Re: IP address to use for consoleproxy.url.domain

[Stephan Seitz]

Hi,

the parameter "consoleproxy.url.domain" cannot be set to an IP address, because 
CloudStack picks the IP address(es) of the ConsoleProxy (Proxies) from the 
given Pool by itself.
Even if you might have success to set an IP via an SQL statement, this will 
definitely break things at least when a second ConsoleProxy spawns.

The parameter should be set to "*.SOME.DOMAIN.TLD" where the "*" is expanded to 
the IPv4 address of the respective ConsoleProxy (Octet1-Octet2-Octet3-Octet4).
This is necessary to get SSL trust via a wildcard-certficate covering 
"*.SOME.DOMAIN.TLD".

In my opinion, I'ld setup SSL especially in QA since it fails easily and I'ld 
want to see it fail in QA instead of PROD ... :)


> Daniel Augusto Veronezi Salvador  hat am 04.10.2022 
> 03:50 CEST geschrieben:
> 
>  
> Hallo Aufgabe,
> 
> We experienced a similar situation while deploying our testing laboratory 
> (QA).
> 
> The configuration 'consoleproxy.url.domain' must be a value that would allow 
> the console to connect with the Management Servers. As we did not want a 
> domain for our QA and would just access it via IP, we set the MS IP as the 
> configuration value. However, for this configuration ACS requires a value 
> that matches a domain ('something.any'); therefore, to set the IP to the 
> configuration you will have to manually intervene in the database:
> 
> UPDATE  cloud.configuration
> SET value = ''
> WHERE   name = 'consoleproxy.url.domain';
> 
> If you have a load balancer configured, you would also have to redirect 
> '/resource/' requests to the CPVM "public IP" (if you are emulating the 
> public IP range).
> 
> We are working on a patch that will allow operators to define an IP address 
> for this configuration. As soon we open the PR, we notify you.
> 
> Best regards,
> Daniel Salvador
> 
> On 03/10/2022 16:58, Aufgabe Zwei wrote:
> > Hello,
> >
> > I have finally been able to setup cloudstack on Ubuntu 20.04, single host.
> > I am able to ping the system vm's and my created vm instance.
> >
> > My problem is that I cannot ssh into the vm instance. I see that I should
> > be able to login using the console proxy url but I am not sure which IP
> > address the domain should point to.
> >
> > For what it's worth, I'm currently working on a private cloud setup for
> > testing before I change to public setup later
> >
> > Thanks in advance.
> >

--
Stephan Seitz
Planufer 92a, 10967 Berlin, Germany
Mobile: +49 (0) 151 458 414 45

Re: Multiple RADOS monitor IPs to add RBD Primary Storage

[Stephan Seitz]

The last time i've looked up this issue, it was proposed to use
DNS round-robin, aka add every monitor-IP as A-Record to your monitor-
alias and refer to it by name.

Not, that I like that solution, since it adds up another dependency to
DNS, but that's how we run it since a few years ;)

And no, AFAIK multiple IP's are not supported.


Am Sonntag, dem 31.07.2022 um 18:10 +0600 schrieb Nazmul Parvej:
> Hi There,
> 
> I am using ACSv4.17
> 
> I added my primary storage using a single mon IP to attach the RBD
> pool. My
> questions are following.
> 
> 1. How to add multiple RADOS monitor IPs to add RBD Primary Storage?
> 
> 2. Is there any way to add multiple RADOS monitor IPs to Existingly
> added
> RBD Primary Storage which was a single RADOS monitor IP?
> 
> 
> Yours sincerely,
> 
> 
> Nazmul Parvej
> Deputy Manager, Product Development
> IT Division
> 
> Bangladesh Export Import Company Ltd.
> 
> Level-9, SAM Tower, Plot #4, Road #22, Gulshan-1, Dhaka-
> 1212,Bangladesh
> 
> Tel: +880 9609 000 999, +880 2 5881 5559, Ext: 14193, Fax:  +880 2
> 
> 95757
> 
> Cell: +8801787680841, Email: nazmul.par...@bol-online.com, Web:
> www.bol-online.com

AW: Very slow SSL-enabled console proxy

[Stephan Seitz]

You coul check inside the CPVM via
sysctl ‎kernel.random.entropy_avail

That value should never drop to zero. Keep in mind that a single peek wont give 
you the picture. You have to check that a few times‎ during ssl handshakes 
taking place.

Alternatively,, you could apt-get install haveged without checking. That daemon 
wont take much re,ssources.

Gesendet von meinem BlackBerry 10-Smartphone.
  Originalnachricht  
Von: Fariborz Navidan
Gesendet: Montag, 10. September 2018 08:44
An: users@cloudstack.apache.org
Antwort an: users@cloudstack.apache.org
Betreff: Re: Very slow SSL-enabled console proxy



> Fariborz Navidan  hat am 10. September 2018 um 08:44 
> geschrieben:
>
>
> Please provide me commands to run on CPVM to check this.
>
> Thanks
>
> On Mon, Sep 10, 2018 at 11:00 AM Stephan Seitz  wrote:
>
> >
> > I'ld check the available entropy inside the console proxy vm. If the
> > entropy pool is running low, you could install haveged as a gathering
> > daemon.
> >
> >
> >
> > � Originalnachricht �
> > Von: Fariborz Navidan
> > Gesendet: Montag, 10. September 2018 08:14
> > An: users@cloudstack.apache.org
> > Antwort an: users@cloudstack.apache.org
> > Betreff: RE: Very slow SSL-enabled console proxy
> >
> >
> >
> > > Fariborz Navidan  hat am 10. September 2018 um
> > 08:13 geschrieben:
> > >
> > >
> > > Hello,
> > >
> > > It cannot be due to server load because it is fresh cloudstack
> > installation and no one connects to console. It is something regarding SSL
> > connection.
> > >
> > > Regards.
> > >
> > > Sent from Mail for Windows 10
> > >
> > > From: Ivan Kudryavtsev
> > > Sent: Monday, September 10, 2018 4:22 AM
> > > To: users
> > > Subject: Re: Very slow SSL-enabled console proxy
> > >
> > > Hello, Fariborz.
> > >
> > > You can try to create a service offering for CPVM and set its UUID in
> > > global vars, but usually it works fine by default.
> > >
> > > пн, 10 сент. 2018 г., 4:17 Fariborz Navidan :
> > >
> > > > Hello folks,
> > > >
> > > > After enabling console proxy SSL, it is very slow, It takes to long to
> > > > establish https session. What can be the cause? Please help.
> > > >
> > > > Best Regards
> > > >
> > >
> >

AW: Very slow SSL-enabled console proxy

[Stephan Seitz]

I'ld check the available entropy inside the console proxy vm. If the entropy 
pool is running low, you could install haveged as a gathering daemon.



� Originalnachricht �
Von: Fariborz Navidan
Gesendet: Montag, 10. September 2018 08:14
An: users@cloudstack.apache.org
Antwort an: users@cloudstack.apache.org
Betreff: RE: Very slow SSL-enabled console proxy



> Fariborz Navidan  hat am 10. September 2018 um 08:13 
> geschrieben:
>
>
> Hello,
>
> It cannot be due to server load because it is fresh cloudstack installation 
> and no one connects to console. It is something regarding SSL connection.
>
> Regards.
>
> Sent from Mail for Windows 10
>
> From: Ivan Kudryavtsev
> Sent: Monday, September 10, 2018 4:22 AM
> To: users
> Subject: Re: Very slow SSL-enabled console proxy
>
> Hello, Fariborz.
>
> You can try to create a service offering for CPVM and set its UUID in
> global vars, but usually it works fine by default.
>
> пн, 10 сент. 2018 г., 4:17 Fariborz Navidan :
>
> > Hello folks,
> >
> > After enabling console proxy SSL, it is very slow, It takes to long to
> > establish https session. What can be the cause? Please help.
> >
> > Best Regards
> >
>

Re: _configDao.isPremium() please help where this information comes from.

[Stephan Seitz]

Thanks for your feedback! Do you know how to build the systemvmtemplate w/ 
noredist? I didn't find
anything regarding that in tools/appliance, also cwiki keeps quiet about that.

Thanks!

Stepnan

Am Dienstag, den 10.07.2018, 07:38 -0700 schrieb Frank Maximus:
> That setting is part of a property file of
> cloudstack-plugin-hypervisor-vmware.
> Most likely you are using a system build with noredist.
> In that case you also need a systemvm build that way.
> 
> Kind Regards,
> Frank
> 
> On Tue, Jul 10, 2018 at 12:16 PM Stephan Seitz 
> wrote:
> 
> > 
> > Hi there,
> > 
> > Upgrading 4.11.0 to 4.11.1 we found an interesting problem in our (well
> > played) staging infrastructure.
> > 
> > During SSVN provisioning, a somewhat "premium" configuration is detected
> > (well we're using noredist since ... ever?).
> > So the SSVM is configured with
> >   resource=com.cloud.storage.resource.PremiumSecondaryStorageResource
> > instead of
> > 
> > resource=org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource
> > 
> > In fact this particular setup always used (and should further use) simple
> > NFS as Secondary Storage.
> > 
> > Sorry, but I can't find the real source
> > of com.cloud.configuration.dao.ConfigurationDao#isPremium() and how to set
> > this to false.
> > 
> > If anyone could shed some light?
> > 
> > 
> > Thank You!
> > 
> > 
> > 
> > 
> > Mit freundlichen Grüßen,
> > 
> > Stephan Seitz
> > 
> > 
> > --
> > Heinlein Support GmbH
> > Schwedter Str. 8/9b, 10119 Berlin
> > 
> > https://www.heinlein-support.de
> > 
> > Tel: 030 / 405051-44
> > Fax: 030 / 405051-19
> > 
> > Amtsgericht Berlin-Charlottenburg - HRB 93818 B
> > Geschäftsführer: Peer Heinlein - Sitz: Berlin
> > 
> > 
Mit freundlichen Grüßen,

Stephan Seitz


--
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

https://www.heinlein-support.de

Tel: 030 / 405051-44
Fax: 030 / 405051-19

Amtsgericht Berlin-Charlottenburg - HRB 93818 B
Geschäftsführer: Peer Heinlein - Sitz: Berlin



signature.asc
Description: This is a digitally signed message part

_configDao.isPremium() please help where this information comes from.

[Stephan Seitz]

Hi there,

Upgrading 4.11.0 to 4.11.1 we found an interesting problem in our (well played) 
staging infrastructure.

During SSVN provisioning, a somewhat "premium" configuration is detected (well 
we're using noredist since ... ever?).
So the SSVM is configured with
  resource=com.cloud.storage.resource.PremiumSecondaryStorageResource
instead of
  resource=org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource

In fact this particular setup always used (and should further use) simple NFS 
as Secondary Storage.

Sorry, but I can't find the real source of 
com.cloud.configuration.dao.ConfigurationDao#isPremium() and how to set this to 
false.

If anyone could shed some light?


Thank You!




Mit freundlichen Grüßen,

Stephan Seitz


--
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

https://www.heinlein-support.de

Tel: 030 / 405051-44
Fax: 030 / 405051-19

Amtsgericht Berlin-Charlottenburg - HRB 93818 B
Geschäftsführer: Peer Heinlein - Sitz: Berlin



signature.asc
Description: This is a digitally signed message part

Re: Unable to get a storage network ip addess

[Stephan Seitz]

Ok, seens like op_dc_storage_network_ip_address didn't clean up.

I've checked every historically used ip in there and subsequently 
update op_dc_storage_network_ip_address set taken = NULL where ip_address = 
"double_check_storage_network_ip_that_is_definitely_unused";


now I've got my SSVM deployed (well at least running).

But hey, building noredist did obviously some harm to the systemvmtemplate. It 
now complains inside the SSVM about 

 ERROR [cloud.agent.AgentShell] (main:null) Unable to start agent: Resource 
class not found: com.cloud.storage.resource.PremiumSecondaryStorageResource due 
to: java.lang.ClassNotFoundException:
com.cloud.storage.resource.PremiumSecondaryStorageResource

Looks like that class is only referenced around VMware (which we don't use).

If anyone has a quick solution, that'ld be great.




Am Montag, den 09.07.2018, 10:05 +0200 schrieb Stephan Seitz:
> Hi!
> 
> This weekend, I;ve learned that (running xenserver 6.5sp1) the 
> systemvmtemplate needs to be exactly "Debian 7 64bit" and *not*  "(or the 
> highest Debian release number available in the dropdown)".
> If using a higher OS, the VM boots but is unable to setup any networking 
> which renders the systemvm quite useless.
> 
> After some debugging (and re-spawning multiple hundreds of secondary storage 
> vms) and fixing that issue, I'm now gotting that problem:
> 
> 2018-07-09 00:00:16,440 INFO  [c.c.v.VirtualMachineManagerImpl] 
> (Work-Job-Executor-108:ctx-eab36b57 job-16295/job-17398 ctx-a161f2a3) 
> (logid:85ed43
> b3) Insufficient capacity 
> com.cloud.exception.InsufficientAddressCapacityException: Unable to get a 
> storage network ip addressScope=interface com.cloud.dc.Pod; id=1
> at 
> com.cloud.network.guru.StorageNetworkGuru.reserve(StorageNetworkGuru.java:130)
> at 
> org.apache.cloudstack.engine.orchestration.NetworkOrchestrator.prepareNic(NetworkOrchestrator.java:1594)
> at 
> org.apache.cloudstack.engine.orchestration.NetworkOrchestrator.prepare(NetworkOrchestrator.java:1565)
> at 
> com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:)
> at 
> com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:4930)
> at sun.reflect.GeneratedMethodAccessor271.invoke(Unknown Source)
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at 
> com.cloud.vm.VmWorkJobHandlerProxy.handleVmWorkJob(VmWorkJobHandlerProxy.java:107)
> at 
> com.cloud.vm.VirtualMachineManagerImpl.handleVmWorkJob(VirtualMachineManagerImpl.java:5093)
> at 
> com.cloud.vm.VmWorkJobDispatcher.runJob(VmWorkJobDispatcher.java:102)
> at 
> org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:581)
> at 
> org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
> at 
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
> at 
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
> at 
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
> at 
> org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
> at 
> org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:529)
> at 
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> 
> in fact, there's not one single secondary storage vm running or barely 
> existing, and I can't find the obviously occupied ips of the storage network 
> in the db.
> 
> could someone please shed some light, where that ip occupation is stored? I'm 
> quite sure that I can clean that up.
> 
> 
> Thanks in advance!
> 
> 
> 
> 
> Mit freundlichen Grüßen,
> 
> Stephan Seitz
> 
> 
> --
> Heinlein Support GmbH
> Schwedter Str. 8/9b, 10119 Berlin
> 
> https://www.heinlein-support.de
> 
> Tel: 030 / 405051-44
> Fax: 030 / 405051-19
> 
> Amtsgericht Berlin-Charlottenburg - HRB 93818 B
> Geschäftsführer: Peer Heinlein - Sitz: Berlin
> 
Mit freundlichen Grüßen,

St

Unable to get a storage network ip addess

[Stephan Seitz]

Hi!

This weekend, I;ve learned that (running xenserver 6.5sp1) the systemvmtemplate 
needs to be exactly "Debian 7 64bit" and *not*  "(or the highest Debian release 
number available in the dropdown)".
If using a higher OS, the VM boots but is unable to setup any networking which 
renders the systemvm quite useless.

After some debugging (and re-spawning multiple hundreds of secondary storage 
vms) and fixing that issue, I'm now gotting that problem:

2018-07-09 00:00:16,440 INFO  [c.c.v.VirtualMachineManagerImpl] 
(Work-Job-Executor-108:ctx-eab36b57 job-16295/job-17398 ctx-a161f2a3) 
(logid:85ed43
b3) Insufficient capacity 
com.cloud.exception.InsufficientAddressCapacityException: Unable to get a 
storage network ip addressScope=interface com.cloud.dc.Pod; id=1
at 
com.cloud.network.guru.StorageNetworkGuru.reserve(StorageNetworkGuru.java:130)
at 
org.apache.cloudstack.engine.orchestration.NetworkOrchestrator.prepareNic(NetworkOrchestrator.java:1594)
at 
org.apache.cloudstack.engine.orchestration.NetworkOrchestrator.prepare(NetworkOrchestrator.java:1565)
at 
com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:)
at 
com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:4930)
at sun.reflect.GeneratedMethodAccessor271.invoke(Unknown Source)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at 
com.cloud.vm.VmWorkJobHandlerProxy.handleVmWorkJob(VmWorkJobHandlerProxy.java:107)
at 
com.cloud.vm.VirtualMachineManagerImpl.handleVmWorkJob(VirtualMachineManagerImpl.java:5093)
at com.cloud.vm.VmWorkJobDispatcher.runJob(VmWorkJobDispatcher.java:102)
at 
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:581)
at 
org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
at 
org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
at 
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
at 
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
at 
org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
at 
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:529)
at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)

in fact, there's not one single secondary storage vm running or barely 
existing, and I can't find the obviously occupied ips of the storage network in 
the db.

could someone please shed some light, where that ip occupation is stored? I'm 
quite sure that I can clean that up.


Thanks in advance!




Mit freundlichen Grüßen,

Stephan Seitz


--
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

https://www.heinlein-support.de

Tel: 030 / 405051-44
Fax: 030 / 405051-19

Amtsgericht Berlin-Charlottenburg - HRB 93818 B
Geschäftsführer: Peer Heinlein - Sitz: Berlin



signature.asc
Description: This is a digitally signed message part

Re: Current cloudstack prebuilt images wrong VR address

[Stephan Seitz]

Hi!

AFAIK, the password reset script always tries to connect to TCP/8080 on the
server that offered the dhcp lease. Which usually is the default gateway.
If you're running an isolated network with redundant VR, there was an iptables
rule on the VR blocking the host-IP, so that the request couldn't succeed.

That issue [1] has recently been fixed for 4.11.1.0.


[1] https://github.com/apache/cloudstack/issues/2544


cheers,

- Stephan



Am Montag, den 25.06.2018, 19:08 +0700 schrieb Ivan Kudryavtsev:
> Hello, Devs, Users.
> 
> Today I tried to deploy prebuilt centos image from
> 
> http://dl.openvm.eu/cloudstack/centos/
> 
> Previously I already used that images, so I just registered it and created
> VM. Unfortunately, I found that cloud-init tries network GW as a source for
> metadata when VM starts (to get the password, etc.). So, It doesn't use VR
> to get information but attempts to fetch it from the network default GW.
> So, It fails.
> 
> Next, I downloaded CentOS template which I have used for a year (also from
> http://dl.openvm.eu/cloudstack/centos/), created VM and it works nice. It
> fetches password and other information from correct VR endpoint.
> 
> I suppose there is the error in the current CentOS template. Maybe, someone
> who has built them assumes that default GW is always VR which it may be
> true sometimes (advanced zones, I suppose), but not in general (I use Basic
> Zone).
> 
> Have a good day.
> 
> 
> 
Mit freundlichen Grüßen,

Stephan Seitz

--

Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

http://www.heinlein-support.de

Tel: 030 / 405051-44
Fax: 030 / 405051-19

Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht
Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin




signature.asc
Description: This is a digitally signed message part

Interesting behaviour with OS Type CentOS / RAM over commitment / dynamic scalability

[Stephan Seitz]

Hey,

just FYI.

Hypervisor: Xenserver 6.5 / latest Patches
VM: From Template "[x] Dynamic scalable" OS Type [Centos] - Inside a 
cloud-prepared Centos 7.0 plain.
Offering: 4GB RAM (XenServer itself sets dynamic-min and dynamic-max to 4G, 
static-max to around 12G - which is intentional)

As of Centos 7.0 running, the VM shows:

[root@prometheus ~]# free -g
  totalusedfree  shared  buff/cache   available
Mem:  3   0   1   0   1   2
Swap: 1   0   1

After a plain "yum update -y && reboot", this changes to:


root@prometheus ~]# free -g
  totalusedfree  shared  buff/cache   available
Mem: 12   0  12   0   0  12
Swap: 1   0   1


So now, the machine looks like it could consume up to 12 G... well, the mtrr 
maxes out at 4G.

If one tries to consume more than the original 4G, XenServer (and subsequently 
Cloudstack) looses the machine to a Xen OOM. It shuts down (the hard way).


To mitigate that, powering off, changing the OS Type to Centos 7.2 and starting 
up again fixes that issue.

So again:

vmadmin@prometheus ~]$ free -g
  totalusedfree  shared  buff/cache   available
Mem:  3   0   3   0   0   3
Swap: 1   0   1


We double checked that issue on two diferent clusters with the very same 
result, but didn't dug too deep into kernelspace to find a reason.
By now, we're happy to solve that by just changing the OS Type.



Mit freundlichen Grüßen,

Stephan Seitz

--

Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

http://www.heinlein-support.de

Tel: 030 / 405051-44
Fax: 030 / 405051-19

Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht
Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin




signature.asc
Description: This is a digitally signed message part

Re: DB Communication Link Failure

[Stephan Seitz]

Hi!

there's also a --auto-repair switch that could be added to mysqlcheck 
--all-databases.

But to be honest, you can't guarantee the content will match. So references to
other tablefields might not match afterwards (well, i expect these references 
don't match right now either)

As far as your resultset shows, the corruption "only" happened to the 
index-space so your data
"could" be fine.

Normally, I'ld suggest to revert to a backup, but as this question has been 
around for a few days here,
I assume your last uncorrupted backup could be far too old.



Am Montag, den 18.06.2018, 11:56 + schrieb Nicolas Bouige:
> Hi Stephan,
> 
> 
> thanks for the command, i could spot which tables is corrupted :
> 
> 
> cloud.event
> Warning  : InnoDB: Index 'i_event__created' contains 548 entries, should be 
> 542.
> Warning  : InnoDB: Index 'i_event__user_id' contains 547 entries, should be 
> 542.
> Warning  : InnoDB: Index 'i_event__account_id' contains 547 entries, should 
> be 542.
> Warning  : InnoDB: Index 'i_event__level_id' contains 547 entries, should be 
> 542.
> Warning  : InnoDB: Index 'i_event__type_id' contains 548 entries, should be 
> 542.
> error: Corrupt
> 
> Now, i supposed i have to delete the entries
> 
> Nicolas Bouige
> DIMSI
> cloud.dimsi.fr<http://www.cloud.dimsi.fr>
> 4, avenue Laurent Cely
> Tour d’Asnière – 92600 Asnière sur Seine
> T/ +33 (0)6 28 98 53 40
> 
> 
> 
> De : Stephan Seitz 
> Envoyé : lundi 18 juin 2018 13:30:43
> À : users@cloudstack.apache.org
> Objet : Re: DB Communication Link Failure
> 
> Hi!
> 
> This sound's like a corrupted database table. It's not that unusual mysqld are
> restarting after a query reqeuests values from a corrupted table space. That
> behaviour subsequently results in aborted connections.
> 
> I'ld double check database consistency. The easist way to check against
> (at least physical) corruption should be mysqlcheckk --all-databases
> 
> cheers,
> 
> Stephan
> 
> 
> Am Montag, den 18.06.2018, 12:47 +0200 schrieb Rafael Weingärtner:
> > 
> > Your timeout configuration seems fine. There must be something wrong in
> > your network. Or maybe in your MySQL service; as you said, it is restarting
> > when you run commands against it. Therefore, it might be better to
> > eliminate these issues first.
> > 
> > On Mon, Jun 18, 2018 at 11:56 AM, Nicolas Bouige  wrote:
> > 
> > > 
> > > 
> > > Hello Dag,
> > > 
> > > Im not trying to do a multi-master setup, just recover my DB :/
> > > I have installed  a second node and connect it to the DB and it's not
> > > possible to connect to the database server automatically (but manually
> > > yes..)
> > > On the first node at each sql query sent, the service mysql restart on db
> > > server...
> > > 
> > > 
> > > @Rafael, the timeout value is 28800
> > > 
> > > 
> > > mysql> SHOW VARIABLES LIKE 'wait_timeout';
> > > +---+---+
> > > > 
> > > > 
> > > > Variable_name | Value |
> > > +---+---+
> > > > 
> > > > 
> > > > wait_timeout  | 28800 |
> > > +---+---+
> > > 
> > > Best regards,
> > > 
> > > 
> > > Nicolas Bouige
> > > DIMSI
> > > cloud.dimsi.fr<http://www.cloud.dimsi.fr>
> > > 4, avenue Laurent Cely
> > > Tour d’Asnière – 92600 Asnière sur Seine
> > > T/ +33 (0)6 28 98 53 40
> > > 
> > > 
> > > 
> > > De : Dag Sonstebo 
> > > Envoyé : jeudi 14 juin 2018 10:32:13
> > > À : users@cloudstack.apache.org
> > > Objet : Re: DB Communication Link Failure
> > > 
> > > What Rafael said…
> > > 
> > > In addition – can you confirm you aren’t trying something like a
> > > multi-master MySQL setup? I have seen this cause similar issues.
> > > 
> > > Regards,
> > > Dag Sonstebo
> > > Cloud Architect
> > > ShapeBlue
> > > 
> > > On 13/06/2018, 18:44, "Rafael Weingärtner" 
> > > wrote:
> > > 
> > > In this case, I would say that you might be either having some problem
> > > in
> > > your network, or maybe some timeout in the mysql server.
> > > Can you check the following variable?
> > > >
> > > > show variables like "%timeout%";
> > > >
> > > 

Re: DB Communication Link Failure

[Stephan Seitz]

 > > > ... 78 more
> > > >
> > > >
> > > >
> > > > We were able to connect to the GUI during 30 min with same kind of
> > > > errors each time we tried to start an instance or VR…and it’s now
> > > > impossible to connect to the GUI.
> > > >
> > > > Seems to be a problem with the rollback transaction but i dont know
> > > > how to deal with it except  wait they finish their jobs
> > > >
> > > > Here log from mysqld.log :
> > > >
> > > > he manual page at http://dev.mysql.com/doc/mysql/en/crashing.html
> > > > contains information that should help you find out what is causing
> > the
> > > crash.
> > > > 180613 14:24:19 mysqld_safe Number of processes running now: 0
> > > > 180613 14:24:19 mysqld_safe mysqld restarted
> > > > 2018-06-13 14:24:19 0 [Warning] TIMESTAMP with implicit DEFAULT
> > value
> > > > is deprecated. Please use --explici
> > > > 2018-06-13 14:24:19 0 [Note] /usr/sbin/mysqld (mysqld 5.6.39)
> > starting
> > > > as process 15999 ...
> > > > 2018-06-13 14:24:19 15999 [Warning] Buffered warning: Changed
> > limits:
> > > > max_open_files: 1024 (requested 500
> > > >
> > > > 2018-06-13 14:24:19 15999 [Warning] Buffered warning: Changed
> > limits:
> > > > table_open_cache: 431 (requested 20
> > > >
> > > > 2018-06-13 14:24:19 15999 [Note] Plugin 'FEDERATED' is disabled.
> > > > 2018-06-13 14:24:19 15999 [Note] InnoDB: Using atomics to ref count
> > > > buffer pool pages
> > > > 2018-06-13 14:24:19 15999 [Note] InnoDB: The InnoDB memory heap is
> > > > disabled
> > > > 2018-06-13 14:24:19 15999 [Note] InnoDB: Mutexes and rw_locks use
> > GCC
> > > > atomic builtins
> > > > 2018-06-13 14:24:19 15999 [Note] InnoDB: Memory barrier is not used
> > > > 2018-06-13 14:24:19 15999 [Note] InnoDB: Compressed tables use zlib
> > > > 1.2.3
> > > > 2018-06-13 14:24:19 15999 [Note] InnoDB: Using Linux native AIO
> > > > 2018-06-13 14:24:19 15999 [Note] InnoDB: Using CPU crc32
> > instructions
> > > > 2018-06-13 14:24:19 15999 [Note] InnoDB: Initializing buffer pool,
> > > > size = 128.0M
> > > > 2018-06-13 14:24:19 15999 [Note] InnoDB: Completed initialization
> > of
> > > > buffer pool
> > > > 2018-06-13 14:24:19 15999 [Note] InnoDB: Highest supported file
> > format
> > > > is Barracuda.
> > > > 2018-06-13 14:24:19 15999 [Note] InnoDB: Log scan progressed past
> > the
> > > > checkpoint lsn 7513843395
> > > > 2018-06-13 14:24:19 15999 [Note] InnoDB: Database was not shutdown
> > > > normally!
> > > > 2018-06-13 14:24:19 15999 [Note] InnoDB: Starting crash recovery.
> > > > 2018-06-13 14:24:19 15999 [Note] InnoDB: Reading tablespace
> > > > information from the .ibd files...
> > > > 2018-06-13 14:24:19 15999 [Note] InnoDB: Restoring possible
> > > > half-written data pages
> > > > 2018-06-13 14:24:19 15999 [Note] InnoDB: from the doublewrite
> > buffer...
> > > > InnoDB: Doing recovery: scanned up to log sequence number
> > 7513851738
> > > > 2018-06-13 14:24:19 15999 [Note] InnoDB: Starting an apply batch of
> > > > log records to the database...
> > > > InnoDB: Progress in percent: 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
> > 18
> > > > 19
> > > > 20 21 22 23 24 25 26 27 28 29 30 75 76 77 78 79 80 81 82 83 84 85
> > 86
> > > > 87 88
> > > > 89 90 91 92 93 94 95 96 97 98 99
> > > > InnoDB: Apply batch completed
> > > > 2018-06-13 14:24:20 15999 [Note] InnoDB: 128 rollback segment(s)
> > are
> > > > active.
> > > > 2018-06-13 14:24:20 15999 [Note] InnoDB: Waiting for purge to start
> > > > 2018-06-13 14:24:20 15999 [Note] InnoDB: 5.6.39 started; log
> > sequence
> > > > number 7513851738
> > > > 2018-06-13 14:24:20 15999 [Note] Server hostname (bind-address):
> > > > '172.8.22.170'; port: 3306
> > > > 2018-06-13 14:24:20 15999 [Note]   - '172.8.22.170' resolves to
> > > > '172.8.22.170';
> > > > 2018-06-13 14:24:20 15999 [Note] Server socket created on IP:
> > > > '172.8.22.170'.
> > > > 2018-06-13 14:24:20 15999 [Note] Event Scheduler: Loaded 0 events
> > > > 2018-06-13 14:24:20 15999 [Note] /usr/sbin/mysqld: ready for
> > connections.
> > > > Version: '5.6.39'  socket: '/var/lib/mysql/mysql.sock'  port: 3306
> > > > MySQL Community Server (GPL) ^C
> > > > [root@FRPRCSSQB1 /]# tail -f /var/log/mysqld.log
> > > > InnoDB: Apply batch completed
> > > > 2018-06-13 15:28:42 17230 [Note] InnoDB: 128 rollback segment(s)
> > are
> > > > active.
> > > > 2018-06-13 15:28:42 17230 [Note] InnoDB: Waiting for purge to start
> > > > 2018-06-13 15:28:42 17230 [Note] InnoDB: 5.6.39 started; log
> > sequence
> > > > number 7517034692
> > > > 2018-06-13 15:28:42 17230 [Note] Server hostname (bind-address):
> > > > '172.8.22.170'; port: 3306
> > > > 2018-06-13 15:28:42 17230 [Note]   - '172.8.22.170' resolves to
> > > > '172.8.22.170';
> > > > 2018-06-13 15:28:42 17230 [Note] Server socket created on IP:
> > > > '172.8.22.170'.
> > > > 2018-06-13 15:28:42 17230 [Note] Event Scheduler: Loaded 0 events
> > > > 2018-06-13 15:28:42 17230 [Note] /usr/sbin/mysqld: ready for
> > connections.
> > > > Version: '5.6.39'  socket: '/var/lib/mysql/mysql.sock'  port: 3306
> > > > MySQL Community Server (GPL)
> > > >
> > > > Thanks upfront for any technical help or better understanding of
> > what
> > > > is going on ;)
> > > >
> > > > Best regards,
> > > > [ignatureBouige]
> > > >
> > > >
> > > > dag.sonst...@shapeblue.com
> > > > www.shapeblue.com<http://www.shapeblue.com>;
> > > > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK @shapeblue
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Rafael Weingärtner
> > >
> > 
> > 
> > 
> > --
> > Rafael Weingärtner
> > 
> > 
> > 
> 
Mit freundlichen Grüßen,

Stephan Seitz

--

Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

http://www.heinlein-support.de

Tel: 030 / 405051-44
Fax: 030 / 405051-19

Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht
Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin




signature.asc
Description: This is a digitally signed message part

Ceph Meetup Berlin - Topic High Available (active/active) NFS and CIFS Exports upon CephFS

[Stephan Seitz]

Hi!

If you happen to be in Berlin at May 28th., you might want to take a look at 
this meetup:

https://www.meetup.com/de-DE/Ceph-Berlin/events/qbpxrhyxhblc/

Maybe a redundant, ceph-backed NFS could be useful not only for 2nd. storage :)

- Stephan



signature.asc
Description: This is a digitally signed message part

Session Timeout 4.11 / jetty

[Stephan Seitz]

Hi!


Finally, I was able to modify the session timeout of gui users since the 
default of 30 minutes was unconvenient.

I did two changes (currently not knowing which one takes effect :) )

a) /etc/cloudstack/management/server.properties

server.session.timeout=3600
#session.timeout=3600 # this doesn't work


b) /usr/share/cloudstack-management/webapp/WEB-INF/web.xml

   
3600


at the end and inside the  Statements.


... just in case that might be useful for you too :)


cheers,

- Stephan



signature.asc
Description: This is a digitally signed message part

AW: Moving VR to another pool

[Stephan Seitz]

Hi sven,

As far.as i can remember from our workflow a few month ago,‎ we've added a 
matching Storage tag to the systemtemplate offering and subsequently simply 
destroyed the running VR waiting for them to spawn on the new cluster. If 
you're running systemvms on local Storage i assume (unverified) disabling the 
old cluster and destroying the VR should work.

I don''t think that live migration of VR to a diffrent cvluster is possible.

Stephan

  Originalnachricht  
Von: Swen - swen.io
Gesendet: Mittwoch, 9. Mai 2018 16:50
An: users@cloudstack.apache.org
Antwort an: users@cloudstack.apache.org
Betreff: Moving VR to another pool

Hey,

we want to delete a XenServer cluster in our CS installation and so moving
everything of it. Can we also move all VR from on cluster to another cluster
via live migration and without downtime? It looks like I can only move VR
inside a cluster and its primary storage. Is there a way to do a storage
live migration of VR via api with "migrateVirtualMachineWithVolume"? I tried
it but failed, maybe because of a syntax error.

Thanks for help!

Best regards,
Swen

AW: Community opinion regarding Apache events banner in CloudStack's website

[Stephan Seitz]

I"ld second Dag and Swen. So +1 for the third option

Gesendet von meinem BlackBerry 10-Smartphone.
  Originalnachricht  
Von: Swen - swen.io
Gesendet: Dienstag, 17. April 2018 20:44
An: users@cloudstack.apache.org
Antwort an: users@cloudstack.apache.org
Betreff: AW: Community opinion regarding Apache events banner in CloudStack's 
website

+1 for 3rd option

-Ursprüngliche Nachricht-
Von: Rafael Weingärtner [mailto:rafaelweingart...@gmail.com] 
Gesendet: Dienstag, 17. April 2018 20:43
An: dev 
Cc: users@cloudstack.apache.org
Betreff: Re: Community opinion regarding Apache events banner in CloudStack's 
website

Third option (suggested by Dag) -
https://drive.google.com/open?id=16FEu9tD1HZqwxLp2lrnUBmsuRJNLpDqU

On Tue, Apr 17, 2018 at 3:39 PM, Dag Sonstebo 
wrote:

> Hi Rafael – in my opinion you need it fairly prominent so people 
> notice it – so option 1, but maybe put it underneath the CloudMonkey 
> logo on the right hand side?
>
> Regards,
> Dag Sonstebo
> Cloud Architect
> ShapeBlue
>
> On 17/04/2018, 19:35, "Rafael Weingärtner" 
> 
> wrote:
>
> Ah damm.. I forgot about the file stripping in our mailing list.
> Sorry guys. Here they go.
>
> - first one:
> https://drive.google.com/open?id=1vSqni_GEj3YJjuGehxe-_dnrNqQP7x8y
>
> - second one:
> https://drive.google.com/open?id=1LEmt9g5ceAUeTuc2a1Cb4uctOwyz5eQ8
>
> On Tue, Apr 17, 2018 at 3:31 PM, Dag Sonstebo < 
> dag.sonst...@shapeblue.com>
> wrote:
>
> > The white one is quite nice ☺
> >
> > Joking aside – looks like they got stripped from your email Rafael.
> >
> > Regards,
> > Dag Sonstebo
> > Cloud Architect
> > ShapeBlue
> >
> > From: Rafael Weingärtner 
> > Reply-To: "d...@cloudstack.apache.org" 
> > Date: Tuesday, 17 April 2018 at 19:13
> > To: users , dev < 
> d...@cloudstack.apache.org>
> > Subject: Community opinion regarding Apache events banner in 
> CloudStack's
> > website
> >
> > Hello folks,
> > I am trying to work out something to put Apache events banner on our
> > website. So far I came up with two proposals. Which one of them 
> do you guys
> > prefer?
> > First one:
> > [cid:ii_jg3zjco00_162d4ce7db0cd3da]
> >
> >
> > Second:
> > [cid:ii_jg3zk0e01_162d4cefaef3a1ce]
> >
> > --
> > Rafael Weingärtner
> >
> > dag.sonst...@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > @shapeblue
> >
> >
> >
> >
>
>
> --
> Rafael Weingärtner
>
>
>
> dag.sonst...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
>
>
>
>


-- 
Rafael Weingärtner

Re: Egress rules not applied in 4.11.0

[Stephan Seitz]

Rafael,

don't get confused, I'm not the OP, just added a few thoughts. We are running a 
very similar Infrastructure than the OP, but our systemvm-template is Debian 7 
instead of Debian 9 (he has).
The recent host you questioned is "other linux2.x 64bit" so *should* be (as 
verified :) ) run in HVM.

- Stephan

Am Mittwoch, den 11.04.2018, 09:09 -0300 schrieb Rafael Weingärtner:
> That is interesting. The VM is indeed in HVM mode.
> 
> On Wed, Apr 11, 2018 at 9:04 AM, Stephan Seitz <s.se...@heinlein-support.de>
> wrote:
> 
> > 
> > # xe vm-param-list uuid=c1bcef11-ffc2-24bd-7c5e-0840fb4f8f49 | grep -e
> > PV-legacy-args -e PV-boot -e HVM-boot -e HVM-shadow
> >    HVM-boot-policy ( RW): BIOS order
> >    HVM-boot-params (MRW): order: dc
> >  HVM-shadow-multiplier ( RW): 1.000
> > PV-legacy-args ( RW):
> >  PV-bootloader ( RW):
> > PV-bootloader-args ( RW):
> > 
> > Am Mittwoch, den 11.04.2018, 09:00 -0300 schrieb Rafael Weingärtner:
> > > 
> > > Xen you execute the following command in your XenServer?
> > > 
> > > > 
> > > > 
> > > > xe vm-param-list uuid=
> > > > 
> > > Then, what is the content of these parameters?
> > > 
> > >    - PV-legacy-args
> > >    - PV-bootloader
> > >    - PV-bootloader-args
> > >    - HVM-boot-policy
> > >    - HVM-boot-params
> > >    - HVM-shadow-multiplier
> > > 
> > > 
> > > It is just to make sure that the VM was indeed created using HVM mode.
> > > 
> > > On Wed, Apr 11, 2018 at 8:55 AM, Stephan Seitz <
> > s.se...@heinlein-support.de>
> > > 
> > > wrote:
> > > 
> > > > 
> > > > 
> > > > Just tried a Debian 9 running on XenServer 6.5 SP1 with model "Other
> > 2.6x
> > > 
> > > > 
> > > > Linux (64-bit)":
> > > > 
> > > > # virt-what --version
> > > > 1.15
> > > > # virt-what
> > > > hyperv
> > > > xen
> > > > xen-domU
> > > > #
> > > > 
> > > > 
> > > > Am Mittwoch, den 11.04.2018, 13:50 +0200 schrieb Stephan Seitz:
> > > > > 
> > > > > 
> > > > > AFAIK not for 6.5 SP1.
> > > > > https://xen-orchestra.com/blog/meltdown-and-spectre-for-xenserver/
> > shows
> > > 
> > > > 
> > > > that 7.x is fixed and gives the hint,
> > > > > 
> > > > > 
> > > > > that HVM guests are not affected (at least for spectre)
> > > > > 
> > > > > https://support.citrix.com/article/CTX231390
> > > > > " 6.2 SP1, and 6.5 SP1 versions of XenServer require extensive
> > > > architectural changes to do so. Citrix is therefore not making
> > hotfixes for
> > > 
> > > > 
> > > > these versions available to customers, and will continue to
> > > > > 
> > > > > 
> > > > > work with hardware vendors on other mitigation strategies. Customers
> > on
> > > 
> > > > 
> > > > the 6.2 SP1 and 6.5 SP1 versions are strongly recommended to upgrade
> > to a
> > > 
> > > > 
> > > > more recent version. "
> > > > > 
> > > > > 
> > > > > 
> > > > > I haven't tried it so far, but recent debian versions were kind of
> > picky
> > > 
> > > > 
> > > > with different kinds of Xen virtualization as I've seen on "regular"
> > VMs.
> > > 
> > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > > Am Mittwoch, den 11.04.2018, 11:42 + schrieb Paul Angus:
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > virt-what will give 'xen-domU' for paravirtualized guests. Didn't
> > > > XenServer make some kind of change around this as a Meltdown/Spectre
> > > > migation?
> > > > > 
> > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > Kind regards,
> > > > > > 
> > > > > > Paul Angus
> > > > > > 
> > > > > > paul.

Re: Egress rules not applied in 4.11.0

[Stephan Seitz]

# xe vm-param-list uuid=c1bcef11-ffc2-24bd-7c5e-0840fb4f8f49 | grep -e 
PV-legacy-args -e PV-boot -e HVM-boot -e HVM-shadow
   HVM-boot-policy ( RW): BIOS order
   HVM-boot-params (MRW): order: dc
 HVM-shadow-multiplier ( RW): 1.000
PV-legacy-args ( RW): 
 PV-bootloader ( RW): 
PV-bootloader-args ( RW): 

Am Mittwoch, den 11.04.2018, 09:00 -0300 schrieb Rafael Weingärtner:
> Xen you execute the following command in your XenServer?
> 
> > 
> > xe vm-param-list uuid=
> > 
> Then, what is the content of these parameters?
> 
>    - PV-legacy-args
>    - PV-bootloader
>    - PV-bootloader-args
>    - HVM-boot-policy
>    - HVM-boot-params
>    - HVM-shadow-multiplier
> 
> 
> It is just to make sure that the VM was indeed created using HVM mode.
> 
> On Wed, Apr 11, 2018 at 8:55 AM, Stephan Seitz <s.se...@heinlein-support.de>
> wrote:
> 
> > 
> > Just tried a Debian 9 running on XenServer 6.5 SP1 with model "Other 2.6x
> > Linux (64-bit)":
> > 
> > # virt-what --version
> > 1.15
> > # virt-what
> > hyperv
> > xen
> > xen-domU
> > #
> > 
> > 
> > Am Mittwoch, den 11.04.2018, 13:50 +0200 schrieb Stephan Seitz:
> > > 
> > > AFAIK not for 6.5 SP1.
> > > https://xen-orchestra.com/blog/meltdown-and-spectre-for-xenserver/ shows
> > that 7.x is fixed and gives the hint,
> > > 
> > > that HVM guests are not affected (at least for spectre)
> > > 
> > > https://support.citrix.com/article/CTX231390
> > > " 6.2 SP1, and 6.5 SP1 versions of XenServer require extensive
> > architectural changes to do so. Citrix is therefore not making hotfixes for
> > these versions available to customers, and will continue to
> > > 
> > > work with hardware vendors on other mitigation strategies. Customers on
> > the 6.2 SP1 and 6.5 SP1 versions are strongly recommended to upgrade to a
> > more recent version. "
> > > 
> > > 
> > > I haven't tried it so far, but recent debian versions were kind of picky
> > with different kinds of Xen virtualization as I've seen on "regular" VMs.
> > > 
> > > 
> > > 
> > > 
> > > Am Mittwoch, den 11.04.2018, 11:42 + schrieb Paul Angus:
> > > > 
> > > > 
> > > > virt-what will give 'xen-domU' for paravirtualized guests. Didn't
> > XenServer make some kind of change around this as a Meltdown/Spectre
> > migation?
> > > 
> > > > 
> > > > 
> > > > 
> > > > Kind regards,
> > > > 
> > > > Paul Angus
> > > > 
> > > > paul.an...@shapeblue.com
> > > > www.shapeblue.com
> > > > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> > > > @shapeblue
> > > > 
> > > > 
> > > > 
> > > > 
> > > > -Original Message-
> > > > From: Stephan Seitz <s.se...@heinlein-support.de>
> > > > Sent: 11 April 2018 12:38
> > > > To: users@cloudstack.apache.org
> > > > Subject: Re: Egress rules not applied in 4.11.0
> > > > 
> > > > Hi martin,
> > > > 
> > > > I've just read your issue on github and was wondering how you;ve been
> > able to select Debian 9.
> > > 
> > > > 
> > > > But maybe you did a fresh installation.
> > > > 
> > > > We did an update from 4.9.2 to 4.11.0 and were able to select "Debian
> > GNU/Linux 7(64-bit)" as highest possible Debian-version. The documentation
> > said to register the new systemvm-template before
> > > 
> > > > 
> > > > updating the management server.
> > > > 
> > > > Maybe your issue is hot-fixed by registering a template with Debian 7
> > profile.
> > > 
> > > > 
> > > > 
> > > > Cheers,
> > > > 
> > > > - Stephan
> > > > 
> > > > 
> > > > Am Mittwoch, den 11.04.2018, 13:30 +0200 schrieb Martin Emrich:
> > > > > 
> > > > > 
> > > > > 
> > > > > I investigated further, and opened an issue:
> > > > > https://github.com/apache/cloudstack/issues/2561
> > > > > 
> > > > > Cheers,
> > > > > 
> > > > > Martin
> > > > > 
> > > > > 
> > > > > Am 11.04.18 um 1

Re: Egress rules not applied in 4.11.0

[Stephan Seitz]

Just tried a Debian 9 running on XenServer 6.5 SP1 with model "Other 2.6x Linux 
(64-bit)":

# virt-what --version
1.15
# virt-what
hyperv
xen
xen-domU
#


Am Mittwoch, den 11.04.2018, 13:50 +0200 schrieb Stephan Seitz:
> AFAIK not for 6.5 SP1.
> https://xen-orchestra.com/blog/meltdown-and-spectre-for-xenserver/ shows that 
> 7.x is fixed and gives the hint,
> that HVM guests are not affected (at least for spectre)
> 
> https://support.citrix.com/article/CTX231390
> " 6.2 SP1, and 6.5 SP1 versions of XenServer require extensive architectural 
> changes to do so. Citrix is therefore not making hotfixes for these versions 
> available to customers, and will continue to
> work with hardware vendors on other mitigation strategies. Customers on the 
> 6.2 SP1 and 6.5 SP1 versions are strongly recommended to upgrade to a more 
> recent version. "
> 
> I haven't tried it so far, but recent debian versions were kind of picky with 
> different kinds of Xen virtualization as I've seen on "regular" VMs.
> 
> 
> 
> Am Mittwoch, den 11.04.2018, 11:42 + schrieb Paul Angus:
> > 
> > virt-what will give 'xen-domU' for paravirtualized guests. Didn't XenServer 
> > make some kind of change around this as a Meltdown/Spectre migation? 
> > 
> > 
> > Kind regards,
> > 
> > Paul Angus
> > 
> > paul.an...@shapeblue.com 
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> > @shapeblue
> >   
> >  
> > 
> > 
> > -Original Message-
> > From: Stephan Seitz <s.se...@heinlein-support.de> 
> > Sent: 11 April 2018 12:38
> > To: users@cloudstack.apache.org
> > Subject: Re: Egress rules not applied in 4.11.0
> > 
> > Hi martin,
> > 
> > I've just read your issue on github and was wondering how you;ve been able 
> > to select Debian 9.
> > But maybe you did a fresh installation.
> > 
> > We did an update from 4.9.2 to 4.11.0 and were able to select "Debian 
> > GNU/Linux 7(64-bit)" as highest possible Debian-version. The documentation 
> > said to register the new systemvm-template before
> > updating the management server.
> > 
> > Maybe your issue is hot-fixed by registering a template with Debian 7 
> > profile.
> > 
> > Cheers,
> > 
> > - Stephan
> > 
> > 
> > Am Mittwoch, den 11.04.2018, 13:30 +0200 schrieb Martin Emrich:
> > > 
> > > 
> > > I investigated further, and opened an issue:
> > > https://github.com/apache/cloudstack/issues/2561
> > > 
> > > Cheers,
> > > 
> > > Martin
> > > 
> > > 
> > > Am 11.04.18 um 12:18 schrieb Martin Emrich:
> > > > 
> > > > 
> > > > 
> > > > Thanks... But I think something else is now broken, too...:
> > > > 
> > > > The SystemVMs are now no longer being provisioned: They come up 
> > > > "empty" with "systemvm type=".
> > > > 
> > > > I also deleted the Console Proxy VM, and the new one is plain, too...
> > > > 
> > > > I tried with Git branch 4.11 (producing 4.11.1-SNAPSHOT RPMs), same 
> > > > effect...
> > > > 
> > > > Cheers,
> > > > 
> > > > Martin
> > > > 
> > > > 
> > > > Am 11.04.18 um 00:56 schrieb Rohit Yadav:
> > > > > 
> > > > > 
> > > > > 
> > > > > Hi Martin,
> > > > > 
> > > > > 
> > > > > This is a known issue, a freshly restarted VR may not have the 
> > > > > EGREE related tables which is why any rules will fail to apply. As 
> > > > > a workaround, you can restart the network without selecting the 
> > > > > cleanup option which will reconfigure the VR and add the egress table.
> > > > > 
> > > > > 
> > > > > I've a fix in this PR:
> > > > > https://github.com/apache/cloudstack/pull/2508/files#diff-2d3ea57d
> > > > > fd9156e3983b1bb2d64abecd
> > > > > 
> > > > > 
> > > > > 
> > > > > - Rohit
> > > > > 
> > > > > <https://cloudstack.apache.org>
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > > From: Martin Emrich <martin.emr...@empolis.com>
> > > > > Sent: Tuesday, April 10, 2018 2:13:57 PM
> >

Re: Egress rules not applied in 4.11.0

[Stephan Seitz]

AFAIK not for 6.5 SP1.
https://xen-orchestra.com/blog/meltdown-and-spectre-for-xenserver/ shows that 
7.x is fixed and gives the hint,
that HVM guests are not affected (at least for spectre)

https://support.citrix.com/article/CTX231390
" 6.2 SP1, and 6.5 SP1 versions of XenServer require extensive architectural 
changes to do so. Citrix is therefore not making hotfixes for these versions 
available to customers, and will continue to
work with hardware vendors on other mitigation strategies. Customers on the 6.2 
SP1 and 6.5 SP1 versions are strongly recommended to upgrade to a more recent 
version. "

I haven't tried it so far, but recent debian versions were kind of picky with 
different kinds of Xen virtualization as I've seen on "regular" VMs.



Am Mittwoch, den 11.04.2018, 11:42 + schrieb Paul Angus:
> virt-what will give 'xen-domU' for paravirtualized guests. Didn't XenServer 
> make some kind of change around this as a Meltdown/Spectre migation? 
> 
> 
> Kind regards,
> 
> Paul Angus
> 
> paul.an...@shapeblue.com 
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>   
>  
> 
> 
> -Original Message-
> From: Stephan Seitz <s.se...@heinlein-support.de> 
> Sent: 11 April 2018 12:38
> To: users@cloudstack.apache.org
> Subject: Re: Egress rules not applied in 4.11.0
> 
> Hi martin,
> 
> I've just read your issue on github and was wondering how you;ve been able to 
> select Debian 9.
> But maybe you did a fresh installation.
> 
> We did an update from 4.9.2 to 4.11.0 and were able to select "Debian 
> GNU/Linux 7(64-bit)" as highest possible Debian-version. The documentation 
> said to register the new systemvm-template before
> updating the management server.
> 
> Maybe your issue is hot-fixed by registering a template with Debian 7 profile.
> 
> Cheers,
> 
> - Stephan
> 
> 
> Am Mittwoch, den 11.04.2018, 13:30 +0200 schrieb Martin Emrich:
> > 
> > I investigated further, and opened an issue:
> > https://github.com/apache/cloudstack/issues/2561
> > 
> > Cheers,
> > 
> > Martin
> > 
> > 
> > Am 11.04.18 um 12:18 schrieb Martin Emrich:
> > > 
> > > 
> > > Thanks... But I think something else is now broken, too...:
> > > 
> > > The SystemVMs are now no longer being provisioned: They come up 
> > > "empty" with "systemvm type=".
> > > 
> > > I also deleted the Console Proxy VM, and the new one is plain, too...
> > > 
> > > I tried with Git branch 4.11 (producing 4.11.1-SNAPSHOT RPMs), same 
> > > effect...
> > > 
> > > Cheers,
> > > 
> > > Martin
> > > 
> > > 
> > > Am 11.04.18 um 00:56 schrieb Rohit Yadav:
> > > > 
> > > > 
> > > > Hi Martin,
> > > > 
> > > > 
> > > > This is a known issue, a freshly restarted VR may not have the 
> > > > EGREE related tables which is why any rules will fail to apply. As 
> > > > a workaround, you can restart the network without selecting the 
> > > > cleanup option which will reconfigure the VR and add the egress table.
> > > > 
> > > > 
> > > > I've a fix in this PR:
> > > > https://github.com/apache/cloudstack/pull/2508/files#diff-2d3ea57d
> > > > fd9156e3983b1bb2d64abecd
> > > > 
> > > > 
> > > > 
> > > > - Rohit
> > > > 
> > > > <https://cloudstack.apache.org>
> > > > 
> > > > 
> > > > 
> > > > 
> > > > From: Martin Emrich <martin.emr...@empolis.com>
> > > > Sent: Tuesday, April 10, 2018 2:13:57 PM
> > > > To: CloudStack-Users
> > > > Subject: Egress rules not applied in 4.11.0
> > > > 
> > > > Hi!
> > > > 
> > > > I upgraded my test cluster from 4.9 to 4.11. The default policy 
> > > > for isolated networks is "Deny".
> > > > 
> > > > But now, adding rules to allow egress traffic are not applied to 
> > > > the virtual router. adding a 0.0.0.0/0 rule looks fine from the 
> > > > UI, but does not appear in the iptables output on the VR.
> > > > 
> > > > Any Ideas?
> > > > 
> > > > Thanks
> > > > 
> > > > Martin
> > > > 
> > > > 
> > > > rohit.ya...@shapeblue.com
> > > > www.shapeblue.com
> > > > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK @shapeblue
> > > > 
> Mit freundlichen Grüßen,
> 
> Stephan Seitz
> 
> --
> 
> Heinlein Support GmbH
> Schwedter Str. 8/9b, 10119 Berlin
> 
> http://www.heinlein-support.de
> 
> Tel: 030 / 405051-44
> Fax: 030 / 405051-19
> 
> Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
> Geschäftsführer: Peer Heinlein -- Sitz: Berlin
> 
> 
Mit freundlichen Grüßen,

Stephan Seitz

--

Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

http://www.heinlein-support.de

Tel: 030 / 405051-44
Fax: 030 / 405051-19

Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht
Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin




signature.asc
Description: This is a digitally signed message part

Re: Egress rules not applied in 4.11.0

[Stephan Seitz]

Hi martin,

I've just read your issue on github and was wondering how you;ve been able to 
select Debian 9.
But maybe you did a fresh installation.

We did an update from 4.9.2 to 4.11.0 and were able to select "Debian GNU/Linux 
7(64-bit)" as
highest possible Debian-version. The documentation said to register the new 
systemvm-template
before updating the management server.

Maybe your issue is hot-fixed by registering a template with Debian 7 profile.

Cheers,

- Stephan


Am Mittwoch, den 11.04.2018, 13:30 +0200 schrieb Martin Emrich:
> I investigated further, and opened an issue: 
> https://github.com/apache/cloudstack/issues/2561
> 
> Cheers,
> 
> Martin
> 
> 
> Am 11.04.18 um 12:18 schrieb Martin Emrich:
> > 
> > Thanks... But I think something else is now broken, too...:
> > 
> > The SystemVMs are now no longer being provisioned: They come up 
> > "empty" with "systemvm type=".
> > 
> > I also deleted the Console Proxy VM, and the new one is plain, too...
> > 
> > I tried with Git branch 4.11 (producing 4.11.1-SNAPSHOT RPMs), same 
> > effect...
> > 
> > Cheers,
> > 
> > Martin
> > 
> > 
> > Am 11.04.18 um 00:56 schrieb Rohit Yadav:
> > > 
> > > Hi Martin,
> > > 
> > > 
> > > This is a known issue, a freshly restarted VR may not have the EGREE 
> > > related tables which is why any rules will fail to apply. As a 
> > > workaround, you can restart the network without selecting the cleanup 
> > > option which will reconfigure the VR and add the egress table.
> > > 
> > > 
> > > I've a fix in this PR: 
> > > https://github.com/apache/cloudstack/pull/2508/files#diff-2d3ea57dfd9156e3983b1bb2d64abecd
> > > 
> > > 
> > > 
> > > - Rohit
> > > 
> > > <https://cloudstack.apache.org>
> > > 
> > > 
> > > 
> > > 
> > > From: Martin Emrich <martin.emr...@empolis.com>
> > > Sent: Tuesday, April 10, 2018 2:13:57 PM
> > > To: CloudStack-Users
> > > Subject: Egress rules not applied in 4.11.0
> > > 
> > > Hi!
> > > 
> > > I upgraded my test cluster from 4.9 to 4.11. The default policy for
> > > isolated networks is "Deny".
> > > 
> > > But now, adding rules to allow egress traffic are not applied to the
> > > virtual router. adding a 0.0.0.0/0 rule looks fine from the UI, but does
> > > not appear in the iptables output on the VR.
> > > 
> > > Any Ideas?
> > > 
> > > Thanks
> > > 
> > > Martin
> > > 
> > > 
> > > rohit.ya...@shapeblue.com
> > > www.shapeblue.com
> > > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> > > @shapeblue
> > > 
Mit freundlichen Grüßen,

Stephan Seitz

--

Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

http://www.heinlein-support.de

Tel: 030 / 405051-44
Fax: 030 / 405051-19

Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht
Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin



signature.asc
Description: This is a digitally signed message part

Re: [DISCUSS] CloudMonkey 6.0.0-alpha (about six years after initial version in 2012)

[Stephan Seitz]

Rohit,

thanks for refurbishing.

I know, XML is not the most popular format nowadays, but it clearly has it's 
benefits e.g. XSLT.
We're parsing cloudmonkey's XML output in some cases, but these systems could 
continue with legacy cloudmonkey.

Really nice would be the possibility to select GET vs. POST for the API calls.



Am Dienstag, den 10.04.2018, 14:19 + schrieb ilya musayev:
> This is great news and cloud monkey is used more than you think :)
> 
> I will share the news with my team.
> 
> On Tue, Apr 10, 2018 at 5:07 AM Will Stevens <wstev...@cloudops.com> wrote:
> 
> > 
> > +1. It has been a great tool for years.  Looking forward to the golang
> > version.
> > 
> > On Apr 10, 2018 7:59 AM, "Rohit Yadav" <rohit.ya...@shapeblue.com> wrote:
> > 
> > All,
> > 
> > 
> > Few months ago, I started porting the current code to be compatible with
> > both Python2 and Python3 to make it run with both Python2 (for older
> > systems such as CentOS6 etc) and Python3 (for newer platforms). The work
> > was not a success, another problem was that cloudmonkey was not easy to
> > install and required several dependencies that would certainly fail on
> > older systems with Python 2.6.x.
> > 
> > 
> > Considering all things, I started working on an experimental golang port
> > [2] and happy to announce that the initial alpha version shows a lot of
> > promise and is 5-20x faster than the python based cli [1]. The compiled
> > binary runs on several targets, including windows [1].
> > 
> > 
> > I cannot commit to a timeline/release date yet but the aim of this thread
> > is to discuss and propose the simplification of the CLI which may require
> > removal of some features and some breaking changes may be introduced:
> > 
> > 
> > - Make json the default output format
> > 
> > - Remove coloured output
> > 
> > - Remove unpopular, least user output formats? xml, default (line-separate
> > key=value), table?
> > 
> > - Remove `set` options: color, expires, (custom) prompt
> > 
> > - Remove `paramcompletion` option, this will be true/enabled by default
> > 
> > - Remove signature version and expires (I'm not sure why this is needed or
> > used)
> > 
> > - Remove history_file, cache_file, log_file options, use the default paths
> > in folder at (user's  home directory)/.cloudmonkey.
> > 
> > - Remove shell based execution from interactive interpreter mode (using !
> > or shell keywords)
> > 
> > - Remove support for CloudStack older than 4.5, i.e. it won't be tested
> > against older cloudstacks.
> > 
> > - Remove a default API cache with the client, for a fresh env without any
> > ~/.cloudmonkey/cache; users can run `sync` command against a management
> > server.
> > 
> > - Interactive API parameter completion in CLI mode: the current API
> > parameter completion requires the user to manually copy/paste the uuids, or
> > autocomplete by typing parts of the uuids/option.
> > 
> > - Improve how maps are passed.
> > 
> > - Good to have: bash/zsh completion.
> > 
> > 
> > Please share your thoughts, and objections (especially if you're using the
> > proposed features to be removed in version 6.x).
> > 
> > 
> > [1] https://twitter.com/rhtyd/status/983448788059770882
> > 
> > [2] https://github.com/rhtyd/cmk
> > 
> > 
> > - Rohit
> > 
> > <https://cloudstack.apache.org>
> > 
> > 
> > 
> > rohit.ya...@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> > @shapeblue
> > 
Mit freundlichen Grüßen,

Stephan Seitz

--

Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

http://www.heinlein-support.de

Tel: 030 / 405051-44
Fax: 030 / 405051-19

Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht
Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin




signature.asc
Description: This is a digitally signed message part

4.11.0.0 SSL offloading on Isolated Net (redundant VR setup) not supported?

[Stephan Seitz]

Hi!

After managed to inject sslcerts, I'm facing the Problem that my Network says:
"Ssl termination not supported by the loadbalancer"

Is there any Capability I could add via NetworkOfferings to get SSL Offloading 
working?

  "accountid": "4b14365a-5c6f-11e5-a590-3400a30d0aba",
  "cmd": 
"org.apache.cloudstack.api.command.user.loadbalancer.AssignCertToLoadBalancerCmd",
  "created": "2018-04-10T13:47:22+0200",
  "jobid": "0f1ba348-bab2-481f-8839-b0d9f6aa916e",
  "jobprocstatus": 0,
  "jobresult": {
"errorcode": 431,
"errortext": "Ssl termination not supported by the loadbalancer"
  },
  "jobresultcode": 530,
  "jobresulttype": "object",
  "jobstatus": 2,
  "userid": "4b143f31-5c6f-11e5-a590-3400a30d0aba"


... looks like kind of obvious. But Ild like to know if it's really not 
supported in VR at all?



Here's the network:

{
  "count": 1,
  "network": [
{
  "acltype": "Account",
  "broadcastdomaintype": "Vlan",
  "broadcasturi": "vlan://3124",
  "canusefordeploy": true,
  "cidr": "172.17.0.0/22",
  "displaynetwork": true,
  "displaytext": "ms.mailbox.org",
  "dns1": "REDACTED",
  "dns2": "REDACTED",
  "domain": "Intern",
  "domainid": "819b01fd-b7bc-464d-9c43-59578eafcafe",
  "gateway": "172.17.0.1",
  "id": "d59d9e2a-be25-4918-b930-30e5eb0b4b71",
  "ispersistent": true,
  "issystem": false,
  "name": "REDACTED",
  "netmask": "255.255.252.0",
  "networkdomain": "REDACTED",
  "networkofferingavailability": "Optional",
  "networkofferingconservemode": true,
  "networkofferingdisplaytext": "Isolated-Net-Redundant-Router",
  "networkofferingid": "a19677cb-424e-4d09-bdb8-dfb14c2c5a1e",
  "networkofferingname": "Isolated-Net-Redundant-Router",
  "physicalnetworkid": "9d52c064-0749-4f53-8879-05f7b7d3ae3b",
  "project": "REDACTED-Microservices",
  "projectid": "c7fbc416-ce30-4e97-8401-e1da1db24f33",
  "related": "d59d9e2a-be25-4918-b930-30e5eb0b4b71",
  "restartrequired": false,
  "service": [
{
  "capability": [
{
  "canchooseservicecapability": false,
  "name": "VpnTypes",
  "value": "removeaccessvpn"
},
{
  "canchooseservicecapability": false,
  "name": "SupportedVpnTypes",
  "value": "pptp,l2tp,ipsec"
}
  ],
  "name": "Vpn"
},
{
  "capability": [
{
  "canchooseservicecapability": false,
  "name": "SupportedTrafficDirection",
  "value": "ingress, egress"
},
{
  "canchooseservicecapability": false,
  "name": "TrafficStatistics",
  "value": "per public ip"
},
{
  "canchooseservicecapability": false,
  "name": "SupportedEgressProtocols",
  "value": "tcp,udp,icmp, all"
},
{
  "canchooseservicecapability": false,
  "name": "MultipleIps",
  "value": "true"
},
{
  "canchooseservicecapability": false,
  "name": "SupportedProtocols",
  "value": "tcp,udp,icmp"
}
  ],
  "name": "Firewall"
},
{
  "capability": [
{
  "canchooseservicecapability": false,
  "name": "SupportedProtocols",
  "value": "tcp,udp"
}
  ],
  "name": "PortForwarding"
},
{
  "name": "StaticNat"
},
{
  "capability": [
{
  "canchooseservicecapability": false,
  "name": "SupportedSourceNatTypes",
  "value": "peraccount"
},
{
  "canchooseservicecapability": false,
  "name": "RedundantRouter",
  "value": "true"
}
  ],
  "name": "SourceNat"
},
{
  "capability": [
{
  "canchooseservicecapability": false,
  "name": "AllowDnsSuffixModification",
  "value": "true"
}
  ],
  "name": "Dns"
},
{
  "capability": [
{
  "canchooseservicecapability": false,
  "name": "DhcpAccrossMultipleSubnets",
  "value": "true"
}
  ],
  "name": "Dhcp"
},
{
  "capability": [
{
  "canchooseservicecapability": false,
  "name": "SupportedLbAlgorithms",
  "value": "roundrobin,leastconn,source"
},
{
  "canchooseservicecapability": false,
  "name": "SupportedLBIsolation",
  "value": "dedicated"
},
{
  "canchooseservicecapability": false,
  

Re: Egress rules not applied in 4.11.0

[Stephan Seitz]

Hi!

I think your facing a bug already discussed here. After reloading (imho doesn't 
matter if you check "clean up") the network, the egress rules are applied.
So just reload every net with egress rules :)

Oh and don't know if that made it already to 
https://github.com/apache/cloudstack/issues so if you would be so kind to open 
an issue?

cheers,

- Stephan

Am Dienstag, den 10.04.2018, 10:43 +0200 schrieb Martin Emrich:
> Hi!
> 
> I upgraded my test cluster from 4.9 to 4.11. The default policy for 
> isolated networks is "Deny".
> 
> But now, adding rules to allow egress traffic are not applied to the 
> virtual router. adding a 0.0.0.0/0 rule looks fine from the UI, but does 
> not appear in the iptables output on the VR.


signature.asc
Description: This is a digitally signed message part

uploadSslCert

[Stephan Seitz]

Hi!

I'm currently trying to use uploadSslCert ( 
https://cloudstack.apache.org/api/apidocs-4.11/apis/uploadSslCert.html )
via cloudmonkey.

I'm running into different kinds of errors. ( / 503) ( 500 "None"), Parsing 
Errors on Cert/Key (the message isn't clear on which part though)

The Certificate is a valid openssl x509, the key sha-256 rsa 4096bit (i tried 
both secured by DER and also open without passphrase)

It seems to get a bit further if I don't urlencode by myself, but don't know if 
i have to?
If I urlencode the cert and key, the request as seen in the logfile shows %250A 
instead of %0A (a carriage return). If I leave it "raw", the request (in the 
logs) shows a valid urlencoded form.

Could some one please shed some light?

For one project, I need SSL offloading at the VR's haproxy.

Thanks in advance!


cheers,

- Stephan


signature.asc
Description: This is a digitally signed message part

Re: Upgrade CloudStack from 4.9.2.0 to 4.11.0

[Stephan Seitz]

Hi!

We're currently using XenServer instead of VMware, so I just don't know
if you really need to build your own packages. Afaik shapeblue's public
repository has been built with noredist.

Here's short list (sorry, we didn't report everything to the bugtracker
by now) of caveats:

* There's a more precise dashboard (XX.XX% instead of XX%)
-> Nice, but only works with locale set to EN or C or anything with
decimalpoints instead of commas :) ... consequently the default
language of the GUI will also be selected identical to your locale.

-> Ldap Authentication doesn't work. You need to apply https://github.c
om/apache/cloudstack/pull/2517 to get this working.

-> Adding a NIC to a running VM (only tested in Advanced Zone,
Xenserver, Shared Network to add) fails with an "duplicate MAC-address" 
error. See my post on the ML yesterday.

-> cloudstack-usage doesn't start since (at least Ubuntu, deb packages)
the update doesn't clean old libs from /usr/share/cloudstack-
usage/libs. For us cleanup and reinstall fixed that.

-> SSVM's java keystore doesn't contain Let's Encrypt Root-CA (maybe
others are also missing) so don't expect working downloads from
cdimage.debian.org via https :)

-> A few nasty popups occur (but can be ignored) in the GUI e.g.
selecting a project and viewing networks.

-> A minor documentation bug in the upgrade document: The apt-get.eu
Repository doesn't contain 4.11 right now. download.cloudstack.org
does.


To us none of that problems was a stopper, but your mileage may vary.

cheers,

- Stephan


Am Mittwoch, den 04.04.2018, 11:08 +0200 schrieb Marc Poll Garcia:
> Hello,
> 
> My current infrastructure is Apache Cloudstack 4.9.2 with VMware
> hosts and
> the management server on CentOS.
> 
> 
> I'm planning to perform an upgrade from the actual 4.9.2 versión to
> the
> latest one.
> 
> I found this tutorial from Cloudstack website:
> 
> http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/e
> n/4.11.0.0/upgrade/upgrade-4.9.html
> 
> But i don't know if any of you already did it, and had upgraded the
> system?
> I was wondering if anyone had any issues during the execution of the
> process.
> 
> And also if someone can send more info, or another guide to follow or
> best
> practice?
> 
> We've check it out and found that we need to compile our own
> cloudstack
> software because we're using vmware hosts, is it true? any
> suggestions?
> 
> Thanks in advance.
> 
> Kind regards.
> 
> 
-- 

Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

http://www.heinlein-support.de

Tel: 030 / 405051-44
Fax: 030 / 405051-19

Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht
Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin



signature.asc
Description: This is a digitally signed message part

Re: systemvm

[Stephan Seitz]

Hu!

I'ld recommend to log in to your ssvm and check if everything is able
to connect.

I second dag's suggestion to double check your network setup.

Inside your ssvm I'ld run

/usr/local/cloud/systemvm/ssvm-check.sh

also

ip a s
ip r s


As an educated guess: did you setup your storage-network to the same
cidr as your management-network?

if yes, maybe the default route inside your ssvm is setup wrong (on the
wrong NIC or errenously set up twice on two NICs)


cheers,

- Stephan




Am Mittwoch, den 04.04.2018, 13:53 +0530 schrieb Swastik Mittal:
> @Dag
> 
> By legacy I meant one way ssl. I have set ca strictness for client as
> false.
> 
> I am using 1 nic common for all the network, that is one bridge
> serving
> both public and private network.
> 
> I am setting up a basic zone so I set my management within ip range
> of 10
> and guest within a range of 100, and my statement vms get ip assigned
> within those ranges successfully.
> 
> I used these similar configuration with ACL 4.6 and was able to run
> vm's
> successfully.
> 
> Regards
> Swastik
> 
> On 4 Apr 2018 1:44 p.m., "Dag Sonstebo" 
> wrote:
> 
> > 
> > Swastik,
> > 
> > Your issue is most likely with your network configuration rather
> > than
> > anything to do with firewalls or system VM templates.
> > 
> > First of all – what do you mean by legacy mode? Are you referring
> > to
> > advanced or basic zone?
> > 
> > Secondly – can you tell us how you have configured your networking?
> > 
> > - How many NICs you are using and how have you configured them
> > - What management vs public IP ranges you are using
> > - How you have mapped your networking in CloudStack against the
> > underlying
> > hardware NICs
> > - Can you also check what your “host” global setting is set to
> > 
> > Regards,
> > Dag Sonstebo
> > Cloud Architect
> > ShapeBlue
> > 
> > On 04/04/2018, 09:07, "Swastik Mittal" 
> > wrote:
> > 
> > @jagdish
> > 
> > Yes I was using the same link.
> > 
> > 
> > dag.sonst...@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> > @shapeblue
> > 
> > 
> > 
> > On 4 Apr 2018 1:07 p.m., "Jagdish Patil"  > >
> > wrote:
> > 
> > > Hey Swastik,
> > >
> > > download.cloudstack.org link doesn't look like an issue, but
> > which
> > version
> > > and which hypervisor are you using?
> > >
> > > For KVM, download this:
> > > http://download.cloudstack.org/systemvm/4.11/systemvmtemplat
> > e-4.11.0-kvm.
> > > qcow2.bz2
> > >
> > > Regards,
> > > Jagdish Patil
> > >
> > > On Wed, Apr 4, 2018 at 1:00 PM Swastik Mittal <
> > mittal.swas...@gmail.com>
> > > wrote:
> > >
> > > > Hey @jagdish
> > > >
> > > > I was using download.cloudstack.org to download systemVM.
> > Is
> > there any
> > > > bug within the template uploaded here?
> > > >
> > > > @Soundar
> > > >
> > > > I did disable firewall services but din't work. I'll check
> > it again
> > > though.
> > > >
> > > > On 4/4/18, soundar rajan  wrote:
> > > > > disabled firewalld service on the hostname and check. you
> > should
> > able
> > > to
> > > > > access using console window.
> > > > >
> > > > > On Wed, Apr 4, 2018 at 10:07 AM, Swastik Mittal <
> > > > mittal.swas...@gmail.com>
> > > > > wrote:
> > > > >
> > > > >> Hey,
> > > > >>
> > > > >> I am installing ACS 4.11 (legacy mode), with management
> > and
> > host on
> > > same
> > > > >> server and out-of-band management disabled. My host is
> > enabled
> > and up
> > > > and
> > > > >> ssvm successfully running. Though agent state column
> > shows only
> > '-'.
> > > > >>
> > > > >> CPVM is also running successfully but when I open
> > console
> > window I get
> > > > >> unable to connect. Also I din't find check file in SSVM
> > (accessed
> > > > through
> > > > >> terminal using ssh).
> > > > >>
> > > > >> From SSVM I can ssh into management but wget command to
> > management
> > > local
> > > > >> host ain't working (is stuck at connecting but is not
> > able to
> > > connect.).
> > > > >>
> > > > >> Agent log does not show any error, just mentions "trying
> > to
> > fetch
> > > > storage
> > > > >> pool from libvirt" all the time. I checked my storage
> > pool
> > through
> > > > "virsh
> > > > >> pool-list" and it shows the storage pool mentioned in
> > local
> > storage
> > > > under
> > > > >> agent.properties.
> > > > >>
> > > > >> Any ideas?
> > > > >>
> > > > >> Regards
> > > > >> Swastik
> > > > >>
> > > > >
> > > >
> > >
> > 
> > 
> > 
-- 

Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

http://www.heinlein-support.de

Tel: 030 / 405051-44
Fax: 030 / 405051-19

Zwangsangaben lt. §35a GmbHG: HRB 

Re: 4.11.0.0 problem adding new shared network NIC to VM "A NIC with this MAC address exits for network:"

[Stephan Seitz]

Ilya,

thank's for your reply, I've opened CLOUDSTACK-10350.


Am Dienstag, den 03.04.2018, 09:20 + schrieb ilya musayev:
> Stephan
> 
> Please kindly open a jira issue as a blocker for 4.11
> 
> Thank you
> 


signature.asc
Description: This is a digitally signed message part

4.11.0.0 problem adding new shared network NIC to VM "A NIC with this MAC address exits for network:"

[Stephan Seitz]

Hi there!

After upgrading a working 4.9.2 setup to 4.11.0.0 we've noticed that we're 
unable to add a NIC (shared network) to a running VM via GUI.
The Error is "A NIC with this MAC address exits for network: (uuid of the 
current (other NIC) network)"
Using cloudmonkey and giving a self-computed MAC-address does not rise the 
error and works as expected.

After digging into the code, I think I've found the problem, but am too bad in 
java to provide a sustainable fix.

I've attached a patch which obviously (with own manual tests) fixes that issue 
by simply commenting out the respective codeblock.

As far as I dug into the code, the third parameter of NicProfile is handled by 

NetUtils.long2Mac(NetUtils.createSequenceBasedMacAddress(ipVO.getMacAddress(), 
NetworkModel.MACIdentifier.value())

inside

NicProfileHelperImpl.java

I assume createSequenceBasedMacAddress can handle null as MAC, but doesn't get 
called at all if 


_nicDao.findByNetworkIdAndMacAddress(networkId, macAddress) results != null if 
macAddress is null.



Sorry, if I'm wrong, didn't had decent IDE at hand :)



Cheers,

Stephan Seitz

--

Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

http://www.heinlein-support.de

Tel: 030 / 405051-44
Fax: 030 / 405051-19

Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht
Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin


--- a/server/src/com/cloud/vm/UserVmManagerImpl.java	2018-04-02 08:29:09.250154334 +0200
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java	2018-04-02 08:34:26.012242484 +0200
@@ -1199,10 +1199,10 @@
 throw new CloudRuntimeException("A NIC already exists for VM:" + vmInstance.getInstanceName() + " in network: " + network.getUuid());
 }
 
-if(_nicDao.findByNetworkIdAndMacAddress(networkId, macAddress) != null) {
-throw new CloudRuntimeException("A NIC with this MAC address exists for network: " + network.getUuid());
-}
-
+//if(_nicDao.findByNetworkIdAndMacAddress(networkId, macAddress) != null) {
+//throw new CloudRuntimeException("A NIC with this MAC address exists for network: " + network.getUuid());
+//}
+// NicProfile can handle duplicates by itself
 NicProfile profile = new NicProfile(ipAddress, null, macAddress);
 if (ipAddress != null) {
 if (!(NetUtils.isValidIp4(ipAddress) || NetUtils.isValidIp6(ipAddress))) {


signature.asc
Description: This is a digitally signed message part

Re: How to generate API key for user

[Stephan Seitz]

maybe this is trivial question but unfortunately can't find how to generate
> API key/secret for user.

Navigate to Accounts -> YOUR_ACCOUNT -> "View Users" (on the right) -> 
YOUR_USER -> "Generate Keys" (a square symbol)

Re: Now that Oracle is collecting for the use of Java, should we worry?

[Stephan Seitz]

Hi!

> I read in the news Oracle is collecting from companies using Java
> libraries
> in commercial uses, since Cloudstack uses Java for its operations,
> should
> we worry about it?

Just to avoid FUD about that news.

Oracle had always licensed Java Enterprise Features (Flight Recorder,
Mission Control, Advanced Management Console, ...) as well as Embedded
Device use.

Here's an oracle statement:
http://www.v3.co.uk/v3-uk/news/3001518/oracle-chasing-java-se-users-ove
r-unpaid-fees

Here's a response from the Java Champions:
https://docs.google.com/document/d/17OF811wWjjCnmDPJDD6v2c_nMO93e5evjra
vdCOkXMQ/edit

As long as we don't build with -XX:+UnlockCommercialFeatures we
shouldn't worry.

cheers,

- Stephan

advanced zone, shared network, VR sometimes looses default gateway definition

[Stephan Seitz]

Hi,

I wonder if someone else faced this issue. We're running acs 4.9.0 w/
advanced zone.
Sometimes, the VR (dnsmasq) looses it's gateway (dhcp option 3) and
subsequently offers itself as the default gateway.

VR's /etc/dnsmasq.conf shows
dhcp-option=option:router,REDACTED_AND_CORRECT_GATEWAY

this setting doesn't seem to have any effect.

VR's /etc/dnsmasq.d/cloud.conf shows
dhcp-option=tag:interface-eth0-0,3,0.0.0.0

After changing 0.0.0.0 to the configured gateway and restarting dnsmasq
inside the VR everythings "fixed".

I'm quite unsure why and when this setting is getting lost. I also find
it really hard to debug the dnsmasq due to different inkonsistent
configurations.

its running via

/usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u dnsmasq -7
/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new

which is (for my opinion) a pretty nasty parameter.

Could someone please shed some light?

Thanks!

- Stephan

Re: Link Domain to LDAP

[Stephan Seitz]

Hi,

I'ld verify the settings via mysql

mysql> select * from ldap_configuration \G
*** 1. row ***
  id: 2
hostname: YOUR_LDAP_SERVER
port: 636

also check, if you're able to resolve the hostname and connect to it
from your management host.

mysql> select * from ldap_trust_map \G
*** 1. row ***
  id: 1
   domain_id: 2
type: OU
name: dc=FOO,dc=BAR
account_type: 0

you'ld also need to import the specific users. I checked them via

mysql> select * from user where username="XX" \G
*** X. row ***
  id: NNN
uuid: ----
username: XX
password: XX==:10
  account_id: NNN
   firstname: John
lastname: Doe
   email: X@XX
   state: enabled
 api_key: NULL
  secret_key: NULL
 created: -NN-NN NN:NN:NN
 removed: NULL
timezone: NULL
  registration_token: NULL
   is_registered: 0
incorrect_login_attempts: 0
 default: 0
  source: LDAP
 external_entity: NULL



- Stephan

Am Freitag, den 14.10.2016, 02:06 + schrieb Marty Godsey:
> I have confirmed that when I am attempting to login with the user
> that is failing, or any user in the group specified for that matter,
> the packets are not even hitting the domain controller. I did a
> packet capture at the DC and logged in with a known AD user that is
> already configured in another ACS domain. This ACS domain does not
> have any LDAP bindings just the "default" LDAP settings. I was able
> to see my packets hit the DC and authenticate. When attempting to log
> in from a user in the linked domain, no packets are seen.. Is there a
> service or a library I need to check?
> 
> Regards,
> Marty Godsey
> 
> -Original Message-
> From: Marty Godsey [mailto:ma...@gonsource.com] 
> Sent: Thursday, October 13, 2016 9:37 PM
> To: users@cloudstack.apache.org
> Subject: RE: Link Domain to LDAP
> 
> Whenever I try to bind to LDAP using the users credentials, its
> works.
> 
> root@cs3-mgmt:/var/log/cloudstack/management# ldapwhoami -vvv -h
> x.x.x.x -p 389 -D "CN=John Doe,OU=test1,OU=test2,DC=mydomain,DC=com"
> -x -w Password1234!
> ldap_initialize( ldap://10.253.0.21:389 ) u:domain\john.doe
> Result: Success (0)
> 
> If I also run an ldapsearch on this user, it is successful..
> 
> However upon trying to authenticate with the same credentials on the
> ACS screen, I receive an incorrect password error. When I look in the
> log file all that is the following:
> 
> Authentication failure:
> {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"User is
> not allowed CloudStack login"}}
> 
> I have recreated this domain and liked it to GROUP and OU. Nested
> groups is set to true in the ldap settings.
> 
> Thoughts?
> 
> Regards,
> Marty Godsey
> 
> -Original Message-
> From: Rajani Karuturi [mailto:raj...@apache.org]
> Sent: Wednesday, October 12, 2016 3:01 AM
> To: users@cloudstack.apache.org
> Subject: Re: Link Domain to LDAP
> 
> Yes, you can have LDAP configured at global and domain level.
> Did you give fully qualified name of GROUP/OU while linking?
> 
> Easiest way to debug is to run the ldap query manually and see if it
> returns any results ldapsearch -x -h hostname -p port "basedn" -s sub
> -D "username"
> -w password
> "(&(objectClass=user)(sAMAccountName=*)(memberof=linked_group_name))"
> 
> Also check that `ldap.provider` is set to correct value and there are
> direct users in the group.
> Nested groups will only work with MicrosoftAD provider and with
> configuration `ldap.nested.groups.enable` set to true.
> 
> There is a demo of the feature at
> https://youtu.be/GI9b9MiOQkw?t=4m10s
> 
> Thanks,
> ~ Rajani
> http://cloudplatform.accelerite.com/
> 
> On October 12, 2016 at 6:23 AM, Marty Godsey
> (ma...@gonsource.com) wrote:
> Hello,
> 
> I have an ACS 4.9 instance that runs well with no issues. I have
> enabled LDAP authentication at the Global Level and this works
> without issue. The question I have is the "Link Domain to LDAP"
> function at the domain level. I have a domain that I want to auto
> sync. I added this sub domain ( lets call it ROOT/LDAPTest ) that I
> configured with the DN of the group I am wanting to populate from (I
> also attempted this with the OU setting as well) and the user that
> was created cannot authenticate nor are any of the test accounts in
> Active Directory being created in ACS.
> 
> I have LDAP configured globally and I also, as a test made the user
> part of the group I indicated for "LDAP Accounts" and the user shows
> up, but the "Link Domain to LDAP" does not seem to work. I tried
> looking in 

Re: Adding an ISO to Cloudstack but missing download ISO button

[Stephan Seitz]

Maybe you're exporting the content of your secondary storage via NFS
consolidated on your managemenent host. 
But you should also have an SSVM running which mounts your share and
manages downloads etc.
As Sergey already mentioned, login to that SSVM and check the network
connectivity from inside your SSVM.

Am Dienstag, den 11.10.2016, 11:06 +0800 schrieb Oreki Hōtarō:
> Forgot to mention that my secondary storage is on the management
> server, as
> in I'm using a single machine as host and ssvm. Maybe the settings
> are
> different? Ssh into host means I'm ssh to myself which does nothing.
> And
> I've checked the other 3 things, all passed so far. Also, I've
> noticed that
> local link, root@locallink will give me the no route to host error
> while
> root@ssvmprivateIP will give me connection timed out error.
> 
> On Tue, Oct 11, 2016 at 10:16 AM, Sergey Levitskiy <
> sergey.levits...@autodesk.com> wrote:
> 
> > 
> > 
> > You need to check route from SSVM to the website hosting the ISO
> > over ACS
> > public network. SSH to SSVM using instructions here
> > http://stackoverflow.com/questions/19812463/how-to-ssh-
> > into-cloudstack-ssvm-through-public-ip-address
> > and try to:
> > 1. Check name resolution
> > 2. Check basic connectivity e.g. PING
> > 3. Try to curl to ISO to see if you can establish HTTP session
> > 
> > 

Re: Lost vhd file in cloudstack

[Stephan Seitz]

Hi,

if you take a look into the mysql cloud.volumes table, you should find
uuid-strings in the path-field. At least for XenServer lvmohba Storages
you should find that uuid as part of the lv-name (VHD-[uuid])

cheers,

- Stephan


Am Samstag, den 08.10.2016, 09:19 + schrieb
vivek.ku...@indiqus.com:
> 
> Hello Guys,
> 
> 
> I have a setup of acs 4.5.2 with 4 xenserver's 6.5,  one day while
> migrating  root disk of a vm  to another storage pool its gives me
> error.
> 
> 
> I tried to start my vm but it couldn't start and said unable to start
> due to insufficient capacity so I checked the logs and try to
> migrates again and this time it gave me error that unable to reach
> storage pool and the  uuid that u supplied is invalid. So I check the
> vhd file location from the db and searched it on my primary storage
> and found nothing that time. 
> 
> 
> Then I logged in to my xen server and checked the location of that
> vhd  it gave me 3 uuid of that vms so I checked that these 3 vhd was
> there in my primary storage, and here comes the main point that these
> 3 vhd were very small in size however my original vhd would be around
> 100GB,  and then I did manually entry of that vhd path in my database
> but successfully to start the vm but with no data.
> 
> 
> So where do I find the the old vhd file name..
> 
> 
> So anyone have any idea that we can find the old vhd name.
> 
> 
> Regards
> 
> 
> Vivek Kumar
> 
> 

Re: Cloudstack management server changing msid

[Stephan Seitz]

Yes, I'ld mark the old ones removed. I'm quite unsure where the id-
field is referenced to, so if it was my management-node, I'ld use the
entry with the last working id and mark the others as removed by
setting a date in the past into the removed-fields.

I don't know if this is the promoted way, but that worked for our
setup.

cheers,

- Stephan


Am Freitag, den 07.10.2016, 09:05 -0700 schrieb Carlos Reátegui:
> Thanks…. That makes sense.  I do have a bond for my NICs which means
> the OS will pick one of the underlying MACs for the bond MAC upon
> boot (and not always the same one).
> 
> And since my NIC card has been replaced twice that is why my table
> looks like this:
> 
> mysql> select id,hex(msid),runid,state,version,last_update,removed
> from mshost;
> ++--+---+---+-+
> -+-+
> > 
> > id | hex(msid)| runid | state | version |
> > last_update | removed |
> ++--+---+---+-+
> -+-+
> > 
> >  1 | 90B11C2005CF | 1438989683052 | Up| 4.5.1   | 2016-02-24
> > 23:11:01 | NULL|
> >  2 | C81F66E36518 | 1472507558962 | Up| 4.5.2.1 | 2016-09-23
> > 16:30:06 | NULL|
> >  3 | C81F66E36516 | 1474876304188 | Up| 4.5.2.1 | 2016-09-26
> > 07:54:20 | NULL|
> >  4 | 44A8421593B2 | 1475849685464 | Up| 4.5.2.1 | 2016-10-08
> > 00:09:44 | NULL|
> >  5 | 44A8421593B0 | 1475199571333 | Up| 4.5.2.1 | 2016-09-30
> > 02:01:31 | NULL|
> ++--+---+---+-+
> -+-+
> 5 rows in set (0.00 sec)
> 
> I’m going to set the hwaddress as you suggest to keep the bond MAC
> from changing.
> 
> Should I mark the “old” msids removed?
> 
> thank you!
> 
> 
> 
> > 
> > On Oct 7, 2016, at 12:51 AM, Stephan Seitz <s.seitz@secretresearchf
> > acility.com> wrote:
> > 
> > Hi Carlos,
> > 
> > we encountered the same issue after introducing nic-bonding on the
> > management net which changed the MAC.
> > 
> > The msid includes the MAC of the interface which has the service_ip
> > bound to. If that MAC changes, your management node encounters an
> > identity crisis ;)
> > 
> > We solved that, by updating the msid field in the cloud.mshost
> > table.
> > 
> > The msid is the decimal representation of the MAC. So, in our case
> > 57177340185274 (dec) = 3400a30d0aba (hex) (34:00:a3:0d:0a:ba)
> > 
> > This currently shows:
> > 
> > mysql> select * from mshost where id=1 \G
> > *** 1. row ***
> >   id: 1
> > msid: 57177340185274 <---
> >    runid: 1474366224657
> > name: acs-management-1
> >    state: Up
> >  version: 4.9.0
> >   service_ip: 10.97.13.1
> > service_port: 9090
> >  last_update: 2016-10-07 07:43:59
> >  removed: NULL
> >  alert_count: 0
> > 1 row in set (0.00 sec)
> > 
> > 
> > # ip addr show dev bond0
> > 4: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc
> > noqueue state UP group default qlen 1000
> > link/ether 34:00:a3:0d:0a:ba brd ff:ff:ff:ff:ff:ff
> > inet 10.97.13.1/22 brd 10.97.15.255 scope global bond0
> >    valid_lft forever preferred_lft forever
> > 
> > 
> > Another way to solve this issue could be changing the MAC of the
> > management interface to a known (and fixed) value. E.g. by using
> > ethtool.
> > 
> > If you know the removed hardware is no longer used in the same
> > network
> > segment, and you do know the previos MAC, you could change your
> > network
> > configuration by setting the MAC on the new hardware to the
> > previously
> > one.
> > 
> > To be safe from further changes, we did this additionally by using
> > the
> > hwaddress keyword in /etc/network/interfaces. This is the
> > debian/ubuntu
> > way.
> > 
> > auto bond0
> > iface bond0 inet static
> > address 10.97.13.1
> > netmask 255.255.252.0
> > gateway 10.97.12.1
> > dns-nameservers 
> > dns-search XXX
> > hwaddress 34:00:a3:0d:0a:ba
> > bond-slaves eth0 eth1
> > bond-mode 4
> > bond-lacp-rate 1
> > bond-miimon 100
> > bond-updelay 200
> > bond-downdelay 200
> > 
> > 
> > Hope this helps!
> > 
> > cheers,
> > 
&g

Re: Cloudstack management server changing msid

[Stephan Seitz]

Hi Carlos,

we encountered the same issue after introducing nic-bonding on the
management net which changed the MAC.

The msid includes the MAC of the interface which has the service_ip
bound to. If that MAC changes, your management node encounters an
identity crisis ;)

We solved that, by updating the msid field in the cloud.mshost table.

The msid is the decimal representation of the MAC. So, in our case
57177340185274 (dec) = 3400a30d0aba (hex) (34:00:a3:0d:0a:ba)

This currently shows:

mysql> select * from mshost where id=1 \G
*** 1. row ***
  id: 1
msid: 57177340185274 <---
   runid: 1474366224657
name: acs-management-1
   state: Up
 version: 4.9.0
  service_ip: 10.97.13.1
service_port: 9090
 last_update: 2016-10-07 07:43:59
 removed: NULL
 alert_count: 0
1 row in set (0.00 sec)


# ip addr show dev bond0
4: bond0:  mtu 1500 qdisc
noqueue state UP group default qlen 1000
link/ether 34:00:a3:0d:0a:ba brd ff:ff:ff:ff:ff:ff
inet 10.97.13.1/22 brd 10.97.15.255 scope global bond0
   valid_lft forever preferred_lft forever


Another way to solve this issue could be changing the MAC of the
management interface to a known (and fixed) value. E.g. by using
ethtool.

If you know the removed hardware is no longer used in the same network
segment, and you do know the previos MAC, you could change your network
configuration by setting the MAC on the new hardware to the previously
one.

To be safe from further changes, we did this additionally by using the
hwaddress keyword in /etc/network/interfaces. This is the debian/ubuntu
way.

auto bond0
iface bond0 inet static
address 10.97.13.1
netmask 255.255.252.0
gateway 10.97.12.1
dns-nameservers 
dns-search XXX
hwaddress 34:00:a3:0d:0a:ba
bond-slaves eth0 eth1
bond-mode 4
bond-lacp-rate 1
bond-miimon 100
bond-updelay 200
bond-downdelay 200


Hope this helps!

cheers,

- Stephan

Am Donnerstag, den 06.10.2016, 23:41 -0700 schrieb Carlos Reátegui:
> Hi,
> I have had this issue a few times now with my management server.  I
> have had a couple unfortunate hw issues that have caused the machine
> to crash (have replaced motherboard, backplane and network cards….
> don’t ask).  Upon restoring the machine there is a new entry in the
> mshost table.  However the host table mgmt_server_id still references
> the old mshost.msid and therefore my management server is unable to
> “manage” the hosts.
> 
> The only way to fix this is to :
> update host set mgmt_server_id= where mgmt_server_id= msid>;
> 
> Anyone else run across this?  Is there a proper way to restore a
> management server?  How does the management server decide it is a new
> mshost and create a new entry in the mshost table?
> 
> Currently my mshost table has 5 entries and they all claim to be in
> the “Up” state even though there is only 1 management server.  One of
> the entries is for the original 4.5.1 install.  The other 4 are for
> the current 4.5.2.1 upgrade.  They all have the same IP address.
> 
> thanks,
> Carlos

Re: configdrive in ACS

[Stephan Seitz]

Hi Jayapal,

out of curiosity, i just tried that. It just shows

"Unable to deploy VM as template 471 is password enabled, but there is
no support for UserData service in the default network 232"

cheers,

- Stephan

Am Donnerstag, den 15.09.2016, 14:48 +0530 schrieb Jayapal Reddy:
> Hi,
> 
> Cloudstack has config drive support for shared network without
> service.
> 
> 1. Create a shared network offering without any service (In advanced
> zone)
> 2. Create a shared network using above offering.
> 3. Deploy  VM in this network. log in to the VM and see the device by
> label
> (config). You will find the config drive.
> 
> Thanks,
> Jayapal
> 
> On Sun, Sep 11, 2016 at 4:06 PM, Helge Waastad 
> wrote:
> 
> > 
> > Hi,
> > Im testing out RancherOS in ACS and have a couple of issues.
> > 
> > First, it seems that RancherOS does not support cloudstack
> > datasource for
> > meta/userdata but that I need to take with Rancher guys.
> > 
> > But, in openstack I can always use configdrive to get userdata to
> > my vm.
> > 
> > Is it possible to use configdrive in acs? (i have'nt had any luck
> > yet)
> > 
> > Br hw
> > 
> > 
> > 
> > 
> > Sendt fra Galaxy Tab

Re: two XenServer Pools on the same primary Storage?

[Stephan Seitz]

Hi Dag,

thank you for your feedback.We're going to introduce a new cluster. Not
really happy with that, but way better than risking any data loss.

- Stephan


Am Montag, den 12.09.2016, 08:24 + schrieb Dag Sonstebo:
> Hi Stephan,
> 
> Zone-wide (i.e. multi-cluster) primary storage is only supported on
> KVM and VMware, not XenServer. 
> 
> Just so we are on the same page though – this applies at a LUN level
> – in other words two XenServer pools can never share a LUN, but they
> can both use different LUNs from the same storage backend.
> 
> And yes – to answer your question – using the same LUN on multiple
> clusters is pretty much guaranteed to cause you problems – most
> likely data corruption and complete loss of data. 
> 
> Regards,
> Dag Sonstebo
> Cloud Architect
> ShapeBlue
> 
> On 09/09/2016, 14:24, "Stephan Seitz" <s.seitz@secretresearchfacility
> .com> wrote:
> 
> Hi!
> 
> I've recently expanded our XenServer Pool and had to notice that
> E5-
> 2630 v2 are far different from E5-2630 v4. Due to Dell's R630
> BIOS i'm
> unable to use Intel FlexMigration. So I'ld loose the live-
> migration
> feature.
> Anyway. I'ld start introducing a new XenServer Pool (ACS Cluster)
> with
> that newer CPU Generation.
> 
> My Question is: Is it possible to use the same (FC/presetup)
> Primary
> Storages for both Clusters?
> I've seen cluster.storage.operations.exclude (which defaults to
> false)
> but currently don't know if this would need to be set to true on
> the
> second cluster.
> 
> Would you expect any problems running two XenServer Pools (say:
> two ACS
> Clusters) with the same Primary Storages?
> 
> Thanks for any advice!
> 
> cheers,
> 
> - Stephan
> 
> 
> 
> 
> 
> dag.sonst...@shapeblue.com 
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>   
>  
> 

two XenServer Pools on the same primary Storage?

[Stephan Seitz]

Hi!

I've recently expanded our XenServer Pool and had to notice that E5-
2630 v2 are far different from E5-2630 v4. Due to Dell's R630 BIOS i'm
unable to use Intel FlexMigration. So I'ld loose the live-migration
feature.
Anyway. I'ld start introducing a new XenServer Pool (ACS Cluster) with
that newer CPU Generation.

My Question is: Is it possible to use the same (FC/presetup) Primary
Storages for both Clusters?
I've seen cluster.storage.operations.exclude (which defaults to false)
but currently don't know if this would need to be set to true on the
second cluster.

Would you expect any problems running two XenServer Pools (say: two ACS
Clusters) with the same Primary Storages?

Thanks for any advice!

cheers,

- Stephan

Re: Adding Hosts to XenCenter Pool

[Stephan Seitz]

Am Mittwoch, den 07.09.2016, 22:57 + schrieb Jeremy Peterson:
> So I am running XenCenter and I am trying to create a second pool to
> add hosts to but when I join the pool the errors are coming up
> 
> The server joining the pool must have a physical management
> NIC  (i.e. the management NIC must not be on a VLAN or bonded PIF)

Indeed, this is XenServer-specific.
Start with one host meant to be the initial pool-master. Say: configure
these trunks and networks on just this single host. Don't forget to
label these networks to meet the respective ACS labels.
If you'ld like add this host to ACS. Can be done now or later.
Additional hosts meant as additional pool-members shouldn't be
configured. Just do a simple installation and define the hosts
management IP *on one of the meant-to-be MGMT trunk-ports*.
Join the addtitional host to the pool-master and you're done. The pool-
configuration will be populated to all new pool-members. I'ld recommend
to use the identical NICs on every host - that's way easier.


> I have 6 nics
> 
> 2 on board 1GB NIC ( LACP BOND with port channel to two different
> nexus 5k) MGMT
> 2 10GB NIC ( LACP BOND with port channel to two different nexus 5k)
> Primary storage
> 2 10GB NIC ( LACP BOND with port channel to two different nexus 5k)
> Sec Storage & Guest & Public traffic
> 
> Everything looks good outside of a xenserver pool the minute I want
> to add to a pool I get the above error.
> 
> I am on CS 4.5.0 XS 6.5
> 
> Maybe I should ask this to XenServer but I use CloudStack and I seen
> someone talk about XenServer MGMT LACP a couple weeks ago but I don't
> think I seen a good answer on if it works or not.
> 
> I'm confused why it doesn't work.

Re: cloudstack-usage no longer working / error saving account to cloud_usage db

[Stephan Seitz]

Hi Rohit,

thanks!

Having a recent DB backup at hand and only based on guesses, I did some
further experiments yesterday :)
- Rerun /usr/share/cloudstack-common/scripts/util/migrate-
dynamicroles.py
- Checked cloudstack-usage 4.8.0.1 instead of 4.9
- Updated back to cloudstack-usage 4.9
... and magically, it works after I changed the pid of the latest
cloud_usage.usage_job to the corresponding pid.

Though, I don't think thats the recommended way for a fix as I don't
know why it's working...

cloud.account shows role_id for every active account.
cloud_usage.account now shows role_id for these accounts also.
Only PrjAcct-$projectname-$id has role_id set to NULL, but I assume
this is correct since Projects are not assigned to roles.

Anyway, the metric/quota reports are working!

- Stephan

Am Donnerstag, den 18.08.2016, 09:03 + schrieb Rohit Yadav:
> Hi Stephan,
> 
> 
> In cloud_usage.account `role_id` can be NULL as there is no user of
> this field within the usage server. In cloud.account, the `role_id`
> should be automatically populated/migrated when you upgraded. From
> your shared db query result, I'm not sure if that's a select query on
> cloud.account or cloud_usage.account, can you confirm it?
> 
> 
> Based on the exception, we can only get that if the account being
> saved don't have any role_id defined. With a new account created and
> usage records generated, I could not reproduce your issue. It is
> likely caused by an account in cloud.account table whose role_id is
> NULL.
> 
> 
> Can you check (and share) that all of your accounts in cloud database
> (cloud.account) have non-NULL role_id? Please fix anything that is
> NULL. For root admin account type use set role_id=1, for resource
> admin set role_id=2, for domain admin set role_id=3 and for user
> account set role_type=4;
> 
> 
> Regards.
> 
> rohit.ya...@shapeblue.com 
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>   
>  
> 

Re: Console Issue

[Stephan Seitz]

Hi,

there has been a bug report and a fix was submitted. It's been fixed at
least in 4.9 (you need to destroy your existing consoleproxy if you're
running an older one).

If you want to "hotfix" it, just login to your consoleproxy find
ajaxviewer.js somewhere in /usr/local/cloud and add
case 47:
below the lines
case 39:
case 40:

That would be gone after redeploying your consoleproxy, but hey ;)



>From instance we can see console icon. After click console icon, OS
> instance
> will show up. I notice when I use "/" it will popup Quick Find. Is
> this a
> bug or normal?

Re: Fresh 4.9 Install

[Stephan Seitz]

Hi,

some less terse log excerpt would be really helpful. Could you paste
the relevant parts of /var/log/cloudstack/management/management-
server.log?

Anyway, did you follow the installation instructions?

http://docs.cloudstack.apache.org/projects/cloudstack-installation/en/4
.9/management-server/

Oh, to that particular exception: Did you configure hosts with working
vgpu support?


Am Samstag, den 13.08.2016, 08:06 + schrieb Marty Godsey:
> Another error when clicking on Infrastructure
> 
> 
> DB Exception on: SELECT host_gpu_groups.group_name, vgpu_type,
> max_vgpu_per_pgpu, SUM(remaining_capacity) AS remaining_capacity,
> SUM(max_capacity) AS total_capacity FROM `cloud`.`vgpu_types` INNER
> JOIN `cloud`.`host_gpu_groups` ON vgpu_types.gpu_group_id =
> host_gpu_groups.id INNER JOIN `cloud`.`host` ON
> host_gpu_groups.host_id = host.id WHERE host.type = 'Routing' AND
> host.data_center_id = ? GROUP BY host_gpu_groups.group_name,
> vgpu_type
> 
> Regards,
> Marty Godsey
> 
> -Original Message-
> From: ilya [mailto:ilya.mailing.li...@gmail.com] 
> Sent: Saturday, August 13, 2016 12:46 AM
> To: users@cloudstack.apache.org
> Subject: Re: Fresh 4.9 Install
> 
> Marty
> 
> i've tested 4.9 RC2 recently, i've noticed few minor UI glitches (but
> nothing really major).
> 
> With that said, i could not see your screenshots as files attached to
> this mailing list - can you upload them elsewhere?
> 
> I could be wrong, but i believe users mailings provided by ASF does
> not honor attachments.
> 
> Personal preference, I use  a nifty app called "Jing" from TechSmith,
> its freebie - and allows for direct online posting.
> 
> Regards,
> ilya
> 
> On 8/12/16 7:33 PM, Marty Godsey wrote:
> > 
> > Correction:
> > 
> >  
> > 
> > I also get an error when going to Storage
> > 
> >  
> > 
> >  
> > 
> > Its almost since nothing is configured, it gets unhappy.
> > 
> >  
> > 
> >  
> > 
> > Regards,
> > 
> > Marty Godsey
> > 
> >  
> > 
> > *From:* Marty Godsey [mailto:ma...@gonsource.com]
> > *Sent:* Friday, August 12, 2016 10:32 PM
> > *To:* users@cloudstack.apache.org
> > *Subject:* Fresh 4.9 Install
> > 
> >  
> > 
> > Hello,
> > 
> >  
> > 
> > On a fresh 4.9 install I get the following error when I click on
> > the
> > dashboard:
> > 
> >  
> > 
> >  
> > 
> > At this time I have no zones or storage configured. I also do not
> > get 
> > any other errors any where else.
> > 
> >  
> > 
> > My setup is as follow:
> > 
> >  
> > 
> > 1.   Two management servers running Ubuntu 14.04 (get error on
> > both)
> > 
> > 2.   Separate database server running mysql
> > 
> >  
> > 
> > Again nowhere else shows an error.
> > 
> >  
> > 
> > Regards,
> > 
> > Marty Godsey
> > 
> >  
> > 

Re: Debian 8.5 template

[Stephan Seitz]

Hi,

you should remove /etc/ssh/*{_key,_key.pub} as one of the final steps
of template creation.
I'm currently not sure if debian's openssh-server init automatically
regenerates the server keys. If not a (to be written) "first-boot' init
should call dpkg-reconfigure openssh-server to get the keys
regenerated.

Anyway, some housekeeping tasks (like removing .bash_history,
/var/log/* ...) should be done anyway during template creation.

Here's what we do after template creation/update:

https://github.com/HeinleinSupport/acs-template-scripts/blob/master/deb
ian8/root/newtemplate.sh



Am Sonntag, den 14.08.2016, 22:40 +0300 schrieb Mindaugas Milinavičius:
> Hello,
> 
> does anyone create template for Debian 8.5?
> 
> I can create, but after server is booted, do not working SSH becau
> se of
> invalid rsa key.
> 
> Hostname changed, password also changed.
> 
> The solution is onlye to reinstall openssh-server to get started, but
> how
> to do it on boot from template?
> 
> Does anyone have solution?

Re: Primary storage calculation

[Stephan Seitz]

Hi,

since your lvm shows duplicate pv's I assume the filter in your
lvm.conf isn't set correct.
This could also explain the listing of (xenserver unrelated)
vg_srv1/lv_* due to nested lvm.

btw. I'ld rather use something like
vhd-util scan -f -m "VHD-*" -l VG_XenStorage-3e26eaad-befd-fb47-82ad-
b8f2bec1378e -p
to get a proper view on your vhd-lv's.

- Stephan

Am Dienstag, den 09.08.2016, 21:43 +0300 schrieb Mindaugas
Milinavičius:
> 56G
> 50G and 4G - have no idea what is it...
> 
> 
> # lvs
>   Found duplicate PV aVgL0a29JUALu5j3MJZb5iFHRKQhOJi0: using
> /dev/sdi3 not
> /dev/sdb3
>   LV   VG
>   Attr   LSize  Origin Snap%  Move Log Copy%  Convert
>   MGT
>  VG_XenStorage-3e26eaad-befd-fb47-82ad-b8f2bec1378e -wi-a-  4.00M
>   VHD-0b4dab04-4b0b-4fbb-a847-5818a9b28e66
> VG_XenStorage-3e26eaad-befd-fb47-82ad-b8f2bec1378e -ri-ao  2.94G
>   VHD-337c4cac-8027-4dfa-8739-f1846ba2dc24
> VG_XenStorage-3e26eaad-befd-fb47-82ad-b8f2bec1378e -wi---  2.94G
>   VHD-6fecae1a-cbbf-4e20-8201-de634e2a2be4
> VG_XenStorage-3e26eaad-befd-fb47-82ad-b8f2bec1378e -wi---  2.94G
>   VHD-756e318f-a958-45d5-9837-46b0c91b4293
> VG_XenStorage-3e26eaad-befd-fb47-82ad-b8f2bec1378e -wi-ao  2.94G
>   hb-0a0de3c4-e181-4424-af7c-798ebd38269b
>  VG_XenStorage-3e26eaad-befd-fb47-82ad-b8f2bec1378e -wi---  4.00M
>   hb-8940634c-1203-44da-bb9b-73193f160eb7
>  VG_XenStorage-3e26eaad-befd-fb47-82ad-b8f2bec1378e -wi---  4.00M
>   hb-d5929bfd-bae8-4ed0-bc1e-6e7f5a1987b7
>  VG_XenStorage-3e26eaad-befd-fb47-82ad-b8f2bec1378e -wi-a-  4.00M
>   lv_home  vg_srv1
>    -wi--- 56.14G
>   lv_root  vg_srv1
>    -wi--- 50.00G
>   lv_swap  vg_srv1
>    -wi---  4.00G
> 
> 
> 
> 
> 
> Pagarbiai
> Mindaugas Milinavičius
> UAB STARNITA
> Direktorius
> http://www.clustspace.com
> LT: +37068882880
> RU: +7913933
> 
> Tomorrow's possibilities today
> 
> 
>    - 1 core CPU, 512MB RAM, 20GB (€ 5.00)
>    - 1 core CPU, 1GB RAM, 30GB (€ 10.00)
>    - 2 core CPU, 2GB RAM, 40GB (€ 20.00)
>    - 2 core CPU, 4GB RAM, 60GB (€ 40.00)
>    - 4 core CPU, 8GB RAM, 80GB (€ 80.00)
>    - 8 core CPU, 16GB RAM, 160GB (€ 160.00)
> 
> 
> On Tue, Aug 9, 2016 at 9:32 PM, Makrand 
> wrote:
> 
> > 
> > I've learned few facts about XENserver in last couple of days.
> > 
> > e.g. On XENserver, when you take snapshot, XENserver will create a
> > 2 VDI
> > (Base VDI+place holder for snapshot) file on same primary storage
> > (SR in
> > XENserver terms) as disk is. You will offcouse have a vhd file
> > saved on
> > seconday storage. Here is funny part, when you delete snapshot from
> > cloudstack, XENserver won't do anything to remove these
> > additionally crated
> > VDI
> > 
> > Plus XENserver will copy and crate template for VR on each
> > individual host
> > on its SR. this space is not visible in cloud stack.
> > 
> > Check things from SR level on XENcenter. You can delete any
> > template
> > entries etc.(BE CAREFUL)
> > 
> > Also try digging in with command line
> > 
> > 1) xe vdi-list sr-name-label=
> > params=uuid,name-label,name-description,physical-
> > utilisation,virtual-size,is-a-snapshot,sm-config
> > 
> > this will give you all VDIs present on that storage (give attention
> > to
> > is-snapshot=true ones)
> > 
> > 2) lvs
> > 
> > this will give you summary of all the LVs on the SRs. Note the last
> > marked
> > in this example (Attr=-ri---) is snapshot.
> > 
> > lvs
> >   LV  VG
> >   Attr   LSizeOrigin Snap%  Move Log
> > Copy%
> >  Convert
> >   MGT
> > VG_XenStorage-27c5343c-422a-1ee9-0df5-50a15c7f2437 -wi-a-4.00M
> >   VHD-00ac9fd1-26d3-4c45-9680-bbf3b253c7e1
> >  VG_XenStorage-27c5343c-422a-1ee9-0df5-50a15c7f2437 -wi---3.34G
> >   VHD-15bb4af8-99a0-4425-8227-50a97dc04a8c
> >  VG_XenStorage-27c5343c-422a-1ee9-0df5-50a15c7f2437 -ri---2.70G
> >   VHD-19ed4499-7592-4fe3-8fc3-fbcbcdfcdc51
> >  VG_XenStorage-27c5343c-422a-1ee9-0df5-50a15c7f2437 -wi---8.00M
> >   VHD-1b7e2b7d-3dc5-4f33-b126-4197b59c787f
> >  VG_XenStorage-27c5343c-422a-1ee9-0df5-50a15c7f2437 -wi---8.00M
> >   VHD-1c9fb2a0-1a9f-49f2-80a4-6047d56ca0c8
> >  VG_XenStorage-27c5343c-422a-1ee9-0df5-50a15c7f2437 -wi---  250.50G
> >   VHD-28a79d76-d3ef-4d9d-8773-a888a559d15d
> >  VG_XenStorage-27c5343c-422a-1ee9-0df5-50a15c7f2437 -ri---3.13G
> > 
> > I have cases where I've to remove some entries manually just to
> > gain free
> > space. for me its ACS 4.4.2 and XENserver 6.2
> > 
> > Good luck with your troubleshooting
> > 
> > 
> > --
> > Best,
> > Makrand
> > 
> > 
> > On Tue, Aug 9, 2016 at 11:38 PM, Mindaugas Milinavičius <
> > mindau...@clustspace.com> wrote:
> > 
> > > 
> > > Hello,
> > > 
> > > version of cloudstack 4.7.1
> > > Type: xenserver
> > > primary storage - scaleio 

Granular Access Controls in CloudStack

[Stephan Seitz]

Hi!

We've recently updated our testing environment to acs 4.9.

As there's a new RBAC model, I'm trying to use it. Unfortunately I'm
unable to "activate" it.

I've tried to set dynamic.apichecker.enabled to true, but this is
prohibited via UI. Changing the respective database entry doesn't help
either.

Could someone please shed some light how to enable the new role model?

Thanks!

- Stephan

Re: Overprovising CPU with XenServer 6.5SP1

[Stephan Seitz]

Hi

cpu overprovision factor is only recalculated for vms started *after*
the factor has been changed.
The more vms you're going to stop/start, the more accurate your
calculation is getting.

Please refer to http://docs.cloudstack.apache.org/projects/cloudstack-a
dministration/en/4.8/hosts.html#over-provisioning-and-service-offering-
limits

cheers,

- Stephan


Am Montag, den 08.08.2016, 15:22 +0300 schrieb Mindaugas Milinavičius:
> Hello,
> 
> Does anyone did overprovising with CPU and Xen? I tryed to change in
> global
> settings, but in dashboard anyway shoing like 1:1...
> 
> 
> 
> Pagarbiai
> Mindaugas Milinavičius
> UAB STARNITA
> Direktorius
> http://www.clustspace.com
> LT: +37068882880
> RU: +7913933
> 
> Tomorrow's possibilities today
> 
> 
>    - 1 core CPU, 512MB RAM, 20GB (€ 5.00)
>    - 1 core CPU, 1GB RAM, 30GB (€ 10.00)
>    - 2 core CPU, 2GB RAM, 40GB (€ 20.00)
>    - 2 core CPU, 4GB RAM, 60GB (€ 40.00)
>    - 4 core CPU, 8GB RAM, 80GB (€ 80.00)
>    - 8 core CPU, 16GB RAM, 160GB (€ 160.00)

Re: Xenserver 7 w/ ACS 4.8

[Stephan Seitz]

Hi Glenn,

thank you! I expected that, but didn't want to waste time on
provisioning an intentionallly broken setup :)
 

Am Freitag, den 29.07.2016, 09:19 + schrieb Glenn Wagner:
> Hi Stephan 
> 
> We have tested Xenserver 7 against master branch and due to the
> changes in XenServer 7 it doesn't work
> 
> Regards
> Glenn
>  
>  
> glenn.wag...@shapeblue.com 
> www.shapeblue.com
> First Floor, Victoria Centre, 7 Victoria Street, Somerset West, Cape
> Town  7129South Africa
> @shapeblue
>   
>  
> 
> 
> -Original Message-
> From: Stephan Seitz [mailto:s.se...@secretresearchfacility.com] 
> Sent: Friday, 29 July 2016 9:53 AM
> To: users@cloudstack.apache.org
> Subject: Xenserver 7 w/ ACS 4.8
> 
> Hi!
> 
> I'm just curious if ACS 4.8 can handle Xenserver 7. I havn't found
> any related topics, so I'ld like to ask if anyone has already tried
> it?
> 
> Thanks!
> 
> - Stephan

Xenserver 7 w/ ACS 4.8

[Stephan Seitz]

Hi!

I'm just curious if ACS 4.8 can handle Xenserver 7. I havn't found any
related topics, so I'ld like to ask if anyone has already tried it?

Thanks!

- Stephan

problem with ldap authentication w/ grouOfNames

[Stephan Seitz]

Hi guys!

We've currently setup acs 4.8 and trying to integrate the
authentication for different domains with different kind of grouOfNames
using openldap.

Users are getting imported, but are unable to authenticate with
following log:


2016-07-22 16:10:50,523 INFO  [o.a.c.l.LdapContextFactory] (catalina-
exec-19:ctx-25b685df) (logid:f6a56bdc) LDAP SSL enabled.
2016-07-22 16:10:50,527 DEBUG [o.a.c.l.LdapContextFactory] (catalina-
exec-19:ctx-25b685df) (logid:f6a56bdc) initializing ldap with provider
url: ldaps://X:636
2016-07-22 16:10:50,589 DEBUG [o.a.c.l.LdapManagerImpl] (catalina-exec-
19:ctx-25b685df) (logid:f6a56bdc) ldap Exception: 
javax.naming.NamingException: No user found for basedn
ou=Groups,dc=,dc=YY and searchString
(&(objectClass=inetOrgPerson)(uid=N))

Interestingly enough, the basedn is expanded to ou=Groups, rest of
the dn is ok.

I'ld expecting an ldapquery with the given basedn instead of
ou=Groups,basedn...

could someone please shed some light where or how to configure this
searchfilter?

we double-checked the entries for:
ldap.basedn set to our base
ldap.group.object groupOfNames
ldap.group.user.uniquemenber member

as said, importing the users is working as expected.

Thanks in advance!

cheers,

- Stephan

Re: cs 4.5.1, hosts stuck in disconnected status

[Stephan Seitz]

> We use CS 4.5.1 on a 3 Clusters with XenServer 6.5.
> 
> One Host in a cluster (and another in another cluster as well) got
> and 
> stayed in status "Disconnected".

use
xe host-list
to determine your disconnected hosts-uuid, and try to enable it via
xe host-enable uuid=NN

If the host is enabled in xen pool, acs should be able to reconnect it.

VM states should be completely unrelated to your problem.

cheers,

- Stephan

Re: Opportunity to contribute in Apache CloudStack

[Stephan Seitz]

I'ld also vote that ;)

I could imagine some kind of "business portal" not only to get metrics
but also pricings and SLAs.

cheers,

- Stephan

Am Freitag, den 08.07.2016, 09:09 + schrieb Rashmi Dixit:
> An idea off the top of my head - we do not have any user interface
> for usage. Perhaps they could add UI that can give a user insight
> into cloud_usage database? 
> 
> We can build some pretty fancy reports per domain/account/user that
> can show trends of usage etc.
> 
> Rashmi
> 
> -Original Message-
> From: Erik Weber [mailto:terbol...@gmail.com] 
> Sent: Friday, July 08, 2016 1:49 PM
> To: users@cloudstack.apache.org
> Subject: Re: Opportunity to contribute in Apache CloudStack
> 
> A new user interface wouldn't hurt, it is certainly due for
> replacement...
> But I don't know if that is too simple task for your project?
> 
> --
> Erik
> 
> On Fri, Jul 8, 2016 at 9:58 AM, Jainesh Patel 
> wrote:
> 
> > 
> > Hello ilya,
> > 
> > We are actually very new to Apache CloudStack. Our team has worked
> > on 
> > web projects where we have used Django, Apache, Nginx and Gunicorn.
> > 
> > Considering us at a beginner level, can you please help with it?
> > 
> > Thank you,
> > TheAtom
> > 
> > On Thu, Jul 7, 2016 at 11:13 PM, ilya  > >
> > wrote:
> > 
> > > 
> > > Hi TheAtom Team
> > > 
> > > Thanks for selecting Apache CloudStack as a development platform.
> > > 
> > > We do have large number of initiative you can try to pursue.
> > > 
> > > Perhaps you can explain what skill set your team has and what
> > > would 
> > > be your desired trends - so we can help you better in selecting
> > > a 
> > > new endeavor.
> > > 
> > > Regards
> > > ilya
> > > 
> > > On 7/6/16 3:05 AM, Jainesh Patel wrote:
> > > > 
> > > > Hello,
> > > > 
> > > > We are a group of students that are currently pursuing our
> > undergraduate
> > > 
> > > > 
> > > > degree in Computer Science from Pune Insititute of Computer 
> > > > Technology(PICT), Maharashtra, India. We will be graduating in 
> > > > June
> > 2017
> > > 
> > > > 
> > > > and are currently in our final year. For our B.E project, we
> > > > have
> > > selected
> > > > 
> > > > the domain as Cloud Computing and would be very interesting in 
> > > > working
> > > with
> > > > 
> > > > open source cloud computing software, which is where we
> > > > stumbled 
> > > > upon Apache CloudStack.
> > > > 
> > > > It will be a great learning opportunity for us to work with
> > > > Apache 
> > > > CloudStack and in turn work with you. We would appreciate if
> > > > you 
> > > > could steer us towards the direction of choosing the right
> > > > topic 
> > > > and working towards culminating a project in the same, which
> > > > would 
> > > > be helpful for
> > the
> > > 
> > > > 
> > > > community.
> > > > 
> > > > Following are the few details which include information about
> > > > us, 
> > > > which would help you in making an informed decision:
> > > > 
> > > > 1) Group Name- TheAtom
> > > > 
> > > > 2) Group Members:
> > > > Shubham Mulay ( shubhammu...@gmail.com ) Faizaan Shaikh ( 
> > > > faizaanshai...@gmail.com ) Jainesh Patel ( jainesh...@gmail.com
> > > >  )
> > > > 
> > > > 3) We have two mentors working with us, who will be guiding 
> > > > throughout
> > > the
> > > > 
> > > > process,
> > > > Dhruvesh Rathore ( dhruves...@hotmail.com ) Prerit Auti ( 
> > > > prerita...@gmail.com )
> > > > 
> > > > 4) Development time : 6 to 7 months from Aug '16 to Feb '17.
> > > > 
> > > > We would love to hear from you about any ideas that you see
> > > > fit 
> > > > for us
> > to
> > > 
> > > > 
> > > > pursue and which are feasible in the specified time frame.
> > > > Hoping 
> > > > to
> > hear
> > > 
> > > > 
> > > > from you soon, and thanking you in anticipation.
> > > > 
> > > > Regards,
> > > > TheAtom
> > > > 
> 
> 
> DISCLAIMER
> ==
> This e-mail may contain privileged and confidential information which
> is the property of Accelerite, a Persistent Systems business. It is
> intended only for the use of the individual or entity to which it is
> addressed. If you are not the intended recipient, you are not
> authorized to read, retain, copy, print, distribute or use this
> message. If you have received this communication in error, please
> notify the sender and delete all copies of this message. Accelerite,
> a Persistent Systems business does not accept any liability for virus
> infected mails.

Re: CloudStack Design: Ceph and local storage

[Stephan Seitz]

Hi!

Independently from cloudstack, I'ld strongly recommend to not use ceph
and hypervisors on the very same machines. If you just want to build a
POC this is fine, but If you put load on it, you'll see unpredictible
behavior (at least on the ceph side) due to heavy I/O demands.
Ceph recommends at least 1 Core and 1 GB RAM as a rule of thumb for
each OSD.
BTW. I also won't run a ceph cluster with only two nodes. Your MON
should be able to form a quorum, so you'ld need at least three  nodes.

If you run a cluster with less than about 6 or 8 nodes, I'ld give
gluster a try. I've never tried it myself but I assume this should
be usable as "pre-setup" Storage at least with KVM Hosts.

cheers,

- Stephan



Am Freitag, den 17.06.2016, 13:36 +0200 schrieb Jeroen Keerrel:
> Good afternoon from Hamburg, Germany!
>  
> Short question:
> Is it feasible to use CloudStack with Ceph on local storage? As in
> “hyperconverged”?
>  
> Before ramping up the infrastructure, I’d like to be sure, before
> buying new hardware.
>  
> At the moment: 2 Hosts, each 2 6c XEON CPU, 24GB RAM and each have 6
> 300GB SAS drives.
>  
> According to CEPH, they advise bigger disks and separate storage
> “nodes”.
> CloudStack documentation says: Smaller, High RPM disks.
>  
> What would you advise? Buy separate “Storage Nodes” or  ramp up the
> current nodes?
>  
> Cheers!
> Jeroen
>  
> 
> 
> Jeroen Keerl
> Keerl IT Services GmbH
> Birkenstraße 1b . 21521 Aumühle
> +49 177 6320 317
> www.keerl-it.com
> i...@keerl-it.com
> Geschäftsführer. Jacobus J. Keerl
> Registergericht Lubeck. HRB-Nr. 14511
> Unsere Allgemeine Geschäftsbedingungen finden Sie hier.
> 
> 

Re: Best NIC for XenServer?

[Stephan Seitz]

Hi,

XS 6.5 is built around CentOS 5 with a custom 3.10 Kernel. Using bonded
X540-AT2 NIC, I can't see any problems.
Depending on your network setup, your bond might be created and managed
by OVS instead of Kernel.
Just a guess, but OVS runs in userspace and could be affected by Dom0
RAM shortage or heavy load.
Do you run your storage network over the same bond?

On Mo, 2016-06-13 at 16:08 -0700, Michael J McCafferty wrote:
> Fellow CloudStackers,
> 
>   We are currently using Intel X520-DA2 NICs in our hosts. The
> hosts use
> XenServer. We have upgraded XenServer and applied periodic patches
> and
> updates to XenServer... in general done the usual maintenance. It
> seems
> that there are more issues with the NICs than expected. During
> maintenance or after reboots, very irregularly, they may disappear,
> lose
> the bond, being detected but not be configured in Xen.
>   The HCL for XenServer 6.5 now lists the chip that is on the
> NIC, but
> not the NIC model it self. This leaves me to wonder WTF.
> 
>   I have to ask, is there a known "best" NIC(s) to use with
> XenServer
> going forward? Do the Intel X520-DA2 model known to be finicky with
> XenServer?
>   What is your experience?
> 
> Thanks!
> Mike
> 

ACS 4.8.0 Snapshots / Unable to locate datastore with id 1

[Stephan Seitz]

Hi!

A few days ago we've finally migrated two Primary Storages. Internally,
these PR were numbered 1 and 2.
Everything works as expected with the new SRs, except Snapshots seems
to reference to the removed ones.

(admin)  > list snapshots listall=true 
Error 530: Unable to locate datastore with id 1
cserrorcode = 4250
errorcode = 530
errortext = Unable to locate datastore with id 1
uuidList:

Could someone please shed some light where and how this could be
solved? We don't necesserily need every previously done snapshot, but I
don't think purging the respective tables would be the best option.

Thanks!

- Stephan

Storage Tags for System Services / SSVM etc..

[Stephan Seitz]

Hi!

We're currently migrating Storages and only the Virtual Routers,
Console Proxy and Secondary Storage VM are left on our old Storage.

Since we want to get rid of that Storage, I need a way for provisioning
the System VMs to the new Storage.

Using ACS 4.8.0 with XenServer 6.5, I've done following:
- Mark one LUN on our new Storage as "default" in XenCenter
-> Provisioning of System VMs doesn't respect that
- Added the respective Storage-Tags to System Offerings (I used mysql
and restarted cloudstack-management, since I found no other way)
-> System VMs are unable to start after destroying them. So I reverted
the Tags to NULL to get the System VMs up again. Now, they're located
on different LUNs like before...

TLDR; Do you know any way to force the Disks of the respective VMs
located on a specific Storage?

Thanks in advance!

- Stephan

Re: Storagemigration / Primary Storages

[Stephan Seitz]

Sanjeev,

thank's for your response. As you said, CS will delete the volumes from
the source storage, but I'ld expect it to be done immediately after a
successful migration.
I don't think this happened correctly. Is there an easy way to track
down CS-volumeid to xen-vbds to xen-vdi to the respective LV (LVMoHBA)?
So I could check removal-tasks against the LV.

Thanks in advance!

- Stephan

On Fr, 2016-05-13 at 06:05 +, Sanjeev Neelarapu wrote:
> Hi Stephan,
> 
> Once the volume migration is successful then only CS will delete it
> from the source storage. Please make sure that there are no issues
> with volume migrations.
> 
> Best Regards,
> Sanjeev N
> Chief Product Engineer, Accelerite
> Off: +91 40 6722 9368 | EMail: sanjeev.neelar...@accelerite.com 
> 
> 
> -----Original Message-
> From: Stephan Seitz [mailto:s.se...@secretresearchfacility.com] 
> Sent: Thursday, May 12, 2016 9:49 PM
> To: users@cloudstack.apache.org
> Subject: Storagemigration / Primary Storages
> 
> Hi!
> 
> We're currently migrating volumes from one to another storage with
> the goal to get the source LUN freed to finally remove the whole
> storage.
> This runs w/ ACS 4.8 and XenServer 6.5 with attached FC-Storages.
> 
> Interestingly, the free space not only decreases (as expected) on the
> target LUN. Also the source LUN is running full during this progress.
> 
> By now, I did'nt dug too deep, but maybe anyone had seen this issue.
> too? And maybe could give a hint for the reason? ;)
> 
> What we had was:
> SAS-LUN   w/ Tag SAS
> SATA-LUN w/ Tag SATA
> 
> Every offering is configured with the respective Tags.
> 
> What we prepared:
> SAS-LUN2 w/ Tags SAS,SASNEW
> SATA-LUN2 w/ Tags SATA,SATAMEW
> SAS-LUN w/ Tag SASOLD (changed from SAS) SATA-LUN w/ Tag SATAOLD
> (changed from SATA)
> 
> Most of the volumes are migrated live via cloudmonkey as simple as:
> 
> migrate volume volumeid=[somevolume-on-"old"-lun] storageid=SATA-LUN2 
> livemigrate=true
> 
> Some of the migration-jobs ran into ACS timouts until we changed
> job.cancel.threshold.minutes to 240 (some of the bigger volumes took
> some amount of time).
> 
> Thanks for any suggestions.
> 
> - Stephan
> 
> 
> 
> 
> 
> 
> DISCLAIMER
> ==
> This e-mail may contain privileged and confidential information which
> is the property of Accelerite, a Persistent Systems business. It is
> intended only for the use of the individual or entity to which it is
> addressed. If you are not the intended recipient, you are not
> authorized to read, retain, copy, print, distribute or use this
> message. If you have received this communication in error, please
> notify the sender and delete all copies of this message. Accelerite,
> a Persistent Systems business does not accept any liability for virus
> infected mails.

Storagemigration / Primary Storages

[Stephan Seitz]

Hi!

We're currently migrating volumes from one to another storage with the
goal to get the source LUN freed to finally remove the whole storage.
This runs w/ ACS 4.8 and XenServer 6.5 with attached FC-Storages.

Interestingly, the free space not only decreases (as expected) on the
target LUN. Also the source LUN is running full during this progress.

By now, I did'nt dug too deep, but maybe anyone had seen this issue.
too? And maybe could give a hint for the reason? ;)

What we had was:
SAS-LUN w/ Tag SAS
SATA-LUN w/ Tag SATA

Every offering is configured with the respective Tags.

What we prepared:
SAS-LUN2 w/ Tags SAS,SASNEW
SATA-LUN2 w/ Tags SATA,SATAMEW
SAS-LUN w/ Tag SASOLD (changed from SAS)
SATA-LUN w/ Tag SATAOLD (changed from SATA)

Most of the volumes are migrated live via cloudmonkey as simple as:

migrate volume volumeid=[somevolume-on-"old"-lun] storageid=SATA-LUN2
livemigrate=true

Some of the migration-jobs ran into ACS timouts until we changed
job.cancel.threshold.minutes to 240 (some of the bigger volumes took
some amount of time).

Thanks for any suggestions.

- Stephan

Re: Solaris 11.3 can not be installed

[Stephan Seitz]

> using the official Oracle iso (text install), but installation is not
> continuing when I hit F2 to install on local storage. It seems that
> it is not able to discover the local disk and as a result, it returns
> back to the installation menu and prompts me the error “disk_link:
> invalid disk device number 768”. 

768 looks to me like the representation of linux "hda".
Xen supports different kinds of device-virtualization/emulation which
are mapped to acs os types. I'ld try selecting other OS types which
require HVM, mabye "Other (64bit)" .


signature.asc
Description: This is a digitally signed message part

Re: Password reset, not work after adding new Guest IP Class

[Stephan Seitz]

Hi!

Did you add two networks with dhcp? what shows your guests routing
table? obviously two default gateways? did you check if your virtual
router is reachable from within the guest?

Am Freitag, den 25.03.2016, 15:18 +0200 schrieb Cristian Ciobanu:
> Hello,
> 
> Looks like after adding a second IP class for Guest, password
> generator is not working for New VM on first deploy and password
> reset. 
> 
> Password is provided on CloudStack but when i try to login on
> new VM is not working. 
> 
> I just added a another /28 for the moment i have 2 x /28 on
> this zone running on ACS 4.5.2 with VMware 5.5.
> 
>
>Any info/help ?   
> 
> 
>   Thank you !
> 
> Regards,
> Cristian

signature.asc
Description: This is a digitally signed message part

Re: CentOS 7 Template for ACS

[Stephan Seitz]

Christian,

we reworked the password / sshkey scripts, as well as some network magic
also for CentOS 7.

https://github.com/HeinleinSupport/acs-template-scripts

By now, we're wrapping systemd around somewhat "normal" init-scripts,
but that works as expected.

cheers,

- Stephan


Am Donnerstag, den 24.03.2016, 14:22 +0200 schrieb Cristian Ciobanu: 
> Hello,
> 
>   Is any 100% working  script for creating CentOS 7 template ? i tested 
> some scripts but none of them are works properly.
> 
>   I'm just curios if exist a full step by step for creating templates 
> also to work in the end
> 
> 
> 
> Regards,
> Cristian

Re: glibc vulnerable (CVE-2015-7547)

[Stephan Seitz]

> is the latest system vm template vulnerable to CVE-2015-7547 
> (https://security-tracker.debian.org/tracker/CVE-2015-7547)?
> I cannot find anything about it in the mailinglist and/or CS page.

If you ssh into the system-VMs, you'll find the vulnurable version of
libc.

to mitigate this, we've updated the libc (and only the installed
libc-packages) in the running system-VMs and rebooted them.

Additionally, we've updated the libc in the respective template.
Since we're using XenServer, thats a vhd located at the 2nd. storage,
which we've chroot'ed into, using blktap2, kpartx and mount.

cheers,

- Stephan

Re: HTTPS for console VM, without the wildcard DNS

[Stephan Seitz]

Hi,

well, one could manage huge hosts-files ;)

but seriously, you just need a dns-name / wildcard-certificate for a
domain you trust. If your customers trust your certificate AND your dns
- maybe because of dnssec - you don't need that for every customer.

To keep things off our full-featured nameservers, we did a
zone-delegation for a cloud-subdomain.domain.tld to a small bind which
holds just a flat zone-file wich contains all of the a-b-c-d to a.b.c.d
A-Records.
This took us maybe one hour and a 3-liner in bash.

cheers,

- Stephan

Am Freitag, den 19.02.2016, 16:07 + schrieb Nux!: 
> Hi,
> 
> Last I enabled HTTPS for the console VM, I had to get a *.domain.tld and a 
> wildcard certificate to match that.
> Is there no other way to enable SSL without the wildcard DNS bit?
> It adds a bit of overhead having to setup DNS infra for the customer just so 
> he's able to securely access his cloud.
> 
> 
> --
> Sent from the Delta quadrant using Borg technology!
> 
> Nux!
> www.nux.ro

Re: Procedure for Linux templates

[Stephan Seitz]

Hey Cristian,

we will add distribution-dependent README.md next week.

If you'ld like to follow the same naming, just:

1. create a user "vmadmin"
2. optional: add vmadmin user to sudoers (maybe with NOPASSWD: )
3. copy the files
4. enable the init scripts. E.g. systemctl enable cloud... or
update-rc.d ... depends on the respective distro.


If you copied the files (some need executable rights,
e.g. /etc/init.d/... or /usr/local/sbin/...)


If you want to benefit from the rock-sold (hehe...) accessibility, just
create some kind of "admin-only" or "management" or similar network with
a network-address of 10.97.64.0 (doesn't matter if it's /24 or bigger,
though we're using a /22) and attach this network as the first one.

The whole magic is done via movedhcpdefaultroute script.

We're using the /root/newtemplate.sh if we modified our templates and
just want to create the next version of it.

As said, next week some documentation and suggestions will follow :)

cheers,

- Stephan



Am Freitag, den 19.02.2016, 17:18 +0200 schrieb Cristian Ciobanu: 
> Hi Stephan,
> 
>   First of all, thanks for scripts, also can you let me know what need to be 
> executed on VM after script file's are copied on VM.
> 
>   I don't see any information, is like only copy the files and execute 
> newtemplate.sh.
> 
> Regards,
> Cristian
> On 19.02.2016 13:19:47, Stephan Seitz <s.se...@secretresearchfacility.com> 
> wrote:
> Hi guys,
> 
> just sorting out our repository.
> 
> Maybe you find it useful:
> https://github.com/HeinleinSupport/acs-template-scripts
> 
> Currently, the scripts are looking somewhat messy and our SuSE LEAP
> scripts are waiting for cleanup, but for the impatient ones ...
> 
> For ACS we're moving to public github projects, so I'ld expect more to
> come ;)
> 
> cheers and have a nice weekend!
> 
> - Stephan
> 
> Am Donnerstag, den 18.02.2016, 22:13 +0200 schrieb Cristian Ciobanu:
> > Hello,
> >
> > Nice to hear this, i will wait for updates.
> >
> >
> > Regards,
> > Cristian
> > On 18.02.2016 19:19:30, Stephan Seitz wrote:
> > Hi,
> >
> > we've recently built templates for Centos 7, Ubuntu 14.04, Debian 8 and
> > SuSE Leap 42.1.
> >
> > We tried to do our work as near as possible to the respective default
> > networking. So CentOS 7 w/ NM and SuSE Leap with wicked (which caused a
> > lot of pain to get it working...)
> >
> > We're just sorting out our git project including ReadMe's and scripts
> > and expect to push it tomorrow to github.
> >
> > cheers,
> >
> > - Stephan
> >
> > Am Donnerstag, den 18.02.2016, 15:04 +0200 schrieb Cristian Ciobanu:
> > > Hello,
> > >
> > > Can i get a documentation for how to create Linux templates, and needed 
> > > scripts ?
> > >
> > > I did like in this example : 
> > > http://cloudstack-administration.readthedocs.org/en/4.8/templates.html#creating-a-template-from-an-existing-virtual-machine
> > >  but is not working for CentOS 6.7 or CentOS 7 ( after deploy from 
> > > template template i don't have IP assigned on my network also password 
> > > reset is not working )
> > >
> > > Thank you!
> > >
> > >
> > > Regards,
> > > Cristian
> >
> >
> 
> 

Re: Procedure for Linux templates

[Stephan Seitz]

Hi guys,

just sorting out our repository.

Maybe you find it useful:
https://github.com/HeinleinSupport/acs-template-scripts

Currently, the scripts are looking somewhat messy and our SuSE LEAP
scripts are waiting for cleanup, but for the impatient ones ...

For ACS we're moving to public github projects, so I'ld expect more to
come ;)

cheers and have a nice weekend!

- Stephan

Am Donnerstag, den 18.02.2016, 22:13 +0200 schrieb Cristian Ciobanu: 
> Hello,
> 
> Nice to hear this, i will wait for updates.
> 
> 
> Regards,
> Cristian
> On 18.02.2016 19:19:30, Stephan Seitz <s.se...@secretresearchfacility.com> 
> wrote:
> Hi,
> 
> we've recently built templates for Centos 7, Ubuntu 14.04, Debian 8 and
> SuSE Leap 42.1.
> 
> We tried to do our work as near as possible to the respective default
> networking. So CentOS 7 w/ NM and SuSE Leap with wicked (which caused a
> lot of pain to get it working...)
> 
> We're just sorting out our git project including ReadMe's and scripts
> and expect to push it tomorrow to github.
> 
> cheers,
> 
> - Stephan
> 
> Am Donnerstag, den 18.02.2016, 15:04 +0200 schrieb Cristian Ciobanu:
> > Hello,
> >
> > Can i get a documentation for how to create Linux templates, and needed 
> > scripts ?
> >
> > I did like in this example : 
> > http://cloudstack-administration.readthedocs.org/en/4.8/templates.html#creating-a-template-from-an-existing-virtual-machine
> >  but is not working for CentOS 6.7 or CentOS 7 ( after deploy from template 
> > template i don't have IP assigned on my network also password reset is not 
> > working )
> >
> > Thank you!
> >
> >
> > Regards,
> > Cristian
> 
> 

Re: Procedure for Linux templates

[Stephan Seitz]

Hi,

we've recently built templates for Centos 7, Ubuntu 14.04, Debian 8 and
SuSE Leap 42.1.

We tried to do our work as near as possible to the respective default
networking. So CentOS 7 w/ NM and SuSE Leap with wicked (which caused a
lot of pain to get it working...)

We're just sorting out our git project including ReadMe's and scripts
and expect to push it tomorrow to github.

cheers,

- Stephan

Am Donnerstag, den 18.02.2016, 15:04 +0200 schrieb Cristian Ciobanu: 
> Hello,
> 
>  Can i get a documentation for how to create Linux templates, and needed 
> scripts ?
> 
> I did like in this example : 
> http://cloudstack-administration.readthedocs.org/en/4.8/templates.html#creating-a-template-from-an-existing-virtual-machine
>but is not working for CentOS 6.7 or CentOS 7 ( after deploy from template 
> template i don't have IP assigned on my network also password reset is not 
> working )
> 
>Thank you!  
> 
> 
> Regards,
> Cristian

Re: [update] ACS management unable to connect to xenserver hosts after reboot

[Stephan Seitz]

Glenn,

thanks for your reply. Unfortunately the SSVM has been destroyed.

We don't have any firewall in between. ACS and XenServers are located in
the same /22. I've double checked every connection and there's no
iptables or similar in the way.
Instead of the SSVM, I've just successfully checked if the consoleproxy
VM is able to connect to Port 8250.

To me it looks, like there's some strange "identity" problem.

mysql> select * from mshost;
+++---+--+---+-++--+-+-+-+
| id | msid   | runid | name | state |
version | service_ip | service_port | last_update | removed |
alert_count |
+++---+--+---+-++--+-+-+-+
|  1 | 57177340185274 | 1455209855143 | acs-management-1 | Up| 4.7.1
| 10.97.13.1 | 9090 | 2016-02-12 16:55:56 | NULL|
0 |
|  3 | 57177340185273 | 1455639355379 | acs-management-1 | Up| 4.7.1
| 10.97.13.1 | 9090 | 2016-02-17 11:31:50 | NULL|
0 |
+++---+--+---+-++--+-+-+-+
2 rows in set (0.00 sec)

Indeed, there is (and always has been) only one management host in this
infrastructure.

With sqldumps at hand, we removed the second row and purged all the
related jobs to that id, but after restarting cloudstack-management,
this entry wasi created again.

Maybe, I'm completely wrong, but is it possible that our management host
"thinks" there's another management host responsible for our cluster?

Since we're fiddling at least two days without any success here, I'm
willing to get a few consulting hours thrown on that.

cheers,

- Stephan

Am Dienstag, den 16.02.2016, 20:39 + schrieb Glenn Wagner: 
> Hi Stephan,
> 
> Check that you can telnet port 8250 on the management server from
> SSVM , check that iptables has been setup correctly 
> Looks like it’s a firewall issue on the ACS Management server
> 
> Thanks
> Glenn
> 
> 
> 
> 
> 
> ShapeBlue
> Glenn Wagner
> Senior
> Consultant
> , 
> ShapeBlue
> d: 
>  | s: +27 21 527 0091
>  | 
> m: 
> +27 73 917 4111
> e: 
> glenn.wag...@shapeblue.com | t: 
>  | 
> w: 
> www.shapeblue.com
> a: 
> 2nd Floor, Oudehuis Centre, 122 Main Rd, Somerset West Cape Town 7130 South 
> Africa
> 
> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
> Services India LLP is a company incorporated in India and is operated
> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda
> is a company incorporated in Brasil and is operated under license from
> Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The
> Republic of South Africa and is traded under license from Shape Blue
> Ltd. ShapeBlue is a registered trademark.
> This email and any attachments to it may be confidential and are
> intended solely for the use of the individual to whom it is addressed.
> Any views or opinions expressed are solely those of the author and do
> not necessarily represent those of Shape Blue Ltd or related
> companies. If you are not the intended recipient of this email, you
> must neither take any action based upon its contents, nor copy or show
> it to anyone. Please contact the sender if you believe you have
> received this email in error.
> 
> 
> 
> 
> 
> -Original Message-
> From: Stephan Seitz [mailto:s.se...@secretresearchfacility.com] 
> Sent: Tuesday, 16 February 2016 5:19 PM
> To: users@cloudstack.apache.org
> Cc: d...@cloudstack.apache.org
> Subject: [update] ACS management unable to connect to xenserver hosts
> after reboot
> 
> Hi again!
> 
> I think we've found the root source, but are unable to mitigate that:
> 
> 2016-02-16 16:13:22,217 DEBUG [c.c.a.m.ClusteredAgentManagerImpl]
> (AgentManager-Handler-8:null) Seq 6--1: MgmtId 57177340185273: Req:
> Routing to peer
> 2016-02-16 16:13:22,217 DEBUG [c.c.a.m.ClusteredAgentManagerImpl]
> (AgentManager-Handler-9:null) Seq 6--1: MgmtId 57177340185273: Req:
> Cancel request received
> 2016-02-16 16:13:22,899 DEBUG [c.c.a.m.ClusteredAgentManagerImpl]
> (AgentManager-Handler-10:null) Seq 1-4458000681143369786: MgmtId
> 57177340185273: Req: Resource [Host:1] is unreachable: Host 1: Link is
> closed
> 2016-02-16 16:13:22,899 DEBUG [c.c.a.m.ClusteredAgentManagerImpl]
> (AgentManager-Handler-10:null) Seq 1--1: MgmtId 57177340185273: Req:
> Routing to peer
> 2016-02-16 16:13:22,900 DEBUG [c.c.a.m.ClusteredAgentManagerImpl]
> (AgentManager-Handler-11:null) Seq 1--1: MgmtId 57177340185273: Req:
>

[update] ACS management unable to connect to xenserver hosts after reboot

[Stephan Seitz]

Hi again!

I think we've found the root source, but are unable to mitigate that:

2016-02-16 16:13:22,217 DEBUG [c.c.a.m.ClusteredAgentManagerImpl]
(AgentManager-Handler-8:null) Seq 6--1: MgmtId 57177340185273: Req:
Routing to peer
2016-02-16 16:13:22,217 DEBUG [c.c.a.m.ClusteredAgentManagerImpl]
(AgentManager-Handler-9:null) Seq 6--1: MgmtId 57177340185273: Req:
Cancel request received
2016-02-16 16:13:22,899 DEBUG [c.c.a.m.ClusteredAgentManagerImpl]
(AgentManager-Handler-10:null) Seq 1-4458000681143369786: MgmtId
57177340185273: Req: Resource [Host:1] is unreachable: Host 1: Link is
closed
2016-02-16 16:13:22,899 DEBUG [c.c.a.m.ClusteredAgentManagerImpl]
(AgentManager-Handler-10:null) Seq 1--1: MgmtId 57177340185273: Req:
Routing to peer
2016-02-16 16:13:22,900 DEBUG [c.c.a.m.ClusteredAgentManagerImpl]
(AgentManager-Handler-11:null) Seq 1--1: MgmtId 57177340185273: Req:
Cancel request received
2016-02-16 16:13:22,905 DEBUG [c.c.a.m.ClusteredAgentManagerImpl]
(AgentManager-Handler-12:null) Seq 3-2144839322535198778: MgmtId
57177340185273: Req: Resource [Host:3] is unreachable: Host 3: Link is
closed

Here's a longer excerpt from the logfile during startup:

http://pastebin.com/SftVJCs4

Maybe someone knows how to resolve this? To me it looks like our single
management-host has some kind of identity crisis? 


Am Dienstag, den 16.02.2016, 15:12 +0100 schrieb Stephan Seitz: 
> Hi acs gurus!
> 
> We're currently facing a really strange problem after two somewhat
> simple steps.
> 1. Reboot Management-Node (well there is also a 2nd. NFS-Storage
> located)
> 2. Upgrade 4.7.0 to 4.7.1
> 
> Both steps seemed successful and running, but after a few days I've
> noticed the SSVM in "running, not connected" state, so I decided to
> restart the SSVM. That's where all the trouble begun...
> 
> I've pasted a somewhat repetive log excerpt here
> http://pastebin.com/8MM6XUBk
> 
> If I try to (force) reconnect a host, we're getting huge repetive log
> entries like pasted here http://pastebin.com/cNR3TtkG
> 
> Cloudmonkey quits with following Response:
> 
> (local)  > reconnect host id=df4182f8-24a0-40ca-9ccc-6489f374cd4c
> Error Connection refused by server: ('Connection aborted.',
> BadStatusLine("''",))
> 
> 
> I've tcpdump'ed relevant traffic between management and xenservers and
> found simply nothing except some (i assume) unrelated NFS-Packets.
> 
> Could please someone shed some light, how to fix that?
> 
> Thanks in advance!
> 
> - Stephan

ACS management unable to connect to xenserver hosts after reboot

[Stephan Seitz]

Hi acs gurus!

We're currently facing a really strange problem after two somewhat
simple steps.
1. Reboot Management-Node (well there is also a 2nd. NFS-Storage
located)
2. Upgrade 4.7.0 to 4.7.1

Both steps seemed successful and running, but after a few days I've
noticed the SSVM in "running, not connected" state, so I decided to
restart the SSVM. That's where all the trouble begun...

I've pasted a somewhat repetive log excerpt here
http://pastebin.com/8MM6XUBk

If I try to (force) reconnect a host, we're getting huge repetive log
entries like pasted here http://pastebin.com/cNR3TtkG

Cloudmonkey quits with following Response:

(local)  > reconnect host id=df4182f8-24a0-40ca-9ccc-6489f374cd4c
Error Connection refused by server: ('Connection aborted.',
BadStatusLine("''",))


I've tcpdump'ed relevant traffic between management and xenservers and
found simply nothing except some (i assume) unrelated NFS-Packets.

Could please someone shed some light, how to fix that?

Thanks in advance!

- Stephan

current state of IPv6 in 4.6 VR / 4.7

[Stephan Seitz]

Hi!

I'm currently trying to add dualstack (ipv4 + ipv6) shared networks to
one of our infrastructures. It's running 4.7 w/ latest 4.6 VR on
VLAN-based advanced Networking w/ XenServer 6.5.

The documentation [1] says
"Use the System VM template exclusively designed to support IPv6.
Download the System VM template from [2]"
http://cloudstack.apt-get.eu/systemvm/

Well at that URL are lots of systemvm64templates, but I none of them
mention IPv6. Maybe I missed one?
Anyway, I'ld definitely stay on 4.6 templates...

Does anyone know, if IPv6 is in current templates "only broken", or is
there a different branch for v6 Support?

As far as I can see, the DUID of the provisioned VMs is only visible in
/etc/cloudstack/dhcpentry.json:
"ipv6_duid": "00:03:00:01:06:2d:4a:00:08:47",

I didn't find any code using that DUID in /opt, the running dnsmasq also
doesn't know about that DUID, consequently it ignores the requests:

/var/log/dnsmasq.log:
Jan 12 15:54:36 dnsmasq-dhcp[3780]: DHCPSOLICIT(eth0)
00:03:00:06:06:2d:4a:00:08:47 ignored
[...]

I'ld really appreciate any suggestions how to get IPv6 provisioned.

Thanks in advance!

- Stephan



[1] http://docs.cloudstack.apache.org/en/latest/networking/ipv6.html
[2] http://cloudstack.apt-get.eu/systemvm/


[3] /etc/cloudstack/dhcpentry.json:"ipv6_duid":
"00:03:00:01:06:2d:4a:00:08:47", 

Re: associate specific public ip to isolated network

[Stephan Seitz]

Thanks Jayapal!

Am Dienstag, den 15.12.2015, 21:51 +0530 schrieb Jayapal Reddy: 
> You can achieve this with small work around..
> 1. Acquire an ip address for network. let say you got ip IP1 but you want
> IP2 which is free in cloudstack DB.
> 2. In user_ip_address table swap the 'public_ip_address' column of IP1 and
> IP2.
> 
> Now IP2 is assigned to network and IP1 is free.
> 
> Thanks,
> Jayapal
> 
> On Tue, Dec 15, 2015 at 8:58 PM, Stephan Seitz <
> s.se...@secretresearchfacility.com> wrote:
> 
> > hi there!
> >
> > is it possible to associate a specific, given IP to an isolated network?
> >
> > purpuse is, re-build a network with different offering that needs to use
> > the very same ip addresses than the one currently running (meant to get
> > destroyed).
> >
> > thanks!
> >
> >
> >
> >

associate specific public ip to isolated network

[Stephan Seitz]

hi there!

is it possible to associate a specific, given IP to an isolated network?

purpuse is, re-build a network with different offering that needs to use
the very same ip addresses than the one currently running (meant to get
destroyed).

thanks!

Re: How to replace Primary Storage

[Stephan Seitz]

Am Montag, den 07.12.2015, 11:04 + schrieb Abhinandan Prateek: 
> Live migration across primary storages is not supported by cloudstack.

Abhinandan,

afaik, this is wrong. I've done that w/ acs 4.5 and xenserver 6.5.

cheers,

Stephan

Re: [poll] cloudstack exam

[Stephan Seitz]

> Quick poll: has anybody here taken the ACCEL cloudstack certification
> exam ? what did you think ? Too hard, too easy ? – about right ?

Well, I signed the usual NDA at pearson vue, so I shouldn't answer in
detail :)
The exam covered a lot of aspects around ACS, in my opinion well
balanced. I did it spontanously (but with (A)CS hands-on since 2.2) and
managed it.
It obviously shows some parallels to LPIC 304, but I assume this is
inevitable.

So, about right, I'ld say.

>  
> Also, by way of reminder: if you use the code  ACCELpromocodeASF when
> registering for the exam, 1/3 of the fee goes to the ACS project
>  
> Kind Regards
> Giles
>  
> Giles Sirett
> CEO


signature.asc
Description: This is a digitally signed message part

upgrading 4.5.2 -> 4.6.0 virtualrouter upgrade timeout

[Stephan Seitz]

Hi List!

After upgrading from 4.5.2 to 4.6.0 I faced a problem with one
virtualrouter. This particular VR has about 10 IPs w/ LB and FW rules
defined. During the upgrade process, and after about 4-5 minutes a
watchdog kicks in and kills the respective VR due to no response.

So far I didn't find any timeout value in the global settings.
Temporarily setting network.router.EnableServiceMonitoring to false
doesn't change the behaviour.

Any help, how to mitigate that nasty timeout would be really
appreciated :)

cheers,

Stephan 

>From within the VR, the logs show

2015-11-24 11:24:33,807  CsFile.py search:123 Searching for
dhcp-range=interface:eth0,set:interface and replacing with
dhcp-range=interface:eth0,set:interface-eth0,10.10.22.1,static
2015-11-24 11:24:33,808  merge.py load:56 Creating data bag type
guestnetwork
2015-11-24 11:24:33,808  CsFile.py search:123 Searching for
dhcp-option=tag:interface-eth0,15 and replacing with
dhcp-option=tag:interface-eth0,15,heinlein.cloudservice
2015-11-24 11:24:33,808  CsFile.py search:123 Searching for
dhcp-option=tag:interface-eth0,6 and replacing with
dhcp-option=tag:interface-eth0,6,10.10.22.1,195.10.208.2,91.198.250.2
2015-11-24 11:24:33,809  CsFile.py search:123 Searching for
dhcp-option=tag:interface-eth0,3, and replacing with
dhcp-option=tag:interface-eth0,3,10.10.22.1
2015-11-24 11:24:33,809  CsFile.py search:123 Searching for
dhcp-option=tag:interface-eth0,1, and replacing with
dhcp-option=tag:interface-eth0,1,255.255.255.0
2015-11-24 11:24:33,810  CsHelper.py execute:160 Executing: service
dnsmasq restart

==> /var/log/messages <==
Nov 24 11:24:34 r-504-VM shutdown[6752]: shutting down for system halt

Broadcast message from root@r-504-VM (Tue Nov 24 11:24:34 2015):

The system is going down for system halt NOW!
Nov 24 11:24:35 r-504-VM KVP: KVP starting; pid is:6844

==> /var/log/cloud.log <==
/opt/cloud/bin/vr_cfg.sh: line 60:  6603
Killed  /opt/cloud/bin/update_config.py
vm_dhcp_entry.json

==> /var/log/messages <==
Nov 24 11:24:35 r-504-VM cloud: VR config: executing
failed: /opt/cloud/bin/update_config.py vm_dhcp_entry.json

==> /var/log/cloud.log <==
Tue Nov 24 11:24:35 UTC 2015 : VR config: executing
failed: /opt/cloud/bin/update_config.py vm_dhcp_entry.json
Connection to 169.254.2.192 closed by remote host.
Connection to 169.254.2.192 closed.


the management-server.log shows

2015-11-24 12:24:43,015 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(Work-Job-Executor-1:ctx-ad9e4658 job-5163/job-5164) Done executing
com.cloud.vm.VmWorkStart for job-5164
2015-11-24 12:24:43,017 INFO  [o.a.c.f.j.i.AsyncJobMonitor]
(Work-Job-Executor-1:ctx-ad9e4658 job-5163/job-5164) Remove job-5164
from job monitoring
2015-11-24 12:24:43,114 ERROR [c.c.a.ApiAsyncJobDispatcher]
(API-Job-Executor-1:ctx-760da779 job-5163) Unexpected exception while
executing org.apache.cloudstack.api.command.admin.
router.StartRouterCmd
com.cloud.exception.AgentUnavailableException: Resource [Host:1] is
unreachable: Host 1: Unable to start instance due to Unable to start
VM[DomainRouter|r-504-VM] due to error in f
inalizeStart, not retrying
at
com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:1121)
at
com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:4580)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
com.cloud.vm.VmWorkJobHandlerProxy.handleVmWorkJob(VmWorkJobHandlerProxy.java:107)
at
com.cloud.vm.VirtualMachineManagerImpl.handleVmWorkJob(VirtualMachineManagerImpl.java:4736)
at
com.cloud.vm.VmWorkJobDispatcher.runJob(VmWorkJobDispatcher.java:102)
at org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl
$5.runInContext(AsyncJobManagerImpl.java:537)
at org.apache.cloudstack.managed.context.ManagedContextRunnable
$1.run(ManagedContextRunnable.java:49)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext
$1.call(DefaultManagedContext.java:56)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
at org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl
$5.run(AsyncJobManagerImpl.java:494)
at java.util.concurrent.Executors
$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at 

Re: upgrading 4.5.2 -> 4.6.0 virtualrouter upgrade timeout

[Stephan Seitz]

Update / FYI:
After faking the particular VRu in sql, I tried to restart that network,
and it always fails. To me it looks like the update_config.py - which
takes almost all cpu ressources - runs way longer any watchdog will
accept.

I'm able to mitigate that by very nasty workarounds:
a) start the router
b) wait until its provisioned
c) restart cloudstack-management
d)  update vm_instance
set state='Running',
power_state='PowerOn' where name = 'r-XXX-VM';
e) once: update domain_router
set template_version="Cloudstack Release 4.6.0 Wed Nov 4 08:22:47 UTC
2015",
scripts_version="546c9e7ac38e0aa16ecc498899dac8e2"
where id=XXX;
f) wait until update_config.py finishes (for me thats about 15 minutes)

Since I expect the need for VR restarts in the future, this behaviour is
somehow unsatisfying. It needs a lot of errorprone intervention.

I'm quite unsure if it's introduced with the update or the particular VR
just has simply not been restarted after getting configured with lots of
ips and rules.


Am Dienstag, den 24.11.2015, 12:29 +0100 schrieb Stephan Seitz: 
> Hi List!
> 
> After upgrading from 4.5.2 to 4.6.0 I faced a problem with one
> virtualrouter. This particular VR has about 10 IPs w/ LB and FW rules
> defined. During the upgrade process, and after about 4-5 minutes a
> watchdog kicks in and kills the respective VR due to no response.
> 
> So far I didn't find any timeout value in the global settings.
> Temporarily setting network.router.EnableServiceMonitoring to false
> doesn't change the behaviour.
> 
> Any help, how to mitigate that nasty timeout would be really
> appreciated :)
> 
> cheers,
> 
> Stephan 
> 
> From within the VR, the logs show
> 
> 2015-11-24 11:24:33,807  CsFile.py search:123 Searching for
> dhcp-range=interface:eth0,set:interface and replacing with
> dhcp-range=interface:eth0,set:interface-eth0,10.10.22.1,static
> 2015-11-24 11:24:33,808  merge.py load:56 Creating data bag type
> guestnetwork
> 2015-11-24 11:24:33,808  CsFile.py search:123 Searching for
> dhcp-option=tag:interface-eth0,15 and replacing with
> dhcp-option=tag:interface-eth0,15,heinlein.cloudservice
> 2015-11-24 11:24:33,808  CsFile.py search:123 Searching for
> dhcp-option=tag:interface-eth0,6 and replacing with
> dhcp-option=tag:interface-eth0,6,10.10.22.1,195.10.208.2,91.198.250.2
> 2015-11-24 11:24:33,809  CsFile.py search:123 Searching for
> dhcp-option=tag:interface-eth0,3, and replacing with
> dhcp-option=tag:interface-eth0,3,10.10.22.1
> 2015-11-24 11:24:33,809  CsFile.py search:123 Searching for
> dhcp-option=tag:interface-eth0,1, and replacing with
> dhcp-option=tag:interface-eth0,1,255.255.255.0
> 2015-11-24 11:24:33,810  CsHelper.py execute:160 Executing: service
> dnsmasq restart
> 
> ==> /var/log/messages <==
> Nov 24 11:24:34 r-504-VM shutdown[6752]: shutting down for system halt
> 
> Broadcast message from root@r-504-VM (Tue Nov 24 11:24:34 2015):
> 
> The system is going down for system halt NOW!
> Nov 24 11:24:35 r-504-VM KVP: KVP starting; pid is:6844
> 
> ==> /var/log/cloud.log <==
> /opt/cloud/bin/vr_cfg.sh: line 60:  6603
> Killed  /opt/cloud/bin/update_config.py
> vm_dhcp_entry.json
> 
> ==> /var/log/messages <==
> Nov 24 11:24:35 r-504-VM cloud: VR config: executing
> failed: /opt/cloud/bin/update_config.py vm_dhcp_entry.json
> 
> ==> /var/log/cloud.log <==
> Tue Nov 24 11:24:35 UTC 2015 : VR config: executing
> failed: /opt/cloud/bin/update_config.py vm_dhcp_entry.json
> Connection to 169.254.2.192 closed by remote host.
> Connection to 169.254.2.192 closed.
> 
> 
> the management-server.log shows
> 
> 2015-11-24 12:24:43,015 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
> (Work-Job-Executor-1:ctx-ad9e4658 job-5163/job-5164) Done executing
> com.cloud.vm.VmWorkStart for job-5164
> 2015-11-24 12:24:43,017 INFO  [o.a.c.f.j.i.AsyncJobMonitor]
> (Work-Job-Executor-1:ctx-ad9e4658 job-5163/job-5164) Remove job-5164
> from job monitoring
> 2015-11-24 12:24:43,114 ERROR [c.c.a.ApiAsyncJobDispatcher]
> (API-Job-Executor-1:ctx-760da779 job-5163) Unexpected exception while
> executing org.apache.cloudstack.api.command.admin.
> router.StartRouterCmd
> com.cloud.exception.AgentUnavailableException: Resource [Host:1] is
> unreachable: Host 1: Unable to start instance due to Unable to start
> VM[DomainRouter|r-504-VM] due to error in f
> inalizeStart, not retrying
> at
> com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:1121)
> at
> com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:4580)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessor

Re: [DISCUSS] ACS 4.5.3 release

[Stephan Seitz]

Hi Rohit,

I've reported one Bug[1], that affects the network.throttling.rate. I
assume, this is just some bad calculation.

Maybe this could be fixed for 4.5.3? :)

[1] https://issues.apache.org/jira/browse/CLOUDSTACK-8936


Am Freitag, den 20.11.2015, 06:27 + schrieb Rohit Yadav:
> Hi all, 
> 
> 
> I want to ask how happy people are with the last 4.5.2 release and if
> there are any issues they want to report or want to be fixed in a
> future minor release. If we’ve enough demand, we can work towards a
> last 4.5 minor release. Thanks.
> 
> 
> Rohit Yadav
> Software Architect
> 
> 
> 
> 
> 
> D: +44 20 3642 6102 | S: +44 20 3603 0540 | M: +91 88 262 30892
> 
>  
> rohit.ya...@shapeblue.com | www.shapeblue.com | Twitter:@ShapeBlue
>  
> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS
> 
> 
> Find out more about ShapeBlue and our range of CloudStack related
> services
> 
> IaaS Cloud Design & Build
> CSForge – rapid IaaS deployment framework
> CloudStack Consulting
> CloudStack Software Engineering
> CloudStack Infrastructure Support
> CloudStack Bootcamp Training Courses
> 
> 
> This email and any attachments to it may be confidential and are
> intended solely for the use of the individual to whom it is addressed.
> Any views or opinions expressed are solely those of the author and do
> not necessarily represent those of Shape Blue Ltd or related
> companies. If you are not the intended recipient of this email, you
> must neither take any action based upon its contents, nor copy or show
> it to anyone. Please contact the sender if you believe you have
> received this email in error. Shape Blue Ltd is a company incorporated
> in England & Wales. ShapeBlue Services India LLP is a company
> incorporated in India and is operated under license from Shape Blue
> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in
> Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA
> Pty Ltd is a company registered by The Republic of South Africa and is
> traded under license from Shape Blue Ltd. ShapeBlue is a registered
> trademark.

Re: [RFC] Metrics views for CloudStack UI

[Stephan Seitz]

This looks really great!
You've added the metrics view at the Infrastructure tab. This is nice
for the platform ops.
I assume the very same metrics would also be a benefit for domain-admins
(say: customers). I'ld suggest to add this view somewhere below the
Instances tab.

cheers,

- Stephan


Am Donnerstag, den 05.11.2015, 14:09 + schrieb Rohit Yadav: 
> Hi all,
> 
> 
> The present CloudStack UI hides most of the metrics data such as cpu,
> memory, disk, network usage in inner detail views. Such information is
> critical to find issues in one’s cloud, for example finding clusters
> where hosts are failing, or finding storage pools where disk space has
> depleted beyond configured global or cluster thresholds.
> 
> 
> The metrics views for CloudStack UI is an attempt to solve those
> problems that brings in several UI enhancements such as sortable
> tables, new status icons, methods to control breadcrumb navigation,
> making UI’s global list* API pagesize dynamic, a new table widget
> based on listView widget that is both horizontally and vertically
> scrollable, supports cell/threshold coloring, collapsible columns
> along with navigation from one view to another and quick-view actions.
> For example, currently support navigation are: Zone to Cluster to Host
> to Instance to Volumes, and Storage Pool to Volumes. 
> 
> 
> The current version implements six resource views for zone, cluster,
> host, instance, volume and storage pool (primary storage). The metrics
> framework (based on listView widget) would allow developers to write
> more such view where information can be densely packed.
> 
> 
> Please checkout the FS (with some screenshots) and the PR;
> 
> 
> FS: https://issues.apache.org/jira/browse/CLOUDSTACK-9020
> JIRA: https://issues.apache.org/jira/browse/CLOUDSTACK-9020
> PR: https://github.com/apache/cloudstack/pull/1038
> 
> 
> Comments and suggestions?
> 
> Regards,
> Rohit Yadav
> Software Architect, ShapeBlue
> 
> 
> 
> 
> 
> 
> 
> M. +91 88 262 30892 | rohit.ya...@shapeblue.com
> Blog: bhaisaab.org | Twitter: @_bhaisaab
> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS
> 
> Find out more about ShapeBlue and our range of CloudStack related
> services
> 
> IaaS Cloud Design & Build
> CSForge – rapid IaaS deployment framework
> CloudStack Consulting
> CloudStack Software Engineering
> CloudStack Infrastructure Support
> CloudStack Bootcamp Training Courses
> 
> 
> This email and any attachments to it may be confidential and are
> intended solely for the use of the individual to whom it is addressed.
> Any views or opinions expressed are solely those of the author and do
> not necessarily represent those of Shape Blue Ltd or related
> companies. If you are not the intended recipient of this email, you
> must neither take any action based upon its contents, nor copy or show
> it to anyone. Please contact the sender if you believe you have
> received this email in error. Shape Blue Ltd is a company incorporated
> in England & Wales. ShapeBlue Services India LLP is a company
> incorporated in India and is operated under license from Shape Blue
> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in
> Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA
> Pty Ltd is a company registered by The Republic of South Africa and is
> traded under license from Shape Blue Ltd. ShapeBlue is a registered
> trademark.

problem assigning an instance to a different account in a different domain

[Stephan Seitz]

Hi!

I'm trying to assign instances to a different account in a different
domain. Currently with no success.

The particular instances have been deployed by the initial "admin"
account in the ROOT domain, and should be assigned to a domain-admin
account.

id = 0d7a4ee7-5c6f-11e5-a590-3400a30d0aba <--- current domain
path = ROOT

id = 4298cfba-aa4d-4baa-8b0e-53e70d0ebbe5 <--- destination domain
path = ROOT//yyy


id = 4b143f31-5c6f-11e5-a590-3400a30d0aba <-- current user in ROOT
account = admin
accountid = 4b14365a-5c6f-11e5-a590-3400a30d0aba

id = 54e79c7a-f3de-4b76-8c99-ffc18c555f5d <-- dest. user in dest. domain
account = zzz@yy
accountid = 76ec77a0-e0ca-459e-b211-eeacce52055c


With cloudmonkey (logged in as the admin in ROOT), I got following
result:

(local)  > assign virtualmachine
virtualmachineid=9b76aa5a-f97f-4bd0-8e9d-350816e42515
domainid=4298cfba-aa4d-4baa-8b0e-53e70d0ebbe5 account=zzz@yy
Error 530: Failed to move vm
Acct[76ec77a0-e0ca-459e-b211-eeacce52055c-zzz@yy] does not
have permission to operate within domain
id=0d7a4ee7-5c6f-11e5-a590-3400a30d0aba
cserrorcode = 
errorcode = 530
errortext = Failed to move vm
Acct[76ec77a0-e0ca-459e-b211-eeacce52055c-zzz@yy] does not
have permission to operate within domain
id=0d7a4ee7-5c6f-11e5-a590-3400a30d0aba


This looks like, the destination user, who is domain-admin of it's
domain needs to have access to the ROOT domain. I think this makes no
sense, since I wan't to assign the instance TO it.

Could someone please shed some light how to assign an instance to
another user in another domain?

Thanks in advance!

Stephan

Re: [ANNOUNCE] CloudStack Certification !!!!

[Stephan Seitz]

Today I did the exam at a pearson vue testcenter. I registered via
http://www.pearsonvue.com/accel/ 
The exam is - as far as I can tell - not visible on cs.lpi.org.



Am Freitag, den 30.10.2015, 21:51 +0100 schrieb Erik Weber:
> My local test center can't find the exam, has anyone else had any issues?
> They can see LPI examns, but not LPI-japan ones..
> 
> 



signature.asc
Description: This is a digitally signed message part

Re: Cloudstack - Monitoring

[Stephan Seitz]

We've added our acs infrastructure into our checkMK monitoring using the
agents (for XS we've installed the CentOS rpm's) as well as SNMP. Works
reliable except we haven't written any checks for VM metrics so far.

Am Freitag, den 16.10.2015, 21:25 + schrieb Jeremy Peterson:
> We are looking at a new monitoring software for our corporate environment.  
> Management has requested that CloudStack and XenServer be added to that 
> monitoring software.  One of the software titles we are looking at is 
> DataDogHQ.
> 
> https://bigpanda.io/monitoringscape/
> 
> Does anyone use a 3rd party software to monitor process's in your cloudstack 
> server farm and hypervisor?
> 
> jeremy



signature.asc
Description: This is a digitally signed message part

Re: InsufficientServerCapacityException - Fresh install CS 4.5.2 - Xenserver 6.5

[Stephan Seitz]

Not exactly, but I've learned on 4.5.2 / XS 6.5 that
InsufficientServerCapacityException is raised if an ISO is broken.

I didn't took a deeper look, but on XS sr-scan also fails. I assume this
could lead to inaccessability of any ISO (or the secondary storage at
all?)

Don't know if it's related to your problem, but I think that Exception
is one of the very last ones if nothing is catched earlier.

cheers,

Stephan

Am Mittwoch, den 14.10.2015, 13:59 -0300 schrieb Luciano Castro:
> ...
> 
> And I cant log in the CS GUI. My workaround was back mysql and reinstall
> the manager. And restore the mysql.
> 
> but I don´t wat to to all the time.
> 
> Does anyone have seen it before?
> 
> Thanks
> 
> 
> On Wed, Oct 14, 2015 at 1:57 PM, Luciano Castro 
> wrote:
> 
> > And after (second time that happened to me today...)
> >
> > I reboot the CS Manager, and the log shows me:
> >
> > 2015-10-14 16:55:09,173 DEBUG [c.c.u.s.Script]
> > (localhost-startStop-1:null) Looking for scripts/vm/systemvm/injectkeys.sh
> > in /usr/share/cloudstack-common/scripts/vm/systemvm/injectkeys.sh
> > 2015-10-14 16:55:09,176 DEBUG [c.c.u.s.Script]
> > (localhost-startStop-1:null) Looking for vms/systemvm.iso in the classpath
> > 2015-10-14 16:55:09,176 DEBUG [c.c.u.s.Script]
> > (localhost-startStop-1:null) System resource: null
> > 2015-10-14 16:55:09,177 DEBUG [c.c.u.s.Script]
> > (localhost-startStop-1:null) Classpath resource: null
> > 2015-10-14 16:55:09,177 DEBUG [c.c.u.s.Script]
> > (localhost-startStop-1:null) Looking for vms/systemvm.iso
> > 2015-10-14 16:55:09,177 DEBUG [c.c.u.s.Script]
> > (localhost-startStop-1:null) Current binaries reside at
> > /usr/share/cloudstack-management/webapps/client/WEB-INF/lib
> > 2015-10-14 16:55:09,177 DEBUG [c.c.u.s.Script]
> > (localhost-startStop-1:null) Looking for vms/systemvm.iso in
> > /usr/share/cloudstack-management/webapps/client/WEB-INF/lib/vms/systemvm.iso
> > 2015-10-14 16:55:09,177 DEBUG [c.c.u.s.Script]
> > (localhost-startStop-1:null) Looking for vms/systemvm.iso in
> > /usr/share/cloudstack-management/webapps/client/WEB-INF/lib/vms/systemvm.iso
> > 2015-10-14 16:55:09,177 DEBUG [c.c.u.s.Script]
> > (localhost-startStop-1:null) Looking for vms/systemvm.iso in
> > /usr/share/cloudstack-management/webapps/client/WEB-INF/vms/systemvm.iso
> > 2015-10-14 16:55:09,177 DEBUG [c.c.u.s.Script]
> > (localhost-startStop-1:null) Looking for vms/systemvm.iso in
> > /usr/share/cloudstack-management/webapps/client/vms/systemvm.iso
> > 2015-10-14 16:55:09,177 DEBUG [c.c.u.s.Script]
> > (localhost-startStop-1:null) Looking for vms/systemvm.iso in
> > /usr/share/cloudstack-management/webapps/vms/systemvm.iso
> > 2015-10-14 16:55:09,177 DEBUG [c.c.u.s.Script]
> > (localhost-startStop-1:null) Looking for vms/systemvm.iso in
> > /usr/share/cloudstack-management/vms/systemvm.iso
> > 2015-10-14 16:55:09,177 DEBUG [c.c.u.s.Script]
> > (localhost-startStop-1:null) Looking for vms/systemvm.iso in
> > /usr/share/vms/systemvm.iso
> > 2015-10-14 16:55:09,177 DEBUG [c.c.u.s.Script]
> > (localhost-startStop-1:null) Looking for vms/systemvm.iso in
> > /usr/vms/systemvm.iso
> > 2015-10-14 16:55:09,177 DEBUG [c.c.u.s.Script]
> > (localhost-startStop-1:null) Looking for vms/systemvm.iso in
> > /vms/systemvm.iso
> > 2015-10-14 16:55:09,177 DEBUG [c.c.u.s.Script]
> > (localhost-startStop-1:null) Searching in environment.properties
> > 2015-10-14 16:55:09,178 DEBUG [c.c.u.s.Script]
> > (localhost-startStop-1:null) environment.properties says scripts should be
> > in /usr/share/cloudstack-common
> > 2015-10-14 16:55:09,178 DEBUG [c.c.u.s.Script]
> > (localhost-startStop-1:null) Looking for vms/systemvm.iso in
> > /usr/share/cloudstack-common/vms/systemvm.iso
> > 2015-10-14 16:55:09,178 DEBUG [c.c.s.ConfigurationServerImpl]
> > (localhost-startStop-1:null) Executing: /bin/bash
> > /usr/share/cloudstack-common/scripts/vm/systemvm/injectkeys.sh
> > /var/cloudstack/management/.ssh/id_rsa.pub
> > /var/cloudstack/management/.ssh/id_rsa
> > /usr/share/cloudstack-common/vms/systemvm.iso
> > 2015-10-14 16:55:09,208 DEBUG [c.c.s.ConfigurationServerImpl]
> > (localhost-startStop-1:null) Exit value is 1
> > 2015-10-14 16:55:09,208 DEBUG [c.c.s.ConfigurationServerImpl]
> > (localhost-startStop-1:null) sudo: a password is required
> > 2015-10-14 16:55:09,208 INFO  [c.c.s.ConfigurationServerImpl]
> > (localhost-startStop-1:null) Injected public and private keys into systemvm
> > iso with result : sudo: a password is required
> > 2015-10-14 16:55:09,208 WARN  [c.c.s.ConfigurationServerImpl]
> > (localhost-startStop-1:null) Failed to inject generated public key into
> > systemvm iso sudo: a password is required
> >
> >
> >
> >
> > On Wed, Oct 14, 2015 at 1:20 PM, Luciano Castro 
> > wrote:
> >
> >> Hi!!
> >>
> >> I just installed a new environment  (CS 4.5.2 and XenServer 6.5.0). I
> >> deployed an VM normaly, but some hours after I tryed to deploy new one, and
> >> it shows me 

Re: Doubt about xen-pv-drv-iso

[Stephan Seitz]

Hi,

> Can someone out there that has an ACS environment with Xenserver hosts try
> to plug the xen-pv-drv-iso into an instance and try to use it? I mean, try
> to mount and list the contents of that ISO. Did that work for you?

yap. this iso works as expected.



root@template:~# mount /dev/cdrom /mnt/
mount: block device /dev/xvdd is write-protected, mounting read-only
root@template:~# ls -la /mnt/
total 57325
dr-xr-xr-x  3 root root 4096 Aug 12 13:25 .
drwxr-xr-x 24 root root 4096 Sep 29 06:45 ..
-r--r--r--  1 root root   65 Aug 12 13:25 AUTORUN.INF
-r--r--r--  1 root root   811008 Aug 12 13:25 citrixguestagentx64.msi
-r--r--r--  1 root root   811008 Aug 12 13:25 citrixguestagentx86.msi
-r--r--r--  1 root root   278528 Aug 12 13:25 citrixvssx64.msi
-r--r--r--  1 root root   253952 Aug 12 13:25 citrixvssx86.msi
-r--r--r--  1 root root  1941504 Aug 12 13:25 citrixxendriversx64.msi
-r--r--r--  1 root root  1499136 Aug 12 13:25 citrixxendriversx86.msi
-r--r--r--  1 root root   26 Aug 12 13:25 copyright.txt
-r-xr-xr-x  1 root root 50449456 Aug 11 18:10
dotNetFx40_Full_x86_x64.exe
-r-xr-xr-x  1 root root 1945 Aug 11 18:10 EULA_DRIVERS
-r--r--r--  1 root root   835584 Aug 12 13:25 installwizard.msi
dr-xr-xr-x  4 root root 4096 Aug 12 13:33 Linux
-r--r--r--  1 root root 1180 Aug 12 13:33 README.txt
-r-xr-xr-x  1 root root  1662770 Aug 11 18:10 xenlegacy.exe
-r-xr-xr-x  1 root root   139575 Aug 11 18:10 xluninstallerfix.exe
root@template:~# cat /sys/block/xvdd/device/devtype 
vbd

Re: blacklist IP addresses?

[Stephan Seitz]

Daan,

thanks for your feedback. I'm going to file jira ticket.

cheers,

Stephan

Am Mittwoch, den 30.09.2015, 11:17 +0200 schrieb Daan Hoogland: 
> Stephan, I am not sure how it works exactly but I think what you want is
> not provided. Can you add a jira ticket for it? I will be looking into IPv6
> probably over the next period and we can always mark it unvalid or won't
> fix if needed.
> 
> thanks,
> 
> On Tue, Sep 29, 2015 at 5:40 PM, Stephan Seitz <
> s.se...@secretresearchfacility.com> wrote:
> 
> > Hi,
> >
> > we're currently adding IPv6 to some of our networks. Due to a design
> > decision we made to some part of our infrastructure to keep it HA, we
> > need to blacklist some particular addresses in the provided space.
> >
> > Is it possible to "blacklist" a few addresses, so the VR's dhcp6 won't
> > provide them?
> >
> > Indeed, even a /64 has a broad range of addresses and a conflict would
> > be very unlikely, but ... I'ld better be prepared :)
> >
> > I didn't find any self-descriptive table / field in the cloud-database,
> > so I'm quite unsure if it's possible at all.
> >
> > I'ld really appreciate any suggestions!
> >
> > Cheers,
> >
> > Stephan
> >
> >
> >
> 
> 

Re: blacklist IP addresses?

[Stephan Seitz]

Vadim,

unfortunately our network guys are using particular addresses not easy
to fence by one single range ... We're already discussing that (self
made) issue to get it possibly solved exactly that way :)

cheers,

Stephan

Am Mittwoch, den 30.09.2015, 13:41 +0300 schrieb Vadim Kimlaychuk: 
> Stephan,
> 
> If you don't want some address to be provided by VR - can't you 
> exclude this from network range? At least cloudstack offers for IPv6 
> start IP, end IP and CIDR specification. You may specify longer CIDR and 
> start-end IP with smaller range. Thus some of the addresses will never 
> be issued. Is this what are you looking for? I haven't tried this 
> practically, so don't be rude if this does not work :)
> 
> 
> Regards,
> 
> Vadim.
> 
> On 2015-09-30 12:17, Daan Hoogland wrote:
> 
> > Stephan, I am not sure how it works exactly but I think what you want 
> > is
> > not provided. Can you add a jira ticket for it? I will be looking into 
> > IPv6
> > probably over the next period and we can always mark it unvalid or 
> > won't
> > fix if needed.
> > 
> > thanks,
> > 
> > On Tue, Sep 29, 2015 at 5:40 PM, Stephan Seitz <
> > s.se...@secretresearchfacility.com> wrote:
> > 
> >> Hi,
> >> 
> >> we're currently adding IPv6 to some of our networks. Due to a design
> >> decision we made to some part of our infrastructure to keep it HA, we
> >> need to blacklist some particular addresses in the provided space.
> >> 
> >> Is it possible to "blacklist" a few addresses, so the VR's dhcp6 won't
> >> provide them?
> >> 
> >> Indeed, even a /64 has a broad range of addresses and a conflict would
> >> be very unlikely, but ... I'ld better be prepared :)
> >> 
> >> I didn't find any self-descriptive table / field in the 
> >> cloud-database,
> >> so I'm quite unsure if it's possible at all.
> >> 
> >> I'ld really appreciate any suggestions!
> >> 
> >> Cheers,
> >> 
> >> Stephan

blacklist IP addresses?

[Stephan Seitz]

Hi,

we're currently adding IPv6 to some of our networks. Due to a design
decision we made to some part of our infrastructure to keep it HA, we
need to blacklist some particular addresses in the provided space.

Is it possible to "blacklist" a few addresses, so the VR's dhcp6 won't
provide them?

Indeed, even a /64 has a broad range of addresses and a conflict would
be very unlikely, but ... I'ld better be prepared :)

I didn't find any self-descriptive table / field in the cloud-database,
so I'm quite unsure if it's possible at all.

I'ld really appreciate any suggestions!

Cheers,

Stephan

Re: Deployment failed on XenServer due to capacity miscalculation

[Stephan Seitz]

Hi there,

despite not reading the whole thread, I'ld assume that there's simple no
single memory segment of the requested size available at your particular
xenserver.
Just keep in mind, that Xen partitions memory and - after long run -
could not assign a contiguous block, even if the sum of all segemented
blocks is greater.
It depends on the version (and if you're brave on different tmem
settings) how reorganization is managed.
Long story short: put the particular host in maintenance, reboot it and
get it back into your ACS.

cheers,

Stephan

Am Freitag, den 10.07.2015, 18:02 +0200 schrieb Martin Emrich:
 Hi!
 
 Am 10.07.2015 um 16:42 schrieb Timothy Lothering:
  Hi Martin,
 
   From the logs it seems that ACS has found that the host has sufficient 
  memory capacity, but when it deploys it, it seems there is not enough. It 
  could be a bug whereby technically the system has enough capacity, but 
  during the provisioning stage, it suddenly does not.
 
  errorInfo: [HOST_NOT_ENOUGH_FREE_MEMORY, 4447010816, 1744826368]
 
 
 I read this message as [..., Requested Memory, Available Memory ] on the 
 XenServer.
 
   From the logs it seems you are also using Local Storage (vs Shared), so 
  initially it finds that host 335 has enough memory (albeit ~7MB left) and 
  tries to deploy. The deploy fails and it tries to redeploy the VM using 
  Host 335's storage, which is inaccessible.
 
  1. Have you tried to deploy a 2GB memory Machine on this host?
 
 Yes, won't work either, as the XenServer just had 1,7GB free.
 But I could create a 512MB VM as expected.
 
 Now ACS thinks the host has 3,507 GB free, while XenServer reports 1,2GB 
 free. So the gap between what is really free and what ACS thinks is free 
 remains the same.
 
  2. Do both hosts have the same CPU and memory configuration?
 
 yes, absolutely identical.
 
  3. Try to the following:
 
  a. Increase the cluster.memory.allocated.capacity.disablethreshold from 
  0.85 to 0.90 and restart MS - Test redeploy
  b. Decrease the cluster.memory.allocated.capacity.disablethreshold from 
  0.85 to 0.80 and restart MS - Test redeploy
 
  The above two tests should get your Host a bit more manoeuvrability and see 
  what happens in the MS Logs.
 
 No effect, as these options refer to a complete cluster, not a single 
 host. After changing them, ACS still tries to deploy a new 2GB VM on the 
 full host.
 
 I think the key is to somehow force ACS to _ask_ XenServer how much 
 memory is really free, instead of doing it's own calculations.
 
 Ciao
 
 Martin



signature.asc
Description: This is a digitally signed message part


smime.p7s
Description: S/MIME cryptographic signature

Re: CoreOS images http://dl.openvm.eu/

[Stephan Seitz]

Hi Nux!

As nice as your openvm templates are, I'ld resist and build our very own
images - just to be 100% sure to only have selected software from
trusted repositories.
Using externally built images/templates/containers is a general no-go
for all production infrastructures I know.

cheers,

Stephan

Am Mittwoch, den 01.07.2015, 22:57 +0100 schrieb Nux!: 
 Hi Antoine,
 
 Maybe you can convince them to convert that img into something more friendly 
 for hypervisors (xen/kvm/etc); that's basically what I do at openvm; the 
 image is downloaded and converted in the said formats, nothing gets modified 
 inside the image.
 
 Lucian
 
 --
 Sent from the Delta quadrant using Borg technology!
 
 Nux!
 www.nux.ro
 
 - Original Message -
  From: Antoine Coetsier antoine.coets...@exoscale.ch
  To: users@cloudstack.apache.org
  Sent: Tuesday, 30 June, 2015 21:31:28
  Subject: Re: CoreOS images http://dl.openvm.eu/
 
  Hello,
  
  I would advise using the images directly from CoreOS website. The
  documentation is extensive too, and you can be certain to get a latest
  working image.
  
  The fact that the documentation lists dl.openvm.eu is not appropriate in
  my view (I do support and like the openvm.eu initiative)
  https://coreos.com/docs/running-coreos/platforms/cloudstack/
  
  Direct link and signatures:
  http://stable.release.core-os.net/amd64-usr/current/
  
  http://stable.release.core-os.net/amd64-usr/current/coreos_production_cloudstack_image.bin.bz2
  http://stable.release.core-os.net/amd64-usr/current/coreos_production_cloudstack_image.bin.bz2.sig
  
  I will try to modify this upstream.
  
  Best,
  
  Antoine C
  
  Le 30.06.15 17:08, Francois Gaudreault a écrit :
  Yep. These templates are using SSH keys only. I remember having the
  same issue and wasting an hour or so figuring out the root password ;)
 
  Although, cloud-init works well :) That's the good news I guess!
 
  FG
 
  On 2015-06-30 10:27 AM, Len Bellemore wrote:
  Nice one. I'll check this out.
 
  Len
 
  -Original Message-
  From: Jeff Moody [mailto:j...@fifthecho.com]
  Sent: 30 June 2015 15:16
  To: users@cloudstack.apache.org
  Subject: Re: CoreOS images http://dl.openvm.eu/
 
  You would need to register an SSH key and then deploy the VM with the
  keypair option to have the Router VM offer the SSH key to the
  instance when it boots.
  http://cloudstack.apache.org/api/apidocs
  -4.5/user/deployVirtualMachine.html
 
  On Tue, 2015-06-30 at 14:02 +, Len Bellemore wrote:
  Hi Guys,
 
  Has anyone used the CoreOS Cloudstack templates on
  http://dl.openvm.eu/?
 
  It seems like CoreOS access is only via SSH keys, but since these are
  templates, how do I log in?
 
  Am I missing something?
 
  Cheers
  Len
 
 

Re: Console keyboard improvements

[Stephan Seitz]

Hi Erik,

I'ld like to move in, but for the need of a german layout. Maybe we can
join forces :)

cheers,

- Stephan

Am Dienstag, den 23.06.2015, 12:24 +0200 schrieb Erik Weber: 
 Hi,
 
 I am guessing there are more than me that's having trouble with keyboard
 with non-us layouts.
 I'd like to improve it, atleast for my native charset.
 
 Has anyone done something like this, and have some insight into the process?
 
 I've found this [1], that to some degree explain the process.
 If I'm testing locally, what are the steps required to update the files?
 Do they rely on the mgmt server or the console proxy?
 
 If the latter, how do I update it (if not manually)?
 
 If anyone wanna co-work on fixing Norwegian charset, let me know :-)
 
 [1]
 https://cwiki.apache.org/confluence/display/CLOUDSTACK/Non-US+Keyboard+Support+for+Console+Proxy

Re: Console keyboard improvements

[Stephan Seitz]

Hi Erik,

I found following link[1] useful do build a modified virtual router
systemvm.
I assume the very same process can be used for the console-vm.

You can upload your own template to ACS and define it in the settings
area via consoleproxy.system.offering


[1] http://bhaisaab.org/logs/building-systemvms/

cheers,

- Stephan


Am Dienstag, den 23.06.2015, 13:23 +0200 schrieb Erik Weber: 
 Hi Anshul,
 
 Thank you for the update.
 
 Do you have a rough estimate for when this refactor might hit the codebase?
 I don't expect my changes to hit 4.6 due to time constraints anyway, so if
 your changes are around the corner I might as well wait.
 
 Do you happen to know what the easiest way to redeploy systemvm.iso for
 testing purposes is? Intended hypervisor is XenServer, but if it is easier
 with KVM I'm open to switching.
 
 Regards,
 Erik
 
 
 On Tue, Jun 23, 2015 at 1:17 PM, Anshul Gangwar anshul.gang...@citrix.com
 wrote:
 
  Hi Erik,
 
  I will be working on console keyboard support refactoring. The main
  purpose of this refactoring will be to enable end user to add their own
  keyboard mappings without need to know CloudStack code much.
 
  As of now all  keyboard mappings are either into ajaxkeys.js or
  ajaxviewer.js. These files goes into CPVM through systemvm.iso.
 
  Regards,
  Anshul
 
  On 23-Jun-2015, at 3:54 pm, Erik Weber terbol...@gmail.commailto:
  terbol...@gmail.com wrote:
 
  Hi,
 
  I am guessing there are more than me that's having trouble with keyboard
  with non-us layouts.
  I'd like to improve it, atleast for my native charset.
 
  Has anyone done something like this, and have some insight into the
  process?
 
  I've found this [1], that to some degree explain the process.
  If I'm testing locally, what are the steps required to update the files?
  Do they rely on the mgmt server or the console proxy?
 
  If the latter, how do I update it (if not manually)?
 
  If anyone wanna co-work on fixing Norwegian charset, let me know :-)
 
  [1]
 
  https://cwiki.apache.org/confluence/display/CLOUDSTACK/Non-US+Keyboard+Support+for+Console+Proxy
  --
  Erik
 
 

Re: Access root disk after botched upgrade

[Stephan Seitz]

Hi,

on XenServer I'ld expect your SR containing *.vhd files. You could use
the cli xe command to determine which file is attached. Maybe this
info can also be seen in the gui.

Here's a short walkthrough, how to access vhd files:
http://wiki.xen.org/wiki/Mounting_a_.vhd_disk_image_using_blktap/tapdisk

If your vhd file contains partitions, you could do a
kpartx -a /dev/xen/
to get
/dev/mapper/blktap0p[0n]

Depending on your guest OS, e.g. If there's LVM or dm-crypt etc...
inside the following steps vary.

Just use standard linux tools to mount / pvscan / cryptsetup / ...
the /dev/mapper/blktap... partitions.

With additional bind-mounts of /sys, /proc, /run, /dev, /dev/pts you
should be able to chroot into the filesystem and perform the necessary
tasks.

Just as a note: Be careful, to do this only exclusively, say with the
respective VMs powered-off. Also, double check to umount / pvchange
-n / ... every layer you've built. Also kpartx -d the partitions and
unmap the blktap before trying to boot the VM.

Good luck!

- Stephan


Am Sonntag, den 21.06.2015, 12:43 +0200 schrieb France:
 Hi,
 
 after upgrading Ubuntu Linux, the system does not boot, probably because of 
 wrong grub config format:
 (   errorInfo: [Traceback (most recent call last):,   File 
 /usr/bin/pygrub, line 808, in ?, fs = fsimage.open(file, part_offs[0], 
 bootfsoptions), IndexError: list index out of range, ])
 
 How can I get access to disk of this VM, to fix the grub file by hand and try 
 to restart it?
 I have CS 4.3 on XS 6.0.2 with ISCSI disk for virtual instances.
 
 Tnx.
 France.



signature.asc
Description: This is a digitally signed message part

Re: best way to patch or modify systemvm (routervm)

[Stephan Seitz]

Thanks anyway. I'll post my results if it works :)

Am Mittwoch, den 17.06.2015, 12:00 +0200 schrieb Erik Weber: 
 There's multiple parts involved.
 You have the actual system vm template, the systemvm.iso, and remote ssh
 functions.
 
 I am a bit into deep water right now, but I *think* some of the scripts
 used is located in the systemvm.iso, and it might be enough to change those.
 Note that the systemvm.iso is copied to the hypervisors and have to be
 updated there as well as on the mgmt server if you do any changes to it.
 
 I haven't really done what you're trying to do before, so besides pointing
 at the locations I can't really be of much assistance.
 

Re: best way to patch or modify systemvm (routervm)

[Stephan Seitz]

Thanks for your help, Erik.
I'm able to deploy my own version of virtualrouters now :)
Anyway, I'm trying to modify the dnsmasq.conf / dnsmasq.conf.tmpl, which
seems to be impossible since some weird cloud* / init* / somewhat*
script cleans it up during the deployment process.

Could someone please shed some light, where / how the dnsmasq setup is
written?

I grep -r'ed inside my vhd template and think that conf must be pushed
somehow from the outside.

Cheers,

Stephan

Am Dienstag, den 16.06.2015, 19:55 +0200 schrieb Erik Weber: 
 You could upload the vhd as a new template, mark it as 'routing' and set
 the global config option for routers to the new template.
 
 Erik
 
 Den tirsdag 16. juni 2015 skrev Stephan Seitz 
 s.se...@secretresearchfacility.com følgende:
 
  Hi there,
 
  we'ld like to connect to virtualrouters[1] via l2tp/ipsec vpn. In
  general, this works as expected, except vpn-clients are unable to
  use the virtualrouter as DNS-Server (which is correctly propagated to
  the vpn-clients).
 
  Inside the VR, /etc/dnsmasq.conf shows
  interface=eth0
  except-interface=eth1
  except-interface=eth2
  except-interface=lo
  listen-address=10.254.254.1
 
  ppp0 is never covered by that configuration.
 
  As a quick fix, I removed the interface= and listen-address= line.
  To get rid of those lines, I also removed them in /etc/dnsmasq.conf.tmpl
  and commented one dnsmasq.conf-related sed
  in /etc/init.d/cloud-early-config.
 
 
  I did the very same changes inside the 4.5 systevm-template. I used
  blktap to get access to the vhd.
 
  All I did shows no effect to the VRs. Every deployment seems completely
  unaltered, so I'ld like to ask how (and where) I'm able to patch ( or
  personalize ) my router-VMs.
 
 
  Thank's for any suggestions!
 
  cheers,
  - Stephan
 
 
 
  [1] root@r-55-VM:~# cat /etc/cloudstack-release
  Cloudstack Release 4.5.1 Tue May  5 00:33:58 UTC 2015
 
 
 
 

best way to patch or modify systemvm (routervm)

[Stephan Seitz]

Hi there,

we'ld like to connect to virtualrouters[1] via l2tp/ipsec vpn. In
general, this works as expected, except vpn-clients are unable to
use the virtualrouter as DNS-Server (which is correctly propagated to
the vpn-clients).

Inside the VR, /etc/dnsmasq.conf shows
interface=eth0
except-interface=eth1
except-interface=eth2
except-interface=lo
listen-address=10.254.254.1

ppp0 is never covered by that configuration.

As a quick fix, I removed the interface= and listen-address= line.
To get rid of those lines, I also removed them in /etc/dnsmasq.conf.tmpl
and commented one dnsmasq.conf-related sed
in /etc/init.d/cloud-early-config.


I did the very same changes inside the 4.5 systevm-template. I used
blktap to get access to the vhd.

All I did shows no effect to the VRs. Every deployment seems completely
unaltered, so I'ld like to ask how (and where) I'm able to patch ( or
personalize ) my router-VMs.


Thank's for any suggestions!

cheers,
- Stephan



[1] root@r-55-VM:~# cat /etc/cloudstack-release 
Cloudstack Release 4.5.1 Tue May  5 00:33:58 UTC 2015

acs 4.4.2 / wrong gateway in VirtualRouter

[Stephan Seitz]

Hi all,

In an advanced zone, I've configured the following IP range for the
system public Label on VLAN Id 62.

Gateway | Netmask | VLAN  | Start-IP | End-IP 
10.241.62.1 | 255.255.255.192 | vlan://62 | 10.241.62.10 | 10.241.62.62 


Additionally, I've added Guest, shared Network:

Name | Type   | VLAN ID | brodcast URI | IPv4 CIDR   
sharedv4 | Shared | 62  | vlan://62| 10.241.62.64/26


Both /26 Networks are equipped with a gateway at 10.241.62.1 for the
system and 10.241.62.65 for the guest one.
Even if they're separated on L3, they indeed are on the same VLAN Id.

My Problem is: Most times a new isolated network spawns its new
VirtualRouter, the router's public IPv4 is located in the sharedv4
network, the gateway instead is configured to the system one.

That's the /proc/cmdline of a virtualrouter:

root=UUID=4cf8fced-9de4-47bd-834d-f14e2ddb36e2 ro debian-installer=en_US
quiet -- quiet console=hvc0%template=domP%name=r-1376-VM%
eth2ip=10.241.62.85%eth2mask=255.255.255.192%gateway=10.241.62.1%
eth0ip=10.1.1.1%eth0mask=255.255.255.0%domain=testing.infra%cidrsize=24%
dhcprange=10.1.1.1%eth1ip=169.254.3.199%eth1mask=255.255.0.0%type=router
%%dns1=195.10.208.2%dns2=91.198.250.2

For better reading:
eth2ip   = 10.241.62.85
eth2mask = 255.255.255.192
gateway  = 10.241.62.1

That gateway can't be reached from within 10.241.62.85/255.255.255.192

(All IP's are real public IP's I've just redacted the prefix to look
like RFC1918.)

Could someone please shed some light?

Maybe I did something wrong by separating the networks, but sharing them
on the same VLAN?

Hosts are XenServer 6.2.

Thanks!

- Stephan

Re: Major breakage in GUI after upgrade from 4.3.2 to 4.4.2

[Stephan Seitz]

Andrei,

the second Tab (right of 'details') shows 'zone'.

Regarding your second question in another post: Edit and Delete moved to
the 'zone' tab. It's no longer shown below the 'details'. That changed
during the last updates. (Behavior is similar to User-Show
Usernames-User-edit)

Anyhow, have you tried ACS with 'english' as your account language? I've
seen similar 'label.anything' in my german localization. I think,
there's just some translation missing.

Am Montag, den 02.02.2015, 16:58 + schrieb Andrei Mikhailovsky:
 Stephan, 
 
 Could you please let me know what is the name of the second tab when you go 
 to Templates  Select any template. You should see two tabs. Details and 
 Zones (on my gui it shows label.zones instead). 
 
 P.S. on my acs if i go to Templaes and click the Edit button, the Apply 
 button is not misplaced. It is shown right next to the Cancel button. 
 
 Thanks 
 
 Andrei 
 - Original Message -
 
  From: Stephan Seitz s.se...@secretresearchfacility.com
  To: users@cloudstack.apache.org
  Sent: Monday, 2 February, 2015 2:48:33 PM
  Subject: Re: Major breakage in GUI after upgrade from 4.3.2 to 4.4.2
 
  Hi,
 
  one GUI issue I found so far in 4.4.2 is a misplaced apply-button
  if
  you edit the details of templates. This seems browser-dependent, on
  firefox it somehow works, on chromium the button is completely
  invisible.
 
  If you're unable to start any VM, I assume you didn't install the
  updated systemvm's?
 
  cheers,
 
  - Stephan
 
  Am Montag, den 02.02.2015, 12:39 + schrieb Andrei Mikhailovsky:
   Hi guys,
  
   I've recently upgraded my ASC from version 4.3.2 to version 4.4.2.
   The upgrade process went well without any setbacks or issues. I've
   not seen any errors in the log files. All looks good apart from
   the GUI issues. I've tried to clear browser caches and pressed
   force refresh as well. This happens in Firefox as well as Chrome.
  
   The following major issue that i've identified so far:
  
   1. I can no longer create new instances. Regardless of if I am
   doing it from the ISO or existing Templates. After following the
   Add Instance wizard and clicking on the Launch button nothing
   happens. The wizard window becomes shaded and the spinning circle
   appears. I've left it for hours without any change. When the
   Launch button is pressed, the management server does not receive
   an API call to create an instance. There are actually nothing in
   the logs after the button is pressed. However, I can successfully
   create new instances by using the CloudMonkey.
  
   The following minor issues that i've seen so far:
  
   1. The elements in the Dashboard screen are not fitting their
   corresponding boxes. They stick out and not aligning properly
   2. Some Tabs are now labeled properly and instead show something
   like: label.zones or label.add.isolated.network and a few more
   that i've noticed, but can't recall exactly what they were.
  
  
   Has anyone else seen these types of issues with the 4.4.x branch?
   Any thoughts on what is causing the issues and how to resolve
   them?
  
   Thanks
  
   Andrei



signature.asc
Description: This is a digitally signed message part


smime.p7s
Description: S/MIME cryptographic signature

Re: Major breakage in GUI after upgrade from 4.3.2 to 4.4.2

[Stephan Seitz]

Hi,

one GUI issue I found so far in 4.4.2 is a misplaced apply-button if
you edit the details of templates. This seems browser-dependent, on
firefox it somehow works, on chromium the button is completely
invisible.

If you're unable to start any VM, I assume you didn't install the
updated systemvm's?

cheers,

- Stephan

Am Montag, den 02.02.2015, 12:39 + schrieb Andrei Mikhailovsky: 
 Hi guys, 
 
 I've recently upgraded my ASC from version 4.3.2 to version 4.4.2. The 
 upgrade process went well without any setbacks or issues. I've not seen any 
 errors in the log files. All looks good apart from the GUI issues. I've tried 
 to clear browser caches and pressed force refresh as well. This happens in 
 Firefox as well as Chrome. 
 
 The following major issue that i've identified so far: 
 
 1. I can no longer create new instances. Regardless of if I am doing it from 
 the ISO or existing Templates. After following the Add Instance wizard and 
 clicking on the Launch button nothing happens. The wizard window becomes 
 shaded and the spinning circle appears. I've left it for hours without any 
 change. When the Launch button is pressed, the management server does not 
 receive an API call to create an instance. There are actually nothing in the 
 logs after the button is pressed. However, I can successfully create new 
 instances by using the CloudMonkey. 
 
 The following minor issues that i've seen so far: 
 
 1. The elements in the Dashboard screen are not fitting their corresponding 
 boxes. They stick out and not aligning properly 
 2. Some Tabs are now labeled properly and instead show something like: 
 label.zones or label.add.isolated.network and a few more that i've noticed, 
 but can't recall exactly what they were. 
 
 
 Has anyone else seen these types of issues with the 4.4.x branch? Any 
 thoughts on what is causing the issues and how to resolve them? 
 
 Thanks 
 
 Andrei 

Re: cloudmonkey / deploy virtualmachine from ISO

[Stephan Seitz]

Hi,

Am Dienstag, den 27.01.2015, 23:40 +0100 schrieb Rene Moser: 
 Hi
 
 On 01/27/2015 05:30 PM, Stephan Seitz wrote:
  Hi there,
  
  The logfile states, that the HyperVisorType does not match my running
  cluster. Interestingly, It works, If I deploy the very same machine via
  GUI. The ISO Template has OS Type Other (64-bit).
 
 I assume you have not touched the global setting about hypervisors, so
 there are still all hypervisors configured and if you don't provide the
 param hypervisor=KVM|VMware|... it will take the first specified in
 the global settings IMHO.

No. So far, I didn't touch the global settings. The defaults show a lot
of Hypervisors plus BareMetal and LXC. The preferred was set to
XenServer (which I'm using in that Zone as single technology).

I added the hypervisor=XenServer to my cloudmonkey commandline and it
worked :).
Interestingly I was never in the need for adding the hypervisor
statement. Using ISO as templateid obviously needs this.

Thank's for your suggestion!

cheers,

- Stephan

Re: booting instances via pxe/tftp

[Stephan Seitz]

Erik,

 I've used the iPXE iso to boot successfully multiple times. Requires
 nothing on the hypervisor as far as I know, but I don't know how it works
 after you have an OS installed (I'm using it to bootstrap machines).

thank's for your reply!

This is exactly what I was looking for.

After digging a little further, I stumbled upon
https://github.com/mindjiver/packer-cloudstack

Particularly the ipxe Image that guy built is very nice, since it
chain-loads via userdata.

So what I finally did with a very similar ipxe.iso is:

cat recipe __EOF__
#!ipxe
kernel http://10.10.1.254/vmlinuz root=/dev/nfs vga=normal
nsroot=10.10.1.254:/nfs-image-installer/install ip=dhcp rw --
initrd http://10.10.1.254/initrd.img
boot
__EOF__

b64recipe=$(cat recipe | base64 -w0)

cloudmonkey update virtualmachine id=$vmid userdata=$b64recipe


Well, the first steps are done. Now I have to figure out a convenient
way for my virtualrouter to give dhcp leases also to non-ACS machines /
make cloudstack aware of other machines...

So far, thank's again!

- Stephan