In my defence - after checking - I always relied on the UI (stupidly) and it will not offer the option to specify an account. So I assumed it's not possible ... :-(
Using the API (via cloudmonkey) did the job. i.e. create network account=lucian domainid=0638fea4-2d33-11e4-8126-f2a3ece198a5 displaytext=lucian displaynetwork=true name=lucian startip=10.11.12.2 endip=10.11.12.20 netmask=255.255.255.0 gateway=10.11.12.1 networkdomain=lucian.priv physicalnetworkid=50aeceb7-3eae-4c88-8127-b58a5a55711c networkofferingid=8cf9be49-8393-4a12-aca2-74110b6389ca vlan=111 zoneid=a9521258-d7f3-4992-a1d1-a513fed003ec Thanks, Geoff. Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message ----- > From: "Nux!" <n...@li.nux.ro> > To: users@cloudstack.apache.org > Sent: Wednesday, 26 November, 2014 20:54:16 > Subject: Re: security group and xenserver query > Geoff, > > Nooooooooooooooooooooooo... Wish I knew this a while ago. Darn it. :-) > Anywho, better late than never. > > But nevertheless, VLAN allocation is not automatic like in plain Adv Zone, the > root admin must do that manually. > > Lucian > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro > > ----- Original Message ----- >> From: "Geoff Higginbottom" <geoff.higginbot...@shapeblue.com> >> To: users@cloudstack.apache.org >> Sent: Wednesday, 26 November, 2014 20:20:59 >> Subject: Re: security group and xenserver query > >> Sorry Nux, but YES there are Customer Specific VLANs in a Security Group >> enabled >> Advanced Zone. >> >> When you create an Advanced Zone with Security Groups you initially create a >> 'default guest network' and you allocate a VLAN and IP range to this network. >> This is then used by System VMs and can also be used by all Accounts. >> >> However you can then, as a Root Admin, create additional Guest Networks using >> the 'Offering for shared security group enabled networks' and dedicate this >> to >> a Domain or an Account. When doing so you allocate a different VLAN for each >> additional Guest Network. >> >> The IP range allocated to each network can be either a true Public IP range >> OR a >> Private IP range fronted by a Router/Firewall/Load Balancer etc but this >> will >> be outside of CloudStack control. >> >> So to answer the original question it is possible to allocate a separate >> VLAN to >> each Guest Network and if required to front this network with a Load Balancer >> and Firewall to provide additional services, but you need to manage these >> devices separately so is not a typical configuration for a Public Cloud, but >> could be used in a Private Cloud. >> >> Kind Regards >> >> Geoff Higginbottom >> CTO / Cloud Architect >> >> D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 >> >> geoff.higginbot...@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue >> >> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS >> >> >> ________________________________________ >> From: Nux! <n...@li.nux.ro> >> Sent: 26 November 2014 10:46 >> To: users@cloudstack.apache.org >> Subject: Re: security group and xenserver query >> >> No, in Advanced Zone with SG - just like in Basic zone - there is no per >> customer VLAN; there are no firewall, load balancer or additional NICs; there >> is also no IPv6. >> >> A VM will just get a public IP via DHCP and that's it, the customers are >> isolated via "security groups" which is a fancy name for iptables rules. >> >> Hope this clears it up. >> >> -- >> Sent from the Delta quadrant using Borg technology! >> >> Nux! >> www.nux.ro >> >> ----- Original Message ----- >>> From: "Tejas Sheth" <tshet...@gmail.com> >>> To: users@cloudstack.apache.org >>> Sent: Wednesday, 26 November, 2014 10:14:11 >>> Subject: Re: security group and xenserver query >> >>> Thanks for simplification, >>> so it means that each account will have seprate VLAN with its own subnet >>> and those VLANs will be created and configured in physical switch? >>> >>> if architecture is above mentioned way configured then how can we achieve >>> NAT and loadbalancing? >>> >>> Thanks >>> Tejas >>> >>> >>> On Wed, Nov 26, 2014 at 3:28 PM, Geoff Higginbottom < >>> geoff.higginbot...@shapeblue.com> wrote: >>> >>>> I like to think of Advanced Network with SG as simply multiple Basic >>>> Networks, each on its own VLAN. You have the same features (or rather lack >>>> of) as you would with a Basic Zone, but you have multiple Guest Networks. >>>> >>>> Regards >>>> >>>> Geoff Higginbottom >>>> >>>> D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 >>>> >>>> geoff.higginbot...@shapeblue.com >>>> >>>> -----Original Message----- >>>> From: Tejas Sheth [mailto:tshet...@gmail.com] >>>> Sent: 26 November 2014 09:53 >>>> To: users@cloudstack.apache.org >>>> Subject: Re: security group and xenserver query >>>> >>>> so NAT and loadbalancers are not possible if we use security group? >>>> >>>> so it meanse there will be no internal and external IPs for VMs. is it >>>> correct? >>>> >>>> On Wed, Nov 26, 2014 at 3:14 PM, Jayapal Reddy Uradi < >>>> jayapalreddy.ur...@citrix.com> wrote: >>>> >>>> > For SG networks there is no public network. >>>> > We configure public ips for the guest network. >>>> > >>>> > -Jayapal >>>> > >>>> > On 26-Nov-2014, at 12:00 PM, Tejas Sheth <tshet...@gmail.com> >>>> > wrote: >>>> > >>>> > > Hello, >>>> > > >>>> > > I have made the bridge configuration, but when i am selecting >>>> > > advance zone. it is not showing public network configuration. only >>>> > > guest and management is availabel. also internal CIDR ip >>>> > > configuration is also not available. >>>> > > i think it is cinverting to basic zone if we select security group >>>> > > and xenserver as hypervisor. >>>> > > >>>> > > Thanks >>>> > > Tejas >>>> > > >>>> > > On Tue, Nov 25, 2014 at 9:16 PM, Jayapal Reddy Uradi < >>>> > > jayapalreddy.ur...@citrix.com> wrote: >>>> > > >>>> > >> >>>> > >> For 6.2 you no need to install CSP. My typo mistake in last mail. >>>> > >> sysctl.conf is fine. >>>> > >> >>>> > >> >>>> > >> Thanks, >>>> > >> Jayapal >>>> > >> >>>> > >> On 25-Nov-2014, at 8:45 PM, Tejas Sheth <tshet...@gmail.com> >>>> > >> wrote: >>>> > >> >>>> > >>> Thanks, >>>> > >>> >>>> > >>> So can i take it as confirmation and proceed with only following >>>> > >>> bridge configuration in xenserver 6.2? >>>> > >>> >>>> > >>> # xe-switch-network-backend bridge >>>> > >>> >>>> > >>> # vi /etc/sysctl.conf >>>> > >>> net.bridge.bridge-nf-call-iptables = 1 >>>> > >>> net.bridge.bridge-nf-call-ip6tables = 0 >>>> > >>> net.bridge.bridge-nf-call-arptables = 1 >>>> > >>> >>>> > >>> # sysctl -p /etc/sysctl.conf >>>> > >>> >>>> > >>> Require confirmation for sysctl.cnf configuration part. >>>> > >>> >>>> > >>> Thanks and regards, >>>> > >>> Tejas >>>> > >>> >>>> > >>> On Tue, Nov 25, 2014 at 8:31 PM, Vadim Kimlaychuk < >>>> > >> vadim.kimlayc...@elion.ee >>>> > >>>> wrote: >>>> > >>> >>>> > >>>> XenServer does not need any package to be expicitly installed. >>>> > >>>> When >>>> > you >>>> > >>>> add host to CS it copies some files to the host itself and you >>>> > >>>> don't >>>> > >> need >>>> > >>>> to bother about them usually. >>>> > >>>> >>>> > >>>> Vadim. >>>> > >>>> >>>> > >>>> -----Original Message----- >>>> > >>>> From: Tejas Sheth [mailto:tshet...@gmail.com] >>>> > >>>> Sent: Tuesday, November 25, 2014 4:52 PM >>>> > >>>> To: users@cloudstack.apache.org >>>> > >>>> Subject: security group and xenserver query >>>> > >>>> >>>> > >>>> Hello Jayapal, >>>> > >>>> >>>> > >>>> Thanks for reply, I have understood the bridge configuration part >>>> > >>>> but can you clarify CSP package part. >>>> > >>>> >>>> > >>>> if CSP package comes with xenserver 6.2 then do we need to >>>> > >>>> install it explicitly? >>>> > >>>> >>>> > >>>> It would be really helpful if you can send link to install CSP in >>>> > >>>> xenserver 6.2 because CS 4.3 document do not have description for >>>> > >> xenserver >>>> > >>>> 6.2 CSP installation. >>>> > >>>> ---------------------------------------------------------------- >>>> > >>>> Hi Tejas, >>>> > >>>> >>>> > >>>> The network mode set to 'bridge' mode. >>>> > >>>> #xe-switch-network-backend bridge >>>> > >>>> >>>> > >>>> I think Xenserver 6.2 comes with the CSP package, so you need to >>>> > install >>>> > >>>> it explicitly. >>>> > >>>> >>>> > >>>> >>>> > >>>> Thanks, >>>> > >>>> Jayapal >>>> > >>>> >>>> > >>>> >>>> > >>>> On 25-Nov-2014, at 4:47 PM, Tejas Sheth <tshet...@gmail.com> >>>> > >>>> wrote: >>>> > >>>> >>>> > >>>>> Hello, >>>> > >>>>> >>>> > >>>>> We are configuring advanced zone in cloudstack 4.3 in xenserver >>>> 6.2. >>>> > >>>>> we want to configure security group in advance zone. do we have >>>> > >>>>> to do any special configuration in xenserver 6.2. >>>> > >>>>> >>>> > >>>>> xenserver has default networking configuration. >>>> > >>>>> >>>> > >>>>> Thanks and regards, >>>> > >>>>> Tejas >>>> > >>>> >>>> > >> >>>> > >> >>>> > >>>> > >>>> Find out more about ShapeBlue and our range of CloudStack related services >>>> >>>> IaaS Cloud Design & Build< >>>> http://shapeblue.com/iaas-cloud-design-and-build//> >>>> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> >>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> >>>> CloudStack Software Engineering< >>>> http://shapeblue.com/cloudstack-software-engineering/> >>>> CloudStack Infrastructure Support< >>>> http://shapeblue.com/cloudstack-infrastructure-support/> >>>> CloudStack Bootcamp Training Courses< >>>> http://shapeblue.com/cloudstack-training/> >>>> >>>> This email and any attachments to it may be confidential and are intended >>>> solely for the use of the individual to whom it is addressed. Any views or >>>> opinions expressed are solely those of the author and do not necessarily >>>> represent those of Shape Blue Ltd or related companies. If you are not the >>>> intended recipient of this email, you must neither take any action based >>>> upon its contents, nor copy or show it to anyone. Please contact the sender >>>> if you believe you have received this email in error. Shape Blue Ltd is a >>>> company incorporated in England & Wales. ShapeBlue Services India LLP is a >>>> company incorporated in India and is operated under license from Shape Blue >>>> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil >>>> and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is >>>> a company registered by The Republic of South Africa and is traded under >>>> license from Shape Blue Ltd. ShapeBlue is a registered trademark. >> Find out more about ShapeBlue and our range of CloudStack related services >> >> IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> >> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> >> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> >> CloudStack Software >> Engineering<http://shapeblue.com/cloudstack-software-engineering/> >> CloudStack Infrastructure >> Support<http://shapeblue.com/cloudstack-infrastructure-support/> >> CloudStack Bootcamp Training >> Courses<http://shapeblue.com/cloudstack-training/> >> >> This email and any attachments to it may be confidential and are intended >> solely >> for the use of the individual to whom it is addressed. Any views or opinions >> expressed are solely those of the author and do not necessarily represent >> those >> of Shape Blue Ltd or related companies. If you are not the intended recipient >> of this email, you must neither take any action based upon its contents, nor >> copy or show it to anyone. Please contact the sender if you believe you have >> received this email in error. Shape Blue Ltd is a company incorporated in >> England & Wales. ShapeBlue Services India LLP is a company incorporated in >> India and is operated under license from Shape Blue Ltd. Shape Blue Brasil >> Consultoria Ltda is a company incorporated in Brasil and is operated under >> license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by >> The Republic of South Africa and is traded under license from Shape Blue Ltd. > > ShapeBlue is a registered trademark.
