Hi Dan, Appreciate the quick response and yes we have looked into the ShapeBlue training (seems like the only one out there) and unfortunately right now our command won't go for it because the payment has to be in UK Pounds vs Dollars. Honestly I think that was just an excuse and not a good answer so we'll keep pushing for it since it seems like something my team needs to get more in the weeds with this.
In response to your other question, we are currently planning on running on Centos 7 KVM hypervisor. We've gotten the platform up and running with very little issues and are now at the phase where we need to secure it so that was why I wanted to reach out. Thank you for the different answers and I will most definitely share the journey and try to keep it documented for future reference. Respectfully, Gary Morrow -----Original Message----- From: Dag Sonstebo <dag.sonst...@shapeblue.com> Sent: Wednesday, January 30, 2019 5:19 AM To: users@cloudstack.apache.org Subject: [Non-DoD Source] Re: Cloudstack troubleshooting help and general guidance All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser. ---- Hi Gary, Welcome to the list - and good luck with your project! With regards to getting help you've come to the right place. I would suggest maybe splitting up your queries into more specific ones in separate mail threads, but I'll try to give you a few lines of advise to get you started. File permissions What needs to be set to the cloud user for it all to work > Nothing in particular as long as you follow general installation advise. I do > however appreciate in your DOD environment you may need additional steps to > fully lock down your infrastructure. Web GUI How to check if it's running, what to check when it's not working at all. > Check your management service is running (systemctl status > cloudstack-management) and check with netstat that port 8080 is listening. > Check your firewall rules allow traffic to port 8080. After all this - just > try an access the GUI. Management log grep commands that actually help > Nothing out of the ordinary, use standard grep / other parsing commands. > However learn to look for job numbers and follow these through the logs - > e.g. "job-66" which will be tied to a specific API call or command. Kinds of logging most people have on/off, do we need debug/info etc > You can change logging levels in your /etc/cloudstack/management/log4j* files > - but unless you get really stuck you shouldn't have to increase verbosity. Size of the "secondary storage" for a production environment with say max 100 VMs/Instances > "It depends..." > You don't plan on number of instances - you plan for number + size of > templates and ISOs, and number of volume snapshots. If you also patch your > templates monthly take into account every patched template is a new template > in the eyes of CloudStack. Securing the infrastructure - Linux, sql, etc with STIGs Anyone done this? > "It depends..." > CloudStack is secure out of the box, but yes you can take this further > applying standard (and DOD) security practices. The CloudStack community will > appreciate it if you share your findings when going further into advanced > lockdown procedures. Maintenance mode - Should we put a host in maintenance mode anytime we want to do work on it or reboot it? I've seen issues where the host never comes back into the fold if we just reboot it. > In general yes. > If it doesn't come back - check your hypervisors. You've not told us which > one you use - but with e.g. KVM you need to check the agent is running - and > the agent log will give you a hint at any problems. Training - some shameless self promotion - but we (ShapeBlue) do run both EU and US bootcamps - check Caution-https://www.shapeblue.com/cloudstack-training/ Regards, Dag Sonstebo Cloud Architect ShapeBlue On 29/01/2019, 19:26, "Morrow, Gary G II CIV DISA JT (USA)" <gary.g.morrow....@mail.mil.INVALID> wrote: So I'm new to the user group, never chatted but been listening for a month or so. My work is trying to build a Cloudstack setup, on a DOD network (fully secured), and I'm trying to do it with very little Linux experience. We have a couple people I can go to with experience that can help when I run into trouble and I'm been beefing up my skills for sure, but I was hoping that someone could give me some help on what they do to troubleshoot when things go wrong and some of the top issues with that do/can go wrong. Also looking for good resources going forward besides a lot of the ShapeBlue or Cloudstack documentation (I've been to those sites and both are very good for basic setups) I've looked at the Cloudstack troubleshooting guide and besides doing the grep command on the management log it's not much help. Some of the issues I'd like to discuss or have help with are the: File permissions What needs to be set to the cloud user for it all to work Web GUI How to check if it's running, what to check when it's not working at all. Management log grep commands that actually help Kinds of logging most people have on/off, do we need debug/info etc Size of the "secondary storage" for a production environment with say max 100 VMs/Instances Securing the infrastructure - Linux, sql, etc with STIGs Anyone done this? Maintenance mode - Should we put a host in maintenance mode anytime we want to do work on it or reboot it? I've seen issues where the host never comes back into the fold if we just reboot it. Any other kind of common issue that may occur setting this up and how to fix it. Right now when our test environment when something messes up the environment the normal procedure if start/stop management server or rebooting doesn't fix the issue is to wipe and reload. Also, I know ShapeBlue offers formal training, but is based in the UK, anywhere else offering formal type training based I the US or is that the only option for some actual training over youtube videos of people reading the initial setup. I've currently been able to get the management server up and running, with the basic networking, and have 4 different hosts added using NFS storage on each for the primary and the secondary storage being the management server's internal storage. Our final environment is going to be something similar with 6-8 Dell servers (good ones) so I'm not sure if this is the best setup or not using them all like a HCI like environment where everything is all in one. Appreciate any help and support. Gary Morrow dag.sonst...@shapeblue.com Caution-www.shapeblue.com Amadeus House, Floral Street, London WC2E 9DPUK @shapeblue
