Re: [one-users] IP(v6) network enhancements
Quoting Ruben S. Montero (rsmont...@opennebula.org): Hi Stefan The IPv6 design in OpenNebula is basically designed to work with the auto-configuration features of IPv6. An IPv6 capable host will always have link-local addresses for all their interfaces. AFAIK you cannot disable IPv6 stack per interface. In linux you can do so quite easily: echo 1 /proc/sys/net/ipv6/conf/$interface_name/disable_ipv6 So it really does not make sense to have one interface for IPv4 and other for IPv6, as the IPv4 will also have the link local addreses (plus the host multi-cast address). I agree with you that having seperate IPv4 and IPv6 interfaces (normally) doesn't make much sense. Quoting myself here: 3) two different interfaces, one for IPv4 and one for IPv6. I didn't make myself clear on that point. Just like you I would like to avoid having seperate IPv4 / IPv6 interfaces. But at present the only way to provision a (contextualized) vm with or without IPv6 is to give it an interface in a IPv4 only network or a IPv6 network. If you would like to combine IPv4 and IPv6 in one vnet (dual-stack) and ENFORCE_IPV4, a vm will always get an IPv6 address. There's currently no way to disable that. The thing I would like to propose is the defintion of a dual-stack network with the following attributes: ENABLE_IP, ENABLE_IP6, ENABLE_DUALSTACK, actually funtioning as switches. About the generation of the host-id (the 64 lower bits) can be generated: following the modified EUI-64, based on the IP, or by any other means (usually random generation is accepted as a more secure option). But I see this as part of the guest configuration and probably not for context (although you could generate this through a context variable or using the IPv4 address...) Yeah, this whole IPv4 / IPv6 enable/disable thing can also be handled through contextualization. We could change the behaviour based on some template attributes and fix networking at startup. So the ideal setup is to have a router in your virtual network advertising the IPv6 network prefix (e.g. radvd or zebra) and then let the ICMPv6 protocol autoconfigure the interface. The addresses shown in OpenNebula are supposed to match those obtained by the previous procedure (as long as the prefix advertised is the one configured in the vnet). The downside of having RA's in your network is that vm's that only need/want IPv4 (for whatever reason) have to be adjusted beforehand not to do anything with IPv6 autoconfiguration. On the other hand, if your using VRRPV6, because of network redundancy, routers are obliged to sent them (RA's) and also have to respond to RS requests (RFC 5798) [1]. Currently, the only way to add more IP addresses is to add more network interfaces to the VM. Probably a nice feature could be a NIC of type alias or virtual so you get the lease from the vnet, but not an additional nic. The context script can simple ip addr add the IP from the virtual NIC through context. Exactly, having a alias possibility would be nice. Escpecially if you would like to have all ip administration consistent in OpenNebula. You wouldb able to can query the template for IP info and match that to other ip administration (i.e. reverse dns entries) for consistency checks. This alias feature might overlap / complement [2]. Probably, I am not fully getting your proposal... Does it make more sense now? Gr. Stefan [1]: http://tools.ietf.org/search/rfc5798#section-6.4.3 [2]: http://dev.opennebula.org/issues/1818 -- | BIT BV http://www.bit.nl/Kamer van Koophandel 09090351 | GPG: 0xD14839C6 +31 318 648 688 / i...@bit.nl ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] Adding test system datastore
Hello, I would like to add a new system datastore to make some tests on my ONE 4.2 cluster. My problem is that it will be automatically used when added to my cluster. I would like to define some requirements to make it selectable only for specific VM. Is there a way to mark a system datastore to not be used by default, except for template with the “good” requirements? Regards. -- Daniel Dehennin Récupérer ma clef GPG: gpg --recv-keys 0xCC1E9E5B7A6FE2DF Fingerprint: 3E69 014E 5C23 50E8 9ED6 2AAD CC1E 9E5B 7A6F E2DF signature.asc Description: PGP signature ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Adding test system datastore
Quoting Daniel Dehennin (daniel.dehen...@baby-gnu.org): Hello, I would like to add a new system datastore to make some tests on my ONE 4.2 cluster. My problem is that it will be automatically used when added to my cluster. I would like to define some requirements to make it selectable only for specific VM. You can, in your vm template you can put the following: SCHED_DS_REQUIREMENTS=NAME=NAMEOFYOURTESTDATASTORE. All other DS'es will be filtered out. Is there a way to mark a system datastore to not be used by default, except for template with the “good” requirements? Actually I was looking for this as well :). For example I would like to be able to link certain datastores to groups, i.e. use datastore A for group A by default instead of having it defined in every single template. If users of group A have the possibility to define their own templates and they would forget the SCHED_DS_REQUIREMENTS to their datastore it would end up somewhere else (if at least they have enough rights on other (system) datastores). Basically it would be nice to have even more filtering capabitilites to ensure correct placement/deployment. Gr. Stefan -- | BIT BV http://www.bit.nl/Kamer van Koophandel 09090351 | GPG: 0xD14839C6 +31 318 648 688 / i...@bit.nl signature.asc Description: Digital signature ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Adding test system datastore
Stefan Kooman ste...@bit.nl writes: [...] You can, in your vm template you can put the following: SCHED_DS_REQUIREMENTS=NAME=NAMEOFYOURTESTDATASTORE. All other DS'es will be filtered out. This will force a VM to use this one when it have this SCHED_DS_REQUIREMENTS, but what about all other VMs which do not have any requirements set? As far as I understand, they will use it too. [...] Actually I was looking for this as well :). For example I would like to be able to link certain datastores to groups, i.e. use datastore A for group A by default instead of having it defined in every single template. If users of group A have the possibility to define their own templates and they would forget the SCHED_DS_REQUIREMENTS to their datastore it would end up somewhere else (if at least they have enough rights on other (system) datastores). Basically it would be nice to have even more filtering capabitilites to ensure correct placement/deployment. If I remember correctly, I heard about some group and resource providers mechanisms for 4.6, it may address this. Regards. -- Daniel Dehennin Récupérer ma clef GPG: gpg --recv-keys 0xCC1E9E5B7A6FE2DF Fingerprint: 3E69 014E 5C23 50E8 9ED6 2AAD CC1E 9E5B 7A6F E2DF signature.asc Description: PGP signature ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] Try-out VirtualBox SandBox
Hi, I try VirtualBox SandBox but I can't get the sunstone GUI in the http://opennebula.org/tryout/sandbox-testdrive/ they demand to lopen the browser at *http://:9869* but how can I open the browser ? Regards, Emna Guermazi ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] Multiple network interfaces support (sunstone / oneacct)
Hi List, If a VM has more than one network interface it does not show up in sunstone network tab / oneacct as a seperate network interface. Are the RX and TX counters for VM's with multiple network interfaces added together for all interfaces or is only the first network interface taken into account? I would like to be able to differtiate between interfaces for monitoring and billing purposes. One interface might be a internet uplink while another one might be internal traffic or storage traffic (nfs, iSCSI) each with different cost per MB(ps) traffic. Gr. Stefan -- | BIT BV http://www.bit.nl/Kamer van Koophandel 09090351 | GPG: 0xD14839C6 +31 318 648 688 / i...@bit.nl ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Try-out VirtualBox SandBox
Hi Emna, You need to use the IP Address of the VM in the url, For example if the IP of the vm is 10.10.10.10 then you need to open up browser and type in the URL - http://10.10.10.10:9869 Try this and let us know if you are still facing any issue. Regards Kiran Ranjane On Mon, Feb 17, 2014 at 7:20 PM, Emna Guermazi guermaziem...@gmail.comwrote: Hi, I try VirtualBox SandBox but I can't get the sunstone GUI in the http://opennebula.org/tryout/sandbox-testdrive/ they demand to lopen the browser at *http://:9869* but how can I open the browser ? Regards, Emna Guermazi ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] feature request: Instantiate as owner/group
Hi List, I would like to have the ability to instantiate a vm (or create one based on a template) on behalf of a user and/or group. At submission time oned/sched would check if the user has suitable permissions on all of the resources defined in the template and otherwise fail, i.e.: the same way servers authentication work (section C, [1]). Currently you're able to chown the vm to a user/group but this does not ensure the user has enough permissions to re-create or re-instantiate the same template later on. Gr. Stefan [1]: http://docs.opennebula.org/stable/administration/authentication/external_auth.html?highlight=authentication -- | BIT BV http://www.bit.nl/Kamer van Koophandel 09090351 | GPG: 0xD14839C6 +31 318 648 688 / i...@bit.nl ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Try-out VirtualBox SandBox
Thank you, the problem that I can't open a browser , I have not a graphical interface regards, Emna Guermazi 2014-02-17 15:15 GMT+01:00 kiran ranjane kiran.ranj...@gmail.com: Hi Emna, You need to use the IP Address of the VM in the url, For example if the IP of the vm is 10.10.10.10 then you need to open up browser and type in the URL - http://10.10.10.10:9869 Try this and let us know if you are still facing any issue. Regards Kiran Ranjane On Mon, Feb 17, 2014 at 7:20 PM, Emna Guermazi guermaziem...@gmail.comwrote: Hi, I try VirtualBox SandBox but I can't get the sunstone GUI in the http://opennebula.org/tryout/sandbox-testdrive/ they demand to lopen the browser at *http://:9869* but how can I open the browser ? Regards, Emna Guermazi ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Try-out VirtualBox SandBox
Hi Emna, you need to follow the instructions and add a port forward from the virtual machine to your workstation. On your workstation you open a browser and connect to http://localhos:9869/ hth, Martin On 17 Feb 2014, at 15:32, Emna Guermazi guermaziem...@gmail.com wrote: Thank you, the problem that I can't open a browser , I have not a graphical interface regards, Emna Guermazi 2014-02-17 15:15 GMT+01:00 kiran ranjane kiran.ranj...@gmail.com: Hi Emna, You need to use the IP Address of the VM in the url, For example if the IP of the vm is 10.10.10.10 then you need to open up browser and type in the URL - http://10.10.10.10:9869 Try this and let us know if you are still facing any issue. Regards Kiran Ranjane On Mon, Feb 17, 2014 at 7:20 PM, Emna Guermazi guermaziem...@gmail.com wrote: Hi, I try VirtualBox SandBox but I can't get the sunstone GUI in the http://opennebula.org/tryout/sandbox-testdrive/ they demand to lopen the browser at http://:9869 but how can I open the browser ? Regards, Emna Guermazi ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Try-out VirtualBox SandBox
Hi , Thank you very much Kiran Ranjane and Martin Alfke, Now it's running regards, Emna Guermazi. 2014-02-17 15:49 GMT+01:00 Martin Alfke tux...@gmail.com: Hi Emna, you need to follow the instructions and add a port forward from the virtual machine to your workstation. On your workstation you open a browser and connect to http://localhos:9869/ hth, Martin On 17 Feb 2014, at 15:32, Emna Guermazi guermaziem...@gmail.com wrote: Thank you, the problem that I can't open a browser , I have not a graphical interface regards, Emna Guermazi 2014-02-17 15:15 GMT+01:00 kiran ranjane kiran.ranj...@gmail.com: Hi Emna, You need to use the IP Address of the VM in the url, For example if the IP of the vm is 10.10.10.10 then you need to open up browser and type in the URL - http://10.10.10.10:9869 Try this and let us know if you are still facing any issue. Regards Kiran Ranjane On Mon, Feb 17, 2014 at 7:20 PM, Emna Guermazi guermaziem...@gmail.com wrote: Hi, I try VirtualBox SandBox but I can't get the sunstone GUI in the http://opennebula.org/tryout/sandbox-testdrive/ they demand to lopen the browser at http://:9869 but how can I open the browser ? Regards, Emna Guermazi ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] Need some details on CPU/vCPU in Sunstone and capacity planning.
Hi Everyone, I have few questions with regards to cpu and vcpu while creating templates in Sunstone : 1) What is the difference between cpu and vcpu according to opennebula architecture? 2) How do we calculate vCPU, For example if I have 1 processor with 8 core then how much vCPU can I allocate. 3) How can I manage cpu capacity (recommendation) in a better way so that I can utilize it in optimum way. 4) Any calculation on CPU or formula that we need to use before assigning it to Virtual machine, For example if I use 1 CPU in the virtual machine it uses 1 core of the processor? is this correct. 5) What is the use of vCPU, If I have allocated 1 CPU and 2 vCPU to the virtual machine thus that mean it will use 1 core of the physical and inside the VM it will show 2 cpu assigned to it? I am little bit confused :) Thanks Kiran ranjane ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Netmask setting
thank You for your help Javier. Here are the details - $ onevm show 20 -a VIRTUAL MACHINE 20 INFORMATION ID : 20 NAME: testvm3 USER: oneadmin GROUP : oneadmin STATE : ACTIVE LCM_STATE : RUNNING RESCHED : No HOST: test CLUSTER ID : -1 START TIME : 02/08 21:08:23 END TIME: - DEPLOY ID : one-20 VIRTUAL MACHINE MONITORING NET_RX : 68.4G NET_TX : 96.1G USED MEMORY : 2G USED CPU: 112 PERMISSIONS OWNER : um- GROUP : --- OTHER : --- VM DISKS ID TARGET IMAGE TYPE SAVE SAVE_AS 0 hdaCentOS-6.4_x86_64 -Copy 2 file NO - VM NICS ID NETWORK VLAN BRIDGE IP MAC 0 privateno br0 172.16.192.64 02:00:ac:10:c0:40 fe80::400:acff:fe10:c040 VIRTUAL MACHINE HISTORY SEQ HOSTACTION DS STARTTIME PROLOG 0 teststop0 02/08 21:08:43 0d 20h51m 0h00m14s 1 testundeploy0 02/09 18:02:12 0d 00h02m 0h00m00s 2 testnone0 02/09 18:07:42 7d 18h43m 0h00m00s VIRTUAL MACHINE TEMPLATE AUTOMATIC_REQUIREMENTS=!(PUBLIC_CLOUD = YES) CONTEXT=[ DISK_ID=1, SSH_PUBLIC_KEY=ssh-rsa B3NzaC1yc2EBIwAAAQEAtDxiwxLzNnlvGPBJEmVRNfV5bCxw1MMPh5/qWtEGNOnamzDr+Qyn6qZcAn3gHUP8FTm0HagsYLgjfJrfu6F0BY4Nk+8R3l9TzwJS1EzaeZ4GQOAjsL51opckxw3fjwctKCPC2nTXcvtiy9lpdo9hl1vKerCAfwwoKTnvyoNaykys+TXNR22fhrJzxVbX81BI2rte0ReNEwYyKzh/aBslKHadmvibkv1msC9+GHPOgmJF8cKzpEqxEQrj+x7FwpcHqwhVvwZfDYMn/nNTHubTWoR0Rl0+u5j6B1MGnY9ueMmqHWgy/m6RU8ctuyYa4/yMffpTHTvZ3mqGIcSgFRtoFQ== oneadmin@fermi, TARGET=hdb ] CPU=1 DISK=[ CLONE=YES, CLONE_TARGET=SYSTEM, DATASTORE=default, DATASTORE_ID=1, DEV_PREFIX=hd, DISK_ID=0, DRIVER=qcow2, IMAGE=CentOS-6.4_x86_64 -Copy 2, IMAGE_ID=3, IMAGE_UNAME=oneadmin, LN_TARGET=NONE, READONLY=NO, SAVE=NO, SIZE=218, SOURCE=/var/lib/one//datastores/1/e2b9535f84eef5185c2554371e0e8727, TARGET=hda, TM_MAD=shared, TYPE=FILE ] GRAPHICS=[ LISTEN=0.0.0.0, PORT=5920, TYPE=VNC ] MEMORY=2048 NIC=[ BRIDGE=br0, IP=172.16.192.64, IP6_LINK=fe80::400:acff:fe10:c040, MAC=02:00:ac:10:c0:40, NETWORK=private, NETWORK_ID=0, NETWORK_UNAME=oneadmin, NIC_ID=0, VLAN=NO ] OS=[ ARCH=x86_64 ] TEMPLATE_ID=5 VCPU=2 VMID=20 On Fri, Feb 14, 2014 at 1:47 AM, Javier Fontan jfon...@opennebula.orgwrote: Can you send us the VM definition (onevm show 20 -a). It looks like the network info is not in the context section. On Wed, Feb 12, 2014 at 10:21 PM, SysSolutions99 syssolution...@gmail.com wrote: Hi, The netmask on my network is 255.255.0.0, yet the VMs get plumbed with 255.255.255.0. I have tried setting up the netmask using the onevnet command but I am not able to. Please help. here are the network details of the main host - # ifconfig br0 br0 Link encap:Ethernet HWaddr 00:25:90:E2:C5:98 inet addr:172.16.192.60 Bcast:172.16.255.255 Mask:255.255.0.0 inet6 addr: fe80::225:90ff:fee2:c598/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:10352600 errors:0 dropped:0 overruns:0 frame:0 TX packets:5714417 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:6383539896 (5.9 GiB) TX bytes:8971371821 (8.3 GiB) # netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0 172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0 0.0.0.0 172.16.192.10.0.0.0 UG0 0 0 br0 Here are the networking details of the VM: # ifconfig eth0 eth0 Link encap:Ethernet HWaddr 02:00:AC:10:C0:40 inet addr:172.16.192.64 Bcast:172.16.192.255 Mask:255.255.255.0 inet6 addr: fe80::acff:fe10:c040/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:165669946 errors:0 dropped:1041 overruns:0 frame:0 TX packets:170954965 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:27122115947 (25.2 GiB) TX bytes:41114623111 (38.2 GiB) Interrupt:10 # netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 172.16.192.00.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 172.16.192.10.0.0.0 UG0 0 0 eth0
[one-users] Generated Keypairs/Fingerprints in econe-server?
I've been working on integrating some external components with the econe server, which requires a generated keypair to be created for a user that will be accessing the cluster. I'm having difficulty however with the keypairs/fingerprints that are generated: I do the following: econe-create-keypair -U url of econe-server -K user -S hashed password testkey which creates the keypair and provides a private key as output: -BEGIN RSA PRIVATE KEY- blahblahblahblahblah -END RSA PRIVATE KEY- with a fingerprint of: 83:87:b1:b5:e7:91:a9:49:10:a4:ad:3a:0c:8c:8b:7f However, I create a public key from this private key and the fingerprint does NOT match the above: oneadmin@opennebula:~/.ssh$ ssh-keygen -y -f testkey testkey.pub oneadmin@opennebula:~/.ssh$ ssh-keygen -lf testkey.pub 2048 f0:c8:68:e0:47:bb:79:52:43:7e:f3:0b:a4:67:78:9a testkey.pub (RSA) This is what the third-party application (Jenkins) is telling me when I attempt to attach the private key (the fingerprints do not match) Am I doing something wrong? Should the fingerprint of the provided private key match the fingerprint listed on econe-create-keypair? Bill Campbell Infrastructure Architect Axcess Financial Services, Inc. 7755 Montgomery Rd., Suite 400 Cincinnati, OH 45236 NOTICE: Protect the information in this message in accordance with the company's security policies. If you received this message in error, immediately notify the sender and destroy all copies.___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
