org
> > Subject: [CAUTION] API Command Question for "networkids"
> >
> > Hi,
> >
> > Our self-service portal developers found that they cannot "port" code
> from
> > the current landscape running on XenServer with the new VMWare landscape
> > recently built.  There are some APIs that look to have changed and/or are
> > specific to VMware hypervisors.
> >
> > The two APIs in question are the "networkids" and "nicnetworklist"
> > commands.  The command API "networkids" works from the self-service
> portal
> > when deploying to XenServer; however that same line of code does NOT
> > configure the correct network settings (assigns to wrong guest network)
> > when deploying to a VMware hypervisor.
> >
> > Digging into the logs we found that when deploying a VM from the ACS UI
> to
> > VMware, the command "nicnetworklist" is now used when deploying to VMware
> > hypervisor.
> >
> > 1 - Is there API command that is "hypervisor-agnostic" or can be used
> > against both XenServer and VMware?
> > 2 - The VMware API references a NIC ID of "8"
> > ("nicnetworklist[0].nic":"8",).  Is this arbitrary or will each ACS
> > management server (or region, or zone) use a different ID?
> >
> >   *   This could be a problem if our self-service services multiple
> > regions/zones.
> > 3 - Is there a global setting or other hidden setting that can be set so
> > that ONE API Command works against both XenServer and VMware?
> >
> > Many thanks!
> >
> > Mike
> >
> >
> >
> >
> >
> > Mike Corey
> >
> > Technology Senior Consultant, IT CS CTW Operation & Virtualization
> Service
> > US
> >
> > SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United
> > States
> >
> > T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com > mike.co...@sap.com>
> >
> >
> > [cid:image003.png@01D7B399.B29A8C00]
> >
> >
> >
>
> --
> Daan
>


-- 
Daan

RE: API Command Question for "networkids"

2021-10-04 Thread Corey, Mike 
Daan,

I see from the documentation that this is a new API for ACS 4.15.  Do you have 
an example command line that I should inject this "deployasis" flag?

Thanks!

Mike

-Original Message-
From: Daan Hoogland  
Sent: Friday, October 1, 2021 11:18 AM
To: users 
Cc: d...@cloudstack.apache.org
Subject: Re: API Command Question for "networkids"

Mike the old (your portal's) way should still work, on vmware you might
want to call it with `deployasis=false`

On Fri, Oct 1, 2021 at 5:01 PM Corey, Mike 
wrote:

> That is one thing that caused me to raise this question.  It isn't in the
> API documentation, but found in the ACS logs when a VM is created via
> CloudStack UI or API call from self-service portal.  Our developer is
> porting over the code that works from the Self-Service portal deploying a
> VM to XenServer hypervisor.  However, that same code does not configure the
> network device correctly when deploying to VMware hypervisor.
>
> Example from ACS UI:
>
>
> cmdEventType":"VM.CREATE","startvm":"true","nicnetworklist[0].network":"170d544c-ea5f-4627-98be-29202480aa4c","serviceofferingid":"eb796444-dec6-4b48-9552-de9a792a5b71","response":"json","ctxUserId":"6","displayname":"NetworkTest","name":"NetworkTest"
>
> Example from Self-Service API:
>
>
> "cmdEventType":"VM.CREATE","networkids":"170d544c-ea5f-4627-98be-29202480aa4c","serviceofferingid":"fc57b518-b3d0-468c-8b2e-1704c88d763e","response":"json","ctxUserId":"8","displayname":"TVMNSQ46"
>
>
> -Original Message-
> From: Daan Hoogland 
> Sent: Friday, October 1, 2021 9:15 AM
> To: users 
> Cc: d...@cloudstack.apache.org
> Subject: Re: API Command Question for "networkids"
>
> Mike, I don't recognise the commands you talk about, `networkids` and
> `nicnetworklist`. Can you give links to APIs in [1], please? There are some
> API that are not generic over hypervisors, but these should be well
> documented and really only very few.
>
> [1] https://cloudstack.apache.org/api/apidocs-4.15/
>
> On Fri, Oct 1, 2021 at 2:27 PM Corey, Mike 
> wrote:
>
> > Hello - sending again in hopes of getting some feedback on the API
> > question.
> >
> > Thanks!
> >
> > Mike
> >
> > From: Corey, Mike 
> > Sent: Monday, September 27, 2021 12:18 PM
> > To: d...@cloudstack.apache.org; users@cloudstack.apache.org
> > Subject: [CAUTION] API Command Question for "networkids"
> >
> > Hi,
> >
> > Our self-service portal developers found that they cannot "port" code
> from
> > the current landscape running on XenServer with the new VMWare landscape
> > recently built.  There are some APIs that look to have changed and/or are
> > specific to VMware hypervisors.
> >
> > The two APIs in question are the "networkids" and "nicnetworklist"
> > commands.  The command API "networkids" works from the self-service
> portal
> > when deploying to XenServer; however that same line of code does NOT
> > configure the correct network settings (assigns to wrong guest network)
> > when deploying to a VMware hypervisor.
> >
> > Digging into the logs we found that when deploying a VM from the ACS UI
> to
> > VMware, the command "nicnetworklist" is now used when deploying to VMware
> > hypervisor.
> >
> > 1 - Is there API command that is "hypervisor-agnostic" or can be used
> > against both XenServer and VMware?
> > 2 - The VMware API references a NIC ID of "8"
> > ("nicnetworklist[0].nic":"8",).  Is this arbitrary or will each ACS
> > management server (or region, or zone) use a different ID?
> >
> >   *   This could be a problem if our self-service services multiple
> > regions/zones.
> > 3 - Is there a global setting or other hidden setting that can be set so
> > that ONE API Command works against both XenServer and VMware?
> >
> > Many thanks!
> >
> > Mike
> >
> >
> >
> >
> >
> > Mike Corey
> >
> > Technology Senior Consultant, IT CS CTW Operation & Virtualization
> Service
> > US
> >
> > SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United
> > States
> >
> > T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com > mike.co...@sap.com>
> >
> >
> > [cid:image003.png@01D7B399.B29A8C00]
> >
> >
> >
>
> --
> Daan
>


-- 
Daan

RE: API Command Question for "networkids"

2021-10-01 Thread Corey, Mike 
That is one thing that caused me to raise this question.  It isn't in the API 
documentation, but found in the ACS logs when a VM is created via CloudStack UI 
or API call from self-service portal.  Our developer is porting over the code 
that works from the Self-Service portal deploying a VM to XenServer hypervisor. 
 However, that same code does not configure the network device correctly when 
deploying to VMware hypervisor. 

Example from ACS UI:

cmdEventType":"VM.CREATE","startvm":"true","nicnetworklist[0].network":"170d544c-ea5f-4627-98be-29202480aa4c","serviceofferingid":"eb796444-dec6-4b48-9552-de9a792a5b71","response":"json","ctxUserId":"6","displayname":"NetworkTest","name":"NetworkTest"

Example from Self-Service API:

"cmdEventType":"VM.CREATE","networkids":"170d544c-ea5f-4627-98be-29202480aa4c","serviceofferingid":"fc57b518-b3d0-468c-8b2e-1704c88d763e","response":"json","ctxUserId":"8","displayname":"TVMNSQ46"


-Original Message-
From: Daan Hoogland  
Sent: Friday, October 1, 2021 9:15 AM
To: users 
Cc: d...@cloudstack.apache.org
Subject: Re: API Command Question for "networkids"

Mike, I don't recognise the commands you talk about, `networkids` and
`nicnetworklist`. Can you give links to APIs in [1], please? There are some
API that are not generic over hypervisors, but these should be well
documented and really only very few.

[1] https://cloudstack.apache.org/api/apidocs-4.15/

On Fri, Oct 1, 2021 at 2:27 PM Corey, Mike 
wrote:

> Hello - sending again in hopes of getting some feedback on the API
> question.
>
> Thanks!
>
> Mike
>
> From: Corey, Mike 
> Sent: Monday, September 27, 2021 12:18 PM
> To: d...@cloudstack.apache.org; users@cloudstack.apache.org
> Subject: [CAUTION] API Command Question for "networkids"
>
> Hi,
>
> Our self-service portal developers found that they cannot "port" code from
> the current landscape running on XenServer with the new VMWare landscape
> recently built.  There are some APIs that look to have changed and/or are
> specific to VMware hypervisors.
>
> The two APIs in question are the "networkids" and "nicnetworklist"
> commands.  The command API "networkids" works from the self-service portal
> when deploying to XenServer; however that same line of code does NOT
> configure the correct network settings (assigns to wrong guest network)
> when deploying to a VMware hypervisor.
>
> Digging into the logs we found that when deploying a VM from the ACS UI to
> VMware, the command "nicnetworklist" is now used when deploying to VMware
> hypervisor.
>
> 1 - Is there API command that is "hypervisor-agnostic" or can be used
> against both XenServer and VMware?
> 2 - The VMware API references a NIC ID of "8"
> ("nicnetworklist[0].nic":"8",).  Is this arbitrary or will each ACS
> management server (or region, or zone) use a different ID?
>
>   *   This could be a problem if our self-service services multiple
> regions/zones.
> 3 - Is there a global setting or other hidden setting that can be set so
> that ONE API Command works against both XenServer and VMware?
>
> Many thanks!
>
> Mike
>
>
>
>
>
> Mike Corey
>
> Technology Senior Consultant, IT CS CTW Operation & Virtualization Service
> US
>
> SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United
> States
>
> T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com mike.co...@sap.com>
>
>
> [cid:image003.png@01D7B399.B29A8C00]
>
>
>

-- 
Daan

RE: API Command Question for "networkids"

2021-10-01 Thread Corey, Mike 
Hello - sending again in hopes of getting some feedback on the API question.

Thanks!

Mike

From: Corey, Mike 
Sent: Monday, September 27, 2021 12:18 PM
To: d...@cloudstack.apache.org; users@cloudstack.apache.org
Subject: [CAUTION] API Command Question for "networkids"

Hi,

Our self-service portal developers found that they cannot "port" code from the 
current landscape running on XenServer with the new VMWare landscape recently 
built.  There are some APIs that look to have changed and/or are specific to 
VMware hypervisors.

The two APIs in question are the "networkids" and "nicnetworklist" commands.  
The command API "networkids" works from the self-service portal when deploying 
to XenServer; however that same line of code does NOT configure the correct 
network settings (assigns to wrong guest network) when deploying to a VMware 
hypervisor.

Digging into the logs we found that when deploying a VM from the ACS UI to 
VMware, the command "nicnetworklist" is now used when deploying to VMware 
hypervisor.

1 - Is there API command that is "hypervisor-agnostic" or can be used against 
both XenServer and VMware?
2 - The VMware API references a NIC ID of "8" ("nicnetworklist[0].nic":"8",).  
Is this arbitrary or will each ACS management server (or region, or zone) use a 
different ID?

  *   This could be a problem if our self-service services multiple 
regions/zones.
3 - Is there a global setting or other hidden setting that can be set so that 
ONE API Command works against both XenServer and VMware?

Many thanks!

Mike





Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E 
mike.co...@sap.com<mailto:mike.co...@sap.com>


[cid:image003.png@01D7B399.B29A8C00]

API Command Question for "networkids"

2021-09-27 Thread Corey, Mike 
Hi,

Our self-service portal developers found that they cannot "port" code from the 
current landscape running on XenServer with the new VMWare landscape recently 
built.  There are some APIs that look to have changed and/or are specific to 
VMware hypervisors.

The two APIs in question are the "networkids" and "nicnetworklist" commands.  
The command API "networkids" works from the self-service portal when deploying 
to XenServer; however that same line of code does NOT configure the correct 
network settings (assigns to wrong guest network) when deploying to a VMware 
hypervisor.

Digging into the logs we found that when deploying a VM from the ACS UI to 
VMware, the command "nicnetworklist" is now used when deploying to VMware 
hypervisor.

1 - Is there API command that is "hypervisor-agnostic" or can be used against 
both XenServer and VMware?
2 - The VMware API references a NIC ID of "8" ("nicnetworklist[0].nic":"8",).  
Is this arbitrary or will each ACS management server (or region, or zone) use a 
different ID?

  *   This could be a problem if our self-service services multiple 
regions/zones.
3 - Is there a global setting or other hidden setting that can be set so that 
ONE API Command works against both XenServer and VMware?

Many thanks!

Mike





Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image003.png@01D7B399.B29A8C00]

RE: Console Proxy & VMware 7

2021-08-30 Thread Corey, Mike 
To add a little more context.

In the cloud.log of the console proxy vm I see the error 
"(WebSocketConnectReadThread-124:null)Error on connection to websocket: No 
subject alternative names matching IP address  found".

My console proxy is setup using a wildcard SSL certificate.  For example when I 
go to the console url provided in the management-server.log "Compose console 
url" (example: https://./resource/noVNC/vnc.html?autoconnect=true=8080=jBwbg4guest=windows<https://%3cpublic-IP%3e.%3cdomain%20suffix%3e/resource/noVNC/vnc.html?autoconnect=true=8080=jBwbg4guest=windows>)
 my wildcard SSL cert is valid.

I honestly don't know what the console proxy behavior was prior to the 4.15.1 
or ESXi 7 upgrades.  I don't understand why it is looking for a SAN for the 
ESXi host IP.

Also, for the record, I did destroy and recreate the system VMs after the 
upgrades so they should be running the correct version of the system vms.

Thanks!

Mike




From: Corey, Mike 
Sent: Monday, August 30, 2021 10:51 AM
To: users@cloudstack.apache.org
Subject: [CAUTION] Console Proxy & VMware 7

Hi,

I am running ACS 4.15.1 and it was originally configured with ESXi 6.7 
hypervisor.  I recently upgraded to ESXi 7 and have noticed that console proxy 
is no longer working.

I CANNOT say for certain that the upgrade of the hypervisor caused this console 
proxy issue though.  I CAN say that it was working in July (ESXi 6.7) - and the 
only change to the environment that I am aware of is the VMware upgrade to 
version 7.

Could anyone out there verify they have console proxy access working with their 
VMware ESXi 7 hypervisor hosted VM instances???

Many thanks!

Mike




Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E 
mike.co...@sap.com<mailto:mike.co...@sap.com>


[cid:image001.png@01D79D8C.E3CB4210]

Console Proxy & VMware 7

2021-08-30 Thread Corey, Mike 
Hi,

I am running ACS 4.15.1 and it was originally configured with ESXi 6.7 
hypervisor.  I recently upgraded to ESXi 7 and have noticed that console proxy 
is no longer working.

I CANNOT say for certain that the upgrade of the hypervisor caused this console 
proxy issue though.  I CAN say that it was working in July (ESXi 6.7) - and the 
only change to the environment that I am aware of is the VMware upgrade to 
version 7.

Could anyone out there verify they have console proxy access working with their 
VMware ESXi 7 hypervisor hosted VM instances???

Many thanks!

Mike




Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image001.png@01D79D8C.E3CB4210]

RE: NFS Error Ubuntu 20.4

2021-07-08 Thread Corey, Mike 
John,

Have you set the global settings parameter secstorage.nfs.version?

I had to set it as 3 for my environment as NFS4 isn’t used yet.  However, I’m 
using an external storage system, not KVM as the NFS host.

Mike

From: John 
Sent: Thursday, July 8, 2021 7:54 AM
To: users@cloudstack.apache.org
Subject: NFS Error Ubuntu 20.4

We are having some issues with the latest CS 4.15.1 which we never had before.

We are using the following:-
Ubuntu 20.4
CS 4.15.1

NFS is on the same host as the KVM server.
We can mount the /export/secondary directory successfully from the management 
host.
But when CS tries to mount it we get this error is the management log.

Unable to mount XXX.XXX.:/export/secondary at 
/mnt/SecStorage/4891ed6e-23b4-3b63-a190-1298ce00ed8d due to mount.nfs: access 
denied by server while mounting XXX.XXX.:/export/secondary

Further, as we are using the KVM host as the NFS server do we need to install 
NFS on the management host as well as the KVM host ?

Here is some further logs which may assist.

2021-07-08 11:36:48,252 DEBUG [c.c.a.t.Request] (AgentManager-Handler-9:null) 
(logid:) Seq 2-5813865643958599684: Processing:  { Ans: , MgmtId: 
148407405838237, via: 2, Ver: v1, Flags: 110, 
[{"com.cloud.agent.api.Answer":{"result":"false","details":"com.cloud.utils.exception.CloudRuntimeException:
 GetRootDir for 
nfs://XX.XX.XX.XX/export/secondary<http://XX.XX.XX.XX/export/secondary> failed 
due to com.cloud.utils.exception.CloudRuntimeException: Unable to 
mountXX.XX.XX.XX:/export/secondary at 
/mnt/SecStorage/4891ed6e-23b4-3b63-a190-1298ce00ed8d due to mount.nfs: parsing 
error on 'vers=' option

Any tips would be helpful.

Sent with ProtonMail<https://protonmail.com/> Secure Email.

RE: Console Proxy & SSL

2021-07-02 Thread Corey, Mike 
Thank you for the help - my issue was resolved when I destroyed and ACS 
redeployed the console proxy vm.  I was trying to avoid that by troubleshooting 
the systemvm itself but am on a time crunch.

Thanks for clarifying the client/agent log entry as not being part of my issue.



-Original Message-
From: Andrija Panic  
Sent: Thursday, July 1, 2021 4:22 PM
To: users 
Subject: Re: Console Proxy & SSL

Hi Mike,

certificate for securing UI and the certificate for securing access to
Console of the VM (i.e. securing HTTPS access from browser to the public IP
of the CPVM/SSVM) are 2 completely different things - and you can/should
use 2 different certificates.

Please read this article - it's very comprehensive and up to date in
regards to the steps - afterwards, I'm happy to answer any additional
questions you might have:
https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/


Your second email - is referring to a cloudstack agent certificate that is
generated by default to secure agent-to-mgmt communication - nothing to do
with the other 2 you are configuring.

Cheers,


On Thu, 1 Jul 2021 at 19:39, Corey, Mike  wrote:

> To help me with troubleshooting, could one of the developers let me know
> where the wildcard certificate is loaded into the ssvm and consolevm?  Is
> there a way to verify the custom wildcard cert I’ve uploaded is where it
> should be? I’m seeing this error in the ACS logs.
>
> Should the CA wildcard certificate issuer & CN be in the “presented these
> certificates” section of log?
>
>
> 2021-07-01 13:23:12,070 DEBUG [o.a.c.c.p.RootCACustomTrustManager]
> (pool-13-thread-1:null) (logid:) A client/agent attempting connection from
> address=10.#.#.# has presented these certificate(s):
> Certificate [1] :
> Serial: 85b01fc4f045cf08
>   Not Before:Thu Jul 01 01:03:33 EDT 2021
>   Not After:Fri Jul 01 13:03:33 EDT 2022
>   Signature Algorithm:SHA256withRSA
>   Version:3
>   Subject DN:C=cloudstack, O=cloudstack, OU=cloudstack, CN=v-17-VM
>   Issuer DN:CN=ca.cloudstack.apache.org
>   Alternative Names:[[7, 10.#.#.#], [7, 10.#.#.#], [2, v-17-VM]]
> Certificate [2] :
> Serial: 3b2fcee96e685c62
>   Not Before:Mon May 03 00:43:22 EDT 2021
>   Not After:Wed Apr 26 12:43:22 EDT 2051
>   Signature Algorithm:SHA256withRSA
>   Version:3
>   Subject DN:CN=ca.cloudstack.apache.org
>   Issuer DN:CN=ca.cloudstack.apache.org
>   Alternative Names:null
>
> 2021-07-01 13:23:12,071 ERROR [o.a.c.c.p.RootCACustomTrustManager]
> (pool-13-thread-1:null) (logid:) Certificate ownership verification failed
> for client: 10.#.#.#
> 2021-07-01 13:23:12,073 ERROR [c.c.u.n.Link]
> (AgentManager-SSLHandshakeHandler-4:null) (logid:) SSL error caught during
> wrap data: Certificate ownership verification failed for client: 10.#.#.#,
> for local address=/10.#.#.#:8250, remote address=/10.#.#.#:36082.
> 2021-07-01 13:23:17,464 ERROR [c.c.u.n.Link]
> (AgentManager-SSLHandshakeHandler-4:null) (logid:) SSL error caught during
> wrap data: Empty server certificate chain, for local
> address=/10.#.#.#:8250, remote address=/10.#.#.##:36084.
>
>
>
>
> From: Corey, Mike 
> Sent: Thursday, July 1, 2021 10:33 AM
> To: users 
> Subject: [CAUTION] Console Proxy & SSL
>
> Hi,
>
> I could use some clarification here on TLS/SSL usage.  I’ve secured my ACS
> UI with a CA issued certificate.  This certificate has the FQDN of my ACS
> server as the CN.  The certificate is valid and the Management UI
> connection is secured in the web browser.
>
> I’m now trying to modify the Console Proxy SSL Certificate base on this
> page:
> http://docs.cloudstack.apache.org/en/latest/adminguide/systemvm.html#using-a-ssl-certificate-for-the-console-proxy
>
> I have created the wildcard CA issued certificate as *. along
> with the unencrypted key per the steps on above wiki page.
>
> After the changes are made in the UI under Infrastructure – SSL
> Certificates, the consolevm reboots; however it doesn’t appear it is
> loading my CA certificate with the wildcard.
>
> Answer this please --- I should be able to have two separate certificates:
> one for the UI management (FQDN of ACS) and one for console proxy session
> (wildcard).
>
> I had this on the 4.14 lab implementation but unfortunately my build notes
> on this step were poor ☹.
>
>
> Mike Corey
>
> Technology Senior Consultant, IT CS CTW Operation & Virtualization Service
> US
>
> SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United
> States
>
> T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com mike.co...@sap.com>
>
>
> [cid:image003.png@01D76E64.7F7C0C60]
>
>
>

-- 

Andrija Panić

RE: Console Proxy & SSL

2021-07-01 Thread Corey, Mike 
To help me with troubleshooting, could one of the developers let me know where 
the wildcard certificate is loaded into the ssvm and consolevm?  Is there a way 
to verify the custom wildcard cert I’ve uploaded is where it should be? I’m 
seeing this error in the ACS logs.

Should the CA wildcard certificate issuer & CN be in the “presented these 
certificates” section of log?


2021-07-01 13:23:12,070 DEBUG [o.a.c.c.p.RootCACustomTrustManager] 
(pool-13-thread-1:null) (logid:) A client/agent attempting connection from 
address=10.#.#.# has presented these certificate(s):
Certificate [1] :
Serial: 85b01fc4f045cf08
  Not Before:Thu Jul 01 01:03:33 EDT 2021
  Not After:Fri Jul 01 13:03:33 EDT 2022
  Signature Algorithm:SHA256withRSA
  Version:3
  Subject DN:C=cloudstack, O=cloudstack, OU=cloudstack, CN=v-17-VM
  Issuer DN:CN=ca.cloudstack.apache.org
  Alternative Names:[[7, 10.#.#.#], [7, 10.#.#.#], [2, v-17-VM]]
Certificate [2] :
Serial: 3b2fcee96e685c62
  Not Before:Mon May 03 00:43:22 EDT 2021
  Not After:Wed Apr 26 12:43:22 EDT 2051
  Signature Algorithm:SHA256withRSA
  Version:3
  Subject DN:CN=ca.cloudstack.apache.org
  Issuer DN:CN=ca.cloudstack.apache.org
  Alternative Names:null

2021-07-01 13:23:12,071 ERROR [o.a.c.c.p.RootCACustomTrustManager] 
(pool-13-thread-1:null) (logid:) Certificate ownership verification failed for 
client: 10.#.#.#
2021-07-01 13:23:12,073 ERROR [c.c.u.n.Link] 
(AgentManager-SSLHandshakeHandler-4:null) (logid:) SSL error caught during wrap 
data: Certificate ownership verification failed for client: 10.#.#.#, for local 
address=/10.#.#.#:8250, remote address=/10.#.#.#:36082.
2021-07-01 13:23:17,464 ERROR [c.c.u.n.Link] 
(AgentManager-SSLHandshakeHandler-4:null) (logid:) SSL error caught during wrap 
data: Empty server certificate chain, for local address=/10.#.#.#:8250, remote 
address=/10.#.#.##:36084.




From: Corey, Mike 
Sent: Thursday, July 1, 2021 10:33 AM
To: users 
Subject: [CAUTION] Console Proxy & SSL

Hi,

I could use some clarification here on TLS/SSL usage.  I’ve secured my ACS UI 
with a CA issued certificate.  This certificate has the FQDN of my ACS server 
as the CN.  The certificate is valid and the Management UI connection is 
secured in the web browser.

I’m now trying to modify the Console Proxy SSL Certificate base on this page: 
http://docs.cloudstack.apache.org/en/latest/adminguide/systemvm.html#using-a-ssl-certificate-for-the-console-proxy

I have created the wildcard CA issued certificate as *. along with 
the unencrypted key per the steps on above wiki page.

After the changes are made in the UI under Infrastructure – SSL Certificates, 
the consolevm reboots; however it doesn’t appear it is loading my CA 
certificate with the wildcard.

Answer this please --- I should be able to have two separate certificates: one 
for the UI management (FQDN of ACS) and one for console proxy session 
(wildcard).

I had this on the 4.14 lab implementation but unfortunately my build notes on 
this step were poor ☹.


Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E 
mike.co...@sap.com<mailto:mike.co...@sap.com>


[cid:image003.png@01D76E64.7F7C0C60]

Console Proxy & SSL

2021-07-01 Thread Corey, Mike 
Hi,

I could use some clarification here on TLS/SSL usage.  I’ve secured my ACS UI 
with a CA issued certificate.  This certificate has the FQDN of my ACS server 
as the CN.  The certificate is valid and the Management UI connection is 
secured in the web browser.

I’m now trying to modify the Console Proxy SSL Certificate base on this page: 
http://docs.cloudstack.apache.org/en/latest/adminguide/systemvm.html#using-a-ssl-certificate-for-the-console-proxy

I have created the wildcard CA issued certificate as *. along with 
the unencrypted key per the steps on above wiki page.

After the changes are made in the UI under Infrastructure – SSL Certificates, 
the consolevm reboots; however it doesn’t appear it is loading my CA 
certificate with the wildcard.

Answer this please --- I should be able to have two separate certificates: one 
for the UI management (FQDN of ACS) and one for console proxy session 
(wildcard).

I had this on the 4.14 lab implementation but unfortunately my build notes on 
this step were poor ☹.


Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image003.png@01D76E64.7F7C0C60]

RE: Issues Found Apache CloudStack 4.15.1.0 (RC2)

2021-06-21 Thread Corey, Mike 
Thanks for the update and testing it out.  It may be my browser/issue only.

I have 3 physical networks and for whatever reason only 1 of them didn’t save.  
Even going next and previous in the wizard it would show sometimes and others 
not show.  Its not a show stopper since I know what to look for now.  For the 
record it occurred with physical network instance 2.

MC

From: Andrija Panic 
Sent: Monday, June 21, 2021 11:20 AM
To: users 
Cc: d...@cloudstack.apache.org; Corey, Mike 
Subject: Re: Issues Found Apache CloudStack 4.15.1.0 (RC2)

Hi Mike,

as for the first issue, I have deployed a Zone manually with RC2 - and my label 
(for KVM is there). I've also deployed a zone with VMware - and again 
everything is OK - traffic label is there (I had 2 physical networks, with 
different traffic labels - and all good)

If you can please advise on how different your setup might be - let's try to 
reproduce the issue - otherwise, I don't see an issue with RC2.
(screenshot below)

Best,

[cid:image001.png@01D76695.39B17390]

On Fri, 18 Jun 2021 at 23:01, Corey, Mike 
mailto:mike.co...@sap.com.invalid>> wrote:
Well - I found a "workaround", but it really can't be explained.  I reverted to 
a snapshot THREE times and retraced my steps just to validate what I'm seeing.

Short summary - When the zone is enabled and the systemvms are created a folder 
is created at /var/cloudstack/mnt/VM/.  This folder has the 
nobody:nobody attribute and the error Unable to copy systemvm ISO on secondary 
storage.  Next, I removed the Secondary Storage entry, restarted services, 
re-added Secondary Storage, restarted services, AND systemvms deploy.

Attributes of UID Folder at initial systemvm build:
drwxr-xr-x. 3 cloud  cloud34 Jun 18 16:27 .
drwxrwx---. 3 root   cloud16 Jun 18 16:27 ..
drwxrwxrwt. 6 nobody nobody 4096 Jun 18 15:51 345050034639.51841a7

*** ACS tries to set perms on this folder but fails ***
2021-06-18 16:27:25,862 DEBUG [c.c.h.v.m.VmwareManagerImpl] 
(DirectAgent-3:ctx-a90e1ecb usphlmvesxt01.phl.global.corp.sap, job-9/job-51, 
cmd: CopyCommand) (logid:3d148cdf) chmod: changing permissions of 
‘/var/cloudstack/mnt/VM/345050034639.51841a7’: Operation not permitted
2021-06-18 16:27:25,865 WARN  [c.c.h.v.m.VmwareManagerImpl] 
(DirectAgent-3:ctx-a90e1ecb usphlmvesxt01.phl.global.corp.sap, job-9/job-51, 
cmd: CopyCommand) (logid:3d148cdf) Unable to set permissions for 
/var/cloudstack/mnt/VM/345050034639.51841a7 due to chmod: changing permissions 
of ‘/var/cloudstack/mnt/VM/345050034639.51841a7’: Operation not permitted

***When you remove the SS in UI and restart the services, ACS will clear this 
folder***
2021-06-18 16:31:07,962 INFO  [c.c.h.v.m.VmwareManagerImpl] 
(SpringContextShutdownHook:null) (logid:) shutting down scheduled tasks
2021-06-18 16:31:07,962 INFO  [c.c.h.v.m.VmwareManagerImpl] 
(SpringContextShutdownHook:null) (logid:) Cleanup mounted NFS mount points used 
in current session
2021-06-18 16:31:07,962 INFO  [c.c.h.v.m.VmwareManagerImpl] 
(SpringContextShutdownHook:null) (logid:) umount NFS mount: 
/var/cloudstack/mnt/VM/345050034639.51841a7
2021-06-18 16:31:07,962 DEBUG [c.c.h.v.m.VmwareManagerImpl] 
(SpringContextShutdownHook:null) (logid:) Executing: sudo umount 
/var/cloudstack/mnt/VM/345050034639.51841a7

***Re-adding the SS in the UI and restarting services ACS CAN set the perms for 
the new folder ***
2021-06-18 16:38:56,254 DEBUG [c.c.h.v.m.VmwareManagerImpl] 
(DirectAgent-15:ctx-f9c800cf usphlmvesxt02.phl.global.corp.sap, job-9/job-58, 
cmd: StartCommand) (logid:3d148cdf) Executing: sudo chmod 1777 
/var/cloudstack/mnt/VM/345050034639.50b47f15
2021-06-18 16:38:56,269 DEBUG [c.c.h.v.m.VmwareManagerImpl] 
(DirectAgent-15:ctx-f9c800cf usphlmvesxt02.phl.global.corp.sap, job-9/job-58, 
cmd: StartCommand) (logid:3d148cdf) Executing while with timeout : 144
2021-06-18 16:38:56,293 DEBUG [c.c.h.v.m.VmwareManagerImpl] 
(DirectAgent-15:ctx-f9c800cf usphlmvesxt02.phl.global.corp.sap, job-9/job-58, 
cmd: StartCommand) (logid:3d148cdf) Execution is successful.


Attributes after SS removed, services restarted, SS added, services restarted:
drwxr-xr-x. 3 cloud cloud   35 Jun 18 16:38 .
drwxrwx---. 3 root  cloud   16 Jun 18 16:27 ..
drwxrwxrwt. 6 root  root  4096 Jun 18 15:51 345050034639.50b47f15

So you can see that root:root is applied AFTER the original SS is removed and 
readded into the zone.  I don't why the original attempt by ACS to build this 
directory fails.  Look forward to your thoughts!

Have a great weekend!

Mike



-Original Message-----
From: Corey, Mike 
mailto:mike.co...@sap.com.INVALID>>
Sent: Friday, June 18, 2021 11:47 AM
To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>; 
d...@cloudstack.apache.org<mailto:d...@cloudstack.apache.org>
Subject: [CAUTION] RE: Issues Found Apache CloudStack 4.15.1.0 (RC2)

Honestly, I can live with having to go in after the wizard completes and modify 
the traffic labels.  What

RE: Issues Found Apache CloudStack 4.15.1.0 (RC2)

2021-06-18 Thread Corey, Mike 
Well - I found a "workaround", but it really can't be explained.  I reverted to 
a snapshot THREE times and retraced my steps just to validate what I'm seeing.

Short summary - When the zone is enabled and the systemvms are created a folder 
is created at /var/cloudstack/mnt/VM/.  This folder has the 
nobody:nobody attribute and the error Unable to copy systemvm ISO on secondary 
storage.  Next, I removed the Secondary Storage entry, restarted services, 
re-added Secondary Storage, restarted services, AND systemvms deploy.

Attributes of UID Folder at initial systemvm build:
drwxr-xr-x. 3 cloud  cloud34 Jun 18 16:27 .
drwxrwx---. 3 root   cloud16 Jun 18 16:27 ..
drwxrwxrwt. 6 nobody nobody 4096 Jun 18 15:51 345050034639.51841a7

*** ACS tries to set perms on this folder but fails ***
2021-06-18 16:27:25,862 DEBUG [c.c.h.v.m.VmwareManagerImpl] 
(DirectAgent-3:ctx-a90e1ecb usphlmvesxt01.phl.global.corp.sap, job-9/job-51, 
cmd: CopyCommand) (logid:3d148cdf) chmod: changing permissions of 
‘/var/cloudstack/mnt/VM/345050034639.51841a7’: Operation not permitted
2021-06-18 16:27:25,865 WARN  [c.c.h.v.m.VmwareManagerImpl] 
(DirectAgent-3:ctx-a90e1ecb usphlmvesxt01.phl.global.corp.sap, job-9/job-51, 
cmd: CopyCommand) (logid:3d148cdf) Unable to set permissions for 
/var/cloudstack/mnt/VM/345050034639.51841a7 due to chmod: changing permissions 
of ‘/var/cloudstack/mnt/VM/345050034639.51841a7’: Operation not permitted

***When you remove the SS in UI and restart the services, ACS will clear this 
folder***
2021-06-18 16:31:07,962 INFO  [c.c.h.v.m.VmwareManagerImpl] 
(SpringContextShutdownHook:null) (logid:) shutting down scheduled tasks
2021-06-18 16:31:07,962 INFO  [c.c.h.v.m.VmwareManagerImpl] 
(SpringContextShutdownHook:null) (logid:) Cleanup mounted NFS mount points used 
in current session
2021-06-18 16:31:07,962 INFO  [c.c.h.v.m.VmwareManagerImpl] 
(SpringContextShutdownHook:null) (logid:) umount NFS mount: 
/var/cloudstack/mnt/VM/345050034639.51841a7
2021-06-18 16:31:07,962 DEBUG [c.c.h.v.m.VmwareManagerImpl] 
(SpringContextShutdownHook:null) (logid:) Executing: sudo umount 
/var/cloudstack/mnt/VM/345050034639.51841a7

***Re-adding the SS in the UI and restarting services ACS CAN set the perms for 
the new folder ***
2021-06-18 16:38:56,254 DEBUG [c.c.h.v.m.VmwareManagerImpl] 
(DirectAgent-15:ctx-f9c800cf usphlmvesxt02.phl.global.corp.sap, job-9/job-58, 
cmd: StartCommand) (logid:3d148cdf) Executing: sudo chmod 1777 
/var/cloudstack/mnt/VM/345050034639.50b47f15 
2021-06-18 16:38:56,269 DEBUG [c.c.h.v.m.VmwareManagerImpl] 
(DirectAgent-15:ctx-f9c800cf usphlmvesxt02.phl.global.corp.sap, job-9/job-58, 
cmd: StartCommand) (logid:3d148cdf) Executing while with timeout : 144
2021-06-18 16:38:56,293 DEBUG [c.c.h.v.m.VmwareManagerImpl] 
(DirectAgent-15:ctx-f9c800cf usphlmvesxt02.phl.global.corp.sap, job-9/job-58, 
cmd: StartCommand) (logid:3d148cdf) Execution is successful.


Attributes after SS removed, services restarted, SS added, services restarted:
drwxr-xr-x. 3 cloud cloud   35 Jun 18 16:38 .
drwxrwx---. 3 root  cloud   16 Jun 18 16:27 ..
drwxrwxrwt. 6 root  root  4096 Jun 18 15:51 345050034639.50b47f15

So you can see that root:root is applied AFTER the original SS is removed and 
readded into the zone.  I don't why the original attempt by ACS to build this 
directory fails.  Look forward to your thoughts!

Have a great weekend!

Mike



-Original Message-
From: Corey, Mike  
Sent: Friday, June 18, 2021 11:47 AM
To: users@cloudstack.apache.org; d...@cloudstack.apache.org
Subject: [CAUTION] RE: Issues Found Apache CloudStack 4.15.1.0 (RC2)

Honestly, I can live with having to go in after the wizard completes and modify 
the traffic labels.  What I'm hitting regarding permissions on the Secondary 
Storage is more of a priority.  The systemVM builds are just looping because 
they can't copy/mount the systemvm.iso to the proper directory.

What I did in previous builds, both 4.14 and 4.15.0, was to manually create the 
systemvm folder and set ownership (chown -R) to cloud:cloud.  This allowed for 
the copying of template and systemvm.iso files to work.

However, now with 4.15.1, I'm getting permissions error when copying the 
systemvm.iso to the /var/cloudstack/mnt/VM/, job-9/job-47, cmd: 
StartCommand) (logid:3d148cdf) Unexpected exception 
java.nio.file.AccessDeniedException: 
/var/cloudstack/mnt/VM/345050034639.1562462a/systemvm/systemvm-4.15.1.0.iso

2021-06-18 11:30:32,064 ERROR [c.c.h.v.m.VmwareManagerImpl] 
(DirectAgent-2:ctx-8e03b79a , job-9/job-47, cmd: 
StartCommand) (logid:3d148cdf) Unable to copy systemvm ISO on secondary 
storage. src location: /usr/share/cloudstack-common/vms/systemvm.iso, dest 
location: 
/var/cloudstack/mnt/VM/345050034639.1562462a/systemvm/systemvm-4.15.1.0.iso

Permissions for /usr/share/cloudstack-common/
drwxr-xr-x.   5 root root   43 May  3 10:21 .
drwxr-xr-x. 101 root root 4096 May  3 10:21 ..
drwxr-xr-x.   2 root root   30 Jun 16 15:44 lib
drwxr

RE: Issues Found Apache CloudStack 4.15.1.0 (RC2)

2021-06-18 Thread Corey, Mike 
Honestly, I can live with having to go in after the wizard completes and modify 
the traffic labels.  What I'm hitting regarding permissions on the Secondary 
Storage is more of a priority.  The systemVM builds are just looping because 
they can't copy/mount the systemvm.iso to the proper directory.

What I did in previous builds, both 4.14 and 4.15.0, was to manually create the 
systemvm folder and set ownership (chown -R) to cloud:cloud.  This allowed for 
the copying of template and systemvm.iso files to work.

However, now with 4.15.1, I'm getting permissions error when copying the 
systemvm.iso to the /var/cloudstack/mnt/VM/, job-9/job-47, cmd: 
StartCommand) (logid:3d148cdf) Unexpected exception 
java.nio.file.AccessDeniedException: 
/var/cloudstack/mnt/VM/345050034639.1562462a/systemvm/systemvm-4.15.1.0.iso

2021-06-18 11:30:32,064 ERROR [c.c.h.v.m.VmwareManagerImpl] 
(DirectAgent-2:ctx-8e03b79a , job-9/job-47, cmd: 
StartCommand) (logid:3d148cdf) Unable to copy systemvm ISO on secondary 
storage. src location: /usr/share/cloudstack-common/vms/systemvm.iso, dest 
location: 
/var/cloudstack/mnt/VM/345050034639.1562462a/systemvm/systemvm-4.15.1.0.iso

Permissions for /usr/share/cloudstack-common/
drwxr-xr-x.   5 root root   43 May  3 10:21 .
drwxr-xr-x. 101 root root 4096 May  3 10:21 ..
drwxr-xr-x.   2 root root   30 Jun 16 15:44 lib
drwxr-xr-x.   7 root root   93 Jun 16 15:44 scripts
drwxr-xr-x.   2 root root   75 Jun 16 15:45 vms

Permissions for /var/cloudstack/mnt/VM/
drwxr-xr-x. 3 cloud  cloud35 Jun 18 11:30 .
drwxrwx---. 3 root   cloud16 Jun 18 11:30 ..
drwxrwxrwt. 4 nobody nobody 4096 Jun 18 09:38 345050034639.1562462a

Any ideas?

Many thanks!

Mike



-Original Message-
From: Corey, Mike  
Sent: Thursday, June 17, 2021 12:10 PM
To: users@cloudstack.apache.org; d...@cloudstack.apache.org
Subject: [CAUTION] Issues Found Apache CloudStack 4.15.1.0 (RC2)

Hi,

Thanks for pushing this out.  I'm looking forward to trying the 
template/instance deployment in my VMware PILOT.

A couple items I noticed off the "new" build are:

1 - During zone creation with VMware and setting up the physical networks - 
adding the traffic label to use a VDS does NOT keep/take/apply.  Once the zone 
is created and you go into the physical networks, the VDS traffic label is 
blank when it should be in this format "vSwtichName,VLAN,typeofswitch".  The 
only physical network traffic label that saved during zone setup wizard was for 
the Management stack; my storage and guest physical network traffic labels did 
not save from the wizard.

2 - Initial SystemVM deployment, the secondary storage permission do not allow 
the copy of the systemvm.iso to the secondary/systemvm/ folder.  I had to first 
create a /mnt/secondary/systemvm/ folder and chmod -R for this copy to function.

More to come...

Mike

-Original Message-
From: Rohit Yadav  
Sent: Wednesday, June 16, 2021 12:28 PM
To: d...@cloudstack.apache.org; users@cloudstack.apache.org
Subject: [VOTE] Apache CloudStack 4.15.1.0 (RC2)

Hi All,

I've created a 4.15.1.0 release, with the following artifacts up for a vote:

Git Branch:
https://github.com/apache/cloudstack/tree/4.15.1.0-RC20210616T2128
Commit SHA:
3afd37022b9dac52cd146dccada6012e47a80232

Source release (checksums and signatures are available at the same
location):
https://dist.apache.org/repos/dist/dev/cloudstack/4.15.1.0/

PGP release keys (signed using 5ED1E1122DC5E8A4A45112C2484248210EE3D884):
https://dist.apache.org/repos/dist/release/cloudstack/KEYS

The vote will be open for the next week until 22 June 2021.

For sanity in tallying the vote, can PMC members please be sure to indicate
"(binding)" with their vote?

[ ] +1  approve
[ ] +0  no opinion
[ ] -1  disapprove (and reason why)

For users convenience, the packages from this release candidate and 4.15.1
systemvmtemplates are available here:
https://download.cloudstack.org/testing/4.15.1.0-RC2/
https://download.cloudstack.org/systemvm/4.15/

Documentation is not published yet, but the following may be referenced for
upgrade related tests: (there's a new 4.15.1 systemvmtemplate to be
registered prior to upgrade)
https://github.com/apache/cloudstack-documentation/tree/4.15/source/upgrading/upgrade

Regards.

Issues Found Apache CloudStack 4.15.1.0 (RC2)

2021-06-17 Thread Corey, Mike 
Hi,

Thanks for pushing this out.  I'm looking forward to trying the 
template/instance deployment in my VMware PILOT.

A couple items I noticed off the "new" build are:

1 - During zone creation with VMware and setting up the physical networks - 
adding the traffic label to use a VDS does NOT keep/take/apply.  Once the zone 
is created and you go into the physical networks, the VDS traffic label is 
blank when it should be in this format "vSwtichName,VLAN,typeofswitch".  The 
only physical network traffic label that saved during zone setup wizard was for 
the Management stack; my storage and guest physical network traffic labels did 
not save from the wizard.

2 - Initial SystemVM deployment, the secondary storage permission do not allow 
the copy of the systemvm.iso to the secondary/systemvm/ folder.  I had to first 
create a /mnt/secondary/systemvm/ folder and chmod -R for this copy to function.

More to come...

Mike

-Original Message-
From: Rohit Yadav  
Sent: Wednesday, June 16, 2021 12:28 PM
To: d...@cloudstack.apache.org; users@cloudstack.apache.org
Subject: [VOTE] Apache CloudStack 4.15.1.0 (RC2)

Hi All,

I've created a 4.15.1.0 release, with the following artifacts up for a vote:

Git Branch:
https://github.com/apache/cloudstack/tree/4.15.1.0-RC20210616T2128
Commit SHA:
3afd37022b9dac52cd146dccada6012e47a80232

Source release (checksums and signatures are available at the same
location):
https://dist.apache.org/repos/dist/dev/cloudstack/4.15.1.0/

PGP release keys (signed using 5ED1E1122DC5E8A4A45112C2484248210EE3D884):
https://dist.apache.org/repos/dist/release/cloudstack/KEYS

The vote will be open for the next week until 22 June 2021.

For sanity in tallying the vote, can PMC members please be sure to indicate
"(binding)" with their vote?

[ ] +1  approve
[ ] +0  no opinion
[ ] -1  disapprove (and reason why)

For users convenience, the packages from this release candidate and 4.15.1
systemvmtemplates are available here:
https://download.cloudstack.org/testing/4.15.1.0-RC2/
https://download.cloudstack.org/systemvm/4.15/

Documentation is not published yet, but the following may be referenced for
upgrade related tests: (there's a new 4.15.1 systemvmtemplate to be
registered prior to upgrade)
https://github.com/apache/cloudstack-documentation/tree/4.15/source/upgrading/upgrade

Regards.

RE: VMware Instance Error

2021-06-02 Thread Corey, Mike 
One area of change, not sure if it matters in my case, is that I can no longer 
specify the BIOS or EFI option of the instance/template.

In the old UI, when deploying an instance I could select the bios/efi in the 
same window as controller and keyboard language etc.  This option is NOT an 
option in the new UI under the template settings pane.






-Original Message-
From: Corey, Mike 
Sent: Wednesday, June 2, 2021 9:28 AM
To: users@cloudstack.apache.org
Subject: RE: VMware Instance Error

I saw that too - but that line regarding format is "ISO" for other deployments.

Example - I used an Ubuntu OVA from openvm and it deployed with the same 
message...

{"org.apache.cloudstack.storage.to.TemplateObjectTO":{"id":"0","format":"ISO","accountId":"0","hvm":"false","bootable":"false","directDownload":"false","deployAsIs":"false"}},"diskSeq":"3","type":"ISO"}],"nics":[{"deviceId":"0","networkRateMbps":"200","defaultNic":"true"

Mike

-Original Message-
From: Abhishek Kumar  
Sent: Tuesday, June 1, 2021 4:18 PM
To: users@cloudstack.apache.org
Subject: Re: VMware Instance Error

Hi Mike,

For your deployment/disk controller error, you should check the template you 
are using for the VM. From the logs you have shared there is something wrong 
with the StartCommand.

---
org.apache.cloudstack.storage.to.TemplateObjectTO":{"id":"0","format":"ISO","accountId":"0","hvm":"false","bootable":"false"
---
Not sure why id is 0 there and the format is ISO. Are you using an ISO to 
deploy the VM?

Regards,
Abhishek

From: Andrija Panic 
Sent: 02 June 2021 01:38
To: users 
Subject: Re: VMware Instance Error

Mike,

are you in a position to share that specific template (if licencing allows,
if it's trial, etc) - ping me on email directly - and I can give it a spin
in the lab on 4.15
4.15.1 should bring this new VMware template behaviour (read from OVF,
instead of allowing you to specify OS, NIC/disk controllers, etc) - AS
OPTIONAL - so you can wait for 4.15.1 if you use non-standard OVA
appliances (or, for that matter, the ones that simply don't work with ACS,
for whatever reasons)

Best,


 

On Tue, 1 Jun 2021 at 21:46, Corey, Mike  wrote:

> Another development in my troubleshooting this...
>
> I used a vendor (OEM) supplied ova appliance as a template and downloaded
> in the same manner.  NO SETTINGS were created for the template by ACS.
>
> If the expected behavior is for ACS to add settings based off of the OVF
> descriptor - my case IS NOT.
>
> I could really use some guidance here on troubleshooting as to why the
> template settings are NOT being created by ACS.
>
> Again - anyone running ACS 4.15 with VMware and having success with using
> templates?
>
> Any other logs I can check to determine why ACS is not creating these
> custom setting attributes on the templates?
>
> Many thanks!
>
> Mike
>
> -Original Message-
> From: Corey, Mike 
> Sent: Tuesday, June 1, 2021 8:47 AM
> To: users@cloudstack.apache.org
> Subject: [CAUTION] RE: VMware Instance Error
>
> Thanks for the reply Abhishek!
>
> 1- ACS deploys the VM from template; however, it fails and shows Error in
> ACS-Instances UI.  So the VM remains in vCenter - that VM has the CPU/RAM
> as the template NOT what the ACS service offering (Small Instance) I
> selected.  I suppose ACS is not finishing the configuration because the
> deployment fails.
>
> 3 - This is the issue I need help to troubleshoot.  ACS IS NOT creating
> any settings on the Windows 10 and CentOS template I've uploaded into ACS.
> Both template OVF files have the hardware descriptions used by the template
> VM.  However, NO SETTINGS are being added to the ACS template.
>
> How can this be troubleshot?  Obviously, ACS is NOT populating the
> settings on the template as expected - what could be the issue?  What
> commands occur when the template is downloaded and populate the settings of
> the template (so I can search for errors)?  Is something supposed to be
> written to ACS but is not due to permissions or file doesn't exist?
>
> Item 1 & 4 - Yes, the VM in vCenter is named the same as the ones that
> fail deployment in ACS (i-2-##-vm) - the VM has resources of the template
> (not service offering) and powers ON and loads OS.
>
> 5 - snippet from logs below - diskcontroller is being identified by OVF -
> nothing is set by ACS on template.
>
> INFO  [c.c.h.v.r.VmwareResource] (DirectAgent-496:ctx-f0771

RE: VMware Instance Error

2021-06-02 Thread Corey, Mike 
I saw that too - but that line regarding format is "ISO" for other deployments.

Example - I used an Ubuntu OVA from openvm and it deployed with the same 
message...

{"org.apache.cloudstack.storage.to.TemplateObjectTO":{"id":"0","format":"ISO","accountId":"0","hvm":"false","bootable":"false","directDownload":"false","deployAsIs":"false"}},"diskSeq":"3","type":"ISO"}],"nics":[{"deviceId":"0","networkRateMbps":"200","defaultNic":"true"

Mike

-Original Message-
From: Abhishek Kumar  
Sent: Tuesday, June 1, 2021 4:18 PM
To: users@cloudstack.apache.org
Subject: Re: VMware Instance Error

Hi Mike,

For your deployment/disk controller error, you should check the template you 
are using for the VM. From the logs you have shared there is something wrong 
with the StartCommand.

---
org.apache.cloudstack.storage.to.TemplateObjectTO":{"id":"0","format":"ISO","accountId":"0","hvm":"false","bootable":"false"
---
Not sure why id is 0 there and the format is ISO. Are you using an ISO to 
deploy the VM?

Regards,
Abhishek

From: Andrija Panic 
Sent: 02 June 2021 01:38
To: users 
Subject: Re: VMware Instance Error

Mike,

are you in a position to share that specific template (if licencing allows,
if it's trial, etc) - ping me on email directly - and I can give it a spin
in the lab on 4.15
4.15.1 should bring this new VMware template behaviour (read from OVF,
instead of allowing you to specify OS, NIC/disk controllers, etc) - AS
OPTIONAL - so you can wait for 4.15.1 if you use non-standard OVA
appliances (or, for that matter, the ones that simply don't work with ACS,
for whatever reasons)

Best,


 

On Tue, 1 Jun 2021 at 21:46, Corey, Mike  wrote:

> Another development in my troubleshooting this...
>
> I used a vendor (OEM) supplied ova appliance as a template and downloaded
> in the same manner.  NO SETTINGS were created for the template by ACS.
>
> If the expected behavior is for ACS to add settings based off of the OVF
> descriptor - my case IS NOT.
>
> I could really use some guidance here on troubleshooting as to why the
> template settings are NOT being created by ACS.
>
> Again - anyone running ACS 4.15 with VMware and having success with using
> templates?
>
> Any other logs I can check to determine why ACS is not creating these
> custom setting attributes on the templates?
>
> Many thanks!
>
> Mike
>
> -Original Message-
> From: Corey, Mike 
> Sent: Tuesday, June 1, 2021 8:47 AM
> To: users@cloudstack.apache.org
> Subject: [CAUTION] RE: VMware Instance Error
>
> Thanks for the reply Abhishek!
>
> 1- ACS deploys the VM from template; however, it fails and shows Error in
> ACS-Instances UI.  So the VM remains in vCenter - that VM has the CPU/RAM
> as the template NOT what the ACS service offering (Small Instance) I
> selected.  I suppose ACS is not finishing the configuration because the
> deployment fails.
>
> 3 - This is the issue I need help to troubleshoot.  ACS IS NOT creating
> any settings on the Windows 10 and CentOS template I've uploaded into ACS.
> Both template OVF files have the hardware descriptions used by the template
> VM.  However, NO SETTINGS are being added to the ACS template.
>
> How can this be troubleshot?  Obviously, ACS is NOT populating the
> settings on the template as expected - what could be the issue?  What
> commands occur when the template is downloaded and populate the settings of
> the template (so I can search for errors)?  Is something supposed to be
> written to ACS but is not due to permissions or file doesn't exist?
>
> Item 1 & 4 - Yes, the VM in vCenter is named the same as the ones that
> fail deployment in ACS (i-2-##-vm) - the VM has resources of the template
> (not service offering) and powers ON and loads OS.
>
> 5 - snippet from logs below - diskcontroller is being identified by OVF -
> nothing is set by ACS on template.
>
> INFO  [c.c.h.v.r.VmwareResource] (DirectAgent-496:ctx-f077199e
> usphlmvesxt01.phl.global.corp.sap, job-164/job-166, cmd: StartCommand)
> (logid:6c707559) Executing resource StartCommand:
> {"vm":{"id":"26","name":"i-2-26-VM","bootloader":"HVM","state":"Starting","type":"User","cpus":"1","minSpeed":"166","maxSpeed":"500","minRam":"(512.00
> MB) 536870912","maxR

RE: VMware Instance Error

2021-06-01 Thread Corey, Mike 
Another development in my troubleshooting this...

I used a vendor (OEM) supplied ova appliance as a template and downloaded in 
the same manner.  NO SETTINGS were created for the template by ACS.  

If the expected behavior is for ACS to add settings based off of the OVF 
descriptor - my case IS NOT.  

I could really use some guidance here on troubleshooting as to why the template 
settings are NOT being created by ACS.

Again - anyone running ACS 4.15 with VMware and having success with using 
templates?

Any other logs I can check to determine why ACS is not creating these custom 
setting attributes on the templates?

Many thanks!

Mike 

-Original Message-
From: Corey, Mike  
Sent: Tuesday, June 1, 2021 8:47 AM
To: users@cloudstack.apache.org
Subject: [CAUTION] RE: VMware Instance Error

Thanks for the reply Abhishek!

1- ACS deploys the VM from template; however, it fails and shows Error in 
ACS-Instances UI.  So the VM remains in vCenter - that VM has the CPU/RAM as 
the template NOT what the ACS service offering (Small Instance) I selected.  I 
suppose ACS is not finishing the configuration because the deployment fails.

3 - This is the issue I need help to troubleshoot.  ACS IS NOT creating any 
settings on the Windows 10 and CentOS template I've uploaded into ACS.  Both 
template OVF files have the hardware descriptions used by the template VM.  
However, NO SETTINGS are being added to the ACS template.  

How can this be troubleshot?  Obviously, ACS is NOT populating the settings on 
the template as expected - what could be the issue?  What commands occur when 
the template is downloaded and populate the settings of the template (so I can 
search for errors)?  Is something supposed to be written to ACS but is not due 
to permissions or file doesn't exist?

Item 1 & 4 - Yes, the VM in vCenter is named the same as the ones that fail 
deployment in ACS (i-2-##-vm) - the VM has resources of the template (not 
service offering) and powers ON and loads OS.   

5 - snippet from logs below - diskcontroller is being identified by OVF - 
nothing is set by ACS on template.

INFO  [c.c.h.v.r.VmwareResource] (DirectAgent-496:ctx-f077199e 
usphlmvesxt01.phl.global.corp.sap, job-164/job-166, cmd: StartCommand) 
(logid:6c707559) Executing resource StartCommand: 
{"vm":{"id":"26","name":"i-2-26-VM","bootloader":"HVM","state":"Starting","type":"User","cpus":"1","minSpeed":"166","maxSpeed":"500","minRam":"(512.00
 MB) 536870912","maxRam":"(512.00 MB) 
536870912","hostName":"June1-01","arch":"x86_64","os":"Windows 10 
(64-bit)","platformEmulator":"windows9_64Guest","bootArgs":"","enableHA":"false","limitCpuUse":"false","enableDynamicallyScaleVm":"false","vncPassword":"X1k9AVje8WIPzXb_8P_88Q","params":{"deployvm":"true","dataDiskController":"scsi","memoryOvercommitRatio":"1.0","Message.ReservedCapacityFreed.Flag":"false","nestedVirtualizationFlag":"false","cpuOvercommitRatio":"3.0","vmware.reserve.mem":"false","vmware.reserve.cpu":"false","nicAdapter":"E1000","rootDiskController":"lsilogicsas"},"uuid":"dafd18a5-04a9-4bda-b701-0d24e4b1e61d","enterHardwareSetup":"false","disks":[{"data":{"org.apache.cloudstack.storage.to.VolumeObjectTO":{"uuid":"973a1795-4569-4769-afcb-93e3911be12e","volumeType":"ROOT","dataStore":{"org.apache.cloudstack.storage.to.PrimaryDataStoreTO":{"uuid":"9df43ec0-1e52-3cc3-8e5a-bf2313bbbd8d","id":"1","poolType":"NetworkFilesystem","host":"usphlcv302.phl.global.corp.sap","path":"/usphlmvesx_lab_cspri01","port":"2049","url":"NetworkFilesystem:///usphlmvesx_lab_cspri01/?ROLE=Primary=9df43ec0-1e52-3cc3-8e5a-bf2313bbbd8d","isManaged":"false"}},"name":"ROOT-26-0","size":"(80.00
 GB) 
85899345920","volumeId":"17","vmName":"i-2-26-VM","accountId":"2","format":"OVA","provisioningType":"THIN","id":"17","deviceId":"0","bytesReadRate":"(0
 bytes) 0","bytesWriteRate":"(0 bytes) 0","i

RE: VMware Instance Error

2021-06-01 Thread Corey, Mike 
Thanks for the reply Abhishek!

1- ACS deploys the VM from template; however, it fails and shows Error in 
ACS-Instances UI.  So the VM remains in vCenter - that VM has the CPU/RAM as 
the template NOT what the ACS service offering (Small Instance) I selected.  I 
suppose ACS is not finishing the configuration because the deployment fails.

3 - This is the issue I need help to troubleshoot.  ACS IS NOT creating any 
settings on the Windows 10 and CentOS template I've uploaded into ACS.  Both 
template OVF files have the hardware descriptions used by the template VM.  
However, NO SETTINGS are being added to the ACS template.  

How can this be troubleshot?  Obviously, ACS is NOT populating the settings on 
the template as expected - what could be the issue?  What commands occur when 
the template is downloaded and populate the settings of the template (so I can 
search for errors)?  Is something supposed to be written to ACS but is not due 
to permissions or file doesn't exist?

Item 1 & 4 - Yes, the VM in vCenter is named the same as the ones that fail 
deployment in ACS (i-2-##-vm) - the VM has resources of the template (not 
service offering) and powers ON and loads OS.   

5 - snippet from logs below - diskcontroller is being identified by OVF - 
nothing is set by ACS on template.

INFO  [c.c.h.v.r.VmwareResource] (DirectAgent-496:ctx-f077199e 
usphlmvesxt01.phl.global.corp.sap, job-164/job-166, cmd: StartCommand) 
(logid:6c707559) Executing resource StartCommand: 
{"vm":{"id":"26","name":"i-2-26-VM","bootloader":"HVM","state":"Starting","type":"User","cpus":"1","minSpeed":"166","maxSpeed":"500","minRam":"(512.00
 MB) 536870912","maxRam":"(512.00 MB) 
536870912","hostName":"June1-01","arch":"x86_64","os":"Windows 10 
(64-bit)","platformEmulator":"windows9_64Guest","bootArgs":"","enableHA":"false","limitCpuUse":"false","enableDynamicallyScaleVm":"false","vncPassword":"X1k9AVje8WIPzXb_8P_88Q","params":{"deployvm":"true","dataDiskController":"scsi","memoryOvercommitRatio":"1.0","Message.ReservedCapacityFreed.Flag":"false","nestedVirtualizationFlag":"false","cpuOvercommitRatio":"3.0","vmware.reserve.mem":"false","vmware.reserve.cpu":"false","nicAdapter":"E1000","rootDiskController":"lsilogicsas"},"uuid":"dafd18a5-04a9-4bda-b701-0d24e4b1e61d","enterHardwareSetup":"false","disks":[{"data":{"org.apache.cloudstack.storage.to.VolumeObjectTO":{"uuid":"973a1795-4569-4769-afcb-93e3911be12e","volumeType":"ROOT","dataStore":{"org.apache.cloudstack.storage.to.PrimaryDataStoreTO":{"uuid":"9df43ec0-1e52-3cc3-8e5a-bf2313bbbd8d","id":"1","poolType":"NetworkFilesystem","host":"usphlcv302.phl.global.corp.sap","path":"/usphlmvesx_lab_cspri01","port":"2049","url":"NetworkFilesystem:///usphlmvesx_lab_cspri01/?ROLE=Primary=9df43ec0-1e52-3cc3-8e5a-bf2313bbbd8d","isManaged":"false"}},"name":"ROOT-26-0","size":"(80.00
 GB) 
85899345920","volumeId":"17","vmName":"i-2-26-VM","accountId":"2","format":"OVA","provisioningType":"THIN","id":"17","deviceId":"0","bytesReadRate":"(0
 bytes) 0","bytesWriteRate":"(0 bytes) 0","iopsReadRate":"(0 bytes) 
0","iopsWriteRate":"(0 bytes) 
0","hypervisorType":"VMware","directDownload":"false","deployAsIs":"true"}},"diskSeq":"0","type":"ROOT","_details":{"storageHost":"usphlcv302.phl.global.corp.sap","managed":"false","storagePort":"2049","volumeSize":"(80.00
 GB) 
85899345920"}},{"data":{"org.apache.cloudstack.storage.to.TemplateObjectTO":{"id":"0","format":"ISO","accountId":"0","hvm":"false","bootable":"false","directDownload":"false",&q

RE: Quickstart question

2021-06-01 Thread Corey, Mike 
Jeremy,

Check this global setting.  I've set it to 3 as we use NFS 3 in our environment.

secstorage.nfs.version  Enforces specific NFS version when mounting Secondary 
Storage. If NULL default selection is performed

-Original Message-
From: Harikrishna Patnala  
Sent: Sunday, May 30, 2021 10:01 PM
To: users@cloudstack.apache.org
Subject: Re: Quickstart question

Hi Jeremy,

May I know the NFS version number that you are using in your environment?

Also, check the status of the default template by clicking on the template and 
then into the zones tab, to check if it is downloaded properly or not.

Regards,
Harikrishna




 

From: Jeremy Hansen
Sent: Sunday, May 30, 2021 4:51 PM
To: users@cloudstack.apache.org
Subject: Re: Quickstart question

Went over the process about 20 times and made progress.  I'm able to launch a 
VM as long as the template is a direct download bypassing secondary storage.  I 
see this in the logs:

2021-05-30 04:01:57,148 DEBUG [c.c.a.t.Request] (AgentManager-Handler-12:null) 
(logid:) Seq 2-4381439487478071309: Processing:  { Ans: , MgmtId: 
198690285003419, via: 2, Ver: v1, Flags: 10, 
[{"com.cloud.agent.api.Answer":{"result":"false","details":"com.cloud.utils.exception.CloudRuntimeException:
 GetRootDir for nfs://192.168.10.60/volume1/cloudstack-dev/secondary failed due 
to com.cloud.utils.exception.CloudRuntimeException: Unable to mount 
192.168.10.60:/volume1/cloudstack-dev/secondary at 
/mnt/SecStorage/4683f710-43e8-359d-bc9a-041363aa77b9 due to mount.nfs: parsing 
error on 'vers=' option

I'm not sure how to troubleshoot this issue.  Do I have to specify the version 
somewhere for NFS?

Thanks

> On May 30, 2021, at 12:30 AM, Jeremy Hansen  wrote:
>
> At the very end of the configuration wizard when it's doing the Host vm 
> install, I get this error and I can't get past it:
>
> Something went wrong; please correct the following:
> TypeError: Cannot read property 'value' of undefined
>
> Thanks
> -jeremy
>
>
>> On May 29, 2021, at 11:27 PM, Jeremy Hansen  wrote:
>>
>> New to Cloudstack.  I'm trying to get the Quickstart going.
>>
>> It feels like an issue with secondary storage but I'm not quite sure how to 
>> troubleshoot.
>>
>> CentOS 8, kvm.  Created a bridge per the quick install docs.
>>
>> 
>>
>> I see no data for templates and isos.  I did do the template install.  The 
>> secondary storage VM is running and connected:
>>
>> 
>>
>>
>> 
>>
>>
>> 
>>
>> I attempted to upload an iso and it failed.
>>
>> Also, how do I get back to the initial configuration wizard.  I dismissed it 
>> but I'm not sure how to get it back.
>>
>> Thanks!
>> -jeremy
>>
>>
>>
>>
>>
>>
>>
>>
>>
>

RE: VMware Instance Error

2021-05-28 Thread Corey, Mike 
AEAAABrcQB-AA50ACJjb20uY2xvdWQudm0uVm1Xb3JrSm9iSGFuZGxlclByb3h5dAAaVm1Xb3JrSm9iSGFuZGxlclByb3h5LmphdmF0AA9oYW5kbGVWbVdvcmtKb2JwcHNxAH4ADAEAABX_cQB-AA5xAH4AD3EAfgAQcQB-ACNwcHNxAH4ADAEAAABmcQB-AA50ACBjb20uY2xvdWQudm0uVm1Xb3JrSm9iRGlzcGF0Y2hlcnQAGFZtV29ya0pvYkRpc3BhdGNoZXIuamF2YXQABnJ1bkpvYnBwc3EAfgAMAQAAAmxxAH4ADnQAP29yZy5hcGFjaGUuY2xvdWRzdGFjay5mcmFtZXdvcmsuam9icy5pbXBsLkFzeW5jSm9iTWFuYWdlckltcGwkNXQAGEFzeW5jSm9iTWFuYWdlckltcGwuamF2YXQADHJ1bkluQ29udGV4dHBwc3EAfgAMAQAAADBxAH4ADnQAPm9yZy5hcGFjaGUuY2xvdWRzdGFjay5tYW5hZ2VkLmNvbnRleHQuTWFuYWdlZENvbnRleHRSdW5uYWJsZSQxdAAbTWFuYWdlZENvbnRleHRSdW5uYWJsZS5qYXZhdAADcnVucHBzcQB-AAwBN3EAfgAOdABCb3JnLmFwYWNoZS5jbG91ZHN0YWNrLm1hbmFnZWQuY29udGV4dC5pbXBsLkRlZmF1bHRNYW5hZ2VkQ29udGV4dCQxdAAaRGVmYXVsdE1hbmFnZWRDb250ZXh0LmphdmF0AARjYWxscHBzcQB-AAwBZnEAfgAOdABAb3JnLmFwYWNoZS5jbG91ZHN0YWNrLm1hbmFnZWQuY29udGV4dC5pbXBsLkRlZmF1bHRNYW5hZ2VkQ29udGV4dHEAfgAzdAAPY2FsbFdpdGhDb250ZXh0cHBzcQB-AAwBNHEAfgAOcQB-ADZxAH4AM3QADnJ1bldpdGhDb250ZXh0cHBzcQB-AAwBLXEAfgAOdAA8b3JnLmFwYWNoZS5jbG91ZHN0YWNrLm1hbmFnZWQuY29udGV4dC5NYW5hZ2VkQ29udGV4dFJ1bm5hYmxlcQB-AC9xAH4AMHBwc3EAfgAMAQAAAjhxAH4ADnEAfgAqcQB-ACtxAH4AMHBwc3EAfgAMAgAAAgNwdAAuamF2YS51dGlsLmNvbmN1cnJlbnQuRXhlY3V0b3JzJFJ1bm5hYmxlQWRhcHRlcnQADkV4ZWN1dG9ycy5qYXZhcQB-ADRxAH4AFnEAfgAXc3EAfgAMAgAAAQhwdAAfamF2YS51dGlsLmNvbmN1cnJlbnQuRnV0dXJlVGFza3QAD0Z1dHVyZVRhc2suamF2YXEAfgAwcQB-ABZxAH4AF3NxAH4ADAIAAARocHQAJ2phdmEudXRpbC5jb25jdXJyZW50LlRocmVhZFBvb2xFeGVjdXRvcnQAF1RocmVhZFBvb2xFeGVjdXRvci5qYXZhdAAJcnVuV29ya2VycQB-ABZxAH4AF3NxAH4ADAIAAAJ0cHQALmphdmEudXRpbC5jb25jdXJyZW50LlRocmVhZFBvb2xFeGVjdXRvciRXb3JrZXJxAH4ARXEAfgAwcQB-ABZxAH4AF3NxAH4ADAIAAAM9cHQAEGphdmEubGFuZy5UaHJlYWR0AAtUaHJlYWQuamF2YXEAfgAwcQB-ABZxAH4AF3NyAB9qYXZhLnV0aWwuQ29sbGVjdGlvbnMkRW1wdHlMaXN0ergXtDynnt4CAAB4cHgAABCadwgAAHg
2021-05-28 09:00:44,521 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] 
(Work-Job-Executor-3:ctx-1aea8c24 job-135/job-136 ctx-f15549a6) 
(logid:8bef4350) Publish async job-136 complete on message bus

Side note: I see errors for ghost/missing VM instances.  I thought that was 
resolved with 4.15.
Unable to find matched VM in CloudStack DB. name: 
ffe8ca8a-4c58-4c47-b93d-c524f90453cf

Many thanks for your eyes on this!

Mike

-Original Message-
From: Corey, Mike 
Sent: Thursday, May 27, 2021 1:54 PM
To: users@cloudstack.apache.org
Subject: RE: VMware Instance Error

Still having similar issues with the 530 error in the UI when deploying an 
instance.  It doesn't look to be specific to Win10.  I uploaded a CentOS 
template and am receiving the same 530 error in the UI.  Again, nothing in the 
log indicates an exact issue/error...

Is this permissions issue on the tmpl/x folder or something?  It seems like no 
matter what I set the UI upload (example HVM option unchecked) the XML and 
template properties file both have HVM true.  

What occurs at template upload to ACS that "reads the OVF" and adds the 
settings on the template?  Again, the settings tab for all the templates I've 
uploaded are blank-no settings added by ACS.

021-05-27 13:38:47,501 DEBUG [c.c.a.m.AgentManagerImpl] 
(AgentManager-Handler-3:null) (logid:) SeqA 4-36204: Sending Seq 4-36204:  { 
Ans: , MgmtId: 345050012965, via: 4, Ver: v1, Flags: 100010, 
[{"com.cloud.agent.api.AgentControlAnswer":{"result":"true","wait":"0"}}] }
2021-05-27 13:38:54,670 DEBUG [c.c.a.ApiServlet] 
(qtp1026871825-13:ctx-cfe459fc) (logid:6271904e) ===START===-- GET  
zoneid=1cf90fc6-1ae5-416f-a2b4-672176740ecb=323c0a0f-fb34-41ef-932a-146454df381c=620aa542-56e8-4a1e-ba60-7c43fd31e717=[0].nic=8[0].network=62bfbed1-d07c-4886-b4f4-bf594543bb28=May27-CentOS-01=May27-CentOS-01=deployVirtualMachine=json
2021-05-27 13:38:54,675 DEBUG [c.c.a.ApiServer] (qtp1026871825-13:ctx-cfe459fc 
ctx-265c9f8c) (logid:6271904e) CIDRs from which account 
'Acct[a5f712c7-ac2e-11eb-b0fb-00505695799f-admin]' is allowed to perform API 
calls: 0.0.0.0/0,::/0
2021-05-27 13:38:54,684 TRACE [o.a.c.a.c.u.v.DeployVMCmd] 
(qtp1026871825-13:ctx-cfe459fc ctx-265c9f8c) (logid:6271904e) nic, '8', goes on 
net, '62bfbed1-d07c-4886-b4f4-bf594543bb28'
2021-05-27 13:38:54,689 DEBUG [c.c.u.AccountManagerImpl] 
(qtp1026871825-13:ctx-cfe459fc ctx-265c9f8c) (logid:6271904e) Access granted to 
Acct[a5f712c7-ac2e-11eb-b0fb-00505695799f-admin] to 
org.apache.cloudstack.quota.vo.ServiceOfferingVO$$EnhancerByCGLIB$$f1711368@40f9eaf1
 by AffinityGroupAccessChecker
2021-05-27 13:38:54,690 DEBUG [c.c.u.AccountManagerImpl] 
(qtp1026871825-13:ctx-cfe459fc ctx-265c9f8c) (logid:6271904e) Access granted to 
Acct[a5f712c7-ac2e-11eb-b0fb-00505695799f-admin] to null by 
AffinityGroupAccessChecker
2021-05-27 13:38:54,701 DEBUG [c.c.n.NetworkModelImpl] 
(qtp1026871825-13:ctx-cfe459fc ctx-265c9f8c) (logid:6271904e) Service 
SecurityGroup is not supported in the network id=204
2021-05-27 13:38:54,708 DEBUG [c.c.u.d.T.Transaction] 
(qtp1026871825-13:ctx-cfe459fc ctx-265c9f8c) (logid:6271904e) Rolling back the 
transaction: Time = 1 Name =  qtp1026871825-13; called by 
-TransactionLegacy.rollback:888-TransactionLegacy.removeUpTo:831-TransactionLegacy.close:655-Transaction.execute:38-UserVmManagerImpl.commitUserVm:3

RE: VMware Instance Error

2021-05-27 Thread Corey, Mike 
1-05-27 13:38:54,713 DEBUG [c.c.a.ApiServlet] (qtp1026871825-13:ctx-cfe459fc 
ctx-265c9f8c) (logid:6271904e) ===END===  -- GET  
zoneid=1cf90fc6-1ae5-416f-a2b4-672176740ecb=323c0a0f-fb34-41ef-932a-146454df381c=620aa542-56e8-4a1e-ba60-7c43fd31e717=[0].nic=8[0].network=62bfbed1-d07c-4886-b4f4-bf594543bb28=May27-CentOS-01=May27-CentOS-01=deployVirtualMachine=json

Many thanks!



-Original Message-
From: Corey, Mike 
Sent: Friday, May 21, 2021 10:59 AM
To: users@cloudstack.apache.org
Subject: RE: VMware Instance Error

Okay - reran the deployment from "new" UI and it displays "Request Failed (530) 
- Request failed with status code 530".

This is ACS 4.15 deploying to vCenter 6.7 using a Windows10x64 image template.  
Right now, I have global setting vmware.root.disk.controller as blank.  If I 
recall the previous build, I could set this setting at the instance provision 
wizard.  See anything below to indicate my hiccup?

Logs below:

2021-05-21 10:39:05,421 DEBUG [c.c.a.ApiServlet] 
(qtp1026871825-20:ctx-90b111cd) (logid:03c48de3) ===START===  10.4.89.3 -- GET  
zoneid=1cf90fc6-1ae5-416f-a2b4-672176740ecb=be90d04e-5257-43fb-97de-7727d10fae6a=61445715-9baa-4768-863f-473652c324cc=7edc7494-a78f-4d72-8158-6dcbf7370f3f=1ada50d8-a523-4670-93c3-6d942169b7ae=5777d4fc-87b7-46c4-a253-4ff69f80b4ca=[0].nic=8[0].network=62bfbed1-d07c-4886-b4f4-bf594543bb28=CV-Test01=CV-Test01=deployVirtualMachine=json
2021-05-21 10:39:05,427 DEBUG [c.c.a.ApiServer] (qtp1026871825-20:ctx-90b111cd 
ctx-d1342fe9) (logid:03c48de3) CIDRs from which account 
'Acct[a5f712c7-ac2e-11eb-b0fb-00505695799f-admin]' is allowed to perform API 
calls: 0.0.0.0/0,::/0
2021-05-21 10:39:05,462 TRACE [o.a.c.a.c.u.v.DeployVMCmd] 
(qtp1026871825-20:ctx-90b111cd ctx-d1342fe9) (logid:03c48de3) nic, '8', goes on 
net, '62bfbed1-d07c-4886-b4f4-bf594543bb28'
2021-05-21 10:39:05,469 DEBUG [c.c.u.AccountManagerImpl] 
(qtp1026871825-20:ctx-90b111cd ctx-d1342fe9) (logid:03c48de3) Access granted to 
Acct[a5f712c7-ac2e-11eb-b0fb-00505695799f-admin] to 
org.apache.cloudstack.quota.vo.ServiceOfferingVO$$EnhancerByCGLIB$$f1711368@49f71a9e
 by AffinityGroupAccessChecker
2021-05-21 10:39:05,469 DEBUG [c.c.u.AccountManagerImpl] 
(qtp1026871825-20:ctx-90b111cd ctx-d1342fe9) (logid:03c48de3) Access granted to 
Acct[a5f712c7-ac2e-11eb-b0fb-00505695799f-admin] to null by 
AffinityGroupAccessChecker
2021-05-21 10:39:05,493 DEBUG [c.c.n.NetworkModelImpl] 
(qtp1026871825-20:ctx-90b111cd ctx-d1342fe9) (logid:03c48de3) Service 
SecurityGroup is not supported in the network id=204
2021-05-21 10:39:05,506 DEBUG [c.c.u.d.T.Transaction] 
(qtp1026871825-20:ctx-90b111cd ctx-d1342fe9) (logid:03c48de3) Rolling back the 
transaction: Time = 3 Name =  qtp1026871825-20; called by 
-TransactionLegacy.rollback:888-TransactionLegacy.removeUpTo:831-TransactionLegacy.close:655-Transaction.execute:38-UserVmManagerImpl.commitUserVm:3970-UserVmManagerImpl.commitUserVm:4157-UserVmManagerImpl.createVirtualMachine:3865-UserVmManagerImpl.createAdvancedVirtualMachine:3391-UserVmManagerImpl.createVirtualMachine:5315-NativeMethodAccessorImpl.invoke0:-2-NativeMethodAccessorImpl.invoke:62-DelegatingMethodAccessorImpl.invoke:43
2021-05-21 10:39:05,507 ERROR [c.c.a.ApiServer] (qtp1026871825-20:ctx-90b111cd 
ctx-d1342fe9) (logid:03c48de3) unhandled exception executing api command: 
[Ljava.lang.String;@32b6d5fc
java.lang.NullPointerException
at 
com.cloud.vm.UserVmManagerImpl$4.doInTransaction(UserVmManagerImpl.java:4034)
at 
com.cloud.vm.UserVmManagerImpl$4.doInTransaction(UserVmManagerImpl.java:3970)
at com.cloud.utils.db.Transaction.execute(Transaction.java:40)
at 
com.cloud.vm.UserVmManagerImpl.commitUserVm(UserVmManagerImpl.java:3970)
at 
com.cloud.vm.UserVmManagerImpl.commitUserVm(UserVmManagerImpl.java:4157)
at 
com.cloud.vm.UserVmManagerImpl.createVirtualMachine(UserVmManagerImpl.java:3865)
at 
com.cloud.vm.UserVmManagerImpl.createAdvancedVirtualMachine(UserVmManagerImpl.java:3391)
at 
com.cloud.vm.UserVmManagerImpl.createVirtualMachine(UserVmManagerImpl.java:5315)
at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at 
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at 
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at 
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:95)

RE: Can DvSwitch be used for management and storage networks for CloudStack 4.14?

2021-05-27 Thread Corey, Mike 
Yes - I have them in my VMware / ACS landscape.

The Traffic Label needs to be in this format: 
,,vmwaredvs

Example:
dvs01,101,vmwaredvs

-Original Message-
From: 小林 美佳子  
Sent: Thursday, May 27, 2021 7:36 AM
To: users@cloudstack.apache.org
Subject: Can DvSwitch be used for management and storage networks for 
CloudStack 4.14?

Hello.

I'm designing a physical network for CloudStack 4.14.
My question is: Can DvSwitch be used for management and storage networks?

The latest release notes say the following

 > Management and Storage network does not support VDS. Therefore, use Standard 
 > Switch for these networks.
http://docs.cloudstack.apache.org/en/latest/installguide/hypervisor/vsphere.html#id5

However, this has been fixed in CloudStack 4.6.0.

 > CLOUDSTACK-3317 - DVS does not support management\storage network
https://issues.apache.org/jira/browse/CLOUDSTACK-3317
https://github.com/apache/cloudstack/pull/373
https://github.com/apache/cloudstack/commit/5e41a830a5eded33afc6bdc2be4572e2fd2a1f2a
http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.6.0/fixed_issues.html

RE: VMware Instance Error

2021-05-21 Thread Corey, Mike 
yVirtualMachine=json

-Original Message-----
From: Corey, Mike  
Sent: Friday, May 21, 2021 7:50 AM
To: users@cloudstack.apache.org
Subject: [CAUTION] RE: VMware Instance Error

Understood.  I only tried the old UI because the instance deployment failed 
under the new UI and there wasn't a specific error thrown to hint at an issue.

I'll try again today and dig through the logs and come back with findings.

MC

-Original Message-
From: Andrija Panic  
Sent: Thursday, May 20, 2021 5:47 PM
To: users 
Subject: Re: VMware Instance Error

Hi Mike,

that is expected in the old UI - at some point, new features were (in UI)
supported only for the new UI and not in old UI - so this failure is
expected/fine (I'm aware of the specific feature that is being
used/throwing an error here)

Get over the old UI, I know there are emotional connections (for me at
least) and use just the new UI :)

Best,

On Thu, 20 May 2021 at 22:57, Corey, Mike 
wrote:

> I’m having a VM instance fail and I can’t pinpoint the issue.  Maybe
> someone has seen this error below – I see it at the legacy UI and not on
> the new UI.  The new UI just fails the instance after the VM is created in
> vCenter.
>
>
>
> “Boot type and boot mode are not supported on VMware, as we honour what is
> defined in the template."
>
>
>
> I thought it was the global setting vmware.root.disk.controller – I had it
> as osdefault (failed) scsi (failed) and blank (failed) – so I’m not sure
> where or what is triggering the error/failure.
>
>
>
> Many thanks!
>
> Mike
>
>
>
>
>
>
>
>
>
> *Mike Corey*
>
>
> Technology Senior Consultant, IT CS CTW Operation & Virtualization Service
> US
>
>
> *SAP AMERICA, INC.* 3999 West Chester Pike, Newtown Square, 19073 United
> States
>
>
> T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com
>
>
>
>
>
>
>


-- 

Andrija Panić

RE: VMware Instance Error

2021-05-21 Thread Corey, Mike 
Understood.  I only tried the old UI because the instance deployment failed 
under the new UI and there wasn't a specific error thrown to hint at an issue.

I'll try again today and dig through the logs and come back with findings.

MC

-Original Message-
From: Andrija Panic  
Sent: Thursday, May 20, 2021 5:47 PM
To: users 
Subject: Re: VMware Instance Error

Hi Mike,

that is expected in the old UI - at some point, new features were (in UI)
supported only for the new UI and not in old UI - so this failure is
expected/fine (I'm aware of the specific feature that is being
used/throwing an error here)

Get over the old UI, I know there are emotional connections (for me at
least) and use just the new UI :)

Best,

On Thu, 20 May 2021 at 22:57, Corey, Mike 
wrote:

> I’m having a VM instance fail and I can’t pinpoint the issue.  Maybe
> someone has seen this error below – I see it at the legacy UI and not on
> the new UI.  The new UI just fails the instance after the VM is created in
> vCenter.
>
>
>
> “Boot type and boot mode are not supported on VMware, as we honour what is
> defined in the template."
>
>
>
> I thought it was the global setting vmware.root.disk.controller – I had it
> as osdefault (failed) scsi (failed) and blank (failed) – so I’m not sure
> where or what is triggering the error/failure.
>
>
>
> Many thanks!
>
> Mike
>
>
>
>
>
>
>
>
>
> *Mike Corey*
>
>
> Technology Senior Consultant, IT CS CTW Operation & Virtualization Service
> US
>
>
> *SAP AMERICA, INC.* 3999 West Chester Pike, Newtown Square, 19073 United
> States
>
>
> T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com
>
>
>
>
>
>
>


-- 

Andrija Panić

VMware Instance Error

2021-05-20 Thread Corey, Mike 
I'm having a VM instance fail and I can't pinpoint the issue.  Maybe someone 
has seen this error below - I see it at the legacy UI and not on the new UI.  
The new UI just fails the instance after the VM is created in vCenter.

"Boot type and boot mode are not supported on VMware, as we honour what is 
defined in the template."

I thought it was the global setting vmware.root.disk.controller - I had it as 
osdefault (failed) scsi (failed) and blank (failed) - so I'm not sure where or 
what is triggering the error/failure.

Many thanks!

Mike




Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image003.png@01D74D99.3447E160]

SAML SSO Error

2021-05-20 Thread Corey, Mike 
Hi,

Trying to configure the SAML piece for single-sign-on.  I have the info 
registered with my SAML provider and configured all the SAML parameters the 
same way I had on the 4.14 build of ACS.  Trying to determine if it's a setting 
I missed on ACS or I need to go back to the SAML provider team and seek help.

Error in log is:
2021-05-20 10:21:09,932 DEBUG [c.c.a.ApiServer] 
(qtp1026871825-1975:ctx-66fd0a1d ctx-2c5a7b22) (logid:968de14a) CIDRs from 
which account 'Acct[blah-blah-admin]' is allowed to perform API calls: 
0.0.0.0/0,::/0
2021-05-20 10:21:09,933 DEBUG [c.c.a.ApiServlet] 
(qtp1026871825-677:ctx-dff3a7c7) (logid:dafda2bd) Authentication failure: 
{"listandswitchsamlaccountresponse":{"uuidList":[],"errorcode":531,"errortext":"Only
 authenticated saml users can request this API"}}

Any ideas?

MC

Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image001.png@01D74D69.C8CF1B80]

Template Download - No route to host

2021-05-13 Thread Corey, Mike 
Hi,

I'm not a Linux guy by trade so please forgive my ignorance.  The default 
template is not downloading and I'm getting the "no route to host" from ACS and 
inside my SSVM.  The SSVM cannot ping it's public IP gateway either.  And 
obviously it can't hit the web...

root@s-2-VM:~# curl http://www.shapeblue.com
curl: (7) Failed to connect to www.shapeblue.com port 80: No route to host

Google suggests I check the IPTABLES; however, as mentioned I'm not all that 
familiar with Linux family.  I certainly don't want to open up everything to 
the www.

Default route is the public IP gateway as expected... default via 
 dev eth2

SSVM can ping the public IP of the Console System VM.

Should I even have to do anything with IPTables on the SSVM?  My physical 
network is the same as I have on the previous 4.14 ACS lab on VMware and the 
same public ip scope.

Many thanks!



Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image003.png@01D747E8.C7951520]

Failed System VM

2021-05-12 Thread Corey, Mike 
Hi again,

When I enable the zone my system vms just continue to cycle through a 
deployment and expunge.  Only thing I can find in the logs to hint at an issue 
is the line below regarding capacity.  I don't understand how I can have 
insufficient resources...these are 2 Gen 10 blades with (2) 24 core cpus and 
764GB memory.

Is there a setting I need to adjust or something else I should be looking for 
in the logs as an indication as to why they are failing?

2021-05-12 12:05:30,769 WARN  [o.a.c.s.SecondaryStorageManagerImpl] 
(secstorage-1:ctx-dfe12939) (logid:61e5d345) Exception while trying to start 
secondary storage vm
com.cloud.exception.InsufficientServerCapacityException: Unable to create a 
deployment for VM[SecondaryStorageVm|s-14-VM]Scope=interface 
com.cloud.dc.DataCenter; id=1


Another error I'm seeing is regarding the distributed vSwitch - I setup three 
physical networks - management, storage, guest - each with their own VDS 
"traffic label".  (example: vds2-phl-csm02-nfs,0,vmwaredvs).

I don't have a distributed vSwitch named dvSwitch0 so if ACS is looking for 
that I don't know why or why it isn't looking for the switch names I have 
configured under the "traffic label".

Line 71606: com.cloud.exception.InsufficientServerCapacityException: Unable to 
create a deployment for VM[SecondaryStorageVm|s-26-VM]Scope=interface 
com.cloud.dc.DataCenter; id=1
Line 71638: 
com.cloud.exception.InsufficientServerCapacityException: Unable to create a 
deployment for VM[SecondaryStorageVm|s-26-VM]Scope=interface 
com.cloud.dc.DataCenter; id=1
Line 71660: 2021-05-12 14:15:47,330 INFO  
[o.a.c.s.SecondaryStorageManagerImpl] (secstorage-1:ctx-433a9990) 
(logid:64b260ab) Unable to start secondary storage vm for standby capacity, vm 
id : 26, will recycle it and start a new one
Line 71722: 2021-05-12 14:15:49,045 ERROR 
[c.c.h.v.m.HypervisorHostHelper] (DirectAgent-12:ctx-69b57f06 
usphlmvesxt01.phl.global.corp.sap, job-112/job-119, cmd: StartCommand) 
(logid:a5237296) Unable to find distributed vSwitch dvSwitch0
Line 71723: 2021-05-12 14:15:49,045 INFO  [c.c.h.v.u.VmwareHelper] 
(DirectAgent-12:ctx-69b57f06 usphlmvesxt01.phl.global.corp.sap, 
job-112/job-119, cmd: StartCommand) (logid:a5237296) [ignored]failed to get 
message for exception: Unable to find distributed vSwitch dvSwitch0
Line 71725: Message: Unable to find distributed vSwitch dvSwitch0
Line 71727: java.lang.Exception: Unable to find distributed vSwitch 
dvSwitch0
Line 71747: Message: Unable to find distributed vSwitch dvSwitch0
Line 71751: 2021-05-12 14:15:49,053 INFO  
[c.c.v.VirtualMachineManagerImpl] (Work-Job-Executor-7:ctx-81037bca 
job-112/job-119 ctx-43bfb160) (logid:a5237296) Unable to start VM on 
Host[-2-Routing] due to StartCommand failed due to Exception: 
java.lang.Exception
Line 71752: Message: Unable to find distributed vSwitch dvSwitch0





Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image002.png@01D7473B.219C4150]

RE: Primary Storage Fails

2021-05-12 Thread Corey, Mike 
Alex,

Rather than me sending out emails to a mailing list, is there a KB or online 
bucket of past emails that I can look through for issues similar to mine?

Thanks!

Mike

-Original Message-
From: Alex Mattioli  
Sent: Wednesday, May 12, 2021 10:53 AM
To: users@cloudstack.apache.org
Subject: RE: Primary Storage Fails

Hi Mike,

Is that with NFS?
Can you mount the datastore from all your hosts? (I believe you already stated 
that, but just to be sure).
Got a screenshot of the primary storage part of the wizard?

Cheers,
Alex



From: Corey, Mike 
Sent: 12 May 2021 16:35
To: users@cloudstack.apache.org
Subject: Primary Storage Fails

Hi - I believe I've figured out the networking piece of the zone wizard.  
However, now I'm hitting an error with primary storage.

Error:
Something went wrong; please correct the following:
Failed to add data store: Failed to create storage pool as it is not accessible 
to hosts.

I've verified the ESXi hosts and ACS can mount the volume.

One thing I've noticed is that the storage network port group was not created 
in vCenter by ACS.  The only port group to show up is the network under the 
management VDS.




Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E 
mike.co...@sap.com<mailto:mike.co...@sap.com>


[cid:image003.png@01D7471A.6632B540]

RE: Primary Storage Fails

2021-05-12 Thread Corey, Mike 
I think I found the caveat to this issue.

I believe the issue was the global setting vmware.use.dvswitch being set to 
false.  After I set this to true and restarted ACS and the wizard it completed 
onto the next step.  One concern I have though is that NONE of the port groups 
are showing up in the VDS I have in vCenter.  Shouldn't the guest, public, 
management, and storage port groups (physical networks) be added to the vCenter 
VDS?

Also - I found out that in the Secondary Storage wizard window you don't 
include the "/" in the path field.  

Mike



-Original Message-
From: Alex Mattioli  
Sent: Wednesday, May 12, 2021 10:53 AM
To: users@cloudstack.apache.org
Subject: RE: Primary Storage Fails

Hi Mike,

Is that with NFS?
Can you mount the datastore from all your hosts? (I believe you already stated 
that, but just to be sure).
Got a screenshot of the primary storage part of the wizard?

Cheers,
Alex



From: Corey, Mike 
Sent: 12 May 2021 16:35
To: users@cloudstack.apache.org
Subject: Primary Storage Fails

Hi - I believe I've figured out the networking piece of the zone wizard.  
However, now I'm hitting an error with primary storage.

Error:
Something went wrong; please correct the following:
Failed to add data store: Failed to create storage pool as it is not accessible 
to hosts.

I've verified the ESXi hosts and ACS can mount the volume.

One thing I've noticed is that the storage network port group was not created 
in vCenter by ACS.  The only port group to show up is the network under the 
management VDS.




Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E 
mike.co...@sap.com<mailto:mike.co...@sap.com>


[cid:image003.png@01D7471A.6632B540]

Primary Storage Fails

2021-05-12 Thread Corey, Mike 
Hi - I believe I've figured out the networking piece of the zone wizard.  
However, now I'm hitting an error with primary storage.

Error:
Something went wrong; please correct the following:
Failed to add data store: Failed to create storage pool as it is not accessible 
to hosts.

I've verified the ESXi hosts and ACS can mount the volume.

One thing I've noticed is that the storage network port group was not created 
in vCenter by ACS.  The only port group to show up is the network under the 
management VDS.




Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image003.png@01D7471A.6632B540]

Failed to add VMware DC...

2021-05-11 Thread Corey, Mike 
Sorry to keep you so busy today...

Needless to say my initial zone creation failed.  I have removed the custom 
attributes in vCenter; however I'm still getting the error below when trying to 
run through the zone wizard again.

"Failed to add VMware DC to zone due to : This DC is being managed by other 
CloudStack deployment. Cannot add this DC to zone."

As said, I removed the custom attributes and restarted ACS.

https://basu.co.in/2014/10/28/how-to-re-use-vcenter-in-cloudstack/
https://support.accelerite.com/hc/en-us/articles/360030933432-This-DC-is-already-part-of-other-CloudStack-zone-s-Cannot-add-this-DC-to-more-zones-

Is there something I need to clean up in the SQL?


Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image001.png@01D74655.E9BF6CC0]

RE: VMware VDS Specifics

2021-05-11 Thread Corey, Mike 
Thanks Alex,

So what I've have now are 4 VDS.  When I'm going through the Add Zone wizard, 
do I create 3 physical networks - one for each traffic type - Guest, 
Management, Storage?  If so, how do I link the CloudStack physical network to 
the correct VMware VDS?

"When adding a zone, you need to set up one or more physical networks. Each 
network corresponds to a NIC on the hypervisor. Each physical network can carry 
one or more types of traffic, with certain restrictions on how they may be 
combined. Add or remove one or more traffic types onto each physical network."

From: Alex Mattioli 
Sent: Tuesday, May 11, 2021 4:57 AM
To: users@cloudstack.apache.org
Subject: RE: VMware VDS Specifics

Hi Mike,

ACS doesn't touch the uplink assignments already created. But you can't really 
tell it which uplinks to set in a portgroup, so when it creates the Storage 
portgroup it might not use the desired uplinks, it will be using the default 
uplinks set on ESX.
You could wait for ACS to create the portgroup, check which uplinks it uses and 
then change the others accordingly (annoying, I know)

The way I'd carve those 8 NICs would be:

VDS _Management - 2 uplinks, with your management portgroups and management vmk
VDS_Guest - 2 uplinks, for ACS to create guest networks.
VDS_Storage - 2 uplinks, with your NFS vmk and ACS's storage portgroup and your 
vMotion vmk (which you can then set to use whatever uplinks are not the 
default, you can check after ACS has created the storage portgroup)

Alternatively you can create a 4th VDS, something like  VDS_OOB - 2 uplinks 
with the vMotion vmk. (In my case I've used that in production for monitoring 
and backups, but could be for vMotion as well).

Hope that helps,

Btw, what bandwidth do you have on those links?

Cheers,
Alex





From: Corey, Mike mailto:mike.co...@sap.com>>
Sent: 10 May 2021 22:15
To: Alex Mattioli 
mailto:alex.matti...@shapeblue.com>>
Subject: VMware VDS Specifics

Hi Alex,

I'm about to run through my first 4.15 zone setup but want to make sure I have 
my VDS lined up.

I have 8 uplinks broken out: (2) vmk0, (2) vmotion, (2) NFS, (2) guest traffic.

I have two VDS configured; one for "management" port groups and one for guest 
VM traffic port groups.  On the management VDS, there are six uplinks and I 
have uplink assignments for each of the kernel traffic types...meaning I 
segregate vmk0 to 2 uplinks, NFS is on 2 other uplinks, and vmotion on 2 other 
uplinks.  The guest vm VDS is simple with two uplinks assigned to the public 
and private port groups.

My concern/question is how will CloudStack handle this layout and will it 
"respect" how I have the VDS port group to uplink assignments?  When it creates 
the storage port group for example will I be able to assign the uplinks 
dedicated for storage traffic on my hosts?




Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E 
mike.co...@sap.com<mailto:mike.co...@sap.com>


[cid:image001.png@01D74653.1E63B600]

RE: Initial Zone Setup Wizard

2021-05-11 Thread Corey, Mike 
Thanks for the reply Harikrishna,

This information is helpful, but doesn't answer my question.  The "Traffic 
Label" is found on the physical network wizard screen - when you click the 
pencil "edit" on traffic type.  You have to provide a Traffic Label; however 
I'm not sure what to put here.  For VMware, is it the port group name of the 
network or anything I want to name it?

ERROR: "Error in configuration! All required traffic types should be added and 
with multiple physical networks each network should have a label."

Mike



-Original Message-
From: Harikrishna Patnala  
Sent: Monday, May 10, 2021 11:50 PM
To: users@cloudstack.apache.org
Subject: Re: Initial Zone Setup Wizard

Hi Mike,

In 4.15, new UI has only option to setup advanced zone. If you want to setup 
basic zone in 4.15 you can use legacy UI (x.x.x.x:8080/client/legacy/). FYI the 
basic zone wizard is restored in 4.15.1 version of CloudStack 
(https://github.com/apache/cloudstack/pull/4882)

I cannot see your images in the email, I guess you are talking about traffic 
labels for guest traffic for private gateway 
(http://docs.cloudstack.apache.org/projects/archived-cloudstack-administration/en/latest/networking_and_traffic.html#guest-traffic-for-private-gateway).
 If you want to understand the complete network concepts of CloudStack and 
decide on which zone to use (either basic or advanced) you can go through this 
link 
http://docs.cloudstack.apache.org/projects/archived-cloudstack-administration/en/latest/networking_and_traffic.html#
Managing Networks and Traffic - Apache CloudStack Administration Documentation 
4.11.0.0 documentation - Apache CloudStack 4.15.0.0 
documentation<http://docs.cloudstack.apache.org/projects/archived-cloudstack-administration/en/latest/networking_and_traffic.html#guest-traffic-for-private-gateway>
Managing Networks and Traffic¶. In a CloudStack, guest VMs can communicate with 
each other using shared infrastructure with the security and user perception 
that the guests have a private LAN.
docs.cloudstack.apache.org

Managing Networks and Traffic - Apache CloudStack Administration Documentation 
4.11.0.0 documentation - Apache CloudStack 4.15.0.0 
documentation<http://docs.cloudstack.apache.org/projects/archived-cloudstack-administration/en/latest/networking_and_traffic.html#>
Managing Networks and Traffic¶. In a CloudStack, guest VMs can communicate with 
each other using shared infrastructure with the security and user perception 
that the guests have a private LAN.
docs.cloudstack.apache.org
Regards,
Harikrishna


From: Corey, Mike 
Sent: Tuesday, May 11, 2021 2:02 AM
To: users@cloudstack.apache.org 
Subject: Initial Zone Setup Wizard


Hi,



I'm starting up the new 4.15 ui and trying to create my first zone.  The new UI 
is very nice; however, I'm not sure I can select the "Advanced" wizard option.  
The only "clickable" thing on this screen is NEXT.  Am I supposed to be able to 
click on "Advanced" to go through that wizard versus the basic wizard?



[cid:image003.jpg@01D745BA.0D550BF0]



Next question is regarding "Traffic Label" on the Physical Network window.  
What should the labels be?  Could I get some clarity on this please?



[cid:image006.jpg@01D745BA.0D550BF0]









Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image007.png@01D745BA.0D550BF0]

Initial Zone Setup Wizard

2021-05-10 Thread Corey, Mike 
Hi,

I'm starting up the new 4.15 ui and trying to create my first zone.  The new UI 
is very nice; however, I'm not sure I can select the "Advanced" wizard option.  
The only "clickable" thing on this screen is NEXT.  Am I supposed to be able to 
click on "Advanced" to go through that wizard versus the basic wizard?

[cid:image003.jpg@01D745BA.0D550BF0]

Next question is regarding "Traffic Label" on the Physical Network window.  
What should the labels be?  Could I get some clarity on this please?

[cid:image006.jpg@01D745BA.0D550BF0]




Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image007.png@01D745BA.0D550BF0]

TSL/SSL for 4.15 UI

2021-05-05 Thread Corey, Mike 
Hi,

Before I start, has the bug with Subject Alternate Names in the certificate 
causing https UI to not load been resolved in the 4.15 release?  I ran into it 
with 4.14 and want to see if its fixed so I know how to proceed with my cert 
for the UI.

Thanks!

Mike




Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image001.png@01D7418D.106704A0]


--- Begin Message ---
My certificate issue is with 4.14.  When I have a certificate using SAN the UI 
doesn't load.  When I have a certificate using just the CN as FQDN the UI loads.

Mike

-Original Message-
From: Andrija Panic 
Sent: Friday, August 14, 2020 7:04 AM
To: users 
Cc: Rafael del Valle 
Subject: Re: RE: Configuring HTTPS for UI

Mike are you trying on 4.14 or older build?
I believe I've just seen an issue on 4.14.

Best,

On Mon, 10 Aug 2020 at 17:12, Corey, Mike  wrote:

> Thanks for the feedback Rafael,
>
> When I use a certificate created with the FQDN as the CN, and with
> DNS: and/or IP: in the SubjectAlternate piece of the
> CNF file - https: UI doesn't load.
>
> When I use a certificate created with the FQDN as the CN only - the https:
> UI loads with the valid certificate.
>
> If I understand your suggestion the CSR field CN should be a description.
> The SubjectAlternateName fields should be DNS: , DNS: ???
>
> Mike
>
>
>
> -Original Message-
> From: Rafael del Valle 
> Sent: Friday, August 7, 2020 4:17 PM
> To: users@cloudstack.apache.org
> Subject: Re: RE: Configuring HTTPS for UI
>
> Hi Mike,
>
> do you have the non-working certificates to have a look?
>
> We automated certificate generation for our corporate CA with ansible some
> time ago, we have a intermediate CA which is kind of our in-house lets
> encrypt for our private cloud.
>
> Did you remember to prefix the Alt Names with "DNS:" ?
>
> About a year ago webkit browsers started requiring Alt-Name extension and
> would not verify  the site if only CN was used.
>
> I had a look at our code and  we now we use a textual description on CN,
> such as: "Support Center LBS" and the like, with AltNames for each
> entry-point domain prefixed with DNS:
>
> We generate the CSRs like this, and we wrote a python plugin for the
> signature:
>
>
> - name: "Generate {{pvz_ca_certdesc}} certificate request"
>   openssl_csr:
> path: "{{pvz_ca_certhome}}/{{pvz_ca_certname}}.csr"
> privatekey_path: "{{pvz_ca_certhome}}/{{pvz_ca_certname}}.pem"
> country_name: "{{pvzcloud.cert.country_name}}"
> organization_name: "{{pvzcloud.cert.organization_name}}"
> organizational_unit_name: "{{pvzcloud.cert.organizational_unit_name}}"
> email_address: "{{pvzcloud.cert.email_address}}"
> common_name: "{{pvzcloud.cert.organization_name}} {{pvz_ca_certdesc}}"
> basic_constraints_critical: yes
> basic_constraints:
>   - "CA:FALSE"
> key_usage:
>   - digitalSignature
>   - nonRepudiation
>   - keyEncipherment
> subject_alt_name:  "{{ pvz_ca_certdomains | map('regex_replace',
> '^(.*)$', 'DNS:\\1') | list }}"
> group: "{{pvz_ca_group}}"
> owner: "{{pvz_ca_owner}}"
>
>
>
>
>
> Hope this helps...
> R.
>
> On Fri, 2020-08-07 06:02 PM, "Corey, Mike"  wrote:
> >
> One thing that came up.  When I use Subject Alternative Names in my CSR,
> the 8443 url doesn't work for either names I have in the cert.  However,
> using just the vanilla CSR with FQDN works fine.
> >
> > Is that something with the openssl configuration file I have
> misconfigured, the type of cert I'm getting from my corporate CA, or can
> jetty(java, tomcat?) only support the single commonname cert?
> >
> > Thanks!
> >
> > Mike
> >
> > -Original Message-
> > From: Corey, Mike " target="_blank">
> > Sent: Thursday, August 6, 2020 3:07 PM
> > To: users@cloudstack.apache.org
> > Subject: [CAUTION] RE: Configuring HTTPS for UI
> >
> > Thanks for the feedback.
> >
> > I followed the procedures found here:
> https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/
> >
> > For good measure I did add rule:
> > iptables -I INPUT 1 -p tcp -m tcp --dport 8443 -j ACCEPT
> >
> > Note I received an error regarding this line in the web.xml file:
> > *
> >
> > I needed to change it to *. for the error to
> go away and the UI to start

RE: VMware VDS Updates on 4.15?

2021-04-26 Thread Corey, Mike 
No - I don't believe anyone responded back with my inquiry.  As I stated in my 
email the latest on a VMware VDS is from version 4.11 and was wondering if 
compatibility/supportability has changed over the recent versions of either 
Apache CloudStack and/or VMware.

Thanks!

Mike



-Original Message-
From: Andrija Panic  
Sent: Monday, April 26, 2021 4:10 PM
To: users 
Subject: Re: VMware VDS Updates on 4.15?

Hi Mike,

I believe you got the answers elsewhere, am I right?

Best,

On Wed, 21 Apr 2021 at 21:19, Corey, Mike  wrote:

> Hi,
>
>
>
> I’m looking into using VMware Virtual Distributed Switches with my next
> lab build.  Has there been any new developments on using the VDS with
> CloudStack?  The latest info seems to be in the 4.11 notes, snippet below.
> If I’m looking at this correctly, I cannot have my NFS Storage network on
> the VDS…is that still the case with 4.15?
>
>
>
> Prerequisites and Guidelines
>
>- VMware VDS is supported only on Public and Guest traffic in
>CloudStack.
>- VMware VDS does not support multiple VDS per traffic type. If a user
>has many VDS switches, only one can be used for Guest traffic and another
>one for Public traffic.
>- Additional switches of any type can be added for each cluster in the
>same zone. While adding the clusters with different switch type, traffic
>labels is overridden at the cluster level.
>- Management and Storage network does not support VDS. Therefore, use
>Standard Switch for these networks.
>- When you remove a guest network, the corresponding dvportgroup will
>not be removed on the vCenter. You must manually delete them on the 
> vCenter.
>
>
>
> Many thanks!
>
> Mike
>
>
>
>
>
>
>
> *Mike Corey*
>
>
> Technology Senior Consultant, IT CS CTW Operation & Virtualization Service
> US
>
>
> *SAP AMERICA, INC.* 3999 West Chester Pike, Newtown Square, 19073 United
> States
>
>
> T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com
>
>
>
>
>
>
>


-- 

Andrija Panić

VMware VDS Updates on 4.15?

2021-04-21 Thread Corey, Mike 
Hi,

I'm looking into using VMware Virtual Distributed Switches with my next lab 
build.  Has there been any new developments on using the VDS with CloudStack?  
The latest info seems to be in the 4.11 notes, snippet below.  If I'm looking 
at this correctly, I cannot have my NFS Storage network on the VDS...is that 
still the case with 4.15?

Prerequisites and Guidelines

  *   VMware VDS is supported only on Public and Guest traffic in CloudStack.
  *   VMware VDS does not support multiple VDS per traffic type. If a user has 
many VDS switches, only one can be used for Guest traffic and another one for 
Public traffic.
  *   Additional switches of any type can be added for each cluster in the same 
zone. While adding the clusters with different switch type, traffic labels is 
overridden at the cluster level.
  *   Management and Storage network does not support VDS. Therefore, use 
Standard Switch for these networks.
  *   When you remove a guest network, the corresponding dvportgroup will not 
be removed on the vCenter. You must manually delete them on the vCenter.

Many thanks!

Mike



Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image001.png@01D736C1.9DABF7C0]

Re: Congratulations to Gabriel - CloudStack PMC Chair

2021-03-17 Thread Mike Tutkowski 
Congratulations, Gabriel!

On Wed, Mar 17, 2021 at 3:12 PM Paul Angus  wrote:

> Hi All CloudStack enthusiasts!
>
>
>
> Please join me in congratulating Gabriel for becoming the next CloudStack
> PMC Chair.
>
> Congratulations Gabriel, very well deserved!
>
>
>
> I would also like to thank Sven for his great work of the past year!
>
>
>
>
>
>
>
> Kind regards
>
>
>
> Paul Angus
>
>
>

RE: Troubleshooting Console Proxy

2020-12-09 Thread Corey, Mike 
Thanks to those for the feedback.

For whatever reason I thought I'd try destroying and allowing the ConsoleVM to 
regenerate.  Doing so fixed my VM console access.  

I don't know if when I modified/added the wildcard certificate if the original 
ConsoleVM borked or what but regenerating the vm fixed my issue.

Mike




-Original Message-
From: Richard Lawley  
Sent: Tuesday, December 8, 2020 3:41 PM
To: users@cloudstack.apache.org
Subject: Re: Troubleshooting Console Proxy

The URL setting should be "*.domain.com" (including the *.)

You will also need working DNS for the name a-b-c-d.domain.com - you can
either add these as static records every time you create a new console
proxy, or if you'll be doing it a lot, you can look at using something like
https://github.com/terbolous/powerdns-cloudstack-proxy-dns/ to make an
automated version (this might be impossible if you're using your main
domain name and don't want to run that under powerdns!).

The certificate loaded through the UI is for console proxy and ssvm only -
management server uses SSL cert defined in config files.

When you open a console window from the cloudstack UI, the window will have
the URL of the management server, but if you check the source of the page
it loads, it will be a frame with src https://a-b-c-d.domain.com.  If the
console proxy and the management server are both within the same domain
then you can use the same certificate for them both, but you'll need to
load it in both places.

Regards,

Richard

On Tue, 8 Dec 2020, 19:19 Corey, Mike,  wrote:

> Thanks for the reply Richard.
>
> The consoleproxy.url.domain is set to my wildcard domain name, is that how
> it should be?
>
> I set consoleproxy.sslEnabled as true and now the console window isn't
> total blank.  Instead I get  refused to
> connect.  Logs now say "Compose console url: https://;.
>
> Question - the address of the console window is showing as the FQDN of my
> CloudStack Management server.  The certificate for my Management UI is what
> loads which is assigned to the FQDN of the management server.
>
> I guess I'm confused as to where the wildcard certificate needs to be
> loaded.  Following the console proxy SSL directions, I assume the wildcard
> certificate is for the VM Console functionality (NO?).
>
>
> http://docs.cloudstack.apache.org/en/4.11.1.0/adminguide/systemvm.html?highlight=certificate#changing-the-console-proxy-ssl-certificate-and-domain
>
> So to review I have two CA certificates:
>
> 1-  is for my management server UI portal which is a FQDN named
> certificate
> 2- for the console proxy as a wildcard certificate.
>
> Should I have two different certs or should I have used the wildcard for
> both the UI portal and console proxy vm???
>
> Apologizes for my newb questions.
>
> Mike
>
>
>
> -Original Message-
> From: Richard Lawley 
> Sent: Tuesday, December 8, 2020 1:55 PM
> To: users@cloudstack.apache.org
> Subject: Re: Troubleshooting Console Proxy
>
> Our documented procedure for updating console proxy SSL is:
>
>1. Load cert through CloudStack UI, wait for Console Proxy VMs to
> restart
>2. If this is the first installation of SSL certificate, ensure Settings
>consoleproxy.sslEnabled and consoleproxy.url.domain are set correctly
>3. Restart CloudStack Management Service
>
> Once it's working you should be able to access the console proxy over
> https, which should be enough for you to confirm the correct cert is there.
>
> Regards,
>
> Richard
>
> On Tue, 8 Dec 2020 at 18:31, Corey, Mike  wrote:
>
> > Hi,
> >
> > I believe I have configured the console proxy correctly but I'd like to
> > verify the console proxy is using my wildcard certificate.  When I loaded
> > the wildcard cert, root, and sub root, key, etc. through the CS portal I
> > got a "succeed" message and the system vms reloaded, but the console
> isn't
> > loading.
> >
> > How can I verify the Console VM is using my custom wildcard cert? Is it
> an
> > openssl command or a mysql query?
> >
> > What logs should I be looking for an error message as to why my console
> > window is blank?
> >
> > The public IP of the console proxy vm is in DNS and resolves.  The
> > management log shows that the url is being provided but again just a
> blank
> > window.
> >
> > 2020-12-08 11:21:58,424 DEBUG [c.c.s.ConsoleProxyServlet]
> > (qtp1497845528-16:null) (logid:) Compose console url: http://<
> > I-P.domain.name
> >
> >/ajax?token=mORLUQO3R5lrOdIrRZsozUg2LnLTx5jGtgJnhHRX_-1WmlyxDZzQsaZ7nmuU_KFpd9egjZtkx74ftae3wUpF2IdvRKy7HlYodQBtQf9ldJvZhYNr1GOnxWJYZAAxTPatkVhbVg9Q9gJqFVXB5ebphg1MyGzktZgu6I5VwweGtH2tJcBFqOeUH

RE: Troubleshooting Console Proxy

2020-12-08 Thread Corey, Mike 
Thanks for the reply Richard.

The consoleproxy.url.domain is set to my wildcard domain name, is that how it 
should be?

I set consoleproxy.sslEnabled as true and now the console window isn't total 
blank.  Instead I get  refused to connect.  Logs now 
say "Compose console url: https://;.

Question - the address of the console window is showing as the FQDN of my 
CloudStack Management server.  The certificate for my Management UI is what 
loads which is assigned to the FQDN of the management server.

I guess I'm confused as to where the wildcard certificate needs to be loaded.  
Following the console proxy SSL directions, I assume the wildcard certificate 
is for the VM Console functionality (NO?).
 
http://docs.cloudstack.apache.org/en/4.11.1.0/adminguide/systemvm.html?highlight=certificate#changing-the-console-proxy-ssl-certificate-and-domain

So to review I have two CA certificates:  

1-  is for my management server UI portal which is a FQDN named certificate 
2- for the console proxy as a wildcard certificate.  

Should I have two different certs or should I have used the wildcard for both 
the UI portal and console proxy vm???

Apologizes for my newb questions.

Mike



-Original Message-
From: Richard Lawley  
Sent: Tuesday, December 8, 2020 1:55 PM
To: users@cloudstack.apache.org
Subject: Re: Troubleshooting Console Proxy

Our documented procedure for updating console proxy SSL is:

   1. Load cert through CloudStack UI, wait for Console Proxy VMs to restart
   2. If this is the first installation of SSL certificate, ensure Settings
   consoleproxy.sslEnabled and consoleproxy.url.domain are set correctly
   3. Restart CloudStack Management Service

Once it's working you should be able to access the console proxy over
https, which should be enough for you to confirm the correct cert is there.

Regards,

Richard

On Tue, 8 Dec 2020 at 18:31, Corey, Mike  wrote:

> Hi,
>
> I believe I have configured the console proxy correctly but I'd like to
> verify the console proxy is using my wildcard certificate.  When I loaded
> the wildcard cert, root, and sub root, key, etc. through the CS portal I
> got a "succeed" message and the system vms reloaded, but the console isn't
> loading.
>
> How can I verify the Console VM is using my custom wildcard cert? Is it an
> openssl command or a mysql query?
>
> What logs should I be looking for an error message as to why my console
> window is blank?
>
> The public IP of the console proxy vm is in DNS and resolves.  The
> management log shows that the url is being provided but again just a blank
> window.
>
> 2020-12-08 11:21:58,424 DEBUG [c.c.s.ConsoleProxyServlet]
> (qtp1497845528-16:null) (logid:) Compose console url: http://<
> I-P.domain.name
> >/ajax?token=mORLUQO3R5lrOdIrRZsozUg2LnLTx5jGtgJnhHRX_-1WmlyxDZzQsaZ7nmuU_KFpd9egjZtkx74ftae3wUpF2IdvRKy7HlYodQBtQf9ldJvZhYNr1GOnxWJYZAAxTPatkVhbVg9Q9gJqFVXB5ebphg1MyGzktZgu6I5VwweGtH2tJcBFqOeUH7utMAzOeGdQW6RXZXi3HWjUSnWs4AzxwX53yFGiS1nOB2lCqAkz8-PUkx7qvfDFkxLEs6iVYTNTaowejHS13_yHeSf7t_xQFkXs1MeQNqEUcBAFaevWbSg=windows
> 2020-12-08 11:21:58,424 DEBUG [c.c.s.ConsoleProxyServlet]
> (qtp1497845528-16:null) (logid:) the console url is ::
> CV-Oct14-T20
>
> From: Corey, Mike 
> Sent: Monday, December 7, 2020 12:02 PM
> To: users@cloudstack.apache.org
> Subject: [CAUTION] Console Proxy on VMware ESXi?
>
> Hi,
>
> Is there still a requirement to modify the ESXi firewall for VM console
> proxy?  Documented process is for older version so I wasn't sure if it was
> still relevant for ESXi 6.5 and 6.7+.  I ask because when I launch the VM
> proxy I just get a blank window.  Any ideas on how I can troubleshoot?
>
> Extend Port Range for CloudStack Console Proxy
> (Applies only to VMware vSphere version 4.x)
> You need to extend the range of firewall ports that the console proxy
> works with on the hosts. This is to enable the console proxy to work with
> VMware-based VMs. The default additional port range is 59000-6. To
> extend the port range, log in to the VMware ESX service console on each
> host and run the following commands:
> esxcfg-firewall -o 59000-6,tcp,in,vncextras
> esxcfg-firewall -o 59000-6,tcp,out,vncextras
>
>
> Thanks!
>
> Mike
>
>
> Mike Corey
>
> Technology Senior Consultant, IT CS CTW Operation & Virtualization Service
> US
>
> SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United
> States
>
> T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com mike.co...@sap.com>
>
>
> [cid:image001.png@01D6CC90.C0B9D750]
>
>
>

Troubleshooting Console Proxy

2020-12-08 Thread Corey, Mike 
Hi,

I believe I have configured the console proxy correctly but I'd like to verify 
the console proxy is using my wildcard certificate.  When I loaded the wildcard 
cert, root, and sub root, key, etc. through the CS portal I got a "succeed" 
message and the system vms reloaded, but the console isn't loading.

How can I verify the Console VM is using my custom wildcard cert? Is it an 
openssl command or a mysql query?

What logs should I be looking for an error message as to why my console window 
is blank?

The public IP of the console proxy vm is in DNS and resolves.  The management 
log shows that the url is being provided but again just a blank window.

2020-12-08 11:21:58,424 DEBUG [c.c.s.ConsoleProxyServlet] 
(qtp1497845528-16:null) (logid:) Compose console url: 
http:///ajax?token=mORLUQO3R5lrOdIrRZsozUg2LnLTx5jGtgJnhHRX_-1WmlyxDZzQsaZ7nmuU_KFpd9egjZtkx74ftae3wUpF2IdvRKy7HlYodQBtQf9ldJvZhYNr1GOnxWJYZAAxTPatkVhbVg9Q9gJqFVXB5ebphg1MyGzktZgu6I5VwweGtH2tJcBFqOeUH7utMAzOeGdQW6RXZXi3HWjUSnWs4AzxwX53yFGiS1nOB2lCqAkz8-PUkx7qvfDFkxLEs6iVYTNTaowejHS13_yHeSf7t_xQFkXs1MeQNqEUcBAFaevWbSg=windows
2020-12-08 11:21:58,424 DEBUG [c.c.s.ConsoleProxyServlet] 
(qtp1497845528-16:null) (logid:) the console url is :: 
CV-Oct14-T20

From: Corey, Mike 
Sent: Monday, December 7, 2020 12:02 PM
To: users@cloudstack.apache.org
Subject: [CAUTION] Console Proxy on VMware ESXi?

Hi,

Is there still a requirement to modify the ESXi firewall for VM console proxy?  
Documented process is for older version so I wasn't sure if it was still 
relevant for ESXi 6.5 and 6.7+.  I ask because when I launch the VM proxy I 
just get a blank window.  Any ideas on how I can troubleshoot?

Extend Port Range for CloudStack Console Proxy
(Applies only to VMware vSphere version 4.x)
You need to extend the range of firewall ports that the console proxy works 
with on the hosts. This is to enable the console proxy to work with 
VMware-based VMs. The default additional port range is 59000-6. To extend 
the port range, log in to the VMware ESX service console on each host and run 
the following commands:
esxcfg-firewall -o 59000-6,tcp,in,vncextras
esxcfg-firewall -o 59000-6,tcp,out,vncextras


Thanks!

Mike


Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E 
mike.co...@sap.com<mailto:mike.co...@sap.com>


[cid:image001.png@01D6CC90.C0B9D750]

Console Proxy on VMware ESXi?

2020-12-07 Thread Corey, Mike 
Hi,

Is there still a requirement to modify the ESXi firewall for VM console proxy?  
Documented process is for older version so I wasn't sure if it was still 
relevant for ESXi 6.5 and 6.7+.  I ask because when I launch the VM proxy I 
just get a blank window.  Any ideas on how I can troubleshoot?

Extend Port Range for CloudStack Console Proxy
(Applies only to VMware vSphere version 4.x)
You need to extend the range of firewall ports that the console proxy works 
with on the hosts. This is to enable the console proxy to work with 
VMware-based VMs. The default additional port range is 59000-6. To extend 
the port range, log in to the VMware ESX service console on each host and run 
the following commands:
esxcfg-firewall -o 59000-6,tcp,in,vncextras
esxcfg-firewall -o 59000-6,tcp,out,vncextras


Thanks!

Mike


Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image001.png@01D6CC90.C0B9D750]

Clean-up stale clones

2020-10-16 Thread Corey, Mike 
Hi,

Running through my lab testing I seem to be collecting different copies of 
clones in my vCenter.  I'm talking about the initial clone created when the 
very first instance is created from a template.  I've since imported templates, 
created instances, and destroyed both but the initial clone of the template VM 
remains (VM is named uuid) in my vCenter.

Why doesn't CloudStack purge that automatically if/when a template is 
destroyed?  It makes vCenter cluttered and also takes up space on my VMware 
storage.

Another thing is that these template VM clones cause an error in the logs that, 
in my opinion, is just noise and unnecessary. (Unable to find matched VM in 
CloudStack DB. name: fb0f60a8b22637b8bd6c67d03a10196d)



Mike




Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image003.png@01D6A3A9.57C38440]

RE: RE: Configuring HTTPS for UI

2020-08-14 Thread Corey, Mike 
My certificate issue is with 4.14.  When I have a certificate using SAN the UI 
doesn't load.  When I have a certificate using just the CN as FQDN the UI loads.

Mike

-Original Message-
From: Andrija Panic  
Sent: Friday, August 14, 2020 7:04 AM
To: users 
Cc: Rafael del Valle 
Subject: Re: RE: Configuring HTTPS for UI

Mike are you trying on 4.14 or older build?
I believe I've just seen an issue on 4.14.

Best,

On Mon, 10 Aug 2020 at 17:12, Corey, Mike  wrote:

> Thanks for the feedback Rafael,
>
> When I use a certificate created with the FQDN as the CN, and with
> DNS: and/or IP: in the SubjectAlternate piece of the
> CNF file - https: UI doesn't load.
>
> When I use a certificate created with the FQDN as the CN only - the https:
> UI loads with the valid certificate.
>
> If I understand your suggestion the CSR field CN should be a description.
> The SubjectAlternateName fields should be DNS: , DNS: ???
>
> Mike
>
>
>
> -Original Message-
> From: Rafael del Valle 
> Sent: Friday, August 7, 2020 4:17 PM
> To: users@cloudstack.apache.org
> Subject: Re: RE: Configuring HTTPS for UI
>
> Hi Mike,
>
> do you have the non-working certificates to have a look?
>
> We automated certificate generation for our corporate CA with ansible some
> time ago, we have a intermediate CA which is kind of our in-house lets
> encrypt for our private cloud.
>
> Did you remember to prefix the Alt Names with "DNS:" ?
>
> About a year ago webkit browsers started requiring Alt-Name extension and
> would not verify  the site if only CN was used.
>
> I had a look at our code and  we now we use a textual description on CN,
> such as: "Support Center LBS" and the like, with AltNames for each
> entry-point domain prefixed with DNS:
>
> We generate the CSRs like this, and we wrote a python plugin for the
> signature:
>
>
> - name: "Generate {{pvz_ca_certdesc}} certificate request"
>   openssl_csr:
> path: "{{pvz_ca_certhome}}/{{pvz_ca_certname}}.csr"
> privatekey_path: "{{pvz_ca_certhome}}/{{pvz_ca_certname}}.pem"
> country_name: "{{pvzcloud.cert.country_name}}"
> organization_name: "{{pvzcloud.cert.organization_name}}"
> organizational_unit_name: "{{pvzcloud.cert.organizational_unit_name}}"
> email_address: "{{pvzcloud.cert.email_address}}"
> common_name: "{{pvzcloud.cert.organization_name}} {{pvz_ca_certdesc}}"
> basic_constraints_critical: yes
> basic_constraints:
>   - "CA:FALSE"
> key_usage:
>   - digitalSignature
>   - nonRepudiation
>   - keyEncipherment
> subject_alt_name:  "{{ pvz_ca_certdomains | map('regex_replace',
> '^(.*)$', 'DNS:\\1') | list }}"
> group: "{{pvz_ca_group}}"
> owner: "{{pvz_ca_owner}}"
>
>
>
>
>
> Hope this helps...
> R.
>
> On Fri, 2020-08-07 06:02 PM, "Corey, Mike"  wrote:
> >
> One thing that came up.  When I use Subject Alternative Names in my CSR,
> the 8443 url doesn't work for either names I have in the cert.  However,
> using just the vanilla CSR with FQDN works fine.
> >
> > Is that something with the openssl configuration file I have
> misconfigured, the type of cert I'm getting from my corporate CA, or can
> jetty(java, tomcat?) only support the single commonname cert?
> >
> > Thanks!
> >
> > Mike
> >
> > -Original Message-
> > From: Corey, Mike " target="_blank">
> > Sent: Thursday, August 6, 2020 3:07 PM
> > To: users@cloudstack.apache.org
> > Subject: [CAUTION] RE: Configuring HTTPS for UI
> >
> > Thanks for the feedback.
> >
> > I followed the procedures found here:
> https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/
> >
> > For good measure I did add rule:
> > iptables -I INPUT 1 -p tcp -m tcp --dport 8443 -j ACCEPT
> >
> > Note I received an error regarding this line in the web.xml file:
> > *
> >
> > I needed to change it to *. for the error to
> go away and the UI to start.
> >
> >
> >
> >
> > -Original Message-
> > From: Andrija Panic " target="_blank">
> > Sent: Wednesday, August 5, 2020 11:29 AM
> > To: users " target="_blank">
> > Subject: Re: Configuring HTTPS for UI
> >
> > Hi Mike,
> >
> > not sure what to docs say (haven't read that part recently), but the blog
> > page should suffice (well, I see that github issue with 4.14 and SSL -
> > haven't tested myself, so can't confirm/deny the i

RE: RE: Configuring HTTPS for UI

2020-08-10 Thread Corey, Mike 
Thanks for the feedback Rafael,

When I use a certificate created with the FQDN as the CN, and with 
DNS: and/or IP: in the SubjectAlternate piece of the CNF 
file - https: UI doesn't load.

When I use a certificate created with the FQDN as the CN only - the https: UI 
loads with the valid certificate.

If I understand your suggestion the CSR field CN should be a description.  The 
SubjectAlternateName fields should be DNS: , DNS: ???

Mike



-Original Message-
From: Rafael del Valle  
Sent: Friday, August 7, 2020 4:17 PM
To: users@cloudstack.apache.org
Subject: Re: RE: Configuring HTTPS for UI

Hi Mike,

do you have the non-working certificates to have a look?

We automated certificate generation for our corporate CA with ansible some time 
ago, we have a intermediate CA which is kind of our in-house lets encrypt for 
our private cloud.

Did you remember to prefix the Alt Names with "DNS:" ? 

About a year ago webkit browsers started requiring Alt-Name extension and would 
not verify  the site if only CN was used.

I had a look at our code and  we now we use a textual description on CN, such 
as: "Support Center LBS" and the like, with AltNames for each entry-point 
domain prefixed with DNS:

We generate the CSRs like this, and we wrote a python plugin for the signature:


- name: "Generate {{pvz_ca_certdesc}} certificate request"
  openssl_csr:
path: "{{pvz_ca_certhome}}/{{pvz_ca_certname}}.csr"
privatekey_path: "{{pvz_ca_certhome}}/{{pvz_ca_certname}}.pem"
country_name: "{{pvzcloud.cert.country_name}}"
organization_name: "{{pvzcloud.cert.organization_name}}"
organizational_unit_name: "{{pvzcloud.cert.organizational_unit_name}}"
email_address: "{{pvzcloud.cert.email_address}}"
common_name: "{{pvzcloud.cert.organization_name}} {{pvz_ca_certdesc}}"
basic_constraints_critical: yes
basic_constraints:
  - "CA:FALSE"
key_usage:
  - digitalSignature
  - nonRepudiation
  - keyEncipherment
subject_alt_name:  "{{ pvz_ca_certdomains | map('regex_replace', '^(.*)$', 
'DNS:\\1') | list }}"
group: "{{pvz_ca_group}}"
owner: "{{pvz_ca_owner}}"





Hope this helps...
R.

On Fri, 2020-08-07 06:02 PM, "Corey, Mike"  wrote:
> 
One thing that came up.  When I use Subject Alternative Names in my CSR, the 
8443 url doesn't work for either names I have in the cert.  However, using just 
the vanilla CSR with FQDN works fine.
> 
> Is that something with the openssl configuration file I have misconfigured, 
> the type of cert I'm getting from my corporate CA, or can jetty(java, 
> tomcat?) only support the single commonname cert?
> 
> Thanks!
> 
> Mike
> 
> -Original Message-
> From: Corey, Mike " target="_blank"> 
> Sent: Thursday, August 6, 2020 3:07 PM
> To: users@cloudstack.apache.org
> Subject: [CAUTION] RE: Configuring HTTPS for UI
> 
> Thanks for the feedback.
> 
> I followed the procedures found here: 
> https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/
> 
> For good measure I did add rule:
> iptables -I INPUT 1 -p tcp -m tcp --dport 8443 -j ACCEPT
> 
> Note I received an error regarding this line in the web.xml file:
> *
> 
> I needed to change it to *. for the error to go 
> away and the UI to start.
> 
> 
> 
> 
> -Original Message-
> From: Andrija Panic " target="_blank"> 
> Sent: Wednesday, August 5, 2020 11:29 AM
> To: users " target="_blank">
> Subject: Re: Configuring HTTPS for UI
> 
> Hi Mike,
> 
> not sure what to docs say (haven't read that part recently), but the blog
> page should suffice (well, I see that github issue with 4.14 and SSL -
> haven't tested myself, so can't confirm/deny the issue).
> 
> Just follow the blog page (no direct jetty modification needed) - and let
> us know if that works (pay attention to the firewall...)
> 
> Regards,
> 
> On Wed, 5 Aug 2020 at 16:37, Corey, Mike " 
> target="_blank"> wrote:
> 
> > Thanks Andrija,
> >
> > I came across that link in my search, but the Jetty link in the
> > instructions takes me to a page that says the version is End of Life.  I
> > wasn't sure if the Jetty piece had to be configured or I just had to do the
> > CloudStack portion.  Do I have to modify the Jetty piece as described in
> > the link in item 1 below?  If so, what is the path to the Jetty
> > configuration files where the SslSocketConnector is configured?
> >
> > Just to be clear of the process:
> > 1 - modify the Jetty according to
> > http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty
> > 2 - Combine key, ce

RE: Configuring HTTPS for UI

2020-08-07 Thread Corey, Mike 
One thing that came up.  When I use Subject Alternative Names in my CSR, the 
8443 url doesn't work for either names I have in the cert.  However, using just 
the vanilla CSR with FQDN works fine.

Is that something with the openssl configuration file I have misconfigured, the 
type of cert I'm getting from my corporate CA, or can jetty(java, tomcat?) only 
support the single commonname cert?

Thanks!

Mike

-Original Message-
From: Corey, Mike  
Sent: Thursday, August 6, 2020 3:07 PM
To: users@cloudstack.apache.org
Subject: [CAUTION] RE: Configuring HTTPS for UI

Thanks for the feedback.

I followed the procedures found here: 
https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/

For good measure I did add rule:
iptables -I INPUT 1 -p tcp -m tcp --dport 8443 -j ACCEPT

Note I received an error regarding this line in the web.xml file:
*

I needed to change it to *. for the error to go away 
and the UI to start.




-Original Message-
From: Andrija Panic  
Sent: Wednesday, August 5, 2020 11:29 AM
To: users 
Subject: Re: Configuring HTTPS for UI

Hi Mike,

not sure what to docs say (haven't read that part recently), but the blog
page should suffice (well, I see that github issue with 4.14 and SSL -
haven't tested myself, so can't confirm/deny the issue).

Just follow the blog page (no direct jetty modification needed) - and let
us know if that works (pay attention to the firewall...)

Regards,

On Wed, 5 Aug 2020 at 16:37, Corey, Mike  wrote:

> Thanks Andrija,
>
> I came across that link in my search, but the Jetty link in the
> instructions takes me to a page that says the version is End of Life.  I
> wasn't sure if the Jetty piece had to be configured or I just had to do the
> CloudStack portion.  Do I have to modify the Jetty piece as described in
> the link in item 1 below?  If so, what is the path to the Jetty
> configuration files where the SslSocketConnector is configured?
>
> Just to be clear of the process:
> 1 - modify the Jetty according to
> http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty
> 2 - Combine key, cert, subroot, root certs into one cert.
> 3 - Convert cert to pkcs12 format
> 4 - Create and copy to pkcs12 keystore
> 5 - modify server.properties with keystore info
> 6 - modify the 8080 to 8443 redirect
> 7 - restart cloudstack-management
> 8 - BOOM hit https://mycloudstack:8443/client without issue
>
>
> At first, I thought I had ran into the issue described here:
> https://github.com/apache/cloudstack/issues/4199  But, maybe I just
> haven't completed the process if I have to do something to Jetty first.
>
> -Original Message-
> From: Andrija Panic 
> Sent: Wednesday, August 5, 2020 5:14 AM
> To: users 
> Subject: Re: Configuring HTTPS for UI
>
> Hi Mike,
>
> in production, you might want to do the SSL offloading on the load
> balancer, but yes, you can also setup SSL on the Jetty as well - please see
> the article
> https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/  (skip
> the first part which describes securing system VMs with SSL)
>
> Best,
> Andrija
>
> On Tue, 4 Aug 2020 at 20:47, Corey, Mike  wrote:
>
> > Hi,
> >
> >
> >
> > I’m trying to figure out how to use https or 8443 with an internally
> > signed certificate and chain for the UI.  The latest documentation only
> has
> > the below snippet.  I’ve created my internally signed certificate, root,
> > and intermediary cert and I believe I’ve done all the imports into my
> > keystore using keytool correctly.  I’ve also modified the
> server.properties
> > with the correct jks location and password as directed by the
> documentation.
> >
> >
> >
> > Older versions of CloudStack documentation reference doing something with
> > Jetty, but the link to the reference is for out of life versions.  I
> don’t
> > see any messages in the logs pertaining to TLS, SSL, 8443, etc.  Is there
> > more to this process than documented?
> >
> >
> >
> > *SSL (Optional)*
> >
> > CloudStack provides HTTP access in its default installation. There are a
> > number of technologies and sites which choose to implement SSL/TLS. As a
> > result, we have left CloudStack to expose HTTP under the assumption that
> a
> > site will implement its typical practice.
> >
> > CloudStack 4.9 and above uses embedded Jetty as its servlet container.
> For
> > sites that would like CloudStack to terminate the SSL session, HTTPS can
> be
> > enabled by configuring the https-related settings in CloudStack
> management
> > server’s server.properties file at /etc/cloudstack/management/ location:
> >
> > *# For management server to pickup these confi

RE: Configuring HTTPS for UI

2020-08-06 Thread Corey, Mike 
Thanks for the feedback.

I followed the procedures found here: 
https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/

For good measure I did add rule:
iptables -I INPUT 1 -p tcp -m tcp --dport 8443 -j ACCEPT

Note I received an error regarding this line in the web.xml file:
*

I needed to change it to *. for the error to go away 
and the UI to start.




-Original Message-
From: Andrija Panic  
Sent: Wednesday, August 5, 2020 11:29 AM
To: users 
Subject: Re: Configuring HTTPS for UI

Hi Mike,

not sure what to docs say (haven't read that part recently), but the blog
page should suffice (well, I see that github issue with 4.14 and SSL -
haven't tested myself, so can't confirm/deny the issue).

Just follow the blog page (no direct jetty modification needed) - and let
us know if that works (pay attention to the firewall...)

Regards,

On Wed, 5 Aug 2020 at 16:37, Corey, Mike  wrote:

> Thanks Andrija,
>
> I came across that link in my search, but the Jetty link in the
> instructions takes me to a page that says the version is End of Life.  I
> wasn't sure if the Jetty piece had to be configured or I just had to do the
> CloudStack portion.  Do I have to modify the Jetty piece as described in
> the link in item 1 below?  If so, what is the path to the Jetty
> configuration files where the SslSocketConnector is configured?
>
> Just to be clear of the process:
> 1 - modify the Jetty according to
> http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty
> 2 - Combine key, cert, subroot, root certs into one cert.
> 3 - Convert cert to pkcs12 format
> 4 - Create and copy to pkcs12 keystore
> 5 - modify server.properties with keystore info
> 6 - modify the 8080 to 8443 redirect
> 7 - restart cloudstack-management
> 8 - BOOM hit https://mycloudstack:8443/client without issue
>
>
> At first, I thought I had ran into the issue described here:
> https://github.com/apache/cloudstack/issues/4199  But, maybe I just
> haven't completed the process if I have to do something to Jetty first.
>
> -Original Message-
> From: Andrija Panic 
> Sent: Wednesday, August 5, 2020 5:14 AM
> To: users 
> Subject: Re: Configuring HTTPS for UI
>
> Hi Mike,
>
> in production, you might want to do the SSL offloading on the load
> balancer, but yes, you can also setup SSL on the Jetty as well - please see
> the article
> https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/  (skip
> the first part which describes securing system VMs with SSL)
>
> Best,
> Andrija
>
> On Tue, 4 Aug 2020 at 20:47, Corey, Mike  wrote:
>
> > Hi,
> >
> >
> >
> > I’m trying to figure out how to use https or 8443 with an internally
> > signed certificate and chain for the UI.  The latest documentation only
> has
> > the below snippet.  I’ve created my internally signed certificate, root,
> > and intermediary cert and I believe I’ve done all the imports into my
> > keystore using keytool correctly.  I’ve also modified the
> server.properties
> > with the correct jks location and password as directed by the
> documentation.
> >
> >
> >
> > Older versions of CloudStack documentation reference doing something with
> > Jetty, but the link to the reference is for out of life versions.  I
> don’t
> > see any messages in the logs pertaining to TLS, SSL, 8443, etc.  Is there
> > more to this process than documented?
> >
> >
> >
> > *SSL (Optional)*
> >
> > CloudStack provides HTTP access in its default installation. There are a
> > number of technologies and sites which choose to implement SSL/TLS. As a
> > result, we have left CloudStack to expose HTTP under the assumption that
> a
> > site will implement its typical practice.
> >
> > CloudStack 4.9 and above uses embedded Jetty as its servlet container.
> For
> > sites that would like CloudStack to terminate the SSL session, HTTPS can
> be
> > enabled by configuring the https-related settings in CloudStack
> management
> > server’s server.properties file at /etc/cloudstack/management/ location:
> >
> > *# For management server to pickup these configuration settings, the
> > configured*
> >
> > *# keystore file should exists and be readable by the management server.*
> >
> > https.enable=true
> >
> > https.port=8443
> >
> > https.keystore=/etc/cloudstack/management/cloud.jks
> >
> > https.keystore.password=vmops.com
> >
> > For storing certificates, admins can create and configure a java keystore
> > file and configure the same in the server.properties file as illustrated
> > above.
> >
> >
> >
> >
> >
> >
> >
> > *Mike Corey*
> >
> >
> > Technology Senior Consultant, IT CS CTW Operation & Virtualization
> Service
> > US
> >
> >
> > *SAP AMERICA, INC.* 3999 West Chester Pike, Newtown Square, 19073 United
> > States
> >
> >
> > T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com
> >
> >
> >
> >
> >
> >
> >
>
>
> --
>
> Andrija Panić
>


-- 

Andrija Panić

RE: Configuring HTTPS for UI

2020-08-05 Thread Corey, Mike 
Thanks Andrija, 

I came across that link in my search, but the Jetty link in the instructions 
takes me to a page that says the version is End of Life.  I wasn't sure if the 
Jetty piece had to be configured or I just had to do the CloudStack portion.  
Do I have to modify the Jetty piece as described in the link in item 1 below?  
If so, what is the path to the Jetty configuration files where the 
SslSocketConnector is configured?

Just to be clear of the process:
1 - modify the Jetty according to 
http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty
2 - Combine key, cert, subroot, root certs into one cert.
3 - Convert cert to pkcs12 format
4 - Create and copy to pkcs12 keystore
5 - modify server.properties with keystore info
6 - modify the 8080 to 8443 redirect
7 - restart cloudstack-management
8 - BOOM hit https://mycloudstack:8443/client without issue


At first, I thought I had ran into the issue described here: 
https://github.com/apache/cloudstack/issues/4199  But, maybe I just haven't 
completed the process if I have to do something to Jetty first.

-Original Message-
From: Andrija Panic  
Sent: Wednesday, August 5, 2020 5:14 AM
To: users 
Subject: Re: Configuring HTTPS for UI

Hi Mike,

in production, you might want to do the SSL offloading on the load
balancer, but yes, you can also setup SSL on the Jetty as well - please see
the article
https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/  (skip
the first part which describes securing system VMs with SSL)

Best,
Andrija

On Tue, 4 Aug 2020 at 20:47, Corey, Mike  wrote:

> Hi,
>
>
>
> I’m trying to figure out how to use https or 8443 with an internally
> signed certificate and chain for the UI.  The latest documentation only has
> the below snippet.  I’ve created my internally signed certificate, root,
> and intermediary cert and I believe I’ve done all the imports into my
> keystore using keytool correctly.  I’ve also modified the server.properties
> with the correct jks location and password as directed by the documentation.
>
>
>
> Older versions of CloudStack documentation reference doing something with
> Jetty, but the link to the reference is for out of life versions.  I don’t
> see any messages in the logs pertaining to TLS, SSL, 8443, etc.  Is there
> more to this process than documented?
>
>
>
> *SSL (Optional)*
>
> CloudStack provides HTTP access in its default installation. There are a
> number of technologies and sites which choose to implement SSL/TLS. As a
> result, we have left CloudStack to expose HTTP under the assumption that a
> site will implement its typical practice.
>
> CloudStack 4.9 and above uses embedded Jetty as its servlet container. For
> sites that would like CloudStack to terminate the SSL session, HTTPS can be
> enabled by configuring the https-related settings in CloudStack management
> server’s server.properties file at /etc/cloudstack/management/ location:
>
> *# For management server to pickup these configuration settings, the
> configured*
>
> *# keystore file should exists and be readable by the management server.*
>
> https.enable=true
>
> https.port=8443
>
> https.keystore=/etc/cloudstack/management/cloud.jks
>
> https.keystore.password=vmops.com
>
> For storing certificates, admins can create and configure a java keystore
> file and configure the same in the server.properties file as illustrated
> above.
>
>
>
>
>
>
>
> *Mike Corey*
>
>
> Technology Senior Consultant, IT CS CTW Operation & Virtualization Service
> US
>
>
> *SAP AMERICA, INC.* 3999 West Chester Pike, Newtown Square, 19073 United
> States
>
>
> T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com
>
>
>
>
>
>
>


-- 

Andrija Panić

Configuring HTTPS for UI

2020-08-04 Thread Corey, Mike 
Hi,

I'm trying to figure out how to use https or 8443 with an internally signed 
certificate and chain for the UI.  The latest documentation only has the below 
snippet.  I've created my internally signed certificate, root, and intermediary 
cert and I believe I've done all the imports into my keystore using keytool 
correctly.  I've also modified the server.properties with the correct jks 
location and password as directed by the documentation.

Older versions of CloudStack documentation reference doing something with 
Jetty, but the link to the reference is for out of life versions.  I don't see 
any messages in the logs pertaining to TLS, SSL, 8443, etc.  Is there more to 
this process than documented?

SSL (Optional)
CloudStack provides HTTP access in its default installation. There are a number 
of technologies and sites which choose to implement SSL/TLS. As a result, we 
have left CloudStack to expose HTTP under the assumption that a site will 
implement its typical practice.
CloudStack 4.9 and above uses embedded Jetty as its servlet container. For 
sites that would like CloudStack to terminate the SSL session, HTTPS can be 
enabled by configuring the https-related settings in CloudStack management 
server's server.properties file at /etc/cloudstack/management/ location:
# For management server to pickup these configuration settings, the configured
# keystore file should exists and be readable by the management server.
https.enable=true
https.port=8443
https.keystore=/etc/cloudstack/management/cloud.jks
https.keystore.password=vmops.com
For storing certificates, admins can create and configure a java keystore file 
and configure the same in the server.properties file as illustrated above.



Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image003.png@01D66A6E.08FC2F20]

Error Unable to find matched VM in CloudStack DB

2020-08-03 Thread Corey, Mike 
Hi again,

I have multiple entries (entry every minute) in my ACS log for instances that 
have been stopped, deleted, and expunged from my environment.  The entries are 
for the instance name and for the UID.  Shouldn't DB entries be cleaned up 
automatically after a VM instance is removed from ACS?

Unable to find matched VM in CloudStack DB. name: 
996297f984083e1c948c537f8a3df70b
Unable to find matched VM in CloudStack DB. name: CO-Test03

Is this a global setting or some other configuration bit that needs to be 
changed?  Otherwise my log is full of noise and rotating frequently.

Thanks again!

Mike



Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image003.png@01D66983.3E884AC0]

RE: Windows Template & Multiple SCSI Controllers

2020-07-30 Thread Corey, Mike 
Thanks Marcus, your process is helpful to me and I may test it out for my 
build.  In theory, shouldn't I be able to use a "template" that I've created 
and used in VMware and not have to build it out through CloudStack with ISO, 
etc.?

In your test steps, I don't understand why you have to add a 60GB root volume 
when creating the VM Instance - won't it just use the volume size/layout of the 
template VM?

What I'm really trying to figure out is why CloudStack is injecting the VM 
instance with 3 extra SCSI controllers and if this could be causing my VMs from 
failing to boot as expected.

My "production" template, that we use in a non-CloudStack VMware environment is 
not working.  Its built on VMware hardware 13 and LSILogic controller.  No 
matter what I set the template diskcontroller type to use (osdefault, lsilogic, 
lsisas1068) - the VM Instance doesn't find the system volume and only attempts 
to boot to the network.  What logs or entries in ACS can I look at to help 
isolate the issue?
  
Any thoughts?

Mike



 

-Original Message-
From: Marc-Andre Jutras  
Sent: Thursday, July 30, 2020 12:06 PM
To: users@cloudstack.apache.org
Subject: Re: Windows Template & Multiple SCSI Controllers

Hey Mike,


disk OSdefaut: it will use IDE if i'm right...

2 nics: are your seeing these 2 nic in cloudstack too ?


Template: I've build up my Windows 10 template directly in cloudstack...

My steps:

  - upload a Win10 ISO on Cloudstack

  - create a new VM with your ISO ( 1 gb ram, 1 nic, 1 vcpu, 30gb disk )

  - install the latest vmware-tools and cloudbase-init ( 
https://cloudbase-init.readthedocs.io/en/latest/intro.html#download )

  - do a sysprep... shutdown your vm...

  - create a snapshot / template of your disk in cloudstack

  - when done, in cloudstack, modify your template settings and add:

   - - keyboard : us

   - - nicAdapter : Vmxnet3

   - - rootDiskController : lsisas1068


Then, Test !! try to start a vm from your template, set the root disk to 
60 Gb and 2 vcpu, 4 gb ram... keep us updated with your results ;)


Recommended global settings:

  - Vmware.create.full.clone : true

  - Vmware.create.base.shapshot : true

  - vmware.root.disk.controller: lsisas1068

  - vmware.systemvm.nic.device.type: vmxnet3


Marcus

On 2020-07-29 1:53 PM, Corey, Mike wrote:
> Thanks Marc & Thomas for your responses.
>
> Setting from "lsilogic" to "osdefault" got my one Windows10 Template to load 
> to OS as expected - it literally is just a vanilla installation of Windows 10 
> with sysprep.  However, it now has two NICs configured for it.  (Again, is 
> this normal behavior?)
>
> Its still not clear as to why the additional SCSI adapters are added to the 
> deployed instance.  Now I'm having the second NIC added.
>
> Marc - for your Windows Templates/Images - did you use any imaging 
> preparation tools like MDT or other that customizes settings/preferences/apps 
> as the OS starts for the first time?  If so, any issues with the system 
> partition loading as expecting during your initial experience?
>
> Thanks!
>
> Mike
>
>
>
>
>
> -Original Message-
> From: Thomas Joseph 
> Sent: Tuesday, July 28, 2020 9:56 PM
> To: users@cloudstack.apache.org
> Subject: Re: Windows Template & Multiple SCSI Controllers
>
> To add few more troubleshooting tips:
> 1. In template/VM settings tab, add entries for  Vnic (vmxnet3) and root &
> data disk controllers (osdefault) from the dropdown menu.
> 2. You would need to have vmtools in the template.
>
> Regards
> Thomas
>
> On Wed, 29 Jul 2020, 6:50 am Marc-Andre Jutras, 
> wrote:
>
>> Hey Mike,
>>
>> On 2020-07-28 3:37 PM, Corey, Mike wrote:
>>> I could use some advice on this.  I completely recreated my Window10
>> VM/Template and imported it into ACS.  Deploying an instance runs; however
>> a couple things are out of the normal and I could use some guidance on
>> troubleshooting.
>>> 1 - The ASC template that ASC deploys does not include the network
>> adapter that my imported OVA has.  Is this expected behavior of the
>> template?
>>
>>
>> Yes, It's expected, vNIC will be added to your VM only when you will
>> start your VM...
>>
>>
>>> 2 - Booting the deployed Instance VM to UEFI can't see the system volume
>> (device 0:0) and fails to boot up Windows.
>> make sure you boot up your vm from cloudstack and not from vmware...
>>> 3 - Booting the deployed Instance VM to BIOS gets a Windows
>> unrecoverable error - fails to boot up Windows correctly.
>> same... make sure you boot up your vm from cloudstack and not from
>> vmware...
>>> Cloning a VM from the ASC Deployed Template VM (adding a vnic after)
>> works and the

RE: Windows Template & Multiple SCSI Controllers

2020-07-29 Thread Corey, Mike 
Thanks Marc & Thomas for your responses.

Setting from "lsilogic" to "osdefault" got my one Windows10 Template to load to 
OS as expected - it literally is just a vanilla installation of Windows 10 with 
sysprep.  However, it now has two NICs configured for it.  (Again, is this 
normal behavior?)

Its still not clear as to why the additional SCSI adapters are added to the 
deployed instance.  Now I'm having the second NIC added.   

Marc - for your Windows Templates/Images - did you use any imaging preparation 
tools like MDT or other that customizes settings/preferences/apps as the OS 
starts for the first time?  If so, any issues with the system partition loading 
as expecting during your initial experience?

Thanks!

Mike





-Original Message-
From: Thomas Joseph  
Sent: Tuesday, July 28, 2020 9:56 PM
To: users@cloudstack.apache.org
Subject: Re: Windows Template & Multiple SCSI Controllers

To add few more troubleshooting tips:
1. In template/VM settings tab, add entries for  Vnic (vmxnet3) and root &
data disk controllers (osdefault) from the dropdown menu.
2. You would need to have vmtools in the template.

Regards
Thomas

On Wed, 29 Jul 2020, 6:50 am Marc-Andre Jutras, 
wrote:

> Hey Mike,
>
> On 2020-07-28 3:37 PM, Corey, Mike wrote:
> > I could use some advice on this.  I completely recreated my Window10
> VM/Template and imported it into ACS.  Deploying an instance runs; however
> a couple things are out of the normal and I could use some guidance on
> troubleshooting.
> >
> > 1 - The ASC template that ASC deploys does not include the network
> adapter that my imported OVA has.  Is this expected behavior of the
> template?
>
>
> Yes, It's expected, vNIC will be added to your VM only when you will
> start your VM...
>
>
> >
> > 2 - Booting the deployed Instance VM to UEFI can't see the system volume
> (device 0:0) and fails to boot up Windows.
> make sure you boot up your vm from cloudstack and not from vmware...
> >
> > 3 - Booting the deployed Instance VM to BIOS gets a Windows
> unrecoverable error - fails to boot up Windows correctly.
> same... make sure you boot up your vm from cloudstack and not from
> vmware...
> >
> > Cloning a VM from the ASC Deployed Template VM (adding a vnic after)
> works and the VM loads as expected.
>
> whoa, party on dude ;)
>
> to use vmxnet3 driver or any others specific settings in your template,
> on acs, select your template and under settings, add :
>
> nicAdapter = Vmxnet3
> and define any others settings there... ( keyboard, root scsi driver,
> etc... )
>
> >
> > So my question to the greater forum is what is ASC doing under the
> covers to the VM hardware that could prevent the OS / System Volume /
> primary partition from loading in the ASC deployed VM Instance?
> ACS drives vmware through API calls, ACS will push configuration to your
> vm only when needed : always manage your VM via Cloudstack and don't do
> anything directly on vmware ;)
> >
> >
> > Anyone with a VMware & CloudStack deployment running out here that can
> shed some light?
> yup, me ;)  6 ACS regions with vmware 5.5, 6.0 and 6.7 ( upgrade to 6.7
> on all regions on hold for now // covid... )
> >
> > Thanks!
> >
> > Mike
> >
> >
> >
> >
> >
> > -Original Message-
> > From: Corey, Mike 
> > Sent: Monday, July 27, 2020 11:48 AM
> > To: users@cloudstack.apache.org
> > Subject: [CAUTION] RE: Windows Template & Multiple SCSI Controllers
> >
> > Why would you hardcode the addition of unrequired/unnecessary "hardware"
> to the VM instance?  This wasn't the case for the CentOS deployment so why
> do it with Windows OS?
> >
> > I can't say for certain, but the VM instance that ACS creates doesn't
> start the OS (blue screen recovery console).  However, cloning from the
> template ACS creates in vCenter through the tradition vCenter method, the
> VM loads as normal.
> >
> > Can this be changed via a global setting or other config file edit?
> >
> >
> >
> > -Original Message-
> > From: Andrija Panic 
> > Sent: Saturday, July 25, 2020 2:44 PM
> > To: users 
> > Subject: Re: Windows Template & Multiple SCSI Controllers
> >
> > Hardcoded behavior of having 4 identical controllers, with all the
> volumes
> > attached to the first one.
> >
> > Why is this a problem for you?
> >
> > Best,
> >
> > On Fri, 24 Jul 2020, 19:55 Corey, Mike,  wrote:
> >
> >> Hi,
> >>
> >>
> >>
> >> As I progress with my ACS & VMware setup I seem t

RE: Windows Template & Multiple SCSI Controllers

2020-07-28 Thread Corey, Mike 
I could use some advice on this.  I completely recreated my Window10 
VM/Template and imported it into ACS.  Deploying an instance runs; however a 
couple things are out of the normal and I could use some guidance on 
troubleshooting.

1 - The ASC template that ASC deploys does not include the network adapter that 
my imported OVA has.  Is this expected behavior of the template?

2 - Booting the deployed Instance VM to UEFI can't see the system volume 
(device 0:0) and fails to boot up Windows.

3 - Booting the deployed Instance VM to BIOS gets a Windows unrecoverable error 
- fails to boot up Windows correctly.

Cloning a VM from the ASC Deployed Template VM (adding a vnic after) works and 
the VM loads as expected.

So my question to the greater forum is what is ASC doing under the covers to 
the VM hardware that could prevent the OS / System Volume / primary partition 
from loading in the ASC deployed VM Instance?  

Anyone with a VMware & CloudStack deployment running out here that can shed 
some light?

Thanks!

Mike



 

-Original Message-
From: Corey, Mike  
Sent: Monday, July 27, 2020 11:48 AM
To: users@cloudstack.apache.org
Subject: [CAUTION] RE: Windows Template & Multiple SCSI Controllers

Why would you hardcode the addition of unrequired/unnecessary "hardware" to the 
VM instance?  This wasn't the case for the CentOS deployment so why do it with 
Windows OS?

I can't say for certain, but the VM instance that ACS creates doesn't start the 
OS (blue screen recovery console).  However, cloning from the template ACS 
creates in vCenter through the tradition vCenter method, the VM loads as normal.

Can this be changed via a global setting or other config file edit?



-Original Message-
From: Andrija Panic  
Sent: Saturday, July 25, 2020 2:44 PM
To: users 
Subject: Re: Windows Template & Multiple SCSI Controllers

Hardcoded behavior of having 4 identical controllers, with all the volumes
attached to the first one.

Why is this a problem for you?

Best,

On Fri, 24 Jul 2020, 19:55 Corey, Mike,  wrote:

> Hi,
>
>
>
> As I progress with my ACS & VMware setup I seem to hit a bump at every
> turn.  I’ve gotten to the point where I’m now able to upload a Windows 10
> template that we use in production (VMware) into ACS.  However, when I
> create a new instance through the GUI it is deployed with a total of 4 SCSI
> controllers when it should only have ONE.
>
>
>
> What is strange is that the clone of the template that ACS copies into
> vCenter only has a single SCSI controller (as expected).  In fact, when I
> clone a VM (traditional vCenter method) from the ACS template that was
> create – that VM only has the single controller and boots to the OS fine.
>
>
>
> Any ideas are welcome as to why this behavior is occurring.
>
>
>
> Thanks!
>
> Mike
>
>
>
>
>
>
>
> *Mike Corey*
>
>
> Technology Senior Consultant, IT CS CTW Operation & Virtualization Service
> US
>
>
> *SAP AMERICA, INC.* 3999 West Chester Pike, Newtown Square, 19073 United
> States
>
>
> T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com
>
>
>
>
>
>
>

RE: System vm template

2020-07-28 Thread Corey, Mike 
Ajit,

Once you create your Zone with the VMware resources (advanced configuration) 
you have to enable the Zone.  If your storage, mounts, and networking are all 
correctly configured the two system VM instances will deploy into vCenter 
automatically by CloudStack.

Make sure that your systemVM Template (vSphere) has a status of "Download 
Complete" and Ready is "Yes" before you enable the zone though.

Mike




-Original Message-
From: Ajit Singh  
Sent: Tuesday, July 28, 2020 12:05 PM
To: users@cloudstack.apache.org
Subject: System vm template

Hi

Can anyone guide me on how to register or install system vm templates for
vsphere and is it mandatory to reboot acs management servers after system
vm templates installation or registration.

Any link would also help

Thanks
Ajit

RE: Windows Template & Multiple SCSI Controllers

2020-07-27 Thread Corey, Mike 
Why would you hardcode the addition of unrequired/unnecessary "hardware" to the 
VM instance?  This wasn't the case for the CentOS deployment so why do it with 
Windows OS?

I can't say for certain, but the VM instance that ACS creates doesn't start the 
OS (blue screen recovery console).  However, cloning from the template ACS 
creates in vCenter through the tradition vCenter method, the VM loads as normal.

Can this be changed via a global setting or other config file edit?



-Original Message-
From: Andrija Panic  
Sent: Saturday, July 25, 2020 2:44 PM
To: users 
Subject: Re: Windows Template & Multiple SCSI Controllers

Hardcoded behavior of having 4 identical controllers, with all the volumes
attached to the first one.

Why is this a problem for you?

Best,

On Fri, 24 Jul 2020, 19:55 Corey, Mike,  wrote:

> Hi,
>
>
>
> As I progress with my ACS & VMware setup I seem to hit a bump at every
> turn.  I’ve gotten to the point where I’m now able to upload a Windows 10
> template that we use in production (VMware) into ACS.  However, when I
> create a new instance through the GUI it is deployed with a total of 4 SCSI
> controllers when it should only have ONE.
>
>
>
> What is strange is that the clone of the template that ACS copies into
> vCenter only has a single SCSI controller (as expected).  In fact, when I
> clone a VM (traditional vCenter method) from the ACS template that was
> create – that VM only has the single controller and boots to the OS fine.
>
>
>
> Any ideas are welcome as to why this behavior is occurring.
>
>
>
> Thanks!
>
> Mike
>
>
>
>
>
>
>
> *Mike Corey*
>
>
> Technology Senior Consultant, IT CS CTW Operation & Virtualization Service
> US
>
>
> *SAP AMERICA, INC.* 3999 West Chester Pike, Newtown Square, 19073 United
> States
>
>
> T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com
>
>
>
>
>
>
>

Windows Template & Multiple SCSI Controllers

2020-07-24 Thread Corey, Mike 
Hi,

As I progress with my ACS & VMware setup I seem to hit a bump at every turn.  
I've gotten to the point where I'm now able to upload a Windows 10 template 
that we use in production (VMware) into ACS.  However, when I create a new 
instance through the GUI it is deployed with a total of 4 SCSI controllers when 
it should only have ONE.

What is strange is that the clone of the template that ACS copies into vCenter 
only has a single SCSI controller (as expected).  In fact, when I clone a VM 
(traditional vCenter method) from the ACS template that was create - that VM 
only has the single controller and boots to the OS fine.

Any ideas are welcome as to why this behavior is occurring.

Thanks!

Mike



Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image003.png@01D661C1.F1E298B0]

RE: InsufficientServerCapacity - system vm's

2020-07-23 Thread Corey, Mike 
Ajit,

Do you see any errors regarding the permissions or access to the secondary 
storage mount in the logs?  Check the ownership/permissions on 
/var/cloudstack/mnt AND /secondarystorage/template directories.

Mike

-Original Message-
From: Ajit Singh  
Sent: Thursday, July 23, 2020 3:59 AM
To: users@cloudstack.apache.org
Subject: InsufficientServerCapacity - system vm's

Hi

I have created a new zone in an existing cloud stack by adding VMware and
esxi host and it got successfully created with pod and cluster. but system
vm's (console proxy and storage vm) are not getting created and they are
spawning endlessly. From the logs, it says  InsufficientServerCapacity but
in my host cpu and ram is under utilized.


2020-07-23 12:54:51,698 WARN  [c.c.c.ConsoleProxyManagerImpl]
(consoleproxy-1:ctx-c9872458) Exception whil
   e trying to start console proxy
com.cloud.exception.InsufficientServerCapacityException: Unable to create a
deployment for VM[ConsoleProxy
 |v-1492-VM]Scope=interface com.cloud.dc.DataCenter; id=16
at
com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:995)
at
com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:4768)
at sun.reflect.GeneratedMethodAccessor592.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
com.cloud.vm.VmWorkJobHandlerProxy.handleVmWorkJob(VmWorkJobHandlerProxy.java:107)
at
com.cloud.vm.VirtualMachineManagerImpl.handleVmWorkJob(VirtualMachineManagerImpl.java:4930)
at
com.cloud.vm.VmWorkJobDispatcher.runJob(VmWorkJobDispatcher.java:102)
at
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImp
 l.java:594)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:
 49)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.j
 ava:56)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManaged

 Context.java:103)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedC
 ontext.java:53)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46
 )
at
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:54
 1)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
2020-07-23 12:54:51,699 INFO  [c.c.c.ConsoleProxyManagerImpl]
(consoleproxy-1:ctx-c9872458) Unable to star
   t console proxy vm for standby capacity, vm
id : 1492, will recycle it and start a new one

Regards
Ajit

RE: Template Status Error

2020-07-20 Thread Corey, Mike 
Thank you.

For those in a completely closed or with limited external access; is there a 
workaround for this procedure?  

Is it possible to use the Management Server to download the template as it was 
used to download the original systemvm template?  Is it possible to download 
the template manually and upload it from a local source?

Thanks!

Mike

-Original Message-
From: Vivek Kumar  
Sent: Monday, July 20, 2020 3:18 PM
To: users@cloudstack.apache.org
Subject: Re: Template Status Error

Hello Mike,

It does download the default template from internet. So make sure you have 
proper internet reachability on your secondary storage VM.

It downloads the template and put under secondary storage as all the templates 
are stored in secondary storage.

You can check the logs as well in secondary storage VM where you can find the 
reason.

Regards
Vivek Kumar

⁣Sent from BlueMail ​

On 20 Jul 2020, 20:45, at 20:45, "Corey, Mike"  wrote:
>Hi,
>
>I receive error "No route to host (Host unreachable)" on the CentOS
>5.3(64-bit) no GUI (vSphere) template.  I need some clarity on the
>definition of "host" in this error and troubleshooting recommendations
>found here
>(https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSVM%2C+templates%2C+Secondary+storage+troubleshooting).
>
>In the case of this particular error and suggested troubleshooting;
>does "host" mean ESXi host, Secondary Storage VM, CloudStack Management
>VM, external download site, and/or the NFS filer?
>
>Where is the template being downloaded from?  Is it pulling from the
>WWW?  Is it pulling from a folder on the CloudStack Management VM?  Is
>it pulling from the secondary storage mount?  What is the destination
>of the template download/copy?
>
>Thanks!
>
>Mike
>
>
>
>
>Mike Corey
>
>Technology Senior Consultant, IT CS CTW Operation & Virtualization
>Service US
>
>SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United
>States
>
>T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com
>
>
>
>[cid:image001.png@01D65E86.E7D84FB0]

Template Status Error

2020-07-20 Thread Corey, Mike 
Hi,

I receive error "No route to host (Host unreachable)" on the CentOS 5.3(64-bit) 
no GUI (vSphere) template.  I need some clarity on the definition of "host" in 
this error and troubleshooting recommendations found here 
(https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSVM%2C+templates%2C+Secondary+storage+troubleshooting).

In the case of this particular error and suggested troubleshooting; does "host" 
mean ESXi host, Secondary Storage VM, CloudStack Management VM, external 
download site, and/or the NFS filer?

Where is the template being downloaded from?  Is it pulling from the WWW?  Is 
it pulling from a folder on the CloudStack Management VM?  Is it pulling from 
the secondary storage mount?  What is the destination of the template 
download/copy?

Thanks!

Mike




Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image001.png@01D65E86.E7D84FB0]

RE: Initial SystemVM Creation Failing

2020-07-15 Thread Corey, Mike 
Update to the forum in case others run into the same issues I've seen so far.

1 - I have to manually disable firewalld on my CentOS to get the Management UI 
to come up.  I guess whatever firewall settings the cloudstack-management setup 
command runs either don't apply or save in my case.

2 - I have edited the /etc/idmapd.conf and modified/uncommented the 
Nobody-User=root & Nobody-Group=root
- I discovered that CSM uses NFS4 to mount the secondary storage inside 
the CentOS/CSM server.  This got me around many of the permissions issues where 
"nobody" was set on the file/folder attributes.

3 - I set the global setting in CSM to use NFS version 3: secstorage.nfs.version
- This looks like it only affects how the secondary mount is connected 
to the ESXi host

Once I made all three of the above changes I was able to get the two system VMs 
deployed and running.  However, I'm getting an error with a template download 
now.  I did some of the trouble shooting that was suggested at this link 
(https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSVM%2C+templates%2C+Secondary+storage+troubleshooting)
 however, the error continues and I can't use the template from the UI. 

message:: Failed to register template: 6b2fc608-c603-11ea-9d37-005056959c02 
with error: No route to host (Host unreachable)

I've also tried to upload an ISO form the UI and I get "Failed to upload file 
due to system misconfiguration. Please contact admin." 

Again I've found entries in the various online forums referencing such errors; 
however, I can't seem to find a clear cut workaround/solution.  Many thanks to 
the responses!

Mike

 

-Original Message-
From: Corey, Mike 
Sent: Friday, July 10, 2020 2:11 PM
To: users@cloudstack.apache.org
Subject: RE: Initial SystemVM Creation Failing

I appreciate the response, but I'm not sure where you are going.

My secondary and primary storage are mounts from a NetApp filer.  Both the 
CentOS (CloudStack Management) and the ESXi hosts can read/write to the 
secondary volume.  I don't understand why cloudstack is setting the ownership 
and permissions to nobody when it creates the systemvm folder.  That doesn't 
seem right.

Again, being new to CloudStack I'm not sure of the underlying mechanics of the 
systemvm builds.  

-Original Message-
From: cristian.c@istream.today  
Sent: Friday, July 10, 2020 12:30 PM
To: users@cloudstack.apache.org
Subject: RE: Initial SystemVM Creation Failing

Hello


   If you check your NFS configuration you will see that somewhere you have : 
/etc/idmapd.conf  "nobody"


Regards,
Cristian

-Original Message-
From: Corey, Mike  
Sent: Friday, July 10, 2020 7:01 PM
To: users@cloudstack.apache.org
Subject: RE: Initial SystemVM Creation Failing

The system VM folder is being created as owner & permissions nobody:nobody.  I 
have to believe that is NOT SUPPOSED to be the case.

Because the directory /var/cloudstack/mnt/VM/345050029058.4f87a734 is locked 
down, no other steps in the systemvm creation can continue.

I need help figuring out WHY the systemVM folder in the above directory is 
being created as nobody:nobody.  

I can't chown that directory once CloudStack creates it during the zone 
enablement.  I can't modify the permissions to that directory once CloudStack 
creates it during the zone enablement.  I can't copy files to that directory 
once CloudStack creates it during the zone enablement.

Please identify what is occurring during the creation of the systemvm directory 
that would cause the ownership to be set as nobody:nobody.

Mike

Message: Unable to copy systemvm ISO on secondary storage. src location: 
/usr/share/cloudstack-common/vms/systemvm.iso, dest location: 
/var/cloudstack/mnt/VM/345050029058.4f87a734/systemvm/systemvm-4.14.0.0.iso

[root@usphlmvcsmt01 VM]# pwd
/var/cloudstack/mnt/VM
[root@usphlmvcsmt01 VM]# ls -al
total 80864
drwxr-xr-x. 3 cloud  cloud55 Jul 10 11:46 .
drwxrwx---. 3 root   cloud16 Jul  9 14:40 ..
drwxr-xr-x. 5 nobody nobody 4096 Jul 10 11:31 345050029058.4f87a734
-rw-r--r--. 1 cloud  cloud  82800640 Jul 10 11:43 systemvm.iso


-Original Message-
From: Cristian Ciobanu 
Sent: Friday, July 10, 2020 5:26 AM
To: users@cloudstack.apache.org
Subject: Re: Initial SystemVM Creation Failing

Just try to execute the command manually, copy the system.iso from source to 
the destination. I had a similar issue but is was caused by the NFS permissions.

On Wed, 8 Jul 2020, 21:44 Corey, Mike,  wrote:

> Gone over the installation now twice (reverted to snapshot of CentOS 
> VM) and still getting weird storage/permission type issues.
>
> The permissions and ownership of the systemvm folder looks correct.
> [root@ ~]# ls -al /mnt/secondary/
> total 16
> drwxr-xr-x.  4 root  root  4096 Jul  8 11:15 .
> drwxr-xr-x.  4 root  root38 Jul  8 11:

RE: Initial SystemVM Creation Failing

2020-07-10 Thread Corey, Mike 
I appreciate the response, but I'm not sure where you are going.

My secondary and primary storage are mounts from a NetApp filer.  Both the 
CentOS (CloudStack Management) and the ESXi hosts can read/write to the 
secondary volume.  I don't understand why cloudstack is setting the ownership 
and permissions to nobody when it creates the systemvm folder.  That doesn't 
seem right.

Again, being new to CloudStack I'm not sure of the underlying mechanics of the 
systemvm builds.  

-Original Message-
From: cristian.c@istream.today  
Sent: Friday, July 10, 2020 12:30 PM
To: users@cloudstack.apache.org
Subject: RE: Initial SystemVM Creation Failing

Hello


   If you check your NFS configuration you will see that somewhere you have : 
/etc/idmapd.conf  "nobody"


Regards,
Cristian

-Original Message-
From: Corey, Mike  
Sent: Friday, July 10, 2020 7:01 PM
To: users@cloudstack.apache.org
Subject: RE: Initial SystemVM Creation Failing

The system VM folder is being created as owner & permissions nobody:nobody.  I 
have to believe that is NOT SUPPOSED to be the case.

Because the directory /var/cloudstack/mnt/VM/345050029058.4f87a734 is locked 
down, no other steps in the systemvm creation can continue.

I need help figuring out WHY the systemVM folder in the above directory is 
being created as nobody:nobody.  

I can't chown that directory once CloudStack creates it during the zone 
enablement.  I can't modify the permissions to that directory once CloudStack 
creates it during the zone enablement.  I can't copy files to that directory 
once CloudStack creates it during the zone enablement.

Please identify what is occurring during the creation of the systemvm directory 
that would cause the ownership to be set as nobody:nobody.

Mike

Message: Unable to copy systemvm ISO on secondary storage. src location: 
/usr/share/cloudstack-common/vms/systemvm.iso, dest location: 
/var/cloudstack/mnt/VM/345050029058.4f87a734/systemvm/systemvm-4.14.0.0.iso

[root@usphlmvcsmt01 VM]# pwd
/var/cloudstack/mnt/VM
[root@usphlmvcsmt01 VM]# ls -al
total 80864
drwxr-xr-x. 3 cloud  cloud55 Jul 10 11:46 .
drwxrwx---. 3 root   cloud16 Jul  9 14:40 ..
drwxr-xr-x. 5 nobody nobody 4096 Jul 10 11:31 345050029058.4f87a734
-rw-r--r--. 1 cloud  cloud  82800640 Jul 10 11:43 systemvm.iso


-Original Message-
From: Cristian Ciobanu 
Sent: Friday, July 10, 2020 5:26 AM
To: users@cloudstack.apache.org
Subject: Re: Initial SystemVM Creation Failing

Just try to execute the command manually, copy the system.iso from source to 
the destination. I had a similar issue but is was caused by the NFS permissions.

On Wed, 8 Jul 2020, 21:44 Corey, Mike,  wrote:

> Gone over the installation now twice (reverted to snapshot of CentOS 
> VM) and still getting weird storage/permission type issues.
>
> The permissions and ownership of the systemvm folder looks correct.
> [root@ ~]# ls -al /mnt/secondary/
> total 16
> drwxr-xr-x.  4 root  root  4096 Jul  8 11:15 .
> drwxr-xr-x.  4 root  root38 Jul  8 11:15 ..
> drwxrwxrwx. 12 root  root  4096 Jul  8 11:05 .snapshot
> drwxrwxr-x.  2 cloud cloud 4096 Jul  8 10:58 systemvm
> drwxr-xr-x.  3 root  root  4096 Jul  8 11:15 template
>
> However, I'm still seeing the copy iso error and the VMs keep creating 
> and deleting with the log suggesting the vmx file of the VM doesn't 
> exist on the datastore (can create files/folder on datastore 
> identified in errror from vCenter).
>
> 2020-07-08 14:22:36,486 INFO  [c.c.h.v.m.DatastoreMO]
> (DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap,
> job-6/job-37, cmd: StartCommand) (logid:b828ac16) Folder v-6-VM does 
> not exist on datastore
> 2020-07-08 14:22:36,494 INFO  [c.c.h.v.m.DatastoreMO]
> (DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap,
> job-6/job-37, cmd: StartCommand) (logid:b828ac16) Search file 
> v-6-VM.vmx on [50cc970ffbe23b459cb5b8bcdb6dbff5]
> 2020-07-08 14:22:36,522 INFO  [c.c.h.v.m.DatastoreMO]
> (DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap,
> job-6/job-37, cmd: StartCommand) (logid:b828ac16) File 
> [50cc970ffbe23b459cb5b8bcdb6dbff5] v-6-VM.vmx does not exist on 
> datastore
> 2020-07-08 14:22:36,522 INFO  [c.c.h.v.m.DatastoreMO]
> (DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap,
> job-6/job-37, cmd: StartCommand) (logid:b828ac16) Searching file 
> v-6-VM.vmx in [50cc970ffbe23b459cb5b8bcdb6dbff5]
> 2020-07-08 14:22:36,641 INFO  [c.c.h.v.m.HypervisorHostHelper]
> (DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap,
> job-6/job-37, cmd: StartCommand) (logid:b828ac16) Create blank VM.
> cpuCount: 1, cpuSpeed(MHz): 500, mem(Mb): 1024
> 2020-07-08 14:22:36,692 DEBUG [c.c.h.v.m.ClusterM

RE: Initial SystemVM Creation Failing

2020-07-10 Thread Corey, Mike 
The system VM folder is being created as owner & permissions nobody:nobody.  I 
have to believe that is NOT SUPPOSED to be the case.

Because the directory /var/cloudstack/mnt/VM/345050029058.4f87a734 is locked 
down, no other steps in the systemvm creation can continue.

I need help figuring out WHY the systemVM folder in the above directory is 
being created as nobody:nobody.  

I can't chown that directory once CloudStack creates it during the zone 
enablement.  I can't modify the permissions to that directory once CloudStack 
creates it during the zone enablement.  I can't copy files to that directory 
once CloudStack creates it during the zone enablement.

Please identify what is occurring during the creation of the systemvm directory 
that would cause the ownership to be set as nobody:nobody.

Mike

Message: Unable to copy systemvm ISO on secondary storage. src location: 
/usr/share/cloudstack-common/vms/systemvm.iso, dest location: 
/var/cloudstack/mnt/VM/345050029058.4f87a734/systemvm/systemvm-4.14.0.0.iso

[root@usphlmvcsmt01 VM]# pwd
/var/cloudstack/mnt/VM
[root@usphlmvcsmt01 VM]# ls -al
total 80864
drwxr-xr-x. 3 cloud  cloud55 Jul 10 11:46 .
drwxrwx---. 3 root   cloud16 Jul  9 14:40 ..
drwxr-xr-x. 5 nobody nobody 4096 Jul 10 11:31 345050029058.4f87a734
-rw-r--r--. 1 cloud  cloud  82800640 Jul 10 11:43 systemvm.iso


-Original Message-
From: Cristian Ciobanu  
Sent: Friday, July 10, 2020 5:26 AM
To: users@cloudstack.apache.org
Subject: Re: Initial SystemVM Creation Failing

Just try to execute the command manually, copy the system.iso from source
to the destination. I had a similar issue but is was caused by the NFS
permissions.

On Wed, 8 Jul 2020, 21:44 Corey, Mike,  wrote:

> Gone over the installation now twice (reverted to snapshot of CentOS VM)
> and still getting weird storage/permission type issues.
>
> The permissions and ownership of the systemvm folder looks correct.
> [root@ ~]# ls -al /mnt/secondary/
> total 16
> drwxr-xr-x.  4 root  root  4096 Jul  8 11:15 .
> drwxr-xr-x.  4 root  root38 Jul  8 11:15 ..
> drwxrwxrwx. 12 root  root  4096 Jul  8 11:05 .snapshot
> drwxrwxr-x.  2 cloud cloud 4096 Jul  8 10:58 systemvm
> drwxr-xr-x.  3 root  root  4096 Jul  8 11:15 template
>
> However, I'm still seeing the copy iso error and the VMs keep creating and
> deleting with the log suggesting the vmx file of the VM doesn't exist on
> the datastore (can create files/folder on datastore identified in errror
> from vCenter).
>
> 2020-07-08 14:22:36,486 INFO  [c.c.h.v.m.DatastoreMO]
> (DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap,
> job-6/job-37, cmd: StartCommand) (logid:b828ac16) Folder v-6-VM does not
> exist on datastore
> 2020-07-08 14:22:36,494 INFO  [c.c.h.v.m.DatastoreMO]
> (DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap,
> job-6/job-37, cmd: StartCommand) (logid:b828ac16) Search file v-6-VM.vmx on
> [50cc970ffbe23b459cb5b8bcdb6dbff5]
> 2020-07-08 14:22:36,522 INFO  [c.c.h.v.m.DatastoreMO]
> (DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap,
> job-6/job-37, cmd: StartCommand) (logid:b828ac16) File
> [50cc970ffbe23b459cb5b8bcdb6dbff5] v-6-VM.vmx does not exist on datastore
> 2020-07-08 14:22:36,522 INFO  [c.c.h.v.m.DatastoreMO]
> (DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap,
> job-6/job-37, cmd: StartCommand) (logid:b828ac16) Searching file v-6-VM.vmx
> in [50cc970ffbe23b459cb5b8bcdb6dbff5]
> 2020-07-08 14:22:36,641 INFO  [c.c.h.v.m.HypervisorHostHelper]
> (DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap,
> job-6/job-37, cmd: StartCommand) (logid:b828ac16) Create blank VM.
> cpuCount: 1, cpuSpeed(MHz): 500, mem(Mb): 1024
> 2020-07-08 14:22:36,692 DEBUG [c.c.h.v.m.ClusterMO]
> (DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap,
> job-6/job-37, cmd: StartCommand) (logid:b828ac16) Retrieved recommended
> disk controller for guest OS : otherLinux64Guest in cluster PHL-CSM01 :
> VirtualLsiLogicController
> 2020-07-08 14:22:37,115 DEBUG [c.c.h.v.m.HostMO]
> (DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap,
> job-6/job-37, cmd: StartCommand) (logid:b828ac16) find VM v-6-VM on host
> 2020-07-08 14:22:37,115 INFO  [c.c.h.v.m.HostMO]
> (DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap,
> job-6/job-37, cmd: StartCommand) (logid:b828ac16) VM v-6-VM not found in
> host cache
> 2020-07-08 14:22:37,115 DEBUG [c.c.h.v.m.HostMO]
> (DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap,
> job-6/job-37, cmd: StartCommand) (logid:b828ac16) load VM cache on host
> 2020-07-08 14:22:37,155 DEBUG [c.c.h.v.m.HostMO]
> (DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.

RE: Initial SystemVM Creation Failing

2020-07-09 Thread Corey, Mike 
Hi,

Has anyone replicated this error/issue I'm seeing?  What part of the setup or 
systemvm build sets or creates the /var/cloudstack/mnt/VM/ directory and WHY 
would it be restrictive?

[root@ ~]# ls -al /var/cloudstack/mnt/VM/345050029058.1f7af2bf
total 12
drwxr-xr-x. 4 nobody nobody 4096 Jul  8 11:15 .
drwxr-xr-x. 3 cloud  cloud35 Jul  8 14:06 ..
drwxrwxr-x. 2 cloud  cloud  4096 Jul  8 10:58 systemvm
drwxr-xr-x. 3 nobody nobody 4096 Jul  8 11:15 template
[root@usphlmvcsmt01 ~]#



-Original Message-
From: Corey, Mike
Sent: Wednesday, July 8, 2020 2:45 PM
To: users@cloudstack.apache.org
Subject: RE: Initial SystemVM Creation Failing

Gone over the installation now twice (reverted to snapshot of CentOS VM) and 
still getting weird storage/permission type issues.

The permissions and ownership of the systemvm folder looks correct.
[root@ ~]# ls -al /mnt/secondary/
total 16
drwxr-xr-x.  4 root  root  4096 Jul  8 11:15 .
drwxr-xr-x.  4 root  root38 Jul  8 11:15 ..
drwxrwxrwx. 12 root  root  4096 Jul  8 11:05 .snapshot
drwxrwxr-x.  2 cloud cloud 4096 Jul  8 10:58 systemvm
drwxr-xr-x.  3 root  root  4096 Jul  8 11:15 template

However, I'm still seeing the copy iso error and the VMs keep creating and 
deleting with the log suggesting the vmx file of the VM doesn't exist on the 
datastore (can create files/folder on datastore identified in errror from 
vCenter).

2020-07-08 14:22:36,486 INFO  [c.c.h.v.m.DatastoreMO] 
(DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap, job-6/job-37, 
cmd: StartCommand) (logid:b828ac16) Folder v-6-VM does not exist on datastore
2020-07-08 14:22:36,494 INFO  [c.c.h.v.m.DatastoreMO] 
(DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap, job-6/job-37, 
cmd: StartCommand) (logid:b828ac16) Search file v-6-VM.vmx on 
[50cc970ffbe23b459cb5b8bcdb6dbff5]
2020-07-08 14:22:36,522 INFO  [c.c.h.v.m.DatastoreMO] 
(DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap, job-6/job-37, 
cmd: StartCommand) (logid:b828ac16) File [50cc970ffbe23b459cb5b8bcdb6dbff5] 
v-6-VM.vmx does not exist on datastore
2020-07-08 14:22:36,522 INFO  [c.c.h.v.m.DatastoreMO] 
(DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap, job-6/job-37, 
cmd: StartCommand) (logid:b828ac16) Searching file v-6-VM.vmx in 
[50cc970ffbe23b459cb5b8bcdb6dbff5]
2020-07-08 14:22:36,641 INFO  [c.c.h.v.m.HypervisorHostHelper] 
(DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap, job-6/job-37, 
cmd: StartCommand) (logid:b828ac16) Create blank VM. cpuCount: 1, 
cpuSpeed(MHz): 500, mem(Mb): 1024
2020-07-08 14:22:36,692 DEBUG [c.c.h.v.m.ClusterMO] 
(DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap, job-6/job-37, 
cmd: StartCommand) (logid:b828ac16) Retrieved recommended disk controller for 
guest OS : otherLinux64Guest in cluster PHL-CSM01 : VirtualLsiLogicController
2020-07-08 14:22:37,115 DEBUG [c.c.h.v.m.HostMO] (DirectAgent-51:ctx-7e6d5dc9 
usphlmvesxt155.phl.global.corp.sap, job-6/job-37, cmd: StartCommand) 
(logid:b828ac16) find VM v-6-VM on host
2020-07-08 14:22:37,115 INFO  [c.c.h.v.m.HostMO] (DirectAgent-51:ctx-7e6d5dc9 
usphlmvesxt155.phl.global.corp.sap, job-6/job-37, cmd: StartCommand) 
(logid:b828ac16) VM v-6-VM not found in host cache
2020-07-08 14:22:37,115 DEBUG [c.c.h.v.m.HostMO] (DirectAgent-51:ctx-7e6d5dc9 
usphlmvesxt155.phl.global.corp.sap, job-6/job-37, cmd: StartCommand) 
(logid:b828ac16) load VM cache on host
2020-07-08 14:22:37,155 DEBUG [c.c.h.v.m.HostMO] (DirectAgent-51:ctx-7e6d5dc9 
usphlmvesxt155.phl.global.corp.sap, job-6/job-37, cmd: StartCommand) 
(logid:b828ac16) find VM v-6-VM on host
2020-07-08 14:22:37,155 DEBUG [c.c.h.v.m.HostMO] (DirectAgent-51:ctx-7e6d5dc9 
usphlmvesxt155.phl.global.corp.sap, job-6/job-37, cmd: StartCommand) 
(logid:b828ac16) VM v-6-VM found in host cache
2020-07-08 14:22:37,375 INFO  [c.c.h.v.m.VmwareManagerImpl] 
(DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap, job-6/job-37, 
cmd: StartCommand) (logid:b828ac16) Inject SSH key pairs before copying 
systemvm.iso into secondary storage
2020-07-08 14:22:37,377 INFO  [c.c.s.ConfigurationServerImpl] 
(DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap, job-6/job-37, 
cmd: StartCommand) (logid:b828ac16) Processing updateKeyPairs
2020-07-08 14:22:37,377 INFO  [c.c.s.ConfigurationServerImpl] 
(DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap, job-6/job-37, 
cmd: StartCommand) (logid:b828ac16) Keypairs already in database, updating 
local copy
2020-07-08 14:22:37,381 INFO  [c.c.s.ConfigurationServerImpl] 
(DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap, job-6/job-37, 
cmd: StartCommand) (logid:b828ac16) Going to update systemvm iso with generated 
keypairs if needed
2020-07-08 14:22:37,381 INFO  [c.c.s.ConfigurationServerImpl] 
(DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap

RE: Initial SystemVM Creation Failing

2020-07-08 Thread Corey, Mike 
-7e6d5dc9 
usphlmvesxt155.phl.global.corp.sap, job-6/job-37, cmd: StartCommand) 
(logid:b828ac16) Absolute path =  
/usr/share/cloudstack-common/scripts/vm/systemvm/injectkeys.sh
2020-07-08 14:22:37,381 DEBUG [c.c.u.s.Script] (DirectAgent-51:ctx-7e6d5dc9 
usphlmvesxt155.phl.global.corp.sap, job-6/job-37, cmd: StartCommand) 
(logid:b828ac16) Looking for vms/systemvm.iso in the classpath
2020-07-08 14:22:37,381 DEBUG [c.c.u.s.Script] (DirectAgent-51:ctx-7e6d5dc9 
usphlmvesxt155.phl.global.corp.sap, job-6/job-37, cmd: StartCommand) 
(logid:b828ac16) System resource: 
file:/usr/share/cloudstack-common/vms/systemvm.iso
2020-07-08 14:22:37,381 DEBUG [c.c.u.s.Script] (DirectAgent-51:ctx-7e6d5dc9 
usphlmvesxt155.phl.global.corp.sap, job-6/job-37, cmd: StartCommand) 
(logid:b828ac16) Absolute path =  /usr/share/cloudstack-common/vms/systemvm.iso
2020-07-08 14:22:37,381 DEBUG [c.c.s.ConfigurationServerImpl] 
(DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap, job-6/job-37, 
cmd: StartCommand) (logid:b828ac16) Executing: /bin/bash 
/usr/share/cloudstack-common/scripts/vm/systemvm/injectkeys.sh 
/var/cloudstack/management/.ssh/id_rsa.pub 
/var/cloudstack/management/.ssh/id_rsa 
/usr/share/cloudstack-common/vms/systemvm.iso 
2020-07-08 14:22:37,384 DEBUG [c.c.s.ConfigurationServerImpl] 
(DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap, job-6/job-37, 
cmd: StartCommand) (logid:b828ac16) Executing while with timeout : 360
2020-07-08 14:22:37,487 DEBUG [c.c.s.ConfigurationServerImpl] 
(DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap, job-6/job-37, 
cmd: StartCommand) (logid:b828ac16) Execution is successful.
2020-07-08 14:22:37,494 DEBUG [c.c.s.ConfigurationServerImpl] 
(DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap, job-6/job-37, 
cmd: StartCommand) (logid:b828ac16) mount: /dev/loop0 is write-protected, 
mounting read-only
New public key is the same as the one in the systemvm.iso, not injecting it, 
not modifying systemvm.iso

2020-07-08 14:22:37,494 INFO  [c.c.s.ConfigurationServerImpl] 
(DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap, job-6/job-37, 
cmd: StartCommand) (logid:b828ac16) The script injectkeys.sh was run with 
result : null
2020-07-08 14:22:37,494 INFO  [c.c.h.v.m.VmwareManagerImpl] 
(DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap, job-6/job-37, 
cmd: StartCommand) (logid:b828ac16) Copy System VM patch ISO file to secondary 
storage. source ISO: /usr/share/cloudstack-common/vms/systemvm.iso, 
destination: 
/var/cloudstack/mnt/VM/345050029058.1f7af2bf/systemvm/systemvm-4.14.0.0.iso
2020-07-08 14:22:37,495 ERROR [c.c.h.v.m.VmwareManagerImpl] 
(DirectAgent-51:ctx-7e6d5dc9 usphlmvesxt155.phl.global.corp.sap, job-6/job-37, 
cmd: StartCommand) (logid:b828ac16) Unexpected exception 
java.io.FileNotFoundException: 
/var/cloudstack/mnt/VM/345050029058.1f7af2bf/systemvm/systemvm-4.14.0.0.iso 
(Permission denied)

But, the ownership/permissions look okay on that destination directory too.

[root@ ~]# ls -al /var/cloudstack/mnt/VM/345050029058.1f7af2bf
total 12
drwxr-xr-x. 4 nobody nobody 4096 Jul  8 11:15 .
drwxr-xr-x. 3 cloud  cloud35 Jul  8 14:06 ..
drwxrwxr-x. 2 cloud  cloud  4096 Jul  8 10:58 systemvm
drwxr-xr-x. 3 nobody nobody 4096 Jul  8 11:15 template
[root@usphlmvcsmt01 ~]#


Any ideas?


-Original Message-
From: Corey, Mike 
Sent: Thursday, July 2, 2020 2:31 PM
To: users@cloudstack.apache.org
Subject: RE: Initial SystemVM Creation Failing

No upgrade - this again is the fresh install of CloudStack 4.14 with VMware 
resources.  Maybe I should note that I created the primary and secondary 
storage via the "Advanced" setup wizard from the UI (logged in as admin).

I performed the ownership change you suggested so now cloud owns the systemvm 
folder on the secondary storage.  However, now I'm getting a new error 
regarding copying the ISO.

Should I just bag the 4.14 installation and try to get 4.13.1 running with 
VMware?


2020-07-02 14:19:13,314 INFO  [c.c.h.v.m.VmwareManagerImpl] 
(DirectAgent-10:ctx-52902ebf usphlmvesxt155.phl.global.corp.sap, job-15/job-33, 
cmd: StartCommand) (logid:b8ba37d1) Copy System VM patch ISO file to secondary 
storage. source ISO: /usr/share/cloudstack-common/vms/systemvm.iso, 
destination: 
/var/cloudstack/mnt/VM/345050029058.777ecb60/systemvm/systemvm-4.14.0.0.iso
2020-07-02 14:19:13,320 ERROR [c.c.h.v.m.VmwareManagerImpl] 
(DirectAgent-10:ctx-52902ebf usphlmvesxt155.phl.global.corp.sap, job-15/job-33, 
cmd: StartCommand) (logid:b8ba37d1) Unexpected exception 
java.io.FileNotFoundException: 
/var/cloudstack/mnt/VM/345050029058.777ecb60/systemvm/systemvm-4.14.0.0.iso 
(Permission denied)
at java.base/java.io.FileOutputStream.open0(Native Method)
at java.base/java.io.FileOutputStream.open(FileOutputStream.java:298)
at java.base/java.io.FileOutputStream.(FileOutputStream.java:237)
at java.base/java.io.FileOutputStream.(FileOutputStrea

RE: Initial SystemVM Creation Failing

2020-07-02 Thread Corey, Mike 
lmvesxt155.phl.global.corp.sap, job-15/job-33, 
cmd: StartCommand) (logid:b8ba37d1) [ignored]failed to get message for 
exception: Unable to copy systemvm ISO on secondary storage. src location: 
/usr/share/cloudstack-common/vms/systemvm.iso, dest location: 
/var/cloudstack/mnt/VM/345050029058.777ecb60/systemvm/systemvm-4.14.0.0.iso
2020-07-02 14:19:13,323 WARN  [c.c.h.v.r.VmwareResource] 
(DirectAgent-10:ctx-52902ebf usphlmvesxt155.phl.global.corp.sap, job-15/job-33, 
cmd: StartCommand) (logid:b8ba37d1) StartCommand failed due to Exception: 
com.cloud.utils.exception.CloudRuntimeException
Message: Unable to copy systemvm ISO on secondary storage. src location: 
/usr/share/cloudstack-common/vms/systemvm.iso, dest location: 
/var/cloudstack/mnt/VM/345050029058.777ecb60/systemvm/systemvm-4.14.0.0.iso




-Original Message-
From: Andrija Panic  
Sent: Thursday, July 2, 2020 12:34 PM
To: users 
Subject: Re: Initial SystemVM Creation Failing

Hi Mike,

Mount you secondary storage on the management server to some temp folder,
then run:chown -R cloud:cloud /systemvm/
Other folders on Secondary Storage NFS are owned by root, but the
"systemvm" should be owned by "cloud".

I assume you got this after some ACS upgrade, or similar?

On Thu, 2 Jul 2020 at 15:51, Corey, Mike  wrote:

> Hi,
>
>
>
> When I enable the zone, the systemvm creation begins but goes into a loop
> of creating and deleting VMs in vCenter.  I see in the logs there is an
> error for creating the folder permissions on the secondary storage (see
> below).  Running this CHMOD manually from inside the CSM kicks the same
> error.
>
>
>
> Please provide suggestions.
>
>
>
> 2020-07-02 09:08:39,665 DEBUG [c.c.h.v.m.VmwareManagerImpl]
> (DirectAgent-66:ctx-e15c32b2 usphlmvesxt154.phl.global.corp.sap,
> job-16/job-35, cmd: CopyCommand) (logid:1cfa64a9) Executing: sudo chmod
> 1777 /var/cloudstack/mnt/VM/345050029058.2807345c
>
> 2020-07-02 09:08:39,666 DEBUG [c.c.h.v.m.VmwareManagerImpl]
> (DirectAgent-66:ctx-e15c32b2 usphlmvesxt154.phl.global.corp.sap,
> job-16/job-35, cmd: CopyCommand) (logid:1cfa64a9) Executing while with
> timeout : 144
>
> 2020-07-02 09:08:39,693 DEBUG [c.c.h.v.m.VmwareManagerImpl]
> (DirectAgent-66:ctx-e15c32b2 usphlmvesxt154.phl.global.corp.sap,
> job-16/job-35, cmd: CopyCommand) (logid:1cfa64a9) Exit value is 1
>
> 2020-07-02 09:08:39,697 DEBUG [c.c.h.v.m.VmwareManagerImpl]
> (DirectAgent-66:ctx-e15c32b2 usphlmvesxt154.phl.global.corp.sap,
> job-16/job-35, cmd: CopyCommand) (logid:1cfa64a9) chmod: changing
> permissions of ‘/var/cloudstack/mnt/VM/345050029058.2807345c’: Operation
> not permitted
>
> 2020-07-02 09:08:39,699 WARN  [c.c.h.v.m.VmwareManagerImpl]
> (DirectAgent-66:ctx-e15c32b2 usphlmvesxt154.phl.global.corp.sap,
> job-16/job-35, cmd: CopyCommand) (logid:1cfa64a9) Unable to set permissions
> for /var/cloudstack/mnt/VM/345050029058.2807345c due to chmod: changing
> permissions of ‘/var/cloudstack/mnt/VM/345050029058.2807345c’: Operation
> not permitted
>
>
>
> Lines…
>
>
>
> 2020-07-02 09:09:00,598 DEBUG [c.c.h.v.m.HostMO]
> (DirectAgent-17:ctx-681dc524 usphlmvesxt154.phl.global.corp.sap,
> job-16/job-35, cmd: StartCommand) (logid:1cfa64a9) find VM v-2-VM on host
>
> 2020-07-02 09:09:00,598 INFO  [c.c.h.v.m.HostMO]
> (DirectAgent-17:ctx-681dc524 usphlmvesxt154.phl.global.corp.sap,
> job-16/job-35, cmd: StartCommand) (logid:1cfa64a9) VM v-2-VM not found in
> host cache
>
> 2020-07-02 09:09:00,598 DEBUG [c.c.h.v.m.HostMO]
> (DirectAgent-17:ctx-681dc524 usphlmvesxt154.phl.global.corp.sap,
> job-16/job-35, cmd: StartCommand) (logid:1cfa64a9) load VM cache on host
>
> 2020-07-02 09:09:00,616 DEBUG [c.c.h.v.m.HostMO]
> (DirectAgent-17:ctx-681dc524 usphlmvesxt154.phl.global.corp.sap,
> job-16/job-35, cmd: StartCommand) (logid:1cfa64a9) find VM v-2-VM on host
>
> 2020-07-02 09:09:00,617 DEBUG [c.c.h.v.m.HostMO]
> (DirectAgent-17:ctx-681dc524 usphlmvesxt154.phl.global.corp.sap,
> job-16/job-35, cmd: StartCommand) (logid:1cfa64a9) VM v-2-VM found in host
> cache
>
> 2020-07-02 09:09:00,799 ERROR [c.c.h.v.m.VmwareManagerImpl]
> (DirectAgent-17:ctx-681dc524 usphlmvesxt154.phl.global.corp.sap,
> job-16/job-35, cmd: StartCommand) (logid:1cfa64a9) Unable to create
> systemvm folder on secondary storage. location:
> /var/cloudstack/mnt/VM/345050029058.2807345c/systemvm
>
> 2020-07-02 09:09:00,800 INFO  [c.c.h.v.u.VmwareHelper]
> (DirectAgent-17:ctx-681dc524 usphlmvesxt154.phl.global.corp.sap,
> job-16/job-35, cmd: StartCommand) (logid:1cfa64a9) [ignored]failed to get
> message for exception: Unable to create systemvm folder on secondary
> storage. location: /var/cloudstack/mnt/VM/345050029058.2807345c/systemvm
>
> 2020-07-02 09:09:00,800 WARN  [c.c.h.v.r.VmwareRe

Initial SystemVM Creation Failing

2020-07-02 Thread Corey, Mike 
ap","managed":"false","storagePort":"2049","volumeSize":"0"}}],"nics":[{"deviceId":2,"networkRateMbps":-1,"defaultNic":true,"pxeDisable":true,"nicUuid":"ffbc1822-7907-4cdf-9e80-bb316786e04d","details":{"PromiscuousMode":"false","MacAddressChanges":"true","ForgedTransmits":"true"},"dpdkEnabled":false,"uuid":"f3a30021-a469-413d-85a8-ca1ca68ba27c","ip":"10.4.42.25","netmask":"255.255.255.192","gateway":"10.4.42.1","mac":"1e:00:e3:00:00:19","dns1":"10.4.202.200","dns2":"10.4.12.200","broadcastType":"Vlan","type":"Public","broadcastUri":"vlan://untagged","isolationUri":"vlan://untagged","isSecurityGroupEnabled":false,"name":"vSwitch0,134,vmwaresvs"},{"deviceId":0,"networkRateMbps":-1,"defaultNic":false,"pxeDisable":true,"nicUuid":"d6521be0-85b8-4836-bf8b-8461afdf593a","details":{"PromiscuousMode":"false","MacAddressChanges":"true","ForgedTransmits":"true"},"dpdkEnabled":false,"uuid":"eda0ae3d-d15d-4f91-b8db-a719cf5a94bf","mac":"02:00:31:71:00:02","broadcastType":"LinkLocal","type":"Control","isSecurityGroupEnabled":false,"name":"vSwitch0,146,vmwaresvs"},{"deviceId":1,"networkRateMbps":-1,"defaultNic":false,"pxeDisable":true,"nicUuid":"4e6201ad-91c0-4cab-bf53-9e2440025245","details":{"PromiscuousMode":"false","MacAddressChanges":"true","ForgedTransmits":"true"},"dpdkEnabled":false,"uuid":"ce88b030-c04c-4437-b60d-9910c2cc376f","ip":"10.4.4.35","netmask":"255.255.252.0","gateway":"10.4.4.1","mac":"1e:00:6b:00:00:27","broadcastType":"Native","type":"Management","isSecurityGroupEnabled":false,"name":"vSwitch0,146,vmwaresvs"}],"guestOsDetails":{},"extraConfig":{}},"result":false,"details":"StartCommand
 failed due to Exception: 
com.cloud.utils.exception.CloudRuntimeException\nMessage: Unable to create 
systemvm folder on secondary storage. location: 
/var/cloudstack/mnt/VM/345050029058.2807345c/systemvm\n","wait":0}}] }
2020-07-02 09:09:00,805 DEBUG [c.c.a.m.AgentAttache] 
(DirectAgent-17:ctx-681dc524) (logid:1cfa64a9) Seq 1-4541880224203147245: No 
more commands found
2020-07-02 09:09:00,806 DEBUG [c.c.a.t.Request] 
(Work-Job-Executor-2:ctx-9aa38618 job-16/job-35 ctx-7ebd1b78) (logid:1cfa64a9) 
Seq 1-4541880224203147245: Received:  { Ans: , MgmtId: 345050029058, via: 
1(usphlmvesxt154.phl.global.corp.sap), Ver: v1, Flags: 110, { StartAnswer } }
2020-07-02 09:09:00,816 INFO  [c.c.v.VirtualMachineManagerImpl] 
(Work-Job-Executor-2:ctx-9aa38618 job-16/job-35 ctx-7ebd1b78) (logid:1cfa64a9) 
Unable to start VM on Host[-1-Routing] due to StartCommand failed due to 
Exception: com.cloud.utils.exception.CloudRuntimeException
Message: Unable to create systemvm folder on secondary storage. location: 
/var/cloudstack/mnt/VM/345050029058.2807345c/systemvm

Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image002.png@01D65056.54B16610]

CloudStack VMware Network Question

2020-07-01 Thread Corey, Mike 
Hi,

I'm running into trouble with deploying the SystemVMs.  I think it's because 
the "Management Network" is different IP/VLAN than what my ESXi vmkernel port 
group is.

I have re-read the installation doc and if this is in fact a requirement than 
it stinks...

In the vSwitch properties dialog box, you may see a vCenter management network. 
This same network will also be used as the CloudStack management network. 
CloudStack requires the vCenter management network to be configured properly.

Do the ESXi vmkernel and the network for the SystemVMs need to be the same 
VLAN/Network/Port Group?  As I stand right now, my ESXi hosts are on network 
192.168.32.x and the management IP ranges are 192.168.4.x.

If that is the case - can you explicitly call that out in the 
setup/installation?  Also, why is this the case as we'd typically have 
management and hypervisors on isolated/separate networks (ACLs).




Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image002.png@01D64FB6.07F3D1F0]

RE: Can someone help me with this

2020-07-01 Thread Corey, Mike 
Had a similar issue.  Try to disable firewalld.

-Original Message-
From: Quốc Bảo Võ  
Sent: Wednesday, July 1, 2020 12:56 PM
To: users@cloudstack.apache.org
Subject: Can someone help me with this

Hi, I'm just getting started with Apache Cloudstack. I have installed it step 
by step at this site: 
http://docs.cloudstack.apache.org/en/4.14.0.0/quickinstallationguide/qig.html. 
But when I run it on the browser, it can't connect to UI interface and I don't 
know how to fix it

RE: Fresh 4.14 install - UI won't start after reboot

2020-06-25 Thread Corey, Mike 
Shutting down the firewall resolved the UI access issue.  Funny I didn't think 
to check that as the UI worked immediately after the setup.  

Besides 8080, what else does the setup configure in the firewall rules?  For 
whatever reason, it doesn’t appear my CentOS is keeping that configuration 
after the reboot.

Mike



-Original Message-
From: Andrija Panic  
Sent: Tuesday, June 23, 2020 6:05 PM
To: users 
Subject: Re: Fresh 4.14 install - UI won't start after reboot

Hi Mike,

I've checked the "after" log file - and everything seems fine - there is DB
update happening from 4.0.0 version all the way to 4.14.0.0 version (this
is clean install obviously) and the exception you see "can not ping
management server" - is NORMAL, i.e. in every ACS installation this happens
only one time during the boot process of the mgmt server and any next
occurrence of a similar thing would mean a real issue.

I can see that your mgmt server started just fine.
Can you check your firewall on that server/VM - does it allow access to
port 8080

Temporarily stop the firewall with   systemctl stop firewalls
and see if that solves the problem.

if you have used the "cloudstack-setup-management" command, as a way to
"configure" mgmt (it adds firewal rules and starts the mgmt server for you)
- then all should be fine.
Otherwise, fix your firewall accordingly / as you want it.

Cheers,

On Tue, 23 Jun 2020 at 17:37, Corey, Mike  wrote:

> Hi,
>
> Sorry for the delay, I had other stuff to work on last week.
>
> Here is the link to the log files, before & after a reboot of the
> management VM.  The reboot occurred at June 23 @ 1100 local time...anything
> before that time would be the installation/setup of CSM.
>
> I hope you can help figure this out.
>
> Thanks!
>
> https://tinyurl.com/yc5tebts
>
>
> -Original Message-
> From: Andrija Panic 
> Sent: Thursday, June 11, 2020 4:23 PM
> To: users 
> Subject: Re: Fresh 4.14 install - UI won't start after reboot
>
> Mike,
>
> those are the same packages, built by ShapeBlue and we are using them
> already (CentOS7) on a few places.
>
> That error is visible for many versions of ACS, that it can not connect to
> itself (kind of nonsense, but is there during mgmt server starting, only
> once! and to be ignored).
>
> Can you restart management-server and report if you still have issues?
>
> If so, please uploading your management-server.log to some external file
> sharing Web site, post link here so we can download it, and also share time
> at which you rebooted it or the VM.
>
> Best,
> Andrija
>
> On Thu, 11 Jun 2020, 20:45 Corey, Mike,  wrote:
>
> > Sorry, but the problem still exists.  Both distros give me the error "
> > Unable to ping management server at 10.4.32.163:9090 due to
> > ConnectException java.net.ConnectException: Connection refused" now.
> >
> > I wonder whatever changes the setup does to the firewall, they don't
> stick
> > after a reboot.
> >
> >
> >
> > -Original Message-
> > From: Corey, Mike 
> > Sent: Thursday, June 11, 2020 1:13 PM
> > To: users@cloudstack.apache.org
> > Subject: [CAUTION] RE: Fresh 4.14 install - UI won't start after reboot
> >
> > I think I solved my own problem, but may have uncovered a bug with one of
> > the distros.
> >
> > My first 3 attempts used the repo "baseurl=
> > http://packages.shapeblue.com/cloudstack/upstream/centos7/4.14; and the
> > UI would work after initial setup completion; however, it did not work
> > after a reboot of the VM.  The error I'm guessing is the issue is this:
> >
> > 2020-06-11 10:00:29,431 ERROR [c.c.c.ClusterManagerImpl] (main:null)
> > (logid:) Unable to ping management server at 10.4.32.163:9090 due to
> > ConnectException
> > java.net.ConnectException: Connection refused
> >
> > My recent attempt used the repo "baseurl=
> > http://download.cloudstack.org/centos/7/4.14; and the UI works even
> after
> > a reboot of the VM.
> >
> > I'd have to assume that the shapeblue and apache versions have something
> > different in how they handle the firewall rules.  Just a guess.
> >
> > Mike
> >
> >
> >
> > From: Corey, Mike 
> > Sent: Thursday, June 11, 2020 9:52 AM
> > To: users@cloudstack.apache.org
> > Subject: [CAUTION] Fresh 4.14 install - UI won't start after reboot
> >
> > Hi,
> >
> > Still new here so please be patient.  I just ran through a fresh
> > installation (MySQL & CS on same VM) and all looked good (no errors in
> > logs, installation completed, UI console loaded in browser) until I
>

RE: Fresh 4.14 install - UI won't start after reboot

2020-06-23 Thread Corey, Mike 
Hi,

Sorry for the delay, I had other stuff to work on last week.  

Here is the link to the log files, before & after a reboot of the management 
VM.  The reboot occurred at June 23 @ 1100 local time...anything before that 
time would be the installation/setup of CSM.

I hope you can help figure this out.

Thanks!

https://tinyurl.com/yc5tebts


-Original Message-
From: Andrija Panic  
Sent: Thursday, June 11, 2020 4:23 PM
To: users 
Subject: Re: Fresh 4.14 install - UI won't start after reboot

Mike,

those are the same packages, built by ShapeBlue and we are using them
already (CentOS7) on a few places.

That error is visible for many versions of ACS, that it can not connect to
itself (kind of nonsense, but is there during mgmt server starting, only
once! and to be ignored).

Can you restart management-server and report if you still have issues?

If so, please uploading your management-server.log to some external file
sharing Web site, post link here so we can download it, and also share time
at which you rebooted it or the VM.

Best,
Andrija

On Thu, 11 Jun 2020, 20:45 Corey, Mike,  wrote:

> Sorry, but the problem still exists.  Both distros give me the error "
> Unable to ping management server at 10.4.32.163:9090 due to
> ConnectException java.net.ConnectException: Connection refused" now.
>
> I wonder whatever changes the setup does to the firewall, they don't stick
> after a reboot.
>
>
>
> -----Original Message-
> From: Corey, Mike 
> Sent: Thursday, June 11, 2020 1:13 PM
> To: users@cloudstack.apache.org
> Subject: [CAUTION] RE: Fresh 4.14 install - UI won't start after reboot
>
> I think I solved my own problem, but may have uncovered a bug with one of
> the distros.
>
> My first 3 attempts used the repo "baseurl=
> http://packages.shapeblue.com/cloudstack/upstream/centos7/4.14; and the
> UI would work after initial setup completion; however, it did not work
> after a reboot of the VM.  The error I'm guessing is the issue is this:
>
> 2020-06-11 10:00:29,431 ERROR [c.c.c.ClusterManagerImpl] (main:null)
> (logid:) Unable to ping management server at 10.4.32.163:9090 due to
> ConnectException
> java.net.ConnectException: Connection refused
>
> My recent attempt used the repo "baseurl=
> http://download.cloudstack.org/centos/7/4.14; and the UI works even after
> a reboot of the VM.
>
> I'd have to assume that the shapeblue and apache versions have something
> different in how they handle the firewall rules.  Just a guess.
>
> Mike
>
>
>
> From: Corey, Mike 
> Sent: Thursday, June 11, 2020 9:52 AM
> To: users@cloudstack.apache.org
> Subject: [CAUTION] Fresh 4.14 install - UI won't start after reboot
>
> Hi,
>
> Still new here so please be patient.  I just ran through a fresh
> installation (MySQL & CS on same VM) and all looked good (no errors in
> logs, installation completed, UI console loaded in browser) until I
> rebooted the management server.  The UI came online after the initial setup
> ran through; however, after a reboot the UI won't load (30 mins so far).
>
> Besides watching the management-server.log and greping it for errors, is
> there anything I can look at to troubleshoot the UI portal connectivity
> events?
>
> Thanks!
>
>
> Mike Corey
>
> Technology Senior Consultant, IT CS CTW Operation & Virtualization Service
> US
>
> SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United
> States
>
> T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com mike.co...@sap.com>
>
>
> [cid:image003.png@01D63FD5.FBDDCF50]
>
>
>

RE: Fresh 4.14 install - UI won't start after reboot

2020-06-11 Thread Corey, Mike 
Sorry, but the problem still exists.  Both distros give me the error " Unable 
to ping management server at 10.4.32.163:9090 due to ConnectException 
java.net.ConnectException: Connection refused" now.

I wonder whatever changes the setup does to the firewall, they don't stick 
after a reboot.

 

-Original Message-
From: Corey, Mike  
Sent: Thursday, June 11, 2020 1:13 PM
To: users@cloudstack.apache.org
Subject: [CAUTION] RE: Fresh 4.14 install - UI won't start after reboot

I think I solved my own problem, but may have uncovered a bug with one of the 
distros.

My first 3 attempts used the repo 
"baseurl=http://packages.shapeblue.com/cloudstack/upstream/centos7/4.14; and 
the UI would work after initial setup completion; however, it did not work 
after a reboot of the VM.  The error I'm guessing is the issue is this:

2020-06-11 10:00:29,431 ERROR [c.c.c.ClusterManagerImpl] (main:null) (logid:) 
Unable to ping management server at 10.4.32.163:9090 due to ConnectException
java.net.ConnectException: Connection refused

My recent attempt used the repo 
"baseurl=http://download.cloudstack.org/centos/7/4.14; and the UI works even 
after a reboot of the VM.

I'd have to assume that the shapeblue and apache versions have something 
different in how they handle the firewall rules.  Just a guess.

Mike



From: Corey, Mike 
Sent: Thursday, June 11, 2020 9:52 AM
To: users@cloudstack.apache.org
Subject: [CAUTION] Fresh 4.14 install - UI won't start after reboot

Hi,

Still new here so please be patient.  I just ran through a fresh installation 
(MySQL & CS on same VM) and all looked good (no errors in logs, installation 
completed, UI console loaded in browser) until I rebooted the management 
server.  The UI came online after the initial setup ran through; however, after 
a reboot the UI won't load (30 mins so far).

Besides watching the management-server.log and greping it for errors, is there 
anything I can look at to troubleshoot the UI portal connectivity events?

Thanks!


Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E 
mike.co...@sap.com<mailto:mike.co...@sap.com>


[cid:image003.png@01D63FD5.FBDDCF50]

RE: Fresh 4.14 install - UI won't start after reboot

2020-06-11 Thread Corey, Mike 
I think I solved my own problem, but may have uncovered a bug with one of the 
distros.

My first 3 attempts used the repo 
"baseurl=http://packages.shapeblue.com/cloudstack/upstream/centos7/4.14; and 
the UI would work after initial setup completion; however, it did not work 
after a reboot of the VM.  The error I'm guessing is the issue is this:

2020-06-11 10:00:29,431 ERROR [c.c.c.ClusterManagerImpl] (main:null) (logid:) 
Unable to ping management server at 10.4.32.163:9090 due to ConnectException
java.net.ConnectException: Connection refused

My recent attempt used the repo 
"baseurl=http://download.cloudstack.org/centos/7/4.14; and the UI works even 
after a reboot of the VM.

I'd have to assume that the shapeblue and apache versions have something 
different in how they handle the firewall rules.  Just a guess.

Mike



From: Corey, Mike 
Sent: Thursday, June 11, 2020 9:52 AM
To: users@cloudstack.apache.org
Subject: [CAUTION] Fresh 4.14 install - UI won't start after reboot

Hi,

Still new here so please be patient.  I just ran through a fresh installation 
(MySQL & CS on same VM) and all looked good (no errors in logs, installation 
completed, UI console loaded in browser) until I rebooted the management 
server.  The UI came online after the initial setup ran through; however, after 
a reboot the UI won't load (30 mins so far).

Besides watching the management-server.log and greping it for errors, is there 
anything I can look at to troubleshoot the UI portal connectivity events?

Thanks!


Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E 
mike.co...@sap.com<mailto:mike.co...@sap.com>


[cid:image003.png@01D63FD5.FBDDCF50]

Fresh 4.14 install - UI won't start after reboot

2020-06-11 Thread Corey, Mike 
Hi,

Still new here so please be patient.  I just ran through a fresh installation 
(MySQL & CS on same VM) and all looked good (no errors in logs, installation 
completed, UI console loaded in browser) until I rebooted the management 
server.  The UI came online after the initial setup ran through; however, after 
a reboot the UI won't load (30 mins so far).

Besides watching the management-server.log and greping it for errors, is there 
anything I can look at to troubleshoot the UI portal connectivity events?

Thanks!


Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image003.png@01D63FD5.FBDDCF50]

MySQL Version Clarity

2020-06-09 Thread Corey, Mike 
Hi,

Can someone confirm the version of MySQL for CS 4.14?

The documentation only states the below; however it doesn't mention specific 
build revisions or update versions of MySQL (5.7 or 8.0).

"CloudStack has been tested with MySQL 5.1 and 5.5. These versions are included 
in RHEL/CentOS and Ubuntu."


Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com



[cid:image003.png@01D63E43.D1FD07C0]

Re: [VOTE] Primate as modern UI for CloudStack

2019-10-07 Thread Tutkowski, Mike 
+1


From: Rohit Yadav 
Sent: Monday, October 7, 2019 5:31:15 AM
To: d...@cloudstack.apache.org ; 
users@cloudstack.apache.org ; 
priv...@cloudstack.apache.org 
Subject: [VOTE] Primate as modern UI for CloudStack

NetApp Security WARNING: This is an external email. Do not click links or open 
attachments unless you recognize the sender and know the content is safe.




All,

The feedback and response has been positive on the proposal to use Primate as 
the modern UI for CloudStack [1] [2]. Thank you all.

I'm starting this vote (to):

  *   Accept Primate codebase [3] as a project under Apache CloudStack project
  *   Create and host a new repository (cloudstack-primate) and follow Github 
based development workflow (issues, pull requests etc) as we do with CloudStack
  *   Given this is a new project, to encourage cadence until its feature 
completeness the merge criteria is proposed as:
 *   Manual testing against each PR and/or with screenshots from the author 
or testing contributor, integration with Travis is possible once we get JS/UI 
tests
 *   At least 1 LGTM from any of the active contributors, we'll move this 
to 2 LGTMs when the codebase reaches feature parity wrt the existing/old 
CloudStack UI
 *   Squash and merge PRs
  *   Accept the proposed timeline [1][2] (subject to achievement of goals wrt 
Primate technical release and GA)
 *   the first technical preview targetted with the winter 2019 LTS release 
(~Q1 2020) and release to serve a deprecation notice wrt the older UI
 *   define a release approach before winter LTS
 *   stop taking feature FRs for old/existing UI after winter 2019 LTS 
release, work on upgrade path/documentation from old UI to Primate
 *   the first Primate GA targetted wrt summer LTS 2020 (~H2 2019), but 
still ship old UI with a final deprecation notice
 *   old UI codebase removed from codebase in winter 2020 LTS release

The vote will be up for the next two weeks to give enough time for PMC and the 
community to gather consensus and still have room for questions, feedback and 
discussions. The results to be shared on/after 21th October 2019.

For sanity in tallying the vote, can PMC members please be sure to indicate 
"(binding)" with their vote?

[ ] +1  approve
[ ] +0  no opinion
[ ] -1  disapprove (and reason why)

[1] Primate Proposal:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Proposal%3A+CloudStack+Primate+UI

[2] Email thread reference:
https://markmail.org/message/z6fuvw4regig7aqb

[3] Primate repo current location: https://github.com/shapeblue/primate


Regards,

Rohit Yadav

Software Architect, ShapeBlue

https://www.shapeblue.com

rohit.ya...@shapeblue.com
www.shapeblue.com
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue

Re: SolidFire with CloudStack 4.11.3 and vsphere 6.5

2019-09-13 Thread Tutkowski, Mike 
Hi Christian,

I work at NetApp. I can contact you off list to give you instructions on how to 
get support at NetApp involved.

Thanks, Andrija, for debugging!

Talk to you later,
Mike

On 9/13/19, 1:15 AM, "christian.kir...@zv.fraunhofer.de" 
 wrote:

NetApp Security WARNING: This is an external email. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.




Hi Andrija,

thanks for your effort, that is some good and bad news at once.
The good thing is, we are not too stupid to set it up.

I will get in contact with NetApp and hear what they say, I’m afraid it 
gonna take some time…

Regards
Christian

> On 13. Sep 2019, at 00:00, Andrija Panic  wrote:
>
> Right,
>
> so I managed to reproduce your issues, 2 times, using ACS 4.13/master and
> VMware 6.5... got the same error message, after a lot of tasks being
> executed on VMware side.
>
> The steps I take were to (first try) don't even add the iSCSI Sotfware
> adapter, but then when trying to spin a VM, there is obviously no IQN
> identifier assigned to the ESXi hosts, and thus not part of the DB (hosts
> table) - so, as expected, you have added the SF to ACS (SolidFire plugin,
> Managed, proper URL defined), but it fails to spin a VM.
>
> Clean up everything in ACS, wipe the Primary Storage. Add iSCSI Software
> adapter in vCenter/ESXi hosts, configure proper binding to vSwitchXXX and
> then add again SF (again, SolidFire provider, Managed and proper ULR) to
> SF, try to spin a VM.
> Now, a series of things are happening in vCenter.
>
> -  Static iSCSI target is added to ESXI hosts,
> - Rescanning HBAs,
> -  Creating datastore same size as the volume/template itself
> - Deploying OVF template
> - Unregistering VM
> - Moving files around
> - unmounting VMFS
> - Removing iSCSI static targets
> - Rescan HBA
> - Again adding iSCSI static targets
> - Rescan HBAs
> - Rescan VMFS
> - RENAME datastore
> - unmount datastore
> - remove iSCSI targets.
>
> The error from the ACS is:
> message: Datastore '-iqn.2010-01.com.solidfire:hl1k.root-32.29-0' is not
> accessible. No connected and accessible host is attached to this datastore
>
> The problem is - this datastore (in it's latest, renamed state) - is
> unmounted from ESXI hosts, but can't be removed, NOR can I mount it - I 
get
> the vCenter message of "Operation failed, diagnostics report: Unable to
> find volume uuid[5d7abd9a-273aa9d5-bffe-1e00d4010711] lvm
> [snap-329aa3ea-5d7abd01-a5c83210-c87c-1e00d4010711] devices"
>
> So something is broken here...
>
> Will try other scenarios soon (SolidFire Shared, etc).
>
>
>
>
>
>
>
> On Thu, 5 Sep 2019 at 11:33, Andrija Panic  
wrote:
>
>> That sounds OK to me, the steps to add SF. That should create a datastore
>> per each created volume you create (if not mistaken). The other way is to
>> use SolidFireShared plugin, which should create a single datastore and
>> place all volumes in it (datastore=LUN=single SF volume).
>>
>> Can you please answer my question from previous email, and also you can
>> chech for datastore statuses in vCenter for any error, something is not
>> right...
>>
>> Andrija
>>
>> On Thu, Sep 5, 2019, 16:15  wrote:
>>
>>> Hi Andrija,
>>>
>>>> On 5. Sep 2019, at 15:07, Andrija Panic 
>>> wrote:
>>>
>>>> the message is that no host is connected to that specific datastore -
>>>> "Unable to start VM on Host[-1-Routing] due to StartCommand failed due
>>> to
>>>> Exception: java.lang.RuntimeException
>>>> Message: Datastore '-iqn.2010-01.com.solidfire:x64j.root-29.17-0' is 
not
>>>> accessible. ***No connected and accessible host is attached to this
>>>> datastore***."
>>>>
>>>> You can see that message being returned by VMware actually, not ACS (I
>>>> checked the code for that message - no results)
>>>>
>>> 
https://vmninja.wordpress.com/2019/04/05/remove-inaccessible-datastore-from-inventory/
>>>>
>>> I assumed the message did come from ACS since there were no 
corresponding
>>> messages in vcenter.
>>> Before every new deployment attempt I get sure there are not le

Re: [ANNOUNCE] Bobby (Boris Stoyanov) has joined the PMC

2019-07-16 Thread Tutkowski, Mike 
Congratulations, Bobby!


From: Paul Angus 
Sent: Tuesday, July 16, 2019 3:12:51 AM
To: priv...@cloudstack.apache.org; d...@cloudstack.apache.org; 
users@cloudstack.apache.org
Subject: [ANNOUNCE] Bobby (Boris Stoyanov) has joined the PMC

NetApp Security WARNING: This is an external email. Do not click links or open 
attachments unless you recognize the sender and know the content is safe.




Fellow CloudStackers,



It gives me great pleasure to say that Bobby has been invited to join the PMC 
and has gracefully accepted.



Please join me in congratulating  Bobby!





Kind regards,





Paul Angus

CloudStack PMC

Re: [ANNOUNCE] Sven Vogel has joined the PMC

2019-07-14 Thread Tutkowski, Mike 
Congratulations, Sven!


From: Paul Angus 
Sent: Saturday, July 13, 2019 9:44:47 AM
To: priv...@cloudstack.apache.org; d...@cloudstack.apache.org; 
users@cloudstack.apache.org
Subject: [ANNOUNCE] Sven Vogel has joined the PMC

NetApp Security WARNING: This is an external email. Do not click links or open 
attachments unless you recognize the sender and know the content is safe.




Fellow CloudStackers,



It gives me great pleasure to say that Sven has been invited to join the
PMC and has gracefully accepted.


Please joining me in congratulating Sven!




Kind regards,



Paul Angus

CloudStack PMC

Re: [ANNOUNCE] Andrija Panic has joined the PMC

2019-07-14 Thread Tutkowski, Mike 
Congratulations, Andrija!


From: Paul Angus 
Sent: Saturday, July 13, 2019 9:02:57 AM
To: users@cloudstack.apache.org; d...@cloudstack.apache.org; 
priv...@cloudstack.apache.org
Subject: [ANNOUNCE] Andrija Panic has joined the PMC

NetApp Security WARNING: This is an external email. Do not click links or open 
attachments unless you recognize the sender and know the content is safe.




Fellow CloudStackers,



It gives me great pleasure to say that Adrija has been invited to join the PMC 
and has gracefully accepted.


Please joining me in congratulating Andrija!




Kind regards,



Paul Angus

CloudStack PMC

Re: [ANNOUNCE] Gabriel Beims Bräscher has joined the PMC

2019-07-14 Thread Tutkowski, Mike 
Congratulations, Gabriel!


From: Paul Angus 
Sent: Saturday, July 13, 2019 10:01 AM
To: users@cloudstack.apache.org; d...@cloudstack.apache.org; 
priv...@cloudstack.apache.org
Subject: [ANNOUNCE] Gabriel Beims Bräscher has joined the PMC

NetApp Security WARNING: This is an external email. Do not click links or open 
attachments unless you recognize the sender and know the content is safe.




Fellow CloudStackers,


Its non-stop today!



It gives me great pleasure to say that Gabriel has been invited to join the
PMC and has gracefully accepted.


Please joining me in congratulating Sven!




Kind regards,



Paul Angus

CloudStack PMC

Re: Ansible 2.8: CloudStack related changes

2019-05-16 Thread Tutkowski, Mike 
Thanks, Rene, for all of the work you've done for CloudStack!


From: Rene Moser 
Sent: Thursday, May 16, 2019 1:42 AM
To: users@cloudstack.apache.org; dev
Subject: Ansible 2.8: CloudStack related changes

NetApp Security WARNING: This is an external email. Do not click links or open 
attachments unless you recognize the sender and know the content is safe.




Hi all

As announced previously in autumn 2018, I am ending my active
maintenance for the CloudStack Ansible integration with the 2.8 release.

It started as PoC during a weekend at a Swiss Linux hackers event
"Turrican Days" in autumn 2014 and turned into "thing" I have spent many
nights with. Take care of it.

The modules are in best conditions: Cloudstack is one of a few Ansible
integrations without any failing sanity checks. Special thanks goes to
David Passante who brought all the docs in shape!

We have automated integration tests based on a simulator docker setup
[1] currently running Cloudstack 4.11.2. The integration test code
coverage [2] is at >85%.

There are currently (only) 2 more members in the CloudStack team [3] in
Ansible.

Thanks again for all the support and appreciation I have received over
the years.

Ansible v2.8.0 is going to be released with the following, CloudStack
related changes, thanks for all the contributors:

David Passante (18):
  Cloudstack: fix support for some VPC service capabilities (#45727)
  cs_account: Implement role parameter support (#46166)
  cs_account: add ability to bind accounts to LDAP (#46219)
  Cloudstack: New module cs_vlan_ip_range (#51597)
  cloudstack: streamline modules doc (#52509)
  cloudstack: streamline modules doc (part 2) (#52730)
  cloudstack: streamline modules doc (part 3) (#53412)
  cs_iso: fix missing param "is_public" (#53740)
  cs_network_offering: Add choice list for supported_services in
arg_spec (#53901)
  cloudstack: streamline modules doc (part 4) (#53874)
  cs_volume: add volumes extraction and upload features (#54111)
  cs_instance_facts: add a "nic" fact to return VM networking
information (#54337)
  cs_service_offering: update params in arg spec and documentation
(#54511)
  cs_network_offering: add a for_vpc parameter (#54551)
  cloudstack: streamline modules doc (part 5) (#54523)
  cs_service_offering: Implement customizable compute offers (#54597)
  cloudstack: streamline modules doc (part 6) (#54641)
  cs_vlan_ip_range: Update return values documentation (#54677)

Gregor Riepl (1):
  Cloudstack: Add password reset module (#47931)

Patryk D. Cichy (5):
  Add new Cloudstack module cs_image_store (#53617)
  Add new CloudStack module cs_physical_network (#54098)
  Add a new CloudStack module - cs_traffic_type (#54451)
  Enable adding VLAN IP ranges for Physical Networks (#54576)
  Proper handling of lower case name for InternalLbVm Service
Provider (#55087)

Rene Moser (13):
  cs_loadbalancer_rule_member: fix error handling (#46012)
  cs_instance: fix host migration without volume (#46115)
  cs_instance: doc: fix typo in examples (#46035)
  cs_staticnat: fix sanity (#46037)
  cs_ip_address: use query_api, fixes error handling (#46034)
  cs_resourcelimit: use query_api for error handling (#46036)
  cs_ip_address: fix vpc and network mutually exclusive (#47846)
  cs_network_acl_rule: fix doc and sanity (#47835)
  cs_template: fix KeyError on state=extracted (#48675)
  cs_instance: fix typos in defaults for ip/ip6_ipaddress (#49064)
  cs_physical_network: use name as param for network (#54602)
  cloudstack: fix E326 (#54657)

This will be my last announcement and I most probably leaving the
cloudstack mailing lists in the next couple of days.

Best wishes
René

[1] https://github.com/ansible/cloudstack-test-container
[2]
https://codecov.io/gh/ansible/ansible/tree/devel/lib/ansible/modules/cloud/cloudstack
[3]
https://github.com/ansible/ansible/blob/0e0735f10ecb64634a4a1c9ac78a36743295417d/.github/BOTMETA.yml#L1471

Re: New VP of CloudStack: Paul Angus

2019-03-13 Thread Tutkowski, Mike 
Thanks, everyone! I'm sure Paul will do a fantastic job as VP in the coming 
year.

On 3/13/19, 12:58 PM, "Melanie Desaive"  wrote:

NetApp Security WARNING: This is an external email. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.




Wow! Great news! Congratulations Paul!

And thanks a lot to Mike!

All my best wishes to all of you!

Am Montag, den 11.03.2019, 15:16 + schrieb Tutkowski, Mike:
> Hi everyone,
>
> As you may know, the role of VP of CloudStack (Chair of the
> CloudStack PMC) has a one-year term. My term has now come and gone.
>
> I’m happy to announce that the CloudStack PMC has elected Paul Angus
> as our new VP of CloudStack.
>
> As many already know, Paul has been an active member of the
> CloudStack Community for over six years now. I’ve worked with Paul on
> and off throughout much of that time and I believe he’ll be a great
> fit for this role.
>
> Please join me in welcoming Paul as the new VP of Apache CloudStack!
>
> Thanks,
> Mike
--
--
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

https://www.heinlein-support.de

Tel: 030 / 40 50 51 - 62
Fax: 030 / 40 50 51 - 19

Amtsgericht Berlin-Charlottenburg - HRB 93818 B
Geschäftsführer: Peer Heinlein - Sitz: Berlin

New VP of CloudStack: Paul Angus

2019-03-11 Thread Tutkowski, Mike 
Hi everyone,

As you may know, the role of VP of CloudStack (Chair of the CloudStack PMC) has 
a one-year term. My term has now come and gone.

I’m happy to announce that the CloudStack PMC has elected Paul Angus as our new 
VP of CloudStack.

As many already know, Paul has been an active member of the CloudStack 
Community for over six years now. I’ve worked with Paul on and off throughout 
much of that time and I believe he’ll be a great fit for this role.

Please join me in welcoming Paul as the new VP of Apache CloudStack!

Thanks,
Mike

Re: CloudStack Collab Conference Brazil deadline for talk proposals is on 11/02/2019

2019-02-13 Thread Tutkowski, Mike 
Hi everyone,

Just an FYI that we will soon be going through the presentations submitted via 
the CFP for CCC Brazil.

If anyone is interested in participating in the review process, please respond 
to this e-mail.

Thanks!
Mike

On 2/10/19, 7:13 AM, "Rafael Weingärtner"  wrote:

The call for papers (CFP)

<http://www.thedevelopersconference.com.br/tdc/2019/florianopolis/call4papers-en>
for
the first CloudStack Collab Conference Brazil is approaching. If you have
not submitted your talk proposal, you still have time. It is going to be
the first (of many yet to come) that you cannot miss.

You do not need to have the full presentation ready now, all you need three
little things: (i) an interesting title, (ii) a brief description of the
talk to help the committee with the selection process, and (iii) a message
to the reviewing committee saying why your talk is important and
interesting for the cloud ecosystem.

You cannot miss the opportunity to meet the CloudStack community in
Florianopolis. Therefore, if you do not want to be a speaker, you should
come to watch, network, and enjoy not just the conference, but this
picturesque island with perfect beaches, excellent surfing, and amazing
seafood.
--
Rafael Weingärtner

Re: Why CloudStack 5

2019-01-23 Thread Tutkowski, Mike 
That sounds reasonable to me.



From: Rafael Weingärtner 
Sent: Wednesday, January 23, 2019 5:25 PM
To: users
Cc: d...@cloudstack.apache.org
Subject: Re: Why CloudStack 5

NetApp Security WARNING: This is an external email. Do not click links or open 
attachments unless you recognize the sender and know the content is safe.




I would say that it is indeed a solid version. However, version 4.12 by
itself is not breaking anything. Therefore, according to the semantic
versioning, we cannot increase the ‘X’ bit.

It is also interesting to consider that 4.12 has over 188 PRs merged into
it. When we finish, we will probably hit almost 200 PRs. Many new features
were added, and we might have some hidden bugs that were not discovered
yet. Therefore, at least for me, it looks wiser to launch it as a normal
release and work on top of it to create 5.0.0 during July-August 2019. This
should provide 3-6 months of experimentation with the 4.12 version in
production.

On Wed, Jan 23, 2019 at 10:07 PM Tutkowski, Mike 
wrote:

> Is 4.12 a decent candidate to be branded 5.0 or might we be waiting for
> some specific set of backwards-incompatible updates?
>
>
> 
> From: Rafael Weingärtner 
> Sent: Wednesday, January 23, 2019 4:58 PM
> To: dev
> Cc: users
> Subject: Re: Why CloudStack 5
>
> NetApp Security WARNING: This is an external email. Do not click links or
> open attachments unless you recognize the sender and know the content is
> safe.
>
>
>
>
> Hello Ivan,
> Can you provide reasons why not move to a version 5?
>
> To help you, I will provide why I think we should move to 5.0.0 after 4.12.
> Therefore, I would expect this 5.0.0 to be an LTS version as well.
>
> 1. To begin with, technically, we should already be in version 5 if we
> had been following the semantic versioning we say we follow. We broke
> compatibility when Midonet plugin was removed in 4.10, and later, also,
> when public APIs from the IAM projects were removed. You can discuss if
> those features were broken or not, and if they count as a backward
> incompatibility. All in all, it is a removal of public APIs;
> 2. We want to remove the basic network, and with this move, we can
> delete a load of complications and replicated code, which causes more
> burden than anything else;
> 3. There are also some other small details in some PRs, where these
> issues with backward compatibility are holding our code and structure
> improvements. Therefore, a CloudStack 5.0.0 would free us from these
> anchors that we keep dragging around;
> 4. A new database upgrade scheme…. I do not even need to get into this
> topic; all DEVs here know what I am talking about;
> 5. A proper JPA implementation, a real restful API, adopt a standard
> rest framework, and other base technological improvements would be awesome,
> but I would say that they are far from here now. And they will be always
> distant if we keep holding ourselves back.
>
> All in all, to conclude; it is not about the version number and marketing.
> At least for me, I could care less about the number. This is about the
> community being able to adopt new trends, new technology, new methods, and
> understanding that to move on, we need to let somethings go.
>
> On Tue, Jan 22, 2019 at 1:45 AM Ivan Kudryavtsev  >
> wrote:
>
> > I decided whether to write it several weeks thinking about the stones and
> > rotten potatoes, but still decided to do that. Hope it will not raise the
> > stress level.
> >
> > Colleagues and ACS leaders, I would like to initiate the discussion. Why
> go
> > to CS5 rather than stay with 4.XX. Some thoughts are:
> >
> > 1. According to the versioning guide, the first number stands for radical
> > changes like if the community decided to go from current ORM to
> Hibernate.
> > I don't see the capabilities for such changes and there are no intentions
> > for the implementation.
> >
> > 2. I can realize that we 'stuck' with '4.XX' and the marketing can be
> > disappointing from that point of view. Then, OK, let's just skip the
> first
> > number "4." and release, ACS 13.X, 14.X, 15.X and so on. Every version
> will
> > receive new impressing version number and everyone could be happy about
> > that.
> >
> > Going to version "5" currently looks like as an intention to refresh but
> > with very poor motivation. At least to me.
> >
> > The discussion is strongly welcome.
> >
> >
> >
> > --
> > With best regards, Ivan Kudryavtsev
> > Bitworks LLC
> > Cell RU: +7-923-414-1515
> > Cell USA: +1-201-257-1512
> > WWW: http://bitworks.software/ <http://bw-sw.com/>
> >
>
>
> --
> Rafael Weingärtner
>


--
Rafael Weingärtner

Re: Why CloudStack 5

2019-01-23 Thread Tutkowski, Mike 
Is 4.12 a decent candidate to be branded 5.0 or might we be waiting for some 
specific set of backwards-incompatible updates?



From: Rafael Weingärtner 
Sent: Wednesday, January 23, 2019 4:58 PM
To: dev
Cc: users
Subject: Re: Why CloudStack 5

NetApp Security WARNING: This is an external email. Do not click links or open 
attachments unless you recognize the sender and know the content is safe.




Hello Ivan,
Can you provide reasons why not move to a version 5?

To help you, I will provide why I think we should move to 5.0.0 after 4.12.
Therefore, I would expect this 5.0.0 to be an LTS version as well.

1. To begin with, technically, we should already be in version 5 if we
had been following the semantic versioning we say we follow. We broke
compatibility when Midonet plugin was removed in 4.10, and later, also,
when public APIs from the IAM projects were removed. You can discuss if
those features were broken or not, and if they count as a backward
incompatibility. All in all, it is a removal of public APIs;
2. We want to remove the basic network, and with this move, we can
delete a load of complications and replicated code, which causes more
burden than anything else;
3. There are also some other small details in some PRs, where these
issues with backward compatibility are holding our code and structure
improvements. Therefore, a CloudStack 5.0.0 would free us from these
anchors that we keep dragging around;
4. A new database upgrade scheme…. I do not even need to get into this
topic; all DEVs here know what I am talking about;
5. A proper JPA implementation, a real restful API, adopt a standard
rest framework, and other base technological improvements would be awesome,
but I would say that they are far from here now. And they will be always
distant if we keep holding ourselves back.

All in all, to conclude; it is not about the version number and marketing.
At least for me, I could care less about the number. This is about the
community being able to adopt new trends, new technology, new methods, and
understanding that to move on, we need to let somethings go.

On Tue, Jan 22, 2019 at 1:45 AM Ivan Kudryavtsev 
wrote:

> I decided whether to write it several weeks thinking about the stones and
> rotten potatoes, but still decided to do that. Hope it will not raise the
> stress level.
>
> Colleagues and ACS leaders, I would like to initiate the discussion. Why go
> to CS5 rather than stay with 4.XX. Some thoughts are:
>
> 1. According to the versioning guide, the first number stands for radical
> changes like if the community decided to go from current ORM to Hibernate.
> I don't see the capabilities for such changes and there are no intentions
> for the implementation.
>
> 2. I can realize that we 'stuck' with '4.XX' and the marketing can be
> disappointing from that point of view. Then, OK, let's just skip the first
> number "4." and release, ACS 13.X, 14.X, 15.X and so on. Every version will
> receive new impressing version number and everyone could be happy about
> that.
>
> Going to version "5" currently looks like as an intention to refresh but
> with very poor motivation. At least to me.
>
> The discussion is strongly welcome.
>
>
>
> --
> With best regards, Ivan Kudryavtsev
> Bitworks LLC
> Cell RU: +7-923-414-1515
> Cell USA: +1-201-257-1512
> WWW: http://bitworks.software/ 
>


--
Rafael Weingärtner

Re: CloudStack Collab in Brazil

2019-01-11 Thread Tutkowski, Mike 
I can participate in the call, Rafael. I have updated the Doodle pool.

On 1/11/19, 11:47 AM, "Rafael Weingärtner"  wrote:

NetApp Security WARNING: This is an external email. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.




Hello CloudStackers,

Happy new year to everybody! I hope that you all enjoyed the festivities
and are rested and ready for this new, challenging and exciting year ;)

As you all know, we are trying to organize the CCC as a joint event with
TDC in Brazil. We have proposed the topics for presentations, and now the
next step is to schedule a meeting with the TDC organizers. We need to
discuss channels to spread the word regarding the conference, talks
selection process, branding (CCC, Apache CloudStack) with the TDC, and so
on. Who would be willing to join me in this call?

They are unavailable in January. Therefore, I am proposing the call to be
in the first week of February. I am starting a pool in Doodle to see if we
can find the best time and date. As pools tend to get cluttered when we
have a lot of options, I am starting with 4 and 5 of February. Beware that
the time is in GMT-02:00 (Brasilia time). Therefore, before selecting one,
it might be a good idea to check the difference between GMT-02:00 and your
timezone.

The link for the Doodle pool is: https://doodle.com/poll/7dpvtiqg67it452m

If you have any other question or suggestion for dates and time, please do
not hesitate to contact me.

Again, thanks for your (the ACS community) time, attention, and effort.

Let’s make CCC-BR 2019 happen!!

On Mon, Dec 24, 2018 at 2:32 PM Tutkowski, Mike 
wrote:

> Yeah, let’s do a call once more people are back from the holidays. Maybe
> the first or second week of January?
>
> 
> From: Rafael Weingärtner 
> Sent: Monday, December 24, 2018 3:47 AM
> To: users; dev
> Subject: Re: CloudStack Collab in Brazil
>
> NetApp Security WARNING: This is an external email. Do not click links or
> open attachments unless you recognize the sender and know the content is
> safe.
>
>
>
>
> It would be great to have your presence :)
> My idea is to have a call after this period of Christmas and New Year’s
> Eve. I will let you guys know when I get the dates and time.
>
> Thanks for your (the ACS community) time, attention, and effort so far.
>
> On Fri, Dec 21, 2018 at 10:04 PM Tim Mackey  wrote:
>
> > Rafael,
> >
> > I can't do a call next week, but the following week I should be able to.
> > The tracks look great. From my side, assuming I can get travel approval,
> > I'll submit on the cloud security track. Regulations are part of my life
> > these days!
> >
> > -tim
> >
> > On Fri, Dec 21, 2018 at 10:19 AM Rafael Weingärtner <
> > rafaelweingart...@gmail.com> wrote:
> >
> > > No date has been set yet. Next week I will contact them again, and
> then I
> > > will reach the community here to set a date. Thanks for the 
willingness
> > to
> > > make this happen! Your participation is essential. You guys have great
> > use
> > > cases of ACS.
> > >
> > > On Fri, Dec 21, 2018 at 12:49 PM Ricardo Makino <
> ricardo.n...@gmail.com>
> > > wrote:
> > >
> > > > Hi Rafael,
> > > >
> > > > I am able to join you in the call, when do you expect it happening?
> > > >
> > > > Maybe we can use doodle (https://doodle.com) to check the schedule
> of
> > > all
> > > > involved in the call.
> > > >
> > > > Best Regards,
> > > > --
> > > > Ricardo Makino
> > > >
> > > >
> > > > On Fri, Dec 21, 2018 at 11:23 AM Rafael Weingärtner <
> > > > rafaelweingart...@gmail.com> wrote:
> > > >
> > > > > Hello Folks,
> > > > >
> > > > > I have submitted the tracks. The next step now is to schedule a
> > meeting
> > > > > with the TDC organizers again. However, at this time, I need some
> of
> > > you
> > > > in
> > > > > the call. We will be discussing channels to spread the word
> regarding
> > > the
> > >

Re: CloudStack Collab in Brazil

2018-12-24 Thread Tutkowski, Mike 
apeblue.com/ | twitter: @shapeblue
> > > > >>
> > > > >> Em 19/12/2018 15:55, "Tim Mackey"  escreveu:
> > > > >>
> > > > >> Gabriel,
> > > > >>
> > > > >> I'm happy to help review proposals if required.
> > > > >>
> > > > >> -tim
> > > > >>
> > > > >> On Wed, Dec 19, 2018 at 12:35 PM Gabriel Beims Bräscher <
> > > > >> gabrasc...@gmail.com> wrote:
> > > > >>
> > > > >> > Hi Rafael,
> > > > >> >
> > > > >> > I am available to help, count on me!
> > > > >> > I have one question. Can anyone (one that is not a
> > > PMC/Committer)
> > > > >> help to
> > > > >> > review presentations?
> > > > >> >
> > > > >> > The divisions for the CFP looks good, adding security
> aspects
> > as
> > > > >> Ricardo
> > > > >> > Makino proposed is also interesting.
> > > > >> >
> > > > >> > Regards,
> > > > >> > Gabriel.
> > > > >> >
> > > > >> > Em qua, 19 de dez de 2018 às 11:12, Cristian Latapiat <
> > > > >> latap...@gmail.com>
> > > > >> > escreveu:
> > > > >> >
> > > > >> > > Hi Rafael ,
> > > > >> > >
> > > > >> > > I am, therefore, available to collaborate and to help you
> in
> > > > >> everything
> > > > >> > > that may be necessary.
> > > > >> > >
> > > > >> > > Regards,
> > > > >> > >
> > > > >> > > Cristian
> > > > >> > >
> > > > >> > > Em seg, 17 de dez de 2018 às 18:49, Rafael Weingärtner <
> > > > >> > > rafaelweingart...@gmail.com> escreveu:
> > > > >> > >
> > > > >> > > > Hey guys,
> > > > >> > > >
> > > > >> > > > Have you guys had time to read through this e-mail? Are
> > > there
> > > > >> > volunteers
> > > > >> > > to
> > > > >> > > > help us make CCC happen in Brazil? We need to provide
> them
> > > the
> > > > >> topics
> > > > >> > of
> > > > >> > > > tracks that we will be participating until 21/12/2018.
> > > > >> > > >
> > > > >> > > > On Thu, Dec 13, 2018 at 7:11 PM Rafael Weingärtner <
> > > > >> > > > rafaelweingart...@gmail.com> wrote:
> > > > >> > > >
> > > > >> > > > > Hello CloudStackers,
> > > > >> > > > >
> > > > >> > > > > I had a few meetings with the TDC folks, and we seem
> to
> > be
> > > > >> moving on.
> > > > >> > > > They
> > > > >> > > > > have a slightly different organization than ApacheCon
> > > > though.
> > > > >> > > Therefore,
> > > > >> > > > we
> > > > >> > > > > were asked to provide them with some “track topics”
> that
> > > fit
> > > > >> in the
> > > > >> > > area
> > > > >> > > > of
> > > > >> > > > > Cloud Computing. Then, we could direct presentations
> to
> > > one
> > > > >> of these
> > > > >> > > > > tracks. The idea is that the international tracks (the
> > > ones
> > > > >> that will
> > > > >> > > be
> > > > >> > > > in
> > > > >> > > > > English) will not be parallelized to enable the
> audience
> > > to
> > > > >> attend
> > > > >> > all
> > > > >> > > of
> > > > >> > > > > them (this means, one for each day). Also, the tracks
> > will
> > > > >> receive
> > > > >> > > > > presentations from other people that are not in our
> > > bubble,
> > &g

Re: CloudStack Collab in Brazil

2018-12-18 Thread Tutkowski, Mike 
Hi Rafael,

The divisions you listed for the CFP make good sense to me. :)

Unless we have feedback from others here, let’s use what you have. It seems the 
deadline to provide these is coming quickly.

Thanks for all your work here, Rafael!
Mike



From: Rafael Weingärtner 
Sent: Tuesday, December 18, 2018 3:58 AM
To: users
Cc: d...@cloudstack.apache.org
Subject: Re: CloudStack Collab in Brazil

NetApp Security WARNING: This is an external email. Do not click links or open 
attachments unless you recognize the sender and know the content is safe.




Awesome, thanks Mike.
As the current VP, your participation is very important :)

Also, what do you think about the topics to address at the conference? Do
you have some suggestions?

On Mon, Dec 17, 2018 at 8:50 PM Tutkowski, Mike 
wrote:

> I can help out with the CFP (looking through and helping to select
> presentations).
>
>
> 
> From: Rafael Weingärtner 
> Sent: Monday, December 17, 2018 1:49 PM
> To: users
> Cc: d...@cloudstack.apache.org
> Subject: Re: CloudStack Collab in Brazil
>
> NetApp Security WARNING: This is an external email. Do not click links or
> open attachments unless you recognize the sender and know the content is
> safe.
>
>
>
>
> Hey guys,
>
> Have you guys had time to read through this e-mail? Are there volunteers to
> help us make CCC happen in Brazil? We need to provide them the topics of
> tracks that we will be participating until 21/12/2018.
>
> On Thu, Dec 13, 2018 at 7:11 PM Rafael Weingärtner <
> rafaelweingart...@gmail.com> wrote:
>
> > Hello CloudStackers,
> >
> > I had a few meetings with the TDC folks, and we seem to be moving on.
> They
> > have a slightly different organization than ApacheCon though. Therefore,
> we
> > were asked to provide them with some “track topics” that fit in the area
> of
> > Cloud Computing. Then, we could direct presentations to one of these
> > tracks. The idea is that the international tracks (the ones that will be
> in
> > English) will not be parallelized to enable the audience to attend all of
> > them (this means, one for each day). Also, the tracks will receive
> > presentations from other people that are not in our bubble, and this is
> > great (at least I found this awesome), because different people with
> > different backgrounds would come together on the same track, which in
> turn
> > means, people that might not know ACS would have the opportunity not just
> > to meet the solution, but also the people behind it.
> >
> > So, this is what I have in mind:
> >
> > - Cloud computing (area/topic)
> > - cloud orchestration -- this would be the track where topics
> > regarding features, and cloud orchestration systems (e.g. CloudStack)
> > design and structure would be presented
> > - DevOps -- track for presentations that address the day-to-day of
> > CloudStack (or OpenStack) developers and the daily life of operators with
> > tasks such as debugging and troubleshooting
> > - tests -- track for discussing the Q process and testing methods
> > for clouds
> > - cloud open source ecosystem -- track focusing on the cloud
> > ecosystem, where people can address things relating the job market,
> > business opportunities, and the management process of highly
> heterogeneous
> > and distributed communities in OpenSource (such as CloudStack)
> >
> >
> > What do you guys think of these divisions for the CFP?
> > Also, we might need help to review and select presentation proposals.
> > Would some of you guys be willing to help on this process?
> >
> > And last, but not least, it would be awesome if companies linked to ACS
> > are interested to be the sponsors of tracks or the event. They have sent
> me
> > the brochure and sponsorship prospects from 2018 so we can get to know
> > better the conference [1]. The attendance report and prospectus are in
> > English, and for instance, in 2018 the TDC event in Florianopolis (where
> we
> > are proposing to have CCC in 2019) received about 4000 people. The
> > sponsorship prospectus for 2019 events is being prepared, and I guess if
> > there are interested parties on this, you can reach them directly, or if
> > you have some problems to do that, I can help you guys as well.
> >
> > [1]
> >
> https://www.dropbox.com/sh/53ujp2usf402dlj/AAA1a2jZPddGcAT8ZosRiGCAa?dl=0
> >
> > On Wed, Oct 24, 2018 at 8:16 PM Tutkowski, Mike <
> mike.tutkow...@netapp.com>
> > wrote:
> >
> >> Thanks, Rafael!
> >>
> >> The dates work for me.
> >>
>

Re: CloudStack Collab in Brazil

2018-12-17 Thread Tutkowski, Mike 
I can help out with the CFP (looking through and helping to select 
presentations).



From: Rafael Weingärtner 
Sent: Monday, December 17, 2018 1:49 PM
To: users
Cc: d...@cloudstack.apache.org
Subject: Re: CloudStack Collab in Brazil

NetApp Security WARNING: This is an external email. Do not click links or open 
attachments unless you recognize the sender and know the content is safe.




Hey guys,

Have you guys had time to read through this e-mail? Are there volunteers to
help us make CCC happen in Brazil? We need to provide them the topics of
tracks that we will be participating until 21/12/2018.

On Thu, Dec 13, 2018 at 7:11 PM Rafael Weingärtner <
rafaelweingart...@gmail.com> wrote:

> Hello CloudStackers,
>
> I had a few meetings with the TDC folks, and we seem to be moving on. They
> have a slightly different organization than ApacheCon though. Therefore, we
> were asked to provide them with some “track topics” that fit in the area of
> Cloud Computing. Then, we could direct presentations to one of these
> tracks. The idea is that the international tracks (the ones that will be in
> English) will not be parallelized to enable the audience to attend all of
> them (this means, one for each day). Also, the tracks will receive
> presentations from other people that are not in our bubble, and this is
> great (at least I found this awesome), because different people with
> different backgrounds would come together on the same track, which in turn
> means, people that might not know ACS would have the opportunity not just
> to meet the solution, but also the people behind it.
>
> So, this is what I have in mind:
>
> - Cloud computing (area/topic)
> - cloud orchestration -- this would be the track where topics
> regarding features, and cloud orchestration systems (e.g. CloudStack)
> design and structure would be presented
> - DevOps -- track for presentations that address the day-to-day of
> CloudStack (or OpenStack) developers and the daily life of operators with
> tasks such as debugging and troubleshooting
> - tests -- track for discussing the Q process and testing methods
> for clouds
> - cloud open source ecosystem -- track focusing on the cloud
> ecosystem, where people can address things relating the job market,
> business opportunities, and the management process of highly heterogeneous
> and distributed communities in OpenSource (such as CloudStack)
>
>
> What do you guys think of these divisions for the CFP?
> Also, we might need help to review and select presentation proposals.
> Would some of you guys be willing to help on this process?
>
> And last, but not least, it would be awesome if companies linked to ACS
> are interested to be the sponsors of tracks or the event. They have sent me
> the brochure and sponsorship prospects from 2018 so we can get to know
> better the conference [1]. The attendance report and prospectus are in
> English, and for instance, in 2018 the TDC event in Florianopolis (where we
> are proposing to have CCC in 2019) received about 4000 people. The
> sponsorship prospectus for 2019 events is being prepared, and I guess if
> there are interested parties on this, you can reach them directly, or if
> you have some problems to do that, I can help you guys as well.
>
> [1]
> https://www.dropbox.com/sh/53ujp2usf402dlj/AAA1a2jZPddGcAT8ZosRiGCAa?dl=0
>
> On Wed, Oct 24, 2018 at 8:16 PM Tutkowski, Mike 
> wrote:
>
>> Thanks, Rafael!
>>
>> The dates work for me.
>>
>> Get Outlook for iOS<https://aka.ms/o0ukef>
>> 
>> From: Rafael Weingärtner 
>> Sent: Wednesday, October 24, 2018 5:02:14 PM
>> To: users
>> Cc: dev
>> Subject: Re: CloudStack Collab in Brazil
>>
>> NetApp Security WARNING: This is an external email. Do not click links or
>> open attachments unless you recognize the sender and know the content is
>> safe.
>>
>>
>>
>>
>> Yes, they already have a date set. It should be 23 - 27 April, 2019.
>> I should be talking with them again this week to check what we need to
>> move
>> thing forward.
>>
>> What do you guys think about these dates?
>>
>> On Mon, Oct 22, 2018 at 5:07 PM Tutkowski, Mike <
>> mike.tutkow...@netapp.com>
>> wrote:
>>
>> > Hi Rafael,
>> >
>> > Do you have a specific date in mind for CCC Brazil? It sounds like, in
>> > general, we are looking at April.
>> >
>> > Thanks!
>> > Mike
>> >
>> > On 10/1/18, 12:51 PM, "Rafael Weingärtner" > >
>> > wrote:
>> >
>> > NetApp Security WARNING: This is an external email. Do not

Videos from September CCC Montreal now live

2018-12-06 Thread Tutkowski, Mike 
Hi everyone,

Just an FYI that the videos from the CloudStack Collaboration Conference that 
took place in Montreal last September are available here: 
https://www.youtube.com/playlist?list=PLW7vgBNPiQhkJOwgkEw1bEc4IGDXnkzs7

Thanks to ShapeBlue for recording the presentations!
Mike

  1   2   >