Re: [one-users] How to secure VNC access?
The novnc-server will translate WebSockets traffic to normal socket traffic, therefore you don't have to expose the host IP to the final user, she will interact with the proxy. Cheers On 10 February 2015 at 11:33, Nico Schottelius nico-opennebula@schottelius.org wrote: Hey, I think I haven't (at least I didn't enable it explicitly). If the novnc-server is enabled, how do I configure the templates? Because at the moment, vnc listens to 0.0.0.0 and is accessible if someone knows the IP and port. Cheers, Nico Daniel Molina [Tue, Feb 10, 2015 at 10:54:36AM +0100]: Hi, Are you using the novnc-server included in OpenNebula? This component uses a websocket proxy, so that you don't have to expose the VNC socket to your users, and it will take care of the different tcp sockets. Cheers On 6 February 2015 at 12:50, Nico Schottelius nico-opennebula@schottelius.org wrote: Good day, we are about to setup our fourth hosting plattform in the next weeks, based on opennebula 4.10.2, ubuntu 14.0 and gluster 3.x (x ~= 4..6). In our tests the VNC socket of the VMs has been exposed on the hosts directly accessible on 0.0.0.0 - for everyone. Given that sunstone will be usable by our customers and VMs will be running on hosts other than the one running sunstone, what is the default secure alternative in opennebula? Do you support vnc / ssh tunneling like described on [0]? This process is pretty neat, because you don't need to expose VNC at all and not care about numbering of tcp sockets. I guess a combination of ssh unix socket tunneling plus spice on the frontend is probably the safest solution - what are your opinions? How do you configure VNC access at the moment? [0] http://www.nico.schottelius.org/blog/tunneling-qemu-kvm-unix-socket-via-ssh/ -- New PGP key: 659B 0D91 E86E 7E24 FD15 69D0 C729 21A1 293F 2D24 ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- -- Daniel Molina Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula -- New PGP key: 659B 0D91 E86E 7E24 FD15 69D0 C729 21A1 293F 2D24 -- -- Daniel Molina Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] Upcoming TechDays in 2015
Dear community, Besides our annual OpenNebula Conference, we are planning to organize Technology Day events in multiple cities globally during 2015. In the shorter term we are planning to organize TechDays in: * Prague, Czech Republic * Dublin, Ireland * Dallas, USA * Chicago, USA Please send us an email at eve...@opennebula.org if you are interested in hosting or participating in a TechDays event. We look forward to your answers http://opennebula.org/upcoming-techdays-in-2015/ -- -- Daniel Molina Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] How to secure VNC access?
Hey Daniel, thanks for following up - I will lock down vnc ports to to only allow access from the frontend to this a try today! Cheers, Nico Daniel Molina [Fri, Feb 13, 2015 at 09:17:55AM +0100]: The novnc-server will translate WebSockets traffic to normal socket traffic, therefore you don't have to expose the host IP to the final user, she will interact with the proxy. Cheers On 10 February 2015 at 11:33, Nico Schottelius nico-opennebula@schottelius.org wrote: Hey, I think I haven't (at least I didn't enable it explicitly). If the novnc-server is enabled, how do I configure the templates? Because at the moment, vnc listens to 0.0.0.0 and is accessible if someone knows the IP and port. Cheers, Nico Daniel Molina [Tue, Feb 10, 2015 at 10:54:36AM +0100]: Hi, Are you using the novnc-server included in OpenNebula? This component uses a websocket proxy, so that you don't have to expose the VNC socket to your users, and it will take care of the different tcp sockets. Cheers On 6 February 2015 at 12:50, Nico Schottelius nico-opennebula@schottelius.org wrote: Good day, we are about to setup our fourth hosting plattform in the next weeks, based on opennebula 4.10.2, ubuntu 14.0 and gluster 3.x (x ~= 4..6). In our tests the VNC socket of the VMs has been exposed on the hosts directly accessible on 0.0.0.0 - for everyone. Given that sunstone will be usable by our customers and VMs will be running on hosts other than the one running sunstone, what is the default secure alternative in opennebula? Do you support vnc / ssh tunneling like described on [0]? This process is pretty neat, because you don't need to expose VNC at all and not care about numbering of tcp sockets. I guess a combination of ssh unix socket tunneling plus spice on the frontend is probably the safest solution - what are your opinions? How do you configure VNC access at the moment? [0] http://www.nico.schottelius.org/blog/tunneling-qemu-kvm-unix-socket-via-ssh/ -- New PGP key: 659B 0D91 E86E 7E24 FD15 69D0 C729 21A1 293F 2D24 ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- -- Daniel Molina Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula -- New PGP key: 659B 0D91 E86E 7E24 FD15 69D0 C729 21A1 293F 2D24 -- -- Daniel Molina Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula -- New PGP key: 659B 0D91 E86E 7E24 FD15 69D0 C729 21A1 293F 2D24 ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] [Sunstone] Mixing password and X509 authentication
Hi,
In this file you can check the headers used by the x509 auth
https://github.com/OpenNebula/one/blob/master/src/cloud/common/CloudAuth/X509CloudAuth.rb
an this is an old guide on how to setup this configuration in Apache:
http://community.opennebula.org/sunstone_x509
Hope this helps
On 10 February 2015 at 17:16, Daniel Dehennin daniel.dehen...@baby-gnu.org
wrote:
Hello,
I would like to mix the authentication methods on Sunstone.
I created an X509 user[1] and the one* CLI are working with it.
According to the documentation[2], I need to switch Sunstone to “x509”,
but I thought that using “:auth: opennebula” permit to use whatever is
configured for the user.
I first try as explained in the documentation:
- set “:auth: x509” in sunstone
- install user certificate authority to “/etc/one/auth/certificates/”
- configure my nginx as describe in attachement
- install the user x509 certificate on my iceweasel 35.0.1 browser
When I access Sunstone, my browser ask me to choose my certificate but I
finish on login page with only a “Login” button plus the “Keep me logged
in” checkbox.
I should have miss some headers to add to my Requests.
Any hints?
Regards.
Footnotes:
[1]
http://docs.opennebula.org/4.10/administration/authentication/x509_auth.html
[2]
http://docs.opennebula.org/4.10/administration/authentication/x509_auth.html#enabling-x509-auth-in-sunstone
--
Daniel Dehennin
Récupérer ma clef GPG: gpg --recv-keys 0xCC1E9E5B7A6FE2DF
Fingerprint: 3E69 014E 5C23 50E8 9ED6 2AAD CC1E 9E5B 7A6F E2DF
# Opennebula Sunstone
upstream sunstone {
server 127.0.0.1:9869;
}
upstream onerpc {
server 127.0.0.1:2633;
}
# Port 80 redirected to SSL
server {
listen 80;
server_namenebula.example.net;
location / {
return 301 https://$host$request_uri?;
}
}
# SSL reverse-proxy
server {
listen 443 default_server;
listen [::]:443 default_server ipv6only=on;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_client_certificate /etc/nginx/ssl/ca.crt;
ssl_verify_client optional;
root /usr/share/nginx/html;
index index.html index.htm;
server_name nebula.example.net;
access_log /var/log/nginx/opennebula-sunstone-access.log;
error_log /var/log/nginx/opennebula-sunstone-error.log;
client_max_body_size 5G;
location / {
try_files $uri @sunstone;
}
location /RPC2 {
include proxy_params;
proxy_pass http://onerpc;
}
location @sunstone {
include proxy_params;
proxy_set_header SSL_CLIENT_S_DN $ssl_client_s_dn;
proxy_set_header SSL_CLIENT_I_DN $ssl_client_i_dn;
proxy_set_header SSH_CLIENT_VERIFY $ssl_client_verify;
proxy_set_header SSH_CLIENT_CERT $ssl_client_cert;
include ssl_parms;
proxy_pass http://sunstone;
}
}
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
--
--
Daniel Molina
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] What are the causes let OpenNebula thinks VM is POWEROFF and how to recover?
Hi, I would suspect this to happen when the probe times out somehow (due to the network issues etc.) or simply it cannot detect the VM at the moment. Does the VM remain in 'poweroff' state forever or does it become 'running' again after some time? Ondra From: Users [mailto:users-boun...@lists.opennebula.org] On Behalf Of Liu, Gene Sent: Friday, February 13, 2015 3:34 PM To: users@lists.opennebula.org Subject: [one-users] What are the causes let OpenNebula thinks VM is POWEROFF and how to recover? Hi Everyone, Anyone had ever encounter an issue about VM stat changes to POWEROFF a few minutes (2 ~ 3 minutes) after RUNNING? The actual problem is that the POWEROFF stat is incorrect as the VM is actually running on the computing node. If you try to boot it back, it will failed as that instance is already running on the same computing node. Is it a bug of OpenNebula? Any suggestions to get it recovered? Thanks, Gene * VM log Thu Feb 12 14:46:36 2015 [Z0][DiM][I]: New VM state is ACTIVE. Thu Feb 12 14:46:37 2015 [Z0][LCM][I]: New VM state is PROLOG. Thu Feb 12 14:49:43 2015 [Z0][LCM][I]: New VM state is BOOT Thu Feb 12 14:49:43 2015 [Z0][VMM][I]: Generating deployment file: /var/lib/one/vms/42922/deployment.0 Thu Feb 12 14:49:43 2015 [Z0][VMM][I]: ExitCode: 0 Thu Feb 12 14:49:43 2015 [Z0][VMM][I]: Successfully execute network driver operation: pre. Thu Feb 12 14:49:46 2015 [Z0][VMM][I]: ExitCode: 0 Thu Feb 12 14:49:46 2015 [Z0][VMM][I]: Successfully execute virtualization driver operation: deploy. Thu Feb 12 14:49:46 2015 [Z0][VMM][I]: ExitCode: 0 Thu Feb 12 14:49:46 2015 [Z0][VMM][I]: Successfully execute network driver operation: post. Thu Feb 12 14:49:46 2015 [Z0][LCM][I]: New VM state is RUNNING Thu Feb 12 14:51:48 2015 [Z0][DiM][I]: New VM state is POWEROFF This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding. ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] What are the causes let OpenNebula thinks VM is POWEROFF and how to recover?
Hi Everyone, Anyone had ever encounter an issue about VM stat changes to POWEROFF a few minutes (2 ~ 3 minutes) after RUNNING? The actual problem is that the POWEROFF stat is incorrect as the VM is actually running on the computing node. If you try to boot it back, it will failed as that instance is already running on the same computing node. Is it a bug of OpenNebula? Any suggestions to get it recovered? Thanks, Gene * VM log Thu Feb 12 14:46:36 2015 [Z0][DiM][I]: New VM state is ACTIVE. Thu Feb 12 14:46:37 2015 [Z0][LCM][I]: New VM state is PROLOG. Thu Feb 12 14:49:43 2015 [Z0][LCM][I]: New VM state is BOOT Thu Feb 12 14:49:43 2015 [Z0][VMM][I]: Generating deployment file: /var/lib/one/vms/42922/deployment.0 Thu Feb 12 14:49:43 2015 [Z0][VMM][I]: ExitCode: 0 Thu Feb 12 14:49:43 2015 [Z0][VMM][I]: Successfully execute network driver operation: pre. Thu Feb 12 14:49:46 2015 [Z0][VMM][I]: ExitCode: 0 Thu Feb 12 14:49:46 2015 [Z0][VMM][I]: Successfully execute virtualization driver operation: deploy. Thu Feb 12 14:49:46 2015 [Z0][VMM][I]: ExitCode: 0 Thu Feb 12 14:49:46 2015 [Z0][VMM][I]: Successfully execute network driver operation: post. Thu Feb 12 14:49:46 2015 [Z0][LCM][I]: New VM state is RUNNING Thu Feb 12 14:51:48 2015 [Z0][DiM][I]: New VM state is POWEROFF ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] wrong gateway detected by vm-context
I have found the solution. GATEWAY_IFACE must be set, but in upper case. I don't know why. Any idea? If I put GATEWAY_IFACE=eth1 (eth1 is the real name) it doesn't work, but GATEWAY_IFACE=ETH1 works... Le Fri Feb 13 2015 at 10:03:33, Madko madk...@gmail.com a écrit : Hi, It seems vmcontext scripts try to guess the gateway IP as soon as any interface has a gateway set. Here is my case: one vm with eth0 to internal admin network, and eth1 to wan. Only eth1 has a gateway set. When init script vmcontext start, it found out that there is a gateway (but on eth1), and so is_gateway function on eth0 seems to returns true. After that the gateway is guessed with NETWORK_ADDRESS.1 but I don't know why? here is my context: ETH0_IP='192.168.199.109' ETH0_MAC='02:00:c0:a8:c7:6d' ETH1_DNS='10.156.255.245' ETH1_GATEWAY='10.156.0.1' ETH1_IP='10.156.24.93' ETH1_MAC='02:00:0a:9c:18:5d' ETH1_MASK='255.255.224.0' ETH1_NETWORK='10.156.0.0' Here is the ifcfg-eth0 written by vmcontext init script: DEVICE=eth0 BOOTPROTO=none ONBOOT=yes TYPE=Ethernet NETMASK=255.255.255.0 IPADDR=192.168.199.109 GATEWAY=192.168.199.1 ifcfg-eth1 is good and has its gateway correctly set. Here is my vnet template where no gateway is set (same problem if I remove the empty GATEWAY key): VIRTUAL NETWORK TEMPLATE BRIDGE=br0 DESCRIPTION=réseau admin vm GATEWAY= PHYDEV= ROLE=admin VLAN=YES VLAN_ID=199 is it a bug? Attached here is the vmcontext network script log best regards, Edouard ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] What are the causes let OpenNebula thinks VM is POWEROFF and how to recover?
Hi This problem is as described by Ondra becasue of a kind of race condition between the boot process and the monitor probes. You may or may not see it depending on timing network and the like. OpenNebula 4.10.2 includes some logic to deal with this and also to recover automatically the VM when its again monitored. What version are you running? Ruben On Fri Feb 13 2015 at 3:51:40 PM Hamada, Ondrej ondrej.ham...@acision.com wrote: Hi, I would suspect this to happen when the probe times out somehow (due to the network issues etc.) or simply it cannot detect the VM at the moment. Does the VM remain in ‘poweroff’ state forever or does it become ‘running’ again after some time? Ondra *From:* Users [mailto:users-boun...@lists.opennebula.org] *On Behalf Of *Liu, Gene *Sent:* Friday, February 13, 2015 3:34 PM *To:* users@lists.opennebula.org *Subject:* [one-users] What are the causes let OpenNebula thinks VM is POWEROFF and how to recover? Hi Everyone, Anyone had ever encounter an issue about VM stat changes to POWEROFF a few minutes (2 ~ 3 minutes) after RUNNING? The actual problem is that the POWEROFF stat is incorrect as the VM is actually running on the computing node. If you try to boot it back, it will failed as that instance is already running on the same computing node. Is it a bug of OpenNebula? Any suggestions to get it recovered? Thanks, Gene * VM log Thu Feb 12 14:46:36 2015 [Z0][DiM][I]: New VM state is ACTIVE. Thu Feb 12 14:46:37 2015 [Z0][LCM][I]: New VM state is PROLOG. Thu Feb 12 14:49:43 2015 [Z0][LCM][I]: New VM state is BOOT Thu Feb 12 14:49:43 2015 [Z0][VMM][I]: Generating deployment file: /var/lib/one/vms/42922/deployment.0 Thu Feb 12 14:49:43 2015 [Z0][VMM][I]: ExitCode: 0 Thu Feb 12 14:49:43 2015 [Z0][VMM][I]: Successfully execute network driver operation: pre. Thu Feb 12 14:49:46 2015 [Z0][VMM][I]: ExitCode: 0 Thu Feb 12 14:49:46 2015 [Z0][VMM][I]: Successfully execute virtualization driver operation: deploy. Thu Feb 12 14:49:46 2015 [Z0][VMM][I]: ExitCode: 0 Thu Feb 12 14:49:46 2015 [Z0][VMM][I]: Successfully execute network driver operation: post. Thu Feb 12 14:49:46 2015 [Z0][LCM][I]: New VM state is RUNNING Thu Feb 12 14:51:48 2015 [Z0][DiM][I]: New VM state is POWEROFF -- This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding. ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] clusters in 4.8
I have had my one4.8 host up for a while with a single cluster that has 150 hosts, one vnet, and a system and image datastore. I am now adding hosts from a different vnet. want to make second host + vnet cluster but still use the same system and image data stores. What's the right way to do that.. just remove the datastores from the first cluster... they can't be in more than one cluster at a time, can they? Thanks for any suggestions. Steve Timm -- Steven C. Timm, Ph.D (630) 840-8525 t...@fnal.gov http://home.fnal.gov/~timm/ Office: Wilson Hall room 804 Fermilab Scientific Computing Division, Scientific Computing Facilities Quadrant., Experimental Computing Facilities Dept., Project Lead for Virtual Facility Project. ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] clusters in 4.8
Yes, you can do: Cluster A: Host_A0, Host_A1... + VNET_A0, VNET_A1... Cluster B: HostB0, HostB1... + VNET_B0, VNET_B1... Cluster Default: DS, DS_System Then a VM that uses VNET_A0 + DS would be scheduled to Cluster A. Note that using VNET_A0 constrain resources from Cluster A + Cluster Default. Cheers Ruben On Fri, Feb 13, 2015 at 10:42 PM, Steven C Timm t...@fnal.gov wrote: I know if I just take the vnet and the datastore out of the cluster, and have no clusters at all, then everything will work.. I was hoping to have a cluster structure of (host,vnet) pairings that could all share a common data store. However from the documentation, it looks like if your template requests any resource that is part of a cluster (vnet or image from datastore) then the scheduler will constrain you to resources that are part of that same cluster. Is that correct? Steve Timm From: Ruben S. Montero [rsmont...@opennebula.org] Sent: Friday, February 13, 2015 3:11 PM To: Steven C Timm Cc: users@lists.opennebula.org Subject: Re: [one-users] clusters in 4.8 Hi If both clusters has access to the same datastores, just move them out of the first cluster. When a datastore or network is not assigned to any cluster (cluster default) OpenNebula assumes it can be used with any host (no matter in which cluster is set). BTW, although you do not needed for your use case, 4.12 will come with extended VDC support to create complex provision scenarios. Basically you can define generic resource providers that aggregate any resource (cluster, host, network, datastores) more here http://opennebula.org/4-12-features-virtual-data-center-redesign/ Cheers On Fri, Feb 13, 2015 at 6:37 PM, Steven Timm t...@fnal.gov wrote: I have had my one4.8 host up for a while with a single cluster that has 150 hosts, one vnet, and a system and image datastore. I am now adding hosts from a different vnet. want to make second host + vnet cluster but still use the same system and image data stores. What's the right way to do that.. just remove the datastores from the first cluster... they can't be in more than one cluster at a time, can they? Thanks for any suggestions. Steve Timm -- Steven C. Timm, Ph.D (630) 840-8525 t...@fnal.gov http://home.fnal.gov/~timm/ Office: Wilson Hall room 804 Fermilab Scientific Computing Division, Scientific Computing Facilities Quadrant., Experimental Computing Facilities Dept., Project Lead for Virtual Facility Project. ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- Ruben S. Montero, PhD Project co-Lead and Chief Architect OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | rsmont...@opennebula.org | @OpenNebula -- Ruben S. Montero, PhD Project co-Lead and Chief Architect OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | rsmont...@opennebula.org | @OpenNebula ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] clusters in 4.8
I know if I just take the vnet and the datastore out of the cluster, and have no clusters at all, then everything will work.. I was hoping to have a cluster structure of (host,vnet) pairings that could all share a common data store. However from the documentation, it looks like if your template requests any resource that is part of a cluster (vnet or image from datastore) then the scheduler will constrain you to resources that are part of that same cluster. Is that correct? Steve Timm From: Ruben S. Montero [rsmont...@opennebula.org] Sent: Friday, February 13, 2015 3:11 PM To: Steven C Timm Cc: users@lists.opennebula.org Subject: Re: [one-users] clusters in 4.8 Hi If both clusters has access to the same datastores, just move them out of the first cluster. When a datastore or network is not assigned to any cluster (cluster default) OpenNebula assumes it can be used with any host (no matter in which cluster is set). BTW, although you do not needed for your use case, 4.12 will come with extended VDC support to create complex provision scenarios. Basically you can define generic resource providers that aggregate any resource (cluster, host, network, datastores) more here http://opennebula.org/4-12-features-virtual-data-center-redesign/ Cheers On Fri, Feb 13, 2015 at 6:37 PM, Steven Timm t...@fnal.gov wrote: I have had my one4.8 host up for a while with a single cluster that has 150 hosts, one vnet, and a system and image datastore. I am now adding hosts from a different vnet. want to make second host + vnet cluster but still use the same system and image data stores. What's the right way to do that.. just remove the datastores from the first cluster... they can't be in more than one cluster at a time, can they? Thanks for any suggestions. Steve Timm -- Steven C. Timm, Ph.D (630) 840-8525 t...@fnal.gov http://home.fnal.gov/~timm/ Office: Wilson Hall room 804 Fermilab Scientific Computing Division, Scientific Computing Facilities Quadrant., Experimental Computing Facilities Dept., Project Lead for Virtual Facility Project. ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- Ruben S. Montero, PhD Project co-Lead and Chief Architect OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | rsmont...@opennebula.org | @OpenNebula ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] clusters in 4.8
Hi If both clusters has access to the same datastores, just move them out of the first cluster. When a datastore or network is not assigned to any cluster (cluster default) OpenNebula assumes it can be used with any host (no matter in which cluster is set). BTW, although you do not needed for your use case, 4.12 will come with extended VDC support to create complex provision scenarios. Basically you can define generic resource providers that aggregate any resource (cluster, host, network, datastores) more here http://opennebula.org/4-12-features-virtual-data-center-redesign/ Cheers On Fri, Feb 13, 2015 at 6:37 PM, Steven Timm t...@fnal.gov wrote: I have had my one4.8 host up for a while with a single cluster that has 150 hosts, one vnet, and a system and image datastore. I am now adding hosts from a different vnet. want to make second host + vnet cluster but still use the same system and image data stores. What's the right way to do that.. just remove the datastores from the first cluster... they can't be in more than one cluster at a time, can they? Thanks for any suggestions. Steve Timm -- Steven C. Timm, Ph.D (630) 840-8525 t...@fnal.gov http://home.fnal.gov/~timm/ Office: Wilson Hall room 804 Fermilab Scientific Computing Division, Scientific Computing Facilities Quadrant., Experimental Computing Facilities Dept., Project Lead for Virtual Facility Project. ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- Ruben S. Montero, PhD Project co-Lead and Chief Architect OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | rsmont...@opennebula.org | @OpenNebula ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Official Debian packages
Alberto Zuin - Liste li...@albertozuin.eu writes: Hello all, Hello, just for information, I know there is a pre-compiled version of OpenNebula in your repository, but in the official Debian repository there is only an old version of OpenNebula for Wheezy (3.4) and only the contextualization package for the upcoming Jessie. There is any plan to have the package in the official Jessie repository? First, I'm neither from the OpenNebula team nor a Debian developper. I see no activity on the Debian repository[1]. I started[2] to rework the Debian packaging. It's a big work, for now lintian is far from being happy[3] and I don't know if the OpenNebula team is OK with it[4]. I do not even take the DFSG into account or the duplication of some components[5] with other Debian packages. So, I can't answer for others but it does not looks like it planed to make the fast moving OpenNebula fit the distribution releases. Regards. Footnotes: [1] http://anonscm.debian.org/cgit/pkg-opennebula/opennebula.git [2] https://github.com/baby-gnu/one/tree/pkg/debian/master [3] c.f. attachement [4] http://dev.opennebula.org/issues/3129#note-5 [5] https://bugs.debian.org/774114 -- Daniel Dehennin Récupérer ma clef GPG: gpg --recv-keys 0xCC1E9E5B7A6FE2DF Fingerprint: 3E69 014E 5C23 50E8 9ED6 2AAD CC1E 9E5B 7A6F E2DF signature.asc Description: PGP signature ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Official Debian packages
Daniel Dehennin daniel.dehen...@baby-gnu.org writes: [...] It's a big work, for now lintian is far from being happy[3] [...] [3] c.f. attachement Missing attachement, sorry. -- Daniel Dehennin Récupérer ma clef GPG: gpg --recv-keys 0xCC1E9E5B7A6FE2DF Fingerprint: 3E69 014E 5C23 50E8 9ED6 2AAD CC1E 9E5B 7A6F E2DF P: opennebula source: source-contains-prebuilt-java-object src/oca/java/lib/xmlrpc-common-3.1.2.jar N: N:The source tarball contains a prebuilt Java class file. These are often N:included by mistake when developers generate a tarball without cleaning N:the source directory first. If there is no sign this was intended, N:consider reporting it as an upstream bug. N: N:Severity: pedantic, Certainty: possible N: N:Check: cruft, Type: source N: P: opennebula source: source-contains-prebuilt-java-object src/oca/java/lib/xmlrpc-client-3.1.2.jar P: opennebula source: source-contains-prebuilt-java-object src/oca/java/lib/ws-commons-util-1.0.2.jar P: opennebula source: source-contains-prebuilt-javascript-object src/sunstone/public/vendor/crypto-js/sha1-min.js N: N:The source tarball contains a prebuilt (minified) JavaScript object. N:They are usually left by mistake when generating the tarball by not N:cleaning the source directory first. You may want to report this as an N:upstream bug, in case there is no sign that this was intended. N: N:Severity: pedantic, Certainty: possible N: N:Check: cruft, Type: source N: E: opennebula source: source-is-missing src/sunstone/public/vendor/crypto-js/sha1-min.js N: N:The source of the following file is missing. Lintian checked a few N:possible paths to find the source, and do not find it. N: N:Please repack your package to include the source or add it to N:debian/missing-sources directory. N: N:If this is a false-positive, please report a bug against Lintian. N: N:Severity: serious, Certainty: possible N: N:Check: cruft, Type: source N: P: opennebula source: source-contains-prebuilt-javascript-object src/sunstone/public/vendor/crypto-js/enc-base64-min.js E: opennebula source: source-is-missing src/sunstone/public/vendor/crypto-js/enc-base64-min.js P: opennebula source: source-contains-prebuilt-javascript-object src/sunstone/public/vendor/crypto-js/core-min.js E: opennebula source: source-is-missing src/sunstone/public/vendor/crypto-js/core-min.js P: opennebula source: source-contains-prebuilt-javascript-object src/sunstone/public/bower_components/jquery-migrate/jquery-migrate.min.js P: opennebula source: source-contains-prebuilt-javascript-object src/sunstone/public/bower_components/jgrowl/jquery.jgrowl.min.js P: opennebula source: source-contains-prebuilt-javascript-object src/sunstone/public/bower_components/flot/excanvas.min.js P: opennebula source: source-contains-prebuilt-javascript-object src/sunstone/public/vendor/4.0/nouislider/jquery.nouislider.min.js E: opennebula source: source-is-missing src/sunstone/public/vendor/4.0/nouislider/jquery.nouislider.min.js P: opennebula source: source-contains-prebuilt-javascript-object src/sunstone/public/bower_components/sizzle/dist/sizzle.min.js P: opennebula source: source-contains-prebuilt-javascript-object src/sunstone/public/bower_components/no-vnc/include/logo.js mean line length is about 16184 characters E: opennebula source: source-is-missing src/sunstone/public/bower_components/no-vnc/include/logo.js P: opennebula source: source-contains-prebuilt-javascript-object src/sunstone/public/bower_components/no-vnc/include/keysymdef.js mean line length is about 3983 characters E: opennebula source: source-is-missing src/sunstone/public/bower_components/no-vnc/include/keysymdef.js P: opennebula source: source-contains-prebuilt-javascript-object src/sunstone/public/bower_components/jquery/dist/jquery.min.js P: opennebula source: source-contains-prebuilt-javascript-object src/sunstone/public/bower_components/foundation/js/foundation.min.js P: opennebula source: source-contains-prebuilt-javascript-object src/sunstone/public/bower_components/flot.tooltip/js/jquery.flot.tooltip.min.js P: opennebula source: source-contains-prebuilt-javascript-object src/sunstone/public/bower_components/flot.tooltip/js/excanvas.min.js E: opennebula source: source-is-missing src/sunstone/public/bower_components/flot.tooltip/js/excanvas.min.js P: opennebula source: source-contains-prebuilt-javascript-object src/sunstone/public/bower_components/no-vnc/include/web-socket-js/swfobject.js mean line length is about 10071 characters E: opennebula source: source-is-missing src/sunstone/public/bower_components/no-vnc/include/web-socket-js/swfobject.js P: opennebula source: source-contains-prebuilt-flash-object src/sunstone/public/bower_components/no-vnc/include/web-socket-js/WebSocketMain.swf N: N:The source tarball contains a prebuilt file in the Shockwave Flash (SWF) N:or Flash Video (FLV)
Re: [one-users] clusters in 4.8
OK here we go: VM in question is taking an image from image store 102 (currently in no cluster), vnet 0 routable private from cluster 100 cloud worker also a number of hosts, including hosts # 0 and 2, also part of cluster cloud worker VM stays pending for ever, hold reason is below.--it is requiring that cluster ID has to be 100. Same image and same datastore and same vnet outside of the cluster, work just fine. Seems like if I require any resource from the cluster, in this case a vnet, then all resources have to be in the cluster. Am I missing something? Steve Timm [root@fclheadgpvm01 one]# onevm show 1054 | more VIRTUAL MACHINE 1054 INFORMATION ID : 1054 NAME: CLI_PRIV_SLF6Vanilla-1054 USER: oneadmin GROUP : oneadmin STATE : PENDING LCM_STATE : LCM_INIT RESCHED : No START TIME : 02/13 17:44:52 END TIME: - DEPLOY ID : - VIRTUAL MACHINE MONITORING NET_RX : 0K USED MEMORY : 0K USED CPU: 0 NET_TX : 0K PERMISSIONS OWNER : um- GROUP : --- OTHER : --- VM DISKS ID TARGET IMAGE TYPE SAVE SAVE_AS 0 vdaSLF6Vanilla file NO - VM NICS ID NETWORK VLAN BRIDGE IP MAC 0 routable-private no br1 10.128.1.9 54:52:00:02:0d:09 USER TEMPLATE NPTYPE=NPERNLM SCHED_MESSAGE=Fri Feb 13 17:46:29 2015 : No system datastore meets SCHED_DS_REQ UIREMENTS: CLUSTER_ID = 100 !(PUBLIC_CLOUD = YES) SCHED_RANK=FREE_MEM SCHED_REQUIREMENTS=HYPERVISOR=\kvm\ HOSTNAME=\cloudworker*\ VIRTUAL MACHINE TEMPLATE AUTOMATIC_REQUIREMENTS=CLUSTER_ID = 100 !(PUBLIC_CLOUD = YES) CONTEXT=[ CTX_USER=PFVTRVI+PElEPjA8L0lEPjxHSUQ+MDwvR0lEPjxHUk9VUFM+PElEPjA8L0lEPjwvR1JP VVBTPjxHTkFNRT5vbmVhZG1pbjwvR05BTUU+PE5BTUU+b25lYWRtaW48L05BTUU+PFBBU1NXT1JEPi9E Qz1jb20vREM9RGlnaUNlcnQtR3JpZC9PPU9wZW5cMjBTY2llbmNlXDIwR3JpZC9PVT1TZXJ2aWNlcy9D Tj1mY2xoZWFkZ3B2bTAxLmZuYWwuZ292PC9QQVNTV09SRD48QVVUSF9EUklWRVI+eDUwOTwvQVVUSF9E UklWRVI+PEVOQUJMRUQ+MTwvRU5BQkxFRD48VEVNUExBVEU+PFRPS0VOX1BBU1NXT1JEPjwhW0NEQVRB [root@fclheadgpvm01 one]# onedatastore list ID NAMESIZE AVAIL CLUSTER IMAGES TYPE DS TM 0 system0M - - 0 sys -shared 1 default21.2G 85% - 0 img fs shared 2 files 21.2G 85% - 0 fil fs ssh 100 localnode - - - 0 sys -ssh 102 cloud_images 20T 75% - 2 img fs shared [root@fclheadgpvm01 one]# onevnet list ID USERGROUPNAMECLUSTERBRIDGE LEASES 0 oneadminoneadmin routable-privatecloudworke br1 8 2 oneadminoneadmin DynamicIP - br0 13 3 oneadminoneadmin StaticIP- br0 0 [root@fclheadgpvm01 one]# onehost list | more ID NAMECLUSTER RVM ALLOCATED_CPU ALLOCATED_MEM STAT 0 cloudworker1200 cloudwork 4400 / 800 (50%) 7.4G / 15.6G (47%) on 1 cloudworker1201 cloudwork 0 - - off 2 cloudworker1202 cloudwork 0 0 / 800 (0%)0K / 15.6G (0%) on From: Ruben S. Montero [rsmont...@opennebula.org] Sent: Friday, February 13, 2015 4:49 PM To: Steven C Timm Cc: users@lists.opennebula.org Subject: Re: [one-users] clusters in 4.8 Yes, you can do: Cluster A: Host_A0, Host_A1... + VNET_A0, VNET_A1... Cluster B: HostB0, HostB1... + VNET_B0, VNET_B1... Cluster Default: DS, DS_System Then a VM that uses VNET_A0 + DS would be scheduled to Cluster A. Note that using VNET_A0 constrain resources from Cluster A + Cluster Default. Cheers Ruben On Fri, Feb 13, 2015 at 10:42 PM, Steven C Timm t...@fnal.gov wrote: I know if I just take the vnet and the datastore out of the cluster, and have no clusters at all, then everything will work.. I was hoping to have a cluster structure of (host,vnet) pairings that could all share a common data
Re: [one-users] clusters in 4.8
One more followup: host 156 + vnet2 + ds 100/102, all outside the cluster, no problem host 156 + vnet2 + ds100/102, all in the cluster, no problem host 156 and vnet2 in the cluster, DS outside of the cluster, problem. SCHED_MESSAGE=Fri Feb 13 18:06:29 2015 : No system datastore meets SCHED_DS_REQUIREMENTS: CLUSTER_ID = 101 !(PUBLIC_CLOUD = YES) host 156 in the cluster, vnet2 and DS out of the cluster No error message but it never matches either. Fri Feb 13 18:24:29 2015 [Z0][HOST][D]: Discovered Hosts (enabled): 0 2 156 Fri Feb 13 18:24:29 2015 [Z0][SCHED][D]: VM 1058: Host 0 filtered out. It does not fulfill SCHED_REQUIREMENTS. Fri Feb 13 18:24:29 2015 [Z0][SCHED][D]: VM 1058: Host 2 filtered out. It does not fulfill SCHED_REQUIREMENTS. Fri Feb 13 18:24:29 2015 [Z0][SCHED][I]: Scheduling Results: Virtual Machine: 1058 PRI ID - HOSTS 1 156 PRI ID - DATASTORES 0 100 0 0 Fri Feb 13 18:24:29 2015 [Z0][SCHED][I]: VM 1058: No suitable System DS found for Host: 156. Filtering out host. Steve Timm From: Steven C Timm Sent: Friday, February 13, 2015 6:01 PM To: Ruben S. Montero Cc: users@lists.opennebula.org Subject: RE: [one-users] clusters in 4.8 PS--if there are other vm's still launched and running from the time when the datastore used to be part of a cluster, could that confuse anything? Do I have to restart oned to clear anything up? Steve Timm From: Steven C Timm Sent: Friday, February 13, 2015 5:56 PM To: Ruben S. Montero Cc: users@lists.opennebula.org Subject: RE: [one-users] clusters in 4.8 OK here we go: VM in question is taking an image from image store 102 (currently in no cluster), vnet 0 routable private from cluster 100 cloud worker also a number of hosts, including hosts # 0 and 2, also part of cluster cloud worker VM stays pending for ever, hold reason is below.--it is requiring that cluster ID has to be 100. Same image and same datastore and same vnet outside of the cluster, work just fine. Seems like if I require any resource from the cluster, in this case a vnet, then all resources have to be in the cluster. Am I missing something? Steve Timm [root@fclheadgpvm01 one]# onevm show 1054 | more VIRTUAL MACHINE 1054 INFORMATION ID : 1054 NAME: CLI_PRIV_SLF6Vanilla-1054 USER: oneadmin GROUP : oneadmin STATE : PENDING LCM_STATE : LCM_INIT RESCHED : No START TIME : 02/13 17:44:52 END TIME: - DEPLOY ID : - VIRTUAL MACHINE MONITORING NET_RX : 0K USED MEMORY : 0K USED CPU: 0 NET_TX : 0K PERMISSIONS OWNER : um- GROUP : --- OTHER : --- VM DISKS ID TARGET IMAGE TYPE SAVE SAVE_AS 0 vdaSLF6Vanilla file NO - VM NICS ID NETWORK VLAN BRIDGE IP MAC 0 routable-private no br1 10.128.1.9 54:52:00:02:0d:09 USER TEMPLATE NPTYPE=NPERNLM SCHED_MESSAGE=Fri Feb 13 17:46:29 2015 : No system datastore meets SCHED_DS_REQ UIREMENTS: CLUSTER_ID = 100 !(PUBLIC_CLOUD = YES) SCHED_RANK=FREE_MEM SCHED_REQUIREMENTS=HYPERVISOR=\kvm\ HOSTNAME=\cloudworker*\ VIRTUAL MACHINE TEMPLATE AUTOMATIC_REQUIREMENTS=CLUSTER_ID = 100 !(PUBLIC_CLOUD = YES) CONTEXT=[ CTX_USER=PFVTRVI+PElEPjA8L0lEPjxHSUQ+MDwvR0lEPjxHUk9VUFM+PElEPjA8L0lEPjwvR1JP VVBTPjxHTkFNRT5vbmVhZG1pbjwvR05BTUU+PE5BTUU+b25lYWRtaW48L05BTUU+PFBBU1NXT1JEPi9E Qz1jb20vREM9RGlnaUNlcnQtR3JpZC9PPU9wZW5cMjBTY2llbmNlXDIwR3JpZC9PVT1TZXJ2aWNlcy9D Tj1mY2xoZWFkZ3B2bTAxLmZuYWwuZ292PC9QQVNTV09SRD48QVVUSF9EUklWRVI+eDUwOTwvQVVUSF9E UklWRVI+PEVOQUJMRUQ+MTwvRU5BQkxFRD48VEVNUExBVEU+PFRPS0VOX1BBU1NXT1JEPjwhW0NEQVRB [root@fclheadgpvm01 one]# onedatastore list ID NAMESIZE AVAIL CLUSTER IMAGES TYPE DS TM 0 system0M - - 0 sys -shared 1 default21.2G 85% - 0 img fs shared 2 files 21.2G 85% - 0 fil fs ssh 100 localnode - - - 0 sys -ssh 102 cloud_images 20T 75% - 2 img fs shared [root@fclheadgpvm01 one]# onevnet list ID USERGROUPNAMECLUSTERBRIDGE LEASES 0 oneadminoneadmin routable-privatecloudworke br1 8 2 oneadminoneadmin DynamicIP - br0 13 3 oneadminoneadmin StaticIP- br0 0 [root@fclheadgpvm01 one]# onehost list | more ID NAMECLUSTER RVM ALLOCATED_CPU ALLOCATED_MEM STAT 0 cloudworker1200
Re: [one-users] clusters in 4.8
PS--if there are other vm's still launched and running from the time when the datastore used to be part of a cluster, could that confuse anything? Do I have to restart oned to clear anything up? Steve Timm From: Steven C Timm Sent: Friday, February 13, 2015 5:56 PM To: Ruben S. Montero Cc: users@lists.opennebula.org Subject: RE: [one-users] clusters in 4.8 OK here we go: VM in question is taking an image from image store 102 (currently in no cluster), vnet 0 routable private from cluster 100 cloud worker also a number of hosts, including hosts # 0 and 2, also part of cluster cloud worker VM stays pending for ever, hold reason is below.--it is requiring that cluster ID has to be 100. Same image and same datastore and same vnet outside of the cluster, work just fine. Seems like if I require any resource from the cluster, in this case a vnet, then all resources have to be in the cluster. Am I missing something? Steve Timm [root@fclheadgpvm01 one]# onevm show 1054 | more VIRTUAL MACHINE 1054 INFORMATION ID : 1054 NAME: CLI_PRIV_SLF6Vanilla-1054 USER: oneadmin GROUP : oneadmin STATE : PENDING LCM_STATE : LCM_INIT RESCHED : No START TIME : 02/13 17:44:52 END TIME: - DEPLOY ID : - VIRTUAL MACHINE MONITORING NET_RX : 0K USED MEMORY : 0K USED CPU: 0 NET_TX : 0K PERMISSIONS OWNER : um- GROUP : --- OTHER : --- VM DISKS ID TARGET IMAGE TYPE SAVE SAVE_AS 0 vdaSLF6Vanilla file NO - VM NICS ID NETWORK VLAN BRIDGE IP MAC 0 routable-private no br1 10.128.1.9 54:52:00:02:0d:09 USER TEMPLATE NPTYPE=NPERNLM SCHED_MESSAGE=Fri Feb 13 17:46:29 2015 : No system datastore meets SCHED_DS_REQ UIREMENTS: CLUSTER_ID = 100 !(PUBLIC_CLOUD = YES) SCHED_RANK=FREE_MEM SCHED_REQUIREMENTS=HYPERVISOR=\kvm\ HOSTNAME=\cloudworker*\ VIRTUAL MACHINE TEMPLATE AUTOMATIC_REQUIREMENTS=CLUSTER_ID = 100 !(PUBLIC_CLOUD = YES) CONTEXT=[ CTX_USER=PFVTRVI+PElEPjA8L0lEPjxHSUQ+MDwvR0lEPjxHUk9VUFM+PElEPjA8L0lEPjwvR1JP VVBTPjxHTkFNRT5vbmVhZG1pbjwvR05BTUU+PE5BTUU+b25lYWRtaW48L05BTUU+PFBBU1NXT1JEPi9E Qz1jb20vREM9RGlnaUNlcnQtR3JpZC9PPU9wZW5cMjBTY2llbmNlXDIwR3JpZC9PVT1TZXJ2aWNlcy9D Tj1mY2xoZWFkZ3B2bTAxLmZuYWwuZ292PC9QQVNTV09SRD48QVVUSF9EUklWRVI+eDUwOTwvQVVUSF9E UklWRVI+PEVOQUJMRUQ+MTwvRU5BQkxFRD48VEVNUExBVEU+PFRPS0VOX1BBU1NXT1JEPjwhW0NEQVRB [root@fclheadgpvm01 one]# onedatastore list ID NAMESIZE AVAIL CLUSTER IMAGES TYPE DS TM 0 system0M - - 0 sys -shared 1 default21.2G 85% - 0 img fs shared 2 files 21.2G 85% - 0 fil fs ssh 100 localnode - - - 0 sys -ssh 102 cloud_images 20T 75% - 2 img fs shared [root@fclheadgpvm01 one]# onevnet list ID USERGROUPNAMECLUSTERBRIDGE LEASES 0 oneadminoneadmin routable-privatecloudworke br1 8 2 oneadminoneadmin DynamicIP - br0 13 3 oneadminoneadmin StaticIP- br0 0 [root@fclheadgpvm01 one]# onehost list | more ID NAMECLUSTER RVM ALLOCATED_CPU ALLOCATED_MEM STAT 0 cloudworker1200 cloudwork 4400 / 800 (50%) 7.4G / 15.6G (47%) on 1 cloudworker1201 cloudwork 0 - - off 2 cloudworker1202 cloudwork 0 0 / 800 (0%)0K / 15.6G (0%) on From: Ruben S. Montero [rsmont...@opennebula.org] Sent: Friday, February 13, 2015 4:49 PM To: Steven C Timm Cc: users@lists.opennebula.org Subject: Re: [one-users] clusters in 4.8 Yes, you can do: Cluster A: Host_A0, Host_A1... + VNET_A0, VNET_A1... Cluster B: HostB0, HostB1... + VNET_B0, VNET_B1... Cluster Default: DS, DS_System Then a VM that uses VNET_A0 + DS would be scheduled to Cluster A. Note that using VNET_A0 constrain resources from Cluster A + Cluster Default. Cheers Ruben On Fri, Feb 13, 2015 at 10:42 PM, Steven C Timm t...@fnal.gov wrote: I know if I just take the vnet and the datastore out of the cluster, and have no clusters at all, then everything will work.. I was hoping to have a cluster structure of (host,vnet) pairings that could all share a common data store. However from the documentation, it looks like if your template requests any resource that is part of a cluster (vnet or image from datastore) then the scheduler will constrain you to resources that are part of that same cluster. Is that correct? Steve Timm
