Re: [VOTE] next version 20 instead of 4.20

[Andrija Panic]

+1

On Mon, 19 Feb 2024 at 13:50, Daan Hoogland  wrote:

> LS,
>
> This is a vote on dev@c.a.o with cc to users@c.a.o. If you want to be
> counted please reply to dev@.
>
> As discussed in [1] we are deciding to drop the 4 from our versioning
> scheme. The result would be that the next major version will be 20
> instead of 4.20, as it would be in a traditional upgrade. As 20 > 4
> and the versions are processed numerically there are no technical
> impediments.
>
> +1 agree (next major version as 20
> 0 (no opinion)
> -1 disagree (keep 4.20 as the next version, give a reason)
>
> As this is a lazy consensus vote any -1 should be accompanied with a
> reason.
>
> [1] https://lists.apache.org/thread/lh45w55c3jmhm7w2w0xgdvlw78pd4p87
>
> --
> Daan
>


-- 

Andrija Panić

Re: CloudStack agent can't connect to upgraded CEPH Cluster

[Andrija Panic]

Hi,

ok, thx for the info.

I meant to use virsh to list pools (storage pools), not VMs - to see if the
storage pools are created inside libvirt.

Best,

On Tue, 19 Sept 2023 at 08:25, Mosharaf Hossain <
mosharaf.hoss...@bol-online.com> wrote:

> Hello Andrija
>
>  Presently, CloudStack's host lists exhibited stability prior to the
> disaster, but their statuses are currently fluctuating continuously. Some
> hosts are initially marked as disconnected, but after a period, they
> transition to a connected state."
>
>
>
>
> [image: image.png]
>
> *Using virsh we are getting VM status on cshost1 as below*
> root@cshost1:~# virsh list
>  IdName   State
> ---
>  10i-14-597-VMrunning
>  61r-757-VM   running
>  69i-24-767-VMrunning
>  76r-71-VMrunning
>  82i-24-797-VMrunning
>  113   r-335-VM   running
>  128   r-577-VM   running
>  148   i-14-1151-VM   running
>  164   i-2-1253-VMrunning
>
>
> Regards
> Mosharaf Hossain
> Manager, Product Development
> IT Division
>
> Bangladesh Export Import Company Ltd.
>
> Level-8, SAM Tower, Plot #4, Road #22, Gulshan-1, Dhaka-1212,Bangladesh
>
> Tel: +880 9609 000 999, +880 2 5881 5559, Ext: 14191, Fax: +880 2 9895757
>
> Cell: +8801787680828, Email: mosharaf.hoss...@bol-online.com, Web:
> www.bol-online.com
>
> <https://www.google.com/url?q=http://www.bol-online.com=D=hangouts=1557908951423000=AFQjCNGMxIuHSHsD3qO6y5JddpEZ0S592A>
>
>
>
> On Mon, Sep 18, 2023 at 12:43 PM Andrija Panic 
> wrote:
>
>> Hi,
>>
>> the message " Agent-Handler-1:null) (logid:) Connection with libvirtd is
>> broken: invalid connection pointer in virConnectGetVersion " - is a false
>> alarm and does NOT means any errors actually.
>>
>> I can see that ACS agent sees different storage pools - namely
>> "daab90ad-42d3-3c48-a9e4-b4c3c7fcdc84" and
>> "a2d455c6-68cb-303f-a7fa-287e62a5be9c" - and I don't see any explicit error
>> message about these 2 pools (both RBD/Ceph) pools.
>>
>> Also I can see that the cloudstack agent says it's connected to the mgmt
>> host - which means that all pools are in place (otherwise the agent would
>> not connect)
>>
>> 1. Are you KVM hosts all green when checking in CloudStack UI
>> (Connected/Up)?
>> 2. You can always use virsh to list pools and see if they are there
>>
>> Best,
>>
>> On Wed, 13 Sept 2023 at 13:54, Mosharaf Hossain <
>> mosharaf.hoss...@bol-online.com> wrote:
>>
>>> Hello Folks
>>> We've recently performed an upgrade on our Cephadm cluster, transitioning
>>> from Ceph Quiency to Reef. However, following the manual implementation
>>> of
>>> a read balancer in the Reef cluster, we've experienced a significant
>>> slowdown in client I/O operations within the Ceph cluster, affecting both
>>> client bandwidth and overall cluster performance.
>>>
>>> This slowdown has resulted in unresponsiveness across all virtual
>>> machines
>>> within the cluster, despite the fact that the cluster exclusively
>>> utilizes
>>> SSD storage."
>>>
>>> In the CloudStack agent, we are getting libvirrt can't connect to CEPH
>>> pool
>>> and generating an error message.
>>>
>>> 2023-09-13 16:57:51,660 INFO  [cloud.agent.Agent] (Agent-Handler-4:null)
>>> (logid:) Lost connection to host: 10.10.11.61. Attempting reconnection
>>> while we still have 1 command in progress.
>>> 2023-09-13 16:57:51,661 INFO  [utils.nio.NioClient]
>>> (Agent-Handler-4:null)
>>> (logid:) NioClient connection closed
>>> 2023-09-13 16:57:51,662 INFO  [cloud.agent.Agent] (Agent-Handler-4:null)
>>> (logid:) Reconnecting to host:10.10.11.62
>>> 2023-09-13 16:57:51,662 INFO  [utils.nio.NioClient]
>>> (Agent-Handler-4:null)
>>> (logid:) Connecting to 10.10.11.62:8250
>>> 2023-09-13 16:57:51,663 INFO  [utils.nio.Link] (Agent-Handler-4:null)
>>> (logid:) Conf file found: /etc/cloudstack/agent/agent.properties
>>> 2023-09-13 16:57:51,779 INFO  [utils.nio.NioClient]
>>> (Agent-Handler-4:null)
>>> (logid:) SSL: Handshake done
>>> 2023-09-13 16:57:51,779 INFO  [utils.nio.NioClient]
>>> (Agent-Handler-4:null)
>>> (logid:) Connected to 10.10.11.62:8250
>>> 2023-09-13 16:57:51,815 INFO  [utils.linux.KVMHostInfo]
>>> (Agent-Handler-1:null) (logid:) Fetching CPU speed from command "lscpu".
>>> 2023-09-13 16:57:51,836 INFO  

Re: ISO Ready Status Remain "No"

[Andrija Panic]

Hi,

you should check the mgmt logs to see WHY this ISO failed to register
(perhaps there is HTTPS ssl issue or similar).

No reason to destroy SSVM (though it doesn't hurt) - a simple SSVM reboot
(or service cloud restartinside SSVM)  will trigger checking all the
templates/ISOs and try to register (from the URL in DB) the ones that are
not in the "Ready" state.

You can also check the DB, vm_template table - find the ISO and check the
"URL" filed - see if that URL is reachable, returns HTTP status 200 (OK)
when trying to download it, etc.

Regards,

On Sat, 16 Sept 2023 at 15:58, Granwille Strauss
 wrote:

> Hi Guys
>
> For some reason my ISO files via Cloudstack all show their ready status =
> No. I have rebooted the SSVM and its connects and runs all fine and all my
> templates show they are ready. Its only ISO that remains as NO. Any ideas
> on how I can troubleshoot this? Should I destroy SSVM?
> --
> Regards / Groete
>
>  Granwille Strauss  //  Senior Systems Admin
>
> *e:* granwi...@namhost.com
> *m:* +264 81 323 1260 <+264813231260>
> *w:* www.namhost.com
>
>  
> 
> 
> 
>
>
> 
>
> Namhost Internet Services (Pty) Ltd,
>
> 24 Black Eagle Rd, Hermanus, 7210, RSA
>
>
>
> The content of this message is confidential. If you have received it by
> mistake, please inform us by email reply and then delete the message. It is
> forbidden to copy, forward, or in any way reveal the contents of this
> message to anyone without our explicit consent. The integrity and security
> of this email cannot be guaranteed over the Internet. Therefore, the sender
> will not be held liable for any damage caused by the message. For our full
> privacy policy and disclaimers, please go to
> https://www.namhost.com/privacy-policy
>
> [image: Powered by AdSigner]
> 
>


-- 

Andrija Panić

Re: CloudStack agent can't connect to upgraded CEPH Cluster

[Andrija Panic]

Hi,

the message " Agent-Handler-1:null) (logid:) Connection with libvirtd is
broken: invalid connection pointer in virConnectGetVersion " - is a false
alarm and does NOT means any errors actually.

I can see that ACS agent sees different storage pools - namely
"daab90ad-42d3-3c48-a9e4-b4c3c7fcdc84" and
"a2d455c6-68cb-303f-a7fa-287e62a5be9c" - and I don't see any explicit error
message about these 2 pools (both RBD/Ceph) pools.

Also I can see that the cloudstack agent says it's connected to the mgmt
host - which means that all pools are in place (otherwise the agent would
not connect)

1. Are you KVM hosts all green when checking in CloudStack UI
(Connected/Up)?
2. You can always use virsh to list pools and see if they are there

Best,

On Wed, 13 Sept 2023 at 13:54, Mosharaf Hossain <
mosharaf.hoss...@bol-online.com> wrote:

> Hello Folks
> We've recently performed an upgrade on our Cephadm cluster, transitioning
> from Ceph Quiency to Reef. However, following the manual implementation of
> a read balancer in the Reef cluster, we've experienced a significant
> slowdown in client I/O operations within the Ceph cluster, affecting both
> client bandwidth and overall cluster performance.
>
> This slowdown has resulted in unresponsiveness across all virtual machines
> within the cluster, despite the fact that the cluster exclusively utilizes
> SSD storage."
>
> In the CloudStack agent, we are getting libvirrt can't connect to CEPH pool
> and generating an error message.
>
> 2023-09-13 16:57:51,660 INFO  [cloud.agent.Agent] (Agent-Handler-4:null)
> (logid:) Lost connection to host: 10.10.11.61. Attempting reconnection
> while we still have 1 command in progress.
> 2023-09-13 16:57:51,661 INFO  [utils.nio.NioClient] (Agent-Handler-4:null)
> (logid:) NioClient connection closed
> 2023-09-13 16:57:51,662 INFO  [cloud.agent.Agent] (Agent-Handler-4:null)
> (logid:) Reconnecting to host:10.10.11.62
> 2023-09-13 16:57:51,662 INFO  [utils.nio.NioClient] (Agent-Handler-4:null)
> (logid:) Connecting to 10.10.11.62:8250
> 2023-09-13 16:57:51,663 INFO  [utils.nio.Link] (Agent-Handler-4:null)
> (logid:) Conf file found: /etc/cloudstack/agent/agent.properties
> 2023-09-13 16:57:51,779 INFO  [utils.nio.NioClient] (Agent-Handler-4:null)
> (logid:) SSL: Handshake done
> 2023-09-13 16:57:51,779 INFO  [utils.nio.NioClient] (Agent-Handler-4:null)
> (logid:) Connected to 10.10.11.62:8250
> 2023-09-13 16:57:51,815 INFO  [utils.linux.KVMHostInfo]
> (Agent-Handler-1:null) (logid:) Fetching CPU speed from command "lscpu".
> 2023-09-13 16:57:51,836 INFO  [utils.linux.KVMHostInfo]
> (Agent-Handler-1:null) (logid:) Command [lscpu | grep -i 'Model name' |
> head -n 1 | egrep -o '[[:digit:]].[[:digit:]]+GHz' | sed 's/GHz//g']
> resulted in the value [2100] for CPU speed.
> 2023-09-13 16:57:51,900 INFO  [kvm.storage.LibvirtStorageAdaptor]
> (Agent-Handler-1:null) (logid:) Attempting to create storage pool
> e205cf5f-ea32-46c7-ba18-d18f62772b80 (Filesystem) in libvirt
> 2023-09-13 16:57:51,901 ERROR [kvm.resource.LibvirtConnection]
> (Agent-Handler-1:null) (logid:) Connection with libvirtd is broken: invalid
> connection pointer in virConnectGetVersion
> 2023-09-13 16:57:51,903 INFO  [kvm.storage.LibvirtStorageAdaptor]
> (Agent-Handler-1:null) (logid:) Found existing defined storage pool
> e205cf5f-ea32-46c7-ba18-d18f62772b80, using it.
> 2023-09-13 16:57:51,904 INFO  [kvm.storage.LibvirtStorageAdaptor]
> (Agent-Handler-1:null) (logid:) Trying to fetch storage pool
> e205cf5f-ea32-46c7-ba18-d18f62772b80 from libvirt
> 2023-09-13 16:57:51,924 INFO  [cloud.agent.Agent] (Agent-Handler-2:null)
> (logid:) Process agent startup answer, agent id = 0
> 2023-09-13 16:57:51,924 INFO  [cloud.agent.Agent] (Agent-Handler-2:null)
> (logid:) Set agent id 0
> 2023-09-13 16:57:51,955 INFO  [cloud.agent.Agent] (Agent-Handler-2:null)
> (logid:) Startup Response Received: agent id = 0
> 2023-09-13 16:57:52,047 INFO  [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-5:null) (logid:e396a97c) Attempting to create storage
> pool daab90ad-42d3-3c48-a9e4-b4c3c7fcdc84 (RBD) in libvirt
> 2023-09-13 16:57:52,050 INFO  [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-5:null) (logid:e396a97c) Found existing defined
> storage pool daab90ad-42d3-3c48-a9e4-b4c3c7fcdc84, using it.
> 2023-09-13 16:57:52,050 INFO  [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-5:null) (logid:e396a97c) Trying to fetch storage pool
> daab90ad-42d3-3c48-a9e4-b4c3c7fcdc84 from libvirt
> 2023-09-13 16:57:52,161 INFO  [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-1:null) (logid:e396a97c) Attempting to create storage
> pool a2d455c6-68cb-303f-a7fa-287e62a5be9c (RBD) in libvirt
> 2023-09-13 16:57:52,163 WARN  [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-1:null) (logid:e396a97c) Storage pool
> a2d455c6-68cb-303f-a7fa-287e62a5be9c was not found running in libvirt. Need
> to create it.
> 2023-09-13 16:57:52,164 INFO  

Re: Removing a zone

[Andrija Panic]

Which hypervisor are you running in other Zones?

The following SQLs should, probably, have the "where zone_id=XXX" statement:

update template_zone_ref set remvoed=now() where template_id="";
update template_store_ref set destroyed=1, state="Destroyed" where
template_id="";

because the above queries would just remove reference to the template in
ALL zones (zone_id=XXX condition is missing) - you might restore
things/values from the DB dump/backup.

However, I'm not aware of what you exactly deleted in your original
screenshot - those 2 are built in and don't have to be "deleted" in order
to delete a Zone.

Best,

On Mon, 13 Feb 2023 at 13:18, Granwille Strauss 
wrote:

> Hi
>
> Thank you, we were able to boil down the issue to volumes that were in a
> "Destroy" state in the volume table. When cleaned out, I managed to delete
> the zone.
>
> However, I am now having a slight an anxiety attack since you said
> removing ISOs this method is risky. I deleted the ISOs "xs-tools.iso" and
> "vmware-tools.iso", as per attached screenshot sent initially, which were
> automatically installed when I installed Cloudstack Management the first
> time. Are they needed in the existing zone? I have not made use of them, at
> least from what I can recall, unless there's some automated process that
> uses them and need them active?
> On 2/13/23 14:05, Andrija Panic wrote:
>
> Removing ISOs as such might be risky, assuming you have other Zones which
> you don't want to affect.
>
> I would suggest that you check the DB - "storage_pool" table, and ensure
> that all pools in that table, that have the zone_id= are
> marked as Staus=Maintenance and have the Removed column with a date set.
> Similar with the "image_store" table (Secondary Storage)
>
>
> On Mon, 13 Feb 2023 at 11:36, Granwille 
> Strauss  wrote:
>
>
> Thank you,
>
> After removing ISO via DB method you provided, error still exists so you
> were right, it was not the ISO causing this. Here's the log entry when I
> attempt to delete zone:
>
> 2023-02-13 12:31:48,258 ERROR [c.c.a.ApiServer]
> (qtp262366552-454:ctx-f498ef20 ctx-6c40cbcd) (logid:dd5b8f8e) unhandled
> exception executing api command: [Ljava.lang.String;@38b34249
> com.cloud.utils.exception.CloudRuntimeException: The zone cannot be
> deleted because there are storage volumes in this zone.
> at
> com.cloud.configuration.ConfigurationManagerImpl.checkIfZoneIsDeletable(ConfigurationManagerImpl.java:2234)
> at
> com.cloud.configuration.ConfigurationManagerImpl.deleteZone(ConfigurationManagerImpl.java:2380)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
> at
> org.apache.cloudstack.network.contrail.management.EventUtils$EventInterceptor.invoke(EventUtils.java:107)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
> at
> com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:52)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
> at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
> at com.sun.proxy.$Proxy122.deleteZone(Unknown Source)
> at
> org.apache.cloudstack.api.command.admin.zone.DeleteZoneCmd.execute(DeleteZoneCmd.java:72)
> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:163)
> at com.cloud.api.ApiServer.queueCommand(ApiServer.java:776)
> at com.cloud.api.ApiServer.handleRequest(ApiServer.java:600)
> at
> com.cloud.api.ApiServlet.processRequestInContext(ApiServlet.java:327)
> at com.cloud.api.ApiServlet$1.run(ApiServlet.java:145)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call

Re: Removing a zone

[Andrija Panic]

Removing ISOs as such might be risky, assuming you have other Zones which
you don't want to affect.

I would suggest that you check the DB - "storage_pool" table, and ensure
that all pools in that table, that have the zone_id= are
marked as Staus=Maintenance and have the Removed column with a date set.
Similar with the "image_store" table (Secondary Storage)


On Mon, 13 Feb 2023 at 11:36, Granwille Strauss
 wrote:

> Thank you,
>
> After removing ISO via DB method you provided, error still exists so you
> were right, it was not the ISO causing this. Here's the log entry when I
> attempt to delete zone:
>
> 2023-02-13 12:31:48,258 ERROR [c.c.a.ApiServer]
> (qtp262366552-454:ctx-f498ef20 ctx-6c40cbcd) (logid:dd5b8f8e) unhandled
> exception executing api command: [Ljava.lang.String;@38b34249
> com.cloud.utils.exception.CloudRuntimeException: The zone cannot be
> deleted because there are storage volumes in this zone.
> at
> com.cloud.configuration.ConfigurationManagerImpl.checkIfZoneIsDeletable(ConfigurationManagerImpl.java:2234)
> at
> com.cloud.configuration.ConfigurationManagerImpl.deleteZone(ConfigurationManagerImpl.java:2380)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
> at
> org.apache.cloudstack.network.contrail.management.EventUtils$EventInterceptor.invoke(EventUtils.java:107)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
> at
> com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:52)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
> at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
> at com.sun.proxy.$Proxy122.deleteZone(Unknown Source)
> at
> org.apache.cloudstack.api.command.admin.zone.DeleteZoneCmd.execute(DeleteZoneCmd.java:72)
> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:163)
> at com.cloud.api.ApiServer.queueCommand(ApiServer.java:776)
> at com.cloud.api.ApiServer.handleRequest(ApiServer.java:600)
> at
> com.cloud.api.ApiServlet.processRequestInContext(ApiServlet.java:327)
> at com.cloud.api.ApiServlet$1.run(ApiServlet.java:145)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52)
> at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:142)
> at com.cloud.api.ApiServlet.doGet(ApiServlet.java:96)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
> at
> org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1450)
> at
> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)
> at
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:550)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
> at
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600)
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
> at
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
> at
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1434)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
> at
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
> at
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
> at
> 

Re: VM instances and RVR cannot communicate with each other when on different hosts

[Andrija Panic]

Hi,

RVR is a feature that is known to break from time to time, and is NOT
recommended for the Production use, at least that's what we advise your
customers to do/avoid doing.

However, if 2 VMs can not communicate while on different hosts, but CAN
communicate while on the same host - this might indicate VLAN (trunking)
misconfiguration on the switches - the VLANs via which those VMs are
communicating, has to be trunked to all the hypervisors in your Zone - so
that host1 and hostN both can talk over the specific VLAN (here, I'm
guessing you are hitting issues with Guest traffic - so check that all your
VLANs for Guest traffic are properly trunked on all switch ports to which
all of your servers are connected)

Best,

On Fri, 18 Nov 2022 at 15:08, Gary Dixon 
wrote:

> Hi
>
>
>
> I am hoping someone could help with a new Dev Cloudstack system we are
> trying to setup based on Ubuntu 20.04 KVM hosts and mgmt. servers with CS
> 4.15.2 and an Adv Zone with VPC’s
>
>
>
> We spotted that the RVR’s in the VPC’s are both in the ‘MASTER’ state
> indicating that they cannot communicate with each other. Also testing
> within a guest VM – it is able to ping another guest VM in the same network
> – but only when on the same KVM host.
>
> If we live migrate one of the VM’s to a different KVM host then the ping
> breaks.
>
> Our guest network is using VXLAN isolation method and all network labesl
> in CS are correct. We  are trying to setup this Dev system to match our
> production system as closely as possible and all networking works perfectly
> in the Production system
>
>
>
> One thing we have noticed is if we put a KVM host into maintenance mode –
> thus destroying all the brvx-xxx interfaces on there and then bring it back
> out of maintenance mode and migrate VM’s to it and Restart the VPC with
> cleanup enabled – communication between VM’s cross host works again for a
> few minutes. The RVR’s go into Master and Backup status briefly – but then
> after a few minutes both VR’s go into ‘MASTER’ state and VM’s cannot ping
> each other when on different hosts.
>
> Any pointers/help would be greatly appreciated
>
>
>
> BR
>
>
>
> Gary
> Gary Dixon​
> Senior Technical Consultant
> T:  +44 161 537 4990
> E:  *v* <+44%207989717661>ms@quadris‑support.com
> W: www.quadris.co.uk
> The information contained in this e-mail from Quadris may be confidential
> and privileged for the private use of the named recipient.  The contents of
> this e-mail may not necessarily represent the official views of Quadris.
> If you have received this information in error you must not copy,
> distribute or take any action or reliance on its contents.  Please destroy
> any hard copies and delete this message.
>


-- 

Andrija Panić

Re: How can I make my existing shared network virtual router redundant?

[Andrija Panic]

But don't do it, since redundant VRs are sometimes problematic, and you can
have 2 masters and other sync issues. Just don'' do it in production.

On Thu, 1 Dec 2022 at 14:42, Daan Hoogland  wrote:

> there is an option to make it redundant on restart.
> see
> https://cloudstack.apache.org/api/apidocs-4.17/apis/restartNetwork.html.
>
> On Thu, Dec 1, 2022 at 5:00 AM Nazmul Parvej  >
> wrote:
>
> > Hi There,
> >
> > How can I make my existing shared network virtual router redundant?
> >
> > I am using ACS 4.17.1.0 and the Guest Network type is Shared Network.
> >
> > Yours sincerely,
> >
> >
> > Nazmul Parvej
> > Deputy Manager, Product Development
> > IT Division
> >
> > Bangladesh Export Import Company Ltd.
> >
> > Level-9, SAM Tower, Plot #4, Road #22, Gulshan-1, Dhaka-1212,Bangladesh
> >
> > Tel: +880 9609 000 999, +880 2 5881 5559, Ext: 14193, Fax:  +880 2 
> > 95757
> >
> > Cell: +8801787680841, Email: nazmul.par...@bol-online.com, Web:
> > www.bol-online.com
> >
> >
> > >
> >
>
>
> --
> Daan
>


-- 

Andrija Panić

Re: XenServer Agent is not coming up after upgrading from 7.1 to 8.2

[Andrija Panic]

What he said ^^^, as the XenServer upgrade effectively does backup of the
old partition data, and installs a brand new OS - with no ACS
plugins/scripts - so you have to initialise the host, to force ACS to copy
again all the binaries.

Best,

On Thu, 2 Jun 2022 at 06:14, Harikrishna Patnala <
harikrishna.patn...@shapeblue.com> wrote:

> Hi Vivek,
>
> Please check the CloudStack detected Xenserver version in either UI or
> database.
>
> You may try an option to reinitialize the Xenserver host by clearing the
> tags on the host and try reconnecting from CloudStack UI.
> Run the following command on Xenserver and reconnect the host.
>
> # for host in $(xe host-list | grep ^uuid | awk '{print $NF}') ; do xe
> host-param-clear uuid=$host param-name=tags; done;
>
> Hope this helps.
>
> Regards,
> Harikrishna
> 
> From: Suresh Anaparti 
> Sent: Wednesday, June 1, 2022 3:07 PM
> To: users@cloudstack.apache.org 
> Subject: Re: XenServer Agent is not coming up after upgrading from 7.1 to
> 8.2
>
> Hi Vivek,
>
> This discussion thread might provide you some inputs:
> https://lists.apache.org/thread/7q6yybm3qcms21qcd8945kvrygpr1v86
>
> Also, check the docs here:
> http://docs.cloudstack.apache.org/en/4.16.1.0/installguide/hypervisor/xenserver.html#upgrading-xenserver-versions,
> and see if you have missed any upgrade step.
>
>
> Regards,
> Suresh
>
> On 01/06/22, 2:17 PM, "Vivek Kumar" 
> wrote:
>
> Hello Guys,
>
>
> We have recently upgraded our XenServer  from 7.1 to 8.2. We are using
> CloudStack 4.16.1. But after the upgradation my status of host is showing
> alert. I have gone through the logs getting below error. Can someone help
> me out for this.
>
>
>
> —
>
>
>
> rZCUKmFN6d4veFOrfeDI3u_9aDd-feyXbqPD-9Ua0Le6m9_Y7LciAVHmSw=listSystemVms=json=3=2022-06-01T08%3A43%3A33%2B=x7KQg4LW2XPtTf%2BHHVn0Fm599xA%3D
> 2022-06-01 14:00:51,613 DEBUG [c.c.u.s.SSHCmdHelper]
> (DirectAgent-13:ctx-797e05c2) (logid:3256e16e) Executing cmd: rm -f
> /opt/xensource/sm/hostvmstats.py
> /opt/xensource/bin/copy_vhd_to_secondarystorage.sh
> /opt/xensource/bin/copy_vhd_from_secondarystorage.sh
> /opt/xensource/bin/create_privatetemplate_from_snapshot.sh
> /opt/xensource/bin/vhd-util /opt/cloud/bin/copy_vhd_to_secondarystorage.sh
> /opt/cloud/bin/copy_vhd_from_secondarystorage.sh
> /opt/cloud/bin/create_privatetemplate_from_snapshot.sh
> /opt/cloud/bin/vhd-util
> 2022-06-01 14:00:52,750 DEBUG [c.c.a.ApiServlet]
> (qtp1850777594-19:ctx-5c391d12) (logid:fb2dbf4b) ===START===  172.31.29.44
> -- GET
> listall=True=W0EWPYRPQu51YPDQ8s_0b4wDDuSqrZCUKmFN6d4veFOrfeDI3u_9aDd-feyXbqPD-9Ua0Le6m9_Y7LciAVHmSw=listVpnConnections=json=3=2022-06-01T08%3A43%3A35%2B=TBKYjvgMLESFTna9iXeGTJdKtc0%3D
> 2022-06-01 14:00:52,756 DEBUG [c.c.a.ApiServer]
> (qtp1850777594-19:ctx-5c391d12 ctx-9cd12123) (logid:fb2dbf4b) CIDRs from
> which account 'Acct[0d808973-19be-11eb-9555-005056961200-admin] -- Account
> {"id": 2, "name": "admin", "uuid": "0d808973-19be-11eb-9555-005056961200"}'
> is allowed to perform API calls: 0.0.0.0/0,::/0
> 2022-06-01 14:00:52,761 DEBUG [c.c.a.ApiServlet]
> (qtp1850777594-19:ctx-5c391d12 ctx-9cd12123 ctx-6326bb8c) (logid:fb2dbf4b)
> ===END===  172.31.29.44 -- GET
> listall=True=W0EWPYRPQu51YPDQ8s_0b4wDDuSqrZCUKmFN6d4veFOrfeDI3u_9aDd-feyXbqPD-9Ua0Le6m9_Y7LciAVHmSw=listVpnConnections=json=3=2022-06-01T08%3A43%3A35%2B=TBKYjvgMLESFTna9iXeGTJdKtc0%3D
> 2022-06-01 14:00:52,862 INFO  [c.c.h.x.r.CitrixResourceBase]
> (DirectAgent-13:ctx-797e05c2) (logid:3256e16e) Host 172.31.21.5
> OpaqueRef:d1a2d70a-25bd-37b3-c581-2249ccf88fc0: Host 172.31.21.5 is already
> setup.
> 2022-06-01 14:00:52,868 WARN  [c.c.h.x.r.CitrixResourceBase]
> (DirectAgent-13:ctx-797e05c2) (logid:3256e16e) callHostPlugin failed for
> cmd: setIptables with args  due to The requested plugin could not be found.
> 2022-06-01 14:00:52,869 WARN
> [c.c.h.x.r.w.x.CitrixSetupCommandWrapper] (DirectAgent-13:ctx-797e05c2)
> (logid:3256e16e) Unable to setup
> com.cloud.utils.exception.CloudRuntimeException: callHostPlugin failed
> for cmd: setIptables with args  due to The requested plugin could not be
> found.
> at
> com.cloud.hypervisor.xenserver.resource.CitrixResourceBase.callHostPlugin(CitrixResourceBase.java:367)
> at
> com.cloud.hypervisor.xenserver.resource.CitrixResourceBase.setIptables(CitrixResourceBase.java:4706)
> at
> com.cloud.hypervisor.xenserver.resource.wrapper.xenbase.CitrixSetupCommandWrapper.execute(CitrixSetupCommandWrapper.java:63)
> at
> com.cloud.hypervisor.xenserver.resource.wrapper.xenbase.CitrixSetupCommandWrapper.execute(CitrixSetupCommandWrapper.java:45)
> at
> com.cloud.hypervisor.xenserver.resource.wrapper.xenbase.CitrixRequestWrapper.execute(CitrixRequestWrapper.java:122)
> at
> com.cloud.hypervisor.xenserver.resource.CitrixResourceBase.executeRequest(CitrixResourceBase.java:1758)
>   

Re: Ubuntu 22.04 Release

[Andrija Panic]

You can find updated packages on our ShapeBlue repo here:
http://packages.shapeblue.com/cloudstack/upstream/debian/4.16/ (same for
EL7 and EL8) - the patch for VNC password (and io_uring) is there. (the
packages are the latest one, with -shapeblue1 extension)

Cheers,

On Thu, 2 Jun 2022 at 14:59, Jorge Luiz Correa
 wrote:

> Hi! I've set up some servers with Ubuntu 22.04 LTS: 2 management servers, 2
> databases, 2 secondary storage and 4 processor nodes.
>
> In my tests I've used the repository from focal:
>
> http://download.cloudstack.org/ubuntu focal 4.16
>
> As cloudstack packages do not require a lot of dependencies, the
> installation was well finished. After all configuration, the cloud is up.
>
> But, I have a main problem, already reported and fixed.
>
> https://github.com/apache/cloudstack/pull/6244
>
> Until now, no System VMs can be deployed. Although the issue was fixed, I'm
> waiting until the repository package gets updated. Or, a new one specific
> to jammy be created. I've seen that the last updates to cloudstack packages
> were done on April 4 (in my servers). The issue was fixed a little bit
> later in April.
>
> MTC
>
> tks!
>
> Em qua., 1 de jun. de 2022 às 04:14, Loth 
> escreveu:
>
> > Hello Users,
> >
> > Has any work been done regarding testing Cloudstack with Ubuntu 22.04,
> > and if so, which versions?
> >
> > Thanks for any news.
> >
>
> --
> __
> Aviso de confidencialidade
>
> Esta mensagem da
> Empresa  Brasileira de Pesquisa  Agropecuaria (Embrapa), empresa publica
> federal  regida pelo disposto  na Lei Federal no. 5.851,  de 7 de dezembro
> de 1972,  e  enviada exclusivamente  a seu destinatario e pode conter
> informacoes  confidenciais, protegidas  por sigilo profissional.  Sua
> utilizacao desautorizada  e ilegal e  sujeita o infrator as penas da lei.
> Se voce  a recebeu indevidamente, queira, por gentileza, reenvia-la ao
> emitente, esclarecendo o equivoco.
>
> Confidentiality note
>
> This message from
> Empresa  Brasileira de Pesquisa  Agropecuaria (Embrapa), a government
> company  established under  Brazilian law (5.851/72), is directed
> exclusively to  its addressee  and may contain confidential data,
> protected under  professional secrecy  rules. Its unauthorized  use is
> illegal and  may subject the transgressor to the law's penalties. If you
> are not the addressee, please send it back, elucidating the failure.
>


-- 

Andrija Panić

Re: Bad Gateway: Expose Cloudstack Console Proxy

[Andrija Panic]

Ricardo, if you have not provided a proper SSL certificate to CloudStack,
that might also be an issue.

Can you please try to have things set up withOUT the load balancer first,
to make sure you have the right ACS config in place?

You have not provided enough information on what/how  EXACTLY you have
configured the rest of the ACS setting (did you upload SSL or not), and
also how the SSL is set up on the LB, etc.
Please start simple, set things without LB< then work your way up to using
the LB.

Regards,
Andrija


On Thu, 14 Apr 2022 at 15:31, Ricardo Pertuz 
wrote:

> Hi Andrija,
>
> Thanks for the reply, basically what is happening is that on normal
> operation the console vms is listening on ports 80 and 8080, however when I
> configure a domain on  consoleproxy.url.domain or consoleproxy.sslEnabled ,
> for example: console.kuasar.net, and I recreate the systemvm, I only get
> the ssh working, and the apache2
>
> Proto Recv-Q Send-Q Local Address   Foreign Address State
>  PID/Program name
> tcp0  0 169.254.239.147:39220.0.0.0:*
>  LISTEN  1152/sshd
>
> Not so sure what is going on, if I rollback the change, removing the
> domain, then I get the console working on IP
>
> So I started the apache2 manually on the systemvm
>
> /etc/init.d/apache2 start
>
> And try to access getting a 404 not found now
>
> On 14/04/22, 3:44 AM, "Andrija Panic"  wrote:
>
> How do you try to " expose to Internet the ConsoleProxy VM using
> LoadBalancer"? What is your Public IP vs SSVM vs LoadBalancer vs DNS
> setup?
>
> When you initiate a Console access to a VM, your browser will connect
> to
> the Public IP of the SSVM (if no SSL used) or to the DNS name based on
> the
> Public IP, e.g. 11-22-33-44.mydomain.com (if you have configured SSL)
> -
> this might resolve to the IP public IP of your loadbalancer - then
> it's LB
> work to correctly pass all traffic to whatever is the CURRENTLY USED
> public
> IP of the SSVM
>
> That error, is a typical load balancer error when the backend server
> is not
> reachable - check LB and the backend (public IP of the SSVM)
> configured.
>
>
> Your error is too generic to be able to help.
>
> On Mon, 11 Apr 2022 at 20:42, Ricardo Pertuz  >
> wrote:
>
> > Hi,
> >
> > When I try to expose to Internet the ConsoleProxy VM using
> LoadBalancer
> > with a valid domain and cert, I’m getting a “502 Bad Gateway” when
> click on
> > the  console icon. I have configured these params
> >
> > consoleproxy.sslEnabled
> > consoleproxy.url.domain
> >
> > am I missing something?
> >
> > CloudStack 4.15.2.0
> >
> > Regards,
> >
> >
> >
> >
>
> --
>
> Andrija Panić
>
>

-- 

Andrija Panić

Re: Re: Migration of cloudstack management server

[Andrija Panic]

Having the same IP for both old/new mgmt server will cause you issues -
don't do that.

Simply, introduce a 2nd mgmt server (don't touch the DB), make sure it
works, then stop/kill old mgmt.

Later, migrate DB to a new Mysql server (could be on that new mgmt2 server)
- and update the db.properties to point to new DB server IP (for both cloud
and cloud_usage DBs)

Do it in steps, if you have not done it before all at once.


If you hit issues on ONE of those specific steps, let us know, so that we
can help.
(and please share your procedure)


Best,

Re: IOPS limit on compute offering and disk offering

[Andrija Panic]

Hi Vivek,

Storage QoS is applicable only to specific storage plugins that supports it
(e.g. ACS will pass min/max_IOPS to SolidFire plugin, so a LUN with those
min/max IOPS will be created on the SolidFire backend) - not sure if ANY
other storage vendor has this supported/implemented in ACS.

As for the "Hypervisor QoS" - in KVM world, this would simply LIMIT the
KB/s (read/write) and IOPS (read/write) - whatever is hit first. I can
confirm this works on KVM, but I'm not sure if this is
implemented/supported on VMware at all.

Regards,
Andrija

On Mon, 4 Apr 2022 at 15:13, Vivek Kumar 
wrote:

> Hello Folks,
>
> We have option to define the custom IOPS in compute and disk offering as
> well. So we have 2 kind of quota while creating the offerings - > 1st -
> Storage ( where we can define Min and Max IOPS ) and 2nd - Hypervisor where
> we also define - Disk Read Rate and disk write rate.
>
> I have tried all options one-by-one but it seems like none of it is
> reflecting on the hypervisor ( both compute and disk offering ).   I am
> using VMware as  hypervisors.
>
> Regards,
> Vivek Kumar
>
>
>
>
> --
> This message is intended only for the use of the individual or entity to
> which it is addressed and may contain confidential and/or privileged
> information. If you are not the intended recipient, please delete the
> original message and any copy of it from your computer system. You are
> hereby notified that any dissemination, distribution or copying of this
> communication is strictly prohibited unless proper authorization has been
> obtained for such action. If you have received this communication in
> error,
> please notify the sender immediately. Although IndiQus attempts to sweep
> e-mail and attachments for viruses, it does not guarantee that both are
> virus-free and accepts no liability for any damage sustained as a result
> of
> viruses.
>


-- 

Andrija Panić

Re: Bad Gateway: Expose Cloudstack Console Proxy

[Andrija Panic]

How do you try to " expose to Internet the ConsoleProxy VM using
LoadBalancer"? What is your Public IP vs SSVM vs LoadBalancer vs DNS setup?

When you initiate a Console access to a VM, your browser will connect to
the Public IP of the SSVM (if no SSL used) or to the DNS name based on the
Public IP, e.g. 11-22-33-44.mydomain.com (if you have configured SSL) -
this might resolve to the IP public IP of your loadbalancer - then it's LB
work to correctly pass all traffic to whatever is the CURRENTLY USED public
IP of the SSVM

That error, is a typical load balancer error when the backend server is not
reachable - check LB and the backend (public IP of the SSVM) configured.


Your error is too generic to be able to help.

On Mon, 11 Apr 2022 at 20:42, Ricardo Pertuz 
wrote:

> Hi,
>
> When I try to expose to Internet the ConsoleProxy VM using LoadBalancer
> with a valid domain and cert, I’m getting a “502 Bad Gateway” when click on
> the  console icon. I have configured these params
>
> consoleproxy.sslEnabled
> consoleproxy.url.domain
>
> am I missing something?
>
> CloudStack 4.15.2.0
>
> Regards,
>
>
>
>

-- 

Andrija Panić

Re: VR/SystemVM upgradation after cloudStack upgradation

[Andrija Panic]

Hi Vivek,

no, there is no hack - CloudStack mgmt server would first check the VR
version vs. the minimal required version - and deny doing any changes to
the VR if the version requirement is not satisfied.

Since for all CloudStack releases there is (usually) a new systemVM
template (which means there is a reason for it...) you should not even
consider doing any hacks - and simply inform your customer of the 2min
downtime.
I know every customer is an "important" customer, but you are also the
provider and you dictate the rules (this does sound a little harsh, but you
get the point).

Regards,
Andrija

On Thu, 24 Mar 2022 at 12:02, Vivek Kumar 
wrote:

> Hello Guys,
>
> We have multiple  Cloudstack deployment across all environment,  Whenever
> we upgrade Cloudstack it’s required to upgrade the systemVM templates and
> routers, sometimes it’s very hard to ask downtime for VR upgradation( for
> upgrading the VR ).
>
> So is there any way or hack so that we won’t need to upgrade the VRs after
> upgrading the Cloudstack. Because in every case new provisioning  won’t
> happen until we upgrade the VR.
>
>
>
>
> Regards,
> Vivek Kumar
>
>
> --
> This message is intended only for the use of the individual or entity to
> which it is addressed and may contain confidential and/or privileged
> information. If you are not the intended recipient, please delete the
> original message and any copy of it from your computer system. You are
> hereby notified that any dissemination, distribution or copying of this
> communication is strictly prohibited unless proper authorization has been
> obtained for such action. If you have received this communication in
> error,
> please notify the sender immediately. Although IndiQus attempts to sweep
> e-mail and attachments for viruses, it does not guarantee that both are
> virus-free and accepts no liability for any damage sustained as a result
> of
> viruses.
>


-- 

Andrija Panić

Re: [ANNOUNCE] Next PMC Chair & VP Apache CloudStack Project - Simon Weller

[Andrija Panic]

Congrats Simon! And a big thx to Gabriel for the last year!

On Fri, 18 Mar 2022, 04:51 Harikrishna Patnala, <
harikrishna.patn...@shapeblue.com> wrote:

> Congratulations and good luck, Simon! and Thank you, Gabriel, for all your
> great work.
>
> Regards,
> Harikrishna
> 
> From: Gabriel Beims Bräscher 
> Sent: Thursday, March 17, 2022 3:25 PM
> To: users ; dev 
> Subject: [ANNOUNCE] Next PMC Chair & VP Apache CloudStack Project - Simon
> Weller
>
> Hello, all CloudStack community!
>
> It gives me great pleasure to announce that the ASF board last night
> accepted
> our PMC's nomination of Simon Weller as the next PMC Chair / VP of
> the Apache CloudStack project.
>
> I would like to thank everyone for the support I've received over the past
> year.
> It was a great honor being the PMC Chair of this amazing project/community!
>
> To Simon, my sincere congratulations, and I wish you success in the new
> role!
> Very well deserved!
>
> Please join me in congratulating Simon, the CloudStack PMC Chair / VP.
>
> Best Regards,
> Gabriel Bräscher.
>
>
>
>

Re: Issues with libvirt after upgrading to RockyLinux 8.5

[Andrija Panic]

 Can't add host: 192.168.30.54 with hostOS: Rocky into a cluster,in which
there are CentOS hosts added


Try changing the content of the /etc/*release file - to match the file of
the CentOS nodes - and then play with restarting agent, and observe if you
would hit the same error or not - I've seen this issue (RHEL inside CentOS
cluster, due to bad /etc/rhel-release file content), but I've not tested if
this "fix" works or not.

Best,

On Thu, 16 Dec 2021 at 08:39, Jeremy Hansen 
wrote:

> But if I convert all the hosts to Rocky and upgrade to 4.16, I should be
> ok?
>
> Thanks
>
>
>
> On Wednesday, Dec 15, 2021 at 11:17 PM, Slavka Peleva <
> slav...@storpool.com.INVALID> wrote:
> Sorry, I didn't pay attention to your CS version. After the upgrade, I
> think you will have the same problem. Because in the DB, there is
> information about host/hosts on this cluster that is/are with CentOS.
>
> Best regards,
> Slavka
>
> On Thu, Dec 16, 2021 at 8:49 AM Jeremy Hansen 
> wrote:
>
> I noticed in the compatibility matrix that Rocky isn’t supported until
> 4.16.0.0. If I upgrade Cloudstack first, would this help or is it still
> going to complain about the centos/rocky mix? If I convert all my existing
> nodes to Rocky, which is the plan anyway, will this go away? Shouldn’t
> CentOS and Rocky be considered that same thing… sort of…?
>
> Thanks
> -jeremy
>
>
>
>
> On Wednesday, Dec 15, 2021 at 10:43 PM, Slavka Peleva <
> slav...@storpool.com.INVALID> wrote:
> Hi Jeremy,
>
> It will help if you have another cluster for Rocky Linux. Hosts need to be
> of the same OS, it's not possible to mix OSes in the same cluster.
>
> Best regards,
> Slavka
>
> On Thu, Dec 16, 2021 at 4:08 AM Jeremy Hansen 
> wrote:
>
> Any tips on how I would troubleshoot this? I’ve tried downgrading libvirt
> and qemu and ca-certificates to the same version as the other functional
> nodes. That didn’t seem to help. This is obviously an ssl issue but I
> don’t really know what to do about it.
>
> 2021-12-15 18:04:14,438 INFO [cloud.agent.AgentShell] (main:null)
> (logid:) Agent started
> 2021-12-15 18:04:14,444 INFO [cloud.agent.AgentShell] (main:null)
> (logid:) Implementation Version is 4.15.0.0
> 2021-12-15 18:04:14,447 INFO [cloud.agent.AgentShell] (main:null)
> (logid:) agent.properties found at /etc/cloudstack/agent/agent.properties
> 2021-12-15 18:04:14,466 INFO [cloud.agent.AgentShell] (main:null)
> (logid:) Defaulting to using properties file for storage
> 2021-12-15 18:04:14,467 INFO [cloud.agent.AgentShell] (main:null)
> (logid:) Defaulting to the constant time backoff algorithm
> 2021-12-15 18:04:14,471 INFO [cloud.utils.LogUtils] (main:null) (logid:)
> log4j configuration found at /etc/cloudstack/agent/log4j-cloud.xml
> 2021-12-15 18:04:14,485 INFO [cloud.agent.AgentShell] (main:null)
> (logid:) Using default Java settings for IPv6 preference for agent
> connection
> 2021-12-15 18:04:14,592 INFO [cloud.agent.Agent] (main:null) (logid:) id
> is 0
> 2021-12-15 18:04:14,606 ERROR [kvm.resource.LibvirtComputingResource]
> (main:null) (logid:) uefi properties file not found due to: Unable to find
> file uefi.properties.
> 2021-12-15 18:04:14,663 INFO [kvm.resource.LibvirtConnection] (main:null)
> (logid:) No existing libvirtd connection found. Opening a new one
> 2021-12-15 18:04:14,890 INFO [kvm.resource.LibvirtComputingResource]
> (main:null) (logid:) No libvirt.vif.driver specified. Defaults to
> BridgeVifDriver.
> 2021-12-15 18:04:15,086 INFO [kvm.resource.LibvirtComputingResource]
> (main:null) (logid:) iscsi session clean up is disabled
> 2021-12-15 18:04:15,129 INFO [cloud.agent.Agent] (main:null) (logid:)
> Agent [id = 0 : type = LibvirtComputingResource : zone = 1 : pod = 1 :
> workers = 5 : host = 192.168.30.59 : port = 8250
> 2021-12-15 18:04:15,139 INFO [utils.nio.NioClient] (main:null) (logid:)
> Connecting to 192.168.30.59:8250
> 2021-12-15 18:04:15,153 INFO [utils.nio.Link] (main:null) (logid:) Conf
> file found: /etc/cloudstack/agent/agent.properties
> 2021-12-15 18:04:15,919 INFO [utils.nio.NioClient] (main:null) (logid:)
> SSL: Handshake done
> 2021-12-15 18:04:15,920 INFO [utils.nio.NioClient] (main:null) (logid:)
> Connected to 192.168.30.59:8250
> 2021-12-15 18:04:16,057 INFO [kvm.storage.LibvirtStorageAdaptor]
> (Agent-Handler-1:null) (logid:) Attempting to create storage pool
> 18796842-a137-475d-9799-9874240e3c0c (Filesystem) in libvirt
> 2021-12-15 18:04:16,062 ERROR [kvm.resource.LibvirtConnection]
> (Agent-Handler-1:null) (logid:) Connection with libvirtd is broken:
> invalid
> connection pointer in virConnectGetVersion
> 2021-12-15 18:04:16,066 INFO [kvm.storage.LibvirtStorageAdaptor]
> (Agent-Handler-1:null) (logid:) Found existing defined storage pool
> 18796842-a137-475d-9799-9874240e3c0c, using it.
> 2021-12-15 18:04:16,066 INFO [kvm.storage.LibvirtStorageAdaptor]
> (Agent-Handler-1:null) (logid:) Trying to fetch storage pool
> 18796842-a137-475d-9799-9874240e3c0c from libvirt
> 2021-12-15 18:04:16,151 INFO 

Re: Experience with clustered/shared filesystems based on SAN storage on KVM?

[Andrija Panic]

a.v.o.i.d = due to clustered file system stability...

CEPH = an awful of knowledge required to have this in production - and
definitively a much better/stable choice than clustered file systems.

Best,

On Thu, 21 Oct 2021 at 11:20, Brussk, Michael 
wrote:

> Hello community,
>
> today I need your experience and knowhow about clustered/shared
> filesystems based on SAN storage to be used with KVM.
> We need to consider about a clustered/shared filesystem based on SAN
> storage (no NFS or iSCSI), but do not have any knowhow or experience with
> this.
> Those I would like to ask if there any productive used environments out
> there based on SAN storage on KVM?
> If so, which clustered/shared filesystem you are using and how is your
> experience with that (stability, reliability, maintainability, performance,
> useability,...)?
> Furthermore, if you had already to consider in the past between SAN
> storage or CEPH, I would also like to participate on your considerations
> and results :)
>
> Regards,
> Michael
>


-- 

Andrija Panić

Re: ACS 4.15 - Disaster recovery after secondary storage issue

[Andrija Panic]

 No suitable storagePools found under this Cluster: 1

Can you check the mgmt log lines BEFORE this line above - there should be
clear indication WHY no suitable storage pools are found (this is Primary
Storage pool)

Best,

On Wed, 27 Oct 2021 at 18:04, benoit lair  wrote:

> Hello guys,
>
> I have a important issue with secondary storage
>
> I have 2 nfs secondary storage and a ACS Mgmt server
> I lost the system template vm id1 on both of Nfs sec storage servers
> The ssvm and cpvm are destroyed
> The template routing-1 has been deleted on all SR of hypervisors (xcp-ng)
>
> I am trying to recover the ACS system template workflow
>
> I have tried to reinstall the system vm template from ACS Mgmt server with
> :
>
>
> /usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt
> -m /mnt/secondary -u
>
> https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.1-xen.vhd.bz2
> -h
> 
> xenserver -s  -F
>
> It has recreated on NFS1 the directory tmpl/1/1 and uploaded the vhd file
> and created the template.properties file
>
> I made the same on NFS2
> on ACS Gui, it says me the template SystemVM Template (XenServer)  is ready
> On nfs the vhd is present
> But even after restarting the ACS mgmt server, it fails to restart the
> system vm template with the following error in mgmt log file :
>
> 2021-10-27 17:59:22,128 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (Work-Job-Executor-93:ctx-30ef4f6b job-2552/job-2648 ctx-d1d9ade8)
> (logid:ce3ac740) No suitable storagePools found under this Cluster: 1
> 2021-10-27 17:59:22,129 DEBUG [c.c.a.t.Request]
> (Work-Job-Executor-94:ctx-58cb275b job-2553/job-2649 ctx-fa7b1ea6)
> (logid:02bb9549) Seq 1-873782770202889: Executing:  { Cmd , MgmtId:
> 161064792470736, via: 1(xcp-cluster1-01), Ver: v1, Flags: 100111,
>
> [{"org.apache.cloudstack.storage.command.CopyCommand":{"srcTO":{"org.apache.
> cloudstack.storage.to
> .TemplateObjectTO":{"path":"159e620a-575d-43a8-9a57-f3c7f57a1c8a","origUrl":"
>
> https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.1-xen.vhd.bz2
> ","uuid":"a9151f22-f4bb-4f7a-983e-c8abd01f745b","id":"1","format":"VHD","accountId":"1","checksum":"{MD5}86373992740b1eca8aff8b08ebf3aea5","hvm":"false","displayText":"SystemVM
> Template
>
> (XenServer)","imageDataStore":{"org.apache.cloudstack.storage.to.PrimaryDataStoreTO":{"uuid":"fbbf2bf0-ccc8-4df3-9794-c914f418a9d9","id":"2","poolType":"PreSetup","host":"localhost","path":"/fbbf2bf0-ccc8-4df3-9794-c914f418a9d9","port":"0","url":"PreSetup://localhost/fbbf2bf0-ccc8-4df3-9794-c914f418a9d9/?ROLE=Primary=fbbf2bf0-ccc8-4df3-9794-c914f418a9d9","isManaged":"false"}},"name":"routing-1","size":"(2.44
> GB)
>
> 262144","hypervisorType":"XenServer","bootable":"false","uniqueName":"routing-1","directDownload":"false","deployAsIs":"false"}},"destTO":{"org.apache.cloudstack.storage.to.VolumeObjectTO":{"uuid":"edb85ea0-d786-44f3-901b-e530bb2e6030","volumeType":"ROOT","dataStore":{"org.apache.cloudstack.storage.to.PrimaryDataStoreTO":{"uuid":"fbbf2bf0-ccc8-4df3-9794-c914f418a9d9","id":"2","poolType":"PreSetup","host":"localhost","path":"/fbbf2bf0-ccc8-4df3-9794-c914f418a9d9","port":"0","url":"PreSetup://localhost/fbbf2bf0-ccc8-4df3-9794-c914f418a9d9/?ROLE=Primary=fbbf2bf0-ccc8-4df3-9794-c914f418a9d9","isManaged":"false"}},"name":"ROOT-207","size":"(2.45
> GB)
>
> 2626564608","volumeId":"212","vmName":"v-207-VM","accountId":"1","format":"VHD","provisioningType":"THIN","id":"212","deviceId":"0","hypervisorType":"XenServer","directDownload":"false","deployAsIs":"false"}},"executeInSequence":"true","options":{},"options2":{},"wait":"0","bypassHostMaintenance":"false"}}]
> }
> 2021-10-27 17:59:22,129 DEBUG [c.c.a.m.DirectAgentAttache]
> (DirectAgent-221:ctx-737e97d0) (logid:7a1a71eb) Seq 1-873782770202889:
> Executing request
> 2021-10-27 17:59:22,132 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (Work-Job-Executor-93:ctx-30ef4f6b job-2552/job-2648 ctx-d1d9ade8)
> (logid:ce3ac740) Could not find suitable Deployment Destination for this VM
> under any clusters, returning.
> 2021-10-27 17:59:22,133 DEBUG [c.c.d.FirstFitPlanner]
> (Work-Job-Executor-93:ctx-30ef4f6b job-2552/job-2648 ctx-d1d9ade8)
> (logid:ce3ac740) Searching all possible resources under this Zone: 1
> 2021-10-27 17:59:22,134 DEBUG [c.c.d.FirstFitPlanner]
> (Work-Job-Executor-93:ctx-30ef4f6b job-2552/job-2648 ctx-d1d9ade8)
> (logid:ce3ac740) Listing clusters in order of aggregate capacity, that have
> (at least one host with) enough CPU and RAM capacity under this Zone: 1
> 2021-10-27 17:59:22,137 DEBUG [c.c.d.FirstFitPlanner]
> (Work-Job-Executor-93:ctx-30ef4f6b job-2552/job-2648 ctx-d1d9ade8)
> (logid:ce3ac740) Removing from the clusterId list these clusters from avoid
> set: [1]
> 2021-10-27 17:59:22,138 DEBUG [c.c.h.x.r.XenServerStorageProcessor]
> (DirectAgent-221:ctx-737e97d0) (logid:02bb9549) Catch Exception
> 

Re: Adding OS Type

[Andrija Panic]

When you add a new OS type to ACS - your upgrade to next ACS version will
break (due to DB IDs being hardcoded in the upgrade paths/files)

DO NOT add a new OS type, unless your hypervisor has introduced some major
improvements in e.g. Ubuntu 20 vs Ubuntu 18 - just use the newest OS type
(if really installing Ubuntu 20.04, then use e.g. 18.04)

Consider yourself warned in regards to failure in future upgrades :)

Best,

On Wed, 22 Sept 2021 at 22:34, Wei ZHOU  wrote:

> Hi Hean,
>
> The details are not applicable for kvm. I do not know why it is required.
> you can use the same details as other guest os
>
> xenserver.dynamicMin = 536870912
> xenserver.dynamicMax = 137438953472
>
> I suggest you NOT add a new guest os if you use 4.15.0.0 or older versions,
> because the upgrade sql from 4.15.0.0 to 4.15.1.0 have hardcoded id for
> some guest os.
> no issue with 4.15.1.0 or 4.15.2.0.
>
> -Wei
>
> On Wed, 22 Sept 2021 at 22:09, Hean Seng  wrote:
>
> > Hi
> >
> > Do you know what is  addGuestOS Details (*Map of (key/value pairs))**.
> > *refer
> > to?
> >
> > This compulsory field, and do not know what it means .  I am using KVM ,
> > the API doc did not explain on i t.
> >
> >
> >
> >
> >
> >
> >
> > On Mon, Sep 20, 2021 at 3:48 PM Hean Seng  wrote:
> >
> > > How about is that possible to change the OSType for existing
> > > Uploaed Template.
> > >
> > > Currently we upload Ubuntu 20  type Other Ubuntu ,  after added the New
> > > OS, with to change to Proper OS Type
> > >
> > > On Mon, Sep 20, 2021 at 3:46 PM Hean Seng  wrote:
> > >
> > >> Thanks for this info.  Overlook on this API.
> > >>
> > >> On Mon, Sep 20, 2021 at 2:13 PM Daan Hoogland <
> daan.hoogl...@gmail.com>
> > >> wrote:
> > >>
> > >>> yes, there are some APIs to aid with that:
> > >>> http://cloudstack.apache.org/api/apidocs-4.15/apis/addGuestOs.html
> > >>>
> >
> http://cloudstack.apache.org/api/apidocs-4.15/apis/addGuestOsMapping.html
> > >>>
> > >>> On Mon, Sep 20, 2021 at 3:25 AM Hean Seng 
> wrote:
> > >>>
> > >>> > Hi
> > >>> >
> > >>> > Is there any way to add OS Type in  ACS template ?  Currently using
> > >>> 4.15
> > >>> >
> > >>> > We need to add in as new OS is coming out , eg  Debian 11,  Ubuntu
> 20
> > >>> etc.
> > >>> >
> > >>> >
> > >>> > --
> > >>> > Regards,
> > >>> > Hean Seng
> > >>> >
> > >>>
> > >>>
> > >>> --
> > >>> Daan
> > >>>
> > >>
> > >>
> > >> --
> > >> Regards,
> > >> Hean Seng
> > >>
> > >
> > >
> > > --
> > > Regards,
> > > Hean Seng
> > >
> >
> >
> > --
> > Regards,
> > Hean Seng
> >
>


-- 

Andrija Panić

Re: 4.16.0.0 release

[Andrija Panic]

Hi Ahmed,

please do not take me wrong - you can not "order" things - this is a
community project - people will implement new features when they need it
(or if somebody pays for it) - so it's "developed when needed".

I do understand your concerns, some improvements are possible - but you
should also know that your NETWORK infrastructure should be the one
blocking DDOS and other network attacks - NOT the end-point
servers/software, this is what every serious company/provider will do.

Best,
Andrija

On Mon, 13 Sept 2021 at 23:42, ahmed jabbar  wrote:

> Hi Nicolas,
> It will be better if you add 2FA function in this version due cyber
> security issues,
> And reCapcha connector also.
> CVM & SSVM need to be secured from DDOS attack with auto block ip sources
> configuration ,
> One of our CVM faced many times DDOS attacks with no configuration
> possibilities to auto block sources ip of attacker,
> Management UI can be secured by Cloudflare also ip table of management can
> be configured for various types of actions but CVM can’t secured by
> Cloudflare proxy.
> BR
> Ahmed.
>
> > On 13 Sep 2021, at 10:44 PM, Nicolas Vazquez <
> nicolas.vazq...@shapeblue.com> wrote:
> >
> > Hi All,
> >
> > We are looking forward to cutting RC1 soon. Kindly share or ping me this
> week if there are any issues or pull requests that we should include in
> 4.16.0.0.
> >
> >
> > Regards,
> >
> > Nicolas Vazquez
> >
> >
> >
>


-- 

Andrija Panić

Re: virtual router stuck on starting - cloudstack 4.15.1 with kvm

[Andrija Panic]

Can you share qemu/libvirt version/flavour?

On Mon, 13 Sept 2021 at 14:18,  wrote:

> Hello,
>
>
>
>  I'm trying to understand this error,  I created new network with VPC
> in
> a new zone where I added KVM hypervisor, and I have this issue.
>
>
>
>
>
> 2021-09-13 11:36:18,621 DEBUG
> [resource.virtualnetwork.VirtualRoutingResource]
> (agentRequest-Handler-1:null) (logid:42d715f2) Trying to connect to
> 169.254.52.234
>
> 2021-09-13 11:36:21,684 DEBUG
> [resource.virtualnetwork.VirtualRoutingResource]
> (agentRequest-Handler-1:null) (logid:42d715f2) Could not connect to
> 169.254.52.234
>
>
>
> Here is the full log : https://pastebin.com/0NwsccUc
>
>
>
> root@usa-nyc-kvm-001:~# telnet 169.254.156.179 3922
>
> Trying 169.254.156.179...
>
> telnet: Unable to connect to remote host: Connection refused  ( before
> connection refused, I get no route to host, for sure the nic is not up )
>
> root@usa-nyc-kvm-001:~# virsh list
>
> Id   NameState
>
> ---
>
> 2v-4048-VM   running
>
> 4s-4050-VM   running
>
> 7r-4092-VM   running
>
>
>
> root@usa-nyc-kvm-001:~#
>
>
>
>
>
> If I check the log inside the router, I see this (the router is also
> responding very slow, waiting a lot to connect on it via virsh console):
>
>
>
> r-4092-VM login: root
>
> Password:
>
>
>
> Login timed out after 60 seconds.
>
>
>
>
>
>__?.o/  Apache CloudStack SystemVM 4.15.1
>
>   (  )#https://cloudstack.apache.org
>
> (___(_)   Debian GNU/Linux 10 r-4093-VM ttyS0
>
>
>
> r-4093-VM login: root
>
> Password:
>
> Linux r-4093-VM 4.19.0-14-amd64 #1 SMP Debian 4.19.171-2 (2021-01-30)
> x86_64
>
>
>
>
>
>
>
> root@r-4093-VM:~# cat /var/log/cloud.log
>
> Mon 13 Sep 2021 11:50:55 AM UTC Executing cloud-early-config
>
> Mon 13 Sep 2021 11:50:55 AM UTC Bootstrapping systemvm appliance
>
> Mon 13 Sep 2021 11:50:57 AM UTC Starting guest services for kvm
>
> Mon 13 Sep 2021 11:51:04 AM UTC acpiphp and pci_hotplug module already
> compiled in
>
> Mon 13 Sep 2021 11:52:59 AM UTC Received a new non-empty cmdline file from
> qemu-guest-agent
>
> Mon 13 Sep 2021 11:52:59 AM UTC Booting from cloudstack, remove old
> configuration files in /etc/cloudstack/
>
> Mon 13 Sep 2021 11:54:30 AM UTC Configuring systemvm type=vpcrouter
>
> Mon 13 Sep 2021 11:54:30 AM UTC Setting up VPC virtual router system vm
>
> Mon 13 Sep 2021 11:54:31 AM UTC Setting up apache web server for VPC
>
> Mon 13 Sep 2021 11:55:05 AM UTC Processors = 1  Enable service  = 0
>
> Mon 13 Sep 2021 11:55:05 AM UTC cloud: disable rp_filter
>
> Mon 13 Sep 2021 11:55:05 AM UTC disable rpfilter
>
> Mon 13 Sep 2021 11:55:05 AM UTC cloud: enable_fwding = 1
>
> Mon 13 Sep 2021 11:55:05 AM UTC enable_fwding = 1
>
> Mon 13 Sep 2021 11:55:05 AM UTC cloud: enabling passive FTP for guest VMs
>
> Mon 13 Sep 2021 11:55:06 AM UTC Finished setting up systemvm
>
> Mon 13 Sep 2021 11:55:06 AM UTC Finished setting up systemvm
>
> 2021-09-13 11:55:13,823 INFO update_config.py :: Processing incoming
> file => cmd_line.json
>
> 2021-09-13 11:55:13,856 INFO Processing JSON file cmd_line.json
>
> 2021-09-13 11:55:13,858 INFO Continuing with the processing of file
> '/var/cache/cloud/cmd_line.json'
>
> 2021-09-13 11:55:13,877 INFO Command of type cmdline received
>
> 2021-09-13 11:55:13,897 INFO Command of type ips received
>
> 2021-09-13 11:55:13,923 INFO Executing: ip addr show dev eth0
>
> 2021-09-13 11:55:13,975 INFO Executing: ip addr show dev eth0
>
> 2021-09-13 11:55:13,979 INFO Address found in DataBag ==>
> {u'public_ip':
> u'169.254.41.129', u'one_to_one_nat': False, u'nic_dev_id': u'0',
> u'network': u'169.254.0.0/16', u'netmask': u'255.255.0.0', u'source_nat':
> False, u'broadcast': u'169.254.255.255', u'add': True, u'nw_type':
> u'control', u'device': u'eth0', u'cidr': u'169.254.41.129/16', u'gateway':
> u'', u'size': u'16'}
>
> 2021-09-13 11:55:13,979 INFO Address 169.254.41.129/16 on device eth0
> already configured
>
> 2021-09-13 11:55:13,984 INFO Executing: ip addr show |grep -v secondary
>
> 2021-09-13 11:55:14,010 INFO Wrote edited file
> /etc/dnsmasq.d/cloud.conf
>
> 2021-09-13 11:55:14,010 INFO Updated file in-cache configuration
>
> 2021-09-13 11:55:14,010 INFO Nothing to commit. The /etc/dhcphosts.txt
> file did not change
>
> 2021-09-13 11:55:14,010 INFO Nothing to commit. The
> /var/lib/misc/dnsmasq.leases file did not change
>
> 2021-09-13 11:55:14,010 INFO Nothing to commit. The /etc/dhcpopts.txt
> file did not change
>
> 2021-09-13 11:55:14,010 INFO Attempting to delete entries from
> dnsmasq.leases file for VMs which are not on dhcphosts file
>
> 2021-09-13 11:55:14,010 ERRORCaught error while trying to delete
> entries
> from dnsmasq.leases file: [Errno 2] No such file or directory:
> '/etc/dhcphosts.txt'
>
> 2021-09-13 11:55:14,034 INFO Wrote edited file /etc/hosts
>
> 2021-09-13 11:55:14,044 INFO Updated file in-cache configuration
>
> 2021-09-13 

Re: usage example assignToLoadBalancerRule API

[Andrija Panic]

Hi Cristian,

I would advise you to use a browser, developer tools, Networking tab - to
capture API HTTP calls to the mgmt server - this is, by far, the best way
to "learn" the API usage (IMO at least).

Bestm

On Fri, 10 Sept 2021 at 09:30,  wrote:

> Hello,
>
>
>
> Can someone provide a usage example for this API?
>
> https://cloudstack.apache.org/api/apidocs-4.15/apis/assignToLoadBalancerRule
> .html
> 
>  I'm asking this because I do not understand the logic behind.  I
> tested almost all the APIs but I have a logic issue with this one.
>
>
>
>Let's say I have 2 VMs, each of the VMs has 2 IPs assigned and I want to
> add with both IPs.
>
>
>
>ID 1 = 4e5b2104-7d2a-4238-921a-f7545241534e
>
>  IP 1 = 10.100.10.2
>
>  IP 2 = 10.100.10.3
>
>   ID 2 = 854939c1-2c2f-4612-a264-a6653f268cbd
>
>  IP 1 = 10.100.10.20
>
>  IP 2 = 10.100.10.30
>
>
>
> Rule ID = 96b21874-c52b-4b5b-b33c-fd61bbb5b0e2
>
>
>
>
>
>
>
> Regards,
>
> Cristian
>
>

-- 

Andrija Panić

Re: KVM Agent

[Andrija Panic]

No. VirtIO drives for NIC/SCSI if you chose OS type that will have VirtIO
"HW" fo the VM - that's all (that means manual install inside the Windows
OSes)

On Wed, 18 Aug 2021 at 10:44, Дикевич Евгений Александрович <
evgeniy.dikev...@becloud.by> wrote:

> Hi all!
> Does guest VMs needed some agent on KVM environment such as same as on
> Vmware or Xenserver/XCP-NG?
>
>
> Внимание!
> Это электронное письмо и все прикрепленные к нему файлы являются
> конфиденциальными и предназначены исключительно для использования лицом
> (лицами), которому (которым) оно предназначено. Если Вы не являетесь лицом
> (лицами), которому (которым) предназначено это письмо, не копируйте и не
> разглашайте его содержимое и удалите это сообщение и все вложения из Вашей
> почтовой системы. Любое несанкционированное использование, распространение,
> раскрытие, печать или копирование этого электронного письма и прикрепленных
> к нему файлов, кроме как лицом (лицами) которому (которым) они
> предназначены, является незаконным и запрещено. Принимая во внимание, что
> передача данных посредством Интернет не является безопасной, мы не несем
> никакой ответственности за любой потенциальный ущерб, причиненный в
> результате ошибок при передаче данных или этим сообщением и прикрепленными
> к нему файлами.
>
> Attention!
> This email and all attachments to it are confidential and are intended
> solely for use by the person (or persons) referred to (mentioned) as the
> intended recipient (recipients). If you are not the intended recipient of
> this email, do not copy or disclose its contents and delete the message and
> any attachments to it from your e-mail system. Any unauthorized use,
> dissemination, disclosure, printing or copying of this e-mail and files
> attached to it, except by the intended recipient, is illegal and is
> prohibited. Taking into account that data transmission via Internet is not
> secure, we assume no responsibility for any potential damage caused by data
> transmission errors or this message and the files attached to it.
>


-- 

Andrija Panić

Re: 'Infrastructure' then 'Hosts' in the webui not working

[Andrija Panic]

Hi James,

this might sound like a bug (unless someone advices otherwise) - so I would
advise that you open a GitHub issue, it would be good if you have saved
some screenshots - take time to properly report the problem, so that people
can look into it.

Thanks,
Andrija




On Sat, 7 Aug 2021 at 11:12, James Steele  wrote:

> My setup: Ubuntu Server 20.04.2, MySQL Ver 8.0.26-0ubuntu0.20.04.2
>
> I have been getting an error that when I click 'Infrastructure' then
> 'Hosts' in the webui (http://ipaddress:8080/client/) the error message:
> '(X) For input string: " "' is shown briefly, but the hosts are NOT listed.
> However the old web client works fine (
> http://ipaddress:8080/client/legacy/).
>
> The boxes that have the error were upgraded from 4.15 to 4.15.1
>
> I have just done a clean install on identical hardware straight to 4.15.1
> and there are no longer any errors.
>
> People have suggested that system Locale may be a problem. However using
> the default locale on the new install works fine (en_GB.UTF-8) and doesn’t
> need changing.
>
> I don’t think locale is the issue now (for me anyway). I think the mysql
> database has either been changed somehow during the original systems
> upgrade procedure. Or the 4.15 created database is being accessed
> differently from the system that has been through the upgrade procedure to
> 4.15.1
>
> Summary:
>
> Hardware, setup with 4.15, then upgraded to 4.15.1
> http://ipaddress:8080/client/#/host= 'Hosts' tab in the webui
> BROKEN with error
> http://ipaddress:8080/client/legacy/ = 'Hosts' tab in the webui is
> OK, lists all hosts correctly
>
> Hardware, setup clean with 4.15.1
> http://ipaddress:8080/client/#/host= 'Hosts' tab in the webui is
> OK, lists all hosts correctly
> http://ipaddress:8080/client/legacy/ = 'Hosts' tab in the webui is
> OK, lists all hosts correctly
>
> Any ideas?
>


-- 

Andrija Panić

Re: Cannot provision on newly added hosts due to bridge network not being created

[Andrija Panic]

Yeah, "predictable" interface names, one of the more stupid moves done
recently

On Thu, 5 Aug 2021 at 07:40, SVI  wrote:

> I guess I overlooked the interface naming conventions required by KVM.
> After disabling renaming of NIC (so the interface name will be eth0 and
> eth1), everything works.
>
> Thanks.
>
> > On Aug 5, 2021, at 11:57 AM, SVI  wrote:
> >
> > Hi,
> >
> > I followed setting up of KVM hosts on my ubuntu 20.04 and added it as in
> my cloudstack cluster. I tried launching an instance but always gets this
> error in the hypervisor:
> >
> >  WARN  [resource.wrapper.LibvirtStartCommandWrapper]
> (agentRequest-Handler-2:null) (logid:3851fa03) InternalErrorException
> > com.cloud.exception.InternalErrorException: Failed to create vnet 225:
> Error: argument "brenp129s0f1-225" is wrong: "name" not a valid
> ifnameCannot find device "brenp129s0f1-225"Failed to create br:
> brenp129s0f1-225
> >
> > Bridging seems ok based on the guide I followed. Here’s my
> /etc/network/interfaces:
> >
> > auto lo
> > iface lo inet loopback
> > # The primary network interface
> > auto enp129s0f0
> > iface enp129s0f0 inet manual
> > # The second network interface
> > auto enp129s0f1
> > iface enp129s0f1 inet manual
> > # management network
> > auto cloudbr0
> > iface cloudbr0 inet static
> > bridge_ports enp129s0f0
> > bridge_fd 5
> > bridge_stp off
> > bridge_maxwait 1
> > address 192.168.1.120
> > netmask 255.255.255.0
> > gateway 192.168.1.1
> > dns-nameservers 8.8.8.8 8.8.4.4
> > dns-domain dev.cloudstack.io 
> > # guest network
> > auto cloudbr1
> > iface cloudbr1 inet manual
> > bridge_ports enp129s0f1
> > bridge_fd 5
> > bridge_stp off
> > bridge_maxwait 1
> >
> > Help is very much appreciated.
> >
> > Btw, this is almost the same configuration as my other 2 hypervisors and
> everything works fine on the other 2.
> >
> > Here’s the ip a:
> >
> > 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1000
> > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> > inet 127.0.0.1/8 scope host lo
> >valid_lft forever preferred_lft forever
> > inet6 ::1/128 scope host
> >valid_lft forever preferred_lft forever
> > 2: enp129s0f0:  mtu 1500 qdisc mq
> master cloudbr0 state UP group default qlen 1000
> > link/ether ac:1f:6b:25:87:c2 brd ff:ff:ff:ff:ff:ff
> > 3: enp129s0f1:  mtu 1500 qdisc mq
> master cloudbr1 state UP group default qlen 1000
> > link/ether ac:1f:6b:25:87:c3 brd ff:ff:ff:ff:ff:ff
> > 4: ens3:  mtu 1500 qdisc noop state DOWN group
> default qlen 1000
> > link/ether 00:02:c9:54:3a:94 brd ff:ff:ff:ff:ff:ff
> > 5: cloudbr0:  mtu 1500 qdisc noqueue
> state UP group default qlen 1000
> > link/ether ac:1f:6b:25:87:c2 brd ff:ff:ff:ff:ff:ff
> > inet 192.168.1.120/24 brd 192.168.1.255 scope global cloudbr0
> >valid_lft forever preferred_lft forever
> > inet6 fe80::ae1f:6bff:fe25:87c2/64 scope link
> >valid_lft forever preferred_lft forever
> > 6: cloudbr1:  mtu 1500 qdisc noqueue
> state UP group default qlen 1000
> > link/ether ac:1f:6b:25:87:c3 brd ff:ff:ff:ff:ff:ff
> > inet6 fe80::ae1f:6bff:fe25:87c3/64 scope link
> >valid_lft forever preferred_lft forever
> > 7: cloud0:  mtu 1500 qdisc noqueue
> state UNKNOWN group default qlen 1000
> > link/ether ae:18:19:bc:36:07 brd ff:ff:ff:ff:ff:ff
> > inet 169.254.0.1/16 scope global cloud0
> >valid_lft forever preferred_lft forever
> > inet6 fe80::ac18:19ff:febc:3607/64 scope link
> >valid_lft forever preferred_lft forever
> > 8: enp129s0f1.225@enp129s0f1:  mtu
> 1500 qdisc noqueue state UP group default qlen 1000
> > link/ether ac:1f:6b:25:87:c3 brd ff:ff:ff:ff:ff:ff
> > inet6 fe80::ae1f:6bff:fe25:87c3/64 scope link
> >valid_lft forever preferred_lft forever
> >
> >
> >
> > Thanks.
> >
>
>

-- 

Andrija Panić

Re: UFW Firewall enabled SystemVMs offline

[Andrija Panic]

8250 is used from SSVM/CPVM agent to communicate to mgmt server.

On Sun, 1 Aug 2021 at 16:04, Ben McGuire 
wrote:

>
> We have followed the ports that Cloudstack requires and opened them in our
> hosts however with UFW enabled the systemvms agent disconnects.
>
> We allowed all traffic to and from the management host and opened these
>  ufw allow proto tcp from any to any port 22
> $ ufw allow proto tcp from any to any port 1798
> $ ufw allow proto tcp from any to any port 16509
> $ ufw allow proto tcp from any to any port 16514
> $ ufw allow proto tcp from any to any port 5900:6100
> $ ufw allow proto tcp from any to any port 49152:49216
>
> What exactly is causing the systemvms to disconnect when UFW is enabled ?
> The moment we disable it and reboot the systemvms the agents come back
> online
>
> Regards,
>
> Ben McGuire
> Founder
> AeroNeave Cloud Solutions
>
>
>
>

-- 

Andrija Panić

Re: CPU Core Count Incorrect

[Andrija Panic]

Old UI or new UI, which ACS version?

Core count has NOTHIGN to do with capacity - keep that  in mind, i.e. the
pure number of cores shown in Dashboard. (it's the core count x core
frequency per each hypervisor that counts towards capacity)

AND, the "insufficient capacity" has, wait one 99% of the case NOTHING
to do with not having enough capacity here or there, it's the stupid,
generic message on failure. So you need to dig the mgmt logs ABOVE that
"insufficient capacity" message.

Best

On Thu, 29 Jul 2021 at 10:16, Adrian Morris <
adr...@sdchostingandsupport.co.uk> wrote:

> Hi Everyone,
>
>
>
> We have an issue where the core count on our cloudstack is showing
> incorrectly on the dashboard, I think this is then leading to an
> insufficient server capacity error we now receive on setting up guests.
>
>
>
> The core count on the physical hosts shows correct at 96 cores across 3
> hosts but on the dashboard I am only seeing 32 cores.
>
>
>
> Any guidance on correcting this?
>
>
>
> Many Thanks
>
> Adrian Morris CIIT
>
> Director
>
>
>
>
>
> SDC Hosting and Support Ltd
>
> 890 The Crescent, Colchester Business Park, Colchester, CO4 9YQ
>
>
>
> This e-mail (and any attachments) contains confidential information which
> may be legally privileged and protected from disclosure. It is intended
> solely for the individual or entity to whom it is addressed and others
> authorised to receive it. If you are not the intended recipient of this
> e-mail or any parts of it please telephone 07802 665733 immediately upon
> receipt. No other person is authorized to copy, forward or disclose,
> distribute or retain this e-mail in any form
>
>
>
>
>


-- 

Andrija Panić

Re: Cold VM migration across datacenters

[Andrija Panic]

Migration between zones is NOT possible in any shape or form, so this is a
route you should, IMO, abandon (you can always export VMs in this way or
another, but this is not feasible in production)

I understand you have 2 DCs and you want VMs to, eventually, become alive
in 2nd DC, if the plane crashes on 1st DC? (well, your data is there,
unless CEPH is stretched/distributed across 2 DCs and could survive the
whole DC1 going down)

If you are insisting on that HA level - then you could do it in 2 ways,
that cross my mind right now.
(CEPH as distributed storage, zone wide, some nodes DC1, some DC2 - make
sure your CEPH setup survives whole DC going down (this requires that CRUSH
maps correctly configured etc)


(1)   DC1 = Pod1 (1/2/3) and DC2 = Pod2 (or Pod 4/5/6 etc) - i.e. multiple
Pods per DC - they all will be using zone-wide Ceph storage - your VMs are
on your storage, that is the crucial part to not lose data.
-- you can't really migrate VMs between Pods, only within cluster (and in
some cases between clusters in the same Pod, staring from 4.16)
-- this is OK if you have not-low-enough-latency between DC1 and DC2 (but
then CEPH will also suffer from that  higher latency)

(2) A very untipical, not recommends, but technically possible setup -
DC1+DC2 = one large DC = 1 POD = 1 cluster (or more clusters if needed) -
still using CEPH as before
-- requires ultra-low latency between DC1 and DC2 - and if plane crashes on
DC1 (taking this example, as I've been to some Zurich DCs next to the
airport...) - you can still start VM on hosts in DC2 in case it was a
single cluster. In case you had multiple clusters - then it get's more
complicated (minor DB hacks) etc.

In both cases you still have to sort out Secondary Storage NFS HA

In general,  you can't achieve what you want that easy nor you should be
stretching the possibilities (that I just explained, as I would, probably,
never use them in production)

I guess I didn't help - but there you go.

Andrija



On Tue, 20 Jul 2021 at 16:28, Vladimir Dombrovski <
vladimir.dombrov...@bso.co> wrote:

> Hello,
>
> We're trying to draw a multisite architecture where any VM could be
> relocated to the secondary site whenever the primary site fails
> (primary/backup for disaster recovery purposes). We don't require live
> migration, and we are okay with shutting down machines in order to relocate
> them.
>
> We are using Cloudstack 4.15 on Ubuntu Focal. In our current setup, each
> datacenter has a Cloudstack management node, as well as a few hypervisors
> running KVM and a Cloudstack agent. We're using Ceph as our primary
> storage, and NFS as our secondary storage on each site.
>
> To ensure metadata resiliency, we've replicated the MySQL database across
> both sites, much like described following this guide:
>
>
> https://docs.cloudstack.apache.org/projects/cloudstack-installation/en/4.11/choosing_deployment_architecture.html#multi-site-deployment
>
> We tried setting up multiple zones, one for each datacenter, each one
> having its own primary storage, but we are faced with the issue where we
> are not able to migrate VMs across zones (only Pod/Cluster/Host level is
> available via the GUI and the Cloudmonkey CLI).
>
> Are we using the right level of abstraction for our case? If so, how can
> we migrate a VM (compute + storage) from one zone to another? If not, what
> is the right level to use that allows us to use two separate primary
> storage endpoints and ensures that only the primary site gets used for
> compute resource allocation in normal conditions?
>
> Also, we would like to know whether there is some documentation already
> touching on the subject of best practices when performing these "more
> advanced" deployments.
>
> Kind regards,
>
> Vladimir DOMBROVSKI
>


-- 

Andrija Panić

Re: Primary Storage Volume detach issue

[Andrija Panic]

(if you open that link in your browser)


On Mon, 12 Jul 2021 at 18:57, Andrija Panic  wrote:

> I've seen an identical issue on a VERY specific/minor version of vShpere
> 6.5 - if you browser in your browser - will it also return error 500?
> https://10.xx.5.100/folder/i-2-30-VM?dcPath=YTTMTLSZCLDDC01=PROD_VPC_SZ_CLS1_PRIM_VOL1
>
>
>

-- 

Andrija Panić

Re: Primary Storage Volume detach issue

[Andrija Panic]

I've seen an identical issue on a VERY specific/minor version of vShpere
6.5 - if you browser in your browser - will it also return error 500?
https://10.xx.5.100/folder/i-2-30-VM?dcPath=YTTMTLSZCLDDC01=PROD_VPC_SZ_CLS1_PRIM_VOL1

Re: Consistent disconnects from SSVM and compute host

[Andrija Panic]

Can you take the LB out as a variable - and try directly doing things
inside the network (behind VPN, via internal IPs)

The exception thrown in the SSVM is strange though

Best,

On Sat, 10 Jul 2021 at 11:35, Joshua Schaeffer 
wrote:

> ACS: 4.15.0.0
> Hypervisor: KVM
> OS: Ubuntu 20.04
>
> In troubleshooting my last secondary storage issue I came across a
> repeating warning and error on the secondary storage VM and the compute
> host respectively. This is causing some issues and I'd like to know if
> anybody else has come across this or how to resolve it.
>
> Exactly every 60 seconds I receive a lost connection info message followed
> by a reconnection attempt (which is always successful) which is then
> followed by a warning in the SSVM's case and an error in the compute host's
> case. The warning is an exception that is caught by
> java.lang.NumberFormatException and the error is a libvirt error. This also
> triggers an alert in the CloudStack UI. Here are the details.
>
> First the logs from /var/log/cloud.log inside the SSVM:
>
> 2021-07-10 08:48:57,919 INFO  [cloud.agent.Agent] (Agent-Handler-2:null)
> Lost connection to host: bllcloudlb01.harmonywave.cloud. Attempting
> reconnection while we still have 0 commands in progress.
> 2021-07-10 08:48:57,945 INFO  [utils.nio.NioClient] (Agent-Handler-2:null)
> NioClient connection closed
> 2021-07-10 08:48:57,947 INFO  [cloud.agent.Agent] (Agent-Handler-2:null)
> Reconnecting to host:bllcloudlb01.harmonywave.cloud
> 2021-07-10 08:48:57,948 INFO  [utils.nio.NioClient] (Agent-Handler-2:null)
> Connecting to bllcloudlb01.harmonywave.cloud:8250
> 2021-07-10 08:48:57,954 INFO  [utils.nio.Link] (Agent-Handler-2:null) Conf
> file found: /usr/local/cloud/systemvm/conf/agent.properties
> 2021-07-10 08:48:58,664 INFO  [utils.nio.NioClient] (Agent-Handler-2:null)
> SSL: Handshake done
> 2021-07-10 08:48:58,665 INFO  [utils.nio.NioClient] (Agent-Handler-2:null)
> Connected to bllcloudlb01.harmonywave.cloud:8250
> 2021-07-10 08:48:58,729 INFO  [cloud.agent.Agent] (Agent-Handler-2:null)
> Proccess agent startup answer, agent id = 0
> 2021-07-10 08:48:58,731 INFO  [cloud.agent.Agent] (Agent-Handler-2:null)
> Set agent id 0
> 2021-07-10 08:48:58,736 INFO  [cloud.agent.Agent] (Agent-Handler-2:null)
> Startup Response Received: agent id = 0
> 2021-07-10 08:48:59,128 INFO
> [storage.resource.NfsSecondaryStorageResource]
> (agentRequest-Handler-2:null) Determined host
> bllcloudstg02-storage.harmonywave.cloud corresponds to IP 10.2.96.6
> 2021-07-10 08:48:59,132 INFO
> [storage.resource.NfsSecondaryStorageResource]
> (agentRequest-Handler-2:null) Determined host
> bllcloudstg02-storage.harmonywave.cloud corresponds to IP 10.2.96.6
> 2021-07-10 08:49:02,799 INFO
> [storage.resource.NfsSecondaryStorageResource]
> (agentRequest-Handler-2:null) created a thread to start post upload server
> 2021-07-10 08:49:02,807 INFO  [handler.logging.LoggingHandler]
> (nioEventLoopGroup-310-1:null) [id: 0xab44bf4e] REGISTERED
> 2021-07-10 08:49:02,808 INFO  [handler.logging.LoggingHandler]
> (nioEventLoopGroup-310-1:null) [id: 0xab44bf4e] BIND(0.0.0.0/0.0.0.0:8210)
> 2021-07-10 08:49:02,808 INFO  [handler.logging.LoggingHandler]
> (nioEventLoopGroup-310-1:null) [id: 0xab44bf4e] CLOSE()
> 2021-07-10 08:49:02,809 INFO  [handler.logging.LoggingHandler]
> (nioEventLoopGroup-310-1:null) [id: 0xab44bf4e] UNREGISTERED
> 2021-07-10 08:49:02,816 INFO
> [storage.resource.NfsSecondaryStorageResource] (Thread-157:null) shutting
> down post upload server
> 2021-07-10 08:49:03,021 INFO
> [storage.resource.NfsSecondaryStorageResource]
> (agentRequest-Handler-1:null) Determined host
> bllcloudstg02-storage.harmonywave.cloud corresponds to IP 10.2.96.6
> 2021-07-10 08:49:03,072 INFO  [storage.template.DownloadManagerImpl]
> (agentRequest-Handler-1:null) found 0 volumes[]
> 2021-07-10 08:49:03,127 INFO
> [storage.resource.NfsSecondaryStorageResource]
> (agentRequest-Handler-5:null) Determined host
> bllcloudstg02-storage.harmonywave.cloud corresponds to IP 10.2.96.6
> 2021-07-10 08:49:03,257 INFO  [storage.template.DownloadManagerImpl]
> (agentRequest-Handler-5:null) found 3
> templates[/mnt/SecStorage/df2ca46d-aee0-302e-9ad0-2e94252341e4/template/tmpl/1/3/21b64e43-bd2e-447e-a488-14b67205e289.qcow2,
> /mnt/SecStorage/df2ca46d-aee0-302e-9ad0-2e94252341e4/template/tmpl/1/10/746d45d3-426c-4d86-b82c-1d4cd5a25a8c.qcow2,
> /mnt/SecStorage/df2ca46d-aee0-302e-9ad0-2e94252341e4/template/tmpl/2/230/50035329-d6d9-491d-9aef-e2756bdd02ec.iso]
> 2021-07-10 08:49:03,269 WARN  [storage.template.TemplateLocation]
> (agentRequest-Handler-5:null) Cleaning up inconsistent information for QCOW2
> 2021-07-10 08:49:03,271 WARN  [cloud.agent.Agent]
> (agentRequest-Handler-5:null) Caught:
> java.lang.NumberFormatException: For input string: ""
> at
> java.base/java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
> at java.base/java.lang.Long.parseLong(Long.java:702)
> at 

Re: snapshot compression

[Andrija Panic]

What did you have in mind specifically?

Ceph volume snapshots export works by using qemu-img to convert raw/RBD
volume to a qcow2 (if not mistaken, or raw) format on the Secondary Storage.

Bestm

On Mon, 12 Jul 2021 at 09:35, Daan Hoogland  wrote:

> Andrei, good feature request. I don't think it is implemented (never heard
> of it)
>
> On Thu, Jul 8, 2021 at 6:06 PM Andrei Mikhailovsky
>  wrote:
>
> > Hello everyone,
> >
> > Is there a way to enable compression on the KVM+Ceph snapshot volumes
> when
> > they are being copied to the secondary storage? As far as I can see, this
> > useful feature is not enabled by default, which could unnecessarily waste
> > both network and storage resources. It could save tons of space.
> >
> > Any idea on how to enable it?
> >
> > Cheers
> >
> > Andrei
> >
>
>
> --
> Daan
>


-- 

Andrija Panić

Re: Downloading template 403 Forbidden Error

[Andrija Panic]

Let's verify the health of your SSVM - inside you SSVM, run:

/*usr*/*local*/*cloud*/*systemvm*/*ssvm*-*check*.*sh*

and report results here pls.

Best,



On Tue, 6 Jul 2021 at 14:34, Daniel Augusto Veronezi Salvador <
dvsalvador...@gmail.com> wrote:

> Hello,
>
>
> To access the Secondary Storagem VM, you need to connect in the SSVM's
> host and use the command *cloudstack-ssh, *with the IP available in
> *Link Local IP Address:***cloudstack-ssh x.x.x.x
>
>
> Best regards,
>
> Guto Veronezi
>
> On 05/07/2021 22:22, 조대형 wrote:
> > Hi All.
> >
> > CloudStack 4.15.0.0
> >
> >
> >
> > I have an error which is 403 Forbidden when I tried to download
> templates.
> >
> > Secondarystoragevm is up and running.
> >
> >
> >
> > Cloudstack logs :
> >
> >
> >
> > 2021-07-06 10:11:45,657 WARN  [c.c.a.AlertManagerImpl]
> (RouterStatusMonitor-
> > 1:ctx-d493e8c5) (logid:204ee303) AlertType:: 9 | d
> > ataCenterId:: 1 | podId:: 1 | clusterId:: null | message:: Health checks
> > failed: 1 failing checks on router dd14de61-88c1-41f0
>   -
> > 9b99-28f1ee4d13d2
> >
> > 2021-07-06 10:11:45,672 WARN
> [c.c.n.r.VirtualNetworkApplianceManagerImpl]
> > (RouterStatusMonitor-1:ctx-d493e8c5) (logid:204ee30
> 3)
> > Health checks failed: 1 failing checks on router dd14de61-88c1-41f0-9b99-
> > 28f1ee4d13d2. Checking failed health checks to see
>  if
> > router needs recreate
> >
> > 2021-07-06 10:13:36,727 WARN  [c.c.a.d.ParamGenericValidationWorker]
> > (qtp1026871825-772241:ctx-1b93af0a ctx-5458a69e) (logid:a
> > 9828694) Received unknown parameters for command listZones. Unknown
> > parameters : listall
> >
> > 2021-07-06 10:13:39,167 WARN  [c.c.a.ApiServer]
> (qtp1026871825-778326:ctx-
> > 29a17f02 ctx-3e6dcf5c) (logid:e31434c2) Unknown API
> > command: listAndSwitchSamlAccount
> >
> >
> >
> > Do you have ideas?
> >
> >
> >
> > Thanks,
> >
> >
> >
> >
>


-- 

Andrija Panić

Re: Network error when uploading local ISO

[Andrija Panic]

The default SSL might be the old *.realhostip.com - which is not to be used
in any similar-to-production way - but yes, this is a good workaround to
accept that browser warning, and later actions work fine


On Tue, 6 Jul 2021 at 08:56, Vivek Kumar 
wrote:

> I did the same way a long back..! If you are using any self signed
> certificate for testing or something.!
>
>
>
> > On 05-Jul-2021, at 1:15 PM, Abishek Budhathoki 
> wrote:
> >
> > If it may help,
> > Please open the ssvm public IP https://192.41.41.161/ in the new tab of
> the running browser and accept the certificate warning and try again
> uploading the ISO.
> > Faced the same issue at first while not using ssl for system vms.
> > Thank You.
> >
> > On 2021/07/05 00:23:34, Joshua Schaeffer 
> wrote:
> >> On 7/4/21 4:16 PM, Andrija Panic wrote:
> >>> What's the value of your global config parameters:
> >>>
> >>> consoleproxy.url.domain
> >> Empty/blank
> >>> consoleproxy.sslEnabled
> >> False
> >>> secstorage.ssl.cert.domain
> >> Empty/blank
> >>> secstorage.encrypt.copy
> >> False
> >>>
> >>> I expect last one or second to last one is wrong/not set - since your
> >>> browser is showing the request POST being sent to HTTPS: (
> >>> https://192.41.41.161) instead of  (https://192-41-41-161
> >>> .
> >>>
> >>> Best,
> >>>
> >>> On Fri, 2 Jul 2021 at 17:35, Joshua Schaeffer <
> jschaef...@harmonywave.com>
> >>> wrote:
> >> If this could be related to SSL/TLS then I should probably mention I
> have set the ca.plugin.root.auth.strictness to "false". I can't remember
> the exact error I get but I  know I got an error on a new install if I
> didn't do this. I could turn it back on and check if that would provide
> more info. I should also mention that I have not done any SSL/TLS at this
> point except at the load balancer and that does SSL termination. Are there
> any guides/documentation on how best to set these values?
> >>
> >> --
> >> Thanks,
> >> Joshua Schaeffer
> >>
> >>
>
>

-- 

Andrija Panić

Re: Error while starting CloudStack 4.15

[Andrija Panic]

the simplest test is - from the acs mgmt node:


mysql -h  -u cloud -p  -p 3306

that should work - that is what, effectively, acs mgmt server is doing
(i.e. your db.properties might be populated with wrong info OR your mysql
credentials are invalid in this way or another)
(or a firewall, indeed...)

best,

On Mon, 5 Jul 2021 at 13:39, pradeep pal  wrote:

> Hello,
>
> Thanks,
>
> I have installed cloudstack 4.15 in test infra and after installation I
> have not scene any issue, maybe it is any network policy related issue, I
> am looking on it with network team, i will update you on this soon.
>
> Thanks
> Pradeep
>
>
>
> Get Outlook for iOS<https://aka.ms/o0ukef>
> ____
> From: Andrija Panic 
> Sent: Monday, July 5, 2021 3:38:12 AM
> To: users 
> Subject: Re: Error while starting CloudStack 4.15
>
> recheck your credentials  that you defined while setup-cloudstack-databases
> script - clearly management server can't access the DB (" Unable to get a
> new db connection ") and it could be a few reasons:
>
> 1) ensure MySQL is listening on port 3306
> 2) ensure you have granted the proper permissions (grant all on cloud.*
> same for cloud_usage.*...to ) - the credentials you specified while
> running setup-cloudstack-databases
> 3) no other reasons I can see, based on the error message.
>
> best,
>
> On Sat, 3 Jul 2021 at 03:51, pradeep pal  wrote:
>
> > Hello,
> >
> > i am able to access MySQL database from remote machine. But still getting
> > the same error.
> >
> > Thanks
> > Pradeep
> >
> >
> >
> > Get Outlook for iOS<https://aka.ms/o0ukef>
> > 
> > From: pavan aravapalli 
> > Sent: Saturday, July 3, 2021 1:49:48 AM
> > To: users@cloudstack.apache.org 
> > Subject: Re: Error while starting CloudStack 4.15
> >
> > Hi,
> > Looks like you have an issue with mysql configuration where the mysql
> > server is running with localhost binding. Try to run the mysql server
> below
> > config  and restart cloudstack service.
> > /etc/my.cnf
> > bind-address="0.0.0.0"
> >
> > Regards,
> > Pavan
> >
> > On Fri, 2 Jul 2021 at 15:37, pradeep pal  wrote:
> >
> > > Hi,
> > >
> > > I have installed new CloudStack 4.15, when i start cloudstack service,
> > > getting below error.
> > >
> > > OS: CentOS 7 64bit
> > > CloudSatck: 4.15
> > > Mysql DB: mysql-community-server-5.7.34
> > >
> > >
> > > 2021-07-02 14:57:59,600 ERROR [c.c.u.d.Merovingian2] (main:null)
> (logid:)
> > > Unable to get a new db connection
> > > java.sql.SQLNonTransientConnectionException: Could not create
> connection
> > > to database server. Attempted reconnect 3 times. Giving up.
> > > at
> > >
> >
> com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:110)
> > > at
> > >
> >
> com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:97)
> > > at
> > >
> >
> com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:89)
> > > at
> > >
> >
> com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:63)
> > > at
> > >
> >
> com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:73)
> > > at
> > >
> >
> com.mysql.cj.jdbc.ConnectionImpl.connectWithRetries(ConnectionImpl.java:906)
> > > at
> > > com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:831)
> > > at
> > com.mysql.cj.jdbc.ConnectionImpl.(ConnectionImpl.java:456)
> > > at
> > > com.mysql.cj.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:246)
> > > at
> > >
> >
> com.mysql.cj.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:197)
> > > at
> > > java.sql/java.sql.DriverManager.getConnection(DriverManager.java:677)
> > > at
> > > java.sql/java.sql.DriverManager.getConnection(DriverManager.java:228)
> > > at
> > >
> >
> org.apache.commons.dbcp2.DriverManagerConnectionFactory.createConnection(DriverManagerConnectionFactory.java:121)
> > > at
> > >
> >
> org.apache.commons.dbcp2.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:355)
> > > at
> > >
> >
> org.apache.commons.pool2.impl.GenericObjectPool.create(G

Re: Network error when uploading local ISO

[Andrija Panic]

Alright - because I might have mixed up other ML threads- let me ask you to
read https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/ and
implement the same (for the Console Proxy/SSVM only)

Otherwise, if there is no working certificate for the SSVM (I believe by
default, the old "realhostip" from the old days is used) - anyway - you
won't be able to upload locally ISO or a template

Because there is a hardcoded requirement that HTTPS must be used - so you
must configure TLS certificate as per that blog page (or the official docs,
but blog is much more straightforward)

Cheers,

On Mon, 5 Jul 2021 at 02:24, Joshua Schaeffer 
wrote:

> On 7/4/21 4:16 PM, Andrija Panic wrote:
> > What's the value of your global config parameters:
> >
> > consoleproxy.url.domain
> Empty/blank
> > consoleproxy.sslEnabled
> False
> > secstorage.ssl.cert.domain
> Empty/blank
> > secstorage.encrypt.copy
> False
> >
> > I expect last one or second to last one is wrong/not set - since your
> > browser is showing the request POST being sent to HTTPS: (
> > https://192.41.41.161) instead of  (https://192-41-41-161
> > .
> >
> > Best,
> >
> > On Fri, 2 Jul 2021 at 17:35, Joshua Schaeffer <
> jschaef...@harmonywave.com>
> > wrote:
> If this could be related to SSL/TLS then I should probably mention I have
> set the ca.plugin.root.auth.strictness to "false". I can't remember the
> exact error I get but I  know I got an error on a new install if I didn't
> do this. I could turn it back on and check if that would provide more info.
> I should also mention that I have not done any SSL/TLS at this point except
> at the load balancer and that does SSL termination. Are there any
> guides/documentation on how best to set these values?
>
> --
> Thanks,
> Joshua Schaeffer
>
>

-- 

Andrija Panić

Re: Network error when uploading local ISO

[Andrija Panic]

What's the value of your global config parameters:

consoleproxy.url.domain
consoleproxy.sslEnabled
secstorage.ssl.cert.domain
secstorage.encrypt.copy

I expect last one or second to last one is wrong/not set - since your
browser is showing the request POST being sent to HTTPS: (
https://192.41.41.161) instead of  (https://192-41-41-161
.

Best,

On Fri, 2 Jul 2021 at 17:35, Joshua Schaeffer 
wrote:

> I posted a couple weeks back about some issues getting ISO's and templates
> uploaded in ACS and received some excellent help. I've changed a few things
> around based on that previous issue and am finally circling back to it but
> still running into a problem uploading an ISO. When I try to upload an ISO
> through primate I now get two messages [1]:
>
> Network Error: Unable to reach the management server or a browser
> extension may be blocking the network request.
>
> Upload Failed: Failed to upload ISO - Error: Network Error
>
> After I click "OK" on the "Upload ISO from Local" dialog box I get these
> two messages/errors and nothing else happens, the dialog box doesn't go
> away and I can click "OK" again as many times as I want (the messages
> always repeat). Also, If I refresh the ISO page then I see that my ISO that
> I tried to upload is now listed [2], but is not actually ready [3].
>
> To give some background, I am running ACS 4.15.0.0 with two load balanced
> management servers and a KVM compute host. I've tried the following:
>
> 1. Disabled one of the management servers.
> 2. Connected directly to a management server.
> 3. Used different browsers.
>
> Nothing listed above has changed the outcome and the same message is
> always thrown, so I don't think it is a load balancer or browser issue. As
> this is related to my previous issue in getting the ssvm started I wanted
> to show that it is now up and running [4], I can connect to it, and the
> /usr/local/cloud/systemvm/ssvm-check.sh script doesn't throw any errors:
>
> root@s-41-VM:~# /usr/local/cloud/systemvm/ssvm-check.sh
> 
> First DNS server is  10.2.81.1
> PING 10.2.81.1 (10.2.81.1): 56 data bytes
> 64 bytes from 10.2.81.1: icmp_seq=0 ttl=63 time=0.357 ms
> 64 bytes from 10.2.81.1: icmp_seq=1 ttl=63 time=0.399 ms
> --- 10.2.81.1 ping statistics ---
> 2 packets transmitted, 2 packets received, 0% packet loss
> round-trip min/avg/max/stddev = 0.357/0.378/0.399/0.000 ms
> Good: Can ping DNS server
> 
> Good: DNS resolves cloudstack.apache.org
> 
> nfs is currently mounted
> Mount point is /mnt/SecStorage/df2ca46d-aee0-302e-9ad0-2e94252341e4
> Good: Can write to mount point
> 
> Management server is bllcloudlb01.harmonywave.cloud. Checking connectivity.
> Good: Can connect to management server bllcloudlb01.harmonywave.cloud port
> 8250
> 
> Good: Java process is running
> 
> Tests Complete. Look for ERROR or WARNING above.
>
> The cloud service inside the system VM is also running:
>
> root@s-41-VM:~# service cloud status
> ● cloud.service - CloudStack Agent service
>Loaded: loaded (/etc/systemd/system/cloud.service; enabled; vendor
> preset: enabled)
>Active: active (running) since Sat 2021-06-26 02:58:24 UTC; 6 days ago
>  Main PID: 3011 (bash)
> Tasks: 48 (limit: 543)
>Memory: 157.0M
>CGroup: /system.slice/cloud.service
>├─3011 bash /usr/local/cloud/systemvm/_run.sh
>└─3241 java
> -Djavax.net.ssl.trustStore=./certs/realhostip.keystore
> -Djdk.tls.ephemeralDHKeySize=2048 -Djsse.enableSNIExtension=false -Dlog.hom
>
> Jul 02 15:16:41 s-41-VM _run.sh[3011]: at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> Jul 02 15:16:41 s-41-VM _run.sh[3011]: at
> java.base/java.lang.Thread.run(Thread.java:834)
> Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,284  INFO Agent:835 -
> Processing agent ready command, agent id = 16
> Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,284  INFO Agent:375 - Set
> agent id 16
> Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,285  INFO Agent:842 -
> Ready command is processed for agent id = 16
> Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,459  INFO Agent:835 -
> Processing agent ready command, agent id = 16
> Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,459  INFO Agent:375 - Set
> agent id 16
> Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,469  INFO Agent:791 -
> Processed new management server list: bllcloudlb01.harmonywave.cloud@static
> Jul 02 15:16:41 s-41-VM _run.sh[3011]: 15:16:41,469  INFO Agent:842 -
> Ready command is processed for agent id = 16
> Jul 02 15:16:45 s-41-VM _run.sh[3011]: 15:16:45,134  INFO Agent:549 -
> Connected to the host: bllcloudlb01.harmonywave.cloud
>
> Finally I took a network capture from 

Re: Error while starting CloudStack 4.15

[Andrija Panic]

recheck your credentials  that you defined while setup-cloudstack-databases
script - clearly management server can't access the DB (" Unable to get a
new db connection ") and it could be a few reasons:

1) ensure MySQL is listening on port 3306
2) ensure you have granted the proper permissions (grant all on cloud.*
same for cloud_usage.*...to ) - the credentials you specified while
running setup-cloudstack-databases
3) no other reasons I can see, based on the error message.

best,

On Sat, 3 Jul 2021 at 03:51, pradeep pal  wrote:

> Hello,
>
> i am able to access MySQL database from remote machine. But still getting
> the same error.
>
> Thanks
> Pradeep
>
>
>
> Get Outlook for iOS
> 
> From: pavan aravapalli 
> Sent: Saturday, July 3, 2021 1:49:48 AM
> To: users@cloudstack.apache.org 
> Subject: Re: Error while starting CloudStack 4.15
>
> Hi,
> Looks like you have an issue with mysql configuration where the mysql
> server is running with localhost binding. Try to run the mysql server below
> config  and restart cloudstack service.
> /etc/my.cnf
> bind-address="0.0.0.0"
>
> Regards,
> Pavan
>
> On Fri, 2 Jul 2021 at 15:37, pradeep pal  wrote:
>
> > Hi,
> >
> > I have installed new CloudStack 4.15, when i start cloudstack service,
> > getting below error.
> >
> > OS: CentOS 7 64bit
> > CloudSatck: 4.15
> > Mysql DB: mysql-community-server-5.7.34
> >
> >
> > 2021-07-02 14:57:59,600 ERROR [c.c.u.d.Merovingian2] (main:null) (logid:)
> > Unable to get a new db connection
> > java.sql.SQLNonTransientConnectionException: Could not create connection
> > to database server. Attempted reconnect 3 times. Giving up.
> > at
> >
> com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:110)
> > at
> >
> com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:97)
> > at
> >
> com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:89)
> > at
> >
> com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:63)
> > at
> >
> com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:73)
> > at
> >
> com.mysql.cj.jdbc.ConnectionImpl.connectWithRetries(ConnectionImpl.java:906)
> > at
> > com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:831)
> > at
> com.mysql.cj.jdbc.ConnectionImpl.(ConnectionImpl.java:456)
> > at
> > com.mysql.cj.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:246)
> > at
> >
> com.mysql.cj.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:197)
> > at
> > java.sql/java.sql.DriverManager.getConnection(DriverManager.java:677)
> > at
> > java.sql/java.sql.DriverManager.getConnection(DriverManager.java:228)
> > at
> >
> org.apache.commons.dbcp2.DriverManagerConnectionFactory.createConnection(DriverManagerConnectionFactory.java:121)
> > at
> >
> org.apache.commons.dbcp2.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:355)
> > at
> >
> org.apache.commons.pool2.impl.GenericObjectPool.create(GenericObjectPool.java:889)
> > at
> >
> org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:424)
> > at
> >
> org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:349)
> > at
> >
> org.apache.commons.dbcp2.PoolingDataSource.getConnection(PoolingDataSource.java:134)
> > at
> >
> com.cloud.utils.db.TransactionLegacy.getStandaloneConnectionWithException(TransactionLegacy.java:211)
> > at com.cloud.utils.db.Merovingian2.(Merovingian2.java:68)
> > at
> > com.cloud.utils.db.Merovingian2.createLockMaster(Merovingian2.java:88)
> > at
> > com.cloud.server.LockMasterListener.(LockMasterListener.java:33)
> > at
> >
> java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> > Method)
> > at
> >
> java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> > at
> >
> java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> > at
> > java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
> > at
> > org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:203)
> > at
> >
> org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:117)
> > at
> >
> org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:310)
> > at
> >
> org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:295)
> > at
> >
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1358)
> >   

Re: Console Proxy & SSL

[Andrija Panic]

Hi Mike,

certificate for securing UI and the certificate for securing access to
Console of the VM (i.e. securing HTTPS access from browser to the public IP
of the CPVM/SSVM) are 2 completely different things - and you can/should
use 2 different certificates.

Please read this article - it's very comprehensive and up to date in
regards to the steps - afterwards, I'm happy to answer any additional
questions you might have:
https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/


Your second email - is referring to a cloudstack agent certificate that is
generated by default to secure agent-to-mgmt communication - nothing to do
with the other 2 you are configuring.

Cheers,


On Thu, 1 Jul 2021 at 19:39, Corey, Mike  wrote:

> To help me with troubleshooting, could one of the developers let me know
> where the wildcard certificate is loaded into the ssvm and consolevm?  Is
> there a way to verify the custom wildcard cert I’ve uploaded is where it
> should be? I’m seeing this error in the ACS logs.
>
> Should the CA wildcard certificate issuer & CN be in the “presented these
> certificates” section of log?
>
>
> 2021-07-01 13:23:12,070 DEBUG [o.a.c.c.p.RootCACustomTrustManager]
> (pool-13-thread-1:null) (logid:) A client/agent attempting connection from
> address=10.#.#.# has presented these certificate(s):
> Certificate [1] :
> Serial: 85b01fc4f045cf08
>   Not Before:Thu Jul 01 01:03:33 EDT 2021
>   Not After:Fri Jul 01 13:03:33 EDT 2022
>   Signature Algorithm:SHA256withRSA
>   Version:3
>   Subject DN:C=cloudstack, O=cloudstack, OU=cloudstack, CN=v-17-VM
>   Issuer DN:CN=ca.cloudstack.apache.org
>   Alternative Names:[[7, 10.#.#.#], [7, 10.#.#.#], [2, v-17-VM]]
> Certificate [2] :
> Serial: 3b2fcee96e685c62
>   Not Before:Mon May 03 00:43:22 EDT 2021
>   Not After:Wed Apr 26 12:43:22 EDT 2051
>   Signature Algorithm:SHA256withRSA
>   Version:3
>   Subject DN:CN=ca.cloudstack.apache.org
>   Issuer DN:CN=ca.cloudstack.apache.org
>   Alternative Names:null
>
> 2021-07-01 13:23:12,071 ERROR [o.a.c.c.p.RootCACustomTrustManager]
> (pool-13-thread-1:null) (logid:) Certificate ownership verification failed
> for client: 10.#.#.#
> 2021-07-01 13:23:12,073 ERROR [c.c.u.n.Link]
> (AgentManager-SSLHandshakeHandler-4:null) (logid:) SSL error caught during
> wrap data: Certificate ownership verification failed for client: 10.#.#.#,
> for local address=/10.#.#.#:8250, remote address=/10.#.#.#:36082.
> 2021-07-01 13:23:17,464 ERROR [c.c.u.n.Link]
> (AgentManager-SSLHandshakeHandler-4:null) (logid:) SSL error caught during
> wrap data: Empty server certificate chain, for local
> address=/10.#.#.#:8250, remote address=/10.#.#.##:36084.
>
>
>
>
> From: Corey, Mike 
> Sent: Thursday, July 1, 2021 10:33 AM
> To: users 
> Subject: [CAUTION] Console Proxy & SSL
>
> Hi,
>
> I could use some clarification here on TLS/SSL usage.  I’ve secured my ACS
> UI with a CA issued certificate.  This certificate has the FQDN of my ACS
> server as the CN.  The certificate is valid and the Management UI
> connection is secured in the web browser.
>
> I’m now trying to modify the Console Proxy SSL Certificate base on this
> page:
> http://docs.cloudstack.apache.org/en/latest/adminguide/systemvm.html#using-a-ssl-certificate-for-the-console-proxy
>
> I have created the wildcard CA issued certificate as *. along
> with the unencrypted key per the steps on above wiki page.
>
> After the changes are made in the UI under Infrastructure – SSL
> Certificates, the consolevm reboots; however it doesn’t appear it is
> loading my CA certificate with the wildcard.
>
> Answer this please --- I should be able to have two separate certificates:
> one for the UI management (FQDN of ACS) and one for console proxy session
> (wildcard).
>
> I had this on the 4.14 lab implementation but unfortunately my build notes
> on this step were poor ☹.
>
>
> Mike Corey
>
> Technology Senior Consultant, IT CS CTW Operation & Virtualization Service
> US
>
> SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United
> States
>
> T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com mike.co...@sap.com>
>
>
> [cid:image003.png@01D76E64.7F7C0C60]
>
>
>

-- 

Andrija Panić

Re: Option to stay on page after deploying a VM

[Andrija Panic]

I like the idea, as long as the default behaviour is the same as the
current one (exit the form)

For advanced users, like not yourself :P , you can capture the API call via
Developer Tools in the browser, copy the request URL, then hit that URL in
the new browser tab, and just ctrl + R multiple times, in order to spin 10s
and 10s of (randomly named VMs) in literally a second (i.e. no need to go
to CMK)

+1 from my side

On Thu, 1 Jul 2021 at 10:29, David Jumani 
wrote:

> Hi,
>
> While creating multiple VMs, I've faced the issue of having to go back to
> the deploy VM form after each deployment
> Although a mild inconvenience, it does get tiring to refill the form, so
> I've added the option to stay on the deploy VM form after creating a VM
> This way all the form data remains intact and can be changed as per the VM
> requirements
> Please have a look and let me know your feedback
> https://github.com/apache/cloudstack/pull/4843
>
> Thanks,
> David
>
>
>
>
>

-- 

Andrija Panić

Re: User certificate

[Andrija Panic]

See my other email re certificates - why do you need them?

On Fri, 25 Jun 2021 at 09:31, Daan Hoogland  wrote:

> Jeremy,
> It seems to me you are creating a certificate request with that command
> and not a certificate. What file(s) did you try to upload?
> Google "creating keys and certificates" to get some clues about how to
> create those.
> regards,
>
> On Thu, Jun 24, 2021 at 9:57 AM Jeremy Hansen  wrote:
>
>> I’m trying to understand how to generate a user certificate.  I can’t
>> seem to find very much information.
>>
>>
>>
>> I tried:
>>
>> openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
>>
>> but the output just results in an error:
>>
>>
>> Any clues?
>>
>> Thanks
>> -jeremy
>>
>>
>
> --
> Daan
>


-- 

Andrija Panić

Re: How to use ansible for cloudstack initialization

[Andrija Panic]

Good old bash with cloudmonkey...some variables need to be populated
(obviously...)



#!/bin/bash

# Vars / constants
DEPLOYLOG="/tmp/deployzone.log";


# Write to log file + console
function WriteOutput()
{
  local LogTimestamp;
  LogTimestamp=`date +"%Y-%m-%d %H:%M:%S"`;
  echo -e "$*"
  echo ${LogTimestamp} "$*" >> ${DEPLOYLOG};
}

WriteOutput "Checking login.";
AccountCheck=`cloudmonkey list accounts name=admin | grep -i error`;
if [ -z ${AccountCheck} ];
then
  WriteOutput "Admin account found. Good to go.";
else
  WriteOutput "Unable to log in, please check CloudStack installation.";
  exit 1;
fi

WriteOutput "Checking if zone exists."
ZoneCheck=`cloudmonkey list zones`;
if [ -z ${ZoneCheck} ];
then
  WriteOutput "No zone exists. Good to go."
else
  WriteOutput "Zone already present, bailing out."
  exit 1
fi

WriteOutput "Creating advanced zone - {{ bc_zonename }}";
ZoneID=`cloudmonkey create zone networktype=Advanced
securitygroupenabled=false guestcidraddress={{ bc_zone_guestcidr }}
name={{ bc_zonename }} dns1={{ bc_zone_dns1 }} dns2={{ bc_zone_dns2 }}
internaldns1={{ bc_zone_intdns1 }} internaldns2={{ bc_zone_intdns2 }}
localstorageenabled={{ bc_local_storage }} | jq -c -r '.zone.id'`;
WriteOutput "Zone created with ID ${ZoneID}.";
WriteOutput "Creating physical network";
cloudmonkey create physicalnetwork zoneid=${ZoneID} name='{{
bc_zone_physnet }}' isolationmethods='VLAN' | tee -i -a ${DEPLOYLOG};
PhysNetMgmtID=`cloudmonkey list physicalnetworks name="{{
bc_zone_physnet }}" | jq '.physicalnetwork[] | .id'`;
PhysNetPubID=`cloudmonkey list physicalnetworks name="{{
bc_zone_physnet }}" | jq '.physicalnetwork[] | .id'`;
PhysNetGuestID=`cloudmonkey list physicalnetworks name="{{
bc_zone_physnet }}" | jq '.physicalnetwork[] | .id'`;
WriteOutput "Physical network - Management created with ID = ${PhysNetMgmtID}";
WriteOutput "Physical network - Public created with ID = ${PhysNetPubID}";
WriteOutput "Physical network - Guest created with ID = ${PhysNetGuestID}";
WriteOutput "Adding Traffic Type - Public (Advanced Network).";
cloudmonkey add traffictype physicalnetworkid=${PhysNetPubID}
traffictype='Public' xennetworklabel='{{ bc_publiclabel }}' | tee -i
-a ${DEPLOYLOG};
WriteOutput "Adding Traffic Type - Guest (Advanced Network)";
cloudmonkey add traffictype physicalnetworkid=${PhysNetGuestID}
traffictype='Guest' xennetworklabel='{{ bc_guestlabel }}' | tee -i -a
${DEPLOYLOG};
WriteOutput "Adding Traffic Type - Management";
cloudmonkey add traffictype physicalnetworkid=${PhysNetMgmtID}
traffictype='Management' xennetworklabel='{{ bc_mgmtlabel }}' | tee -i
-a ${DEPLOYLOG};
PhysNetArray=`cloudmonkey list physicalnetworks filter=id | jq
'.physicalnetwork[] | .id'`;
for i in ${PhysNetArray};
do
  WriteOutput "Enabling Physical Network ${i}";
  cloudmonkey update physicalnetwork state='Enabled' id=${i}  | tee -i
-a ${DEPLOYLOG};
done
NetProvArrayAdv=`cloudmonkey list networkserviceproviders
filter=name,id | jq '.networkserviceprovider[] |
select(.name!="SecurityGroupProvider") | .id' | tr " " "\n"`;
IntLBArrayAdv=`cloudmonkey list internalloadbalancerelements
filter=name,id | jq '.internalloadbalancerelement[] | .id' | tr " "
"\n"`;
VRArrayAdv=`cloudmonkey list virtualrouterelements filter=name,id | jq
'.virtualrouterelement[] | .id' | tr " " "\n"`;
for i in ${IntLBArrayAdv};
do
  WriteOutput "Enabling internalloadbalancerelements ${i}";
  cloudmonkey configure internalloadbalancerelement enabled='true'
id=${i} | tee -i -a ${DEPLOYLOG};
done
for i in ${VRArrayAdv};
do
  WriteOutput "Enabling virtualrouterelement ${i}";
  cloudmonkey configure virtualrouterelement enabled='true' id=${i} |
tee -i -a ${DEPLOYLOG};
done
for i in ${NetProvArrayAdv};
do
  WriteOutput "Enabling networkserviceprovider ${i}";
  cloudmonkey update networkserviceprovider state='Enabled' id=${i} |
tee -i -a ${DEPLOYLOG};
done

WriteOutput "Creating public range.";
cloudmonkey create vlaniprange zoneid=${ZoneID} vlan="{{ bc_pubvlan
}}" gateway="{{ bc_pubgw }}" netmask="{{ bc_pubmask }}" startip="{{
bc_pubstartip }}" endip="{{ bc_pubendip }}" forvirtualnetwork="true" |
tee -i -a ${DEPLOYLOG};
WriteOutput "Creating Guest VLAN range."
cloudmonkey update physicalnetwork id=${PhysNetGuestID} vlan="{{
bc_podvlans }}" | tee -i -a ${DEPLOYLOG};

WriteOutput "Creating 1st Pod.";
cloudmonkey create pod zoneid=${ZoneID} name="{{ bc_zone_podname }}"
gateway="{{ bc_podgw }}" netmask="{{ bc_podmask }}" startip="{{
bc_podstartip }}" endip="{{ bc_podendip }}" | tee -i -a ${DEPLOYLOG};
PodID=`cloudmonkey list pods name={{ bc_zone_podname }} filter=id | jq
'.pod[] | .id'`;
WriteOutput "First Pod created with ID = ${PodID}";

WriteOutput "Adding XenServer cluster.";
ClusterID_XS=`cloudmonkey add cluster zoneid=${ZoneID}
hypervisor='XenServer' clustertype='CloudManaged' podid=${PodID}

Re: User certificate - Cloudmonkey API keys?

[Andrija Panic]

Don't ask - some b*** s*** coding - those certificates are used only in
case of the very specific network provider - that the one who implemented
it thought it would be wise to stick it in / show it unconditionally, even
though you are NOT using that specific network provider, thus user
certificate is NOT of any value for you, and you end up being confused,
bothering yourself, and then some more people :)

Cheers,

On Fri, 25 Jun 2021 at 13:05, Jeremy Hansen  wrote:

> Beautiful.  Thank you so much!  Exactly what I needed.
>
> So what is the user certificates used for?
>
> -jeremy
>
>
> On Jun 25, 2021, at 3:59 AM, Slavka Peleva 
> wrote:
>
> Hi Jeremy,
>
> As far as I understand, from your second screenshot get into the View
> Users -> required user-> user menu and there is an option to generate keys
>
> Best regards,
> Slavka
>
> On Fri, Jun 25, 2021 at 12:45 PM Jeremy Hansen  wrote:
>
>> It seems to have a problem when I use a certificate with a passphrase.
>> Using -nodes seems to work.  I don’t understand though since the form in
>> the interface has a place to put your passphrase.
>>
>> What I’m trying to do here is use Cloudmonkey with api keys, but I see
>> nothing in Cloudstack to generate these keys:
>>
>>
>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+cloudmonkey+CLI#CloudStackcloudmonkeyCLI-Gettingstarted
>>
>> Maybe this is referencing an older version of Cloudstack?  Nothing in the
>> users section from what I can see mentions anything about generating api
>> keys.
>>
>>
>>
>>
>> I see nothing about generating api keys.
>>
>> -jeremy
>>
>>
>> On Jun 25, 2021, at 12:30 AM, Daan Hoogland 
>> wrote:
>>
>> Jeremy,
>> It seems to me you are creating a certificate request with that command
>> and not a certificate. What file(s) did you try to upload?
>> Google "creating keys and certificates" to get some clues about how to
>> create those.
>> regards,
>>
>> On Thu, Jun 24, 2021 at 9:57 AM Jeremy Hansen  wrote:
>>
>>> I’m trying to understand how to generate a user certificate.  I can’t
>>> seem to find very much information.
>>>
>>>
>>>
>>> I tried:
>>>
>>> openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days
>>> 365
>>>
>>> but the output just results in an error:
>>>
>>>
>>> Any clues?
>>>
>>> Thanks
>>> -jeremy
>>>
>>>
>>
>> --
>> Daan
>>
>>
>>
>

-- 

Andrija Panić

Re: Cloudstack Usage --- not owner

[Andrija Panic]

stats are pulled from VR in case traffic passes THORUGH those VRs.
In shared networks, traffic does NOT passes THROUGH the VR, but through
some external device - thus no statistics is expected to appear - all good,
no problem.

On Fri, 25 Jun 2021 at 17:13, Hean Seng  wrote:

> Hi
>
> yes, there are traffic running at the interface .  I not sure the logic
> behind on calculating the data, if not would be easy to troubleshoot.
>
>
>
>
> On Fri, Jun 25, 2021 at 10:54 PM Daan Hoogland 
> wrote:
>
> > if you look at the hypervisors, do you see traffic data for the nics
> there?
> >
> > On Fri, Jun 25, 2021 at 4:32 PM Hean Seng  wrote:
> >
> > > Yes, thats right,  I am Advance zone with  Security Group,  and Shared
> > > Network with Public IP range, However, I had  change value of
> > > vm.network.stats.interval.
> > > so that calculate the Lan traffic of the Network Interface . So it
> should
> > > work for calculating all traffic incur in the network interface .   But
> > > seems not, about 50% of it not calculating.
> > >
> > >
> > >
> > > On Fri, Jun 25, 2021 at 9:51 PM Daan Hoogland  >
> > > wrote:
> > >
> > > > The only thing I can think of is that the VM is not on a network that
> > > > provides routing. for instance in a basic zone or on a shared network
> > > with
> > > > a public ip range.
> > > >
> > > > On Fri, Jun 25, 2021 at 12:23 PM Hean Seng 
> wrote:
> > > >
> > > > > HI Daan
> > > > >
> > > > >
> > > > > My usage record have this , this is one of the example that do not
> > > have.
> > > > > record of type 4 and 5, but have type 1,
> > > > >
> > > > > select * from usage_event where account_id=3391;
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> ---+-++-+-+-++-+-+-++---+--+
> > > > >
> > > > > | id| type| account_id | created
> >  |
> > > > > zone_id | resource_id | resource_name  | offering_id |
> > template_id
> > > |
> > > > > size| resource_type  | processed | virtual_size |
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> +---+-++-+-+-++-+-+-++---+--+
> > > > >
> > > > > | 75910 | NET.IPASSIGN|   3391 | 2021-05-06
> 10:16:55
> > |
> > > > >   1 |2396 | 11.11.1.11  |NULL |   0 |
> > > > >  0
> > > > > | DirectAttached | 1 | NULL |
> > > > >
> > > > > | 75911 | VOLUME.CREATE   |   3391 | 2021-05-06
> 10:16:55
> > |
> > > > >   1 |6472 | ROOT-3649  |NULL | 210
> |
> > > > > 21474836480 | NULL   | 1 | NULL |
> > > > >
> > > > > | 75912 | VM.CREATE   |   3391 | 2021-05-06
> 10:16:55
> > |
> > > > >   1 |3649 | VM-38629-vasuflor |  51 | 210 |
> > > > > NULL
> > > > > | KVM| 1 | NULL |
> > > > >
> > > > > | 75913 | NETWORK.OFFERING.ASSIGN |   3391 | 2021-05-06
> 10:17:06
> > |
> > > > >   1 |3649 | 3753   |   6 |NULL
> |
> > > > > 1 | NULL   | 1 | NULL |
> > > > >
> > > > > | 75914 | SG.ASSIGN   |   3391 | 2021-05-06
> 10:17:06
> > |
> > > > >   1 |3649 | NULL   |3664 |NULL
> |
> > > > >  NULL
> > > > > | NULL   | 1 | NULL |
> > > > >
> > > > > | 75915 | VM.START|   3391 | 2021-05-06
> 10:17:06
> > |
> > > > >   1 |3649 | VM-38629-vasuflor |  51 | 210 |
> > > > > NULL
> > > > > | KVM| 1 | NULL |
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> +---+-++-+-+-++-+-+-++---+--+
> > > > >
> > > > > 6 row
> > > > >
> > > > > mysql> select * from usage_network where account_id=3391;
> > > > >
> > > > > Empty set (0.00 sec)
> > > > >
> > > > >
> > > > >
> > > > > mysql> select * from usage_network_offering where  account_id=3391
> > > > >
> > > > > -> ;
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> +-++---++-++-+-++
> > > > >
> > > > > | zone_id | account_id | domain_id | vm_instance_id |
> > > > network_offering_id |
> > > > > is_default | created | deleted | nic_id |
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> +-++---++-++-+-++
> > > > >
> > > > > |   1 |   3391 |  3383 |   3649 |

Re: VM console keeps pausing to the point of being unusable

[Andrija Panic]

Are you using SSL? If so, can you temporarily turn it off (
consoleproxy.sslEnabled = false in global settings) - this is a good way to
eliminate SSL-caused issues (if any)

Best,

On Tue, 29 Jun 2021 at 08:58, Adam Witwicki  wrote:

> Hi Andrija,
>
> No there is no improvement  with the console proxy and the instance being
> on the same host. It even affects the console of the console proxy itself.
>
>
> Thanks
>
> Ada,
>
> -----Original Message-
> From: Andrija Panic 
> Sent: 28 June 2021 17:05
> To: users 
> Subject: Re: VM console keeps pausing to the point of being unusable
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> my bad, wrongly understood you are using no-VNC.
>
> Try migrating the target VM and the SSVM to the same host, and try again
> then - is there any improvement?
>
> Best,
>
> On Mon, 28 Jun 2021 at 17:58, Adam Witwicki 
> wrote:
>
> >
> > I don’t have that option in CS version 4.13.1.0, This is the old VNC
> > way is it not?
> >
> > Thanks
> >
> > Adam
> >
> > -Original Message-
> > From: Andrija Panic 
> > Sent: 28 June 2021 16:55
> > To: users 
> > Subject: Re: VM console keeps pausing to the point of being unusable
> >
> > ** This mail originated from OUTSIDE the Oakford corporate network.
> > Treat hyperlinks and attachments in this email with caution. **
> >
> > Did you try switching back to VNC-based access - i.e. modify the
> > global setting novnc.console.default=false and see if the old VNC way
> works fine.
> >
> > Best,
> >
> > On Mon, 28 Jun 2021 at 17:49, Adam Witwicki 
> > wrote:
> >
> > > Hi Andrija
> > >
> > > Yes, no issues accessing the VNC port directly on the KVM server.
> > >
> > > Thanks
> > >
> > > Adam
> > >
> > >
> > > -Original Message-
> > > From: Andrija Panic 
> > > Sent: 28 June 2021 16:48
> > > To: users 
> > > Subject: Re: VM console keeps pausing to the point of being unusable
> > >
> > > ** This mail originated from OUTSIDE the Oakford corporate network.
> > > Treat hyperlinks and attachments in this email with caution. **
> > >
> > > Adam,
> > >
> > > "
> > > Adam,
> > >
> > > did you try accessing the VM console via standalone VNC viewer,
> > > based on the way Rohit explained  - dump the XML of the VM, check
> > > the IP/port and password details - and use those to access
> > >  and see if that connections is established quick
> > enough.
> > >
> > > Best,
> > > "
> > >
> > > Best,
> > >
> > > On Mon, 28 Jun 2021 at 11:32, Adam Witwicki
> > > 
> > > wrote:
> > >
> > > > Am I able to get some help with this?
> > > >
> > > > Cloudstack really is unusable
> > > > Is it related to the speed issues with SSL?
> > > >
> > > > Thanks
> > > >
> > > > Adam
> > > >
> > > >
> > > > -Original Message-
> > > > From: Adam Witwicki
> > > > Sent: 07 June 2021 14:08
> > > > To: users@cloudstack.apache.org
> > > > Subject: RE: VM console keeps pausing to the point of being
> > > > unusable
> > > >
> > > > Forgive me if I am wrong
> > > >
> > > > But this is where the exception lies
> > > > https://github.com/apache/cloudstack/blob/64f792bd7c3a2017d760b0d4
> > > > 7b
> > > > 9a
> > > > 403cb88bab99/services/console-proxy/server/src/main/java/com/cloud
> > > > /c
> > > > on
> > > > soleproxy/vnc/VncClientPacketSender.java#L42
> > > > private final BlockingQueue queue = new
> > > > ArrayBlockingQueue(30);
> > > >
> > > > I guess I need to understand why objects are not leaving the queue?
> > > >
> > > >
> > > > Thanks
> > > >
> > > > Adam
> > > >
> > > >
> > > > -Original Message-
> > > > From: Adam Witwicki 
> > > > Sent: 07 June 2021 11:49
> > > > To: users@cloudstack.apache.org
> > > > Subject: RE: VM console keeps pausing to the point of being
> > > > unusable
> > > >
> > > > ** This mail originated from OUTSI

Re: Management server reboot appears to cause vms on other hosts to shutdown?

[Andrija Panic]

Each (KVM) cloudstacl agent executes a heartbeat script (every 1min or so),
trying to write to a primary NFS server, ensuring it has the connectivity
working.

If this heartbeat fails - agent will say - "ok I'm stupid and less
reliable, NFS storage must be HA, so let me reboot myself/host in order to
regain access to NFS" (which is on your mgmt server)

/usr/lib64/cloud/agent/scripts/vm/hypervisor/kvm/kvmheartbeat.sh

Comment the line " echo b > /proc/sysrq-trigger " and KVM agent will NOT
reboot itself when NFS is unavailable. Something that is also wise to do in
production as well (trust me ... )


Cheers,


On Mon, 28 Jun 2021 at 18:57, Brian Fitzpatrick 
wrote:

> Hi Andrija,
>
> Thanks for the reply
>
> There is NFS primary storage on the management server but it doesn't have
> any vm volumes on it, they are on other NFS primary servers.
>
> So I thought I should have been safe to reboot
>
> All vms on other hosts, vm volumes on other nfs shares living on other
> servers, system vms and routers also on other servers
>
> So all (I am fairly certain) that was on the server I rebooted was the one
> and only Management server and mysql
>
> Thanks
>
> Brian
>
> -Original Message-
> From: Andrija Panic  andrija%20panic%20%3candrija.pa...@gmail.com%3e>>
> Reply-To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>
> To: users  users%20%3cus...@cloudstack.apache.org%3e>>
> Subject: Re: Management server reboot appears to cause vms on other hosts
> to shutdown?
> Date: Mon, 28 Jun 2021 17:44:57 +0200
>
>
> CAUTION !
>
>
> This email was NOT sent using a University of Chester account, so we are
> unable to verify the identity of the sender. Do not click links or open
> attachments unless you recognise the sender and know the content is safe.
>
>
> =
>
>
>
> NFS primary storage also on your management server?
>
>
> On Sat, 26 Jun 2021 at 10:36, Brian Fitzpatrick <
>
> <mailto:b.fitzpatr...@chester.ac.uk>
>
> b.fitzpatr...@chester.ac.uk
>
> >
>
> wrote:
>
>
> Hi Jordan,
>
>
> Thanks for your reply. Apologies I might not have been clear.
>
>
> The management server is aware of the vm and when I set the host that is
>
> also the same server that is running the management server (and mysql) into
>
> maintenance mode, I can see it not longer has any running vms on it. They
>
> have migrated to other hosts. Cloud stack can see them. Bu when I then to
>
> an apt update and reboot the management server, the vms on the other hosts
>
> seem to have shutdown.
>
>
> The reboot did take a while (15-20 mins), but I am surprised that it has
>
> affected other kvm hosts, which I thought should just carry on running.
>
> Unless I have missed something that was still on the management(and mysql)
>
> server.
>
>
> Thanks
>
>
> Brian
>
>
> -Original Message-
>
> From: Yordan Kostov <
>
> <mailto:yord...@nsogroup.com>
>
> yord...@nsogroup.com
>
> 
> <mailto:yordan%20kostov%20%3cyord...@nsogroup.com>
>
> yordan%20kostov%20%3cyord...@nsogroup.com
>
> %3e>>
>
> Reply-To:
>
> <mailto:users@cloudstack.apache.org>
>
> users@cloudstack.apache.org
>
> 
> <mailto:users@cloudstack.apache.org>
>
> users@cloudstack.apache.org
>
> >
>
> To:
>
> <mailto:users@cloudstack.apache.org>
>
> users@cloudstack.apache.org
>
>  <
>
> <mailto:users@cloudstack.apache.org>
>
> users@cloudstack.apache.org
>
> 
> <mailto:22us...@cloudstack.apache.org>
>
> 22us...@cloudstack.apache.org
>
> <mailto:%22%20%3cus...@cloudstack.apache.org>
>
> %22%20%3cus...@cloudstack.apache.org
>
> %3e>>
>
> Subject: RE: Management server reboot appears to cause vms on other hosts
>
> to shutdown?
>
> Date: Fri, 25 Jun 2021 09:10:44 +
>
>
>
> CAUTION !
>
>
>
> This email was NOT sent using a University of Chester account, so we are
>
> unable to verify the identity of the sender. Do not click links or open
>
> attachments unless you recognise the sender and know the content is safe.
>
>
>
> =
>
>
>
>
> Hello Brian,
>
>
>
> May be I did not understand very well but from what you say I get
>
> that the management server + SQL and NFS are on the same physical hosts
>
> that are being managed by cloudstack?
>
>
> If those VMs are not visible in Cloudstack, the system is not
>
> aware that they exist so it wont try to roll them to another host if you
>
> perform hypervisor ho

Re: VM console keeps pausing to the point of being unusable

[Andrija Panic]

my bad, wrongly understood you are using no-VNC.

Try migrating the target VM and the SSVM to the same host, and try again
then - is there any improvement?

Best,

On Mon, 28 Jun 2021 at 17:58, Adam Witwicki  wrote:

>
> I don’t have that option in CS version 4.13.1.0, This is the old VNC way
> is it not?
>
> Thanks
>
> Adam
>
> -Original Message-
> From: Andrija Panic 
> Sent: 28 June 2021 16:55
> To: users 
> Subject: Re: VM console keeps pausing to the point of being unusable
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> Did you try switching back to VNC-based access - i.e. modify the global
> setting novnc.console.default=false and see if the old VNC way works fine.
>
> Best,
>
> On Mon, 28 Jun 2021 at 17:49, Adam Witwicki 
> wrote:
>
> > Hi Andrija
> >
> > Yes, no issues accessing the VNC port directly on the KVM server.
> >
> > Thanks
> >
> > Adam
> >
> >
> > -Original Message-
> > From: Andrija Panic 
> > Sent: 28 June 2021 16:48
> > To: users 
> > Subject: Re: VM console keeps pausing to the point of being unusable
> >
> > ** This mail originated from OUTSIDE the Oakford corporate network.
> > Treat hyperlinks and attachments in this email with caution. **
> >
> > Adam,
> >
> > "
> > Adam,
> >
> > did you try accessing the VM console via standalone VNC viewer, based
> > on the way Rohit explained  - dump the XML of the VM, check the
> > IP/port and password details - and use those to access
> >  and see if that connections is established quick
> enough.
> >
> > Best,
> > "
> >
> > Best,
> >
> > On Mon, 28 Jun 2021 at 11:32, Adam Witwicki 
> > wrote:
> >
> > > Am I able to get some help with this?
> > >
> > > Cloudstack really is unusable
> > > Is it related to the speed issues with SSL?
> > >
> > > Thanks
> > >
> > > Adam
> > >
> > >
> > > -Original Message-
> > > From: Adam Witwicki
> > > Sent: 07 June 2021 14:08
> > > To: users@cloudstack.apache.org
> > > Subject: RE: VM console keeps pausing to the point of being unusable
> > >
> > > Forgive me if I am wrong
> > >
> > > But this is where the exception lies
> > > https://github.com/apache/cloudstack/blob/64f792bd7c3a2017d760b0d47b
> > > 9a
> > > 403cb88bab99/services/console-proxy/server/src/main/java/com/cloud/c
> > > on
> > > soleproxy/vnc/VncClientPacketSender.java#L42
> > > private final BlockingQueue queue = new
> > > ArrayBlockingQueue(30);
> > >
> > > I guess I need to understand why objects are not leaving the queue?
> > >
> > >
> > > Thanks
> > >
> > > Adam
> > >
> > >
> > > -Original Message-
> > > From: Adam Witwicki 
> > > Sent: 07 June 2021 11:49
> > > To: users@cloudstack.apache.org
> > > Subject: RE: VM console keeps pausing to the point of being unusable
> > >
> > > ** This mail originated from OUTSIDE the Oakford corporate network.
> > > Treat hyperlinks and attachments in this email with caution. **
> > >
> > > Rohit, sorry the long delay
> > >
> > > Yes all servers and VMs are in time sync.
> > > It does seem to be an issue with the console proxy, no attempt of
> > > increasing its resources is improving the situation.
> > > What else can we try?
> > >
> > > Thanks
> > >
> > > Adam
> > >
> > >
> > > -Original Message-
> > > From: Rohit Yadav 
> > > Sent: 05 May 2021 09:21
> > > To: users@cloudstack.apache.org
> > > Subject: Re: VM console keeps pausing to the point of being unusable
> > >
> > > ** This mail originated from OUTSIDE the Oakford corporate network.
> > > Treat hyperlinks and attachments in this email with caution. **
> > >
> > > Hi Adam - can you check and sync time on your KVM hosts, management
> > > servers and CPVM using ntp? This is because SSL-enabled connection
> > > are time sensitive.
> > > In order to test VNC directly, you can ssh into the host and do
> > > something
> > > like:
> > >
> > > # virsh list # find the VM
> > >
> > > Then run dumpxml and grab the IP/port and password, for example:
> > >
&g

Re: AW: CloudStack and Ansible

[Andrija Panic]

For those of you who have VMware parent cloud, and need to build tons of
nested ACS envs for testing purposes (VMware, XC/XCP-ng, KVM), or at least
to examine some setup/code - those guys have some weird thing callied
Trillian ;)

https://github.com/shapeblue/trillian

A couple of thousands of nested environments built in last 3 years

Cheers.

On Sat, 26 Jun 2021 at 10:47, Rene Moser  wrote:

> Hi Peter
>
> On 25.06.21 10:55, peter.murysh...@zv.fraunhofer.de wrote:
> > Hi Rafael,
> >
> > as a follow-up to your great talk at the CSEUG session: in your email
> you wrote,
> >
> > "The Ansible implementation for ACS is very complete and robust. It made
> it possible for us to fully automate from metal to the service."
> >
> > Which Ansible implementation do you mean? The one I can find addresses
> rather API usage [1]; for full automation there is probably more scripting
> required to setup the actual
> > cluster, possibly with some variations depending on the architecture.
> >
> > [1]
> https://docs.ansible.com/ansible/latest/collections/ngine_io/cloudstack/index.html#plugins-in-ngine-io-cloudstack
> To provision your hardware, OS, and install cloudstack, like any other
> application, and dep services like DB, java, storage, nfs servers,
> firewall, networking (e.g. cisco switches), ansible is a perfect match
> but depending on your infra and choices.
>
> The cloudstack integration addresses the api usage only, it is the
> missing piece after you (automated) installed cloudstack to fully
> automate the configuration of the cloud.
>
> Hope this clarifies.
>
> Regards
> René
>


-- 

Andrija Panić

Re: VM console keeps pausing to the point of being unusable

[Andrija Panic]

Did you try switching back to VNC-based access - i.e. modify the global
setting novnc.console.default=false and see if the old VNC way works fine.

Best,

On Mon, 28 Jun 2021 at 17:49, Adam Witwicki  wrote:

> Hi Andrija
>
> Yes, no issues accessing the VNC port directly on the KVM server.
>
> Thanks
>
> Adam
>
>
> -Original Message-
> From: Andrija Panic 
> Sent: 28 June 2021 16:48
> To: users 
> Subject: Re: VM console keeps pausing to the point of being unusable
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> Adam,
>
> "
> Adam,
>
> did you try accessing the VM console via standalone VNC viewer, based on
> the way Rohit explained  - dump the XML of the VM, check the IP/port and
> password details - and use those to access  and see if
> that connections is established quick enough.
>
> Best,
> "
>
> Best,
>
> On Mon, 28 Jun 2021 at 11:32, Adam Witwicki 
> wrote:
>
> > Am I able to get some help with this?
> >
> > Cloudstack really is unusable
> > Is it related to the speed issues with SSL?
> >
> > Thanks
> >
> > Adam
> >
> >
> > -Original Message-
> > From: Adam Witwicki
> > Sent: 07 June 2021 14:08
> > To: users@cloudstack.apache.org
> > Subject: RE: VM console keeps pausing to the point of being unusable
> >
> > Forgive me if I am wrong
> >
> > But this is where the exception lies
> > https://github.com/apache/cloudstack/blob/64f792bd7c3a2017d760b0d47b9a
> > 403cb88bab99/services/console-proxy/server/src/main/java/com/cloud/con
> > soleproxy/vnc/VncClientPacketSender.java#L42
> > private final BlockingQueue queue = new
> > ArrayBlockingQueue(30);
> >
> > I guess I need to understand why objects are not leaving the queue?
> >
> >
> > Thanks
> >
> > Adam
> >
> >
> > -Original Message-
> > From: Adam Witwicki 
> > Sent: 07 June 2021 11:49
> > To: users@cloudstack.apache.org
> > Subject: RE: VM console keeps pausing to the point of being unusable
> >
> > ** This mail originated from OUTSIDE the Oakford corporate network.
> > Treat hyperlinks and attachments in this email with caution. **
> >
> > Rohit, sorry the long delay
> >
> > Yes all servers and VMs are in time sync.
> > It does seem to be an issue with the console proxy, no attempt of
> > increasing its resources is improving the situation.
> > What else can we try?
> >
> > Thanks
> >
> > Adam
> >
> >
> > -Original Message-
> > From: Rohit Yadav 
> > Sent: 05 May 2021 09:21
> > To: users@cloudstack.apache.org
> > Subject: Re: VM console keeps pausing to the point of being unusable
> >
> > ** This mail originated from OUTSIDE the Oakford corporate network.
> > Treat hyperlinks and attachments in this email with caution. **
> >
> > Hi Adam - can you check and sync time on your KVM hosts, management
> > servers and CPVM using ntp? This is because SSL-enabled connection are
> > time sensitive.
> > In order to test VNC directly, you can ssh into the host and do
> > something
> > like:
> >
> > # virsh list # find the VM
> >
> > Then run dumpxml and grab the IP/port and password, for example:
> >
> > # virsh dumpxml --security-info s-180-VM | grep vnc
> >  > passwd='_u6LayCdnCrr_JuUwCrq2A'>
> >
> >
> > If you're on the management network, you can use any VNC client and
> > details you find to connect to the VNC directly. I often connect
> > virt-manager (UI) to a KVM host over SSH and use the console directly
> > (the only trick is to grab the password, by clicking the information
> > tab -> go to VNC -> click on show password -> copy and use it to see
> console).
> >
> >
> > Regards.
> >
> > 
> > From: David Jumani 
> > Sent: Wednesday, May 5, 2021 10:32
> > To: users@cloudstack.apache.org 
> > Subject: Re: VM console keeps pausing to the point of being unusable
> >
> > I agree, try checking the number of concurrent connections as well as
> > increasing the CPVM capacity.
> > Also check the network for any glitches / lag between the CPVM and the
> > KVM hosts 
> > From: Hean Seng 
> > Sent: Tuesday, May 4, 2021 4:03 PM
> > To: users@cloudstack.apache.org 
> > Subject: Re: VM console keeps pausing to the point of being unusable
> &g

Re: VM console keeps pausing to the point of being unusable

[Andrija Panic]

Adam,

"
Adam,

did you try accessing the VM console via standalone VNC viewer, based on
the way Rohit explained  - dump the XML of the VM, check the IP/port and
password details - and use those to access  and see if
that connections is established quick enough.

Best,
"

Best,

On Mon, 28 Jun 2021 at 11:32, Adam Witwicki  wrote:

> Am I able to get some help with this?
>
> Cloudstack really is unusable
> Is it related to the speed issues with SSL?
>
> Thanks
>
> Adam
>
>
> -Original Message-
> From: Adam Witwicki
> Sent: 07 June 2021 14:08
> To: users@cloudstack.apache.org
> Subject: RE: VM console keeps pausing to the point of being unusable
>
> Forgive me if I am wrong
>
> But this is where the exception lies
> https://github.com/apache/cloudstack/blob/64f792bd7c3a2017d760b0d47b9a403cb88bab99/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/vnc/VncClientPacketSender.java#L42
> private final BlockingQueue queue = new
> ArrayBlockingQueue(30);
>
> I guess I need to understand why objects are not leaving the queue?
>
>
> Thanks
>
> Adam
>
>
> -Original Message-
> From: Adam Witwicki 
> Sent: 07 June 2021 11:49
> To: users@cloudstack.apache.org
> Subject: RE: VM console keeps pausing to the point of being unusable
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> Rohit, sorry the long delay
>
> Yes all servers and VMs are in time sync.
> It does seem to be an issue with the console proxy, no attempt of
> increasing its resources is improving the situation.
> What else can we try?
>
> Thanks
>
> Adam
>
>
> -Original Message-
> From: Rohit Yadav 
> Sent: 05 May 2021 09:21
> To: users@cloudstack.apache.org
> Subject: Re: VM console keeps pausing to the point of being unusable
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> Hi Adam - can you check and sync time on your KVM hosts, management
> servers and CPVM using ntp? This is because SSL-enabled connection are time
> sensitive.
> In order to test VNC directly, you can ssh into the host and do something
> like:
>
> # virsh list # find the VM
>
> Then run dumpxml and grab the IP/port and password, for example:
>
> # virsh dumpxml --security-info s-180-VM | grep vnc
>  passwd='_u6LayCdnCrr_JuUwCrq2A'>
>
>
> If you're on the management network, you can use any VNC client and
> details you find to connect to the VNC directly. I often connect
> virt-manager (UI) to a KVM host over SSH and use the console directly (the
> only trick is to grab the password, by clicking the information tab -> go
> to VNC -> click on show password -> copy and use it to see console).
>
>
> Regards.
>
> 
> From: David Jumani 
> Sent: Wednesday, May 5, 2021 10:32
> To: users@cloudstack.apache.org 
> Subject: Re: VM console keeps pausing to the point of being unusable
>
> I agree, try checking the number of concurrent connections as well as
> increasing the CPVM capacity.
> Also check the network for any glitches / lag between the CPVM and the KVM
> hosts 
> From: Hean Seng 
> Sent: Tuesday, May 4, 2021 4:03 PM
> To: users@cloudstack.apache.org 
> Subject: Re: VM console keeps pausing to the point of being unusable
>
> Do you know how many concurrent access to VNC  from your user ?
>
> Or you want to increase the Console Proxy Capacity?
>
> Also, please make sure the console proxy Ip/Network is up when you having
> issue on it.
>
>
>
>
> On Tue, May 4, 2021 at 5:43 PM Adam Witwicki 
> wrote:
>
> > This bug is making cloudstack  completely unusable
> >
> > Is there a way to test VNC directly on KVM?
> >
> > Thanks
> >
> > Adam
> >
> >
> > -Original Message-
> > From: Adam Witwicki
> > Sent: 29 April 2021 14:04
> > To: 'users@cloudstack.apache.org' 
> > Subject: RE: VM console keeps pausing to the point of being unusable
> >
> > It didn't go away forever, and now the same issue is back Same logs as
> > before https://pastebin.com/YS6XCy6y
> >
> > Adam
> > -Original Message-
> > From: Adam Witwicki
> > Sent: 27 April 2021 07:30
> > To: users@cloudstack.apache.org
> > Subject: RE: VM console keeps pausing to the point of being unusable
> >
> > Hi Nicolas,
> >
> > It was persisting over console systemVM destroy and creation, and any
> > instance over 3 KVM hosts.
> > Annoying we did not see the error in the console VM logs yesterday and
> > users are reporting the console is currently working ok.
> >
> > Kind Regards
> >
> > Adam
> >
> > -Original Message-
> > From: Nicolas Vazquez 
> > Sent: 26 April 2021 21:26
> > To: users@cloudstack.apache.org
> > Subject: Re: VM console keeps pausing to the point of being unusable
> >
> > ** This mail originated from OUTSIDE the Oakford corporate network.
> > Treat hyperlinks and attachments in this email with caution. **
> >
> > Hi Adam,
> 

Re: Management server reboot appears to cause vms on other hosts to shutdown?

[Andrija Panic]

NFS primary storage also on your management server?

On Sat, 26 Jun 2021 at 10:36, Brian Fitzpatrick 
wrote:

> Hi Jordan,
>
> Thanks for your reply. Apologies I might not have been clear.
>
> The management server is aware of the vm and when I set the host that is
> also the same server that is running the management server (and mysql) into
> maintenance mode, I can see it not longer has any running vms on it. They
> have migrated to other hosts. Cloud stack can see them. Bu when I then to
> an apt update and reboot the management server, the vms on the other hosts
> seem to have shutdown.
>
> The reboot did take a while (15-20 mins), but I am surprised that it has
> affected other kvm hosts, which I thought should just carry on running.
> Unless I have missed something that was still on the management(and mysql)
> server.
>
> Thanks
>
> Brian
>
> -Original Message-
> From: Yordan Kostov  yordan%20kostov%20%3cyord...@nsogroup.com%3e>>
> Reply-To: users@cloudstack.apache.org
> To: users@cloudstack.apache.org  22us...@cloudstack.apache.org%22%20%3cus...@cloudstack.apache.org%3e>>
> Subject: RE: Management server reboot appears to cause vms on other hosts
> to shutdown?
> Date: Fri, 25 Jun 2021 09:10:44 +
>
>
> CAUTION !
>
>
> This email was NOT sent using a University of Chester account, so we are
> unable to verify the identity of the sender. Do not click links or open
> attachments unless you recognise the sender and know the content is safe.
>
>
> =
>
>
>
> Hello Brian,
>
>
> May be I did not understand very well but from what you say I get
> that the management server + SQL and NFS are on the same physical hosts
> that are being managed by cloudstack?
>
> If those VMs are not visible in Cloudstack, the system is not
> aware that they exist so it wont try to roll them to another host if you
> perform hypervisor host reboot.
>
>
> Best regards,
>
> Jordan
>
>
> -Original Message-
>
> From: Brian Fitzpatrick <
>
> 
>
> b.fitzpatr...@chester.ac.uk
>
> >
>
> Sent: Friday, June 25, 2021 12:06 PM
>
> To:
>
> 
>
> users@cloudstack.apache.org
>
>
> Subject: Management server reboot appears to cause vms on other hosts to
> shutdown?
>
>
>
> [X] This message came from outside your organization
>
>
>
> Hi all,
>
>
> Still relatively new to CloudStack and learning, testing etc.
>
>
> I have created 1 management server with mysql on it and created 2 clusters
> with a nfs primary storage server in each and a number of hosts in each.
>
>
> I have been working through the servers, putting them in maintenance mode
> (noting the vm migrations), updating and rebooting them. All working fine
>
>
> I then wanted to update and reboot the server running the management and
> mysql. It is also a host, so I set it in maintenance mode so no vms running
> on it.
>
>
> I thought if I update it and reboot, all I would lose for a period of time
> was access to the management server, the vms should keep running on their
> various hosts
>
>
> The reboot, took longer than usual, it seemed to hang for 15-20mins before
> shutting down and rebooting. To my surprise though I lost contact to all
> the vms on the other hosts.
>
>
> They all shut down.
>
>
> Apologies, if I have missed something here, I thought I understood. All
> virtual routers and system vms appeared to be running on the other hosts.
>
>
> Is it because the management server took a while to reboot, the other
> hosts have lost contact and shutdown their vms? seems odd?
>
>
> Any suggestions, help welcome. As I say, still learning!
>
>
> Thanks
>
>
> Brian
>


-- 

Andrija Panić

Re: Unable to add template to new deployment

[Andrija Panic]

LXC is nothing short of untested recently (for years) - the ones that DO
work (used in production by people) are KVM, XenServer/XCP-ng, VMware.
That's all.
LXC, OVM and co, are most probably doomed, to be honest.

Best,

On Wed, 23 Jun 2021 at 09:27, Joshua Schaeffer 
wrote:

>
>  A thing that I briefly touched somewhere upstairs ^^^ - for each
>  traffic
>  type you have defined - you need to define a traffic label - my
>  deduction
>  capabilities make me believe you are using KVM, so you need to set
>  your KVM
>  traffic label for all your network traffic (traffic label, in you case
>  =
>  exact name of the bridge as visible in Linux) - I recall there are
>  some new
>  UI issues when it comes to tags, so go to your
>  :8080/client/legacy
>  - and check your traffic label there - and set it there, UI in
>  4.15.0.0
>  doesn't allow you to update/set it after the zone is created - but old
>  UI
>  will allow you to do it.
>
> I changed over all the bonds to the standard naming convention and that
> did the trick. I also added the storage network back as you suggested.
> Thanks again for those pointers. However, I may have discovered a bug. I'm
> actually trying to test an LXC hypervisor instead of KVM and it isn't using
> the network labels. There seems to be two problems:
>
> 1. You can't actually set the LXC network label in the new UI because
> there is no option for it. There is an option in the legacy UI, however it
> doesn't actually update the database and throws a warning in the management
> logs.
> 2. Even if you set the labels directly in the database ACS doesn't seem to
> use them. I'm not 100% sure but it looks like it defaults to the settings
> on the compute host. In my case this is causing problems with the storage
> network.
>
> For the first problem, If all the labels are set to NULL:
>
> user@dbserver:~$ sudo mysql -D cloud -e "SELECT id, traffic_type,
> lxc_network_label FROM physical_network_traffic_types;"
> ++--+---+
> | id | traffic_type | lxc_network_label |
> ++--+---+
> | 11 | Management   | NULL  |
> | 12 | Public   | NULL  |
> | 13 | Guest| NULL  |
> | 14 | Storage  | NULL  |
> ++--+---+
>
> and I attempt to set the LXC network label in the legacy UI it remains
> NULL in the database and I see this warning in the logs:
>
> 2021-06-23 05:42:20,977 WARN  [c.c.a.d.ParamGenericValidationWorker]
> (qtp1644231115-887:ctx-a97e9424 ctx-5d6ce3c6) (logid:3e68476e) Received
> unknown parameters for command updateTrafficType. Unknown parameters :
> lxcnetworklabel
>
> In order to get the right labels I updated the database manually:
>
> user@dbserver:~$ sudo mysql -D cloud -e "UPDATE
> physical_network_traffic_types SET lxc_network_label = 'cloudbr0' WHERE id
> = 11;"
> user@dbserver:~$ sudo mysql -D cloud -e "UPDATE
> physical_network_traffic_types SET lxc_network_label = 'cloudbr1' WHERE id
> in (12,13);"
> user@dbserver:~$ sudo mysql -D cloud -e "UPDATE
> physical_network_traffic_types SET lxc_network_label = 'cloudbr2' WHERE id
> = 14;"
> user@dbserver:~$ sudo mysql -D cloud -e "SELECT id, traffic_type,
> lxc_network_label FROM physical_network_traffic_types;"
> ++--+---+
> | id | traffic_type | lxc_network_label |
> ++--+---+
> | 11 | Management   | cloudbr0  |
> | 12 | Public   | cloudbr1  |
> | 13 | Guest| cloudbr1  |
> | 14 | Storage  | cloudbr2  |
> ++--+---+
>
> However, this leads to my second problem; it doesn't seem to actually use
> the correct network interface. I think it uses the default that is set on
> the compute (maybe as a fallback), but I could be wrong about that. This is
> what is set on my compute in the agent.properties file:
>
> user@cmpserver:~$ sudo cat /etc/cloudstack/agent/agent.properties | egrep
> '(network\.device|hypervisor\.type)'
> private.network.device=cloudbr0
> guest.network.device=cloudbr1
> hypervisor.type=lxc
> public.network.device=cloudbr1
>
> And I can see in virsh that the management and public interfaces use
> cloudbr0 and cloudbr1 respectively, however the storage interface for the
> VM uses cloudbr0 when it should use cloudbr2:
>
> root@s-38-VM:~# ip --brief link show eth3
> eth3 UP 1e:00:ac:00:03:6a
> 
>
> root@bllcloudcmp01:~# virsh dumpxml s-38-VM | grep -B 1 -A 8
> '1e:00:ac:00:03:6a'
> 
>   
>   
>   
>   
>   
>   
>   
>function='0x0'/>
> 
>
> I setup another cluster and host with the exact same configuration except
> running KVM instead of LXC and set the KVM labels to the same as the LXC
> labels as a test. I then started the system VM's on the new host. You can
> see that virsh is using the 

Re: Issues Found Apache CloudStack 4.15.1.0 (RC2)

[Andrija Panic]

Hi Mike,

as for the first issue, I have deployed a Zone manually with RC2 - and my
label (for KVM is there). I've also deployed a zone with VMware - and again
everything is OK - traffic label is there (I had 2 physical networks, with
different traffic labels - and all good)

If you can please advise on how different your setup might be - let's try
to reproduce the issue - otherwise, I don't see an issue with RC2.
(screenshot below)

Best,

[image: image.png]


On Fri, 18 Jun 2021 at 23:01, Corey, Mike 
wrote:

> Well - I found a "workaround", but it really can't be explained.  I
> reverted to a snapshot THREE times and retraced my steps just to validate
> what I'm seeing.
>
> Short summary - When the zone is enabled and the systemvms are created a
> folder is created at /var/cloudstack/mnt/VM/.  This folder has
> the nobody:nobody attribute and the error Unable to copy systemvm ISO on
> secondary storage.  Next, I removed the Secondary Storage entry, restarted
> services, re-added Secondary Storage, restarted services, AND systemvms
> deploy.
>
> Attributes of UID Folder at initial systemvm build:
> drwxr-xr-x. 3 cloud  cloud34 Jun 18 16:27 .
> drwxrwx---. 3 root   cloud16 Jun 18 16:27 ..
> drwxrwxrwt. 6 nobody nobody 4096 Jun 18 15:51 345050034639.51841a7
>
> *** ACS tries to set perms on this folder but fails ***
> 2021-06-18 16:27:25,862 DEBUG [c.c.h.v.m.VmwareManagerImpl]
> (DirectAgent-3:ctx-a90e1ecb usphlmvesxt01.phl.global.corp.sap,
> job-9/job-51, cmd: CopyCommand) (logid:3d148cdf) chmod: changing
> permissions of ‘/var/cloudstack/mnt/VM/345050034639.51841a7’: Operation not
> permitted
> 2021-06-18 16:27:25,865 WARN  [c.c.h.v.m.VmwareManagerImpl]
> (DirectAgent-3:ctx-a90e1ecb usphlmvesxt01.phl.global.corp.sap,
> job-9/job-51, cmd: CopyCommand) (logid:3d148cdf) Unable to set permissions
> for /var/cloudstack/mnt/VM/345050034639.51841a7 due to chmod: changing
> permissions of ‘/var/cloudstack/mnt/VM/345050034639.51841a7’: Operation not
> permitted
>
> ***When you remove the SS in UI and restart the services, ACS will clear
> this folder***
> 2021-06-18 16:31:07,962 INFO  [c.c.h.v.m.VmwareManagerImpl]
> (SpringContextShutdownHook:null) (logid:) shutting down scheduled tasks
> 2021-06-18 16:31:07,962 INFO  [c.c.h.v.m.VmwareManagerImpl]
> (SpringContextShutdownHook:null) (logid:) Cleanup mounted NFS mount points
> used in current session
> 2021-06-18 16:31:07,962 INFO  [c.c.h.v.m.VmwareManagerImpl]
> (SpringContextShutdownHook:null) (logid:) umount NFS mount:
> /var/cloudstack/mnt/VM/345050034639.51841a7
> 2021-06-18 16:31:07,962 DEBUG [c.c.h.v.m.VmwareManagerImpl]
> (SpringContextShutdownHook:null) (logid:) Executing: sudo umount
> /var/cloudstack/mnt/VM/345050034639.51841a7
>
> ***Re-adding the SS in the UI and restarting services ACS CAN set the
> perms for the new folder ***
> 2021-06-18 16:38:56,254 DEBUG [c.c.h.v.m.VmwareManagerImpl]
> (DirectAgent-15:ctx-f9c800cf usphlmvesxt02.phl.global.corp.sap,
> job-9/job-58, cmd: StartCommand) (logid:3d148cdf) Executing: sudo chmod
> 1777 /var/cloudstack/mnt/VM/345050034639.50b47f15
> 2021-06-18 16:38:56,269 DEBUG [c.c.h.v.m.VmwareManagerImpl]
> (DirectAgent-15:ctx-f9c800cf usphlmvesxt02.phl.global.corp.sap,
> job-9/job-58, cmd: StartCommand) (logid:3d148cdf) Executing while with
> timeout : 144
> 2021-06-18 16:38:56,293 DEBUG [c.c.h.v.m.VmwareManagerImpl]
> (DirectAgent-15:ctx-f9c800cf usphlmvesxt02.phl.global.corp.sap,
> job-9/job-58, cmd: StartCommand) (logid:3d148cdf) Execution is successful.
>
>
> Attributes after SS removed, services restarted, SS added, services
> restarted:
> drwxr-xr-x. 3 cloud cloud   35 Jun 18 16:38 .
> drwxrwx---. 3 root  cloud   16 Jun 18 16:27 ..
> drwxrwxrwt. 6 root  root  4096 Jun 18 15:51 345050034639.50b47f15
>
> So you can see that root:root is applied AFTER the original SS is removed
> and readded into the zone.  I don't why the original attempt by ACS to
> build this directory fails.  Look forward to your thoughts!
>
> Have a great weekend!
>
> Mike
>
>
>
> -Original Message-
> From: Corey, Mike 
> Sent: Friday, June 18, 2021 11:47 AM
> To: users@cloudstack.apache.org; d...@cloudstack.apache.org
> Subject: [CAUTION] RE: Issues Found Apache CloudStack 4.15.1.0 (RC2)
>
> Honestly, I can live with having to go in after the wizard completes and
> modify the traffic labels.  What I'm hitting regarding permissions on the
> Secondary Storage is more of a priority.  The systemVM builds are just
> looping because they can't copy/mount the systemvm.iso to the proper
> directory.
>
> What I did in previous builds, both 4.14 and 4.15.0, was to manually
> create the systemvm folder and set ownership (chown -R) to cloud:cloud.
> This allowed for the copying of template and systemvm.iso files to work.
>
> However, now with 4.15.1, I'm getting permissions error when copying the
> systemvm.iso to the /var/cloudstack/mnt/VM/
> 021-06-18 11:30:32,062 ERROR [c.c.h.v.m.VmwareManagerImpl]
> (DirectAgent-2:ctx-8e03b79a , 

Re: Unable to add template to new deployment

[Andrija Panic]

You're most welcome!

(and apologies about the naming convention jokes - I also would name things
in a meaningful way instead of bond0/1 etc - the same way I'm switching
back from those "predictable interface names "ensp0p1" and similar to
old-fashioned eth0, eth1 etc - not sure what kind of drugs did the
engineers take when they came with those "predictable" interface names...)

Cheers,

On Fri, 18 Jun 2021 at 07:16,  wrote:

> Andrija,
>
> Thanks so much for all the details. I'm out of the office for the next
> couple of days so will update my cloud with your suggestions when I get
> back.
>
> As far as the "fancy" naming, I just never found names like bondX useful
> when Linux allows naming the network device something else. It has just
> become a convention of mine. I can easily distinguish which bond carries
> cloud traffic and which carries storage traffic by looking at the bond
> name, but it is just a personal thing and can easily switch back to
> using the standard bond names.
>
> I was aware of the traffic labels but forgot to mention that I had set
> those up in my previous email. There were still some details that you
> provided that helped me further understand how they work though, thanks.
>
> Again, thanks for you help.
>
> On 2021-06-17 22:04, Andrija Panic wrote:
> > BTW, once you thing you have fixed all your network configuration
> > issues -
> > destroy all system VM (CPVM, SSVM and restart all networks with
> > "cleanup" -
> > so that new VMs are created_
> > Inside SSVM, run the the following script, which should give you
> > results
> > similar as below - confirming that your SSVM is healthy
> >
> >
> >
> >   root@s-2536-VM:/usr/local/cloud/systemvm#
> > /usr/local/cloud/systemvm/ssvm-
> > check.sh
> > 
> > First DNS server is  192.168.169.254
> > PING 192.168.169.254 (192.168.169.254): 56 data bytes
> > 64 bytes from 192.168.169.254: icmp_seq=0 ttl=64 time=0.520 ms
> > 64 bytes from 192.168.169.254: icmp_seq=1 ttl=64 time=0.294 ms
> > --- 192.168.169.254 ping statistics ---
> > 2 packets transmitted, 2 packets received, 0% packet loss
> > round-trip min/avg/max/stddev = 0.294/0.407/0.520/0.113 ms
> > Good: Can ping DNS server
> > 
> > Good: DNS resolves cloudstack.apache.org
> > 
> > nfs is currently mounted
> > Mount point is /mnt/SecStorage/ceb27169-9a58-32ef-81b4-33b0b12e9aa2
> > Good: Can write to mount point
> > 
> > Management server is 192.168.169.13. Checking connectivity.
> > Good: Can connect to management server 192.168.169.13 port 8250
> > 
> > Good: Java process is running
> > 
> > Tests Complete. Look for ERROR or WARNING above.
> >
> > On Thu, 17 Jun 2021 at 23:55, Andrija Panic 
> > wrote:
> >
> >> Since you really bothered to provide so very detailed inputs and help
> >> us
> >> help you (vs what some other people tend to do) -  I think you really
> >> deserved a decent answer (and some explanation).
> >>
> >> The last question first -even though you don't specify/have dedicated
> >> Storage traffic, there will be an additional interface inside the SSVM
> >> connected to the same Management network (not to the old Storage
> >> network -
> >> if you see the old storage network, restart your mgmt server and
> >> destroy
> >> the SSVM - a new one should be created, with proper interfaces inside
> >> it)
> >>
> >> bond naming issues:
> >> - rename  your "bond-services" to something industry-standard like
> >> "bond0"
> >> or similar - cloudstack extracts "child" interfaces from cloudbr1 IF
> >> you
> >> specify a VLAN for a network that ACS should create - so your
> >> "bond-services", while fancy (and unclear to me WHY you named it in
> >> that
> >> weird way - smiley here) - is NOT something CloudStack will recognize
> >> and
> >> this is the reason it fails (it even says so in that error message)
> >> - no reason to NOT have that dedicated storage network -  feel free to
> >> bring it back - the same issue you have as for the public traffic -
> >> rename
> >> "bond-storage" to e.g. "bond1" and you will be good to go -  since you
&

Re: [VOTE] Apache CloudStack 4.15.1.0 (RC2)

[Andrija Panic]

@Rohit Yadav  we might have a UI blocker, I'm
waiting for Mike to report the issue - it seems (per his separate email to
this ML) that the Traffic Labels are not persisted after the Zone
deployment (UI doesn't show traffic labels) - I do recall an issue in
4.15.0 where similar was happening and one could not update the Traffic
label in new UI (old UI had to be used)

@Corey, Mike  please report here with the problem - thx.

On Wed, 16 Jun 2021 at 18:28, Rohit Yadav  wrote:

> Hi All,
>
> I've created a 4.15.1.0 release, with the following artifacts up for a
> vote:
>
> Git Branch:
> https://github.com/apache/cloudstack/tree/4.15.1.0-RC20210616T2128
> Commit SHA:
> 3afd37022b9dac52cd146dccada6012e47a80232
>
> Source release (checksums and signatures are available at the same
> location):
> https://dist.apache.org/repos/dist/dev/cloudstack/4.15.1.0/
>
> PGP release keys (signed using 5ED1E1122DC5E8A4A45112C2484248210EE3D884):
> https://dist.apache.org/repos/dist/release/cloudstack/KEYS
>
> The vote will be open for the next week until 22 June 2021.
>
> For sanity in tallying the vote, can PMC members please be sure to indicate
> "(binding)" with their vote?
>
> [ ] +1  approve
> [ ] +0  no opinion
> [ ] -1  disapprove (and reason why)
>
> For users convenience, the packages from this release candidate and 4.15.1
> systemvmtemplates are available here:
> https://download.cloudstack.org/testing/4.15.1.0-RC2/
> https://download.cloudstack.org/systemvm/4.15/
>
> Documentation is not published yet, but the following may be referenced for
> upgrade related tests: (there's a new 4.15.1 systemvmtemplate to be
> registered prior to upgrade)
>
> https://github.com/apache/cloudstack-documentation/tree/4.15/source/upgrading/upgrade
>
> Regards.
>


-- 

Andrija Panić

Re: Centos 7.9 - cloud-init password reset?

[Andrija Panic]

gt; > >
> > > Take a look at this pr:
> > > https://urldefense.com/v3/__https://github.com/apache/cloudstack/pul
> > > l/4890__;!!A6UyJA!yR2trQHUBLsjM1ZHCvV4rHbvZtqjfKew-I37A9mNtMlknz8k9i
> > > GFBp7Yzc9XLEuRVgWVAhGhCv2d$
> > >
> > > On Fri, May 14, 2021, 17:08 Yordan Kostov 
> wrote:
> > >
> > > > Hey Andrija and 조대형,
> > > >
> > > > Here is a script a threw
> > > >
> > >
> > https://urldefense.com/v3/__https://github.com/dredknight/cloud_script
> > s/blob/master/CloudStack-Xen/centos7_prep.bash__;!!A6UyJA!yR2trQHUBLsj
> > M1ZHCvV4rHbvZtqjfKew-I37A9mNtMlknz8k9iGFBp7Yzc9XLEuRVgWVAr2oXtYa$
> > > > It implements the following features:
> > > > - some OS prep + install some packets
> > > > - install cloud-init related packets
> > > >
> > > > Cloud-init features:
> > > > - datasources -  sets as ConfigDrive and CloudStack as
> > > > default datasources
> > > > - password + reset
> > > > - makes password module run on every boot instead
> > > > of
> > once
> > > > per instance - - cloud.cfg
> > > > - assigns user with name cloud-user to be
> > > > integrated
> > with
> > > > Cloudstack (initial password set + reset) - 80_root.cfg
> > > > - autoextend root partition (only) upon resize from
> > > > Cloudstack
> > > GUI
> > > > - uses growpart to rewrite MBR tables -
> > > 50_growpartion.cfg
> > > > - adds additional commands to extend PVS, VGS and
> > > > LVS after that - 51_extend_volume.cfg
> > > >
> > > > Script is in a bit of raw shape but it works.
> > > > Currently I am doing similar script for Ubuntu.
> > > >
> > > > Thanks for the heads up Andrija, I have to do a documentation for
> > > > the
> > > team
> > > > anyway so I better contribute to what is already existing instead
> > > > of
> > > doing
> > > > it from scratch .
> > > >
> > > > Btw if anyone has some tips on the cloud-init feature for the SSH
> > > > keys
> > I
> > > > would like to add that too to the bundle.
> > > >
> > > > Best regards,
> > > > Jordan
> > > >
> > > >
> > > > -Original Message-
> > > > From: 조대형 
> > > > Sent: Friday, May 14, 2021 7:14 AM
> > > > To: users@cloudstack.apache.org
> > > > Subject: RE: Centos 7.9 - cloud-init password reset?
> > > >
> > > >
> > > > [X] This message came from outside your organization
> > > >
> > > >
> > > > Hi, Jordan.
> > > >
> > > > I am the one who is testing the same solution and need a solution.
> > > > Can you share the knowledge?
> > > >
> > > > Thanks in advance.
> > > >
> > > > Thanks,
> > > >
> > > >
> > > > -Original Message-
> > > > From: Andrija Panic [mailto:andrija.pa...@gmail.com]
> > > > Sent: Friday, May 14, 2021 7:24 AM
> > > > To: users
> > > > Subject: Re: Centos 7.9 - cloud-init password reset?
> > > >
> > > > Would it be nice if you could update the ACS documentation on the
> > > > password-reset script, to very briefly explain how the same can be
> > > achieved
> > > > with cloud-init, and what to look-for (i.e. issues you had etc)
> > > >
> > > > This would help the product and other users which might have the
> > > > same issue.
> > > >
> > > > Thanks,
> > > >
> > > > On Thu, 13 May 2021 at 11:27, Yordan Kostov 
> > > wrote:
> > > >
> > > > > Thank you Alireza!
> > > > >
> > > > > I tested it and it is working!
> > > > >
> > > > > Best regards,
> > > > > Jordan
> > > > >
> > > > > -Original Message-
> > > > > From: Yordan Kostov 
> > > > > Sent: Wednesday, May 12, 2021 1:17 PM
> > > > > To: users@cloudstack.apache.org
> > > > > Subject: RE: Centos 7.9 - cloud-init password reset?
> > > > >
> > > > >
> > > > > [X] This

Re: Boot Order XenServer

[Andrija Panic]

If you read the last few blog lines more carefully you will notice only the
KEY name should be in the allowed list, not the value itself - so just
"HVM-boot-params:order" - if this doesn't work, then there might be a  bug
(due to column sign - so please test if you can use/reproduce the same
example as in our blog page)

Best,

On Tue, 15 Jun 2021 at 01:17, Felipe  wrote:

> I put in allow.additional.vm.configuration.list.xenserver:
>
> HVM-boot-params%3Aorder%3D%22dcn%22
>
> it didn't work, do you have an example to change the order of bios on HVM
> on xenserver?
>
> Thank you!!
>
> On 2021/06/14 22:32:24, Andrija Panic  wrote:
> >
> https://www.shapeblue.com/cloudstack-feature-first-look-enable-sending-of-arbitrary-configuration-data-to-vms/
> >
> > Best,
> >
> > On Mon, 14 Jun 2021 at 21:57, Felipe  wrote:
> >
> > > Hello everyone!!!
> > >
> > > I wonder if it is possible to change the boot order on xenserver?
> > >
> > > in global settings, is it at
> > > allow.additional.vm.configuration.list.xenserver?
> > >
> > > i would like to put DVD first in boot order.
> > >
> > > thank you all!!
> > >
> > > [image: image.png]
> > >
> > >
> >
> > --
> >
> > Andrija Panić
> >
>


-- 

Andrija Panić

Re: Alter Shared Guest Network?

[Andrija Panic]

There is something wrong there, and you should not, to my knowledge, have
issues with IDs (but I don't recall I have checked this ever)

Before "cloning" the row from user_ip_address table - please make sure you
are cloning an empty record, not the one which is "used" and alter clean up
things - makes you life easier.

Sequence "problem" :

I have no idea where is this mac_address used later - but the logical place
would be the cloud.nics table - all NICs that exist (for all of your VMs,
including system VMs) are located in that table - check the network ID in
the "networks" table (shared network ID), then do select * from nics where
network_id= to show all NICs from that network - in your case
there should be 3 NICs (of VR, VM1, VM2) - check if the mac addresses of
VM1 and VM2 are different - it NOT then you have the problem, otherwise, I
don't think you do have a problem - check inside your VM1 and VM2 if they
go their respective MAC and IP addresses - they should be different from
VM1 to VM2)

(I'm pretty sure that MAC sequence is not used anywhere, or anymore - as
the actual sequence numbers (for different resources) are kept in the
"sequence" table - and in my env MAC sequence for both private and public
MACs are set to "1" -which is nonsense - probably not used any more.

Best,

On Tue, 15 Jun 2021 at 13:22, Yordan Kostov  wrote:

> FYI tested this on 4.15 with specifics:
>  - Shared network with 2 ip range for example 10.10.10.10 - 10.10.10.11
> - created as much VMs as ACS allows me which is 1 (first ip gets assigned
> to the VR)
> - expanded the the range of the shared network in table "VLAN" from
> 10.10.10.10-10.10.10.11 to 10.10.10.10-10.10.10.12
> - Dublicated existing entry in table "user_ip_address" for ip in that
> specific shared network. Changed the following columns with new entries:
> --- ID to the next unreserved
> --- UUID to unique one for the table
> --- public_ip_address to 10.10.10.12
> --- allocated - make it NULL
> --- state - make it Free
> --- mac_address - look at the whole table and set it to the next one that
> is not used
>
> Back to ACS gui I can create a new VM in that network and Ip is assigned.
> But there are some underwater stones that are created this way.
> As IDs are created manually ACS DB is not updating its sequence so I was
> wondering if new network is created would it take the same MAC ID.
> After creating a new network and looking again in the table - the answer
> to this question is  yes - https://imgur.com/YnGMGRE.
>
> So besides the 2 tables another one should be edited but so far I cannot
> find where is the sequence kept.
>
> Best regards,
> Jordan
>
> -Original Message-
> From: Andrija Panic 
> Sent: Monday, June 14, 2021 10:24 PM
> To: users 
> Subject: Re: Alter Shared Guest Network?
>
>
> [X] This message came from outside your organization
>
>
> ANother is is the, if not mistaken, the VLAN table. which will contain the
> range as x.x.x.1-x.x.x.10 - etc - this is needed to be updated as well (if
> you manually add records in the user_ip_address table)
>
> best,
>
> On Thu, 10 Jun 2021 at 18:23, Jeremy Hansen  wrote:
>
> > Thanks. I’ll take a look table.
> >
> > -jeremy
> >
> > > On Jun 10, 2021, at 6:57 AM, Yordan Kostov 
> wrote:
> > >
> > > Hello Jeremy,
> > >
> > >Once a shared network with DHCP offering is created the IPs
> > > fitting
> > into the defined range are created in table called "user_ip_address".
> > >They are created one by one so if range between x.x.x.x.11 and
> > x.x.x.210 is created this will add 200 entries. So if you want to
> > expand that you need to add more entries manually, which is a bit
> unfortunate.
> > >
> > > Best regards,
> > > Jordan
> > >
> > > -Original Message-
> > > From: Jeremy Hansen 
> > > Sent: Thursday, June 10, 2021 12:12 AM
> > > To: users@cloudstack.apache.org
> > > Subject: Re: Alter Shared Guest Network?
> > >
> > >
> > > [X] This message came from outside your organization
> > >
> > >
> > >> On Jun 9, 2021, at 1:39 PM, Wido den Hollander 
> wrote:
> > >>
> > >> 
> > >>
> > >>>> On 6/9/21 3:55 PM, Jeremy Hansen wrote:
> > >>> When I created my shared network config, I specified too narrow of
> > >>> an
> > IP range.
> > >>>
> > >>> I can’t seem to figure out how to alter this config via the web
> > interface. Is this possible?
> > >>>
> > >>
> > >> Not via de UI nor API. You will need to hack this in the database.
> > >> Or remove the network and create it again. But this is only
> > >> possible if there are no VMs in the network.
> > >>
> > >> Wido
> > >
> > > Thanks, recreating it seems like the easiest option since I’m only
> > > in
> > testing phase right now, but I’m curious what it would take to alter
> > tables to fix this. Any clues as to what tables/fields would need to be
> updated?
> > >
> > >>
> > >>> -jeremy
> > >>>
> > >
> >
> >
>
> --
>
> Andrija Panić
>


-- 

Andrija Panić

Re: Unable to add template to new deployment

[Andrija Panic]

BTW, once you thing you have fixed all your network configuration issues -
destroy all system VM (CPVM, SSVM and restart all networks with "cleanup" -
so that new VMs are created_
Inside SSVM, run the the following script, which should give you results
similar as below - confirming that your SSVM is healthy



  root@s-2536-VM:/usr/local/cloud/systemvm# /usr/local/cloud/systemvm/ssvm-
check.sh

First DNS server is  192.168.169.254
PING 192.168.169.254 (192.168.169.254): 56 data bytes
64 bytes from 192.168.169.254: icmp_seq=0 ttl=64 time=0.520 ms
64 bytes from 192.168.169.254: icmp_seq=1 ttl=64 time=0.294 ms
--- 192.168.169.254 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.294/0.407/0.520/0.113 ms
Good: Can ping DNS server

Good: DNS resolves cloudstack.apache.org

nfs is currently mounted
Mount point is /mnt/SecStorage/ceb27169-9a58-32ef-81b4-33b0b12e9aa2
Good: Can write to mount point

Management server is 192.168.169.13. Checking connectivity.
Good: Can connect to management server 192.168.169.13 port 8250

Good: Java process is running

Tests Complete. Look for ERROR or WARNING above.

On Thu, 17 Jun 2021 at 23:55, Andrija Panic  wrote:

> Since you really bothered to provide so very detailed inputs and help us
> help you (vs what some other people tend to do) -  I think you really
> deserved a decent answer (and some explanation).
>
> The last question first -even though you don't specify/have dedicated
> Storage traffic, there will be an additional interface inside the SSVM
> connected to the same Management network (not to the old Storage network -
> if you see the old storage network, restart your mgmt server and destroy
> the SSVM - a new one should be created, with proper interfaces inside it)
>
> bond naming issues:
> - rename  your "bond-services" to something industry-standard like "bond0"
> or similar - cloudstack extracts "child" interfaces from cloudbr1 IF you
> specify a VLAN for a network that ACS should create - so your
> "bond-services", while fancy (and unclear to me WHY you named it in that
> weird way - smiley here) - is NOT something CloudStack will recognize and
> this is the reason it fails (it even says so in that error message)
> - no reason to NOT have that dedicated storage network -  feel free to
> bring it back - the same issue you have as for the public traffic - rename
> "bond-storage" to e.g. "bond1" and you will be good to go -  since you are
> NOT using tagging, ACS will just plug vNIC of the VM into the cloudbr2 (or
> whatever bridge name you use for it).
>
> Now some explanation (even though your deduction capabilities certainly
> made you draw some conclusions from what I wrote above ^^^)
>
> - When you specify a VLAN id for some network in CLoudStack - CloudStack
> will look for the device name that is specified as the "Traffic label" for
> that traffic (and you have none??? for your Public traffic - while it
> should be set to the name of the bridge device "cloudbr1") - and then it
> will provision a VLAN interface and create a new bridge - (i.e. for Public
> network with VLAN id 48, it will extract "bond0" from the "cloudbr1", and
> create bond0.48 VLAN interface - AND it will create a brand new bridge with
> this bond0.48 interface (bridge with funny name), and plug Public vNICs
> into this new bridge
> - When you do NOT specify a VLAN id for some network in CloudStack (i.e.
> your storage network doesn't use VLAN ID in CloudStack, your switch ports
> are in access vlan 96) - you need to have a bridge (i.e. cloudbr2) with the
> bondYYY child interface (instead of that "bond-storage" fancy but
> unrecognized child interface name) - and then ACS will NOT extract child
> interface (nor do everything I explained in the previous paraghraph/bullet
> point) - it will just bluntly "stick" all the vNICs into that cloudbr2 -
> and hope you have a proper physical/child interface also added to the
> cloudbr2 that will carry the traffic down the line... (purely FYI -  you
> could also e.g. use trunking on Linux if you want to, and have e.g.
> "bondXXX.96" VLAN interface manually configured and add it to the bridge,
> while still NOT defining any VLAN in the CloudStack for that Storage
> network - and ACS will just stick vNIC to this bridge)
>
> Public traffic/network - is the network that all systemVMs (SSVM, CPVM and
> all 

Re: Unable to add template to new deployment

[Andrija Panic]

|
> |   |
> |   |  |   bond-services
> (bond) |
> |   |  |
> |   |
> |   |  |
> |   |
> |   |  |
> |   |
> |cloudbr0 (bridge)N/A cloudbr1
> (bridge) bond-storage (bond)
> |VLAN 20 (access)VLAN 48, 400 - 656
> (trunk)   VLAN 96 (access)
>
> On 6/16/21 9:38 AM, Andrija Panic wrote:
> > " There is no secondary storage VM for downloading template to image
> store
> > LXC_SEC_STOR1 "
> >
> > So next step to investigate why there is no SSVM (can hosts access the
> > secondary storage NFS, can they access the Primary Storage, etc - those
> > tests you can do manually) - and as Suresh advised - one it's up, is it
> all
> > green (COnnected / Up state).
> >
> > Best,
> >
>
> I appreciate everyone's help.
>
> --
> Thanks,
> Joshua Schaeffer
>
>

-- 

Andrija Panić

Re: Issues Found Apache CloudStack 4.15.1.0 (RC2)

[Andrija Panic]

@Corey, Mike 

can you please raise a GH issue with the same description, and also vote -1
on the RC2 release, with the link to that GH issue?

THanks,
Andrija

On Thu, 17 Jun 2021 at 18:09, Corey, Mike 
wrote:

> Hi,
>
> Thanks for pushing this out.  I'm looking forward to trying the
> template/instance deployment in my VMware PILOT.
>
> A couple items I noticed off the "new" build are:
>
> 1 - During zone creation with VMware and setting up the physical networks
> - adding the traffic label to use a VDS does NOT keep/take/apply.  Once the
> zone is created and you go into the physical networks, the VDS traffic
> label is blank when it should be in this format
> "vSwtichName,VLAN,typeofswitch".  The only physical network traffic label
> that saved during zone setup wizard was for the Management stack; my
> storage and guest physical network traffic labels did not save from the
> wizard.
>
> 2 - Initial SystemVM deployment, the secondary storage permission do not
> allow the copy of the systemvm.iso to the secondary/systemvm/ folder.  I
> had to first create a /mnt/secondary/systemvm/ folder and chmod -R for this
> copy to function.
>
> More to come...
>
> Mike
>
> -Original Message-
> From: Rohit Yadav 
> Sent: Wednesday, June 16, 2021 12:28 PM
> To: d...@cloudstack.apache.org; users@cloudstack.apache.org
> Subject: [VOTE] Apache CloudStack 4.15.1.0 (RC2)
>
> Hi All,
>
> I've created a 4.15.1.0 release, with the following artifacts up for a
> vote:
>
> Git Branch:
> https://github.com/apache/cloudstack/tree/4.15.1.0-RC20210616T2128
> Commit SHA:
> 3afd37022b9dac52cd146dccada6012e47a80232
>
> Source release (checksums and signatures are available at the same
> location):
> https://dist.apache.org/repos/dist/dev/cloudstack/4.15.1.0/
>
> PGP release keys (signed using 5ED1E1122DC5E8A4A45112C2484248210EE3D884):
> https://dist.apache.org/repos/dist/release/cloudstack/KEYS
>
> The vote will be open for the next week until 22 June 2021.
>
> For sanity in tallying the vote, can PMC members please be sure to indicate
> "(binding)" with their vote?
>
> [ ] +1  approve
> [ ] +0  no opinion
> [ ] -1  disapprove (and reason why)
>
> For users convenience, the packages from this release candidate and 4.15.1
> systemvmtemplates are available here:
> https://download.cloudstack.org/testing/4.15.1.0-RC2/
> https://download.cloudstack.org/systemvm/4.15/
>
> Documentation is not published yet, but the following may be referenced for
> upgrade related tests: (there's a new 4.15.1 systemvmtemplate to be
> registered prior to upgrade)
>
> https://github.com/apache/cloudstack-documentation/tree/4.15/source/upgrading/upgrade
>
> Regards.
>


-- 

Andrija Panić

Re: Unable to add template to new deployment

[Andrija Panic]

" There is no secondary storage VM for downloading template to image store
LXC_SEC_STOR1 "

So next step to investigate why there is no SSVM (can hosts access the
secondary storage NFS, can they access the Primary Storage, etc - those
tests you can do manually) - and as Suresh advised - one it's up, is it all
green (COnnected / Up state).

Best,

Re: Error trying to create a volume snapshot

[Andrija Panic]

I would focus on the actual qemu-img error (i.e. nothing to do with
CloudStack, but something to do with Ceph+RBD - try to do internal Ceph
snapshot, see if the image is corrupted or not, etc, etc):

QemuImgException: qemu-img: error while writing sector 7921663:
Input/output errorqemu-img: Failed to flush the L2 table cache:
Input/output errorqemu-img: Failed to flush the refcount block cache:
Input/output error

Perhaps someone else have seen something similar.


On Tue, 15 Jun 2021 at 09:32, Jeremy Hansen  wrote:

>
> For some reason a particular snapshot I’m trying to create for a volume
> fails and I see this error:
>
> 2021-06-15 00:28:03,416 ERROR [o.a.c.s.v.VolumeServiceImpl]
> (Work-Job-Executor-11:ctx-a1408657 job-673/job-674 ctx-5db754de)
> (logid:da060faf) Take snapshot: 49 failed
> com.cloud.utils.exception.CloudRuntimeException:
> org.apache.cloudstack.utils.qemu.QemuImgException: qemu-img: error while
> writing sector 7921663: Input/output errorqemu-img: Failed to flush the L2
> table cache: Input/output errorqemu-img: Failed to flush the refcount block
> cache: Input/output error
> at
> org.apache.cloudstack.storage.snapshot.SnapshotServiceImpl.backupSnapshot(SnapshotServiceImpl.java:301)
> at
> org.apache.cloudstack.storage.snapshot.DefaultSnapshotStrategy.backupSnapshot(DefaultSnapshotStrategy.java:171)
> at
> com.cloud.storage.snapshot.SnapshotManagerImpl.backupSnapshotToSecondary(SnapshotManagerImpl.java:1215)
> at
> com.cloud.storage.snapshot.SnapshotManagerImpl.takeSnapshot(SnapshotManagerImpl.java:1166)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
> at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:95)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
> at com.sun.proxy.$Proxy208.takeSnapshot(Unknown Source)
> at
> org.apache.cloudstack.storage.volume.VolumeServiceImpl.takeSnapshot(VolumeServiceImpl.java:2087)
> at
> com.cloud.storage.VolumeApiServiceImpl.orchestrateTakeVolumeSnapshot(VolumeApiServiceImpl.java:2638)
> at
> com.cloud.storage.VolumeApiServiceImpl.orchestrateTakeVolumeSnapshot(VolumeApiServiceImpl.java:3627)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at
> com.cloud.vm.VmWorkJobHandlerProxy.handleVmWorkJob(VmWorkJobHandlerProxy.java:107)
> at
> com.cloud.storage.VolumeApiServiceImpl.handleVmWorkJob(VolumeApiServiceImpl.java:3633)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
> at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:95)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
> at com.sun.proxy.$Proxy215.handleVmWorkJob(Unknown Source)
> at
> com.cloud.vm.VmWorkJobDispatcher.runJob(VmWorkJobDispatcher.java:102)
> at
> 

Re: VM console keeps pausing to the point of being unusable

[Andrija Panic]

Adam,

did you try accessing the VM console via standalone VNC viewer, based on
the way Rohit explained  - dump the XML of the VM, check the IP/port and
password details - and use those to access  and see if
that connections is established quick enough.

Best,

On Mon, 7 Jun 2021 at 15:08, Adam Witwicki  wrote:

> Forgive me if I am wrong
>
> But this is where the exception lies
> https://github.com/apache/cloudstack/blob/64f792bd7c3a2017d760b0d47b9a403cb88bab99/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/vnc/VncClientPacketSender.java#L42
> private final BlockingQueue queue = new
> ArrayBlockingQueue(30);
>
> I guess I need to understand why objects are not leaving the queue?
>
>
> Thanks
>
> Adam
>
>
> -Original Message-
> From: Adam Witwicki 
> Sent: 07 June 2021 11:49
> To: users@cloudstack.apache.org
> Subject: RE: VM console keeps pausing to the point of being unusable
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> Rohit, sorry the long delay
>
> Yes all servers and VMs are in time sync.
> It does seem to be an issue with the console proxy, no attempt of
> increasing its resources is improving the situation.
> What else can we try?
>
> Thanks
>
> Adam
>
>
> -Original Message-
> From: Rohit Yadav 
> Sent: 05 May 2021 09:21
> To: users@cloudstack.apache.org
> Subject: Re: VM console keeps pausing to the point of being unusable
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> Hi Adam - can you check and sync time on your KVM hosts, management
> servers and CPVM using ntp? This is because SSL-enabled connection are time
> sensitive.
> In order to test VNC directly, you can ssh into the host and do something
> like:
>
> # virsh list # find the VM
>
> Then run dumpxml and grab the IP/port and password, for example:
>
> # virsh dumpxml --security-info s-180-VM | grep vnc
>  passwd='_u6LayCdnCrr_JuUwCrq2A'>
>
>
> If you're on the management network, you can use any VNC client and
> details you find to connect to the VNC directly. I often connect
> virt-manager (UI) to a KVM host over SSH and use the console directly (the
> only trick is to grab the password, by clicking the information tab -> go
> to VNC -> click on show password -> copy and use it to see console).
>
>
> Regards.
>
> 
> From: David Jumani 
> Sent: Wednesday, May 5, 2021 10:32
> To: users@cloudstack.apache.org 
> Subject: Re: VM console keeps pausing to the point of being unusable
>
> I agree, try checking the number of concurrent connections as well as
> increasing the CPVM capacity.
> Also check the network for any glitches / lag between the CPVM and the KVM
> hosts 
> From: Hean Seng 
> Sent: Tuesday, May 4, 2021 4:03 PM
> To: users@cloudstack.apache.org 
> Subject: Re: VM console keeps pausing to the point of being unusable
>
> Do you know how many concurrent access to VNC  from your user ?
>
> Or you want to increase the Console Proxy Capacity?
>
> Also, please make sure the console proxy Ip/Network is up when you having
> issue on it.
>
>
>
>
> On Tue, May 4, 2021 at 5:43 PM Adam Witwicki 
> wrote:
>
> > This bug is making cloudstack  completely unusable
> >
> > Is there a way to test VNC directly on KVM?
> >
> > Thanks
> >
> > Adam
> >
> >
> > -Original Message-
> > From: Adam Witwicki
> > Sent: 29 April 2021 14:04
> > To: 'users@cloudstack.apache.org' 
> > Subject: RE: VM console keeps pausing to the point of being unusable
> >
> > It didn't go away forever, and now the same issue is back Same logs as
> > before https://pastebin.com/YS6XCy6y
> >
> > Adam
> > -Original Message-
> > From: Adam Witwicki
> > Sent: 27 April 2021 07:30
> > To: users@cloudstack.apache.org
> > Subject: RE: VM console keeps pausing to the point of being unusable
> >
> > Hi Nicolas,
> >
> > It was persisting over console systemVM destroy and creation, and any
> > instance over 3 KVM hosts.
> > Annoying we did not see the error in the console VM logs yesterday and
> > users are reporting the console is currently working ok.
> >
> > Kind Regards
> >
> > Adam
> >
> > -Original Message-
> > From: Nicolas Vazquez 
> > Sent: 26 April 2021 21:26
> > To: users@cloudstack.apache.org
> > Subject: Re: VM console keeps pausing to the point of being unusable
> >
> > ** This mail originated from OUTSIDE the Oakford corporate network.
> > Treat hyperlinks and attachments in this email with caution. **
> >
> > Hi Adam,
> >
> > That's an error I've never hit before, does the issue persist after
> > destroying and recreating the console proxy VM?
> >
> > Regards,
> > Nicolas Vazquez
> > 
> > From: Adam Witwicki 
> > Sent: Thursday, April 22, 2021 7:17 AM
> > To: users@cloudstack.apache.org 
> > Subject: RE: VM console keeps pausing 

Re: Uploading Blog Post

[Andrija Panic]

Gentle ping here.

I would like to emphasise what Rohit said -  "most users won't build
website and blogs from source code" - we need to find a suitable (yet
manageable) solution for the websites, while still complying with Apache
policies.

Thanks,
Andrija

On Wed, 9 Jun 2021 at 11:25, Rohit Yadav  wrote:

> Hi Greg, Mark, infra,
>
> Ping - any thoughts, advice, opinion on questions I asked in the previous
> email esp. if it is an official ASF/ASF-infra policy on requiring project
> websites and blogs to have version control and get on a git repository
> (most users won't build website and blogs from source code - just saying).
>
> Regards.
>
>
>
>
>
> --
> *From:* Rohit Yadav 
> *Sent:* Thursday, June 3, 2021 14:30
> *To:* users@cloudstack.apache.org ; Apache
> CloudStack Marketing ; gst...@gmail.com <
> gst...@gmail.com>; g...@apache.org ; us...@infra.apache.org
> 
> *Subject:* Re: Uploading Blog Post
>
> Thanks Greg, Mark for replying.
>
>
> > The short answer is "downstream users should have the ability to
> > access both code and website sources". That implies that the website
> > source is in a version control system (git or svn) that can be used to
> > generate the website, just as much as they can fetch sources to build
> > the [Apache Cloudstack] releases.
>
> I understand the requirement for code and docs. May I ask why this is a
> requirement for the project website and blog?
> Is it any official ASF or ASF infra policy or simply a standard practice?
>
> Could the availability of posts DB/table synced to Git repo solve that in
> case of a CMS such as Wordpress or Drupal?
>
> > We have not found a way to post to Wordpress.com, sourced from version
> > control, so ... sorry to say: that is not a viable platform for the
> > primary website. If y'all can find a way to push from version control
> > over to wp.com, then yay! That would be great.
>
> I didn't find anything exactly but the following may be explored:
>
> https://github.com/deliciousbrains/wp-migrate-db
> https://wppusher.com/
> https://wordpress.org/plugins/wp-github-sync/
>
> But I hear that TLPs can get a wordpress instance on wordpress.com
> (instead of hosting/managing ourselves), if not for the full TLP website
> but at least as a separate blog (say on blog.cloudstack.apache.org)?
> Thanks.
>
>
> Regards.
>
> --
> *From:* Greg Stein 
> *Sent:* Monday, May 31, 2021 18:18
> *To:* users@cloudstack.apache.org 
> *Cc:* market...@cloudstack.apache.org 
> *Subject:* Re: Uploading Blog Post
>
> On Mon, May 31, 2021 at 10:55:58AM +, Rohit Yadav wrote:
> > + users@infra (kindly, reply all so your email is visible to
> participants on other mailing lists copied in this thread)
>
> users@infra is a private list, so I've removed it from this reply
> (mixing public/private lists is problematic)
>
> > Hi Infra,
> >
> > The Apache CloudStack (ACS) community is discussing options to
> > migrate the project website and blog to Wordpress [1] and the
> > consensus among the people on this thread is they want to go ahead
> > with this. Some attempts and discussions [2][3] were made in the past.
>
> In particular, please note Mark Thomas' point, and my acknowledgement
> at [1].
>
> The short answer is "downstream users should have the ability to
> access both code and website sources". That implies that the website
> source is in a version control system (git or svn) that can be used to
> generate the website, just as much as they can fetch sources to build
> the [Apache Cloudstack] releases.
>
> We have not found a way to post to Wordpress.com, sourced from version
> control, so ... sorry to say: that is not a viable platform for the
> primary website. If y'all can find a way to push from version control
> over to wp.com, then yay! That would be great.
>
> > Before we go ahead with a PMC vote, I want to ask Infra if this is
> > technically feasible for the project website to be moved to Wordpress
> > which (a) may be hosted by ASF infra (preferably as a VM or service
> > much like other portals/website)
>
> Projects may use VMs for their primary websites, but (historically)
> Wordpress has had difficulties with self-hosting. As a result, the
> Foundation uses wordpress.com to host the Feathercast blog rather than
> attempting to self-host.
>
> Per above, if you can construct a process running on a VM, that pushes
> version control over to WP.com, then that problem is solved.
>
> (and yes, the Foundation would be fine paying the yearly fee to host
> at wp.com; that isn't a concern)
>
> > or (b) by an external Wordpress
> > hosting service which is under the control of ACS PMC. As I understand
> > this will require the content to be migrated to a Wordpress instance
> > (either option-a or option-b) and for ASF infra to update the
> > CNAME/dns record.
>
> Per the linked email, the primary concern is the ability for
> downstream users to be able to view/construct all the content of an
> Apache 

Re: Limiting the conntrackd logs in virtual router

[Andrija Panic]

Rakesh,

can you confirm if you are seeing this for ALL VPCs with S-2-S enabled
can you describe/quantify the MB/s log increase over time - does it have
anything to do with the traffic throughput through the tunnel, or is it
just happening even with no traffic (i.e. you can setup S-2-S tunnel
between 2 VPCs (one of them marked as "passive") - I would like to see/test
this in 4.15.1 (if you confirm that the amount of traffic does NOT
influence the size of the logs)

Please respond ASAP - as we need to craft 4.15.1 RC2 - if there is a bug,
we need to fix it (and I will help testing).

Best,


On Wed, 9 Jun 2021 at 13:31, Rakesh Venkatesh 
wrote:

> If I restart with cleanup then the modified config will be deleted and the
> log starts populating very fast again.
>
> On Wed, Jun 9, 2021 at 1:19 PM Andrija Panic 
> wrote:
>
> > Did you try restarting that VPC with cleanup - so brand new VR is
> created -
> > to see if the issue is still observed.
> >
> > Can you test the same now with 4.15.1 RC1 (voting is happening, please
> feel
> > free to test and participate!)
> >
> > Best,
> >
> > On Wed, 9 Jun 2021 at 10:57, Rakesh Venkatesh  >
> > wrote:
> >
> > > I have 4.14 version. The issue exists with only 1 customer.
> > > The VR's belonging to other customers are fine but for one customer who
> > has
> > > enabled site 2 site vpn, its creating lot of logs.
> > > The config I mentioned above is a temporary fix as it will be deleted
> > once
> > > the network is restarted with cleanup.
> > >
> > > On Wed, Jun 9, 2021 at 10:52 AM Andrija Panic  >
> > > wrote:
> > >
> > > > Can you advise which version and have you tried isolating the
> problem -
> > > > this is first time I hear for such an issue (and I have customers
> with
> > 3y
> > > > VR uptime with no issues)
> > > >
> > > > Perhaps something is broken inside that VR, thus the excessive
> logging,
> > > > etc?
> > > >
> > > > Best,
> > > >
> > > > On Wed, 9 Jun 2021 at 10:07, Rakesh Venkatesh <
> > www.rakeshv@gmail.com
> > > >
> > > > wrote:
> > > >
> > > > > Hello
> > > > >
> > > > > I have an issue in the virtual router where
> > conntrackd(conntrack-tools)
> > > > is
> > > > > populating /var/log/daemon.log a lot and because of that VR is
> > running
> > > > out
> > > > > of disk space. Do you guys know how to prevent conntrackd from
> > logging
> > > > too
> > > > > much? I manually changed the logrotate.conf to rotate every hour
> and
> > > > retain
> > > > > only few copies but thats a quick fix. Is there any better fix to
> > avoid
> > > > > this issue? In our setup the VR has 2GB disk and even that got
> filled
> > > up
> > > > > pretty quickly.
> > > > >
> > > > > The logrotate config for daemon.log is present in
> > > > /etc/logrotate.d/rsyslog
> > > > > and I added
> > > > >
> > > > > /var/log/daemon.log
> > > > > {
> > > > > hourly
> > > > > rotate 1
> > > > > missingok
> > > > > notifempty
> > > > > compress
> > > > > copytruncate
> > > > > }
> > > > >
> > > > >
> > > > > The config present in /etc/logrotate.d/conntrackd is pointing
> > > > > to /var/log/conntrackd-stats.log and so changing that config wont
> > help.
> > > > >
> > > > > --
> > > > > Thanks and regards
> > > > > Rakesh
> > > > >
> > > >
> > > >
> > > > --
> > > >
> > > > Andrija Panić
> > > >
> > >
> > >
> > > --
> > > Thanks and regards
> > > Rakesh venkatesh
> > >
> >
> >
> > --
> >
> > Andrija Panić
> >
>
>
> --
> Thanks and regards
> Rakesh venkatesh
>


-- 

Andrija Panić

Re: Primary Storage Allocation

[Andrija Panic]

I'm myself troubleshooting the same issue on 4.11 (for a customer) - even
with "Random" set for the 'vm.allocation.algorithm' - the orred of pools
(when you check the logs) is always alphabeticall/ID-ascending

Which ACS version have you tested/are running?

Best,

On Fri, 11 Jun 2021 at 10:49, Daan Hoogland  wrote:

> Sean,
>
> look at `storage.pool.allocators.order` and `vm.allocation.algorithm`.
> together these should enable you to do what you want. If not, you have a
> feature request. One thing to note is that the allocators default and
> description don't mention all Allocater-classes available.
>
> GarbageCollectingStoragePoolAllocator and RandomStoragePoolAllocator
> are not mentioned.
>
> "LocalStorage,ClusterScopeStoragePoolAllocator,ZoneWideStoragePoolAllocator"
> is the default allocator order, but you can insert the other two
> where/if you want.
>
> regards,
>
> On Wed, Jun 9, 2021 at 10:06 PM Sean Lair  wrote:
>
> > We have two primary storage pools setup, both are NFS.  Both are
> > functioning, but CloudStack is provisioning all our VMs on one of the two
> > pools.  Is there a way to have CloudStack provision new VMs on the pool
> > with the most available storage?  Or how does CloudStack pick between the
> > two pools?
> >
> > Thanks
> > Sean
> >
>
>
> --
> Daan
>


-- 

Andrija Panić

Re: Slow to open cosnole after enabling SSL

[Andrija Panic]

Do you see a TLS handshake taking time?
Can you analyze with the network tools (in Browser) what is taking time?
That is unusual, and not seen normally - it should take 1-5sec to establish
a noVNC console to a VM.

Best,

On Mon, 14 Jun 2021 at 09:32, li jerry  wrote:

> Hi All
>
> The ACS version I use is 4.15.0.0
> I set ACS Enable ssl according to the document
> https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/.
>
> After ACS enabled SSL, it was found that the process of opening the VM
> console was very slow.
>
> Chrome debug mode discovery
> Open https://.**.com/client/console?cmd=access, it takes 97ms
> Open https://.**.com/resource/noVNC/vnc.html, it takes 15-20s
>
> My cpvm, the configuration is 4C/4G
>
> This is very fast before enabling ssl, and the entire console can be
> opened in about 3-5 seconds.
> May I ask where I set it wrong?
>
>
> Thanks everyone for your help!
>
> -Jerry
>
>

-- 

Andrija Panić

Re: Rebooted and now I see unable to find storage pool

[Andrija Panic]

https://www.shapeblue.com/ceph-and-cloudstack-part-1/ (there are 3 parts...)

You should also read on the client-side caching, etc (on KVM hosts).

Best,

On Fri, 11 Jun 2021 at 14:16, Jeremy Hansen  wrote:

> Turns out my other two vm hosts didn’t have rbd/ceph libs installed. This
> fixed my issue.
>
> -jeremy
>
> > On Jun 10, 2021, at 6:50 PM, Jeremy Hansen  wrote:
> >
> > 2021-06-10 18:46:19,665 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-5:null) (logid:34e88890) Failed to create RBD storage
> pool: org.libvirt.LibvirtException: failed to create the RBD IoCTX. Does
> the pool 'rbd' exist?: No such file or directory
> > 2021-06-10 18:46:19,666 ERROR [kvm.storage.LibvirtStorageAdaptor]
> (agentRequest-Handler-5:null) (logid:34e88890) Failed to create the RBD
> storage pool, cleaning up the libvirt secret
> >
> > I should mention that I’ve defined a Ceph RBD primary storage volume.
> Disabling RBD allowed the vm hosts to rejoin the cluster, but I’d like to
> understand what happened here as I plan on using Ceph RBD as my primary
> storage.
> >
> > Thanks
> > -jeremy
> >
> >
> >> On Jun 10, 2021, at 6:45 PM, Jeremy Hansen  wrote:
> >>
> >>
> >> I removed all of my VMs and all volumes.  I rebooted all the servers
> involved in my cluster and now I see this:
> >>
> >> 2021-06-10 18:41:38,824 WARN  [cloud.agent.Agent]
> (agentRequest-Handler-2:null) (logid:4f4da278) Caught:
> >> com.cloud.utils.exception.CloudRuntimeException: Failed to create
> storage pool: a6768f2e-3e3c-3aad-938e-83a9efb6deab
> >>at
> com.cloud.hypervisor.kvm.storage.LibvirtStorageAdaptor.createStoragePool(LibvirtStorageAdaptor.java:645)
> >>at
> com.cloud.hypervisor.kvm.storage.KVMStoragePoolManager.createStoragePool(KVMStoragePoolManager.java:329)
> >>at
> com.cloud.hypervisor.kvm.storage.KVMStoragePoolManager.createStoragePool(KVMStoragePoolManager.java:323)
> >>at
> com.cloud.hypervisor.kvm.resource.wrapper.LibvirtModifyStoragePoolCommandWrapper.execute(LibvirtModifyStoragePoolCommandWrapper.java:42)
> >>at
> com.cloud.hypervisor.kvm.resource.wrapper.LibvirtModifyStoragePoolCommandWrapper.execute(LibvirtModifyStoragePoolCommandWrapper.java:35)
> >>at
> com.cloud.hypervisor.kvm.resource.wrapper.LibvirtRequestWrapper.execute(LibvirtRequestWrapper.java:78)
> >>at
> com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.executeRequest(LibvirtComputingResource.java:1643)
> >>at com.cloud.agent.Agent.processRequest(Agent.java:661)
> >>at com.cloud.agent.Agent$AgentRequestHandler.doTask(Agent.java:1079)
> >>at com.cloud.utils.nio.Task.call(Task.java:83)
> >>at com.cloud.utils.nio.Task.call(Task.java:29)
> >>at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
> >>at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> >>at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> >>at java.base/java.lang.Thread.run(Thread.java:829)
> >>
> >> and too of my VM hosts are unable to connect.
> >>
> >> How do I resolve this situation?  How did I lose a storage pool?
> >>
> >> Thanks
> >> -jeremy
> >>
> >>
> >
>
>

-- 

Andrija Panić

Re: Boot Order XenServer

[Andrija Panic]

https://www.shapeblue.com/cloudstack-feature-first-look-enable-sending-of-arbitrary-configuration-data-to-vms/

Best,

On Mon, 14 Jun 2021 at 21:57, Felipe  wrote:

> Hello everyone!!!
>
> I wonder if it is possible to change the boot order on xenserver?
>
> in global settings, is it at
> allow.additional.vm.configuration.list.xenserver?
>
> i would like to put DVD first in boot order.
>
> thank you all!!
>
> [image: image.png]
>
>

-- 

Andrija Panić

Re: Alter Shared Guest Network?

[Andrija Panic]

ANother is is the, if not mistaken, the VLAN table. which will contain the
range as x.x.x.1-x.x.x.10 - etc - this is needed to be updated as well (if
you manually add records in the user_ip_address table)

best,

On Thu, 10 Jun 2021 at 18:23, Jeremy Hansen  wrote:

> Thanks. I’ll take a look table.
>
> -jeremy
>
> > On Jun 10, 2021, at 6:57 AM, Yordan Kostov  wrote:
> >
> > Hello Jeremy,
> >
> >Once a shared network with DHCP offering is created the IPs fitting
> into the defined range are created in table called "user_ip_address".
> >They are created one by one so if range between x.x.x.x.11 and
> x.x.x.210 is created this will add 200 entries. So if you want to expand
> that you need to add more entries manually, which is a bit unfortunate.
> >
> > Best regards,
> > Jordan
> >
> > -Original Message-
> > From: Jeremy Hansen 
> > Sent: Thursday, June 10, 2021 12:12 AM
> > To: users@cloudstack.apache.org
> > Subject: Re: Alter Shared Guest Network?
> >
> >
> > [X] This message came from outside your organization
> >
> >
> >> On Jun 9, 2021, at 1:39 PM, Wido den Hollander  wrote:
> >>
> >> 
> >>
>  On 6/9/21 3:55 PM, Jeremy Hansen wrote:
> >>> When I created my shared network config, I specified too narrow of an
> IP range.
> >>>
> >>> I can’t seem to figure out how to alter this config via the web
> interface. Is this possible?
> >>>
> >>
> >> Not via de UI nor API. You will need to hack this in the database. Or
> >> remove the network and create it again. But this is only possible if
> >> there are no VMs in the network.
> >>
> >> Wido
> >
> > Thanks, recreating it seems like the easiest option since I’m only in
> testing phase right now, but I’m curious what it would take to alter tables
> to fix this. Any clues as to what tables/fields would need to be updated?
> >
> >>
> >>> -jeremy
> >>>
> >
>
>

-- 

Andrija Panić

Re: NFS version for ISO

[Andrija Panic]

Jordan,

would be very good if you can check that - and report (i.e. if there is
something we can improve - please open a GitHub issue and submit the
Improvement Request, explaining what you noticed)

Thanks!
Andrija

On Sat, 12 Jun 2021 at 23:08, James Steele  wrote:

> Hi, you could try blocking v3, and see if it will the use v4:
> vim /etc/default/nfs-kernel-server
>
> #and set:
> RPCNFSDCOUNT="8 --no-nfs-version 3"
>


-- 

Andrija Panić

Re: NFS version for ISO

[Andrija Panic]

Yes, NFSv4 is probably not supported for Secondary Storage - though some
ACS documentation states that there is support for it (perhaps just for
Primary Storage)

Perhaps someone else can also advise


On Fri, 11 Jun 2021 at 13:13, Дикевич Евгений Александрович <
evgeniy.dikev...@becloud.by> wrote:

> Hi all.
> I think I have an issue.
> I have ACS 4.14.1 + XCP-NG 8.2
> I configured my Secondary Storage NFS for NFSv4 only.
> When I tried deploy VM from ISO It tied to mount in NFSv3 and I saw error
> on host:
> FAILED in util.pread: (rc 32) stdout: '', stderr: 'mount.nfs: Protocol not
> supported
> I tried to set secstorage.nfs.version to version 4.2/4.1 but had error (I
> saw issue on GitHub)
> After than I set it to 4 but ISO steel mounted in NFSv3.
> Mb someone can help me with this issue?
> Внимание!
> Это электронное письмо и все прикрепленные к нему файлы являются
> конфиденциальными и предназначены исключительно для использования лицом
> (лицами), которому (которым) оно предназначено. Если Вы не являетесь лицом
> (лицами), которому (которым) предназначено это письмо, не копируйте и не
> разглашайте его содержимое и удалите это сообщение и все вложения из Вашей
> почтовой системы. Любое несанкционированное использование, распространение,
> раскрытие, печать или копирование этого электронного письма и прикрепленных
> к нему файлов, кроме как лицом (лицами) которому (которым) они
> предназначены, является незаконным и запрещено. Принимая во внимание, что
> передача данных посредством Интернет не является безопасной, мы не несем
> никакой ответственности за любой потенциальный ущерб, причиненный в
> результате ошибок при передаче данных или этим сообщением и прикрепленными
> к нему файлами.
>
> Attention!
> This email and all attachments to it are confidential and are intended
> solely for use by the person (or persons) referred to (mentioned) as the
> intended recipient (recipients). If you are not the intended recipient of
> this email, do not copy or disclose its contents and delete the message and
> any attachments to it from your e-mail system. Any unauthorized use,
> dissemination, disclosure, printing or copying of this e-mail and files
> attached to it, except by the intended recipient, is illegal and is
> prohibited. Taking into account that data transmission via Internet is not
> secure, we assume no responsibility for any potential damage caused by data
> transmission errors or this message and the files attached to it.
>


-- 

Andrija Panić

Re: Meet the CloudStack Community: Who is NEXT?

[Andrija Panic]

(me having a sense of humor Slavka? really, come on... I'll pay 10 beers
just to avoid IvetI mean the interview!)

On Fri, 11 Jun 2021 at 16:04, Ivet Petrova 
wrote:

> Thank you Slavka. Great suggestions! Let’s discuss with them.
>
> I am open for other suggestions from community members :)
>
> Kind regards,
>
>
>
>
> On 11 Jun 2021, at 16:11, Slavka Peleva  > wrote:
>
> Hi Ivet, all,
>
> The video with Gabriel was great! I hope these people don't get mad at
> me for involving them in this, but I'll be happy to hear something
> from Rohit, Daan or Andrija (mixed with his sense of humor) :)
>
> Best regards,
>
> Slavka
>
>
> On Fri, Jun 11, 2021 at 11:30 AM Ivet Petrova  >
> wrote:
>
> Hello all, and Happy Friday!
>
> I hope you are ready for the upcoming weekend. You have seen a few videos
> on the ACS channel which are under the Meet the Community Series.
> To make this videos more interesting for the community, I wanted to ask
> all of you: Who will you nominate for the next videos on the channel?
> If you think that you know a community member, who is inspiring and will
> share a great story, please nominate him for the video series!
>
> Look forward to hear your opinion!
>
> Kind regards,
>
>
>
>
>
>
>

-- 

Andrija Panić

Re: [DISCUSS] Moving to OpenVPN as the remote access VPN provider

[Andrija Panic]

again my 2 cent(o)s:
- strongswan to stay for S-2-S (supporting IKE2 explicitly now etc) - as it
has been working great (with some recent, multiple-remote subnet issues
resolved, with human-layer-8 problems will continue to exist - i.e.
misconfiguration)
- strongswan (L2TP/IpSec) remote VPN is pain and while universally
supported natively in all OS-es today-  it supports only 1 client behind a
single public IP (a common issue when multiple users/humans sitting in the
same office want to connect to the same VPC via Remote VPC) - no way to
seed routes, either route everything through the tunnel (and have you
internet dropped) or add routes manually (pain)

For remote VPN - I prefer to use what is a:
- de-facto industry standard (whatever that is)
- has great/long-term support on all client devices (desktops and mobiles)

Take a look at all major firewall/VPN concentrator devices, and you will
see what they offer (OpenVPN most of the time)

I understand some might like fancy and brand-new-nothing-simpler--than this
VPN solutions - but we should tryi to keep things within industry standards
IMO and leave fancy and not-yet-long-term-tested solutions out of the
consideration.

OpenVPN, as Rohit explained, has support for exporting you with the
configuration file, which you import and use your username/password - and
this works on all mobile devices and up (desktop OS-es) - and from what I
can see (because have multiple VPNs using myself for various different
customers) - it's 99,99% OpenVPN which is used < this kind information
should bring some "help" while deciding what to use

(btw, I'm not selling OpenVPN, nor preaching for it, nor have I ever "liked
it" for that matter, but it seems to be among the best-supported solutions
in every sense)

Cheers,

On Fri, 11 Jun 2021 at 17:04, Pierre-Luc Dion  wrote:

> btw, I like the idea of CloudStack offering OpenVPN as a solution !
>
> On Fri, Jun 11, 2021 at 10:40 AM Pierre-Luc Dion 
> wrote:
>
> > Just to be sure, what CloudStack > v4.15 uses Strongswan/l2tp or
> > strongswan/ikev2 ?
> >
> > Because l2tp became complicated to configure on native vpn clients on
> some
> > OSes, kind of deprecated remote management VPN, compared to IKEv2.
> > I'm a bit concerned about OpenVPN for the clients, what if binaries
> become
> > subscription based availability or become proprietary ?
> >
> > For sure we need the option to select what type of VPN solution to offer
> > when deploying a cloud.
> >
> > From my perspective I cannot use/offer OpenVPN as a solution to my
> > customers because it involves forcing them to download third party
> software
> > on their workstations and I don't want to be responsible for
> > a security breach on their workstation because of a requirement for 3rd
> > party software that we don't control.
> >
> >
> >
> > On Fri, Jun 11, 2021 at 10:14 AM Rohit Yadav 
> > wrote:
> >
> >> Thanks all for the feedback so far, looks like the majority of people on
> >> the thread would prefer OpenVPN but for s2s they may continue to prefer
> >> strongswan/ipsec for site-to-site VPC feature. If we're unable to reach
> >> consensus then a general-purpose provider-framework may be more
> flexible to
> >> the end-user or admin (to select which VPN provider they want for their
> >> network, we heard in this thread - openvpn, strongswan/l2tp, wireguard,
> and
> >> maybe other providers in future).
> >>
> >> Btw, ikev2 is supported now with strongswan with this -
> >> https://github.com/apache/cloudstack/pull/4953
> >>
> >> My personal opinion: As user of most of these VPN providers, I
> personally
> >> like OpenVPN which I found to be easier to use both on desktop/laptop
> and
> >> on phone. With openvpn as the default I imagine in CloudStack I could
> >> enable VPN for a network and CloudStack gives me an option to download a
> >> .ovpn file which I can import in my openvpn client (desktop, phone,
> cli...)
> >> click connect to connect to the VPN. For certificate generation/storage,
> >> the CA framework could be used so the openvpn server certs are the same
> >> across network restarts (with cleanup). I think a process like this
> could
> >> be simpler than what we've right now, and the ovpn download+import
> workflow
> >> would be easier than what we'll get from either strongswan/current or
> >> wireguard. While I like the simplicity of wireguard, which is more like
> SSH
> >> setup I wouldn't mind doing setup on individual VMs (much like setting
> up
> >> ssh key) or use something like TailScale.
> >>
> >>
> >> Regards.
> >>
> >> 
> >> From: Gabriel Bräscher 
> >> Sent: Friday, June 11, 2021 19:28
> >> To: dev 
> >> Cc: users 
> >> Subject: Re: [DISCUSS] Moving to OpenVPN as the remote access VPN
> provider
> >>
> >> I understand that OpenVPN is a great option and far adopted.
> >> I am  ++1 in allowing Users/Admins to choose which VPN provider suits
> them
> >> best; creating an offering (or global settings) that would allow 

Re: [DISCUSS] Moving to OpenVPN as the remote access VPN provider

[Andrija Panic]

+1

as it's, these days, a de facto standard for every VPN device/provider -
and there is great support with OpenVPN clients for all client Operating
Systems.

On Thu, 10 Jun 2021 at 11:24, Alex Mattioli 
wrote:

> +1 on OpenVPN, and then a framework later on.
>
>
>
>
> -Original Message-
> From: Rohit Yadav 
> Sent: 10 June 2021 10:25
> To: d...@cloudstack.apache.org; users@cloudstack.apache.org
> Subject: [DISCUSS] Moving to OpenVPN as the remote access VPN provider
>
> All,
>
> We've historically supported openswan and nowadays strongswan as the VPN
> provider in VR for both site-to-site and remote access modes. After
> discussing the situation with a few users and colleagues I learnt that
> OpenVPN is generally far easier to use, have clients for most OS and
> platforms (desktop, laptop, tablet, phones...)  and allows multiple clients
> in the same public IP (for example, multiple people in the office sharing a
> client-side public IP/nat while trying to connect to a VPC or an isolated
> network) and for these reasons many users actually deploy pfSense or setup
> a OpenVPN server in their isolated network or VPC and use that instead.
>
> Therefore for the point-to-point VPN use-case of remote access [1] does it
> make sense to switch to OpenVPN? Or, are there users using
> strongswan/ipsec/l2tpd for remote access VPN?
>
> A general-purpose VPN-framework/provider where an account or admin (via
> offering) can specify which VPN provider they want in the network
> (strongswan/ipsec, OpenVPN, Wireguard...). However, it may be more complex
> to implement and maintain. Any other thoughts in general about VPN
> implementation and support in CloudStack? Thanks.
>
> [1]
> http://docs.cloudstack.apache.org/en/latest/adminguide/networking_and_traffic.html#remote-access-vpn
>
>
>
> Regards.
>
>
>
>
>

-- 

Andrija Panić

Re: Limiting the conntrackd logs in virtual router

[Andrija Panic]

Did you try restarting that VPC with cleanup - so brand new VR is created -
to see if the issue is still observed.

Can you test the same now with 4.15.1 RC1 (voting is happening, please feel
free to test and participate!)

Best,

On Wed, 9 Jun 2021 at 10:57, Rakesh Venkatesh 
wrote:

> I have 4.14 version. The issue exists with only 1 customer.
> The VR's belonging to other customers are fine but for one customer who has
> enabled site 2 site vpn, its creating lot of logs.
> The config I mentioned above is a temporary fix as it will be deleted once
> the network is restarted with cleanup.
>
> On Wed, Jun 9, 2021 at 10:52 AM Andrija Panic 
> wrote:
>
> > Can you advise which version and have you tried isolating the problem -
> > this is first time I hear for such an issue (and I have customers with 3y
> > VR uptime with no issues)
> >
> > Perhaps something is broken inside that VR, thus the excessive logging,
> > etc?
> >
> > Best,
> >
> > On Wed, 9 Jun 2021 at 10:07, Rakesh Venkatesh  >
> > wrote:
> >
> > > Hello
> > >
> > > I have an issue in the virtual router where conntrackd(conntrack-tools)
> > is
> > > populating /var/log/daemon.log a lot and because of that VR is running
> > out
> > > of disk space. Do you guys know how to prevent conntrackd from logging
> > too
> > > much? I manually changed the logrotate.conf to rotate every hour and
> > retain
> > > only few copies but thats a quick fix. Is there any better fix to avoid
> > > this issue? In our setup the VR has 2GB disk and even that got filled
> up
> > > pretty quickly.
> > >
> > > The logrotate config for daemon.log is present in
> > /etc/logrotate.d/rsyslog
> > > and I added
> > >
> > > /var/log/daemon.log
> > > {
> > > hourly
> > > rotate 1
> > > missingok
> > > notifempty
> > > compress
> > > copytruncate
> > > }
> > >
> > >
> > > The config present in /etc/logrotate.d/conntrackd is pointing
> > > to /var/log/conntrackd-stats.log and so changing that config wont help.
> > >
> > > --
> > > Thanks and regards
> > > Rakesh
> > >
> >
> >
> > --
> >
> > Andrija Panić
> >
>
>
> --
> Thanks and regards
> Rakesh venkatesh
>


-- 

Andrija Panić

Re: Limiting the conntrackd logs in virtual router

[Andrija Panic]

Can you advise which version and have you tried isolating the problem -
this is first time I hear for such an issue (and I have customers with 3y
VR uptime with no issues)

Perhaps something is broken inside that VR, thus the excessive logging, etc?

Best,

On Wed, 9 Jun 2021 at 10:07, Rakesh Venkatesh 
wrote:

> Hello
>
> I have an issue in the virtual router where conntrackd(conntrack-tools) is
> populating /var/log/daemon.log a lot and because of that VR is running out
> of disk space. Do you guys know how to prevent conntrackd from logging too
> much? I manually changed the logrotate.conf to rotate every hour and retain
> only few copies but thats a quick fix. Is there any better fix to avoid
> this issue? In our setup the VR has 2GB disk and even that got filled up
> pretty quickly.
>
> The logrotate config for daemon.log is present in /etc/logrotate.d/rsyslog
> and I added
>
> /var/log/daemon.log
> {
> hourly
> rotate 1
> missingok
> notifempty
> compress
> copytruncate
> }
>
>
> The config present in /etc/logrotate.d/conntrackd is pointing
> to /var/log/conntrackd-stats.log and so changing that config wont help.
>
> --
> Thanks and regards
> Rakesh
>


-- 

Andrija Panić

Re: Snapshots are not working after upgrading to 4.15.0

[Andrija Panic]

@Andrei Mikhailovsky   can you advise which hypervisor
(and version) you are using, what primary storage - let's see if the same
is true in 4.15.1 (voting happening right now - feel free to test and vote
as well, please)

Best,

On Tue, 8 Jun 2021 at 14:25, Andrei Mikhailovsky 
wrote:

> Thanks for the suggestions, Harikrishna. I will check it and revert back.
>
> Andrei
>
>
>
> - Original Message -
> > From: "Harikrishna Patnala" 
> > To: "users" 
> > Sent: Tuesday, 8 June, 2021 03:33:57
> > Subject: Re: Snapshots are not working after upgrading to 4.15.0
>
> > Hi Andrei,
> >
> > Can you check the following things and let us know?
> >
> >
> >  1.  Can you try creating a new volume and then create snapshot of that,
> to check
> >  if this an issue with old entries
> >  2.  For the snapshots which are failing can you check if you are seeing
> any
> >  error messages like this "Can't find an image storage in zone with less
> than".
> >  This is to check if secondary storage free space check failed.
> >  3.  For the snapshots which are failing and if it is delta snapshot can
> you
> >  check if its parent's snapshot entry exists in "snapshot_store_ref"
> table with
> >  'parent_snapshot_id' of the current snapshot with 'store_role' "Image".
> This is
> >  to find the secondary storage where the parent snapshot backup is
> located.
> >
> > Regards,
> > Harikrishna
> > 
> > From: Andrei Mikhailovsky 
> > Sent: Monday, June 7, 2021 7:00 PM
> > To: users 
> > Subject: Snapshots are not working after upgrading to 4.15.0
> >
> > Hello everyone,
> >
> > I am having an issue with volume snapshots since I've upgraded to
> 4.15.0. None
> > of the volumes are being snapshotted regardless if the snapshot is
> initiated
> > manually or from the schedule. The strange thing is that if I manually
> take the
> > snapshot, the GUI shows Success status, but the Storage>Snapshots show
> an Error
> > status. Here is what I see in the management server logs:
> >
> > 2021-06-07 13:55:20,022 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
> > (Work-Job-Executor-81:ctx-08dd4222 job-86141/job-86143) (logid:be34ce01)
> Done
> > executing com.cloud.vm.VmWorkTakeVolumeSnapshot for job-86143
> > 2021-06-07 13:55:20,024 INFO [o.a.c.f.j.i.AsyncJobMonitor]
> > (Work-Job-Executor-81:ctx-08dd4222 job-86141/job-86143) (logid:be34ce01)
> Remove
> > job-86143 from job monitoring
> > 2021-06-07 13:55:20,094 DEBUG [o.a.c.s.s.SnapshotServiceImpl]
> > (BackupSnapshotTask-3:ctx-744796da) (logid:607dbb0e) Failed to copy
> snapshot
> > com.cloud.utils.exception.CloudRuntimeException: can not find an image
> stores
> > at
> >
> org.apache.cloudstack.storage.snapshot.SnapshotServiceImpl.backupSnapshot(SnapshotServiceImpl.java:271)
> > at
> >
> org.apache.cloudstack.storage.snapshot.DefaultSnapshotStrategy.backupSnapshot(DefaultSnapshotStrategy.java:171)
> > at
> >
> com.cloud.storage.snapshot.SnapshotManagerImpl$BackupSnapshotTask.runInContext(SnapshotManagerImpl.java:1238)
> > at
> >
> org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:48)
> > at
> >
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55)
> > at
> >
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102)
> > at
> >
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52)
> > at
> >
> org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:45)
> > at
> >
> java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
> > at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
> > at
> >
> java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
> > at
> >
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> > at
> >
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> > at java.base/java.lang.Thread.run(Thread.java:829)
> > 2021-06-07 13:55:20,152 DEBUG [c.c.s.s.SnapshotManagerImpl]
> > (BackupSnapshotTask-3:ctx-744796da) (logid:607dbb0e) Backing up of
> snapshot
> > failed, for snapshot with ID 53531, left with 2 more attempts
> >
> >
> > I've checked and the Secondary storage is configured and visible in the
> GUI. I
> > can also mount it manually from the management server and a couple of
> host
> > servers that I've tested. In addition, I can successfully upload an ISO
> image
> > and that registers just fine and I can create new VMs using the newly
> uploaded
> > ISO image.
> >
> > I've had no such problems with 4.13.x ACS, so the issue seems to have
> been
> > introduced after doing the upgrade to 4.15.0.
> >
> > Could you please let me know how do I fix the issue?
> >
> > Cheers
> >
> > andrei
>


-- 

Andrija Panić

Re: Usage of "Tags" for Network Offerings

[Andrija Panic]

your are welcome :)

On Tue, 8 Jun 2021 at 15:26, vas...@gmx.de  wrote:

> Hi Andrija,
>
> thanks alot - again! Good to have your knowledge around :-)
> Sorry for spamming - wasn't intended the hassle of doing things
> "beside" actual work
>
> Regards
> Chris
>
> Am Di., 8. Juni 2021 um 10:59 Uhr schrieb Andrija Panic
> :
> >
> > Crhistopher Brown or vas...@gmx.de - please do not "spam" from
> different email addresses - that will not get you the answer sooner than
> normal - but just creates spam and people are more likely to ignore such
> emails :)
> >
> > Best,
> >
> > On Tue, 8 Jun 2021 at 10:55, Andrija Panic 
> wrote:
> >>
> >> you are almost right - but leave alone "traffic labels" which should be
> == to the name of your network/bridge/vSwitch - that has nothing to do with
> network TAGs.
> >>
> >> On physical network, you can set "tag" - you also set the same tag on a
> specific network offering - then ACS will say "let me created a network
> from this offering based on tags - and find a physical network that has the
> same TAG as the TAG defined on the network offering"
> >>
> >> This used in cases when you have "guest" traffic on more than one
> Physical network (i.e. in KVM world, you might be using VXLAN as the
> isolation method on Physical Network1, but you also want to use e.g.
> Private Gateway which supports only VLAN (not VXLAN) as the isolation
> method - thus you would need to create another/2nd Physical network and
> give it appropriate tags.
> >>
> >> Keep in mind the general tagging requirements - you you do NOT tag you
> (e.g. other) network offerings, but you do tag Physical networks - this is
> the same as if the Physical networks are NOT tagged - i.e. the network will
> can be created on either 1st or 2nd Physical networks, since offering is
> not requiring any TAG on it's own.
> >>
> >> Best,
> >>
> >> On Tue, 8 Jun 2021 at 08:44, Christopher Brown <
> mail2christopher.br...@gmail.com> wrote:
> >>>
> >>> Hi everyone,
> >>>
> >>> just a short question regarding the creation / usage of network
> offerings.
> >>> When adding a network offering there is the optional field to give the
> >>> network offering a "Tag".
> >>> After reading the docs, the acutal usage is to map the offering to a
> >>> specific physical network.
> >>>
> >>> So the tag would need to be same as the traffic label for the physical
> network?
> >>>
> >>> For example i would like to use a dedicated fiber-network for some
> >>> hosts. So during the zone creation i would specify a "second" physical
> >>> network for Guest-Traffic with the traffic label "fiber".
> >>> After creation of the zone, i would add a new network offering and
> >>> specify "fiber" as a tag for the service offering to make this
> >>> dedicated physical network availeable for hosts ?
> >>>
> >>> With regards,
> >>>
> >>> Chris
> >>
> >>
> >>
> >> --
> >>
> >> Andrija Panić
> >
> >
> >
> > --
> >
> > Andrija Panić
>


-- 

Andrija Panić

Re: Why my resources is not been release when my machines is down?

[Andrija Panic]

global setting "host.reservation.release.period" dictates for how long the
host will reserve a capacity for a stopped VM.

I assume (though I find this idea a bit stupid IMO) that idea was if you
stop VM, but you are short on capacity, nobody else can "jump in" and
deploy a new VM taking the rest of the host's free capacity, so you (as a
long-standiong customer/user) now can't start your VM you stopped 5mins ago.

Best,

On Tue, 8 Jun 2021 at 17:25, Kalil de Albuquerque Carvalho <
kalil.carva...@hybriddc.com.br> wrote:

> Hello all.
>
> I'm testing Cloudstack 4.15 and it is strange, or, probably, I'm doing
> same mistakes,  that when I halted my VM's the resources are not been
> released for the system. It is like when the VM is created the resource
> it is reserved exclusively for it.
>
> Some one can tell me where I can find the documentation that I can get
> this information and how to work with it?
>
> Any one can help me to understand what it is happening?
>
> Best regards.
>
>

-- 

Andrija Panić

Re: Quickstart question - Network issues

[Andrija Panic]

 Unable to allocate vnet as a part of network Ntwk[210|Guest|8]

Check you Guest traffic to see if you assigned a vlan range from which ACS
will provision VLAN/networks (each tenant network = separate VLAN)

On Mon, 31 May 2021 at 08:11, Jeremy Hansen  wrote:

> Thank you for the response.  I got much further.  All my issues seem
> networking related.  Everything is up right now and I see the template for
> CentOS 5.5 as an offering.
>
> My Cloudstack host is on 192.168.10.35.  My System VMs is configured as
> such:
>
>
>
> At this point, I’m trying to understand how to configured my Guest
> networks.  Ideally my guest vm’s would just use my external DHCP server to
> allocate an IP address but I’m not having much luck finding documentation
> on how to properly do that.  I also see posts saying external DHCP servers
> aren’t supported because Cloudstack needs to be aware of the guest’s IP for
> a number of reasons.
>
> So my question becomes, what type and how should I configure my guest
> network.  Can I use IPs on the same subnet that my Cloudstack host is
> sitting on?  If I can’t use DHCP directly, I can specify a range that is
> not in use by my external DHCP server so IPs will still end up on the
> public network and I can access the VMs on that IP directly.
>
> Interfaces on my Cloudstack host:
>
> cloud0: flags=4163  mtu 1500
> inet 169.254.0.1  netmask 255.255.0.0  broadcast 0.0.0.0
> inet6 fe80::8c30:6dff:fe87:ed32  prefixlen 64  scopeid 0x20
> ether fe:00:a9:fe:91:b4  txqueuelen 1000  (Ethernet)
> RX packets 440  bytes 80558 (78.6 KiB)
> RX errors 0  dropped 0  overruns 0  frame 0
> TX packets 539  bytes 96150 (93.8 KiB)
> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>
> cloudbr0: flags=4163  mtu 1500
> inet 192.168.10.35  netmask 255.255.255.0  broadcast 192.168.10.255
> inet6 fe80::4a2:a9ff:fecf:819  prefixlen 64  scopeid 0x20
> ether b4:b5:2f:db:a2:9b  txqueuelen 1000  (Ethernet)
> RX packets 1203750  bytes 3227151094 (3.0 GiB)
> RX errors 0  dropped 5  overruns 0  frame 0
> TX packets 498851  bytes 2710603584 (2.5 GiB)
> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>
> eno1: flags=4163  mtu 1500
> ether b4:b5:2f:db:a2:9b  txqueuelen 1000  (Ethernet)
> RX packets 4650048  bytes 4876148565 (4.5 GiB)
> RX errors 0  dropped 622  overruns 0  frame 0
> TX packets 3955493  bytes 5163648882 (4.8 GiB)
> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> device interrupt 20  memory 0xf7c0-f7c2
>
> lo: flags=73  mtu 65536
> inet 127.0.0.1  netmask 255.0.0.0
> inet6 ::1  prefixlen 128  scopeid 0x10
> loop  txqueuelen 1000  (Local Loopback)
> RX packets 2322050  bytes 504114946 (480.7 MiB)
> RX errors 0  dropped 0  overruns 0  frame 0
> TX packets 2322050  bytes 504114946 (480.7 MiB)
> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>
> vnet0: flags=4163  mtu 1500
> inet6 fe80::fc00:a9ff:fefe:91b4  prefixlen 64  scopeid 0x20
> ether fe:00:a9:fe:91:b4  txqueuelen 1000  (Ethernet)
> RX packets 50  bytes 9384 (9.1 KiB)
> RX errors 0  dropped 0  overruns 0  frame 0
> TX packets 98  bytes 15290 (14.9 KiB)
> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>
> vnet1: flags=4163  mtu 1500
> inet6 fe80::fc00:7cff:fe00:5  prefixlen 64  scopeid 0x20
> ether fe:00:7c:00:00:05  txqueuelen 1000  (Ethernet)
> RX packets 15707  bytes 2225323 (2.1 MiB)
> RX errors 0  dropped 0  overruns 0  frame 0
> TX packets 127124  bytes 19795223 (18.8 MiB)
> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>
> vnet2: flags=4163  mtu 1500
> inet6 fe80::fc00:d8ff:fe00:7  prefixlen 64  scopeid 0x20
> ether fe:00:d8:00:00:07  txqueuelen 1000  (Ethernet)
> RX packets 808  bytes 57456 (56.1 KiB)
> RX errors 0  dropped 0  overruns 0  frame 0
> TX packets 109119  bytes 17746092 (16.9 MiB)
> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>
> vnet3: flags=4163  mtu 1500
> inet6 fe80::fc00:a9ff:fefe:b767  prefixlen 64  scopeid 0x20
> ether fe:00:a9:fe:b7:67  txqueuelen 1000  (Ethernet)
> RX packets 46  bytes 9168 (8.9 KiB)
> RX errors 0  dropped 0  overruns 0  frame 0
> TX packets 95  bytes 15068 (14.7 KiB)
> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>
> vnet4: flags=4163  mtu 1500
> inet6 fe80::fc00:c2ff:fe00:6  prefixlen 64  scopeid 0x20
> ether fe:00:c2:00:00:06  txqueuelen 1000  (Ethernet)
> RX packets 144923  bytes 2256458775 (2.1 GiB)
> RX errors 0  dropped 0  overruns 0  frame 0
> TX packets 822253  bytes 1009838617 (963.0 MiB)
> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 

Re: Usage of "Tags" for Network Offerings

[Andrija Panic]

Crhistopher Brown or vas...@gmx.de - please do not "spam" from different
email addresses - that will not get you the answer sooner than normal - but
just creates spam and people are more likely to ignore such emails :)

Best,

On Tue, 8 Jun 2021 at 10:55, Andrija Panic  wrote:

> you are almost right - but leave alone "traffic labels" which should be ==
> to the name of your network/bridge/vSwitch - that has nothing to do with
> network TAGs.
>
> On physical network, you can set "tag" - you also set the same tag on a
> specific network offering - then ACS will say "let me created a network
> from this offering based on tags - and find a physical network that has the
> same TAG as the TAG defined on the network offering"
>
> This used in cases when you have "guest" traffic on more than one Physical
> network (i.e. in KVM world, you might be using VXLAN as the isolation
> method on Physical Network1, but you also want to use e.g. Private Gateway
> which supports only VLAN (not VXLAN) as the isolation method - thus you
> would need to create another/2nd Physical network and give it appropriate
> tags.
>
> Keep in mind the general tagging requirements - you you do NOT tag you
> (e.g. other) network offerings, but you do tag Physical networks - this is
> the same as if the Physical networks are NOT tagged - i.e. the network will
> can be created on either 1st or 2nd Physical networks, since offering is
> not requiring any TAG on it's own.
>
> Best,
>
> On Tue, 8 Jun 2021 at 08:44, Christopher Brown <
> mail2christopher.br...@gmail.com> wrote:
>
>> Hi everyone,
>>
>> just a short question regarding the creation / usage of network offerings.
>> When adding a network offering there is the optional field to give the
>> network offering a "Tag".
>> After reading the docs, the acutal usage is to map the offering to a
>> specific physical network.
>>
>> So the tag would need to be same as the traffic label for the physical
>> network?
>>
>> For example i would like to use a dedicated fiber-network for some
>> hosts. So during the zone creation i would specify a "second" physical
>> network for Guest-Traffic with the traffic label "fiber".
>> After creation of the zone, i would add a new network offering and
>> specify "fiber" as a tag for the service offering to make this
>> dedicated physical network availeable for hosts ?
>>
>> With regards,
>>
>> Chris
>>
>
>
> --
>
> Andrija Panić
>


-- 

Andrija Panić

Re: Usage of "Tags" for Network Offerings

[Andrija Panic]

you are almost right - but leave alone "traffic labels" which should be ==
to the name of your network/bridge/vSwitch - that has nothing to do with
network TAGs.

On physical network, you can set "tag" - you also set the same tag on a
specific network offering - then ACS will say "let me created a network
from this offering based on tags - and find a physical network that has the
same TAG as the TAG defined on the network offering"

This used in cases when you have "guest" traffic on more than one Physical
network (i.e. in KVM world, you might be using VXLAN as the isolation
method on Physical Network1, but you also want to use e.g. Private Gateway
which supports only VLAN (not VXLAN) as the isolation method - thus you
would need to create another/2nd Physical network and give it appropriate
tags.

Keep in mind the general tagging requirements - you you do NOT tag you
(e.g. other) network offerings, but you do tag Physical networks - this is
the same as if the Physical networks are NOT tagged - i.e. the network will
can be created on either 1st or 2nd Physical networks, since offering is
not requiring any TAG on it's own.

Best,

On Tue, 8 Jun 2021 at 08:44, Christopher Brown <
mail2christopher.br...@gmail.com> wrote:

> Hi everyone,
>
> just a short question regarding the creation / usage of network offerings.
> When adding a network offering there is the optional field to give the
> network offering a "Tag".
> After reading the docs, the acutal usage is to map the offering to a
> specific physical network.
>
> So the tag would need to be same as the traffic label for the physical
> network?
>
> For example i would like to use a dedicated fiber-network for some
> hosts. So during the zone creation i would specify a "second" physical
> network for Guest-Traffic with the traffic label "fiber".
> After creation of the zone, i would add a new network offering and
> specify "fiber" as a tag for the service offering to make this
> dedicated physical network availeable for hosts ?
>
> With regards,
>
> Chris
>


-- 

Andrija Panić

Re: Issue with live migrations

[Andrija Panic]

You opened a new thread with this question - which I answered, so this one
is probably good to be closed :)

On Tue, 1 Jun 2021 at 22:40, Jeremy Hansen  wrote:

> Thank you for your help.  Set up a tagged VLAN and live migrations are
> working like a champ now.
>
> My next issue…
>
> I launched a second guest and noticed it did not allocate a new public
> IP.  My expectation was that it would allocate another public IP and the
> second instance would have its own virtual router/firewall/port forwarding,
> etc, but that doesn’t seem to be the case.  I can configured the firewall
> on the existing virtual router to forward to the second instance, but I’d
> prefer it just allocate another public IP from the range and allow me to
> configure each instance as a separate entity.  Is this possible?
>
> Thanks
> -jeremy
>
>
> > On Jun 1, 2021, at 4:32 AM, Alessandro Caviglione <
> c.alessan...@gmail.com> wrote:
> >
> > No, but if you're using Advanced Networking you've to manage the trunk
> > configuration on the switch ports.
> > Every Virtual Router has a public IP on a specific interface and a
> specific
> > VLAN and a private IP on another interface in another vlan that acts as a
> > gateway for the instance.
> > So, if VR and instance are in the same host, packets do not exit from
> host
> > and instance are reachable, but if they run on different hosts the
> packets
> > must go through a switch that should be configured to allow traffic on
> that
> > private VLAN.
> > So, in fact, you can allow a single switch port to forward traffic on
> > multiple VLAN, this is called Trunk.
> >
> > On Tue, Jun 1, 2021 at 12:31 PM Jeremy Hansen  wrote:
> >
> >> Ahh, so I just noticed that I could also migrate the router and when I
> do
> >> that, everything works as expected again.  So is this how migrates work?
> >> Do routers always have to move with the instance?
> >>
> >> -jeremy
> >>
> >>
> >> On Jun 1, 2021, at 3:26 AM, Jeremy Hansen  wrote:
> >>
> >> One thing I noticed, and I don’t know if this is expected, but the
> virtual
> >> router my instance is using remains on the original VM host.  If I log
> in
> >> to the guest instance while it’s on the second VM host, I can no longer
> >> ping the private net gateway:
> >>
> >> 
> >>
> >> and the virtual router can’t ping the private IP
> >>
> >> 
> >>
> >> If I migrate the instance back, it ping reachable again:
> >>
> >> 
> >>
> >>
> >> Thanks
> >> -jeremy
> >>
> >>
> >>
> >> On Jun 1, 2021, at 3:07 AM, Jeremy Hansen  wrote:
> >>
> >> Hmm. VM hosts are on the same vlan. Port configuration on both hosts is
> >> exactly the same. I’m not saying it isn’t vlan related but I would
> expect
> >> neither host to work if it was a vlan issue?
> >>
> >> Thanks
> >>
> >> On Jun 1, 2021, at 2:47 AM, Alessandro Caviglione <
> c.alessan...@gmail.com>
> >> wrote:
> >>
> >> I think that your switch doesn't have ports tagged with all required
> >> VLANs...
> >>
> >> On Tue, Jun 1, 2021 at 11:20 AM Jeremy Hansen 
> wrote:
> >>
> >>
> >> I set up another VM host so now I have two VM hosts.  I’m experimenting
> >> with live migrations.  It looks like the VM migrates, but I can no
> longer
> >> SSH to the guest once it’s migrated.  I’m using an isolated network.  I
> >> setup firewall rules to allow all, along with port forwarding rules for
> >> ssh.  I’m using the CentOS 5.5 template.  When I migrate to the second
> VM
> >> host, ping/icmp still works, but I’m unable to ssh to the VM guest.  If
> I
> >> migrate back to the original VM host, everything is fine again.  Any
> clues
> >> what I’m doing wrong on the second VM host or why rules would change on
> the
> >> migration?
> >>
> >> Thanks
> >> -jeremy
> >>
> >>
> >>
> >>
> >>
> >>
>
>

-- 

Andrija Panić

Re: VMware Instance Error

[Andrija Panic]

Short update for anyone (besides Mike) interested in this thread:

the VMware has different naming (strings) used for controller names if they
are in VMX (VMware specific) or in OVA (vendor-neutral) - so Mike was
hitting/using templates/appliances which had only last 2, unsupported by
4.15.0, controllers - bad luck :)

But it's being fixed in 4.15.1 (RC2)


Details for nerds:

vCenter UIVMX OVF

BusLogic Parallel  NA (not specified!)buslogic
LSI Logic Parallel  lsilogic lsilogic
LSI Logic SAS   **lsisas1068**   **lsilogicsas**
VMware Paravirtual **pvscsi****VirtualSCSI**

The last 2 are different in OVF (generic OVF terminology) vs. what they are
inside VMX (specific on how VMware implements it)

Best,

On Wed, 2 Jun 2021 at 19:31, Andrija Panic  wrote:

> Yes, that should all be specified in OVF, so it's hiden from template
> registration form.
>
> On Wed, 2 Jun 2021, 18:04 Corey, Mike,  wrote:
>
>> One area of change, not sure if it matters in my case, is that I can no
>> longer specify the BIOS or EFI option of the instance/template.
>>
>> In the old UI, when deploying an instance I could select the bios/efi in
>> the same window as controller and keyboard language etc.  This option is
>> NOT an option in the new UI under the template settings pane.
>>
>>
>>
>>
>>
>>
>> -Original Message-
>> From: Corey, Mike
>> Sent: Wednesday, June 2, 2021 9:28 AM
>> To: users@cloudstack.apache.org
>> Subject: RE: VMware Instance Error
>>
>> I saw that too - but that line regarding format is "ISO" for other
>> deployments.
>>
>> Example - I used an Ubuntu OVA from openvm and it deployed with the same
>> message...
>>
>>
>> {"org.apache.cloudstack.storage.to.TemplateObjectTO":{"id":"0","format":"ISO","accountId":"0","hvm":"false","bootable":"false","directDownload":"false","deployAsIs":"false"}},"diskSeq":"3","type":"ISO"}],"nics":[{"deviceId":"0","networkRateMbps":"200","defaultNic":"true"
>>
>> Mike
>>
>> -Original Message-
>> From: Abhishek Kumar 
>> Sent: Tuesday, June 1, 2021 4:18 PM
>> To: users@cloudstack.apache.org
>> Subject: Re: VMware Instance Error
>>
>> Hi Mike,
>>
>> For your deployment/disk controller error, you should check the template
>> you are using for the VM. From the logs you have shared there is something
>> wrong with the StartCommand.
>>
>> ---
>>
>> org.apache.cloudstack.storage.to.TemplateObjectTO":{"id":"0","format":"ISO","accountId":"0","hvm":"false","bootable":"false"
>> ---
>> Not sure why id is 0 there and the format is ISO. Are you using an ISO to
>> deploy the VM?
>>
>> Regards,
>> Abhishek
>> 
>> From: Andrija Panic 
>> Sent: 02 June 2021 01:38
>> To: users 
>> Subject: Re: VMware Instance Error
>>
>> Mike,
>>
>> are you in a position to share that specific template (if licencing
>> allows,
>> if it's trial, etc) - ping me on email directly - and I can give it a spin
>> in the lab on 4.15
>> 4.15.1 should bring this new VMware template behaviour (read from OVF,
>> instead of allowing you to specify OS, NIC/disk controllers, etc) - AS
>> OPTIONAL - so you can wait for 4.15.1 if you use non-standard OVA
>> appliances (or, for that matter, the ones that simply don't work with ACS,
>> for whatever reasons)
>>
>> Best,
>>
>>
>>
>>
>> On Tue, 1 Jun 2021 at 21:46, Corey, Mike 
>> wrote:
>>
>> > Another development in my troubleshooting this...
>> >
>> > I used a vendor (OEM) supplied ova appliance as a template and
>> downloaded
>> > in the same manner.  NO SETTINGS were created for the template by ACS.
>> >
>> > If the expected behavior is for ACS to add settings based off of the OVF
>> > descriptor - my case IS NOT.
>> >
>> > I could really use some guidance here on troubleshooting as to why the
>> > template settings are NOT being created by ACS.
>> >
>> > Again - anyone running ACS 4.15 with VMware and having success with
>> using
>> > templ

Re: Windows Virtual Machine on Cloudstack KVM Platform

[Andrija Panic]

Yes, Windows guests can run perfectly fine/stable and fast on KVM

- Instead of 'Windows XXX" version guest OS type, chose "Windows PV" when
you register Windows ISO - this ensures all SCSI/NIC hardware is VirtIO
(optimal performance), otherwise if you chose Windows XXX (2012, 2016, etc)
- the hardware emulated by KVM is IDE controller, Intel e1000 NIC etc -
completely unusable slow performance.
- Ensure you add VirtIO drivers for SCSI disk controller inside Windows
(during Windows Setup - just like any proprietary SCSI controller), so you
can completely Windows setup on custom SCSI controller (RedHat VirtIO SCSI
controller)
- Later install NIC VirtIO driver
- There you go

Drivers you can download from Fedora site: (ISO file, so you can attach it
during Windows deployment, just like in old days with proprietary scsi
controllers)
https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/

there is "latest" and there is "stable" -judge for yourself which one you
want to use
If you at some point start getting BSOD in Windows - it's 99% due to some
bug in VirtIO drivers (happened with Win2008/2012, 4-5 years ago in my ex
company - just upgrade VirtIO drivers with newer ones, sometimes RTFM the
driver Release notes will also help :wink)

Best,

On Fri, 4 Jun 2021 at 04:11, Hean Seng  wrote:

> HI
>
> Is there anybody running  Windows on Cloudstack KVM platform, is there any
> performance issue ?
>
> For Cloudstack KVM,  running Windows, how can I know is using VirtIO driver
> or not ? Seems I not able to choose if to use VirtIO or not .
>
> Thank you.
>
> --
> Regards,
> Hean Seng
>


-- 

Andrija Panić

Re: Issue uploading templates/isos

[Andrija Panic]

There is no workaround - it's a hardcoded requirement that SSL should be
set for SSVM (when you set CPVM SSL and domain, one of the setting is:
secstorage.encrypt.copy=true - this ensures Apache inside SSVM is
configured with the same SSL that was uploaded for CPVM.

Best.

On Fri, 4 Jun 2021 at 12:15, vas...@gmx.de  wrote:

> I has some issues with this, too - which have been related to the
> certificate / SSL issue as the local upload requires https conectivity .
> There ist an "open"  issue at github
>
> https://github.com/apache/cloudstack/issues/4169
>
> The workaround is also explained there. Could be worth trying.
> Regards,
>
> Chris
>
> Am Fr., 4. Juni 2021 um 11:14 Uhr schrieb Jeremy Hansen  >:
>
>>
>> The event log makes it look as if it was successful:
>>
>>
>>
>> But it definitely fails with these errors.  I don’t really see anything
>> in the manager logs.
>>
>>
>> Network Error
>> Unable to reach the management server or a browser extension may be
>> blocking the network request.
>> Upload Failed
>> Failed to upload ISO - Error: Network Error
>>
>

-- 

Andrija Panić

Re: Best practises and ideas for power outtake scenarios

[Andrija Panic]

Hi Chris,

shutting down ACS VMs and hosts is just one part of the story, another part
of the story is also shutting down your side infra, such as storage arrays,
and any external stuff you might have. But let's focus on ACS.

I would make some scripting which involves:
- pulling data from UPS to detect when power down, sleep for some short
amount of time (i.e. 1-2minute to see if this is some hiccup) then if power
is still down, you can use bash and cloudmonkey to automate the following
(to be tested properly in your test env):

- Disable the zone(s)
- Put all Primary Storages in the Maintenance mode - this will cause all
existing VMs on that storage to be shutdown, one by one = takes LONG time
  SO better approach is to query ACS for a list of running VMs
(save this in a file somewhere for later!), put that list in a file, send
VM stop command in batches of 10 or 20 or 50 (depending on the size and
speed of your storage) - don't overload the storage
  confirm all your user VMs are stopped
  stop all system VMs (SSVM, CPVM, all VRs)
  --- confirm no running VM
-- at this point there is no VM running at all in your ACS setup
-- shutdown management server (so you avoid putting your hosts in
maintenance mode in ACS - takes time otherwise), shutdown your MySQL
servers (use by ACS mgmt servers)
-- if using VMware, put all hosts in maintenance mode, and ask Center to
shutdown all hosts (you need to see what to do with vCenter itself, etc)
-- if other hypervisors are used (KVM, XenServer) - do whatever it takes to
shut them down safely/correctly

When power is up, reverse everything - power hosts, wait some time and
confirm all your hosts are up/connected in your management tools ( e.g. in
vCenter, XenCenter, KVM via VirtManager, whatever)
Start the MySQL, the mgmt server, enable the zone (SSVM and CPVM will be
started automatically), then query that list of previously running VMS
(that you saved) and start them one by one, or in batches of 5 or 10 (or
more) - depending on your HW performance (try to avoid "boot storm) -
starting a VM in a network will cause VRs to be started automatically, so
this step is not needed explicitely - but you can handle it manually as
well if you like


This is just to give you an idea (I once had to shutdown ACS and everything
else, which included SolidFire storage, Cloudian S3 cluster, some other
storage solutions etc, in my ex company) - was a really "interesting"
experience...


Best,


On Thu, 3 Jun 2021 at 18:21, vas...@gmx.de  wrote:

> Hello everyone,
>
> i would like to ask for some ideas / bestpractises for dealing with
> power outtake scenarios involving the the cloudstack infrastructure.
> So the usecase would be a power outtake at a datacenter where all
> components of cloudstack (management server, hosts, storage) are
> hosted, which can't be repaired in a given time.
>
> so the "simple" target process would be something like this:
>
> 1.Power outtake detected bei UPS
> 2. UPS is giving notification to CS Management
> 3. CS management is sending information to all vm's as well as hosts
> 4. vm's and hosts performing gracefull shutdown
> 5. management server performs gracefull shutdown
> 6. afterwards shutdown of storage and further components
>
> Are there any included "workflows" or mechanics which can be used out
> of the box? Any real-life best practices how to implement this kind of
> workflow?
>
> with regards,
> Chris
>


-- 

Andrija Panić

Re: 2 networks with DHCP in the same subnet?

[Andrija Panic]

Sounds like you are complicating the setup (or feel the need to do so, for
whatever reason).

Did you test:

parent domain with domain admin "admin" - then just regular users accounts
(QA/DEV) - so each QA and DEV can create their own resources (networks,
VMs, etc) - QA and DEV are separate accounts/tenants so can't access each
other's resources (i.e. different tenants)
THe domain admin account for that domain ("admin" account), being the
domain admin, should be able to manage resources of all user's inside his
own domain. - but if you provision a resource as ADMIN user (domain admin
user), those resources will be owned by ADMIN account only (as expected) -
so keep that in mind.

Best,

On Thu, 3 Jun 2021 at 11:04, Yordan Kostov  wrote:

> Thank you Andrija,
>
> Indeed tested that, if ON  "bypass vlan overlap" option, it is
> possible to create 2 shared networks in the same vlan.
> IP gets assigned but for some reason the interface is shutdown in
> some time(Ubuntu 20). I am now troubleshooting the reason for this.
>
> The design I am trying to create current is - 3 groups of users -
> lets call them QA and DEV and ADMIN teams.
> - Network A is for QAs.
> - Network B is for DEVs.
> - ADMIN should have access to both networks.
>
> I tried that setup with one parent domain (admins) and to child (QA and
> DEV). Assigning a network to child domain DEV hides the network from QA.
> ADMIN domain see the network but cannot create instances inside.
>
> If those 3 accounts are under one domain is it possible to:
> -  assign Network A to be operated and visible only to QA  and
> Admins
> -  assign Network B to be operated and visible only to DEV and
> Admins
>
> The only solution I have found so far is the following:
> - Define 2 networks - A and B with VR (DHCP, DNS, USERDATA) only available
> to ADMINS so nobody sees them
> - Define L2 network AA with USERDATA assigned to QA that overlaps vlan id A
> - Define L2 network BB with USERDATA assigned to DEV that overlaps vlan id
> B
>
> Both users and admins can create instances. Users will not be able to
> change or choose IP address.
>
> Regards,
> Jordan
>
>
>
>
> -Original Message-
> From: Andrija Panic 
> Sent: Thursday, June 3, 2021 10:38 AM
> To: users 
> Subject: Re: 2 networks with DHCP in the same subnet?
>
>
> [X] This message came from outside your organization
>
>
> Considering you are trying to create 2 shared networks (irrelevant of
> their IP range), and I ASSUME you want them on the same VLAN? - then I
> don't think this alone is possible (2 network with the same VLAN)
>
> If you can do it, then it's easy to test what you are asking and have
> first hand-answer :)
>
> IN ACS workdl, in theory, 2 DHCP CAN operate in the same network, since
> ACS provisions explicit DHCP reservations for each IP - i.e. you can't just
> boot another VM (provisionined manually, outside ACS) in the same VLAN - as
> DHCP will reject to give it an IP.
>
> Best,
>
> On Wed, 2 Jun 2021 at 15:43, Yordan Kostov  wrote:
>
> > Dear all,
> >
> > Is it possible to have one /24 network - for example
> > 10.10.10.0/24 where it is divided into 2 shared networks as follow:
> >
> >   *   Network A - 10.10.10.2-50 where 2 is Virtual router with DHCP for
> > the ip range mentioned
> >   *   Network B - 10.10.10.51-200 where 51 is Virtual router with DHCP
> for
> > the ip range mentioned
> >
> > I understand 2 DHCPs cannot operate in the same network but I was
> > wondering if this can be achieved somehow?
> >
> > Best regards,
> > Jordan
> >
>
>
> --
>
> Andrija Panić
>


-- 

Andrija Panić

Re: 2 networks with DHCP in the same subnet?

[Andrija Panic]

Considering you are trying to create 2 shared networks (irrelevant of their
IP range), and I ASSUME you want them on the same VLAN? - then I don't
think this alone is possible (2 network with the same VLAN)

If you can do it, then it's easy to test what you are asking and have
first hand-answer :)

IN ACS workdl, in theory, 2 DHCP CAN operate in the same network, since ACS
provisions explicit DHCP reservations for each IP - i.e. you can't just
boot another VM (provisionined manually, outside ACS) in the same VLAN - as
DHCP will reject to give it an IP.

Best,

On Wed, 2 Jun 2021 at 15:43, Yordan Kostov  wrote:

> Dear all,
>
> Is it possible to have one /24 network - for example
> 10.10.10.0/24 where it is divided into 2 shared networks as follow:
>
>   *   Network A - 10.10.10.2-50 where 2 is Virtual router with DHCP for
> the ip range mentioned
>   *   Network B - 10.10.10.51-200 where 51 is Virtual router with DHCP for
> the ip range mentioned
>
> I understand 2 DHCPs cannot operate in the same network but I was
> wondering if this can be achieved somehow?
>
> Best regards,
> Jordan
>


-- 

Andrija Panić

Re: VMware Instance Error

[Andrija Panic]

Yes, that should all be specified in OVF, so it's hiden from template
registration form.

On Wed, 2 Jun 2021, 18:04 Corey, Mike,  wrote:

> One area of change, not sure if it matters in my case, is that I can no
> longer specify the BIOS or EFI option of the instance/template.
>
> In the old UI, when deploying an instance I could select the bios/efi in
> the same window as controller and keyboard language etc.  This option is
> NOT an option in the new UI under the template settings pane.
>
>
>
>
>
>
> -Original Message-
> From: Corey, Mike
> Sent: Wednesday, June 2, 2021 9:28 AM
> To: users@cloudstack.apache.org
> Subject: RE: VMware Instance Error
>
> I saw that too - but that line regarding format is "ISO" for other
> deployments.
>
> Example - I used an Ubuntu OVA from openvm and it deployed with the same
> message...
>
>
> {"org.apache.cloudstack.storage.to.TemplateObjectTO":{"id":"0","format":"ISO","accountId":"0","hvm":"false","bootable":"false","directDownload":"false","deployAsIs":"false"}},"diskSeq":"3","type":"ISO"}],"nics":[{"deviceId":"0","networkRateMbps":"200","defaultNic":"true"
>
> Mike
>
> -Original Message-
> From: Abhishek Kumar 
> Sent: Tuesday, June 1, 2021 4:18 PM
> To: users@cloudstack.apache.org
> Subject: Re: VMware Instance Error
>
> Hi Mike,
>
> For your deployment/disk controller error, you should check the template
> you are using for the VM. From the logs you have shared there is something
> wrong with the StartCommand.
>
> ---
>
> org.apache.cloudstack.storage.to.TemplateObjectTO":{"id":"0","format":"ISO","accountId":"0","hvm":"false","bootable":"false"
> ---
> Not sure why id is 0 there and the format is ISO. Are you using an ISO to
> deploy the VM?
>
> Regards,
> Abhishek
> 
> From: Andrija Panic 
> Sent: 02 June 2021 01:38
> To: users 
> Subject: Re: VMware Instance Error
>
> Mike,
>
> are you in a position to share that specific template (if licencing allows,
> if it's trial, etc) - ping me on email directly - and I can give it a spin
> in the lab on 4.15
> 4.15.1 should bring this new VMware template behaviour (read from OVF,
> instead of allowing you to specify OS, NIC/disk controllers, etc) - AS
> OPTIONAL - so you can wait for 4.15.1 if you use non-standard OVA
> appliances (or, for that matter, the ones that simply don't work with ACS,
> for whatever reasons)
>
> Best,
>
>
>
>
> On Tue, 1 Jun 2021 at 21:46, Corey, Mike 
> wrote:
>
> > Another development in my troubleshooting this...
> >
> > I used a vendor (OEM) supplied ova appliance as a template and downloaded
> > in the same manner.  NO SETTINGS were created for the template by ACS.
> >
> > If the expected behavior is for ACS to add settings based off of the OVF
> > descriptor - my case IS NOT.
> >
> > I could really use some guidance here on troubleshooting as to why the
> > template settings are NOT being created by ACS.
> >
> > Again - anyone running ACS 4.15 with VMware and having success with using
> > templates?
> >
> > Any other logs I can check to determine why ACS is not creating these
> > custom setting attributes on the templates?
> >
> > Many thanks!
> >
> > Mike
> >
> > -Original Message-
> > From: Corey, Mike 
> > Sent: Tuesday, June 1, 2021 8:47 AM
> > To: users@cloudstack.apache.org
> > Subject: [CAUTION] RE: VMware Instance Error
> >
> > Thanks for the reply Abhishek!
> >
> > 1- ACS deploys the VM from template; however, it fails and shows Error in
> > ACS-Instances UI.  So the VM remains in vCenter - that VM has the CPU/RAM
> > as the template NOT what the ACS service offering (Small Instance) I
> > selected.  I suppose ACS is not finishing the configuration because the
> > deployment fails.
> >
> > 3 - This is the issue I need help to troubleshoot.  ACS IS NOT creating
> > any settings on the Windows 10 and CentOS template I've uploaded into
> ACS.
> > Both template OVF files have the hardware descriptions used by the
> template
> > VM.  However, NO SETTINGS are being added to the ACS template.
> >
> > How can this be troubleshot?  Obviously, ACS is NOT populating the
> > settings on the

Re: Understanding isolated networks

[Andrija Panic]

Isolated network = VR connected to both Public and Guest network (singe
network), plus 1 or more instances behind that VR, in that SINGLE network
VPC = VR (as above) + 1 or MORE networks, with instances in each network

If you want to really assign Public IP to your instances (old school VPS
style hosting) - you would want (as cloud admin) to create a Shared Guest
network on a dedicated VLAN, with a dedicated Public IP range (technically
can be any private/public range, doesn't matter - but you want public) -
and then when DIFFERENT TENANTS/users see this network, they can deploy a
VM in it (so, different tenants are sharing the common network = security
problem...), while there is also a VR for that network that does ONLY
dhcp/dns (userdata/metadata also) - the instances' gateway is some physical
routing device outside of ACS (not the VR <-- which is the case for VMs in
Isolated and VPC networks)

Hope that helps
Andrija

On Wed, 2 Jun 2021 at 11:09, Jeremy Hansen  wrote:

> I’m working through my initial setup of Cloudstack. I added a second vm
> host so I could test live migration. Worked out the vlan kinks and that’s
> now working great.
>
> I launched a second guest and noticed it did not allocate a new public
> IP.  My expectation was that it would allocate another public IP from the
> range I defined and the second instance would have its own virtual
> router/firewall/port forwarding, etc, but that doesn’t seem to be the
> case.  I can configure the firewall on the existing virtual router to port
> forward to the second instance, but I’d prefer it just allocate another
> public IP from the range and allow me to configure each instance as a
> separate entity without port conflicts.  Is this possible?
>
> Thanks
> -jeremy
>


-- 

Andrija Panić

Re: Routers on specific cluster

[Andrija Panic]

Just to add on what Abhishek said - IF you configure "
system.vm.default.hypervisor with a preferred value, I don't think that
tags will be considered at all (or might only be considered within the
chosen hypervisor's clusters - but I think they are not... based on a
recent case I've seen)

So you might want to NOT specify this setting, and then try to use tags on
Service Offering for the VR

On Mon, 31 May 2021 at 04:27, Harikrishna Patnala <
harikrishna.patn...@shapeblue.com> wrote:

> Hi Vivek,
>
> I could found the global setting "system.vm.default.hypervisor" which is
> considered while deploying the router, you may check that. Host tags in the
> system service offering should also work, can you go through the logs while
> the virtual router is getting deployed to observe which pod/cluster/host is
> picked while allocating resources.
>
> Regards,
> Harikrishna
>
> Harikrishna Patnala
> Software Engineer
> harikrishna.patn...@shapeblue.com
> www.shapeblue.com
>
>
>
>
>
>
> --
> *From:* Vivek Kumar 
> *Sent:* Friday, May 28, 2021 6:19 PM
> *To:* users@cloudstack.apache.org 
> *Subject:* Re: Routers on specific cluster
>
> Hey Andrija,
>
> Is there any setting in global setting where  we define that VR should go
> to any particular cluster, as you mentioned in previous thread. I know
> there is no as such performance or functionality issue just curious to
> know.
>
>
> Regards,
> Vivek Kumar
>
> > On 28-May-2021, at 4:45 AM, Andrija Panic 
> wrote:
> >
> > host tags should work for all Service Offerings - unless you are trying
> to
> > create VR on VMware cluster, while your global setting is saying it
> should
> > always be KVM (and yes, you should keep it on KVM - much quicker to
> > provision/configure VR than on VMware) - did you try setting host tags on
> > the Service Offering for Virtual Router (or whatever offering you are
> using
> > for the VR) ?
> >
> > On Thu, 27 May 2021 at 05:20, Vivek Kumar
> 
> > wrote:
> >
> >> Hello Guys,
> >>
> >> So I am using ACS 4.13 with Advance zone. I have 5 KVM cluster and 5
> >> VMware Cluster. So whenever I provision any VPC for any of the cluster,
> VPC
> >> VR always go and sit on KVM hosts, we have around 200 VPC VR and all are
> >> there in KVM zone.  Well for functionality prospective I don’t have any
> >> issues but is there any way to provision router in specific cluster as
> >> well.
> >>
> >>
> >> Storage tag and host tag doesn’t work in case of VR’s offering.
> >>
> >>
> >> Regards
> >> Vivek Kumar
> >
> >
> >
> > --
> >
> > Andrija Panić
>
>

-- 

Andrija Panić

Re: Prediction or studies for KVM live migration.

[Andrija Panic]

..as I assumed - and it exports volume to Secondary Storage as the
intermediate location - all good.
So "live storage migration" doesn't work, as expected.

cheers,

On Fri, 28 May 2021 at 14:11, Kalil de Albuquerque Carvalho <
kalil.carva...@hybriddc.com.br> wrote:

> Hello Andrija.
>
> Sorry for the mess. Instance migration, just about VM's, memory, vCPU
> works fine, on the fly. But if is needed to migrate a volume from one
> primary storage to other is needed the VM must be halted.
>
> I had tested of migration from a Gluster primary Storage to a NFS primary
> storage, and contrariwise, and worked well but just with powerd off VM's.
>
> Best regars.
> Em 27/05/2021 20:18, Andrija Panic escreveu:
>
> I understood you said that LIVE storage migration (migrate VM's volumes
> (with the VM)) works while VM is RUNNING.
>
> Are you now saying this is NOT working (which is what I would expect), and
> that only stopped VM migration is possible from GLuster to NFS?
>
> best,
>
> On Wed, 26 May 2021 at 22:04, Kalil de Albuquerque Carvalho <
> kalil.carva...@hybriddc.com.br> wrote:
>
>> Hello Andrija.
>>
>> Gluster as primary storage works fine. Storage migration, with powered
>> off VM's, it's working  too. My problem is just doing this with VM's
>> running.
>>
>> I'm using Ubuntu 20.02, CentOS 7 and Windows 10 and 2016 for testing and
>> not working.
>>
>> But it is the life, thaks all
>>
>> Best regards,
>>
>>
>> Em 26/05/2021 16:41, Andrija Panic escreveu:
>>
>> I thought I replied to this one, but I dont' see my email...
>>
>> So, from CEPH/NFS to SolidFire should work (in this direction only)  - or
>> let me say "used to work" (haven't tested it recently) - this was developed
>> for my ex-company where I use to work, by Mike Tutkowski from NetApp)
>> Also, my understanding is that it's also possible to migrate VMs using
>> local storage from host to host (whole VM with its disks) - @Gabriel
>> Beims Bräscher  can confirm this, afaik?
>>
>> If you are using Ubuntu - all fine - qemu-kvm supports live storage
>> migrations from Ubuntu 14.04 at least, an onwards.
>> If you are using CentOS 7, you have to use qemu-kvm-ev from the oVirt
>> repo ONLY - all other versions of qemu-kvm do NOT support storage live
>> migration (Redhat revoked it for $$$ reasons, while it was working fine in
>> CentOS6)
>>
>> If your tested it and it worked from Gluster to NFS - that's (great) news
>> (for me).
>>
>> Hope that helps,
>>
>> Cheers,
>>
>> On Wed, 26 May 2021 at 20:06, Wido den Hollander  wrote:
>>
>>>
>>>
>>> On 26/05/2021 13:55, Kalil de Albuquerque Carvalho wrote:
>>> > Hello Wido.
>>> >
>>> > Sorry about that. I was not so clear, or made some misunderstanding.
>>> >
>>> > Doing some corrections, I've tested migration from Gluster to NFS, and
>>> > the reverse, and every think worked well. So, please, disregard this
>>> > part of my question. I should would did this test before made the
>>> question.
>>> >
>>> > My question, now, is when will be support, if will be, with the
>>> running
>>> > VM's. Today, I'm testing the version 4.15, just working with power off
>>> > VM's.
>>> >
>>> Aha, you mean live storage migration between different types of primary
>>> storage.
>>>
>>> That is indeed not supported with KVM and also not on the roadmap at the
>>> moment.
>>>
>>> Wido
>>>
>>> > Best regards.
>>> >
>>> > Em 26/05/2021 04:08, Wido den Hollander escreveu:
>>> >>
>>> >>
>>> >> On 25/05/2021 13:32, Kalil de Albuquerque Carvalho wrote:
>>> >>> Hello all.
>>> >>>
>>> >>> Reading the manual I discovery that live migration is not support
>>> for
>>> >>> KVM hypervisor. I was wander if there are studies or predictions for
>>> >>> this features on KVM hosts.
>>> >>>
>>> >>
>>> >> Where did you read this? Live Migration with the KVM hypervisor works
>>> >> just fine.
>>> >>
>>> >> Wido
>>> >>
>>> >>> Yet on the manual citation, it said that migration just can occur
>>> >>> from CEPH/NFS to "SolidFire Managed Storage". On my tests we are
>>> >>> using Gluster as Primary Storage and not appear any storage to
>>> >>> migrate to. We created tow differents Primary Storages for this kind
>>> >>> of tests. Is that correct, migration in this case just will occur
>>> >>> from/to CEPH/NFS? If yes, will be same future release that will be
>>> >>> possible migration between Guster storages?
>>> >>>
>>> >>> Best regars.
>>> >>>
>>> >>
>>>
>>
>>
>> --
>>
>> Andrija Panić
>>
>>
>
> --
>
> Andrija Panić
>
>

-- 

Andrija Panić

Re: VMware Instance Error

[Andrija Panic]

r.queueCommand(ApiServer.java:688)
> at com.cloud.api.ApiServer.handleRequest(ApiServer.java:588)
> at
> com.cloud.api.ApiServlet.processRequestInContext(ApiServlet.java:321)
> at com.cloud.api.ApiServlet$1.run(ApiServlet.java:134)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52)
> at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:131)
> at com.cloud.api.ApiServlet.doGet(ApiServlet.java:93)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
> at
> org.eclipse.jetty.servlet.ServletHolder$NotAsyncServlet.service(ServletHolder.java:1386)
> at
> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:755)
> at
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:547)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
> at
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:590)
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
> at
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1610)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
> at
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1300)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
> at
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485)
> at
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1580)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
> at
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1215)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
> at
> org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:767)
> at
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at org.eclipse.jetty.server.Server.handle(Server.java:500)
> at
> org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
> at
> org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547)
> at
> org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
> at
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
> at org.eclipse.jetty.io
> .AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
> at org.eclipse.jetty.io
> .FillInterest.fillable(FillInterest.java:103)
> at
> org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543)
> at
> org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398)
> at
> org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161)
> at org.eclipse.jetty.io
> .FillInterest.fillable(FillInterest.java:103)
> at org.eclipse.jetty.io
> .ChannelEndPoint$2.run(ChannelEndPoint.java:117)
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
> at
> org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806)
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938)
> at java.base/java.lang.Thread.run(Thread.java:829)
> 2021-05-21 10:39:05,514 DEBUG [c.c.a.ApiServlet]
> (qtp1026871825-20:ctx-90b111cd ctx-d1342fe9) (logid:03c48de3) ===END===
> 10.4.89.3 -- GET
> zoneid=1cf90fc6-1ae5-416f-a2b4-672176740ecb=be90d04e-5257-43fb-97de-7727d10fae6a=61445715-9baa-4768-863f-473652c324cc=7edc7494-a78f-4d72-8158-6dcbf7370f3f=1ada50d8-a523-4670-93c3-6d942169b7ae=5777d4fc-87b7-46c4-a253-4ff69f80b4ca=[0].nic=8[0].network=62bfbed1-d07c-4886-b4f4-bf594543bb28=CV-Test01=CV-Test01=deployVirtualMachine=json
>
> -Original Message-
> From: Corey, Mike 
> Sent: Friday, May 21, 2021 7:50 AM
> To: users@cloudstack.apache.org
> Subject: [CAUTION] RE: VMware Instance Error
>
> Understood.  I only tried the old UI because the instance deployment
> failed under the new UI and there wasn't a specific error thrown to hint at
> an issue.
>
> I'll try again today and dig through the logs and come back with findings.
>
> MC
>
> -Original Message-
> From: Andrija Panic 
> Sent: Thursday, May 20, 2021 5:47 PM
> To: users 
> Subject: Re: VMware Instance Error
>
> Hi Mike,
>
> that is expected in the old UI - at some point, new features were (in UI)
> supported only for the new UI and not in old UI - so this failure is
> expected/fine (I'm aware of the specific feature that is being
> used/throwing an error here)
>
> Get over the old UI, I know there are emotional connections (for me at
> least) and use just the new UI :)
>
> Best,
>
> On Thu, 20 May 2021 at 22:57, Corey, Mike 
> wrote:
>
> > I'm having a VM instance fail and I can't pinpoint the issue.  Maybe
> > someone has seen this error below - I see it at the legacy UI and not on
> > the new UI.  The new UI just fails the instance after the VM is created
> in
> > vCenter.
> >
> >
> >
> > "Boot type and boot mode are not supported on VMware, as we honour what
> is
> > defined in the template."
> >
> >
> >
> > I thought it was the global setting vmware.root.disk.controller - I had
> it
> > as osdefault (failed) scsi (failed) and blank (failed) - so I'm not sure
> > where or what is triggering the error/failure.
> >
> >
> >
> > Many thanks!
> >
> > Mike
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > *Mike Corey*
> >
> >
> > Technology Senior Consultant, IT CS CTW Operation & Virtualization
> Service
> > US
> >
> >
> > *SAP AMERICA, INC.* 3999 West Chester Pike, Newtown Square, 19073 United
> > States
> >
> >
> > T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com
> >
> >
> >
> >
> >
> >
> >
>
>
> --
>
> Andrija Panic
>


-- 

Andrija Panić

Re: Remote Access VPN

[Andrija Panic]

the next issue you will hit (after VPN is connected) is:
- if you route all traffic over the remote gateway - your internet will
stop working, but you will be able to access all your VMs
- if you untick that option, then NO traffic is routed over the VPN - so
you need to manually add routes for the remote network/VPC CIDR to be
routed over your VPN gtw IP

Best,

On Wed, 26 May 2021 at 14:33, Brian Fitzpatrick 
wrote:

> Thanks Andrija,
>
> I will look through the setup again, I think the default iprange is on a
> separate network
>
> Thanks
>
> Brian
>
> -Original Message-
> From: Andrija Panic  andrija%20panic%20%3candrija.pa...@gmail.com%3e>>
> Reply-To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>
> To: users  users%20%3cus...@cloudstack.apache.org%3e>>
> Subject: Re: Remote Access VPN
> Date: Tue, 25 May 2021 23:30:46 +0200
>
>
> CAUTION !
>
>
> This email originated outside of the University of Chester. Do not click
> links or open attachments unless you recognise the sender and know the
> content is safe.
>
>
> =
>
>
>
> Another thing to keep in mind - if you work from office - usually there can
>
> be only 1 IPSEC with L2TP connection from your office to outside/same IP -
>
> i.e. you and your colleague can not connect at the same time to the same
>
> public IP (i.e. to the same Remove VPN).
>
>
>
> On Tue, 25 May 2021 at 23:29, Andrija Panic <
>
> <mailto:andrija.pa...@gmail.com>
>
> andrija.pa...@gmail.com
>
> > wrote:
>
>
> Hi Brian,
>
>
> remote.access.vpn.client.iprange  should be set to some subnet OUTSIDE
>
> your local network (where your laptop/PC is connected to / home/office) and
>
> the Isolated network - so it should be "3rd" network.
>
>
> For Windows, you there was a nice link somewhere...: here is one for
>
> windows 8 - but same/identical is applicable for Windows 10:
>
> <
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftheresnomon.co%2Fconnecting-to-cloudstack-vpn-from-windows-8-8807b41af700data=04%7C01%7Cb.fitzpatrick%40chester.ac.uk%7C363792b0184d4afe72df08d91fc46e91%7C18843e6e1846456ca05c500f0aee12f6%7C0%7C0%7C637575750798430384%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=v3RTii5lx4lS%2B%2FTXNYkht9BN%2FNUWRPyyjxxXoffU8HQ%3Dreserved=0
> >
>
>
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftheresnomon.co%2Fconnecting-to-cloudstack-vpn-from-windows-8-8807b41af700data=04%7C01%7Cb.fitzpatrick%40chester.ac.uk%7C363792b0184d4afe72df08d91fc46e91%7C18843e6e1846456ca05c500f0aee12f6%7C0%7C0%7C637575750798430384%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=v3RTii5lx4lS%2B%2FTXNYkht9BN%2FNUWRPyyjxxXoffU8HQ%3Dreserved=0
>
>
>
> Hope that helps
>
>
> Best,
>
>
> On Tue, 25 May 2021 at 22:34, Brian Fitzpatrick <
>
> <mailto:b.fitzpatr...@chester.ac.uk>
>
> b.fitzpatr...@chester.ac.uk
>
> > wrote:
>
>
> **Apologies not sure this was originally posted**
>
>
> Hi all,
>
>
> I am trying to setup Remote Access VPN on an DefaultIsolatedSourceNAT
>
> network
>
>
> I have created the VPN and a VPN user and pasted the shared key into a
>
> Windows client but I am getting an error stating
>
>
> the L2TP connection attempt failed because the security layer encountered
>
> a processing error
>
>
> I have looked through the documentation and have set
>
>
> Requires encryption
>
> MS-CHAP v2
>
> PPP -> Enable LCP extensions
>
>
> I haven't however changed the CloudStack parameter
>
>
> remote.access.vpn.client.iprange setting from it's default, does this
>
> need to be altered to match guest isolated network CIDR's? Not sure how the
>
> virtual router sets up the VPN
>
>
> Or am I doing something else wrong?
>
>
> Thanks
>
>
> Brian
>
>
>
>
> --
>
>
> Andrija Panić
>
>
>
>
> --
>
>
> Andrija Panić
>


-- 

Andrija Panić

Re: Best practice moving cloudstack 4.13.0.1 management server from centos 6.10 to Ubuntu 18.04 LTS

[Andrija Panic]

Hi David, that should be a wrong clue - command.properties is NOT used
starting from 4.9, as all default roles are now in the cloud.roles table,
and any custom roles can be migrated via the migration script

Can you check content of your cloud.roles and cloud.role_permissions tables
? in the later one, you should have hundreds of entries, first one only a
few roles.

Is your global setting *'dynamic.apichecker.enabled'* set to 'true'?  This
is needed to skip checking for command.properties and instead rely on the
role/role_permissions tables.

Try that above ^^^ and let me know.

Best,


On Wed, 26 May 2021 at 14:15, Rohit Yadav  wrote:

> Hi David,
>
> The static-roles based commands.properties is deprecated now, while we
> still support it we don't ship a default settings/file with CloudStack now.
> Instead we've moved to dynamic roles, please see
> http://docs.cloudstack.apache.org/en/4.13.1.0/adminguide/accounts.html#using-dynamic-roles
>
>
> Regards.
>
> 
> From: David Larsen 
> Sent: Wednesday, May 26, 2021 13:21
> To: users@cloudstack.apache.org 
> Subject: SV: Best practice moving cloudstack 4.13.0.1 management server
> from centos 6.10 to Ubuntu 18.04 LTS
>
> Hi
>
> Sorry for late reply.
> I figured out the reason why I couldn't log in to the GUI on the new
> ubuntu server.
> Seems like I need to copy the old commands.properties file from the old
> centos 6.10 server to the new ubuntu server... (?)
> I thought cloudstack 4.15 didn't use it anymore, especially since it is
> not included in the 4.13-4.15 installation?
>
> Does anyone know which setting(s) in the commands.properties file I need
> to look into?
>
>
>
> Med vennlig hilsen
>
> David Larsen
> Senior systemkonsulent
>
>
> ADCOM MOLDE, IT Data AS
> Fabrikkvegen 13  | 6415 Molde
> david.lar...@adcom.no | www.adcom.no
>
>
>
> Følg oss på sosiale medier:
>  Tenk på miljøet før du skriver ut denne eposten
>
>
> -Opprinnelig melding-
> Fra: David Larsen 
> Sendt: lørdag 27. mars 2021 00:39
> Til: users@cloudstack.apache.org
> Emne: RE: Best practice moving cloudstack 4.13.0.1 management server from
> centos 6.10 to Ubuntu 18.04 LTS
>
> Ok, thanks.
> I will try cli tool tomorrow.
>
> 
>
>
>
> Sendt fra min Galaxy
>
>
>
>  Opprinnelig melding 
> Fra: Alireza Eskandari 
> Dato: 26.03.2021 22:52 (GMT+01:00)
> Til: users@cloudstack.apache.org
> Emne: Re: Best practice moving cloudstack 4.13.0.1 management server from
> centos 6.10 to Ubuntu 18.04 LTS
>
> If you can use CS from CloudMonkey (CLI tool), I can say that it is
> working fine but you have some problems with GUI.
>
>
>
>
>
> On Sat, Mar 27, 2021 at 2:16 AM David Larsen 
> wrote:
>
> > Yes, have. Many times. Also different browsers.
> >
> > Management server and mysql server have same ip as in production, but
> > in isolated environment.
> >
> >
> >
> >
> >
> > Sendt fra min Galaxy
> >
> >
> >
> >  Opprinnelig melding 
> > Fra: Alireza Eskandari 
> > Dato: 26.03.2021 22:41 (GMT+01:00)
> > Til: users@cloudstack.apache.org
> > Emne: Re: Best practice moving cloudstack 4.13.0.1 management server
> > from centos 6.10 to Ubuntu 18.04 LTS
> >
> > If you are trying to login via the web gui, have you tried to clear
> > your browser cache?
> > I recommend testing your browser private mode.
> >
> > On Sat, Mar 27, 2021 at 1:54 AM David Larsen 
> > wrote:
> >
> > > Hi
> > >
> > > I have a working cloudstack 4.13.01 setup with two servers, one
> > cloudstack
> > > management running centos 6.10, and a mysql 5.1 running on centos 6.10.
> > >
> > >
> > > I have build up a isolated environment with two Ubuntu 18.04 servers:
> > > 1. Ubuntu 18.04 running mysql 5.7
> > > 2. Ubuntu 18.04 running cloudstack management 4.13.01
> > >
> > > When i restore mysql data from the old mysql server and run
> > > cloudstack database setup without deploy as root and finish
> > > cloudstack setup, everething start up as normal and i get the
> > > cloudstack login in
> > browser...
> > > But i cannot log in... According to the cloudstack management log,
> > > admin
> > is
> > > successfully logged in... (?)
> > >
> > > What is missing?
> > >
> > > I thought i might be the difference i mysql version, so i installed
> > > a "new" centos 6.10 with mysql 5.1... But after a successful sql
> > > restore
> > and
> > > cloudstack install, i was surprised i got the same symptoms with login.
> > >
> > > Then i i though i might be something with ubuntu, so i installed the
> > > latest centos 7 as cloudstack management server... Samme result... I
> > can't
> > > log in. No error unless i try with wrong password... Then it says
> > > wrong
> > > password...(?) i have tried with admin users and standard users.
> > > Same result.
> > >
> > > I can mysql server data and it looks the same as the one in production.
> > > All usernames are the same..
> > >
> > > What am i missing?
> > > Is there any api.Key or some config files i need to be 

Re: Prediction or studies for KVM live migration.

[Andrija Panic]

I understood you said that LIVE storage migration (migrate VM's volumes
(with the VM)) works while VM is RUNNING.

Are you now saying this is NOT working (which is what I would expect), and
that only stopped VM migration is possible from GLuster to NFS?

best,

On Wed, 26 May 2021 at 22:04, Kalil de Albuquerque Carvalho <
kalil.carva...@hybriddc.com.br> wrote:

> Hello Andrija.
>
> Gluster as primary storage works fine. Storage migration, with powered off
> VM's, it's working  too. My problem is just doing this with VM's running.
>
> I'm using Ubuntu 20.02, CentOS 7 and Windows 10 and 2016 for testing and
> not working.
>
> But it is the life, thaks all
>
> Best regards,
>
>
> Em 26/05/2021 16:41, Andrija Panic escreveu:
>
> I thought I replied to this one, but I dont' see my email...
>
> So, from CEPH/NFS to SolidFire should work (in this direction only)  - or
> let me say "used to work" (haven't tested it recently) - this was developed
> for my ex-company where I use to work, by Mike Tutkowski from NetApp)
> Also, my understanding is that it's also possible to migrate VMs using
> local storage from host to host (whole VM with its disks) - @Gabriel
> Beims Bräscher  can confirm this, afaik?
>
> If you are using Ubuntu - all fine - qemu-kvm supports live storage
> migrations from Ubuntu 14.04 at least, an onwards.
> If you are using CentOS 7, you have to use qemu-kvm-ev from the oVirt repo
> ONLY - all other versions of qemu-kvm do NOT support storage live migration
> (Redhat revoked it for $$$ reasons, while it was working fine in CentOS6)
>
> If your tested it and it worked from Gluster to NFS - that's (great) news
> (for me).
>
> Hope that helps,
>
> Cheers,
>
> On Wed, 26 May 2021 at 20:06, Wido den Hollander  wrote:
>
>>
>>
>> On 26/05/2021 13:55, Kalil de Albuquerque Carvalho wrote:
>> > Hello Wido.
>> >
>> > Sorry about that. I was not so clear, or made some misunderstanding.
>> >
>> > Doing some corrections, I've tested migration from Gluster to NFS, and
>> > the reverse, and every think worked well. So, please, disregard this
>> > part of my question. I should would did this test before made the
>> question.
>> >
>> > My question, now, is when will be support, if will be, with the running
>> > VM's. Today, I'm testing the version 4.15, just working with power off
>> > VM's.
>> >
>> Aha, you mean live storage migration between different types of primary
>> storage.
>>
>> That is indeed not supported with KVM and also not on the roadmap at the
>> moment.
>>
>> Wido
>>
>> > Best regards.
>> >
>> > Em 26/05/2021 04:08, Wido den Hollander escreveu:
>> >>
>> >>
>> >> On 25/05/2021 13:32, Kalil de Albuquerque Carvalho wrote:
>> >>> Hello all.
>> >>>
>> >>> Reading the manual I discovery that live migration is not support for
>> >>> KVM hypervisor. I was wander if there are studies or predictions for
>> >>> this features on KVM hosts.
>> >>>
>> >>
>> >> Where did you read this? Live Migration with the KVM hypervisor works
>> >> just fine.
>> >>
>> >> Wido
>> >>
>> >>> Yet on the manual citation, it said that migration just can occur
>> >>> from CEPH/NFS to "SolidFire Managed Storage". On my tests we are
>> >>> using Gluster as Primary Storage and not appear any storage to
>> >>> migrate to. We created tow differents Primary Storages for this kind
>> >>> of tests. Is that correct, migration in this case just will occur
>> >>> from/to CEPH/NFS? If yes, will be same future release that will be
>> >>> possible migration between Guster storages?
>> >>>
>> >>> Best regars.
>> >>>
>> >>
>>
>
>
> --
>
> Andrija Panić
>
>

-- 

Andrija Panić