Re: [one-users] Add Ec2 Host to OpenNebula 4.8 for Cloudbursting
Hi, Could you check if there is any error in /var/log/one/oned.log? Cheers On 24 October 2014 10:18, i...@cyle.ch wrote: Hi Steven they are all installed any other suggestion? as soon as i create a new host with ec2 it fails in to error state thank for response Cyrill Quoting Steven C Timm t...@fnal.gov: We did this on a test server a while ago in an early open nebula version. Check to be sure that you have all the required Ruby gems installed. I believe there is an aws-specific one you have to install just to make the AWS stuff work. Steve Timm From: Users [users-boun...@lists.opennebula.org] on behalf of i...@cyle.ch [i...@cyle.ch] Sent: Wednesday, October 22, 2014 3:03 PM To: users@lists.opennebula.org Subject: [one-users] Add Ec2 Host to OpenNebula 4.8 for Cloudbursting Dear Community i try to add an ec2 host for Cloudbursting to my OpenNebula 4.8 Private Cloud. i have configured IM_MAD = [ name = ec2, executable = one_im_sh, arguments = -c -t 1 -r 0 ec2 ] VM_MAD = [ name = ec2, executable = one_vmm_sh, arguments = -t 15 -r 0 ec2, type = xml ] in the /etc/one/oned.conf AND: regions: default: region_name: eu-west-1 access_key_id: My_ACCESS_KEY secret_access_key: MY_SECRET_ACCESS_KEY capacity: m1.small: 5 m1.large: 0 m1.xlarge: 0 in /etc/one/ec2_driver.conf but, if i create the ec2 host with: onehost create ec2 --im ec2 --vm ec2 --net dummy i always receive an error message ec2 err | ERROR Wed Oct 22 21:52:54 2014 : Error monitoring Host eu-west-1 (26): Error executing poll Thanks for assistance Best regards Cyrill ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- -- Daniel Molina Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] econe server and sha1
Hi, Could you try using the password returned by oneuser show alfeijoo Cheers On 22 October 2014 15:57, Alejandro Feijóo alfei...@cesga.es wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi. Im try to setup the econe-server at our preproduction opennebula. After setup using guide(1), im able to start service, and it seems are ok and working. (CODE)- oneadmin@test ~]$ econe-server start econe-server started [oneadmin@test ~]$ tail -f /var/log/one/econe-server.log :terminated_instances_expiration_time=900, :use_file_templates=false, :instance_types={:m1.small={:template=m1.small.erb}}, :associate_script=/usr/bin/false, :disassociate_script=/usr/bin/false, :ebs_fstype=ext3, :template_location=/etc/one/ec2query_templates, :views=/usr/lib/one/ruby/cloud/econe/views} - -- (/CODE)- but i think there are any problem on my config or similar... because any command always return the same error: root@test ~]# econe-describe-images --access-key alfeijoo --secret-key 862fa61ff082f32a1654e33a29929a8bac8a75d1 econe-describe-images: The username or password is not correct The secret key that i used is the return of the commands: echo my_pass | sha1sum 862fa61ff082f32a1654e33a29929a8bac8a75d1 i tried too create an user with sha1 direct: oneuser create alfeijoo --sha1 862fa61ff082f32a1654e33a29929a8bac8a75d1 but the error are the same.. All of that test are at localhost, and the server seems that work but return an 401 error. Wed Oct 22 12:49:08 2014 [I]: Updating user pool cache. Wed Oct 22 12:49:08 2014 [I]: 127.0.0.1 - - [22/Oct/2014 12:49:08] POST / HTTP/1.1 401 285 0.0792 Wed Oct 22 12:51:44 2014 [I]: Updating user pool cache. Wed Oct 22 12:51:44 2014 [I]: 127.0.0.1 - - [22/Oct/2014 12:51:44] POST / HTTP/1.1 401 285 0.0063 Any idea? # OpenNebula sever contact information :one_xmlrpc: http://localhost:2633/RPC2 # Host and port where econe server will run :host: 0.0.0.0 :port: 4567 1: http://docs.opennebula.org/4.8/advanced_administration/public_cloud/ec2qcg.html - -- Alejandro Feijóo Fraga Systems Technician CESGA -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJUR7fAAAoJEKshAoM6XWq52gkH/09Vi32iQr+1+RSa3mpB+SJo AhVrgu06ppVzbLId66SZrNyudGuL2bYaXo5F6+bAbCSNPGdhZ2/pPZoHVIHdlk1n Ccr9HX6NCYctTHqyjsKtJ7YcFuMMcNxSEr9A8K55gVQV1H9keAIbnGK8ktRsEde8 80Qrupk39X9O7mGMuNKUQJvBHTo6sl/5lupRTjW2OddCJ8tbeSQy4GbCrl2wjTVF cdzs3jdLFzZSbLblHAzBEdswOBwkBIVull0E0VaTGmE975N/6ZqJBhDrGk87mOJo i/auraN/lZ8CstteQvPRsoPeNWwAW06yAmr1Wz23OW8v9ftU1QRrmfxskuoT9Nc= =0UQh -END PGP SIGNATURE- ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- -- Daniel Molina Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Add Ec2 Host to OpenNebula 4.8 for Cloudbursting
Fri Oct 24 11:17:09 2014 [Z0][InM][D]: Monitoring host eu-west-1 (31) Fri Oct 24 11:17:09 2014 [Z0][InM][I]: Command execution fail: /var/lib/one/remotes/im/run_probes ec2 /var/lib/one//datastores 4124 20 31 eu-west-1 Fri Oct 24 11:17:09 2014 [Z0][InM][I]: /usr/lib/ruby/1.8/yaml.rb:133:in `load': syntax error on line 1, col 9: `default:' (ArgumentError) Fri Oct 24 11:17:09 2014 [Z0][InM][I]: from /usr/lib/ruby/1.8/yaml.rb:133:in `load' Fri Oct 24 11:17:09 2014 [Z0][InM][I]: from ./../../vmm/ec2/ec2_driver.rb:208:in `initialize' Fri Oct 24 11:17:09 2014 [Z0][InM][I]: from ./poll:24:in `new' Fri Oct 24 11:17:09 2014 [Z0][InM][I]: from ./poll:24 Fri Oct 24 11:17:09 2014 [Z0][InM][E]: Error executing poll Fri Oct 24 11:17:09 2014 [Z0][InM][I]: ExitCode: 1 Fri Oct 24 11:17:09 2014 [Z0][ONE][E]: Error monitoring Host eu-west-1 (31): Error executing poll Thanks Cyrill Quoting Daniel Molina dmol...@opennebula.org: Hi, Could you check if there is any error in /var/log/one/oned.log? Cheers On 24 October 2014 10:18, i...@cyle.ch wrote: Hi Steven they are all installed any other suggestion? as soon as i create a new host with ec2 it fails in to error state thank for response Cyrill Quoting Steven C Timm t...@fnal.gov: We did this on a test server a while ago in an early open nebula version. Check to be sure that you have all the required Ruby gems installed. I believe there is an aws-specific one you have to install just to make the AWS stuff work. Steve Timm From: Users [users-boun...@lists.opennebula.org] on behalf of i...@cyle.ch [i...@cyle.ch] Sent: Wednesday, October 22, 2014 3:03 PM To: users@lists.opennebula.org Subject: [one-users] Add Ec2 Host to OpenNebula 4.8 for Cloudbursting Dear Community i try to add an ec2 host for Cloudbursting to my OpenNebula 4.8 Private Cloud. i have configured IM_MAD = [ name = ec2, executable = one_im_sh, arguments = -c -t 1 -r 0 ec2 ] VM_MAD = [ name = ec2, executable = one_vmm_sh, arguments = -t 15 -r 0 ec2, type = xml ] in the /etc/one/oned.conf AND: regions: default: region_name: eu-west-1 access_key_id: My_ACCESS_KEY secret_access_key: MY_SECRET_ACCESS_KEY capacity: m1.small: 5 m1.large: 0 m1.xlarge: 0 in /etc/one/ec2_driver.conf but, if i create the ec2 host with: onehost create ec2 --im ec2 --vm ec2 --net dummy i always receive an error message ec2 err | ERROR Wed Oct 22 21:52:54 2014 : Error monitoring Host eu-west-1 (26): Error executing poll Thanks for assistance Best regards Cyrill ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- -- Daniel Molina Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Add Ec2 Host to OpenNebula 4.8 for Cloudbursting
It looks like you have a syntax error in ec2_driver.conf On 24 October 2014 11:25, i...@cyle.ch wrote: Fri Oct 24 11:17:09 2014 [Z0][InM][D]: Monitoring host eu-west-1 (31) Fri Oct 24 11:17:09 2014 [Z0][InM][I]: Command execution fail: /var/lib/one/remotes/im/run_probes ec2 /var/lib/one//datastores 4124 20 31 eu-west-1 Fri Oct 24 11:17:09 2014 [Z0][InM][I]: /usr/lib/ruby/1.8/yaml.rb:133:in `load': syntax error on line 1, col 9: `default:' (ArgumentError) Fri Oct 24 11:17:09 2014 [Z0][InM][I]: from /usr/lib/ruby/1.8/yaml.rb:133:in `load' Fri Oct 24 11:17:09 2014 [Z0][InM][I]: from ./../../vmm/ec2/ec2_driver.rb:208:in `initialize' Fri Oct 24 11:17:09 2014 [Z0][InM][I]: from ./poll:24:in `new' Fri Oct 24 11:17:09 2014 [Z0][InM][I]: from ./poll:24 Fri Oct 24 11:17:09 2014 [Z0][InM][E]: Error executing poll Fri Oct 24 11:17:09 2014 [Z0][InM][I]: ExitCode: 1 Fri Oct 24 11:17:09 2014 [Z0][ONE][E]: Error monitoring Host eu-west-1 (31): Error executing poll Thanks Cyrill Quoting Daniel Molina dmol...@opennebula.org: Hi, Could you check if there is any error in /var/log/one/oned.log? Cheers On 24 October 2014 10:18, i...@cyle.ch wrote: Hi Steven they are all installed any other suggestion? as soon as i create a new host with ec2 it fails in to error state thank for response Cyrill Quoting Steven C Timm t...@fnal.gov: We did this on a test server a while ago in an early open nebula version. Check to be sure that you have all the required Ruby gems installed. I believe there is an aws-specific one you have to install just to make the AWS stuff work. Steve Timm From: Users [users-boun...@lists.opennebula.org] on behalf of i...@cyle.ch [i...@cyle.ch] Sent: Wednesday, October 22, 2014 3:03 PM To: users@lists.opennebula.org Subject: [one-users] Add Ec2 Host to OpenNebula 4.8 for Cloudbursting Dear Community i try to add an ec2 host for Cloudbursting to my OpenNebula 4.8 Private Cloud. i have configured IM_MAD = [ name = ec2, executable = one_im_sh, arguments = -c -t 1 -r 0 ec2 ] VM_MAD = [ name = ec2, executable = one_vmm_sh, arguments = -t 15 -r 0 ec2, type = xml ] in the /etc/one/oned.conf AND: regions: default: region_name: eu-west-1 access_key_id: My_ACCESS_KEY secret_access_key: MY_SECRET_ACCESS_KEY capacity: m1.small: 5 m1.large: 0 m1.xlarge: 0 in /etc/one/ec2_driver.conf but, if i create the ec2 host with: onehost create ec2 --im ec2 --vm ec2 --net dummy i always receive an error message ec2 err | ERROR Wed Oct 22 21:52:54 2014 : Error monitoring Host eu-west-1 (26): Error executing poll Thanks for assistance Best regards Cyrill ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- -- Daniel Molina Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula -- -- Daniel Molina Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Add Ec2 Host to OpenNebula 4.8 for Cloudbursting
my ec2.driver.conf regions: default: region_name: eu-west-1 access_key_id:X secret_access_key:X capacity: t2.small: 5 m1.small: 2 m1.medium: 1 m1.large: 1 instance_types: m1.small: cpu: 1 memory: 1.7 m1.medium: cpu: 1 memory: 3.75 m1.large: cpu: 2 memory: 7.5 m1.xlarge: cpu: 4 memory: 15 /etc/one/ec2_driver.conf 62L, 1170C Quoting Daniel Molina dmol...@opennebula.org: It looks like you have a syntax error in ec2_driver.conf On 24 October 2014 11:25, i...@cyle.ch wrote: Fri Oct 24 11:17:09 2014 [Z0][InM][D]: Monitoring host eu-west-1 (31) Fri Oct 24 11:17:09 2014 [Z0][InM][I]: Command execution fail: /var/lib/one/remotes/im/run_probes ec2 /var/lib/one//datastores 4124 20 31 eu-west-1 Fri Oct 24 11:17:09 2014 [Z0][InM][I]: /usr/lib/ruby/1.8/yaml.rb:133:in `load': syntax error on line 1, col 9: `default:' (ArgumentError) Fri Oct 24 11:17:09 2014 [Z0][InM][I]: from /usr/lib/ruby/1.8/yaml.rb:133:in `load' Fri Oct 24 11:17:09 2014 [Z0][InM][I]: from ./../../vmm/ec2/ec2_driver.rb:208:in `initialize' Fri Oct 24 11:17:09 2014 [Z0][InM][I]: from ./poll:24:in `new' Fri Oct 24 11:17:09 2014 [Z0][InM][I]: from ./poll:24 Fri Oct 24 11:17:09 2014 [Z0][InM][E]: Error executing poll Fri Oct 24 11:17:09 2014 [Z0][InM][I]: ExitCode: 1 Fri Oct 24 11:17:09 2014 [Z0][ONE][E]: Error monitoring Host eu-west-1 (31): Error executing poll Thanks Cyrill Quoting Daniel Molina dmol...@opennebula.org: Hi, Could you check if there is any error in /var/log/one/oned.log? Cheers On 24 October 2014 10:18, i...@cyle.ch wrote: Hi Steven they are all installed any other suggestion? as soon as i create a new host with ec2 it fails in to error state thank for response Cyrill Quoting Steven C Timm t...@fnal.gov: We did this on a test server a while ago in an early open nebula version. Check to be sure that you have all the required Ruby gems installed. I believe there is an aws-specific one you have to install just to make the AWS stuff work. Steve Timm From: Users [users-boun...@lists.opennebula.org] on behalf of i...@cyle.ch [i...@cyle.ch] Sent: Wednesday, October 22, 2014 3:03 PM To: users@lists.opennebula.org Subject: [one-users] Add Ec2 Host to OpenNebula 4.8 for Cloudbursting Dear Community i try to add an ec2 host for Cloudbursting to my OpenNebula 4.8 Private Cloud. i have configured IM_MAD = [ name = ec2, executable = one_im_sh, arguments = -c -t 1 -r 0 ec2 ] VM_MAD = [ name = ec2, executable = one_vmm_sh, arguments = -t 15 -r 0 ec2, type = xml ] in the /etc/one/oned.conf AND: regions: default: region_name: eu-west-1 access_key_id: My_ACCESS_KEY secret_access_key: MY_SECRET_ACCESS_KEY capacity: m1.small: 5 m1.large: 0 m1.xlarge: 0 in /etc/one/ec2_driver.conf but, if i create the ec2 host with: onehost create ec2 --im ec2 --vm ec2 --net dummy i always receive an error message ec2 err | ERROR Wed Oct 22 21:52:54 2014 : Error monitoring Host eu-west-1 (26): Error executing poll Thanks for assistance Best regards Cyrill ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- -- Daniel Molina Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula -- -- Daniel Molina Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] How to protect a virtual network from being used by users?
Hello, I (as oneadmin) have configured two virtual networks: - one named default for use by regular users to deploy disposable test VMs - one named SPECIAL for use by the admin to create servers that will not be disposable but will stay always ON Both networks have different IP ranges so that you could easily tell whether it's a server or a disposable test VM by looking at it's IP address. I have set up Opennebula with LDAP authentication. LDAP users authenticate just fine and are able to create themselves VMs using those templates that the admin has allowed for them. Now, I'd like to make so that only default virtual network is exposed to regular users, and SPECIAL is not seen by them. Currently, both networks have the following permissions: - Owner: use, manage - Group none - Other: none Users still can use both of these when they deploy a test VM although permissions clearly state they shouldn't be able to see any of them. What is wrong with the permissions? -- Pavel Tankov ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] Users can't create VMs with large capacity (in the cloud view)
Hello, CentOS6.5 - KVM - Opennebula 4.8 My users log in to the cloud view. I have prepared templates for them. They can instantiate VMs with the default capacity, but if they decide to choose anything other than the default, e.g. Change Capacity -- small-x2 or medium-x2 or whatever, the VM never boots up, it stays in PENDING and there are no logs. What could be the problem? Is it some quota that exists by default for regular users? I have not set up restrictions deliberately. Thanks, Pavel Tankov ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] How to protect a virtual network from being used by users?
Hello Ondra, You are right, I just saw the ACLs. They are by default created like this: $ oneacl list ID USER RES_VHNIUTGDCOZ RID OPE_UMAC ZONE 0 @1 V-NI-T---O- * ---c#0 1* --Z * u--- * 2 @1 -H- * -m--#0 3 @1 --ND--- * u---#0 (or see the attached screen shot) The group named users is denoted by @1. So, it looks like in the very first ALC (ID 0) the group @1 (users) is granted a CREATE permission on all Virtual Networks (Resource ID *). Which may be OK or not, it depends what you want. But then ACL (ID 3) grants the group @1 (users) the permission to use any Virtual Network (RID *). The ACLs have permissive nature so once granted I can't restrict it with a later rule. I could only re-write the default ACLs completely, which I am not quite willing to try. The documentation says (http://docs.opennebula.org/4.8/administration/users_and_groups/manage_acl.html): Please note: the ACL rules is an advanced mechanism. For most use cases, you should be able to rely on the built-in resource permissions and the ACL Rules created automatically when a group is created, and when a resource provider is added. But it looks like *all* Vritual Networks are meant to be used by *anyone* by default and there is not much I can do about it with the normal means, namely with the resource permissions. Is that so, indeed, or where am I wrong? Pavel Tankov On 10/24/2014 04:33 PM, Hamada, Ondrej wrote: Hi Pavel, Have you checked ACLs as well? I guess that one of the default ACL grants all users the 'use' permission for all 'networks'. Ondra -Original Message- From: Users [mailto:users-boun...@lists.opennebula.org] On Behalf Of Pavel Tankov Sent: Friday, October 24, 2014 12:09 PM To: users@lists.opennebula.org Subject: [one-users] How to protect a virtual network from being used by users? Hello, I (as oneadmin) have configured two virtual networks: - one named default for use by regular users to deploy disposable test VMs - one named SPECIAL for use by the admin to create servers that will not be disposable but will stay always ON Both networks have different IP ranges so that you could easily tell whether it's a server or a disposable test VM by looking at it's IP address. I have set up Opennebula with LDAP authentication. LDAP users authenticate just fine and are able to create themselves VMs using those templates that the admin has allowed for them. Now, I'd like to make so that only default virtual network is exposed to regular users, and SPECIAL is not seen by them. Currently, both networks have the following permissions: - Owner: use, manage - Group none - Other: none Users still can use both of these when they deploy a test VM although permissions clearly state they shouldn't be able to see any of them. What is wrong with the permissions? -- Pavel Tankov ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding. ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] How to protect a virtual network from being used by users?
Hi Pavel, Well, I suppose it is the default. I was also struggling with it and finally I had to replace the default ACLs with more strict ones. You can try to solve the network separation on template level if you don't want to play with ACLs. Ondra -Original Message- From: Pavel Tankov [mailto:pavel.tan...@strategyobject.com] Sent: Friday, October 24, 2014 4:01 PM To: Hamada, Ondrej; users@lists.opennebula.org Subject: Re: [one-users] How to protect a virtual network from being used by users? Hello Ondra, You are right, I just saw the ACLs. They are by default created like this: $ oneacl list ID USER RES_VHNIUTGDCOZ RID OPE_UMAC ZONE 0 @1 V-NI-T---O- * ---c#0 1* --Z * u--- * 2 @1 -H- * -m--#0 3 @1 --ND--- * u---#0 (or see the attached screen shot) The group named users is denoted by @1. So, it looks like in the very first ALC (ID 0) the group @1 (users) is granted a CREATE permission on all Virtual Networks (Resource ID *). Which may be OK or not, it depends what you want. But then ACL (ID 3) grants the group @1 (users) the permission to use any Virtual Network (RID *). The ACLs have permissive nature so once granted I can't restrict it with a later rule. I could only re-write the default ACLs completely, which I am not quite willing to try. The documentation says (http://docs.opennebula.org/4.8/administration/users_and_groups/manage_acl.html): Please note: the ACL rules is an advanced mechanism. For most use cases, you should be able to rely on the built-in resource permissions and the ACL Rules created automatically when a group is created, and when a resource provider is added. But it looks like *all* Vritual Networks are meant to be used by *anyone* by default and there is not much I can do about it with the normal means, namely with the resource permissions. Is that so, indeed, or where am I wrong? Pavel Tankov On 10/24/2014 04:33 PM, Hamada, Ondrej wrote: Hi Pavel, Have you checked ACLs as well? I guess that one of the default ACL grants all users the 'use' permission for all 'networks'. Ondra -Original Message- From: Users [mailto:users-boun...@lists.opennebula.org] On Behalf Of Pavel Tankov Sent: Friday, October 24, 2014 12:09 PM To: users@lists.opennebula.org Subject: [one-users] How to protect a virtual network from being used by users? Hello, I (as oneadmin) have configured two virtual networks: - one named default for use by regular users to deploy disposable test VMs - one named SPECIAL for use by the admin to create servers that will not be disposable but will stay always ON Both networks have different IP ranges so that you could easily tell whether it's a server or a disposable test VM by looking at it's IP address. I have set up Opennebula with LDAP authentication. LDAP users authenticate just fine and are able to create themselves VMs using those templates that the admin has allowed for them. Now, I'd like to make so that only default virtual network is exposed to regular users, and SPECIAL is not seen by them. Currently, both networks have the following permissions: - Owner: use, manage - Group none - Other: none Users still can use both of these when they deploy a test VM although permissions clearly state they shouldn't be able to see any of them. What is wrong with the permissions? -- Pavel Tankov ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding. ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding. ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Add Ec2 Host to OpenNebula 4.8 for Cloudbursting
any idea? Quoting Daniel Molina dmol...@opennebula.org: It looks like you have a syntax error in ec2_driver.conf On 24 October 2014 11:25, i...@cyle.ch wrote: Fri Oct 24 11:17:09 2014 [Z0][InM][D]: Monitoring host eu-west-1 (31) Fri Oct 24 11:17:09 2014 [Z0][InM][I]: Command execution fail: /var/lib/one/remotes/im/run_probes ec2 /var/lib/one//datastores 4124 20 31 eu-west-1 Fri Oct 24 11:17:09 2014 [Z0][InM][I]: /usr/lib/ruby/1.8/yaml.rb:133:in `load': syntax error on line 1, col 9: `default:' (ArgumentError) Fri Oct 24 11:17:09 2014 [Z0][InM][I]: from /usr/lib/ruby/1.8/yaml.rb:133:in `load' Fri Oct 24 11:17:09 2014 [Z0][InM][I]: from ./../../vmm/ec2/ec2_driver.rb:208:in `initialize' Fri Oct 24 11:17:09 2014 [Z0][InM][I]: from ./poll:24:in `new' Fri Oct 24 11:17:09 2014 [Z0][InM][I]: from ./poll:24 Fri Oct 24 11:17:09 2014 [Z0][InM][E]: Error executing poll Fri Oct 24 11:17:09 2014 [Z0][InM][I]: ExitCode: 1 Fri Oct 24 11:17:09 2014 [Z0][ONE][E]: Error monitoring Host eu-west-1 (31): Error executing poll Thanks Cyrill Quoting Daniel Molina dmol...@opennebula.org: Hi, Could you check if there is any error in /var/log/one/oned.log? Cheers On 24 October 2014 10:18, i...@cyle.ch wrote: Hi Steven they are all installed any other suggestion? as soon as i create a new host with ec2 it fails in to error state thank for response Cyrill Quoting Steven C Timm t...@fnal.gov: We did this on a test server a while ago in an early open nebula version. Check to be sure that you have all the required Ruby gems installed. I believe there is an aws-specific one you have to install just to make the AWS stuff work. Steve Timm From: Users [users-boun...@lists.opennebula.org] on behalf of i...@cyle.ch [i...@cyle.ch] Sent: Wednesday, October 22, 2014 3:03 PM To: users@lists.opennebula.org Subject: [one-users] Add Ec2 Host to OpenNebula 4.8 for Cloudbursting Dear Community i try to add an ec2 host for Cloudbursting to my OpenNebula 4.8 Private Cloud. i have configured IM_MAD = [ name = ec2, executable = one_im_sh, arguments = -c -t 1 -r 0 ec2 ] VM_MAD = [ name = ec2, executable = one_vmm_sh, arguments = -t 15 -r 0 ec2, type = xml ] in the /etc/one/oned.conf AND: regions: default: region_name: eu-west-1 access_key_id: My_ACCESS_KEY secret_access_key: MY_SECRET_ACCESS_KEY capacity: m1.small: 5 m1.large: 0 m1.xlarge: 0 in /etc/one/ec2_driver.conf but, if i create the ec2 host with: onehost create ec2 --im ec2 --vm ec2 --net dummy i always receive an error message ec2 err | ERROR Wed Oct 22 21:52:54 2014 : Error monitoring Host eu-west-1 (26): Error executing poll Thanks for assistance Best regards Cyrill ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- -- Daniel Molina Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula -- -- Daniel Molina Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] FREEMEMORY as RANK variable
Hi Steven, On Sat, Oct 11, 2014 at 6:05 AM, Steven C Timm t...@fnal.gov wrote: During most of the time we have been running OpenNebula 2 and 3 we have been using a rank based on FREEMEMORY. We are now doing tests using OpenNebula 4.8, in a use case where we are filling up an empty cloud. FREEMEMORY still in theory should be an accurate value FREEMEMORY hasn't been a Host attribute for a few versions. I can't remember exactly when it was removed, but it is not part of the host now. The predefined variables you can use in the rank or requirements are [1]: NAME MAX_CPU MAX_MEM FREE_MEM FREE_CPU USED_MEM USED_CPU HYPERVISOR By the way, I see this list is buried too deep in the docs, so I'll try to move it to a new section and explain each attribute. but the problem is that 6-7 VM's are typically being launched on every SCHED cycle and so a node that starts out with all of its memory free will end up full of virtual machines in a single cycle. Once we got to a full cloud and steady-state it would be fine but when you have 8 VM's starting at once on an old 8-core node, it takes much longer than it otherwise would. Any cheap suggestions to get the default scheduler to do a more horizontal fill? Steve Timm In /etc/one/sched.conf [2] you can set MAX_HOST to 1. This forces the scheduler to launch one VM to each host per cycle. Combined with the SCHED_INTERVAL, you can configure a slower deployment rate. Best regards, Carlos. [1] http://docs.opennebula.org/4.8/user/references/template.html#requirement-expression-syntax [2] http://docs.opennebula.org/4.8/administration/references/schg.html -- Carlos Martín, MSc Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org http://www.opennebula.org/ | cmar...@opennebula.org | @OpenNebula http://twitter.com/opennebula cmar...@opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] FREEMEMORY as RANK variable
Here's is a quick improvement in the docs: https://github.com/OpenNebula/docs/blob/master/source/user/references/template.rst#predefined-host-attributes Regards. -- Carlos Martín, MSc Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | cmar...@opennebula.org | @OpenNebula http://twitter.com/opennebula cmar...@opennebula.org On Fri, Oct 24, 2014 at 4:40 PM, Carlos Martín Sánchez cmar...@opennebula.org wrote: Hi Steven, On Sat, Oct 11, 2014 at 6:05 AM, Steven C Timm t...@fnal.gov wrote: During most of the time we have been running OpenNebula 2 and 3 we have been using a rank based on FREEMEMORY. We are now doing tests using OpenNebula 4.8, in a use case where we are filling up an empty cloud. FREEMEMORY still in theory should be an accurate value FREEMEMORY hasn't been a Host attribute for a few versions. I can't remember exactly when it was removed, but it is not part of the host now. The predefined variables you can use in the rank or requirements are [1]: NAME MAX_CPU MAX_MEM FREE_MEM FREE_CPU USED_MEM USED_CPU HYPERVISOR By the way, I see this list is buried too deep in the docs, so I'll try to move it to a new section and explain each attribute. but the problem is that 6-7 VM's are typically being launched on every SCHED cycle and so a node that starts out with all of its memory free will end up full of virtual machines in a single cycle. Once we got to a full cloud and steady-state it would be fine but when you have 8 VM's starting at once on an old 8-core node, it takes much longer than it otherwise would. Any cheap suggestions to get the default scheduler to do a more horizontal fill? Steve Timm In /etc/one/sched.conf [2] you can set MAX_HOST to 1. This forces the scheduler to launch one VM to each host per cycle. Combined with the SCHED_INTERVAL, you can configure a slower deployment rate. Best regards, Carlos. [1] http://docs.opennebula.org/4.8/user/references/template.html#requirement-expression-syntax [2] http://docs.opennebula.org/4.8/administration/references/schg.html -- Carlos Martín, MSc Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org http://www.opennebula.org/ | cmar...@opennebula.org | @OpenNebula http://twitter.com/opennebula cmar...@opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Zone move image
Hi, On Fri, Oct 17, 2014 at 4:09 PM, Pedro Lopes plo...@estgl.ipv.pt wrote: Hi, I installed two zones with OpenNebula 4.8 in ubuntu 14:04, as a federation. How can I move images between zones within the federation. Best regards, Pedro Lopes Unfortunately, that's not currently supported. Regards. -- Carlos Martín, MSc Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org http://www.opennebula.org/ | cmar...@opennebula.org | @OpenNebula http://twitter.com/opennebula cmar...@opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Users can't create VMs with large capacity (in the cloud view)
Hi Pavel, On Fri, Oct 24, 2014 at 3:49 PM, Pavel Tankov pavel.tan...@strategyobject.com wrote: Hello, CentOS6.5 - KVM - Opennebula 4.8 My users log in to the cloud view. I have prepared templates for them. They can instantiate VMs with the default capacity, but if they decide to choose anything other than the default, e.g. Change Capacity -- small-x2 or medium-x2 or whatever, the VM never boots up, it stays in PENDING and there are no logs. What could be the problem? Is it some quota that exists by default for regular users? I have not set up restrictions deliberately. Thanks, Pavel Tankov The problem is not the quota, because in that case the users would not be able to even create the VM. When a VM stays in pending, it's because the scheduler can't find where to deploy it. Admins and advanced users can see the scheduler error messages in sunstone, under the placement VM tab. This information is not available to cloud users, since they are not supposed to know about the underlying infrastructure. You will find more detailed information in /var/log/one/sched.log. If the reason is not clear in there, paste the output and we'll try to help deciphering it. Regards. -- Carlos Martín, MSc Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org http://www.opennebula.org/ | cmar...@opennebula.org | @OpenNebula http://twitter.com/opennebula cmar...@opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] Ec2 Cloudbursting | OpenNebula 4.8
Dear Community if i add an ec2 host thorugh the ec2 cloudbursting Driver, i always get the message Sat Oct 25 02:02:39 2014 [Z0][InM][I]: AWS was not able to validate the provided access credentials But im definitly sure they are correct, im also created a new pair to verify, but the result was the same, is there any specific configuration for the Amazon IAM User needed? Or how could that be Thanks for Feedback Cyrill ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] Flush feature in sunstone
Hi I was wondering if it would be possible to add a button or an option to the disable button to flush VMs from a host using sunstone (this feature is already available on the CLI) in the host list. Shankhadeep ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org